Browse code
chore: fix credential provision
(This also needs code from my fork of aws-sdk-lisp)
Edward Langley authored on 12/10/2019 00:54:33Showing 4 changed files
| ... | ... |
@@ -169,7 +169,7 @@ |
| 169 | 169 |
(defun run (&optional accounts) |
| 170 | 170 |
(setf *print-readably* nil |
| 171 | 171 |
*accounts* (reprocess-accounts (load-accounts accounts)) |
| 172 |
- aws:*session* (fwoar.credential-provider:make-aws-session)) |
|
| 172 |
+ aws:*session* (mfa-tool.credential-provider:make-aws-session)) |
|
| 173 | 173 |
(ubiquitous:restore :cj.mfa-tool) |
| 174 | 174 |
(interface :default-account |
| 175 | 175 |
(ubiquitous:value :default-account))) |
| ... | ... |
@@ -179,20 +179,42 @@ |
| 179 | 179 |
:type "json"))) |
| 180 | 180 |
(run accounts)) |
| 181 | 181 |
|
| 182 |
-(eval-when (:compile-toplevel :load-toplevel :execute) |
|
| 183 |
- (defun debugging (condition fun) |
|
| 184 |
- (declare (ignore fun)) |
|
| 185 |
- (let ((*print-readably* nil) |
|
| 186 |
- (out (make-instance 'capi:collector-pane))) |
|
| 187 |
- (princ condition (capi:collector-pane-stream out)) |
|
| 188 |
- (prin1 (mapcar 'restart-name |
|
| 189 |
- (compute-restarts condition) ) |
|
| 190 |
- (capi:collector-pane-stream out)) |
|
| 191 |
- (capi:contain out) |
|
| 192 |
- (abort)))) |
|
| 182 |
+(defun debugging (condition fun) |
|
| 183 |
+ (declare (ignore fun)) |
|
| 184 |
+ (let ((*print-readably* nil) |
|
| 185 |
+ (out (make-instance 'capi:collector-pane))) |
|
| 186 |
+ (princ condition (capi:collector-pane-stream out)) |
|
| 187 |
+ (prin1 (mapcar 'restart-name |
|
| 188 |
+ (compute-restarts condition) ) |
|
| 189 |
+ (capi:collector-pane-stream out)) |
|
| 190 |
+ (typecase condition |
|
| 191 |
+ (aws-sdk:no-credentials |
|
| 192 |
+ (fresh-line (capi:collector-pane-stream out)) |
|
| 193 |
+ (format (capi:collector-pane-stream out) "Credentials file ~:[doesn't~;does~] exist for me~%" |
|
| 194 |
+ (probe-file (merge-pathnames ".aws/credentials" |
|
| 195 |
+ (user-homedir-pathname)))) |
|
| 196 |
+ (when (probe-file (merge-pathnames ".aws/credentials" |
|
| 197 |
+ (user-homedir-pathname))) |
|
| 198 |
+ (princ (alexandria:read-file-into-string (merge-pathnames ".aws/credentials" |
|
| 199 |
+ (user-homedir-pathname))) |
|
| 200 |
+ (capi:collector-pane-stream out))) |
|
| 201 |
+ (terpri (capi:collector-pane-stream out)) |
|
| 202 |
+ (mfa-tool.credential-provider:debug-provider (capi:collector-pane-stream out)) |
|
| 203 |
+ (terpri (capi:collector-pane-stream out)) |
|
| 204 |
+ (terpri) |
|
| 205 |
+ )) |
|
| 206 |
+ (dbg:output-backtrace :stream (capi:collector-pane-stream out)) |
|
| 207 |
+ (terpri) |
|
| 208 |
+ (terpri) |
|
| 209 |
+ (capi:contain out) |
|
| 210 |
+ (dbg:log-bug-form "fail") |
|
| 211 |
+ (abort))) |
|
| 193 | 212 |
|
| 194 | 213 |
(defun main () |
| 214 |
+ (mfa-tool.credential-provider:setup-default-chain) |
|
| 215 |
+ (mfa-tool.pprint-setup:setup-pprint) |
|
| 195 | 216 |
(setf *debugger-hook* 'debugging) |
| 196 | 217 |
(capi:set-application-interface (make-instance 'my-app-interface)) |
| 197 | 218 |
(show-splash) |
| 219 |
+ (princ (user-homedir-pathname) *standard-output*) |
|
| 198 | 220 |
(run)) |
| ... | ... |
@@ -1,8 +1,9 @@ |
| 1 |
-(defpackage :fwoar.credential-provider |
|
| 1 |
+(defpackage :mfa-tool.credential-provider |
|
| 2 | 2 |
(:use :cl ) |
| 3 |
- (:export |
|
| 4 |
- #:make-aws-session)) |
|
| 5 |
-(in-package :fwoar.credential-provider) |
|
| 3 |
+ (:export #:make-aws-session |
|
| 4 |
+ #:debug-provider |
|
| 5 |
+ #:setup-default-chain)) |
|
| 6 |
+(in-package :mfa-tool.credential-provider) |
|
| 6 | 7 |
|
| 7 | 8 |
(defstruct hash-ref name hash-table) |
| 8 | 9 |
(defstruct leaf name value) |
| ... | ... |
@@ -54,8 +55,7 @@ |
| 54 | 55 |
:my-builder))) |
| 55 | 56 |
|
| 56 | 57 |
(defclass fwoar-provider (aws-sdk/credentials/base:provider) |
| 57 |
- ((file :initarg :file |
|
| 58 |
- :initform #P"~/.aws/credentials") |
|
| 58 |
+ ((file :initarg :file :initform (error "must pass a file name")) |
|
| 59 | 59 |
(profile :initarg :profile |
| 60 | 60 |
:initform aws-sdk:*aws-profile* |
| 61 | 61 |
:accessor provider-profile) |
| ... | ... |
@@ -69,7 +69,7 @@ |
| 69 | 69 |
(parse-ini file))))) |
| 70 | 70 |
|
| 71 | 71 |
(defmethod aws-sdk/credentials/base:retrieve ((provider fwoar-provider)) |
| 72 |
- (with-slots (retrievedp file) provider |
|
| 72 |
+ (with-slots (retrievedp) provider |
|
| 73 | 73 |
(setf retrievedp nil) |
| 74 | 74 |
(let ((section (read-credentials provider))) |
| 75 | 75 |
(when section |
| ... | ... |
@@ -80,8 +80,43 @@ |
| 80 | 80 |
:session-token (gethash "aws_session_token" section) |
| 81 | 81 |
:provider-name "fwoar-provider"))))) |
| 82 | 82 |
|
| 83 |
+(defclass ubiquitous-provider (aws-sdk/credentials/base:provider) |
|
| 84 |
+ ((retrievedp :initform nil))) |
|
| 85 |
+ |
|
| 86 |
+(defmethod aws-sdk/credentials/base:retrieve ((provider ubiquitous-provider)) |
|
| 87 |
+ (when (and (ubiquitous:value :aws :access-key-id) |
|
| 88 |
+ (ubiquitous:value :aws :secret-access-key)) |
|
| 89 |
+ (aws-sdk:make-credentials |
|
| 90 |
+ :access-key-id (ubiquitous:value :aws :access-key-id) |
|
| 91 |
+ :secret-access-key (ubiquitous:value :aws :secret-access-key) |
|
| 92 |
+ :session-token (ubiquitous:value :aws :session-token) |
|
| 93 |
+ :provider-name "ubiquitous-provider"))) |
|
| 94 |
+ |
|
| 95 |
+(defun save-ubiquitous-credentials (credentials) |
|
| 96 |
+ (setf (ubiquitous:value :aws :access-key-id) |
|
| 97 |
+ (aws-sdk/credentials/base:credentials-access-key-id credentials) |
|
| 98 |
+ |
|
| 99 |
+ (ubiquitous:value :aws :secret-access-key) |
|
| 100 |
+ (aws-sdk/credentials/base:credentials-secret-access-key credentials) |
|
| 101 |
+ |
|
| 102 |
+ (ubiquitous:value :aws :session-token) |
|
| 103 |
+ (aws-sdk/credentials/base:credentials-session-token credentials))) |
|
| 104 |
+ |
|
| 83 | 105 |
(defun make-aws-session () |
| 84 | 106 |
(let ((aws-sdk/credentials::*chained-providers* |
| 85 |
- (list* (make-instance 'fwoar-provider) |
|
| 86 |
- aws-sdk/credentials::*chained-providers*))) |
|
| 107 |
+ (list (make-instance 'fwoar-provider :file (merge-pathnames ".aws/credentials" |
|
| 108 |
+ (user-homedir-pathname))) |
|
| 109 |
+ (make-instance 'ubiquitous-provider)))) |
|
| 87 | 110 |
(aws:make-session :credentials (aws:default-aws-credentials)))) |
| 111 |
+ |
|
| 112 |
+(defun debug-provider (s) |
|
| 113 |
+ (pprint (read-credentials (make-instance 'fwoar-provider |
|
| 114 |
+ :file (merge-pathnames ".aws/credentials" |
|
| 115 |
+ (user-homedir-pathname)))) |
|
| 116 |
+ s)) |
|
| 117 |
+ |
|
| 118 |
+(defun setup-default-chain () |
|
| 119 |
+ (setf aws-sdk/credentials::*chained-providers* |
|
| 120 |
+ (list (make-instance 'fwoar-provider :file (merge-pathnames ".aws/credentials" |
|
| 121 |
+ (user-homedir-pathname))) |
|
| 122 |
+ (make-instance 'ubiquitous-provider)))) |
| ... | ... |
@@ -97,11 +97,12 @@ |
| 97 | 97 |
(loop |
| 98 | 98 |
(restart-bind ((set-aws-credentials (lambda (access-key-id secret-access-key) |
| 99 | 99 |
(setf aws:*session* |
| 100 |
- (aws:make-session :credentials (aws:make-credentials |
|
| 101 |
- :access-key-id access-key-id |
|
| 102 |
- :secret-access-key secret-access-key |
|
| 103 |
- :session-token nil |
|
| 104 |
- :provider-name "restart-provider"))) |
|
| 100 |
+ (aws:make-session |
|
| 101 |
+ :credentials (aws:make-credentials |
|
| 102 |
+ :access-key-id access-key-id |
|
| 103 |
+ :secret-access-key secret-access-key |
|
| 104 |
+ :session-token nil |
|
| 105 |
+ :provider-name "restart-provider"))) |
|
| 105 | 106 |
(continue)) |
| 106 | 107 |
:interactive-function 'read-new-aws-credentials |
| 107 | 108 |
:report-function (lambda (s) |