Closes #22

fireflycons · Jan 7, 2020 · 2c1d98f · 2c1d98f
1 parent 1acee6d
commit 2c1d98f
Show file tree

Hide file tree

Showing 3 changed files with 82 additions and 10 deletions.
diff --git a/aws-toolbox/Private/IAM/Get-StoredAwsCredentials.ps1 b/aws-toolbox/Private/IAM/Get-StoredAwsCredentials.ps1
@@ -0,0 +1,13 @@
+function Get-StoredAwsCredentials
+{
+    # Check user authenticated
+    if (-not (Test-Path variable:StoredAWSCredentials))
+    {
+        throw "Please authenticate with AWSPowerShell first (Set-AWSCredential)"
+    }
+
+    # Get the AWSCredential object from the shell stored credential
+    $StoredAwsCredentials.GetType().
+        GetProperty('Credentials', ([System.Reflection.BindingFlags]::NonPublic -bor [System.Reflection.BindingFlags]::Instance)).
+        GetValue($StoredAwsCredentials).GetCredentials() | Select-Object *
+}
diff --git a/aws-toolbox/Public/IAM/Get-ATIAMSessionCredentials.ps1 b/aws-toolbox/Public/IAM/Get-ATIAMSessionCredentials.ps1
@@ -60,23 +60,21 @@ function Get-ATIAMSessionCredentials
         [Parameter(ParameterSetName = "DotNet")]
         [switch]$ClipBoard,
 
+        [Parameter(ParameterSetName = "AwsCli")]
+        [switch]$AwsCli,
+
         [Parameter(ParameterSetName = "SetLocal")]
         [switch]$SetLocal
     )
 
-    # Check user authenticated
-    if (-not (Test-Path variable:StoredAWSCredentials))
+    $cred = Get-StoredAwsCredentials
+
+    if (-not $AwsCli)
     {
-        throw "Please authenticate with AWSPowerShell first (Set-AWSCredential)"
+        # aws-cli should renew the keys when it needs to
+        Write-Warning "Expiry time for these keys: $($cred.Expires.ToLocalTime().ToString("HH:mm:ss")). You will need to re-run this script after then to regenerate keys."
     }
 
-    # Get the AWSCredential object from the shell stored credential
-    $cred = $StoredAwsCredentials.GetType().
-        GetProperty('Credentials', ([System.Reflection.BindingFlags]::NonPublic -bor [System.Reflection.BindingFlags]::Instance)).
-        GetValue($StoredAwsCredentials).GetCredentials() | Select-Object *
-
-    Write-Warning "Expiry time for these keys: $($cred.Expires.ToLocalTime().ToString("HH:mm:ss")). You will need to re-run this script after then to regenerate keys."
-
     if ($Ruby)
     {
         # Build Ruby environment variables and output
@@ -147,6 +145,22 @@ function Get-ATIAMSessionCredentials
             $sb.ToString()
         }
     }
+    elseif ($AwsCli)
+    {
+        if (-not ($cred.UseToken -and ($cred.PSObject.Properties | Where-Object { $_.Name -eq 'Expires'})))
+        {
+            throw "Credential of type $($cred).GetType()) not suitable for aws-cli external credential source"
+        }
+
+        New-Object PSObject -Property @{
+            Version = 1
+            AccessKeyId = $cred.AccessKey
+            SecretAccessKey = $cred.SecretKey
+            SessionToken = $cred.Token
+            Expiration = $cred.Expires.ToString('s')
+        } |
+        ConvertTo-Json
+    }
     elseif ($PSCmdlet.ParameterSetName -ieq 'SetLocal')
     {
         # Set local enviroment with credential material.

diff --git a/tests/aws-toolbox.Public.Tests.ps1 b/tests/aws-toolbox.Public.Tests.ps1
@@ -229,4 +229,49 @@ InModuleScope -Module $ModuleName {
             }
         }
     }
+
+    Describe 'IAM' {
+
+        Context 'AWSCLI Credential Source' {
+
+            $expectedAccessKey = 'ASIAKHKJHLJEXAMPLE'
+            $expectedSecretKey = 'hkjhLJlkjAKJlkjALKJALKjEXAMPLE'
+            $expectedToken = 'gkjjiouLJLKJoihoIJKHkjjGUhlkJPJEXAMPLE'
+            $expectedExpiry = [DateTime]'2100-01-01'
+
+            Mock -CommandName 'Get-StoredAwsCredentials' -MockWith {
+
+                New-Object PSObject -Property @{
+
+                    AccessKey = $expectedAccessKey
+                    SecretKey = $expectedSecretKey
+                    Token = $expectedToken
+                    Expires = $expectedExpiry
+                    UseToken = $true
+                }
+            }
+
+            $result = Get-ATIAMSessionCredentials -AwsCli | ConvertFrom-Json
+
+            It 'Should yield expected access key' {
+
+                $result.AccessKeyId | Should Be $expectedAccessKey
+            }
+
+            It 'Should yield expected secret key' {
+
+                $result.SecretAccessKey | Should Be $expectedSecretKey
+            }
+
+            It 'Should yield expected access key' {
+
+                $result.SessionToken | Should Be $expectedToken
+            }
+
+            It 'Should yield expected expiry' {
+
+                $result.Expiration | Should Be $expectedExpiry.ToString('s')
+            }
+        }
+    }
 }