Feature/multi path (#10)

* add multi-path cartogram support

* adjust role formatting

* update the things

* fix typo

* functional multipathing

* fix linting

* support custom lookup

* all passthrough Store

* support optional fallback

* re-add dead-end check

* profile inversion

* fix cops

* add check

* check rather than lookup

* properly filter paths

* use slices for role/profile selection

* clean up file

* fix cops

* fix cops for real

* fix line length

Author: akerl-unpriv

cartogram/account.go

@@ -1,27 +1,29 @@
 package cartogram
 
-import (
-	"fmt"
-	"sort"
-
-	"github.com/akerl/voyager/prompt"
-)
-
 // AccountSet is a set of accounts
 type AccountSet []Account
 
 // Account defines the spec for a role assumption target
 type Account struct {
-	Account string          `json:"account"`
-	Region  string          `json:"region"`
-	Source  string          `json:"source"`
-	Roles   map[string]Role `json:"roles"`
-	Tags    Tags            `json:"tags"`
+	Account string  `json:"account"`
+	Region  string  `json:"region"`
+	Roles   RoleSet `json:"roles"`
+	Tags    Tags    `json:"tags"`
 }
 
+// RoleSet is a list of Roles
+type RoleSet []Role
+
 // Role holds information about authenticating to a role
 type Role struct {
-	Mfa bool `json:"mfa"`
+	Name    string   `json:"name"`
+	Mfa     bool     `json:"mfa"`
+	Sources []Source `json:"sources"`
+}
+
+// Source defines the previous hop for accessing a role
+type Source struct {
+	Path string `json:"path"`
 }
 
 // Lookup finds an account in a Cartogram based on its ID
@@ -45,40 +47,12 @@ func (as AccountSet) Search(tfs TagFilterSet) AccountSet {
 	return results
 }
 
-// PickRole returns a role from the account
-func (a Account) PickRole(roleName string) (string, error) {
-	return a.PickRoleWithPrompt(roleName, prompt.WithDefault)
-}
-
-// PickRoleWithPrompt returns a role from the account with a custom prompt
-func (a Account) PickRoleWithPrompt(roleName string, pf prompt.Func) (string, error) {
-	if roleName != "" {
-		if _, ok := a.Roles[roleName]; !ok {
-			return "", fmt.Errorf("provided role not present in account")
+// Lookup searches for a role by name
+func (rs RoleSet) Lookup(name string) (bool, Role) {
+	for _, r := range rs {
+		if r.Name == name {
+			return true, r
 		}
-		return roleName, nil
 	}
-	roleNames := []string{}
-	for k := range a.Roles {
-		roleNames = append(roleNames, k)
-	}
-	if len(roleNames) == 1 {
-		return roleNames[0], nil
-	}
-	sort.Strings(roleNames)
-	roleSlices := [][]string{}
-	for _, k := range roleNames {
-		roleSlices = append(roleSlices, []string{k})
-	}
-
-	pa := prompt.Args{
-		Message: "Desired Role:",
-		Options: roleSlices,
-	}
-	index, err := pf(pa)
-	if err != nil {
-		return "", err
-	}
-
-	return roleNames[index], nil
+	return false, Role{}
 }

cartogram/main.go

@@ -8,7 +8,7 @@ import (
 
 const (
 	configName  = ".cartograms"
-	specVersion = 1
+	specVersion = 2
 )
 
 func configDir() (string, error) {

cmd/travel.go

@@ -17,7 +17,8 @@ var travelCmd = &cobra.Command{
 
 func init() {
 	rootCmd.AddCommand(travelCmd)
-	travelCmd.Flags().StringP("role", "r", "", "Choose role to use")
+	travelCmd.Flags().StringP("role", "r", "", "Choose target role to use")
+	travelCmd.Flags().String("profile", "", "Choose source profile to use")
 	travelCmd.Flags().StringP("prompt", "p", "", "Choose prompt to use")
 	travelCmd.Flags().BoolP("yubikey", "y", false, "Use Yubikey for MFA")
 }
@@ -30,6 +31,11 @@ func travelRunner(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	flagProfile, err := flags.GetString("profile")
+	if err != nil {
+		return err
+	}
+
 	promptFlag, err := flags.GetString("prompt")
 	if err != nil {
 		return err
@@ -45,16 +51,17 @@ func travelRunner(cmd *cobra.Command, args []string) error {
 	}
 
 	i := travel.Itinerary{
-		Args:     args,
-		RoleName: flagRole,
-		Prompt:   promptFunc,
+		Args:        args,
+		RoleName:    []string{flagRole},
+		ProfileName: []string{flagProfile},
+		Prompt:      promptFunc,
 	}
 
 	if useYubikey {
 		i.MfaPrompt = yubikey.NewPrompt()
 	}
 
-	creds, err := travel.Travel(i)
+	creds, err := i.Travel()
 	if err != nil {
 		return err
 	}

go.sum

@@ -35,6 +35,7 @@ github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/keybase/go-keychain v0.0.0-20190604185112-cc436cc9fe98 h1:CIcvKEAP7i7v/SWSwzAvq1ATWWs4+J/ezHqZT116+JA=
 github.com/keybase/go-keychain v0.0.0-20190604185112-cc436cc9fe98/go.mod h1:JJNrCn9otv/2QP4D7SMJBgaleKpOf66PnW6F5WGNRIc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=

profiles/keyring.go

@@ -0,0 +1,109 @@
+package profiles
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/99designs/keyring"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+)
+
+// KeyringStore fetches credentials from the system keyring
+type KeyringStore struct {
+	Name string
+}
+
+// Lookup checks the keyring for credentials
+func (k *KeyringStore) Lookup(profile string) (credentials.Value, error) {
+	ring, err := k.keyring()
+	if err != nil {
+		return credentials.Value{}, err
+	}
+	itemName := k.itemName(profile)
+	logger.InfoMsg(fmt.Sprintf("looking up in keyring: %s", itemName))
+	item, err := ring.Get(itemName)
+	if err != nil {
+		return credentials.Value{}, err
+	}
+	return k.parseItem(item)
+}
+
+// Write caches the credentials for the user
+func (k *KeyringStore) Write(profile string, creds credentials.Value) error {
+	is := itemStruct{EnvVars: map[string]string{
+		"AWS_ACCESS_KEY_ID":     creds.AccessKeyID,
+		"AWS_SECRET_ACCESS_KEY": creds.SecretAccessKey,
+	}}
+	data, err := json.Marshal(is)
+	if err != nil {
+		return err
+	}
+	logger.InfoMsg("storing profile in keyring")
+	ring, err := k.keyring()
+	if err != nil {
+		return err
+	}
+	itemName := k.itemName(profile)
+	return ring.Set(keyring.Item{
+		Key:   itemName,
+		Label: itemName,
+		Data:  data,
+	})
+}
+
+// Check returns if the credentials are cached in the keyring
+func (k *KeyringStore) Check(profile string) bool {
+	res, _ := k.Lookup(profile)
+	return res.AccessKeyID != ""
+}
+
+func (k *KeyringStore) config() keyring.Config {
+	return keyring.Config{
+		AllowedBackends: []keyring.BackendType{
+			"keychain",
+			"wincred",
+			"file",
+		},
+		KeychainName:             "login",
+		KeychainTrustApplication: true,
+		FilePasswordFunc:         filePasswordShim,
+		FileDir:                  "~/.voyager/" + k.getName(),
+		ServiceName:              "voyager:" + k.getName(),
+	}
+}
+
+func (k *KeyringStore) getName() string {
+	if k.Name == "" {
+		logger.InfoMsg(fmt.Sprintf("set keyring store to default"))
+		k.Name = "default"
+	}
+	return k.Name
+}
+
+type itemStruct struct {
+	EnvVars map[string]string
+}
+
+func (k *KeyringStore) parseItem(item keyring.Item) (credentials.Value, error) {
+	is := itemStruct{}
+	err := json.Unmarshal(item.Data, &is)
+	if err != nil {
+		return credentials.Value{}, err
+	}
+	return credentials.Value{
+		AccessKeyID:     is.EnvVars["AWS_ACCESS_KEY_ID"],
+		SecretAccessKey: is.EnvVars["AWS_SECRET_ACCESS_KEY"],
+	}, nil
+}
+
+func (k *KeyringStore) itemName(profile string) string {
+	return fmt.Sprintf("voyager:%s:profile:%s", k.getName(), profile)
+}
+
+func (k *KeyringStore) keyring() (keyring.Keyring, error) {
+	return keyring.Open(k.config())
+}
+
+func filePasswordShim(_ string) (string, error) {
+	return "", nil
+}