Browse code
feat(creds): add role selector
Edward Langley authored on 25/01/2020 23:32:58
Showing 6 changed files
Showing 6 changed files
- src/aws-utils.lisp
- src/capi-interface.lisp
- src/capi-utils.lisp
- src/domain.lisp
- src/mfa-tool.lisp
- src/package.lisp
... | ... |
@@ -7,6 +7,8 @@ |
7 | 7 |
|
8 | 8 |
(fw.lu:defclass+ cj-developer-role ((cj-organization-role (account))) |
9 | 9 |
()) |
10 |
+(fw.lu:defclass+ cj-provisioner-role ((cj-organization-role (account))) |
|
11 |
+ ()) |
|
10 | 12 |
|
11 | 13 |
(defgeneric arn-for (type account resource) |
12 | 14 |
(:method-combination list :most-specific-last) |
... | ... |
@@ -26,8 +28,16 @@ |
26 | 28 |
"cjorganization") |
27 | 29 |
(:method list ((type (eql :role)) account (role cj-developer-role)) |
28 | 30 |
"CJDeveloperAccessRole") |
31 |
+ (:method list ((type (eql :role)) account (role cj-provisioner-role)) |
|
32 |
+ "CJProvisionerAccessRole") |
|
29 | 33 |
(:method list ((type (eql :role)) account (role string)) |
30 | 34 |
role)) |
31 | 35 |
|
32 | 36 |
(defun cj-organization-role-arn (role) |
33 | 37 |
(arn-for :role (account role) role)) |
38 |
+ |
|
39 |
+(defgeneric session-duration (role) |
|
40 |
+ (:method ((role cj-developer-role)) |
|
41 |
+ :max) |
|
42 |
+ (:method ((role cj-provisioner-role)) |
|
43 |
+ #.(* 60 60))) |
... | ... |
@@ -30,6 +30,10 @@ |
30 | 30 |
:selection-callback 'account-selected |
31 | 31 |
:callback-type :data |
32 | 32 |
:reader account-selector) |
33 |
+ (role-selector capi:option-pane |
|
34 |
+ :items '(:|Developer Role| :|Provisioner Role|) |
|
35 |
+ :reader role-selector |
|
36 |
+ :selected-item keyword:|Developer Role|) |
|
33 | 37 |
(action-buttons capi:push-button-panel |
34 | 38 |
:items '(:|Open Web Console| |
35 | 39 |
:|Authorize iTerm| |
... | ... |
@@ -46,6 +50,7 @@ |
46 | 50 |
go-button)) |
47 | 51 |
(data-layout capi:column-layout |
48 | 52 |
'(account-selector |
53 |
+ role-selector |
|
49 | 54 |
:separator |
50 | 55 |
user-input |
51 | 56 |
mfa-input |
... | ... |
@@ -5,4 +5,50 @@ |
5 | 5 |
:url url) |
6 | 6 |
:title "Management Console" |
7 | 7 |
:best-width 1280 |
8 |
- :best-height 800)) |
|
8 |
+ :best-height 800) |
|
9 |
+ #+(or) |
|
10 |
+ (let* ((history (make-instance 'capi:list-panel |
|
11 |
+ :items (list (make-instance 'capi:item |
|
12 |
+ :text "start" |
|
13 |
+ :data "https://foo.com")) |
|
14 |
+ :selection-callback |
|
15 |
+ (lambda (data interface) |
|
16 |
+ (capi:display-message "~S" data)) |
|
17 |
+ :visible-max-width '(:character 20))) |
|
18 |
+ (browser (make-instance 'capi:browser-pane |
|
19 |
+ :url url |
|
20 |
+ :before-navigate-callback |
|
21 |
+ (lambda (pane url &key &allow-other-keys) |
|
22 |
+ (declare (ignore pane)) |
|
23 |
+ (capi:apply-in-pane-process-if-alive |
|
24 |
+ history |
|
25 |
+ (lambda () |
|
26 |
+ (capi:append-items history |
|
27 |
+ (list (make-instance 'capi:item |
|
28 |
+ :collection history |
|
29 |
+ :data url)))))) |
|
30 |
+ :navigate-complete-callback |
|
31 |
+ (lambda (pane url _) |
|
32 |
+ (declare (ignore _)) |
|
33 |
+ (capi:apply-in-pane-process-if-alive |
|
34 |
+ history |
|
35 |
+ (lambda () |
|
36 |
+ (setf (capi:collection-items history) |
|
37 |
+ (concatenate 'simple-vector |
|
38 |
+ (capi:collection-items history) |
|
39 |
+ (list (make-instance 'capi:item |
|
40 |
+ :text |
|
41 |
+ (capi:browser-pane-title pane) |
|
42 |
+ :data url))))))) |
|
43 |
+ :new-window-callback |
|
44 |
+ (lambda (pane url &key &allow-other-keys) |
|
45 |
+ (capi:apply-in-pane-process-if-alive |
|
46 |
+ pane 'capi:browser-pane-navigate pane url) |
|
47 |
+ nil) |
|
48 |
+ )) |
|
49 |
+ (browser-interface (make-instance 'capi:row-layout |
|
50 |
+ :description (list history browser)))) |
|
51 |
+ (capi:contain browser-interface |
|
52 |
+ :title "Management Console" |
|
53 |
+ :best-width 1280 |
|
54 |
+ :best-height 800))) |
... | ... |
@@ -17,7 +17,10 @@ |
17 | 17 |
(aws/sts:assume-role :role-arn role-arn |
18 | 18 |
:role-session-name (session-name) |
19 | 19 |
:serial-number mfa-serial-number |
20 |
- :duration-seconds #.(* 12 60 60) |
|
20 |
+ :duration-seconds (if (eql (mfa-tool.aws-utils:session-duration role) |
|
21 |
+ :max) |
|
22 |
+ #.(* 12 60 60) |
|
23 |
+ (mfa-tool.aws-utils:session-duration role)) |
|
21 | 24 |
:token-code token)) |
22 | 25 |
(change-mfa-token (new-token) |
23 | 26 |
:interactive read-new-mfa-token |
... | ... |
@@ -11,10 +11,12 @@ |
11 | 11 |
|
12 | 12 |
(defun current-account (interface) |
13 | 13 |
(cdr (capi:choice-selected-item (account-selector interface)))) |
14 |
+(defun current-role (interface) |
|
15 |
+ (capi:choice-selected-item (role-selector interface))) |
|
14 | 16 |
|
15 | 17 |
(defun credentials-for-account (interface account) |
16 |
- (gethash account |
|
17 |
- (assumed-credentials interface))) |
|
18 |
+ (gethash account |
|
19 |
+ (assumed-credentials interface))) |
|
18 | 20 |
(defun (setf credentials-for-account) (new-credentials interface account) |
19 | 21 |
(setf (gethash account |
20 | 22 |
(assumed-credentials interface)) |
... | ... |
@@ -69,7 +71,9 @@ |
69 | 71 |
(change-mfa-token new-code)) |
70 | 72 |
(capi:abort-callback))))))) |
71 | 73 |
(authenticate user-name |
72 |
- (cj-developer-role account) |
|
74 |
+ (ecase (current-role interface) |
|
75 |
+ (:|Developer Role| (cj-developer-role account)) |
|
76 |
+ (:|Provisioner Role| (cj-provisioner-role account))) |
|
73 | 77 |
token)) |
74 | 78 |
(with-open-file (stream (make-pathname :name "" |
75 | 79 |
:type "cj-aws" |
... | ... |
@@ -1,15 +1,18 @@ |
1 | 1 |
(defpackage :mfa-tool.aws-utils |
2 | 2 |
(:use :cl) |
3 | 3 |
(:export #:cj-organization-role |
4 |
+ #:cj-provisioner-role |
|
4 | 5 |
#:cj-developer-role |
5 | 6 |
#:arn-for |
6 |
- #:cj-organization-role-arn)) |
|
7 |
+ #:cj-organization-role-arn |
|
8 |
+ #:session-duration)) |
|
7 | 9 |
|
8 | 10 |
(defpackage :mfa-tool |
9 | 11 |
(:use :cl) |
10 | 12 |
(:import-from :mfa-tool.aws-utils |
11 | 13 |
#:cj-organization-role-arn |
12 | 14 |
#:cj-developer-role |
15 |
+ #:cj-provisioner-role |
|
13 | 16 |
#:arn-for) |
14 | 17 |
(:export :main |
15 | 18 |
:url |