private string GetProfileName(AssumeRoleWithSAMLResult assumeResult, string oktaProfile) { // TODO: profile name should have a constant name to be recognizable by other apps string credentialsProfileName; if (!string.IsNullOrWhiteSpace(oktaProfile)) { credentialsProfileName = oktaProfile; } else { credentialsProfileName = assumeResult.AssumedRoleUser.Arn; if (credentialsProfileName.StartsWith("arn:aws:sts::")) { credentialsProfileName = credentialsProfileName.Substring(13); } if (credentialsProfileName.Contains(":assumed-role")) { credentialsProfileName = credentialsProfileName.Replace(":assumed-role", ""); } } return(credentialsProfileName); }
public string Run(DateTime startInstant) { this.Init(); environment.awsRoleToAssume = currentProfile.RoleArn; if (currentSession.IsPresent() && sessionHelper.SessionIsActive(startInstant, currentSession) && string.IsNullOrWhiteSpace(environment.oktaProfile)) { return(currentSession.ProfileName); } var samlResponse = oktaSaml.GetSamlResponse(); AssumeRoleWithSAMLRequest assumeRequest = roleHelper.ChooseAwsRoleToAssume(samlResponse); DateTime sessionExpiry = startInstant.AddSeconds(assumeRequest.DurationSeconds - 30); AssumeRoleWithSAMLResult assumeResult = roleHelper.AssumeChosenAwsRole(assumeRequest); String profileName = profileHelper.CreateAwsProfile(assumeResult); environment.oktaProfile = profileName; environment.awsRoleToAssume = assumeRequest.RoleArn; configHelper.UpdateConfigFile(); sessionHelper.AddOrUpdateProfile(sessionExpiry); sessionHelper.UpdateCurrentSession(sessionExpiry, profileName); return(profileName); }
public string CreateAwsProfile(AssumeRoleWithSAMLResult assumeResult) { var creds = assumeResult.Credentials; var credentialsProfileName = GetProfileName(assumeResult, environment.oktaProfile); CredentialsHelper.UpdateCredentialsFile(credentialsProfileName, creds.AccessKeyId, creds.SecretAccessKey, creds.SessionToken); return(credentialsProfileName); }