aws

Documentation

Index

• func AssumeRoleWithSAML(roleArn, principalArn, samlAssertion string) (*sts.AssumeRoleWithSAMLOutput, error)
• func InterceptChromeAuthRequest(ev interface{}, responseChan chan AWSResponse, cancel context.CancelFunc)
• func UpdateAWSCredentialsFile(credentials map[string]AwsCredentialsEntry) error
• type AWSResponse
• type AwsCredentialsEntry
• type AwsRole
  • func ParseRolesFromSamlResponse(assertion string) ([]AwsRole, *string, error)

Functions

func AssumeRoleWithSAML

func AssumeRoleWithSAML(roleArn, principalArn, samlAssertion string) (*sts.AssumeRoleWithSAMLOutput, error)

AssumeRoleWithSAML assumes a role in AWS using a SAML assertion. It creates a new session with the default AWS configuration, creates a new STS client, and then calls the AssumeRoleWithSAML API with the provided role ARN, principal ARN, and SAML assertion. The function returns the AssumeRoleWithSAMLOutput result and any error encountered during the process.

Parameters: - roleArn: The ARN of the IAM role to assume. - principalArn: The ARN of the IAM principal (user or federated user) that is making the AssumeRoleWithSAML call. - samlAssertion: The base64-encoded SAML assertion obtained from the identity provider.

Returns: - *sts.AssumeRoleWithSAMLOutput: The result of the AssumeRoleWithSAML API call. - error: An error if any error occurs during the process, or nil if the operation is successful.

func InterceptChromeAuthRequest

func InterceptChromeAuthRequest(ev interface{}, responseChan chan AWSResponse, cancel context.CancelFunc)

InterceptChromeAuthRequest intercepts a network request made by Chrome to the AWS sign-in page and processes the SAML response. If a valid SAML response is found, it decodes and inflates the response, extracts the AWS roles, and sends the response through a channel.

Parameters: - ev: An interface representing the network event. It should be of type *network.EventRequestWillBeSent. - responseChan: A channel of type AWSResponse where the processed response will be sent. - cancel: A context.CancelFunc to cancel the network request if necessary.

func UpdateAWSCredentialsFile

func UpdateAWSCredentialsFile(credentials map[string]AwsCredentialsEntry) error

UpdateAWSCredentialsFile updates the AWS credentials file with the given credentials. The function reads the existing credentials file, updates or inserts the given credentials, and writes the updated content back to the file.

Parameters:

• credentials: A map containing the profile names as keys and AwsCredentialsEntry structs as values. Each AwsCredentialsEntry struct represents the AWS credentials for a specific profile.

Returns: - An error if any error occurs during the process, or nil if the operation is successful.

Types

type AWSResponse

type AWSResponse struct {
	Roles        []AwsRole
	SAMLResponse string
}

type AwsCredentialsEntry

type AwsCredentialsEntry struct {
	AccessKeyID     string    `yaml:"aws_access_key_id"`
	SecretAccessKey string    `yaml:"aws_secret_access_key"`
	SessionToken    string    `yaml:"aws_session_token"`
	Expiration      time.Time `yaml:"expiration"`
}

type AwsRole

type AwsRole struct {
	RoleArn      string
	PrincipalArn string
}

func ParseRolesFromSamlResponse

func ParseRolesFromSamlResponse(assertion string) ([]AwsRole, *string, error)

ParseRolesFromSamlResponse extracts AWS roles and the SAML response from a given assertion. It decodes the assertion, extracts the SAML response, and parses the roles from the SAML response.

Parameters: - assertion: A base64-encoded SAML assertion obtained from the identity provider.

Returns: - roles: A slice of AwsRole structs representing the extracted AWS roles. - samlResponse: A pointer to a string containing the base64-encoded SAML response. - error: An error if any error occurs during the process, or nil if the operation is successful.