provider

package

v1.1.6 Latest Latest Go to latest Published: Jul 13, 2022 License: MIT Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/autonomic-ai/aws-okta

Documentation ¶

Overview ¶

manages auth sessions for Okta applications

Index ¶

Constants
func GetNode(n *html.Node, name string) (val string, node *html.Node)
func GetRoleARN(c credentials.Value) (string, error)
func GetRoleFromSAML(resp *Response, profileARN string) (string, string, error)
func ParseSAML(body []byte, resp *SAMLAssertion) (err error)
type AWSSAMLProvider
- func NewAWSSAMLProvider(sessions SessionCacheInterface, profile string, opts AWSSAMLProviderOptions, ...) (*AWSSAMLProvider, error)
- func (p *AWSSAMLProvider) GetRoleARNWithRegion(creds credentials.Value) (string, error)
- func (p *AWSSAMLProvider) GetSAMLLoginURL() (*url.URL, error)
- func (p *AWSSAMLProvider) Retrieve() (credentials.Value, error)
type AWSSAMLProviderOptions
- func (o *AWSSAMLProviderOptions) ApplyDefaults()
- func (o *AWSSAMLProviderOptions) Validate() error
type Assertion
type AssumableRole
- func GetRole(roleList AssumableRoles, profileARN string) (AssumableRole, error)
type AssumableRoles
- func GetAssumableRolesFromSAML(resp *Response) (AssumableRoles, error)
type Attribute
type AttributeStatement
type AttributeValue
type Conditions
type NameID
type OktaClient
type Response
type SAMLAssertion
type SAMLRoleSelection
type SessionCacheInterface
type Status
type StatusCode
type Subject
type SubjectConfirmation
type SubjectConfirmationData

Constants ¶

View Source

const (
	MaxSessionDuration    = time.Hour * 24 * 90
	MinSessionDuration    = time.Minute * 15
	MinAssumeRoleDuration = time.Minute * 15
	MaxAssumeRoleDuration = time.Hour * 12

	DefaultSessionDuration    = time.Hour * 4
	DefaultAssumeRoleDuration = time.Minute * 15
)

Variables ¶

This section is empty.

Functions ¶

func GetNode ¶

func GetNode(n *html.Node, name string) (val string, node *html.Node)

func GetRoleARN ¶

func GetRoleARN(c credentials.Value) (string, error)

GetRoleARN makes a call to AWS to get-caller-identity and returns the assumed role's name and ARN.

func GetRoleFromSAML ¶

func GetRoleFromSAML(resp *Response, profileARN string) (string, string, error)

func ParseSAML ¶

func ParseSAML(body []byte, resp *SAMLAssertion) (err error)

Types ¶

type AWSSAMLProvider ¶

type AWSSAMLProvider struct {
	credentials.Expiry
	AWSSAMLProviderOptions

	Expires time.Time
	// contains filtered or unexported fields
}

func NewAWSSAMLProvider ¶

func NewAWSSAMLProvider(sessions SessionCacheInterface, profile string, opts AWSSAMLProviderOptions, oktaClient OktaClient, selector SAMLRoleSelection) (*AWSSAMLProvider, error)

creates a new AWS saml provider

func (*AWSSAMLProvider) GetRoleARNWithRegion ¶

func (p *AWSSAMLProvider) GetRoleARNWithRegion(creds credentials.Value) (string, error)

GetRoleARN uses temporary credentials to call AWS's get-caller-identity and returns the assumed role's ARN

func (*AWSSAMLProvider) GetSAMLLoginURL ¶

func (p *AWSSAMLProvider) GetSAMLLoginURL() (*url.URL, error)

get the full Okta SAML login url, including domain.

func (*AWSSAMLProvider) Retrieve ¶

func (p *AWSSAMLProvider) Retrieve() (credentials.Value, error)

Gets a set of STS credentials to access AWS services.

type AWSSAMLProviderOptions ¶

type AWSSAMLProviderOptions struct {
	SessionDuration    time.Duration
	AssumeRoleDuration time.Duration
	ExpiryWindow       time.Duration
	Profiles           lib.Profiles
	AssumeRoleArn      string

	// this option is deprecated.
	// It will be ignored.
	SessionCacheSingleItem bool
}

func (*AWSSAMLProviderOptions) ApplyDefaults ¶

func (o *AWSSAMLProviderOptions) ApplyDefaults()

updates aws saml configuration with package provided defaults.

func (*AWSSAMLProviderOptions) Validate ¶

func (o *AWSSAMLProviderOptions) Validate() error

validates aws saml configuration options.

type Assertion ¶

type Assertion struct {
	XMLName            xml.Name
	ID                 string `xml:"ID,attr"`
	Version            string `xml:"Version,attr"`
	XS                 string `xml:"xmlns:xs,attr"`
	XSI                string `xml:"xmlns:xsi,attr"`
	SAML               string `xml:"saml,attr"`
	IssueInstant       string `xml:"IssueInstant,attr"`
	Subject            Subject
	Conditions         Conditions
	AttributeStatement AttributeStatement
}

type AssumableRole ¶

type AssumableRole struct {
	Role      string
	Principal string
}

func GetRole ¶

func GetRole(roleList AssumableRoles, profileARN string) (AssumableRole, error)

type AssumableRoles ¶

type AssumableRoles []AssumableRole

func GetAssumableRolesFromSAML ¶

func GetAssumableRolesFromSAML(resp *Response) (AssumableRoles, error)

type Attribute ¶

type Attribute struct {
	XMLName         xml.Name
	Name            string           `xml:",attr"`
	FriendlyName    string           `xml:",attr"`
	NameFormat      string           `xml:",attr"`
	AttributeValues []AttributeValue `xml:"AttributeValue"`
}

type AttributeStatement ¶

type AttributeStatement struct {
	XMLName    xml.Name
	Attributes []Attribute `xml:"Attribute"`
}

type AttributeValue ¶

type AttributeValue struct {
	XMLName xml.Name
	Type    string `xml:"xsi:type,attr"`
	Value   string `xml:",innerxml"`
}

type Conditions ¶

type Conditions struct {
	XMLName      xml.Name
	NotBefore    string `xml:",attr"`
	NotOnOrAfter string `xml:",attr"`
}

type NameID ¶

type NameID struct {
	XMLName xml.Name
	Format  string `xml:",attr"`
	Value   string `xml:",innerxml"`
}

type OktaClient ¶

type OktaClient interface {
	AuthenticateUser() error
	GetSessionToken() string
	Request(method string, path string, queryParams url.Values, data []byte, format string, followRedirects bool) (*http.Response, error)
	GetURL(string) (*url.URL, error)
}

type Response ¶

type Response struct {
	XMLName      xml.Name
	SAMLP        string `xml:"xmlns:saml2p,attr"`
	SAML         string `xml:"xmlns:saml2,attr"`
	SAMLSIG      string `xml:"xmlns:saml2sig,attr"`
	Destination  string `xml:"Destination,attr"`
	ID           string `xml:"ID,attr"`
	Version      string `xml:"Version,attr"`
	IssueInstant string `xml:"IssueInstant,attr"`
	InResponseTo string `xml:"InResponseTo,attr"`

	Assertion Assertion `xml:"Assertion"`
	Status    Status    `xml:"Status"`
}

type SAMLAssertion ¶

type SAMLAssertion struct {
	Resp    *Response
	RawData []byte
}

type SAMLRoleSelection ¶

type SAMLRoleSelection interface {
	ChooseRole(roles []AssumableRole) (int, error)
}

type SessionCacheInterface ¶

type SessionCacheInterface interface {
	Get(session.Key) (*session.Session, error)
	Put(session.Key, *session.Session) error
}

type Status ¶

type Status struct {
	XMLName    xml.Name
	StatusCode StatusCode `xml:"StatusCode"`
}

type StatusCode ¶

type StatusCode struct {
	XMLName xml.Name
	Value   string `xml:",attr"`
}

type Subject ¶

type Subject struct {
	XMLName             xml.Name
	NameID              NameID
	SubjectConfirmation SubjectConfirmation
}

type SubjectConfirmation ¶

type SubjectConfirmation struct {
	XMLName                 xml.Name
	Method                  string `xml:",attr"`
	SubjectConfirmationData SubjectConfirmationData
}

type SubjectConfirmationData ¶

type SubjectConfirmationData struct {
	InResponseTo string `xml:",attr"`
	NotOnOrAfter string `xml:",attr"`
	Recipient    string `xml:",attr"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL