From a28b6fc02d8e5782a616fbfb8e8732e50fc07eb9 Mon Sep 17 00:00:00 2001
From: Michael Palmer <MichaelPalmer1@users.noreply.github.com>
Date: Tue, 20 Nov 2018 14:23:17 -0500
Subject: [PATCH] Alias mapping (#1)

* Map aliases to one or more roles

* update changelog

* escape the square brackets
---
 CHANGELOG.md           |  4 ++++
 README.md              | 16 +++++++++-------
 goss-config.json       | 12 ++++++++++--
 goss_config_gen/cli.py | 34 +++++++++++++++++++++++++++++++---
 4 files changed, 54 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e0a4bcd..eb4c9fb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.3.0
+- \[BREAKING\] Allow mapping an alias to one or more roles. This also modifies the `RoleAliases` block in the config file,
+  requiring a configuration update by the user.
+
 ## 1.2.2
 - Add executable paths to config
 
diff --git a/README.md b/README.md
index 3fa81f5..018bbf4 100644
--- a/README.md
+++ b/README.md
@@ -62,20 +62,22 @@ Output file that will contain all the generated aliases
 This argument is optional and defaults to `goss-generated-aliases.sh`.
 
 ### `RoleAliases`
-Mapping of role names to aliases.
+Mapping of aliases to roles.
 
-This argument is optional. When not specified, the gossamer command to assume all accounts in the
-same role will use a normalized version (`/`'s are replaced with `-`'s) of the role name. For instance,
-if you are trying to assume role `path/role1` in all accounts, and this parameter is not specified, the
-alias will be generated as `goss-path-role1`. If you specified the following configuration:
+This argument is optional and allows for the creation of an alias that maps to one or more roles.
 
 ```json
 "RoleAliases": {
-    "path/role1": "r1"
+    "all": [
+        "path/role1",
+        "path/role2
+    ]
 }
 ```
 
-Then the generated alias would be `goss-r1`.
+For instance, if you are trying to assume roles `path/role1` and `path/role2` in all accounts using the above
+configuration, the generated alias would be `goss-all`. In addition to these aliases, by default, an alias for each
+normalized version (`/`'s are replaced with `-`'s) of a role name will be created.
 
 ### `GossamerPath`
 
diff --git a/goss-config.json b/goss-config.json
index 94125ab..aca5d50 100644
--- a/goss-config.json
+++ b/goss-config.json
@@ -2,8 +2,16 @@
     "OutputDirectory": "$HOME/gossamer",
     "OutputFile": "goss-generated-aliases.sh",
     "RoleAliases": {
-        "path/role1": "r1",
-        "path/role2": "r2"
+        "r1": [
+            "path/role1"
+        ],
+        "r2": [
+            "path/role2"
+        ],
+        "r3": [
+            "path/role1",
+            "path/role2"
+        ]
     },
     "GossamerPath": "/usr/local/bin/gossamer",
     "AWSCredentialsPath": "$HOME/.aws/credentials",
diff --git a/goss_config_gen/cli.py b/goss_config_gen/cli.py
index 6e3494b..fb55866 100644
--- a/goss_config_gen/cli.py
+++ b/goss_config_gen/cli.py
@@ -123,6 +123,36 @@ def main():
             }
         )
 
+    # Write role alias files
+    aliased_roles = set()
+    for alias, role_names in role_aliases.items():
+        role_file = os.path.join(
+            output_dir,
+            alias + '.json'
+        )
+
+        role_data = []
+        for role in role_names:
+            role_data += roles.get(role)
+            aliased_roles.add(role)
+
+        output_data = {'Roles': role_data}
+
+        with open(role_file, 'w') as f:
+            f.write(json.dumps(output_data, indent=4))
+
+        # Write gossamer alias
+        aliases.append(
+            "alias goss-%(alias)s='%(gossamer_path)s -rolesfile %(role_file)s -profile %(profile)s -serialnumber $MFA "
+            "-o %(aws_creds_path)s -force -tokencode'\n" % {
+                'alias': alias,
+                'gossamer_path': config['GossamerPath'],
+                'role_file': role_file,
+                'profile': config['BaseProfile'],
+                'aws_creds_path': config['AWSCredentialsPath']
+            }
+        )
+
     # Write role files
     for role_name, role_data in roles.items():
         normalized_role_name = role_name.replace('/', '-')
@@ -136,13 +166,11 @@ def main():
         with open(role_file, 'w') as f:
             f.write(json.dumps(output_data, indent=4))
 
-        alias = role_aliases.get(role_name, normalized_role_name)
-
         # Write gossamer alias
         aliases.append(
             "alias goss-%(alias)s='%(gossamer_path)s -rolesfile %(role_file)s -profile %(profile)s -serialnumber $MFA "
             "-o %(aws_creds_path)s -force -tokencode'\n" % {
-                'alias': alias,
+                'alias': normalized_role_name,
                 'gossamer_path': config['GossamerPath'],
                 'role_file': role_file,
                 'profile': config['BaseProfile'],