cli

package

v0.0.4 Latest Latest Go to latest Published: Dec 6, 2020 License: MIT Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

git.narnian.us/lordwelch/aws-oidc

Links

Open Source Insights

Documentation ¶

Index ¶

func AuthCommand(app *kingpin.Application, config *GlobalConfig, authConfig *AuthConfig)
func ConfigureAuth(app *kingpin.Application, config *GlobalConfig)
func ConfigureExec(app *kingpin.Application, config *GlobalConfig)
func ConfigureGlobal(app *kingpin.Application, config *GlobalConfig)
func ConfigureList(app *kingpin.Application, config *GlobalConfig)
func ConfigureLogin(app *kingpin.Application, config *GlobalConfig)
func ExecCommand(app *kingpin.Application, config *GlobalConfig, execConfig *ExecConfig)
func ListCommand(app *kingpin.Application, config *GlobalConfig, listConfig *ListConfig)
func LoginCommand(app *kingpin.Application, config *GlobalConfig, loginConfig *LoginConfig)
type AuthConfig
type AwsCredentialHelperData
type ExecConfig
type GlobalConfig
type ListConfig
type LoginConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AuthCommand ¶

func AuthCommand(app *kingpin.Application, config *GlobalConfig, authConfig *AuthConfig)

AuthCommand executes the authentication with the selected OpenIDConnect provider

func ConfigureAuth ¶

func ConfigureAuth(app *kingpin.Application, config *GlobalConfig)

ConfigureAuth configures the auth command with arguments and flags

func ConfigureExec ¶

func ConfigureExec(app *kingpin.Application, config *GlobalConfig)

ConfigureExec configures the exec command with arguments and flags

func ConfigureGlobal ¶

func ConfigureGlobal(app *kingpin.Application, config *GlobalConfig)

ConfigureGlobal application arguments and flags

func ConfigureList ¶

func ConfigureList(app *kingpin.Application, config *GlobalConfig)

ConfigureList configures the list command with arguments and flags

func ConfigureLogin ¶

func ConfigureLogin(app *kingpin.Application, config *GlobalConfig)

ConfigureLogin configures the login command with arguments and flags

func ExecCommand ¶

func ExecCommand(app *kingpin.Application, config *GlobalConfig, execConfig *ExecConfig)

ExecCommand retrieves temporary credentials and sets them as environment variables

func ListCommand ¶

func ListCommand(app *kingpin.Application, config *GlobalConfig, listConfig *ListConfig)

ListCommand retrieves the list of AWS roles that have trust policues that accept a given client_id

func LoginCommand ¶

func LoginCommand(app *kingpin.Application, config *GlobalConfig, loginConfig *LoginConfig)

LoginCommand exchanges temporary credentials for an AWS Console signin url https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html

Types ¶

type AuthConfig ¶

type AuthConfig struct {
	// The name of the provider when definied in the TOML configuration file
	Name string `toml:"name"`

	// RoleARN the role in AWS that should be assumed with the identity token
	RoleArn string `toml:"role_arn"`

	// Duration in seconds that the temporary AWS credentials should last for
	// Between 900 (15 minutes) and 43200 (12 hours)
	Duration int64 `toml:"duration"`

	// ProviderURL the endpoint that defines the OIDC provider.
	// Should serve https://[ProviderURL]/.well-known/openid-configuration
	ProviderURL string `toml:"provider_url"`

	// ClientID configured with your OIDC provider
	ClientID string `toml:"client_id"`

	// ClientSecret should only be specified if your OIDC provider requires it.
	// Normally with PKCE you don't require a client_secret.
	ClientSecret string `toml:"client_secret"`

	// DisablePKCE removes the code_challenge and code_verifier parameters of a
	// proof key for code exchange OAuth flow. Only disbale this if your identity
	// provider does not support PKCE.
	DisablePKCE bool `toml:"disable_pkce"`

	// DisableNonce removes a random nonce sent to the server, and added to the token
	// This nonce is verified when the token is received by the command line app.
	DisableNonce bool `toml:"disable_nonce"`

	// AgentCommand contains the command and arguments that open a browser. The URL
	// to be opened will be appended, or use a parameter of {} to substitute the URL.
	AgentCommand []string `toml:"agent"`
}

AuthConfig defines a single OpenIDConnect provider

type AwsCredentialHelperData ¶

type AwsCredentialHelperData struct {
	Version         int    `json:"Version"`
	AccessKeyID     string `json:"AccessKeyId"`
	SecretAccessKey string `json:"SecretAccessKey"`
	SessionToken    string `json:"SessionToken"`
	Expiration      string `json:"Expiration,omitempty"`
}

AwsCredentialHelperData for AWS credential process https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes

type ExecConfig ¶

type ExecConfig struct {
	Profile string
	Command string
	Args    []string
	Signals chan os.Signal
}

ExecConfig stores the parameters needed for an exec command

type GlobalConfig ¶

type GlobalConfig struct {
	//Region in AWS used by KMSAuth and BLESS
	Region       string
	Profile      string
	AuthProvider []AuthConfig

	Session *session.Session
	Keyring *keyring.Keyring
}

GlobalConfig used for defaults and command line arguments

type ListConfig ¶

type ListConfig struct {
	ClientID string
	Claim    string
}

ListConfig stores the parameters needed for a List command

type LoginConfig ¶

type LoginConfig struct {
	Profile string
}

LoginConfig stores the parameters needed for an login command

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL