implement custom templated launch for sso browser option

pkg/assume/entrypoint.go

@@ -116,6 +116,7 @@ func GetCliApp() *cli.App {
 			if err != nil {
 				return err
 			}
+
 			if !hasSetup {
 				browserName, err := browser.HandleBrowserWizard(c)
 				if err != nil {

pkg/config/config.go

@@ -42,6 +42,11 @@ type Config struct {
 	// and CustomBrowserPath fields.
 	AWSConsoleBrowserLaunchTemplate *BrowserLaunchTemplate `toml:",omitempty"`
 
+	// SSOBrowserLaunchTemplate is an optional launch template to use
+	// for opening the SSO auth flow. If specified it overrides the DefaultBrowser
+	// and CustomSSOBrowserPath fields.
+	SSOBrowserLaunchTemplate *BrowserLaunchTemplate `toml:",omitempty"`
+
 	Keyring                *KeyringConfig `toml:",omitempty"`
 	Ordering               string
 	ExportCredentialSuffix string
@@ -280,7 +285,7 @@ func Load() (*Config, error) {
 	_, err = toml.NewDecoder(file).Decode(&c)
 	if err != nil {
 		// if there is an error just reset the file
-		return &c, nil
+		return nil, err
 	}
 	return &c, nil
 }

pkg/granted/console.go

@@ -128,7 +128,7 @@ var ConsoleCommand = cli.Command{
 		}
 
 		if startErr != nil {
-			return clierr.New(fmt.Sprintf("Granted was unable to open a browser session automatically due to the following error: %s", err.Error()),
+			return clierr.New(fmt.Sprintf("Granted was unable to open a browser session automatically due to the following error: %s", startErr.Error()),
 				// allow them to try open the url manually
 				clierr.Info("You can open the browser session manually using the following url:"),
 				clierr.Info(consoleURL),

pkg/idclogin/run.go

@@ -2,13 +2,18 @@ package idclogin
 
 import (
 	"context"
+	"errors"
+	"fmt"
 	"os/exec"
 	"time"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ssooidc"
 	"github.com/common-fate/clio"
+	"github.com/common-fate/clio/clierr"
 	grantedConfig "github.com/common-fate/granted/pkg/config"
+	"github.com/common-fate/granted/pkg/forkprocess"
+	"github.com/common-fate/granted/pkg/launcher"
 	"github.com/common-fate/granted/pkg/securestorage"
 	"github.com/pkg/browser"
 )
@@ -54,7 +59,44 @@ func Login(ctx context.Context, cfg aws.Config, startUrl string, scopes []string
 		return nil, err
 	}
 
-	if config.CustomSSOBrowserPath != "" {
+	if config.SSOBrowserLaunchTemplate != nil {
+		l, err := launcher.CustomFromLaunchTemplate(config.SSOBrowserLaunchTemplate, []string{})
+		if err == launcher.ErrLaunchTemplateNotConfigured {
+			return nil, errors.New("error configuring custom browser, ensure that [SSOBrowserLaunchTemplate] is specified in your Granted config file")
+		}
+		if err != nil {
+			return nil, err
+		}
+
+		// now build the actual command to run - e.g. 'firefox --new-tab <URL>'
+		args, err := l.LaunchCommand(url, "")
+		if err != nil {
+			return nil, fmt.Errorf("error building browser launch command: %w", err)
+		}
+
+		var startErr error
+		if l.UseForkProcess() {
+			clio.Debugf("running command using forkprocess: %s", args)
+			cmd, err := forkprocess.New(args...)
+			if err != nil {
+				return nil, err
+			}
+			startErr = cmd.Start()
+		} else {
+			clio.Debugf("running command without forkprocess: %s", args)
+			cmd := exec.Command(args[0], args[1:]...)
+			startErr = cmd.Start()
+		}
+
+		if startErr != nil {
+			return nil, clierr.New(fmt.Sprintf("Granted was unable to open a browser session automatically due to the following error: %s", startErr.Error()),
+				// allow them to try open the url manually
+				clierr.Info("You can open the browser session manually using the following url:"),
+				clierr.Info(url),
+			)
+		}
+
+	} else if config.CustomSSOBrowserPath != "" {
 		cmd := exec.Command(config.CustomSSOBrowserPath, url)
 		err = cmd.Start()
 		if err != nil {

pkg/launcher/custom.go

@@ -3,6 +3,7 @@ package launcher
 import (
 	"errors"
 	"fmt"
+	"regexp"
 	"strings"
 	"text/template"
 
@@ -52,10 +53,31 @@ func (l Custom) LaunchCommand(url string, profile string) ([]string, error) {
 		return nil, fmt.Errorf("executing command template (check that your browser launch template is valid in your Granted config): %w", err)
 	}
 
-	commandParts := strings.Fields(renderedCommand.String())
+	commandParts := splitCommand(renderedCommand.String())
 	return commandParts, nil
 }
 
+// splits each component of the command. Anything within quotes will be handled as one component of the command
+// eg open -a "Google Chrome" <URL> returns ["open", "-a", "Google Chrome", "<URL>"]
+func splitCommand(command string) []string {
+
+	re := regexp.MustCompile(`"([^"]+)"|(\S+)`)
+	matches := re.FindAllStringSubmatch(command, -1)
+
+	var result []string
+	for _, match := range matches {
+
+		if match[1] != "" {
+			result = append(result, match[1])
+		} else {
+
+			result = append(result, match[2])
+		}
+	}
+
+	return result
+}
+
 func (l Custom) UseForkProcess() bool { return l.ForkProcess }
 
 var ErrLaunchTemplateNotConfigured = errors.New("launch template is not configured")