Skip to content

Commit

Permalink
Merge branch '1Password:main' into yugabyte
Browse files Browse the repository at this point in the history
  • Loading branch information
@parthiv11
parthiv11 authored Jun 27, 2023
2 parents 9e97555 + d7a779f commit fe8225a
Show file tree
Hide file tree
Showing 15 changed files with 658 additions and 80 deletions.
2 changes: 2 additions & 0 deletions .github/pull_request_template.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,5 +57,7 @@ The AWS plugin now checks for the `AWS_SHARED_CREDENTIALS_FILE` environment vari
For more examples, have a look over 1Password CLI's past release notes:
https://app-updates.agilebits.com/product_history/CLI2
-->
## Additional information

- [ ] Check this box if this is a [Hashnode Hackathon](https://hashnode.com/hackathons/1password) submission

13 changes: 13 additions & 0 deletions .github/workflows/pr-check-signed-commits.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
name: Check signed commits in PR
on: pull_request

jobs:
build:
name: Check signed commits in PR
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3

- name: Check signed commits in PR
uses: 1Password/check-signed-commits-action@v1
4 changes: 3 additions & 1 deletion cmd/contrib/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,7 @@ func newPlugin() error {
CredentialNameUpperCamelCase string
CredentialNameSnakeCase string
TestCredentialExample string
ExecutableSnakeCase string
}{}

err := survey.Ask(questionnaire, &result)
Expand Down Expand Up @@ -170,6 +171,7 @@ func newPlugin() error {

result.CredentialNameUpperCamelCase = strings.Join(credNameSplit, "")
result.CredentialNameSnakeCase = strings.ToLower(strings.Join(credNameSplit, "_"))
result.ExecutableSnakeCase = strings.ToLower(strings.ReplaceAll(result.Executable, "-", "_"))

result.IsNewCredentialName = true
for _, existing := range credname.ListAll() {
Expand Down Expand Up @@ -488,7 +490,7 @@ func Test{{ .CredentialNameUpperCamelCase }}Importer(t *testing.T) {
}

var executableTemplate = Template{
Filename: "{{ .Executable }}.go",
Filename: "{{ .ExecutableSnakeCase }}.go",
Contents: `package {{ .Name }}
import (
Expand Down
177 changes: 161 additions & 16 deletions plugins/aws/access_key_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,16 @@ func TestAccessKeyDefaultProvisioner(t *testing.T) {
configPath := filepath.Join(t.TempDir(), "awsConfig")
t.Setenv("AWS_CONFIG_FILE", configPath)

// setup profiles in config file
file := ini.Empty()
profileDefault, err := file.NewSection("default")
require.NoError(t, err)
_, err = profileDefault.NewKey("region", "us-central-1")
require.NoError(t, err)

err = file.SaveTo(configPath)
require.NoError(t, err)

plugintest.TestProvisioner(t, AccessKey().DefaultProvisioner, map[string]plugintest.ProvisionCase{
"default": {
ItemFields: map[sdk.FieldName]string{
Expand Down Expand Up @@ -282,22 +292,37 @@ func TestSTSProvisioner(t *testing.T) {
require.NoError(t, err)
_, err = profileDev.NewKey("role_arn", "aws:iam::123456789012:role/testRole2")
require.NoError(t, err)

profileProd, err := file.NewSection("profile prod")
require.NoError(t, err)
_, err = profileProd.NewKey("mfa_serial", "arn:aws:iam::123456789012:mfa/user1")
require.NoError(t, err)

profileDefault, err := file.NewSection("default")
require.NoError(t, err)
_, err = profileDefault.NewKey("role_arn", "aws:iam::123456789012:role/testRole")
require.NoError(t, err)
_, err = profileDefault.NewKey("region", "us-central-1")
require.NoError(t, err)

profileTest, err := file.NewSection("profile test")
require.NoError(t, err)
_, err = profileTest.NewKey("mfa_serial", "arn:aws:iam::123456789012:mfa/user1")
require.NoError(t, err)
_, err = profileTest.NewKey("role_arn", "aws:iam::123456789012:role/testRole")
require.NoError(t, err)

profileSourceComplex, err := file.NewSection("profile testSourceComplex")
require.NoError(t, err)
_, err = profileSourceComplex.NewKey("mfa_serial", "arn:aws:iam::123456789012:mfa/user1")
require.NoError(t, err)
_, err = profileSourceComplex.NewKey("role_arn", "aws:iam::123456789012:role/testRole")
require.NoError(t, err)
_, err = profileSourceComplex.NewKey("source_profile", "testSourceSimple")
require.NoError(t, err)

profileSourceSimple, err := file.NewSection("profile testSourceSimple")
require.NoError(t, err)
_, err = profileSourceSimple.NewKey("source_profile", "default")
require.NoError(t, err)
err = file.SaveTo(configPath)
require.NoError(t, err)

Expand Down Expand Up @@ -392,6 +417,132 @@ func TestSTSProvisioner(t *testing.T) {
},
},
})

plugintest.TestProvisioner(t, STSProvisioner{
profileName: "testSourceSimple",
newProviderFactory: func(cacheState sdk.CacheState, cacheOps sdk.CacheOperations, fields map[sdk.FieldName]string) STSProviderFactory {
return &mockProviderManager{ItemFields: map[sdk.FieldName]string{
fieldname.AccessKeyID: "AKIAHPIZFMD5EEXAMPLE",
fieldname.SecretAccessKey: "lBfKB7P5ScmpxDeRoFLZvhJbqNGPoV0vIEXAMPLE",
}}
},
}, map[string]plugintest.ProvisionCase{
"WithSourceProfileSimple": {
ItemFields: map[sdk.FieldName]string{
fieldname.AccessKeyID: "AKIAHPIZFMD5EEXAMPLE",
fieldname.SecretAccessKey: "lBfKB7P5ScmpxDeRoFLZvhJbqNGPoV0vIEXAMPLE",
},
ExpectedOutput: sdk.ProvisionOutput{
Environment: map[string]string{
"AWS_ACCESS_KEY_ID": "AKIAHPIZFMD5EEXAMPLE",
"AWS_SECRET_ACCESS_KEY": "lBfKB7P5ScmpxDeRoFLZvhJbqNGPoV0vIEXAMPLE",
"AWS_DEFAULT_REGION": "us-central-1",
},
},
},
})

plugintest.TestProvisioner(t, STSProvisioner{
profileName: "testSourceComplex",
newProviderFactory: func(cacheState sdk.CacheState, cacheOps sdk.CacheOperations, fields map[sdk.FieldName]string) STSProviderFactory {
return &mockProviderManager{}
},
}, map[string]plugintest.ProvisionCase{
"WithSourceProfileComplex": {
ItemFields: map[sdk.FieldName]string{
fieldname.AccessKeyID: "AKIAHPIZFMD5EEXAMPLE",
fieldname.SecretAccessKey: "lBfKB7P5ScmpxDeRoFLZvhJbqNGPoV0vIEXAMPLE",
fieldname.DefaultRegion: "us-central-1",
fieldname.OneTimePassword: "908789",
fieldname.MFASerial: "arn:aws:iam::123456789012:mfa/user1",
},
ExpectedOutput: sdk.ProvisionOutput{
Environment: map[string]string{
"AWS_ACCESS_KEY_ID": "AKIAHPIZFMD5EEXSTS",
"AWS_SECRET_ACCESS_KEY": "stststststst/K7MDENG/bPxRfiCYEXAMPLEKEY",
"AWS_SESSION_TOKEN": "stststststst/K7MDENG/bPxRfiCYEXAMPLEKEY///////stststststst/K7MDENG/bPxRfiCYEXAMPLEKEY///////stststststst/K7MDENG/bPxRfiCYEXAMPLEKEY",
"AWS_DEFAULT_REGION": "us-central-1",
},
},
},
})
}

func TestSourceProfileLoop(t *testing.T) {
t.Setenv("AWS_PROFILE", "")
t.Setenv("AWS_DEFAULT_REGION", "")
configPath := filepath.Join(t.TempDir(), "awsConfig")
t.Setenv("AWS_CONFIG_FILE", configPath)

// setup profiles in config file
file := ini.Empty()
profileDev, err := file.NewSection("profile dev")
require.NoError(t, err)
_, err = profileDev.NewKey("source_profile", "default")
require.NoError(t, err)

profileDefault, err := file.NewSection("default")
require.NoError(t, err)
_, err = profileDefault.NewKey("source_profile", "prod")
require.NoError(t, err)

profileProd, err := file.NewSection("profile prod")
require.NoError(t, err)
_, err = profileProd.NewKey("source_profile", "dev")
require.NoError(t, err)

profileStaging, err := file.NewSection("profile staging")
require.NoError(t, err)
_, err = profileStaging.NewKey("source_profile", "staging")
require.NoError(t, err)

err = file.SaveTo(configPath)
require.NoError(t, err)

plugintest.TestProvisioner(t, STSProvisioner{
profileName: "prod",
newProviderFactory: func(cacheState sdk.CacheState, cacheOps sdk.CacheOperations, fields map[sdk.FieldName]string) STSProviderFactory {
return &mockProviderManager{}
},
}, map[string]plugintest.ProvisionCase{
"WithEndlessLoop": {
ItemFields: map[sdk.FieldName]string{
fieldname.AccessKeyID: "AKIAHPIZFMD5EEXAMPLE",
fieldname.SecretAccessKey: "lBfKB7P5ScmpxDeRoFLZvhJbqNGPoV0vIEXAMPLE",
fieldname.DefaultRegion: "us-central-1",
fieldname.OneTimePassword: "908789",
fieldname.MFASerial: "arn:aws:iam::123456789012:mfa/user1",
},
ExpectedOutput: sdk.ProvisionOutput{
Diagnostics: sdk.Diagnostics{Errors: []sdk.Error{{Message: "infinite loop in credential configuration detected. Attempting to load from profile \"prod\" which has already been visited"}}},
},
},
})

plugintest.TestProvisioner(t, STSProvisioner{
profileName: "staging",
newProviderFactory: func(cacheState sdk.CacheState, cacheOps sdk.CacheOperations, fields map[sdk.FieldName]string) STSProviderFactory {
return &mockProviderManager{}
},
}, map[string]plugintest.ProvisionCase{
"WithAcceptedLoop": {
ItemFields: map[sdk.FieldName]string{
fieldname.AccessKeyID: "AKIAHPIZFMD5EEXAMPLE",
fieldname.SecretAccessKey: "lBfKB7P5ScmpxDeRoFLZvhJbqNGPoV0vIEXAMPLE",
fieldname.DefaultRegion: "us-central-1",
fieldname.OneTimePassword: "908789",
fieldname.MFASerial: "arn:aws:iam::123456789012:mfa/user1",
},
ExpectedOutput: sdk.ProvisionOutput{
Environment: map[string]string{
"AWS_ACCESS_KEY_ID": "AKIAHPIZFMD5EEXSTS",
"AWS_SECRET_ACCESS_KEY": "stststststst/K7MDENG/bPxRfiCYEXAMPLEKEY",
"AWS_SESSION_TOKEN": "stststststst/K7MDENG/bPxRfiCYEXAMPLEKEY///////stststststst/K7MDENG/bPxRfiCYEXAMPLEKEY///////stststststst/K7MDENG/bPxRfiCYEXAMPLEKEY",
"AWS_DEFAULT_REGION": "us-central-1",
},
},
},
})
}

func TestResolveLocalAnd1PasswordConfigurations(t *testing.T) {
Expand Down Expand Up @@ -469,17 +620,7 @@ func TestResolveLocalAnd1PasswordConfigurations(t *testing.T) {
ProfileName: "dev",
MfaSerial: "arn:aws:iam::123456789012:mfa/user",
},
err: fmt.Errorf("MFA failed: an MFA serial was found but no OTP has been set up in 1Password"),
},
{
description: "has mfa token but no mfa serial",
itemFields: map[sdk.FieldName]string{
fieldname.OneTimePassword: "515467",
},
awsConfig: &confighelpers.Config{
ProfileName: "dev",
},
err: fmt.Errorf("MFA failed: an OTP was found wihtout a corresponding MFA serial"),
err: fmt.Errorf("MFA failed: MFA serial \"arn:aws:iam::123456789012:mfa/user\" was detected on the associated item or in the config file for the selected profile, but no 'One-Time Password' field was found.\nLearn how to add an OTP field to your item:\nhttps://developer.1password.com/docs/cli/shell-plugins/aws/#optional-set-up-multi-factor-authentication"),
},
{
description: "has region only in 1Password",
Expand Down Expand Up @@ -653,13 +794,17 @@ func (p mockAwsProvider) Retrieve(ctx context.Context) (aws.Credentials, error)
}

type mockProviderManager struct {
CacheProviderFactory
ItemFields map[sdk.FieldName]string
}

func (m mockProviderManager) NewMFASessionTokenProvider(awsConfig *confighelpers.Config) aws.CredentialsProvider {
func (m mockProviderManager) NewMFASessionTokenProvider(awsConfig *confighelpers.Config, srcCredProvider aws.CredentialsProvider) aws.CredentialsProvider {
return mockAwsProvider{}
}

func (m mockProviderManager) NewAssumeRoleProvider(awsConfig *confighelpers.Config) aws.CredentialsProvider {
func (m mockProviderManager) NewAssumeRoleProvider(awsConfig *confighelpers.Config, srcCredProvider aws.CredentialsProvider) aws.CredentialsProvider {
return mockAwsProvider{}
}

func (m mockProviderManager) NewAccessKeysProvider() aws.CredentialsProvider {
return accessKeysProvider{itemFields: m.ItemFields}
}
Loading

0 comments on commit fe8225a

Please sign in to comment.