ec2tokens

package

v0.16.0 Latest Latest Go to latest Published: Jul 15, 2020 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/yyf330/gophercloud

Links

Open Source Insights

Documentation ¶

Overview ¶

Package tokens provides information and interaction with the EC2 token API resource for the OpenStack Identity service.

For more information, see: https://docs.openstack.org/api-ref/identity/v2-ext/

Example to Create a Token From an EC2 access and secret keys

var authOptions tokens.AuthOptionsBuilder
authOptions = &ec2tokens.AuthOptions{
	Access: "a7f1e798b7c2417cba4a02de97dc3cdc",
	Secret: "18f4f6761ada4e3795fa5273c30349b9",
}

token, err := ec2tokens.Create(identityClient, authOptions).ExtractToken()
if err != nil {
	panic(err)
}

Example to auth a client using EC2 access and secret keys

client, err := openstack.NewClient("http://localhost:5000/v3")
if err != nil {
	panic(err)
}

var authOptions tokens.AuthOptionsBuilder
authOptions = &ec2tokens.AuthOptions{
	Access:      "a7f1e798b7c2417cba4a02de97dc3cdc",
	Secret:      "18f4f6761ada4e3795fa5273c30349b9",
	AllowReauth: true,
}

err = openstack.AuthenticateV3(client, authOptions, gophercloud.EndpointOpts{})
if err != nil {
	panic(err)
}

Index ¶

Constants
func Create(c *gophercloud.ServiceClient, opts tokens.AuthOptionsBuilder) (r tokens.CreateResult)
func EC2CredentialsBuildAuthorizationHeaderV4(opts AuthOptions, signedHeaders string, signature string, date time.Time) string
func EC2CredentialsBuildCanonicalHeadersV4(headers map[string]string, signedHeaders string) string
func EC2CredentialsBuildCanonicalQueryStringV2(params map[string]string) string
func EC2CredentialsBuildCanonicalQueryStringV4(verb string, params map[string]string) string
func EC2CredentialsBuildSignatureKeyV4(secret, region, service string, date time.Time) []byte
func EC2CredentialsBuildSignatureV4(key []byte, stringToSign []byte) string
func EC2CredentialsBuildStringToSignV2(opts AuthOptions) []byte
func EC2CredentialsBuildStringToSignV4(opts AuthOptions, signedHeaders string, bodyHash string, date time.Time) []byte
func ValidateS3Token(c *gophercloud.ServiceClient, opts tokens.AuthOptionsBuilder) (r tokens.CreateResult)
type AuthOptions

Constants ¶

View Source

const (
	// EC2CredentialsAwsRequestV4 is a constant, used to generate AWS
	// Credential V4.
	EC2CredentialsAwsRequestV4 = "aws4_request"
	// EC2CredentialsHmacSha1V2 is a HMAC SHA1 signature method. Used to
	// generate AWS Credential V2.
	EC2CredentialsHmacSha1V2 = "HmacSHA1"
	// EC2CredentialsHmacSha256V2 is a HMAC SHA256 signature method. Used
	// to generate AWS Credential V2.
	EC2CredentialsHmacSha256V2 = "HmacSHA256"
	// EC2CredentialsAwsHmacV4 is an AWS signature V4 signing method.
	// More details:
	// https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
	EC2CredentialsAwsHmacV4 = "AWS4-HMAC-SHA256"
	// EC2CredentialsTimestampFormatV4 is an AWS signature V4 timestamp
	// format.
	EC2CredentialsTimestampFormatV4 = "20060102T150405Z"
	// EC2CredentialsDateFormatV4 is an AWS signature V4 date format.
	EC2CredentialsDateFormatV4 = "20060102"
)

Variables ¶

This section is empty.

Functions ¶

func Create ¶

func Create(c *gophercloud.ServiceClient, opts tokens.AuthOptionsBuilder) (r tokens.CreateResult)

Create authenticates and either generates a new token from EC2 credentials

func EC2CredentialsBuildAuthorizationHeaderV4 ¶

func EC2CredentialsBuildAuthorizationHeaderV4(opts AuthOptions, signedHeaders string, signature string, date time.Time) string

EC2CredentialsBuildAuthorizationHeaderV4 builds an AWS v4 Authorization header based on auth parameters, date and signature

func EC2CredentialsBuildCanonicalHeadersV4 ¶

func EC2CredentialsBuildCanonicalHeadersV4(headers map[string]string, signedHeaders string) string

EC2CredentialsBuildCanonicalHeadersV4 builds a canonical string based on "headers" map and "signedHeaders" string parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L216

func EC2CredentialsBuildCanonicalQueryStringV2 ¶

func EC2CredentialsBuildCanonicalQueryStringV2(params map[string]string) string

EC2CredentialsBuildCanonicalQueryStringV2 builds a canonical query string for an AWS signature V2. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L133

func EC2CredentialsBuildCanonicalQueryStringV4 ¶

func EC2CredentialsBuildCanonicalQueryStringV4(verb string, params map[string]string) string

EC2CredentialsBuildCanonicalQueryStringV2 builds a canonical query string for an AWS signature V4. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L244

func EC2CredentialsBuildSignatureKeyV4 ¶

func EC2CredentialsBuildSignatureKeyV4(secret, region, service string, date time.Time) []byte

EC2CredentialsBuildSignatureKeyV4 builds a HMAC 256 signature key based on input parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L169

func EC2CredentialsBuildSignatureV4 ¶

func EC2CredentialsBuildSignatureV4(key []byte, stringToSign []byte) string

EC2CredentialsBuildSignatureV4 builds an AWS v4 signature based on input parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L285..L286

func EC2CredentialsBuildStringToSignV2 ¶

func EC2CredentialsBuildStringToSignV2(opts AuthOptions) []byte

EC2CredentialsBuildStringToSignV2 builds a string to sign an AWS signature V2. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L148

func EC2CredentialsBuildStringToSignV4 ¶

func EC2CredentialsBuildStringToSignV4(opts AuthOptions, signedHeaders string, bodyHash string, date time.Time) []byte

EC2CredentialsBuildStringToSignV4 builds an AWS v4 signature string to sign based on input parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L251

func ValidateS3Token ¶

func ValidateS3Token(c *gophercloud.ServiceClient, opts tokens.AuthOptionsBuilder) (r tokens.CreateResult)

ValidateS3Token authenticates an S3 request using EC2 credentials. Doesn't generate a new token ID, but returns a tokens.CreateResult.

Types ¶

type AuthOptions ¶

type AuthOptions struct {
	// Access is the EC2 Credential Access ID.
	Access string `json:"access" required:"true"`
	// Secret is the EC2 Credential Secret, used to calculate signature.
	// Not used, when a Signature is is.
	Secret string `json:"-"`
	// Host is a HTTP request Host header. Used to calculate an AWS
	// signature V2. For signature V4 set the Host inside Headers map.
	// Optional.
	Host string `json:"host"`
	// Path is a HTTP request path. Optional.
	Path string `json:"path"`
	// Verb is a HTTP request method. Optional.
	Verb string `json:"verb"`
	// Headers is a map of HTTP request headers. Optional.
	Headers map[string]string `json:"headers"`
	// Region is a region name to calculate an AWS signature V4. Optional.
	Region string `json:"-"`
	// Service is a service name to calculate an AWS signature V4. Optional.
	Service string `json:"-"`
	// Params is a map of GET method parameters. Optional.
	Params map[string]string `json:"params"`
	// AllowReauth allows Gophercloud to re-authenticate automatically
	// if/when your token expires.
	AllowReauth bool `json:"-"`
	// Signature can be either a []byte (encoded to base64 automatically) or
	// a string. You can set the singature explicitly, when you already know
	// it. In this case default Params won't be automatically set. Optional.
	Signature interface{} `json:"signature"`
	// BodyHash is a HTTP request body sha256 hash. When nil and Signature
	// is not set, a random hash is generated. Optional.
	BodyHash *string `json:"body_hash"`
	// Timestamp is a timestamp to calculate a V4 signature. Optional.
	Timestamp *time.Time `json:"-"`
	// Token is a []byte string (encoded to base64 automatically) which was
	// signed by an EC2 secret key. Used by S3 tokens for validation only.
	// Token must be set with a Signature. If a Signature is not provided,
	// a Token will be generated automatically along with a Signature.
	Token []byte `json:"token,omitempty"`
}

AuthOptions represents options for authenticating a user using EC2 credentials.

func (*AuthOptions) CanReauth ¶

func (opts *AuthOptions) CanReauth() bool

CanReauth is a method method to satisfy tokens.AuthOptionsBuilder interface

func (*AuthOptions) ToTokenV3CreateMap ¶

func (opts *AuthOptions) ToTokenV3CreateMap(map[string]interface{}) (map[string]interface{}, error)

ToTokenV3CreateMap formats an AuthOptions into a create request.

func (*AuthOptions) ToTokenV3HeadersMap ¶

func (opts *AuthOptions) ToTokenV3HeadersMap(map[string]interface{}) (map[string]string, error)

ToTokenV3HeadersMap allows AuthOptions to satisfy the AuthOptionsBuilder interface in the v3 tokens package.

func (*AuthOptions) ToTokenV3ScopeMap ¶

func (opts *AuthOptions) ToTokenV3ScopeMap() (map[string]interface{}, error)

ToTokenV3ScopeMap is a dummy method to satisfy tokens.AuthOptionsBuilder interface.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL