Skip to content
This repository has been archived by the owner on Feb 21, 2023. It is now read-only.

Export assumed role ARN metadata #87

Merged
merged 2 commits into from
Nov 26, 2018
Merged

Export assumed role ARN metadata #87

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b9db14b
go fmt fixup from before.
toothbrush Nov 22, 2018
71ce58c
Export ARN of the assumed role, too.
toothbrush Nov 22, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions aws/aws.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,13 @@ func AssumeRole(login saml.LoginData, role saml.LoginRole, duration int64) (*sts
return stsClient.AssumeRoleWithSAML(&input)
}

func EnvironmentVariables(credentials *sts.Credentials) map[string]string {
func EnvironmentVariables(stsOutput *sts.AssumeRoleWithSAMLOutput) map[string]string {
subject := make(map[string]string)

subject["AWS_ACCESS_KEY_ID"] = *credentials.AccessKeyId
subject["AWS_SECRET_ACCESS_KEY"] = *credentials.SecretAccessKey
subject["AWS_SESSION_TOKEN"] = *credentials.SessionToken
subject["AWS_ACCESS_KEY_ID"] = *stsOutput.Credentials.AccessKeyId
subject["AWS_SECRET_ACCESS_KEY"] = *stsOutput.Credentials.SecretAccessKey
subject["AWS_SESSION_TOKEN"] = *stsOutput.Credentials.SessionToken
subject["AWS_METADATA_USER_ARN"] = *stsOutput.AssumedRoleUser.Arn

return subject
}
22 changes: 18 additions & 4 deletions aws/aws_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,17 @@ func TestEnvironmentVariables(t *testing.T) {
accessKeyId := "llama"
secretAccessKey := "alpaca"
sessionToken := "guanaco"
assumedRoleArn := "arn:aws:iam::1234123123:role/sso-vicuña-role"

creds := sts.Credentials{
AccessKeyId: &accessKeyId,
SecretAccessKey: &secretAccessKey,
SessionToken: &sessionToken,
creds := sts.AssumeRoleWithSAMLOutput{
AssumedRoleUser: &sts.AssumedRoleUser{
Arn: &assumedRoleArn,
},
Credentials: &sts.Credentials{
AccessKeyId: &accessKeyId,
SecretAccessKey: &secretAccessKey,
SessionToken: &sessionToken,
},
}

subject := EnvironmentVariables(&creds)
Expand Down Expand Up @@ -41,4 +47,12 @@ func TestEnvironmentVariables(t *testing.T) {
t.Logf("Got: %s", subject["AWS_SESSION_TOKEN"])
t.Fail()
}

if subject["AWS_METADATA_USER_ARN"] != assumedRoleArn {
t.Log("---------------")
t.Log("Did not correctly set AWS_METADATA_USER_ARN")
t.Logf("Expected: %s", assumedRoleArn)
t.Logf("Got: %s", subject["AWS_METADATA_USER_ARN"])
t.Fail()
}
}
2 changes: 1 addition & 1 deletion cmd/root.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ These can be configured either in the [okta] section of ~/.config/yak/config.tom
go func() {
<-channel
fmt.Fprintln(os.Stderr, "Received termination signal, exiting...")
if(stateErr == nil) {
if stateErr == nil {
terminal.Restore(int(syscall.Stdin), state)
}

Expand Down
2 changes: 1 addition & 1 deletion cmd/shim.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ func shimCmd(cmd *cobra.Command, args []string) error {
return cli.Exec(
command,
cli.EnrichedEnvironment(
aws.EnvironmentVariables(creds.Credentials),
aws.EnvironmentVariables(creds),
),
)
}
2 changes: 1 addition & 1 deletion format/format.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ var outputFormatters map[string]func(*sts.AssumeRoleWithSAMLOutput) (string, err
outputFormat = "export %s=%s\n"
}

for key, value := range aws.EnvironmentVariables(creds.Credentials) {
for key, value := range aws.EnvironmentVariables(creds) {
output.WriteString(fmt.Sprintf(outputFormat, key, value))
}

Expand Down
6 changes: 6 additions & 0 deletions format/format_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
var accessKeyId string = "llama"
var secretAccessKey string = "alpaca"
var sessionToken string = "guanaco"
var assumedRoleArn string = "arn:aws:iam::1234123123:role/sso-vicuña-role"

var innerCreds sts.Credentials = sts.Credentials{
AccessKeyId: &accessKeyId,
Expand All @@ -21,6 +22,9 @@ var innerCreds sts.Credentials = sts.Credentials{
}

var creds sts.AssumeRoleWithSAMLOutput = sts.AssumeRoleWithSAMLOutput{
AssumedRoleUser: &sts.AssumedRoleUser{
Arn: &assumedRoleArn,
},
Credentials: &innerCreds,
}

Expand All @@ -37,6 +41,7 @@ func TestDefaultEnvCredentials(t *testing.T) {
fmt.Sprintf(`export AWS_ACCESS_KEY_ID=%s`, accessKeyId),
fmt.Sprintf(`export AWS_SECRET_ACCESS_KEY=%s`, secretAccessKey),
fmt.Sprintf(`export AWS_SESSION_TOKEN=%s`, sessionToken),
fmt.Sprintf(`export AWS_METADATA_USER_ARN=%s`, assumedRoleArn),
},
setUp: func() {
os.Unsetenv("PSModulePath")
Expand All @@ -49,6 +54,7 @@ func TestDefaultEnvCredentials(t *testing.T) {
fmt.Sprintf(`$env:AWS_ACCESS_KEY_ID = "%s"`, accessKeyId),
fmt.Sprintf(`$env:AWS_SECRET_ACCESS_KEY = "%s"`, secretAccessKey),
fmt.Sprintf(`$env:AWS_SESSION_TOKEN = "%s"`, sessionToken),
fmt.Sprintf(`$env:AWS_METADATA_USER_ARN = "%s"`, assumedRoleArn),
},
setUp: func() {
os.Setenv("PSModulePath", "something")
Expand Down