Documentation ¶
Index ¶
- Variables
- func ClearSSOToken(profileKey string)
- func GetCredentialsCreds(ctx context.Context, c *CFSharedConfig) (aws.Credentials, error)
- func GetEnvCredentials(ctx context.Context) aws.Credentials
- func MfaTokenProvider() (string, error)
- func PollToken(ctx context.Context, c *ssooidc.Client, clientSecret string, clientID string, ...) (*ssooidc.CreateTokenOutput, error)
- func RegisterAssumer(a Assumer, position int)
- func StoreSSOToken(profileKey string, ssoTokenValue SSOToken)
- func TypeCredsToAwsCreds(c types.Credentials) aws.Credentials
- func TypeRoleCredsToAwsCreds(c ssotypes.RoleCredentials) aws.Credentials
- func UpdateFrecencyCache(selectedProfile string)
- type Assumer
- type AwsAzureLoginAssumer
- func (aal *AwsAzureLoginAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
- func (aal *AwsAzureLoginAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
- func (aal *AwsAzureLoginAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool
- func (aal *AwsAzureLoginAssumer) Type() string
- type AwsGoogleAuthAssumer
- func (aia *AwsGoogleAuthAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
- func (aia *AwsGoogleAuthAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
- func (aia *AwsGoogleAuthAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool
- func (aia *AwsGoogleAuthAssumer) Type() string
- type AwsIamAssumer
- func (aia *AwsIamAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
- func (aia *AwsIamAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
- func (aia *AwsIamAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool
- func (aia *AwsIamAssumer) Type() string
- type AwsSsoAssumer
- func (asa *AwsSsoAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
- func (asa *AwsSsoAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
- func (asa *AwsSsoAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool
- func (asa *AwsSsoAssumer) Type() string
- type CFSharedConfig
- func (c *CFSharedConfig) AssumeConsole(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
- func (c *CFSharedConfig) AssumeTerminal(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
- func (c CFSharedConfig) Region(ctx context.Context) (string, bool, error)
- func (c *CFSharedConfig) SSOLogin(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
- type CFSharedConfigs
- type ConfigOpts
- type CredProv
- type CredentialProcessAssumer
- func (cpa *CredentialProcessAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
- func (cpa *CredentialProcessAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
- func (cpa *CredentialProcessAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool
- func (cpa *CredentialProcessAssumer) Type() string
- type FrecentProfiles
- type PollingConfig
- type SSOToken
Constants ¶
This section is empty.
Variables ¶
var ErrTimeout error = errors.New("polling for device authorization token timed out")
Functions ¶
func ClearSSOToken ¶
func ClearSSOToken(profileKey string)
Attempts to clear the token, any errors will be logged to debug logging
func GetCredentialsCreds ¶ added in v0.1.8
func GetCredentialsCreds(ctx context.Context, c *CFSharedConfig) (aws.Credentials, error)
func GetEnvCredentials ¶ added in v0.1.6
func GetEnvCredentials(ctx context.Context) aws.Credentials
loads the environment variables and hydrates an aws.config if they are present
func MfaTokenProvider ¶ added in v0.1.12
func PollToken ¶
func PollToken(ctx context.Context, c *ssooidc.Client, clientSecret string, clientID string, deviceCode string, cfg PollingConfig) (*ssooidc.CreateTokenOutput, error)
PollToken will poll for a token and return it once the authentication/authorization flow has been completed in the browser
func RegisterAssumer ¶ added in v0.1.6
RegisterAssumer allows assumers to be registered when using this library as a package in other projects position = -1 will append the assumer position to insert assumer
func StoreSSOToken ¶
Attempts to store the token, any errors will be logged to debug logging
func TypeCredsToAwsCreds ¶
func TypeCredsToAwsCreds(c types.Credentials) aws.Credentials
func TypeRoleCredsToAwsCreds ¶
func TypeRoleCredsToAwsCreds(c ssotypes.RoleCredentials) aws.Credentials
func UpdateFrecencyCache ¶
func UpdateFrecencyCache(selectedProfile string)
use this to update frecency cache when the profile is supplied by the commandline
Types ¶
type Assumer ¶ added in v0.1.6
type Assumer interface { // AssumeTerminal should follow the required process for it implemetation and return aws credentials ready to be exported to the terminal environment AssumeTerminal(context.Context, *CFSharedConfig, ConfigOpts) (aws.Credentials, error) // AssumeConsole should follow any console specific credentials processes, this may be the same as AssumeTerminal under the hood AssumeConsole(context.Context, *CFSharedConfig, ConfigOpts) (aws.Credentials, error) // A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH Type() string // ProfileMatchesType takes a list of strings which are the lines in an aw config profile and returns true if this profile is the assumers type ProfileMatchesType(configparser.Dict, config.SharedConfig) bool }
Added support for optional pass through args on proxy sso provider When using a sso provider adding pass through flags can be acheived by adding the -pass-through or -pt flag EG. assume role-a -pt --mode -pt gui (Run the proxy login with a gui rather than in cli. Example taken from aws-azure-login)
func AssumerFromType ¶ added in v0.1.6
type AwsAzureLoginAssumer ¶ added in v0.1.6
type AwsAzureLoginAssumer struct { }
Implements Assumer
func (*AwsAzureLoginAssumer) AssumeConsole ¶ added in v0.1.6
func (aal *AwsAzureLoginAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
func (*AwsAzureLoginAssumer) AssumeTerminal ¶ added in v0.1.6
func (aal *AwsAzureLoginAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
then fetch them from the environment for use
func (*AwsAzureLoginAssumer) ProfileMatchesType ¶ added in v0.1.6
func (aal *AwsAzureLoginAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool
inspect for any items on the profile prefixed with "AZURE_"
func (*AwsAzureLoginAssumer) Type ¶ added in v0.1.6
func (aal *AwsAzureLoginAssumer) Type() string
A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH
type AwsGoogleAuthAssumer ¶ added in v0.1.6
type AwsGoogleAuthAssumer struct { }
Implements Assumer
func (*AwsGoogleAuthAssumer) AssumeConsole ¶ added in v0.1.6
func (aia *AwsGoogleAuthAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
func (*AwsGoogleAuthAssumer) AssumeTerminal ¶ added in v0.1.6
func (aia *AwsGoogleAuthAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
launch the aws-google-auth utility to generate the credentials then fetch them from the environment for use
func (*AwsGoogleAuthAssumer) ProfileMatchesType ¶ added in v0.1.6
func (aia *AwsGoogleAuthAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool
inspect for any items on the profile prefixed with "google_config."
func (*AwsGoogleAuthAssumer) Type ¶ added in v0.1.6
func (aia *AwsGoogleAuthAssumer) Type() string
A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH
type AwsIamAssumer ¶ added in v0.1.6
type AwsIamAssumer struct { }
Implements Assumer
func (*AwsIamAssumer) AssumeConsole ¶ added in v0.1.6
func (aia *AwsIamAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
if required will get a FederationToken to be used to launch the console This is required is the iam profile does not assume a role using sts.AssumeRole
func (*AwsIamAssumer) AssumeTerminal ¶ added in v0.1.6
func (aia *AwsIamAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
Default behaviour is to use the sdk to retrieve the credentials from the file For launching the console there is an extra step GetFederationToken that happens after this to get a session token
func (*AwsIamAssumer) ProfileMatchesType ¶ added in v0.1.6
func (aia *AwsIamAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool
Matches the profile type on whether it is not an sso profile. this will also match other types that are not sso profiles so it should be the last option checked when determining the profile type
func (*AwsIamAssumer) Type ¶ added in v0.1.6
func (aia *AwsIamAssumer) Type() string
A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH
type AwsSsoAssumer ¶ added in v0.1.6
type AwsSsoAssumer struct { }
Implements Assumer
func (*AwsSsoAssumer) AssumeConsole ¶ added in v0.1.6
func (asa *AwsSsoAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
func (*AwsSsoAssumer) AssumeTerminal ¶ added in v0.1.6
func (asa *AwsSsoAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
func (*AwsSsoAssumer) ProfileMatchesType ¶ added in v0.1.6
func (asa *AwsSsoAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool
Matches the profile type on whether it is an sso profile by checking for ssoaccountid.
