Documentation ¶
Index ¶
- Constants
- func GetAccountIDAndPartition(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (string, string, error)
- func GetAccountIDAndPartitionFromEC2Metadata() (string, string, error)
- func GetAccountIDAndPartitionFromIAMGetUser(iamconn *iam.IAM) (string, string, error)
- func GetAccountIDAndPartitionFromIAMListRoles(iamconn *iam.IAM) (string, string, error)
- func GetAccountIDAndPartitionFromSTSGetCallerIdentity(stsconn *sts.STS) (string, string, error)
- func GetCredentials(c *Config) (*awsCredentials.Credentials, error)
- func GetCredentialsFromSession(c *Config) (*awsCredentials.Credentials, error)
- func GetMockedAwsApiSession(svcName string, endpoints []*MockEndpoint) (func(), *session.Session, error)
- func GetSession(c *Config) (*session.Session, error)
- func GetSessionOptions(c *Config) (*session.Options, error)
- func GetSessionWithAccountIDAndPartition(c *Config) (*session.Session, string, string, error)
- func IsAWSErr(err error, code string, message string) bool
- func IsAWSErrExtended(err error, code string, message string, origErrMessage string) bool
- func IsCannotAssumeRoleError(err error) bool
- func IsNoValidCredentialSourcesError(err error) bool
- func MockAwsApiServer(svcName string, endpoints []*MockEndpoint) *httptest.Server
- func ValidateAccountID(accountID string, allowedAccountIDs, forbiddenAccountIDs []string) error
- func ValidateRegion(region string) error
- type CannotAssumeRoleError
- type Config
- type DebugLogger
- type MetadataResponse
- type MockEndpoint
- type MockRequest
- type MockResponse
- type NoValidCredentialSourcesError
- type UserAgentProduct
Constants ¶
const ( // Default amount of time for EC2/ECS metadata client operations. // Keep this value low to prevent long delays in non-EC2/ECS environments. DefaultMetadataClientTimeout = 100 * time.Millisecond )
const ( // Maximum network retries. // We depend on the AWS Go SDK DefaultRetryer exponential backoff. // Ensure that if the AWS Config MaxRetries is set high (which it is by // default), that we only retry for a few seconds with typically // unrecoverable network errors, such as DNS lookup failures. MaxNetworkRetryCount = 9 )
Variables ¶
This section is empty.
Functions ¶
func GetAccountIDAndPartition ¶
func GetAccountIDAndPartition(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (string, string, error)
GetAccountIDAndPartition gets the account ID and associated partition.
func GetAccountIDAndPartitionFromEC2Metadata ¶
GetAccountIDAndPartitionFromEC2Metadata gets the account ID and associated partition from EC2 metadata.
func GetAccountIDAndPartitionFromIAMGetUser ¶
GetAccountIDAndPartitionFromIAMGetUser gets the account ID and associated partition from IAM.
func GetAccountIDAndPartitionFromIAMListRoles ¶
GetAccountIDAndPartitionFromIAMListRoles gets the account ID and associated partition from listing IAM roles.
func GetAccountIDAndPartitionFromSTSGetCallerIdentity ¶
GetAccountIDAndPartitionFromSTSGetCallerIdentity gets the account ID and associated partition from STS caller identity.
func GetCredentials ¶
func GetCredentials(c *Config) (*awsCredentials.Credentials, error)
GetCredentials gets credentials from the environment, shared credentials, the session (which may include a credential process), or ECS/EC2 metadata endpoints. GetCredentials also validates the credentials and the ability to assume a role or will return an error if unsuccessful.
func GetCredentialsFromSession ¶ added in v0.4.0
func GetCredentialsFromSession(c *Config) (*awsCredentials.Credentials, error)
GetCredentialsFromSession returns credentials derived from a session. A session uses the AWS SDK Go chain of providers so may use a provider (e.g., ProcessProvider) that is not part of the Terraform provider chain.
func GetMockedAwsApiSession ¶
func GetMockedAwsApiSession(svcName string, endpoints []*MockEndpoint) (func(), *session.Session, error)
GetMockedAwsApiSession establishes an AWS session to a simulated AWS API server for a given service and route endpoints.
func GetSession ¶
GetSession attempts to return valid AWS Go SDK session.
func GetSessionOptions ¶
GetSessionOptions attempts to return valid AWS Go SDK session authentication options based on pre-existing credential provider, configured profile, or fallback to automatically a determined session via the AWS Go SDK.
func GetSessionWithAccountIDAndPartition ¶
GetSessionWithAccountIDAndPartition attempts to return valid AWS Go SDK session along with account ID and partition information if available
func IsAWSErr ¶
IsAWSErr returns true if the error matches all these conditions:
- err is of type awserr.Error
- Error.Code() matches code
- Error.Message() contains message
func IsAWSErrExtended ¶
IsAWSErrExtended returns true if the error matches all these conditions:
- err is of type awserr.Error
- Error.Code() matches code
- Error.Message() contains message
- Error.OrigErr() contains origErrMessage
func IsCannotAssumeRoleError ¶ added in v0.5.0
IsCannotAssumeRoleError returns true if the error contains the CannotAssumeRoleError type.
func IsNoValidCredentialSourcesError ¶ added in v0.5.0
IsNoValidCredentialSourcesError returns true if the error contains the NoValidCredentialSourcesError type.
func MockAwsApiServer ¶ added in v0.4.0
func MockAwsApiServer(svcName string, endpoints []*MockEndpoint) *httptest.Server
MockAwsApiServer establishes a httptest server to simulate behaviour of a real AWS API server
func ValidateAccountID ¶ added in v0.2.0
ValidateAccountID checks if the given AWS account ID is specifically allowed or forbidden. The allowedAccountIDs can be used as a whitelist and forbiddenAccountIDs can be used as a blacklist.
func ValidateRegion ¶ added in v0.2.0
ValidateRegion checks if the given region is a valid AWS region.
Types ¶
type CannotAssumeRoleError ¶ added in v0.5.0
CannotAssumeRoleError occurs when AssumeRole cannot complete.
func (CannotAssumeRoleError) Error ¶ added in v0.5.0
func (e CannotAssumeRoleError) Error() string
func (CannotAssumeRoleError) Unwrap ¶ added in v0.5.0
func (e CannotAssumeRoleError) Unwrap() error
type Config ¶
type Config struct { AccessKey string AssumeRoleARN string AssumeRoleDurationSeconds int AssumeRoleExternalID string AssumeRolePolicy string AssumeRolePolicyARNs []string AssumeRoleSessionName string AssumeRoleTags map[string]string AssumeRoleTransitiveTagKeys []string CallerDocumentationURL string CallerName string CredsFilename string DebugLogging bool IamEndpoint string Insecure bool MaxRetries int Profile string Region string SecretKey string SkipCredsValidation bool SkipMetadataApiCheck bool SkipRequestingAccountId bool StsEndpoint string Token string UserAgentProducts []*UserAgentProduct }
func (*Config) EndpointResolver ¶ added in v0.5.0
func (*Config) NewCannotAssumeRoleError ¶ added in v0.5.0
func (c *Config) NewCannotAssumeRoleError(err error) CannotAssumeRoleError
func (*Config) NewNoValidCredentialSourcesError ¶ added in v0.5.0
func (c *Config) NewNoValidCredentialSourcesError(err error) NoValidCredentialSourcesError
type DebugLogger ¶
type DebugLogger struct{}
func (DebugLogger) Log ¶
func (l DebugLogger) Log(args ...interface{})
type MetadataResponse ¶ added in v0.4.0
MetadataResponse represents a metadata server response URI and body
type MockEndpoint ¶
type MockEndpoint struct { Request *MockRequest Response *MockResponse }
MockEndpoint represents a basic request and response that can be used for creating simple httptest server routes.
type MockRequest ¶
MockRequest represents a basic HTTP request
type MockResponse ¶
MockResponse represents a basic HTTP response.
type NoValidCredentialSourcesError ¶ added in v0.5.0
NoValidCredentialSourcesError occurs when all credential lookup methods have been exhausted without results.
func (NoValidCredentialSourcesError) Error ¶ added in v0.5.0
func (e NoValidCredentialSourcesError) Error() string
func (NoValidCredentialSourcesError) Unwrap ¶ added in v0.5.0
func (e NoValidCredentialSourcesError) Unwrap() error