aws_config_server

package

v0.28.67 Latest Latest Go to latest Published: Apr 12, 2024 License: MIT Imports: 30 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chanzuckerberg/aws-oidc

Links

Open Source Insights

Documentation ¶

Index ¶

func GetRouter(ctx context.Context, config *RouterConfig) http.Handler
func Health(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
func Index(awsGenerationParams *AWSConfigGenerationParams, ...) httprouter.Handle
type AWSAccount
- func (a *AWSAccount) GetAliasOrName() string
type AWSConfig
- func (a *AWSConfig) GetAccounts() []AWSAccount
- func (a *AWSConfig) GetProfilesForAccount(account AWSAccount) []AWSProfile
- func (a *AWSConfig) GetRoleNames() []string
- func (a *AWSConfig) HasAccount(acctName string) bool
type AWSConfigGenerationParams
type AWSProfile
type Action
- func (a *Action) UnmarshalJSON(data []byte) error
type CachedGetClientIDToProfiles
- func NewCachedGetClientIDToProfiles(ctx context.Context, configParams *AWSConfigGenerationParams, ...) (*CachedGetClientIDToProfiles, error)
- func (c *CachedGetClientIDToProfiles) Get(ctx context.Context) (*oidcFederatedRoles, error)
type ClientIDToAWSRoles
type Condition
type PolicyDocument
- func NewPolicyDocument(assumeRolePolicyDocument string) (*PolicyDocument, error)
type Principal
type RouterConfig
type StatementEntry
- func (se *StatementEntry) GetFederatedClientIDs(oidcProviderHostname string) []okta.ClientID
type StringEqualsCondition
- func (sec *StringEqualsCondition) UnmarshalJSON(data []byte) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetRouter ¶

func GetRouter(
	ctx context.Context,
	config *RouterConfig,
) http.Handler

func Health ¶

func Health(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func Index ¶

func Index(
	awsGenerationParams *AWSConfigGenerationParams,
	cachedClientIDtoProfiles *CachedGetClientIDToProfiles,
	oktaClient okta.AppResource,
) httprouter.Handle

Types ¶

type AWSAccount ¶ added in v0.7.0

type AWSAccount struct {
	ID    string `json:"id,omitempty"`
	Name  string `json:"name,omitempty"`
	Alias string `json:"alias,omitempty"`
}

func (*AWSAccount) GetAliasOrName ¶ added in v0.16.0

func (a *AWSAccount) GetAliasOrName() string

type AWSConfig ¶ added in v0.7.0

type AWSConfig struct {
	Profiles []AWSProfile `json:"profiles,omitempty"`
}

func (*AWSConfig) GetAccounts ¶ added in v0.7.0

func (a *AWSConfig) GetAccounts() []AWSAccount

func (*AWSConfig) GetProfilesForAccount ¶ added in v0.7.0

func (a *AWSConfig) GetProfilesForAccount(account AWSAccount) []AWSProfile

func (*AWSConfig) GetRoleNames ¶ added in v0.10.0

func (a *AWSConfig) GetRoleNames() []string

func (*AWSConfig) HasAccount ¶ added in v0.7.0

func (a *AWSConfig) HasAccount(acctName string) bool

type AWSConfigGenerationParams ¶

type AWSConfigGenerationParams struct {
	OIDCProvider  string
	AWSWorkerRole string
	AWSOrgRoles   []string
	Concurrency   int
	SkipAccounts  sets.StringSet
}

type AWSProfile ¶ added in v0.7.0

type AWSProfile struct {
	ClientID   okta.ClientID `json:"client_id,omitempty"`
	AWSAccount AWSAccount    `json:"aws_account,omitempty"`
	RoleARN    string        `json:"role_arn,omitempty"`
	IssuerURL  string        `json:"issuer_url,omitempty"`
	RoleName   string        `json:"role_name,omitempty"`
}

type Action ¶

type Action []string

func (*Action) UnmarshalJSON ¶

func (a *Action) UnmarshalJSON(data []byte) error

type CachedGetClientIDToProfiles ¶

type CachedGetClientIDToProfiles struct {
	// contains filtered or unexported fields
}

func NewCachedGetClientIDToProfiles ¶

func NewCachedGetClientIDToProfiles(
	ctx context.Context,
	configParams *AWSConfigGenerationParams,
	awsSession *session.Session,
) (*CachedGetClientIDToProfiles, error)

func (*CachedGetClientIDToProfiles) Get ¶

func (c *CachedGetClientIDToProfiles) Get(ctx context.Context) (*oidcFederatedRoles, error)

Get returns the cached values

type ClientIDToAWSRoles ¶

type ClientIDToAWSRoles struct {
	// contains filtered or unexported fields
}

type Condition ¶

type Condition struct {
	StringEquals StringEqualsCondition `json:"StringEquals"`
}

We only care about the "StringEquals" field in Condition

type PolicyDocument ¶

type PolicyDocument struct {
	Version    string           `json:"Version"`
	Statements []StatementEntry `json:"Statement"`
}

func NewPolicyDocument ¶ added in v0.19.0

func NewPolicyDocument(assumeRolePolicyDocument string) (*PolicyDocument, error)

type Principal ¶

type Principal struct {
	Federated string `json:"Federated"`
}

We only care about the "Federated" field in Principal

type RouterConfig ¶

type RouterConfig struct {
	Verifier              oidcVerifier
	AwsGenerationParams   *AWSConfigGenerationParams
	OktaAppClient         okta.AppResource
	GetClientIDToProfiles *CachedGetClientIDToProfiles
}

type StatementEntry ¶

type StatementEntry struct {
	Effect    string    `json:"Effect"`
	Action    Action    `json:"Action"`
	Sid       string    `json:"Sid"`
	Principal Principal `json:"Principal"`
	Condition Condition `json:"Condition"`
}

func (*StatementEntry) GetFederatedClientIDs ¶ added in v0.19.0

func (se *StatementEntry) GetFederatedClientIDs(oidcProviderHostname string) []okta.ClientID

type StringEqualsCondition ¶ added in v0.19.0

type StringEqualsCondition map[string][]string

func (*StringEqualsCondition) UnmarshalJSON ¶ added in v0.19.0

func (sec *StringEqualsCondition) UnmarshalJSON(data []byte) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL