ISSUE-16 | Keyboard Interrupt handling

[angelofenoglio]

What

• Fix an issue where if the user cancels the execution for the MFA handling script in the OTP input step by spamming Ctrl + C instead of a single key press, the script panics. The execution of the script proceeds and it generates garbage instead of the correct credentials.
• Improve error reporting for assume-role related issues by displaying the assume-role operation full output but only upon failure.

Why

• Improve UX.

References

• Closes #16

Outcome:

user@workstation:~/project/apps-qa/us-east-1/k8s-eks/cluster$ leverage -v tf plan
[18:00:55.001] DEBUG    Found config file /home/user/project/build.env                                                                                                   
[18:00:55.017] DEBUG    Container configuration:                                                                                                                                                    
                        {                                                                                                                                                                           
                          "image": "binbash/leverage-toolbox:1.2.7-0.1.2",                                                                                                                          
                          "command": "",                                                                                                                                                            
                          "stdin_open": true,                                                                                                                                                       
                          "environment": {                                                                                                                                                          
                            "COMMON_CONFIG_FILE": "/project/config/common.tfvars",                                                                                                                     
                            "ACCOUNT_CONFIG_FILE": "/project/apps-qa/config/account.tfvars",                                                                                                           
                            "BACKEND_CONFIG_FILE": "/project/apps-qa/config/backend.tfvars",                                                                                                           
                            "AWS_SHARED_CREDENTIALS_FILE": "/root/tmp/project/credentials",                                                                                                            
                            "AWS_CONFIG_FILE": "/root/tmp/project/config",                                                                                                                             
                            "SRC_AWS_SHARED_CREDENTIALS_FILE": "/root/tmp/project/credentials",                                                                                                        
                            "SRC_AWS_CONFIG_FILE": "/root/tmp/project/config",                                                                                                                         
                            "AWS_CACHE_DIR": "/root/tmp/project/cache",                                                                                                                                
                            "SSO_CACHE_DIR": "/root/tmp/project/sso/cache",                                                                                                                            
                            "SCRIPT_LOG_LEVEL": 3,                                                                                                                                                  
                            "MFA_SCRIPT_LOG_LEVEL": 3                                                                                                                                               
                          },                                                                                                                                                                        
                          "entrypoint": "/bin/terraform",                                                                                                                                           
                          "working_dir": "/project/apps-qa/us-east-1/k8s-eks/cluster",                                                                                                                 
                          "host_config": {                                                                                                                                                          
                            "NetworkMode": "default",                                                                                                                                               
                            "SecurityOpt": [                                                                                                                                                        
                              "label:disable"                                                                                                                                                       
                            ],                                                                                                                                                                      
                            "Mounts": [                                                                                                                                                             
                              {                                                                                                                                                                     
                                "Target": "/project",                                                                                                                                                  
                                "Source": "/home/user/project",                                                                                                          
                                "Type": "bind",                                                                                                                                                     
                                "ReadOnly": false                                                                                                                                                   
                              },                                                                                                                                                                    
                              {                                                                                                                                                                     
                                "Target": "/root/tmp/project",                                                                                                                                         
                                "Source": "/home/user/.aws/project",                                                                                                                                 
                                "Type": "bind",                                                                                                                                                     
                                "ReadOnly": false                                                                                                                                                   
                              },                                                                                                                                                                    
                              {                                                                                                                                                                     
                                "Target": "/root/.ssh",                                                                                                                                             
                                "Source": "/home/user/.ssh",                                                                                                                                      
                                "Type": "bind",                                                                                                                                                     
                                "ReadOnly": false                                                                                                                                                   
                              },                                                                                                                                                                    
                              {                                                                                                                                                                     
                                "Target": "/etc/gitconfig",                                                                                                                                         
                                "Source": "/home/user/.gitconfig",                                                                                                                                
                                "Type": "bind",                                                                                                                                                     
                                "ReadOnly": false                                                                                                                                                   
                              }                                                                                                                                                                     
                            ]                                                                                                                                                                       
                          }                                                                                                                                                                         
                        }                                                                                                                                                                           
[18:00:55.051] DEBUG    Checking for layer /home/user/project/apps-qa/us-east-1/k8s-eks/cluster...                                                                       
[18:00:55.060] DEBUG    Checking layer /home/user/project/apps-qa/us-east-1/k8s-eks/cluster...                                                                           
[18:00:55.061] DEBUG    Running with entrypoint: /root/scripts/aws-mfa/aws-mfa-entrypoint.sh -- /bin/terraform                                                                                      
[18:00:55.063] DEBUG    Running command: plan -var-file=/project/config/common.tfvars -var-file=/project/apps-qa/config/account.tfvars -var-file=/project/apps-qa/config/backend.tfvars                      
                        -var="region=us-east-1"                                                                                                                                                     
[21:00:55]   DEBUG      BACKEND_CONFIG_FILE=/project/apps-qa/config/backend.tfvars
[21:00:55]   DEBUG      SRC_AWS_CONFIG_FILE=/root/tmp/project/config
[21:00:55]   DEBUG      SRC_AWS_SHARED_CREDENTIALS_FILE=/root/tmp/project/credentials
[21:00:55]   DEBUG      TF_AWS_CONFIG_FILE=/root/.aws/project/config
[21:00:55]   DEBUG      TF_AWS_SHARED_CREDENTIALS_FILE=/root/.aws/project/credentials
[21:00:55]   DEBUG      AWS_REGION=us-east-1
[21:00:55]   DEBUG      AWS_OUTPUT=json
[21:00:55]   INFO       MFA: Found 2 profile/s
[21:00:55]   INFO       MFA: Attempting to get temporary credentials for profile project-apps-qa-devops
[21:00:56]   DEBUG      MFA_ROLE_ARN=arn:aws:iam::XXXXXXXXXXXX:role/DevOps
[21:00:56]   DEBUG      MFA_SERIAL_NUMBER=arn:aws:iam::XXXXXXXXXXXX:mfa/user.name
[21:00:57]   DEBUG      MFA_PROFILE_NAME=project-security
[21:00:57]   DEBUG      TEMP_FILE=/root/tmp/project/cache/project-apps-qa-devops
vvvvvvvvvvvvvvvvvvvv Correct role assumption vvvvvvvvvvvvvvvvvvvvv
MFA: Please type in your OTP: 408481
[21:01:02]   DEBUG      MFA_TOKEN_CODE=408481
[21:01:06]   DEBUG      OTP_FAILED=false
[21:01:06]   DEBUG      RETRIES_COUNT=1
[21:01:06]   DEBUG      AWS_ACCESS_KEY_ID=ASIA**************
[21:01:06]   DEBUG      AWS_SECRET_ACCESS_KEY=E1sH**************
[21:01:06]   DEBUG      AWS_SESSION_TOKEN=FwoG**************
[21:01:08]   INFO       MFA: Credentials written succesfully!
vvvvvvvvvvvvvvvvvvvvv Invalid MFA Token vvvvvvvvvvvvvvvvvvvvv
[21:01:08]   INFO       MFA: Attempting to get temporary credentials for profile project-shared-devops
[21:01:09]   DEBUG      MFA_ROLE_ARN=arn:aws:iam::XXXXXXXXXXXX:role/DevOps
[21:01:09]   DEBUG      MFA_SERIAL_NUMBER=arn:aws:iam::XXXXXXXXXXXX:mfa/user.name
[21:01:10]   DEBUG      MFA_PROFILE_NAME=project-security
[21:01:10]   DEBUG      TEMP_FILE=/root/tmp/project/cache/project-shared-devops
MFA: Please type in your OTP: 408481
[21:01:26]   DEBUG      MFA_TOKEN_CODE=408481
[21:01:29]   INFO       Unable to get valid credentials. Let's try again...
[21:01:29]   DEBUG      MFA_ASSUME_ROLE_OUTPUT=
An error occurred (AccessDenied) when calling the AssumeRole operation: MultiFactorAuthentication failed with invalid MFA one time pass code. 
[21:01:29]   DEBUG      OTP_FAILED=true
[21:01:29]   DEBUG      RETRIES_COUNT=1
vvvvvvvvvvvvvvvvvvvvv Empty MFA Token vvvvvvvvvvvvvvvvvvvvv
MFA: Please type in your OTP: 
[21:01:37]   DEBUG      MFA_TOKEN_CODE=
[21:01:40]   INFO       Invalid token length, it must be 6 digits long. Let's try again...
[21:01:40]   DEBUG      MFA_ASSUME_ROLE_OUTPUT=
Parameter validation failed:
Invalid length for parameter TokenCode, value: 0, valid min length: 6
[21:01:40]   DEBUG      OTP_FAILED=true
[21:01:40]   DEBUG      RETRIES_COUNT=2
vvvvvvvvvvvvvvvvvvvvv Spam Ctrl + C vvvvvvvvvvvvvvvvvvvvv
MFA: Please type in your OTP: ^C
[21:01:43]   ERROR      Aborted!
^C
Aborted!

Here we can se a successfull role assumption, followed by an already used MFA token, an empty token input and finally Ctrl+C spamming all being correctly handled

[angelofenoglio]

Also, it seems that the 3 tries limit hasn't been working for a while, now it's fixed:

user@workstation:~/project/apps-qa/us-east-1/k8s-eks/cluster$ leverage tf plan
[21:00:17]   INFO       MFA: Found 2 profile/s
[21:00:17]   INFO       MFA: Attempting to get temporary credentials for profile project-apps-qa-devops
MFA: Please type in your OTP: 
[21:00:22]   INFO       Invalid token length, it must be 6 digits long. Let's try again...
MFA: Please type in your OTP: 
[21:00:28]   INFO       Invalid token length, it must be 6 digits long. Let's try again...
MFA: Please type in your OTP: 
[21:00:32]   INFO       Invalid token length, it must be 6 digits long. Let's try again...
[21:00:32]   ERROR      Unable to get valid credentials after 3 attempts