Documentation ¶
Index ¶
- Variables
- func AssignPrincipals(awsRoles []*AWSRole, awsAccounts []*AWSAccount)
- func ExtractAwsRoles(data []byte) ([]string, error)
- func PromptForLoginDetails(loginDetails *LoginDetails) error
- type ADFS2Client
- type ADFSClient
- type AWSAccount
- type AWSRole
- type AuthRequest
- type ConfigLoader
- func (p *ConfigLoader) LoadHostname() (string, error)
- func (p *ConfigLoader) LoadProvider(defaultValue string) (string, error)
- func (p *ConfigLoader) LoadUsername() (string, error)
- func (p *ConfigLoader) SaveHostname(hostname string) error
- func (p *ConfigLoader) SaveProvider(provider string) error
- func (p *ConfigLoader) SaveUsername(username string) error
- type CredentialsProvider
- type ErrMissingElement
- type JumpCloudClient
- type KeyCloakClient
- type LoginDetails
- type OktaClient
- type PingFedClient
- type Provider
- type SAMLClient
- type SAMLOptions
- type VerifyRequest
Constants ¶
This section is empty.
Variables ¶
var ( // ErrCredentialsHomeNotFound returned when a user home directory can't be located. ErrCredentialsHomeNotFound = errors.New("user home directory not found") // ErrCredentialsNotFound returned when the required aws credentials don't exist. ErrCredentialsNotFound = errors.New("aws credentials not found") )
var ( // ErrConfigHomeNotFound returned when a user home directory can't be located. ErrConfigHomeNotFound = errors.New("user home directory not found") // ErrConfigFileNotFound returned when the required aws credentials file doesn't exist. ErrConfigFileNotFound = errors.New("aws credentials file not found") )
var (
ErrMissingAssertion = ErrMissingElement{Tag: assertionTag}
)
ErrMissingAssertion indicates that an appropriate assertion element could not be found in the SAML Response
Functions ¶
func AssignPrincipals ¶ added in v1.8.0
func AssignPrincipals(awsRoles []*AWSRole, awsAccounts []*AWSAccount)
AssignPrincipals assign principal from roles
func ExtractAwsRoles ¶
ExtractAwsRoles given an assertion document extract the aws roles
func PromptForLoginDetails ¶ added in v1.1.0
func PromptForLoginDetails(loginDetails *LoginDetails) error
PromptForLoginDetails prompt the user to present their username, password and hostname
Types ¶
type ADFS2Client ¶ added in v1.4.0
type ADFS2Client struct {
// contains filtered or unexported fields
}
func NewADFS2Client ¶ added in v1.4.0
func NewADFS2Client(skipVerify bool) (*ADFS2Client, error)
func (*ADFS2Client) Authenticate ¶ added in v1.4.0
func (ac *ADFS2Client) Authenticate(loginDetails *LoginDetails) (string, error)
type ADFSClient ¶
type ADFSClient struct {
// contains filtered or unexported fields
}
ADFSClient wrapper around ADFS enabling authentication and retrieval of assertions
func NewADFSClient ¶
func NewADFSClient(skipVerify bool) (*ADFSClient, error)
NewADFSClient create a new ADFS client
func (*ADFSClient) Authenticate ¶
func (ac *ADFSClient) Authenticate(loginDetails *LoginDetails) (string, error)
Authenticate authenticate to ADFS and return the data from the body of the SAML assertion.
type AWSAccount ¶ added in v1.5.0
AWSAccount holds the AWS account name and roles
func ExtractAWSAccounts ¶ added in v1.5.0
func ExtractAWSAccounts(data []byte) ([]*AWSAccount, error)
ExtractAWSAccounts extract the accounts from the AWS html page
func ParseAWSAccounts ¶ added in v1.5.0
func ParseAWSAccounts(samlAssertion string) ([]*AWSAccount, error)
ParseAWSAccounts extract the aws accounts from the saml assertion
type AWSRole ¶
AWSRole aws role attributes
func LocateRole ¶ added in v1.8.0
LocateRole locate role by name
func ParseAWSRoles ¶ added in v1.3.0
ParseAWSRoles parses and splits the roles while also validating the contents
func PromptForAWSRoleSelection ¶
func PromptForAWSRoleSelection(accounts []*AWSAccount) (*AWSRole, error)
PromptForAWSRoleSelection present a list of roles to the user for selection
type AuthRequest ¶ added in v1.6.1
AuthRequest represents an mfa okta request
type ConfigLoader ¶ added in v1.1.0
ConfigLoader loads config options
func NewConfigLoader ¶ added in v1.1.0
func NewConfigLoader(profile string) *ConfigLoader
NewConfigLoader helper to create the config
func (*ConfigLoader) LoadHostname ¶ added in v1.1.0
func (p *ConfigLoader) LoadHostname() (string, error)
LoadHostname load the hostname
func (*ConfigLoader) LoadProvider ¶ added in v1.3.0
func (p *ConfigLoader) LoadProvider(defaultValue string) (string, error)
LoadProvider load the provider
func (*ConfigLoader) LoadUsername ¶ added in v1.1.0
func (p *ConfigLoader) LoadUsername() (string, error)
LoadUsername load the username
func (*ConfigLoader) SaveHostname ¶ added in v1.1.0
func (p *ConfigLoader) SaveHostname(hostname string) error
SaveHostname persist the hostname
func (*ConfigLoader) SaveProvider ¶ added in v1.3.0
func (p *ConfigLoader) SaveProvider(provider string) error
SaveProvider persist the provider
func (*ConfigLoader) SaveUsername ¶ added in v1.1.0
func (p *ConfigLoader) SaveUsername(username string) error
SaveUsername persist the username
type CredentialsProvider ¶
CredentialsProvider loads aws credentials file
func NewSharedCredentials ¶
func NewSharedCredentials(profile string) *CredentialsProvider
NewSharedCredentials helper to create the credentials provider
func (*CredentialsProvider) CredsExists ¶ added in v1.8.3
func (p *CredentialsProvider) CredsExists() (bool, error)
CredsExists verify that the credentials exist
func (*CredentialsProvider) Load ¶ added in v1.2.0
func (p *CredentialsProvider) Load() (string, string, string, error)
Load load the aws credentials file
func (*CredentialsProvider) Save ¶
func (p *CredentialsProvider) Save(id, secret, token string) error
Save persist the credentials
type ErrMissingElement ¶
type ErrMissingElement struct {
Tag, Attribute string
}
ErrMissingElement is the error type that indicates an element and/or attribute is missing. It provides a structured error that can be more appropriately acted upon.
func (ErrMissingElement) Error ¶
func (e ErrMissingElement) Error() string
type JumpCloudClient ¶ added in v1.5.0
type JumpCloudClient struct {
// contains filtered or unexported fields
}
JumpCloudClient is a wrapper representing a JumpCloud SAML client
func NewJumpCloudClient ¶ added in v1.5.0
func NewJumpCloudClient(skipVerify bool) (*JumpCloudClient, error)
NewJumpCloudClient creates a new JumpCloud client
func (*JumpCloudClient) Authenticate ¶ added in v1.5.0
func (jc *JumpCloudClient) Authenticate(loginDetails *LoginDetails) (string, error)
Authenticate logs into JumpCloud and returns a SAML response
type KeyCloakClient ¶ added in v1.7.0
type KeyCloakClient struct {
// contains filtered or unexported fields
}
KeyCloakClient wrapper around KeyCloak.
func NewKeyCloakClient ¶ added in v1.7.0
func NewKeyCloakClient(skipVerify bool) (*KeyCloakClient, error)
NewKeyCloakClient create a new KeyCloakClient
func (*KeyCloakClient) Authenticate ¶ added in v1.7.0
func (kc *KeyCloakClient) Authenticate(loginDetails *LoginDetails) (string, error)
Authenticate logs into KeyCloak and returns a SAML response
type LoginDetails ¶ added in v1.1.0
LoginDetails used to authenticate to ADFS
func (*LoginDetails) Validate ¶ added in v1.8.1
func (ld *LoginDetails) Validate() error
Validate validate the login details
type OktaClient ¶ added in v1.6.0
type OktaClient struct {
// contains filtered or unexported fields
}
OktaClient is a wrapper representing a Okta SAML client
func NewOktaClient ¶ added in v1.6.0
func NewOktaClient(skipVerify bool) (*OktaClient, error)
NewOktaClient creates a new Okta client
func (*OktaClient) Authenticate ¶ added in v1.6.0
func (oc *OktaClient) Authenticate(loginDetails *LoginDetails) (string, error)
Authenticate logs into Okta and returns a SAML response
type PingFedClient ¶ added in v1.3.0
type PingFedClient struct {
// contains filtered or unexported fields
}
PingFedClient wrapper around PingFed + PingId enabling authentication and retrieval of assertions
func NewPingFedClient ¶ added in v1.3.0
func NewPingFedClient(skipVerify bool) (*PingFedClient, error)
NewPingFedClient create a new PingFed client
func (*PingFedClient) Authenticate ¶ added in v1.3.0
func (ac *PingFedClient) Authenticate(loginDetails *LoginDetails) (string, error)
Authenticate Authenticate to PingFed and return the data from the body of the SAML assertion.
type SAMLClient ¶ added in v1.3.0
type SAMLClient interface {
Authenticate(loginDetails *LoginDetails) (string, error)
}
SAMLClient client interface
func NewSAMLClient ¶ added in v1.3.0
func NewSAMLClient(opts *SAMLOptions) (SAMLClient, error)
NewSAMLClient create a new SAML client
type SAMLOptions ¶ added in v1.3.0
SAMLOptions options for the new SAML client
type VerifyRequest ¶ added in v1.6.1
type VerifyRequest struct {
StateToken string `json:"stateToken"`
}
VerifyRequest represents an mfa verify request