README
¶
go-kmsauth
This is a port of lyft/python-kmsauth to Go. We primarily wrote this to build blessclient.
Documentation
¶
Index ¶
Constants ¶
const ( // TokenVersion1 is a token version TokenVersion1 = 1 // TokenVersion2 is a token version TokenVersion2 = 2 )
const ( //TimeFormat the time format for kmsauth tokens // TimeFormat = "%Y%m%dT%H%M%SZ" TimeFormat = "20060102T150405Z" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthContext ¶
type AuthContext interface {
Validate() error
GetUsername() string
GetKMSContext() map[string]*string
}
AuthContext is a kms encryption context used to ascertain a user's identiy
type AuthContextV1 ¶
type AuthContextV1 struct {
From string `json:"from" validate:"required"`
To string `json:"to" validate:"required"`
}
AuthContextV1 is a kms encryption context used to ascertain a user's identiy
func (*AuthContextV1) GetKMSContext ¶
func (ac *AuthContextV1) GetKMSContext() map[string]*string
GetKMSContext gets the kms context
func (*AuthContextV1) GetUsername ¶
func (ac *AuthContextV1) GetUsername() string
GetUsername returns a username
type AuthContextV2 ¶
type AuthContextV2 struct {
From string `json:"from" validate:"required"`
To string `json:"to" validate:"required"`
UserType string `json:"user_type" validate:"required"`
}
AuthContextV2 is a kms encryption context used to ascertain a user's identiy
func (*AuthContextV2) GetKMSContext ¶
func (ac *AuthContextV2) GetKMSContext() map[string]*string
GetKMSContext gets the kms context
func (*AuthContextV2) GetUsername ¶
func (ac *AuthContextV2) GetUsername() string
GetUsername returns a username
type EncryptedToken ¶
type EncryptedToken string
EncryptedToken is a b64 kms encrypted token
func (EncryptedToken) String ¶
func (e EncryptedToken) String() string
String satisfies the stringer interface
type TokenCache ¶
type TokenCache struct {
Token Token `json:"token,omitempty"`
EncryptedToken EncryptedToken `json:"encrypted_token,omitempty"`
AuthContext map[string]*string `json:"auth_context,omitempty"`
}
TokenCache is a cached token, consists of a token and an encryptedToken
type TokenGenerator ¶
type TokenGenerator struct {
// AuthKey the key_arn or alias to use for authentication
AuthKey string
// TokenVersion is a kmsauth token version
TokenVersion TokenVersion
// The token lifetime
TokenLifetime time.Duration
// A file to use as a cache
TokenCacheFile *string
// An auth context
AuthContext AuthContext
// contains filtered or unexported fields
}
TokenGenerator generates a token
func NewTokenGenerator ¶
func NewTokenGenerator( authKey string, tokenVersion TokenVersion, tokenLifetime time.Duration, tokenCacheFile *string, authContext AuthContext, awsClient *cziAWS.Client, ) *TokenGenerator
NewTokenGenerator returns a new token generator
func (*TokenGenerator) GetEncryptedToken ¶
func (tg *TokenGenerator) GetEncryptedToken(ctx context.Context) (*EncryptedToken, error)
GetEncryptedToken returns the encrypted kmsauth token
func (*TokenGenerator) Validate ¶
func (tg *TokenGenerator) Validate() error
Validate validates the TokenGenerator
type TokenTime ¶
TokenTime is a custom time formatter
func (*TokenTime) MarshalJSON ¶
MarshalJSON marshals into json
func (*TokenTime) UnmarshalJSON ¶
UnmarshalJSON unmarshals
type TokenValidator ¶
type TokenValidator struct {
// An auth context
AuthContext AuthContext
// TokenLifetime is the max lifetime we accept tokens to have
TokenLifetime time.Duration
// AuthKeys are a set of KMSKeys to accept
AuthKeys map[string]bool
// AwsClient for kms encryption
AwsClient *cziAWS.Client
}
TokenValidator validates a token
func NewTokenValidator ¶
func NewTokenValidator( authKeys map[string]bool, authContext AuthContext, tokenLifetime time.Duration, awsClient *cziAWS.Client, ) *TokenValidator
NewTokenValidator returns a new token validator
func (*TokenValidator) ValidateToken ¶
func (tv *TokenValidator) ValidateToken(ctx context.Context, tokenb64 string) error
ValidateToken validates a token
Source Files