Mark Wolfe wolfeidau

Background

I have been working on https://github.com/versent/saml2aws for a couple of years, this tool enables developers to use SSO from the command line to get short lived credentials from AWS. As most SSO services don't have an API for authentication, this is done using screen scraping. This has resulted in:

A brittle solution which requires reverse engineering and lots of patience seeing what you can get away with.
This is now how SSO is suppose to work, it is designed for browsers only.
Runs into tons of problems if you have multiple layers of SSO, as services send users off to social or third party authentication of users.

So we need a better way to integrate CLI tools with SSO to enable these tools to acquire and use short term credentials.

	package main

	import (
	"context"
	"fmt"
	"log"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/config"
	"github.com/aws/aws-sdk-go-v2/service/s3"

	[alias]
	amend = !git add -A && git commit --amend --no-edit
	p = !git push origin $(git rev-parse --abbrev-ref HEAD)
	c = "!git add -A && git commit -m "
	cc = "!git commit --amend -m "
	co = !git checkout
	f = !git fetch --all && git rebase origin/master
	authors = shortlog --summary --email --numbered
	l = log --graph --pretty=format:'%Cred%h%Creset -%C(green)%d%Creset %s %C(yellow)(%cr) %C(blue)<%an>%Creset'
	[core]

	openapi: 3.0.2
	info:
	title: OTK Server APIs
	version: 4.3.1
	description: "All API's available in OAuth Toolkit server"
	paths:
	/auth/oauth/v2/authorize:
	get:
	tags:
	- Authorization Server APIs

	package lambda

	import (
	"context"
	"encoding/json"
	)

	// JSONHandler processes events in and out using Raw JSON
	type JSONHandler func(ctx context.Context, evt json.RawMessage) (json.RawMessage, error)

	{
	"metrics": [
	[ { "expression": "(m2/m1)*100", "label": "percentage", "id": "e1", "yAxis": "right" } ],
	[ "AWS/ApiGateway", "5XXError", "ApiName", "xxx-xxx-xx-xx", { "label": "5xx errors", "id": "m2" } ],
	[ "...", { "stat": "SampleCount", "label": "total requests", "id": "m1" } ]
	],
	"region": "ap-southeast-2",
	"title": "APIGW - 500 Errors as Percentage of Total Requests",
	"stat": "Sum",
	"yAxis": {

	{
	"metrics": [
	[ { "expression": "(m2/m1)*100", "label": "percentage", "id": "e1", "yAxis": "right" } ],
	[ "AWS/AppSync", "5XXError", "GraphQLAPIId", "XXXXX", { "label": "5xx errors", "id": "m2" } ],
	[ "...", { "stat": "SampleCount", "label": "total requests", "id": "m1" } ]
	],
	"region": "ap-southeast-2",
	"title": "500 Errors as Percentage of Total Requests",
	"stat": "Sum",
	"yAxis": {

	{
	"metrics": [
	[ { "expression": "(m2/m1)*100", "label": "percentage", "id": "e1", "yAxis": "right" } ],
	[ "AWS/AppSync", "4XXError", "GraphQLAPIId", "XXXXXXXX", { "label": "4xx errors", "id": "m2" } ],
	[ "...", { "stat": "SampleCount", "label": "total requests", "id": "m1" } ],
	[ ".", "5XXError", ".", ".", { "label": "5xx errors", "id": "m3", "visible": false } ]
	],
	"region": "ap-southeast-2",
	"title": "Errors",
	"stat": "Sum",

	import { Construct, StackProps, Stack } from '@aws-cdk/core';
	import { Function, Runtime, Code } from '@aws-cdk/aws-lambda';
	import { Table, AttributeType, BillingMode } from '@aws-cdk/aws-dynamodb';
	import { Bucket, BucketEncryption, EventType } from '@aws-cdk/aws-s3';
	import { LambdaRestApi } from '@aws-cdk/aws-apigateway';
	import { S3EventSource } from '@aws-cdk/aws-lambda-event-sources';

	export class InfraStack extends Stack {
	constructor(scope: Construct, id: string, props?: StackProps) {
	super(scope, id, props);

	package coverage

	type Coverage struct {
	XMLName xml.Name `xml:"coverage"`
	Text string `xml:",chardata"`
	LinesValid string `xml:"lines-valid,attr"`
	LinesCovered string `xml:"lines-covered,attr"`
	LineRate string `xml:"line-rate,attr"`
	BranchesValid string `xml:"branches-valid,attr"`
	BranchesCovered string `xml:"branches-covered,attr"`