iam

package

v0.0.0-...-32a82bd Latest Latest Go to latest Published: Dec 3, 2023 License: BSD-3-Clause Imports: 16 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jtblin/kube2iam

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func GetBaseArn() (string, error)
func GetEndpointFromRegion(region string) string
func GetInstanceIAMRole() (string, error)
func IsValidBaseARN(arn string) bool
func IsValidRegion(promisedLand string, regions *ec2.DescribeRegionsOutput) bool
type Client
- func NewClient(baseARN string, regional bool) *Client
type Credentials

Constants ¶

This section is empty.

Variables ¶

View Source

var ARNRegexp = regexp.MustCompile(`^arn:(\w|-)*:iam::\d+:role\/?(\w+|-|\/|\.)*$`)

ARNRegexp is the regex to check that the base ARN is valid, see http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns.

Functions ¶

func GetBaseArn ¶

func GetBaseArn() (string, error)

GetBaseArn get the base ARN from metadata service.

func GetEndpointFromRegion ¶

func GetEndpointFromRegion(region string) string

GetEndpointFromRegion forms a standard sts endpoint url given a region

func GetInstanceIAMRole ¶

func GetInstanceIAMRole() (string, error)

GetInstanceIAMRole get instance IAM role from metadata service.

func IsValidBaseARN ¶

func IsValidBaseARN(arn string) bool

IsValidBaseARN validates that the base ARN is valid.

func IsValidRegion ¶

func IsValidRegion(promisedLand string, regions *ec2.DescribeRegionsOutput) bool

IsValidRegion tests for a vaild region name

Types ¶

type Client ¶

type Client struct {
	BaseARN             string
	Endpoint            string
	UseRegionalEndpoint bool
}

Client represents an IAM client.

func NewClient ¶

func NewClient(baseARN string, regional bool) *Client

NewClient returns a new IAM client.

func (*Client) AssumeRole ¶

func (iam *Client) AssumeRole(roleARN, externalID string, remoteIP string, sessionTTL time.Duration) (*Credentials, error)

AssumeRole returns an IAM role Credentials using AWS STS.

func (*Client) GetInstanceId ¶

func (iam *Client) GetInstanceId() (string, error)

Get InstanceId for healthcheck

func (*Client) RoleARN ¶

func (iam *Client) RoleARN(role string) string

RoleARN returns the full iam role ARN.

type Credentials ¶

type Credentials struct {
	AccessKeyID     string `json:"AccessKeyId"`
	Code            string
	Expiration      string
	LastUpdated     string
	SecretAccessKey string
	Token           string
	Type            string
}

Credentials represent the security Credentials response.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL