Update documentation and binary help strings

Signed-off-by: Noah Stride <[email protected]>
spiffe · Nov 28, 2024 · f037a83 · f037a83
1 parent 6d5d403
commit f037a83
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -68,12 +68,20 @@ $ aws-spiffe-workload-helper x509-credential-process \
     --trust-anchor-arn arn:aws:rolesanywhere:us-east-1:123456789012:trust-anchor/0000000-0000-0000-0000-000000000000 \
     --profile-arn arn:aws:rolesanywhere:us-east-1:123456789012:profile/0000000-0000-0000-0000-000000000000 \
     --role-arn arn:aws:iam::123456789012:role/example-role \
-    --workload-api-addr /opt/workload-api.sock
+    --workload-api-addr unix:///opt/workload-api.sock
 ```
 
-Flags:
+##### Reference
+
+| Flag              | Required | Description                                                                                                                                                                              | Example                                                                                         |
+|-------------------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------|
+| role-arn          | Yes      | The ARN of the role to assume. Required.                                                                                                                                                 | `arn:aws:iam::123456789012:role/example-role`                                                   |
+| profile-arn       | Yes      | The ARN of the Roles Anywhere profile to use. Required.                                                                                                                                  | `arn:aws:rolesanywhere:us-east-1:123456789012:profile/0000000-0000-0000-0000-00000000000`       |
+| trust-anchor-arn  | Yes      | The ARN of the Roles Anywhere trust anchor to use. Required.                                                                                                                             | `arn:aws:rolesanywhere:us-east-1:123456789012:trust-anchor/0000000-0000-0000-0000-000000000000` |
+| region            | No       | Overrides AWS region to use when exchanging the SVID for AWS credentials. Optional.                                                                                                      | `us-east-1`                                                                                     |
+| session-duration  | No       | The duration, in seconds, of the resulting session. Optional. Can range from 15 minutes (900) to 12 hours (43200).                                                                       | `3600`                                                                                          |
+| workload-api-addr | No       | Overrides the address of the Workload API endpoint that will be use to fetch the X509 SVID. If unspecified, the value from the SPIFFE_ENDPOINT_SOCKET environment variable will be used. | `unix:///opt/my/path/workload.sock`                                                             |
 
-- TODO
 
 ### Configuring AWS SDKs and CLIs
 

diff --git a/cmd/main.go b/cmd/main.go
@@ -33,8 +33,8 @@ func newRootCmd() (*cobra.Command, error) {
 	var debug bool
 	rootCmd := &cobra.Command{
 		Use:     "aws-spiffe-workload-helper",
-		Short:   "TODO", // TODO(strideynet): Helpful, short description.
-		Long:    `TODO`, // TODO(strideynet): Helpful, long description.
+		Short:   `A light-weight tool intended to assist in providing a workload with credentials for AWS using its SPIFFE identity.`,
+		Long:    `A light-weight tool intended to assist in providing a workload with credentials for AWS using its SPIFFE identity.`,
 		Version: version,
 	}
 	rootCmd.PersistentFlags().BoolVar(&debug, "debug", false, "Enable debug logging")
@@ -65,8 +65,8 @@ func newX509CredentialProcessCmd() (*cobra.Command, error) {
 	)
 	cmd := &cobra.Command{
 		Use:   "x509-credential-process",
-		Short: "TODO", // TODO(strideynet): Helpful, short description.
-		Long:  `TODO`, // TODO(strideynet): Helpful, long description.
+		Short: `Exchanges an X509 SVID for a short-lived set of AWS credentials using AWS Roles Anywhere. Compatible with the AWS credential process functionality.`,
+		Long:  `Exchanges an X509 SVID for a short-lived set of AWS credentials using the AWS Roles Anywhere API. It returns the credentials to STDOUT, in the format expected by AWS SDKs and CLIs when invoking an external credential process.`,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			ctx := cmd.Context()
 			client, err := workloadapi.New(
@@ -130,7 +130,7 @@ func newX509CredentialProcessCmd() (*cobra.Command, error) {
 	if err := cmd.MarkFlagRequired("role-arn"); err != nil {
 		return nil, fmt.Errorf("marking role-arn flag as required: %w", err)
 	}
-	cmd.Flags().StringVar(&region, "region", "", "The AWS region to use. Optional.")
+	cmd.Flags().StringVar(&region, "region", "", "Overrides AWS region to use when exchanging the SVID for AWS credentials. Optional.")
 	cmd.Flags().StringVar(&profileARN, "profile-arn", "", "The ARN of the Roles Anywhere profile to use. Required.")
 	if err := cmd.MarkFlagRequired("profile-arn"); err != nil {
 		return nil, fmt.Errorf("marking profile-arn flag as required: %w", err)