Documentation ¶
Index ¶
- Variables
- func GetRequestID(resp *http.Response) string
- type AccountDetails
- type AccountRole
- type AccountsResponse
- type AccountsResponseInt
- type AddRoleMachineIdentityRequest
- type AlksError
- type AlksResponseError
- type AllIamUsersResponseType
- type AuthInjecter
- type BaseIamUserResponse
- type BaseResponse
- type Basic
- type Bearer
- type Client
- func NewBearerTokenClient(url string, bearerToken string, account string, role string) (*Client, error)
- func NewClient(url string, username string, password string, account string, role string) (*Client, error)
- func NewSTSClient(url string, accessKey string, secretKey string, token string) (*Client, error)
- func (c *Client) AddRoleMachineIdentity(roleARN string) (*MachineIdentityResponse, *AlksError)
- func (c *Client) CreateIamRole(options *CreateIamRoleOptions) (*IamRoleResponse, *AlksError)
- func (c *Client) CreateIamSession() (*SessionResponse, *AlksError)
- func (c *Client) CreateIamTrustRole(options *CreateIamRoleOptions) (*IamRoleResponse, *AlksError)
- func (c *Client) CreateIamUser(options *IamUserOptions) (*CreateIamUserResponse, *AlksError)
- func (c *Client) CreateSession(sessionDuration int, useIAM bool) (*SessionResponse, *AlksError)
- func (c *Client) DeleteIamRole(id string) *AlksError
- func (c *Client) DeleteIamUser(iamUsername string) (*DeleteIamUserResponse, *AlksError)
- func (c *Client) DeleteRoleMachineIdentity(roleARN string) (*MachineIdentityResponse, *AlksError)
- func (c *Client) Durations() ([]int, error)
- func (c *Client) GetAccounts() (*AccountsResponse, *AlksError)
- func (c *Client) GetIamRole(roleName string) (*GetIamRoleResponse, *AlksError)
- func (c *Client) GetIamUser(iamUsername string) (*GetIamUserResponse, *AlksError)
- func (c *Client) GetIamUsers() (*GetIamUsersResponse, *AlksError)
- func (c *Client) GetLoginRole() (*LoginRoleResponse, *AlksError)
- func (c *Client) GetMyLoginRole() (*LoginRoleResponse, *AlksError)
- func (c *Client) IsIamEnabled(roleArn string) (*IsIamEnabledResponse, *AlksError)
- func (c *Client) IsUsingSTSCredentials() bool
- func (c *Client) NewRequest(json []byte, method string, endpoint string) (*http.Request, error)
- func (c *Client) SearchRoleMachineIdentity(roleARN string) (*MachineIdentityResponse, *AlksError)
- func (c *Client) SetUserAgent(userAgent string)
- func (c *Client) UpdateIamRole(options *UpdateIamRoleRequest) (*UpdateIamRoleResponse, *AlksError)
- func (c *Client) UpdateIamUser(options *IamUserOptions) (*UpdateIamUserResponse, *AlksError)
- type CreateIamRoleOptions
- type CreateIamUserApiResponse
- type CreateIamUserRequest
- type CreateIamUserResponse
- type DeleteIamUserRequest
- type DeleteIamUserResponse
- type DeleteRoleMachineIdentityRequest
- type DeleteRoleRequest
- type DeleteRoleResponse
- type GetIamRoleResponse
- type GetIamUserResponse
- type GetIamUsersResponse
- type GetRoleRequest
- type IamRoleRequest
- type IamRoleResponse
- type IamUser
- type IamUserOptions
- type IsIamEnabledRequest
- type IsIamEnabledResponse
- type LoginRole
- type LoginRoleResponse
- type MachineIdentityResponse
- type STS
- type SearchRoleMachineIdentityRequest
- type SessionRequest
- type SessionResponse
- type SkypieaAccount
- type Tag
- type UpdateIamRoleRequest
- type UpdateIamRoleResponse
- type UpdateIamUserRequest
- type UpdateIamUserResponse
Constants ¶
This section is empty.
Variables ¶
var AlksResponsErrorStrings = "ALKS Errors: %s \nContact the ALKS Team for assistance on Slack at #alks-client-support"
var ErrorStringFull = "[%s] ALKS Error %d Msg: %s\n Contact the ALKS Team for assistance on Slack at #alks-client-support"
var ErrorStringNoReqId = "ALKS Error %d Msg: %s\n Contact the ALKS Team for assistance on Slack at #alks-client-support"
var ErrorStringOnlyCode = "ALKS Error %d\n Contact the ALKS Team for assistance on Slack at #alks-client-support"
var ErrorStringOnlyCodeAndReqId = "[%s] ALKS Error %d\n Contact the ALKS Team for assistance on Slack at #alks-client-support"
var GenericAlksError = "ALKS Errors: Contact the ALKS Team for assistance on Slack at #alks-client-support"
var ParseError = "Error parsing ALKS Error response: %s"
var ParseErrorReqId = "[%s] Error parsing ALKS Error response: %s"
Functions ¶
func GetRequestID ¶
GetRequestID returns the ALKS Request ID Header if present or ""
Types ¶
type AccountDetails ¶
type AccountDetails struct { Account string `json:"account,omitempty"` Role string `json:"role,omitempty"` }
AccountDetails represents the callers Account and Role information for ALKS requests
func (AccountDetails) GetAccountDesc ¶
func (a AccountDetails) GetAccountDesc() (string, error)
GetAccountDesc parses the Account provided in AccountDetails and returns the account description if present
func (AccountDetails) GetAccountNumber ¶
func (a AccountDetails) GetAccountNumber() (string, error)
GetAccountNumber parses the Account provided in AccountDetails and returns the account number if present
func (AccountDetails) GetRoleName ¶
func (a AccountDetails) GetRoleName(stripPrefix bool) (string, error)
GetRoleName returns the AccountDetails Role or parses the role value from the Account
type AccountRole ¶
type AccountRole struct { Account string `json:"account"` Role string `json:"role"` IamActive bool `json:"iamKeyActive"` SkypieaAccount SkypieaAccount `json:"skypieaAccount"` }
AccountRole is used to represent an ALKS account and role combination
type AccountsResponse ¶
type AccountsResponse struct {
Accounts []AccountRole `json:"accountListRole"`
}
AccountsResponse is used to represent a collection of ALKS accounts
type AccountsResponseInt ¶
type AccountsResponseInt struct { BaseResponse Accounts map[string][]AccountRole `json:"accountListRole"` }
AccountsResponseInt is used internally to represent a collection of ALKS accounts
type AddRoleMachineIdentityRequest ¶
type AddRoleMachineIdentityRequest struct {
RoleARN string `json:"roleARN"`
}
AddRoleMachineIdentityRequest is used to represent a request for adding a machine identity for a IamRole
type AlksResponseError ¶
type AllIamUsersResponseType ¶
type AllIamUsersResponseType struct { UserName string `json:"userName"` AccessKeyID string `json:"accessKeyId"` Status string `json:"status"` CreateDate string `json:"createDate"` }
AllIamUsersResponseType represents iamUser returned by ltks endpoint
type AuthInjecter ¶
AuthInjecter is the interface that wraps the InjectAuth method.
Implementations are expect to add their authentication data to request without destroying existing data (if any) and should implement fallbacks when possible. Failing that, an error should be reported to the caller.
type BaseIamUserResponse ¶
type BaseIamUserResponse struct { Action string `json:"action,omitempty"` AddedIAMUserToGroup bool `json:"addedIAMUserToGroup,omitempty"` PartialError bool `json:"partialError,omitempty"` }
BaseIamUserResponse encapsulates shared response fields
type BaseResponse ¶
type BaseResponse struct { StatusMessage string `json:"statusMessage,omitempty"` Errors []string `json:"errors,omitempty"` RequestID string `json:"requestId,omitempty"` }
BaseResponse represents basic fields included in all ALKS REST API responses
func (BaseResponse) GetErrors ¶
func (b BaseResponse) GetErrors() []string
GetErrors returns a list of error messages from an ALKS response
func (BaseResponse) RequestFailed ¶
func (b BaseResponse) RequestFailed() bool
RequestFailed returns a boolean indicating if an ALKS response contained an error
type Bearer ¶
type Bearer struct {
Token string `json:"-"`
}
Bearer represents an Okta bearer token in the configuration of the ALKS client
type Client ¶
type Client struct { Credentials AuthInjecter AccountDetails AccountDetails BaseURL string // contains filtered or unexported fields }
Client represents an ALKS client and contains the account info and base url.
func NewBearerTokenClient ¶
func NewBearerTokenClient(url string, bearerToken string, account string, role string) (*Client, error)
NewBearerTokenClient will create a new instance of the ALKS Client using Okta Bearer Token auth.
func NewClient ¶
func NewClient(url string, username string, password string, account string, role string) (*Client, error)
NewClient will create a new instance of the ALKS Client. If you don't yet know the account/role pass them as nil and then invoke GetAccounts().
