Documentation ¶
Overview ¶
Example (RoleDebugLogLevelDebug) ¶
p := new(AssumeRoleProvider) p.cfg = new(aws.Config).WithLogLevel(aws.LogDebug) p.log = aws.LoggerFunc(func(v ...interface{}) { fmt.Fprintln(os.Stdout, v...) }) p.debug("test")
Output: test
Example (RoleDebugLogLevelOff) ¶
p := new(AssumeRoleProvider) p.cfg = new(aws.Config) p.log = aws.NewDefaultLogger() p.debug("test")
Output:
Example (RoleDebugNilCfg) ¶
p := new(AssumeRoleProvider) p.debug("test")
Output:
Example (RoleDebugNoLog) ¶
p := new(AssumeRoleProvider) p.cfg = new(aws.Config).WithLogLevel(aws.LogDebug) p.debug("test")
Output:
Example (SessionDebugLogLevelDebug) ¶
p := new(SessionTokenProvider) p.cfg = new(aws.Config).WithLogLevel(aws.LogDebug) p.log = aws.LoggerFunc(func(v ...interface{}) { fmt.Fprintln(os.Stdout, v...) }) p.debug("test")
Output: test
Example (SessionDebugLogLevelOff) ¶
p := new(SessionTokenProvider) p.cfg = new(aws.Config) p.log = aws.NewDefaultLogger() p.debug("test")
Output:
Example (SessionDebugNilCfg) ¶
p := new(SessionTokenProvider) p.debug("test")
Output:
Example (SessionDebugNoLog) ¶
p := new(SessionTokenProvider) p.cfg = new(aws.Config).WithLogLevel(aws.LogDebug) p.debug("test")
Output:
Index ¶
- Constants
- func NewAssumeRoleCredentials(c client.ConfigProvider, roleArn string, options ...func(*AssumeRoleProvider)) *credentials.Credentials
- func NewSessionCredentials(c client.ConfigProvider, options ...func(*SessionTokenProvider)) *credentials.Credentials
- func StdinTokenProvider() (string, error)
- type AssumeRoleProvider
- type AwsIdentity
- type AwsIdentityManager
- type ErrMfaRequired
- type SessionTokenProvider
Examples ¶
Constants ¶
const ( // AssumeRoleProviderName is the name given to this AWS credential provider AssumeRoleProviderName = "AssumeRoleProvider" // AssumeRoleMinDuration is the minimum allowed Assume Role credential duration by the AWS API AssumeRoleMinDuration = 15 * time.Minute // AssumeRoleMaxDuration is the maximum allowed Assume Role credential duration by the AWS API AssumeRoleMaxDuration = 12 * time.Hour // AssumeRoleDefaultDuration is a sensible default value for Assume Role credential duration AssumeRoleDefaultDuration = 1 * time.Hour )
const ( // SessionTokenProviderName is the name given to this AWS credential provider SessionTokenProviderName = "SessionTokenProvider" // SessionTokenMinDuration is the minimum allowed Session Token credential duration by the AWS API SessionTokenMinDuration = 15 * time.Minute // SessionTokenMaxDuration is the maximum allowed Session Token credential duration by the AWS API SessionTokenMaxDuration = 36 * time.Hour // SessionTokenDefaultDuration is a sensible default value for Session Token credential duration SessionTokenDefaultDuration = 12 * time.Hour )
Variables ¶
This section is empty.
Functions ¶
func NewAssumeRoleCredentials ¶
func NewAssumeRoleCredentials(c client.ConfigProvider, roleArn string, options ...func(*AssumeRoleProvider)) *credentials.Credentials
NewAssumeRoleCredentials configures a default AssumeRoleProvider, and wraps it in an AWS credentials.Credentials object to allow Assume Role credential fetching. The default AssumeRoleProvides uses the specified client.ConfigProvider to create a new sts.STS client, and the provided roleArn as the role to assume; The credential duration is set to AssumeRoleDefaultDuration, and the ExpiryWindow is set to 10% of the duration value. A list of options can be provided to add configuration to the AssumeRoleProvider, such as overriding the Duration and ExpiryWindow, or specifying additional Assume Role configuration like MFA SerialNumber of ExternalID.
