diff --git a/cmd/add_profile.go b/cmd/add_profile.go index 0248b7d..ff38fde 100644 --- a/cmd/add_profile.go +++ b/cmd/add_profile.go @@ -22,6 +22,8 @@ func AddProfileInitFlags(flag *pflag.FlagSet) { flag.String(AWSProfileFlag, "", "The AWS profile used to get the source_profile and mfa_serial attributes") flag.String(AWSRegionFlag, endpoints.UsWest2RegionID, "The AWS region") flag.String(IAMRoleFlag, "", "The IAM role name assigned to the user being setup") + flag.String(SourceProfileFlag, "", "The source_profile to use which overrides the one from the AWS profile being used") + flag.String(MfaSerialFlag, "", "The mfa_serial to use which overrides the one from the AWS profile being used") flag.String(OutputFlag, "json", "The AWS CLI output format") // Verbose @@ -49,6 +51,15 @@ func AddProfileCheckConfig(v *viper.Viper) error { return fmt.Errorf("IAM Role check failed: %w", err) } + awsProfile := v.GetString(AWSProfileFlag) + sourceProfile := v.GetString(SourceProfileFlag) + mfaSerial := v.GetString(MfaSerialFlag) + if len(awsProfile) == 0 { + if len(sourceProfile) == 0 || len(mfaSerial) == 0 { + return fmt.Errorf("No %q was provided. Must provide either %q or both %q and %q flags", AWSProfileFlag, AWSProfileFlag, SourceProfileFlag, MfaSerialFlag) + } + } + if err := checkOutput(v); err != nil { return fmt.Errorf("Output check failed: %w", err) } @@ -84,20 +95,29 @@ func (apc *AddProfileConfig) AddProfile() error { return fmt.Errorf("unable to load aws config file: %w", err) } - roleProfileSection := iniFile.Section(fmt.Sprintf("profile %s", apc.AWSProfileName)) - // Get the source profile - sourceProfileKey, err := roleProfileSection.GetKey("source_profile") - if err != nil { - return fmt.Errorf("Unable to get source profile from %q: %w", apc.AWSProfileName, err) - } - apc.BaseProfileName = sourceProfileKey.String() + // Pull profile details from existing AWS profile provided by user + if len(apc.AWSProfileName) != 0 { - // Get the MFA Serial - mfaSerialKey, err := roleProfileSection.GetKey("mfa_serial") - if err != nil { - return err + roleProfileSection := iniFile.Section(fmt.Sprintf("profile %s", apc.AWSProfileName)) + + // Get the source profile + if len(apc.BaseProfileName) == 0 { + sourceProfileKey, err := roleProfileSection.GetKey("source_profile") + if err != nil { + return fmt.Errorf("Unable to get source_profile from %q: %w", apc.AWSProfileName, err) + } + apc.BaseProfileName = sourceProfileKey.String() + } + + // Get the MFA Serial + if len(apc.MFASerial) == 0 { + mfaSerialKey, err := roleProfileSection.GetKey("mfa_serial") + if err != nil { + return fmt.Errorf("Unable to get mfa_serial from %q: %w", apc.AWSProfileName, err) + } + apc.MFASerial = mfaSerialKey.String() + } } - apc.MFASerial = mfaSerialKey.String() // Add each of the remaining profiles for _, profileAccount := range apc.AWSProfileAccounts { @@ -175,6 +195,8 @@ func addProfileFunction(cmd *cobra.Command, args []string) error { awsProfileAccount := v.GetStringSlice(AWSProfileAccountFlag) awsProfile := v.GetString(AWSProfileFlag) iamRole := v.GetString(IAMRoleFlag) + sourceProfile := v.GetString(SourceProfileFlag) + mfaSerial := v.GetString(MfaSerialFlag) output := v.GetString(OutputFlag) // initialize things @@ -203,7 +225,9 @@ func addProfileFunction(cmd *cobra.Command, args []string) error { // Profiles addProfileConfig.AWSProfileAccounts = awsProfileAccount + addProfileConfig.BaseProfileName = sourceProfile addProfileConfig.AWSProfileName = awsProfile + addProfileConfig.MFASerial = mfaSerial if err := addProfileConfig.Run(); err != nil { logger.Fatal(err) diff --git a/cmd/cli.go b/cmd/cli.go index f94c804..23c420f 100644 --- a/cmd/cli.go +++ b/cmd/cli.go @@ -30,6 +30,11 @@ const ( // IAMRoleFlag is the IAM Role name Flag IAMRoleFlag string = "iam-role" + // SourceProfileFlag is the Source Profile Flag + SourceProfileFlag string = "source-profile" + // MfaSerialFlag is the MFA Serial Flag + MfaSerialFlag string = "mfa-serial" + // OutputFlag is the Output Flag OutputFlag string = "output"