awslogin

package module

v1.2.0 Latest Latest Go to latest Published: Dec 8, 2025 License: MPL-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Photosynth-inc/aws-google-login

Links

Open Source Insights

README ¶

This command-line tool allows you to acquire AWS temporary (STS) credentials using Google Apps as a federated (Single Sign-On, or SSO) provider. This project was inspired from aws-google-auth and the help of playwright-go for the interactive Graphic User Interface (GUI).

This was hard-forked from cucxabong/aws-google-login.

Installation

brew install Photosynth-inc/tap/aws-google-login

Usage

$ make build
$ ./aws-google-login --help
NAME:
   aws-google-login - Acquire temporary AWS credentials via Google SSO (SAML v2)

USAGE:
   aws-google-login [global options] [command [command options]] [arguments...]

COMMANDS:
   config   Show current configuration
   cache    Manage application's cache
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --profile value, -p value           AWS Profile to use (default: "akerun")
   --duration-seconds value, -d value  Session Duration (in seconds) (default: 3600)
   --sp-id value, -s value             Service Provider ID (default value is in /Users/daikiwatanabe/.aws/config)
   --idp-id value, -i value            Identity Provider ID (default value is in /Users/daikiwatanabe/.aws/config)
   --role-arn value, -r value          AWS Role Arn for assuming to, ex: arn:aws:iam::123456789012:role/role-name
   --select-role-interactivelly, -l    choose AWS Role interactively. If set, 'role-arn' will be ignored (default: false)
   --browser-timeout value, -t value   browser timeout duration in seconds (default: 60)
   --log value                         change Log level, choose from: [trace | debug | info | warn | error | fatal | panic]
   --help, -h                          show help (default: false)

Documentation ¶

Index ¶

Constants
func AWSConfigPath() string
func AWSCredPath() string
func ConfigDirRoot() string
func ConfigEntry(name string) string
func DeleteBrowserCache() error
func GetAttributeValuesFromAssertion(assertion, attributeName string) ([]string, error)
func IsValidSamlAssertion(assertion string) bool
type AWS
- func NewAWSConfig(authnRequest string, config *AWSConfig) (*AWS, error)
- func (amz *AWS) AssumeRole(ctx context.Context, role *Role, opts *AssumeRoleOptions) (*types.Credentials, error)
- func (amz *AWS) ParseRoles() ([]*Role, error)
- func (amz *AWS) ResolveAliases(ctx context.Context) ([]*Role, error)
- func (amz *AWS) ResolveRole(roleArn string) (*Role, error)
type AWSConfig
- func LoadConfig(path, profile string) (*AWSConfig, error)
- func (cfg *AWSConfig) Login(opt *LoginOptions) (resp string, err error)
- func (cfg *AWSConfig) LoginURL() string
- func (c *AWSConfig) String() string
- func (cfg *AWSConfig) WaitURL() string
type AWSConfig_GoogleConfig
type AWSCredentials
- func (cred *AWSCredentials) SaveTo(path string) error
type AssumeRoleOptions
type LoginOptions
type Role
- func (r *Role) AccountID() string
- func (r *Role) RoleName() string
- func (r *Role) String() string
type SessionStatus
- func LoadSessionStatus(path, profile string) (*SessionStatus, error)

Constants ¶

View Source

const (
	XmlAttrGetRole            = "https://aws.amazon.com/SAML/Attributes/Role"
	XmlAttrGetRoleSessionName = "https://aws.amazon.com/SAML/Attributes/RoleSessionName"
	XmlAttrGetSessionDuration = "https://aws.amazon.com/SAML/Attributes/SessionDuration"
)

View Source

const (
	ReadOnlyAccessPolicyArn        = "arn:aws:iam::aws:policy/ReadOnlyAccess"
	BillingReadOnlyAccessPolicyArn = "arn:aws:iam::aws:policy/AWSBillingReadOnlyAccess"
)

Variables ¶

This section is empty.

Functions ¶

func AWSConfigPath ¶

func AWSConfigPath() string

func AWSCredPath ¶

func AWSCredPath() string

func ConfigDirRoot ¶

func ConfigDirRoot() string

func ConfigEntry ¶

func ConfigEntry(name string) string

func DeleteBrowserCache ¶

func DeleteBrowserCache() error

func GetAttributeValuesFromAssertion ¶

func GetAttributeValuesFromAssertion(assertion, attributeName string) ([]string, error)

GetAttributeValuesFromAssertion parse SAML Assertion in form of XML document to return a list of attribute values from attribute name

func IsValidSamlAssertion ¶

func IsValidSamlAssertion(assertion string) bool

Types ¶

type AWS ¶

type AWS struct {
	AuthnRequest string
	Config       *AWSConfig
}

func NewAWSConfig ¶

func NewAWSConfig(authnRequest string, config *AWSConfig) (*AWS, error)

func (*AWS) AssumeRole ¶

func (amz *AWS) AssumeRole(ctx context.Context, role *Role, opts *AssumeRoleOptions) (*types.Credentials, error)

AssumeRole is going to call sts.AssumeRoleWithSAMLInput to assume to a specific role. If opts is nil, default options are used.

func (*AWS) ParseRoles ¶

func (amz *AWS) ParseRoles() ([]*Role, error)

func (*AWS) ResolveAliases ¶

func (amz *AWS) ResolveAliases(ctx context.Context) ([]*Role, error)

func (*AWS) ResolveRole ¶

func (amz *AWS) ResolveRole(roleArn string) (*Role, error)

type AWSConfig ¶

type AWSConfig struct {
	Profile string
	Region  string
	Google  AWSConfig_GoogleConfig
}

AWSConfig reflects values in the AWS CLI config file (mainly as `~/.aws/config`)

func LoadConfig ¶

func LoadConfig(path, profile string) (*AWSConfig, error)

func (cfg *AWSConfig) Login(opt *LoginOptions) (resp string, err error)

Login invokes the Playwright browser to login to Google, and returns the `AuthnRequest` (SAMLResponse) captured from the browser request.

func (*AWSConfig) LoginURL ¶

func (cfg *AWSConfig) LoginURL() string

func (*AWSConfig) String ¶

func (c *AWSConfig) String() string

func (*AWSConfig) WaitURL ¶

func (cfg *AWSConfig) WaitURL() string

type AWSConfig_GoogleConfig ¶

type AWSConfig_GoogleConfig struct {
	AskRole        bool
	Keyring        bool
	Duration       int64
	GoogleIDPID    string
	GoogleSPID     string
	U2FDisabled    bool
	GoogleUserName string
	BGResponse     string
	RoleARN        string
}

type AWSCredentials ¶

type AWSCredentials struct {
	Profile string
	*types.Credentials
}

AWSCredentials reflects values in the AWS CLI credentials file (mainly as `~/.aws/credentials`)

func (*AWSCredentials) SaveTo ¶

func (cred *AWSCredentials) SaveTo(path string) error

type AssumeRoleOptions ¶ added in v1.2.0

type AssumeRoleOptions struct {
	// ReadOnly restricts the session to read-only permissions when true.
	ReadOnly bool
	// BillingReadOnly restricts the session to billing read-only permissions when true.
	BillingReadOnly bool
}

AssumeRoleOptions configures how a role is assumed.

type LoginOptions ¶

type LoginOptions struct {
	Verbose        bool
	BrowserTimeout int64 // in seconds
}

type Role ¶

type Role struct {
	RoleArn      string `json:"role_arn"`
	PrincipalArn string `json:"principal_arn"`
	AccountAlias string `json:"account_alias"`
}

func (*Role) AccountID ¶

func (r *Role) AccountID() string

func (*Role) RoleName ¶ added in v1.2.0

func (r *Role) RoleName() string

func (*Role) String ¶

func (r *Role) String() string

type SessionStatus ¶ added in v1.2.0

type SessionStatus struct {
	Profile    string
	Expiration time.Time
	IsValid    bool
	TimeLeft   time.Duration
}

SessionStatus represents the status of an AWS session

func LoadSessionStatus ¶ added in v1.2.0

func LoadSessionStatus(path, profile string) (*SessionStatus, error)

LoadSessionStatus loads the session status for a given profile from the credentials file

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL