Merge pull request #176 from wiz-sec/guy/server-and-expiry

Guy/server and expiry

Author: grzn

cli/add.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"time"
 
 	"github.com/99designs/aws-vault/v7/prompt"
 	"github.com/99designs/aws-vault/v7/vault"
@@ -50,7 +51,8 @@ func ConfigureAddCommand(app *kingpin.Application, a *AwsVault) {
 }
 
 func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *vault.ConfigFile) error {
-	var accessKeyID, secretKey, sessionToken string
+	var accessKeyID, secretKey, sessionToken, expiration string
+	var expires time.Time
 
 	p, _ := awsConfigFile.ProfileSection(input.ProfileName)
 	if p.SourceProfile != "" {
@@ -68,6 +70,15 @@ func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *v
 		if sessionToken = os.Getenv("AWS_SESSION_TOKEN"); sessionToken == "" {
 			return fmt.Errorf("Missing value for AWS_SESSION_TOKEN")
 		}
+		if expiration = os.Getenv("EXPIRATION"); expiration == "" {
+			return fmt.Errorf("Missing value for EXPIRATION")
+		}
+
+		var err error
+		expires, err = time.Parse(time.RFC3339, expiration)
+		if err != nil {
+			return fmt.Errorf("Error parsing EXPIRATION: %w", err)
+		}
 	} else {
 		var err error
 		if accessKeyID, err = prompt.TerminalPrompt("Enter Access Key ID: "); err != nil {
@@ -78,7 +89,7 @@ func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *v
 		}
 	}
 
-	creds := aws.Credentials{AccessKeyID: accessKeyID, SecretAccessKey: secretKey, SessionToken: sessionToken}
+	creds := aws.Credentials{AccessKeyID: accessKeyID, SecretAccessKey: secretKey, SessionToken: sessionToken, Expires: expires}
 
 	ckr := &vault.CredentialKeyring{Keyring: keyring}
 	if err := ckr.Set(input.ProfileName, creds); err != nil {

cli/exec.go

@@ -43,9 +43,6 @@ func (input ExecCommandInput) validate() error {
 	if input.StartEc2Server && input.JSONDeprecated {
 		return fmt.Errorf("Can't use --ec2-server with --json")
 	}
-	if input.StartEc2Server && input.NoSession {
-		return fmt.Errorf("Can't use --ec2-server with --no-session")
-	}
 	if input.StartEcsServer && input.JSONDeprecated {
 		return fmt.Errorf("Can't use --ecs-server with --json")
 	}