Documentation ¶
Overview ¶
Package gossamer is a toolkit for assuming AWS roles concurrently via permanent credentials or SAML. Its behavior is driven by a Config struct that defines auth flows that are defined by their starter credentials, the primary mappings, and secondary mappings. Mappings are a concept of a role ARN tied to a profile entry name with some additional metadata. Secondary mappings are aware that they must be assumed using a previously established primary mapping.
Each flow can then be executed using its Execute method which will run the appropriate auth flow and collect the mappings' credentials.
After the flow has been executed the GetAcfmgrProfileInputs method can be called in order to collect the results of the mappings as inputs for the Acfmgr package which is a helper utility for writing AWS credential profile entries to a file.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func WriteConfigToFile ¶
WriteConfigToFile takes a Config object and writes it to the desired filename
Types ¶
type Assumptions ¶
type Assumptions struct { AllRoles bool `yaml:"all_roles"` Mappings []Mapping `yaml:"mappings"` // contains filtered or unexported fields }
Assumptions holds the configuration for the roles that will be assumed using both the primary and secondary credentials Primary: In the case of SAML that's the roles in the assertion. In the case of key and key-mfa it's the roles that will be assumed directly Secondary: Secondary assumptions' mappings rely on sponsor credentials that are presumed to be obtained from primary mappings
type CParam ¶
type CParam struct { Source string `yaml:"source"` Value string `yaml:"value,omitempty"` // contains filtered or unexported fields }
CParam provides a way to identify sources for config parameters that are more robust that simple key value. For example you can say that a configuration parameter is sourced from an environment variable or from a prompt in addition to just raw value. It has a gather() method which is used to retrieve its value.
type Config ¶
Config is an internal struct for storing configuration needed to run this application
var GConf Config
GConf holds config and exports for use in other packages
func GenerateConfigSkeleton ¶
func GenerateConfigSkeleton() *Config
GenerateConfigSkeleton sets up a sample Config object and with a bunch of sample values set and returns it
func (*Config) ConvertLegacyFlagsToConfig ¶
ConvertLegacyFlagsToConfig takes a GossFlags struct that's built using command parameters via the flag package and converts them into the Config struct that gossamer will use for the majority of its operations. Mainly used to help backward compatibility with gossamer 1.x
func (*Config) ParseConfigFile ¶
ParseConfigFile takes a yaml filename as input and attempts to parse it into a config object.
type Flow ¶
type Flow struct { Name string `yaml:"name"` SAMLConfig *SAMLConfig `yaml:"saml_config,omitempty"` PermCredsConfig *PermCredsConfig `yaml:"permanent,omitempty"` PAss *Assumptions `yaml:"primary_assumptions,omitempty"` SAss *Assumptions `yaml:"secondary_assumptions,omitempty"` DurationSeconds int64 `yaml:"session_duration_seconds,omitempty"` Region string `yaml:"region,omitempty"` DoNotPropagateRegion bool `yaml:"do_not_propagate_region"` AllowFailure bool `yaml:"allow_failure"` // contains filtered or unexported fields }
Flow describes an authentication flow and can be one of many types. It contains the user's desired auth flow behavior via keys or saml.
func (*Flow) Execute ¶
Execute detects the flow type and runs the appropriate steps to complete either the primary or secondary assumptions
func (*Flow) GetAcfmgrProfileInputs ¶
func (f *Flow) GetAcfmgrProfileInputs() (pfis []*acfmgr.ProfileEntryInput, err error)
GetAcfmgrProfileInputs converts all flow's mappings into Acfmgr ProfileEntryInput for easy use with AcfMgr package
func (*Flow) GetPAssSAML ¶
GetPAssSAML handles the SAML assumptions using the current desird configuration from the flow
type GossFlags ¶
type GossFlags struct { ConfigFile string RolesFile string OutFile string RoleArn string LogFile string LogLevel string GeneratedConfigOutputFile string DaemonFlag bool Profile string SerialNumber string TokenCode string Region string ProfileEntryName string VersionFlag bool ForceRefresh bool SessionDuration int64 }
GossFlags holds configuration passed into main via the flag package and acts as a temporary structure to hold the variables until they can be parsed into a proper Config object. Mostly in place to support legacy flags from gossamer 1.x
type LegacyAccount ¶
LegacyAccount just holds the rolearn, region, and account name for each entry to build from
type Mapping ¶
type Mapping struct { RoleArn string `yaml:"role_arn"` ProfileName string `yaml:"profile_name,omitempty"` Region string `yaml:"region,omitempty"` NoOutput bool `yaml:"no_output,omitempty"` SponsorCredsArn string `yaml:"sponsor_creds_arn,omitempty"` DurationSeconds int64 `yaml:"session_duration_seconds,omitempty"` // contains filtered or unexported fields }
Mapping holds the configuration for role assumptions and their desired profile name to be written to the credentials file after they've been assumed.
type PermCredsConfig ¶
type PermCredsConfig struct { ProfileName string `yaml:"profile_name,omitempty"` MFA *MFA `yaml:"mfa,omitempty"` }
PermCredsConfig holds information about how to obtain session credentials from the local client
type SAMLConfig ¶
type SAMLConfig struct { Username *CParam `yaml:"username"` Password *CParam `yaml:"password"` URL *CParam `yaml:"url"` Target *CParam `yaml:"target"` AllowMappingDurationOverride bool `yaml:"allow_mapping_duration_override,omitempty"` }
SAMLConfig holds specific parameters for SAML configuration
type XMLSAMLAssertion ¶
type XMLSAMLAssertion struct { Issuer string `xml:"Issuer"` AttributeStatement XMLSAMLAttributes `xml:"AttributeStatement"` }
XMLSAMLAssertion is required for holding and unmarshaling the XML SAML assertion that comes back from the HTTP call.
type XMLSAMLAttribute ¶
type XMLSAMLAttribute struct { Name string `xml:"Name,attr"` AttributeValues []string `xml:"AttributeValue"` }
XMLSAMLAttribute is required for holding and unmarshaling the XML SAML assertion that comes back from the HTTP call.
type XMLSAMLAttributes ¶
type XMLSAMLAttributes struct {
AttributeValues []XMLSAMLAttribute `xml:"Attribute"`
}
XMLSAMLAttributes is required for holding and unmarshaling the XML SAML assertion that comes back from the HTTP call.
type XMLSAMLResponse ¶
type XMLSAMLResponse struct { XMLName xml.Name `xml:"Response"` Assertion XMLSAMLAssertion `xml:"Assertion"` }
XMLSAMLResponse is the top level struct for holding and unmarshaling the XML SAML assertion that comes back from the HTTP call