Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateLoginData ¶
func GenerateLoginData(in *LoginInput) (map[string]interface{}, error)
GenerateLoginData populates the necessary data to send for the bearer token. https://github.com/hashicorp/go-secure-stdlib/blob/main/awsutil/generate_credentials.go#L232-L301
Types ¶
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
func NewAuthenticator ¶
func NewAuthenticator(config *Config, logger hclog.Logger) (*Authenticator, error)
func (*Authenticator) ValidateLogin ¶
func (a *Authenticator) ValidateLogin(ctx context.Context, loginToken string) (*IdentityDetails, error)
ValidateLogin determines if the identity in the loginToken is permitted to login. If so, it returns details about the identity. Otherwise, an error is returned.
type BearerToken ¶
type BearerToken struct {
// contains filtered or unexported fields
}
BearerToken is a login "token" for an IAM auth method. It is a signed sts:GetCallerIdentity request in JSON format. Optionally, it can include a signed embedded iam:GetRole or iam:GetUser request in the headers.
func NewBearerToken ¶
func NewBearerToken(loginToken string, config *Config) (*BearerToken, error)
func (*BearerToken) GetCallerIdentityRequest ¶
func (t *BearerToken) GetCallerIdentityRequest() (*http.Request, error)
GetCallerIdentityRequest returns the sts:GetCallerIdentity request decoded from the bearer token.
func (*BearerToken) GetEntityRequest ¶
func (t *BearerToken) GetEntityRequest() (*http.Request, error)
GetEntityRequest returns the iam:GetUser or iam:GetRole request from the request details, if present, embedded in the headers of the sts:GetCallerIdentity request.
func (*BearerToken) UnmarshalJSON ¶
func (t *BearerToken) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals the bearer token details which contains an HTTP request (a signed sts:GetCallerIdentity request).
type Config ¶
type Config struct { BoundIAMPrincipalARNs []string EnableIAMEntityDetails bool IAMEntityTags []string ServerIDHeaderValue string MaxRetries int IAMEndpoint string STSEndpoint string AllowedSTSHeaderValues []string // Customizable header names ServerIDHeaderName string GetEntityMethodHeader string GetEntityURLHeader string GetEntityHeadersHeader string GetEntityBodyHeader string }
type IdentityDetails ¶
type LoginInput ¶
type LoginInput struct { Creds *credentials.Credentials IncludeIAMEntity bool STSEndpoint string STSRegion string Logger hclog.Logger ServerIDHeaderValue string // Customizable header names ServerIDHeaderName string GetEntityMethodHeader string GetEntityURLHeader string GetEntityHeadersHeader string GetEntityBodyHeader string }