feat: restore HTTP registry and provider-agnostic access provider support

cmd/granted/main.go

@@ -10,12 +10,17 @@ import (
 
 	"github.com/common-fate/clio"
 	"github.com/common-fate/clio/clierr"
+	"github.com/common-fate/updatecheck"
+	"github.com/fwdcloudsec/granted/internal/build"
 	"github.com/fwdcloudsec/granted/pkg/assume"
 	"github.com/fwdcloudsec/granted/pkg/granted"
 	"github.com/urfave/cli/v2"
 )
 
 func main() {
+	updatecheck.Check(updatecheck.GrantedCLI, build.Version, !build.IsDev())
+	defer updatecheck.Print()
+
 	c := make(chan os.Signal, 1)
 	signal.Notify(c, syscall.SIGINT, syscall.SIGTERM)
 	go func() {

go.mod

@@ -10,17 +10,20 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sso v1.20.5
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.15
 	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6
+	github.com/common-fate/updatecheck v0.3.5
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8
 	github.com/pkg/errors v0.9.1
 	github.com/segmentio/ksuid v1.0.4
 	github.com/urfave/cli/v2 v2.25.7
 )
 
 require (
+	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/alessio/shellescape v1.4.2
+	github.com/briandowns/spinner v1.23.0
 	github.com/common-fate/clio v1.2.3
-	github.com/common-fate/grab v1.3.0
 	github.com/fatih/color v1.16.0
+	github.com/google/uuid v1.6.0
 	github.com/hashicorp/go-version v1.7.0
 	github.com/schollz/progressbar/v3 v3.13.1
 	go.uber.org/zap v1.26.0
@@ -30,12 +33,10 @@ require (
 require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.0 // indirect
-	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/uuid v1.6.0 // indirect
 	github.com/huandu/xstrings v1.3.3 // indirect
 	github.com/imdario/mergo v0.3.11 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
@@ -68,7 +69,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/iam v1.28.7
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
 	github.com/aws/smithy-go v1.24.1
-	github.com/common-fate/awsconfigfile v0.10.0
+	github.com/common-fate/useragent v0.1.0
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/danieljoos/wincred v1.1.2 // indirect
 	github.com/dvsekhvalnov/jose2go v1.8.0 // indirect
@@ -79,11 +80,12 @@ require (
 	github.com/joho/godotenv v1.4.0
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-isatty v0.0.20
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mtibben/percent v0.2.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/sethvargo/go-retry v0.2.4
 	github.com/stretchr/testify v1.10.0
 	go.uber.org/ratelimit v0.3.0
 	golang.org/x/sync v0.19.0
@@ -92,3 +94,5 @@ require (
 	golang.org/x/text v0.34.0
 	gopkg.in/ini.v1 v1.67.0
 )
+
+replace github.com/aws/session-manager-plugin => github.com/common-fate/session-manager-plugin v0.0.0-20240723053832-3d311db99016

go.sum

@@ -46,12 +46,14 @@ github.com/aws/smithy-go v1.24.1 h1:VbyeNfmYkWoxMVpGUAbQumkODcYmfMRfZ8yQiH30SK0=
 github.com/aws/smithy-go v1.24.1/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0=
 github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=
 github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
-github.com/common-fate/awsconfigfile v0.10.0 h1:9W0JTeO0d3jNLw3Ps9U7IJwLYp4D9zcipq/sqNEWJOg=
-github.com/common-fate/awsconfigfile v0.10.0/go.mod h1:znstvN26aO+KUwmdjwZ+WcmitZ7heEJb5iFdCPokAO8=
+github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4Pt2A=
+github.com/briandowns/spinner v1.23.0/go.mod h1:rPG4gmXeN3wQV/TsAY4w8lPdIM6RX3yqeBQJSrbXjuE=
 github.com/common-fate/clio v1.2.3 h1:hHwUYZjn66qGYDpgANl0EB/92hyi/Jsnd07qB09rvn4=
 github.com/common-fate/clio v1.2.3/go.mod h1:NkozaS15SA+6Y9zb+82eIj1i41aWShorTqA01GKQ7A8=
-github.com/common-fate/grab v1.3.0 h1:vGNBMfhAVAWtrLuH1stnhL4LsDb73drhegC/060q+Ok=
-github.com/common-fate/grab v1.3.0/go.mod h1:6zH8GckZGFrOKfZzL4Y/2OTvxwFeL6cDtsztM0GGC2Y=
+github.com/common-fate/updatecheck v0.3.5 h1:UGIKMnYwuHjbhhCaisLz1pNPg8Z1nXEoWcfqT+4LkAg=
+github.com/common-fate/updatecheck v0.3.5/go.mod h1:fru9yoUXmM3QVAUdDDqKQeDoln20Pkji/7EH64gVHMs=
+github.com/common-fate/useragent v0.1.0 h1:RLmkIiJXcOUJAUyXWc/zCaGbrGmlCbHBGMx99ztQ3ZU=
+github.com/common-fate/useragent v0.1.0/go.mod h1:GjXGR6cDiMboDP04qlfDfA5HTbeoRSoNgQWDAyOdW9o=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -146,6 +148,8 @@ github.com/schollz/progressbar/v3 v3.13.1 h1:o8rySDYiQ59Mwzy2FELeHY5ZARXZTVJC7iH
 github.com/schollz/progressbar/v3 v3.13.1/go.mod h1:xvrbki8kfT1fzWzBT/UZd9L6GA+jdL7HAgq2RFnO6fQ=
 github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=
 github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=
+github.com/sethvargo/go-retry v0.2.4 h1:T+jHEQy/zKJf5s95UkguisicE0zuF9y7+/vgz08Ocec=
+github.com/sethvargo/go-retry v0.2.4/go.mod h1:1afjQuvh7s4gflMObvjLPaWgluLLyhA1wmVZ6KLpICw=
 github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng=

pkg/accessrequest/role.go

@@ -0,0 +1,121 @@
+// Package accessrequest handles
+// making requests to roles that a
+// user doesn't have access to.
+package accessrequest
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"os"
+	"path/filepath"
+
+	"github.com/common-fate/clio/clierr"
+	"github.com/fwdcloudsec/granted/pkg/config"
+)
+
+type Role struct {
+	Account string `json:"account"`
+	Role    string `json:"role"`
+}
+
+func (r Role) URL(dashboardURL string) string {
+	u, err := url.Parse(dashboardURL)
+	if err != nil {
+		return fmt.Sprintf("error building access request URL: %s", err.Error())
+	}
+	u.Path = "access"
+	q := u.Query()
+	q.Add("type", "aws-sso")
+	q.Add("permissionSetArn.label", r.Role)
+	q.Add("accountId", r.Account)
+	u.RawQuery = q.Encode()
+
+	return u.String()
+}
+
+func (r Role) Save() error {
+	roleBytes, err := json.Marshal(r)
+	if err != nil {
+		return err
+	}
+
+	configFolder, err := config.GrantedConfigFolder()
+	if err != nil {
+		return err
+	}
+
+	file := filepath.Join(configFolder, "latest-role")
+	return os.WriteFile(file, roleBytes, 0644)
+}
+
+func LatestRole() (*Role, error) {
+	configFolder, err := config.GrantedConfigFolder()
+	if err != nil {
+		return nil, err
+	}
+
+	file := filepath.Join(configFolder, "latest-role")
+
+	if _, err := os.Stat(file); os.IsNotExist(err) {
+		return nil, clierr.New("no latest role saved", clierr.Info("You can run 'assume' to try and access a role. If the role is inaccessible it will be saved as the latest role."))
+	}
+
+	roleBytes, err := os.ReadFile(file)
+	if err != nil {
+		return nil, err
+	}
+
+	var r Role
+	err = json.Unmarshal(roleBytes, &r)
+	if err != nil {
+		return nil, err
+	}
+
+	return &r, nil
+}
+
+type Profile struct {
+	Name string
+}
+
+func (p Profile) Save() error {
+	profileBytes, err := json.Marshal(p)
+	if err != nil {
+		return err
+	}
+
+	configFolder, err := config.GrantedConfigFolder()
+	if err != nil {
+		return err
+	}
+
+	file := filepath.Join(configFolder, "latest-profile")
+	return os.WriteFile(file, profileBytes, 0644)
+}
+
+func LatestProfile() (*Profile, error) {
+	configFolder, err := config.GrantedConfigFolder()
+	if err != nil {
+		return nil, err
+	}
+
+	file := filepath.Join(configFolder, "latest-profile")
+
+	if _, err := os.Stat(file); os.IsNotExist(err) {
+		return nil, clierr.New("no latest profile saved", clierr.Info("You can run 'assume' to try and access a profile. If the profile is inaccessible it will be saved as the latest profile."))
+	}
+
+	profileBytes, err := os.ReadFile(file)
+	if err != nil {
+		return nil, err
+	}
+
+	var p Profile
+	err = json.Unmarshal(profileBytes, &p)
+	if err != nil {
+		return nil, err
+	}
+
+	return &p, nil
+}