Add metadata to ConsoleMe cred request body (#48)

Netflix · Mar 2, 2021 · 77f6d7c · 77f6d7c
1 parent e593614
commit 77f6d7c
Show file tree

Hide file tree

Showing 19 changed files with 379 additions and 306 deletions.
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -13,7 +13,10 @@ builds:
     flags:
       - -trimpath
     ldflags:
-      - -s -w -extldflags "-static" -X github.com/netflix/weep/version.Version={{.Version}} -X github.com/netflix/weep/version.Commit={{.CommitDate}} -X github.com/netflix/weep/version.Date={{.Date}}
+      - -s -w -extldflags "-static"
+        -X github.com/netflix/weep/metadata.Version={{.Version}}
+        -X github.com/netflix/weep/metadata.Commit={{.CommitDate}}
+        -X github.com/netflix/weep/metadata.Date={{.Date}}
     mod_timestamp: '{{ .CommitTimestamp }}'
   -
     id: demo
@@ -26,7 +29,11 @@ builds:
     flags:
       - -trimpath
     ldflags:
-      - -s -w -extldflags "-static" -X github.com/netflix/weep/config.EmbeddedConfigFile=/weep-demo.yaml -X github.com/netflix/weep/version.Version={{.Version}} -X github.com/netflix/weep/version.Commit={{.CommitDate}} -X github.com/netflix/weep/version.Date={{.Date}}
+      - -s -w -extldflags "-static"
+        -X github.com/netflix/weep/config.EmbeddedConfigFile=/weep-demo.yaml
+        -X github.com/netflix/weep/metadata.Version={{.Version}}
+        -X github.com/netflix/weep/metadata.Commit={{.CommitDate}}
+        -X github.com/netflix/weep/metadata.Date={{.Date}}
     mod_timestamp: '{{ .CommitTimestamp }}'
     hooks:
       pre: pkger -include /weep-demo.yaml

diff --git a/cmd/root.go b/cmd/root.go
@@ -21,6 +21,8 @@ import (
 	"os/signal"
 	"syscall"
 
+	"github.com/netflix/weep/metadata"
+
 	"github.com/netflix/weep/config"
 	"github.com/netflix/weep/logging"
 
@@ -34,6 +36,11 @@ var (
 		Short:             "weep helps you get the most out of ConsoleMe credentials",
 		Long:              "Weep is a CLI tool that manages AWS access via ConsoleMe for local development.",
 		DisableAutoGenTag: true,
+		PersistentPreRun: func(cmd *cobra.Command, args []string) {
+			// This runs before any subcommand, and cmd.CalledAs() returns the subcommand
+			// that was called. We want to use this for the weep method in the instance info.
+			metadata.SetWeepMethod(cmd.CalledAs())
+		},
 	}
 	log = logging.GetLogger()
 )

diff --git a/cmd/version.go b/cmd/version.go
@@ -19,7 +19,8 @@ package cmd
 import (
 	"fmt"
 
-	"github.com/netflix/weep/version"
+	"github.com/netflix/weep/metadata"
+
 	"github.com/spf13/cobra"
 )
 
@@ -31,6 +32,6 @@ var versionCmd = &cobra.Command{
 	Use:   "version",
 	Short: "Print version information",
 	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println(version.GetVersion())
+		fmt.Println(metadata.GetVersion())
 	},
 }
diff --git a/config/config.go b/config/config.go
@@ -34,6 +34,7 @@ var log = logging.GetLogger()
 func init() {
 	// Set default configuration values here
 	viper.SetTypeByDefaultValue(true)
+	viper.SetDefault("feature_flags.consoleme_metadata", false)
 	viper.SetDefault("log_file", getDefaultLogFile())
 	viper.SetDefault("mtls_settings.old_cert_message", "mTLS certificate is too old, please refresh mtls certificate")
 	viper.SetDefault("server.http_timeout", 20)
@@ -50,8 +51,8 @@ func getDefaultLogFile() string {
 	case "linux":
 		return filepath.Join("tmp", "weep.log")
 	case "windows":
-		path, _ := filepath.Abs(filepath.FromSlash("/programdata/weep/weep.log"))
-		return path
+		p, _ := filepath.Abs(filepath.FromSlash("/programdata/weep/weep.log"))
+		return p
 	default:
 		return ""
 	}

diff --git a/creds/consoleme.go b/creds/consoleme.go
@@ -29,6 +29,8 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/netflix/weep/metadata"
+
 	"github.com/netflix/weep/logging"
 
 	werrors "github.com/netflix/weep/errors"
@@ -38,12 +40,10 @@ import (
 	"github.com/netflix/weep/httpAuth/mtls"
 
 	"github.com/pkg/errors"
-
-	"github.com/netflix/weep/version"
 )
 
 var log = logging.GetLogger()
-var clientVersion = fmt.Sprintf("%s", version.Version)
+var clientVersion = fmt.Sprintf("%s", metadata.Version)
 
 var userAgent = "weep/" + clientVersion + " Go-http-client/1.1"
 
@@ -186,8 +186,12 @@ func (c *Client) GetRoleCredentials(role string, ipRestrict bool) (*AwsCredentia
 	var cmCredentialErrorMessageType ConsolemeCredentialErrorMessageType
 
 	cmCredRequest := ConsolemeCredentialRequestType{
-		RequestedRole:   role,
-		NoIpRestriciton: ipRestrict,
+		RequestedRole:  role,
+		NoIpRestricton: ipRestrict,
+	}
+
+	if metadataEnabled := viper.GetBool("feature_flags.consoleme_metadata"); metadataEnabled == true {
+		cmCredRequest.Metadata = metadata.GetInstanceInfo()
 	}
 
 	b := new(bytes.Buffer)

diff --git a/creds/types.go b/creds/types.go
@@ -21,6 +21,8 @@ import (
 	"sync"
 	"time"
 
+	"github.com/netflix/weep/metadata"
+
 	"github.com/aws/aws-sdk-go/aws/credentials"
 )
 
@@ -60,8 +62,12 @@ type ConsolemeCredentialResponseType struct {
 }
 
 type ConsolemeCredentialRequestType struct {
-	RequestedRole   string `json:"requested_role"`
-	NoIpRestriciton bool   `json:"no_ip_restrictions"`
+	RequestedRole  string                 `json:"requested_role"`
+	NoIpRestricton bool                   `json:"no_ip_restrictions"`
+	Metadata       *metadata.InstanceInfo `json:"metadata,omitempty"`
+}
+
+type ConsoleMeCredentialRequestMetadata struct {
 }
 
 type ConsolemeCredentialErrorMessageType struct {
@@ -120,3 +126,12 @@ func (t Time) Time() time.Time {
 func (t Time) String() string {
 	return t.Time().String()
 }
+
+type Credentials struct {
+	Role                string
+	NoIpRestrict        bool
+	metaDataCredentials *AwsCredentials
+	MetadataRegion      string
+	LastRenewal         Time
+	mu                  sync.Mutex
+}