85 lines
2.7 KiB
EmacsLisp
85 lines
2.7 KiB
EmacsLisp
;;; aws.el --- Some shortcuts for working with AWS -*- lexical-binding: t -*-
|
|
|
|
;; This file is not part of GNU Emacs
|
|
|
|
;; This program is free software: you can redistribute it and/or modify
|
|
;; it under the terms of the GNU General Public License as published by
|
|
;; the Free Software Foundation, either version 3 of the License, or
|
|
;; (at your option) any later version.
|
|
|
|
;; This program is distributed in the hope that it will be useful,
|
|
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
;; GNU General Public License for more details.
|
|
|
|
;; You should have received a copy of the GNU General Public License
|
|
;; along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
|
|
;;; Commentary:
|
|
|
|
;; commentary
|
|
|
|
;;; Code:
|
|
|
|
(defcustom aws-cli-auth-provider "saml2aws"
|
|
"The command that provides AWS authentication."
|
|
:type 'string
|
|
:group 'aws
|
|
:group 'theurgy)
|
|
|
|
(defcustom aws-roles '()
|
|
"List of strings of each possible AWS role completion for `aws-sign-in'."
|
|
:type '(repeat string)
|
|
:group 'aws
|
|
:group 'theurgy)
|
|
|
|
(defcustom aws-auto-reauth nil
|
|
"If nil, do not reauth. Otherwise it should be a number, the number of minutes on the reauth timer."
|
|
:type 'integer
|
|
:group 'aws
|
|
:group 'theurgy)
|
|
|
|
(defvar aws-reauth-timer nil
|
|
"The reauth timer, if created.")
|
|
|
|
(defun aws--login (role)
|
|
"Internal login function --- handles the command as a process, and prompts for MFA."
|
|
(let* ((process-name (format "%s-%s" aws-cli-auth-provider (replace-regexp-in-string "[/:]" "-" role)))
|
|
(buffer (get-buffer-create (format "*%s*" process-name)))
|
|
(prompt-regexp (rx (or "Enter verification code")))
|
|
(prompt-sent nil))
|
|
(with-current-buffer buffer
|
|
(erase-buffer))
|
|
|
|
(make-process
|
|
:name process-name
|
|
:buffer buffer
|
|
:command (list aws-cli-auth-provider "login" "--force" "--skip-prompt" "--role" role)
|
|
:filter
|
|
(lambda (proc output)
|
|
(with-current-buffer (process-buffer proc)
|
|
(goto-char (point-max))
|
|
(insert output)
|
|
|
|
(unless prompt-sent
|
|
(let ((buffer-contents (buffer-string)))
|
|
(when (string-match-p prompt-regexp buffer-contents)
|
|
(setq prompt-sent t)
|
|
(let ((token (read-passwd "MFA token: ")))
|
|
(process-send-string proc (concat token "\n")))))))))))
|
|
|
|
(defun aws-sign-in ()
|
|
"Sign in with AWS."
|
|
(interactive)
|
|
(let* ((role (completing-read "AWS Role: " aws-roles))
|
|
(auth-fn (lambda ()
|
|
(message (concat "Authenticating with " role " via " aws-cli-auth-provider))
|
|
(aws--login role))))
|
|
(funcall auth-fn)
|
|
(when aws-auto-reauth
|
|
(setq aws-reauth-timer (run-at-time t (* 60 aws-auto-reauth) auth-fn)))))
|
|
|
|
(provide 'aws)
|
|
|
|
;;; aws.el ends here
|