Add AWS Console support for non-ctrl-plane accounts

source/lib/auth.rb

@@ -82,7 +82,11 @@ def self.control_plane_auth(ctrl, target, username, region)
 
   def self.target_plane_auth(region, profile_name)
     Aws.config[:credentials] = Aws::SharedCredentials.new(profile_name: profile_name)
-    return Aws::CloudFormation::Client.new(region: region), Aws.config[:credentials].credentials
+    cf_client = Aws::CloudFormation::Client.new(region: region)
+    sts_client = Aws::STS::Client.new(region: region)
+    sts_policy = '{"Version": "2012-10-17", "Statement": [{"Sid": "Stmt1437414476731", "Action": "*","Effect": "Allow", "Resource": "*" }]}'
+    sts_creds = sts_client.get_federation_token(name: 'Restacker', policy: sts_policy).credentials
+    return cf_client, sts_creds
   end
 
   def self.valid_session?(region, creds)

source/lib/aws_cli.rb

@@ -12,56 +12,27 @@ def cmd(cmd, debug)
   end
 
   def console(options)
-    location = RestackerConfig.find_plane(options)
-    plane_config = RestackerConfig.find_config[location]
 
-    if plane_config[:ctrl].nil? #if ctrl plane does not exist in the current plane
-      session_json = {
-        sessionId: @creds.access_key_id,
-        sessionKey: @creds.secret_access_key,
-        sessionToken: @creds.session_token
-      }.to_json
-
-      issuer_url = "Stacker"
-      console_url = "https://console.aws.amazon.com/"
-      signin_url = "https://signin.aws.amazon.com/federation"
-
-      get_signin_token_url = signin_url + "?Action=getSigninToken" + "&SessionType=json&Session=" + CGI.escape(session_json)
-      returned_content = Net::HTTP.get(URI.parse(get_signin_token_url))
-      signin_token = JSON.parse(returned_content)['SigninToken']
-      signin_token_param = "&SigninToken=" + CGI.escape(signin_token)
-      issuer_param = "&Issuer=" + CGI.escape(issuer_url)
-      destination_param = "&Destination=" + CGI.escape(console_url)
-      login_url = signin_url + "?Action=login" + signin_token_param + issuer_param + destination_param
-      if options[:debug]
-        puts "signin token url: \t\t#{get_signin_token_url}"
-        puts "returned content: \t\t#{returned_content}"
-        puts "login url: \t\t#{login_url}" 
-      end
-
-      # `open \"#{login_url}\"`
-    else #if ctrl plane exists
-      session_json = {
-      	sessionId: @creds.access_key_id,
-      	sessionKey: @creds.secret_access_key,
-      	sessionToken: @creds.session_token
-    	}.to_json
-
-      issuer_url = "Stacker"
-      console_url = "https://console.aws.amazon.com/"
-      signin_url = "https://signin.aws.amazon.com/federation"
-
-      get_signin_token_url = signin_url + "?Action=getSigninToken" + "&SessionType=json&Session=" + CGI.escape(session_json)
-      returned_content = Net::HTTP.get(URI.parse(get_signin_token_url))
-      signin_token = JSON.parse(returned_content)['SigninToken']
-      signin_token_param = "&SigninToken=" + CGI.escape(signin_token)
-      issuer_param = "&Issuer=" + CGI.escape(issuer_url)
-      destination_param = "&Destination=" + CGI.escape(console_url)
-      login_url = signin_url + "?Action=login" + signin_token_param + issuer_param + destination_param
-      puts login_url if options[:debug]
-
-      `open \"#{login_url}\"`
-    end
+    session_json = {
+    	sessionId: @creds.access_key_id,
+    	sessionKey: @creds.secret_access_key,
+    	sessionToken: @creds.session_token
+  	}.to_json
+
+    issuer_url = "Stacker"
+    console_url = "https://console.aws.amazon.com/"
+    signin_url = "https://signin.aws.amazon.com/federation"
+
+    get_signin_token_url = signin_url + "?Action=getSigninToken" + "&SessionType=json&Session=" + CGI.escape(session_json)
+    returned_content = Net::HTTP.get(URI.parse(get_signin_token_url))
+    signin_token = JSON.parse(returned_content)['SigninToken']
+    signin_token_param = "&SigninToken=" + CGI.escape(signin_token)
+    issuer_param = "&Issuer=" + CGI.escape(issuer_url)
+    destination_param = "&Destination=" + CGI.escape(console_url)
+    login_url = signin_url + "?Action=login" + signin_token_param + issuer_param + destination_param
+    puts login_url if options[:debug]
+
+    `open \"#{login_url}\"`
 
   end
 end