aws_config_server

package

v0.26.3 Latest Latest Go to latest Published: Aug 11, 2023 License: MIT Imports: 30 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/chanzuckerberg/aws-oidc

Links

Open Source Insights

Documentation ¶

Index ¶

func GetRouter(ctx context.Context, config *RouterConfig) http.Handler
func Health(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
func Index(awsGenerationParams *AWSConfigGenerationParams, ...) httprouter.Handle
type AWSAccount
- func (a *AWSAccount) GetAliasOrName() string
type AWSConfig
- func (a *AWSConfig) GetAccounts() []AWSAccount
- func (a *AWSConfig) GetProfilesForAccount(account AWSAccount) []AWSProfile
- func (a *AWSConfig) GetRoleNames() []string
- func (a *AWSConfig) HasAccount(acctName string) bool
type AWSConfigGenerationParams
type AWSProfile
type Action
- func (a *Action) UnmarshalJSON(data []byte) error
type CachedGetClientIDToProfiles
- func NewCachedGetClientIDToProfiles(ctx context.Context, configParams *AWSConfigGenerationParams, ...) (*CachedGetClientIDToProfiles, error)
- func (c *CachedGetClientIDToProfiles) Get(ctx context.Context) (*oidcFederatedRoles, error)
type ClientIDToAWSRoles
type Condition
type PolicyDocument
- func NewPolicyDocument(assumeRolePolicyDocument string) (*PolicyDocument, error)
type Principal
type RouterConfig
type StatementEntry
- func (se *StatementEntry) GetFederatedClientIDs(oidcProviderHostname string) []okta.ClientID
type StringEqualsCondition
- func (sec *StringEqualsCondition) UnmarshalJSON(data []byte) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetRouter ¶

func GetRouter(
	ctx context.Context,
	config *RouterConfig,
) http.Handler

func Health ¶

func Health(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func Index ¶

func Index(
	awsGenerationParams *AWSConfigGenerationParams,
	cachedClientIDtoProfiles *CachedGetClientIDToProfiles,
	oktaClient okta.AppResource,
) httprouter.Handle

Types ¶

type AWSAccount ¶ added in v0.7.0

type AWSAccount struct {
	ID    string `json:"id,omitempty"`
	Name  string `json:"name,omitempty"`
	Alias string `json:"alias,omitempty"`
}

func (*AWSAccount) GetAliasOrName ¶ added in v0.16.0

func (a *AWSAccount) GetAliasOrName() string

type AWSConfig ¶ added in v0.7.0

type AWSConfig struct {
	Profiles []AWSProfile `json:"profiles,omitempty"`
}

func (*AWSConfig) GetAccounts ¶ added in v0.7.0

func (a *AWSConfig) GetAccounts() []AWSAccount

func (*AWSConfig) GetProfilesForAccount ¶ added in v0.7.0

func (a *AWSConfig) GetProfilesForAccount(account AWSAccount) []AWSProfile

func (*AWSConfig) GetRoleNames ¶ added in v0.10.0

func (a *AWSConfig) GetRoleNames() []string

func (*AWSConfig) HasAccount ¶ added in v0.7.0

func (a *AWSConfig) HasAccount(acctName string) bool

type AWSConfigGenerationParams ¶

type AWSConfigGenerationParams struct {
	OIDCProvider  string
	AWSWorkerRole string
	AWSOrgRoles   []string
	Concurrency   int
	SkipAccounts  sets.StringSet
}

type AWSProfile ¶ added in v0.7.0

type AWSProfile struct {
	ClientID   okta.ClientID `json:"client_id,omitempty"`
	AWSAccount AWSAccount    `json:"aws_account,omitempty"`
	RoleARN    string        `json:"role_arn,omitempty"`
	IssuerURL  string        `json:"issuer_url,omitempty"`
	RoleName   string        `json:"role_name,omitempty"`
}

type Action ¶

type Action []string

func (*Action) UnmarshalJSON ¶

func (a *Action) UnmarshalJSON(data []byte) error

type CachedGetClientIDToProfiles ¶

type CachedGetClientIDToProfiles struct {
	// contains filtered or unexported fields
}

func NewCachedGetClientIDToProfiles ¶

func NewCachedGetClientIDToProfiles(
	ctx context.Context,
	configParams *AWSConfigGenerationParams,
	awsSession *session.Session,
) (*CachedGetClientIDToProfiles, error)

func (*CachedGetClientIDToProfiles) Get ¶

func (c *CachedGetClientIDToProfiles) Get(ctx context.Context) (*oidcFederatedRoles, error)

Get returns the cached values

type ClientIDToAWSRoles ¶

type ClientIDToAWSRoles struct {
	// contains filtered or unexported fields
}

type Condition ¶

type Condition struct {
	StringEquals StringEqualsCondition `json:"StringEquals"`
}

We only care about the "StringEquals" field in Condition

type PolicyDocument ¶

type PolicyDocument struct {
	Version    string           `json:"Version"`
	Statements []StatementEntry `json:"Statement"`
}

func NewPolicyDocument ¶ added in v0.19.0

func NewPolicyDocument(assumeRolePolicyDocument string) (*PolicyDocument, error)

type Principal ¶

type Principal struct {
	Federated string `json:"Federated"`
}

We only care about the "Federated" field in Principal

type RouterConfig ¶

type RouterConfig struct {
	Verifier              oidcVerifier
	AwsGenerationParams   *AWSConfigGenerationParams
	OktaAppClient         okta.AppResource
	GetClientIDToProfiles *CachedGetClientIDToProfiles
}

type StatementEntry ¶

type StatementEntry struct {
	Effect    string    `json:"Effect"`
	Action    Action    `json:"Action"`
	Sid       string    `json:"Sid"`
	Principal Principal `json:"Principal"`
	Condition Condition `json:"Condition"`
}

func (*StatementEntry) GetFederatedClientIDs ¶ added in v0.19.0

func (se *StatementEntry) GetFederatedClientIDs(oidcProviderHostname string) []okta.ClientID

type StringEqualsCondition ¶ added in v0.19.0

type StringEqualsCondition map[string][]string

func (*StringEqualsCondition) UnmarshalJSON ¶ added in v0.19.0

func (sec *StringEqualsCondition) UnmarshalJSON(data []byte) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL