This section is empty.


This section is empty.


func GetRouter

func GetRouter(
	ctx context.Context,
	config *RouterConfig,
) http.Handler

func Health

func Index

func Index(
	awsGenerationParams *AWSConfigGenerationParams,
	cachedClientIDtoProfiles *CachedGetClientIDToProfiles,
	oktaClient okta.AppResource,
) httprouter.Handle


type AWSAccount

type AWSAccount struct {
	ID    string `json:"id,omitempty"`
	Name  string `json:"name,omitempty"`
	Alias string `json:"alias,omitempty"`

func (*AWSAccount) GetAliasOrName

func (a *AWSAccount) GetAliasOrName() string

type AWSConfig

type AWSConfig struct {
	Profiles []AWSProfile `json:"profiles,omitempty"`

func (*AWSConfig) GetAccounts

func (a *AWSConfig) GetAccounts() []AWSAccount

func (*AWSConfig) GetProfilesForAccount

func (a *AWSConfig) GetProfilesForAccount(account AWSAccount) []AWSProfile

func (*AWSConfig) GetRoleNames

func (a *AWSConfig) GetRoleNames() []string

func (*AWSConfig) HasAccount

func (a *AWSConfig) HasAccount(acctName string) bool

type AWSConfigGenerationParams

type AWSConfigGenerationParams struct {
	OIDCProvider  string
	AWSWorkerRole string
	AWSOrgRoles   []string
	Concurrency   int
	SkipAccounts  sets.StringSet

type AWSProfile

type AWSProfile struct {
	ClientID   okta.ClientID `json:"client_id,omitempty"`
	AWSAccount AWSAccount    `json:"aws_account,omitempty"`
	RoleARN    string        `json:"role_arn,omitempty"`
	IssuerURL  string        `json:"issuer_url,omitempty"`
	RoleName   string        `json:"role_name,omitempty"`

type Action

type Action []string

func (*Action) UnmarshalJSON

func (a *Action) UnmarshalJSON(data []byte) error

type CachedGetClientIDToProfiles

type CachedGetClientIDToProfiles struct {
	// contains filtered or unexported fields

func NewCachedGetClientIDToProfiles

func NewCachedGetClientIDToProfiles(
	ctx context.Context,
	configParams *AWSConfigGenerationParams,
	awsSession *session.Session,
) (*CachedGetClientIDToProfiles, error)

func (*CachedGetClientIDToProfiles) Get

func (c *CachedGetClientIDToProfiles) Get(ctx context.Context) (*oidcFederatedRoles, error)

    Get returns the cached values

    type ClientIDToAWSRoles

    type ClientIDToAWSRoles struct {
    	// contains filtered or unexported fields

    type Condition

    type Condition struct {
    	StringEquals StringEqualsCondition `json:"StringEquals"`

      We only care about the "StringEquals" field in Condition

      type PolicyDocument

      type PolicyDocument struct {
      	Version    string           `json:"Version"`
      	Statements []StatementEntry `json:"Statement"`

      func NewPolicyDocument

      func NewPolicyDocument(assumeRolePolicyDocument string) (*PolicyDocument, error)

      type Principal

      type Principal struct {
      	Federated string `json:"Federated"`

        We only care about the "Federated" field in Principal

        type RouterConfig

        type RouterConfig struct {
        	Verifier              oidcVerifier
        	AwsGenerationParams   *AWSConfigGenerationParams
        	OktaAppClient         okta.AppResource
        	GetClientIDToProfiles *CachedGetClientIDToProfiles

        type StatementEntry

        type StatementEntry struct {
        	Effect    string    `json:"Effect"`
        	Action    Action    `json:"Action"`
        	Sid       string    `json:"Sid"`
        	Principal Principal `json:"Principal"`
        	Condition Condition `json:"Condition"`

        func (*StatementEntry) GetFederatedClientIDs

        func (se *StatementEntry) GetFederatedClientIDs(oidcProviderHostname string) []okta.ClientID

        type StringEqualsCondition

        type StringEqualsCondition map[string][]string

        func (*StringEqualsCondition) UnmarshalJSON

        func (sec *StringEqualsCondition) UnmarshalJSON(data []byte) error