token

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 16, 2018 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func StdinStderrTokenProvider added in v0.3.0 

func StdinStderrTokenProvider() (string, error)

Types

type FormatError added in v0.3.0 

type FormatError struct {
	// contains filtered or unexported fields
}

FormatError is returned when there is a problem with token that is an encoded sts request. This can include the url, data, action or anything else that prevents the sts call from being made.

func (FormatError) Error added in v0.3.0 

func (e FormatError) Error() string

type Generator added in v0.3.0 

type Generator interface {
	// Get a token using credentials in the default credentials chain.
	Get(string) (string, error)
	// GetWithRole creates a token by assuming the provided role, using the credentials in the default chain.
	GetWithRole(clusterID, roleARN string) (string, error)
	// FormatJSON returns the client auth formatted json for the ExecCredential auth
	FormatJSON(string) string
}

Generator provides new tokens for the heptio authenticator.

func NewGenerator added in v0.3.0 

func NewGenerator() (Generator, error)

NewGenerator creates a Generator and returns it.

type Identity 

type Identity struct {
	// ARN is the raw Amazon Resource Name returned by sts:GetCallerIdentity
	ARN string

	// CanonicalARN is the Amazon Resource Name converted to a more canonical
	// representation. In particular, STS assumed role ARNs like
	// "arn:aws:sts::ACCOUNTID:assumed-role/ROLENAME/SESSIONNAME" are converted
	// to their IAM ARN equivalent "arn:aws:iam::ACCOUNTID:role/NAME"
	CanonicalARN string

	// AccountID is the 12 digit AWS account number.
	AccountID string

	// UserID is the unique user/role ID (e.g., "AROAAAAAAAAAAAAAAAAAA").
	UserID string

	// SessionName is the STS session name (or "" if this is not a
	// session-based identity). For EC2 instance roles, this will be the EC2
	// instance ID (e.g., "i-0123456789abcdef0"). You should only rely on it
	// if you trust that _only_ EC2 is allowed to assume the IAM Role. If IAM
	// users or other roles are allowed to assume the role, they can provide
	// (nearly) arbitrary strings here.
	SessionName string
}

Identity is returned on successful Verify() results. It contains a parsed version of the AWS identity used to create the token.

type STSError added in v0.3.0 

type STSError struct {
	// contains filtered or unexported fields
}

STSError is returned when there was either an error calling STS or a problem processing the data returned from STS.

func NewSTSError added in v0.3.0 

func NewSTSError(m string) STSError

NewSTSError creates a error of type STS.

func (STSError) Error added in v0.3.0 

func (e STSError) Error() string

type Verifier added in v0.3.0 

type Verifier interface {
	Verify(token string) (*Identity, error)
}

Verifier validates tokens by calling STS and returning the associated identity.

func NewVerifier added in v0.3.0 

func NewVerifier(clusterID string) Verifier

NewVerifier creates a Verifier that is bound to the clusterID and uses the default http client.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.