new file mode 100644

@@ -0,0 +1,6 @@

+*~

+.*.sw?

+CJAWSAccess.app

+app.icns

+accounts.json

+accounts.yml

new file mode 100644

@@ -0,0 +1,15 @@

+CJAWSAccess.app: app.icns deliver.lisp src/*.lisp aws-access.asd accounts.json

+	/Applications/LispWorks\ 7.1\ \(64-bit\)/LispWorks\ \(64-bit\).app/Contents/MacOS/lispworks-7-1-0-amd64-darwin -build deliver.lisp

+	cp accounts.json CJAWSAccess.app/Contents/Resources/accounts.json

+	cp app.icns CJAWSAccess.app/Contents/Resources/app.icns

+	touch CJAWSAccess.app

+

+accounts.json: accounts.yml

+	./flip-yaml.lisp accounts.yml

+

+accounts.yml:

+	git archive --format=tar --remote=git@gitlab.cj.com:operations-chapter/aws-department.git heads/master -- accounts.yaml | tar xO accounts.yaml > ~/accounts.yml

+

+app.icns: icon/icon.svg

+	$(MAKE) --directory=icon

+	cp icon/icon.icns app.icns

new file mode 100644

@@ -0,0 +1,23 @@

+;;; -*- Mode:Lisp; Syntax:ANSI-Common-Lisp; Package: ASDF-USER -*-

+(in-package :asdf-user)

+

+(defsystem :aws-access 

+    :description "A simple tool for access to CJ's AWS accounts"

+    :author "Ed L <edward@elangley.org>"

+    :license "MIT"

+    :depends-on (:alexandria

+                 :aws-sdk

+                 :aws-sdk/services/sts

+                 :cells

+                 :cl-yaml

+                 :fwoar-lisputils

+                 :serapeum

+                 :ubiquitous

+                 :uiop

+                 :yason)

+    :serial t

+    :components ((:module "src"

+                  :serial t

+                  :components ((:file "package")

+                               (:file "mfa-tool")

+                               (:file "capi-interface")))))

new file mode 100644

@@ -0,0 +1,23 @@

+(in-package :cl-user)

+(setf *default-pathname-defaults*

+ (make-pathname :directory (pathname-directory *load-pathname*)))

+(format t "~&CURDIR: ~a~%" (truename "."))

+(load-all-patches)

+(load "~/quicklisp/setup.lisp")

+(ql:quickload :swank)

+(mapcar 'asdf:load-asd

+        (directory "*.asd"))

+(ql:quickload :aws-access)

+

+(deliver (intern "MAIN" "MFA-TOOL")

+         (create-macos-application-bundle

+          "CJAWSAccess.app"

+          :document-types nil

+          :identifier "fwoar.cj.AWSAccess")

+         0

+         :KEEP-PRETTY-PRINTER t

+         :interface :capi

+         :keep-modules t

+         :packages-to-keep-symbol-names '(:mfa-tool)

+         :packages-to-keep '(:mfa-tool :swank)

+         :startup-bitmap-file nil) 

new file mode 100755

@@ -0,0 +1,23 @@

+#!/usr/bin/env sbcl --script

+(eval-when (:compile-toplevel :load-toplevel :execute)

+  (load "~/quicklisp/setup.lisp"))

+

+(eval-when (:compile-toplevel :load-toplevel :execute)

+  (ql:quickload '(:cl-yaml :yason :uiop :alexandria)))

+

+(defparameter *in-file*

+  (pathname (first (uiop:command-line-arguments))))

+

+(defparameter *out-file*

+  (make-pathname :type "json"

+                 :defaults *in-file*))

+

+(format t "~a -> ~a" *in-file* *out-file*)

+

+(defparameter *accounts-in*

+  (alexandria:read-file-into-string *in-file*))

+

+(alexandria:with-output-to-file (out *out-file* :if-exists :supersede)

+  (with-open-stream (out-stream (yason:make-json-output-stream out :indent t))

+    (yason:encode (cl-yaml:parse *accounts-in*)

+                  out-stream)))

new file mode 100644

@@ -0,0 +1,2 @@

+*.icns

+*.iconset

new file mode 100644

@@ -0,0 +1,20 @@

+all: icon.iconset

+	iconutil -c icns icon.iconset 

+

+icon.iconset: icon.svg

+	rm -rf icon.iconset

+	mkdir -p icon.iconset

+	rsvg-convert -w 16   -h 16   icon.svg > icon.iconset/icon_16x16.png

+	rsvg-convert -w 32   -h 32   icon.svg > icon.iconset/icon_16x16@2x.png

+	rsvg-convert -w 32   -h 32   icon.svg > icon.iconset/icon_32x32.png

+	rsvg-convert -w 64   -h 64   icon.svg > icon.iconset/icon_32x32@2x.png

+	rsvg-convert -w 64   -h 64   icon.svg > icon.iconset/icon_64x64.png

+	rsvg-convert -w 128	-h 128	icon.svg > icon.iconset/icon_64x64@2x.png

+	rsvg-convert -w 128	-h 128	icon.svg > icon.iconset/icon_128x128.png

+	rsvg-convert -w 256	-h 256	icon.svg > icon.iconset/icon_128x128@2x.png

+	rsvg-convert -w 256	-h 256	icon.svg > icon.iconset/icon_256x256.png

+	rsvg-convert -w 512	-h 512	icon.svg > icon.iconset/icon_256x256@2x.png

+	rsvg-convert -w 512	-h 512	icon.svg > icon.iconset/icon_512x512.png

+	rsvg-convert -w 1024	-h 1024	icon.svg > icon.iconset/icon_512x512@2x.png

+	rsvg-convert -w 1024	-h 1024	icon.svg > icon.iconset/icon_1024x1024.png

+	rsvg-convert -w 2048	-h 2048	icon.svg > icon.iconset/icon_1024x1024@2x.png

new file mode 100644

@@ -0,0 +1,253 @@

+<?xml version="1.0" encoding="UTF-8" standalone="no"?>

+<svg

+   xmlns:dc="http://purl.org/dc/elements/1.1/"

+   xmlns:cc="http://creativecommons.org/ns#"

+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"

+   xmlns:svg="http://www.w3.org/2000/svg"

+   xmlns="http://www.w3.org/2000/svg"

+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"

+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"

+   xml:space="preserve"

+   enable-background="new 0 0 1024 768"

+   viewBox="0 0 1024 1024"

+   height="1024"

+   width="1024"

+   y="0px"

+   x="0px"

+   id="Layer_1"

+   version="1.1"

+   sodipodi:docname="icon.svg"

+   inkscape:version="0.92.2 5c3e80d, 2017-08-06"><sodipodi:namedview

+     pagecolor="#ffffff"

+     bordercolor="#666666"

+     borderopacity="1"

+     objecttolerance="10"

+     gridtolerance="10"

+     guidetolerance="10"

+     inkscape:pageopacity="0"

+     inkscape:pageshadow="2"

+     inkscape:window-width="1918"

+     inkscape:window-height="1198"

+     id="namedview18"

+     showgrid="false"

+     inkscape:zoom="0.67285156"

+     inkscape:cx="390.87373"

+     inkscape:cy="321.77755"

+     inkscape:window-x="1"

+     inkscape:window-y="1"

+     inkscape:window-maximized="0"

+     inkscape:current-layer="Layer_1" /><metadata

+     id="metadata76"><rdf:RDF><cc:Work

+         rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type

+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs

+     id="defs74"><filter

+       style="color-interpolation-filters:sRGB;"

+       inkscape:label="Drop Shadow"

+       id="filter4684"><feFlood

+         flood-opacity="0.498039"

+         flood-color="rgb(0,0,0)"

+         result="flood"

+         id="feFlood4674" /><feComposite

+         in="flood"

+         in2="SourceGraphic"

+         operator="in"

+         result="composite1"

+         id="feComposite4676" /><feGaussianBlur

+         in="composite1"

+         stdDeviation="3"

+         result="blur"

+         id="feGaussianBlur4678" /><feOffset

+         dx="16"

+         dy="16"

+         result="offset"

+         id="feOffset4680" /><feComposite

+         in="SourceGraphic"

+         in2="offset"

+         operator="over"

+         result="fbSourceGraphic"

+         id="feComposite4682" /><feColorMatrix

+         result="fbSourceGraphicAlpha"

+         in="fbSourceGraphic"

+         values="0 0 0 -1 0 0 0 0 -1 0 0 0 0 -1 0 0 0 0 1 0"

+         id="feColorMatrix4686" /><feFlood

+         id="feFlood4688"

+         flood-opacity="0.498039"

+         flood-color="rgb(0,0,0)"

+         result="flood"

+         in="fbSourceGraphic" /><feComposite

+         in2="fbSourceGraphic"

+         id="feComposite4690"

+         in="flood"

+         operator="in"

+         result="composite1" /><feGaussianBlur

+         id="feGaussianBlur4692"

+         in="composite1"

+         stdDeviation="3"

+         result="blur" /><feOffset

+         id="feOffset4694"

+         dx="16"

+         dy="16"

+         result="offset" /><feComposite

+         in2="offset"

+         id="feComposite4696"

+         in="fbSourceGraphic"

+         operator="over"

+         result="fbSourceGraphic" /><feColorMatrix

+         result="fbSourceGraphicAlpha"

+         in="fbSourceGraphic"

+         values="0 0 0 -1 0 0 0 0 -1 0 0 0 0 -1 0 0 0 0 1 0"

+         id="feColorMatrix4698" /><feFlood

+         id="feFlood4700"

+         flood-opacity="0.498039"

+         flood-color="rgb(0,0,0)"

+         result="flood"

+         in="fbSourceGraphic" /><feComposite

+         in2="fbSourceGraphic"

+         id="feComposite4702"

+         in="flood"

+         operator="in"

+         result="composite1" /><feGaussianBlur

+         id="feGaussianBlur4704"

+         in="composite1"

+         stdDeviation="3"

+         result="blur" /><feOffset

+         id="feOffset4706"

+         dx="16"

+         dy="16"

+         result="offset" /><feComposite

+         in2="offset"

+         id="feComposite4708"

+         in="fbSourceGraphic"

+         operator="over"

+         result="composite2" /></filter><inkscape:perspective

+       id="perspective4636"

+       inkscape:persp3d-origin="75.5 : 32.666667 : 1"

+       inkscape:vp_z="151 : 49 : 1"

+       inkscape:vp_y="0 : 1000 : 0"

+       inkscape:vp_x="0 : 49 : 1"

+       sodipodi:type="inkscape:persp3d" /><inkscape:perspective

+       id="perspective4636-4"

+       inkscape:persp3d-origin="75.5 : 32.666667 : 1"

+       inkscape:vp_z="151 : 49 : 1"

+       inkscape:vp_y="0 : 1000 : 0"

+       inkscape:vp_x="0 : 49 : 1"

+       sodipodi:type="inkscape:persp3d" /><filter

+       y="-0.25"

+       height="1.5"

+       inkscape:menu-tooltip="Darkens the edge with an inner blur and adds a flexible glow"

+       inkscape:menu="Shadows and Glows"

+       inkscape:label="Dark and Glow"

+       style="color-interpolation-filters:sRGB;"

+       id="filter7493"><feGaussianBlur

+         stdDeviation="5"

+         result="result6"

+         id="feGaussianBlur7483" /><feComposite

+         result="result8"

+         in="SourceGraphic"

+         operator="atop"

+         in2="result6"

+         id="feComposite7485" /><feComposite

+         result="result9"

+         operator="over"

+         in2="SourceAlpha"

+         in="result8"

+         id="feComposite7487" /><feColorMatrix

+         values="1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 1 0 "

+         result="result10"

+         id="feColorMatrix7489" /><feBlend

+         in="result10"

+         mode="normal"

+         in2="result6"

+         id="feBlend7491" /></filter></defs><g

+     inkscape:label="Calque 1"

+     id="g7446"

+     transform="matrix(5.5905096,0,0,6.8498347,89.916518,-6360.8651)"

+     style="filter:url(#filter7493)"><g

+       style="opacity:0.67801855"

+       id="g7444"><path

+         inkscape:connector-curvature="0"

+         id="path7406"

+         d="m 104.7944,978.86598 c 0,13.52888 -13.79395,24.49622 -30.80965,24.49622 -17.01571,0 -30.80966,-10.96734 -30.80966,-24.49622 0,-13.52887 13.79395,-24.4962 30.80966,-24.4962 17.0157,0 30.80965,10.96733 30.80965,24.4962 z"

+         style="fill:#091119;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7408"

+         d="m 103.42412,979.70978 c 0,13.43025 -13.23431,24.31762 -29.55965,24.31762 -16.32535,0 -29.55966,-10.88737 -29.55966,-24.31762 0,-13.43026 13.23431,-24.31763 29.55966,-24.31763 16.32534,0 29.55965,10.88737 29.55965,24.31763 z"

+         style="fill:#eeeeec;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7410"

+         d="m 106.05711,1009.9282 c 0,12.2736 -11.19345,22.2233 -25.00127,22.2233 -13.80783,0 -25.00128,-9.9497 -25.00128,-22.2233 0,-12.27363 11.19345,-22.22337 25.00128,-22.22337 13.80782,0 25.00127,9.94974 25.00127,22.22337 z"

+         style="fill:#eeeeec;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7412"

+         d="m 125.75508,992.7556 c 0,12.2736 -11.19345,22.2234 -25.00127,22.2234 -13.80783,0 -25.00128,-9.9498 -25.00128,-22.2234 0,-12.27362 11.19345,-22.22336 25.00128,-22.22336 13.80782,0 25.00127,9.94974 25.00127,22.22336 z"

+         style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7414"

+         d="m 70.19668,999.82666 c 0,12.27364 -11.19345,22.22334 -25.00127,22.22334 -13.80783,0 -25.00128,-9.9497 -25.00128,-22.22334 0,-12.27362 11.19345,-22.22336 25.00128,-22.22336 13.80782,0 25.00127,9.94974 25.00127,22.22336 z"

+         style="fill:#050a0f;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7416"

+         d="m 72.61576,1000.9598 c 0,12.2736 -11.47328,22.2233 -25.62628,22.2233 -14.153,0 -25.62627,-9.9497 -25.62627,-22.2233 0,-12.27364 11.47327,-22.22338 25.62627,-22.22338 14.153,0 25.62628,9.94974 25.62628,22.22338 z"

+         style="fill:#eeeeec;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7418"

+         d="m 40.3972,1019.2721 c 0,9.9026 -8.93215,17.9302 -19.95051,17.9302 -11.01837,0 -19.95051,-8.0276 -19.95051,-17.9302 0,-9.9026 8.93214,-17.9302 19.95051,-17.9302 11.01836,0 19.95051,8.0276 19.95051,17.9302 z"

+         style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7420"

+         d="m 40.95786,1019.699 c 0,9.3048 -8.77225,16.8479 -19.59337,16.8479 -10.82112,0 -19.59338,-7.5431 -19.59338,-16.8479 0,-9.3049 8.77226,-16.848 19.59338,-16.848 10.82112,0 19.59337,7.5431 19.59337,16.848 z"

+         style="fill:#eeeeec;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7422"

+         d="m 126.18719,994.88834 c 0,12.86536 -11.39333,23.29476 -25.44771,23.29476 -14.05438,0 -25.44771,-10.4294 -25.44771,-23.29476 0,-12.86535 11.39333,-23.29478 25.44771,-23.29478 14.05438,0 25.44771,10.42943 25.44771,23.29478 z"

+         style="fill:#eeeeec;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7424"

+         d="m 150.50382,1000.3317 c 0,12.2737 -11.19345,22.2234 -25.00127,22.2234 -13.80783,0 -25.00128,-9.9497 -25.00128,-22.2234 0,-12.27358 11.19345,-22.22332 25.00128,-22.22332 13.80782,0 25.00127,9.94974 25.00127,22.22332 z"

+         style="fill:#030508;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7426"

+         d="m 149.75861,1000.2455 c 0,11.5833 -11.2734,20.9733 -25.17984,20.9733 -13.90645,0 -25.17985,-9.39 -25.17985,-20.9733 0,-11.58327 11.2734,-20.97337 25.17985,-20.97337 13.90644,0 25.17984,9.3901 25.17984,20.97337 z"

+         style="fill:#eeeeec;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7428"

+         d="m 41.91242,1033.6668 c 0,6.5552 -5.201,11.8693 -11.61676,11.8693 -6.41575,0 -11.61675,-5.3141 -11.61675,-11.8693 0,-6.5553 5.201,-11.8693 11.61675,-11.8693 6.41576,0 11.61676,5.314 11.61676,11.8693 z"

+         style="fill:#030609;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7430"

+         d="m 42.26694,1032.9241 c 0,6.4566 -5.12105,11.6907 -11.43818,11.6907 -6.31714,0 -11.43819,-5.2341 -11.43819,-11.6907 0,-6.4566 5.12105,-11.6908 11.43819,-11.6908 6.31713,0 11.43818,5.2342 11.43818,11.6908 z"

+         style="fill:#eeeeec;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7432"

+         d="m 84.33882,1030.1312 c 0,12.2737 -11.19345,22.2234 -25.00127,22.2234 -13.80783,0 -25.00128,-9.9497 -25.00128,-22.2234 0,-12.2736 11.19345,-22.2233 25.00128,-22.2233 13.80782,0 25.00127,9.9497 25.00127,22.2233 z"

+         style="fill:#050505;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7434"

+         d="m 84.47542,1029.5542 c 0,12.0144 -10.93019,21.7539 -24.41325,21.7539 -13.48308,0 -24.41327,-9.7395 -24.41327,-21.7539 0,-12.0144 10.93019,-21.754 24.41327,-21.754 13.48306,0 24.41325,9.7396 24.41325,21.754 z"

+         style="fill:#eeeeec;fill-opacity:0.99466672;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7436"

+         d="m 139.39213,1020.0297 c 0,12.2736 -11.19345,22.2234 -25.00127,22.2234 -13.80783,0 -25.00128,-9.9498 -25.00128,-22.2234 0,-12.2736 11.19345,-22.22335 25.00128,-22.22335 13.80782,0 25.00127,9.94975 25.00127,22.22335 z"

+         style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7438"

+         d="m 138.06218,1019.7544 c 0,11.8052 -11.21344,21.3752 -25.04592,21.3752 -13.83248,0 -25.04591,-9.57 -25.04591,-21.3752 0,-11.8051 11.21343,-21.37511 25.04591,-21.37511 13.83248,0 25.04592,9.57001 25.04592,21.37511 z"

+         style="fill:#eeeeec;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7440"

+         d="m 90.95831,1047.975 c -7.9716,1.3183 -15.50224,-3.8048 -16.82016,-11.4427 -1.31791,-7.638 4.07596,-14.8984 12.04756,-16.2166 7.9716,-1.3183 15.50224,3.8048 16.82016,11.4428 1.31792,7.6379 -4.07596,14.8983 -12.04756,16.2165 z"

+         style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none" /><path

+         inkscape:connector-curvature="0"

+         id="path7442"

+         d="m 91.26841,1046.5778 c -7.83783,1.3182 -15.2421,-3.8049 -16.5379,-11.4428 -1.2958,-7.6379 4.00756,-14.8984 11.84539,-16.2166 7.83783,-1.3183 15.24211,3.8048 16.53791,11.4428 1.29579,7.6379 -4.00757,14.8983 -11.8454,16.2166 z"

+         style="fill:#eeeeec;fill-opacity:1;fill-rule:nonzero;stroke:none" /></g></g><g

+     transform="matrix(0.71451596,0,0,0.71451596,145.64446,237.62552)"

+     id="g69"><path

+       inkscape:connector-curvature="0"

+       style="fill:#ffffff;stroke:#000000;stroke-width:13.11448288;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"

+       id="path65"

+       d="m 465.388,355.317 c 28.549,0 142.254,0 142.254,0 0,0 -29.512,147.712 -29.562,148.266 -1.721,7.28 -7.158,18.114 -17.398,26.398 l -0.982,0.85 c -8.028,6.277 -19.036,11.183 -33.669,11.183 0,0 -80.374,0 -100.199,0 -3.174,14.971 -10.485,50.391 -14.807,71.465 26.174,0 93.87,0 93.87,0 132.024,0 158.075,-112.477 159.068,-117.022 0,0 37.714,-181.955 44.134,-213.259 -30.935,0 -206.868,0.369 -227.922,0.369 -3.022,14.97 -10.354,50.625 -14.787,71.75 z" /><path

+       inkscape:connector-curvature="0"

+       style="fill:#ffffff;stroke:#000000;stroke-width:13.11448288;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"

+       id="path67"

+       d="m 522.179,483.993 c 3.185,-14.909 10.383,-50.38 14.889,-71.628 -26.357,0 -94.505,0 -94.505,0 -2.038,0 -16.742,-1.004 -28.201,-10.312 -1.781,-1.505 -3.543,-3.153 -5.059,-5.119 -0.204,-0.175 -0.297,-0.257 -0.43,-0.554 -8.95,-11.396 -6.462,-26.204 -5.857,-29.419 0,0 21.136,-102.247 21.197,-102.697 1.73,-7.281 7.127,-17.777 17.131,-26.102 l 1.71,-1.403 c 8.162,-6.185 18.914,-10.721 33.332,-10.721 0,0 80.312,0 100.219,0 3.071,-15.216 10.424,-50.483 14.756,-71.516 -26.215,0 -93.87,0 -93.87,0 -132.086,0 -158.024,112.169 -159.161,116.838 l -21.002,101.98 c -0.102,0.543 -8.786,47.524 17.808,79.289 17.408,20.858 46.551,31.354 86.846,31.354 0.019,0.01 80.311,0.01 100.197,0.01 z" /></g></svg>

\ No newline at end of file

new file mode 100644

@@ -0,0 +1,145 @@

+(in-package :mfa-tool)

+

+(capi:define-interface mfa-tool ()

+  ((%default-account :initarg :default-account :reader default-account)

+   (%signin-url :accessor signin-url))

+  (:panes

+   (output-pane capi:collector-pane :reader output

+                                    :visible-min-width (list :character 80)

+                                    :visible-min-height (list :character 25))

+   (go-button capi:push-button :text "Go!" :callback 'go-on)

+   (mfa-input capi:text-input-pane

+              :title "MFA Token:"

+              :title-position :left

+              :max-characters 6

+              :callback 'go-on

+              :title-args '(:visible-min-width (:character 11))

+              :reader mfa-input)

+   (user-input capi:text-input-pane

+               :title "Email:"

+               :title-position :left

+               :text (format nil "~a@cj.com" (uiop/os:getenv "USER"))

+               :title-args '(:visible-min-width (:character 11))

+               :reader user-input)

+   (account-selector capi:option-pane

+                     :print-function 'car

+                     :items *accounts*

+                     :selected-item (rassoc %default-account *accounts*

+                                            :test 'equal)

+                     :selection-callback 'account-selected

+                     :callback-type :data

+                     :reader account-selector)

+   (action-buttons capi:push-button-panel

+                   :items '(:|Open Web Console|

+                            :|Authorize iTerm|)

+                   :selection-callback 'execute-action

+                   :callback-type :data-interface)

+   (listener-button capi:push-button

+                    :data :|Lisp REPL|

+                          :callback 'execute-action

+                          :callback-type :data-interface))

+  (:layouts

+   (button-layout capi:row-layout

+                  '(nil

+                    go-button))

+   (data-layout  capi:column-layout

+                 '(account-selector

+                   :separator

+                   user-input

+                   mfa-input

+                   button-layout))

+   (action-layout capi:row-layout

+                  `(listener-button

+                    nil

+                    action-buttons))

+   (right-layout capi:column-layout

+                 '(output-pane

+                   action-layout))

+   (main-layout capi:row-layout

+                '(data-layout 

+                  right-layout)))

+

+

+  (:default-initargs

+   :layout 'main-layout

+   :title "CJ AWS Util"))

+

+(defgeneric execute-action (action interface)

+  (:method ((action (eql :|Open Web Console|)) (interface mfa-tool))

+    (open-url (signin-url interface)))

+  (:method ((action (eql :|Authorize iTerm|)) (interface mfa-tool))

+    (uiop:run-program (format nil "osascript '~a'" 

+                              (probe-file 

+                               (merge-pathnames (make-pathname :name "AuthorizeShell" :type "scpt") 

+                                                (bundle-resource-root))))))

+  (:method ((action (eql :|Lisp REPL|)) (interface mfa-tool))

+    (capi:contain (make-instance 'capi:listener-pane)

+                  :best-width 1280

+                  :best-height 800)))

+

+(defun interface (&rest args &key default-account)

+  (declare (ignore default-account))

+  (let ((interface (apply 'make-instance 'mfa-tool args)))

+    (setf (capi:pane-initial-focus interface)

+          (slot-value interface 'mfa-input))

+    (capi:set-button-panel-enabled-items (slot-value interface 'action-buttons)

+                                         :set nil)

+    (capi:set-application-interface (make-instance 'my-app-interface))

+    (capi:display interface)))

+

+(eval-when (:compile-toplevel :load-toplevel :execute)

+  (defun debugging (condition fun)

+    (declare (ignore fun))

+    (let ((*print-readably* nil)

+          (out (make-instance 'capi:collector-pane)))

+      (princ condition (capi:collector-pane-stream out))

+      (prin1 (mapcar 'restart-name

+                     (compute-restarts condition) )

+             (capi:collector-pane-stream out))

+      (capi:contain out)

+      (abort))))

+

+(capi:define-interface my-app-interface (capi:cocoa-default-application-interface)

+  ()

+  (:menus 

+   (edit-menu

+    "Edit"

+    (undo-component standard-edit-component selection-component)

+    :callback-type :interface)

+   (window-menu

+    "Window"

+    (("Close Window" 

+      :accelerator "accelerator-w"

+      :enabled-function 'close-active-screen-enabled

+      :callback 'close-active-screen

+      :callback-type nil)))

+   (standard-edit-component

+    :component

+    (("Cut" :callback 'capi:active-pane-cut

+            :enabled-function 'capi:active-pane-cut-p)

+     ("Copy" :callback 'capi:active-pane-copy

+             :enabled-function 'capi:active-pane-copy-p)

+     ("Paste" :callback 'capi:active-pane-paste

+              :enabled-function 'capi:active-pane-paste-p)))

+

+   (selection-component

+    :component

+    (("Select All" :callback 'capi:active-pane-select-all)))

+   

+   (undo-component

+    :component

+    (("Undo" :data :undo

+             :enabled-function 'capi:active-pane-undo-p

+             :callback 'capi:active-pane-undo))))

+

+  (:menu-bar edit-menu window-menu))

+

+(defun main ()

+  (setf *debugger-hook* 'debugging

+        *print-readably* nil

+        *accounts* (reprocess-accounts (load-accounts)))

+  (ubiquitous:restore :cj.mfa-tool)

+  (let ((*debugger-hook* 'debugging))

+    (setf aws:*session* (aws:make-session))

+    (interface :default-account 

+               (ubiquitous:value :default-account))))

new file mode 100644

@@ -0,0 +1,73 @@

+(in-package :mfa-tool)

+

+(defvar *accounts* ())

+

+(defun session-name ()

+  (format nil "bootstrap~d" (+ 5000 (random 5000))))

+

+(defparameter *user_management_account_id* 597974043991)

+

+

+(defun do-auth (user role token account)

+  (let ((mfa-serial-number

+          (format nil "arn:aws:iam::~a:mfa/~a"

+                  *user_management_account_id*

+                  user))

+        (role-arn

+          (format nil "arn:aws:iam::~a:role/cjorganization/~a"

+                  account

+                  role)))

+    (aws/sts:assume-role :role-arn role-arn

+                         :role-session-name (session-name)

+                         :serial-number mfa-serial-number

+                         :duration-seconds #.(* 12 60 60)

+                         :token-code token)))

+

+(defun get-url (params)

+  (format nil "https://signin.aws.amazon.com/federation?Action=getSigninToken&Session=~a"

+          (quri.encode:url-encode (with-output-to-string (s)

+                                    (yason:encode params s))

+                                  :space-to-plus t)))

+

+(cells:defmodel 

+    sts-result-handler ()

+  ((api-result :initarg :api-result :accessor api-result :initform (cells:c-in nil))

+   (credentials :reader credentials

+                :initform (cells:c? (serapeum:assocdr "Credentials" (^api-result)

+                                                      :test 'equal)))

+   (session-id :reader session-id

+               :initform (cells:c? (serapeum:assocadr "AccessKeyId" (^credentials)

+                                                      :test 'equal)))

+   (session-key :reader session-key 

+                :initform (cells:c? (serapeum:assocadr "SecretAccessKey" (^credentials)

+                                                       :test 'equal)))

+   (session-token :reader session-token 

+                  :initform (cells:c? (serapeum:assocadr "SessionToken" (^credentials)

+                                                         :test 'equal)))

+   (url-params :reader url-params 

+               :initform (cells:c? (fw.lu:alist-string-hash-table

+                                    `(("sessionId" . ,(^session-id))

+                                      ("sessionKey" . ,(^session-key))

+                                      ("sessionToken" . ,(^session-token)))) ))

+   (url :reader url

+        :initform (cells:c? (get-url (^url-params))))))

+

+(defun url-from-signin-token (signin-token)

+  (format nil "https://signin.aws.amazon.com/federation?Action=login&Destination=https%3A%2F%2Fconsole.aws.amazon.com&SigninToken=~a"

+          signin-token))

+

+(defun run-process (account user token)

+  (let* ((api-result (cells:c-in (do-auth user "CJDeveloperAccessRole" token account)))

+         (parser (make-instance 'sts-result-handler :api-result api-result))

+         (federation-url (url parser))

+         (signin-token (gethash "SigninToken" 

+                                (yason:parse

+                                 (dexador:get federation-url)))))

+    (values signin-token

+            parser)))

+

+(defun open-url (url)

+  (capi:contain (make-instance 'capi:browser-pane

+                               :url url)

+                :best-width 1280

+                :best-height 800))

new file mode 100644

@@ -0,0 +1,82 @@

+(in-package :mfa-tool)

+

+(defun account-selected (account)

+  (format t "~s" account)

+  (setf (ubiquitous:value :default-account)

+        (cdr account)))

+

+(defparameter *developer-p* (equal "elangley" (uiop/os:getenv "USER")))

+

+(defun bundle-resource-root ()

+  (make-pathname :directory

+                 (pathname-directory

+                  (objc:invoke-into 'string

+                                    (objc:invoke "NSBundle" "mainBundle") 

+                                    "pathForResource:ofType:" "app" "icns"))))

+

+(defun clear-cookies ()

+  (let ((cookie-storage (objc:invoke "NSHTTPCookieStorage" "sharedHTTPCookieStorage")))

+    (map nil

+         (lambda (cookie) 

+           (objc:invoke cookie-storage "deleteCookie:" cookie))

+         (objc:invoke-into 'array cookie-storage "cookies"))))

+

+(defun go-on (_ interface)

+  (declare (ignore _))

+  (let ((token (capi:text-input-pane-text (mfa-input interface)))

+        (user-name (capi:text-input-pane-text (user-input interface)))

+        (account (cdr (capi:choice-selected-item (account-selector interface)))))

+    (clear-cookies)

+    (multiple-value-bind (signin-token creds) (run-process account user-name token)

+      (with-open-file (stream (make-pathname :name ""

+                                             :type "cj-aws"

+                                             :defaults (user-homedir-pathname))

+                              :direction :output

+                              :if-exists :rename

+                              :if-does-not-exist :create)

+        (format (make-broadcast-stream stream

+                                       (capi:collector-pane-stream (output interface)))

+                "export AWS_ACCESS_KEY_ID='~a'~%export AWS_SECRET_ACCESS_KEY='~a'~%export AWS_SESSION_TOKEN='~a'~%"

+                (session-id creds)

+                (session-key creds)

+                (session-token creds)))

+      (capi:set-button-panel-enabled-items (slot-value interface 'action-buttons)

+                                           :set t)

+      (setf (signin-url interface) 

+            (url-from-signin-token signin-token)))))

+

+(defun close-active-screen ()

+  (let ((active-interface

+          (capi:screen-active-interface

+           (capi:convert-to-screen))))

+    (unless (typep active-interface 'mfa-tool)

+      (capi:destroy active-interface))))

+

+

+(defun close-active-screen-enabled ()

+  (let ((active-interface

+          (capi:screen-active-interface

+           (capi:convert-to-screen))))

+    (typep active-interface '(not mfa-tool))))

+

+(defun load-accounts ()

+  (yason:parse

+   (alexandria:read-file-into-string

+    (merge-pathnames (make-pathname :name "accounts"

+                                    :type "json")

+                     (bundle-resource-root)))))

+

+(defun reprocess-accounts (accounts)

+  (let ((accounts (gethash "Accounts" accounts))

+        (result ()))

+    (mapc (lambda (account)

+            (push (cons (format nil "~a (~a)" 

+                                (gethash "Name" account)

+                                (gethash "Type" account))

+                        (gethash "Id" account))

+                  result))

+          accounts)

+    (coerce (sort result 'string-lessp 

+                  :key 'car)

+            'list)))

+

new file mode 100644

@@ -0,0 +1,3 @@

+(defpackage :mfa-tool

+  (:use :cl)

+  (:export :main))