From e96f6c1f24ab3a1edce39b74399f6137638cb3d8 Mon Sep 17 00:00:00 2001 From: Scott Brown Date: Wed, 5 Mar 2025 23:09:05 -0700 Subject: [PATCH 1/3] Adding the ability to filter the account list. Closes #225 --- cmd/constants.go | 2 ++ cmd/flags.go | 2 ++ cmd/init.go | 2 ++ cmd/rootCmd.go | 32 ++++++++++++++++++++++++++++++++ 4 files changed, 38 insertions(+) diff --git a/cmd/constants.go b/cmd/constants.go index 9876703..7f464bf 100644 --- a/cmd/constants.go +++ b/cmd/constants.go @@ -28,6 +28,8 @@ const ( FlagSSOFriendlyName string = "sso-friendly-name" FlagCheckUpdate string = "check-update" FlagListAccounts string = "list-accounts" + FlagIncludeAccounts string = "include-accounts" + FlagExcludeAccounts string = "exclude-accounts" ) // Default output filename if no filename is specified diff --git a/cmd/flags.go b/cmd/flags.go index 0ad8aa9..da0dd76 100644 --- a/cmd/flags.go +++ b/cmd/flags.go @@ -11,4 +11,6 @@ var ( permissions bool // Flag to print the permissions needed and exit checkUpdate bool // Flag to check if an update is available listAccounts bool // Only list AWS accounts found + includeAccounts string // Comma-separated list of accounts to include + excludeAccounts string // Comma-separated list of accounts to exclude ) diff --git a/cmd/init.go b/cmd/init.go index 3255713..2e8a523 100644 --- a/cmd/init.go +++ b/cmd/init.go @@ -72,6 +72,8 @@ func init() { rootCmd.PersistentFlags().StringVar(&ssoFriendlyName, FlagSSOFriendlyName, "", "Use this instead of the identity store ID for the start URL") rootCmd.PersistentFlags().BoolVar(&checkUpdate, FlagCheckUpdate, false, "Check if a newer version of the tool is available") rootCmd.PersistentFlags().BoolVar(&listAccounts, FlagListAccounts, false, "List all available AWS accounts") + rootCmd.PersistentFlags().StringVarP(&includeAccounts, FlagIncludeAccounts, "", "", "Include only these comma-separated accounts") + rootCmd.PersistentFlags().StringVarP(&excludeAccounts, FlagExcludeAccounts, "", "", "Exclude these comma-separated accounts") rootCmd.PreRunE = func(cmd *cobra.Command, args []string) error { if permissions || checkUpdate || listAccounts { diff --git a/cmd/rootCmd.go b/cmd/rootCmd.go index b05b701..c2ded24 100644 --- a/cmd/rootCmd.go +++ b/cmd/rootCmd.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "os" + "strings" "github.com/scottbrown/setlist" @@ -130,12 +131,23 @@ func buildProfiles( ) ([]setlist.Profile, error) { profiles := []setlist.Profile{} + includedAccounts := buildIncludedAccounts() + excludedAccounts := buildExcludedAccounts() + for _, account := range accounts { if account.Id == nil { fmt.Fprintf(os.Stderr, "Warning: Found account with nil ID, skipping\n") continue } + if !includedAccounts.Contains(*account.Id) { + continue + } + + if excludedAccounts.Contains(*account.Id) { + continue + } + permissionSets, err := setlist.PermissionSets(ctx, ssoClient, *instance.InstanceArn, *account.Id) if err != nil { return nil, fmt.Errorf("failed to list permission sets for account %s: %w", *account.Id, err) @@ -208,3 +220,23 @@ func displayAccounts(accounts []orgtypes.Account) error { return nil } + +type AccountsFilter []string + +func buildIncludedAccounts() AccountsFilter { + return strings.Split(includeAccounts, ",") +} + +func buildExcludedAccounts() AccountsFilter { + return strings.Split(excludeAccounts, ",") +} + +func (a AccountsFilter) Contains(id string) bool { + for _, i := range a { + if i == id { + return true + } + } + + return false +} From bb39a29147957d61a0bda71f9bbde6e06976d520 Mon Sep 17 00:00:00 2001 From: Scott Brown Date: Wed, 5 Mar 2025 23:11:23 -0700 Subject: [PATCH 2/3] Updating README with new flags --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4dd0c60..14b5efb 100644 --- a/README.md +++ b/README.md @@ -120,7 +120,9 @@ By supplying a `--mapping` flag with a comma-delimited list of key=value pairs c |--output|-o|Output file path (default: ./aws.config)|No| |--stdout||Write config to stdout instead of a file|No| |--sso-friendly-name||Alternative name for the SSO start URL|No| -|--list-accounts|Lists all available AWS accounts| +|--list-accounts|Lists all available AWS accounts|No| +|--include-accounts|Includes only these comma-separated account IDs in the output|No| +|--exclude-accounts|Exclude these comma-separated account IDs from the output|No| ## Generated Config Format From f91039916edcf0e2397913546ddffac8ccba653f Mon Sep 17 00:00:00 2001 From: Scott Brown Date: Wed, 5 Mar 2025 23:16:18 -0700 Subject: [PATCH 3/3] Fixing bug in including accounts --- cmd/rootCmd.go | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/cmd/rootCmd.go b/cmd/rootCmd.go index c2ded24..858c980 100644 --- a/cmd/rootCmd.go +++ b/cmd/rootCmd.go @@ -131,7 +131,7 @@ func buildProfiles( ) ([]setlist.Profile, error) { profiles := []setlist.Profile{} - includedAccounts := buildIncludedAccounts() + includedAccounts := buildIncludedAccounts(accounts) excludedAccounts := buildExcludedAccounts() for _, account := range accounts { @@ -223,11 +223,23 @@ func displayAccounts(accounts []orgtypes.Account) error { type AccountsFilter []string -func buildIncludedAccounts() AccountsFilter { +func buildIncludedAccounts(accounts []orgtypes.Account) AccountsFilter { + if includeAccounts == "" { + var x AccountsFilter + for _, i := range accounts { + x = append(x, *i.Id) + } + return x + } + return strings.Split(includeAccounts, ",") } func buildExcludedAccounts() AccountsFilter { + if includeAccounts == "" { + return AccountsFilter{} + } + return strings.Split(excludeAccounts, ",") }