sessioncache

Documentation

Overview

sessioncache caches sessions (sts.Credentials)

sessioncache splits Stores (the way cache items are stored) from Keys (the way cache items are looked up/replaced)

Index

• Constants
• Variables
• type Key
• type KeyWithProfileARN
  • func (k KeyWithProfileARN) Key() string
• type KrItemPerSessionStore
  • func (s *KrItemPerSessionStore) Get(k Key) (*Session, error)
  • func (s *KrItemPerSessionStore) Put(k Key, session *Session) error
• type OrigKey
  • func (k OrigKey) Key() string
• type Session
  • func (s *Session) Bytes() ([]byte, error)
• type SingleKrItemStore
  • func (s *SingleKrItemStore) Get(k Key) (*Session, error)
  • func (s *SingleKrItemStore) Put(k Key, session *Session) error

Constants

const KeyringItemKey = "session-cache"

TODO: make this configurable

const KeyringItemLabel = "aws-okta session cache"

Variables

var ErrSessionExpired = errors.New("session expired")

Types

type Key

type Key interface {
	Key() string
}

Key is used to compute the cache key for a session

type KeyWithProfileARN

type KeyWithProfileARN struct {
	ProfileName string
	ProfileConf map[string]string
	Duration    time.Duration
	ProfileARN  string
}

func (KeyWithProfileARN) Key

func (k KeyWithProfileARN) Key() string

Key returns a key for the keyring item. For all purposes it behaves the same way as OrigKey but also takes the ProfileARN into account when generating the key value.

type KrItemPerSessionStore

type KrItemPerSessionStore struct {
	Keyring keyring.Keyring
}

KrItemPerSessionStore stores one session in one keyring item

This is the classic session store implementation. Its main drawback is that on macOS, without code signing, you need to reauthorize the binary between upgrades *for each item*.

func (*KrItemPerSessionStore) Get

func (s *KrItemPerSessionStore) Get(k Key) (*Session, error)

Get returns the session from the keyring at k.Key()

If the keyring item is not found, returns wrapped keyring.ErrKeyNotFound

If the session is found, but is expired, returns wrapped ErrSessionExpired

func (*KrItemPerSessionStore) Put

func (s *KrItemPerSessionStore) Put(k Key, session *Session) error

type OrigKey

type OrigKey struct {
	ProfileName string
	ProfileConf map[string]string
	Duration    time.Duration
}

func (OrigKey) Key

func (k OrigKey) Key() string

Key returns a key for the keyring item. This is a string containing the source profile name, the profile name, and a hash of the duration

this is a copy of KeyringSessions.key and should preserve behavior, *except* that it assumes `profileName` is a valid and existing profile name

type Session

type Session struct {
	Name string
	sts.Credentials
}

Session adds a session name to sts.Credentials

func (*Session) Bytes

func (s *Session) Bytes() ([]byte, error)

type SingleKrItemStore

type SingleKrItemStore struct {
	Keyring keyring.Keyring
}

SingleKrItemStore stores all sessions in a single keyring item

This is mostly for MacOS keychain, where because we don't sign aws-okta properly, the user needs to reauth the aws-okta binary for every item on every upgrade. By collapsing all sessions into a single item, we only need to reauth once per upgrade/build

func (*SingleKrItemStore) Get

func (s *SingleKrItemStore) Get(k Key) (*Session, error)

Get loads the db from the keyring, and returns the session at k.Key()

If the keyring item is not found (the db hasn't been written) or the key is not found, returns wrapped keyring.ErrKeyNotFound

If the session is found, but is expired, returns wrapped ErrSessionExpired

func (*SingleKrItemStore) Put

func (s *SingleKrItemStore) Put(k Key, session *Session) error