Documentation
¶
Index ¶
- func GetCredentials(role string, ipRestrict bool, assumeRole []string, region string) (*aws.Credentials, error)
- func GetCredentialsC(client HTTPClient, role string, ipRestrict bool, assumeRole []string) (*aws.Credentials, error)
- type Client
- func (c *Client) CloseIdleConnections()
- func (c *Client) GenericGet(resource string, apiPrefix string) (map[string]json.RawMessage, error)
- func (c *Client) GenericPost(resource string, apiPrefix string, b *bytes.Buffer) (map[string]json.RawMessage, error)
- func (c *Client) GetAccounts(query string) ([]ConsolemeAccountDetails, error)
- func (c *Client) GetResourceURL(arn string) (string, error)
- func (c *Client) GetRoleCredentials(role string, ipRestrict bool) (*aws.Credentials, error)
- func (c *Client) GetRolesInAccount(query string, accountNumber string) ([]ConsolemeRolesResponse, error)
- func (c *Client) Roles() ([]string, error)
- func (c *Client) RolesExtended() ([]ConsolemeRolesResponse, error)
- type ClientMock
- type ConsoleMeCredentialRequestMetadata
- type ConsolemeAccountDetails
- type ConsolemeAppDetails
- type ConsolemeCredentialErrorMessageType
- type ConsolemeCredentialRequestType
- type ConsolemeCredentialResponseType
- type ConsolemeResourceSearchResponseElement
- type ConsolemeRolesResponse
- type ConsolemeWebResponse
- type CredentialProcess
- type Credentials
- type HTTPClient
- type RefreshableProvider
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetCredentials ¶
func GetCredentials(role string, ipRestrict bool, assumeRole []string, region string) (*aws.Credentials, error)
GetCredentials requests credentials from ConsoleMe then follows the provided chain of roles to assume. Roles are assumed in the order in which they appear in the assumeRole slice.
func GetCredentialsC ¶
func GetCredentialsC(client HTTPClient, role string, ipRestrict bool, assumeRole []string) (*aws.Credentials, error)
GetCredentialsC uses the provided Client to request credentials from ConsoleMe then follows the provided chain of roles to assume. Roles are assumed in the order in which they appear in the assumeRole slice.
Types ¶
type Client ¶
Client represents a ConsoleMe client.
func NewClient ¶
NewClient takes a ConsoleMe hostname and *http.Client, and returns a ConsoleMe client that will talk to that ConsoleMe instance for AWS Credentials.
func (*Client) CloseIdleConnections ¶
func (c *Client) CloseIdleConnections()
CloseIdleConnections calls CloseIdleConnections() on the client's HTTP transport.
func (*Client) GenericGet ¶ added in v0.3.15
GenericGet makes a GET request to the request URL
func (*Client) GenericPost ¶ added in v0.3.18
func (c *Client) GenericPost(resource string, apiPrefix string, b *bytes.Buffer) (map[string]json.RawMessage, error)
GenericPost makes a POST request to the request URL
func (*Client) GetAccounts ¶ added in v0.3.15
func (c *Client) GetAccounts(query string) ([]ConsolemeAccountDetails, error)
func (*Client) GetResourceURL ¶
GetResourceURL gets resource URL from ConsoleMe given an ARN
func (*Client) GetRoleCredentials ¶
func (*Client) GetRolesInAccount ¶ added in v0.3.15
func (c *Client) GetRolesInAccount(query string, accountNumber string) ([]ConsolemeRolesResponse, error)
func (*Client) RolesExtended ¶ added in v0.3.4
func (c *Client) RolesExtended() ([]ConsolemeRolesResponse, error)
RolesExtended returns all eligible role along with additional details, using v2 of eligible roles endpoint
type ClientMock ¶
type ClientMock struct {
DoFunc func(req *http.Request) (*http.Response, error)
GetRoleCredentialsFunc func(role string, ipRestrict bool) (*aws.Credentials, error)
}
func (*ClientMock) CloseIdleConnections ¶
