Documentation ¶
Index ¶
- Constants
- func ConfigPath() (string, error)
- func CreateConfig() error
- func GetUsernameFromSession(sess *session.Session) (string, error)
- func IsSessionKey(s string) bool
- type Config
- type KeyringProvider
- type KeyringSession
- type KeyringSessions
- func (s *KeyringSessions) Delete(profile string) (n int, err error)
- func (s *KeyringSessions) Retrieve(profile string) (creds sts.Credentials, err error)
- func (s *KeyringSessions) Sessions() ([]KeyringSession, error)
- func (s *KeyringSessions) Store(profile string, session sts.Credentials, expires time.Time) error
- type Profile
- type Rotator
- type VaultCredentials
- type VaultOptions
- type VaultProvider
Constants ¶
Variables ¶
This section is empty.
Functions ¶
func ConfigPath ¶
ConfigPath returns either $AWS_CONFIG_FILE or ~/.aws/config
func CreateConfig ¶
func CreateConfig() error
CreateConfig will create the config directory and file if they do not exist
func GetUsernameFromSession ¶
GetUsernameFromSession returns the IAM username (or root) associated with the current aws session
func IsSessionKey ¶
Types ¶
type Config ¶
type Config struct { Path string // contains filtered or unexported fields }
Config is an abstraction over what is in ~/.aws/config
func LoadConfig ¶
LoadConfig loads and parses a config. No error is returned if the file doesn't exist
func LoadConfigFromEnv ¶
LoadConfigFromEnv finds the config file from the environment
func (*Config) FormatCredentialError ¶
FormatCredentialError formats errors with some user friendly context
func (*Config) Profile ¶
Profile returns the profile with the matching name. If there isn't any, an empty profile with the provided name is returned, along with false.
type KeyringProvider ¶
func (*KeyringProvider) Delete ¶
func (p *KeyringProvider) Delete() error
func (*KeyringProvider) IsExpired ¶
func (p *KeyringProvider) IsExpired() bool
func (*KeyringProvider) Retrieve ¶
func (p *KeyringProvider) Retrieve() (val credentials.Value, err error)
func (*KeyringProvider) Store ¶
func (p *KeyringProvider) Store(val credentials.Value) error
type KeyringSession ¶
func (KeyringSession) IsExpired ¶
func (ks KeyringSession) IsExpired() bool
type KeyringSessions ¶
func NewKeyringSessions ¶
func NewKeyringSessions(k keyring.Keyring, cfg *Config) (*KeyringSessions, error)
func (*KeyringSessions) Delete ¶
func (s *KeyringSessions) Delete(profile string) (n int, err error)
Delete deletes any sessions for a specific profile, expects the profile to be provided, not the source
func (*KeyringSessions) Retrieve ¶
func (s *KeyringSessions) Retrieve(profile string) (creds sts.Credentials, err error)
Retrieve searches sessions for specific profile, expects the profile to be provided, not the source
func (*KeyringSessions) Sessions ¶
func (s *KeyringSessions) Sessions() ([]KeyringSession, error)
func (*KeyringSessions) Store ¶
func (s *KeyringSessions) Store(profile string, session sts.Credentials, expires time.Time) error
Store stores a sessions for a specific profile, expects the profile to be provided, not the source
type Profile ¶
type Profile struct { Name string `ini:"-"` MFASerial string `ini:"mfa_serial,omitempty"` RoleARN string `ini:"role_arn,omitempty"` ExternalID string `ini:"external_id,omitempty"` Region string `ini:"region,omitempty"` SourceProfile string `ini:"source_profile,omitempty"` RoleSessionName string `ini:"role_session_name,omitempty"` }
type Rotator ¶
type VaultCredentials ¶
type VaultCredentials struct { *credentials.Credentials // contains filtered or unexported fields }
func NewVaultCredentials ¶
func NewVaultCredentials(k keyring.Keyring, profile string, opts VaultOptions) (*VaultCredentials, error)
func (*VaultCredentials) Expires ¶
func (v *VaultCredentials) Expires() time.Time
type VaultOptions ¶
type VaultOptions struct { SessionDuration time.Duration AssumeRoleDuration time.Duration ExpiryWindow time.Duration MfaToken string MfaPrompt prompt.PromptFunc NoSession bool Config *Config MasterCreds *credentials.Value Region string Path string }
func (VaultOptions) ApplyDefaults ¶
func (o VaultOptions) ApplyDefaults() VaultOptions
func (VaultOptions) Validate ¶
func (o VaultOptions) Validate() error
type VaultProvider ¶
type VaultProvider struct { credentials.Expiry VaultOptions // contains filtered or unexported fields }
func NewVaultProvider ¶
func NewVaultProvider(k keyring.Keyring, profile string, opts VaultOptions) (*VaultProvider, error)
func (*VaultProvider) Retrieve ¶
func (p *VaultProvider) Retrieve() (credentials.Value, error)
Retrieve returns credentials protected by a GetSessionToken. If there is an associated role in the profile then AssumeRole is applied. The benefit of a session is that it doesn't require MFA or a user prompt to access the keychain item, much like sudo.
func (*VaultProvider) RetrieveWithoutSessionToken ¶
func (p *VaultProvider) RetrieveWithoutSessionToken() (credentials.Value, error)
RetrieveWithoutSessionToken returns credentials that are either the master credentials or a session created with AssumeRole. This allows for usecases where a token created with AssumeRole wouldn't work.