Documentation ¶
Index ¶
- Constants
- Variables
- func Authenticate(client *OIDCClient, roleArn string, maxSessionDurationSeconds int64, ...)
- func Clear() error
- func ConfigPath() string
- func Exit(err error)
- func Export(key string, value string)
- func GetFreePort() (int, error)
- func RunSetup(ui *input.UI)
- func SaveAWSCredential(roleArn string, cred *AWSCredentials)
- func Traceln(format string, msg ...interface{})
- func Write(format string, msg ...interface{})
- func Writeln(format string, msg ...interface{})
- type AWSCredentials
- func AWSCredential(roleArn string) (*AWSCredentials, error)
- func GetCredentialsWithOIDC(client *OIDCClient, idToken, iamRoleArn string, durationInSeconds int64) (*AWSCredentials, error)
- func GetCredentialsWithSAML(samlResponse string, durationSeconds int64, iamRoleArn string) (*AWSCredentials, error)
- type LoginParams
- type OAuthError
- type OIDCClient
- type OIDCMetadataResponse
- type RESTClient
- type Request
- func (r *Request) Delete() (*Response, error)
- func (r *Request) Form(form url.Values) *Request
- func (r *Request) Get() (*Response, error)
- func (r *Request) Header(name string, value string) *Request
- func (r *Request) Json(v interface{}) *Request
- func (r *Request) Post() (*Response, error)
- func (r *Request) Put() (*Response, error)
- type Response
- type RestClient
- type RestClientConfig
- type SecretStore
- type TokenResponse
- type WebTarget
Constants ¶
View Source
const AWS_FEDERATION_ROLE_SESSION_NAME = "aws_federation_role_session_name"
OIDC config
View Source
const AWS_FEDERATION_TYPE = "aws_federation_type"
View Source
const AWS_FEDERATION_TYPE_OIDC = "oidc"
Federation Type
View Source
const AWS_FEDERATION_TYPE_SAML2 = "saml2"
View Source
const CLIENT_AUTH_CA = "client_auth_ca"
View Source
const CLIENT_AUTH_CERT = "client_auth_cert"
View Source
const CLIENT_AUTH_KEY = "client_auth_key"
View Source
const CLIENT_ID = "client_id"
View Source
const CLIENT_SECRET = "client_secret"
View Source
const DEFAULT_IAM_ROLE_ARN = "default_iam_role_arn"
View Source
const FAILURE_REDIRECT_URL = "failure_redirect_url"
View Source
const INSECURE_SKIP_VERIFY = "insecure_skip_verify"
View Source
const MAX_SESSION_DURATION_SECONDS = "max_session_duration_seconds"
View Source
const OIDC_AUTHENTICATION_REQUEST_ADDITIONAL_QUERY = "oidc_authentication_request_additional_query"
View Source
const OIDC_PROVIDER_METADATA_URL = "oidc_provider_metadata_url"
View Source
const OIDC_PROVIDER_TOKEN_EXCHANGE_AUDIENCE = "oidc_provider_token_exchange_audience"
SAML config
View Source
const OIDC_PROVIDER_TOKEN_EXCHANGE_SUBJECT_TOKEN_TYPE = "oidc_provider_token_exchange_subject_token_type" // Only support saml2
View Source
const SUCCESSFUL_REDIRECT_URL = "successful_redirect_url"
View Source
const TOKEN_TYPE_ACCESS_TOKEN = "urn:ietf:params:oauth:token-type:access_token"
OAuth 2.0 Token Exchange
View Source
const TOKEN_TYPE_ID_TOKEN = "urn:ietf:params:oauth:token-type:id_token"
Variables ¶
View Source
var IsTraceEnabled bool
Functions ¶
func Authenticate ¶
func Authenticate(client *OIDCClient, roleArn string, maxSessionDurationSeconds int64, useSecret, asJson bool)
func ConfigPath ¶
func ConfigPath() string
func GetFreePort ¶
func SaveAWSCredential ¶
func SaveAWSCredential(roleArn string, cred *AWSCredentials)
Types ¶
type AWSCredentials ¶
type AWSCredentials struct { Version int AWSAccessKey string `json:"AccessKeyId"` AWSSecretKey string `json:"SecretAccessKey"` AWSSessionToken string `json:"SessionToken"` PrincipalARN string `json:"-"` Expires time.Time `json:"Expiration"` }
func AWSCredential ¶
func AWSCredential(roleArn string) (*AWSCredentials, error)
func GetCredentialsWithOIDC ¶
func GetCredentialsWithOIDC(client *OIDCClient, idToken, iamRoleArn string, durationInSeconds int64) (*AWSCredentials, error)
func GetCredentialsWithSAML ¶
func GetCredentialsWithSAML(samlResponse string, durationSeconds int64, iamRoleArn string) (*AWSCredentials, error)
type LoginParams ¶
type OAuthError ¶
type OAuthError struct {
// contains filtered or unexported fields
}
type OIDCClient ¶
type OIDCClient struct {
// contains filtered or unexported fields
}
func CheckInstalled ¶
func CheckInstalled(name string) (*OIDCClient, error)
func InitializeClient ¶
func InitializeClient(ui *input.UI, name string) (*OIDCClient, error)
func (*OIDCClient) Authorization ¶
func (c *OIDCClient) Authorization() *WebTarget
func (*OIDCClient) ClientForm ¶
func (c *OIDCClient) ClientForm() url.Values
func (*OIDCClient) RedirectToFailurePage ¶
func (c *OIDCClient) RedirectToFailurePage() *WebTarget
func (*OIDCClient) RedirectToSuccessfulPage ¶
func (c *OIDCClient) RedirectToSuccessfulPage() *WebTarget
func (*OIDCClient) Token ¶
func (c *OIDCClient) Token() *WebTarget
type OIDCMetadataResponse ¶
type OIDCMetadataResponse struct { Issuer string `json:"issuer"` AuthorizationEndpoint string `json:"authorization_endpoint"` TokenEndpoint string `json:"token_endpoint"` TokenIntrospectionEndpoint string `json:"token_introspection_endpoint"` UserinfoEndpoint string `json:"userinfo_endpoint"` EndSessionEndpoint string `json:"end_session_endpoint"` JwksURI string `json:"jwks_uri"` CheckSessionIframe string `json:"check_session_iframe"` GrantTypesSupported []string `json:"grant_types_supported"` ResponseTypesSupported []string `json:"response_types_supported"` SubjectTypesSupported []string `json:"subject_types_supported"` IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"` UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported"` RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"` ResponseModesSupported []string `json:"response_modes_supported"` RegistrationEndpoint string `json:"registration_endpoint"` TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"` TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"` ClaimsSupported []string `json:"claims_supported"` ClaimTypesSupported []string `json:"claim_types_supported"` ClaimsParameterSupported bool `json:"claims_parameter_supported"` ScopesSupported []string `json:"scopes_supported"` RequestParameterSupported bool `json:"request_parameter_supported"` RequestURIParameterSupported bool `json:"request_uri_parameter_supported"` CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"` TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens"` }
type RESTClient ¶
type RESTClient struct {
// contains filtered or unexported fields
}
type RestClient ¶
type RestClient struct {
// contains filtered or unexported fields
}
func NewRestClient ¶
func NewRestClient(config *RestClientConfig) (*RestClient, error)
func (*RestClient) Target ¶
func (client *RestClient) Target(uri string) *WebTarget
type RestClientConfig ¶
type SecretStore ¶
var Secret SecretStore
func (*SecretStore) Load ¶
func (s *SecretStore) Load()
func (*SecretStore) Save ¶
func (s *SecretStore) Save(roleArn, cred string)
type TokenResponse ¶
type WebTarget ¶
type WebTarget struct {
// contains filtered or unexported fields
}
func (*WebTarget) QueryParam ¶
Click to show internal directories.
Click to hide internal directories.