From 243a9c8557098e13aa2aa0f50f7b63c29759b60f Mon Sep 17 00:00:00 2001 From: Michael Palmer Date: Wed, 28 Oct 2020 15:23:56 -0400 Subject: [PATCH] set user agent header to gossamer3 --- cmd/gossamer3/commands/bulk_login.go | 6 +++++- cmd/gossamer3/commands/console.go | 3 +++ cmd/gossamer3/commands/exec.go | 6 ++++++ cmd/gossamer3/commands/login.go | 5 ++++- cmd/gossamer3/main.go | 3 +++ pkg/awsconfig/awsconfig.go | 10 ++++++++++ pkg/cfg/cfg.go | 7 +++++++ pkg/provider/http.go | 3 +-- 8 files changed, 39 insertions(+), 4 deletions(-) diff --git a/cmd/gossamer3/commands/bulk_login.go b/cmd/gossamer3/commands/bulk_login.go index 9d1c4433c..4917fd978 100644 --- a/cmd/gossamer3/commands/bulk_login.go +++ b/cmd/gossamer3/commands/bulk_login.go @@ -377,7 +377,7 @@ func BulkLogin(loginFlags *flags.LoginExecFlags) error { // If no creds are expired, return to sender, no work to be done if noCredsExpired { - logger.Infof("No credentials expired") + logger.Infof("Credentials are not expired (use --force to login anyways)") return nil } @@ -658,6 +658,10 @@ func assumeRole(parentCreds *awsconfig.AWSCredentials, roleArn string, roleSessi if err != nil { return nil, errors.Wrap(err, "failed to create session") } + + // Set user agent handler + awsconfig.OverrideUserAgent(sess) + svc := sts.New(sess) // Generate input diff --git a/cmd/gossamer3/commands/console.go b/cmd/gossamer3/commands/console.go index 637618482..181ca304c 100644 --- a/cmd/gossamer3/commands/console.go +++ b/cmd/gossamer3/commands/console.go @@ -222,6 +222,9 @@ func getRoleSessionNameFromCredentials(account *cfg.IDPAccount, awsCreds *awscon return "", errors.Wrap(err, "failed to create session") } + // Set user agent handler + awsconfig.OverrideUserAgent(sess) + // Call to STS Get Caller Identity svc := sts.New(sess) resp, err := svc.GetCallerIdentity(&sts.GetCallerIdentityInput{}) diff --git a/cmd/gossamer3/commands/exec.go b/cmd/gossamer3/commands/exec.go index a8db62bfc..6182b581d 100644 --- a/cmd/gossamer3/commands/exec.go +++ b/cmd/gossamer3/commands/exec.go @@ -108,6 +108,9 @@ func assumeRoleWithProfile(targetProfile string, sessionDuration int) (*awsconfi AssumeRoleDuration: duration, })) + // Set user agent handler + awsconfig.OverrideUserAgent(sess) + // use an STS client to perform the multiple role assumptions stsClient := sts.New(sess) input := &sts.GetCallerIdentityInput{} @@ -144,6 +147,9 @@ func checkToken(account *cfg.IDPAccount) (bool, error) { return false, err } + // Set user agent handler + awsconfig.OverrideUserAgent(sess) + svc := sts.New(sess) params := &sts.GetCallerIdentityInput{} diff --git a/cmd/gossamer3/commands/login.go b/cmd/gossamer3/commands/login.go index 3062cf112..15b41c9cf 100644 --- a/cmd/gossamer3/commands/login.go +++ b/cmd/gossamer3/commands/login.go @@ -44,7 +44,7 @@ func Login(loginFlags *flags.LoginExecFlags) error { } if !sharedCreds.Expired() && !loginFlags.Force { - log.Println("credentials are not expired skipping") + log.Println("Credentials are not expired (use --force to login anyways)") return nil } @@ -286,6 +286,9 @@ func loginToStsUsingRole(role *g3.AWSRole, sessionDuration int, samlAssertion, r return nil, errors.Wrap(err, "failed to create session") } + // Set user agent handler + awsconfig.OverrideUserAgent(sess) + svc := sts.New(sess) params := &sts.AssumeRoleWithSAMLInput{ diff --git a/cmd/gossamer3/main.go b/cmd/gossamer3/main.go index 93c1055d4..37d2355e8 100644 --- a/cmd/gossamer3/main.go +++ b/cmd/gossamer3/main.go @@ -8,6 +8,8 @@ import ( "os" "runtime" + "github.com/GESkunkworks/gossamer3/pkg/cfg" + "github.com/GESkunkworks/gossamer3/cmd/gossamer3/commands" "github.com/GESkunkworks/gossamer3/pkg/flags" "github.com/alecthomas/kingpin" @@ -59,6 +61,7 @@ func main() { app := kingpin.New("gossamer3", "A command line tool to help with SAML access to the AWS token service.") app.Version(Version) + cfg.Version = Version // Settings not related to commands verbose := app.Flag("verbose", "Enable verbose logging").Bool() diff --git a/pkg/awsconfig/awsconfig.go b/pkg/awsconfig/awsconfig.go index 340d9ae9c..9120f77fe 100644 --- a/pkg/awsconfig/awsconfig.go +++ b/pkg/awsconfig/awsconfig.go @@ -8,6 +8,10 @@ import ( "runtime" "time" + "github.com/GESkunkworks/gossamer3/pkg/cfg" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/session" + homedir "github.com/mitchellh/go-homedir" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -47,6 +51,12 @@ type CredentialsProvider struct { Profile string } +func OverrideUserAgent(sess *session.Session) { + sess.Handlers.Build.PushBack(func(r *request.Request) { + r.HTTPRequest.Header.Set("User-Agent", cfg.GetUserAgent()) + }) +} + // NewSharedCredentials helper to create the credentials provider func NewSharedCredentials(profile string) *CredentialsProvider { return &CredentialsProvider{ diff --git a/pkg/cfg/cfg.go b/pkg/cfg/cfg.go index 31d16487e..138db8562 100644 --- a/pkg/cfg/cfg.go +++ b/pkg/cfg/cfg.go @@ -5,12 +5,15 @@ import ( "io/ioutil" "net/url" "os" + "runtime" "github.com/mitchellh/go-homedir" "github.com/pkg/errors" yaml "gopkg.in/yaml.v3" ) +var Version string + // ErrIdpAccountNotFound returned if the idp account is not found in the configuration file var ErrIdpAccountNotFound = errors.New("IDP account not found, run configure to set it up") @@ -56,6 +59,10 @@ type IDPAccount struct { HttpRetryDelay string `yaml:"http_retry_delay"` } +func GetUserAgent() string { + return fmt.Sprintf("gossamer3/%s (%s; %s; %s)", Version, runtime.Version(), runtime.GOOS, runtime.GOARCH) +} + func (ia IDPAccount) String() string { return fmt.Sprintf(`account { Name: %s diff --git a/pkg/provider/http.go b/pkg/provider/http.go index 36380b4ce..bde4ae065 100644 --- a/pkg/provider/http.go +++ b/pkg/provider/http.go @@ -91,8 +91,7 @@ func NewHTTPClient(tr http.RoundTripper, opts *HTTPClientOptions) (*HTTPClient, // Do do the request func (hc *HTTPClient) Do(req *http.Request) (*http.Response, error) { - - //req.Header.Set("User-Agent", fmt.Sprintf("gossamer3/1.0 (%s %s)", runtime.GOOS, runtime.GOARCH)) + req.Header.Set("User-Agent", cfg.GetUserAgent()) var resp *http.Response var err error