credentials

package

v1.1.1 Latest Latest Go to latest Published: Sep 12, 2019 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mmmorris1975/aws-runas

Links

Open Source Insights

Documentation ¶

Overview ¶

Example (RoleDebugLogLevelDebug) ¶

p := new(AssumeRoleProvider)
p.cfg = new(aws.Config).WithLogLevel(aws.LogDebug)
p.log = aws.LoggerFunc(func(v ...interface{}) { fmt.Fprintln(os.Stdout, v...) })
p.debug("test")

Output:

test

Example (RoleDebugLogLevelOff) ¶

p := new(AssumeRoleProvider)
p.cfg = new(aws.Config)
p.log = aws.NewDefaultLogger()
p.debug("test")

Output:

Example (RoleDebugNilCfg) ¶

p := new(AssumeRoleProvider)
p.debug("test")

Output:

Example (RoleDebugNoLog) ¶

p := new(AssumeRoleProvider)
p.cfg = new(aws.Config).WithLogLevel(aws.LogDebug)
p.debug("test")

Output:

Example (SessionDebugLogLevelDebug) ¶

p := new(SessionTokenProvider)
p.cfg = new(aws.Config).WithLogLevel(aws.LogDebug)
p.log = aws.LoggerFunc(func(v ...interface{}) { fmt.Fprintln(os.Stdout, v...) })
p.debug("test")

Output:

test

Example (SessionDebugLogLevelOff) ¶

p := new(SessionTokenProvider)
p.cfg = new(aws.Config)
p.log = aws.NewDefaultLogger()
p.debug("test")

Output:

Example (SessionDebugNilCfg) ¶

p := new(SessionTokenProvider)
p.debug("test")

Output:

Example (SessionDebugNoLog) ¶

p := new(SessionTokenProvider)
p.cfg = new(aws.Config).WithLogLevel(aws.LogDebug)
p.debug("test")

Output:

Index ¶

Constants
func NewAssumeRoleCredentials(c client.ConfigProvider, roleArn string, options ...func(*AssumeRoleProvider)) *credentials.Credentials
func NewSessionCredentials(c client.ConfigProvider, options ...func(*SessionTokenProvider)) *credentials.Credentials
func StdinTokenProvider() (string, error)
type AssumeRoleProvider
type AwsIdentity
type AwsIdentityManager
- func NewAwsIdentityManager(c client.ConfigProvider) *AwsIdentityManager
- func (m *AwsIdentityManager) GetCallerIdentity() (*AwsIdentity, error)
- func (m *AwsIdentityManager) WithLogger(l aws.Logger) *AwsIdentityManager
type ErrMfaRequired
- func (e *ErrMfaRequired) Error() string
type SessionTokenProvider
- func (s *SessionTokenProvider) Retrieve() (credentials.Value, error)
- func (s *SessionTokenProvider) WithLogger(l aws.Logger) *SessionTokenProvider

Constants ¶

View Source

const (
	// AssumeRoleProviderName is the name given to this AWS credential provider
	AssumeRoleProviderName = "AssumeRoleProvider"
	// AssumeRoleMinDuration is the minimum allowed Assume Role credential duration by the AWS API
	AssumeRoleMinDuration = 15 * time.Minute
	// AssumeRoleMaxDuration is the maximum allowed Assume Role credential duration by the AWS API
	AssumeRoleMaxDuration = 12 * time.Hour
	// AssumeRoleDefaultDuration is a sensible default value for Assume Role credential duration
	AssumeRoleDefaultDuration = 1 * time.Hour
)

View Source

const (
	// SessionTokenProviderName is the name given to this AWS credential provider
	SessionTokenProviderName = "SessionTokenProvider"
	// SessionTokenMinDuration is the minimum allowed Session Token credential duration by the AWS API
	SessionTokenMinDuration = 15 * time.Minute
	// SessionTokenMaxDuration is the maximum allowed Session Token credential duration by the AWS API
	SessionTokenMaxDuration = 36 * time.Hour
	// SessionTokenDefaultDuration is a sensible default value for Session Token credential duration
	SessionTokenDefaultDuration = 12 * time.Hour
)

Variables ¶

This section is empty.

Functions ¶

func NewAssumeRoleCredentials ¶

func NewAssumeRoleCredentials(c client.ConfigProvider, roleArn string, options ...func(*AssumeRoleProvider)) *credentials.Credentials

NewAssumeRoleCredentials configures a default AssumeRoleProvider, and wraps it in an AWS credentials.Credentials object to allow Assume Role credential fetching. The default AssumeRoleProvides uses the specified client.ConfigProvider to create a new sts.STS client, and the provided roleArn as the role to assume; The credential duration is set to AssumeRoleDefaultDuration, and the ExpiryWindow is set to 10% of the duration value. A list of options can be provided to add configuration to the AssumeRoleProvider, such as overriding the Duration and ExpiryWindow, or specifying additional Assume Role configuration like MFA SerialNumber of ExternalID.

func NewSessionCredentials ¶

func NewSessionCredentials(c client.ConfigProvider, options ...func(*SessionTokenProvider)) *credentials.Credentials

NewSessionCredentials configures a default SessionTokenProvider, and wraps it in an AWS credentials.Credentials object to allow Session Token credential fetching. The default SessionTokenProvider uses the specified client.ConfigProvider to create a new sts.STS client, with the credential duration is set to SessionTokenDefaultDuration, and the ExpiryWindow is set to 10% of the duration value. A list of options can be provided to add configuration to the SessionTokenProvider, such as overriding the Duration and ExpiryWindow, or specifying additional configuration like MFA SerialNumber.

func StdinTokenProvider ¶

func StdinTokenProvider() (string, error)

StdinTokenProvider will print a prompt to Stderr for a user to enter the MFA code

Types ¶

type AssumeRoleProvider ¶

type AssumeRoleProvider struct {
	credentials.Expiry

	RoleARN         string
	RoleSessionName string
	ExternalID      string
	Duration        time.Duration
	SerialNumber    string
	TokenCode       string
	TokenProvider   func() (string, error)
	ExpiryWindow    time.Duration
	Cache           cache.CredentialCacher
	// contains filtered or unexported fields
}

AssumeRoleProvider is the type to provide settings to perform the Assume Role operation in the AWS API. This is purposely very similar to the AWS SDK AssumeRoleProvider, with the addition of an optional Cache to allow the ability to cache the credentials in order to limit API calls.

func (*AssumeRoleProvider) AssumeRole ¶

func (p *AssumeRoleProvider) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error)

AssumeRole implements the AssumeRoler interface, calling the AssumeRole method on the underlying client using the provided AssumeRoleInput

func (*AssumeRoleProvider) Retrieve ¶

func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error)

Retrieve implements the AWS credentials.Provider interface to return a set of Assume Role credentials. If the provider is configured to use a cache, it will be consulted to load the credentials. If the credentials are expired, the credentials will be refreshed, and stored back in the cache.

func (*AssumeRoleProvider) WithLogger ¶

func (p *AssumeRoleProvider) WithLogger(l aws.Logger) *AssumeRoleProvider

WithLogger configures a conforming Logger

type AwsIdentity ¶

type AwsIdentity struct {
	Identity     *sts.GetCallerIdentityOutput
	IdentityType string
	UserName     string
}

AwsIdentity holds the identity information for a set of AWS credentials gathered via the sts.GetCallerIdentity API call

type AwsIdentityManager ¶

type AwsIdentityManager struct {
	// contains filtered or unexported fields
}

AwsIdentityManager provides the facility to fetch AwsIdentity information for the caller

func NewAwsIdentityManager ¶

func NewAwsIdentityManager(c client.ConfigProvider) *AwsIdentityManager

NewAwsIdentityManager creates a new AWS Identity Manager using the given ConfigProvider/Session

func (*AwsIdentityManager) GetCallerIdentity ¶

func (m *AwsIdentityManager) GetCallerIdentity() (*AwsIdentity, error)

GetCallerIdentity calls the STS GetCallerIdentity function to retrieve the AWS identity information associated with the caller's credentials.

func (*AwsIdentityManager) WithLogger ¶

func (m *AwsIdentityManager) WithLogger(l aws.Logger) *AwsIdentityManager

WithLogger configures a conforming Logger

type ErrMfaRequired ¶

type ErrMfaRequired struct {
	// contains filtered or unexported fields
}

ErrMfaRequired is the error returned when an MFA device is configured for the profile but no MFA code was supplied when requesting Session or Assume Role credentials.

func (*ErrMfaRequired) Error ¶

func (e *ErrMfaRequired) Error() string

Error is the implementation of the error interface for the ErrMfaRequired type

type SessionTokenProvider ¶

type SessionTokenProvider struct {
	credentials.Expiry

	Duration      time.Duration
	SerialNumber  string
	TokenCode     string
	TokenProvider func() (string, error)
	ExpiryWindow  time.Duration
	Cache         cache.CredentialCacher
	// contains filtered or unexported fields
}

SessionTokenProvider is the type to provide settings to perform the GetSessionToken operation in the AWS API. The provider borrows much from the AWS SDK AssumeRoleProvider as there is a number of common attributes between the two. An optional Cache provides the ability to cache the credentials in order to limit API calls.

func (*SessionTokenProvider) Retrieve ¶

func (s *SessionTokenProvider) Retrieve() (credentials.Value, error)

Retrieve implements the AWS credentials.Provider interface to return a set of Session Token credentials. If the provider is configured to use a cache, it will be consulted to load the credentials. If the credentials are expired, the credentials will be refreshed, and stored back in the cache.

func (*SessionTokenProvider) WithLogger ¶

func (s *SessionTokenProvider) WithLogger(l aws.Logger) *SessionTokenProvider

WithLogger configures a conforming Logger

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL