Skip to content

Commit

Permalink
Merge pull request #59 from allcloud-jonathan/feature/streamline-saml…
Browse files Browse the repository at this point in the history
…-assume

Move duplicate code to aws package
  • Loading branch information
johananl authored Sep 13, 2018
2 parents f897399 + 3970ad6 commit baae940
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 64 deletions.
39 changes: 39 additions & 0 deletions aws/sts.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
package aws

import (
"fmt"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/sts"
)

func AssumeSAMLRole(PrincipalArn, RoleArn, SAMLAssertion string) (*Credentials, error) {
input := sts.AssumeRoleWithSAMLInput{
PrincipalArn: aws.String(PrincipalArn),
RoleArn: aws.String(RoleArn),
SAMLAssertion: aws.String(SAMLAssertion),
}

sess := session.Must(session.NewSession())
svc := sts.New(sess)

aResp, err := svc.AssumeRoleWithSAML(&input)
if err != nil {
return nil, fmt.Errorf("assuming role: %v", err)
}

keyID := *aResp.Credentials.AccessKeyId
secretKey := *aResp.Credentials.SecretAccessKey
sessionToken := *aResp.Credentials.SessionToken
expiration := *aResp.Credentials.Expiration

creds := Credentials{
AccessKeyID: keyID,
SecretAccessKey: secretKey,
SessionToken: sessionToken,
Expiration: expiration,
}

return &creds, nil
}
36 changes: 4 additions & 32 deletions okta/get.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,15 @@ package okta
import (
"fmt"

awsprovider "github.com/allcloud-io/clisso/aws"
"github.com/allcloud-io/clisso/aws"
"github.com/allcloud-io/clisso/config"
"github.com/allcloud-io/clisso/saml"
"github.com/allcloud-io/clisso/spinner"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/howeyc/gopass"
)

// Get gets temporary credentials for the given app.
func Get(app, provider string) (*awsprovider.Credentials, error) {
func Get(app, provider string) (*aws.Credentials, error) {
// Get provider config
p, err := config.GetOktaProvider(provider)
if err != nil {
Expand Down Expand Up @@ -102,34 +99,9 @@ func Get(app, provider string) (*awsprovider.Credentials, error) {
return nil, err
}

// Assume role
input := sts.AssumeRoleWithSAMLInput{
PrincipalArn: aws.String(arn.Provider),
RoleArn: aws.String(arn.Role),
SAMLAssertion: aws.String(*samlAssertion),
}

sess := session.Must(session.NewSession())
svc := sts.New(sess)

s.Start()
aResp, err := svc.AssumeRoleWithSAML(&input)
creds, err := aws.AssumeSAMLRole(arn.Provider, arn.Role, *samlAssertion)
s.Stop()
if err != nil {
return nil, fmt.Errorf("assuming role: %v", err)
}

keyID := *aResp.Credentials.AccessKeyId
secretKey := *aResp.Credentials.SecretAccessKey
sessionToken := *aResp.Credentials.SessionToken
expiration := *aResp.Credentials.Expiration

creds := awsprovider.Credentials{
AccessKeyID: keyID,
SecretAccessKey: secretKey,
SessionToken: sessionToken,
Expiration: expiration,
}

return &creds, nil
return creds, err
}
36 changes: 4 additions & 32 deletions onelogin/get.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,10 @@ import (
"fmt"
"time"

awsprovider "github.com/allcloud-io/clisso/aws"
"github.com/allcloud-io/clisso/aws"
"github.com/allcloud-io/clisso/config"
"github.com/allcloud-io/clisso/saml"
"github.com/allcloud-io/clisso/spinner"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/howeyc/gopass"
)

Expand All @@ -29,7 +26,7 @@ const (

// Get gets temporary credentials for the given app.
// TODO Move AWS logic outside this function.
func Get(app, provider string) (*awsprovider.Credentials, error) {
func Get(app, provider string) (*aws.Credentials, error) {
// Read config
p, err := config.GetOneLoginProvider(provider)
if err != nil {
Expand Down Expand Up @@ -185,34 +182,9 @@ func Get(app, provider string) (*awsprovider.Credentials, error) {
return nil, err
}

// Assume role
pAssumeRole := sts.AssumeRoleWithSAMLInput{
PrincipalArn: aws.String(arn.Provider),
RoleArn: aws.String(arn.Role),
SAMLAssertion: aws.String(rMfa.Data),
}

sess := session.Must(session.NewSession())
svc := sts.New(sess)

s.Start()
resp, err := svc.AssumeRoleWithSAML(&pAssumeRole)
creds, err := aws.AssumeSAMLRole(arn.Provider, arn.Role, rMfa.Data)
s.Stop()
if err != nil {
return nil, fmt.Errorf("assuming role: %v", err)
}

keyID := *resp.Credentials.AccessKeyId
secretKey := *resp.Credentials.SecretAccessKey
sessionToken := *resp.Credentials.SessionToken
expiration := *resp.Credentials.Expiration

creds := awsprovider.Credentials{
AccessKeyID: keyID,
SecretAccessKey: secretKey,
SessionToken: sessionToken,
Expiration: expiration,
}

return &creds, nil
return creds, err
}

0 comments on commit baae940

Please sign in to comment.