ag-awsauth 0.0.2 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config.d.ts +6 -3
- package/dist/config.js +18 -9
- package/dist/direct.js +0 -2
- package/dist/helpers/browser.js +2 -1
- package/dist/helpers/input.js +18 -9
- package/dist/helpers/oidc.js +1 -1
- package/dist/helpers/sso.js +7 -7
- package/dist/index.d.ts +1 -0
- package/dist/index.js +20 -11
- package/package.json +9 -9
package/dist/config.d.ts
CHANGED
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
export declare const logPath = "log.txt";
|
|
2
2
|
export declare const stsDurationSeconds: number;
|
|
3
3
|
export declare const nativeStsDurationSeconds: number;
|
|
4
|
-
export declare
|
|
5
|
-
export declare const
|
|
6
|
-
export declare
|
|
4
|
+
export declare let basePath: string;
|
|
5
|
+
export declare const setBasePath: (bp: string) => void;
|
|
6
|
+
export declare let identityCenterRegion: string;
|
|
7
|
+
export declare let ssoStartUrl: string;
|
|
8
|
+
export declare let targetRegion: string;
|
|
7
9
|
export declare const validateConfig: () => boolean;
|
|
10
|
+
export declare const setConfig: () => void;
|
|
8
11
|
export declare const runConfig: () => void;
|
package/dist/config.js
CHANGED
|
@@ -3,28 +3,37 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.runConfig = exports.validateConfig = exports.targetRegion = exports.ssoStartUrl = exports.identityCenterRegion = exports.nativeStsDurationSeconds = exports.stsDurationSeconds = exports.logPath = void 0;
|
|
6
|
+
exports.runConfig = exports.setConfig = exports.validateConfig = exports.targetRegion = exports.ssoStartUrl = exports.identityCenterRegion = exports.setBasePath = exports.basePath = exports.nativeStsDurationSeconds = exports.stsDurationSeconds = exports.logPath = void 0;
|
|
7
7
|
const envfile_1 = require("envfile");
|
|
8
8
|
const fs_1 = __importDefault(require("fs"));
|
|
9
9
|
const path_1 = __importDefault(require("path"));
|
|
10
10
|
exports.logPath = 'log.txt';
|
|
11
11
|
exports.stsDurationSeconds = 60 * 60 * 4; //4h
|
|
12
12
|
exports.nativeStsDurationSeconds = 60 * 60 * 1; //1h
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
exports.
|
|
13
|
+
exports.basePath = '';
|
|
14
|
+
const setBasePath = (bp) => {
|
|
15
|
+
exports.basePath = bp;
|
|
16
|
+
};
|
|
17
|
+
exports.setBasePath = setBasePath;
|
|
18
|
+
exports.identityCenterRegion = '';
|
|
19
|
+
exports.ssoStartUrl = '';
|
|
20
|
+
exports.targetRegion = '';
|
|
19
21
|
const validateConfig = () => {
|
|
20
|
-
|
|
22
|
+
(0, exports.setConfig)();
|
|
23
|
+
if (!exports.identityCenterRegion || !exports.ssoStartUrl || !exports.targetRegion) {
|
|
21
24
|
return false;
|
|
22
25
|
}
|
|
23
26
|
return true;
|
|
24
27
|
};
|
|
25
28
|
exports.validateConfig = validateConfig;
|
|
29
|
+
const setConfig = () => {
|
|
30
|
+
exports.identityCenterRegion = process.env.identityCenterRegion;
|
|
31
|
+
exports.ssoStartUrl = process.env.ssoStartUrl;
|
|
32
|
+
exports.targetRegion = process.env.targetRegion;
|
|
33
|
+
};
|
|
34
|
+
exports.setConfig = setConfig;
|
|
26
35
|
const runConfig = () => {
|
|
27
|
-
const pn = path_1.default.resolve(
|
|
36
|
+
const pn = path_1.default.resolve(exports.basePath + '/.env');
|
|
28
37
|
if (!fs_1.default.existsSync(pn)) {
|
|
29
38
|
fs_1.default.writeFileSync(pn, '');
|
|
30
39
|
}
|
package/dist/direct.js
CHANGED
package/dist/helpers/browser.js
CHANGED
|
@@ -13,6 +13,7 @@ exports.getMFA = exports.goToPage = exports.launchBrowser = exports.closeBrowser
|
|
|
13
13
|
const log_1 = require("ag-common/dist/common/helpers/log");
|
|
14
14
|
const sleep_1 = require("ag-common/dist/common/helpers/sleep");
|
|
15
15
|
const puppeteer_1 = require("puppeteer");
|
|
16
|
+
const __1 = require("..");
|
|
16
17
|
const input_1 = require("./input");
|
|
17
18
|
let browser;
|
|
18
19
|
const closeBrowser = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -31,7 +32,7 @@ exports.closeBrowser = closeBrowser;
|
|
|
31
32
|
const launchBrowser = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
32
33
|
const opt = {
|
|
33
34
|
defaultViewport: { height: 1000, width: 500 },
|
|
34
|
-
headless:
|
|
35
|
+
headless: !(__1.globalargs === null || __1.globalargs === void 0 ? void 0 : __1.globalargs.verbose),
|
|
35
36
|
ignoreHTTPSErrors: true,
|
|
36
37
|
devtools: false,
|
|
37
38
|
};
|
package/dist/helpers/input.js
CHANGED
|
@@ -52,15 +52,24 @@ function readArguments() {
|
|
|
52
52
|
type: 'string',
|
|
53
53
|
description: 'Will select account that matches passed in string',
|
|
54
54
|
})
|
|
55
|
-
.
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
.
|
|
62
|
-
|
|
63
|
-
|
|
55
|
+
.option('verbose', {
|
|
56
|
+
alias: 'v',
|
|
57
|
+
type: 'boolean',
|
|
58
|
+
description: 'Run with verbose logging',
|
|
59
|
+
default: false,
|
|
60
|
+
})
|
|
61
|
+
.option('wipe', {
|
|
62
|
+
alias: 'w',
|
|
63
|
+
type: 'boolean',
|
|
64
|
+
description: 'Clear previously saved session details and quit',
|
|
65
|
+
default: false,
|
|
66
|
+
})
|
|
67
|
+
.option('config', {
|
|
68
|
+
alias: 'c',
|
|
69
|
+
type: 'boolean',
|
|
70
|
+
description: 'Configure application settings',
|
|
71
|
+
default: false,
|
|
72
|
+
})
|
|
64
73
|
.parse();
|
|
65
74
|
return { applicationfilter, verbose, wipe, config };
|
|
66
75
|
});
|
package/dist/helpers/oidc.js
CHANGED
package/dist/helpers/sso.js
CHANGED
|
@@ -22,7 +22,7 @@ const awsconfig_1 = require("./awsconfig");
|
|
|
22
22
|
const sts_1 = require("./sts");
|
|
23
23
|
const getAssumedRole = (p) => __awaiter(void 0, void 0, void 0, function* () {
|
|
24
24
|
var _a, _b, _c, _d;
|
|
25
|
-
const sso = new client_sso_1.SSOClient({ region:
|
|
25
|
+
const sso = new client_sso_1.SSOClient({ region: config_1.identityCenterRegion });
|
|
26
26
|
let accountId = p.accountId;
|
|
27
27
|
if (!accountId) {
|
|
28
28
|
const accounts = yield sso.send(new client_sso_1.ListAccountsCommand({ accessToken: p.accessToken }));
|
|
@@ -50,7 +50,7 @@ const getAssumedRole = (p) => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
50
50
|
});
|
|
51
51
|
exports.getAssumedRole = getAssumedRole;
|
|
52
52
|
const getOIDCCredentialsFromAccessToken = (p) => __awaiter(void 0, void 0, void 0, function* () {
|
|
53
|
-
const sso = new client_sso_1.SSOClient({ region:
|
|
53
|
+
const sso = new client_sso_1.SSOClient({ region: config_1.identityCenterRegion });
|
|
54
54
|
const role = yield (0, exports.getAssumedRole)({ accessToken: p.accessToken });
|
|
55
55
|
const ssoResp = yield sso.send(new client_sso_1.GetRoleCredentialsCommand(Object.assign(Object.assign({}, role), { accessToken: p.accessToken })));
|
|
56
56
|
const rc = ssoResp.roleCredentials;
|
|
@@ -60,12 +60,12 @@ const getOIDCCredentialsFromAccessToken = (p) => __awaiter(void 0, void 0, void
|
|
|
60
60
|
!(rc === null || rc === void 0 ? void 0 : rc.sessionToken)) {
|
|
61
61
|
throw new Error('role creds undefined:' + JSON.stringify(rc, null, 2));
|
|
62
62
|
}
|
|
63
|
-
return Object.assign(Object.assign({}, p), { accessKeyId: rc.accessKeyId, secretAccessKey: rc.secretAccessKey, sessionToken: rc.sessionToken, region:
|
|
63
|
+
return Object.assign(Object.assign({}, p), { accessKeyId: rc.accessKeyId, secretAccessKey: rc.secretAccessKey, sessionToken: rc.sessionToken, region: config_1.identityCenterRegion });
|
|
64
64
|
});
|
|
65
65
|
exports.getOIDCCredentialsFromAccessToken = getOIDCCredentialsFromAccessToken;
|
|
66
66
|
function appInstances(p) {
|
|
67
67
|
return __awaiter(this, void 0, void 0, function* () {
|
|
68
|
-
const ai = (yield (yield (0, node_fetch_1.default)(`https://portal.sso.${
|
|
68
|
+
const ai = (yield (yield (0, node_fetch_1.default)(`https://portal.sso.${config_1.identityCenterRegion}.amazonaws.com/instance/appinstances`, { headers: { 'x-amz-sso_bearer_token': p.ssoAuthn } })).json());
|
|
69
69
|
if (!(ai === null || ai === void 0 ? void 0 : ai.result)) {
|
|
70
70
|
throw new Error('appinstance error' + JSON.stringify(ai, null, 2));
|
|
71
71
|
}
|
|
@@ -76,7 +76,7 @@ exports.appInstances = appInstances;
|
|
|
76
76
|
function getSamlAssertion(p, instance) {
|
|
77
77
|
var _a, _b;
|
|
78
78
|
return __awaiter(this, void 0, void 0, function* () {
|
|
79
|
-
const det = (yield (yield (0, node_fetch_1.default)(`https://portal.sso.${
|
|
79
|
+
const det = (yield (yield (0, node_fetch_1.default)(`https://portal.sso.${config_1.identityCenterRegion}.amazonaws.com/instance/appinstance/${instance.id}/profiles`, { headers: { 'x-amz-sso_bearer_token': p.ssoAuthn } })).json());
|
|
80
80
|
const asserturl = (_b = (_a = det === null || det === void 0 ? void 0 : det.result) === null || _a === void 0 ? void 0 : _a[0]) === null || _b === void 0 ? void 0 : _b.url;
|
|
81
81
|
if (!asserturl) {
|
|
82
82
|
throw new Error('assertion url cant be found');
|
|
@@ -105,7 +105,7 @@ const tryExistingCredentials = () => __awaiter(void 0, void 0, void 0, function*
|
|
|
105
105
|
sessionToken: credraw.default.aws_session_token,
|
|
106
106
|
accessToken: credraw.default.aws_access_token,
|
|
107
107
|
ssoAuthn: credraw.default.aws_sso_authn,
|
|
108
|
-
region:
|
|
108
|
+
region: config_1.identityCenterRegion,
|
|
109
109
|
};
|
|
110
110
|
const v = yield (0, sts_1.validateCredentials)(credentials);
|
|
111
111
|
if (v) {
|
|
@@ -128,7 +128,7 @@ const tryExistingCredentials = () => __awaiter(void 0, void 0, void 0, function*
|
|
|
128
128
|
return {
|
|
129
129
|
accessToken: '',
|
|
130
130
|
ssoAuthn: '',
|
|
131
|
-
region:
|
|
131
|
+
region: config_1.identityCenterRegion,
|
|
132
132
|
accessKeyId: '',
|
|
133
133
|
secretAccessKey: '',
|
|
134
134
|
sessionToken: '',
|
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
|
@@ -12,23 +12,31 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
12
12
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
13
|
};
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
-
exports.run = exports.main = void 0;
|
|
15
|
+
exports.run = exports.main = exports.globalargs = void 0;
|
|
16
16
|
/* eslint-disable padding-line-between-statements */
|
|
17
17
|
const log_1 = require("ag-common/dist/common/helpers/log");
|
|
18
18
|
const dotenv_1 = require("dotenv");
|
|
19
19
|
const fs_1 = __importDefault(require("fs"));
|
|
20
|
+
const path_1 = __importDefault(require("path"));
|
|
20
21
|
const config_1 = require("./config");
|
|
21
22
|
const awsconfig_1 = require("./helpers/awsconfig");
|
|
22
23
|
const input_1 = require("./helpers/input");
|
|
23
24
|
const oidc_1 = require("./helpers/oidc");
|
|
24
25
|
const sso_1 = require("./helpers/sso");
|
|
25
26
|
const sts_1 = require("./helpers/sts");
|
|
26
|
-
(
|
|
27
|
+
if (__dirname.endsWith('dist')) {
|
|
28
|
+
(0, config_1.setBasePath)(path_1.default.resolve(__dirname, '../'));
|
|
29
|
+
}
|
|
30
|
+
else {
|
|
31
|
+
(0, config_1.setBasePath)(__dirname);
|
|
32
|
+
}
|
|
33
|
+
(0, dotenv_1.config)({ path: config_1.basePath + '/.env' });
|
|
27
34
|
// eslint-disable-next-line @typescript-eslint/no-var-requires
|
|
28
35
|
const beep = require('node-beep');
|
|
29
36
|
function main(args) {
|
|
30
37
|
return __awaiter(this, void 0, void 0, function* () {
|
|
31
|
-
|
|
38
|
+
exports.globalargs = args;
|
|
39
|
+
(0, log_1.SetLogLevel)(args.verbose ? 'TRACE' : 'WARN');
|
|
32
40
|
(0, log_1.SetLogShim)((...a1) => {
|
|
33
41
|
// eslint-disable-next-line no-console
|
|
34
42
|
console.log(...a1);
|
|
@@ -44,22 +52,23 @@ function main(args) {
|
|
|
44
52
|
(0, config_1.runConfig)();
|
|
45
53
|
return;
|
|
46
54
|
}
|
|
47
|
-
if (!(0, config_1.validateConfig)()) {
|
|
48
|
-
console.error('please run config (-c)');
|
|
49
|
-
return;
|
|
50
|
-
}
|
|
51
55
|
if (args.wipe) {
|
|
52
56
|
(0, log_1.info)('wiping args');
|
|
53
57
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
54
58
|
yield (0, awsconfig_1.updateAwsCredentials)(undefined);
|
|
55
59
|
return;
|
|
56
60
|
}
|
|
61
|
+
if (!(0, config_1.validateConfig)()) {
|
|
62
|
+
// eslint-disable-next-line no-console
|
|
63
|
+
console.error('please run config (-c)');
|
|
64
|
+
return;
|
|
65
|
+
}
|
|
57
66
|
let credentials = yield (0, sso_1.tryExistingCredentials)();
|
|
58
67
|
if (!(credentials === null || credentials === void 0 ? void 0 : credentials.accessToken) || !(credentials === null || credentials === void 0 ? void 0 : credentials.ssoAuthn)) {
|
|
59
68
|
(0, log_1.info)('no creds, get access token through manual sign in');
|
|
60
69
|
credentials = yield (0, oidc_1.requestMFA)({
|
|
61
|
-
identityCenterRegion:
|
|
62
|
-
ssoStartUrl:
|
|
70
|
+
identityCenterRegion: config_1.identityCenterRegion,
|
|
71
|
+
ssoStartUrl: config_1.ssoStartUrl,
|
|
63
72
|
});
|
|
64
73
|
(0, log_1.info)('get oidc creds');
|
|
65
74
|
credentials = yield (0, sso_1.getOIDCCredentialsFromAccessToken)(credentials);
|
|
@@ -75,7 +84,7 @@ function main(args) {
|
|
|
75
84
|
(0, log_1.info)('account is native aws, directly connecting');
|
|
76
85
|
credentials = yield (0, sts_1.directStsAssume)({
|
|
77
86
|
credentials,
|
|
78
|
-
targetRegion:
|
|
87
|
+
targetRegion: config_1.targetRegion,
|
|
79
88
|
metadata: instance.searchMetadata,
|
|
80
89
|
});
|
|
81
90
|
debugRole = instance.searchMetadata.AccountId;
|
|
@@ -83,7 +92,7 @@ function main(args) {
|
|
|
83
92
|
else {
|
|
84
93
|
(0, log_1.info)('account is external app, getting saml');
|
|
85
94
|
const samlDetails = yield (0, sso_1.getSamlAssertion)(credentials, instance);
|
|
86
|
-
credentials = yield (0, sts_1.getApplicationCreds)(Object.assign(Object.assign({}, samlDetails), { originCreds: credentials, targetRegion:
|
|
95
|
+
credentials = yield (0, sts_1.getApplicationCreds)(Object.assign(Object.assign({}, samlDetails), { originCreds: credentials, targetRegion: config_1.targetRegion }));
|
|
87
96
|
debugRole = samlDetails.roleArn;
|
|
88
97
|
}
|
|
89
98
|
yield (0, awsconfig_1.updateAwsCredentials)(credentials);
|
package/package.json
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
"author": "andrei gec (andreigec@hotmail.com)",
|
|
6
6
|
"license": "ISC",
|
|
7
7
|
"private": false,
|
|
8
|
-
"version": "0.0.
|
|
8
|
+
"version": "0.0.4",
|
|
9
9
|
"preferGlobal": true,
|
|
10
10
|
"bin": {
|
|
11
11
|
"ag-awsauth": "./bin/awsauth.js"
|
|
@@ -17,10 +17,10 @@
|
|
|
17
17
|
"LICENSE.md"
|
|
18
18
|
],
|
|
19
19
|
"dependencies": {
|
|
20
|
-
"@aws-sdk/client-sso": "3.
|
|
21
|
-
"@aws-sdk/client-sso-oidc": "3.
|
|
22
|
-
"@aws-sdk/client-sts": "3.
|
|
23
|
-
"@aws-sdk/shared-ini-file-loader": "3.
|
|
20
|
+
"@aws-sdk/client-sso": "3.272.0",
|
|
21
|
+
"@aws-sdk/client-sso-oidc": "3.272.0",
|
|
22
|
+
"@aws-sdk/client-sts": "3.272.0",
|
|
23
|
+
"@aws-sdk/shared-ini-file-loader": "3.272.0",
|
|
24
24
|
"ag-common": "0.0.412",
|
|
25
25
|
"cli-select": "1.1.2",
|
|
26
26
|
"dotenv": "16.0.3",
|
|
@@ -30,15 +30,15 @@
|
|
|
30
30
|
"ini": "3.0.1",
|
|
31
31
|
"node-beep": "0.0.3",
|
|
32
32
|
"node-fetch": "2.6.9",
|
|
33
|
-
"puppeteer": "19.7.
|
|
33
|
+
"puppeteer": "19.7.1",
|
|
34
34
|
"readline-sync": "1.4.10",
|
|
35
35
|
"ts-node": "10.9.1",
|
|
36
36
|
"typescript": "4.9.5",
|
|
37
|
-
"yargs": "17.
|
|
37
|
+
"yargs": "17.7.0"
|
|
38
38
|
},
|
|
39
39
|
"devDependencies": {
|
|
40
40
|
"@types/ini": "1.3.31",
|
|
41
|
-
"@types/node": "18.
|
|
41
|
+
"@types/node": "18.14.0",
|
|
42
42
|
"@types/node-fetch": "2.6.2",
|
|
43
43
|
"@types/readline-sync": "1.4.4",
|
|
44
44
|
"@types/yargs": "17.0.22"
|
|
@@ -52,7 +52,7 @@
|
|
|
52
52
|
"scripts": {
|
|
53
53
|
"format": "eslint --ext .ts,.tsx ./src --fix",
|
|
54
54
|
"lint": "tsc && eslint --ext .ts,.tsx ./src",
|
|
55
|
-
"start": "
|
|
55
|
+
"start": "tsc && node bin/awsauth.js",
|
|
56
56
|
"build": "tsc"
|
|
57
57
|
}
|
|
58
58
|
}
|