Documentation ¶
Index ¶
- Variables
- func AssumeRole(samlAssertion string, duration int64, role *SAMLAssertionRole) *sts.AssumeRoleWithSAMLOutput
- func Contains(anArray []string, aString string) bool
- func GenerateToken(conf Config) string
- func GetAccountID(conf Config, name string) string
- func GetAccountsForEnvironment(conf Config, environment string) []string
- func GetLogger(level string) *zap.Logger
- func SearchAccounts(accountInfo Accounts, accountID string) (string, bool)
- func SetCredentials(assertionOutput *sts.AssumeRoleWithSAMLOutput, homeDir string, ...)
- func VerifyMFA(conf Config, deviceID int, stateToken string, otp string, apiToken string) (string, error)
- type APITokenResponse
- type Accounts
- type Assertion
- type Attribute
- type AttributeStatement
- type AttributeValue
- type Audience
- type AudienceRestriction
- type AuthnContext
- type AuthnContextClassRef
- type AuthnRequest
- type AuthnStatement
- type Conditions
- type Config
- type EncryptedAssertion
- type Issuer
- type MFADevice
- type NameID
- type NameIDPolicy
- type Response
- type RolesByName
- type SAMLAssertionData
- type SAMLAssertionRequest
- type SAMLAssertionRole
- type Status
- type StatusCode
- type Subject
- type SubjectConfirmation
- type SubjectConfirmationData
- type SubjectLocality
- type VerifyMFARequest
- type VerifyMFAResponse
Constants ¶
This section is empty.
Variables ¶
var StatusSuccess = "urn:oasis:names:tc:SAML:2.0:status:Success"
StatusSuccess is the value of a StatusCode element when the authentication succeeds. (nominally a constant, except for testing)
Functions ¶
func AssumeRole ¶
func AssumeRole(samlAssertion string, duration int64, role *SAMLAssertionRole) *sts.AssumeRoleWithSAMLOutput
AssumeRole assume a role on AWS
func GenerateToken ¶
GenerateToken Call to https://developers.onelogin.com/api-docs/1/oauth20-tokens/generate-tokens
func GetAccountID ¶
GetAccountID get the account id for a given acount name (alias)
func GetAccountsForEnvironment ¶
GetAccountsForEnvironment search an environment's detail for a given environment name
func SearchAccounts ¶
SearchAccounts search an account name for a given acount id
func SetCredentials ¶
func SetCredentials(assertionOutput *sts.AssumeRoleWithSAMLOutput, homeDir string, profileName string, legacyToken bool)
SetCredentials Apply the STS credentials on the host
Types ¶
type APITokenResponse ¶
type APITokenResponse struct { Status struct { Error bool `json:"error"` Code int `json:"code"` Type string `json:"type"` Message string `json:"message"` } `json:"status"` Data []struct { AccessToken string `json:"access_token"` CreatedAt time.Time `json:"created_at"` ExpiresIn int `json:"expires_in"` RefreshToken string `json:"refresh_token"` TokenType string `json:"token_type"` AccountID int `json:"account_id"` } `json:"data"` }
APITokenResponse represents the OneLogin Generate API Token response
type Accounts ¶
type Accounts []struct { ID string `toml:"ID"` Name string `toml:"Name"` EnvironmentIndependent bool `toml:"EnvironmentIndependent"` }
Accounts represents the accounts section of the masl config file
type Assertion ¶
type Assertion struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Assertion"` ID string `xml:",attr"` IssueInstant time.Time `xml:",attr"` Version string `xml:",attr"` Issuer *Issuer `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"` Signature *xmlsec.Signature Subject *Subject Conditions *Conditions AuthnStatement *AuthnStatement AttributeStatement *AttributeStatement }
Assertion represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Attribute ¶
type Attribute struct { FriendlyName string `xml:",attr"` Name string `xml:",attr"` NameFormat string `xml:",attr"` Values []AttributeValue `xml:"AttributeValue"` }
Attribute represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AttributeStatement ¶
type AttributeStatement struct {
Attributes []Attribute `xml:"Attribute"`
}
AttributeStatement represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AttributeValue ¶
type AttributeValue struct { Type string `xml:"http://www.w3.org/2001/XMLSchema-instance type,attr"` Value string `xml:",chardata"` NameID *NameID }
AttributeValue represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Audience ¶
type Audience struct {
Value string `xml:",chardata"`
}
Audience represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AudienceRestriction ¶
type AudienceRestriction struct {
Audience *Audience
}
AudienceRestriction represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AuthnContext ¶
type AuthnContext struct {
AuthnContextClassRef *AuthnContextClassRef
}
AuthnContext represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AuthnContextClassRef ¶
type AuthnContextClassRef struct {
Value string `xml:",chardata"`
}
AuthnContextClassRef represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AuthnRequest ¶
type AuthnRequest struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol AuthnRequest"` AssertionConsumerServiceURL string `xml:",attr"` Destination string `xml:",attr"` ID string `xml:",attr"` IssueInstant time.Time `xml:",attr"` ProtocolBinding string `xml:",attr"` Version string `xml:",attr"` Issuer Issuer `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"` Signature *xmlsec.Signature `xml:"http://www.w3.org/2000/09/xmldsig# Signature"` NameIDPolicy NameIDPolicy `xml:"urn:oasis:names:tc:SAML:2.0:protocol NameIDPolicy"` }
