This repository has been archived by the owner on Aug 1, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
role.go
70 lines (57 loc) · 2.11 KB
/
role.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
// Copyright (C) 2019 The CodeActual Go Environment Authors.
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at https://mozilla.org/MPL/2.0/.
package idp
import (
"strings"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/pkg/errors"
"github.com/spf13/cobra"
cage_sts "github.com/codeactual/aws-exec-cmd/internal/cage/aws/v1/sts"
"github.com/codeactual/aws-exec-cmd/internal/cage/cli/handler"
"github.com/codeactual/aws-exec-cmd/internal/cage/cli/handler/mixin/aws/auth"
)
// Mixin defines the sub-command flags and logic.
type Mixin struct {
// Normally the role chain string would be defined here (instead of in the
// cli/handler/mixin/aws/auth mixin), but the latter needs it earlier than
// the Provider.Get call for the cache read (key).
}
// Implements cage/cli/handler.Mixin
func (m *Mixin) BindCobraFlags(cmd *cobra.Command) []string {
return []string{}
}
// Implements cage/cli/handler.Mixin
func (m *Mixin) Name() string {
return "cage/cli/handler/mixin/aws/auth/role"
}
// Implements cage/cli/handler/mixin/aws/auth.Provider
func (m *Mixin) Get(input auth.ProviderInput) (*credentials.Credentials, error) {
var parsedRoleChain []string
for _, role := range strings.Split(input.RoleChain, ",") {
role = strings.TrimSpace(role)
if role != "" {
parsedRoleChain = append(parsedRoleChain, role)
}
}
if len(parsedRoleChain) == 0 {
return nil, errors.New("role chain required")
}
resolveInput := cage_sts.ResolveRoleChainInput{
Chain: parsedRoleChain,
DurationSeconds: int64(input.SessionTtlSec),
}
if input.MfaSerial != "" {
resolveInput.SerialNumber = input.MfaSerial
resolveInput.TokenCode = input.MfaCode
}
id, secret, token, resolveErr := cage_sts.ResolveRoleChain(&resolveInput)
if resolveErr != nil {
return nil, errors.Wrapf(resolveErr, "failed to resolve role chain [%s]", strings.Join(parsedRoleChain, ","))
}
return credentials.NewStaticCredentials(id, secret, token), nil
}
var _ handler.Mixin = (*Mixin)(nil)
var _ auth.Provider = (*Mixin)(nil)