cfaws

package
v0.1.14 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 14, 2022 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrTimeout error = errors.New("polling for device authorization token timed out")

Functions

func ClearSSOToken

func ClearSSOToken(profileKey string)

Attempts to clear the token, any errors will be logged to debug logging

func GetCredentialsCreds added in v0.1.8

func GetCredentialsCreds(ctx context.Context, c *CFSharedConfig) (aws.Credentials, error)

func GetEnvCredentials added in v0.1.6

func GetEnvCredentials(ctx context.Context) aws.Credentials

loads the environment variables and hydrates an aws.config if they are present

func MfaTokenProvider added in v0.1.12

func MfaTokenProvider() (string, error)

func PollToken

func PollToken(ctx context.Context, c *ssooidc.Client, clientSecret string, clientID string, deviceCode string, cfg PollingConfig) (*ssooidc.CreateTokenOutput, error)

PollToken will poll for a token and return it once the authentication/authorization flow has been completed in the browser

func RegisterAssumer added in v0.1.6

func RegisterAssumer(a Assumer, position int)

RegisterAssumer allows assumers to be registered when using this library as a package in other projects position = -1 will append the assumer position to insert assumer

func StoreSSOToken

func StoreSSOToken(profileKey string, ssoTokenValue SSOToken)

Attempts to store the token, any errors will be logged to debug logging

func TypeCredsToAwsCreds

func TypeCredsToAwsCreds(c types.Credentials) aws.Credentials

func TypeRoleCredsToAwsCreds

func TypeRoleCredsToAwsCreds(c ssotypes.RoleCredentials) aws.Credentials

func UpdateFrecencyCache

func UpdateFrecencyCache(selectedProfile string)

use this to update frecency cache when the profile is supplied by the commandline

Types

type Assumer added in v0.1.6

type Assumer interface {
	// AssumeTerminal should follow the required process for it implemetation and return aws credentials ready to be exported to the terminal environment
	AssumeTerminal(context.Context, *CFSharedConfig, ConfigOpts) (aws.Credentials, error)
	// AssumeConsole should follow any console specific credentials processes, this may be the same as AssumeTerminal under the hood
	AssumeConsole(context.Context, *CFSharedConfig, ConfigOpts) (aws.Credentials, error)
	// A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH
	Type() string
	// ProfileMatchesType takes a list of strings which are the lines in an aw config profile and returns true if this profile is the assumers type
	ProfileMatchesType(configparser.Dict, config.SharedConfig) bool
}

Added support for optional pass through args on proxy sso provider When using a sso provider adding pass through flags can be acheived by adding the -pass-through or -pt flag EG. assume role-a -pt --mode -pt gui (Run the proxy login with a gui rather than in cli. Example taken from aws-azure-login)

func AssumerFromType added in v0.1.6

func AssumerFromType(t string) Assumer

type AwsAzureLoginAssumer added in v0.1.6

type AwsAzureLoginAssumer struct {
}

Implements Assumer

func (*AwsAzureLoginAssumer) AssumeConsole added in v0.1.6

func (aal *AwsAzureLoginAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)

func (*AwsAzureLoginAssumer) AssumeTerminal added in v0.1.6

func (aal *AwsAzureLoginAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)

then fetch them from the environment for use

func (*AwsAzureLoginAssumer) ProfileMatchesType added in v0.1.6

func (aal *AwsAzureLoginAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool

inspect for any items on the profile prefixed with "AZURE_"

func (*AwsAzureLoginAssumer) Type added in v0.1.6

func (aal *AwsAzureLoginAssumer) Type() string

A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH

type AwsGoogleAuthAssumer added in v0.1.6

type AwsGoogleAuthAssumer struct {
}

Implements Assumer

func (*AwsGoogleAuthAssumer) AssumeConsole added in v0.1.6

func (aia *AwsGoogleAuthAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)

func (*AwsGoogleAuthAssumer) AssumeTerminal added in v0.1.6

func (aia *AwsGoogleAuthAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)

launch the aws-google-auth utility to generate the credentials then fetch them from the environment for use

func (*AwsGoogleAuthAssumer) ProfileMatchesType added in v0.1.6

func (aia *AwsGoogleAuthAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool

inspect for any items on the profile prefixed with "google_config."

func (*AwsGoogleAuthAssumer) Type added in v0.1.6

func (aia *AwsGoogleAuthAssumer) Type() string

A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH

type AwsIamAssumer added in v0.1.6

type AwsIamAssumer struct {
}

Implements Assumer

func (*AwsIamAssumer) AssumeConsole added in v0.1.6

func (aia *AwsIamAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)

if required will get a FederationToken to be used to launch the console This is required is the iam profile does not assume a role using sts.AssumeRole

func (*AwsIamAssumer) AssumeTerminal added in v0.1.6

func (aia *AwsIamAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)

Default behaviour is to use the sdk to retrieve the credentials from the file For launching the console there is an extra step GetFederationToken that happens after this to get a session token

func (*AwsIamAssumer) ProfileMatchesType added in v0.1.6

func (aia *AwsIamAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool

Matches the profile type on whether it is not an sso profile. this will also match other types that are not sso profiles so it should be the last option checked when determining the profile type

func (*AwsIamAssumer) Type added in v0.1.6

func (aia *AwsIamAssumer) Type() string

A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH

type AwsSsoAssumer added in v0.1.6

type AwsSsoAssumer struct {
}

Implements Assumer

func (*AwsSsoAssumer) AssumeConsole added in v0.1.6

func (asa *AwsSsoAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)

func (*AwsSsoAssumer) AssumeTerminal added in v0.1.6

func (asa *AwsSsoAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)

func (*AwsSsoAssumer) ProfileMatchesType added in v0.1.6

func (asa *AwsSsoAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool

Matches the profile type on whether it is an sso profile by checking for ssoaccountid.

func (*AwsSsoAssumer) Type added in v0.1.6

func (asa *AwsSsoAssumer) Type() string

type CFSharedConfig

type CFSharedConfig struct {
	// Opts browsers.BrowserOpts
	// allows access to the raw values from the file
	RawConfig   configparser.Dict
	Name        string
	ProfileType string
	// ordered from root to direct parent profile
	Parents []*CFSharedConfig
	// the original config, some values may be empty strings depending on the type or profile
	AWSConfig config.SharedConfig
}

func (*CFSharedConfig) AssumeConsole added in v0.1.6

func (c *CFSharedConfig) AssumeConsole(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)

func (*CFSharedConfig) AssumeTerminal added in v0.1.6

func (c *CFSharedConfig) AssumeTerminal(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)

func (CFSharedConfig) Region

func (c CFSharedConfig) Region(ctx context.Context) (string, bool, error)

Region will attempt to load the reason on this profile, if it is not set, attempts to load the default config returns a region, and bool = true if the default region was used

func (*CFSharedConfig) SSOLogin

func (c *CFSharedConfig) SSOLogin(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)

type CFSharedConfigs

type CFSharedConfigs map[string]*CFSharedConfig

func GetProfilesFromDefaultSharedConfig

func GetProfilesFromDefaultSharedConfig(ctx context.Context) (CFSharedConfigs, error)

GetProfilesFromDefaultSharedConfig returns initialised profiles these profiles state their type and parents The main reason we need to use a config parsing library here is to list the names of all the profiles. The aws SDK does not provide a method to list all profiles

Secondary requirement is to identify profiles which use a specific credential process like saml2aws

func (CFSharedConfigs) GetFrecentProfiles

func (c CFSharedConfigs) GetFrecentProfiles() (*FrecentProfiles, []string)

loads the frecency cache and generates a list of profiles with frecently used profiles first, followed by alphabetically sorted profiles that have not been used with assume this method returns a FrecentProfiles pointer which should be used after selecting a profile to update the cache, it will also remove any entries which no longer exist in the aws config

func (CFSharedConfigs) ProfileNames

func (c CFSharedConfigs) ProfileNames() []string

type ConfigOpts added in v0.1.14

type ConfigOpts struct {
	Duration time.Duration
	Args     []string
}

type CredProv

type CredProv struct{ aws.Credentials }

CredProv implements the aws.CredentialProvider interface

func (*CredProv) Retrieve

func (c *CredProv) Retrieve(ctx context.Context) (aws.Credentials, error)

type CredentialProcessAssumer added in v0.1.6

type CredentialProcessAssumer struct {
}

Implements Assumer using the aws credential_process standard

func (*CredentialProcessAssumer) AssumeConsole added in v0.1.6

func (cpa *CredentialProcessAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)

func (*CredentialProcessAssumer) AssumeTerminal added in v0.1.6

func (cpa *CredentialProcessAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig, configOpts ConfigOpts) (aws.Credentials, error)

func (*CredentialProcessAssumer) ProfileMatchesType added in v0.1.6

func (cpa *CredentialProcessAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool

inspect for any credential processes with the saml2aws tool

func (*CredentialProcessAssumer) Type added in v0.1.6

func (cpa *CredentialProcessAssumer) Type() string

A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH

type FrecentProfiles

type FrecentProfiles struct {
	// contains filtered or unexported fields
}

func (*FrecentProfiles) Update

func (f *FrecentProfiles) Update(selectedProfile string)

should be called after selecting a profile to update frecency cache wrap this method in a go routine to avoid blocking the user

type PollingConfig

type PollingConfig struct {
	CheckInterval time.Duration
	TimeoutAfter  time.Duration
}

type SSOToken

type SSOToken struct {
	AccessToken string
	Expiry      time.Time
}

func GetValidCachedToken

func GetValidCachedToken(profileKey string) *SSOToken

GetValidCachedToken returns nil if no token was found, or if it is expired

func SSODeviceCodeFlow

func SSODeviceCodeFlow(ctx context.Context, cfg aws.Config, rootProfile *CFSharedConfig) (*SSOToken, error)

SSODeviceCodeFlow contains all the steps to complete a device code flow to retrieve an sso token

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL