awssso

Documentation

Index

• Variables
• type AuthorizationResponse
• type AwsAccount
• type AwsAccountRole
• type AwsRegion
• type AwsSsoOidcClient
  • func NewAwsSsoOidcClient() AwsSsoOidcClient
• type GetRoleCredentialsResponse
• type GetTokenResponse
• type ListAccountsResponse
• type RegistrationResponse

Variables

var (
	ErrInvalidRequest          = errors.New("request is not valid")
	ErrDeviceFlowNotAuthorized = errors.New("device flow not authorized")
	ErrDeviceCodeExpired       = errors.New("device code expired")
	ErrAccessTokenExpired      = errors.New("access token expired")
	ErrUnauthorizedAccessToken = errors.New("unauthorized access token")
)

var SupportedAwsRegions = map[string]string{
	"us-east-1":      "US East (N. Virginia)",
	"us-east-2":      "US East (Ohio)",
	"us-west-1":      "US West (N. California)",
	"us-west-2":      "US West (Oregon)",
	"af-south-1":     "Africa (Cape Town)",
	"ap-east-1":      "Asia Pacific (Hong Kong)",
	"ap-south-1":     "Asia Pacific (Mumbai)",
	"ap-northeast-3": "Asia Pacific (Osaka-Local)",
	"ap-northeast-2": "Asia Pacific (Seoul)",
	"ap-southeast-1": "Asia Pacific (Singapore)",
	"ap-southeast-2": "Asia Pacific (Sydney)",
	"ap-northeast-1": "Asia Pacific (Tokyo)",
	"ca-central-1":   "Canada (Central)",
	"cn-north-1":     "China (Beijing)",
	"cn-northwest-1": "China (Ningxia)",
	"eu-central-1":   "Europe (Frankfurt)",
	"eu-west-1":      "Europe (Ireland)",
	"eu-west-2":      "Europe (London)",
	"eu-south-1":     "Europe (Milan)",
	"eu-west-3":      "Europe (Paris)",
	"eu-north-1":     "Europe (Stockholm)",
	"me-south-1":     "Middle East (Bahrain)",
	"sa-east-1":      "South America (São Paulo)",
}

Types

type AuthorizationResponse

type AuthorizationResponse struct {
	VerificationUri, VerificationUriComplete string
	UserCode, DeviceCode                     string
	Interval                                 int32
	ExpiresIn                                int32
}

type AwsAccount

type AwsAccount struct {
	AccountId, AccountEmail, AccountName string
	Roles                                []AwsAccountRole
}

type AwsAccountRole

type AwsAccountRole struct {
	RoleName string
}

type AwsRegion

type AwsRegion string

type AwsSsoOidcClient

type AwsSsoOidcClient interface {
	RegisterClient(ctx app.Context, awsRegion AwsRegion, friendlyClientName string) (*RegistrationResponse, error)

	StartDeviceAuthorization(ctx app.Context, awsRegion AwsRegion, startUrl string, clientId, clientSecret string) (*AuthorizationResponse, error)

	CreateToken(ctx app.Context, awsRegion AwsRegion, clientId, clientSecret, userCode, deviceCode string) (*GetTokenResponse, error)

	ListAccounts(ctx app.Context, awsRegion AwsRegion, accessToken string) (*ListAccountsResponse, error)

	GetRoleCredentials(ctx app.Context, awsRegion AwsRegion, accountId, roleName, accessToken string) (*GetRoleCredentialsResponse, error)
}

func NewAwsSsoOidcClient

func NewAwsSsoOidcClient() AwsSsoOidcClient

type GetRoleCredentialsResponse

type GetRoleCredentialsResponse struct {
	AccessKeyId, SecretAccessKey, SessionToken string
	Expiration                                 int64
}

type GetTokenResponse

type GetTokenResponse struct {
	IdToken, AccessToken, RefreshToken, TokenType string
	ExpiresIn                                     int32
}

type ListAccountsResponse

type ListAccountsResponse struct {
	Accounts []AwsAccount
}

type RegistrationResponse

type RegistrationResponse struct {
	ClientId, ClientSecret string
	CreatedAt, ExpiresAt   int64
}