aws

package

v0.64.1 Latest Latest Go to latest Published: Apr 26, 2024 License: Apache-2.0 Imports: 29 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/open-policy-agent/opa

Links

Open Source Insights

Documentation ¶

Overview ¶

modified from github.com/aws/aws-sdk-go-v2/internal/v4a@7a32d707af

Index ¶

Constants
func DoRequestWithClient(req *http.Request, client *http.Client, desc string, logger logging.Logger) ([]byte, error)
func SetRandomSource(reader io.Reader)
func SignRequest(req *http.Request, service string, creds Credentials, theTime time.Time, ...) error
func SignV4(headers map[string][]string, method string, theURL *url.URL, body []byte, ...) (string, map[string]string)
func SignV4a(headers map[string][]string, method string, theURL *url.URL, body []byte, ...) map[string][]string
type Credentials
- func CredentialsFromObject(v ast.Object) Credentials
type ECR
- func NewECR(logger logging.Logger) *ECR
- func (e *ECR) GetAuthorizationToken(ctx context.Context, creds Credentials, signatureVersion string) (ECRAuthorizationToken, error)
type ECRAuthorizationToken
- func (t *ECRAuthorizationToken) IsValid() bool
type KMS
- func NewKMS(logger logging.Logger) *KMS
- func NewKMSWithURLClient(url string, client *http.Client, logger logging.Logger) *KMS
- func (k *KMS) SignDigest(ctx context.Context, digest []byte, keyID string, signingAlgorithm string, ...) (string, error)
type KMSSignRequest
type KMSSignResponse

Constants ¶

View Source

const (
	// AmzRegionSetKey represents the region set header used for sigv4a
	AmzRegionSetKey = "X-Amz-Region-Set"
)

Variables ¶

This section is empty.

Functions ¶

func DoRequestWithClient ¶ added in v0.52.0

func DoRequestWithClient(req *http.Request, client *http.Client, desc string, logger logging.Logger) ([]byte, error)

DoRequestWithClient is a convenience function to get the body of an http response with appropriate error-handling boilerplate and logging.

func SetRandomSource ¶

func SetRandomSource(reader io.Reader)

SetRandomSource used for testing to override rand so tests can expect stable output

func SignRequest ¶ added in v0.52.0

func SignRequest(req *http.Request, service string, creds Credentials, theTime time.Time, sigVersion string) error

SignRequest modifies an http.Request to include an AWS V4 signature based on the provided credentials.

func SignV4 ¶

func SignV4(headers map[string][]string, method string, theURL *url.URL, body []byte, service string,
	awsCreds Credentials, theTime time.Time, disablePayloadSigning bool) (string, map[string]string)

SignV4 modifies a map[string][]string of headers to generate an AWS V4 signature + headers based on the config/credentials provided.

func SignV4a ¶

func SignV4a(headers map[string][]string, method string, theURL *url.URL, body []byte, service string, awsCreds Credentials, theTime time.Time) map[string][]string

SignV4a returns a map[string][]string of headers, including an added AWS V4a signature based on the config/credentials provided.

Types ¶

type Credentials ¶

type Credentials struct {
	AccessKey    string
	SecretKey    string
	RegionName   string
	SessionToken string
}

func CredentialsFromObject ¶

func CredentialsFromObject(v ast.Object) Credentials

type ECR ¶ added in v0.52.0

type ECR struct {
	// contains filtered or unexported fields
}

ECR is used to request tokens from Elastic Container Registry.

func NewECR ¶ added in v0.52.0

func NewECR(logger logging.Logger) *ECR

func (*ECR) GetAuthorizationToken ¶ added in v0.52.0

func (e *ECR) GetAuthorizationToken(ctx context.Context, creds Credentials, signatureVersion string) (ECRAuthorizationToken, error)

GetAuthorizationToken requests a token that can be used to authenticate image pull requests.

type ECRAuthorizationToken ¶ added in v0.52.0

type ECRAuthorizationToken struct {
	AuthorizationToken string
	ExpiresAt          time.Time
}

ECRAuthorizationToken can sign requests to AWS ECR.

It corresponds to data returned by the AWS GetAuthorizationToken API. See https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_AuthorizationData.html

func (*ECRAuthorizationToken) IsValid ¶ added in v0.52.0

func (t *ECRAuthorizationToken) IsValid() bool

IsValid returns true if the token is set and not expired. It respects a margin of error for time handling and will mark it as expired early.

type KMS ¶ added in v0.55.0

type KMS struct {
	// contains filtered or unexported fields
}

KMS is used to sign payloads using AWS Key Management Service.

func NewKMS ¶ added in v0.55.0

func NewKMS(logger logging.Logger) *KMS

func NewKMSWithURLClient ¶ added in v0.55.0

func NewKMSWithURLClient(url string, client *http.Client, logger logging.Logger) *KMS

func (*KMS) SignDigest ¶ added in v0.55.0

func (k *KMS) SignDigest(ctx context.Context, digest []byte, keyID string, signingAlgorithm string, creds Credentials, signatureVersion string) (string, error)

SignDigest signs a digest using KMS.

type KMSSignRequest ¶ added in v0.55.0

type KMSSignRequest struct {
	KeyID            string `json:"KeyId"`
	Message          string `json:"Message"`
	MessageType      string `json:"MessageType"`
	SigningAlgorithm string `json:"SigningAlgorithm"`
}

type KMSSignResponse ¶ added in v0.55.0

type KMSSignResponse struct {
	KeyID            string `json:"KeyId"`
	Signature        string `json:"Signature"`
	SigningAlgorithm string `json:"SigningAlgorithm"`
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
crypto
v4

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL