aws

package
v0.1.31 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 23, 2025 License: Apache-2.0 Imports: 15 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrTokenRejected                    = errors.New("token rejected by AWS STS endpoint")
	ErrTokenExpired                     = errors.New("token expired")
	ErrInvalidAudience                  = errors.New("audience header in token does not match expected audience")
	ErrInvalidIdentity                  = errors.New("identity header in token does not match expected identity")
	ErrInvalidEncoding                  = errors.New("invalid token encoding")
	ErrInvalidVerificationConfiguration = errors.New("verifcation was incorrectly configured")
)

Functions

func GenerateToken 

func GenerateToken(ctx context.Context, creds aws.Credentials, audience, identity string) (string, error)

GenerateToken creates token using the supplied AWS credentials that can prove the user's AWS identity. Audience and identity are the Chainguard STS url (e.g https://issuer.enforce.dev) and the UID of the Chainguard assumable identity to assume via STS.

Types

type VerifiedClaims 

type VerifiedClaims struct {
	UserID  string `json:"UserId"`
	Arn     string `json:"Arn"`
	Account string `json:"Account"`
}

func VerifyToken 

func VerifyToken(ctx context.Context, token string, opts ...VerifyOption) (*VerifiedClaims, error)

type VerifyOption 

type VerifyOption func(*verifyConf)

func WithAudience 

func WithAudience(aud sets.Set[string]) VerifyOption

func WithIdentity 

func WithIdentity(id string) VerifyOption

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.