Documentation ¶
Index ¶
- Constants
- Variables
- type AWSAccount
- type AWSRole
- type AWSRoleFlat
- type AWSSSO
- func (as *AWSSSO) Authenticate(urlAction, browser string) error
- func (as *AWSSSO) CreateToken() error
- func (as *AWSSSO) GetAccounts() ([]AccountInfo, error)
- func (as *AWSSSO) GetAllTags() *TagsList
- func (as *AWSSSO) GetDeviceAuthInfo() (DeviceAuthInfo, error)
- func (as *AWSSSO) GetRoleCredentials(accountId int64, role string) (storage.RoleCredentials, error)
- func (as *AWSSSO) GetRoles(account AccountInfo) ([]RoleInfo, error)
- func (as *AWSSSO) RegisterClient() error
- func (as *AWSSSO) StartDeviceAuthorization() error
- func (as *AWSSSO) StoreKey() string
- type AccountInfo
- type Cache
- func (c *Cache) AddHistory(item string)
- func (c *Cache) CacheFile() string
- func (c *Cache) Expired(s *SSOConfig) error
- func (c *Cache) GetAllTagsSelect() *TagsList
- func (c *Cache) GetRole(arn string) (*AWSRoleFlat, error)
- func (c *Cache) GetRoleTagsSelect() *RoleTags
- func (c *Cache) MarkRolesExpired() error
- func (c *Cache) NewRoles(as *AWSSSO, config *SSOConfig) (*Roles, error)
- func (c *Cache) Refresh(sso *AWSSSO, config *SSOConfig) error
- func (c *Cache) Save(updateTime bool) error
- func (c *Cache) SetRoleExpires(arn string, expires int64) error
- type ColorOptionFunction
- type DeviceAuthInfo
- type OverrideSettings
- type PromptColors
- type RoleInfo
- type RoleTags
- func (r *RoleTags) GetMatchCount(tags map[string]string) int
- func (r *RoleTags) GetMatchingRoles(tags map[string]string) []string
- func (r *RoleTags) GetPossibleUniqueRoles(tags map[string]string, key string, values []string) []string
- func (r *RoleTags) GetRoleTags(role string) map[string]string
- func (r *RoleTags) UsefulTags(tags map[string]string) []string
- type Roles
- func (r *Roles) AccountIds() []int64
- func (r *Roles) GetAccountRoles(accountId int64) map[string]*AWSRoleFlat
- func (r *Roles) GetAllRoles() []*AWSRoleFlat
- func (r *Roles) GetAllTags() *TagsList
- func (r *Roles) GetRole(accountId int64, roleName string) (*AWSRoleFlat, error)
- func (r *Roles) GetRoleChain(accountId int64, roleName string) []*AWSRoleFlat
- func (r *Roles) GetRoleTags() *RoleTags
- func (r *Roles) MatchingRoles(tags map[string]string) []*AWSRoleFlat
- func (r *Roles) MatchingRolesWithTagKey(key string) []*AWSRoleFlat
- type SSOAccount
- type SSOConfig
- func (c *SSOConfig) CreatedAt() int64
- func (s *SSOConfig) GetAllTags() *TagsList
- func (s *SSOConfig) GetRole(accountId int64, role string) (*SSORole, error)
- func (s *SSOConfig) GetRoleMatches(tags map[string]string) []*SSORole
- func (s *SSOConfig) GetRoles() []*SSORole
- func (c *SSOConfig) Refresh(s *Settings)
- type SSORole
- type Settings
- func (s *Settings) ConfigFile() string
- func (s *Settings) CreatedAt() int64
- func (s *Settings) DefaultOptions(exit prompt.ExitChecker) []prompt.Option
- func (s *Settings) GetColorOptions() []prompt.Option
- func (s *Settings) GetDefaultRegion(accountId int64, roleName string, noRegion bool) string
- func (s *Settings) GetSelectedSSO(name string) (*SSOConfig, error)
- func (s *Settings) Save(configFile string, overwrite bool) error
- type TagsList
Constants ¶
const ( // The default values for ODIC defined in: // https://tools.ietf.org/html/draft-ietf-oauth-device-flow-15#section-3.5 SLOW_DOWN_SEC = 5 RETRY_INTERVAL = 5 )
const ( AWS_SSO_SESSION_EXPIRATION_FORMAT = "2006-01-02 15:04:05 -0700 MST" CACHE_TTL = 60 * 60 * 24 // 1 day in seconds )
const CACHE_VERSION = 2
Variables ¶
var DEFAULT_ACCOUNT_PRIMARY_TAGS []string = []string{
"AccountName",
"AccountAlias",
"Email",
}
var PROMPT_COLORS map[string]prompt.Color = map[string]prompt.Color{
"DefaultColor": prompt.DefaultColor,
"Black": prompt.Black,
"DarkRed": prompt.DarkRed,
"DarkGreen": prompt.DarkGreen,
"Brown": prompt.Brown,
"DarkBlue": prompt.DarkBlue,
"Purple": prompt.Purple,
"Cyan": prompt.Cyan,
"LightGrey": prompt.LightGray,
"DarkGrey": prompt.DarkGray,
"Red": prompt.Red,
"Green": prompt.Green,
"Yellow": prompt.Yellow,
"Blue": prompt.Blue,
"Fuchsia": prompt.Fuchsia,
"Turquoise": prompt.Turquoise,
"White": prompt.White,
}
var PROMPT_COLOR_FUNCS map[string]ColorOptionFunction = map[string]ColorOptionFunction{
"OptionDescriptionBGColor": prompt.OptionDescriptionBGColor,
"OptionDescriptionTextColor": prompt.OptionInputTextColor,
"OptionInputBGColor": prompt.OptionInputBGColor,
"OptionInputTextColor": prompt.OptionInputTextColor,
"OptionPrefixBackgroundColor": prompt.OptionPrefixBackgroundColor,
"OptionPrefixTextColor": prompt.OptionPrefixTextColor,
"OptionPreviewSuggestionBGColor": prompt.OptionPreviewSuggestionBGColor,
"OptionPreviewSuggestionTextColor": prompt.OptionPreviewSuggestionTextColor,
"OptionScrollbarBGColor": prompt.OptionScrollbarBGColor,
"OptionScrollbarThumbColor": prompt.OptionScrollbarThumbColor,
"OptionSelectedDescriptionBGColor": prompt.OptionSelectedDescriptionBGColor,
"OptionSelectedDescriptionTextColor": prompt.OptionSelectedSuggestionTextColor,
"OptionSelectedSuggestionBGColor": prompt.OptionSelectedSuggestionBGColor,
"OptionSelectedSuggestionTextColor": prompt.OptionSelectedSuggestionTextColor,
"OptionSuggestionBGColor": prompt.OptionSuggestionBGColor,
"OptionSuggestionTextColor": prompt.OptionSuggestionTextColor,
}
Functions ¶
This section is empty.
Types ¶
type AWSAccount ¶
type AWSAccount struct { Alias string `json:"Alias,omitempty"` // from AWS Name string `json:"Name,omitempty"` // from config EmailAddress string `json:"EmailAddress,omitempty"` Tags map[string]string `json:"Tags,omitempty"` Roles map[string]*AWSRole `json:"Roles,omitempty"` DefaultRegion string `json:"DefaultRegion,omitempty"` }
AWSAccount and AWSRole is how we store the data
type AWSRoleFlat ¶
type AWSRoleFlat struct { Id int `header:"Id"` AccountId int64 `json:"AccountId" header:"AccountId"` AccountName string `json:"AccountName" header:"AccountName"` AccountAlias string `json:"AccountAlias" header:"AccountAlias"` EmailAddress string `json:"EmailAddress" header:"EmailAddress"` Expires int64 `json:"Expires" header:"ExpiresEpoch"` ExpiresStr string `json:"-" header:"Expires"` Arn string `json:"Arn" header:"ARN"` RoleName string `json:"RoleName" header:"Role"` Profile string `json:"Profile" header:"Profile"` DefaultRegion string `json:"DefaultRegion" header:"DefaultRegion"` SSORegion string `json:"SSORegion" header:"SSORegion"` StartUrl string `json:"StartUrl" header:"StartUrl"` Tags map[string]string `json:"Tags"` // not supported by GenerateTable Via string `json:"Via" header:"Via"` }
This is what we always return for a role definition
func (*AWSRoleFlat) ExpiresIn ¶
func (r *AWSRoleFlat) ExpiresIn() (string, error)
ExpiresIn returns how long until this role expires as a string
func (*AWSRoleFlat) IsExpired ¶
func (r *AWSRoleFlat) IsExpired() bool
IsExpired returns if this role has expired or has no creds available
type AWSSSO ¶
type AWSSSO struct { ClientName string `json:"ClientName"` ClientType string `json:"ClientType"` SsoRegion string `json:"ssoRegion"` StartUrl string `json:"startUrl"` ClientData storage.RegisterClientData `json:"RegisterClient"` DeviceAuth storage.StartDeviceAuthData `json:"StartDeviceAuth"` Token storage.CreateTokenResponse `json:"TokenResponse"` Accounts []AccountInfo `json:"Accounts"` Roles map[string][]RoleInfo `json:"Roles"` SSOConfig *SSOConfig `json:"SSOConfig"` // contains filtered or unexported fields }
func (*AWSSSO) Authenticate ¶
func (*AWSSSO) GetAccounts ¶
func (as *AWSSSO) GetAccounts() ([]AccountInfo, error)
func (*AWSSSO) GetAllTags ¶
returns all of the available tags from AWS SSO
func (*AWSSSO) GetDeviceAuthInfo ¶
func (as *AWSSSO) GetDeviceAuthInfo() (DeviceAuthInfo, error)
func (*AWSSSO) GetRoleCredentials ¶
GetRoleCredentials recursively does any sts:AssumeRole calls as necessary for role-chaining through `Via` and returns the final set of RoleCredentials for the requested role
func (*AWSSSO) RegisterClient ¶
Does the needful to talk to AWS or read our cache to get the RegisterClientData
func (*AWSSSO) StartDeviceAuthorization ¶
Makes the call to AWS to initiate the OIDC auth to the SSO provider.
type AccountInfo ¶
type AccountInfo struct { Id int `yaml:"Id" json:"Id" header:"Id"` AccountId string `yaml:"AccountId" json:"AccountId" header:"AccountId"` AccountName string `yaml:"AccountName" json:"AccountName" header:"AccountName"` EmailAddress string `yaml:"EmailAddress" json:"EmailAddress" header:"EmailAddress"` }
func (AccountInfo) GetAccountId64 ¶
func (ai AccountInfo) GetAccountId64() int64
type Cache ¶
type Cache struct { Version int64 `json:"Version"` CreatedAt int64 `json:"CreatedAt"` // this cache.json ConfigCreatedAt int64 `json:"ConfigCreatedAt"` // track config.yaml History []string `json:"History,omitempty"` Roles *Roles `json:"Roles,omitempty"` // contains filtered or unexported fields }
Our Cachefile. Sub-structs defined in sso/cache.go
func (*Cache) AddHistory ¶
adds a role to the History list up to the max number of entries and then removes the History tag from any roles that aren't in our list
func (*Cache) Expired ¶
Expired returns if our Roles cache data is too old. If configFile is a valid file, we check the lastModificationTime of that file vs. the ConfigCreatedAt to determine if the cache needs to be updated
func (*Cache) GetAllTagsSelect ¶
returns all tags, but with with spaces replaced with underscores
func (*Cache) GetRoleTagsSelect ¶
GetRoleTagsSelect returns all the tags for each role with all the spaces replaced with underscores
func (*Cache) MarkRolesExpired ¶
func (*Cache) Refresh ¶
Refresh updates our cached Roles based on AWS SSO & our Config but does not save this data!
type ColorOptionFunction ¶
type ColorOptionFunction func(prompt.Color) prompt.Option
type DeviceAuthInfo ¶
type OverrideSettings ¶
type PromptColors ¶
type PromptColors struct { DescriptionBGColor string DescriptionTextColor string InputBGColor string InputTextColor string PrefixBackgroundColor string PrefixTextColor string PreviewSuggestionBGColor string PreviewSuggestionTextColor string ScrollbarBGColor string ScrollbarThumbColor string SelectedDescriptionBGColor string SelectedDescriptionTextColor string SelectedSuggestionBGColor string SelectedSuggestionTextColor string SuggestionBGColor string SuggestionTextColor string }
type RoleInfo ¶
type RoleInfo struct { Id int `yaml:"Id" json:"Id" header:"Id"` Arn string `yaml:"-" json:"-" header:"Arn"` RoleName string `yaml:"RoleName" json:"RoleName" header:"RoleName"` AccountId string `yaml:"AccountId" json:"AccountId" header:"AccountId"` AccountName string `yaml:"AccountName" json:"AccountName" header:"AccountName"` EmailAddress string `yaml:"EmailAddress" json:"EmailAddress" header:"EmailAddress"` Expires int64 `yaml:"Expires" json:"Expires" header:"Expires"` Profile string `yaml:"Profile" json:"Profile" header:"Profile"` Region string `yaml:"Region" json:"Region" header:"Region"` SSORegion string `header:"SSORegion"` StartUrl string `header:"StartUrl"` Via string `header:"Via"` }
type RoleTags ¶
RoleTags provides an interface to find roles which match a set of tags
func (*RoleTags) GetMatchingRoles ¶
GetMatchingRoles returns the roles which match all the tags
func (*RoleTags) GetPossibleUniqueRoles ¶
func (r *RoleTags) GetPossibleUniqueRoles(tags map[string]string, key string, values []string) []string
GetPossibleMatches is like GetMatchingRoles, but takes another key and a list of values and it returns the unique set of all roles which match the base tags and all the possible combnations of key/values
type Roles ¶
type Roles struct { Accounts map[int64]*AWSAccount `json:"Accounts"` SSORegion string `json:"SSORegion"` StartUrl string `json:"StartUrl"` DefaultRegion string `json:"DefaultRegion"` }
main struct holding all our Roles discovered via AWS SSO and via the config.yaml
func (*Roles) AccountIds ¶
AccountIds returns all the configured AWS SSO AccountIds
func (*Roles) GetAccountRoles ¶
func (r *Roles) GetAccountRoles(accountId int64) map[string]*AWSRoleFlat
GetAccountRoles returns all the roles for a given account
func (*Roles) GetAllRoles ¶
func (r *Roles) GetAllRoles() []*AWSRoleFlat
AllRoles returns all the Roles as a flat list
func (*Roles) GetAllTags ¶
GetAllTags returns all the unique key/tag pairs for every role
func (*Roles) GetRole ¶
func (r *Roles) GetRole(accountId int64, roleName string) (*AWSRoleFlat, error)
Role returns the specified role as an AWSRoleFlat
func (*Roles) GetRoleChain ¶
func (r *Roles) GetRoleChain(accountId int64, roleName string) []*AWSRoleFlat
GetRoleChain figures out the AssumeRole chain required to assume the given role
func (*Roles) GetRoleTags ¶
GetRoleTags returns all the tags for each role
func (*Roles) MatchingRoles ¶
func (r *Roles) MatchingRoles(tags map[string]string) []*AWSRoleFlat
MatchingRoles returns all the roles matching the given tags
func (*Roles) MatchingRolesWithTagKey ¶
func (r *Roles) MatchingRolesWithTagKey(key string) []*AWSRoleFlat
MatchingRolesWithTagKey returns the roles that have the tag key
type SSOAccount ¶
type SSOAccount struct { Name string `koanf:"Name" yaml:"Name,omitempty"` // Admin configured Account Name Tags map[string]string `koanf:"Tags" yaml:"Tags,omitempty" ` Roles map[string]*SSORole `koanf:"Roles" yaml:"Roles,omitempty"` DefaultRegion string `koanf:"DefaultRegion" yaml:"DefaultRegion,omitempty"` // contains filtered or unexported fields }
func (*SSOAccount) GetAllTags ¶
func (a *SSOAccount) GetAllTags(id int64) map[string]string
GetAllTags returns all of the user defined tags and calculated tags for this account
func (*SSOAccount) HasRole ¶
func (a *SSOAccount) HasRole(arn string) bool
HasRole returns true/false if the given Account has the provided arn
func (*SSOAccount) SetParentConfig ¶
func (a *SSOAccount) SetParentConfig(c *SSOConfig)
type SSOConfig ¶
type SSOConfig struct { SSORegion string `koanf:"SSORegion" yaml:"SSORegion"` StartUrl string `koanf:"StartUrl" yaml:"StartUrl"` Accounts map[int64]*SSOAccount `koanf:"Accounts" yaml:"Accounts,omitempty"` DefaultRegion string `koanf:"DefaultRegion" yaml:"DefaultRegion,omitempty"` // contains filtered or unexported fields }
func (*SSOConfig) CreatedAt ¶
CreatedAt returns the Unix epoch seconds that this config file was created at
func (*SSOConfig) GetAllTags ¶
returns all of the available account & role tags for our SSO Provider
func (*SSOConfig) GetRoleMatches ¶
GetRoleMatches finds all the roles which match all of the given tags
type SSORole ¶
type SSORole struct { ARN string `yaml:"ARN"` Profile string `koanf:"Profile" yaml:"Profile,omitempty"` Tags map[string]string `koanf:"Tags" yaml:"Tags,omitempty"` DefaultRegion string `koanf:"DefaultRegion" yaml:"DefaultRegion,omitempty"` Via string `koanf:"Via" yaml:"Via,omitempty"` ExternalId string `koanf:"ExternalId" yaml:"ExternalId,omitempty"` SourceIdentity string `koanf:"SourceIdentity" yaml:"SourceIdentity,omitempty"` // contains filtered or unexported fields }
func (*SSORole) GetAccountId ¶
GetAccountId returns the accountId portion of the ARN or empty string on error
func (*SSORole) GetAccountId64 ¶
GetAccountId64 returns the accountId portion of the ARN
func (*SSORole) GetAllTags ¶
GetAllTags returns all of the user defined and calculated tags for this role
func (*SSORole) GetRoleName ¶
GetRoleName returns the role name portion of the ARN
func (*SSORole) SetParentAccount ¶
func (r *SSORole) SetParentAccount(a *SSOAccount)
type Settings ¶
type Settings struct { Cache *Cache `yaml:"-"` // our cache data SSO map[string]*SSOConfig `koanf:"SSOConfig" yaml:"SSOConfig,omitempty"` DefaultSSO string `koanf:"DefaultSSO" yaml:"DefaultSSO,omitempty"` // specify default SSO by key SecureStore string `koanf:"SecureStore" yaml:"SecureStore,omitempty"` // json or keyring DefaultRegion string `koanf:"DefaultRegion" yaml:"DefaultRegion,omitempty"` ConsoleDuration int64 `koanf:"ConsoleDuration" yaml:"ConsoleDuration,omitempty"` JsonStore string `koanf:"JsonStore" yaml:"JsonStore,omitempty"` UrlAction string `koanf:"UrlAction" yaml:"UrlAction,omitempty"` Browser string `koanf:"Browser" yaml:"Browser,omitempty"` ProfileFormat string `koanf:"ProfileFormat" yaml:"ProfileFormat,omitempty"` AccountPrimaryTag []string `koanf:"AccountPrimaryTag" yaml:"AccountPrimaryTag,omitempty"` PromptColors PromptColors `koanf:"PromptColors" yaml:"PromptColors,omitempty"` // go-prompt colors LogLevel string `koanf:"LogLevel" yaml:"LogLevel,omitempty"` LogLines bool `koanf:"LogLines" yaml:"LogLines,omitempty"` HistoryLimit int64 `koanf:"HistoryLimit" yaml:"HistoryLimit,omitempty"` HistoryMinutes int64 `koanf:"HistoryMinutes" yaml:"HistoryMinutes,omitempty"` ListFields []string `koanf:"ListFields" yaml:"ListFields,omitempty"` // contains filtered or unexported fields }
func LoadSettings ¶
func LoadSettings(configFile, cacheFile string, defaults map[string]interface{}, override OverrideSettings) (*Settings, error)
Loads our settings from config, cache and CLI args
func (*Settings) ConfigFile ¶
func (*Settings) DefaultOptions ¶
func (s *Settings) DefaultOptions(exit prompt.ExitChecker) []prompt.Option
Our default and common prompt.Options for all CLI interface
func (*Settings) GetColorOptions ¶
func (s *Settings) GetColorOptions() []prompt.Option
GetPromptOptions returns a list of promp.Options for prompt.New()
func (*Settings) GetDefaultRegion ¶
GetDefaultRegion scans the config settings file to pick the most local DefaultRegion from the tree for the given role
func (*Settings) GetSelectedSSO ¶
GetSelectedSSO returns a valid SSOConfig based on user intput, configured value or our hardcoded 'Default' if it exists and name is empty String
type TagsList ¶
TagsList provides the necessary struct finding all the possible tag key/values
func NewTagsList ¶
func NewTagsList() *TagsList
func (*TagsList) UniqueKeys ¶
Returns a sorted unique list of tag keys, removing any keys which have already been picked
func (*TagsList) UniqueValues ¶
Returns a sorted unique list of tag values for the given key