Merge pull request #13 from GESkunkworks/flows

Flows
GESkunkworks · Jan 13, 2020 · 4442e33 · 4442e33
2 parents 3970e9f + 09acdb0
commit 4442e33
Show file tree

Hide file tree

Showing 10 changed files with 428 additions and 23 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,4 +3,6 @@ Jecrets
 *.swp
 *.log.json
 output*/
+*.coverprofile
+.DS_Store
 
diff --git a/.travis.yml b/.travis.yml
@@ -1,6 +1,6 @@
 language: go
 go:
-- '1.12'
+  - '1.12'
 script:
   - 'if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then make pr; fi'
   - 'if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then make nonpr; fi'
@@ -18,3 +18,4 @@ env:
   global:
   - secure: eP6OwhML6aiv4xvRPM4fLqaPWNLDJhjs6apH5anHjGgkCwY+OjEO+ABGiy2VPQOCXgpnwQBC5QZWSOBPffamBujyoXMFccebp0MxcS9FapKDI/OUVgk3cGCkNikDFeA/DJXgjjkTRB48LMzuOI/E/3aBvteQL4OfWpTFUGuZfp/GU2lcxBfG0uLO5crBFwHpZ9tbjxSvOsMS7rsOQ3Xybb7mN56HbmGCyh9Hd78ftK/b7pHzMLnnzp7MK9N5DLfvPWbM3SJfOmGOwQ0OK4T0t1MWiWWWtAFCyiXPHLJ/bKuwV3IYk9di7qaa8osFoQhazmfySqO5HPvVxIgySDh4W1wBl9BuwMFXXcnf9z8IPKWrKhRvtfWj+Z2B/DGlUh1utTpyoXLqHEf3v39aOWsLeZdpUOkeAmSygSdRrAEvNpbBmi/TphqARvZdTbS2EKXZo6ESrPndFQjBtXbLR8GWLrTFgAsPCLWOC6QE7yt6XIinZVP7WrLqnI4+sDl3KLEIXVgAc25pwClrguXt5/oa/xC3FZnHsO7sTeEE+KnoLPNVzxLE1JfMUtkeFZtymRVtjRYa8LVppCIJnEY1ceah3OU3iv1VSG1DYNxcSWwv6lQ8f3/N7Zfl0dFiLjVacGqedpPhg4Uhjuzc13BiTFaLGB5Wq7XUmCq5cqawhq9ItOk=
   - secure: kRTuhV8zaW5b/MO3tjc+8UMM04w2wPiwvWQz5D51HctTN3chBKulVcJrimGeT6hT260NrNfoPWp1zYDdykAFVFf9tlNOdvx5ftTjB+cTiveh344jx98HUQw3MD/0wpQsQWXmBcDU5En52nE3jOuA6LWYcH+oZKMJI9guKKPHm0BWnhHGqK9q6meCCEWcES5BJGj2aKXAppuG4tj3bXSh5wwBXVfSlwoXeqDe7ECbx4MlO243hZx2QijQx89tnmchmfB4kwkKcTnzmBCAPw89dRQY5YvouhSwXyPQ1WwshLmmVA6JJJia0LdkT89BUKj48Y9ia5GCDRYwSodvWtxyYePy9uFt/ejXjzVKFPAp3ois18i2rfIvQjJG3gbQCNicqXr3I0+yp0i/j33pXUoR7lJU/9YB11J/4Myq0Hf+vy4q6SQSAMHB/6VaXKRgnHeCBEXO8SVg9bWm/Tcof7jy7MyieBr3n9Hn79Tdtg9utTwE5vMToysMJDpX3XKwrva3J5VFc3tNb5xOP5HS0EkKvuofOWG5tK6QeFKAqsJ/B/Nk5WFD9T81bczQngwX0Yyd/6PenLVCNXxBbzOKq5FLVqri44Q+NaDBzS66/d33P5dnyx280E+ARr1xptYdshQ0fyvshexY1/LPRh2vQghs1+H50p46gGvywKFhNsRSMHw=
+  - GO111MODULE=on
diff --git a/Makefile b/Makefile
@@ -14,16 +14,17 @@ build_dir_mac := output-mac
 build_dir_windows := output-windows
 
 # Can't use secrets in pull request builds
-pr: deps testlite configure build-linux build-mac build-windows
+pr: testlite configure build-linux build-mac build-windows
 
 nonpr: build
 
-build: deps testfull configure build-linux build-mac build-windows
+build: testfull configure build-linux build-mac build-windows
 
-bare: deps configure build-linux build-mac build-windows
+buildlocal: export TRAVIS_TAG = "9.9.9"
+buildlocal: export TRAVIS_BUILD_NUMBER = "1"
+buildlocal: testlite testlite configure build-linux build-mac build-windows
 
-deps:
-	go get -t ./...
+bare: configure build-linux build-mac build-windows
 
 testlite:
 	go get golang.org/x/tools/cmd/cover
@@ -36,6 +37,7 @@ testlite:
 testfull: testlite
 	goveralls -coverprofile gover.coverprofile -service=travis-ci -repotoken $(COVERALLS_TOKEN) 
 
+
 configure:
 	mkdir $(build_dir)
 	mkdir $(build_dir_linux)

diff --git a/go.mod b/go.mod
@@ -0,0 +1,19 @@
+module github.com/GESkunkworks/gossamer
+
+go 1.12
+
+require (
+	github.com/GESkunkworks/acfmgr v1.0.3
+	github.com/aws/aws-sdk-go v1.28.0
+	github.com/go-stack/stack v1.8.0 // indirect
+	github.com/inconshreveable/log15 v0.0.0-20200109203555-b30bc20e4fd1
+	github.com/mattn/go-colorable v0.1.4 // indirect
+	github.com/mattn/go-isatty v0.0.11 // indirect
+	github.com/mattn/goveralls v0.0.5 // indirect
+	github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5 // indirect
+	github.com/sozorogami/gover v0.0.0-20171022184752-b58185e213c5 // indirect
+	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
+	golang.org/x/net v0.0.0-20190620200207-3b0461eec859
+	golang.org/x/tools v0.0.0-20200113202226-4da8041706e9 // indirect
+	gopkg.in/yaml.v2 v2.2.7
+)
diff --git a/go.sum b/go.sum
@@ -0,0 +1,49 @@
+github.com/GESkunkworks/acfmgr v1.0.1 h1:O9Tjg6WBT9Wa/03rYX0ZBQ2WJxRA/04lRwunIBoXwig=
+github.com/GESkunkworks/acfmgr v1.0.1/go.mod h1:qc69JWl+y3ODYv4kDzca+/6+3ZH4W/qLfee7SrpUKCA=
+github.com/GESkunkworks/acfmgr v1.0.2 h1:fZmdqqGzKfaqDdSaBkLJZhda14B2QmtrdYAeXmK7Bqo=
+github.com/GESkunkworks/acfmgr v1.0.2/go.mod h1:OV8LBsMAsK9Gkl/Dh6jhDwR379byQ4HbwPyj9l2S3fQ=
+github.com/GESkunkworks/acfmgr v1.0.3 h1:A8/DgdnUFX7+dJ/m88aK7BWCtuqsZtVlUDIKAD508Nk=
+github.com/GESkunkworks/acfmgr v1.0.3/go.mod h1:OV8LBsMAsK9Gkl/Dh6jhDwR379byQ4HbwPyj9l2S3fQ=
+github.com/aws/aws-sdk-go v1.28.0 h1:NkmnHFVEMTRYTleRLm5xUaL1mHKKkYQl4rCd+jzD58c=
+github.com/aws/aws-sdk-go v1.28.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/inconshreveable/log15 v0.0.0-20200109203555-b30bc20e4fd1 h1:KUDFlmBg2buRWNzIcwLlKvfcnujcHQRQ1As1LoaCLAM=
+github.com/inconshreveable/log15 v0.0.0-20200109203555-b30bc20e4fd1/go.mod h1:cOaXtrgN4ScfRrD9Bre7U1thNq5RtJ8ZoP4iXVGRj6o=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA=
+github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.11 h1:FxPOTFNqGkuDUGi3H/qkUbQO4ZiBa2brKq5r0l8TGeM=
+github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
+github.com/mattn/goveralls v0.0.5 h1:spfq8AyZ0cCk57Za6/juJ5btQxeE1FaEGMdfcI+XO48=
+github.com/mattn/goveralls v0.0.5/go.mod h1:Xg2LHi51faXLyKXwsndxiW6uxEEQT9+3sjGzzwU4xy0=
+github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5 h1:8Q0qkMVC/MmWkpIdlvZgcv2o2jrlF6zqVOh7W5YHdMA=
+github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8=
+github.com/sozorogami/gover v0.0.0-20171022184752-b58185e213c5 h1:TAPeDBsd52dRWoWzf5trgBzxzMYHTYjYI+4xNyCdoCU=
+github.com/sozorogami/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:nHNlDYIQZn44RvqH0kCpl/dMMVWXkav0QIgzGxV1Ab4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859 h1:R/3boaszxrf1GEUWTVDzSKVwLmSJpwZ1yqXm8j0v2QI=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/tools v0.0.0-20200113040837-eac381796e91/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200113154838-30cae5f2fb06 h1:2CO16rKD6U0HaguVX/TdalEJwNYfoUrHC+KShDytyqc=
+golang.org/x/tools v0.0.0-20200113154838-30cae5f2fb06/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200113202226-4da8041706e9 h1:I7gpGTa2XflDylc2MwmkncdiQ//IhYmFTw3seY2W5vU=
+golang.org/x/tools v0.0.0-20200113202226-4da8041706e9/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo=
+gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/goslogger/goslogger.go b/goslogger/goslogger.go
@@ -36,3 +36,21 @@ func SetLogger(daemonFlag bool, logFileS, loglevel string) {
 				log15.Must.FileHandler(logFileS, log15.JsonFormat()))))
 	}
 }
+
+// SetTestLogger sets up an appropriate logger for running tests
+func SetLoggerTesting(loglevel string) {
+	Loggo = log15.New()
+	if loglevel == "debug" {
+		// log to stdout only
+		Loggo.SetHandler(
+			log15.LvlFilterHandler(
+				log15.LvlDebug,
+				log15.StreamHandler(os.Stdout, log15.LogfmtFormat())))
+	} else {
+		// log to stdout only
+		Loggo.SetHandler(
+			log15.LvlFilterHandler(
+				log15.LvlInfo,
+				log15.StreamHandler(os.Stdout, log15.LogfmtFormat())))
+	}
+}
diff --git a/gossamer/calls.go b/gossamer/calls.go
@@ -2,14 +2,51 @@ package gossamer
 
 import (
 	"errors"
+	"fmt"
 	"github.com/GESkunkworks/gossamer/goslogger"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/sts"
+	"github.com/aws/aws-sdk-go/service/sts/stsiface"
+
 	"strings"
 )
 
-func assumeSAMLRoleWithSession(principalArn, roleArn, roleSessionName, assertion *string, duration *int64, client *sts.STS) (*sts.Credentials, error) {
+func detectNilStringPointer(label string, pointer *string) (isnil bool, err error) {
+	if pointer == nil {
+		isnil = true
+		msg := fmt.Sprintf("%s is nil", label)
+		err = errors.New(msg)
+	}
+	return isnil, err
+}
+
+func detectNilInt64Pointer(label string, pointer *int64) (isnil bool, err error) {
+	if pointer == nil {
+		isnil = true
+		msg := fmt.Sprintf("%s is nil", label)
+		err = errors.New(msg)
+	}
+	return isnil, err
+}
+
+func assumeSAMLRoleWithSession(principalArn, roleArn, roleSessionName, assertion *string, duration *int64, client stsiface.STSAPI) (*sts.Credentials, error) {
+	var c *sts.Credentials
+	if isnil, err := detectNilStringPointer("principalArn", principalArn); isnil {
+		return c, err
+	}
+	if isnil, err := detectNilStringPointer("roleArn", roleArn); isnil {
+		return c, err
+	}
+	if isnil, err := detectNilStringPointer("roleSessionName", roleSessionName); isnil {
+		return c, err
+	}
+	if isnil, err := detectNilStringPointer("assertion", assertion); isnil {
+		return c, err
+	}
+	if isnil, err := detectNilInt64Pointer("duration", duration); isnil {
+		return c, err
+	}
 	goslogger.Loggo.Debug("preparing assumeSAMLRoleWithSession input", "duration", *duration)
 	input := sts.AssumeRoleWithSAMLInput{
 		PrincipalArn:    principalArn,
@@ -31,20 +68,32 @@ func assumeSAMLRoleWithSession(principalArn, roleArn, roleSessionName, assertion
 		}
 		result, err = client.AssumeRoleWithSAML(&input)
 	}
+	if err != nil {
+		return c, err
+	}
 	return result.Credentials, err
 }
 
-// assumeRoleWithSession takes an existing session and sets up the assume role inputs for
+// assumeRoleWithClient takes an existing session and sets up the assume role inputs for
 // the API call
-func assumeRoleWithSession(roleArn, roleSessionName *string, duration *int64, sess *session.Session) (*sts.Credentials, error) {
+func assumeRoleWithClient(roleArn, roleSessionName *string, duration *int64, client stsiface.STSAPI) (*sts.Credentials, error) {
+	var c *sts.Credentials
+	if isnil, err := detectNilInt64Pointer("duration", duration); isnil {
+		return c, err
+	}
+	if isnil, err := detectNilStringPointer("roleArn", roleArn); isnil {
+		return c, err
+	}
+	if isnil, err := detectNilStringPointer("roleSessionName", roleSessionName); isnil {
+		return c, err
+	}
 	// set a default in case duration comes in blank
 	var blankDuration int64
 	if *duration == blankDuration {
 		goslogger.Loggo.Debug("detected blank duration, setting to a hard default")
 		duration = &[]int64{3600}[0]
 	}
-	client := sts.New(sess)
-	goslogger.Loggo.Debug("preparing assumeRoleWithSession input", "duration", *duration)
+	goslogger.Loggo.Debug("preparing assumeRoleWithClient input", "duration", *duration)
 	input := sts.AssumeRoleInput{
 		RoleArn:         roleArn,
 		RoleSessionName: roleSessionName,
@@ -64,6 +113,9 @@ func assumeRoleWithSession(roleArn, roleSessionName *string, duration *int64, se
 		}
 		aso, err = client.AssumeRole(&input)
 	}
+	if err != nil {
+		return c, err
+	}
 	return aso.Credentials, err
 }
 
@@ -84,9 +136,8 @@ func detectedDurationProblem(err error) bool {
 
 // generateRoleSessionName runs a GetCallerIdentity API call
 // to try and auto generate the role session name from a
-// established session.
-func generateRoleSessionName(sess *session.Session) string {
-	client := sts.New(sess)
+// established client.
+func generateRoleSessionName(client stsiface.STSAPI) string {
 	callerIdentity, err := client.GetCallerIdentity(&sts.GetCallerIdentityInput{})
 	if err != nil {
 		return "gossamer"
@@ -148,7 +199,8 @@ func (f *Flow) getPermSession() (sess *session.Session, err error) {
 	}
 	// try to get the role session name from the session we just got
 	// because we want the pure name before the MFA session if any
-	f.PAss.setRoleSessionName(generateRoleSessionName(sess))
+	stsClient := sts.New(sess)
+	f.PAss.setRoleSessionName(generateRoleSessionName(stsClient))
 	// now we need to check and see if we need to establish MFA on the session
 	goslogger.Loggo.Debug("checking for presence of MFA")
 	if f.PermCredsConfig.MFA != nil {