Repository files navigation

Weep is a CLI utility for retreiving AWS credentials fromConsoleMe. Weep can runa local instance metadata service proxy, or export credentials as environment variables for your AWS needs.

This README contains developer documentation. Weep user documentation can be found onGitBook.

Weep can be compiled with an embedded configuration (See the Building section below), or it can get its configurationfrom a YAML-formatted file. We've included an example config file inexample-config.yaml.

Weep searches for a configuration in the following locations:

• embedded configuration (see below)
• /etc/weep/weep.yaml
• ~/.weep/weep.yaml
• ./weep.yaml

Multiple configurations in these locationswill be merged in the order listed above (e.g. entries in./weep.yaml will take precedence over~/.weep/weep.yaml.

You can also specify a config file as a CLI arg. This configuration will be used exclusively and will not be merged with other configurations:

weep --config somethingdifferent.yaml list

Weep supports authenticating to ConsoleMe in either a standalone challenge mode (ConsoleMe will authenticate the useraccording to its settings), or mutual TLS (ConsoleMe has to be configured to accept mutual TLS).

In challenge mode, Weep will prompt the user for their username the first time they authenticate, and then attempt toderive their username from their valid/expired jwt on subsequent attempts. You can also specify the desired usernamein weep's configuration under thechallenge_settings.user setting as seen inexample-config.yaml.

Weep uses pre-commit to run unit tests and Go linting. Pre-commit documentation can be found onpre-commit

You can install pre-commit using the following steps:

Using pip:

pip install pre-commit

Usinghomebrew:

brew install pre-commit

UsingConda:

conda install -c conda-forge pre-commit

Validate your installation with the following:

$ pre-commit --versionpre-commit 2.9.3

Set up the git hook scripts to run automatically with git commit

$ pre-commit installpre-commit installed at .git/hooks/pre-commit

In most cases,weep can be built by running themake command in the repository root.make release (requiresupx) will build and compress the binary for distribution.

weep binaries can be shipped with an embedded configuration to allow shipping an "all-in-one" binary.An example of such a configuration is included inexample-config.yaml.

To compile with an embedded config, set theEMBEDDED_CONFIG_FILE environment variable atbuild time. The value of this variable MUST be theabsolute path of the configurationfilerelative to the root of the module:

EMBEDDED_CONFIG_FILE=/example-config.yaml make

Note that the embedded configuration can be overridden by a configuration file in the locations listed above.

make build-dockerdocker run -v ~</optional/path/to/your/mtls/certs>:</optional/path/to/your/mtls/certs> --rm weep --meta-data --role <roleArn>

Weep usesgoreleaser in Github Actions for releases. Check theirinstall docs if you would like to experiment with the release process locally.

To create a new release, create and push a tag using the release script (requiressvu):

./scripts/release.sh

Goreleaser will automatically create a release on theReleases page.

Weep has a built-in command to generate command documentation (in thedocs/ directory):

weep docs