ec2tokens

package
v0.18.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 11, 2021 License: Apache-2.0 Imports: 12 Imported by: 7

Documentation

Overview

Package tokens provides information and interaction with the EC2 token API resource for the OpenStack Identity service.

For more information, see: https://docs.openstack.org/api-ref/identity/v2-ext/

Example to Create a Token From an EC2 access and secret keys

var authOptions tokens.AuthOptionsBuilder
authOptions = &ec2tokens.AuthOptions{
	Access: "a7f1e798b7c2417cba4a02de97dc3cdc",
	Secret: "18f4f6761ada4e3795fa5273c30349b9",
}

token, err := ec2tokens.Create(identityClient, authOptions).ExtractToken()
if err != nil {
	panic(err)
}

Example to auth a client using EC2 access and secret keys

client, err := openstack.NewClient("http://localhost:5000/v3")
if err != nil {
	panic(err)
}

var authOptions tokens.AuthOptionsBuilder
authOptions = &ec2tokens.AuthOptions{
	Access:      "a7f1e798b7c2417cba4a02de97dc3cdc",
	Secret:      "18f4f6761ada4e3795fa5273c30349b9",
	AllowReauth: true,
}

err = openstack.AuthenticateV3(client, authOptions, gophercloud.EndpointOpts{})
if err != nil {
	panic(err)
}

Index

Constants

View Source
const (
	// EC2CredentialsAwsRequestV4 is a constant, used to generate AWS
	// Credential V4.
	EC2CredentialsAwsRequestV4 = "aws4_request"
	// EC2CredentialsHmacSha1V2 is a HMAC SHA1 signature method. Used to
	// generate AWS Credential V2.
	EC2CredentialsHmacSha1V2 = "HmacSHA1"
	// EC2CredentialsHmacSha256V2 is a HMAC SHA256 signature method. Used
	// to generate AWS Credential V2.
	EC2CredentialsHmacSha256V2 = "HmacSHA256"
	// EC2CredentialsAwsHmacV4 is an AWS signature V4 signing method.
	// More details:
	// https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
	EC2CredentialsAwsHmacV4 = "AWS4-HMAC-SHA256"
	// EC2CredentialsTimestampFormatV4 is an AWS signature V4 timestamp
	// format.
	EC2CredentialsTimestampFormatV4 = "20060102T150405Z"
	// EC2CredentialsDateFormatV4 is an AWS signature V4 date format.
	EC2CredentialsDateFormatV4 = "20060102"
)

Variables

This section is empty.

Functions

func Create

Create authenticates and either generates a new token from EC2 credentials

func EC2CredentialsBuildAuthorizationHeaderV4

func EC2CredentialsBuildAuthorizationHeaderV4(opts AuthOptions, signedHeaders string, signature string, date time.Time) string

EC2CredentialsBuildAuthorizationHeaderV4 builds an AWS v4 Authorization header based on auth parameters, date and signature

func EC2CredentialsBuildCanonicalHeadersV4

func EC2CredentialsBuildCanonicalHeadersV4(headers map[string]string, signedHeaders string) string

EC2CredentialsBuildCanonicalHeadersV4 builds a canonical string based on "headers" map and "signedHeaders" string parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L216

func EC2CredentialsBuildCanonicalQueryStringV2

func EC2CredentialsBuildCanonicalQueryStringV2(params map[string]string) string

EC2CredentialsBuildCanonicalQueryStringV2 builds a canonical query string for an AWS signature V2. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L133

func EC2CredentialsBuildCanonicalQueryStringV4

func EC2CredentialsBuildCanonicalQueryStringV4(verb string, params map[string]string) string

EC2CredentialsBuildCanonicalQueryStringV2 builds a canonical query string for an AWS signature V4. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L244

func EC2CredentialsBuildSignatureKeyV4

func EC2CredentialsBuildSignatureKeyV4(secret, region, service string, date time.Time) []byte

EC2CredentialsBuildSignatureKeyV4 builds a HMAC 256 signature key based on input parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L169

func EC2CredentialsBuildSignatureV4

func EC2CredentialsBuildSignatureV4(key []byte, stringToSign []byte) string

EC2CredentialsBuildSignatureV4 builds an AWS v4 signature based on input parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L285..L286

func EC2CredentialsBuildStringToSignV2

func EC2CredentialsBuildStringToSignV2(opts AuthOptions) []byte

EC2CredentialsBuildStringToSignV2 builds a string to sign an AWS signature V2. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L148

func EC2CredentialsBuildStringToSignV4

func EC2CredentialsBuildStringToSignV4(opts AuthOptions, signedHeaders string, bodyHash string, date time.Time) []byte

EC2CredentialsBuildStringToSignV4 builds an AWS v4 signature string to sign based on input parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L251

func ValidateS3Token

ValidateS3Token authenticates an S3 request using EC2 credentials. Doesn't generate a new token ID, but returns a tokens.CreateResult.

Types

type AuthOptions

type AuthOptions struct {
	// Access is the EC2 Credential Access ID.
	Access string `json:"access" required:"true"`
	// Secret is the EC2 Credential Secret, used to calculate signature.
	// Not used, when a Signature is is.
	Secret string `json:"-"`
	// Host is a HTTP request Host header. Used to calculate an AWS
	// signature V2. For signature V4 set the Host inside Headers map.
	// Optional.
	Host string `json:"host"`
	// Path is a HTTP request path. Optional.
	Path string `json:"path"`
	// Verb is a HTTP request method. Optional.
	Verb string `json:"verb"`
	// Headers is a map of HTTP request headers. Optional.
	Headers map[string]string `json:"headers"`
	// Region is a region name to calculate an AWS signature V4. Optional.
	Region string `json:"-"`
	// Service is a service name to calculate an AWS signature V4. Optional.
	Service string `json:"-"`
	// Params is a map of GET method parameters. Optional.
	Params map[string]string `json:"params"`
	// AllowReauth allows Gophercloud to re-authenticate automatically
	// if/when your token expires.
	AllowReauth bool `json:"-"`
	// Signature can be either a []byte (encoded to base64 automatically) or
	// a string. You can set the singature explicitly, when you already know
	// it. In this case default Params won't be automatically set. Optional.
	Signature interface{} `json:"signature"`
	// BodyHash is a HTTP request body sha256 hash. When nil and Signature
	// is not set, a random hash is generated. Optional.
	BodyHash *string `json:"body_hash"`
	// Timestamp is a timestamp to calculate a V4 signature. Optional.
	Timestamp *time.Time `json:"-"`
	// Token is a []byte string (encoded to base64 automatically) which was
	// signed by an EC2 secret key. Used by S3 tokens for validation only.
	// Token must be set with a Signature. If a Signature is not provided,
	// a Token will be generated automatically along with a Signature.
	Token []byte `json:"token,omitempty"`
}

AuthOptions represents options for authenticating a user using EC2 credentials.

func (*AuthOptions) CanReauth

func (opts *AuthOptions) CanReauth() bool

CanReauth is a method method to satisfy tokens.AuthOptionsBuilder interface

func (*AuthOptions) ToTokenV3CreateMap

func (opts *AuthOptions) ToTokenV3CreateMap(map[string]interface{}) (map[string]interface{}, error)

ToTokenV3CreateMap formats an AuthOptions into a create request.

func (*AuthOptions) ToTokenV3HeadersMap added in v0.11.0

func (opts *AuthOptions) ToTokenV3HeadersMap(map[string]interface{}) (map[string]string, error)

ToTokenV3HeadersMap allows AuthOptions to satisfy the AuthOptionsBuilder interface in the v3 tokens package.

func (*AuthOptions) ToTokenV3ScopeMap

func (opts *AuthOptions) ToTokenV3ScopeMap() (map[string]interface{}, error)

ToTokenV3ScopeMap is a dummy method to satisfy tokens.AuthOptionsBuilder interface.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL