in cmd/saml2alibabacloud/commands/login.go [211:256]
func resolveRole(alibabacloudRoles []*saml2alibabacloud.RamRole, samlAssertion string, account *cfg.IDPAccount) (*saml2alibabacloud.RamRole, error) {
var role = new(saml2alibabacloud.RamRole)
if len(alibabacloudRoles) == 1 {
if account.RoleARN != "" {
return saml2alibabacloud.LocateRole(alibabacloudRoles, account.RoleARN)
}
return alibabacloudRoles[0], nil
} else if len(alibabacloudRoles) == 0 {
return nil, errors.New("no roles available")
}
samlAssertionData, err := b64.StdEncoding.DecodeString(samlAssertion)
if err != nil {
return nil, errors.Wrap(err, "error decoding saml assertion")
}
aud, err := saml2alibabacloud.ExtractDestinationURL(samlAssertionData)
if err != nil {
return nil, errors.Wrap(err, "error parsing destination url")
}
alibabacloudAccounts, err := saml2alibabacloud.ParseAlibabaCloudAccounts(aud, samlAssertion)
if err != nil {
return nil, errors.Wrap(err, "error parsing AlibabaCloud role accounts")
}
if len(alibabacloudAccounts) == 0 {
return nil, errors.New("no accounts available")
}
// saml2alibabacloud.AssignPrincipals(alibabacloudRoles, alibabacloudAccounts)
if account.RoleARN != "" {
return saml2alibabacloud.LocateRole(alibabacloudRoles, account.RoleARN)
}
for {
role, err = saml2alibabacloud.PromptForRamRoleSelection(alibabacloudAccounts)
if err == nil {
break
}
log.Println("error selecting role, try again")
}
return role, nil
}