Fixing credentials problem

ellosoft · Nov 6, 2023 · b6cbc7c · b6cbc7c
1 parent 223fae6
commit b6cbc7c
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 13 deletions.
diff --git a/src/Ellosoft.AwsCredentialsManager/Commands/RDS/GetRdsPassword.cs b/src/Ellosoft.AwsCredentialsManager/Commands/RDS/GetRdsPassword.cs
@@ -37,7 +37,7 @@ public class Settings : AwsSettings
 
         [CommandOption("--ttl")]
         [Description("Password lifetime in minutes (max recommended: 15 minutes)")]
-        [DefaultValue(15)]
+        [DefaultValue(DatabaseConfiguration.DefaultTtlInMinutes)]
         public int Ttl { get; set; }
 
         [CommandOption("--env")]
@@ -79,8 +79,8 @@ await GenerateDbPassword(
             dbConfig.Hostname,
             dbConfig.Port,
             dbConfig.Username,
-            dbConfig.Ttl,
-            dbConfig.Region
+            dbConfig.Region,
+            dbConfig.GetTtl()
         );
 
         return 0;
@@ -97,22 +97,21 @@ private async Task<int> HandleAdHocRequest(Settings settings)
         var username = settings.Username ?? AnsiConsole.Ask<string>("Enter the DB username:");
         var region = settings.GetRegion();
 
-        await GenerateDbPassword(credentialName, hostname, port, username, settings.Ttl, region.SystemName);
+        await GenerateDbPassword(credentialName, hostname, port, username, region.SystemName, settings.Ttl);
 
         CreateNewRdsProfile(credentialName, hostname, port, username, settings.Ttl, region.SystemName, settings.Environment);
 
         return 0;
     }
 
-    private async Task GenerateDbPassword(string? credential, string? hostname, int? port, string? username, int? ttl, string? region)
+    private async Task GenerateDbPassword(string? credential, string? hostname, int? port, string? username, string? region, int ttl)
     {
         try
         {
             ArgumentNullException.ThrowIfNull(credential);
             ArgumentNullException.ThrowIfNull(hostname);
             ArgumentNullException.ThrowIfNull(port);
             ArgumentNullException.ThrowIfNull(username);
-            ArgumentNullException.ThrowIfNull(ttl);
             ArgumentNullException.ThrowIfNull(region);
 
             var awsCredentials = await _awsSessionManager.CreateOrResumeSessionAsync(credential);
@@ -121,7 +120,7 @@ private async Task GenerateDbPassword(string? credential, string? hostname, int?
                 throw new CommandException($"Unable to resume or create AWS session for credential '{credential}'");
 
             var regionEndpoint = RegionEndpoint.GetBySystemName(region);
-            var dbPassword = _rdsTokenGenerator.GenerateDbPassword(awsCredentials, regionEndpoint, hostname, port.Value, username, ttl.Value);
+            var dbPassword = _rdsTokenGenerator.GenerateDbPassword(awsCredentials, regionEndpoint, hostname, port.Value, username, ttl);
 
             AnsiConsole.MarkupLine($"\r\n[green]DB Password:[/]\r\n{dbPassword}\r\n");
         }
@@ -147,10 +146,12 @@ private void CreateNewRdsProfile(string credential, string hostname, int port, s
             Hostname = hostname,
             Port = port,
             Username = username,
-            Region = region,
-            Ttl = ttl
+            Region = region
         };
 
+        if (ttl != DatabaseConfiguration.DefaultTtlInMinutes)
+            dbConfig.Ttl = ttl;
+
         if (credential != environment.Credential)
             dbConfig.Credential = credential;
 
@@ -173,7 +174,11 @@ private DatabaseConfiguration GetDbConfig(AppConfig appConfig, string rdsProfile
             var env = _envManager.GetEnvironment(environmentName);
 
             if (env is not null && env.Rds.TryGetValue(rdsProfile, out var dbConfig))
+            {
+                dbConfig.Credential ??= env.Credential;
+
                 return dbConfig;
+            }
 
             throw new CommandException($"Unable to find RDS profile [i]'{rdsProfile}'[/] on [i]'{environmentName}'[/] environment");
         }

diff --git a/src/Ellosoft.AwsCredentialsManager/Program.cs b/src/Ellosoft.AwsCredentialsManager/Program.cs
@@ -1,5 +1,6 @@
 // Copyright (c) 2023 Ellosoft Limited. All rights reserved.
 
+using System.Diagnostics;
 using Ellosoft.AwsCredentialsManager.Commands;
 using Ellosoft.AwsCredentialsManager.Commands.Credentials;
 using Ellosoft.AwsCredentialsManager.Commands.Okta;
@@ -67,6 +68,13 @@
     config.ValidateExamples();
 });
 
+#if DEBUG
+if (Debugger.IsAttached)
+{
+    args = "rds pwd test_db".Split(' ');
+}
+#endif
+
 try
 {
     return app.Run(args);

diff --git a/src/Ellosoft.AwsCredentialsManager/Services/AWS/Interactive/AwsOktaSessionManager.cs b/src/Ellosoft.AwsCredentialsManager/Services/AWS/Interactive/AwsOktaSessionManager.cs
@@ -123,6 +123,6 @@ [bold yellow]The AWS role ARN specified in the credential [b]'{credentialProfile
         return null;
     }
 
-    private static BasicAWSCredentials CreateAwsCredentials(AwsCredentialsData credentialsData) =>
-        new(credentialsData.AccessKeyId, credentialsData.SecretAccessKey);
+    private static SessionAWSCredentials CreateAwsCredentials(AwsCredentialsData credentialsData) =>
+        new(credentialsData.AccessKeyId, credentialsData.SecretAccessKey, credentialsData.SessionToken);
 }
diff --git a/src/Ellosoft.AwsCredentialsManager/Services/Configuration/Models/DatabaseConfiguration.cs b/src/Ellosoft.AwsCredentialsManager/Services/Configuration/Models/DatabaseConfiguration.cs
@@ -4,17 +4,21 @@ namespace Ellosoft.AwsCredentialsManager.Services.Configuration.Models;
 
 public class DatabaseConfiguration : ResourceConfiguration
 {
+    internal const int DefaultTtlInMinutes = 15;
+
     public string? Hostname { get; set; }
 
     public int? Port { get; set; }
 
     public string? Username { get; set; }
 
-    public int? Ttl { get; set; }
-
     public string? Region { get; set; }
 
+    public int? Ttl { get; set; }
+
     public string? Template { get; set; }
 
     public string? Credential { get; set; }
+
+    internal int GetTtl() => Ttl ?? DefaultTtlInMinutes;
 }