utils

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2023 License: MIT Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PresignHeader - HTTP Header for pre-signed requests
	PresignHeader = "X-Amazon-Presigned-Getcalleridentity"
	// EmptyBodyHash - Hash of empty body
	EmptyBodyHash = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
)
View Source 
const (
	// DefaultCacheTime should be lower than token validity
	DefaultCacheTime = 2 * time.Minute
	// DefaultValidity is the default for new tokens
	DefaultValidity = 5 * time.Minute

	// HTTPRetryTime for doing the check on AWS STS
	HTTPRetryTime = 3 * time.Second
)
View Source 
const (
	// Delimiter between entries
	Delimiter = ","
	// UserPassSeparator separates username from password (cannot use :)
	UserPassSeparator = "|"
	// IAMAuthFlag defines that IAM authentication should be used
	IAMAuthFlag = "$iam" // starts with $ so it's an invalid crypted password
)
View Source 
const MaxRetryTime = 30 * time.Second

MaxRetryTime is the maximum time we will retry AWS cals

Variables

View Source 
var (
	// Mutex is used for mutual exclusion
	Mutex sync.Mutex
	// Names contains all the secrets
	Names = make(map[string]struct{})
)

Functions

func Constrain added in v0.0.16 

func Constrain(original string, duration time.Duration, defaultAPIType *api.APIType) (string, error)

Constrain constrains a given authenticator

func DeleteSecret 

func DeleteSecret(ctx context.Context, name string) (string, error)

DeleteSecret - deletes a secret - Deprecated since you cannot reuse same secret name in 7 days

func GetConstrained 

func GetConstrained(d *entities.Data, duration time.Duration) entities.Data

GetConstrained returns a constrained version of d (macaroon will be time constrained)

func GetData 

func GetData(name string, uniqueID string) (*entities.Data, error)

GetData - obtain data from vault

func GetSecret 

func GetSecret(ctx context.Context, arn string) (string, string, error)

GetSecret - gets secret by arn

func InvalidateSecret 

func InvalidateSecret(ctx context.Context, name string) (string, error)

InvalidateSecret - is used as a replacement for DeleteSecret

func InvalidateSecretDummy 

func InvalidateSecretDummy(ctx context.Context, name string) (string, error)

InvalidateSecretDummy - mock version of the InvalidateSecret method

func InvalidateSecretWithRetries 

func InvalidateSecretWithRetries(ctx context.Context, name string) (string, error)

InvalidateSecretWithRetries calls InvalidateSecret with retry logic

func LoadSecrets 

func LoadSecrets(ctx context.Context, prefix string) map[string]string

LoadSecrets - loads all secrets (used at startup)

func PresignGetCallerIdentity 

func PresignGetCallerIdentity(validity time.Duration) (string, error)

PresignGetCallerIdentity will sign a query string to retrieve my caller identity by third party. Returns: - the query string - error (when not successful)

func VerifyGetCallerIdentity 

func VerifyGetCallerIdentity(query string, timeout time.Duration) (string, error)

VerifyGetCallerIdentity will verify that query string received is actually a presigned URL to sts/GetCallerIdentity. Returns:

  • ARN of the identity when successful
  • error else

Types

type AuthenticatorType added in v0.0.16 

type AuthenticatorType int

AuthenticatorType enum 

const (
	Unknown AuthenticatorType = iota
	Macaroon
	Rune
)

AuthenticatorType values

func DetectAuthenticatorType added in v0.0.16 

func DetectAuthenticatorType(str string, whenMultipleMatch *api.APIType) AuthenticatorType

DetectAuthenticatorType detects what kind of authenticator is used

func ToAuthenticatorType added in v0.0.16 

func ToAuthenticatorType(t api.APIType) AuthenticatorType

ToAuthenticatorType returns what kind of authenticator a given API uses

type Change 

type Change int

Change enum 

const (
	Undefined Change = iota
	Inserted
	Updated
)

Change enum values

func InsertOrUpdateSecret 

func InsertOrUpdateSecret(ctx context.Context, name, value string) (string, Change, error)

InsertOrUpdateSecret - inserts or updates a secret

func InsertOrUpdateSecretWithRetries 

func InsertOrUpdateSecretWithRetries(ctx context.Context, name, value string) (string, Change, error)

InsertOrUpdateSecretWithRetries - calls InsertOrUpdateSecret with retry logic

func InsertSecretDummy 

func InsertSecretDummy(ctx context.Context, name, value string) (string, Change, error)

InsertSecretDummy - mock version of the InsertSecret method

type ConstrainFunc added in v0.0.16 

type ConstrainFunc func(string, time.Duration) (string, error)

ConstrainFunc is the method signature

type DeleteSecretSignature 

type DeleteSecretSignature func(ctx context.Context, name string) (string, error)

DeleteSecretSignature is the signature of a function

type GetCallerIdentityResponse 

type GetCallerIdentityResponse struct {
	GetCallerIdentityResult GetCallerIdentityResult
}

GetCallerIdentityResponse struct

type GetCallerIdentityResult 

type GetCallerIdentityResult struct {
	Arn     string `xml:"Arn"`
	UserID  string `xml:"UserId"`
	Account string `xml:"Account"`
}

GetCallerIdentityResult struct

type InsertOrUpdateSecretData added in v0.0.18 

type InsertOrUpdateSecretData struct {
	Arn    string
	Change Change
}

InsertOrUpdateSecretData struct

type InsertOrUpdateSecretSignature 

type InsertOrUpdateSecretSignature func(ctx context.Context, name, value string) (string, Change, error)

InsertOrUpdateSecretSignature is the signature of a function

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.