Okta #50
Okta #50
Conversation
| @@ -1,63 +1,80 @@ | |||
| Key Conjurer | |||
There was a problem hiding this comment.
Ignore this, this is mostly my autoformatter going crazy. This will be updated in a separate request when we ahve time.
| ) | ||
|
|
||
| // Duo scripts the Duo Web API interaction | ||
| type Duo struct { | ||
| logger *logrus.Entry |
There was a problem hiding this comment.
The logging behind Duo was removed because all of the messages that were logged were always logged right before an error - so the messages were moved into the error handling so the caller can handle them.
| @@ -1,14 +1,11 @@ | |||
| package oneloginduo | |||
| package duo | |||
There was a problem hiding this comment.
This was moved to re-use the Duo functionality in the Okta client
| @@ -0,0 +1,301 @@ | |||
| package okta | |||
There was a problem hiding this comment.
This file handles working with the /api/v1/authn API from Okta. This isn't provided to us by the SDK so we have to do it ourselves.
| return fmt.Errorf("unable to create %s reason: %w", fp, err) | ||
| } | ||
|
|
||
| defer file.Close() |
There was a problem hiding this comment.
Writes the configuration file changes, if any, and closes the file handle on shutdown
| config.TTL = uint(ttl) | ||
| return nil | ||
| }, | ||
| } | ||
|
|
||
| var setTimeRemainingCmd = &cobra.Command{ |
There was a problem hiding this comment.
Logging in was pointless here, so it was removed
|
|
||
| var setTTLCmd = &cobra.Command{ | ||
| Use: "ttl <ttl>", | ||
| Short: "Sets ttl value in number of hours.", | ||
| Long: "Sets ttl value in number of hours.", | ||
| Args: cobra.ExactArgs(1), | ||
| RunE: func(cmd *cobra.Command, args []string) error { | ||
| userData, err := keyconjurer.Login(keyConjurerRcPath, false) |
There was a problem hiding this comment.
Logging in was pointless here, so it was removed
| @@ -0,0 +1,86 @@ | |||
| package main | |||
There was a problem hiding this comment.
This is the new functionality for using the Bastion account, which is a workaround due to technical limitations in AD if I remember correctly. The purpose of this command is to allow users to retrieve temporary session credentials for a "bastion" account, with which they can then "assume role" into any other account.
| @@ -23,6 +23,10 @@ | |||
| } | |||
There was a problem hiding this comment.
Auto formatter went wild, sorry.
This PR addresses all the changes required for supporting Okta within KeyConjurer. The README should be ignored as while it is partially up to date it hasn't been updated due to a focus on functionality. I've left comments inline of decisions made if they aren't obvious or seem strange.
Also please do not be intimidated by the file count. A large number of those files were me moving files from one folder to another. This was done in order to better share code between the client and the server or to reduce unnecessary nesting.
That said, this PR was always destined to be large, and was around +2500-2000 before any of the auto-formatting and colocation of code because the changes that needed to be made essentially touched every aspect of the application.