forked from leandrosalo/aws-sso-creds-tool
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.js
116 lines (104 loc) · 3.27 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#!/usr/bin/env node
import {
awsCredentialsPath,
useAccountId,
defaultSection,
sso_accounts,
} from "./params.js";
import ConfigParser from "configparser";
import {
getAccountRoleCredentials,
getAccountRoles,
getAccounts,
getAccessToken,
authorizeDevice,
registerClient,
} from "./aws.js";
import { error } from "./util.js";
const config = new ConfigParser();
async function pollForAccessToken(
clientId,
clientSecret,
deviceCode,
userCode
) {
return getAccessToken(clientId, clientSecret, deviceCode, userCode).catch(
(error) => {
if (error.name === "AuthorizationPendingException") {
return new Promise((resolve) => {
setTimeout(
() =>
pollForAccessToken(
clientId,
clientSecret,
deviceCode,
userCode
).then(resolve),
1000
);
});
}
console.error(error);
}
);
}
const updateCredentials = async () => {
// search for credentials file first, default: ~/.aws/credentials
try {
await config.readAsync(awsCredentialsPath);
} catch (e) {
error("cannot open file: " + awsCredentialsPath);
}
// start authentication flow
const { clientId, clientSecret } = await registerClient();
// needs to the user to be fully logged in
const { deviceCode, userCode } = await authorizeDevice(
clientId,
clientSecret
);
// const { accessToken } = await getAccessToken(clientId, clientSecret, deviceCode, userCode);
const { accessToken } = await pollForAccessToken(
clientId,
clientSecret,
deviceCode,
userCode
);
const { accountList } = await getAccounts(accessToken);
for (const { accountId, accountName } of accountList) {
const { roleList } = await getAccountRoles(accessToken, accountId);
for (const { roleName } of roleList) {
if (sso_accounts.includes(accountName)) {
const { accessKeyId, secretAccessKey, sessionToken } =
await getAccountRoleCredentials(accessToken, accountId, roleName);
// default format is [account-name_AWSRoleName]
const account_section_name = useAccountId
? accountId + "_" + roleName
: accountName + "_" + roleName;
!config.sections().includes(account_section_name)
? config.addSection(account_section_name)
: "";
config.set(account_section_name, "aws_access_key_id", accessKeyId);
config.set(
account_section_name,
"aws_secret_access_key",
secretAccessKey
);
config.set(account_section_name, "aws_session_token", sessionToken);
console.log(config.items(account_section_name));
if (account_section_name === defaultSection) {
const default_section = "default";
!config.sections().includes(default_section)
? config.addSection(default_section)
: "";
config.set(default_section, "aws_access_key_id", accessKeyId);
config.set(default_section, "aws_secret_access_key", secretAccessKey);
config.set(default_section, "aws_session_token", sessionToken);
}
}
}
}
// saves changes into credentials file
config.write(awsCredentialsPath);
console.log("credentials updated");
};
updateCredentials();