From 5becc1a04555476789c3e18485004ebda3daa34b Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Fri, 7 Sep 2018 04:25:54 +0200 Subject: [PATCH 1/4] Move duplicate code to aws package --- aws/sts.go | 43 +++++++++++++++++++++++++++++++++++++++++++ okta/get.go | 38 +++----------------------------------- onelogin/get.go | 38 +++----------------------------------- 3 files changed, 49 insertions(+), 70 deletions(-) create mode 100644 aws/sts.go diff --git a/aws/sts.go b/aws/sts.go new file mode 100644 index 0000000..649eb3e --- /dev/null +++ b/aws/sts.go @@ -0,0 +1,43 @@ +package aws + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/sts" +) + +func AssumeSAMLRole(PrincipalArn, RoleArn, SAMLAssertion string) (*Credentials, error) { + // Assume role + input := sts.AssumeRoleWithSAMLInput{ + PrincipalArn: aws.String(PrincipalArn), + RoleArn: aws.String(RoleArn), + SAMLAssertion: aws.String(SAMLAssertion), + } + + sess := session.Must(session.NewSession()) + svc := sts.New(sess) + + // s := utils.NewSpinner() + // s.Start() + aResp, err := svc.AssumeRoleWithSAML(&input) + // s.Stop() + if err != nil { + return nil, fmt.Errorf("assuming role: %v", err) + } + + keyID := *aResp.Credentials.AccessKeyId + secretKey := *aResp.Credentials.SecretAccessKey + sessionToken := *aResp.Credentials.SessionToken + expiration := *aResp.Credentials.Expiration + + creds := Credentials{ + AccessKeyID: keyID, + SecretAccessKey: secretKey, + SessionToken: sessionToken, + Expiration: expiration, + } + + return &creds, nil +} diff --git a/okta/get.go b/okta/get.go index e2cd4a7..603b98f 100644 --- a/okta/get.go +++ b/okta/get.go @@ -3,18 +3,15 @@ package okta import ( "fmt" - awsprovider "github.com/allcloud-io/clisso/aws" + "github.com/allcloud-io/clisso/aws" "github.com/allcloud-io/clisso/config" "github.com/allcloud-io/clisso/saml" "github.com/allcloud-io/clisso/spinner" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/sts" "github.com/howeyc/gopass" ) // Get gets temporary credentials for the given app. -func Get(app, provider string) (*awsprovider.Credentials, error) { +func Get(app, provider string) (*aws.Credentials, error) { // Get provider config p, err := config.GetOktaProvider(provider) if err != nil { @@ -102,34 +99,5 @@ func Get(app, provider string) (*awsprovider.Credentials, error) { return nil, err } - // Assume role - input := sts.AssumeRoleWithSAMLInput{ - PrincipalArn: aws.String(arn.Provider), - RoleArn: aws.String(arn.Role), - SAMLAssertion: aws.String(*samlAssertion), - } - - sess := session.Must(session.NewSession()) - svc := sts.New(sess) - - s.Start() - aResp, err := svc.AssumeRoleWithSAML(&input) - s.Stop() - if err != nil { - return nil, fmt.Errorf("assuming role: %v", err) - } - - keyID := *aResp.Credentials.AccessKeyId - secretKey := *aResp.Credentials.SecretAccessKey - sessionToken := *aResp.Credentials.SessionToken - expiration := *aResp.Credentials.Expiration - - creds := awsprovider.Credentials{ - AccessKeyID: keyID, - SecretAccessKey: secretKey, - SessionToken: sessionToken, - Expiration: expiration, - } - - return &creds, nil + return aws.AssumeSAMLRole(arn.Provider, arn.Role, *samlAssertion) } diff --git a/onelogin/get.go b/onelogin/get.go index 097476b..e38f084 100644 --- a/onelogin/get.go +++ b/onelogin/get.go @@ -4,13 +4,10 @@ import ( "fmt" "time" - awsprovider "github.com/allcloud-io/clisso/aws" + "github.com/allcloud-io/clisso/aws" "github.com/allcloud-io/clisso/config" "github.com/allcloud-io/clisso/saml" "github.com/allcloud-io/clisso/spinner" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/sts" "github.com/howeyc/gopass" ) @@ -29,7 +26,7 @@ const ( // Get gets temporary credentials for the given app. // TODO Move AWS logic outside this function. -func Get(app, provider string) (*awsprovider.Credentials, error) { +func Get(app, provider string) (*aws.Credentials, error) { // Read config p, err := config.GetOneLoginProvider(provider) if err != nil { @@ -185,34 +182,5 @@ func Get(app, provider string) (*awsprovider.Credentials, error) { return nil, err } - // Assume role - pAssumeRole := sts.AssumeRoleWithSAMLInput{ - PrincipalArn: aws.String(arn.Provider), - RoleArn: aws.String(arn.Role), - SAMLAssertion: aws.String(rMfa.Data), - } - - sess := session.Must(session.NewSession()) - svc := sts.New(sess) - - s.Start() - resp, err := svc.AssumeRoleWithSAML(&pAssumeRole) - s.Stop() - if err != nil { - return nil, fmt.Errorf("assuming role: %v", err) - } - - keyID := *resp.Credentials.AccessKeyId - secretKey := *resp.Credentials.SecretAccessKey - sessionToken := *resp.Credentials.SessionToken - expiration := *resp.Credentials.Expiration - - creds := awsprovider.Credentials{ - AccessKeyID: keyID, - SecretAccessKey: secretKey, - SessionToken: sessionToken, - Expiration: expiration, - } - - return &creds, nil + return aws.AssumeSAMLRole(arn.Provider, arn.Role, rMfa.Data) } From de8a9352faf9ec5ed845322ff39bf25a963cdcb1 Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Fri, 7 Sep 2018 04:34:03 +0200 Subject: [PATCH 2/4] Enable spinner --- okta/get.go | 6 +++++- onelogin/get.go | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/okta/get.go b/okta/get.go index 603b98f..394ca98 100644 --- a/okta/get.go +++ b/okta/get.go @@ -99,5 +99,9 @@ func Get(app, provider string) (*aws.Credentials, error) { return nil, err } - return aws.AssumeSAMLRole(arn.Provider, arn.Role, *samlAssertion) + s.Start() + creds, err := aws.AssumeSAMLRole(arn.Provider, arn.Role, *samlAssertion) + s.Stop() + + return creds, err } diff --git a/onelogin/get.go b/onelogin/get.go index e38f084..629e86c 100644 --- a/onelogin/get.go +++ b/onelogin/get.go @@ -182,5 +182,9 @@ func Get(app, provider string) (*aws.Credentials, error) { return nil, err } - return aws.AssumeSAMLRole(arn.Provider, arn.Role, rMfa.Data) + s.Start() + creds, err := aws.AssumeSAMLRole(arn.Provider, arn.Role, rMfa.Data) + s.Stop() + + return creds, err } From 5f23b54e3fc269c68af179fdc523491f6777c561 Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Fri, 7 Sep 2018 04:37:38 +0200 Subject: [PATCH 3/4] fix variable not found --- aws/sts.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/aws/sts.go b/aws/sts.go index 649eb3e..d85704c 100644 --- a/aws/sts.go +++ b/aws/sts.go @@ -19,10 +19,7 @@ func AssumeSAMLRole(PrincipalArn, RoleArn, SAMLAssertion string) (*Credentials, sess := session.Must(session.NewSession()) svc := sts.New(sess) - // s := utils.NewSpinner() - // s.Start() aResp, err := svc.AssumeRoleWithSAML(&input) - // s.Stop() if err != nil { return nil, fmt.Errorf("assuming role: %v", err) } From 3970ad6067dfdd6cb66e52f06cca0e18cfb7aeda Mon Sep 17 00:00:00 2001 From: Johanan Liebermann Date: Fri, 14 Sep 2018 01:15:31 +0200 Subject: [PATCH 4/4] Remove redundant comment --- aws/sts.go | 1 - 1 file changed, 1 deletion(-) diff --git a/aws/sts.go b/aws/sts.go index d85704c..22f3583 100644 --- a/aws/sts.go +++ b/aws/sts.go @@ -9,7 +9,6 @@ import ( ) func AssumeSAMLRole(PrincipalArn, RoleArn, SAMLAssertion string) (*Credentials, error) { - // Assume role input := sts.AssumeRoleWithSAMLInput{ PrincipalArn: aws.String(PrincipalArn), RoleArn: aws.String(RoleArn),