auth

Documentation

Index

• type Generator
  • func NewGenerator(client api.STSPresigner, clock credentials.Clock) Generator
  • func (g Generator) GetWithSTS(ctx context.Context, clusterID string) (Token, error)
• type Token
• type TokenGenerator
• type TokenSource
  • func (t *TokenSource) Token() (*oauth2.Token, error)

Types

type Generator

type Generator struct {
	// contains filtered or unexported fields
}

Generator provides a token generating functionality using a signed STS CallerIdentity call.

func NewGenerator

func NewGenerator(client api.STSPresigner, clock credentials.Clock) Generator

func (Generator) GetWithSTS

func (g Generator) GetWithSTS(ctx context.Context, clusterID string) (Token, error)

GetWithSTS returns a token valid for clusterID using the given STS client. This implementation follows the steps outlined here: https://github.com/kubernetes-sigs/aws-iam-authenticator#api-authorization-from-outside-a-cluster We either add this implementation or have to maintain two versions of STS since aws-iam-authenticator is not switching over to aws-go-sdk-v2.

type Token

type Token struct {
	Token      string
	Expiration time.Time
}

Token is generated and used by Kubernetes client-go to authenticate with a Kubernetes cluster.

type TokenGenerator

type TokenGenerator interface {
	GetWithSTS(ctx context.Context, clusterID string) (Token, error)
}

TokenGenerator defines a token generator using STS.

type TokenSource

type TokenSource struct {
	// ClusterID represents the cluster ID.
	ClusterID string
	// TokenGenerator is used to generate the token.
	TokenGenerator TokenGenerator
	// Leeway allows refreshing the token before its expiry.
	Leeway time.Duration
}

TokenSource implements oauth2.TokenSource.

func (*TokenSource) Token

func (t *TokenSource) Token() (*oauth2.Token, error)

Token returns the token.