credentials

package
v0.0.0-...-a26d5fb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 19, 2019 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// DefaultDuration is the default amount of time in minutes that the credentials
	// will be valid for.
	DefaultDuration = time.Duration(1) * time.Hour
)

Variables

This section is empty.

Functions

func GetSamlMetaData 

func GetSamlMetaData(lwFqdn, tenant string, httpClient *http.Client) (string, error)

GetSamlMetaData retrieve the SAML metadata document from lightwave. The result is used to upload to AWS to register lightwave as IdP.

func GetSamlTokenByCert 

func GetSamlTokenByCert(lwFqdn, tenant string, cert *x509.Certificate, privateKey *rsa.PrivateKey, httpClient *http.Client) (string, error)

GetSamlTokenByCert retrieves a saml token using a solution user's certificate and private key

func GetSamlTokenByPassword 

func GetSamlTokenByPassword(lwFqdn, tenant, username, password string, httpClient *http.Client) (string, error)

GetSamlTokenByPassword retrieves saml token from lightwave STS with username/password auth. HttpClient param can be nil

func IsErrorWithCode 

func IsErrorWithCode(err error, c ErrorCode) bool

IsErrorWithCode checks whether the specified error is SAML error with specifier ErrorCode

func NewLightwaveCredentials 

func NewLightwaveCredentials(lwFqdn, region, tenant, username, password,
	principalARN, roleARN, certPath, privateKeyPath string, isSolutionUser bool) (*awscreds.Credentials, error)

NewLightwaveCredentials returns a pointer to a new Credentials object wrapping the environment variable provider.

func ParseCertificate 

func ParseCertificate(filename string) (*x509.Certificate, error)

ParseCertificate parses the x509 cert from the path

func ParsePrivateKey 

func ParsePrivateKey(filename string) (*rsa.PrivateKey, error)

ParsePrivateKey parses the private key from the pem file

Types

type AssumeWithSAMLRoler 

type AssumeWithSAMLRoler interface {
	AssumeRoleWithSAML(input *sts.AssumeRoleWithSAMLInput) (*sts.AssumeRoleWithSAMLOutput, error)
}

AssumeWithSAMLRoler represents the minimal subset of the STS client API used by this provider.

type Error 

type Error struct {
	ErrorCode
	Msg    string
	Detail string
}

Error is unified error

func (*Error) Error 

func (e *Error) Error() string

Error implements error

func (*Error) WithCause 

func (e *Error) WithCause(err error) *Error

WithCause adds CauseBy to error

func (*Error) WithDetail 

func (e *Error) WithDetail(format string, v ...interface{}) *Error

WithDetail adds a detailed message to error

func (*Error) WithMsg 

func (e *Error) WithMsg(format string, v ...interface{}) *Error

WithMsg overwrites the default error message

type ErrorCode 

type ErrorCode int32

ErrorCode is unified definition of numeric error codes 

const (
	SAMLError                      ErrorCode = 100
	SAMLMetadataError              ErrorCode = 101
	SAMLTokenInvalidSignatureError ErrorCode = 102
	SAMLTokenExpiredError          ErrorCode = 103
	SAMLTokenNotYetValidError      ErrorCode = 104
	SAMLTokenInvalidError          ErrorCode = 105
	SAMLGetTokenError              ErrorCode = 106

	SAMLInvalidRequestError     ErrorCode = 107
	SAMLInvalidClientError      ErrorCode = 108
	SAMLUnauthorizedClientError ErrorCode = 109
	SAMLUnsupportedOperation    ErrorCode = 110
	SAMLAccessDeniedError       ErrorCode = 111
	SAMLServerError             ErrorCode = 112
	SAMLInvalidArgError         ErrorCode = 113
	SAMLMetadataRetrievalError  ErrorCode = 114
	SAMLParseError              ErrorCode = 115
)

pre-defined error codes

func (ErrorCode) MakeError 

func (c ErrorCode) MakeError(msg string, detail string, err error) *Error

MakeError makes an error from errorcode, message, and optional error

func (ErrorCode) Name 

func (c ErrorCode) Name() string

Name returns the string name of the error code

type LightwaveProvider 

type LightwaveProvider struct {

	// Flag to mark if the credentials are from a solution user
	IsSolutionUser bool

	// STS client to make assume role request with.
	Client AssumeWithSAMLRoler

	// The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP.
	PrincipalARN string

	// The Amazon Resource Name (ARN) of the role that the caller is assuming.
	RoleARN string

	// Expiry duration of the STS credentials. Defaults to 15 minutes if not set.
	Duration time.Duration

	// Lightwave FQDN to send the requests.
	LightwaveFQDN string

	// aws region
	Region string

	// Lightwave tenant name.
	Tenant string

	// Lightwave account's username in UPN format.
	Username string

	// Lightwav account's password.
	Password string

	// Certificate of the solution user
	Certificate *x509.Certificate

	// Private key of the solution user
	PrivateKey *rsa.PrivateKey

	// HTTPClient is the http client to use to get credentials
	HTTPClient *http.Client
	// contains filtered or unexported fields
}

A LightwaveProvider federates with AWS using SAML-based federation. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html

A valid lightwave user can use this package to retrieve temporary security credential for AWS.

func (*LightwaveProvider) IsExpired 

func (e *LightwaveProvider) IsExpired() bool

IsExpired returns if the credentials have been expired.

func (*LightwaveProvider) Retrieve 

func (e *LightwaveProvider) Retrieve() (awscreds.Value, error)

Retrieve retrieves the keys from the AWS using SAML federation.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.