Documentation
¶
Overview ¶
* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at https://mozilla.org/MPL/2.0/.
* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at https://mozilla.org/MPL/2.0/.
Index ¶
- Constants
- func GetValidCredentials(filename string) (map[string]Credentials, error)
- func OutputCredentialProcess(c *Credentials, w io.Writer)
- func OutputEnvironment(c *Credentials, windows bool, w io.Writer)
- func OutputFile(c *Credentials, filename string, section string) error
- func SetCredentialProcess(filename string, section string) error
- type Credentials
- type Profile
Constants ¶
const ( // A friendly message to show to the user when a requested duration exceeds the configured // maximum. DurationExceededMessage = "The requested duration exceeded the allowed maximum. Falling " + "back to 1 hour.\nTo update the maximum session duration you can use the following " + "command:\n\naws iam update-role --role-name <role_name> --max-session-duration " + "<duration>\n\nFor more information please refer to the AWS documentation:\n" + "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_modify.html" // The error message STS returns when attempting to assume a role with a duration longer than // the configured maximum for that role. ErrInvalidSessionDuration = "The requested DurationSeconds exceeds the MaxSessionDuration " + "set for this role." // A custom error which indicates that the requested duration exceeded the configured maximum. // TODO Replace this with a custom error type. ErrDurationExceeded = "DurationExceeded" )
Variables ¶
This section is empty.
Functions ¶
func GetValidCredentials ¶
func GetValidCredentials(filename string) (map[string]Credentials, error)
GetValidCredentials returns credentials which have a aws_expiration key but are not yet expired. returns a map of profile name to credentials
func OutputCredentialProcess ¶
func OutputCredentialProcess(c *Credentials, w io.Writer)
OutputCredentialProcess writes (prints) credentials to stdout in the format required by the AWS CLI. The output can be used to set the credential_process option in the AWS CLI configuration file.
func OutputEnvironment ¶
func OutputEnvironment(c *Credentials, windows bool, w io.Writer)
OutputEnvironment writes (prints) credentials to stdout. If windows is true, Windows syntax will be used. The output can be used to set environment variables.
func OutputFile ¶
func OutputFile(c *Credentials, filename string, section string) error
OutputFile writes credentials to an AWS CLI credentials file (https://docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html). In addition, this function removes expired temporary credentials from the credentials file.
func SetCredentialProcess ¶
SetCredentialProcess writes the credential_process config to an AWS CLI credentials file in the format required by the SDK
Types ¶
type Credentials ¶
type Credentials struct {
AccessKeyID string
SecretAccessKey string
SessionToken string
Expiration time.Time
}
Credentials represents a set of temporary credentials received from AWS STS (http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html).
func AssumeSAMLRole ¶
func AssumeSAMLRole(PrincipalArn, RoleArn, SAMLAssertion, awsRegion string, duration int32) (*Credentials, error)
AssumeSAMLRole assumes an AWS IAM role using a SAML assertion. In cases where the requested session duration is higher than the maximum allowed on AWS, STS returns a specific error message to indicate that. In this case we return a custom error to the caller to allow special handling such as retrying with a lower duration.
type Profile ¶
Profile represents an AWS profile
func GetValidProfiles ¶
GetValidProfiles returns profiles which have a aws_expiration key but are not yet expired.
Source Files