AuthnRequest represents the SAML object of the same name, a request from a service provider to authenticate a user.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AuthnStatement ¶
type AuthnStatement struct { AuthnInstant time.Time `xml:",attr"` SessionIndex string `xml:",attr"` SubjectLocality SubjectLocality AuthnContext AuthnContext }
AuthnStatement represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Conditions ¶
type Conditions struct { NotBefore time.Time `xml:",attr"` NotOnOrAfter time.Time `xml:",attr"` AudienceRestriction *AudienceRestriction }
Conditions represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Config ¶
type Config struct { BaseURL string `toml:"BaseURL"` ClientID string `toml:"ClientID"` ClientSecret string `toml:"ClientSecret"` AppID string `toml:"AppID"` Subdomain string `toml:"Subdomain"` Username string `toml:"Username"` Duration int `toml:"Duration"` Profile string `toml:"Profile"` DefaultRole string `toml:"DefaultRole"` LegacyToken bool `toml:"LegacyToken"` Debug bool `toml:"Debug"` DefaulMFADevice string `toml:"DefaulMFADevice"` Environments []struct { Name string `toml:"Name"` Accounts []string `toml:"Accounts"` } `toml:"Environments"` Accounts Accounts `toml:"Accounts"` }
Config represents the masl config file
type EncryptedAssertion ¶
EncryptedAssertion represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Issuer ¶
type Issuer struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"` Format string `xml:",attr"` Value string `xml:",chardata"` }
Issuer represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type NameID ¶
type NameID struct { Format string `xml:",attr"` NameQualifier string `xml:",attr"` SPNameQualifier string `xml:",attr"` Value string `xml:",chardata"` }
NameID represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type NameIDPolicy ¶
type NameIDPolicy struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol NameIDPolicy"` AllowCreate bool `xml:",attr"` Format string `xml:",chardata"` }
NameIDPolicy represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Response ¶
type Response struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol Response"` Destination string `xml:",attr"` ID string `xml:",attr"` InResponseTo string `xml:",attr"` IssueInstant time.Time `xml:",attr"` Version string `xml:",attr"` Issuer *Issuer `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"` Status *Status `xml:"urn:oasis:names:tc:SAML:2.0:protocol Status"` EncryptedAssertion *EncryptedAssertion Assertion *Assertion `xml:"urn:oasis:names:tc:SAML:2.0:assertion Assertion"` }
Response represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type RolesByName ¶
type RolesByName []*SAMLAssertionRole
RolesByName roles sorted by account name
func (RolesByName) Len ¶
func (byName RolesByName) Len() int
func (RolesByName) Less ¶
func (byName RolesByName) Less(i, j int) bool
func (RolesByName) Swap ¶
func (byName RolesByName) Swap(i, j int)
type SAMLAssertionData ¶
type SAMLAssertionData struct { MFARequired bool StateToken string Data string Devices []MFADevice }
SAMLAssertionData internal Generic SAMLAssertion response representation
func SAMLAssertion ¶
func SAMLAssertion(conf Config, password string, apiToken string) (SAMLAssertionData, error)
SAMLAssertion Call to https://api.eu.onelogin.com/api/1/saml_assertion
type SAMLAssertionRequest ¶
type SAMLAssertionRequest struct { UsernameOrEmail string `json:"username_or_email"` Password string `json:"password"` AppID string `json:"app_id"` Subdomain string `json:"subdomain"` }
SAMLAssertionRequest represents the OneLogin SAML Assertion request
type SAMLAssertionRole ¶
type SAMLAssertionRole struct { ID int PrincipalArn string RoleArn string AccountID string AccountName string EnvironmentIndependent bool }
SAMLAssertionRole represents a Role which could be assumed on AWS
func ParseSAMLAssertion ¶
func ParseSAMLAssertion(samlAssertion string, accountInfo Accounts, accountFilter []string, role string) []*SAMLAssertionRole
ParseSAMLAssertion parse the SAMLAssertion response data into a list of SAMLAssertionRoles
type Status ¶
type Status struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol Status"` StatusCode StatusCode }
Status represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type StatusCode ¶
type StatusCode struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol StatusCode"` Value string `xml:",attr"` }
StatusCode represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Subject ¶
type Subject struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Subject"` NameID *NameID SubjectConfirmation *SubjectConfirmation }
Subject represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type SubjectConfirmation ¶
type SubjectConfirmation struct { Method string `xml:",attr"` SubjectConfirmationData SubjectConfirmationData }
SubjectConfirmation represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type SubjectConfirmationData ¶
type SubjectConfirmationData struct { Address string `xml:",attr"` InResponseTo string `xml:",attr"` NotOnOrAfter time.Time `xml:",attr"` Recipient string `xml:",attr"` }
SubjectConfirmationData represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type SubjectLocality ¶
type SubjectLocality struct {
Address string `xml:",attr"`
}
SubjectLocality represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf