Merge branch 'master' into Versentgh-847

.appveyor/appveyor.yml

@@ -7,8 +7,8 @@ environment:
     secure: 3kWTz99Qj+ipyaR73CxcJeGRRbmk84MF2ERDu6MyY10cjHAi6s3AVZ2Ccoa+Ioyt
   appName: saml2aws
 install:
-- set PATH=C:\msys64\mingw64\bin;C:\go118\bin;%PATH%
-- set GOROOT=C:\go118
+- set PATH=C:\msys64\mingw64\bin;C:\go120\bin;%PATH%
+- set GOROOT=C:\go120
 - ps: >-
     $VerbosePreference = 'Continue'
 

.github/win-msi/out/.gitignore

@@ -0,0 +1,2 @@
+**
+!.gitignore

.github/win-msi/src/saml2aws.wxs

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
+    <Product Id="*" UpgradeCode="042c301c-5154-4a77-9438-a01d4d2a9dd4" Version="$(var.Saml2AwsVer)" Language="1033" Name="saml2aws" Manufacturer="Versent">
+        <Package InstallerVersion="300" Compressed="yes" Description="!(bind.property.ProductName) !(bind.property.ProductVersion)" Platform="x64"/>
+        <Media Id="1" Cabinet="saml2aws.cab" EmbedCab="yes" />
+
+        <!-- Step 1: Define the directory structure -->
+        <Directory Id="TARGETDIR" Name="SourceDir">
+            <Directory Id="ProgramFiles64Folder">
+                <Directory Id="APPLICATIONROOTDIRECTORY" Name="Versent"/>
+            </Directory>
+        </Directory>
+
+        <!-- Step 2: Add files to your installer package -->
+        <DirectoryRef Id="APPLICATIONROOTDIRECTORY">
+            <Component Id="saml2aws.exe" Guid="4909b826-b4d1-4f46-9b55-ab765a04dc24" Win64="yes">
+                <File Id="saml2awscli" Name="saml2aws.exe" Source="src\bin\saml2aws.exe" KeyPath="yes" Checksum="yes"/>
+                <!-- Set the PATH  to include the binary -->
+                <Environment Id="PATH" Name="PATH" Value="[APPLICATIONROOTDIRECTORY]" Permanent="no" Part="last" Action="set" System="yes" />
+            </Component>
+        </DirectoryRef>
+
+        <!-- Step 3: Tell WiX to install the files -->
+        <Feature Id="MainApplication" Title="saml2aws CLI" Level="1">
+            <ComponentRef Id="saml2aws.exe" />
+        </Feature>
+    </Product>
+</Wix>

.github/win-msi/wix.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+candle src/saml2aws.wxs -dSaml2AwsVer=${VERSION} -o "out/"
+light -sval "out/saml2aws.wixobj" -o "out/saml2aws_${VERSION}_windows_amd64.msi"

.github/workflows/go.yml

@@ -13,19 +13,30 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-latest, macOS-latest, macos-11]
+        os: [ubuntu-18.04, macOS-latest, macos-11]
     steps:
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
-        go-version: 1.18.x
+        go-version: 1.20.x
 
     - name: Check out code into the Go module directory
       uses: actions/checkout@v3
 
     - name: Test
-      run: go test -v ./...
+      run: |
+        go install github.com/playwright-community/playwright-go/cmd/playwright
+        playwright install --with-deps
+        go test -v ./... -coverprofile=${{ matrix.os }}_coverage.txt -covermode=atomic
+
+    - name: Upload coverage report
+      uses: actions/upload-artifact@v3
+      with:
+        name: reports
+        path: ${{ matrix.os }}_coverage.txt
+        if-no-files-found: error
+        retention-days: 1        
 
     - name: Install
       run: go install ./cmd/saml2aws
@@ -36,9 +47,9 @@ jobs:
     steps:
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
-        go-version: 1.18.x
+        go-version: 1.20.x
 
     - name: Check out code into the Go module directory
       uses: actions/checkout@v3
@@ -48,6 +59,26 @@ jobs:
       with:
         version: v1.51.2
 
+  coverage:
+    name: coverage
+    permissions:
+      contents: read
+    runs-on: ubuntu-latest
+    needs: [build]
+    steps:
+    - uses: actions/checkout@v3
+    - name: Download coverage reports
+      uses: actions/download-artifact@v3
+      with:
+        name: reports
+        path: reports
+
+    - name: Codecov
+      uses: codecov/codecov-action@v3
+      with:
+        directory: reports
+        flags: unittests
+
   release-build:
     name: release-build
     strategy:
@@ -59,9 +90,9 @@ jobs:
     steps:
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
-        go-version: 1.18.x
+        go-version: 1.20.x
 
     - name: Check out code into the Go module directory
       uses: actions/checkout@v3
@@ -74,4 +105,10 @@ jobs:
       uses: goreleaser/goreleaser-action@v4
       with:
         version: latest
-        args: build --snapshot --rm-dist --config .goreleaser.${{ matrix.os }}.yml
+        args: build --snapshot --clean --config .goreleaser.${{ matrix.os }}.yml
+
+    - name: Upload
+      uses: actions/upload-artifact@v3
+      with:
+        name: saml2aws
+        path: dist/

.github/workflows/release.yml

@@ -3,7 +3,12 @@ name: release
 on:
   push:
     tags:
-    - '*'
+      - '*'
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: The tag to run against. This trigger only runs the MSI builder.
+        required: true
 
 jobs:
   release:
@@ -17,12 +22,13 @@ jobs:
         - ubuntu-latest
         - macos-latest
     runs-on: ${{ matrix.os }}
+    if: github.event_name != 'workflow_dispatch'
     steps:
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
-        go-version: 1.18.x
+        go-version: 1.20.x
 
     - name: Check out code into the Go module directory
       uses: actions/checkout@v3
@@ -35,6 +41,61 @@ jobs:
       uses: goreleaser/goreleaser-action@v4
       with:
         version: latest
-        args: release --rm-dist --config .goreleaser.${{ matrix.os }}.yml
+        args: release --clean --config .goreleaser.${{ matrix.os }}.yml
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  windows-msi:
+    name: Build Windows MSI and upload to release
+    runs-on: ubuntu-latest
+    needs: [release]
+    if: >-  # https://github.com/actions/runner/issues/491
+      always() &&
+      (needs.release.result == 'success' || needs.release.result == 'skipped')
+    env:
+      INSTALLER: ${{ github.workspace }}/.github/win-msi
+      BIN: ${{ github.workspace }}/.github/win-msi/src/bin
+      WIXIMG: dactiv/wix@sha256:17d232708589641f5632f9a1ff9463ad087b192cea7b8e6012d2b47ec6af5f6c
+    steps:
+    - name: Normalize tag values
+      run: |
+        if [[ "${{ github.event_name }}" == "workflow_dispatch" ]] ; then
+            VER=${{ github.event.inputs.tag }}
+        else
+            VER=${GITHUB_REF/refs\/tags\//}
+        fi
+
+        VERSION=${VER//v}
+
+        echo "VER_TAG=$VER" >> $GITHUB_ENV
+        echo "VERSION=$VERSION" >> $GITHUB_ENV
+        echo "ASSET=saml2aws_${VERSION}_windows_amd64.zip" >> $GITHUB_ENV
+
+    - name: Check out code
+      uses: actions/checkout@v3
+
+    - name: Retrieve the release asset
+      id: asset
+      uses: robinraju/release-downloader@768b85c8d69164800db5fc00337ab917daf3ce68  # v1.7
+      with:
+        repository: ${{ github.repository }}
+        tag: ${{ env.VER_TAG }}
+        fileName: ${{ env.ASSET }}
+        out-file-path: ${{ env.BIN }}
+
+    - name: Unzip asset
+      working-directory: ${{ env.BIN }}
+      run: unzip "${ASSET}"
+
+    - name: Build MSI
+      run: |
+        # container does not run as root
+        chmod -R o+rw "${INSTALLER}"
+
+        cat "${INSTALLER}/wix.sh" | docker run --rm -i -e VERSION -v "${INSTALLER}:/wix" ${WIXIMG} /bin/sh
+
+    - name: Upload the asset to the release
+      uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844  # v0.1.15 / v1
+      with:
+        tag_name: ${{ env.VER_TAG }}
+        files: ${{ env.INSTALLER }}/out/*.msi

.gitignore

@@ -11,6 +11,7 @@ vendor
 /package
 /stage
 coverage.txt
+coverage.xml
 .ctags
 .vscode
 bin/

Makefile

@@ -38,9 +38,9 @@ install:
 
 build: $(BIN_DIR)/goreleaser
 ifeq ($(OS),Darwin)
-	$(BIN_DIR)/goreleaser build --snapshot --rm-dist --config $(CURDIR)/.goreleaser.macos-latest.yml
+	$(BIN_DIR)/goreleaser build --snapshot --clean --config $(CURDIR)/.goreleaser.macos-latest.yml
 else ifeq ($(OS),Linux)
-	$(BIN_DIR)/goreleaser build --snapshot --rm-dist --config $(CURDIR)/.goreleaser.ubuntu-latest.yml
+	$(BIN_DIR)/goreleaser build --snapshot --clean --config $(CURDIR)/.goreleaser.ubuntu-latest.yml
 else
 	$(error Unsupported build OS: $(OS))
 endif

README.md

@@ -1,4 +1,7 @@
-# saml2aws [![GitHub Actions status](https://github.com/Versent/saml2aws/workflows/Go/badge.svg?branch=master)](https://github.com/Versent/saml2aws/actions?query=workflow%3AGo) [![Build status - Windows](https://ci.appveyor.com/api/projects/status/ptpi18kci16o4i82/branch/master?svg=true)](https://ci.appveyor.com/project/davidobrien1985/saml2aws/branch/master)
+# saml2aws
+
+[![GitHub Actions status](https://github.com/Versent/saml2aws/workflows/Go/badge.svg?branch=master)](https://github.com/Versent/saml2aws/actions?query=workflow%3AGo) [![Build status - Windows](https://ci.appveyor.com/api/projects/status/ptpi18kci16o4i82/branch/master?svg=true)](https://ci.appveyor.com/project/davidobrien1985/saml2aws/branch/master)
+[![codecov](https://codecov.io/gh/Versent/saml2aws/branch/master/graph/badge.svg)](https://codecov.io/gh/Versent/saml2aws)
 
 CLI tool which enables you to login and retrieve [AWS](https://aws.amazon.com/) temporary credentials using
 with [ADFS](https://msdn.microsoft.com/en-us/library/bb897402.aspx) or [PingFederate](https://www.pingidentity.com/en/products/pingfederate.html) Identity Providers.
@@ -18,25 +21,47 @@ The process goes something like this:
 
 ## Table of Contents
 
-- [Table of Contents](#table-of-contents)
-- [Requirements](#requirements)
-- [Caveats](#caveats)
-- [Install](#install)
+- [saml2aws](#saml2aws)
+  - [Table of Contents](#table-of-contents)
+  - [Requirements](#requirements)
+  - [Caveats](#caveats)
+  - [Install](#install)
     - [OSX](#osx)
     - [Windows](#windows)
     - [Linux](#linux)
-- [Autocomplete](#autocomplete)
-- [Dependency Setup](#dependency-setup)
-- [Usage](#usage)
+      - [Using Make](#using-make)
+      - [Arch Linux and its derivatives](#arch-linux-and-its-derivatives)
+      - [Void Linux](#void-linux)
+  - [Autocomplete](#autocomplete)
+    - [Bash](#bash)
+    - [Zsh](#zsh)
+  - [Dependency Setup](#dependency-setup)
+  - [Usage](#usage)
     - [`saml2aws script`](#saml2aws-script)
+    - [`saml2aws exec`](#saml2aws-exec)
     - [Configuring IDP Accounts](#configuring-idp-accounts)
-- [Example](#example)
-- [Advanced Configuration](#advanced-configuration)
-    - [Dev Account Setup](#dev-account-setup)
-    - [Test Account Setup](#test-account-setup)
-- [Building](#building)
-- [Environment vars](#environment-vars)
-- [Provider Specific Documentation](#provider-specific-documentation)
+  - [Example](#example)
+  - [Advanced Configuration](#advanced-configuration)
+    - [Windows Subsystem Linux (WSL) Configuration](#windows-subsystem-linux-wsl-configuration)
+      - [Option 1: Disable Keychain](#option-1-disable-keychain)
+      - [Option 2: Configure Pass to be the default keyring](#option-2-configure-pass-to-be-the-default-keyring)
+    - [Configuring Multiple Accounts](#configuring-multiple-accounts)
+      - [Dev Account Setup](#dev-account-setup)
+      - [Test Account Setup](#test-account-setup)
+  - [Advanced Configuration (Multiple AWS account access but SAML authenticate against a single 'SSO' AWS account)](#advanced-configuration-multiple-aws-account-access-but-saml-authenticate-against-a-single-sso-aws-account)
+  - [Advanced Configuration - additional parameters](#advanced-configuration---additional-parameters)
+  - [Building](#building)
+    - [macOS](#macos)
+    - [Linux](#linux-1)
+  - [Environment vars](#environment-vars)
+  - [Provider Specific Documentation](#provider-specific-documentation)
+- [Dependencies](#dependencies)
+- [Releasing](#releasing)
+- [Debugging Issues with IDPs](#debugging-issues-with-idps)
+- [Using saml2aws as credential process](#using-saml2aws-as-credential-process)
+- [Caching the saml2aws SAML assertion for immediate reuse](#caching-the-saml2aws-saml-assertion-for-immediate-reuse)
+- [Okta Sessions](#okta-sessions)
+- [License](#license)
 
 ## Requirements
 
@@ -52,7 +77,7 @@ The process goes something like this:
   * [Akamai](pkg/provider/akamai/README.md)
   * OneLogin
   * NetIQ
-  * Browser, this uses [playwright-go](github.com/mxschmitt/playwright-go) to run a sandbox chromium window.
+  * Browser, this uses [playwright-go](github.com/playwright-community/playwright-go) to run a sandbox chromium window.
   * [Auth0](pkg/provider/auth0/README.md) NOTE: Currently, MFA not supported
 * AWS SAML Provider configured
 
@@ -96,6 +121,19 @@ hash -r
 saml2aws --version
 ```
 
+#### Using Make
+
+You will need [Go Tools](https://golang.org/doc/install) (you can check your package maintainer as well) installed and the [Go Lint tool](https://github.com/alecthomas/gometalinter)
+
+Clone this repo to your `$GOPATH/src` directory
+
+Now you can install by running 
+
+```
+make
+make install
+```
+
 #### [Arch Linux](https://archlinux.org/) and its derivatives
 
 The `saml2aws` tool is available in AUR ([saml2aws-bin](https://aur.archlinux.org/packages/saml2aws-bin/)), so you can install it using an available AUR helper: