storage

package
v1.17.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 10, 2024 License: GPL-3.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	KEYRING_ID                   = "aws-sso-cli"
	RECORD_KEY                   = "aws-sso-cli-records"
	KEYRING_NAME                 = "awsssocli"
	REGISTER_CLIENT_DATA_PREFIX  = "client-data"
	CREATE_TOKEN_RESPONSE_PREFIX = "token-response"
	ENV_SSO_FILE_PASSWORD        = "AWS_SSO_FILE_PASSWORD" // #nosec
	WINCRED_MAX_LENGTH           = 2000
)

Variables

View Source 
var NewPassword string = ""

Functions

func GetLogger 

func GetLogger() *logrus.Logger

func NewKeyringConfig 

func NewKeyringConfig(name, configDir string) (*keyring.Config, error)

func SetLogger 

func SetLogger(l *logrus.Logger)

func ValidateSSLCertificate added in v1.17.0 

func ValidateSSLCertificate(certChain []byte) error

ValidateSSLCertificate ensures we have a valid SSL certificate

func ValidateSSLPrivateKey added in v1.17.0 

func ValidateSSLPrivateKey(privateKey []byte) error

ValidateSSLPrivateKey ensures we have a valid SSL private key

Types

type CreateTokenResponse 

type CreateTokenResponse struct {
	AccessToken  string `json:"accessToken"` // should be cached to issue new creds
	ExpiresIn    int32  `json:"expiresIn"`   // number of seconds it expires in (from AWS)
	ExpiresAt    int64  `json:"expiresAt"`   // Unix time when it expires
	IdToken      string `json:"IdToken"`
	RefreshToken string `json:"RefreshToken"`
	TokenType    string `json:"tokenType"`
}

func (*CreateTokenResponse) Expired 

func (t *CreateTokenResponse) Expired() bool

Expired returns true if it has expired or will in the next minute

type JsonStore 

type JsonStore struct {
	RegisterClient      map[string]RegisterClientData  `json:"RegisterClient,omitempty"`
	StartDeviceAuth     map[string]StartDeviceAuthData `json:"StartDeviceAuth,omitempty"`
	CreateTokenResponse map[string]CreateTokenResponse `json:"CreateTokenResponse,omitempty"`
	RoleCredentials     map[string]RoleCredentials     `json:"RoleCredentials,omitempty"`   // ARN = key
	StaticCredentials   map[string]StaticCredentials   `json:"StaticCredentials,omitempty"` // ARN = key
	EcsBearerToken      string                         `json:"EcsBearerToken,omitempty"`
	EcsPrivateKey       string                         `json:"EcsPrivateKey,omitempty"`
	EcsCertChain        string                         `json:"EcsCertChain,omitempty"`
	// contains filtered or unexported fields
}

JsonStore implements SecureStorage insecurely

func OpenJsonStore 

func OpenJsonStore(filename string) (*JsonStore, error)

OpenJsonStore opens our insecure JSON storage backend

func (*JsonStore) DeleteCreateTokenResponse 

func (jc *JsonStore) DeleteCreateTokenResponse(key string) error

DeleteCreateTokenResponse deletes the token from the json file

func (*JsonStore) DeleteEcsBearerToken added in v1.17.0 

func (jc *JsonStore) DeleteEcsBearerToken() error

DeleteEcsBearerToken deletes the token from the json file

func (*JsonStore) DeleteEcsSslKeyPair added in v1.17.0 

func (jc *JsonStore) DeleteEcsSslKeyPair() error

DeleteEcsSslKeyPair deletes the SSL private key and certificate chain from the json file

func (*JsonStore) DeleteRegisterClientData 

func (jc *JsonStore) DeleteRegisterClientData(key string) error

DeleteRegisterClientData deletes the RegisterClientData from the JSON store

func (*JsonStore) DeleteRoleCredentials 

func (jc *JsonStore) DeleteRoleCredentials(arn string) error

DeleteRoleCredentials deletes the token from the json file

func (*JsonStore) DeleteStaticCredentials 

func (jc *JsonStore) DeleteStaticCredentials(arn string) error

DeleteStaticCredentials deletes the StaticCredentials from the json file

func (*JsonStore) GetCreateTokenResponse 

func (jc *JsonStore) GetCreateTokenResponse(key string, token *CreateTokenResponse) error

GetCreateTokenResponse retrieves the CreateTokenResponse from the json file

func (*JsonStore) GetEcsBearerToken added in v1.17.0 

func (jc *JsonStore) GetEcsBearerToken() (string, error)

GetEcsBearerToken retrieves the token from the json file

func (*JsonStore) GetEcsSslCert added in v1.17.0 

func (jc *JsonStore) GetEcsSslCert() (string, error)

GetEcsSslCert retrieves the SSL certificate chain from the json file

func (*JsonStore) GetEcsSslKey added in v1.17.0 

func (jc *JsonStore) GetEcsSslKey() (string, error)

GetEcsSslKey retrieves the SSL private keyfrom the json file

func (*JsonStore) GetRegisterClientData 

func (jc *JsonStore) GetRegisterClientData(key string, client *RegisterClientData) error

GetRegisterClientData retrieves the RegisterClientData from our JSON store

func (*JsonStore) GetRoleCredentials 

func (jc *JsonStore) GetRoleCredentials(arn string, token *RoleCredentials) error

GetRoleCredentials retrieves the RoleCredentials from the json file

func (*JsonStore) GetStaticCredentials 

func (jc *JsonStore) GetStaticCredentials(arn string, creds *StaticCredentials) error

GetStaticCredentials retrieves the StaticCredentials from the json file

func (*JsonStore) ListStaticCredentials 

func (jc *JsonStore) ListStaticCredentials() []string

ListStaticCredentials returns all the ARN's of static credentials

func (*JsonStore) SaveCreateTokenResponse 

func (jc *JsonStore) SaveCreateTokenResponse(key string, token CreateTokenResponse) error

SaveCreateTokenResponse stores the token in the json file

func (*JsonStore) SaveEcsBearerToken added in v1.17.0 

func (jc *JsonStore) SaveEcsBearerToken(token string) error

SaveEcsBearerToken stores the token in the json file

func (*JsonStore) SaveEcsSslKeyPair added in v1.17.0 

func (jc *JsonStore) SaveEcsSslKeyPair(privateKey, certChain []byte) error

SaveEcsSslKeyPair stores the SSL private key and certificate chain in the json file

func (*JsonStore) SaveRegisterClientData 

func (jc *JsonStore) SaveRegisterClientData(key string, client RegisterClientData) error

SaveRegisterClientData saves the RegisterClientData in our JSON store

func (*JsonStore) SaveRoleCredentials 

func (jc *JsonStore) SaveRoleCredentials(arn string, token RoleCredentials) error

SaveRoleCredentials stores the token in the json file

func (*JsonStore) SaveStaticCredentials 

func (jc *JsonStore) SaveStaticCredentials(arn string, creds StaticCredentials) error

SaveStaticCredentials stores the token in the json file

type KeyringAPI 

type KeyringAPI interface {
	// Returns an Item matching the key or ErrKeyNotFound
	Get(key string) (keyring.Item, error)
	// Returns the non-secret parts of an Item
	// GetMetadata(key string) (Metadata, error)
	// Stores an Item on the keyring
	Set(item keyring.Item) error
	// Removes the item with matching key
	Remove(key string) error
}

KeyringAPI is the subset of the Keyring API we use so we can do unit testing

type KeyringStore 

type KeyringStore struct {
	// contains filtered or unexported fields
}

Implements SecureStorage

func OpenKeyring 

func OpenKeyring(cfg *keyring.Config) (*KeyringStore, error)

func (*KeyringStore) CreateTokenResponseKey 

func (kr *KeyringStore) CreateTokenResponseKey(key string) string

func (*KeyringStore) DeleteCreateTokenResponse 

func (kr *KeyringStore) DeleteCreateTokenResponse(key string) error

DeleteCreateTokenResponse deletes the CreateTokenResponse from the keyring

func (*KeyringStore) DeleteEcsBearerToken added in v1.17.0 

func (kr *KeyringStore) DeleteEcsBearerToken() error

DeleteEcsBearerToken deletes the token from the keyring

func (*KeyringStore) DeleteEcsSslKeyPair added in v1.17.0 

func (kr *KeyringStore) DeleteEcsSslKeyPair() error

DeleteEcsSslKeyPair deletes the private key and cert chain from the keyring

func (*KeyringStore) DeleteRegisterClientData 

func (kr *KeyringStore) DeleteRegisterClientData(region string) error

Delete the RegisterClientData from the keychain

func (*KeyringStore) DeleteRoleCredentials 

func (kr *KeyringStore) DeleteRoleCredentials(arn string) error

DeleteRoleCredentials deletes the RoleCredentials from the Keyring

func (*KeyringStore) DeleteStaticCredentials 

func (kr *KeyringStore) DeleteStaticCredentials(arn string) error

DeleteStaticCredentials deletes the StaticCredentials from the Keyring

func (*KeyringStore) GetCreateTokenResponse 

func (kr *KeyringStore) GetCreateTokenResponse(key string, token *CreateTokenResponse) error

GetCreateTokenResponse retrieves the CreateTokenResponse from the keyring

func (*KeyringStore) GetEcsBearerToken added in v1.17.0 

func (kr *KeyringStore) GetEcsBearerToken() (string, error)

GetEcsBearerToken retrieves the token from the keyring

func (*KeyringStore) GetEcsSslCert added in v1.17.0 

func (kr *KeyringStore) GetEcsSslCert() (string, error)

GetEcsSslCert retrieves the private key and cert chain from the keyring

func (*KeyringStore) GetEcsSslKey added in v1.17.0 

func (kr *KeyringStore) GetEcsSslKey() (string, error)

GetEcsSslKey retrieves the private key from the keyring

func (*KeyringStore) GetRegisterClientData 

func (kr *KeyringStore) GetRegisterClientData(region string, client *RegisterClientData) error

Get our RegisterClientData from the key chain

func (*KeyringStore) GetRoleCredentials 

func (kr *KeyringStore) GetRoleCredentials(arn string, token *RoleCredentials) error

GetRoleCredentials retrieves the RoleCredentials from the Keyring

func (*KeyringStore) GetStaticCredentials 

func (kr *KeyringStore) GetStaticCredentials(arn string, creds *StaticCredentials) error

GetStaticCredentials retrieves the StaticCredentials from the Keyring

func (*KeyringStore) ListStaticCredentials 

func (kr *KeyringStore) ListStaticCredentials() []string

ListStaticCredentials returns a list of all the ARNs in the keyring

func (*KeyringStore) RegisterClientKey 

func (kr *KeyringStore) RegisterClientKey(ssoRegion string) string

func (*KeyringStore) SaveCreateTokenResponse 

func (kr *KeyringStore) SaveCreateTokenResponse(key string, token CreateTokenResponse) error

SaveCreateTokenResponse stores the token in the keyring

func (*KeyringStore) SaveEcsBearerToken added in v1.17.0 

func (kr *KeyringStore) SaveEcsBearerToken(token string) error

SaveEcsBearerToken stores the token in the keyring

func (*KeyringStore) SaveEcsSslKeyPair added in v1.17.0 

func (kr *KeyringStore) SaveEcsSslKeyPair(privateKey, certChain []byte) error

SaveEcsSslKeyPair stores the private key and certificate chain in the keyring

func (*KeyringStore) SaveRegisterClientData 

func (kr *KeyringStore) SaveRegisterClientData(region string, client RegisterClientData) error

Save our RegisterClientData in the key chain

func (*KeyringStore) SaveRoleCredentials 

func (kr *KeyringStore) SaveRoleCredentials(arn string, token RoleCredentials) error

SaveRoleCredentials stores the token in the arnring

func (*KeyringStore) SaveStaticCredentials 

func (kr *KeyringStore) SaveStaticCredentials(arn string, creds StaticCredentials) error

SaveStaticCredentials stores the token in the arnring

type RegisterClientData 

type RegisterClientData struct {
	AuthorizationEndpoint string `json:"authorizationEndpoint,omitempty"`
	ClientId              string `json:"clientId"`
	ClientIdIssuedAt      int64  `json:"clientIdIssuedAt"`
	ClientSecret          string `json:"clientSecret"`
	ClientSecretExpiresAt int64  `json:"clientSecretExpiresAt"`
	TokenEndpoint         string `json:"tokenEndpoint,omitempty"`
}

this struct should be cached for long term if possible

func (*RegisterClientData) Expired 

func (r *RegisterClientData) Expired() bool

Expired returns true if it has expired or will in the next hour

type RoleCredentials 

type RoleCredentials struct {
	RoleName        string `json:"roleName"`
	AccountId       int64  `json:"accountId"`
	AccessKeyId     string `json:"accessKeyId"`
	SecretAccessKey string `json:"secretAccessKey"`
	SessionToken    string `json:"sessionToken"`
	Expiration      int64  `json:"expiration"` // not in seconds, but millisec
}

func (*RoleCredentials) AccountIdStr 

func (r *RoleCredentials) AccountIdStr() string

AccountIdStr returns our AccountId as a string

func (*RoleCredentials) ExpireEpoch 

func (r *RoleCredentials) ExpireEpoch() int64

ExpireEpoch return seconds since unix epoch when we expire

func (*RoleCredentials) ExpireString 

func (r *RoleCredentials) ExpireString() string

Return expire time in ISO8601 / RFC3339 format

func (*RoleCredentials) Expired 

func (r *RoleCredentials) Expired() bool

Expired returns if these role creds have expired or will expire in the next minute

func (*RoleCredentials) RoleArn 

func (r *RoleCredentials) RoleArn() string

RoleArn returns the ARN for the role

func (*RoleCredentials) Validate added in v1.13.1 

func (r *RoleCredentials) Validate() error

Validate ensures we have the necessary fields

type SecureStorage 

type SecureStorage interface {
	SaveRegisterClientData(string, RegisterClientData) error
	GetRegisterClientData(string, *RegisterClientData) error
	DeleteRegisterClientData(string) error

	SaveCreateTokenResponse(string, CreateTokenResponse) error
	GetCreateTokenResponse(string, *CreateTokenResponse) error
	DeleteCreateTokenResponse(string) error

	// Temporary STS creds
	SaveRoleCredentials(string, RoleCredentials) error
	GetRoleCredentials(string, *RoleCredentials) error
	DeleteRoleCredentials(string) error

	// Static API creds
	SaveStaticCredentials(string, StaticCredentials) error
	GetStaticCredentials(string, *StaticCredentials) error
	DeleteStaticCredentials(string) error
	ListStaticCredentials() []string

	// ECS Server Bearer Token
	SaveEcsBearerToken(string) error
	GetEcsBearerToken() (string, error)
	DeleteEcsBearerToken() error

	// ECS Server SSL Cert
	SaveEcsSslKeyPair([]byte, []byte) error
	DeleteEcsSslKeyPair() error
	GetEcsSslCert() (string, error)
	GetEcsSslKey() (string, error)
}

Define the interface for storing our AWS SSO data

type StartDeviceAuthData 

type StartDeviceAuthData struct {
	DeviceCode              string `json:"deviceCode"`
	UserCode                string `json:"userCode"`
	VerificationUri         string `json:"verificationUri"`
	VerificationUriComplete string `json:"verificationUriComplete"`
	ExpiresIn               int32  `json:"expiresIn"`
	Interval                int32  `json:"interval"`
}

type StaticCredentials 

type StaticCredentials struct {
	Profile         string            `json:"Profile" header:"Profile"`
	UserName        string            `json:"userName" header:"UserName"`
	AccountId       int64             `json:"accountId" header:"AccountId"`
	AccessKeyId     string            `json:"accessKeyId"`
	SecretAccessKey string            `json:"secretAccessKey"`
	Tags            map[string]string `json:"Tags" header:"Tags"`
}

func (*StaticCredentials) AccountIdStr 

func (sc *StaticCredentials) AccountIdStr() string

AccountIdStr returns our AccountId as a string

func (StaticCredentials) GetHeader 

func (sc StaticCredentials) GetHeader(fieldName string) (string, error)

GetHeader is required for GenerateTable()

func (*StaticCredentials) UserArn 

func (sc *StaticCredentials) UserArn() string

RoleArn returns the ARN for the role

type StorageData 

type StorageData struct {
	RegisterClientData  map[string]RegisterClientData
	CreateTokenResponse map[string]CreateTokenResponse
	RoleCredentials     map[string]RoleCredentials
	StaticCredentials   map[string]StaticCredentials
	EcsBearerToken      string
	EcsPrivateKey       string
	EcsCertChain        string
}

func NewStorageData 

func NewStorageData() StorageData

type Unmarshaler 

type Unmarshaler func([]byte, interface{}) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