Merge pull request #1445 from ioito/hotfix/qx-aws-mfa

ioito · web-flow · commit 33407c7102e6 · 2025-08-26T15:12:50.000+08:00
fix(aws): add aws mfa cli
diff --git a/pkg/multicloud/aws/mfa.go b/pkg/multicloud/aws/mfa.go
@@ -0,0 +1,71 @@
+package aws
+
+import "time"
+
+type VirtualMFADevice struct {
+	EnableDate       time.Time
+	SerialNumber     string
+	Base32StringSeed string
+	QRCodePNG        string
+	User             struct {
+		UserName   string
+		Arn        string
+		UserId     string
+		CreateDate time.Time
+	}
+}
+
+func (cli *SAwsClient) GetVirtualMFADevices() ([]VirtualMFADevice, error) {
+	ret := []VirtualMFADevice{}
+	for {
+		params := map[string]string{}
+		part := struct {
+			Marker            string             `xml:"Marker"`
+			VirtualMFADevices []VirtualMFADevice `xml:"VirtualMFADevices>member"`
+		}{}
+		err := cli.iamRequest("ListVirtualMFADevices", params, &part)
+		if err != nil {
+			return nil, err
+		}
+		ret = append(ret, part.VirtualMFADevices...)
+		if len(part.VirtualMFADevices) == 0 || len(part.Marker) == 0 {
+			break
+		}
+		params["Marker"] = part.Marker
+	}
+	return ret, nil
+}
+
+func (cli *SAwsClient) DeleteVirtualMFADevice(serialNumber, userName string) error {
+	params := map[string]string{
+		"SerialNumber": serialNumber,
+	}
+	if len(userName) > 0 {
+		params["UserName"] = userName
+	}
+	return cli.iamRequest("DeactivateMFADevice", params, nil)
+}
+
+func (cli *SAwsClient) CreateVirtualMFADevice(name string) (*VirtualMFADevice, error) {
+	params := map[string]string{
+		"VirtualMFADeviceName": name,
+	}
+	ret := struct {
+		VirtualMFADevice VirtualMFADevice `xml:"VirtualMFADevice"`
+	}{}
+	err := cli.iamRequest("CreateVirtualMFADevice", params, &ret)
+	if err != nil {
+		return nil, err
+	}
+	return &ret.VirtualMFADevice, nil
+}
+
+func (cli *SAwsClient) ResyncMFADevice(serialNumber, userName, code1, code2 string) error {
+	params := map[string]string{
+		"SerialNumber":        serialNumber,
+		"AuthenticationCode1": code1,
+		"AuthenticationCode2": code2,
+		"UserName":            userName,
+	}
+	return cli.iamRequest("ResyncMFADevice", params, nil)
+}
diff --git a/pkg/multicloud/aws/shell/mfa.go b/pkg/multicloud/aws/shell/mfa.go
@@ -0,0 +1,68 @@
+// Copyright 2019 Yunion
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package shell
+
+import (
+	"yunion.io/x/pkg/util/shellutils"
+
+	"yunion.io/x/cloudmux/pkg/multicloud/aws"
+)
+
+func init() {
+	type VirtualMFADeviceListOptions struct {
+	}
+
+	shellutils.R(&VirtualMFADeviceListOptions{}, "virtual-mfa-device-list", "List virtual mfa devices", func(cli *aws.SRegion, args *VirtualMFADeviceListOptions) error {
+		devices, err := cli.GetClient().GetVirtualMFADevices()
+		if err != nil {
+			return err
+		}
+		printList(devices, 0, 0, 0, nil)
+		return nil
+	})
+
+	type VirtualMFADeviceDeleteOptions struct {
+		SerialNumber string
+		UserName     string
+	}
+
+	shellutils.R(&VirtualMFADeviceDeleteOptions{}, "virtual-mfa-device-deactivate", "Deactivate virtual mfa device", func(cli *aws.SRegion, args *VirtualMFADeviceDeleteOptions) error {
+		return cli.GetClient().DeleteVirtualMFADevice(args.SerialNumber, args.UserName)
+	})
+
+	type VirtualMFADeviceCreateOptions struct {
+		NAME string
+	}
+
+	shellutils.R(&VirtualMFADeviceCreateOptions{}, "virtual-mfa-device-create", "Create virtual mfa device", func(cli *aws.SRegion, args *VirtualMFADeviceCreateOptions) error {
+		device, err := cli.GetClient().CreateVirtualMFADevice(args.NAME)
+		if err != nil {
+			return err
+		}
+		printObject(device)
+		return nil
+	})
+
+	type VirtualMFADeviceResyncOptions struct {
+		SERIAL_NUMBER string
+		USER          string
+		CODE1         string
+		CODE2         string
+	}
+
+	shellutils.R(&VirtualMFADeviceResyncOptions{}, "virtual-mfa-device-resync", "Resync virtual mfa device", func(cli *aws.SRegion, args *VirtualMFADeviceResyncOptions) error {
+		return cli.GetClient().ResyncMFADevice(args.SERIAL_NUMBER, args.USER, args.CODE1, args.CODE2)
+	})
+}
