Documentation ¶
Overview ¶
Package assumerole is a wrapper around AWS's sts:AssumeRole API call to get temporary credentials and cache them locally in ~/.aws config files.
Copyright (c) 2018 Uber Technologies, Inc. *
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at *
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2018 Uber Technologies, Inc. *
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at *
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2018 Uber Technologies, Inc. *
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at *
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2018 Uber Technologies, Inc. *
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at *
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2018 Uber Technologies, Inc. *
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at *
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Index ¶
- func IsAWSAccessDeniedError(err error) bool
- type AWS
- func (a *AWS) AssumeRole(roleARN string, sessionName string) (*TemporaryCredentials, error)
- func (a *AWS) AssumeRoleWithMFA(roleARN string, sessionName string, mfaDeviceARN string, mfaToken string) (*TemporaryCredentials, error)
- func (a *AWS) CurrentPrincipalARN() (string, error)
- func (a *AWS) MFADevices() ([]string, error)
- func (a *AWS) Username() (string, error)
- type AWSConfig
- func (c *AWSConfig) GetCredentials(profileName string) (*TemporaryCredentials, error)
- func (c *AWSConfig) GetProfile(profileName string) (*ProfileConfiguration, error)
- func (c *AWSConfig) SetCredentials(profileName string, creds *TemporaryCredentials) error
- func (c *AWSConfig) SetProfile(profileName string, profile *ProfileConfiguration) error
- type AWSConfigOpts
- type AWSConfigProvider
- type AWSProvider
- type App
- type AssumeRoleParameters
- type Clock
- type Config
- type Option
- type ProfileConfiguration
- type TemporaryCredentials
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsAWSAccessDeniedError ¶
IsAWSAccessDeniedError indicates whether an error is an AWS "access denied" error.
Types ¶
type AWS ¶
type AWS struct {
// contains filtered or unexported fields
}
AWS is the default implementation of AWSProvider that talks to the real AWS.
func (*AWS) AssumeRole ¶
func (a *AWS) AssumeRole(roleARN string, sessionName string) (*TemporaryCredentials, error)
AssumeRole calls sts:AssumeRole and returns temporary credentials.
func (*AWS) AssumeRoleWithMFA ¶
func (a *AWS) AssumeRoleWithMFA(roleARN string, sessionName string, mfaDeviceARN string, mfaToken string) (*TemporaryCredentials, error)
AssumeRoleWithMFA calls sts:AssumeRole (with MFA information) and returns temporary credentials.
func (*AWS) CurrentPrincipalARN ¶
CurrentPrincipalARN returns the ARN of the current IAM principal.
func (*AWS) MFADevices ¶
MFADevices lists the MFA devices on the current user's account.
type AWSConfig ¶
type AWSConfig struct {
// contains filtered or unexported fields
}
AWSConfig represents the default AWS config files that exist on a system at ~/.aws/{config,credentials}. These two files are inherently linked for us, because while the credentials are stored in the credentials file, the metadata about these credentials are stored in the profile config file.
func NewAWSConfig ¶
func NewAWSConfig(config AWSConfigOpts) (*AWSConfig, error)
NewAWSConfig returns a new AWSConfig, that will lazily read credentials and configuration from the default AWS config at ~/.aws.
func (*AWSConfig) GetCredentials ¶
func (c *AWSConfig) GetCredentials(profileName string) (*TemporaryCredentials, error)
GetCredentials retrieves the named credentials from the AWS credential file.
func (*AWSConfig) GetProfile ¶
func (c *AWSConfig) GetProfile(profileName string) (*ProfileConfiguration, error)
GetProfile returns the AWS profile metadata information from the shared config file.
func (*AWSConfig) SetCredentials ¶
func (c *AWSConfig) SetCredentials(profileName string, creds *TemporaryCredentials) error
SetCredentials saves the credentials to the AWS credential file.
func (*AWSConfig) SetProfile ¶
func (c *AWSConfig) SetProfile(profileName string, profile *ProfileConfiguration) error
SetProfile writes the specified profile information to the shared AWS config config file.
type AWSConfigOpts ¶
type AWSConfigOpts struct { // ConfigFilePath is the path to the shared AWS config file, usually at // ~/.aws/config. If you leave this blank, the default location will be // used. ConfigFilePath string // CredentialsFilePath is the path to the shared AWS config file, usually // at ~/.aws/credentials. If you leave this blank, the default location // will be used. CredentialsFilePath string }
AWSConfigOpts are the options for the AWSConfig.
type AWSConfigProvider ¶
type AWSConfigProvider interface { GetCredentials(profileName string) (*TemporaryCredentials, error) SetCredentials(profileName string, creds *TemporaryCredentials) error GetProfile(profileName string) (*ProfileConfiguration, error) SetProfile(profileName string, profile *ProfileConfiguration) error }
AWSConfigProvider is an interface to the AWS configuration (usually kept in files in ~/.aws).
type AWSProvider ¶
type AWSProvider interface { AssumeRole(roleARN string, sessionName string) (*TemporaryCredentials, error) AssumeRoleWithMFA(roleARN string, sessionName string, mfaDeviceARN string, mfaToken string) (*TemporaryCredentials, error) MFADevices() ([]string, error) Username() (string, error) CurrentPrincipalARN() (string, error) }
AWSProvider is an interface to AWS.
type App ¶
type App struct {
// contains filtered or unexported fields
}
App is the main AssumeRole app.
func (*App) AssumeRole ¶
func (app *App) AssumeRole(options AssumeRoleParameters) (*TemporaryCredentials, error)
AssumeRole takes a role name and calls AWS AssumeRole, returning a set of temporary credentials. If MFA is required, it will prompt for an MFA token interactively.
func (*App) CurrentPrincipalIsAssumedRole ¶
CurrentPrincipalIsAssumedRole returns true is the current principal is an assumed role.
type AssumeRoleParameters ¶
type AssumeRoleParameters struct { // UserRole is the ARN of the role to be assumed UserRole string // RoleSessionName is the session name for the AWS AssumeRole call; if it is // the empty string, the current username will be used RoleSessionName string // When ForceRefresh is true, assumerole will bypass the local cache and do a // call to sts:AssumeRole to retrieve fresh credentials. ForceRefresh bool }
AssumeRoleParameters are the parameters for the AssumeRole call
type Config ¶
type Config struct { // RefreshBeforeExpiry is a duration prior to the credentials expiring // where we'll refresh them anyway. This is to prevent a command running // just before credentials are about to expire. Defaults to 15m. RefreshBeforeExpiry time.Duration `json:"refresh_before_expiry"` // RolePrefix allows the user to specify a prefix for the role ARN that // will be combined with what is specified as the role when executing the // app. For example, if the prefix is "arn:aws:iam::123:role/" and the user // executes the app with role "foobar", the final ARN will become: // "arn:aws:iam::123:role/foobar". RolePrefix string `json:"role_prefix"` // ProfileNamePrefix is a prefix that will prepended to the role name to // create the profile name under which the AWS configuration will be saved. ProfileNamePrefix string `json:"profile_name_prefix"` }
Config is the config for the AssumeRole app.
func LoadConfig ¶
LoadConfig reads config values from a file and returns the config.
type Option ¶
Option is an option for the App that allows for changing of options or dependency injection for testing.
func WithAWS ¶
func WithAWS(aws AWSProvider) Option
WithAWS allows you to pass a custom AWSProvider for talking to AWS.
func WithAWSConfig ¶
func WithAWSConfig(awsConfig AWSConfigProvider) Option
WithAWSConfig allows you to pass a custom AWSConfigProvider, which stores config and credentials for talking to AWS.
func WithConfig ¶
WithConfig allows you to customise the configuration for the AssumeRole app itself.
func WithStderr ¶
WithStderr allows you to pass a custom stderr.
Directories ¶
Path | Synopsis |
---|---|
Package cli is reponsible for cli interaction * Copyright (c) 2018 Uber Technologies, Inc.
|
Package cli is reponsible for cli interaction * Copyright (c) 2018 Uber Technologies, Inc. |
assume-role
* Copyright (c) 2018 Uber Technologies, Inc.
|
* Copyright (c) 2018 Uber Technologies, Inc. |
Package mocks is a generated GoMock package.
|
Package mocks is a generated GoMock package. |