Merge pull request #2 from in4it/feature/credential-duration

duration seconds credential
in4it · Apr 6, 2022 · 0e729fd · 0e729fd
2 parents bf80eea + fae7316
commit 0e729fd
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -16,6 +16,7 @@ onelogin:
   clientID: clientID of API credential with "Authentication only"
   clientSecret: client Secret of API credential
   accountName: onelogin account name
+  durationSeconds: 28800 # duration of the credentials in seconds (or remove for the default of 3600)
 accounts:
   - name: myapp-prod
     appID: onelogin app id (e.g. 123456)

diff --git a/cmd/login.go b/cmd/login.go
@@ -97,7 +97,11 @@ var loginCmd = &cobra.Command{
 		//AssumeRole With SAML on AWS
 		accountID := config.Accounts[*account].AccountID
 		profileName := config.Accounts[*account].ProfileName
-		result, err := intAWS.AssumeRoleWithSAML(accountID, config.Roles[*role], assertionPayload)
+		durationSeconds := config.Accounts[*account].DurationSeconds
+		if durationSeconds == 0 {
+			durationSeconds = 3600
+		}
+		result, err := intAWS.AssumeRoleWithSAML(accountID, config.Roles[*role], assertionPayload, durationSeconds)
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)

diff --git a/cmd/root.go b/cmd/root.go
@@ -1,9 +1,10 @@
 package cmd
 
 import (
+	"log"
+
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
-	"log"
 )
 
 type Config struct {
@@ -19,10 +20,11 @@ type OneLoginConf struct {
 	AccountName  string `yaml:"onelogin-account"`
 }
 type Account struct {
-	Name        string `yaml:"name"`
-	AppID       string `yaml:"appID"`
-	AccountID   string `yaml:"accountID"`
-	ProfileName string `yaml:"profileName"`
+	Name            string `yaml:"name"`
+	AppID           string `yaml:"appID"`
+	AccountID       string `yaml:"accountID"`
+	ProfileName     string `yaml:"profileName"`
+	DurationSeconds int64  `yaml:"durationSeconds"`
 }
 
 var config Config

diff --git a/internal/aws/assume-role.go b/internal/aws/assume-role.go
@@ -6,7 +6,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/sts"
 )
 
-func AssumeRoleWithSAML(accountID string, role string, assertionPayload string) (*sts.AssumeRoleWithSAMLOutput, error) {
+func AssumeRoleWithSAML(accountID string, role string, assertionPayload string, durationSeconds int64) (*sts.AssumeRoleWithSAMLOutput, error) {
 	sess, err := session.NewSession(&aws.Config{
 		Region: aws.String("us-east-1"),
 	})
@@ -19,7 +19,7 @@ func AssumeRoleWithSAML(accountID string, role string, assertionPayload string)
 	roleToAssumeArn := "arn:aws:iam::" + accountID + ":role/" + role
 	result, err := svc.AssumeRoleWithSAML(&sts.AssumeRoleWithSAMLInput{
 		RoleArn:         &roleToAssumeArn,
-		DurationSeconds: aws.Int64(3600),
+		DurationSeconds: aws.Int64(durationSeconds),
 		PrincipalArn:    aws.String("arn:aws:iam::" + accountID + ":saml-provider/" + role),
 		SAMLAssertion:   aws.String(assertionPayload),
 	})