Documentation ¶
Index ¶
- Constants
- Variables
- func ExpandRegion(region string) (string, error)
- func ExportAccessTokenToCache(ctx context.Context, profile *Profile) error
- func ExportCredsToProfile(profileName string, creds aws.Credentials) error
- func GetAWSConfigPath() string
- func GetAWSCredentials(ctx context.Context) (*aws.Credentials, error)
- func GetAWSCredentialsPath() string
- func GetCredentialsCreds(ctx context.Context, c *Profile) (aws.Credentials, error)
- func GetDefaultCacheLocation() (string, error)
- func GetEnvCredentials(ctx context.Context) aws.Credentials
- func GetValidSSOTokenFromPlaintextCache(startUrl string) *securestorage.SSOToken
- func IsLegalProfileName(name string) bool
- func IsValidGrantedProfile(profile *Profile) error
- func MfaTokenProvider() (string, error)
- func ParseGrantedSSOProfile(ctx context.Context, profile *Profile) (*config.SharedConfig, error)
- func RegisterAssumer(a Assumer, position int)
- func SsoCredsAreInConfigCache() bool
- func TypeCredsToAwsCreds(c types.Credentials) aws.Credentials
- func TypeRoleCredsToAwsCreds(c ssotypes.RoleCredentials) aws.Credentials
- func UpdateFrecencyCache(selectedProfile string)
- func WriteCredentialsToDotenv(region string, creds aws.Credentials) error
- type Assumer
- type AwsAzureLoginAssumer
- func (aal *AwsAzureLoginAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (aal *AwsAzureLoginAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (aal *AwsAzureLoginAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
- func (aal *AwsAzureLoginAssumer) Type() string
- type AwsGoogleAuthAssumer
- func (aia *AwsGoogleAuthAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (aia *AwsGoogleAuthAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (aia *AwsGoogleAuthAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
- func (aia *AwsGoogleAuthAssumer) Type() string
- type AwsIamAssumer
- func (aia *AwsIamAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (aia *AwsIamAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (aia *AwsIamAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
- func (aia *AwsIamAssumer) Type() string
- type AwsSsoAssumer
- func (asa *AwsSsoAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (asa *AwsSsoAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (asa *AwsSsoAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
- func (asa *AwsSsoAssumer) Type() string
- type ConfigFileLoader
- type ConfigOpts
- type CredProv
- type CredentialProcessAssumer
- func (cpa *CredentialProcessAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (cpa *CredentialProcessAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (cpa *CredentialProcessAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
- func (cpa *CredentialProcessAssumer) Type() string
- type FileLoader
- type FrecentProfiles
- type NoAccessError
- type Profile
- func (c *Profile) AssumeConsole(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
- func (c *Profile) AssumeTerminal(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
- func (p *Profile) CustomGrantedProperty(name string) string
- func (p *Profile) InitWithPlainTextSSOToken(ctx context.Context, awsCred aws.Credentials) error
- func (p *Profile) LoadPlainTextSSOToken(ctx context.Context, profile string) (aws.Credentials, error)
- func (p *Profile) Region(ctx context.Context) (string, error)
- func (c *Profile) SSOLogin(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
- func (c *Profile) SSOLoginWithToken(ctx context.Context, cfg *aws.Config, accessToken *string, ...) (aws.Credentials, error)
- func (p *Profile) SSORegion() string
- func (p *Profile) SSOScopes() []string
- func (p *Profile) SSOStartURL() string
- type Profiles
- func (p *Profiles) GetFrecentProfiles() (*FrecentProfiles, []string)
- func (p *Profiles) HasProfile(profile string) bool
- func (p *Profiles) InitialiseProfilesTree(ctx context.Context)
- func (p *Profiles) LoadInitialisedProfile(ctx context.Context, profile string) (*Profile, error)
- func (p *Profiles) Profile(profile string) (*Profile, error)
- type SSOPlainTextOut
Constants ¶
const DefaultRegion = "us-east-1"
const (
// permission for user to read/write/execute.
USER_READ_WRITE_PERM = 0700
)
Variables ¶
var ErrProfileNotFound error = errors.New("profile not found")
var ErrProfileNotInitialised error = errors.New("profile not initialised")
Functions ¶
func ExpandRegion ¶ added in v0.2.3
ExpandRegion takes a string and attemps to expand it into a fully formed region e.g ue1 -> us-east-1
If region is an empty string, the DefaultRegion is returned ¶
ExpandRegion does not attempt to fully validate regions and may produce regions which do not exist, for example as2 -> ap-south-2 which is not a valid region
func ExportAccessTokenToCache ¶ added in v0.20.4
ExportAccessTokenToCache will export access tokens to ~/.aws/sso/cache
func ExportCredsToProfile ¶ added in v0.1.17
func ExportCredsToProfile(profileName string, creds aws.Credentials) error
ExportCredsToProfile will write assumed credentials to ~/.aws/credentials with a specified profile name header
func GetAWSConfigPath ¶ added in v0.15.0
func GetAWSConfigPath() string
GetAWSConfigPath will return default AWS config file path unless $AWS_CONFIG_FILE environment variable is set
func GetAWSCredentials ¶ added in v0.27.0
func GetAWSCredentials(ctx context.Context) (*aws.Credentials, error)
will attempt to get credentials from the environment first and if not found then try getting credentials from a credential process
func GetAWSCredentialsPath ¶ added in v0.15.0
func GetAWSCredentialsPath() string
GetAWSCredentialsPath will return default AWS shared credential file path unless $AWS_SHARED_CREDENTIALS_FILE environment variable is set
func GetCredentialsCreds ¶ added in v0.1.8
func GetDefaultCacheLocation ¶ added in v0.29.0
Find the ~/.aws/sso/cache absolute path based on OS.
func GetEnvCredentials ¶ added in v0.1.6
func GetEnvCredentials(ctx context.Context) aws.Credentials
loads the environment variables and hydrates an aws.config if they are present
func GetValidSSOTokenFromPlaintextCache ¶ added in v0.9.1
func GetValidSSOTokenFromPlaintextCache(startUrl string) *securestorage.SSOToken
func IsLegalProfileName ¶ added in v0.5.0
Helper function which returns true if provided profile name string does not contain illegal characters
func IsValidGrantedProfile ¶ added in v0.3.0
For `granted login` cmd, we have to make sure 'granted' prefix is added to the aws config file.
func MfaTokenProvider ¶ added in v0.1.12
func ParseGrantedSSOProfile ¶ added in v0.5.0
func RegisterAssumer ¶ added in v0.1.6
RegisterAssumer allows assumers to be registered when using this library as a package in other projects position = -1 will append the assumer position to insert assumer
func SsoCredsAreInConfigCache ¶ added in v0.9.1
func SsoCredsAreInConfigCache() bool
check if a valid ~/.aws/sso/cache file exists
func TypeCredsToAwsCreds ¶
func TypeCredsToAwsCreds(c types.Credentials) aws.Credentials
func TypeRoleCredsToAwsCreds ¶
func TypeRoleCredsToAwsCreds(c ssotypes.RoleCredentials) aws.Credentials
func UpdateFrecencyCache ¶
func UpdateFrecencyCache(selectedProfile string)
use this to update frecency cache when the profile is supplied by the commandline
func WriteCredentialsToDotenv ¶ added in v0.1.16
func WriteCredentialsToDotenv(region string, creds aws.Credentials) error
WriteCredentialsToDotenv will check if a .env file exists and prompt to create one if it does not. After the file exists, it will be opened, credentaisl added and then written to disc
Types ¶
type Assumer ¶ added in v0.1.6
type Assumer interface { // AssumeTerminal should follow the required process for it implemetation and return aws credentials ready to be exported to the terminal environment AssumeTerminal(context.Context, *Profile, ConfigOpts) (aws.Credentials, error) // AssumeConsole should follow any console specific credentials processes, this may be the same as AssumeTerminal under the hood AssumeConsole(context.Context, *Profile, ConfigOpts) (aws.Credentials, error) // A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH Type() string // ProfileMatchesType takes a list of strings which are the lines in an aws config profile and returns true if this profile is the assumers type ProfileMatchesType(*ini.Section, config.SharedConfig) bool }
Added support for optional pass through args on proxy sso provider When using a sso provider adding pass through flags can be achieved by adding the -pass-through or -pt flag EG. assume role-a -pt --mode -pt gui (Run the proxy login with a gui rather than in cli. Example taken from aws-azure-login)
func AssumerFromType ¶ added in v0.1.6
type AwsAzureLoginAssumer ¶ added in v0.1.6
type AwsAzureLoginAssumer struct { }
Implements Assumer
func (*AwsAzureLoginAssumer) AssumeConsole ¶ added in v0.1.6
func (aal *AwsAzureLoginAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
func (*AwsAzureLoginAssumer) AssumeTerminal ¶ added in v0.1.6
func (aal *AwsAzureLoginAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
then fetch them from the environment for use
func (*AwsAzureLoginAssumer) ProfileMatchesType ¶ added in v0.1.6
func (aal *AwsAzureLoginAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
inspect for any items on the profile prefixed with "AZURE_"
func (*AwsAzureLoginAssumer) Type ¶ added in v0.1.6
func (aal *AwsAzureLoginAssumer) Type() string
A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH
type AwsGoogleAuthAssumer ¶ added in v0.1.6
type AwsGoogleAuthAssumer struct { }
Implements Assumer
func (*AwsGoogleAuthAssumer) AssumeConsole ¶ added in v0.1.6
func (aia *AwsGoogleAuthAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
func (*AwsGoogleAuthAssumer) AssumeTerminal ¶ added in v0.1.6
func (aia *AwsGoogleAuthAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
launch the aws-google-auth utility to generate the credentials then fetch them from the environment for use
func (*AwsGoogleAuthAssumer) ProfileMatchesType ¶ added in v0.1.6
func (aia *AwsGoogleAuthAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
inspect for any items on the profile prefixed with "google_config."
func (*AwsGoogleAuthAssumer) Type ¶ added in v0.1.6
func (aia *AwsGoogleAuthAssumer) Type() string
A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH
type AwsIamAssumer ¶ added in v0.1.6
type AwsIamAssumer struct { }
Implements Assumer
func (*AwsIamAssumer) AssumeConsole ¶ added in v0.1.6
func (aia *AwsIamAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
if required will get a FederationToken to be used to launch the console This is required if the iam profile does not assume a role using sts.AssumeRole
func (*AwsIamAssumer) AssumeTerminal ¶ added in v0.1.6
func (aia *AwsIamAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
Default behaviour is to use the sdk to retrieve the credentials from the file For launching the console there is an extra step GetFederationToken that happens after this to get a session token
func (*AwsIamAssumer) ProfileMatchesType ¶ added in v0.1.6
func (aia *AwsIamAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
Matches the profile type on whether it is not an sso profile. this will also match other types that are not sso profiles so it should be the last option checked when determining the profile type
func (*AwsIamAssumer) Type ¶ added in v0.1.6
func (aia *AwsIamAssumer) Type() string
A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH
type AwsSsoAssumer ¶ added in v0.1.6
type AwsSsoAssumer struct { }
Implements Assumer
func (*AwsSsoAssumer) AssumeConsole ¶ added in v0.1.6
func (asa *AwsSsoAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
func (*AwsSsoAssumer) AssumeTerminal ¶ added in v0.1.6
func (asa *AwsSsoAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
func (*AwsSsoAssumer) ProfileMatchesType ¶ added in v0.1.6
func (asa *AwsSsoAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
Matches the profile type on whether it is an sso profile by checking for ssoaccountid.
func (*AwsSsoAssumer) Type ¶ added in v0.1.6
func (asa *AwsSsoAssumer) Type() string
type ConfigFileLoader ¶ added in v0.5.2
type ConfigOpts ¶ added in v0.1.14
type CredProv ¶
type CredProv struct{ aws.Credentials }
CredProv implements the aws.CredentialProvider interface
type CredentialProcessAssumer ¶ added in v0.1.6
type CredentialProcessAssumer struct { }
Implements Assumer using the aws credential_process standard
func (*CredentialProcessAssumer) AssumeConsole ¶ added in v0.1.6
func (cpa *CredentialProcessAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
func (*CredentialProcessAssumer) AssumeTerminal ¶ added in v0.1.6
func (cpa *CredentialProcessAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
func (*CredentialProcessAssumer) ProfileMatchesType ¶ added in v0.1.6
func (cpa *CredentialProcessAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
inspect for any credential processes with the saml2aws tool
func (*CredentialProcessAssumer) Type ¶ added in v0.1.6
func (cpa *CredentialProcessAssumer) Type() string
A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH
type FileLoader ¶ added in v0.5.2
type FileLoader struct {
FilePath string
}
func (FileLoader) Load ¶ added in v0.5.2
func (f FileLoader) Load() (*ini.File, error)
func (FileLoader) Path ¶ added in v0.5.2
func (f FileLoader) Path() string
type FrecentProfiles ¶
type FrecentProfiles struct {
// contains filtered or unexported fields
}
func (*FrecentProfiles) Update ¶
func (f *FrecentProfiles) Update(selectedProfile string)
should be called after selecting a profile to update frecency cache wrap this method in a go routine to avoid blocking the user
type NoAccessError ¶ added in v0.23.0
type NoAccessError struct { // Err is the underlying error from AWS Err error }
NoAccessError is returned if the user does not have access to the role they are trying to assume.
func (NoAccessError) Error ¶ added in v0.23.0
func (e NoAccessError) Error() string
func (NoAccessError) Unwrap ¶ added in v0.23.0
func (e NoAccessError) Unwrap() error
Unwrap the underlying error so that errors.Is and errors.As works
type Profile ¶ added in v0.2.3
type Profile struct { // allows access to the raw values from the file RawConfig *ini.Section Name string // the file that this profile is from File string ProfileType string // ordered from root to direct parent profile Parents []*Profile // the original config, some values may be empty strings depending on the type or profile AWSConfig config.SharedConfig Initialised bool LoadingError error HasSecureStorageIAMCredentials bool }
func LoadProfileByAccountIdAndRole ¶ added in v0.13.1
Note, this function doesn't handle the condition when there are same accountId & role in different regions.
func (*Profile) AssumeConsole ¶ added in v0.2.3
func (c *Profile) AssumeConsole(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
func (*Profile) AssumeTerminal ¶ added in v0.2.3
func (c *Profile) AssumeTerminal(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
func (*Profile) CustomGrantedProperty ¶ added in v0.5.2
if the profile has a "granted_${name}" key, the value is returned. else an empty string
func (*Profile) InitWithPlainTextSSOToken ¶ added in v0.3.0
Initialize profile's AWS config by fetching credentials from plain-text-SSO-token located at default cache directory.
func (*Profile) LoadPlainTextSSOToken ¶ added in v0.3.0
func (p *Profile) LoadPlainTextSSOToken(ctx context.Context, profile string) (aws.Credentials, error)
Make sure credentials are available and valid.
func (*Profile) Region ¶ added in v0.2.3
Region will attempt to load the region on this profile, if it is not set, attempt to load the parent if it exists else attempts to use the sso-region else attempts to load the default config returns a region, and bool = true if the default region was used
func (*Profile) SSOLogin ¶ added in v0.2.3
func (c *Profile) SSOLogin(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
func (*Profile) SSOLoginWithToken ¶ added in v0.19.0
func (c *Profile) SSOLoginWithToken(ctx context.Context, cfg *aws.Config, accessToken *string, secureSSOTokenStorage securestorage.SSOTokensSecureStorage, configOpts ConfigOpts) (aws.Credentials, error)
func (*Profile) SSORegion ¶ added in v0.20.1
Returns the SSORegion from either the session or the profile in that order
func (*Profile) SSOScopes ¶ added in v0.21.0
[sso-session commonfate] sso_start_url = https://example.awsapps.com/start sso_region = ap-southeast-2 sso_registration_scopes = sso:account:access
However, the AWS v2 Go SDK does not support reading 'sso_registration_scopes', so in order to support this we'll need to parse and lookup the `sso-session` entries in the config file separately.
func (*Profile) SSOStartURL ¶ added in v0.20.1
Returns the SSOStartURL from either the session or the profile in that order
type Profiles ¶ added in v0.2.3
type Profiles struct { // alphabetically sorted after first load ProfileNames []string // contains filtered or unexported fields }
func LoadProfiles ¶ added in v0.2.3
LoadProfiles will load aws config files from $AWS_CONFIG_FILE, $AWS_SHARED_CREDENTIALS_FILE environment variables or defaults to ~/.aws/config and ~/.aws/credentials
func (*Profiles) GetFrecentProfiles ¶ added in v0.2.3
func (p *Profiles) GetFrecentProfiles() (*FrecentProfiles, []string)
loads the frecency cache and generates a list of profiles with frecently used profiles first, followed by alphabetically sorted profiles that have not been used with assume this method returns a FrecentProfiles pointer which should be used after selecting a profile to update the cache, it will also remove any entries which no longer exist in the aws config
func (*Profiles) HasProfile ¶ added in v0.2.3
func (*Profiles) InitialiseProfilesTree ¶ added in v0.2.3
InitialiseProfilesTree will initialise all profiles this means that the profile parent relations are walked and the profile type is determined use this if you need to know the type of every profile in the config for large configuations, this may be expensive
func (*Profiles) LoadInitialisedProfile ¶ added in v0.2.3
LoadInitialisedProfile returns an initialised profile by name this means that all the parents have been loaded and the profile type is defined
type SSOPlainTextOut ¶ added in v0.3.0
type SSOPlainTextOut struct { AccessToken string `json:"accessToken"` ExpiresAt string `json:"expiresAt"` SSOSessionName string `json:"ssoSessionName"` StartUrl string `json:"startUrl"` Region string `json:"region"` }
func CreatePlainTextSSO ¶ added in v0.3.0
func CreatePlainTextSSO(awsConfig config.SharedConfig, token *securestorage.SSOToken) *SSOPlainTextOut
CreatePlainTextSSO is currently unused. In a future version of the Granted CLI, we'll allow users to export a plaintext token from their keychain for compatibility purposes with other AWS tools.
func ReadPlaintextSsoCreds ¶ added in v0.9.1
func ReadPlaintextSsoCreds(startUrl string) (SSOPlainTextOut, error)
func (*SSOPlainTextOut) DumpToCacheDirectory ¶ added in v0.3.0
func (s *SSOPlainTextOut) DumpToCacheDirectory() error