Skip to content

Hackathon project #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
107 changes: 103 additions & 4 deletions plugins/aws/access_key.go → credentials/access_key.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,17 @@
package aws
package credentials

import (
"context"
"fmt"
"math/rand"
"strconv"
"time"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/iam"

"os"
"strings"

Expand Down Expand Up @@ -62,7 +72,7 @@ func AccessKey() schema.CredentialType {
},
DefaultProvisioner: AWSProvisioner(),
Importer: importer.TryAll(
importer.TryEnvVarPair(defaultEnvVarMapping),
importer.TryEnvVarPair(DefaultEnvVarMapping),
importer.TryEnvVarPair(map[string]sdk.FieldName{
"AMAZON_ACCESS_KEY_ID": fieldname.AccessKeyID,
"AMAZON_SECRET_ACCESS_KEY": fieldname.SecretAccessKey,
Expand All @@ -80,10 +90,99 @@ func AccessKey() schema.CredentialType {
}),
TryCredentialsFile(),
),
KeyGenerator: func(ctx context.Context, in sdk.ProvisionInput, out *sdk.ProvisionOutput) (map[sdk.FieldName]string, error) {
sess, err := session.NewSession(&aws.Config{
Credentials: credentials.NewStaticCredentials(in.ItemFields[fieldname.AccessKeyID], in.ItemFields[fieldname.SecretAccessKey], ""),
Region: aws.String("us-west-2"),
})
if err != nil {
return nil, err
}

client := iam.New(sess)

s1 := rand.NewSource(time.Now().UnixNano())
newUsername := fmt.Sprintf("1Password_%d", rand.New(s1).Int63())
_, err = client.CreateUser(&iam.CreateUserInput{
UserName: &newUsername,
})
if err != nil {
return nil, err
}
groupName := "developers"
client.AddUserToGroup(&iam.AddUserToGroupInput{
UserName: &newUsername,
GroupName: &groupName,
})

fmt.Printf("Successfully created %s user.\n", newUsername)

key, err := client.CreateAccessKey(&iam.CreateAccessKeyInput{UserName: &newUsername})
if err != nil {
return nil, err
}

fmt.Printf("Successfully created %s access key.\n", *key.AccessKey.AccessKeyId)

err = out.Cache.Put("user", newUsername, time.Now().Add(10*time.Hour))
if err != nil {
return nil, err
}

err = out.Cache.Put("keyid", *key.AccessKey.AccessKeyId, time.Now().Add(10*time.Hour))
if err != nil {
return nil, err
}

newCreds := map[sdk.FieldName]string{
fieldname.AccessKeyID: *key.AccessKey.AccessKeyId,
fieldname.SecretAccessKey: *key.AccessKey.SecretAccessKey,
}

return newCreds, nil
},
KeyRemover: func(ctx context.Context, in sdk.ProvisionInput) error {
sess, err := session.NewSession(&aws.Config{
Credentials: credentials.NewStaticCredentials(in.ItemFields[fieldname.AccessKeyID], in.ItemFields[fieldname.SecretAccessKey], ""),
})
if err != nil {
return err
}

client := iam.New(sess)

keyIDEntry := in.Cache["keyid"]
keyID, _ := strconv.Unquote(string(keyIDEntry.Data))

userEntry := in.Cache["user"]
user, _ := strconv.Unquote(string(userEntry.Data))

_, err = client.DeleteAccessKey(&iam.DeleteAccessKeyInput{AccessKeyId: &keyID, UserName: &user})
if err != nil {
return err
}
groupName := "developers"
client.RemoveUserFromGroup(&iam.RemoveUserFromGroupInput{
UserName: &user,
GroupName: &groupName,
})

fmt.Printf("Successfully deleted %s access key.\n", keyID)

_, err = client.DeleteUser(&iam.DeleteUserInput{
UserName: &user,
})
if err != nil {
return err
}

fmt.Printf("Successfully deleted %s user.\n", user)
return nil
},
}
}

var defaultEnvVarMapping = map[string]sdk.FieldName{
var DefaultEnvVarMapping = map[string]sdk.FieldName{
"AWS_ACCESS_KEY_ID": fieldname.AccessKeyID,
"AWS_SECRET_ACCESS_KEY": fieldname.SecretAccessKey,
"AWS_DEFAULT_REGION": fieldname.DefaultRegion,
Expand Down Expand Up @@ -132,7 +231,7 @@ func TryCredentialsFile() sdk.Importer {

// read profile configuration from config file
if configFile != nil {
configSection := getConfigSectionByProfile(configFile, profileName)
configSection := GetConfigSectionByProfile(configFile, profileName)
if configSection != nil {
if configSection.HasKey("region") && configSection.Key("region").Value() != "" {
fields[fieldname.DefaultRegion] = configSection.Key("region").Value()
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package aws
package credentials

import (
"testing"
Expand Down
4 changes: 2 additions & 2 deletions plugins/aws/provisioner.go → credentials/provisioner.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package aws
package credentials

import (
"context"
Expand All @@ -16,7 +16,7 @@ type awsProvisioner struct {
func AWSProvisioner() sdk.Provisioner {
return awsProvisioner{
envVarProvisioner: provision.EnvVarProvisioner{
Schema: defaultEnvVarMapping,
Schema: DefaultEnvVarMapping,
},
}
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package aws
package credentials

import (
"context"
Expand Down
4 changes: 2 additions & 2 deletions plugins/aws/utils.go → credentials/utils.go
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
package aws
package credentials

import (
"fmt"

"gopkg.in/ini.v1"
)

func getConfigSectionByProfile(configFile *ini.File, profileName string) *ini.Section {
func GetConfigSectionByProfile(configFile *ini.File, profileName string) *ini.Section {
for _, section := range configFile.Sections() {
if profileName == "default" && section.Name() == "default" {
return section
Expand Down
33 changes: 26 additions & 7 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,39 +3,58 @@ module github.com/1Password/shell-plugins
go 1.18

require (
cloud.google.com/go/storage v1.27.0
github.com/AlecAivazis/survey/v2 v2.3.6
github.com/BurntSushi/toml v1.2.1
github.com/aws/aws-sdk-go v1.44.159
github.com/aws/aws-sdk-go-v2 v1.17.1
github.com/aws/aws-sdk-go-v2/credentials v1.12.23
github.com/aws/aws-sdk-go-v2/service/sts v1.17.1
github.com/fatih/color v1.13.0
github.com/go-sql-driver/mysql v1.7.0
github.com/hashicorp/go-plugin v1.4.6
github.com/stretchr/testify v1.8.1
google.golang.org/api v0.102.0
gopkg.in/ini.v1 v1.67.0
gopkg.in/yaml.v2 v2.4.0
)

require (
cloud.google.com/go v0.107.0 // indirect
cloud.google.com/go/compute v1.12.1 // indirect
cloud.google.com/go/compute/metadata v0.2.1 // indirect
cloud.google.com/go/iam v0.6.0 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.25 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.19 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.19 // indirect
github.com/aws/smithy-go v1.13.4 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/golang/protobuf v1.3.4 // indirect
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
github.com/googleapis/gax-go/v2 v2.7.0 // indirect
github.com/hashicorp/go-hclog v0.14.1 // indirect
github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
github.com/mattn/go-colorable v0.1.9 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77 // indirect
github.com/oklog/run v1.0.0 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
golang.org/x/net v0.0.0-20190311183353-d8887717615a // indirect
golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 // indirect
golang.org/x/term v0.0.0-20210503060354-a79de5458b56 // indirect
golang.org/x/text v0.3.3 // indirect
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 // indirect
google.golang.org/grpc v1.27.1 // indirect
go.opencensus.io v0.24.0 // indirect
golang.org/x/net v0.1.0 // indirect
golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 // indirect
golang.org/x/sys v0.1.0 // indirect
golang.org/x/term v0.1.0 // indirect
golang.org/x/text v0.4.0 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c // indirect
google.golang.org/grpc v1.50.1 // indirect
google.golang.org/protobuf v1.28.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
Loading