Browse code
chore: fix credential provision
(This also needs code from my fork of aws-sdk-lisp)
Edward Langley authored on 12/10/2019 00:54:33Showing 4 changed files
... | ... |
@@ -169,7 +169,7 @@ |
169 | 169 |
(defun run (&optional accounts) |
170 | 170 |
(setf *print-readably* nil |
171 | 171 |
*accounts* (reprocess-accounts (load-accounts accounts)) |
172 |
- aws:*session* (fwoar.credential-provider:make-aws-session)) |
|
172 |
+ aws:*session* (mfa-tool.credential-provider:make-aws-session)) |
|
173 | 173 |
(ubiquitous:restore :cj.mfa-tool) |
174 | 174 |
(interface :default-account |
175 | 175 |
(ubiquitous:value :default-account))) |
... | ... |
@@ -179,20 +179,42 @@ |
179 | 179 |
:type "json"))) |
180 | 180 |
(run accounts)) |
181 | 181 |
|
182 |
-(eval-when (:compile-toplevel :load-toplevel :execute) |
|
183 |
- (defun debugging (condition fun) |
|
184 |
- (declare (ignore fun)) |
|
185 |
- (let ((*print-readably* nil) |
|
186 |
- (out (make-instance 'capi:collector-pane))) |
|
187 |
- (princ condition (capi:collector-pane-stream out)) |
|
188 |
- (prin1 (mapcar 'restart-name |
|
189 |
- (compute-restarts condition) ) |
|
190 |
- (capi:collector-pane-stream out)) |
|
191 |
- (capi:contain out) |
|
192 |
- (abort)))) |
|
182 |
+(defun debugging (condition fun) |
|
183 |
+ (declare (ignore fun)) |
|
184 |
+ (let ((*print-readably* nil) |
|
185 |
+ (out (make-instance 'capi:collector-pane))) |
|
186 |
+ (princ condition (capi:collector-pane-stream out)) |
|
187 |
+ (prin1 (mapcar 'restart-name |
|
188 |
+ (compute-restarts condition) ) |
|
189 |
+ (capi:collector-pane-stream out)) |
|
190 |
+ (typecase condition |
|
191 |
+ (aws-sdk:no-credentials |
|
192 |
+ (fresh-line (capi:collector-pane-stream out)) |
|
193 |
+ (format (capi:collector-pane-stream out) "Credentials file ~:[doesn't~;does~] exist for me~%" |
|
194 |
+ (probe-file (merge-pathnames ".aws/credentials" |
|
195 |
+ (user-homedir-pathname)))) |
|
196 |
+ (when (probe-file (merge-pathnames ".aws/credentials" |
|
197 |
+ (user-homedir-pathname))) |
|
198 |
+ (princ (alexandria:read-file-into-string (merge-pathnames ".aws/credentials" |
|
199 |
+ (user-homedir-pathname))) |
|
200 |
+ (capi:collector-pane-stream out))) |
|
201 |
+ (terpri (capi:collector-pane-stream out)) |
|
202 |
+ (mfa-tool.credential-provider:debug-provider (capi:collector-pane-stream out)) |
|
203 |
+ (terpri (capi:collector-pane-stream out)) |
|
204 |
+ (terpri) |
|
205 |
+ )) |
|
206 |
+ (dbg:output-backtrace :stream (capi:collector-pane-stream out)) |
|
207 |
+ (terpri) |
|
208 |
+ (terpri) |
|
209 |
+ (capi:contain out) |
|
210 |
+ (dbg:log-bug-form "fail") |
|
211 |
+ (abort))) |
|
193 | 212 |
|
194 | 213 |
(defun main () |
214 |
+ (mfa-tool.credential-provider:setup-default-chain) |
|
215 |
+ (mfa-tool.pprint-setup:setup-pprint) |
|
195 | 216 |
(setf *debugger-hook* 'debugging) |
196 | 217 |
(capi:set-application-interface (make-instance 'my-app-interface)) |
197 | 218 |
(show-splash) |
219 |
+ (princ (user-homedir-pathname) *standard-output*) |
|
198 | 220 |
(run)) |
... | ... |
@@ -1,8 +1,9 @@ |
1 |
-(defpackage :fwoar.credential-provider |
|
1 |
+(defpackage :mfa-tool.credential-provider |
|
2 | 2 |
(:use :cl ) |
3 |
- (:export |
|
4 |
- #:make-aws-session)) |
|
5 |
-(in-package :fwoar.credential-provider) |
|
3 |
+ (:export #:make-aws-session |
|
4 |
+ #:debug-provider |
|
5 |
+ #:setup-default-chain)) |
|
6 |
+(in-package :mfa-tool.credential-provider) |
|
6 | 7 |
|
7 | 8 |
(defstruct hash-ref name hash-table) |
8 | 9 |
(defstruct leaf name value) |
... | ... |
@@ -54,8 +55,7 @@ |
54 | 55 |
:my-builder))) |
55 | 56 |
|
56 | 57 |
(defclass fwoar-provider (aws-sdk/credentials/base:provider) |
