diff --git a/command_test.go b/command_test.go index 5785124..5f3f448 100644 --- a/command_test.go +++ b/command_test.go @@ -469,6 +469,13 @@ var ( Role: "arn:something:or:other", }, }, + { + Args: []string{"console", "--duration", "15m", "one"}, + Command: &Console{ + VaultName: "one", + Duration: ConsoleMinDuration, + }, + }, { Args: []string{"console", "--help"}, Command: &Help{Subcommand: "console"}, diff --git a/console.go b/console.go index 2c076cb..f297b62 100644 --- a/console.go +++ b/console.go @@ -18,11 +18,12 @@ var ( ) const ( - CONSOLE_URL = "https://console.aws.amazon.com/console/home" - SIGNIN_URL = "https://signin.aws.amazon.com/federation" + ConsoleURL = "https://console.aws.amazon.com/console/home" + ConsoleFederationSigninURL = "https://signin.aws.amazon.com/federation" - MinConsoleDuration = 15 * time.Minute - MaxConsoleDuration = 12 * time.Hour + ConsoleMinDuration = 15 * time.Minute + ConsoleMaxDuration = 12 * time.Hour + ConsoleDefaultDuration = 1 * time.Hour ) type Console struct { @@ -37,103 +38,136 @@ func (c *Console) Run(store vaulted.Store) error { return err } - // console signin - signinUrl, _ := url.Parse(SIGNIN_URL) - loginQuery := make(url.Values) - loginQuery.Set("Action", "login") - loginQuery.Set("SigninToken", signinToken) - loginQuery.Set("Destination", CONSOLE_URL) + return openConsole(signinToken) +} - signinUrl.RawQuery = loginQuery.Encode() - err = browser.OpenURL(signinUrl.String()) +func (c *Console) getSigninToken(store vaulted.Store) (string, error) { + vault, err := c.getVault(store) if err != nil { - return err + return "", err } - return nil -} + awsKey := c.getAWSKey(vault) -func (c *Console) getSigninToken(store vaulted.Store) (string, error) { - // Setup default values (may be overwritten by values from vault) - duration := 1 * time.Hour - var awsKey vaulted.AWSKey + awsCreds, err := c.getCredentials(vault, awsKey) + if err != nil { + return "", err + } + + duration, err := c.getDuration(vault) + if err != nil { + return "", err + } + + if c.Role != "" { + return c.getAssumeRoleToken(store, awsKey, awsCreds, duration) + } else { + return c.getFederationToken(awsCreds, duration) + } + +} - // Override defaults with values from specified vault +func (c *Console) getVault(store vaulted.Store) (*vaulted.Vault, error) { + vault := &vaulted.Vault{} + var err error if c.VaultName != "" { - v, _, err := store.OpenVault(c.VaultName) + vault, _, err = store.OpenVault(c.VaultName) if err != nil { - return "", err + return nil, err } + } + return vault, nil +} - duration = v.Duration - - if v.AWSKey.Valid() { - awsKey = *v.AWSKey - if c.Role != "" { - awsKey.Role = c.Role - } +func (c *Console) getCredentials(vault *vaulted.Vault, awsKey *vaulted.AWSKey) (*vaulted.AWSCredentials, error) { + awsCreds, err := awsKey.AWSCredentials.WithLocalDefault() + if err != nil { + if err != credentials.ErrNoValidProvidersFoundInChain { + return nil, err + } else if err == credentials.ErrNoValidProvidersFoundInChain || !awsCreds.Valid() { + return nil, ErrNoCredentialsFound } + } else if awsCreds.ValidSession() { + return nil, ErrInvalidTemporaryCredentials } - // If duration was provided through the command line overwrite with that - if c.Duration != 0 && (c.Duration < 15*time.Minute || c.Duration > 12*time.Hour) { - return "", ErrInvalidDuration - } else if c.Duration > 0 { - duration = c.Duration + return awsCreds, nil +} + +func (c *Console) getAWSKey(vault *vaulted.Vault) *vaulted.AWSKey { + var awsKey vaulted.AWSKey + + if vault.AWSKey != nil && vault.AWSKey.Valid() { + awsKey = *vault.AWSKey } + awsKey.Role = c.Role - return c.getSigninTokenFromCreds(store, awsKey, duration) + return &awsKey } -func (c *Console) getSigninTokenFromCreds(store vaulted.Store, awsKey vaulted.AWSKey, duration time.Duration) (string, error) { - // Get creds from environment if no creds loaded from vault - creds, err := awsKey.AWSCredentials.WithLocalDefault() - if err != nil && err != credentials.ErrNoValidProvidersFoundInChain { - return "", err - } else if err == credentials.ErrNoValidProvidersFoundInChain || !creds.Valid() { - return "", ErrNoCredentialsFound +func (c *Console) getDuration(vault *vaulted.Vault) (time.Duration, error) { + var duration time.Duration + if c.Duration != 0 { + duration = c.Duration + } else if vault.Duration != 0 { + duration = vault.Duration + } else { + duration = ConsoleDefaultDuration } - if creds.ValidSession() { - return "", ErrInvalidTemporaryCredentials - } + return capDuration(duration) +} - duration, err = capDuration(duration) - if err != nil { - return "", err +func capDuration(duration time.Duration) (time.Duration, error) { + if duration < ConsoleMinDuration { + return time.Duration(0), ErrInvalidDuration + } + if duration > ConsoleMaxDuration { + duration = ConsoleMaxDuration + fmt.Println("Your vault duration is greater than the max console duration.\nCurrent console session duration set to 12 hours.") } + return duration, nil +} - // assume provided role or get a federation token - if awsKey.Role != "" { - if awsKey.MFA != "" { - tokenCode, tokenErr := store.Steward().GetMFAToken(c.VaultName) - if tokenErr != nil { - return "", tokenErr - } - creds, err = creds.AssumeRoleWithMFA(awsKey.MFA, tokenCode, awsKey.Role, 15*time.Minute) - } else { - creds, err = creds.AssumeRole(awsKey.Role, 15*time.Minute) - } +func (c *Console) getAssumeRoleToken(store vaulted.Store, awsKey *vaulted.AWSKey, awsCreds *vaulted.AWSCredentials, duration time.Duration) (string, error) { + var err error + if awsKey.MFA != "" { + tokenCode, err := store.Steward().GetMFAToken(c.VaultName) if err != nil { return "", err } - return creds.GetSigninToken(&duration) + awsCreds, err = awsCreds.AssumeRoleWithMFA(awsKey.MFA, tokenCode, awsKey.Role, ConsoleMinDuration) } else { - creds, err = creds.GetFederationToken(duration) - if err != nil { - return "", err - } - return creds.GetSigninToken(nil) + awsCreds, err = awsCreds.AssumeRole(awsKey.Role, ConsoleMinDuration) + } + if err != nil { + return "", err } + return awsCreds.GetSigninToken(&duration) } -func capDuration(duration time.Duration) (time.Duration, error) { - if duration < MinConsoleDuration { - return time.Duration(0), ErrInvalidDuration +func (c *Console) getFederationToken(awsCreds *vaulted.AWSCredentials, duration time.Duration) (string, error) { + awsCreds, err := awsCreds.GetFederationToken(duration) + if err != nil { + return "", err } - if duration > MaxConsoleDuration { - duration = MaxConsoleDuration - fmt.Println("Your vault duration is greater than the max console duration.\nCurrent console session duration set to 12 hours.") + return awsCreds.GetSigninToken(nil) +} + +func openConsole(signinToken string) error { + signinURL, _ := url.Parse(ConsoleFederationSigninURL) + signinURL.RawQuery = getLoginQuery(signinToken).Encode() + err := browser.OpenURL(signinURL.String()) + if err != nil { + return err + } + return nil +} + +func getLoginQuery(signinToken string) url.Values { + return url.Values{ + "Action": []string{"login"}, + "SigninToken": []string{signinToken}, + "Destination": []string{ConsoleURL}, } - return duration, nil } diff --git a/console_test.go b/console_test.go index 03068a6..ae926df 100644 --- a/console_test.go +++ b/console_test.go @@ -46,6 +46,10 @@ func TestConsole(t *testing.T) { VaultName: "one", Duration: 10 * time.Minute, } + store.Vaults["one"].AWSKey.AWSCredentials = vaulted.AWSCredentials{ + ID: "id", + Secret: "secret", + } err = c.Run(store) if err != ErrInvalidDuration { t.Error("Invalid duration provided, should have caused an ErrInvalidDuration") diff --git a/doc/man/vaulted-console.1 b/doc/man/vaulted-console.1 index 3d585e3..300d536 100644 --- a/doc/man/vaulted-console.1 +++ b/doc/man/vaulted-console.1 @@ -9,13 +9,18 @@ vaulted console \- Opens the AWS console in the default web browser \fB\fCvaulted console\fR \fIname\fP [\fIOPTIONS\fP] .br \fB\fCvaulted console \-\-assume\fR \fIarn\fP [\fIOPTIONS\fP] -.br -\fB\fCvaulted console \-\-duration\fR \fIduration\fP [\fIOPTIONS\fP] .SH DESCRIPTION .PP -Opens the AWS console in the default web browser. Uses either the credentials in the current environment or the credentials in the specified vault. Console sessions either use the passed in duration, the provided vault's duration, or defaults to 1 hour. +Opens the AWS console in the default web browser. It will use the credentials +in the current environment unless a vault is specified, in which case it will +use the credentials in the vault. +.PP +The session length will either use the passed in duration, the provided vault's +duration, or defaults to 1 hour in that order of preference. Durations must be +at least 15 minutes and less than 12 hours. .PP -Durations must be at least 15 minutes and less than 12 hours. +This requires that you have the sts:GetFederationToken or sts:AssumeRole +permissions enabled for your user. .SH OPTIONS .TP \fB\fC\-\-assume\fR \fIarn\fP @@ -27,10 +32,13 @@ When invoked this way, credentials are sourced from default locations (e.g. environment, configuration files, instance profile, etc.). .PP \fB\fC\-\-duration\fR \fIduration\fP - Specifies the duration that the console session is valid. The duration must be within the range 15m\-12h. + Specifies the duration that the console session is valid. The duration must + be within the range 15m\-12h. .SH ASSUMING A ROLE .PP A role to assume can be specified either in a vault's configuration (via \fB\fCvaulted edit\fR) or specified via the \fB\fC\-\-assume\fR option. .PP -Vaulted first opens the specified vault to retrieve the appropriate credentials. If a role is specified in the vault's configuration it will use that unless a role is explicitly passed in through the \fB\fC\-\-assume\fR option. +Vaulted first opens the specified vault to retrieve the appropriate credentials. +If a role is specified in the vault's configuration it will use that unless a +role is explicitly passed in through the \fB\fC\-\-assume\fR option. diff --git a/doc/vaulted-console.1.md b/doc/vaulted-console.1.md index 7abdea9..51865dc 100644 --- a/doc/vaulted-console.1.md +++ b/doc/vaulted-console.1.md @@ -11,15 +11,21 @@ SYNOPSIS `vaulted console` `vaulted console` *name* [*OPTIONS*] -`vaulted console --assume` *arn* [*OPTIONS*] -`vaulted console --duration` *duration* [*OPTIONS*] +`vaulted console --assume` *arn* [*OPTIONS*] DESCRIPTION ----------- -Opens the AWS console in the default web browser. Uses either the credentials in the current environment or the credentials in the specified vault. Console sessions either use the passed in duration, the provided vault's duration, or defaults to 1 hour. +Opens the AWS console in the default web browser. It will use the credentials +in the current environment unless a vault is specified, in which case it will +use the credentials in the vault. -Durations must be at least 15 minutes and less than 12 hours. +The session length will either use the passed in duration, the provided vault's +duration, or defaults to 1 hour in that order of preference. Durations must be +at least 15 minutes and less than 12 hours. + +This requires that you have the sts:GetFederationToken or sts:AssumeRole +permissions enabled for your user. OPTIONS ------- @@ -33,7 +39,8 @@ OPTIONS environment, configuration files, instance profile, etc.). `--duration` *duration* - Specifies the duration that the console session is valid. The duration must be within the range 15m-12h. + Specifies the duration that the console session is valid. The duration must + be within the range 15m-12h. ASSUMING A ROLE --------------- @@ -41,4 +48,6 @@ ASSUMING A ROLE A role to assume can be specified either in a vault's configuration (via `vaulted edit`) or specified via the `--assume` option. -Vaulted first opens the specified vault to retrieve the appropriate credentials. If a role is specified in the vault's configuration it will use that unless a role is explicitly passed in through the `--assume` option. \ No newline at end of file +Vaulted first opens the specified vault to retrieve the appropriate credentials. +If a role is specified in the vault's configuration it will use that unless a +role is explicitly passed in through the `--assume` option. \ No newline at end of file diff --git a/man.go b/man.go index 4cc865b..6fe47af 100644 --- a/man.go +++ b/man.go @@ -99,7 +99,7 @@ func vaultedAdd1() (*asset, error) { return a, nil } -var _vaultedConsole1 = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x94\x54\xcd\x8e\xdb\x36\x10\xbe\xeb\x29\xbe\x5b\x12\xc0\x26\xe0\x00\x79\x00\x67\xb3\xe8\x1a\x68\x6c\xc3\xda\x34\x28\xaa\x1e\x68\x69\x68\x0d\x2a\x91\x02\x87\xb2\xba\x6f\x5f\x90\x92\x76\xbd\xc6\xba\xc1\xde\x2c\x0e\xe7\xf3\x7c\x3f\x43\xf5\xf8\x80\xb3\xee\x9b\x40\x55\xb1\x2c\x9d\x15\xd7\x10\x56\x99\xca\x1f\xb0\x5d\x7f\xbf\xcf\xd4\x7e\x9f\x4d\x75\xcc\xe5\x62\x89\x5d\x47\x56\x10\x6a\xc2\xfa\x67\xfe\x5c\x60\x9b\x8e\x2a\x32\xb1\x03\x03\x1d\x71\xf4\x6e\x10\xf2\x09\x30\xff\x73\xbb\xdb\xe7\x9b\x3c\x81\x16\xe6\x6b\x61\xee\xae\xa0\x0b\x73\xc8\xd4\xd1\xdf\x2c\xa2\x30\x1b\xab\x5b\x2a\xcc\x1e\x7f\x15\x66\xb3\xdb\x3f\x6e\x76\xdb\xbc\x30\xfb\xbf\x6f\xf7\xa1\x58\x16\x4b\x2d\xd2\xb7\x33\x84\xf6\xf6\xfd\x08\x55\xef\x75\x60\x67\x27\x8c\x97\xcf\x37\x80\xf2\x07\x7c\xbb\xcf\xef\x0e\x9b\x74\x98\xf8\xbe\x57\x31\x85\x1f\x42\x02\xe2\x50\x93\x4f\x97\x4a\x4f\x15\xd9\xc0\xba\x91\xb9\xaf\xec\xbd\x27\x1b\x40\xf6\xcc\xde\xd9\x36\xfe\x76\x37\x6f\x4b\x47\x25\x1b\xa6\x6a\x74\x5c\xe1\x6e\x9a\x42\x48\x84\x9d\x7d\xfe\xb7\x5e\x28\x35\x74\x5a\x84\xaa\xd8\x3e\xb3\x5d\x8c\xe7\xde\x9d\xb9\x9a\x71\x3e\xc8\x45\xd9\xf9\x99\x8c\x20\x38\xac\x50\xbb\xde\xab\xa4\xc0\xb7\xe9\x92\xa0\xed\x25\xe0\x48\xd0\x01\x0d\x69\x09\x58\x7d\x41\xcb\xb6\x0f\x24\xd0\xb6\x42\x43\x12\xa5\xd2\x16\xab\xcf\x09\x40\x54\xd2\x74\xd2\x38\x53\x8f\x73\x7e\x6e\x58\x9b\xe5\x13\xd5\x51\x71\xd3\x37\x0d\xd6\x87\x2d\x9c\x49\xdf\x3e\x92\x0e\x0e\x63\xa7\x42\x4e\x84\xc2\x7c\x5d\xe7\xf9\x8f\xef\x9b\xed\x6f\x58\xe3\xb0\xfb\xfd\x3e\x3a\x7b\xa4\xc6\x0d\x99\x49\xac\x82\xe6\x46\xe0\x2c\x6a\x37\xe0\x8f\x29\x21\x23\x84\x24\xc8\x38\xe5\x66\x9f\x1d\x22\x7a\x3a\xef\x22\x5d\xb4\xfa\x29\x92\xed\xc8\x1b\xe7\x5b\xaa\x30\x70\xa8\x5d\x1f\x26\x3f\x9e\xd8\x9e\xa0\x47\x29\xe3\x50\xd2\xe9\xc1\xc2\x78\xd7\xaa\xec\x67\x4d\x16\x6c\xcf\xee\x1f\xaa\x10\x6a\x16\x0c\xfa\x69\xf1\xca\x5b\xed\x09\xe2\x7a\x5f\x52\x95\x9a\x9e\xb3\xd4\xb8\x72\x92\xfb\x23\xa9\x93\xca\x2e\x32\xb2\x88\xf9\x33\x7c\x9a\x0c\x81\xe1\x86\x64\x01\xb6\x12\xb4\x2d\x93\xbf\xf1\x68\x01\x0a\xa5\xfa\xa4\x2e\xf6\xf5\xff\x17\x21\x03\x80\xd7\xd2\xcf\xd5\x68\x67\x18\x83\xf9\x3a\x74\x60\xc1\x59\x37\x5c\x29\x3c\x5e\xde\x9f\x33\x12\xc5\x9a\xf2\xeb\xb5\x3d\x11\x56\x5f\xda\x62\xb9\xfa\x5c\x8f\x91\xb8\xf2\x2c\x8d\xba\xbe\x32\x18\xa5\xb6\x11\xea\x25\xff\x53\xce\xd9\xce\xc2\x7f\x90\x2b\x49\x3e\x9e\x59\x5f\x3d\x06\x54\x71\x28\xcc\xe1\x53\xcc\xf8\xc5\x2a\xb1\x4e\xc3\xbd\x95\x47\x97\x02\x30\xea\x37\x07\xc6\xb0\x97\x00\xf7\xfc\x1a\x5c\x2d\x65\x9c\xda\x53\xf0\x4c\xe7\x71\x07\x75\xd7\x79\xd7\x79\xd6\xe1\xd5\x4e\x2b\x6c\x0c\xf4\x48\x94\xe5\x02\x65\xd2\xea\x6d\x56\x1c\x30\x70\xd3\x4c\x0b\xae\x03\x7a\x9b\x76\xed\x05\x88\xfe\xed\x1a\x2e\x39\x34\x4f\x17\xdb\x1f\x6a\xef\xfa\x53\xfd\x2b\x9e\xc8\xfe\x0b\x00\x00\xff\xff\x43\x3a\xc9\x60\x4e\x06\x00\x00") +var _vaultedConsole1 = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x94\x94\x5f\xaf\xe2\x36\x10\xc5\xdf\xf3\x29\xce\xdb\xee\x4a\x10\x89\x95\xf6\xa5\x6f\xec\x9f\xee\x45\xea\x02\x22\xb4\xab\xaa\xe9\x83\x49\xc6\xc4\x5a\xc7\x4e\x67\x1c\x28\xdf\xbe\xb2\x93\x70\x81\xde\xab\xaa\x6f\xe0\xc9\x1c\xcf\x1c\xff\x66\xf2\xfd\x13\x4e\xaa\xb7\x81\xea\x72\x5e\x79\x27\xde\x12\x16\x59\x5e\x3c\x61\xbd\xfc\xf6\x25\xcb\xb7\xdb\x6c\x8c\x63\x0a\x97\x73\x6c\x3a\x72\x82\xd0\x10\x96\xdf\x8b\x6b\xc0\xb8\x74\x54\x93\x8e\x19\x38\xd3\x01\x07\xf6\x67\x21\x4e\x82\xc5\xef\xeb\xcd\xb6\x58\x15\x49\xb4\xd4\x1f\x4b\xfd\xe9\x41\xba\xd4\xbb\x2c\x3f\xf0\xab\x41\x94\x7a\xe5\x54\x4b\xa5\xde\xe2\x8f\x52\xaf\x36\xdb\xfd\x6a\xb3\x2e\x4a\xbd\xfd\xf3\xf5\x3c\x94\xf3\x72\xae\x44\xfa\x76\x92\x50\xec\x5e\x54\x28\x9e\xf0\xf9\x4b\xf1\x69\xb7\x4a\x87\xa9\xcc\xff\xdb\x68\x8e\x55\xc0\xd9\x58\x8b\x5e\x28\x7d\x54\x31\xd5\xe4\x82\x51\x56\xb2\x31\xaf\xea\x99\xc9\x05\x90\x3b\x19\xf6\xae\x8d\xbf\x7b\x67\x49\x04\x6a\x78\x0d\x18\x81\x74\x54\x19\x6d\xa8\x9e\xc5\xfb\xce\x8d\xa9\x1a\x54\x4a\x08\x66\xb8\x21\x7b\xe1\x86\xa9\xb2\x24\x92\xa7\x0e\xf6\x0d\x41\x48\xc4\x78\x07\x4b\xee\x18\x9a\xa1\x3e\x32\xa1\x21\xbe\x96\xd9\x29\x11\xaa\x63\x7e\xdd\xb3\x0a\xc6\xbb\xd9\x70\xce\xfe\x64\x6a\xaa\x07\xc9\x37\x92\x3d\x87\x3d\x4f\x0e\x08\x82\xc7\x02\x8d\xef\x79\xa8\x40\x05\x78\xae\x89\xe1\x35\x3a\x26\x4d\x4c\xae\xa2\x1c\x9f\xc7\x64\x41\xdb\x4b\xc0\x81\x32\x15\x60\x49\x49\xc0\xe2\x03\x5a\xe3\xfa\x40\x02\xe5\x6a\x24\x37\x42\xa3\x1c\x16\xef\x93\xb0\x4c\xed\x18\x01\xd3\x5f\xbd\x61\x92\xe1\xa6\x8b\xef\xd1\xa8\xd3\xd0\x87\x04\xf9\xe9\x2b\x85\x9f\xa9\xa6\xe1\xaa\xbd\xff\x41\x2e\xd6\x1a\x23\xcb\x84\xc1\xce\x5b\xca\x3a\xe2\xd6\x24\x5b\x04\xe4\xd4\xc1\x52\x0d\xed\x39\xaa\x25\x57\x38\x4f\x40\x8c\x80\x64\xf9\x7e\x62\xf6\x15\x9c\xb2\x62\x7c\xaf\x01\x17\xdd\x5b\x8b\xe5\x6e\x1d\x1d\x88\xff\x39\x72\x13\x3c\x86\xcc\x1c\x05\x11\x4a\xfd\x71\x59\x14\xbf\x7e\x5b\xad\xbf\x62\x89\xdd\xe6\x97\x2f\x11\xcb\x03\x59\x7f\xce\x74\x72\x37\x28\x63\x05\xde\xa1\xf1\x67\xfc\x36\x72\x3d\x48\x48\x92\x8c\xae\xac\xb6\x59\xec\x68\x38\xef\x62\xcf\x68\xd5\x05\x07\x42\x47\xac\x3d\xb7\x54\xe3\x6c\x42\xe3\xfb\x30\x42\x75\x31\xee\x78\x45\x2d\x78\x48\xa7\xce\x0e\x9a\x7d\x9b\x67\xdf\x1b\x72\x30\xee\xe4\x7f\x50\x8d\x10\xdd\x3e\xab\xcb\xec\x0e\x32\xc5\x04\xf1\x3d\x57\xd1\x32\xf6\xed\x75\x10\xac\xaf\xc6\xe7\x7d\x4b\xf9\x31\xcf\x6e\x00\x9f\xc5\xe1\xd1\xe6\x38\x02\x00\x6d\x2c\x49\x24\x5b\x82\x72\x55\xe2\x2c\x1e\xcd\x40\xa1\xca\xdf\xe5\x37\x3b\x22\xfa\x3d\x41\x37\x3a\xfe\xfc\x77\x9b\x01\xc0\xbd\xf5\x53\x74\xa0\x23\x4d\xc8\x38\xb7\xd3\x1c\x18\xc1\x49\x59\x53\xe7\xd8\xdf\x7e\x1f\x99\x4c\x7a\x07\x4a\x86\x8d\xc3\xc4\xca\x1d\x09\x8b\x0f\x6d\x39\x5f\xbc\x6f\x06\x2c\x1e\xde\x2d\x95\xbb\x7c\x78\x64\x54\xca\x45\xa9\xeb\x20\x4f\x33\x67\xdc\x64\xfe\x1b\x79\xb0\xe5\xed\xc9\xa8\x87\x35\x46\xb5\x09\xa5\xde\xbd\x4b\x0c\x5f\xa5\x4e\x46\xa5\xe2\x5e\x62\xd2\x27\x08\x06\x0f\x27\x68\xb4\x61\x09\xf0\xd7\x75\x76\xa3\x34\x51\xc0\x14\xd8\xd0\x38\x47\xaa\xeb\xd8\x77\x6c\x54\xb8\x5b\x30\x79\xb6\xd2\x50\x43\xa3\xb7\x3b\xea\x6e\xf1\xfc\xab\x2b\x73\xb7\x13\xd5\xf3\xb6\xcb\x26\x21\xfa\xbb\xb3\xa6\x32\xc1\x5e\x6e\x36\x51\x68\xd8\xf7\xc7\xe6\x3f\xfb\xfc\x27\x00\x00\xff\xff\x3a\x82\xf2\x35\xc5\x06\x00\x00") func vaultedConsole1Bytes() ([]byte, error) { return bindataRead(