Documentation
¶
Index ¶
- Constants
- Variables
- func AllIssuesHandlers(cred *RefreshableCred, roleName string, opts *CredentialsOpts) (http.HandlerFunc, http.HandlerFunc, http.HandlerFunc)
- func BuildAuthorizationHeader(request *http.Request, body io.ReadSeeker, signedHeadersString string, ...) string
- func CheckValidToken(w http.ResponseWriter, r *http.Request) error
- func CreateSignFunction(privateKey crypto.PrivateKey, certificate x509.Certificate, ...) func(*request.Request)
- func CreateStringToSign(canonicalRequest string, signerParams SignerParams) string
- func FindTokenTTLSeconds(r *http.Request) (string, error)
- func GenerateToken(length int) (string, error)
- func GetCredentialsFileContents() ([]string, error)
- func GetWriteOnlyCredentialsFile() (*os.File, error)
- func InsertToken(token string, expirationTime time.Time) error
- func ReadCertificateBundleData(certificateBundleId string) ([]*x509.Certificate, error)
- func ReadPrivateKeyData(privateKeyId string) (crypto.PrivateKey, error)
- func Serve(port int, credentialsOptions CredentialsOpts)
- func Update(credentialsOptions CredentialsOpts, profile string, once bool)
- func WriteTo(profileName string, writeLines []string, cred *TemporaryCredential) error
- type CertificateData
- type CredentialProcessOutput
- type CredentialsOpts
- type Endpoint
- type RefreshableCred
- type RequestHeaderOpts
- type RequestOpts
- type RequestQueryStringOpts
- type RolesAnywhereSigner
- type SessionToken
- type SignerParams
- type SigningOpts
- type SigningResult
- type TemporaryCredential
Constants ¶
const DEFAULT_TOKEN_TTL_SECONDS = "21600"
const DefaultPort = 9911
const EC2_METADATA_TOKEN_HEADER = "x-aws-ec2-metadata-token"
const EC2_METADATA_TOKEN_TTL_HEADER = "x-aws-ec2-metadata-token-ttl-seconds"
const LocalHostAddress = "127.0.0.1"
const MAX_TOKENS = 256
const REFRESHABLE_CRED_CODE = "Success"
const REFRESHABLE_CRED_TYPE = "AWS-HMAC"
const SECURITY_CREDENTIALS_RESOURCE_PATH = "/latest/meta-data/iam/security-credentials/"
const TOKEN_RESOURCE_PATH = "/latest/api/token"
const UpdateRefreshTime = time.Minute * time.Duration(5)
const X_FORWARDED_FOR_HEADER = "X-Forwarded-For"
Variables ¶
var RefreshTime = time.Minute * time.Duration(5)
Functions ¶
func AllIssuesHandlers ¶ added in v1.0.3
func AllIssuesHandlers(cred *RefreshableCred, roleName string, opts *CredentialsOpts) (http.HandlerFunc, http.HandlerFunc, http.HandlerFunc)
func BuildAuthorizationHeader ¶
func BuildAuthorizationHeader(request *http.Request, body io.ReadSeeker, signedHeadersString string, signature string, certificate x509.Certificate, signerParams SignerParams) string
Builds the complete authorization header
func CheckValidToken ¶ added in v1.0.3
func CheckValidToken(w http.ResponseWriter, r *http.Request) error
Helper function that checks to see whether the token provided in the request is valid
func CreateSignFunction ¶
func CreateSignFunction(privateKey crypto.PrivateKey, certificate x509.Certificate, certificateChain []x509.Certificate) func(*request.Request)
Create a function that will sign requests, given the signing certificate, optional certificate chain, and the private key
func CreateStringToSign ¶
func CreateStringToSign(canonicalRequest string, signerParams SignerParams) string
Create the string to sign.
func FindTokenTTLSeconds ¶ added in v1.0.4
Helper function that finds a token's TTL in seconds
func GenerateToken ¶ added in v1.0.3
Generates a random string with the specified length
func GetCredentialsFileContents ¶ added in v1.0.3
Assume that the credentials file is located in the default path: `~/.aws/credentials`
func GetWriteOnlyCredentialsFile ¶ added in v1.0.3
Assume that the credentials file exists already and open it for write operations
func InsertToken ¶ added in v1.0.3
Removes the token that expires the earliest
func ReadCertificateBundleData ¶
func ReadCertificateBundleData(certificateBundleId string) ([]*x509.Certificate, error)
Reads certificate bundle data from a file, whose path is provided
func ReadPrivateKeyData ¶
func ReadPrivateKeyData(privateKeyId string) (crypto.PrivateKey, error)
Load the private key referenced by `privateKeyId`.
func Serve ¶ added in v1.0.3
func Serve(port int, credentialsOptions CredentialsOpts)
func Update ¶ added in v1.0.3
func Update(credentialsOptions CredentialsOpts, profile string, once bool)
Updates credentials in the credentials file for the specified profile
Types ¶
type CertificateData ¶
type CertificateData struct { // Type for the key contained in the certificate. // Passed back to the `sign-string` command KeyType string `json:"keyType"` // Certificate, as base64-encoded DER; used in the `x-amz-x509` // header in the API request. CertificateData string `json:"certificateData"` // Serial number of the certificate. Used in the credential // field of the Authorization header SerialNumber string `json:"serialNumber"` // Supported signing algorithms based on the KeyType Algorithms []string `json:"supportedAlgorithms"` }
Container for certificate data returned to the SDK as JSON.
func ReadCertificateData ¶
func ReadCertificateData(certificateId string) (CertificateData, error)
Load the certificate referenced by `certificateId` and extract details required by the SDK to construct the StringToSign.
type CredentialProcessOutput ¶
type CredentialProcessOutput struct { // This field should be hard-coded to 1 for now. Version int `json:"Version"` // AWS Access Key ID AccessKeyId string `json:"AccessKeyId"` // AWS Secret Access Key SecretAccessKey string `json:"SecretAccessKey"` // AWS Session Token for temporary credentials SessionToken string `json:"SessionToken"` // ISO8601 timestamp for when the credentials expire Expiration string `json:"Expiration"` }
Container that adheres to the format of credential_process output as specified by AWS.
func GenerateCredentials ¶
func GenerateCredentials(opts *CredentialsOpts) (CredentialProcessOutput, error)
Function to create session and generate credentials
type CredentialsOpts ¶
type Endpoint ¶ added in v1.0.3
type Endpoint struct { PortNum int Server *http.Server TmpCred RefreshableCred }
type RefreshableCred ¶ added in v1.0.3
type RequestHeaderOpts ¶
type RequestHeaderOpts struct { // Certificate, as base64-encoded DER; used in the `x-amz-x509` // header in the API request. CertificateData string }
type RequestOpts ¶
type RequestOpts struct { // ARN of the Role to assume in the CreateSession call. RoleArn string // ARN of the Configuration to use in the CreateSession call. ConfigurationArn string // Certificate, as base64-encoded DER; used in the `x-amz-x509` // header in the API request. CertificateData string // Duration of the session that will be returned by CreateSession. DurationSeconds int }
Container for data that will be sent in a request to CreateSession.
type RequestQueryStringOpts ¶
type RolesAnywhereSigner ¶
type RolesAnywhereSigner struct { PrivateKey crypto.PrivateKey Certificate x509.Certificate CertificateChain []x509.Certificate }
func (RolesAnywhereSigner) SignWithCurrTime ¶
func (v4x509 RolesAnywhereSigner) SignWithCurrTime(req *request.Request) error
Sign the request using the current time
type SessionToken ¶ added in v1.0.3
type SignerParams ¶
type SignerParams struct { OverriddenDate time.Time RegionName string ServiceName string SigningAlgorithm string }
func (*SignerParams) GetFormattedShortSigningDateTime ¶
func (signerParams *SignerParams) GetFormattedShortSigningDateTime() string
Obtain the short date-time, formatted as specified by SigV4
func (*SignerParams) GetFormattedSigningDateTime ¶
func (signerParams *SignerParams) GetFormattedSigningDateTime() string
Obtain the date-time, formatted as specified by SigV4
func (*SignerParams) GetScope ¶
func (signerParams *SignerParams) GetScope() string
Obtain the scope as part of the SigV4-X509 signature
type SigningOpts ¶
type SigningOpts struct { // Private key to use for the signing operation. PrivateKey crypto.PrivateKey // Digest to use in the signing operation. For example, SHA256 Digest crypto.Hash }
type SigningResult ¶
type SigningResult struct { // Signature encoded in hex. Signature string `json:"signature"` }
Container for data returned after performing a signing operation.
func Sign ¶
func Sign(payload []byte, opts SigningOpts) (SigningResult, error)
Sign the provided payload with the specified options.