From 340337f881575de6085d5afdc145bc589bc76c59 Mon Sep 17 00:00:00 2001
From: Rafael Grigorian <rafael@grigorian.org>
Date: Thu, 20 Jun 2024 00:07:11 -0500
Subject: [PATCH] Refreshing role expired role credentials on 'creds select'
 and 'creds last-used'

---
 internal/creds-last-used.go | 18 ++++++++++++++++++
 internal/creds-select.go    | 18 ++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/internal/creds-last-used.go b/internal/creds-last-used.go
index 1acd341..30a44ef 100644
--- a/internal/creds-last-used.go
+++ b/internal/creds-last-used.go
@@ -16,6 +16,24 @@ var credsLastUsedCmd = &cobra.Command{
 		if err != nil {
 			ExitWithError(1, "failed to get last used role", err)
 		}
+		if role.Credentials.IsExpired() {
+			sessions, err := credentials.GetSessions()
+			if err != nil {
+				ExitWithError(2, "failed to parse sso sessions", err)
+			}
+			session := sessions.FindByName(role.SessionName)
+			if session == nil {
+				ExitWithError(3, "failed to find sso session " + role.SessionName, err)
+			}
+			err = session.RefreshRoleCredentials(&role)
+			if err != nil {
+				ExitWithError(4, "failed to get credentials", err)
+			}
+			err = role.Credentials.Save(session.Name, role.CacheKey())
+			if err != nil {
+				ExitWithError(5, "failed to save credentials", err)
+			}
+		}
 		serialized, err := role.Credentials.ToJSON()
 		if err != nil {
 			ExitWithError(2, "failed to serialize role credentials", err)
diff --git a/internal/creds-select.go b/internal/creds-select.go
index 3631d84..c7eb72b 100644
--- a/internal/creds-select.go
+++ b/internal/creds-select.go
@@ -36,6 +36,24 @@ var credsSelectCmd = &cobra.Command{
 			ExitWithError(3, "failed to pick role credentials", err)
 		}
 		selectedRole := selection.Value.(credentials.Role)
+		if selectedRole.Credentials.IsExpired() {
+			sessions, err := credentials.GetSessions()
+			if err != nil {
+				ExitWithError(2, "failed to parse sso sessions", err)
+			}
+			session := sessions.FindByName(selectedRole.SessionName)
+			if session == nil {
+				ExitWithError(3, "failed to find sso session " + selectedRole.SessionName, err)
+			}
+			err = session.RefreshRoleCredentials(&selectedRole)
+			if err != nil {
+				ExitWithError(4, "failed to get credentials", err)
+			}
+			err = selectedRole.Credentials.Save(session.Name, selectedRole.CacheKey())
+			if err != nil {
+				ExitWithError(5, "failed to save credentials", err)
+			}
+		}
 		serialized, err := selectedRole.Credentials.ToJSON()
 		if err != nil {
 			ExitWithError(4, "failed to serialize role credentials", err)