This section is empty.


This section is empty.


func CheckCloudCredCreation

func CheckCloudCredCreation(awsClient Client, logger log.FieldLogger) (bool, error)

    CheckCloudCredCreation will see whether we have enough permissions to create new sub-creds

    func CheckCloudCredPassthrough

    func CheckCloudCredPassthrough(awsClient Client, params *SimulateParams, logger log.FieldLogger) (bool, error)

      CheckCloudCredPassthrough will see if the provided creds are good enough to pass through to other components as-is based on the static list of permissions needed by the various users of CredentialsRequests TODO: move away from static list (to dynamic passthrough validation?)

      func CheckPermissionsAgainstActions

      func CheckPermissionsAgainstActions(awsClient Client, actionList []string, params *SimulateParams, logger log.FieldLogger) (bool, error)

        CheckPermissionsAgainstActions will take the static list of Actions to check whether the provided awsClient creds have sufficient permissions to perform the actions. Will return true/false indicating whether the permissions are sufficient.

        func CheckPermissionsAgainstStatementList

        func CheckPermissionsAgainstStatementList(awsClient Client, statementEntries []minterv1.StatementEntry,
        	params *SimulateParams, logger log.FieldLogger) (bool, error)

          CheckPermissionsAgainstStatementList will test to see whether the list of actions in the provided list of StatementEntries can work with the credentials used by the passed-in awsClient

          func CheckPermissionsUsingQueryClient

          func CheckPermissionsUsingQueryClient(queryClient, targetClient Client, statementEntries []minterv1.StatementEntry,
          	params *SimulateParams, logger log.FieldLogger) (bool, error)

            CheckPermissionsUsingQueryClient will use queryClient to query whether the credentials in targetClient can perform the actions listed in the statementEntries. queryClient will need iam:GetUser and iam:SimulatePrincipalPolicy


            type Client

              Client is a wrapper object for actual AWS SDK clients to allow for easier testing.

              func NewClient

              func NewClient(accessKeyID, secretAccessKey []byte, region, infraName string) (Client, error)

                NewClient creates our client wrapper object for the actual AWS clients we use.

                func NewClientFromIAMClient

                func NewClientFromIAMClient(client iamiface.IAMAPI) (Client, error)

                  NewClientFromIAMClient create a client from AWS IAM client.

                  type SimulateParams

                  type SimulateParams struct {
                  	Region string

                    SimulateParams captures any additional details that should be used when simulating permissions.

                    Source Files


                    Path Synopsis
                    Package mock is a generated GoMock package.
                    Package mock is a generated GoMock package.