func NewSessionCredentials ¶
func NewSessionCredentials(c client.ConfigProvider, options ...func(*SessionTokenProvider)) *credentials.Credentials
NewSessionCredentials configures a default SessionTokenProvider, and wraps it in an AWS credentials.Credentials object to allow Session Token credential fetching. The default SessionTokenProvider uses the specified client.ConfigProvider to create a new sts.STS client, with the credential duration is set to SessionTokenDefaultDuration, and the ExpiryWindow is set to 10% of the duration value. A list of options can be provided to add configuration to the SessionTokenProvider, such as overriding the Duration and ExpiryWindow, or specifying additional configuration like MFA SerialNumber.
func StdinTokenProvider ¶
StdinTokenProvider will print a prompt to Stderr for a user to enter the MFA code
Types ¶
type AssumeRoleProvider ¶
type AssumeRoleProvider struct { credentials.Expiry RoleARN string RoleSessionName string ExternalID string Duration time.Duration SerialNumber string TokenCode string TokenProvider func() (string, error) ExpiryWindow time.Duration Cache cache.CredentialCacher // contains filtered or unexported fields }
AssumeRoleProvider is the type to provide settings to perform the Assume Role operation in the AWS API. This is purposely very similar to the AWS SDK AssumeRoleProvider, with the addition of an optional Cache to allow the ability to cache the credentials in order to limit API calls.
func (*AssumeRoleProvider) AssumeRole ¶
func (p *AssumeRoleProvider) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error)
AssumeRole implements the AssumeRoler interface, calling the AssumeRole method on the underlying client using the provided AssumeRoleInput
func (*AssumeRoleProvider) Retrieve ¶
func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error)
Retrieve implements the AWS credentials.Provider interface to return a set of Assume Role credentials. If the provider is configured to use a cache, it will be consulted to load the credentials. If the credentials are expired, the credentials will be refreshed, and stored back in the cache.
func (*AssumeRoleProvider) WithLogger ¶
func (p *AssumeRoleProvider) WithLogger(l aws.Logger) *AssumeRoleProvider
WithLogger configures a conforming Logger
type AwsIdentity ¶
type AwsIdentity struct { Identity *sts.GetCallerIdentityOutput IdentityType string UserName string }
AwsIdentity holds the identity information for a set of AWS credentials gathered via the sts.GetCallerIdentity API call
type AwsIdentityManager ¶
type AwsIdentityManager struct {
// contains filtered or unexported fields
}
AwsIdentityManager provides the facility to fetch AwsIdentity information for the caller
func NewAwsIdentityManager ¶
func NewAwsIdentityManager(c client.ConfigProvider) *AwsIdentityManager
NewAwsIdentityManager creates a new AWS Identity Manager using the given ConfigProvider/Session
func (*AwsIdentityManager) GetCallerIdentity ¶
func (m *AwsIdentityManager) GetCallerIdentity() (*AwsIdentity, error)
GetCallerIdentity calls the STS GetCallerIdentity function to retrieve the AWS identity information associated with the caller's credentials.
func (*AwsIdentityManager) WithLogger ¶
func (m *AwsIdentityManager) WithLogger(l aws.Logger) *AwsIdentityManager
WithLogger configures a conforming Logger
type ErrMfaRequired ¶
type ErrMfaRequired struct {
// contains filtered or unexported fields
}
ErrMfaRequired is the error returned when an MFA device is configured for the profile but no MFA code was supplied when requesting Session or Assume Role credentials.
func (*ErrMfaRequired) Error ¶
func (e *ErrMfaRequired) Error() string
Error is the implementation of the error interface for the ErrMfaRequired type
type SessionTokenProvider ¶
type SessionTokenProvider struct { credentials.Expiry Duration time.Duration SerialNumber string TokenCode string TokenProvider func() (string, error) ExpiryWindow time.Duration Cache cache.CredentialCacher // contains filtered or unexported fields }
SessionTokenProvider is the type to provide settings to perform the GetSessionToken operation in the AWS API. The provider borrows much from the AWS SDK AssumeRoleProvider as there is a number of common attributes between the two. An optional Cache provides the ability to cache the credentials in order to limit API calls.
func (*SessionTokenProvider) Retrieve ¶
func (s *SessionTokenProvider) Retrieve() (credentials.Value, error)
Retrieve implements the AWS credentials.Provider interface to return a set of Session Token credentials. If the provider is configured to use a cache, it will be consulted to load the credentials. If the credentials are expired, the credentials will be refreshed, and stored back in the cache.
func (*SessionTokenProvider) WithLogger ¶
func (s *SessionTokenProvider) WithLogger(l aws.Logger) *SessionTokenProvider
WithLogger configures a conforming Logger