fix: address some minor issues (#13)

* fix: address some minor issues

* fix: windows domain joined user

removes `\` from domain name

+semver: feature

* fix: remove needless output

* fix: remove commented out
[revert]: once able to capture the PPID of chromium then should delete it

Author: dnitsch

Makefile

@@ -32,8 +32,13 @@ clean:
 
 .PHONY: cross-build
 
-cross-build:
-	for os in darwin linux windows; do \
+build-win: 
+	for arch in amd64 386; do \
+		GOOS=$$os GOARCH=$$arch CGO_ENABLED=0 go build -mod=readonly -buildvcs=false $(LDFLAGS) -o dist/$(NAME)-$$os-$$arch .; \
+	done
+
+cross-build: build-win
+	for os in darwin linux; do \
 		GOOS=$$os CGO_ENABLED=0 go build -mod=readonly -buildvcs=false $(LDFLAGS) -o dist/$(NAME)-$$os .; \
 	done
 

cmd/clear.go

@@ -26,8 +26,6 @@ func init() {
 
 func clear(cmd *cobra.Command, args []string) error {
 
-	web := web.New(web.NewWebConf(datadir))
-
 	secretStore, err := credentialexchange.NewSecretStore("",
 		fmt.Sprintf("%s-%s", credentialexchange.SELF_NAME, credentialexchange.RoleKeyConverter("")),
 		os.TempDir(), "")
@@ -36,11 +34,14 @@ func clear(cmd *cobra.Command, args []string) error {
 	}
 
 	if force {
-		if err := web.ClearCache(); err != nil {
+		w := &web.Web{}
+		w.WithConfig(web.NewWebConf(datadir))
+		if err := w.ClearCache(); err != nil {
 			return err
 		}
 		fmt.Fprint(os.Stderr, "Chromium Cache cleared")
 	}
+
 	secretStore.ClearAll()
 
 	if err := os.Remove(credentialexchange.ConfigIniFile("")); err != nil {

cmd/saml.go

@@ -69,7 +69,7 @@ func getSaml(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-
+	allRoles := credentialexchange.InsertRoleIntoChain(role, roleChain)
 	conf := credentialexchange.CredentialConfig{
 		ProviderUrl:  providerUrl,
 		PrincipalArn: principalArn,
@@ -81,28 +81,35 @@ func getSaml(cmd *cobra.Command, args []string) error {
 		BaseConfig: credentialexchange.BaseConfig{
 			StoreInProfile:       storeInProfile,
 			Role:                 role,
-			RoleChain:            credentialexchange.InsertRoleIntoChain(role, roleChain),
+			RoleChain:            allRoles,
 			Username:             user.Username,
 			CfgSectionName:       cfgSectionName,
 			DoKillHangingProcess: killHangingProcess,
 			ReloadBeforeTime:     reloadBeforeTime,
 		},
 	}
 
+	saveRole := ""
 	if isSso {
 		sr := strings.Split(ssoRole, ":")
 		if len(sr) != 2 {
 			return fmt.Errorf("incorrectly formatted role for AWS SSO - must only be ACCOUNT:ROLE_NAME")
 		}
+		saveRole = ssoRole
+
 		conf.SsoUserEndpoint = fmt.Sprintf("https://portal.sso.%s.amazonaws.com/user", conf.SsoRegion)
 		conf.SsoCredFedEndpoint = fmt.Sprintf("https://portal.sso.%s.amazonaws.com/federation/credentials/", conf.SsoRegion) + fmt.Sprintf("?account_id=%s&role_name=%s&debug=true", sr[0], sr[1])
 	}
 
 	datadir := path.Join(credentialexchange.HomeDir(), fmt.Sprintf(".%s-data", credentialexchange.SELF_NAME))
 	os.MkdirAll(datadir, 0755)
 
-	secretStore, err := credentialexchange.NewSecretStore(conf.BaseConfig.Role,
-		fmt.Sprintf("%s-%s", credentialexchange.SELF_NAME, credentialexchange.RoleKeyConverter(conf.BaseConfig.Role)),
+	if len(allRoles) > 0 {
+		saveRole = allRoles[len(allRoles)-1]
+	}
+
+	secretStore, err := credentialexchange.NewSecretStore(saveRole,
+		fmt.Sprintf("%s-%s", credentialexchange.SELF_NAME, credentialexchange.RoleKeyConverter(saveRole)),
 		os.TempDir(), user.Username)
 	if err != nil {
 		return err

internal/credentialexchange/credentialexchange.go

@@ -176,7 +176,7 @@ func assumeRoleWithCreds(ctx context.Context, currentCreds *AWSCredentials, svc
 	})
 
 	if err != nil {
-		return nil, fmt.Errorf("failed to retrieve STS credentials using Role Provided, %w", ErrUnableAssume)
+		return nil, fmt.Errorf("failed to retrieve STS credentials using Role Provided: %s, %w", err, ErrUnableAssume)
 	}
 
 	return &AWSCredentials{

internal/credentialexchange/helper.go

@@ -7,6 +7,7 @@ import (
 	"log"
 	"os"
 	"path"
+	"strings"
 	"time"
 
 	ini "gopkg.in/ini.v1"
@@ -36,7 +37,7 @@ func ConfigIniFile(basePath string) string {
 }
 
 func SessionName(username, selfName string) string {
-	return fmt.Sprintf("%s-%s", username, selfName)
+	return fmt.Sprintf("%s-%s", strings.ReplaceAll(username, `\`, "--"), selfName)
 }
 
 func InsertRoleIntoChain(role string, roleChain []string) []string {

internal/credentialexchange/secret.go

@@ -140,8 +140,13 @@ func (s *SecretStore) save() error {
 	if err != nil {
 		return err
 	}
+
 	defer release()
 
+	if err := WriteIniSection(s.roleArn); err != nil {
+		return err
+	}
+
 	return s.keyring.Set(s.secretService, s.secretUser, s.AWSCredJson)
 }
 
@@ -154,8 +159,6 @@ func (s *SecretStore) AWSCredential() (*AWSCredentials, error) {
 		return nil, nil
 	}
 
-	fmt.Fprintf(os.Stderr, "Got credential from OS secret store for %s", s.roleArn)
-
 	return s.AWSCredentials, nil
 }
 

internal/web/web.go

@@ -74,12 +74,17 @@ func New(conf *WebConfig) *Web {
 	}
 }
 
+func (web *Web) WithConfig(conf *WebConfig) *Web {
+	web.conf = conf
+	return web
+}
+
 // GetSamlLogin performs a saml login for a given
 func (web *Web) GetSamlLogin(conf credentialexchange.CredentialConfig) (string, error) {
 
 	// close browser even on error
 	// should cover most cases even with leakless: false
-	defer web.browser.MustClose()
+	defer web.MustClose()
 
 	web.browser.MustPage(conf.ProviderUrl)
 
@@ -116,7 +121,7 @@ func (web *Web) GetSamlLogin(conf credentialexchange.CredentialConfig) (string,
 // GetSSOCredentials
 func (web *Web) GetSSOCredentials(conf credentialexchange.CredentialConfig) (string, error) {
 
-	defer web.browser.MustClose()
+	defer web.MustClose()
 
 	web.browser.MustPage(conf.ProviderUrl)
 
@@ -163,6 +168,13 @@ func (web *Web) GetSSOCredentials(conf credentialexchange.CredentialConfig) (str
 	}
 }
 
+func (web *Web) MustClose() {
+	err := web.browser.Close()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "%s", err)
+	}
+}
+
 func (web *Web) ClearCache() error {
 	errs := []error{}