Skip to content

Commit 574de92

Browse files
committed
Fix pass-thru of duration, add logs. It "works" now.
Signed-off-by: Noah Stride <noah.stride@goteleport.com>
1 parent 33be15f commit 574de92

File tree

1 file changed

+21
-3
lines changed

1 file changed

+21
-3
lines changed

cmd/main.go

Lines changed: 21 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@ import (
55
"fmt"
66
"log/slog"
77
"os"
8-
"time"
98

109
"github.com/aws/rolesanywhere-credential-helper/aws_signing_helper"
1110
"github.com/spf13/cobra"
@@ -31,12 +30,19 @@ func main() {
3130
}
3231

3332
func newRootCmd() (*cobra.Command, error) {
33+
var debug bool
3434
rootCmd := &cobra.Command{
3535
Use: "aws-spiffe-workload-helper",
3636
Short: "TODO", // TODO(strideynet): Helpful, short description.
3737
Long: `TODO`, // TODO(strideynet): Helpful, long description.
3838
Version: version,
3939
}
40+
rootCmd.PersistentFlags().BoolVar(&debug, "debug", false, "Enable debug logging")
41+
rootCmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
42+
if debug {
43+
slog.SetLogLoggerLevel(slog.LevelDebug)
44+
}
45+
}
4046

4147
x509CredentialProcessCmd, err := newX509CredentialProcessCmd()
4248
if err != nil {
@@ -52,7 +58,7 @@ func newX509CredentialProcessCmd() (*cobra.Command, error) {
5258
roleARN string
5359
region string
5460
profileARN string
55-
sessionDuration time.Duration
61+
sessionDuration int
5662
trustAnchorARN string
5763
roleSessionName string
5864
)
@@ -74,6 +80,13 @@ func newX509CredentialProcessCmd() (*cobra.Command, error) {
7480
// TODO(strideynet): Implement SVID selection mechanism, for now,
7581
// we'll just use the first returned SVID (a.k.a the default).
7682
svid := x509Ctx.DefaultSVID()
83+
slog.Debug(
84+
"Fetched X509 SVID",
85+
slog.Group("svid",
86+
"spiffe_id", svid.ID,
87+
"hint", svid.Hint,
88+
),
89+
)
7790

7891
signer := &awsspiffe.X509SVIDSigner{
7992
SVID: svid,
@@ -88,10 +101,15 @@ func newX509CredentialProcessCmd() (*cobra.Command, error) {
88101
Region: region,
89102
RoleSessionName: roleSessionName,
90103
TrustAnchorArnStr: trustAnchorARN,
104+
SessionDuration: sessionDuration,
91105
}, signer, signatureAlgorithm)
92106
if err != nil {
93107
return fmt.Errorf("generating credentials: %w", err)
94108
}
109+
slog.Debug(
110+
"Generated AWS credentials",
111+
"expiration", credentials.Expiration,
112+
)
95113

96114
out, err := json.Marshal(credentials)
97115
if err != nil {
@@ -113,7 +131,7 @@ func newX509CredentialProcessCmd() (*cobra.Command, error) {
113131
if err := cmd.MarkFlagRequired("profile-arn"); err != nil {
114132
return nil, fmt.Errorf("marking profile-arn flag as required: %w", err)
115133
}
116-
cmd.Flags().DurationVar(&sessionDuration, "session-duration", 0, "The duration of the resulting session. Optional. Can range from 15m to 12h.")
134+
cmd.Flags().IntVar(&sessionDuration, "session-duration", 3600, "The duration, in seconds, of the resulting session. Optional. Can range from 15 minutes (900) to 12 hours (43200).")
117135
cmd.Flags().StringVar(&trustAnchorARN, "trust-anchor-arn", "", "The ARN of the Roles Anywhere trust anchor to use. Required.")
118136
if err := cmd.MarkFlagRequired("trust-anchor-arn"); err != nil {
119137
return nil, fmt.Errorf("marking trust-anchor-arn flag as required: %w", err)

0 commit comments

Comments
 (0)