Merge pull request #82 from holidayworking/add_role_name

ganta · web-flow · commit 9150250e9407 · 2020-03-17T11:32:44.000+09:00
Add roleName option
diff --git a/aws/saml.go b/aws/saml.go
@@ -103,7 +103,7 @@ func ParseSAMLResponse(base64Response string) (*SAMLResponse, error) {
 }
 
 // ExtractRoleArnAndPrincipalArn extracts role ARN and principal ARN from SAML response
-func ExtractRoleArnAndPrincipalArn(samlResponse SAMLResponse) (string, string, error) {
+func ExtractRoleArnAndPrincipalArn(samlResponse SAMLResponse, roleName string) (string, string, error) {
 	for _, attr := range samlResponse.Assertion.AttributeStatement.Attributes {
 		if attr.Name != roleAttributeName {
 			continue
@@ -113,6 +113,9 @@ func ExtractRoleArnAndPrincipalArn(samlResponse SAMLResponse) (string, string, e
 			s := strings.Split(v.Value, ",")
 			roleArn := s[0]
 			principalArn := s[1]
+			if roleName != "" && strings.Split(roleArn, "/")[1] != roleName {
+				continue
+			}
 			return roleArn, principalArn, nil
 		}
 	}
diff --git a/aws/saml_test.go b/aws/saml_test.go
@@ -138,6 +138,7 @@ func TestParseSAMLResponse(t *testing.T) {
 func TestExtractRoleArnAndPrincipalArn(t *testing.T) {
 	type args struct {
 		samlResponse SAMLResponse
+		roleName     string
 	}
 	tests := []struct {
 		name             string
@@ -173,10 +174,81 @@ func TestExtractRoleArnAndPrincipalArn(t *testing.T) {
 						},
 					},
 				},
+				roleName: "",
 			},
 			wantRoleArn:      "arn:aws:iam::012345678901:role/TestRole",
 			wantPrincipalArn: "arn:aws:iam::012345678901:saml-provider/TestProvider",
 		},
+		{
+			name: "returns first role when role attribute are multi and no roleName argument",
+			args: args{
+				samlResponse: SAMLResponse{
+					Assertion: Assertion{
+						AttributeStatement: AttributeStatement{
+							Attributes: []Attribute{
+								{
+									Name: "dummy",
+									AttributeValues: []AttributeValue{
+										{
+											Value: "dummy",
+										},
+									},
+								},
+								{
+									Name: roleAttributeName,
+									AttributeValues: []AttributeValue{
+										{
+											Value: "arn:aws:iam::012345678901:role/TestRole1,arn:aws:iam::012345678901:saml-provider/TestProvider1",
+										},
+										{
+											Value: "arn:aws:iam::012345678901:role/TestRole2,arn:aws:iam::012345678901:saml-provider/TestProvider2",
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+				roleName: "",
+			},
+			wantRoleArn:      "arn:aws:iam::012345678901:role/TestRole1",
+			wantPrincipalArn: "arn:aws:iam::012345678901:saml-provider/TestProvider1",
+		},
+		{
+			name: "returns specify role when role attribute are multi and roleName argument",
+			args: args{
+				samlResponse: SAMLResponse{
+					Assertion: Assertion{
+						AttributeStatement: AttributeStatement{
+							Attributes: []Attribute{
+								{
+									Name: "dummy",
+									AttributeValues: []AttributeValue{
+										{
+											Value: "dummy",
+										},
+									},
+								},
+								{
+									Name: roleAttributeName,
+									AttributeValues: []AttributeValue{
+										{
+											Value: "arn:aws:iam::012345678901:role/TestRole1,arn:aws:iam::012345678901:saml-provider/TestProvider1",
+										},
+										{
+											Value: "arn:aws:iam::012345678901:role/TestRole2,arn:aws:iam::012345678901:saml-provider/TestProvider2",
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+				roleName: "TestRole2",
+			},
+			wantRoleArn:      "arn:aws:iam::012345678901:role/TestRole2",
+			wantPrincipalArn: "arn:aws:iam::012345678901:saml-provider/TestProvider2",
+		},
 		{
 			name: "returns an error when role attribute does not exist",
 			args: args{
@@ -196,13 +268,14 @@ func TestExtractRoleArnAndPrincipalArn(t *testing.T) {
 						},
 					},
 				},
+				roleName: "",
 			},
 			wantErr: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got, got1, err := ExtractRoleArnAndPrincipalArn(tt.args.samlResponse)
+			got, got1, err := ExtractRoleArnAndPrincipalArn(tt.args.samlResponse, tt.args.roleName)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("ExtractRoleArnAndPrincipalArn() error = %v, wantErr %v", err, tt.wantErr)
 				return
diff --git a/cmd/root.go b/cmd/root.go
@@ -34,6 +34,7 @@ func Execute() {
 
 func newRootCmd() *cobra.Command {
 	var configure bool
+	var roleName string
 	var profile string
 	var showVersion bool
 
@@ -82,7 +83,7 @@ func newRootCmd() *cobra.Command {
 				return err
 			}
 
-			roleArn, principalArn, err := aws.ExtractRoleArnAndPrincipalArn(*response)
+			roleArn, principalArn, err := aws.ExtractRoleArnAndPrincipalArn(*response, roleName)
 			if err != nil {
 				return err
 			}
@@ -102,6 +103,7 @@ func newRootCmd() *cobra.Command {
 	}
 	cmd.PersistentFlags().BoolVarP(&configure, "configure", "c", false, "configure initial settings")
 	cmd.PersistentFlags().StringVarP(&profile, "profile", "p", "default", "AWS profile")
+	cmd.PersistentFlags().StringVarP(&roleName, "role", "r", "", "AWS IAM role name")
 	cmd.PersistentFlags().BoolVarP(&showVersion, "version", "v", false, "Show version")
 
 	return cmd

Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,7 @@ func ParseSAMLResponse(base64Response string) (*SAMLResponse, error) {`
`103`	`103`	`}`
`104`	`104`
`105`	`105`	`// ExtractRoleArnAndPrincipalArn extracts role ARN and principal ARN from SAML response`
`106`		`-func ExtractRoleArnAndPrincipalArn(samlResponse SAMLResponse) (string, string, error) {`
	`106`	`+func ExtractRoleArnAndPrincipalArn(samlResponse SAMLResponse, roleName string) (string, string, error) {`
`107`	`107`	`for _, attr := range samlResponse.Assertion.AttributeStatement.Attributes {`
`108`	`108`	`if attr.Name != roleAttributeName {`
`109`	`109`	`continue`
`@@ -113,6 +113,9 @@ func ExtractRoleArnAndPrincipalArn(samlResponse SAMLResponse) (string, string, e`
`113`	`113`	`s := strings.Split(v.Value, ",")`
`114`	`114`	`roleArn := s[0]`
`115`	`115`	`principalArn := s[1]`
	`116`	`+ if roleName != "" && strings.Split(roleArn, "/")[1] != roleName {`
	`117`	`+ continue`
	`118`	`+ }`
`116`	`119`	`return roleArn, principalArn, nil`
`117`	`120`	`}`
`118`	`121`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ func Execute() {`
`34`	`34`
`35`	`35`	`func newRootCmd() *cobra.Command {`
`36`	`36`	`var configure bool`
	`37`	`+ var roleName string`
`37`	`38`	`var profile string`
`38`	`39`	`var showVersion bool`
`39`	`40`
`@@ -82,7 +83,7 @@ func newRootCmd() *cobra.Command {`
`82`	`83`	`return err`
`83`	`84`	`}`
`84`	`85`
`85`		`- roleArn, principalArn, err := aws.ExtractRoleArnAndPrincipalArn(*response)`
	`86`	`+ roleArn, principalArn, err := aws.ExtractRoleArnAndPrincipalArn(*response, roleName)`
`86`	`87`	`if err != nil {`
`87`	`88`	`return err`
`88`	`89`	`}`
`@@ -102,6 +103,7 @@ func newRootCmd() *cobra.Command {`
`102`	`103`	`}`
`103`	`104`	`cmd.PersistentFlags().BoolVarP(&configure, "configure", "c", false, "configure initial settings")`
`104`	`105`	`cmd.PersistentFlags().StringVarP(&profile, "profile", "p", "default", "AWS profile")`
	`106`	`+ cmd.PersistentFlags().StringVarP(&roleName, "role", "r", "", "AWS IAM role name")`
`105`	`107`	`cmd.PersistentFlags().BoolVarP(&showVersion, "version", "v", false, "Show version")`
`106`	`108`
`107`	`109`	`return cmd`