Netflix · patricksanders · Oct 29, 2021 · Nov 3, 2021
diff --git a/cmd/console.go b/cmd/console.go
@@ -43,7 +43,7 @@ var consoleCmd = &cobra.Command{
 
 func runConsole(cmd *cobra.Command, args []string) error {
 	// If a role was provided, use it, otherwise prompt
-	role, err := InteractiveRolePrompt(args, region, nil)
+	role, err := InteractiveRolePrompt(args)
 	if err != nil {
 		logging.LogError(err, "Error getting role")
 		return err

diff --git a/cmd/credential_process.go b/cmd/credential_process.go
@@ -17,17 +17,21 @@
 package cmd
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"time"
 
+	"github.com/netflix/weep/pkg/types"
+
+	"github.com/netflix/weep/pkg/creds"
+
 	"github.com/sirupsen/logrus"
 
 	"github.com/netflix/weep/pkg/logging"
 
 	"github.com/netflix/weep/pkg/aws"
 
-	"github.com/netflix/weep/pkg/creds"
 	"github.com/netflix/weep/pkg/util"
 
 	"gopkg.in/ini.v1"
@@ -89,11 +93,7 @@ func generateCredentialProcessConfig(destination string) error {
 	if destination == "" {
 		return fmt.Errorf("no destination provided")
 	}
-	client, err := creds.GetClient(region)
-	if err != nil {
-		return err
-	}
-	roles, err := client.Roles()
+	roles, err := creds.List(context.TODO())
 	if err != nil {
 		return err
 	}
@@ -121,7 +121,7 @@ func runCredentialProcess(cmd *cobra.Command, args []string) error {
 	}
 	role := args[0]
 	logging.Log.WithFields(logrus.Fields{"role": role}).Infoln("Getting credentials")
-	credentials, err := creds.GetCredentials(role, noIpRestrict, assumeRole, "")
+	credentials, err := creds.Get(context.TODO(), role, noIpRestrict, assumeRole)
 	if err != nil {
 		logging.LogError(err, "Error getting credentials")
 		return err
@@ -132,7 +132,7 @@ func runCredentialProcess(cmd *cobra.Command, args []string) error {
 func printCredentialProcess(credentials *aws.Credentials) error {
 	expirationTimeFormat := credentials.Expiration.Format(time.RFC3339)
 
-	credentialProcessOutput := &creds.CredentialProcess{
+	credentialProcessOutput := &types.CredentialProcess{
 		Version:         1,
 		AccessKeyId:     credentials.AccessKeyId,
 		SecretAccessKey: credentials.SecretAccessKey,

diff --git a/cmd/export.go b/cmd/export.go
@@ -17,17 +17,18 @@
 package cmd
 
 import (
+	"context"
 	"fmt"
 	"os"
 	"strings"
 
+	"github.com/netflix/weep/pkg/creds"
+
 	"github.com/netflix/weep/pkg/logging"
 	"github.com/sirupsen/logrus"
 
 	"github.com/netflix/weep/pkg/aws"
 
-	"github.com/netflix/weep/pkg/creds"
-
 	"github.com/spf13/cobra"
 )
 
@@ -52,7 +53,7 @@ func runExport(cmd *cobra.Command, args []string) error {
 		return err
 	}
 	logging.Log.WithFields(logrus.Fields{"role": role}).Infoln("Getting credentials")
-	credentials, err := creds.GetCredentials(role, noIpRestrict, assumeRole, "")
+	credentials, err := creds.Get(context.TODO(), role, noIpRestrict, assumeRole)
 	if err != nil {
 		logging.LogError(err, "Error getting credentials")
 		return err

diff --git a/cmd/file.go b/cmd/file.go
@@ -17,18 +17,20 @@
 package cmd
 
 import (
+	"context"
 	"fmt"
 	"path"
 	"strconv"
 	"time"
 
+	"github.com/netflix/weep/pkg/creds"
+
 	"github.com/sirupsen/logrus"
 
 	"github.com/netflix/weep/pkg/logging"
 
 	"github.com/netflix/weep/pkg/aws"
 
-	"github.com/netflix/weep/pkg/creds"
 	"github.com/netflix/weep/pkg/util"
 
 	"gopkg.in/ini.v1"
@@ -76,7 +78,7 @@ func runFile(cmd *cobra.Command, args []string) error {
 
 func updateCredentialsFile(role, profile, filename string, noIpRestrict bool, assumeRole []string) error {
 	logging.Log.WithFields(logrus.Fields{"role": role}).Infoln("Getting credentials")
-	credentials, err := creds.GetCredentials(role, noIpRestrict, assumeRole, "")
+	credentials, err := creds.Get(context.TODO(), role, noIpRestrict, assumeRole)
 	if err != nil {
 		logging.LogError(err, "Error getting credentials")
 		return err

diff --git a/cmd/helpers.go b/cmd/helpers.go
@@ -17,20 +17,22 @@
 package cmd
 
 import (
+	"context"
 	"fmt"
 	"os"
 	"strconv"
 	"strings"
 
+	"github.com/netflix/weep/pkg/creds"
+
 	"github.com/lithammer/fuzzysearch/fuzzy"
 	"github.com/manifoldco/promptui"
-	"github.com/netflix/weep/pkg/creds"
 )
 
 // InteractiveRolePrompt will present the user with a fuzzy-searchable list of roles if
 // - We are currently attached to an interactive tty
 // - The user has not disabled them through the WEEP_DISABLE_INTERACTIVE_PROMPTS option
-func InteractiveRolePrompt(args []string, region string, client *creds.Client) (string, error) {
+func InteractiveRolePrompt(args []string) (string, error) {
 	// If a role was provided, just use that
 	if len(args) > 0 {
 		return args[0], nil
@@ -44,17 +46,8 @@ func InteractiveRolePrompt(args []string, region string, client *creds.Client) (
 		return "", fmt.Errorf("no role provided, and interactive prompts are disabled")
 	}
 
-	// If a client was not provided, create one using the provided region
-	if client == nil {
-		var err error
-		client, err = creds.GetClient(region)
-		if err != nil {
-			return "", err
-		}
-	}
-
 	// Retrieve the list of roles
-	rolesExtended, err := client.RolesExtended()
+	rolesExtended, err := creds.ListExtended(context.TODO())
 	if err != nil {
 		return "", err
 	}

diff --git a/cmd/list.go b/cmd/list.go
@@ -17,12 +17,14 @@
 package cmd
 
 import (
+	"context"
 	"os"
 	"strings"
 
+	"github.com/netflix/weep/pkg/creds/consoleme"
+
 	"github.com/netflix/weep/pkg/logging"
 
-	"github.com/netflix/weep/pkg/creds"
 	"github.com/netflix/weep/pkg/util"
 	"github.com/spf13/cobra"
 )
@@ -41,11 +43,8 @@ var listCmd = &cobra.Command{
 }
 
 func roleList() (string, error) {
-	client, err := creds.GetClient(region)
-	if err != nil {
-		return "", err
-	}
-	roles, err := client.RolesExtended()
+	provider := consoleme.NewProvider()
+	roles, err := provider.ListExtended(context.TODO())
 	if err != nil {
 		return "", err
 	}

diff --git a/cmd/open.go b/cmd/open.go
@@ -17,11 +17,13 @@
 package cmd
 
 import (
+	"context"
 	"errors"
 
+	"github.com/netflix/weep/pkg/creds"
+
 	"github.com/netflix/weep/pkg/logging"
 
-	"github.com/netflix/weep/pkg/creds"
 	"github.com/netflix/weep/pkg/util"
 
 	"github.com/spf13/cobra"
@@ -53,12 +55,7 @@ func runOpen(cmd *cobra.Command, args []string) error {
 		return errors.New("Resource type sns and sqs require region in the arn")
 	}
 	var resourceURL string
-	client, err := creds.GetClient(region)
-	if err != nil {
-		logging.LogError(err, "Error getting client")
-		return err
-	}
-	resourceURL, err = client.GetResourceURL(args[0])
+	resourceURL, err = creds.ResourceURL(context.TODO(), args[0])
 	if err != nil {
 		logging.LogError(err, "Error getting resource URL")
 		return err

diff --git a/pkg/cache/cache.go b/pkg/cache/cache.go
@@ -21,6 +21,7 @@ import (
 	"sync"
 
 	"github.com/netflix/weep/pkg/creds"
+
 	"github.com/netflix/weep/pkg/errors"
 	"github.com/netflix/weep/pkg/logging"
 
@@ -60,23 +61,23 @@ func (cc *CredentialCache) Get(searchString string, assumeChain []string) (*cred
 	return nil, errors.NoCredentialsFoundInCache
 }
 
-func (cc *CredentialCache) GetOrSet(client creds.HTTPClient, role, region string, assumeChain []string) (*creds.RefreshableProvider, error) {
+func (cc *CredentialCache) GetOrSet(role, region string, assumeChain []string) (*creds.RefreshableProvider, error) {
 	c, err := cc.Get(role, assumeChain)
 	if err == nil {
 		return c, nil
 	}
 	logging.Log.Debugf("no credentials for %s in cache, creating", role)
 
-	c, err = cc.set(client, role, region, assumeChain)
+	c, err = cc.set(role, region, assumeChain)
 	if err != nil {
 		return nil, err
 	}
 
 	return c, nil
 }
 
-func (cc *CredentialCache) SetDefault(client creds.HTTPClient, role, region string, assumeChain []string) error {
-	_, err := cc.set(client, role, region, assumeChain)
+func (cc *CredentialCache) SetDefault(role, region string, assumeChain []string) error {
+	_, err := cc.set(role, region, assumeChain)
 	if err != nil {
 		return err
 	}
@@ -120,8 +121,8 @@ func (cc *CredentialCache) get(slug string) (*creds.RefreshableProvider, bool) {
 	return c, ok
 }
 
-func (cc *CredentialCache) set(client creds.HTTPClient, role, region string, assumeChain []string) (*creds.RefreshableProvider, error) {
-	c, err := creds.NewRefreshableProvider(client, role, region, assumeChain, false)
+func (cc *CredentialCache) set(role, region string, assumeChain []string) (*creds.RefreshableProvider, error) {
+	c, err := creds.NewRefreshableProvider(role, region, assumeChain, false)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/cache/cache_test.go b/pkg/cache/cache_test.go
@@ -20,10 +20,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/netflix/weep/pkg/aws"
-	"github.com/netflix/weep/pkg/types"
-
 	"github.com/netflix/weep/pkg/creds"
+
 	"github.com/netflix/weep/pkg/errors"
 )
 
@@ -191,19 +189,7 @@ func TestCredentialCache_SetDefault(t *testing.T) {
 	}
 	expectedRole := "a"
 	expectedExpiration := time.Unix(1, 0).Round(0)
-	testClient, err := creds.GetTestClient(creds.ConsolemeCredentialResponseType{
-		Credentials: &aws.Credentials{
-			AccessKeyId:     "a",
-			SecretAccessKey: "b",
-			SessionToken:    "c",
-			Expiration:      types.Time(time.Unix(1, 0)),
-			RoleArn:         "e",
-		},
-	})
-	if err != nil {
-		t.Errorf("test setup failure: %e", err)
-	}
-	err = testCache.SetDefault(testClient, expectedRole, "b", make([]string, 0))
+	err := testCache.SetDefault(expectedRole, "b", make([]string, 0))
 	if err != nil {
 		t.Errorf("test failure: %e", err)
 	}
@@ -219,19 +205,7 @@ func TestCredentialCache_DefaultLastUpdated(t *testing.T) {
 	testCache := CredentialCache{
 		RoleCredentials: map[string]*creds.RefreshableProvider{},
 	}
-	testClient, err := creds.GetTestClient(creds.ConsolemeCredentialResponseType{
-		Credentials: &aws.Credentials{
-			AccessKeyId:     "a",
-			SecretAccessKey: "b",
-			SessionToken:    "c",
-			Expiration:      types.Time(time.Unix(1, 0)),
-			RoleArn:         "e",
-		},
-	})
-	if err != nil {
-		t.Errorf("test setup failure: %e", err)
-	}
-	err = testCache.SetDefault(testClient, "a", "b", make([]string, 0))
+	err := testCache.SetDefault("a", "b", make([]string, 0))
 	if err != nil {
 		t.Errorf("test failure: %e", err)
 	}
@@ -262,19 +236,7 @@ func TestCredentialCache_DefaultArn(t *testing.T) {
 	testCache := CredentialCache{
 		RoleCredentials: map[string]*creds.RefreshableProvider{},
 	}
-	testClient, err := creds.GetTestClient(creds.ConsolemeCredentialResponseType{
-		Credentials: &aws.Credentials{
-			AccessKeyId:     "a",
-			SecretAccessKey: "b",
-			SessionToken:    "c",
-			Expiration:      types.Time(time.Unix(1, 0)),
-			RoleArn:         "e",
-		},
-	})
-	if err != nil {
-		t.Errorf("test setup failure: %e", err)
-	}
-	err = testCache.SetDefault(testClient, "a", "b", make([]string, 0))
+	err := testCache.SetDefault("a", "b", make([]string, 0))
 	if err != nil {
 		t.Errorf("test failure: %e", err)
 	}
@@ -341,20 +303,7 @@ func TestCredentialCache_GetOrSet(t *testing.T) {
 		testCache := CredentialCache{
 			RoleCredentials: tc.CacheContents,
 		}
-		client, err := creds.GetTestClient(creds.ConsolemeCredentialResponseType{
-			Credentials: &aws.Credentials{
-				AccessKeyId:     "a",
-				SecretAccessKey: "b",
-				SessionToken:    "c",
-				Expiration:      types.Time(time.Unix(1, 0)),
-				RoleArn:         tc.ExpectedResult.RoleArn,
-			},
-		})
-		if err != nil {
-			t.Errorf("test setup failure: %e", err)
-			continue
-		}
-		result, actualError := testCache.GetOrSet(client, tc.SearchString, tc.Region, tc.AssumeChain)
+		result, actualError := testCache.GetOrSet(tc.SearchString, tc.Region, tc.AssumeChain)
 		if actualError != tc.ExpectedError {
 			t.Errorf("%s failed: expected %v error, got %v", tc.Description, tc.ExpectedError, actualError)
 			continue

diff --git a/pkg/creds/client.go b/pkg/creds/client.go
@@ -0,0 +1,14 @@
+package creds
+
+import (
+	"io"
+	"net/http"
+
+	"github.com/netflix/weep/pkg/aws"
+)
+
+type IWeepClient interface {
+	GetRoleCredentials(role string, ipRestrict bool) (*aws.Credentials, error)
+	CloseIdleConnections()
+	buildRequest(string, string, io.Reader, string) (*http.Request, error)
+}