cli: fix broken --assume-profile functionality

go.mod

@@ -6,20 +6,22 @@ require (
 	github.com/99designs/aws-vault/v6 v6.2.0
 	github.com/aws/aws-sdk-go-v2 v1.26.1
 	github.com/aws/aws-sdk-go-v2/config v1.27.12
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.12
 	github.com/aws/aws-sdk-go-v2/service/ssm v1.50.1
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.7
 	github.com/aws/smithy-go v1.20.2
 	github.com/micvbang/go-helpy v0.1.7
 	github.com/prometheus/common v0.4.0
 	github.com/sirupsen/logrus v1.4.2
 	github.com/stretchr/testify v1.9.0
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
+	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/yaml.v2 v2.3.0
 )
 
 require (
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
 	github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.12 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect
@@ -28,7 +30,6 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.20.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.28.7 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect

go.sum

@@ -137,6 +137,8 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/ini.v1 v1.60.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

internal/cli/global.go

@@ -5,15 +5,21 @@ import (
 	"fmt"
 	"io"
 	builtinLog "log"
+	"os"
+	"path/filepath"
 
+	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
 	"github.com/aws/aws-sdk-go-v2/service/ssm"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
 	"github.com/micvbang/confman-go/pkg/confman"
 	"github.com/micvbang/confman-go/pkg/logger"
 	"github.com/micvbang/confman-go/pkg/storage"
 	"github.com/micvbang/confman-go/pkg/storage/parameterstore"
 	"github.com/sirupsen/logrus"
 	"gopkg.in/alecthomas/kingpin.v2"
+	"gopkg.in/ini.v1"
 )
 
 var GlobalFlags struct {
@@ -67,7 +73,18 @@ func ConfigureGlobals(app *kingpin.Application) logger.Logger {
 
 		awsCfg, err := config.LoadDefaultConfig(context.TODO())
 		if err != nil {
-			return fmt.Errorf("Failed to init aws config: %v", err)
+			return fmt.Errorf("failed to init aws config: %v", err)
+		}
+
+		if len(GlobalFlags.AssumeProfile) > 0 {
+			roleARN, err := getAWSProfileRoleARN(GlobalFlags.AssumeProfile)
+			if err != nil {
+				return err
+			}
+
+			stsClient := sts.NewFromConfig(awsCfg)
+			assumeRoleProvider := stscreds.NewAssumeRoleProvider(stsClient, roleARN)
+			awsCfg.Credentials = aws.NewCredentialsCache(assumeRoleProvider)
 		}
 
 		confman.ChamberCompatible = GlobalFlags.ChamberCompatible
@@ -79,3 +96,38 @@ func ConfigureGlobals(app *kingpin.Application) logger.Logger {
 
 	return log
 }
+
+func getAWSProfileRoleARN(profileName string) (string, error) {
+	homeDir, err := os.UserHomeDir()
+	if err != nil {
+		return "", fmt.Errorf("looking up homedir: %w", err)
+	}
+
+	awsConfigPath := filepath.Join(homeDir, ".aws/config")
+	f, err := ini.Load(awsConfigPath)
+	if err != nil {
+		return "", fmt.Errorf("reading aws config at '%s': %w", awsConfigPath, err)
+	}
+
+	profileNames := []string{
+		fmt.Sprintf("profile %s", profileName),
+		profileName,
+	}
+
+	const roleARNKey = "role_arn"
+
+	for _, profileName := range profileNames {
+		section := f.Section(profileName)
+		if section == nil {
+			continue
+		}
+		key := section.Key(roleARNKey)
+		if key == nil {
+			continue
+		}
+
+		return key.String(), nil
+	}
+
+	return "", fmt.Errorf("profile '%s' not found", profileName)
+}