func (c *ClientMock) CloseIdleConnections()
func (*ClientMock) GetRoleCredentials ¶
func (c *ClientMock) GetRoleCredentials(role string, ipRestrict bool) (*aws.Credentials, error)
type ConsoleMeCredentialRequestMetadata ¶
type ConsoleMeCredentialRequestMetadata struct {
}
type ConsolemeAccountDetails ¶ added in v0.3.15
type ConsolemeAccountDetails struct {
AccountNumber string `json:"account_id"`
AccountName string `json:"account_friendly_name"`
}
ConsolemeAccountDetails represents the details for an account
type ConsolemeAppDetails ¶ added in v0.3.4
type ConsolemeAppDetails struct {
Name string `json:"name"`
Owner string `json:"owner"`
OwnerURL string `json:"owner_url"`
AppURL string `json:"app_url"`
}
ConsolemeAppDetails represents the structure of details returned by ConsoleMe about a single app
type ConsolemeCredentialRequestType ¶
type ConsolemeCredentialRequestType struct {
RequestedRole string `json:"requested_role"`
NoIpRestricton bool `json:"no_ip_restrictions"`
Metadata *metadata.InstanceInfo `json:"metadata,omitempty"`
}
type ConsolemeCredentialResponseType ¶
type ConsolemeCredentialResponseType struct {
Credentials *aws.Credentials `json:"Credentials"`
}
type ConsolemeResourceSearchResponseElement ¶ added in v0.3.15
type ConsolemeResourceSearchResponseElement struct {
Title string `json:"title"`
}
ConsolemeResourceSearchResponseElement represents a single element in the response for searching resources
type ConsolemeRolesResponse ¶ added in v0.3.15
type ConsolemeRolesResponse struct {
Arn string `json:"arn"`
AccountNumber string `json:"account_id"`
AccountName string `json:"account_friendly_name"`
RoleName string `json:"role_name"`
Apps struct {
AppDetails []ConsolemeAppDetails `json:"app_details"`
} `json:"apps"`
}
ConsolemeRolesResponse represents the response structure of ConsoleMe's model for detailed roles
type ConsolemeWebResponse ¶
type ConsolemeWebResponse struct {
Status string `json:"status"`
Reason string `json:"reason"`
RedirectURL string `json:"redirect_url"`
StatusCode int `json:"status_code"`
Message string `json:"message"`
Errors []string `json:"errors"`
Data map[string]json.RawMessage `json:"data"`
}
ConsolemeWebResponse represents the response structure of ConsoleMe's model WebResponse
type CredentialProcess ¶
type Credentials ¶
type HTTPClient ¶
type HTTPClient interface {
Do(req *http.Request) (*http.Response, error)
GetRoleCredentials(role string, ipRestrict bool) (*aws.Credentials, error)
CloseIdleConnections()
// contains filtered or unexported methods
}
HTTPClient is the interface we expect HTTP clients to implement.
func GetTestClient ¶
func GetTestClient(responseBody interface{}) (HTTPClient, error)
type RefreshableProvider ¶
type RefreshableProvider struct {
sync.RWMutex
Expiration types.Time
LastRefreshed types.Time
Region string
RoleName string
RoleArn string
NoIpRestrict bool
AssumeChain []string
// contains filtered or unexported fields
}
func NewRefreshableProvider ¶
func NewRefreshableProvider(client HTTPClient, role, region string, assumeChain []string, noIpRestrict bool) (*RefreshableProvider, error)
NewRefreshableProvider creates an AWS credential provider that will automatically refresh credentials when they are close to expiring
func (*RefreshableProvider) AutoRefresh ¶
func (rp *RefreshableProvider) AutoRefresh()
func (*RefreshableProvider) IsExpired ¶
func (rp *RefreshableProvider) IsExpired() bool
IsExpired always returns false because we should never have expired credentials
func (*RefreshableProvider) Retrieve ¶
func (rp *RefreshableProvider) Retrieve() (credentials.Value, error)
Retrieve returns the AWS credentials from the provider
Source Files