-
Notifications
You must be signed in to change notification settings - Fork 34
/
credentials.go
179 lines (158 loc) · 4.83 KB
/
credentials.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
package main
import (
"fmt"
"io"
"os"
"runtime"
"strings"
"time"
ps "github.com/mitchellh/go-ps"
)
type ShellType = string
const (
shellTypePowershell ShellType = "powershell"
shellTypeBash ShellType = "bash"
shellTypeBasic ShellType = "basic"
shellTypeInfer ShellType = "infer"
)
func getShellType() ShellType {
pid := os.Getppid()
parentProc, _ := ps.FindProcess(pid)
name := strings.ToLower(parentProc.Executable())
if strings.Contains(name, "bash") || strings.Contains(name, "zsh") || strings.Contains(name, "ash") {
return shellTypeBash
}
if strings.Contains(name, "powershell") || strings.Contains(name, "pwsh") {
return shellTypePowershell
}
if runtime.GOOS == "windows" {
return shellTypeBasic
}
return shellTypeBash
}
type CloudCredentials struct {
AccountID string `json:"AccountId"`
AccessKeyID string `json:"AccessKeyId"`
SecretAccessKey string `json:"SecretAccessKey"`
SessionToken string `json:"SessionToken"`
Expiration string `json:"Expiration"`
credentialsType string
}
func LoadTencentCredentialsFromEnvironment() CloudCredentials {
return CloudCredentials{
AccessKeyID: os.Getenv("TENCENTCLOUD_SECRET_ID"),
SecretAccessKey: os.Getenv("TENCENTCLOUD_SECRET_KEY"),
SessionToken: os.Getenv("TENCENTCLOUD_TOKEN"),
AccountID: os.Getenv("TENCENTKEY_ACCOUNT"),
Expiration: os.Getenv("TENCENTKEY_EXPIRATION"),
credentialsType: cloudTencent,
}
}
func LoadAWSCredentialsFromEnvironment() CloudCredentials {
return CloudCredentials{
AccessKeyID: os.Getenv("AWS_ACCESS_KEY_ID"),
SecretAccessKey: os.Getenv("AWS_SECRET_ACCESS_KEY"),
SessionToken: os.Getenv("AWS_SESSION_TOKEN"),
AccountID: os.Getenv("AWSKEY_ACCOUNT"),
Expiration: os.Getenv("AWSKEY_EXPIRATION"),
credentialsType: cloudAws,
}
}
func (c *CloudCredentials) ValidUntil(account *Account, dur time.Duration) bool {
if account == nil || c == nil {
return false
}
if c.AccountID != account.ID {
return false
}
expiration, err := time.Parse(time.RFC3339, c.Expiration)
if err != nil {
return false
}
return expiration.After(time.Now().Add(dur))
}
const (
awsShellTypePowershell = `$Env:AWS_ACCESS_KEY_ID = "%v"
$Env:AWS_SECRET_ACCESS_KEY = "%v"
$Env:AWS_SESSION_TOKEN = "%v"
$Env:AWS_SECURITY_TOKEN = "%v"
$Env:TF_VAR_access_key = $Env:AWS_ACCESS_KEY_ID
$Env:TF_VAR_secret_key = $Env:AWS_SECRET_ACCESS_KEY
$Env:TF_VAR_token = $Env:AWS_SESSION_TOKEN
$Env:AWSKEY_EXPIRATION = "%v"
$Env:AWSKEY_ACCOUNT = "%v"
`
tencentShellTypePowershell = `$Env:TENCENTCLOUD_SECRET_ID = "%v"
$Env:TENCENTCLOUD_SECRET_KEY = "%v"
$Env:TENCENTCLOUD_TOKEN = "%v"
$Env:TENCENTCLOUD_SECURITY_TOKEN = "%v"
$Env:TF_VAR_access_key = $Env:TENCENTCLOUD_SECRET_ID
$Env:TF_VAR_secret_key = $Env:TENCENTCLOUD_SECRET_KEY
$Env:TF_VAR_token = $Env:TENCENTCLOUD_TOKEN
$Env:TENCENT_KEY_EXPIRATION = "%v"
$Env:TENCENT_KEY_ACCOUNT = "%v"
`
awsShellTypeBasic = `SET AWS_ACCESS_KEY_ID=%v
SET AWS_SECRET_ACCESS_KEY=%v
SET AWS_SESSION_TOKEN=%v
SET AWS_SECURITY_TOKEN=%v
SET TF_VAR_access_key=%%AWS_ACCESS_KEY_ID%%
SET TF_VAR_secret_key=%%AWS_SECRET_ACCESS_KEY%%
SET TF_VAR_token=%%AWS_SESSION_TOKEN%%
SET AWSKEY_EXPIRATION=%v
SET AWSKEY_ACCOUNT=%v
`
tencentShellTypeBasic = `SET TENCENTCLOUD_SECRET_ID=%v
SET TENCENTCLOUD_SECRET_KEY=%v
SET TENCENTCLOUD_TOKEN=%v
SET TENCENTCLOUD_SECURITY_TOKEN=%v
SET TF_VAR_access_key=%%TENCENTCLOUD_SECRET_ID%%
SET TF_VAR_secret_key=%%TENCENTCLOUD_SECRET_KEY%%
SET TF_VAR_token=%%TENCENTCLOUD_TOKEN%%
SET TENCENTKEY_EXPIRATION=%v
SET TENCENTKEY_ACCOUNT=%v`
awsShellTypeBash = `export AWS_ACCESS_KEY_ID=%v
export AWS_SECRET_ACCESS_KEY=%v
export AWS_SESSION_TOKEN=%v
export AWS_SECURITY_TOKEN=%v
export TF_VAR_access_key=$AWS_ACCESS_KEY_ID
export TF_VAR_secret_key=$AWS_SECRET_ACCESS_KEY
export TF_VAR_token=$AWS_SESSION_TOKEN
export AWSKEY_EXPIRATION=%v
export AWSKEY_ACCOUNT=%v
`
tencentShellTypeBash = `export TENCENTCLOUD_SECRET_ID=%v
export TENCENTCLOUD_SECRET_KEY=%v
export TENCENTCLOUD_TOKEN=%v
export TENCENT_SECURITY_TOKEN=%v
export TF_VAR_access_key=$TENCENTCLOUD_SECRET_ID
export TF_VAR_secret_key=$TENCENTCLOUD_SECRET_KEY
export TF_VAR_token=$TENCENTCLOUD_TOKEN
export TENCENTKEY_EXPIRATION=%v
export TENCENTKEY_ACCOUNT=%v
`
)
func (c CloudCredentials) WriteFormat(w io.Writer, format ShellType) (int, error) {
var str string
if format == shellTypeInfer {
format = getShellType()
}
switch format {
case shellTypePowershell:
str = awsShellTypePowershell
if c.credentialsType == cloudTencent {
str = tencentShellTypePowershell
}
case shellTypeBasic:
str = awsShellTypeBasic
if c.credentialsType == cloudTencent {
str = tencentShellTypeBasic
}
case shellTypeBash:
str = awsShellTypeBash
if c.credentialsType == cloudTencent {
str = tencentShellTypeBash
}
}
return fmt.Fprintf(w, str, c.AccessKeyID, c.SecretAccessKey, c.SessionToken, c.SessionToken, c.Expiration, c.AccountID)
}