-
Notifications
You must be signed in to change notification settings - Fork 0
/
authentication.go
63 lines (53 loc) · 1.69 KB
/
authentication.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
// Copyright 2018, Jon Hadfield <jon@lessknown.co.uk>
// This file is part of ape.
// ape is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// ape is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with ape. If not, see <http://www.gnu.org/licenses/>.
package helpers
import (
"fmt"
"os"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/pkg/errors"
)
func GetSession() (sess *session.Session) {
sess, err := session.NewSession()
if err != nil {
OutputError(err)
os.Exit(1)
}
return sess
}
type GetAssumeRoleCredsInput struct {
Sess *session.Session
AccountID string
RoleArn string
RoleName string
ExternalID string
}
func GetAssumeRoleCreds(input GetAssumeRoleCredsInput) (creds *credentials.Credentials, err error) {
var roleArn string
if input.RoleArn != "" {
roleArn = input.RoleArn
} else {
roleArn = fmt.Sprintf("arn:aws:iam::%s:role/%s", input.AccountID, input.RoleName)
}
// TODO: Test without external id specified
creds = stscreds.NewCredentials(input.Sess, roleArn, func(p *stscreds.AssumeRoleProvider) {
p.ExternalID = &input.ExternalID
})
_, err = creds.Get()
if err != nil {
err = errors.WithStack(err)
}
return
}