sso

package
v1.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 3, 2021 License: GPL-3.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// The default values for ODIC defined in:
	// https://tools.ietf.org/html/draft-ietf-oauth-device-flow-15#section-3.5
	SLOW_DOWN_SEC  = 5
	RETRY_INTERVAL = 5
)
View Source 
const (
	AWS_SESSION_EXPIRATION_FORMAT = "2006-01-02 15:04:05 -0700 MST"
	CACHE_TTL                     = 60 * 60 * 24 // 1 day in seconds
)

Variables

View Source 
var DEFAULT_ACCOUNT_PRIMARY_TAGS []string = []string{
	"AccountName",
	"AccountAlias",
	"Email",
}
View Source 
var PROMPT_COLORS map[string]prompt.Color = map[string]prompt.Color{
	"DefaultColor": prompt.DefaultColor,

	"Black":     prompt.Black,
	"DarkRed":   prompt.DarkRed,
	"DarkGreen": prompt.DarkGreen,
	"Brown":     prompt.Brown,
	"DarkBlue":  prompt.DarkBlue,
	"Purple":    prompt.Purple,
	"Cyan":      prompt.Cyan,
	"LightGrey": prompt.LightGray,

	"DarkGrey":  prompt.DarkGray,
	"Red":       prompt.Red,
	"Green":     prompt.Green,
	"Yellow":    prompt.Yellow,
	"Blue":      prompt.Blue,
	"Fuchsia":   prompt.Fuchsia,
	"Turquoise": prompt.Turquoise,
	"White":     prompt.White,
}
View Source 
var PROMPT_COLOR_FUNCS map[string]ColorOptionFunction = map[string]ColorOptionFunction{
	"OptionDescriptionBGColor":           prompt.OptionDescriptionBGColor,
	"OptionDescriptionTextColor":         prompt.OptionInputTextColor,
	"OptionInputBGColor":                 prompt.OptionInputBGColor,
	"OptionInputTextColor":               prompt.OptionInputTextColor,
	"OptionPrefixBackgroundColor":        prompt.OptionPrefixBackgroundColor,
	"OptionPrefixTextColor":              prompt.OptionPrefixTextColor,
	"OptionPreviewSuggestionBGColor":     prompt.OptionPreviewSuggestionBGColor,
	"OptionPreviewSuggestionTextColor":   prompt.OptionPreviewSuggestionTextColor,
	"OptionScrollbarBGColor":             prompt.OptionScrollbarBGColor,
	"OptionScrollbarThumbColor":          prompt.OptionScrollbarThumbColor,
	"OptionSelectedDescriptionBGColor":   prompt.OptionSelectedDescriptionBGColor,
	"OptionSelectedDescriptionTextColor": prompt.OptionSelectedSuggestionTextColor,
	"OptionSelectedSuggestionBGColor":    prompt.OptionSelectedSuggestionBGColor,
	"OptionSelectedSuggestionTextColor":  prompt.OptionSelectedSuggestionTextColor,
	"OptionSuggestionBGColor":            prompt.OptionSuggestionBGColor,
	"OptionSuggestionTextColor":          prompt.OptionSuggestionTextColor,
}

Functions

This section is empty.

Types

type AWSAccount 

type AWSAccount struct {
	Alias         string              `json:"Alias,omitempty"` // from AWS
	Name          string              `json:"Name,omitempty"`  // from config
	EmailAddress  string              `json:"EmailAddress,omitempty"`
	Tags          map[string]string   `json:"Tags,omitempty"`
	Roles         map[string]*AWSRole `json:"Roles,omitempty"`
	DefaultRegion string              `json:"DefaultRegion,omitempty"`
}

AWSAccount and AWSRole is how we store the data

type AWSRole 

type AWSRole struct {
	Arn           string            `json:"Arn"`
	DefaultRegion string            `json:"DefaultRegion,omitempty"`
	Expires       int64             `json:"Expires,omitempty"` // Seconds since Unix Epoch
	Profile       string            `json:"Profile,omitempty"`
	Tags          map[string]string `json:"Tags,omitempty"`
	Via           string            `json:"Via,omitempty"`
}

type AWSRoleFlat 

type AWSRoleFlat struct {
	Id            int               `header:"Id"`
	AccountId     int64             `json:"AccountId" header:"AccountId"`
	AccountName   string            `json:"AccountName" header:"AccountName"`
	AccountAlias  string            `json:"AccountAlias" header:"AccountAlias"`
	EmailAddress  string            `json:"EmailAddress" header:"EmailAddress"`
	Expires       int64             `json:"Expires"`            // used in cache
	ExpiresStr    string            `json:"-" header:"Expires"` // used by `list` command
	Arn           string            `json:"Arn" header:"ARN"`
	RoleName      string            `json:"RoleName" header:"Role"`
	Profile       string            `json:"Profile" header:"Profile"`
	DefaultRegion string            `json:"DefaultRegion" header:"DefaultRegion"`
	SSORegion     string            `json:"SSORegion" header:"SSORegion"`
	StartUrl      string            `json:"StartUrl" header:"StartUrl"`
	Tags          map[string]string `json:"Tags"` // not supported by GenerateTable
	Via           string            `json:"Via" header:"Via"`
	SelectTags    map[string]string // tags without spaces
}

This is what we always return for a role definition

func (*AWSRoleFlat) ExpiresIn 

func (r *AWSRoleFlat) ExpiresIn() (string, error)

ExpiresIn returns how long until this role expires as a string

func (AWSRoleFlat) GetHeader 

func (f AWSRoleFlat) GetHeader(fieldName string) (string, error)

func (*AWSRoleFlat) IsExpired 

func (r *AWSRoleFlat) IsExpired() bool

IsExpired returns if this role has expired or has no creds available

type AWSSSO 

type AWSSSO struct {
	ClientName string                      `json:"ClientName"`
	ClientType string                      `json:"ClientType"`
	SsoRegion  string                      `json:"ssoRegion"`
	StartUrl   string                      `json:"startUrl"`
	ClientData storage.RegisterClientData  `json:"RegisterClient"`
	DeviceAuth storage.StartDeviceAuthData `json:"StartDeviceAuth"`
	Token      storage.CreateTokenResponse `json:"TokenResponse"`
	Accounts   []AccountInfo               `json:"Accounts"`
	Roles      map[string][]RoleInfo       `json:"Roles"`
	// contains filtered or unexported fields
}

func NewAWSSSO 

func NewAWSSSO(ssoRegion, startUrl string, store *storage.SecureStorage) *AWSSSO

func (*AWSSSO) Authenticate 

func (as *AWSSSO) Authenticate(urlAction, browser string) error

func (*AWSSSO) CreateToken 

func (as *AWSSSO) CreateToken() error

Blocks until we have a token

func (*AWSSSO) GetAccounts 

func (as *AWSSSO) GetAccounts() ([]AccountInfo, error)

func (*AWSSSO) GetAllTags 

func (as *AWSSSO) GetAllTags() *TagsList

returns all of the available tags from AWS SSO

func (*AWSSSO) GetDeviceAuthInfo 

func (as *AWSSSO) GetDeviceAuthInfo() (DeviceAuthInfo, error)

func (*AWSSSO) GetRoleCredentials 

func (as *AWSSSO) GetRoleCredentials(accountId int64, role string) (storage.RoleCredentials, error)

func (*AWSSSO) GetRoles 

func (as *AWSSSO) GetRoles(account AccountInfo) ([]RoleInfo, error)

func (*AWSSSO) RegisterClient 

func (as *AWSSSO) RegisterClient() error

Does the needful to talk to AWS or read our cache to get the RegisterClientData

func (*AWSSSO) StartDeviceAuthorization 

func (as *AWSSSO) StartDeviceAuthorization() error

Makes the call to AWS to initiate the OIDC auth to the SSO provider.

func (*AWSSSO) StoreKey 

func (as *AWSSSO) StoreKey() string

type AccountInfo 

type AccountInfo struct {
	Id           int    `yaml:"Id" json:"Id" header:"Id"`
	AccountId    string `yaml:"AccountId" json:"AccountId" header:"AccountId"`
	AccountName  string `yaml:"AccountName" json:"AccountName" header:"AccountName"`
	EmailAddress string `yaml:"EmailAddress" json:"EmailAddress" header:"EmailAddress"`
}

func (AccountInfo) GetAccountId64 

func (ai AccountInfo) GetAccountId64() int64

func (AccountInfo) GetHeader 

func (ai AccountInfo) GetHeader(fieldName string) (string, error)

type Cache 

type Cache struct {
	CreatedAt       int64    `json:"CreatedAt"`       // this cache.json
	ConfigCreatedAt int64    `json:"ConfigCreatedAt"` // track config.yaml
	History         []string `json:"History,omitempty"`
	Roles           *Roles   `json:"Roles,omitempty"`
	// contains filtered or unexported fields
}

Our Cachefile. Sub-structs defined in sso/cache.go

func (*Cache) AddHistory 

func (c *Cache) AddHistory(item string, max int)

adds a role to the History list up to the max number of entries

func (*Cache) CacheFile 

func (c *Cache) CacheFile() string

func (*Cache) Expired 

func (c *Cache) Expired(s *SSOConfig) error

Expired returns if our Roles cache data is too old. If configFile is a valid file, we check the lastModificationTime of that file vs. the ConfigCreatedAt to determine if the cache needs to be updated

func (*Cache) GetRole 

func (c *Cache) GetRole(arn string) (*AWSRoleFlat, error)

func (*Cache) MarkRolesExpired 

func (c *Cache) MarkRolesExpired() error

func (*Cache) NewRoles 

func (c *Cache) NewRoles(as *AWSSSO, config *SSOConfig) (*Roles, error)

Merges the AWS SSO and our Config file to create our Roles struct

func (*Cache) Refresh 

func (c *Cache) Refresh(sso *AWSSSO, config *SSOConfig) error

Refresh updates our cached Roles based on AWS SSO & our Config but does not save this data!

func (*Cache) Save 

func (c *Cache) Save(updateTime bool) error

Save saves our cache to the current file

func (*Cache) SetRoleExpires 

func (c *Cache) SetRoleExpires(arn string, expires int64) error

Update the Expires time in the cache. expires is Unix epoch time in sec

type ColorOptionFunction 

type ColorOptionFunction func(prompt.Color) prompt.Option

type DeviceAuthInfo 

type DeviceAuthInfo struct {
	VerificationUri         string
	VerificationUriComplete string
	UserCode                string
}

type OverrideSettings 

type OverrideSettings struct {
	Browser    string
	DefaultSSO string
	LogLevel   string
	LogLines   bool
	UrlAction  string
}

type PromptColors 

type PromptColors struct {
	DescriptionBGColor           string
	DescriptionTextColor         string
	InputBGColor                 string
	InputTextColor               string
	PrefixBackgroundColor        string
	PrefixTextColor              string
	PreviewSuggestionBGColor     string
	PreviewSuggestionTextColor   string
	ScrollbarBGColor             string
	ScrollbarThumbColor          string
	SelectedDescriptionBGColor   string
	SelectedDescriptionTextColor string
	SelectedSuggestionBGColor    string
	SelectedSuggestionTextColor  string
	SuggestionBGColor            string
	SuggestionTextColor          string
}

type RoleInfo 

type RoleInfo struct {
	Id           int    `yaml:"Id" json:"Id" header:"Id"`
	Arn          string `yaml:"-" json:"-" header:"Arn"`
	RoleName     string `yaml:"RoleName" json:"RoleName" header:"RoleName"`
	AccountId    string `yaml:"AccountId" json:"AccountId" header:"AccountId"`
	AccountName  string `yaml:"AccountName" json:"AccountName" header:"AccountName"`
	EmailAddress string `yaml:"EmailAddress" json:"EmailAddress" header:"EmailAddress"`
	Expires      int64  `yaml:"Expires" json:"Expires" header:"Expires"`
	Profile      string `yaml:"Profile" json:"Profile" header:"Profile"`
	Region       string `yaml:"Region" json:"Region" header:"Region"`
	SSORegion    string `header:"SSORegion"`
	StartUrl     string `header:"StartUrl"`
}

func (RoleInfo) GetHeader 

func (ri RoleInfo) GetHeader(fieldName string) (string, error)

func (RoleInfo) RoleArn 

func (ri RoleInfo) RoleArn() string

type RoleTags 

type RoleTags map[string]map[string]string // ARN => TagKey => Value

RoleTags provides an interface to find roles which match a set of tags

func (*RoleTags) GetMatchCount 

func (r *RoleTags) GetMatchCount(tags map[string]string) int

func (*RoleTags) GetMatchingRoles 

func (r *RoleTags) GetMatchingRoles(tags map[string]string) []string

GetMatchingRoles returns the roles which match all the tags

func (*RoleTags) GetPossibleUniqueRoles 

func (r *RoleTags) GetPossibleUniqueRoles(tags map[string]string, key string, values []string) []string

GetPossibleMatches is like GetMatchingRoles, but takes another key and a list of values and it returns the unique set of all roles which match the base tags and all the possible combnations of key/values

func (*RoleTags) GetRoleTags 

func (r *RoleTags) GetRoleTags(role string) map[string]string

func (*RoleTags) UsefulTags 

func (r *RoleTags) UsefulTags(tags map[string]string) []string

UsefulTags takes a map of tag key/value pairs and returns a list of tag keys which result in additional filtering

type Roles 

type Roles struct {
	Accounts      map[int64]*AWSAccount `json:"Accounts"`
	SSORegion     string                `json:"SSORegion"`
	StartUrl      string                `json:"StartUrl"`
	DefaultRegion string                `json:"DefaultRegion"`
}

main struct holding all our Roles discovered via AWS SSO and via the config.yaml

func (*Roles) AccountIds 

func (r *Roles) AccountIds() []int64

AccountIds returns all the configured AWS SSO AccountIds

func (*Roles) GetAccountRoles 

func (r *Roles) GetAccountRoles(accountId int64) map[string]*AWSRoleFlat

AccountRoles returns all the roles for a given account

func (*Roles) GetAllRoles 

func (r *Roles) GetAllRoles() []*AWSRoleFlat

AllRoles returns all the Roles as a flat list

func (*Roles) GetAllTags 

func (r *Roles) GetAllTags() *TagsList

GetAllTags returns all the unique key/tag pairs for every role

func (*Roles) GetAllTagsSelect added in v1.2.0 

func (r *Roles) GetAllTagsSelect() *TagsList

returns all tags, but with with spaces replaced with underscores

func (*Roles) GetRole 

func (r *Roles) GetRole(accountId int64, roleName string) (*AWSRoleFlat, error)

Role returns the specified role as an AWSRoleFlat

func (*Roles) GetRoleChain 

func (r *Roles) GetRoleChain(accountId int64, roleName string) []*AWSRoleFlat

GetRoleChain figures out the AssumeRole chain required to assume the given role

func (*Roles) GetRoleTags 

func (r *Roles) GetRoleTags() *RoleTags

GetRoleTags returns all the tags for each role

func (*Roles) GetRoleTagsSelect added in v1.2.0 

func (r *Roles) GetRoleTagsSelect() *RoleTags

GetRoleTagsSelect returns all the tags for each role with all the spaces replaced with underscores

func (*Roles) MatchingRoles 

func (r *Roles) MatchingRoles(tags map[string]string) []*AWSRoleFlat

MatchingRoles returns all the roles matching the given tags

type SSOAccount 

type SSOAccount struct {
	Name          string              `koanf:"Name" yaml:"Name,omitempty"` // Admin configured Account Name
	Tags          map[string]string   `koanf:"Tags" yaml:"Tags,omitempty" `
	Roles         map[string]*SSORole `koanf:"Roles" yaml:"Roles,omitempty"`
	DefaultRegion string              `koanf:"DefaultRegion" yaml:"DefaultRegion,omitempty"`
	// contains filtered or unexported fields
}

func (*SSOAccount) GetAllTags 

func (a *SSOAccount) GetAllTags(id int64) map[string]string

GetAllTags returns all of the user defined tags and calculated tags for this account

func (*SSOAccount) HasRole 

func (a *SSOAccount) HasRole(arn string) bool

HasRole returns true/false if the given Account has the provided arn

type SSOConfig 

type SSOConfig struct {
	SSORegion     string                `koanf:"SSORegion" yaml:"SSORegion"`
	StartUrl      string                `koanf:"StartUrl" yaml:"StartUrl"`
	Accounts      map[int64]*SSOAccount `koanf:"Accounts" yaml:"Accounts,omitempty"`
	DefaultRegion string                `koanf:"DefaultRegion" yaml:"DefaultRegion,omitempty"`
	// contains filtered or unexported fields
}

func (*SSOConfig) ConfigFile added in v1.2.0 

func (c *SSOConfig) ConfigFile() string

ConfigFile returns the path to the config file

func (*SSOConfig) CreatedAt 

func (c *SSOConfig) CreatedAt() int64

CreatedAt returns the Unix epoch seconds that this config file was created at

func (*SSOConfig) GetAllTags 

func (s *SSOConfig) GetAllTags() *TagsList

returns all of the available account & role tags for our SSO Provider

func (*SSOConfig) GetRoleMatches 

func (s *SSOConfig) GetRoleMatches(tags map[string]string) []*SSORole

GetRoleMatches finds all the roles which match all of the given tags

func (*SSOConfig) GetRoles 

func (s *SSOConfig) GetRoles() []*SSORole

GetRoles returns a list of all the roles for this SSOConfig

func (*SSOConfig) Refresh 

func (c *SSOConfig) Refresh(s *Settings)

Refresh should be called any time you load the SSOConfig into memory or add a role to update the Role -> Account references

type SSORole 

type SSORole struct {
	ARN           string            `koanf:"ARN" yaml:"ARN"`
	Profile       string            `koanf:"Profile" yaml:"Profile,omitempty"`
	Tags          map[string]string `koanf:"Tags" yaml:"Tags,omitempty"`
	DefaultRegion string            `koanf:"DefaultRegion" yaml:"DefaultRegion,omitempty"`
	Via           string            `koanf:"Via" yaml:"Via,omitempty"`
	// contains filtered or unexported fields
}

func (*SSORole) GetAccountId 

func (r *SSORole) GetAccountId() string

GetAccountId returns the accountId portion of the ARN or empty string on error

func (*SSORole) GetAccountId64 

func (r *SSORole) GetAccountId64() int64

GetAccountId64 returns the accountId portion of the ARN

func (*SSORole) GetAllTags 

func (r *SSORole) GetAllTags() map[string]string

GetAllTags returns all of the user defined and calculated tags for this role

func (*SSORole) GetRoleName 

func (r *SSORole) GetRoleName() string

GetRoleName returns the role name portion of the ARN

func (*SSORole) SetParentAccount 

func (r *SSORole) SetParentAccount(a *SSOAccount)

type Settings 

type Settings struct {
	Cache             *Cache                // our cache data
	SSO               map[string]*SSOConfig `koanf:"SSOConfig" yaml:"SSOConfig,omitempty"`
	DefaultSSO        string                `koanf:"DefaultSSO" yaml:"DefaultSSO,omitempty"`   // specify default SSO by key
	SecureStore       string                `koanf:"SecureStore" yaml:"SecureStore,omitempty"` // json or keyring
	DefaultRegion     string                `koanf:"DefaultRegion" yaml:"DefaultRegion,omitempty"`
	JsonStore         string                `koanf:"JsonStore" yaml:"JsonStore,omitempty"`
	UrlAction         string                `koanf:"UrlAction" yaml:"UrlAction,omitempty"`
	Browser           string                `koanf:"Browser" yaml:"Browser,omitempty"`
	ProfileFormat     string                `koanf:"ProfileFormat" yaml:"ProfileFormat,omitempty"`
	AccountPrimaryTag []string              `koanf:"AccountPrimaryTag" yaml:"AccountPrimaryTag"`
	PromptColors      PromptColors          `koanf:"PromptColors" yaml:"PromptColors,omitempty"` // go-prompt colors
	LogLevel          string                `koanf:"LogLevel" yaml:"LogLevel,omitempty"`
	LogLines          bool                  `koanf:"LogLines" yaml:"LogLines,omitempty"`
	// contains filtered or unexported fields
}

func LoadSettings 

func LoadSettings(configFile, cacheFile string, defaults map[string]interface{}, override OverrideSettings) (*Settings, error)

Loads our settings from config, cache and CLI args

func (*Settings) ConfigFile 

func (s *Settings) ConfigFile() string

func (*Settings) CreatedAt 

func (s *Settings) CreatedAt() int64

func (*Settings) DefaultOptions 

func (s *Settings) DefaultOptions(exit prompt.ExitChecker) []prompt.Option

Our default and common prompt.Options for all CLI interface

func (*Settings) GetColorOptions 

func (s *Settings) GetColorOptions() []prompt.Option

GetPromptOptions returns a list of promp.Options for prompt.New()

func (*Settings) GetDefaultRegion 

func (s *Settings) GetDefaultRegion(accountId int64, roleName string) string

GetDefaultRegion returns the user defined AWS_DEFAULT_REGION for the specified role

func (*Settings) GetSelectedSSO 

func (s *Settings) GetSelectedSSO(name string) (*SSOConfig, error)

GetSelectedSSO returns a valid SSOConfig based on user intput, configured value or our hardcoded 'Default' if it exists.

func (*Settings) OpenCache added in v1.2.0 

func (s *Settings) OpenCache() (*Cache, error)

type TagsList 

type TagsList map[string][]string // tag key => list of values

TagsList provides the necessary struct finding all the possible tag key/values

func NewTagsList 

func NewTagsList() *TagsList

func (*TagsList) Add 

func (t *TagsList) Add(tag, v string)

Inserts the tag/value if it does not already exist in the sorted order

func (*TagsList) AddTags 

func (t *TagsList) AddTags(tags map[string]string)

AddTags inserts a map of tag/values if they do not already exist

func (*TagsList) Get 

func (t *TagsList) Get(key string) []string

Returns the list of values for the specified key

func (*TagsList) Merge 

func (t *TagsList) Merge(a *TagsList)

Merge adds all the new tags in a to the TagsList

func (*TagsList) UniqueKeys 

func (t *TagsList) UniqueKeys(picked []string) []string

Returns a sorted unique list of tag keys, removing any keys which have already been picked

func (*TagsList) UniqueValues 

func (t *TagsList) UniqueValues(key string) []string

Returns a sorted unique list of tag values for the given key

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.