Skip to content
This repository has been archived by the owner on May 18, 2021. It is now read-only.

Commit

Permalink
Merge pull request #4 from segmentio/auto-role-session-name
Browse files Browse the repository at this point in the history 
default role session name to okta username:
  • Loading branch information
@dfuentes
dfuentes authored Jun 26, 2017
2 parents d6a093a + 4e69631 commit 716c6ae
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 13 deletions.
10 changes: 5 additions & 5 deletions lib/okta.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -283,24 +283,24 @@ type OktaProvider struct {
OktaAwsSAMLUrl string
}

func (p *OktaProvider) Retrieve() (sts.Credentials, error) {
func (p *OktaProvider) Retrieve() (sts.Credentials, string, error) {
log.Debug("using okta provider")
item, err := p.Keyring.Get("okta-creds")
if err != nil {
log.Debug("couldnt get okta creds from keyring: %s", err)
return sts.Credentials{}, err
return sts.Credentials{}, "", err
}

var oktaCreds OktaCreds
if err = json.Unmarshal(item.Data, &oktaCreds); err != nil {
return sts.Credentials{}, errors.New("Failed to get okta credentials from your keyring. Please make sure you have added okta credentials with `aws-okta add`")
return sts.Credentials{}, "", errors.New("Failed to get okta credentials from your keyring. Please make sure you have added okta credentials with `aws-okta add`")
}

oktaClient := NewOktaClient(oktaCreds, p.OktaAwsSAMLUrl)

creds, err := oktaClient.AuthenticateProfile(p.ProfileARN, p.SessionDuration)
if err != nil {
return sts.Credentials{}, err
return sts.Credentials{}, "", err
}
return creds, err
return creds, oktaCreds.Username, err
}
20 changes: 12 additions & 8 deletions lib/provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,12 +59,12 @@ func (o ProviderOptions) ApplyDefaults() ProviderOptions {
type Provider struct {
credentials.Expiry
ProviderOptions
profile string
expires time.Time
keyring keyring.Keyring
sessions *KeyringSessions
profiles profiles
creds map[string]credentials.Value
profile string
expires time.Time
keyring keyring.Keyring
sessions *KeyringSessions
profiles profiles
defaultRoleSessionName string
}

func NewProvider(k keyring.Keyring, profile string, opts ProviderOptions) (*Provider, error) {
Expand All @@ -78,7 +78,6 @@ func NewProvider(k keyring.Keyring, profile string, opts ProviderOptions) (*Prov
sessions: &KeyringSessions{k, opts.Profiles},
profile: profile,
profiles: opts.Profiles,
creds: map[string]credentials.Value{},
}, nil
}

Expand Down Expand Up @@ -146,10 +145,11 @@ func (p *Provider) getSamlSessionCreds() (sts.Credentials, error) {
OktaAwsSAMLUrl: oktaAwsSAMLUrl,
}

creds, err := provider.Retrieve()
creds, oktaUsername, err := provider.Retrieve()
if err != nil {
return sts.Credentials{}, err
}
p.defaultRoleSessionName = oktaUsername

return creds, nil
}
Expand Down Expand Up @@ -182,6 +182,10 @@ func (p *Provider) roleSessionName() string {
return name
}

if p.defaultRoleSessionName != "" {
return p.defaultRoleSessionName
}

// Try to work out a role name that will hopefully end up unique.
return fmt.Sprintf("%d", time.Now().UTC().UnixNano())
}

0 comments on commit 716c6ae

Please sign in to comment.