Add whoami command (#37)

dadair-ca · web-flow · commit 4c8eb291c1d6 · 2021-12-01T11:12:38.000-07:00
* Add whoami command

* Fix expired or invalid session error log

* Add configured region to whoami command output

* Pad start of whoami output keys

* Move whoami command to new file and reformat output

* Fix lint errors

* Make status an alias for whoami and refactor utils

* Minor adjustment to CHANGELOG

* Minor adjustment to README
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # awsx changelog
 
+## 1.2.0 (October 16, 2021)
+
+- Add `whoami` command
+- Deprecate existing `status` command (made alias for `whoami`)
+
 ## 1.1.3 (October 16, 2021)
 
 - Switch to npm
diff --git a/README.md b/README.md
@@ -78,9 +78,9 @@ If you don't have MFA set up on your AWS account you can enable it by following
 
 #### `awsx remove-assume-role-profile [profile]`
 
-### Checking status of current session
+### Show what AWS account and identity you're using
 
-#### `awsx status`
+#### `awsx whoami` or `awsx status`
 
 ## Contributing
 
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "awsx",
   "description": "AWS CLI profile switcher with MFA support",
-  "version": "1.1.3",
+  "version": "1.2.0",
   "author": "Neo Financial Engineering <engineering@neofinancial.com>",
   "license": "MIT",
   "repository": {
diff --git a/src/app.ts b/src/app.ts
@@ -2,8 +2,6 @@ import inquirer from 'inquirer';
 import chalk from 'chalk';
 import yargs, { Argv } from 'yargs';
 import updateNotifier from 'update-notifier';
-import { STS } from 'aws-sdk';
-import { promisify } from 'util';
 
 import {
   configFileCheck,
@@ -27,9 +25,12 @@ import getTemporaryCredentials, {
 } from './mfa-login';
 import exportEnvironmentVariables from './exporter';
 import pkg from '../package.json';
+import { getCurrentProfile } from './lib/profile';
+import { whoami } from './command/whoami';
 
 const profiles = getProfileNames();
-let currentProfile = process.env.AWS_PROFILE || '';
+
+let currentProfile = getCurrentProfile();
 
 const validateMfaExpiry = (mfaExpiry: number): boolean | string => {
   if (mfaExpiry <= 0) {
@@ -596,30 +597,6 @@ const disableMfa = async (name?: string): Promise<void> => {
   console.log(chalk.green(`Disabled MFA on profile '${profileName}'`));
 };
 
-const timedOutStatusCheck = async (): Promise<void> => {
-  const delay = promisify(setTimeout);
-
-  await delay(1500);
-};
-
-const status = async (): Promise<void> => {
-  const sts = new STS();
-
-  const response = await Promise.race([sts.getCallerIdentity().promise(), timedOutStatusCheck()]);
-
-  if (response) {
-    const role = response.Arn?.split(':')[5];
-    const roleName = role?.split('/')[1];
-
-    console.log(chalk.green(`Role -> ${roleName}`));
-    console.log(chalk.green(`Account -> ${response.Account}`));
-    console.log(chalk.green(`Profile -> ${currentProfile}`));
-  } else {
-    console.log(chalk.red(`Session is expired or invalid`));
-    process.exit();
-  }
-};
-
 const awsx = (): void => {
   try {
     configFileCheck();
@@ -878,13 +855,13 @@ const awsx = (): void => {
       },
     })
     .command({
-      command: 'status',
-      describe: 'Show the status of your current awsx session',
+      command: ['whoami', 'status'],
+      describe: "Show what AWS account and identity you're using",
       handler: async (): Promise<void> => {
         try {
-          await status();
-        } catch {
-          console.log(chalk.red(`Session is expired or invalid`));
+          await whoami();
+        } catch (error) {
+          console.log(chalk.red(error.message));
         }
       },
     })
diff --git a/src/command/whoami.ts b/src/command/whoami.ts
@@ -0,0 +1,45 @@
+import chalk from 'chalk';
+import AWS, { STS, IAM } from 'aws-sdk';
+
+import { getCurrentProfile } from '../lib/profile';
+import { timeout } from '../lib/time';
+
+const assumedRole = (arn?: string): string | undefined => {
+  return arn ? arn.split('/')[1] : undefined;
+};
+
+const whoami = async (): Promise<void> => {
+  const sts = new STS();
+  const iam = new IAM();
+
+  const identity = await Promise.race([sts.getCallerIdentity().promise(), timeout(1500)]);
+
+  if (!identity) {
+    console.log(chalk.red(`Session is expired or invalid`));
+    process.exit();
+  }
+
+  // Should be available if the identity call returns truthy, so shouldn't need a second timed-out race.
+  const aliases = await iam.listAccountAliases().promise();
+
+  const whoAmI = {
+    Account: identity.Account,
+    Aliases: aliases?.AccountAliases,
+    Arn: identity.Arn,
+    AssumedRole: assumedRole(identity.Arn),
+    Profile: getCurrentProfile(),
+    Region: AWS.config.region,
+    UserId: identity.UserId,
+  };
+
+  const maxKeyLength = Math.max.apply(
+    null,
+    Object.keys(whoAmI).map((k) => k.length)
+  );
+
+  for (const [key, value] of Object.entries(whoAmI)) {
+    console.log(chalk.green(`${key.padEnd(maxKeyLength)} -> ${value}`));
+  }
+};
+
+export { assumedRole, whoami };
diff --git a/src/lib/profile.ts b/src/lib/profile.ts
@@ -0,0 +1,5 @@
+const getCurrentProfile = (): string => {
+  return process.env.AWS_PROFILE || '';
+};
+
+export { getCurrentProfile };
diff --git a/src/lib/time.ts b/src/lib/time.ts
@@ -0,0 +1,5 @@
+import { promisify } from 'util';
+
+const timeout = promisify(setTimeout);
+
+export { timeout };
diff --git a/src/mfa-login.ts b/src/mfa-login.ts
@@ -45,7 +45,7 @@ const createStsParameters = (
   return {
     DurationSeconds: configuration.sessionLengthInSeconds,
     SerialNumber: configuration.mfaDeviceArn,
-    TokenCode: mfaToken
+    TokenCode: mfaToken,
   };
 };
 
@@ -57,7 +57,7 @@ const createTemporaryCredentials = (
     profileName: profileName,
     awsAccessKeyId: credentials.AccessKeyId,
     awsSecretAccessKey: credentials.SecretAccessKey,
-    awsSessionToken: credentials.SessionToken
+    awsSessionToken: credentials.SessionToken,
   };
 };
 
@@ -68,9 +68,7 @@ const getTemporaryCredentials = async (
 ): Promise<void> => {
   const stsParameters = createStsParameters(configuration, mfaToken);
 
-  const response = await createStsClient(configuration)
-    .getSessionToken(stsParameters)
-    .promise();
+  const response = await createStsClient(configuration).getSessionToken(stsParameters).promise();
 
   if (response.Credentials) {
     onLogin(createTemporaryCredentials(configuration.profileName, response.Credentials));
diff --git a/test/command/whoami.test.ts b/test/command/whoami.test.ts
@@ -0,0 +1,9 @@
+import { assumedRole } from '../../src/command/whoami';
+
+describe('whoami', () => {
+  test('assumedRole', () => {
+    expect(
+      assumedRole('arn:aws:sts::111111111111:assumed-role/foo-bar/aws-sdk-js-1111111111111')
+    ).toEqual('foo-bar');
+  });
+});

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "awsx",`
`3`	`3`	`"description": "AWS CLI profile switcher with MFA support",`
`4`		`- "version": "1.1.3",`
	`4`	`+ "version": "1.2.0",`
`5`	`5`	`"author": "Neo Financial Engineering <engineering@neofinancial.com>",`
`6`	`6`	`"license": "MIT",`
`7`	`7`	`"repository": {`