Documentation
¶
Index ¶
- Variables
- func AssumeRole(samlAssertion string, duration int64, role *SAMLAssertionRole) *sts.AssumeRoleWithSAMLOutput
- func Contains(anArray []string, aString string) bool
- func GenerateToken(conf Config) string
- func GetAccountID(conf Config, name string) string
- func GetAccountsForEnvironment(conf Config, environment string) []string
- func GetLogger(level string) *zap.Logger
- func SearchAccounts(accountInfo Accounts, accountID string) (string, bool)
- func SetCredentials(assertionOutput *sts.AssumeRoleWithSAMLOutput, homeDir string, ...)
- func VerifyMFA(conf Config, deviceID int, stateToken string, otp string, apiToken string) (string, error)
- type APITokenResponse
- type Accounts
- type Assertion
- type Attribute
- type AttributeStatement
- type AttributeValue
- type Audience
- type AudienceRestriction
- type AuthnContext
- type AuthnContextClassRef
- type AuthnRequest
- type AuthnStatement
- type Conditions
- type Config
- type EncryptedAssertion
- type Issuer
- type MFADevice
- type NameID
- type NameIDPolicy
- type Response
- type RolesByName
- type SAMLAssertionData
- type SAMLAssertionRequest
- type SAMLAssertionRole
- type Status
- type StatusCode
- type Subject
- type SubjectConfirmation
- type SubjectConfirmationData
- type SubjectLocality
- type VerifyMFARequest
- type VerifyMFAResponse
Constants ¶
This section is empty.
Variables ¶
var StatusSuccess = "urn:oasis:names:tc:SAML:2.0:status:Success"
StatusSuccess is the value of a StatusCode element when the authentication succeeds. (nominally a constant, except for testing)
Functions ¶
func AssumeRole ¶
func AssumeRole(samlAssertion string, duration int64, role *SAMLAssertionRole) *sts.AssumeRoleWithSAMLOutput
AssumeRole assume a role on AWS
func GenerateToken ¶
GenerateToken Call to https://developers.onelogin.com/api-docs/1/oauth20-tokens/generate-tokens
func GetAccountID ¶
GetAccountID get the account id for a given acount name (alias)
func GetAccountsForEnvironment ¶
GetAccountsForEnvironment search an environment's detail for a given environment name
func SearchAccounts ¶
SearchAccounts search an account name for a given acount id
func SetCredentials ¶
func SetCredentials(assertionOutput *sts.AssumeRoleWithSAMLOutput, homeDir string, profileName string, legacyToken bool)
SetCredentials Apply the STS credentials on the host
Types ¶
type APITokenResponse ¶
type APITokenResponse struct {
Status struct {
Error bool `json:"error"`
Code int `json:"code"`
Type string `json:"type"`
Message string `json:"message"`
} `json:"status"`
Data []struct {
AccessToken string `json:"access_token"`
CreatedAt time.Time `json:"created_at"`
ExpiresIn int `json:"expires_in"`
RefreshToken string `json:"refresh_token"`
TokenType string `json:"token_type"`
AccountID int `json:"account_id"`
} `json:"data"`
}
APITokenResponse represents the OneLogin Generate API Token response
type Accounts ¶
type Accounts []struct {
ID string `toml:"ID"`
Name string `toml:"Name"`
EnvironmentIndependent bool `toml:"EnvironmentIndependent"`
}
Accounts represents the accounts section of the masl config file
type Assertion ¶
type Assertion struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Assertion"`
ID string `xml:",attr"`
IssueInstant time.Time `xml:",attr"`
Version string `xml:",attr"`
Issuer *Issuer `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
Signature *xmlsec.Signature
Subject *Subject
Conditions *Conditions
AuthnStatement *AuthnStatement
AttributeStatement *AttributeStatement
}
Assertion represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Attribute ¶
type Attribute struct {
FriendlyName string `xml:",attr"`
Name string `xml:",attr"`
NameFormat string `xml:",attr"`
Values []AttributeValue `xml:"AttributeValue"`
}
Attribute represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AttributeStatement ¶
type AttributeStatement struct {
Attributes []Attribute `xml:"Attribute"`
}
AttributeStatement represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AttributeValue ¶
type AttributeValue struct {
Type string `xml:"http://www.w3.org/2001/XMLSchema-instance type,attr"`
Value string `xml:",chardata"`
NameID *NameID
}
AttributeValue represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Audience ¶
type Audience struct {
Value string `xml:",chardata"`
}
Audience represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AudienceRestriction ¶
type AudienceRestriction struct {
Audience *Audience
}
AudienceRestriction represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AuthnContext ¶
type AuthnContext struct {
AuthnContextClassRef *AuthnContextClassRef
}
AuthnContext represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AuthnContextClassRef ¶
type AuthnContextClassRef struct {
Value string `xml:",chardata"`
}
AuthnContextClassRef represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AuthnRequest ¶
type AuthnRequest struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol AuthnRequest"`
AssertionConsumerServiceURL string `xml:",attr"`
Destination string `xml:",attr"`
ID string `xml:",attr"`
IssueInstant time.Time `xml:",attr"`
ProtocolBinding string `xml:",attr"`
Version string `xml:",attr"`
Issuer Issuer `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
Signature *xmlsec.Signature `xml:"http://www.w3.org/2000/09/xmldsig# Signature"`
NameIDPolicy NameIDPolicy `xml:"urn:oasis:names:tc:SAML:2.0:protocol NameIDPolicy"`
}
AuthnRequest represents the SAML object of the same name, a request from a service provider to authenticate a user.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type AuthnStatement ¶
type AuthnStatement struct {
AuthnInstant time.Time `xml:",attr"`
SessionIndex string `xml:",attr"`
SubjectLocality SubjectLocality
AuthnContext AuthnContext
}
AuthnStatement represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Conditions ¶
type Conditions struct {
NotBefore time.Time `xml:",attr"`
NotOnOrAfter time.Time `xml:",attr"`
AudienceRestriction *AudienceRestriction
}
Conditions represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Config ¶
type Config struct {
BaseURL string `toml:"BaseURL"`
ClientID string `toml:"ClientID"`
ClientSecret string `toml:"ClientSecret"`
AppID string `toml:"AppID"`
Subdomain string `toml:"Subdomain"`
Username string `toml:"Username"`
Duration int `toml:"Duration"`
Profile string `toml:"Profile"`
DefaultRole string `toml:"DefaultRole"`
LegacyToken bool `toml:"LegacyToken"`
Debug bool `toml:"Debug"`
DefaulMFADevice string `toml:"DefaulMFADevice"`
Environments []struct {
Name string `toml:"Name"`
Accounts []string `toml:"Accounts"`
} `toml:"Environments"`
Accounts Accounts `toml:"Accounts"`
}
Config represents the masl config file
type EncryptedAssertion ¶
EncryptedAssertion represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Issuer ¶
type Issuer struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
Format string `xml:",attr"`
Value string `xml:",chardata"`
}
Issuer represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type NameID ¶
type NameID struct {
Format string `xml:",attr"`
NameQualifier string `xml:",attr"`
SPNameQualifier string `xml:",attr"`
Value string `xml:",chardata"`
}
NameID represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type NameIDPolicy ¶
type NameIDPolicy struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol NameIDPolicy"`
AllowCreate bool `xml:",attr"`
Format string `xml:",chardata"`
}
NameIDPolicy represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Response ¶
type Response struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol Response"`
Destination string `xml:",attr"`
ID string `xml:",attr"`
InResponseTo string `xml:",attr"`
IssueInstant time.Time `xml:",attr"`
Version string `xml:",attr"`
Issuer *Issuer `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
Status *Status `xml:"urn:oasis:names:tc:SAML:2.0:protocol Status"`
EncryptedAssertion *EncryptedAssertion
Assertion *Assertion `xml:"urn:oasis:names:tc:SAML:2.0:assertion Assertion"`
}
Response represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type RolesByName ¶
type RolesByName []*SAMLAssertionRole
RolesByName roles sorted by account name
func (RolesByName) Len ¶
func (byName RolesByName) Len() int
func (RolesByName) Less ¶
func (byName RolesByName) Less(i, j int) bool
func (RolesByName) Swap ¶
func (byName RolesByName) Swap(i, j int)
type SAMLAssertionData ¶
type SAMLAssertionData struct {
MFARequired bool
StateToken string
Data string
Devices []MFADevice
}
SAMLAssertionData internal Generic SAMLAssertion response representation
func SAMLAssertion ¶
func SAMLAssertion(conf Config, password string, apiToken string) (SAMLAssertionData, error)
SAMLAssertion Call to https://api.eu.onelogin.com/api/1/saml_assertion
type SAMLAssertionRequest ¶
type SAMLAssertionRequest struct {
UsernameOrEmail string `json:"username_or_email"`
Password string `json:"password"`
AppID string `json:"app_id"`
Subdomain string `json:"subdomain"`
}
SAMLAssertionRequest represents the OneLogin SAML Assertion request
type SAMLAssertionRole ¶
type SAMLAssertionRole struct {
ID int
PrincipalArn string
RoleArn string
AccountID string
AccountName string
EnvironmentIndependent bool
}
SAMLAssertionRole represents a Role which could be assumed on AWS
func ParseSAMLAssertion ¶
func ParseSAMLAssertion(samlAssertion string, accountInfo Accounts, accountFilter []string, role string) []*SAMLAssertionRole
ParseSAMLAssertion parse the SAMLAssertion response data into a list of SAMLAssertionRoles
type Status ¶
type Status struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol Status"`
StatusCode StatusCode
}
Status represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type StatusCode ¶
type StatusCode struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol StatusCode"`
Value string `xml:",attr"`
}
StatusCode represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type Subject ¶
type Subject struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Subject"`
NameID *NameID
SubjectConfirmation *SubjectConfirmation
}
Subject represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type SubjectConfirmation ¶
type SubjectConfirmation struct {
Method string `xml:",attr"`
SubjectConfirmationData SubjectConfirmationData
}
SubjectConfirmation represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type SubjectConfirmationData ¶
type SubjectConfirmationData struct {
Address string `xml:",attr"`
InResponseTo string `xml:",attr"`
NotOnOrAfter time.Time `xml:",attr"`
Recipient string `xml:",attr"`
}
SubjectConfirmationData represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
type SubjectLocality ¶
type SubjectLocality struct {
Address string `xml:",attr"`
}
SubjectLocality represents the SAML object of the same name.
See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
Source Files