Browse code
feat(creds): add role selector
Edward Langley authored on 25/01/2020 23:32:58Showing 6 changed files
- src/aws-utils.lisp
- src/capi-interface.lisp
- src/capi-utils.lisp
- src/domain.lisp
- src/mfa-tool.lisp
- src/package.lisp
| ... | ... |
@@ -7,6 +7,8 @@ |
| 7 | 7 |
|
| 8 | 8 |
(fw.lu:defclass+ cj-developer-role ((cj-organization-role (account))) |
| 9 | 9 |
()) |
| 10 |
+(fw.lu:defclass+ cj-provisioner-role ((cj-organization-role (account))) |
|
| 11 |
+ ()) |
|
| 10 | 12 |
|
| 11 | 13 |
(defgeneric arn-for (type account resource) |
| 12 | 14 |
(:method-combination list :most-specific-last) |
| ... | ... |
@@ -26,8 +28,16 @@ |
| 26 | 28 |
"cjorganization") |
| 27 | 29 |
(:method list ((type (eql :role)) account (role cj-developer-role)) |
| 28 | 30 |
"CJDeveloperAccessRole") |
| 31 |
+ (:method list ((type (eql :role)) account (role cj-provisioner-role)) |
|
| 32 |
+ "CJProvisionerAccessRole") |
|
| 29 | 33 |
(:method list ((type (eql :role)) account (role string)) |
| 30 | 34 |
role)) |
| 31 | 35 |
|
| 32 | 36 |
(defun cj-organization-role-arn (role) |
| 33 | 37 |
(arn-for :role (account role) role)) |
| 38 |
+ |
|
| 39 |
+(defgeneric session-duration (role) |
|
| 40 |
+ (:method ((role cj-developer-role)) |
|
| 41 |
+ :max) |
|
| 42 |
+ (:method ((role cj-provisioner-role)) |
|
| 43 |
+ #.(* 60 60))) |
| ... | ... |
@@ -30,6 +30,10 @@ |
| 30 | 30 |
:selection-callback 'account-selected |
| 31 | 31 |
:callback-type :data |
| 32 | 32 |
:reader account-selector) |
| 33 |
+ (role-selector capi:option-pane |
|
| 34 |
+ :items '(:|Developer Role| :|Provisioner Role|) |
|
| 35 |
+ :reader role-selector |
|
| 36 |
+ :selected-item keyword:|Developer Role|) |
|
| 33 | 37 |
(action-buttons capi:push-button-panel |
| 34 | 38 |
:items '(:|Open Web Console| |
| 35 | 39 |
:|Authorize iTerm| |
| ... | ... |
@@ -46,6 +50,7 @@ |
| 46 | 50 |
go-button)) |
| 47 | 51 |
(data-layout capi:column-layout |
| 48 | 52 |
'(account-selector |
| 53 |
+ role-selector |
|
| 49 | 54 |
:separator |
| 50 | 55 |
user-input |
| 51 | 56 |
mfa-input |
| ... | ... |
@@ -5,4 +5,50 @@ |
| 5 | 5 |
:url url) |
| 6 | 6 |
:title "Management Console" |
| 7 | 7 |
:best-width 1280 |
| 8 |
- :best-height 800)) |
|
| 8 |
+ :best-height 800) |
|
| 9 |
+ #+(or) |
|
| 10 |
+ (let* ((history (make-instance 'capi:list-panel |
|
| 11 |
+ :items (list (make-instance 'capi:item |
|
| 12 |
+ :text "start" |
|
| 13 |
+ :data "https://foo.com")) |
|
| 14 |
+ :selection-callback |
|
| 15 |
+ (lambda (data interface) |
|
| 16 |
+ (capi:display-message "~S" data)) |
|
| 17 |
+ :visible-max-width '(:character 20))) |
|
| 18 |
+ (browser (make-instance 'capi:browser-pane |
|
| 19 |
+ :url url |
|
| 20 |
+ :before-navigate-callback |
|
| 21 |
+ (lambda (pane url &key &allow-other-keys) |
|
| 22 |
+ (declare (ignore pane)) |
|
| 23 |
+ (capi:apply-in-pane-process-if-alive |
|
| 24 |
+ history |
|
| 25 |
+ (lambda () |
|
| 26 |
+ (capi:append-items history |
|
| 27 |
+ (list (make-instance 'capi:item |
|
| 28 |
+ :collection history |
|
| 29 |
+ :data url)))))) |
|
| 30 |
+ :navigate-complete-callback |
|
| 31 |
+ (lambda (pane url _) |
|
| 32 |
+ (declare (ignore _)) |
|
| 33 |
+ (capi:apply-in-pane-process-if-alive |
|
| 34 |
+ history |
|
| 35 |
+ (lambda () |
|
| 36 |
+ (setf (capi:collection-items history) |
|
| 37 |
+ (concatenate 'simple-vector |
|
| 38 |
+ (capi:collection-items history) |
|
| 39 |
+ (list (make-instance 'capi:item |
|
| 40 |
+ :text |
|
| 41 |
+ (capi:browser-pane-title pane) |
|
| 42 |
+ :data url))))))) |
|
| 43 |
+ :new-window-callback |
|
| 44 |
+ (lambda (pane url &key &allow-other-keys) |
|
| 45 |
+ (capi:apply-in-pane-process-if-alive |
|
| 46 |
+ pane 'capi:browser-pane-navigate pane url) |
|
| 47 |
+ nil) |
|
| 48 |
+ )) |
|
| 49 |
+ (browser-interface (make-instance 'capi:row-layout |
|
| 50 |
+ :description (list history browser)))) |
|
| 51 |
+ (capi:contain browser-interface |
|
| 52 |
+ :title "Management Console" |
|
| 53 |
+ :best-width 1280 |
|
| 54 |
+ :best-height 800))) |
| ... | ... |
@@ -17,7 +17,10 @@ |
| 17 | 17 |
(aws/sts:assume-role :role-arn role-arn |
| 18 | 18 |
:role-session-name (session-name) |
| 19 | 19 |
:serial-number mfa-serial-number |
| 20 |
- :duration-seconds #.(* 12 60 60) |
|
| 20 |
+ :duration-seconds (if (eql (mfa-tool.aws-utils:session-duration role) |
|
| 21 |
+ :max) |
|
| 22 |
+ #.(* 12 60 60) |
|
| 23 |
+ (mfa-tool.aws-utils:session-duration role)) |
|
| 21 | 24 |
:token-code token)) |
| 22 | 25 |
(change-mfa-token (new-token) |
| 23 | 26 |
:interactive read-new-mfa-token |
| ... | ... |
@@ -11,10 +11,12 @@ |
| 11 | 11 |
|
| 12 | 12 |
(defun current-account (interface) |
| 13 | 13 |
(cdr (capi:choice-selected-item (account-selector interface)))) |
| 14 |
+(defun current-role (interface) |
|
| 15 |
+ (capi:choice-selected-item (role-selector interface))) |
|
| 14 | 16 |
|
| 15 | 17 |
(defun credentials-for-account (interface account) |
| 16 |
- (gethash account |
|
| 17 |
- (assumed-credentials interface))) |
|
| 18 |
+ (gethash account |
|
| 19 |
+ (assumed-credentials interface))) |
|
| 18 | 20 |
(defun (setf credentials-for-account) (new-credentials interface account) |
| 19 | 21 |
(setf (gethash account |
| 20 | 22 |
(assumed-credentials interface)) |
| ... | ... |
@@ -69,7 +71,9 @@ |
| 69 | 71 |
(change-mfa-token new-code)) |
| 70 | 72 |
(capi:abort-callback))))))) |
| 71 | 73 |
(authenticate user-name |
| 72 |
- (cj-developer-role account) |
|
| 74 |
+ (ecase (current-role interface) |
|
| 75 |
+ (:|Developer Role| (cj-developer-role account)) |
|
| 76 |
+ (:|Provisioner Role| (cj-provisioner-role account))) |
|
| 73 | 77 |
token)) |
| 74 | 78 |
(with-open-file (stream (make-pathname :name "" |
| 75 | 79 |
:type "cj-aws" |
| ... | ... |
@@ -1,15 +1,18 @@ |
| 1 | 1 |
(defpackage :mfa-tool.aws-utils |
| 2 | 2 |
(:use :cl) |
| 3 | 3 |
(:export #:cj-organization-role |
| 4 |
+ #:cj-provisioner-role |
|
| 4 | 5 |
#:cj-developer-role |
| 5 | 6 |
#:arn-for |
| 6 |
- #:cj-organization-role-arn)) |
|
| 7 |
+ #:cj-organization-role-arn |
|
| 8 |
+ #:session-duration)) |
|
| 7 | 9 |
|
| 8 | 10 |
(defpackage :mfa-tool |
| 9 | 11 |
(:use :cl) |
| 10 | 12 |
(:import-from :mfa-tool.aws-utils |
| 11 | 13 |
#:cj-organization-role-arn |
| 12 | 14 |
#:cj-developer-role |
| 15 |
+ #:cj-provisioner-role |
|
| 13 | 16 |
#:arn-for) |
| 14 | 17 |
(:export :main |
| 15 | 18 |
:url |