diff --git a/authmate/authmate.go b/authmate/authmate.go index 7f4dd5a39..a8aa928c2 100644 --- a/authmate/authmate.go +++ b/authmate/authmate.go @@ -8,6 +8,7 @@ import ( "fmt" "io" "math" + "os" "strconv" "time" @@ -57,6 +58,7 @@ type ( ContextRules []byte SessionTkn bool Lifetime uint64 + AwsCliCredentialsFile string ContainerPolicies ContainerPolicies } @@ -241,7 +243,26 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr enc := json.NewEncoder(w) enc.SetIndent("", " ") - return enc.Encode(ir) + if err = enc.Encode(ir); err != nil { + return err + } + + if options.AwsCliCredentialsFile != "" { + profileName := "authmate_cred_" + address.ObjectID().String() + if _, err = os.Stat(options.AwsCliCredentialsFile); os.IsNotExist(err) { + profileName = "default" + } + file, err := os.OpenFile(options.AwsCliCredentialsFile, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0600) + if err != nil { + return fmt.Errorf("couldn't open aws cli credentials file: %w", err) + } + defer file.Close() + if _, err = file.WriteString(fmt.Sprintf("\n[%s]\naws_access_key_id = %s\naws_secret_access_key = %s\n", + profileName, accessKeyID, secrets.AccessKey)); err != nil { + return err + } + } + return nil } // ObtainSecret receives an existing secret access key from NeoFS and diff --git a/cmd/authmate/main.go b/cmd/authmate/main.go index 3e562d4a9..59c5fff12 100644 --- a/cmd/authmate/main.go +++ b/cmd/authmate/main.go @@ -47,6 +47,7 @@ var ( sessionTokenFlag bool lifetimeFlag uint64 containerPolicies string + awcCliCredFile string ) const ( @@ -209,6 +210,12 @@ func issueSecret() *cli.Command { Required: false, Destination: &containerPolicies, }, + &cli.StringFlag{ + Name: "aws-cli-credentials", + Usage: "path to the aws cli credential file", + Required: false, + Destination: &awcCliCredFile, + }, }, Action: func(c *cli.Context) error { ctx, log := prepare() @@ -264,6 +271,7 @@ func issueSecret() *cli.Command { ContainerPolicies: policies, SessionTkn: sessionTokenFlag, Lifetime: lifetimeFlag, + AwsCliCredentialsFile: awcCliCredFile, } if err = agent.IssueSecret(ctx, os.Stdout, issueSecretOptions); err != nil {