kmsauth

package module
v0.0.0-...-9e957ff Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 2, 2025 License: MIT Imports: 15 Imported by: 0

README

go-kmsauth


This is a port of lyft/python-kmsauth to Go. We primarily wrote this to build blessclient.

Documentation

Index

Constants

View Source
const (
	// TokenVersion1 is a token version
	TokenVersion1 = 1
	// TokenVersion2 is a token version
	TokenVersion2 = 2
)
View Source
const (
	//TimeFormat the time format for kmsauth tokens
	// TimeFormat  = "%Y%m%dT%H%M%SZ"
	TimeFormat = "20060102T150405Z"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthContext

type AuthContext interface {
	Validate() error
	GetUsername() string
	GetKMSContext() map[string]*string
}

AuthContext is a kms encryption context used to ascertain a user's identiy

type AuthContextV1

type AuthContextV1 struct {
	From string `json:"from" validate:"required"`
	To   string `json:"to" validate:"required"`
}

AuthContextV1 is a kms encryption context used to ascertain a user's identiy

func (*AuthContextV1) GetKMSContext

func (ac *AuthContextV1) GetKMSContext() map[string]*string

GetKMSContext gets the kms context

func (*AuthContextV1) GetUsername

func (ac *AuthContextV1) GetUsername() string

GetUsername returns a username

func (*AuthContextV1) Validate

func (ac *AuthContextV1) Validate() error

Validate validates

type AuthContextV2

type AuthContextV2 struct {
	From     string `json:"from" validate:"required"`
	To       string `json:"to" validate:"required"`
	UserType string `json:"user_type" validate:"required"`
}

AuthContextV2 is a kms encryption context used to ascertain a user's identiy

func (*AuthContextV2) GetKMSContext

func (ac *AuthContextV2) GetKMSContext() map[string]*string

GetKMSContext gets the kms context

func (*AuthContextV2) GetUsername

func (ac *AuthContextV2) GetUsername() string

GetUsername returns a username

func (*AuthContextV2) Validate

func (ac *AuthContextV2) Validate() error

Validate validates

type EncryptedToken

type EncryptedToken string

EncryptedToken is a b64 kms encrypted token

func (EncryptedToken) String

func (e EncryptedToken) String() string

String satisfies the stringer interface

type Token

type Token struct {
	NotBefore TokenTime `json:"not_before"`
	NotAfter  TokenTime `json:"not_after"`
}

Token is a kmsauth token

func NewToken

func NewToken(tokenLifetime time.Duration) *Token

NewToken generates a new token

func (*Token) IsValid

func (t *Token) IsValid(tokenLifetime time.Duration) error

IsValid returns an error if token is invalid, nil if valid

type TokenCache

type TokenCache struct {
	Token          Token              `json:"token,omitempty"`
	EncryptedToken EncryptedToken     `json:"encrypted_token,omitempty"`
	AuthContext    map[string]*string `json:"auth_context,omitempty"`
}

TokenCache is a cached token, consists of a token and an encryptedToken

type TokenGenerator

type TokenGenerator struct {
	// AuthKey the key_arn or alias to use for authentication
	AuthKey string
	// TokenVersion is a kmsauth token version
	TokenVersion TokenVersion
	// The token lifetime
	TokenLifetime time.Duration
	// A file to use as a cache
	TokenCacheFile *string
	// An auth context
	AuthContext AuthContext
	// contains filtered or unexported fields
}

TokenGenerator generates a token

func NewTokenGenerator

func NewTokenGenerator(
	authKey string,
	tokenVersion TokenVersion,
	tokenLifetime time.Duration,
	tokenCacheFile *string,
	authContext AuthContext,
	awsClient *cziAWS.Client,
) *TokenGenerator

NewTokenGenerator returns a new token generator

func (*TokenGenerator) GetEncryptedToken

func (tg *TokenGenerator) GetEncryptedToken(ctx context.Context) (*EncryptedToken, error)

GetEncryptedToken returns the encrypted kmsauth token

func (*TokenGenerator) Validate

func (tg *TokenGenerator) Validate() error

Validate validates the TokenGenerator

type TokenTime

type TokenTime struct {
	time.Time
}

TokenTime is a custom time formatter

func (*TokenTime) MarshalJSON

func (t *TokenTime) MarshalJSON() ([]byte, error)

MarshalJSON marshals into json

func (*TokenTime) UnmarshalJSON

func (t *TokenTime) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals

type TokenValidator

type TokenValidator struct {
	// An auth context
	AuthContext AuthContext
	// TokenLifetime is the max lifetime we accept tokens to have
	TokenLifetime time.Duration
	// AuthKeys are a set of KMSKeys to accept
	AuthKeys map[string]bool
	// AwsClient for kms encryption
	AwsClient *cziAWS.Client
}

TokenValidator validates a token

func NewTokenValidator

func NewTokenValidator(
	authKeys map[string]bool,
	authContext AuthContext,
	tokenLifetime time.Duration,
	awsClient *cziAWS.Client,
) *TokenValidator

NewTokenValidator returns a new token validator

func (*TokenValidator) ValidateToken

func (tv *TokenValidator) ValidateToken(ctx context.Context, tokenb64 string) error

ValidateToken validates a token

type TokenVersion

type TokenVersion int

TokenVersion is a token version

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL