feat: Show cloud identity being currently used (#675)

* show azure account

* show signed-in user

* show aws caller identity

* show aws profile

Author: maciaszczykm

pkg/provider/aws.go

@@ -3,6 +3,7 @@ package provider
 import (
 	"context"
 	"fmt"
+	"os"
 	"os/exec"
 	"sort"
 	"strings"
@@ -72,11 +73,16 @@ var (
 func mkAWS(conf config.Config) (provider *AWSProvider, err error) {
 	ctx := context.Background()
 
-	iamSession, err := GetAWSCallerIdentity(ctx)
+	iamSession, callerIdentity, err := GetAWSCallerIdentity(ctx)
 	if err != nil {
 		return nil, plrlErrors.ErrorWrap(err, "Failed to get AWS caller identity")
 	}
 
+	fmt.Printf("\nUsing %s AWS profile\n", getAWSProfileName())
+	fmt.Printf("Caller identity ARN: %s\n", lo.FromPtr(callerIdentity.Arn))
+	fmt.Printf("Caller identity account: %s\n", lo.FromPtr(callerIdentity.Account))
+	fmt.Printf("Caller identity user ID: %s\n\n", lo.FromPtr(callerIdentity.UserId))
+
 	provider = &AWSProvider{
 		goContext: &ctx,
 		ctx: map[string]any{
@@ -402,29 +408,41 @@ func (aws *AWSProvider) testIamPermissions() error {
 	return fmt.Errorf("you do not meet all required iam permissions to deploy an eks cluster: %s, this is not necessarily a full list, we recommend using as close to AdministratorAccess as possible to run plural", strings.Join(missing, ","))
 }
 
+func getAWSProfileName() string {
+	if profile := os.Getenv("AWS_PROFILE"); profile != "" {
+		return profile
+	}
+
+	if profile := os.Getenv("AWS_DEFAULT_PROFILE"); profile != "" {
+		return profile
+	}
+
+	return "default"
+}
+
 // GetAWSCallerIdentity returns the IAM role ARN of the current caller identity.
-func GetAWSCallerIdentity(ctx context.Context) (string, error) {
+func GetAWSCallerIdentity(ctx context.Context) (string, *sts.GetCallerIdentityOutput, error) {
 	cfg, err := getAwsConfig(ctx)
 	if err != nil {
-		return "", err
+		return "", nil, err
 	}
 
 	svc := sts.NewFromConfig(cfg)
 	callerIdentity, err := svc.GetCallerIdentity(ctx, &sts.GetCallerIdentityInput{})
 	if err != nil {
-		return "", plrlErrors.ErrorWrap(err, "Error getting caller identity: ")
+		return "", callerIdentity, plrlErrors.ErrorWrap(err, "Error getting caller identity: ")
 	}
 
 	callerIdentityArn := lo.FromPtr(callerIdentity.Arn)
 	roleName, _ := RoleNameSessionFromARN(callerIdentityArn)
 	if !lo.IsEmpty(roleName) {
 		role, err := iam.NewFromConfig(cfg).GetRole(ctx, &iam.GetRoleInput{RoleName: &roleName})
 		if err != nil {
-			return "", plrlErrors.ErrorWrap(err, "Error getting IAM role: ")
+			return "", callerIdentity, plrlErrors.ErrorWrap(err, "Error getting IAM role: ")
 		}
 
-		return lo.FromPtr(role.Role.Arn), nil
+		return lo.FromPtr(role.Role.Arn), callerIdentity, nil
 	}
 
-	return callerIdentityArn, nil
+	return callerIdentityArn, callerIdentity, nil
 }

pkg/provider/azure.go

@@ -115,11 +115,20 @@ type AzureProvider struct {
 }
 
 func mkAzure(conf config.Config) (prov *AzureProvider, err error) {
-	subId, tenID, err := GetAzureAccount()
+	subId, tenID, subName, err := GetAzureAccount()
 	if err != nil {
 		return
 	}
 
+	user, err := GetAzureUser()
+	if err != nil {
+		return
+	}
+
+	fmt.Printf("\nLogged in as %s to %s Azure subscription\n", user, subName)
+	fmt.Printf("Subscription ID: %s\n", subId)
+	fmt.Printf("Tenant ID: %s\n\n", tenID)
+
 	clients, err := GetClientSet(subId)
 	if err != nil {
 		return
@@ -455,23 +464,40 @@ func (az *AzureProvider) upsertStorageContainer(acc armstorage.Account, name str
 	return err
 }
 
-func GetAzureAccount() (string, string, error) {
+func GetAzureAccount() (string, string, string, error) {
 	cmd := exec.Command("az", "account", "show")
 	out, err := cmd.Output()
 	if err != nil {
 		fmt.Println(string(out))
-		return "", "", err
+		return "", "", "", err
 	}
 
 	var res struct {
 		TenantId string
 		Id       string
+		Name     string
 	}
 
 	if err := json.Unmarshal(out, &res); err != nil {
-		return "", "", err
+		return "", "", "", err
 	}
-	return res.Id, res.TenantId, nil
+	return res.Id, res.TenantId, res.Name, nil
+}
+
+func GetAzureUser() (string, error) {
+	cmd := exec.Command("az", "ad", "signed-in-user", "show")
+	out, err := cmd.Output()
+	if err != nil {
+		fmt.Println(string(out))
+		return "", err
+	}
+
+	var res struct{ UserPrincipalName string }
+	if err := json.Unmarshal(out, &res); err != nil {
+		return "", err
+	}
+
+	return res.UserPrincipalName, nil
 }
 
 func isNotFoundResourceGroup(err error) bool {
@@ -507,7 +533,7 @@ func getPathElement(path, indexName string) (string, error) {
 }
 
 func ValidateAzureDomainRegistration(ctx context.Context, domain, resourceGroup string) error {
-	subId, _, err := GetAzureAccount()
+	subId, _, _, err := GetAzureAccount()
 	if err != nil {
 		return err
 	}