github.com/versent/saml2aws@v2.17.0+incompatible/aws_role.go (about) 1 package saml2aws 2 3 import ( 4 "fmt" 5 "strings" 6 ) 7 8 // AWSRole aws role attributes 9 type AWSRole struct { 10 RoleARN string 11 PrincipalARN string 12 Name string 13 } 14 15 // ParseAWSRoles parses and splits the roles while also validating the contents 16 func ParseAWSRoles(roles []string) ([]*AWSRole, error) { 17 awsRoles := make([]*AWSRole, len(roles)) 18 19 for i, role := range roles { 20 awsRole, err := parseRole(role) 21 if err != nil { 22 return nil, err 23 } 24 25 awsRoles[i] = awsRole 26 } 27 28 return awsRoles, nil 29 } 30 31 func parseRole(role string) (*AWSRole, error) { 32 tokens := strings.Split(role, ",") 33 34 if len(tokens) != 2 { 35 return nil, fmt.Errorf("Invalid role string only %d tokens", len(tokens)) 36 } 37 38 awsRole := &AWSRole{} 39 40 for _, token := range tokens { 41 if strings.Contains(token, ":saml-provider") { 42 awsRole.PrincipalARN = strings.TrimSpace(token) 43 } 44 if strings.Contains(token, ":role") { 45 awsRole.RoleARN = strings.TrimSpace(token) 46 } 47 } 48 49 if awsRole.PrincipalARN == "" { 50 return nil, fmt.Errorf("Unable to locate PrincipalARN in: %s", role) 51 } 52 53 if awsRole.RoleARN == "" { 54 return nil, fmt.Errorf("Unable to locate RoleARN in: %s", role) 55 } 56 57 return awsRole, nil 58 }