Add option to supply mfa token in command line

mansurpasha · mansurpasha · commit 0442107c3822 · 2020-05-12T16:41:06.000+01:00
diff --git a/src/CLIMain.js b/src/CLIMain.js
@@ -188,7 +188,11 @@ class Main {
   }
 
   init() {
-    const creds = getAWSCredentials(this.program.profile, this.screen);
+    const creds = getAWSCredentials(
+      this.program.profile,
+      this.program,
+      this.screen
+    );
 
     return creds
       .getPromise()
diff --git a/src/guardian/index.js b/src/guardian/index.js
@@ -20,7 +20,12 @@ const failTitleLog = chalk.redBright.underline.bold;
 
 class GuardianCI {
   constructor(program) {
-    AWS.config.credentials = getAWSCredentials(program.profile);
+    AWS.config.credentials = getAWSCredentials(
+      program.profile,
+      program,
+      null,
+      true
+    );
     if (program.region) {
       AWS.config.region = program.region;
     }
diff --git a/src/index.js b/src/index.js
@@ -30,6 +30,7 @@ program
   .option("--sls", "use the serverless framework to execute commands")
   .option("--sam", "use the SAM framework to execute commands")
   .option("-c, --ci", "ci mode for sls-dev-guardian checks")
+  .option("--mfa <mfa>", "mfa token for profiles with mfa authentication")
   .parse(process.argv);
 
 program.location = program.location || process.cwd();
diff --git a/src/services/awsCredentials.js b/src/services/awsCredentials.js
@@ -2,12 +2,25 @@ import AWS from "aws-sdk";
 
 import { promptMfaModal } from "../modals";
 
-function getAWSCredentials(profile, screen) {
+function getAWSCredentials(profile, program, screen, isGuardian = false) {
+  let codeFn;
+  if (program.mfa) {
+    const token = program.mfa;
+    codeFn = (serial, callback) => callback(null, token);
+  } else if (!isGuardian) {
+    codeFn = (serial, callback) => promptMfaModal(callback, screen);
+  } else {
+    codeFn = () =>
+      console.error(
+        "In-tool mfa authentication isn't supported for guardian. Please provide your mfa token via the --mfa option"
+      );
+  }
+
   if (profile) {
     process.env.AWS_SDK_LOAD_CONFIG = 1;
     return new AWS.SharedIniFileCredentials({
       profile,
-      tokenCodeFn: (serial, callback) => promptMfaModal(callback, screen),
+      tokenCodeFn: codeFn,
       callback: (err) => {
         if (err) {
           console.error(`SharedIniFileCreds Error: ${err}`);
@@ -25,7 +38,7 @@ function getAWSCredentials(profile, screen) {
   if (process.env.AWS_PROFILE) {
     return new AWS.SharedIniFileCredentials({
       profile: process.env.AWS_PROFILE,
-      tokenCodeFn: (serial, callback) => promptMfaModal(callback, screen),
+      tokenCodeFn: codeFn,
       callback: (err) => {
         if (err) {
           console.error(`SharedIniFileCreds Error: ${err}`);
