token

package

v0.3.0 Latest Latest Go to latest Published: May 16, 2018 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/AspenTeam/aws-iam-authenticator

Links

Open Source Insights

Documentation ¶

Index ¶

func StdinStderrTokenProvider() (string, error)
type FormatError
- func (e FormatError) Error() string
type Generator
- func NewGenerator() (Generator, error)
type Identity
type STSError
- func NewSTSError(m string) STSError
- func (e STSError) Error() string
type Verifier
- func NewVerifier(clusterID string) Verifier

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func StdinStderrTokenProvider ¶ added in v0.3.0

func StdinStderrTokenProvider() (string, error)

Types ¶

type FormatError ¶ added in v0.3.0

type FormatError struct {
	// contains filtered or unexported fields
}

FormatError is returned when there is a problem with token that is an encoded sts request. This can include the url, data, action or anything else that prevents the sts call from being made.

func (FormatError) Error ¶ added in v0.3.0

func (e FormatError) Error() string

type Generator ¶ added in v0.3.0

type Generator interface {
	// Get a token using credentials in the default credentials chain.
	Get(string) (string, error)
	// GetWithRole creates a token by assuming the provided role, using the credentials in the default chain.
	GetWithRole(clusterID, roleARN string) (string, error)
	// FormatJSON returns the client auth formatted json for the ExecCredential auth
	FormatJSON(string) string
}

Generator provides new tokens for the heptio authenticator.

func NewGenerator ¶ added in v0.3.0

func NewGenerator() (Generator, error)

NewGenerator creates a Generator and returns it.

type Identity ¶

type Identity struct {
	// ARN is the raw Amazon Resource Name returned by sts:GetCallerIdentity
	ARN string

	// CanonicalARN is the Amazon Resource Name converted to a more canonical
	// representation. In particular, STS assumed role ARNs like
	// "arn:aws:sts::ACCOUNTID:assumed-role/ROLENAME/SESSIONNAME" are converted
	// to their IAM ARN equivalent "arn:aws:iam::ACCOUNTID:role/NAME"
	CanonicalARN string

	// AccountID is the 12 digit AWS account number.
	AccountID string

	// UserID is the unique user/role ID (e.g., "AROAAAAAAAAAAAAAAAAAA").
	UserID string

	// SessionName is the STS session name (or "" if this is not a
	// session-based identity). For EC2 instance roles, this will be the EC2
	// instance ID (e.g., "i-0123456789abcdef0"). You should only rely on it
	// if you trust that _only_ EC2 is allowed to assume the IAM Role. If IAM
	// users or other roles are allowed to assume the role, they can provide
	// (nearly) arbitrary strings here.
	SessionName string
}

Identity is returned on successful Verify() results. It contains a parsed version of the AWS identity used to create the token.

type STSError ¶ added in v0.3.0

type STSError struct {
	// contains filtered or unexported fields
}

STSError is returned when there was either an error calling STS or a problem processing the data returned from STS.

func NewSTSError ¶ added in v0.3.0

func NewSTSError(m string) STSError

NewSTSError creates a error of type STS.

func (STSError) Error ¶ added in v0.3.0

func (e STSError) Error() string

type Verifier ¶ added in v0.3.0

type Verifier interface {
	Verify(token string) (*Identity, error)
}

Verifier validates tokens by calling STS and returning the associated identity.

func NewVerifier ¶ added in v0.3.0

func NewVerifier(clusterID string) Verifier

NewVerifier creates a Verifier that is bound to the clusterID and uses the default http client.

Source Files ¶

View all Source files

token.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL