iamauth

package

v1.13.0-alpha2 Latest Latest Go to latest Published: Jun 21, 2022 License: MPL-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/consul

README ¶

This is an internal package to house the AWS IAM auth method utilities for potential future extraction from Consul.

Documentation ¶

Index ¶

func GenerateLoginData(in *LoginInput) (map[string]interface{}, error)
type Authenticator
- func NewAuthenticator(config *Config, logger hclog.Logger) (*Authenticator, error)
- func (a *Authenticator) ValidateLogin(ctx context.Context, loginToken string) (*IdentityDetails, error)
type BearerToken
- func NewBearerToken(loginToken string, config *Config) (*BearerToken, error)
type Config
- func (c *Config) Validate() error
type IdentityDetails
type LoginInput

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateLoginData ¶

func GenerateLoginData(in *LoginInput) (map[string]interface{}, error)

GenerateLoginData populates the necessary data to send for the bearer token. https://github.com/hashicorp/go-secure-stdlib/blob/main/awsutil/generate_credentials.go#L232-L301

Types ¶

type Authenticator ¶

type Authenticator struct {
	// contains filtered or unexported fields
}

func NewAuthenticator ¶

func NewAuthenticator(config *Config, logger hclog.Logger) (*Authenticator, error)

func (*Authenticator) ValidateLogin ¶

func (a *Authenticator) ValidateLogin(ctx context.Context, loginToken string) (*IdentityDetails, error)

ValidateLogin determines if the identity in the loginToken is permitted to login. If so, it returns details about the identity. Otherwise, an error is returned.

type BearerToken ¶

type BearerToken struct {
	// contains filtered or unexported fields
}

BearerToken is a login "token" for an IAM auth method. It is a signed sts:GetCallerIdentity request in JSON format. Optionally, it can include a signed embedded iam:GetRole or iam:GetUser request in the headers.

func NewBearerToken ¶

func NewBearerToken(loginToken string, config *Config) (*BearerToken, error)

func (*BearerToken) GetCallerIdentityRequest ¶

func (t *BearerToken) GetCallerIdentityRequest() (*http.Request, error)

GetCallerIdentityRequest returns the sts:GetCallerIdentity request decoded from the bearer token.

func (*BearerToken) GetEntityRequest ¶

func (t *BearerToken) GetEntityRequest() (*http.Request, error)

GetEntityRequest returns the iam:GetUser or iam:GetRole request from the request details, if present, embedded in the headers of the sts:GetCallerIdentity request.

func (*BearerToken) UnmarshalJSON ¶

func (t *BearerToken) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshals the bearer token details which contains an HTTP request (a signed sts:GetCallerIdentity request).

type Config ¶

type Config struct {
	BoundIAMPrincipalARNs  []string
	EnableIAMEntityDetails bool
	IAMEntityTags          []string
	ServerIDHeaderValue    string
	MaxRetries             int
	IAMEndpoint            string
	STSEndpoint            string
	AllowedSTSHeaderValues []string

	// Customizable header names
	ServerIDHeaderName     string
	GetEntityMethodHeader  string
	GetEntityURLHeader     string
	GetEntityHeadersHeader string
	GetEntityBodyHeader    string
}

func (*Config) Validate ¶

func (c *Config) Validate() error

type IdentityDetails ¶

type IdentityDetails struct {
	EntityName string
	EntityId   string
	AccountId  string

	EntityPath string
	EntityTags map[string]string
}

type LoginInput ¶

type LoginInput struct {
	Creds            *credentials.Credentials
	IncludeIAMEntity bool
	STSEndpoint      string
	STSRegion        string

	Logger hclog.Logger

	ServerIDHeaderValue string
	// Customizable header names
	ServerIDHeaderName     string
	GetEntityMethodHeader  string
	GetEntityURLHeader     string
	GetEntityHeadersHeader string
	GetEntityBodyHeader    string
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
iamauthtest
responses
responsestest

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL