Documentation ¶
Index ¶
- func DataResponse(data interface{}) (*events.APIGatewayProxyResponse, error)
- func ErrorResponse(code ErrorCode, message string) (*events.APIGatewayProxyResponse, error)
- func GetAPIGatewayProxyResponse(code ErrorCode, data []byte) (*events.APIGatewayProxyResponse, error)
- type AuthenticationProviderName
- type ClientProperties
- type ErrorCode
- type ErrorData
- type GetTemporaryCredentialEvent
- type GetTemporaryCredentialsPayload
- type GetUserDataEvent
- type GetUserDataPayload
- type Handler
- func (h *Handler) GetTemporaryCredentialEventHandler(ctx context.Context, req *events.APIGatewayProxyRequest) (*events.APIGatewayProxyResponse, error)
- func (h *Handler) GetUserDataEventHandler(ctx context.Context, req *events.APIGatewayProxyRequest) (*events.APIGatewayProxyResponse, error)
- func (h *Handler) ListProvidersHandler(ctx context.Context) (*events.APIGatewayProxyResponse, error)
- type ListProvidersEvent
- type ListProvidersPayload
- type Provider
- type Response
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DataResponse ¶
func DataResponse(data interface{}) (*events.APIGatewayProxyResponse, error)
DataResponse returns a response that wraps the data in an APIGatewayProxyResponse in the correct format. Error is always nil to make returning from a Lambda less cumbersome.
func ErrorResponse ¶
func ErrorResponse(code ErrorCode, message string) (*events.APIGatewayProxyResponse, error)
ErrorResponse creates a standardized error response with an error message from the server and wraps it in an APIGatewayProxyResponse that the AWS API gateway understands. It also always returns a nil error, simply to make returning from a Lambda less cumbersome.
func GetAPIGatewayProxyResponse ¶
func GetAPIGatewayProxyResponse(code ErrorCode, data []byte) (*events.APIGatewayProxyResponse, error)
GetAPIGatewayProxyResponse creates a response that wraps data in an APIGatewayProxyResponse that the AWS API Gateway understands. It also sets an HTTP status code based on a specified error code.
Types ¶
type AuthenticationProviderName ¶
type AuthenticationProviderName = string
const ( // AuthenticationProviderDefault lets the server decide which authentication provider to use. This is not recommended. // Older clients will supply this as it has the value of an empty string. AuthenticationProviderDefault AuthenticationProviderName = "" AuthenticationProviderOkta AuthenticationProviderName = "okta" AuthenticationProviderOneLogin AuthenticationProviderName = "onelogin" )
type ClientProperties ¶
ClientProperties is information provided by the client about itself.
This should not be relied on existing as it is user-provided information. Newer versions of KeyConjurer place this information in the User-Agent header of their requests. Older versions send it in their POST bodies in the GetUserData and GetAwsCreds endpoints.
func (*ClientProperties) FromRequestHeader ¶
func (c *ClientProperties) FromRequestHeader(r *http.Request) bool
FromRequestHeader updates the current properties from the given request's headers
func (*ClientProperties) UserAgent ¶
func (c *ClientProperties) UserAgent() string
UserAgent constructs a user agent string for this ClientProperties instance.
type ErrorCode ¶
type ErrorCode string
ErrorCode contains all of the recognised error codes in the KeyConjurer API.
var ( // ErrCodeInvalidProvider indicates that the user supplied an unsupported provider. // The user MUST change their provider. The server will not accept the request without modification. ErrCodeInvalidProvider ErrorCode = "unsupported_provider" // ErrCodeUnspecified indicates that the reason for the operation failure was unknown. // The user MAY attempt resubmitting their request as-is, but there is no guarantee it will succeed. ErrCodeUnspecified ErrorCode = "unspecified" // ErrCodeUnableToDecrypt indicates the server was unable to decrypt the credentials the client provided. ErrCodeUnableToDecrypt ErrorCode = "decryption_failure" // ErrCodeInvalidCredentials indicates that the users credentials were incorrect. ErrCodeInvalidCredentials ErrorCode = "invalid_credentials" // ErrCodeInternalServerError indicates that a server occurred within the server and the server could not continue. // The user cannot fix this issue. They MAY retry again. ErrCodeInternalServerError ErrorCode = "internal_server_error" // ErrCodeUnableToEncrypt indicates that the server was unable to encrypt the users credentials. ErrCodeUnableToEncrypt ErrorCode = "encryption_failure" // ErrCodeBadRequest indicates that the user supplied data that was invalid. ErrCodeBadRequest ErrorCode = "bad_request" // Success indicates that everything went well. Success ErrorCode = "successful" )
func (ErrorCode) GetHttpStatus ¶
GetHttpStatus translates an error code to an HTTP status code.
type ErrorData ¶
ErrorData encapsulates error information relating to an AWS Lambda call. Lambda does not make it trivial to return HTTP status codes, so instead the application should interrogate the Code value in this struct.
type GetTemporaryCredentialEvent ¶
type GetTemporaryCredentialEvent struct { core.Credentials AppID string `json:"appId"` TimeoutInHours uint8 `json:"timeoutInHours"` RoleName string `json:"roleName"` // AuthenticationProvider is the authentication provider that should be used when logging in. // This will be blank for old versions of KeyConjurer; if it is blank, you must default to OneLogin AuthenticationProvider AuthenticationProviderName `json:"authentication_provider"` }
func (*GetTemporaryCredentialEvent) Validate ¶
func (e *GetTemporaryCredentialEvent) Validate() error
Validate validates that the event has appropriate parameters
type GetTemporaryCredentialsPayload ¶
type GetTemporaryCredentialsPayload struct { // TODO: add CloudProvider property so the client can discriminate between different cloud providers AccountID string `json:"AccountId"` // Intentionally lower-cased to maintain backwards compatibilty AccessKeyID string `json:"AccessKeyId"` SecretAccessKey string `json:"SecretAccessKey"` SessionToken string `json:"SessionToken"` Expiration string `json:"Expiration"` }
type GetUserDataEvent ¶
type GetUserDataEvent struct { core.Credentials // AuthenticationProvider is the authentication provider that should be used when logging in. AuthenticationProvider AuthenticationProviderName `json:"authentication_provider"` }
type GetUserDataPayload ¶
type GetUserDataPayload struct { Apps []core.Application `json:"apps"` EncryptedCredentials string `json:"creds"` }
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
func NewHandler ¶
func (*Handler) GetTemporaryCredentialEventHandler ¶
func (h *Handler) GetTemporaryCredentialEventHandler(ctx context.Context, req *events.APIGatewayProxyRequest) (*events.APIGatewayProxyResponse, error)
GetTemporaryCredentialEventHandler issues temporary credentials for the current user.
This MUST be backwards compatible with the old version of KeyConjurer for a time.
func (*Handler) GetUserDataEventHandler ¶
func (h *Handler) GetUserDataEventHandler(ctx context.Context, req *events.APIGatewayProxyRequest) (*events.APIGatewayProxyResponse, error)
GetUserDataEventHandler authenticates the user against OneLogin and retrieves a list of AWS application the user has available.
This MUST be backwards compatible with the old version of KeyConjurer for a time.
func (*Handler) ListProvidersHandler ¶
func (h *Handler) ListProvidersHandler(ctx context.Context) (*events.APIGatewayProxyResponse, error)
ListProvidersHandler allows a user to list the providers they may authenticate with.
This does NOT need to be backwards compatible with old KeyConjurer clients.
type ListProvidersEvent ¶
type ListProvidersEvent struct { }
ListProvidersEvent is the set of parameters available for listing providers.
type ListProvidersPayload ¶
type ListProvidersPayload struct {
Providers []Provider
}
type Response ¶
type Response struct { Success bool // DEPRECATED: Use ErrorData.Message in the Data field if you intend to communicate error messages to the user. Message string // Data is the data that will be shipped to the user. // Because it is not possible to UnmarshalJSON to interface{}, you must use the GetPayload() or GetError() functions instead to interact with this when unmarshalling from JSON. // This is a bad pattern but it's a quick fix. Data interface{} }
Response is the generic structure of the lambda responses.
func (*Response) GetError ¶
GetError is similar to GetPayload but for error responses.
The same general constraints apply: you must check the Success flag, and this may only be used if you have unmarshalled the record.
func (*Response) GetPayload ¶
GetPayload deposits the underlying Data payload into dest.
This is an error if the structure was not unmarshalled from JSON using "encoding/json". You must check the Success flag before calling this method. It is an error to call this if Success is false.