Documentation ¶
Overview ¶
Package tokens provides information and interaction with the EC2 token API resource for the OpenStack Identity service.
For more information, see: https://docs.openstack.org/api-ref/identity/v2-ext/
Example to Create a Token From an EC2 access and secret keys
var authOptions tokens.AuthOptionsBuilder authOptions = &ec2tokens.AuthOptions{ Access: "a7f1e798b7c2417cba4a02de97dc3cdc", Secret: "18f4f6761ada4e3795fa5273c30349b9", } token, err := ec2tokens.Create(identityClient, authOptions).ExtractToken() if err != nil { panic(err) }
Example to auth a client using EC2 access and secret keys
client, err := openstack.NewClient("http://localhost:5000/v3") if err != nil { panic(err) } var authOptions tokens.AuthOptionsBuilder authOptions = &ec2tokens.AuthOptions{ Access: "a7f1e798b7c2417cba4a02de97dc3cdc", Secret: "18f4f6761ada4e3795fa5273c30349b9", AllowReauth: true, } err = openstack.AuthenticateV3(client, authOptions, gophercloud.EndpointOpts{}) if err != nil { panic(err) }
Index ¶
- Constants
- func Create(c *gophercloud.ServiceClient, opts tokens.AuthOptionsBuilder) (r tokens.CreateResult)
- func EC2CredentialsBuildAuthorizationHeaderV4(opts AuthOptions, signedHeaders string, signature string, date time.Time) string
- func EC2CredentialsBuildCanonicalHeadersV4(headers map[string]string, signedHeaders string) string
- func EC2CredentialsBuildCanonicalQueryStringV2(params map[string]string) string
- func EC2CredentialsBuildCanonicalQueryStringV4(verb string, params map[string]string) string
- func EC2CredentialsBuildSignatureKeyV4(secret, region, service string, date time.Time) []byte
- func EC2CredentialsBuildSignatureV4(key []byte, stringToSign []byte) string
- func EC2CredentialsBuildStringToSignV2(opts AuthOptions) []byte
- func EC2CredentialsBuildStringToSignV4(opts AuthOptions, signedHeaders string, bodyHash string, date time.Time) []byte
- func ValidateS3Token(c *gophercloud.ServiceClient, opts tokens.AuthOptionsBuilder) (r tokens.CreateResult)
- type AuthOptions
- func (opts *AuthOptions) CanReauth() bool
- func (opts *AuthOptions) ToTokenV3CreateMap(map[string]interface{}) (map[string]interface{}, error)
- func (opts *AuthOptions) ToTokenV3HeadersMap(map[string]interface{}) (map[string]string, error)
- func (opts *AuthOptions) ToTokenV3ScopeMap() (map[string]interface{}, error)
Constants ¶
const ( // EC2CredentialsAwsRequestV4 is a constant, used to generate AWS // Credential V4. EC2CredentialsAwsRequestV4 = "aws4_request" // EC2CredentialsHmacSha1V2 is a HMAC SHA1 signature method. Used to // generate AWS Credential V2. EC2CredentialsHmacSha1V2 = "HmacSHA1" // EC2CredentialsHmacSha256V2 is a HMAC SHA256 signature method. Used // to generate AWS Credential V2. EC2CredentialsHmacSha256V2 = "HmacSHA256" // EC2CredentialsAwsHmacV4 is an AWS signature V4 signing method. // More details: // https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html EC2CredentialsAwsHmacV4 = "AWS4-HMAC-SHA256" // EC2CredentialsTimestampFormatV4 is an AWS signature V4 timestamp // format. EC2CredentialsTimestampFormatV4 = "20060102T150405Z" // EC2CredentialsDateFormatV4 is an AWS signature V4 date format. EC2CredentialsDateFormatV4 = "20060102" )
Variables ¶
This section is empty.
Functions ¶
func Create ¶
func Create(c *gophercloud.ServiceClient, opts tokens.AuthOptionsBuilder) (r tokens.CreateResult)
Create authenticates and either generates a new token from EC2 credentials
func EC2CredentialsBuildAuthorizationHeaderV4 ¶
func EC2CredentialsBuildAuthorizationHeaderV4(opts AuthOptions, signedHeaders string, signature string, date time.Time) string
EC2CredentialsBuildAuthorizationHeaderV4 builds an AWS v4 Authorization header based on auth parameters, date and signature
func EC2CredentialsBuildCanonicalHeadersV4 ¶
EC2CredentialsBuildCanonicalHeadersV4 builds a canonical string based on "headers" map and "signedHeaders" string parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L216
func EC2CredentialsBuildCanonicalQueryStringV2 ¶
EC2CredentialsBuildCanonicalQueryStringV2 builds a canonical query string for an AWS signature V2. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L133
func EC2CredentialsBuildCanonicalQueryStringV4 ¶
EC2CredentialsBuildCanonicalQueryStringV2 builds a canonical query string for an AWS signature V4. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L244
func EC2CredentialsBuildSignatureKeyV4 ¶
EC2CredentialsBuildSignatureKeyV4 builds a HMAC 256 signature key based on input parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L169
func EC2CredentialsBuildSignatureV4 ¶
EC2CredentialsBuildSignatureV4 builds an AWS v4 signature based on input parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L285..L286
func EC2CredentialsBuildStringToSignV2 ¶
func EC2CredentialsBuildStringToSignV2(opts AuthOptions) []byte
EC2CredentialsBuildStringToSignV2 builds a string to sign an AWS signature V2. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L148
func EC2CredentialsBuildStringToSignV4 ¶
func EC2CredentialsBuildStringToSignV4(opts AuthOptions, signedHeaders string, bodyHash string, date time.Time) []byte
EC2CredentialsBuildStringToSignV4 builds an AWS v4 signature string to sign based on input parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L251
func ValidateS3Token ¶
func ValidateS3Token(c *gophercloud.ServiceClient, opts tokens.AuthOptionsBuilder) (r tokens.CreateResult)
ValidateS3Token authenticates an S3 request using EC2 credentials. Doesn't generate a new token ID, but returns a tokens.CreateResult.
Types ¶
type AuthOptions ¶
type AuthOptions struct { // Access is the EC2 Credential Access ID. Access string `json:"access" required:"true"` // Secret is the EC2 Credential Secret, used to calculate signature. // Not used, when a Signature is is. Secret string `json:"-"` // Host is a HTTP request Host header. Used to calculate an AWS // signature V2. For signature V4 set the Host inside Headers map. // Optional. Host string `json:"host"` // Path is a HTTP request path. Optional. Path string `json:"path"` // Verb is a HTTP request method. Optional. Verb string `json:"verb"` // Headers is a map of HTTP request headers. Optional. Headers map[string]string `json:"headers"` // Region is a region name to calculate an AWS signature V4. Optional. Region string `json:"-"` // Service is a service name to calculate an AWS signature V4. Optional. Service string `json:"-"` // Params is a map of GET method parameters. Optional. Params map[string]string `json:"params"` // AllowReauth allows Gophercloud to re-authenticate automatically // if/when your token expires. AllowReauth bool `json:"-"` // Signature can be either a []byte (encoded to base64 automatically) or // a string. You can set the singature explicitly, when you already know // it. In this case default Params won't be automatically set. Optional. Signature interface{} `json:"signature"` // BodyHash is a HTTP request body sha256 hash. When nil and Signature // is not set, a random hash is generated. Optional. BodyHash *string `json:"body_hash"` // Timestamp is a timestamp to calculate a V4 signature. Optional. Timestamp *time.Time `json:"-"` // Token is a []byte string (encoded to base64 automatically) which was // signed by an EC2 secret key. Used by S3 tokens for validation only. // Token must be set with a Signature. If a Signature is not provided, // a Token will be generated automatically along with a Signature. Token []byte `json:"token,omitempty"` }
AuthOptions represents options for authenticating a user using EC2 credentials.
func (*AuthOptions) CanReauth ¶
func (opts *AuthOptions) CanReauth() bool
CanReauth is a method method to satisfy tokens.AuthOptionsBuilder interface
func (*AuthOptions) ToTokenV3CreateMap ¶
func (opts *AuthOptions) ToTokenV3CreateMap(map[string]interface{}) (map[string]interface{}, error)
ToTokenV3CreateMap formats an AuthOptions into a create request.
func (*AuthOptions) ToTokenV3HeadersMap ¶ added in v0.11.0
func (opts *AuthOptions) ToTokenV3HeadersMap(map[string]interface{}) (map[string]string, error)
ToTokenV3HeadersMap allows AuthOptions to satisfy the AuthOptionsBuilder interface in the v3 tokens package.
func (*AuthOptions) ToTokenV3ScopeMap ¶
func (opts *AuthOptions) ToTokenV3ScopeMap() (map[string]interface{}, error)
ToTokenV3ScopeMap is a dummy method to satisfy tokens.AuthOptionsBuilder interface.