Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckCloudCredCreation

func CheckCloudCredCreation(awsClient Client, logger log.FieldLogger) (bool, error)

    CheckCloudCredCreation will see whether we have enough permissions to create new sub-creds

    func CheckCloudCredPassthrough

    func CheckCloudCredPassthrough(awsClient Client, params *SimulateParams, logger log.FieldLogger) (bool, error)

      CheckCloudCredPassthrough will see if the provided creds are good enough to pass through to other components as-is based on the static list of permissions needed by the various users of CredentialsRequests TODO: move away from static list (to dynamic passthrough validation?)

      func CheckPermissionsAgainstActions

      func CheckPermissionsAgainstActions(awsClient Client, actionList []string, params *SimulateParams, logger log.FieldLogger) (bool, error)

        CheckPermissionsAgainstActions will take the static list of Actions to check whether the provided awsClient creds have sufficient permissions to perform the actions. Will return true/false indicating whether the permissions are sufficient.

        func CheckPermissionsAgainstStatementList

        func CheckPermissionsAgainstStatementList(awsClient Client, statementEntries []minterv1.StatementEntry,
        	params *SimulateParams, logger log.FieldLogger) (bool, error)

          CheckPermissionsAgainstStatementList will test to see whether the list of actions in the provided list of StatementEntries can work with the credentials used by the passed-in awsClient

          func CheckPermissionsUsingQueryClient

          func CheckPermissionsUsingQueryClient(queryClient, targetClient Client, statementEntries []minterv1.StatementEntry,
          	params *SimulateParams, logger log.FieldLogger) (bool, error)

            CheckPermissionsUsingQueryClient will use queryClient to query whether the credentials in targetClient can perform the actions listed in the statementEntries. queryClient will need iam:GetUser and iam:SimulatePrincipalPolicy

            Types

            type Client

              Client is a wrapper object for actual AWS SDK clients to allow for easier testing.

              func NewClient

              func NewClient(accessKeyID, secretAccessKey []byte, region, infraName string) (Client, error)

                NewClient creates our client wrapper object for the actual AWS clients we use.

                func NewClientFromIAMClient

                func NewClientFromIAMClient(client iamiface.IAMAPI) (Client, error)

                  NewClientFromIAMClient create a client from AWS IAM client.

                  type SimulateParams

                  type SimulateParams struct {
                  	Region string
                  }

                    SimulateParams captures any additional details that should be used when simulating permissions.

                    Source Files

                    Directories

                    Path Synopsis
                    Package mock is a generated GoMock package.
                    Package mock is a generated GoMock package.