refactor(cli): migrate from kingpin to cobra

Author: joshichintan

cli/add.go

@@ -6,10 +6,10 @@ import (
 	"os"
 
 	"github.com/byteness/keyring"
-	"github.com/alecthomas/kingpin/v2"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/byteness/aws-vault/v7/prompt"
 	"github.com/byteness/aws-vault/v7/vault"
+	"github.com/spf13/cobra"
 )
 
 type AddCommandInput struct {
@@ -18,35 +18,41 @@ type AddCommandInput struct {
 	AddConfig   bool
 }
 
-func ConfigureAddCommand(app *kingpin.Application, a *AwsVault) {
+func NewAddCommand(a *AwsVault) *cobra.Command {
 	input := AddCommandInput{}
 
-	cmd := app.Command("add", "Add credentials to the secure keystore.")
-
-	cmd.Arg("profile", "Name of the profile").
-		Required().
-		StringVar(&input.ProfileName)
+	cmd := &cobra.Command{
+		Use:   "add [profile]",
+		Short: "Add credentials to the secure keystore",
+		Long:  "Add credentials to the secure keystore",
+		Args:  cobra.ExactArgs(1),
+		ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+			if len(args) == 0 {
+				return a.CompleteProfileNames()(cmd, args, toComplete)
+			}
+			return nil, cobra.ShellCompDirectiveNoFileComp
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			input.ProfileName = args[0]
+			keyring, err := a.Keyring()
+			if err != nil {
+				return err
+			}
+			awsConfigFile, err := a.AwsConfigFile()
+			if err != nil {
+				return err
+			}
+			return AddCommand(input, keyring, awsConfigFile)
+		},
+	}
 
-	cmd.Flag("env", "Read the credentials from the environment (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY)").
-		BoolVar(&input.FromEnv)
+	// --env flag to read credentials from environment variables
+	cmd.Flags().BoolVar(&input.FromEnv, "env", false, "Read the credentials from the environment (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY)")
 
-	cmd.Flag("add-config", "Add a profile to ~/.aws/config if one doesn't exist").
-		Default("true").
-		BoolVar(&input.AddConfig)
+	// --add-config flag (default is true)
+	cmd.Flags().BoolVar(&input.AddConfig, "add-config", true, "Add a profile to ~/.aws/config if one doesn't exist")
 
-	cmd.Action(func(c *kingpin.ParseContext) error {
-		keyring, err := a.Keyring()
-		if err != nil {
-			return err
-		}
-		awsConfigFile, err := a.AwsConfigFile()
-		if err != nil {
-			return err
-		}
-		err = AddCommand(input, keyring, awsConfigFile)
-		app.FatalIfError(err, "add")
-		return nil
-	})
+	return cmd
 }
 
 func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *vault.ConfigFile) error {
@@ -73,6 +79,7 @@ func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *v
 		if secretKey, err = prompt.TerminalSecretPrompt("Enter Secret Access Key: "); err != nil {
 			return err
 		}
+		// PRESERVED: MFA serial prompt functionality
 		if mfaSerial, err = prompt.TerminalPrompt("Enter MFA Device ARN (If MFA is not enabled, leave this blank): "); err != nil {
 			return err
 		}
@@ -96,7 +103,7 @@ func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *v
 		if input.AddConfig {
 			newProfileSection := vault.ProfileSection{
 				Name:      input.ProfileName,
-				MfaSerial: mfaSerial,
+				MfaSerial: mfaSerial, // PRESERVED: MFA serial saved to config
 			}
 			log.Printf("Adding profile %s to config at %s", input.ProfileName, awsConfigFile.Path)
 			if err := awsConfigFile.Add(newProfileSection); err != nil {

cli/add_test.go

@@ -4,7 +4,7 @@ import (
 	"log"
 	"os"
 
-	"github.com/alecthomas/kingpin/v2"
+	"github.com/spf13/cobra"
 )
 
 func ExampleAddCommand() {
@@ -25,9 +25,12 @@ func ExampleAddCommand() {
 	defer os.Unsetenv("AWS_VAULT_BACKEND")
 	defer os.Unsetenv("AWS_VAULT_FILE_PASSPHRASE")
 
