creds

package

v0.1.33 Latest Latest Go to latest Published: Feb 12, 2021 License: Apache-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/netflix/weep

Documentation ¶

Index ¶

type Account
type AwsCredentials
- func GetCredentials(role string, ipRestrict bool, assumeRole []string) (*AwsCredentials, error)
- func GetCredentialsC(client *Client, role string, ipRestrict bool, assumeRole []string) (*AwsCredentials, error)
type Client
- func (c *Client) GetRoleCredentials(role string, ipRestrict bool) (*AwsCredentials, error)
- func (c *Client) Roles() ([]string, error)
type ClientMock
- func (c *ClientMock) Do(req *http.Request) (*http.Response, error)
type ConsolemeCredentialErrorMessageType
type ConsolemeCredentialRequestType
type ConsolemeCredentialResponseType
type CredentialProcess
type HTTPClient
type RefreshableProvider
- func NewRefreshableProvider(client *Client, role, region string, assumeChain []string, noIpRestrict bool) (*RefreshableProvider, error)
type Time

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Account ¶

type Account struct {
}

type AwsCredentials ¶

type AwsCredentials struct {
	AccessKeyId     string `json:"AccessKeyId"`
	SecretAccessKey string `json:"SecretAccessKey"`
	SessionToken    string `json:"SessionToken"`
	Expiration      Time   `json:"Expiration"`
	RoleArn         string `json:"RoleArn"`
}

func GetCredentials ¶

func GetCredentials(role string, ipRestrict bool, assumeRole []string) (*AwsCredentials, error)

GetCredentials requests credentials from ConsoleMe then follows the provided chain of roles to assume. Roles are assumed in the order in which they appear in the assumeRole slice.

func GetCredentialsC ¶

func GetCredentialsC(client *Client, role string, ipRestrict bool, assumeRole []string) (*AwsCredentials, error)

GetCredentialsC uses the provided Client to request credentials from ConsoleMe then follows the provided chain of roles to assume. Roles are assumed in the order in which they appear in the assumeRole slice.

type Client ¶

type Client struct {
	Httpc HTTPClient
	Host  string
}

Client represents a ConsoleMe client.

func GetClient ¶

func GetClient() (*Client, error)

GetClient creates an authenticated ConsoleMe client

func GetTestClient ¶ added in v0.1.17

func GetTestClient(responseBody interface{}) (*Client, error)

func NewClientWithJwtAuth ¶

func NewClientWithJwtAuth(hostname string, httpc HTTPClient) (*Client, error)

NewClientWithJwtAuth takes a ConsoleMe hostname and *http.Client, and returns a ConsoleMe client that will talk to that ConsoleMe instance

func NewClientWithMtls ¶

func NewClientWithMtls(hostname string, httpc HTTPClient) (*Client, error)

NewClientWithMtls takes a ConsoleMe hostname and *http.Client, and returns a ConsoleMe client that will talk to that ConsoleMe instance for AWS Credentials.

func (*Client) GetRoleCredentials ¶

func (c *Client) GetRoleCredentials(role string, ipRestrict bool) (*AwsCredentials, error)

func (*Client) Roles ¶

func (c *Client) Roles() ([]string, error)

accounts returns all accounts, and allows you to filter the accounts by sub-resources like: /accounts/service/support

type ClientMock ¶ added in v0.1.17

type ClientMock struct {
	DoFunc func(req *http.Request) (*http.Response, error)
}

func (*ClientMock) Do ¶ added in v0.1.17

func (c *ClientMock) Do(req *http.Request) (*http.Response, error)

type ConsolemeCredentialErrorMessageType ¶

type ConsolemeCredentialErrorMessageType struct {
	Code          string `json:"code"`
	Message       string `json:"message"`
	RequestedRole string `json:"requested_role"`
	Exception     string `json:"exception"`
	RequestID     string `json:"request_id"`
}

type ConsolemeCredentialRequestType ¶

type ConsolemeCredentialRequestType struct {
	RequestedRole   string `json:"requested_role"`
	NoIpRestriciton bool   `json:"no_ip_restrictions"`
}

type ConsolemeCredentialResponseType ¶

type ConsolemeCredentialResponseType struct {
	Credentials *AwsCredentials `json:"Credentials"`
}

type CredentialProcess ¶

type CredentialProcess struct {
	Version         int    `json:"Version"`
	AccessKeyId     string `json:"AccessKeyId"`
	SecretAccessKey string `json:"SecretAccessKey"`
	SessionToken    string `json:"SessionToken"`
	Expiration      string `json:"Expiration"`
}

type HTTPClient ¶

type HTTPClient interface {
	Do(*http.Request) (*http.Response, error)
}

HTTPClient is the interface we expect HTTP clients to implement.

type RefreshableProvider ¶ added in v0.1.17

type RefreshableProvider struct {
	Expiration    Time
	LastRefreshed Time
	Region        string
	Role          string
	RoleArn       string
	NoIpRestrict  bool
	AssumeChain   []string
	// contains filtered or unexported fields
}

func NewRefreshableProvider ¶ added in v0.1.17

func NewRefreshableProvider(client *Client, role, region string, assumeChain []string, noIpRestrict bool) (*RefreshableProvider, error)

NewRefreshableProvider creates an AWS credential provider that will automatically refresh credentials when they are close to expiring

func (*RefreshableProvider) AutoRefresh ¶ added in v0.1.17

func (rp *RefreshableProvider) AutoRefresh()

func (*RefreshableProvider) IsExpired ¶ added in v0.1.17

func (rp *RefreshableProvider) IsExpired() bool

IsExpired always returns false because we should never have expired credentials

func (*RefreshableProvider) Retrieve ¶ added in v0.1.17

func (rp *RefreshableProvider) Retrieve() (credentials.Value, error)

Retrieve returns the AWS credentials from the provider

type Time ¶ added in v0.1.17

type Time time.Time

func (Time) Add ¶ added in v0.1.17

func (t Time) Add(d time.Duration) time.Time

Add returns t with the provided duration added to it.

func (Time) Format ¶ added in v0.1.17

func (t Time) Format(layout string) string

Format returns t as a timestamp string with the provided layout.

func (Time) MarshalJSON ¶ added in v0.1.17

func (t Time) MarshalJSON() ([]byte, error)

MarshalJSON is used to convert the timestamp to JSON

func (Time) String ¶ added in v0.1.17

func (t Time) String() string

String returns t as a formatted string

func (Time) Time ¶ added in v0.1.17

func (t Time) Time() time.Time

Time returns the JSON time as a time.Time instance in UTC

func (Time) UTC ¶ added in v0.1.17

func (t Time) UTC() time.Time

func (Time) Unix ¶ added in v0.1.17

func (t Time) Unix() int64

Unix returns t as a Unix time, the number of seconds elapsed since January 1, 1970 UTC. The result does not depend on the location associated with t.

func (*Time) UnmarshalJSON ¶ added in v0.1.17

func (t *Time) UnmarshalJSON(s []byte) (err error)

UnmarshalJSON is used to convert the timestamp from JSON

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL