v1.1.2-0...-9571e6d Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 22, 2020 License: MIT Imports: 28 Imported by: 0



Package gossamer is a toolkit for assuming AWS roles concurrently via permanent credentials or SAML. Its behavior is driven by a Config struct that defines auth flows that are defined by their starter credentials, the primary mappings, and secondary mappings. Mappings are a concept of a role ARN tied to a profile entry name with some additional metadata. Secondary mappings are aware that they must be assumed using a previously established primary mapping.

Each flow can then be executed using its Execute method which will run the appropriate auth flow and collect the mappings' credentials.

After the flow has been executed the GetAcfmgrProfileInputs method can be called in order to collect the results of the mappings as inputs for the Acfmgr package which is a helper utility for writing AWS credential profile entries to a file.



This section is empty.


This section is empty.


func WriteConfigToFile

func WriteConfigToFile(gc *Config, filename string) (err error)

WriteConfigToFile takes a Config object and writes it to the desired filename


type Assumptions

type Assumptions struct {
	AllRoles bool      `yaml:"all_roles"`
	Mappings []Mapping `yaml:"mappings"`
	// contains filtered or unexported fields

Assumptions holds the configuration for the roles that will be assumed using both the primary and secondary credentials Primary: In the case of SAML that's the roles in the assertion. In the case of key and key-mfa it's the roles that will be assumed directly Secondary: Secondary assumptions' mappings rely on sponsor credentials that are presumed to be obtained from primary mappings

type CParam

type CParam struct {
	Source string `yaml:"source"`
	Value  string `yaml:"value,omitempty"`
	// contains filtered or unexported fields

CParam provides a way to identify sources for config parameters that are more robust that simple key value. For example you can say that a configuration parameter is sourced from an environment variable or from a prompt in addition to just raw value. It has a gather() method which is used to retrieve its value.

type Config

type Config struct {
	OutFile string  `yaml:"output_file"`
	Flows   []*Flow `yaml:"flows"`

Config is an internal struct for storing configuration needed to run this application

var GConf Config

GConf holds config and exports for use in other packages

func GenerateConfigSkeleton

func GenerateConfigSkeleton() *Config

GenerateConfigSkeleton sets up a sample Config object and with a bunch of sample values set and returns it

func (*Config) ConvertLegacyFlagsToConfig

func (gc *Config) ConvertLegacyFlagsToConfig(gfl *GossFlags) (err error)

ConvertLegacyFlagsToConfig takes a GossFlags struct that's built using command parameters via the flag package and converts them into the Config struct that gossamer will use for the majority of its operations. Mainly used to help backward compatibility with gossamer 1.x

func (*Config) Dump

func (gc *Config) Dump() string

Dump returns a string of the full parsed configuration

func (*Config) ParseConfigFile

func (gc *Config) ParseConfigFile(filename string) (err error)

ParseConfigFile takes a yaml filename as input and attempts to parse it into a config object.

type Flow

type Flow struct {
	Name                 string           `yaml:"name"`
	SAMLConfig           *SAMLConfig      `yaml:"saml_config,omitempty"`
	PermCredsConfig      *PermCredsConfig `yaml:"permanent,omitempty"`
	PAss                 *Assumptions     `yaml:"primary_assumptions,omitempty"`
	SAss                 *Assumptions     `yaml:"secondary_assumptions,omitempty"`
	DurationSeconds      int64            `yaml:"session_duration_seconds,omitempty"`
	Region               string           `yaml:"region,omitempty"`
	DoNotPropagateRegion bool             `yaml:"do_not_propagate_region"`
	AllowFailure         bool             `yaml:"allow_failure"`
	// contains filtered or unexported fields

Flow describes an authentication flow and can be one of many types. It contains the user's desired auth flow behavior via keys or saml.

func (*Flow) Execute

func (f *Flow) Execute() (err error)

Execute detects the flow type and runs the appropriate steps to complete either the primary or secondary assumptions

func (*Flow) GetAcfmgrProfileInputs

func (f *Flow) GetAcfmgrProfileInputs() (pfis []*acfmgr.ProfileEntryInput, err error)

GetAcfmgrProfileInputs converts all flow's mappings into Acfmgr ProfileEntryInput for easy use with AcfMgr package

func (*Flow) GetPAss

func (f *Flow) GetPAss() error

GetPAss handles the primary assumptions when using traditional keys

func (*Flow) GetPAssSAML

func (f *Flow) GetPAssSAML() error

GetPAssSAML handles the SAML assumptions using the current desird configuration from the flow

func (*Flow) NoSAss

func (f *Flow) NoSAss() bool

NoSAss returns false if the flow has any secondary assumptions defined and true if not.

func (*Flow) Validate

func (f *Flow) Validate() (valid bool, err error)

Validate checks for valid properties and returns true if no problems are detected and false with an error message if there are issues

type GossFlags

type GossFlags struct {
	ConfigFile                string
	RolesFile                 string
	OutFile                   string
	RoleArn                   string
	LogFile                   string
	LogLevel                  string
	GeneratedConfigOutputFile string
	DaemonFlag                bool
	Profile                   string
	SerialNumber              string
	TokenCode                 string
	Region                    string
	ProfileEntryName          string
	VersionFlag               bool
	ForceRefresh              bool
	SessionDuration           int64

GossFlags holds configuration passed into main via the flag package and acts as a temporary structure to hold the variables until they can be parsed into a proper Config object. Mostly in place to support legacy flags from gossamer 1.x

type LegacyAccount

type LegacyAccount struct {
	RoleArn     string
	AccountName string
	Region      string

LegacyAccount just holds the rolearn, region, and account name for each entry to build from

type MFA

type MFA struct {
	Serial *CParam `yaml:"serial"`
	Token  *CParam `yaml:"token"`

MFA holds configuration information for the MFA device during a key based auth flow.

type Mapping

type Mapping struct {
	RoleArn         string `yaml:"role_arn"`
	ProfileName     string `yaml:"profile_name,omitempty"`
	Region          string `yaml:"region,omitempty"`
	NoOutput        bool   `yaml:"no_output,omitempty"`
	SponsorCredsArn string `yaml:"sponsor_creds_arn,omitempty"`

	DurationSeconds int64 `yaml:"session_duration_seconds,omitempty"`
	// contains filtered or unexported fields

Mapping holds the configuration for role assumptions and their desired profile name to be written to the credentials file after they've been assumed.

type PermCredsConfig

type PermCredsConfig struct {
	ProfileName string `yaml:"profile_name,omitempty"`
	MFA         *MFA   `yaml:"mfa,omitempty"`

PermCredsConfig holds information about how to obtain session credentials from the local client

type SAMLConfig

type SAMLConfig struct {
	Username                     *CParam `yaml:"username"`
	Password                     *CParam `yaml:"password"`
	URL                          *CParam `yaml:"url"`
	Target                       *CParam `yaml:"target"`
	AllowMappingDurationOverride bool    `yaml:"allow_mapping_duration_override,omitempty"`

SAMLConfig holds specific parameters for SAML configuration

type XMLSAMLAssertion

type XMLSAMLAssertion struct {
	Issuer             string            `xml:"Issuer"`
	AttributeStatement XMLSAMLAttributes `xml:"AttributeStatement"`

XMLSAMLAssertion is required for holding and unmarshaling the XML SAML assertion that comes back from the HTTP call.

type XMLSAMLAttribute

type XMLSAMLAttribute struct {
	Name            string   `xml:"Name,attr"`
	AttributeValues []string `xml:"AttributeValue"`

XMLSAMLAttribute is required for holding and unmarshaling the XML SAML assertion that comes back from the HTTP call.

type XMLSAMLAttributes

type XMLSAMLAttributes struct {
	AttributeValues []XMLSAMLAttribute `xml:"Attribute"`

XMLSAMLAttributes is required for holding and unmarshaling the XML SAML assertion that comes back from the HTTP call.

type XMLSAMLResponse

type XMLSAMLResponse struct {
	XMLName   xml.Name         `xml:"Response"`
	Assertion XMLSAMLAssertion `xml:"Assertion"`

XMLSAMLResponse is the top level struct for holding and unmarshaling the XML SAML assertion that comes back from the HTTP call

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL