release: 0.1.0

.gitignore

@@ -1 +1,2 @@
-.idea
+.idea
+dist

Makefile

@@ -0,0 +1,27 @@
+# Goals:
+# - user can build binaries on their system without having to install special tools
+# - user can fork the canonical repo and expect to be able to run CircleCI checks
+#
+# This makefile is meant for humans
+
+VERSION := $(shell git describe --tags --always --dirty="-dev")
+LDFLAGS := -ldflags='-X "main.Version=$(VERSION)"'
+
+test:
+	GO111MODULE=on go test -v ./...
+
+all: dist/aws-aad-$(VERSION)-darwin-amd64 dist/aws-aad-$(VERSION)-linux-amd64
+
+clean:
+	rm -rf ./dist
+
+dist/:
+	mkdir -p dist
+
+dist/aws-aad-$(VERSION)-darwin-amd64: | dist/
+	GOOS=darwin GOARCH=amd64 GO111MODULE=on go build $(LDFLAGS) -o $@
+
+dist/aws-aad-$(VERSION)-linux-amd64: | dist/
+	GOOS=linux GOARCH=amd64 GO111MODULE=on go build $(LDFLAGS) -o $@
+
+.PHONY: clean all

cmd/add.go

@@ -65,7 +65,7 @@ func add(cmd *cobra.Command, args []string) error {
 		}
 		defaultTenant := fmt.Sprintf("%s/%s", tld, organization)
 
-		aadTenant, err = lib.Prompt("will login via [https://"+defaultTenant+"]", false)
+		aadTenant, err = lib.Prompt("Will login via https://"+defaultTenant+", is that ok? (Enter/Ctrl-C)", false)
 		if err != nil {
 			return err
 		}
@@ -89,14 +89,13 @@ func add(cmd *cobra.Command, args []string) error {
 			return ErrFailedToGatherInformation
 		}
 
-		aadMiddlewareClientSecret, err = lib.Prompt("Middleware client secret", true)
+		aadMiddlewareClientSecret, err = lib.Prompt("Middleware client secret (secure-input)", true)
 		if err != nil {
 			return err
 		}
 		if aadMiddlewareClientSecret == "" {
 			return ErrFailedToGatherInformation
 		}
-
 	}
 
 	if username == "" {
@@ -118,7 +117,6 @@ func add(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	fmt.Println()
 
 	creds := lib.AADCreds{
 		Organization:           organization,

go.mod

@@ -7,6 +7,7 @@ require (
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0
 	github.com/alessio/shellescape v1.4.1
 	github.com/aws/aws-sdk-go v1.44.269
+	github.com/google/uuid v1.3.0
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/sirupsen/logrus v1.9.2
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
@@ -26,7 +27,6 @@ require (
 	github.com/dvsekhvalnov/jose2go v1.5.0 // indirect
 	github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.3 // indirect
-	github.com/google/uuid v1.3.0 // indirect
 	github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
@@ -40,4 +40,4 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-replace github.com/AzureAD/microsoft-authentication-library-for-go => ../testany/microsoft-authentication-library-for-go
+replace github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 => github.com/deamwork/microsoft-authentication-library-for-go v0.0.0-20230605033433-65a96bd0cdd6

go.sum

@@ -12,6 +12,8 @@ github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnG
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deamwork/microsoft-authentication-library-for-go v0.0.0-20230605033433-65a96bd0cdd6 h1:DQpTyqFgb4tEY5aslQn/C5ajo9TphhAurvNmdjd8hzY=
+github.com/deamwork/microsoft-authentication-library-for-go v0.0.0-20230605033433-65a96bd0cdd6/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o=
 github.com/dvsekhvalnov/jose2go v1.5.0 h1:3j8ya4Z4kMCwT5nXIKFSV84YS+HdqSSO0VsTQxaLAeM=
 github.com/dvsekhvalnov/jose2go v1.5.0/go.mod h1:QsHjhyTlD/lAVqn/NSbVZmSCGeDehTB/mPZadG+mhXU=
 github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 h1:ZpnhV/YsD2/4cESfV5+Hoeu/iUR3ruzNvZ+yQfO03a0=

lib/azure_ad.go

@@ -374,13 +374,19 @@ func (o *AADClient) AuthenticateProfile3(profileARN string, duration time.Durati
 
 	// Step 4 : Assume Role with SAML
 	log.Debug("Step 4: Assume Role with SAML")
+
 	var samlSess *session.Session
 	if region != "" {
 		log.Debugf("Using region: %s\n", region)
+
+		logLevel := aws.LogOff
+		if log.GetLevel() == log.DebugLevel {
+			logLevel = aws.LogDebug
+		}
 		conf := &aws.Config{
 			Region:              aws.String(region),
 			STSRegionalEndpoint: endpoints.RegionalSTSEndpoint,
-			LogLevel:            aws.LogLevel(aws.LogDebug),
+			LogLevel:            aws.LogLevel(logLevel),
 		}
 		samlSess = session.Must(session.NewSession(conf))
 	} else {

lib/prompt.go

@@ -16,7 +16,11 @@ func Prompt(prompt string, sensitive bool) (string, error) {
 
 func PromptWithOutput(prompt string, sensitive bool, output *os.File) (string, error) {
 	fmt.Fprintf(output, "%s: ", prompt)
-	defer fmt.Fprintf(output, "\n")
+	defer func() {
+		if sensitive {
+			fmt.Fprintf(output, "\n")
+		}
+	}()
 
 	if sensitive {
 		var input []byte

lib/utils.go

@@ -1,7 +1,6 @@
 package lib
 
 import (
-	"bytes"
 	"encoding/base64"
 	"encoding/xml"
 	"errors"
@@ -161,8 +160,6 @@ func ParseSAML(body []byte, resp *SAMLAssertion, tenant string) (err error) {
 		},
 	}
 
-	log.Debugf(string(body))
-
 	// unmarshal assertion to the template
 	if err = xml.Unmarshal(body, &r.Assertion); err != nil {
 		return
@@ -174,15 +171,13 @@ func ParseSAML(body []byte, resp *SAMLAssertion, tenant string) (err error) {
 	resp.Resp = &r
 
 	// marshal full template
-	b, err := xml.MarshalIndent(resp.Resp, "", "    ")
-	if err != nil {
-		return err
-	}
-
-	b = bytes.ReplaceAll(b, []byte("Response"), []byte("samlp:Response"))
-
-	log.Debugf(string(b))
-
+	//b, err := xml.MarshalIndent(resp.Resp, "", "    ")
+	//if err != nil {
+	//	return err
+	//}
+	//
+	//b = bytes.ReplaceAll(b, []byte("Response"), []byte("samlp:Response"))
+	//
 	// base64 encode the enriched template and write to lib.SAMLAssertion.RawData
 	//dst := make([]byte, base64.StdEncoding.EncodedLen(len(b)))
 	//base64.RawStdEncoding.Encode(dst, b)