Documentation ¶
Index ¶
- Constants
- Variables
- func ExpandRegion(region string) (string, error)
- func ExportCredsToProfile(profileName string, creds aws.Credentials) error
- func FormatAWSErrorWithGrantedApprovalsURL(awsError error, rawConfig *ini.Section, gConf grantedConfig.Config, ...) error
- func GetCredentialsCreds(ctx context.Context, c *Profile) (aws.Credentials, error)
- func GetEnvCredentials(ctx context.Context) aws.Credentials
- func GetValidSSOTokenFromPlaintextCache(startUrl string) *securestorage.SSOToken
- func IsLegalProfileName(name string) bool
- func IsValidGrantedProfile(profile *Profile) error
- func LoadSSOSessions(configFile *ini.File) (map[string]SSOSession, error)
- func MfaTokenProvider() (string, error)
- func ParseGrantedSSOProfile(ctx context.Context, profile *Profile) (*config.SharedConfig, error)
- func PollToken(ctx context.Context, c *ssooidc.Client, clientSecret string, clientID string, ...) (*ssooidc.CreateTokenOutput, error)
- func RegisterAssumer(a Assumer, position int)
- func SSODeviceCodeFlowFromStartUrl(ctx context.Context, cfg aws.Config, startUrl string) (*securestorage.SSOToken, error)
- func SsoCredsAreInConfigCache() bool
- func TypeCredsToAwsCreds(c types.Credentials) aws.Credentials
- func TypeRoleCredsToAwsCreds(c ssotypes.RoleCredentials) aws.Credentials
- func UpdateFrecencyCache(selectedProfile string)
- func WriteCredentialsToDotenv(region string, creds aws.Credentials) error
- type Assumer
- type AwsAzureLoginAssumer
- func (aal *AwsAzureLoginAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (aal *AwsAzureLoginAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (aal *AwsAzureLoginAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
- func (aal *AwsAzureLoginAssumer) Type() string
- type AwsGoogleAuthAssumer
- func (aia *AwsGoogleAuthAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (aia *AwsGoogleAuthAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (aia *AwsGoogleAuthAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
- func (aia *AwsGoogleAuthAssumer) Type() string
- type AwsIamAssumer
- func (aia *AwsIamAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (aia *AwsIamAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (aia *AwsIamAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
- func (aia *AwsIamAssumer) Type() string
- type AwsSsoAssumer
- func (asa *AwsSsoAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (asa *AwsSsoAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (asa *AwsSsoAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
- func (asa *AwsSsoAssumer) Type() string
- type ConfigFileLoader
- type ConfigOpts
- type CredProv
- type CredentialProcessAssumer
- func (cpa *CredentialProcessAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (cpa *CredentialProcessAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
- func (cpa *CredentialProcessAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
- func (cpa *CredentialProcessAssumer) Type() string
- type FileLoader
- type FrecentProfiles
- type PollingConfig
- type Profile
- func (c *Profile) AssumeConsole(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
- func (c *Profile) AssumeTerminal(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
- func (p *Profile) CustomGrantedProperty(name string) string
- func (p *Profile) InitWithPlainTextSSOToken(ctx context.Context, awsCred aws.Credentials) error
- func (p *Profile) LoadPlainTextSSOToken(ctx context.Context, profile string) (aws.Credentials, error)
- func (p *Profile) Region(ctx context.Context) (string, error)
- func (c *Profile) SSOLogin(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
- type Profiles
- func (p *Profiles) GetFrecentProfiles() (*FrecentProfiles, []string)
- func (p *Profiles) HasProfile(profile string) bool
- func (p *Profiles) InitialiseProfilesTree(ctx context.Context)
- func (p *Profiles) LoadInitialisedProfile(ctx context.Context, profile string) (*Profile, error)
- func (p *Profiles) Profile(profile string) (*Profile, error)
- type SSOPlainTextOut
- type SSOSession
Constants ¶
const DefaultRegion = "us-east-1"
const (
// permission for user to read/write/execute.
USER_READ_WRITE_PERM = 0700
)
Variables ¶
var ErrProfileNotFound error = errors.New("profile not found")
var ErrProfileNotInitialised error = errors.New("profile not initialised")
var ErrTimeout error = errors.New("polling for device authorization token timed out")
Functions ¶
func ExpandRegion ¶ added in v0.2.3
ExpandRegion takes a string and attemps to expand it into a fully formed region e.g ue1 -> us-east-1
If region is an empty string, the DefaultRegion is returned ¶
ExpandRegion does not attempt to fully validate regions and may produce regions which do not exist, for example as2 -> ap-south-2 which is not a valid region
func ExportCredsToProfile ¶ added in v0.1.17
func ExportCredsToProfile(profileName string, creds aws.Credentials) error
ExportCredsToProfile will write assumed credentials to ~/.aws/credentials with a specified profile name header
func FormatAWSErrorWithGrantedApprovalsURL ¶ added in v0.5.0
func FormatAWSErrorWithGrantedApprovalsURL(awsError error, rawConfig *ini.Section, gConf grantedConfig.Config, SSORoleName string, SSOAccountId string) error
GetGrantedApprovalsURL returns the URL which users can request access to a particular role at.
To return a request URL, a base URL for a Granted Approvals deployment must be set. The base URL can be provided in a couple of ways and is read in the following order of priority:
1. By setting the '--url' flag with the Granted credentials_process command
2. By setting a global request URL with the command 'granted settings request-url set'
If neither of the approaches above returns a URL, this method returns a message indicating that the request URL hasn't been set up.
func GetCredentialsCreds ¶ added in v0.1.8
func GetEnvCredentials ¶ added in v0.1.6
func GetEnvCredentials(ctx context.Context) aws.Credentials
loads the environment variables and hydrates an aws.config if they are present
func GetValidSSOTokenFromPlaintextCache ¶ added in v0.9.1
func GetValidSSOTokenFromPlaintextCache(startUrl string) *securestorage.SSOToken
func IsLegalProfileName ¶ added in v0.5.0
Helper function which returns true if provided profile name string does not contain illegal characters
func IsValidGrantedProfile ¶ added in v0.3.0
For `granted login` cmd, we have to make sure 'granted' prefix is added to the aws config file.
func LoadSSOSessions ¶ added in v0.5.2
func LoadSSOSessions(configFile *ini.File) (map[string]SSOSession, error)
func MfaTokenProvider ¶ added in v0.1.12
func ParseGrantedSSOProfile ¶ added in v0.5.0
func PollToken ¶
func PollToken(ctx context.Context, c *ssooidc.Client, clientSecret string, clientID string, deviceCode string, cfg PollingConfig) (*ssooidc.CreateTokenOutput, error)
PollToken will poll for a token and return it once the authentication/authorization flow has been completed in the browser
func RegisterAssumer ¶ added in v0.1.6
RegisterAssumer allows assumers to be registered when using this library as a package in other projects position = -1 will append the assumer position to insert assumer
func SSODeviceCodeFlowFromStartUrl ¶ added in v0.3.0
func SSODeviceCodeFlowFromStartUrl(ctx context.Context, cfg aws.Config, startUrl string) (*securestorage.SSOToken, error)
SSODeviceCodeFlowFromStartUrl contains all the steps to complete a device code flow to retrieve an SSO token
func SsoCredsAreInConfigCache ¶ added in v0.9.1
func SsoCredsAreInConfigCache() bool
check if a valid ~/.aws/sso/cache file exists
func TypeCredsToAwsCreds ¶
func TypeCredsToAwsCreds(c types.Credentials) aws.Credentials
func TypeRoleCredsToAwsCreds ¶
func TypeRoleCredsToAwsCreds(c ssotypes.RoleCredentials) aws.Credentials
func UpdateFrecencyCache ¶
func UpdateFrecencyCache(selectedProfile string)
use this to update frecency cache when the profile is supplied by the commandline
func WriteCredentialsToDotenv ¶ added in v0.1.16
func WriteCredentialsToDotenv(region string, creds aws.Credentials) error
WriteCredentialsToDotenv will check if a .env file exists and prompt to create one if it does not. After the file exists, it will be opened, credentaisl added and then written to disc
Types ¶
type Assumer ¶ added in v0.1.6
type Assumer interface { // AssumeTerminal should follow the required process for it implemetation and return aws credentials ready to be exported to the terminal environment AssumeTerminal(context.Context, *Profile, ConfigOpts) (aws.Credentials, error) // AssumeConsole should follow any console specific credentials processes, this may be the same as AssumeTerminal under the hood AssumeConsole(context.Context, *Profile, ConfigOpts) (aws.Credentials, error) // A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH Type() string // ProfileMatchesType takes a list of strings which are the lines in an aws config profile and returns true if this profile is the assumers type ProfileMatchesType(*ini.Section, config.SharedConfig) bool }
Added support for optional pass through args on proxy sso provider When using a sso provider adding pass through flags can be achieved by adding the -pass-through or -pt flag EG. assume role-a -pt --mode -pt gui (Run the proxy login with a gui rather than in cli. Example taken from aws-azure-login)
func AssumerFromType ¶ added in v0.1.6
type AwsAzureLoginAssumer ¶ added in v0.1.6
type AwsAzureLoginAssumer struct { }
Implements Assumer
func (*AwsAzureLoginAssumer) AssumeConsole ¶ added in v0.1.6
func (aal *AwsAzureLoginAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
func (*AwsAzureLoginAssumer) AssumeTerminal ¶ added in v0.1.6
func (aal *AwsAzureLoginAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
then fetch them from the environment for use
func (*AwsAzureLoginAssumer) ProfileMatchesType ¶ added in v0.1.6
func (aal *AwsAzureLoginAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
inspect for any items on the profile prefixed with "AZURE_"
func (*AwsAzureLoginAssumer) Type ¶ added in v0.1.6
func (aal *AwsAzureLoginAssumer) Type() string
A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH
type AwsGoogleAuthAssumer ¶ added in v0.1.6
type AwsGoogleAuthAssumer struct { }
Implements Assumer
func (*AwsGoogleAuthAssumer) AssumeConsole ¶ added in v0.1.6
func (aia *AwsGoogleAuthAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
func (*AwsGoogleAuthAssumer) AssumeTerminal ¶ added in v0.1.6
func (aia *AwsGoogleAuthAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
launch the aws-google-auth utility to generate the credentials then fetch them from the environment for use
func (*AwsGoogleAuthAssumer) ProfileMatchesType ¶ added in v0.1.6
func (aia *AwsGoogleAuthAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
inspect for any items on the profile prefixed with "google_config."
func (*AwsGoogleAuthAssumer) Type ¶ added in v0.1.6
func (aia *AwsGoogleAuthAssumer) Type() string
A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH
type AwsIamAssumer ¶ added in v0.1.6
type AwsIamAssumer struct { }
Implements Assumer
func (*AwsIamAssumer) AssumeConsole ¶ added in v0.1.6
func (aia *AwsIamAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
if required will get a FederationToken to be used to launch the console This is required if the iam profile does not assume a role using sts.AssumeRole
func (*AwsIamAssumer) AssumeTerminal ¶ added in v0.1.6
func (aia *AwsIamAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
Default behaviour is to use the sdk to retrieve the credentials from the file For launching the console there is an extra step GetFederationToken that happens after this to get a session token
func (*AwsIamAssumer) ProfileMatchesType ¶ added in v0.1.6
func (aia *AwsIamAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
Matches the profile type on whether it is not an sso profile. this will also match other types that are not sso profiles so it should be the last option checked when determining the profile type
func (*AwsIamAssumer) Type ¶ added in v0.1.6
func (aia *AwsIamAssumer) Type() string
A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH
type AwsSsoAssumer ¶ added in v0.1.6
type AwsSsoAssumer struct { }
Implements Assumer
func (*AwsSsoAssumer) AssumeConsole ¶ added in v0.1.6
func (asa *AwsSsoAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
func (*AwsSsoAssumer) AssumeTerminal ¶ added in v0.1.6
func (asa *AwsSsoAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
func (*AwsSsoAssumer) ProfileMatchesType ¶ added in v0.1.6
func (asa *AwsSsoAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
Matches the profile type on whether it is an sso profile by checking for ssoaccountid.
func (*AwsSsoAssumer) Type ¶ added in v0.1.6
func (asa *AwsSsoAssumer) Type() string
type ConfigFileLoader ¶ added in v0.5.2
type ConfigOpts ¶ added in v0.1.14
type CredProv ¶
type CredProv struct{ aws.Credentials }
CredProv implements the aws.CredentialProvider interface
type CredentialProcessAssumer ¶ added in v0.1.6
type CredentialProcessAssumer struct { }
Implements Assumer using the aws credential_process standard
func (*CredentialProcessAssumer) AssumeConsole ¶ added in v0.1.6
func (cpa *CredentialProcessAssumer) AssumeConsole(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
func (*CredentialProcessAssumer) AssumeTerminal ¶ added in v0.1.6
func (cpa *CredentialProcessAssumer) AssumeTerminal(ctx context.Context, c *Profile, configOpts ConfigOpts) (aws.Credentials, error)
func (*CredentialProcessAssumer) ProfileMatchesType ¶ added in v0.1.6
func (cpa *CredentialProcessAssumer) ProfileMatchesType(rawProfile *ini.Section, parsedProfile config.SharedConfig) bool
inspect for any credential processes with the saml2aws tool
func (*CredentialProcessAssumer) Type ¶ added in v0.1.6
func (cpa *CredentialProcessAssumer) Type() string
A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH
type FileLoader ¶ added in v0.5.2
type FileLoader struct {
FilePath string
}
func (FileLoader) Load ¶ added in v0.5.2
func (f FileLoader) Load() (*ini.File, error)
func (FileLoader) Path ¶ added in v0.5.2
func (f FileLoader) Path() string
type FrecentProfiles ¶
type FrecentProfiles struct {
// contains filtered or unexported fields
}
func (*FrecentProfiles) Update ¶
func (f *FrecentProfiles) Update(selectedProfile string)
should be called after selecting a profile to update frecency cache wrap this method in a go routine to avoid blocking the user
type PollingConfig ¶
type Profile ¶ added in v0.2.3
type Profile struct { // allows access to the raw values from the file RawConfig *ini.Section Name string // the file that this profile is from File string ProfileType string // ordered from root to direct parent profile Parents []*Profile // the original config, some values may be empty strings depending on the type or profile AWSConfig config.SharedConfig Initialised bool LoadingError error HasSecureStorageIAMCredentials bool // AWS SDK doesn't support sso_session yet so we check for it manually SSOSession *SSOSession }
func (*Profile) AssumeConsole ¶ added in v0.2.3
func (c *Profile) AssumeConsole(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
func (*Profile) AssumeTerminal ¶ added in v0.2.3
func (c *Profile) AssumeTerminal(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
func (*Profile) CustomGrantedProperty ¶ added in v0.5.2
if the profile has a "granted_${name}" key, the value is returned. else an empty string
func (*Profile) InitWithPlainTextSSOToken ¶ added in v0.3.0
Initialize profile's AWS config by fetching credentials from plain-text-SSO-token located at default cache directory.
func (*Profile) LoadPlainTextSSOToken ¶ added in v0.3.0
func (p *Profile) LoadPlainTextSSOToken(ctx context.Context, profile string) (aws.Credentials, error)
Make sure credentials are available and valid.
func (*Profile) Region ¶ added in v0.2.3
Region will attempt to load the region on this profile, if it is not set, attempt to load the parent if it exists else attempts to use the sso-region else attempts to load the default config returns a region, and bool = true if the default region was used
func (*Profile) SSOLogin ¶ added in v0.2.3
func (c *Profile) SSOLogin(ctx context.Context, configOpts ConfigOpts) (aws.Credentials, error)
type Profiles ¶ added in v0.2.3
type Profiles struct { // alphabetically sorted after first load ProfileNames []string // contains filtered or unexported fields }
func LoadProfiles ¶ added in v0.2.3
func LoadProfiles(configFileLoader, credentialsFileLoader ConfigFileLoader) (*Profiles, error)
func LoadProfilesFromDefaultFiles ¶ added in v0.5.2
func (*Profiles) GetFrecentProfiles ¶ added in v0.2.3
func (p *Profiles) GetFrecentProfiles() (*FrecentProfiles, []string)
loads the frecency cache and generates a list of profiles with frecently used profiles first, followed by alphabetically sorted profiles that have not been used with assume this method returns a FrecentProfiles pointer which should be used after selecting a profile to update the cache, it will also remove any entries which no longer exist in the aws config
func (*Profiles) HasProfile ¶ added in v0.2.3
func (*Profiles) InitialiseProfilesTree ¶ added in v0.2.3
InitialiseProfilesTree will initialise all profiles this means that the profile parent relations are walked and the profile type is determined use this if you need to know the type of every profile in the config for large configuations, this may be expensive
func (*Profiles) LoadInitialisedProfile ¶ added in v0.2.3
LoadInitialisedProfile returns an initialised profile by name this means that all the parents have been loaded and the profile type is defined
type SSOPlainTextOut ¶ added in v0.3.0
type SSOPlainTextOut struct { AccessToken string `json:"accessToken"` ExpiresAt string `json:"expiresAt"` StartUrl string `json:"startUrl"` Region string `json:"region"` }
func CreatePlainTextSSO ¶ added in v0.3.0
func CreatePlainTextSSO(awsConfig config.SharedConfig, token *securestorage.SSOToken) *SSOPlainTextOut
CreatePlainTextSSO is currently unused. In a future version of the Granted CLI, we'll allow users to export a plaintext token from their keychain for compatibility purposes with other AWS tools.
func ReadPlaintextSsoCreds ¶ added in v0.9.1
func ReadPlaintextSsoCreds(startUrl string) (SSOPlainTextOut, error)
func (*SSOPlainTextOut) DumpToCacheDirectory ¶ added in v0.3.0
func (s *SSOPlainTextOut) DumpToCacheDirectory() error