[breaking] Temporarily remove the AWS MFA code path (#30)

[breaking] Temporarily remove the AWS MFA code pathNeed a better story around this, especially with AWS now supporting yubikeys. For now - disable it.
chanzuckerberg · Sep 26, 2018 · cebe8bc · cebe8bc
1 parent f5c03e5
commit cebe8bc
Show file tree

Hide file tree

Showing 35 changed files with 573 additions and 185 deletions.
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/cmd/run.go b/cmd/run.go
@@ -4,7 +4,6 @@ import (
 	"context"
 
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
 	"github.com/aws/aws-sdk-go/aws/session"
 	bless "github.com/chanzuckerberg/blessclient/pkg/bless"
@@ -15,6 +14,7 @@ import (
 	kmsauth "github.com/chanzuckerberg/go-kmsauth"
 	cziAWS "github.com/chanzuckerberg/go-misc/aws"
 	"github.com/davecgh/go-spew/spew"
+	"github.com/google/uuid"
 	multierror "github.com/hashicorp/go-multierror"
 	beeline "github.com/honeycombio/beeline-go"
 	homedir "github.com/mitchellh/go-homedir"
@@ -33,7 +33,15 @@ var runCmd = &cobra.Command{
 	Short:         "run requests a certificate",
 	SilenceErrors: true,
 	RunE: func(cmd *cobra.Command, args []string) error {
+		id, err := uuid.NewUUID()
+		if err != nil {
+			// Just for telemetry so ignore errors
+			log.Debugf("Failed to generate UUID with error %s", err.Error())
+		}
+
 		log.Debugf("Running blessclient v%s", util.VersionCacheKey())
+		log.Debugf("RunID: %s", id.String())
+
 		ctx := context.Background()
 		configFile, err := cmd.Flags().GetString("config")
 		if err != nil {
@@ -67,6 +75,7 @@ var runCmd = &cobra.Command{
 		defer beeline.Flush(ctx)
 
 		ctx, span := beeline.StartSpan(ctx, cmd.Use)
+		span.AddTraceField(telemetry.FieldID, id.String())
 		span.AddTraceField(telemetry.FieldBlessclientVersion, util.VersionCacheKey())
 		span.AddTraceField(telemetry.FieldBlessclientGitSha, util.GitSha)
 		span.AddTraceField(telemetry.FieldBlessclientRelease, util.Release)
@@ -119,15 +128,8 @@ func getAWSClient(ctx context.Context, conf *config.Config, sess *session.Sessio
 	ctx, span := beeline.StartSpan(ctx, "get_aws_client")
 	defer span.Send()
 	// for things meant to be run as a user
-	mfaTokenProvider := util.TokenProvider("AWS MFA token:")
-	awsUserSessionProviderConf := &aws.Config{
-		Region: aws.String(region.AWSRegion),
-	}
-	awsSessionProviderClient := cziAWS.New(sess).WithAllServices(awsUserSessionProviderConf)
-	awsSessionTokenProvider := cziAWS.NewUserTokenProvider(conf.GetAWSSessionCachePath(), awsSessionProviderClient, mfaTokenProvider)
 	userConf := &aws.Config{
-		Region:      aws.String(region.AWSRegion),
-		Credentials: credentials.NewCredentials(awsSessionTokenProvider),
+		Region: aws.String(region.AWSRegion),
 	}
 	// for things meant to be run as an assumed role
 	roleConf := &aws.Config{

diff --git a/pkg/telemetry/telemetry.go b/pkg/telemetry/telemetry.go
@@ -7,6 +7,7 @@ const (
 	FieldBlessclientRelease = "blessclient.release"
 	FieldBlessclientDirty   = "blessclient.dirty"
 
+	FieldID        = "id"
 	FieldRegion    = "aws_region"
 	FieldError     = "error"
 	FieldUser      = "user"

diff --git a/pkg/util/token_provider.go b/pkg/util/token_provider.go
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go