-	app := kingpin.New(`aws-vault`, ``)
-	ConfigureAddCommand(app, ConfigureGlobals(app))
-	kingpin.MustParse(app.Parse([]string{"add", "--debug", "--env", "foo"}))
+	a := NewAwsVault()
+	rootCmd := &cobra.Command{Use: "aws-vault"}
+	AddGlobalFlags(rootCmd, a)
+	rootCmd.AddCommand(NewAddCommand(a))
+	rootCmd.SetArgs([]string{"add", "--debug", "--env", "foo"})
+	_ = rootCmd.Execute()
 
 	// Output:
 	// Added credentials to profile "foo" in vault

cli/clear.go

@@ -4,37 +4,47 @@ import (
 	"fmt"
 
 	"github.com/byteness/keyring"
-	"github.com/alecthomas/kingpin/v2"
 	"github.com/byteness/aws-vault/v7/vault"
+	"github.com/spf13/cobra"
 )
 
 type ClearCommandInput struct {
 	ProfileName string
 }
 
-func ConfigureClearCommand(app *kingpin.Application, a *AwsVault) {
+func NewClearCommand(a *AwsVault) *cobra.Command {
 	input := ClearCommandInput{}
 
-	cmd := app.Command("clear", "Clear temporary credentials from the secure keystore.")
+	cmd := &cobra.Command{
+		Use:   "clear [profile]",
+		Short: "Clear temporary credentials from the secure keystore",
+		Long:  "Clear temporary credentials from the secure keystore",
+		Args:  cobra.MaximumNArgs(1),
+		ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+			if len(args) == 0 {
+				return a.CompleteProfileNames()(cmd, args, toComplete)
+			}
+			return nil, cobra.ShellCompDirectiveNoFileComp
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				input.ProfileName = args[0]
+			}
 
-	cmd.Arg("profile", "Name of the profile").
-		HintAction(a.MustGetProfileNames).
-		StringVar(&input.ProfileName)
+			keyring, err := a.Keyring()
+			if err != nil {
+				return err
+			}
+			awsConfigFile, err := a.AwsConfigFile()
+			if err != nil {
+				return err
+			}
 
-	cmd.Action(func(c *kingpin.ParseContext) (err error) {
-		keyring, err := a.Keyring()
-		if err != nil {
-			return err
-		}
-		awsConfigFile, err := a.AwsConfigFile()
-		if err != nil {
-			return err
-		}
+			return ClearCommand(input, awsConfigFile, keyring)
+		},
+	}
 
-		err = ClearCommand(input, awsConfigFile, keyring)
-		app.FatalIfError(err, "clear")
-		return nil
-	})
+	return cmd
 }
 
 func ClearCommand(input ClearCommandInput, awsConfigFile *vault.ConfigFile, keyring keyring.Keyring) error {

cli/exec.go

@@ -13,12 +13,12 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/alecthomas/kingpin/v2"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/byteness/aws-vault/v7/iso8601"
 	"github.com/byteness/aws-vault/v7/server"
 	"github.com/byteness/aws-vault/v7/vault"
 	"github.com/byteness/keyring"
+	"github.com/spf13/cobra"
 )
 
 type ExecCommandInput struct {
@@ -66,108 +66,111 @@ func hasBackgroundServer(input ExecCommandInput) bool {
 	return input.StartEcsServer || input.StartEc2Server
 }
 
-func ConfigureExecCommand(app *kingpin.Application, a *AwsVault) {
+func NewExecCommand(a *AwsVault) *cobra.Command {
 	input := ExecCommandInput{}
 
-	cmd := app.Command("exec", "Execute a command with AWS credentials.")
-
-	cmd.Flag("duration", "Duration of the temporary or assume-role session. Defaults to 1h").
-		Short('d').
-		DurationVar(&input.SessionDuration)
-
-	cmd.Flag("no-session", "Skip creating STS session with GetSessionToken").
-		Short('n').
-		BoolVar(&input.NoSession)
-
-	cmd.Flag("region", "The AWS region").
-		StringVar(&input.Config.Region)
-
-	cmd.Flag("mfa-token", "The MFA token to use").
-		Short('t').
-		StringVar(&input.Config.MfaToken)
-
-	cmd.Flag("json", "Output credentials in JSON that can be used by credential_process").
-		Short('j').
-		Hidden().
-		BoolVar(&input.JSONDeprecated)
-
-	cmd.Flag("server", "Alias for --ecs-server").
-		Short('s').
-		BoolVar(&input.StartEcsServer)
-
-	cmd.Flag("ec2-server", "Run a EC2 metadata server in the background for credentials").
-		BoolVar(&input.StartEc2Server)
-
-	cmd.Flag("ecs-server", "Run a ECS credential server in the background for credentials (the SDK or app must support AWS_CONTAINER_CREDENTIALS_FULL_URI)").
-		BoolVar(&input.StartEcsServer)
-
-	cmd.Flag("lazy", "When using --ecs-server, lazily fetch credentials").
-		BoolVar(&input.Lazy)
-
-	cmd.Flag("stdout", "Print the SSO link to the terminal without automatically opening the browser").
-		BoolVar(&input.UseStdout)
-
-	cmd.Arg("profile", "Name of the profile").
-		//Required().
-		Default(os.Getenv("AWS_PROFILE")).
-		HintAction(a.MustGetProfileNames).
-		StringVar(&input.ProfileName)
+	cmd := &cobra.Command{
+		Use:   "exec [profile] [cmd] [args...]",
+		Short: "Execute a command with AWS credentials",
+		Long:  "Execute a command with AWS credentials",
+		Args:  cobra.MinimumNArgs(0),
+		ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+			if len(args) == 0 {
+				return a.CompleteProfileNames()(cmd, args, toComplete)
+			}
+			// Disable file completion for command arguments
+			return nil, cobra.ShellCompDirectiveNoFileComp
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			// Parse args: [profile] [command] [command args...]
+			if len(args) > 0 {
+				input.ProfileName = args[0]
+			}
+			if len(args) > 1 {
+				input.Command = args[1]
+				input.Args = args[2:]
+			}
 
-	cmd.Arg("cmd", "Command to execute, defaults to $SHELL").
-		StringVar(&input.Command)
+			// Apply defaults if profile not provided
+			if input.ProfileName == "" {
+				input.ProfileName = os.Getenv("AWS_PROFILE")
+			}
 
-	cmd.Arg("args", "Command arguments").
-		StringsVar(&input.Args)
+			input.Config.MfaPromptMethod = a.PromptDriver(hasBackgroundServer(input))
+			input.Config.NonChainedGetSessionTokenDuration = input.SessionDuration
+			input.Config.AssumeRoleDuration = input.SessionDuration
+			input.Config.SSOUseStdout = input.UseStdout
+			input.ShowHelpMessages = !a.Debug && input.Command == "" && isATerminal() && os.Getenv("AWS_VAULT_DISABLE_HELP_MESSAGE") != "1"
 
-	cmd.Action(func(c *kingpin.ParseContext) (err error) {
-		input.Config.MfaPromptMethod = a.PromptDriver(hasBackgroundServer(input))
-		input.Config.NonChainedGetSessionTokenDuration = input.SessionDuration
-		input.Config.AssumeRoleDuration = input.SessionDuration
-		input.Config.SSOUseStdout = input.UseStdout
-		input.ShowHelpMessages = !a.Debug && input.Command == "" && isATerminal() && os.Getenv("AWS_VAULT_DISABLE_HELP_MESSAGE") != "1"
+			f, err := a.AwsConfigFile()
+			if err != nil {
+				return err
+			}
+			keyring, err := a.Keyring()
+			if err != nil {
+				return err
+			}
 
-		f, err := a.AwsConfigFile()
-		if err != nil {
-			return err
-		}
-		keyring, err := a.Keyring()
-		if err != nil {
-			return err
-		}
+			if input.ProfileName == "" {
+				// If no profile provided select from configured AWS profiles
+				ProfileName, err := pickAwsProfile(f.ProfileNames())
 
-		if input.ProfileName == "" {
-			// If no profile provided select from configured AWS profiles
-			ProfileName, err := pickAwsProfile(f.ProfileNames())
+				if err != nil {
+					return fmt.Errorf("unable to select a 'profile'. Try --help: %w", err)
+				}
 
-			if err != nil {
-				return fmt.Errorf("unable to select a 'profile'. Try --help: %w", err)
+				input.ProfileName = ProfileName
 			}
 
-			input.ProfileName = ProfileName
-		}
-
-		exitcode := 0
-		if input.JSONDeprecated {
-			exportCommandInput := ExportCommandInput{
-				ProfileName:     input.ProfileName,
-				Format:          "json",
-				Config:          input.Config,
-				SessionDuration: input.SessionDuration,
-				NoSession:       input.NoSession,
+			exitcode := 0
+			if input.JSONDeprecated {
+				exportCommandInput := ExportCommandInput{
+					ProfileName:     input.ProfileName,
+					Format:          "json",
+					Config:          input.Config,
+					SessionDuration: input.SessionDuration,
+					NoSession:       input.NoSession,
+				}
+
+				err = ExportCommand(exportCommandInput, f, keyring)
+			} else {
+				exitcode, err = ExecCommand(input, f, keyring)
 			}
 
-			err = ExportCommand(exportCommandInput, f, keyring)
-		} else {
-			exitcode, err = ExecCommand(input, f, keyring)
-		}
+			if err != nil {
+				return err
+			}
 
-		app.FatalIfError(err, "exec")
+			// override exit code if not err
+			os.Exit(exitcode)
 
-		// override exit code if not err
-		os.Exit(exitcode)
+			return nil
+		},
+	}
 
-		return nil
+	cmd.Flags().DurationVarP(&input.SessionDuration, "duration", "d", time.Hour, "Duration of the temporary or assume-role session. Defaults to 1h")
+	cmd.Flags().BoolVarP(&input.NoSession, "no-session", "n", false, "Skip creating STS session with GetSessionToken")
+	cmd.Flags().StringVar(&input.Config.Region, "region", "", "The AWS region")
+	cmd.Flags().StringVarP(&input.Config.MfaToken, "mfa-token", "t", "", "The MFA token to use")
+	cmd.Flags().BoolVarP(&input.JSONDeprecated, "json", "j", false, "Output credentials in JSON that can be used by credential_process")
+	_ = cmd.Flags().MarkHidden("json")
+	cmd.Flags().BoolVarP(&input.StartEcsServer, "server", "s", false, "Alias for --ecs-server")
+	cmd.Flags().BoolVar(&input.StartEc2Server, "ec2-server", false, "Run a EC2 metadata server in the background for credentials")
+	cmd.Flags().BoolVar(&input.StartEcsServer, "ecs-server", false, "Run a ECS credential server in the background for credentials (the SDK or app must support AWS_CONTAINER_CREDENTIALS_FULL_URI)")
+	cmd.Flags().BoolVar(&input.Lazy, "lazy", false, "When using --ecs-server, lazily fetch credentials")
+	cmd.Flags().BoolVar(&input.UseStdout, "stdout", false, "Print the SSO link to the terminal without automatically opening the browser")
+
+	cmd.RegisterFlagCompletionFunc("duration", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+		return []string{"1h", "2h", "4h", "8h", "12h"}, cobra.ShellCompDirectiveNoFileComp
+	})
+	cmd.RegisterFlagCompletionFunc("region", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+		return AwsRegions(), cobra.ShellCompDirectiveNoFileComp
 	})
+	cmd.RegisterFlagCompletionFunc("mfa-token", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+		return []string{}, cobra.ShellCompDirectiveNoFileComp
+	})
+
+	return cmd
 }
 
 func ExecCommand(input ExecCommandInput, f *vault.ConfigFile, keyring keyring.Keyring) (exitcode int, err error) {