New Parameter DurationSeconds #11

NearlyUnique · 2019-06-04T15:45:49Z

why don't you keep the error?

It was my first try to use go and my IDE said that there are to much Parameters used in method journal, so I deleted it ;-)

NearlyUnique · 2019-06-04T15:46:59Z

I thought it was more common to use std pks at the top then others?

It was my first try to use go ;-)

NearlyUnique · 2019-06-04T15:47:30Z

why ignore the extra filePath info?

It was my first try to use go and my IDE said that there are to much Parameters used in method fatalExitf, so I deleted it ;-)

-Original file line number
+Diff line change
@@ Expand Up / @@ -7,12 +7,13 @@ import ( @@
     	"github.com/pkg/errors"
     )
-    func assumeRole(sess *session.Session, arn *Arn, assertion string) error {
+    func assumeRole(sess *session.Session, arn *Arn, assertion string, durationSeconds int64) error {
     	svc := sts.New(sess)
     	params := &sts.AssumeRoleWithSAMLInput{
-    		PrincipalArn:  aws.String(arn.principal),
-    		RoleArn:       aws.String(arn.role),
-    		SAMLAssertion: aws.String(assertion),
+    		PrincipalArn:    aws.String(arn.principal),
+    		RoleArn:         aws.String(arn.role),
+    		SAMLAssertion:   aws.String(assertion),
+    		DurationSeconds: aws.Int64(durationSeconds),
     	}
     	resp, err := svc.AssumeRoleWithSAML(params)
     	if err != nil {
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -33,7 +33,7 @@ type ( @@
     )
     //ExtractRoles from the saml single sign on response
-    func ExtractRoles(saml *Saml, cache *AccountAliasCache) (arns []Arn, err error) {
+    func ExtractRoles(saml *Saml, cache *AccountAliasCache, durationSeconds int64) (arns []Arn, err error) {
     	var xml []byte
     	xml, err = saml.AsXML()
     	if err != nil {
@@ Expand All @@
     	if err != nil {
     		return arns, err
     	}
-    	lookupAccountAliases(arns, saml.AsAssertion(), cache)
+    	lookupAccountAliases(arns, saml.AsAssertion(), cache, durationSeconds)
     	return arns, err
     }
@@ Expand Down Expand Up / @@ -89,7 +89,7 @@ func (a AttributeValue) arns() []Arn { @@
     	return result
     }
-    func lookupAccountAliases(arns []Arn, assertion string, cache *AccountAliasCache) {
+    func lookupAccountAliases(arns []Arn, assertion string, cache *AccountAliasCache, durationSeconds int64) {
     	// fix: arn changes do no leave this func
     	for i, arn := range arns {
     		alias, found := cache.findAlias(arn.role)
@@ Expand All @@
     		clearCredentials()
     		sess := session.New()
-    		err := assumeRole(sess, &arn, assertion)
+    		err := assumeRole(sess, &arn, assertion, durationSeconds)
     		setCredentials(arn.accessKeyID, arn.secretAccessKey, arn.sessionToken)
@@ Expand All @@
     			} else {
     				// Print the error, cast err to awserr.Error to get the Code and
     				// Message from an error.
-    				journal("Unable to resolve account alias", err.Error())
+    				journal("Unable to resolve account alias")
     			}
     			// return
     			continue
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -31,11 +31,13 @@ func init() { @@
     	logonCmd.Flags().StringP("role", "r", "", "Role to auto select, if one one role available it is auto selected")
     	logonCmd.Flags().Bool("token", false, "If set the token is displayed (useful for tools that don't use aws credentials file)")
+    	logonCmd.Flags().Int64("durationSeconds", 3600, "Use to define the duration of session validity in seconds")
     	bindFlags(RootCmd, "logon")
     }
     func execLogon(cmd *cobra.Command, args []string) {
     	uri := viper.GetString("url")
     	if len(uri) == 0 {
@@ Expand All / @@ -58,13 +60,15 @@ func execLogon(cmd *cobra.Command, args []string) { @@
     	cache, close := loadCache()
     	defer close()
-    	arns, err := ExtractRoles(saml, cache)
+    	durationSeconds := viper.GetInt64("durationSeconds")
+    	arns, err := ExtractRoles(saml, cache, durationSeconds)
     	fatalExit(err, "Extracting roles")
     	arn, err := SelectRole(viper.GetString("role"), arns)
     	fatalExit(err, "Role selection")
     	if !arn.hasCredentials() {
-    		assumeRole(session.New(), arn, saml.AsAssertion())
+    		assumeRole(session.New(), arn, saml.AsAssertion(), durationSeconds)
     	}
     	if viper.GetBool("token") {
     		fmt.Printf("AWS_SESSION_TOKEN=%s\n", arn.sessionToken)
@@ Expand Down @@

-Original file line number
+Diff line change
@@ -1,11 +1,10 @@
     package cmd_test
     import (
+    	"github.com/NearlyUnique/awsSts/cmd"
     	"net/http"
     	"net/http/httptest"
     	"testing"
-    	"github.com/NearlyUnique/awsSts/cmd"
     )
     const (
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -103,7 +103,7 @@ func fileMustExist(filePath string) { @@
     	if err == nil {
     		f.Close()
     	} else {
-    		fatalExitf(err, "Failed to create required file", filePath)
+    		fatalExitf(err, "Failed to create required file")
     	}
     }
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New Parameter DurationSeconds #11

Uh oh!

Diff view

Diff view

There are no files selected for viewing

NearlyUnique Jun 4, 2019

Uh oh!

thomasmkt Jul 11, 2019

Uh oh!

NearlyUnique Jun 4, 2019

Uh oh!

thomasmkt Jul 11, 2019

Uh oh!

NearlyUnique Jun 4, 2019

Uh oh!

thomasmkt Jul 11, 2019

Uh oh!

-Original file line number
+Diff line change
@@ Expand Up / @@ -27,9 +27,10 @@ Common scenario; @@
     - My other scripts are going to use the `default` AWS profile
     - Automatically select the role `arn:aws:iam::123456789:role/my-role`
     - Leave running in a state where I can `auto`matically refresh my token with one key press when it expires in an hour
+    - Set the validity of the session (depending on thresholds of your aws user role) in Seconds, default 3600
     ```
-    awsSts logon --url https://sts.domain.company.org/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices --profile default --role arn:aws:iam::123456789:role/my-role
+    awsSts logon --url https://sts.domain.company.org/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices --profile default --role arn:aws:iam::123456789:role/my-role --durationSeconds 3600
     ```
     `--help` for full details, including details of all parameters that can be read from environment.
@@ Expand Down @@

New Parameter DurationSeconds #11

Are you sure you want to change the base?

Uh oh!

New Parameter DurationSeconds #11

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

NearlyUnique Jun 4, 2019

Choose a reason for hiding this comment

Uh oh!

thomasmkt Jul 11, 2019

Choose a reason for hiding this comment

Uh oh!

NearlyUnique Jun 4, 2019

Choose a reason for hiding this comment

Uh oh!

thomasmkt Jul 11, 2019

Choose a reason for hiding this comment

Uh oh!

NearlyUnique Jun 4, 2019

Choose a reason for hiding this comment

Uh oh!

thomasmkt Jul 11, 2019

Choose a reason for hiding this comment

Uh oh!