in cmd/saml2alibabacloud/commands/list_roles.go [17:88]
func ListRoles(loginFlags *flags.LoginExecFlags) error {
logger := logrus.WithField("command", "list")
account, err := buildIdpAccount(loginFlags)
if err != nil {
return errors.Wrap(err, "error building login details")
}
loginDetails, err := resolveLoginDetails(account, loginFlags)
if err != nil {
log.Printf("%+v", err)
os.Exit(1)
}
err = loginDetails.Validate()
if err != nil {
return errors.Wrap(err, "error validating login details")
}
logger.WithField("idpAccount", account).Debug("building provider")
provider, err := saml2alibabacloud.NewSAMLClient(account)
if err != nil {
return errors.Wrap(err, "error building IdP client")
}
samlAssertion, err := provider.Authenticate(loginDetails)
if err != nil {
return errors.Wrap(err, "error authenticating to IdP")
}
if samlAssertion == "" {
log.Println("Response did not contain a valid SAML assertion")
log.Println("Please check your username and password is correct")
log.Println("To see the output follow the instructions in https://github.com/aliyun/saml2alibabacloud#debugging-issues-with-idps")
os.Exit(1)
}
if !loginFlags.CommonFlags.DisableKeychain {
err = credentials.SaveCredentials(loginDetails.URL, loginDetails.Username, loginDetails.Password)
if err != nil {
return errors.Wrap(err, "error storing password in keychain")
}
}
data, err := b64.StdEncoding.DecodeString(samlAssertion)
if err != nil {
return errors.Wrap(err, "error decoding saml assertion")
}
roles, err := saml2alibabacloud.ExtractRamRoles(data)
if err != nil {
return errors.Wrap(err, "error parsing AlibabaCloud roles")
}
if len(roles) == 0 {
log.Println("No roles to assume")
os.Exit(1)
}
alibabacloudRoles, err := saml2alibabacloud.ParseRamRoles(roles)
if err != nil {
return errors.Wrap(err, "error parsing AlibabaCloud roles")
}
if err := listRoles(alibabacloudRoles, samlAssertion, loginFlags); err != nil {
return errors.Wrap(err, "Failed to list roles")
}
return nil
}