func NewSTSClient ¶
NewSTSClient will create a new instance of the ALKS Client using STS tokens.
func (*Client) AddRoleMachineIdentity ¶
func (c *Client) AddRoleMachineIdentity(roleARN string) (*MachineIdentityResponse, *AlksError)
AddRoleMachineIdentity enable machine identity for a IamRole. If no error is returned then you will receieve the arn for the machine identity that was created.
func (*Client) CreateIamRole ¶
func (c *Client) CreateIamRole(options *CreateIamRoleOptions) (*IamRoleResponse, *AlksError)
CreateIamRole will create a new IAM role in AWS. If no error is returned then you will receive a IamRoleResponse object representing the new role.
func (*Client) CreateIamSession ¶
func (c *Client) CreateIamSession() (*SessionResponse, *AlksError)
CreateIamSession creates a new IAM STS session. If no error is returned then you will received a IamSessionResponse object containing your session keys.
func (*Client) CreateIamTrustRole ¶
func (c *Client) CreateIamTrustRole(options *CreateIamRoleOptions) (*IamRoleResponse, *AlksError)
CreateIamTrustRole will create a new IAM trust role on AWS. If no error is returned then you will receive a IamRoleResponse object representing the new role.
func (*Client) CreateIamUser ¶
func (c *Client) CreateIamUser(options *IamUserOptions) (*CreateIamUserResponse, *AlksError)
CreateIamUser creates an iamUser and secret key for an account. If no error is returned, then you will receive an appropriate success message.
func (*Client) CreateSession ¶
func (c *Client) CreateSession(sessionDuration int, useIAM bool) (*SessionResponse, *AlksError)
CreateSession will create a new STS session on AWS. If no error is returned then you will receive a SessionResponse object representing your STS session.
func (*Client) DeleteIamRole ¶
DeleteIamRole will delete an existing IAM role from AWS. If no error is returned then the deletion was successful.
func (*Client) DeleteIamUser ¶
func (c *Client) DeleteIamUser(iamUsername string) (*DeleteIamUserResponse, *AlksError)
DeleteIamUser deletes an LTK user for an account. If no error is returned, then you will receive an appropriate success message.
func (*Client) DeleteRoleMachineIdentity ¶
func (c *Client) DeleteRoleMachineIdentity(roleARN string) (*MachineIdentityResponse, *AlksError)
DeleteRoleMachineIdentity disable machine identity for a IamRole. If no error is returned then you will receieve the arn for the machine identity that was deleted.
func (*Client) GetAccounts ¶
func (c *Client) GetAccounts() (*AccountsResponse, *AlksError)
GetAccounts return a list of AccountRoles for an AWS account
func (*Client) GetIamRole ¶
func (c *Client) GetIamRole(roleName string) (*GetIamRoleResponse, *AlksError)
GetIamRole will request the details about an existing IAM role on AWS. If no error is returned then you will received a IamRoleResponse object representing the existing role. If the role does not exist the IamRoleResponse object will also be nil.
func (*Client) GetIamUser ¶
func (c *Client) GetIamUser(iamUsername string) (*GetIamUserResponse, *AlksError)
GetIamUser gets a single LTK for an account If no error is returned, then you will receive an LTK for the given account.
func (*Client) GetIamUsers ¶
func (c *Client) GetIamUsers() (*GetIamUsersResponse, *AlksError)
GetIamUsers gets the LTKs for an account If no error is returned then you will receive a list of LTKs
func (*Client) GetLoginRole ¶
func (c *Client) GetLoginRole() (*LoginRoleResponse, *AlksError)
GetLoginRole returns the login role corresponding to the current account and role stored in AccountDetails
func (*Client) GetMyLoginRole ¶
func (c *Client) GetMyLoginRole() (*LoginRoleResponse, *AlksError)
GetMyLoginRole returns the LoginRole corresponding to the clients current STS credentials
func (*Client) IsIamEnabled ¶
func (c *Client) IsIamEnabled(roleArn string) (*IsIamEnabledResponse, *AlksError)
IsIamEnabled will check if a MI, AccountDetails, or STS assumed role is IAM active or not.
func (*Client) IsUsingSTSCredentials ¶
IsUsingSTSCredentials returns a boolean indicating if the client was configured using AWS STS Credentials for authentication
func (*Client) NewRequest ¶
NewRequest will create a new request object for API requests.
func (*Client) SearchRoleMachineIdentity ¶
func (c *Client) SearchRoleMachineIdentity(roleARN string) (*MachineIdentityResponse, *AlksError)
SearchRoleMachineIdentity searches for a machine identity for a given roleARN If no error is returned then you will receive the arn of the machine identity for the given roleARN
func (*Client) SetUserAgent ¶
SetUserAgent sets the client user agent in order to report tool details to ALKS
func (*Client) UpdateIamRole ¶
func (c *Client) UpdateIamRole(options *UpdateIamRoleRequest) (*UpdateIamRoleResponse, *AlksError)
Updates an IAM role with the given options.
func (*Client) UpdateIamUser ¶
func (c *Client) UpdateIamUser(options *IamUserOptions) (*UpdateIamUserResponse, *AlksError)
type CreateIamRoleOptions ¶
type CreateIamUserApiResponse ¶
type CreateIamUserApiResponse struct { IAMUserName string `json:"iamUserName"` IAMUserArn string `json:"iamUserArn"` AccessKey string `json:"accessKey"` SecretKey string `json:"secretKey"` }
CreateIamUserApiResponse represents the response from API
type CreateIamUserRequest ¶
type CreateIamUserRequest struct { AccountDetails IamUserName string `json:"iamUserName"` Tags []Tag `json:"tags,omitempty"` }
func NewCreateIamUserRequest ¶
func NewCreateIamUserRequest(options *IamUserOptions) (*CreateIamUserRequest, error)
type CreateIamUserResponse ¶
type CreateIamUserResponse struct { AccountDetails BaseResponse BaseIamUserResponse CreateIamUserApiResponse }
CreateIamUserResponse is the response to the CLI client
type DeleteIamUserRequest ¶
type DeleteIamUserRequest struct { AccountDetails IamUserName string `json:"iamUserName"` }
DeleteIamUserRequest is used to represent the request body to delete LTKs
type DeleteIamUserResponse ¶
type DeleteIamUserResponse struct { AccountDetails BaseResponse BaseIamUserResponse }
type DeleteRoleMachineIdentityRequest ¶
type DeleteRoleMachineIdentityRequest struct {
RoleARN string `json:"roleARN"`
}
DeleteRoleMachineIdentityRequest is used to represent a request for deleteing a machine identity for a IamRole
type DeleteRoleRequest ¶
type DeleteRoleRequest struct {
RoleName string `json:"roleName"`
}
DeleteRoleRequest is sued to represent a request for deleting an existing IAM role based on the role's name.
type DeleteRoleResponse ¶
type DeleteRoleResponse struct { BaseResponse RoleName string `json:"roleName"` Status string `json:"roleArn"` }
DeleteRoleResponse is used to represent the results of a IAM role deletion request.
type GetIamRoleResponse ¶
type GetIamRoleResponse struct { BaseResponse RoleName string `json:"roleName"` RoleType string `json:"roleType"` TrustPolicy map[string]interface{} `json:"trustPolicy"` RoleArn string `json:"roleArn"` RoleIPArn string `json:"instanceProfileArn"` RoleAddedToIP bool `json:"addedRoleToInstanceProfile"` Exists bool `json:"roleExists"` AlksAccess bool `json:"machineIdentity"` Tags []Tag `json:"tags"` MaxSessionDurationInSeconds int `json:"maxSessionDurationInSeconds"` }
GetIamRoleResponse is used to represent a a IAM Role.
type GetIamUserResponse ¶
type GetIamUserResponse struct { BaseResponse User IamUser `json:"item"` }
GetIamUserResponse is used to represent a single long term key.
type GetIamUsersResponse ¶
type GetIamUsersResponse struct { BaseResponse IamUsers []AllIamUsersResponseType `json:"longTermKeys"` }
GetIamUsersResponse is used to represent the list of long term keys
type GetRoleRequest ¶
type GetRoleRequest struct {
RoleName string `json:"roleName"`
}
GetRoleRequest is used to represent a request for details about a specific role based on the role's name.
type IamRoleRequest ¶
type IamRoleRequest struct { RoleName string `json:"roleName"` RoleType string `json:"roleType,omitempty"` TrustPolicy map[string]interface{} `json:"trustPolicy,omitempty"` IncDefPols int `json:"includeDefaultPolicy,omitempty"` AlksAccess bool `json:"enableAlksAccess,omitempty"` TrustArn string `json:"trustArn,omitempty"` TemplateFields map[string]string `json:"templateFields,omitempty"` MaxSessionDurationInSeconds int `json:"maxSessionDurationInSeconds,omitempty"` Tags []Tag `json:"tags,omitempty"` }
IamRoleRequest is used to represent a new IAM Role request.
func NewIamRoleRequest ¶
func NewIamRoleRequest(options *CreateIamRoleOptions) (*IamRoleRequest, error)
Creates a new IamRoleRequest object from options
type IamRoleResponse ¶
type IamRoleResponse struct { BaseResponse RoleName string `json:"roleName"` RoleType string `json:"roleType"` TrustPolicy map[string]interface{} `json:"trustPolicy"` RoleArn string `json:"roleArn"` RoleIPArn string `json:"instanceProfileArn"` RoleAddedToIP bool `json:"addedRoleToInstanceProfile"` Exists bool `json:"roleExists"` TemplateFields map[string]string `json:"templateFields,omitempty"` MaxSessionDurationInSeconds int `json:"maxSessionDurationInSeconds"` }
IamRoleResponse is used to represent a a IAM Role.
type IamUser ¶
type IamUser struct { ARN string `json:"arn"` AccountId string `json:"accountId"` UserName string `json:"userName"` AccessKey string `json:"accessKey"` Tags []Tag `json:"tags"` }
Represents iamUser returned by iam-user endpoint
type IamUserOptions ¶
Used as options for create and update iamUser
type IsIamEnabledRequest ¶
type IsIamEnabledRequest struct { AccountDetails RoleArn string `json:"roleArn,omitempty"` }
type IsIamEnabledResponse ¶
type IsIamEnabledResponse struct { BaseResponse AccountDetails RoleArn string `json:"roleArn"` IamEnabled bool `json:"iamEnabled"` }
IsIamEnabledResponse is used to represent a role that's IAM active or not.
type LoginRole ¶
type LoginRole struct { Account string `json:"account"` IamKeyActive bool `json:"iamKeyActive"` MaxKeyDuration int `json:"maxKeyDuration"` Role string `json:"role"` }
LoginRole represents information about a login role
type LoginRoleResponse ¶
type LoginRoleResponse struct { BaseResponse LoginRole LoginRole `json:"loginRole"` }
LoginRoleResponse represents the response from ALKS containing information about a login role
type MachineIdentityResponse ¶
type MachineIdentityResponse struct { BaseResponse MachineIdentityArn string `json:"machineIdentityArn"` }
MachineIdentityResponse is used to represent the results of a add machine identity or delete machine identity request.
type STS ¶
type STS struct { AccessKey string `json:"-"` SecretKey string `json:"-"` SessionToken string `json:"-"` }
STS represents AWS STS credentials in the configuration of the ALKS client
type SearchRoleMachineIdentityRequest ¶
type SearchRoleMachineIdentityRequest struct {
RoleARN string `json:"roleARN"`
}
SearchRoleMachineIdentityRequest is used to represent a request for searching a machine identity for a given IamRole arn
type SessionRequest ¶
type SessionRequest struct {
SessionDuration int `json:"sessionTime"`
}
SessionRequest is used to represent a new STS session request.
type SessionResponse ¶
type SessionResponse struct { BaseResponse AccessKey string `json:"accessKey"` SecretKey string `json:"secretKey"` SessionToken string `json:"sessionToken"` SessionDuration int `json:"sessionDuration"` Expires time.Time `json:"expires"` }
SessionResponse is used to represent a new STS session.
type SkypieaAccount ¶
type SkypieaAccount struct { Account string `json:"Account"` Alias string `json:"alias"` Label string `json:"label"` }
SkypieaAccount is used to represent Skypiea data
type UpdateIamRoleRequest ¶
type UpdateIamRoleResponse ¶
type UpdateIamRoleResponse struct { BaseResponse RoleArn *string `json:"roleArn"` RoleName *string `json:"roleName"` BasicAuth *bool `json:"basicAuthUsed"` Exists *bool `json:"roleExists"` RoleIPArn *string `json:"instanceProfileArn"` MachineIdentity *bool `json:"isMachineIdentity"` Tags *[]Tag `json:"tags"` }
type UpdateIamUserRequest ¶
type UpdateIamUserRequest struct { User struct { Tags []Tag `json:"tags"` } `json:"user"` }
func NewUpdateIamUserRequest ¶
func NewUpdateIamUserRequest(options *IamUserOptions) (*UpdateIamUserRequest, error)
type UpdateIamUserResponse ¶
type UpdateIamUserResponse struct { BaseResponse User IamUser `json:"item"` }