Hackathon project

plugins/aws/access_key.go → credentials/access_key.go

@@ -1,7 +1,17 @@
-package aws
+package credentials
 
 import (
 	"context"
+	"fmt"
+	"math/rand"
+	"strconv"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/iam"
+
 	"os"
 	"strings"
 
@@ -62,7 +72,7 @@ func AccessKey() schema.CredentialType {
 		},
 		DefaultProvisioner: AWSProvisioner(),
 		Importer: importer.TryAll(
-			importer.TryEnvVarPair(defaultEnvVarMapping),
+			importer.TryEnvVarPair(DefaultEnvVarMapping),
 			importer.TryEnvVarPair(map[string]sdk.FieldName{
 				"AMAZON_ACCESS_KEY_ID":     fieldname.AccessKeyID,
 				"AMAZON_SECRET_ACCESS_KEY": fieldname.SecretAccessKey,
@@ -80,10 +90,99 @@ func AccessKey() schema.CredentialType {
 			}),
 			TryCredentialsFile(),
 		),
+		KeyGenerator: func(ctx context.Context, in sdk.ProvisionInput, out *sdk.ProvisionOutput) (map[sdk.FieldName]string, error) {
+			sess, err := session.NewSession(&aws.Config{
+				Credentials: credentials.NewStaticCredentials(in.ItemFields[fieldname.AccessKeyID], in.ItemFields[fieldname.SecretAccessKey], ""),
+				Region:      aws.String("us-west-2"),
+			})
+			if err != nil {
+				return nil, err
+			}
+
+			client := iam.New(sess)
+
+			s1 := rand.NewSource(time.Now().UnixNano())
+			newUsername := fmt.Sprintf("1Password_%d", rand.New(s1).Int63())
+			_, err = client.CreateUser(&iam.CreateUserInput{
+				UserName: &newUsername,
+			})
+			if err != nil {
+				return nil, err
+			}
+			groupName := "developers"
+			client.AddUserToGroup(&iam.AddUserToGroupInput{
+				UserName:  &newUsername,
+				GroupName: &groupName,
+			})
+
+			fmt.Printf("Successfully created %s user.\n", newUsername)
+
+			key, err := client.CreateAccessKey(&iam.CreateAccessKeyInput{UserName: &newUsername})
+			if err != nil {
+				return nil, err
+			}
+
+			fmt.Printf("Successfully created %s access key.\n", *key.AccessKey.AccessKeyId)
+
+			err = out.Cache.Put("user", newUsername, time.Now().Add(10*time.Hour))
+			if err != nil {
+				return nil, err
+			}
+
+			err = out.Cache.Put("keyid", *key.AccessKey.AccessKeyId, time.Now().Add(10*time.Hour))
+			if err != nil {
+				return nil, err
+			}
+
+			newCreds := map[sdk.FieldName]string{
+				fieldname.AccessKeyID:     *key.AccessKey.AccessKeyId,
+				fieldname.SecretAccessKey: *key.AccessKey.SecretAccessKey,
+			}
+
+			return newCreds, nil
+		},
+		KeyRemover: func(ctx context.Context, in sdk.ProvisionInput) error {
+			sess, err := session.NewSession(&aws.Config{
+				Credentials: credentials.NewStaticCredentials(in.ItemFields[fieldname.AccessKeyID], in.ItemFields[fieldname.SecretAccessKey], ""),
+			})
+			if err != nil {
+				return err
+			}
+
+			client := iam.New(sess)
+
+			keyIDEntry := in.Cache["keyid"]
+			keyID, _ := strconv.Unquote(string(keyIDEntry.Data))
+
+			userEntry := in.Cache["user"]
+			user, _ := strconv.Unquote(string(userEntry.Data))
+
+			_, err = client.DeleteAccessKey(&iam.DeleteAccessKeyInput{AccessKeyId: &keyID, UserName: &user})
+			if err != nil {
+				return err
+			}
+			groupName := "developers"
+			client.RemoveUserFromGroup(&iam.RemoveUserFromGroupInput{
+				UserName:  &user,
+				GroupName: &groupName,
+			})
+
+			fmt.Printf("Successfully deleted %s access key.\n", keyID)
+
+			_, err = client.DeleteUser(&iam.DeleteUserInput{
+				UserName: &user,
+			})
+			if err != nil {
+				return err
+			}
+
+			fmt.Printf("Successfully deleted %s user.\n", user)
+			return nil
+		},
 	}
 }
 
-var defaultEnvVarMapping = map[string]sdk.FieldName{
+var DefaultEnvVarMapping = map[string]sdk.FieldName{
 	"AWS_ACCESS_KEY_ID":     fieldname.AccessKeyID,
 	"AWS_SECRET_ACCESS_KEY": fieldname.SecretAccessKey,
 	"AWS_DEFAULT_REGION":    fieldname.DefaultRegion,
@@ -132,7 +231,7 @@ func TryCredentialsFile() sdk.Importer {
 
 			// read profile configuration from config file
 			if configFile != nil {
-				configSection := getConfigSectionByProfile(configFile, profileName)
+				configSection := GetConfigSectionByProfile(configFile, profileName)
 				if configSection != nil {
 					if configSection.HasKey("region") && configSection.Key("region").Value() != "" {
 						fields[fieldname.DefaultRegion] = configSection.Key("region").Value()

plugins/aws/access_key_test.go → credentials/access_key_test.go

@@ -1,4 +1,4 @@
-package aws
+package credentials
 
 import (
 	"testing"

plugins/aws/provisioner.go → credentials/provisioner.go

@@ -1,4 +1,4 @@
-package aws
+package credentials
 
 import (
 	"context"
@@ -16,7 +16,7 @@ type awsProvisioner struct {
 func AWSProvisioner() sdk.Provisioner {
 	return awsProvisioner{
 		envVarProvisioner: provision.EnvVarProvisioner{
-			Schema: defaultEnvVarMapping,
+			Schema: DefaultEnvVarMapping,
 		},
 	}
 }

plugins/aws/sts_provisioner.go → credentials/sts_provisioner.go

@@ -1,4 +1,4 @@
-package aws
+package credentials
 
 import (
 	"context"

plugins/aws/utils.go → credentials/utils.go

@@ -1,12 +1,12 @@
-package aws
+package credentials
 
 import (
 	"fmt"
 
 	"gopkg.in/ini.v1"
 )
 
-func getConfigSectionByProfile(configFile *ini.File, profileName string) *ini.Section {
+func GetConfigSectionByProfile(configFile *ini.File, profileName string) *ini.Section {
 	for _, section := range configFile.Sections() {
 		if profileName == "default" && section.Name() == "default" {
 			return section

go.mod

@@ -3,39 +3,58 @@ module github.com/1Password/shell-plugins
 go 1.18
 
 require (
+	cloud.google.com/go/storage v1.27.0
 	github.com/AlecAivazis/survey/v2 v2.3.6
 	github.com/BurntSushi/toml v1.2.1
+	github.com/aws/aws-sdk-go v1.44.159
 	github.com/aws/aws-sdk-go-v2 v1.17.1
 	github.com/aws/aws-sdk-go-v2/credentials v1.12.23
 	github.com/aws/aws-sdk-go-v2/service/sts v1.17.1
 	github.com/fatih/color v1.13.0
+	github.com/go-sql-driver/mysql v1.7.0
 	github.com/hashicorp/go-plugin v1.4.6
 	github.com/stretchr/testify v1.8.1
+	google.golang.org/api v0.102.0
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/yaml.v2 v2.4.0
 )
 
 require (
+	cloud.google.com/go v0.107.0 // indirect
+	cloud.google.com/go/compute v1.12.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.1 // indirect
+	cloud.google.com/go/iam v0.6.0 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.25 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.19 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.19 // indirect
 	github.com/aws/smithy-go v1.13.4 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/golang/protobuf v1.3.4 // indirect
+	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.7.0 // indirect
 	github.com/hashicorp/go-hclog v0.14.1 // indirect
 	github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/mattn/go-colorable v0.1.9 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
 	github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77 // indirect
 	github.com/oklog/run v1.0.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/net v0.0.0-20190311183353-d8887717615a // indirect
-	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 // indirect
-	golang.org/x/term v0.0.0-20210503060354-a79de5458b56 // indirect
-	golang.org/x/text v0.3.3 // indirect
-	google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 // indirect
-	google.golang.org/grpc v1.27.1 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	golang.org/x/net v0.1.0 // indirect
+	golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 // indirect
+	golang.org/x/sys v0.1.0 // indirect
+	golang.org/x/term v0.1.0 // indirect
+	golang.org/x/text v0.4.0 // indirect
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c // indirect
+	google.golang.org/grpc v1.50.1 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )