aws

package
v1.2.3-fred.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 18, 2022 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Overview

Copyright 2022 Gravitational, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	// PolicyVersion is default IAM policy version.
	PolicyVersion = "2012-10-17"
	// EffectAllow is the Allow IAM policy effect.
	EffectAllow = "Allow"
	// EffectDeny is the Deny IAM policy effect.
	EffectDeny = "Deny"
)
View Source 
const (
	// TagKeyTeleportCreated defines a tag key that indicates the the cloud
	// resource is created by Teleport.
	TagKeyTeleportCreated = "teleport.dev/created"

	// TagKeyTeleportManaged defines a tag key that indicates the the cloud
	// resource is being managed by Teleport.
	TagKeyTeleportManaged = "teleport.dev/managed"

	// TagValueTrue is the tag value "true" in string format.
	TagValueTrue = "true"
)

Variables

This section is empty.

Functions

func ConvertIAMError 

func ConvertIAMError(err error) error

ConvertIAMError converts common errors from IAM clients to trace errors.

func ConvertRequestFailureError 

func ConvertRequestFailureError(err error) error

ConvertRequestFailureError converts `error` into AWS RequestFailure errors to trace errors. If the provided error is not an `RequestFailure` it returns the error without modifying it.

func IsTagValueTrue 

func IsTagValueTrue(value string) bool

IsTagValueTrue checks whether a tag value is true.

Types

type Identity 

type Identity interface {
	// GetName returns the identity name.
	GetName() string
	// GetAccountID returns the AWS account ID the identity belongs to.
	GetAccountID() string
	// GetPartition returns the AWS partition the identity resides in.
	GetPartition() string
	// GetType returns the identity resource type.
	GetType() string
	// Stringer provides textual representation of identity.
	fmt.Stringer
}

Identity represents an AWS IAM identity such as user or role.

func GetIdentityWithClient 

func GetIdentityWithClient(ctx context.Context, stsClient stsiface.STSAPI) (Identity, error)

GetIdentityWithClient determines AWS identity of this Teleport process using the provided STS API client.

func IdentityFromArn 

func IdentityFromArn(arnString string) (Identity, error)

IdentityFromArn returns an `Identity` interface based on the provided ARN.

type InstanceMetadataClient 

type InstanceMetadataClient struct {
	// contains filtered or unexported fields
}

InstanceMetadataClient is a wrapper for an imds.Client.

func NewInstanceMetadataClient 

func NewInstanceMetadataClient(ctx context.Context, opts ...InstanceMetadataClientOption) (*InstanceMetadataClient, error)

NewInstanceMetadataClient creates a new instance metadata client.

func (*InstanceMetadataClient) GetHostname 

func (client *InstanceMetadataClient) GetHostname(ctx context.Context) (string, error)

GetHostname gets the hostname set by EC2 that Teleport should use, if any.

func (*InstanceMetadataClient) GetRegion 

func (client *InstanceMetadataClient) GetRegion(ctx context.Context) (string, error)

GetRegion gets the EC2 instance's region.

func (*InstanceMetadataClient) GetTags 

func (client *InstanceMetadataClient) GetTags(ctx context.Context) (map[string]string, error)

GetTags gets all of the EC2 instance's tags.

func (*InstanceMetadataClient) GetType 

func (client *InstanceMetadataClient) GetType() types.InstanceMetadataType

GetType gets the cloud instance type.

func (*InstanceMetadataClient) IsAvailable 

func (client *InstanceMetadataClient) IsAvailable(ctx context.Context) bool

IsAvailable checks if instance metadata is available.

type InstanceMetadataClientOption 

type InstanceMetadataClientOption func(client *InstanceMetadataClient) error

InstanceMetadataClientOption allows setting options as functional arguments to an InstanceMetadataClient.

func WithIMDSClient 

func WithIMDSClient(client *imds.Client) InstanceMetadataClientOption

WithIMDSClient adds a custom internal imds.Client to an InstanceMetadataClient.

type Policies 

type Policies interface {
	// Upsert creates a new Policy or creates a Policy version if a policy with
	// the same name already exists.
	Upsert(ctx context.Context, policy *Policy) (arn string, err error)
	// Retrieve retrieves a policy and its versions. If the tags list is
	// present, the Policy should have all of them, otherwise an error is
	// returned.
	Retrieve(ctx context.Context, arn string, tags map[string]string) (policy *iam.Policy, policyVersions []*iam.PolicyVersion, err error)
	// Attach attaches a policy with `arn` to the provided `identity`.
	Attach(ctx context.Context, arn string, identity Identity) error
	// AttachBoundary attaches a policy boundary with `arn` to the provided
	// `identity`.
	AttachBoundary(ctx context.Context, arn string, identity Identity) error
}

Policies set of IAM Policy helper functions defined as an interface to make easier for other packages to mock and test with it.

func NewPolicies 

func NewPolicies(partitionID string, accountID string, iamClient iamiface.IAMAPI) Policies

NewPolicies creates new instance of Policies using the provided identity, partitionID and IAM client.

type Policy 

type Policy struct {
	// Name is the policy name.
	Name string
	// Description is the policy description.
	Description string
	// Tags is the policy tags.
	Tags map[string]string
	// PolicyDocument is the IAM policy document.
	Document *PolicyDocument
}

Policy represents an AWS IAM policy.

func NewPolicy 

func NewPolicy(name, description string, tags map[string]string, document *PolicyDocument) *Policy

NewPolicy returns a new AWS IAM Policy.

type PolicyDocument 

type PolicyDocument struct {
	// Version is the policy version.
	Version string `json:"Version"`
	// Statements is a list of the policy statements.
	Statements []*Statement `json:"Statement"`
}

PolicyDocument represents a parsed AWS IAM policy document.

Note that PolicyDocument and its Ensure/Delete methods are not currently goroutine-safe. To create a policy using AWS IAM API, dump the object to JSON format using json.Marshal.

func NewPolicyDocument 

func NewPolicyDocument() *PolicyDocument

NewPolicyDocument returns new empty AWS IAM policy document.

func ParsePolicyDocument 

func ParsePolicyDocument(document string) (*PolicyDocument, error)

ParsePolicyDocument returns parsed AWS IAM policy document.

func (*PolicyDocument) Delete 

func (p *PolicyDocument) Delete(effect, action, resource string)

Delete deletes the specified resource action from the policy.

func (*PolicyDocument) Ensure 

func (p *PolicyDocument) Ensure(effect, action, resource string) bool

Ensure ensures that the policy document contains the specified resource action.

Returns true if the resource action was already a part of the policy and false otherwise.

func (*PolicyDocument) Marshal 

func (p *PolicyDocument) Marshal() (string, error)

Marshal formats the PolicyDocument in a "friendly" format, which can be presented to end users.

type Role 

type Role struct {
	// contains filtered or unexported fields
}

Role represents an AWS IAM role identity.

func (Role) GetAccountID 

func (i Role) GetAccountID() string

GetAccountID returns the identity account ID.

func (Role) GetName 

func (i Role) GetName() string

GetName returns the identity name.

func (Role) GetPartition 

func (i Role) GetPartition() string

GetPartition returns the identity AWS partition.

func (Role) GetType 

func (i Role) GetType() string

GetType returns the identity resource type.

func (Role) String 

func (i Role) String() string

String returns the AWS identity ARN.

type Statement 

type Statement struct {
	// Effect is the statement effect such as Allow or Deny.
	Effect string `json:"Effect"`
	// Actions is a list of actions.
	Actions []string `json:"Action"`
	// Resources is a list of resources.
	Resources []string `json:"Resource"`
}

Statement is a single AWS IAM policy statement.

type Unknown 

type Unknown struct {
	// contains filtered or unexported fields
}

Unknown represents an unknown/unsupported AWS IAM identity.

func (Unknown) GetAccountID 

func (i Unknown) GetAccountID() string

GetAccountID returns the identity account ID.

func (Unknown) GetName 

func (i Unknown) GetName() string

GetName returns the identity name.

func (Unknown) GetPartition 

func (i Unknown) GetPartition() string

GetPartition returns the identity AWS partition.

func (Unknown) GetType 

func (i Unknown) GetType() string

GetType returns the identity resource type.

func (Unknown) String 

func (i Unknown) String() string

String returns the AWS identity ARN.

type User 

type User struct {
	// contains filtered or unexported fields
}

User represents an AWS IAM user identity.

func (User) GetAccountID 

func (i User) GetAccountID() string

GetAccountID returns the identity account ID.

func (User) GetName 

func (i User) GetName() string

GetName returns the identity name.

func (User) GetPartition 

func (i User) GetPartition() string

GetPartition returns the identity AWS partition.

func (User) GetType 

func (i User) GetType() string

GetType returns the identity resource type.

func (User) String 

func (i User) String() string

String returns the AWS identity ARN.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.