github.com/versent/saml2aws@v2.17.0+incompatible/cmd/saml2aws/commands/list_roles.go

github.com/versent/saml2aws@v2.17.0+incompatible/cmd/saml2aws/commands/list_roles.go (about)

     1  package commands
     2  
     3  import (
     4  	"encoding/base64"
     5  	"fmt"
     6  	"os"
     7  
     8  	"github.com/pkg/errors"
     9  	"github.com/sirupsen/logrus"
    10  	"github.com/versent/saml2aws"
    11  	"github.com/versent/saml2aws/helper/credentials"
    12  	"github.com/versent/saml2aws/pkg/flags"
    13  )
    14  
    15  // List will list available role ARNs
    16  func ListRoles(loginFlags *flags.LoginExecFlags) error {
    17  
    18  	logger := logrus.WithField("command", "list")
    19  
    20  	account, err := buildIdpAccount(loginFlags)
    21  	if err != nil {
    22  		return errors.Wrap(err, "error building login details")
    23  	}
    24  
    25  	loginDetails, err := resolveLoginDetails(account, loginFlags)
    26  	if err != nil {
    27  		fmt.Printf("%+v\n", err)
    28  		os.Exit(1)
    29  	}
    30  
    31  	err = loginDetails.Validate()
    32  	if err != nil {
    33  		return errors.Wrap(err, "error validating login details")
    34  	}
    35  
    36  	logger.WithField("idpAccount", account).Debug("building provider")
    37  
    38  	provider, err := saml2aws.NewSAMLClient(account)
    39  	if err != nil {
    40  		return errors.Wrap(err, "error building IdP client")
    41  	}
    42  
    43  	samlAssertion, err := provider.Authenticate(loginDetails)
    44  	if err != nil {
    45  		return errors.Wrap(err, "error authenticating to IdP")
    46  
    47  	}
    48  
    49  	if samlAssertion == "" {
    50  		fmt.Println("Response did not contain a valid SAML assertion")
    51  		fmt.Println("Please check your username and password is correct")
    52  		os.Exit(1)
    53  	}
    54  
    55  	err = credentials.SaveCredentials(loginDetails.URL, loginDetails.Username, loginDetails.Password)
    56  	if err != nil {
    57  		return errors.Wrap(err, "error storing password in keychain")
    58  	}
    59  
    60  	data, err := base64.StdEncoding.DecodeString(samlAssertion)
    61  	if err != nil {
    62  		return errors.Wrap(err, "error decoding saml assertion")
    63  	}
    64  
    65  	roles, err := saml2aws.ExtractAwsRoles(data)
    66  	if err != nil {
    67  		return errors.Wrap(err, "error parsing aws roles")
    68  	}
    69  
    70  	if len(roles) == 0 {
    71  		fmt.Println("No roles to assume")
    72  		os.Exit(1)
    73  	}
    74  
    75  	awsRoles, err := saml2aws.ParseAWSRoles(roles)
    76  	if err != nil {
    77  		return errors.Wrap(err, "error parsing aws roles")
    78  	}
    79  
    80  	if err := listRoles(awsRoles, samlAssertion, loginFlags); err != nil {
    81  		return errors.Wrap(err, "Failed to list roles")
    82  	}
    83  
    84  	return nil
    85  }
    86  
    87  func listRoles(awsRoles []*saml2aws.AWSRole, samlAssertion string, loginFlags *flags.LoginExecFlags) error {
    88  	awsAccounts, err := saml2aws.ParseAWSAccounts(samlAssertion)
    89  	if err != nil {
    90  		errors.Wrap(err, "error parsing aws role accounts")
    91  	}
    92  
    93  	saml2aws.AssignPrincipals(awsRoles, awsAccounts)
    94  
    95  	fmt.Println("")
    96  	for _, account := range awsAccounts {
    97  		fmt.Println(account.Name)
    98  		for _, role := range account.Roles {
    99  			fmt.Println(role.RoleARN)
   100  		}
   101  		fmt.Println("")
   102  	}
   103  
   104  	return nil
   105  }