func (*AwsSsoAssumer) Type ¶ added in v0.1.6
func (asa *AwsSsoAssumer) Type() string
type CFSharedConfig ¶
type CFSharedConfig struct { // Opts browsers.BrowserOpts // allows access to the raw values from the file Parents []*CFSharedConfig AWSConfig config.SharedConfig }
func (*CFSharedConfig) AssumeConsole ¶ added in v0.1.6
func (c *CFSharedConfig) AssumeConsole(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
func (*CFSharedConfig) AssumeTerminal ¶ added in v0.1.6
func (c *CFSharedConfig) AssumeTerminal(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
func (CFSharedConfig) Region ¶
Region will attempt to load the reason on this profile, if it is not set, attempts to load the default config returns a region, and bool = true if the default region was used
func (*CFSharedConfig) SSOLogin ¶
func (c *CFSharedConfig) SSOLogin(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
type CFSharedConfigs ¶
type CFSharedConfigs map[string]*CFSharedConfig
func GetProfilesFromDefaultSharedConfig ¶
func GetProfilesFromDefaultSharedConfig(ctx context.Context) (CFSharedConfigs, error)
GetProfilesFromDefaultSharedConfig returns initialised profiles these profiles state their type and parents The main reason we need to use a config parsing library here is to list the names of all the profiles. The aws SDK does not provide a method to list all profiles
Secondary requirement is to identify profiles which use a specific credential process like saml2aws
func (CFSharedConfigs) GetFrecentProfiles ¶
func (c CFSharedConfigs) GetFrecentProfiles() (*FrecentProfiles, []string)
loads the frecency cache and generates a list of profiles with frecently used profiles first, followed by alphabetically sorted profiles that have not been used with assume this method returns a FrecentProfiles pointer which should be used after selecting a profile to update the cache, it will also remove any entries which no longer exist in the aws config
func (CFSharedConfigs) ProfileNames ¶
func (c CFSharedConfigs) ProfileNames() []string
type ConfigOpts ¶ added in v0.1.14
type CredProv ¶
type CredProv struct{ aws.Credentials }
CredProv implements the aws.CredentialProvider interface
type CredentialProcessAssumer ¶ added in v0.1.6
type CredentialProcessAssumer struct { }
Implements Assumer using the aws credential_process standard
func (*CredentialProcessAssumer) AssumeConsole ¶ added in v0.1.6
func (cpa *CredentialProcessAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
func (*CredentialProcessAssumer) AssumeTerminal ¶ added in v0.1.6
func (cpa *CredentialProcessAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)
func (*CredentialProcessAssumer) ProfileMatchesType ¶ added in v0.1.6
func (cpa *CredentialProcessAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool
inspect for any credential processes with the saml2aws tool
func (*CredentialProcessAssumer) Type ¶ added in v0.1.6
func (cpa *CredentialProcessAssumer) Type() string
A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH
type FrecentProfiles ¶
type FrecentProfiles struct {
// contains filtered or unexported fields
}
func (*FrecentProfiles) Update ¶
func (f *FrecentProfiles) Update(selectedProfile string)
should be called after selecting a profile to update frecency cache wrap this method in a go routine to avoid blocking the user
type PollingConfig ¶
type SSOToken ¶
func GetValidCachedToken ¶
GetValidCachedToken returns nil if no token was found, or if it is expired
func SSODeviceCodeFlow ¶
func SSODeviceCodeFlow(ctx context.Context, cfg aws.Config, rootProfile *CFSharedConfig) (*SSOToken, error)
SSODeviceCodeFlow contains all the steps to complete a device code flow to retrieve an sso token