fix: use duration value set from cli

dnitsch · dnitsch · commit 2f0802d6332b · 2022-04-05T12:53:00.000+01:00
enable retrieval from secretStore for both cred types
diff --git a/cmd/saml.go b/cmd/saml.go
@@ -11,7 +11,7 @@ var (
 	principalArn string
 	acsUrl       string
 	role         string
-	duration     int
+	duration     int64
 	samlCmd      = &cobra.Command{
 		Use:   "saml <SAML ProviderUrl>",
 		Short: "Get AWS credentials and out to stdout",
@@ -24,7 +24,7 @@ func init() {
 	samlCmd.PersistentFlags().StringVarP(&providerUrl, "provider", "p", "", "Saml Entity StartSSO Url")
 	samlCmd.PersistentFlags().StringVarP(&principalArn, "principal", "", "", "Principal Arn of the SAML IdP in AWS")
 	samlCmd.PersistentFlags().StringVarP(&acsUrl, "acsurl", "a", "https://signin.aws.amazon.com/saml", "Override the default ACS Url, used for checkin the post of the SAMLResponse")
-	samlCmd.PersistentFlags().IntVarP(&duration, "max-duration", "d", 900, "Override default max session duration, in seconds, of the role session [900-43200]")
+	samlCmd.PersistentFlags().Int64VarP(&duration, "max-duration", "d", 900, "Override default max session duration, in seconds, of the role session [900-43200]")
 	rootCmd.AddCommand(samlCmd)
 }
 
diff --git a/internal/auth/awssts.go b/internal/auth/awssts.go
@@ -33,7 +33,7 @@ func LoginStsSaml(samlResponse string, role *util.AWSRole) (*util.AWSCredentials
 		PrincipalArn:    aws.String(role.PrincipalARN), // Required
 		RoleArn:         aws.String(role.RoleARN),      // Required
 		SAMLAssertion:   aws.String(samlResponse),      // Required
-		DurationSeconds: aws.Int64(int64(role.Duration)),
+		DurationSeconds: aws.Int64(role.Duration),
 	}
 
 	resp, err := svc.AssumeRoleWithSAML(params)
diff --git a/internal/auth/saml.go b/internal/auth/saml.go
@@ -21,9 +21,7 @@ func GetSamlCreds(conf config.SamlConfig) {
 	var err error
 
 	// Try to reuse stored credential in secret
-	if !conf.BaseConfig.StoreInProfile {
-		awsCreds, err = secretStore.AWSCredential()
-	}
+	awsCreds, err = secretStore.AWSCredential()
 
 	if !util.IsValid(awsCreds) || err != nil {
 		webBrowser = web.New()
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -19,5 +19,5 @@ type SamlConfig struct {
 	ProviderUrl  string
 	PrincipalArn string
 	AcsUrl       string
-	Duration     int
+	Duration     int64
 }
diff --git a/internal/util/types.go b/internal/util/types.go
@@ -17,5 +17,5 @@ type AWSRole struct {
 	RoleARN      string
 	PrincipalARN string
 	Name         string
-	Duration     int
+	Duration     int64
 }

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ func LoginStsSaml(samlResponse string, role util.AWSRole) (util.AWSCredentials`
`33`	`33`	`PrincipalArn: aws.String(role.PrincipalARN), // Required`
`34`	`34`	`RoleArn: aws.String(role.RoleARN), // Required`
`35`	`35`	`SAMLAssertion: aws.String(samlResponse), // Required`
`36`		`- DurationSeconds: aws.Int64(int64(role.Duration)),`
	`36`	`+ DurationSeconds: aws.Int64(role.Duration),`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`resp, err := svc.AssumeRoleWithSAML(params)`
Original file line number	Diff line number	Diff line change
`@@ -19,5 +19,5 @@ type SamlConfig struct {`
`19`	`19`	`ProviderUrl string`
`20`	`20`	`PrincipalArn string`
`21`	`21`	`AcsUrl string`
`22`		`- Duration int`
	`22`	`+ Duration int64`
`23`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,5 +17,5 @@ type AWSRole struct {`
`17`	`17`	`RoleARN string`
`18`	`18`	`PrincipalARN string`
`19`	`19`	`Name string`
`20`		`- Duration int`
	`20`	`+ Duration int64`
`21`	`21`	`}`