This repository has been archived by the owner on Jun 7, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcredential-process.go
110 lines (95 loc) · 2.79 KB
/
credential-process.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
package bmx
import (
"encoding/json"
"fmt"
"log"
"time"
"github.com/rtkwlf/bmx/saml/serviceProviders/aws"
"github.com/rtkwlf/bmx/console"
"github.com/rtkwlf/bmx/saml/identityProviders"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/rtkwlf/bmx/saml/serviceProviders"
)
type CredentialProcessCmdOptions struct {
Org string
User string
Account string
NoMask bool
Password string
Role string
Output string
Factor string
}
type CredentialProcessResult struct {
Version int
AccessKeyId string
SecretAccessKey string
SessionToken string
Expiration time.Time
}
func GetUserInfoFromCredentialProcessCmdOptions(printOptions CredentialProcessCmdOptions) serviceProviders.UserInfo {
user := serviceProviders.UserInfo{
Org: printOptions.Org,
User: printOptions.User,
Account: printOptions.Account,
NoMask: printOptions.NoMask,
Password: printOptions.Password,
Role: printOptions.Role,
Factor: printOptions.Factor,
}
return user
}
func selectRoleFromSaml(saml string, desiredRole string, awsProvider serviceProviders.ServiceProvider, consolerw console.ConsoleReader) (role aws.AwsRole, err error) {
roles, err := awsProvider.ListRoles(saml)
if err != nil {
return role, err
}
if len(roles) == 0 {
return role, fmt.Errorf("No roles available from SAML")
}
if desiredRole == "" {
roleLabels := []string{}
for _, role := range roles {
roleLabels = append(roleLabels, role.Name)
}
index, err := consolerw.Option("AWS Account Role", "Select a role: ", roleLabels)
if err != nil {
return role, err
}
desiredRole = roleLabels[index]
}
role, err = aws.FindAwsRoleByName(desiredRole, roles)
if err != nil {
return role, err
}
return role, nil
}
func CredentialProcess(idProvider identityProviders.IdentityProvider, awsProvider serviceProviders.ServiceProvider, consolerw console.ConsoleReader, printOptions CredentialProcessCmdOptions) string {
printOptions.User = getUserIfEmpty(consolerw, printOptions.User)
user := GetUserInfoFromCredentialProcessCmdOptions(printOptions)
saml, err := authenticate(user, idProvider, consolerw)
if err != nil {
log.Fatal(err)
}
role, err := selectRoleFromSaml(saml, printOptions.Role, awsProvider, consolerw)
if err != nil {
log.Fatal(err)
}
creds := awsProvider.GetCredentials(saml, role)
command := credentialProcessCommand(printOptions, creds)
return command
}
func credentialProcessCommand(printOptions CredentialProcessCmdOptions, creds *sts.Credentials) string {
result := &CredentialProcessResult{
Version: 1,
AccessKeyId: *creds.AccessKeyId,
SecretAccessKey: *creds.SecretAccessKey,
SessionToken: *creds.SessionToken,
Expiration: *creds.Expiration,
}
b, err := json.Marshal(result)
if err != nil {
return ""
}
return string(b)
}