Documentation ¶
Overview ¶
* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at https://mozilla.org/MPL/2.0/.
* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at https://mozilla.org/MPL/2.0/.
Index ¶
Constants ¶
const ( // A friendly message to show to the user when a requested duration exceeds the configured // maximum. DurationExceededMessage = "The requested duration exceeded the allowed maximum. Falling " + "back to 1 hour.\nTo update the maximum session duration you can use the following " + "command:\n\naws iam update-role --role-name <role_name> --max-session-duration " + "<duration>\n\nFor more information please refer to the AWS documentation:\n" + "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_modify.html" // The error message STS returns when attempting to assume a role with a duration longer than // the configured maximum for that role. ErrInvalidSessionDuration = "The requested DurationSeconds exceeds the MaxSessionDuration " + "set for this role." // A custom error which indicates that the requested duration exceeded the configured maximum. // TODO Replace this with a custom error type. ErrDurationExceeded = "DurationExceeded" )
Variables ¶
This section is empty.
Functions ¶
func WriteToFile ¶
func WriteToFile(c *Credentials, filename string, section string) error
WriteToFile writes credentials to an AWS CLI credentials file (https://docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html). In addition, this function removes expired temporary credentials from the credentials file.
func WriteToShell ¶
func WriteToShell(c *Credentials, windows bool, w io.Writer)
WriteToShell writes (prints) credentials to stdout. If windows is true, Windows syntax will be used.
Types ¶
type Credentials ¶
type Credentials struct { AccessKeyID string SecretAccessKey string SessionToken string Expiration time.Time }
Credentials represents a set of temporary credentials received from AWS STS (http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html).
func AssumeSAMLRole ¶
func AssumeSAMLRole(PrincipalArn, RoleArn, SAMLAssertion, awsRegion string, duration int32) (*Credentials, error)
AssumeSAMLRole assumes an AWS IAM role using a SAML assertion. In cases where the requested session duration is higher than the maximum allowed on AWS, STS returns a specific error message to indicate that. In this case we return a custom error to the caller to allow special handling such as retrying with a lower duration.
type Profile ¶
Profile represents an AWS profile
func GetValidCredentials ¶
GetValidCredentials returns profiles which have a aws_expiration key but are not yet expired.