Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Generator ¶
type Generator struct {
// contains filtered or unexported fields
}
Generator provides a token generating functionality using a signed STS CallerIdentity call.
func NewGenerator ¶
func NewGenerator(client api.STSPresigner, clock credentials.Clock) Generator
func (Generator) GetWithSTS ¶
func (g Generator) GetWithSTS(ctx context.Context, clusterID string) (Token, error)
GetWithSTS returns a token valid for clusterID using the given STS client. This implementation follows the steps outlined here: https://github.com/kubernetes-sigs/aws-iam-authenticator#api-authorization-from-outside-a-cluster We either add this implementation or have to maintain two versions of STS since aws-iam-authenticator is not switching over to aws-go-sdk-v2.
type Token ¶
type Token struct {
Token string
Expiration time.Time
}
Token is generated and used by Kubernetes client-go to authenticate with a Kubernetes cluster.
type TokenGenerator ¶
type TokenGenerator interface {
GetWithSTS(ctx context.Context, clusterID string) (Token, error)
}
TokenGenerator defines a token generator using STS.
type TokenSource ¶
type TokenSource struct {
// ClusterID represents the cluster ID.
ClusterID string
// TokenGenerator is used to generate the token.
TokenGenerator TokenGenerator
// Leeway allows refreshing the token before its expiry.
Leeway time.Duration
}
TokenSource implements oauth2.TokenSource.
Source Files
Click to show internal directories.
Click to hide internal directories.