private string GetProfileName(AssumeRoleWithSAMLResult assumeResult, string oktaProfile)
{
// TODO: profile name should have a constant name to be recognizable by other apps
string credentialsProfileName;
if (!string.IsNullOrWhiteSpace(oktaProfile))
{
credentialsProfileName = oktaProfile;
}
else
{
credentialsProfileName = assumeResult.AssumedRoleUser.Arn;
if (credentialsProfileName.StartsWith("arn:aws:sts::"))
{
credentialsProfileName = credentialsProfileName.Substring(13);
}
if (credentialsProfileName.Contains(":assumed-role"))
{
credentialsProfileName = credentialsProfileName.Replace(":assumed-role", "");
}
}
return(credentialsProfileName);
}
public string Run(DateTime startInstant)
{
this.Init();
environment.awsRoleToAssume = currentProfile.RoleArn;
if (currentSession.IsPresent() && sessionHelper.SessionIsActive(startInstant, currentSession) &&
string.IsNullOrWhiteSpace(environment.oktaProfile))
{
return(currentSession.ProfileName);
}
var samlResponse = oktaSaml.GetSamlResponse();
AssumeRoleWithSAMLRequest assumeRequest = roleHelper.ChooseAwsRoleToAssume(samlResponse);
DateTime sessionExpiry = startInstant.AddSeconds(assumeRequest.DurationSeconds - 30);
AssumeRoleWithSAMLResult assumeResult = roleHelper.AssumeChosenAwsRole(assumeRequest);
String profileName = profileHelper.CreateAwsProfile(assumeResult);
environment.oktaProfile = profileName;
environment.awsRoleToAssume = assumeRequest.RoleArn;
configHelper.UpdateConfigFile();
sessionHelper.AddOrUpdateProfile(sessionExpiry);
sessionHelper.UpdateCurrentSession(sessionExpiry, profileName);
return(profileName);
}
public string CreateAwsProfile(AssumeRoleWithSAMLResult assumeResult)
{
var creds = assumeResult.Credentials;
var credentialsProfileName = GetProfileName(assumeResult, environment.oktaProfile);
CredentialsHelper.UpdateCredentialsFile(credentialsProfileName, creds.AccessKeyId, creds.SecretAccessKey, creds.SessionToken);
return(credentialsProfileName);
}