57 |
- ((file :initarg :file |
|
58 |
- :initform #P"~/.aws/credentials") |
|
58 |
+ ((file :initarg :file :initform (error "must pass a file name")) |
|
59 | 59 |
(profile :initarg :profile |
60 | 60 |
:initform aws-sdk:*aws-profile* |
61 | 61 |
:accessor provider-profile) |
... | ... |
@@ -69,7 +69,7 @@ |
69 | 69 |
(parse-ini file))))) |
70 | 70 |
|
71 | 71 |
(defmethod aws-sdk/credentials/base:retrieve ((provider fwoar-provider)) |
72 |
- (with-slots (retrievedp file) provider |
|
72 |
+ (with-slots (retrievedp) provider |
|
73 | 73 |
(setf retrievedp nil) |
74 | 74 |
(let ((section (read-credentials provider))) |
75 | 75 |
(when section |
... | ... |
@@ -80,8 +80,43 @@ |
80 | 80 |
:session-token (gethash "aws_session_token" section) |
81 | 81 |
:provider-name "fwoar-provider"))))) |
82 | 82 |
|
83 |
+(defclass ubiquitous-provider (aws-sdk/credentials/base:provider) |
|
84 |
+ ((retrievedp :initform nil))) |
|
85 |
+ |
|
86 |
+(defmethod aws-sdk/credentials/base:retrieve ((provider ubiquitous-provider)) |
|
87 |
+ (when (and (ubiquitous:value :aws :access-key-id) |
|
88 |
+ (ubiquitous:value :aws :secret-access-key)) |
|
89 |
+ (aws-sdk:make-credentials |
|
90 |
+ :access-key-id (ubiquitous:value :aws :access-key-id) |
|
91 |
+ :secret-access-key (ubiquitous:value :aws :secret-access-key) |
|
92 |
+ :session-token (ubiquitous:value :aws :session-token) |
|
93 |
+ :provider-name "ubiquitous-provider"))) |
|
94 |
+ |
|
95 |
+(defun save-ubiquitous-credentials (credentials) |
|
96 |
+ (setf (ubiquitous:value :aws :access-key-id) |
|
97 |
+ (aws-sdk/credentials/base:credentials-access-key-id credentials) |
|
98 |
+ |
|
99 |
+ (ubiquitous:value :aws :secret-access-key) |
|
100 |
+ (aws-sdk/credentials/base:credentials-secret-access-key credentials) |
|
101 |
+ |
|
102 |
+ (ubiquitous:value :aws :session-token) |
|
103 |
+ (aws-sdk/credentials/base:credentials-session-token credentials))) |
|
104 |
+ |
|
83 | 105 |
(defun make-aws-session () |
84 | 106 |
(let ((aws-sdk/credentials::*chained-providers* |
85 |
- (list* (make-instance 'fwoar-provider) |
|
86 |
- aws-sdk/credentials::*chained-providers*))) |
|
107 |
+ (list (make-instance 'fwoar-provider :file (merge-pathnames ".aws/credentials" |
|
108 |
+ (user-homedir-pathname))) |
|
109 |
+ (make-instance 'ubiquitous-provider)))) |
|
87 | 110 |
(aws:make-session :credentials (aws:default-aws-credentials)))) |
111 |
+ |
|
112 |
+(defun debug-provider (s) |
|
113 |
+ (pprint (read-credentials (make-instance 'fwoar-provider |
|
114 |
+ :file (merge-pathnames ".aws/credentials" |
|
115 |
+ (user-homedir-pathname)))) |
|
116 |
+ s)) |
|
117 |
+ |
|
118 |
+(defun setup-default-chain () |
|
119 |
+ (setf aws-sdk/credentials::*chained-providers* |
|
120 |
+ (list (make-instance 'fwoar-provider :file (merge-pathnames ".aws/credentials" |
|
121 |
+ (user-homedir-pathname))) |
|
122 |
+ (make-instance 'ubiquitous-provider)))) |
... | ... |
@@ -97,11 +97,12 @@ |
97 | 97 |
(loop |
98 | 98 |
(restart-bind ((set-aws-credentials (lambda (access-key-id secret-access-key) |
99 | 99 |
(setf aws:*session* |
100 |
- (aws:make-session :credentials (aws:make-credentials |
|
101 |
- :access-key-id access-key-id |
|
102 |
- :secret-access-key secret-access-key |
|
103 |
- :session-token nil |
|
104 |
- :provider-name "restart-provider"))) |
|
100 |
+ (aws:make-session |
|
101 |
+ :credentials (aws:make-credentials |
|
102 |
+ :access-key-id access-key-id |
|
103 |
+ :secret-access-key secret-access-key |
|
104 |
+ :session-token nil |
|
105 |
+ :provider-name "restart-provider"))) |
|
105 | 106 |
(continue)) |
106 | 107 |
:interactive-function 'read-new-aws-credentials |
107 | 108 |
:report-function (lambda (s) |