token

package

v0.1.0 Latest Latest Go to latest Published: Nov 27, 2017 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/abhinavdahiya/authenticator

Links

Open Source Insights

Documentation ¶

Index ¶

func Get(serverID string) (string, error)
func GetWithRole(serverID string, roleARN string) (string, error)
type Identity
- func Verify(token string, serverID string) (*Identity, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Get ¶

func Get(serverID string) (string, error)

Get uses the directly available AWS credentials to return a token valid for serverID. It follows the default AWS credential handling behavior.

func GetWithRole ¶

func GetWithRole(serverID string, roleARN string) (string, error)

GetWithRole assumes the given AWS IAM role and returns a token valid for serverID. If roleARN is empty, behaves like Get (does not assume a role).

Types ¶

type Identity ¶

type Identity struct {
	// ARN is the raw Amazon Resource Name returned by sts:GetCallerIdentity
	ARN string

	// CanonicalARN is the Amazon Resource Name converted to a more canonical
	// representation. In particular, STS assumed role ARNs like
	// "arn:aws:sts::ACCOUNTID:assumed-role/ROLENAME/SESSIONNAME" are converted
	// to their IAM ARN equivalent "arn:aws:iam::ACCOUNTID:role/NAME"
	CanonicalARN string

	// AccountID is the 12 digit AWS account number.
	AccountID string

	// UserID is the unique user/role ID (e.g., "AROAAAAAAAAAAAAAAAAAA").
	UserID string

	// SessionName is the STS session name (or "" if this is not a
	// session-based identity). For EC2 instance roles, this will be the EC2
	// instance ID (e.g., "i-0123456789abcdef0"). You should only rely on it
	// if you trust that _only_ EC2 is allowed to assume the IAM Role. If IAM
	// users or other roles are allowed to assume the role, they can provide
	// (nearly) arbitrary strings here.
	SessionName string
}

Identity is returned on successful Verify() results. It contains a parsed version of the AWS identity used to create the token.

func Verify ¶

func Verify(token string, serverID string) (*Identity, error)

Verify a token is valid for the specified serverID. On success, returns an Identity that contains information about the AWS principal that created the token. On failure, returns nil and a non-nil error.

Source Files ¶

View all Source files

token.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL