awsutil

package

v0.2.1 Latest Latest Go to latest Published: Jul 13, 2021 License: MPL-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/vault

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func AppendAWSError(err error) error
func CheckAWSError(err error) error
func GenerateLoginData(creds *credentials.Credentials, headerValue, configuredRegion string, ...) (map[string]interface{}, error)
func GetRegion(configuredRegion string) (string, error)
func RetrieveCreds(accessKey, secretKey, sessionToken string, logger hclog.Logger) (*credentials.Credentials, error)
type CredentialsConfig
- func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials, error)
type MockIAM

Constants ¶

View Source

const DefaultRegion = "us-east-1"

"us-east-1 is used because it's where AWS first provides support for new features, is a widely used region, and is the most common one for some services like STS.

Variables ¶

View Source

var ErrUpstreamRateLimited = errors.New("upstream rate limited")

Functions ¶

func AppendAWSError ¶

func AppendAWSError(err error) error

AppendAWSError checks if the given error is a known AWS error we modify, and if so then returns a go-multierror, appending the original and the AWS error. If the error is not an AWS error, or not an error we wish to modify, then return the original error.

func CheckAWSError ¶

func CheckAWSError(err error) error

CheckAWSError will examine an error and convert to a logical error if appropriate. If no appropriate error is found, return nil

func GenerateLoginData ¶ added in v0.2.1

func GenerateLoginData(creds *credentials.Credentials, headerValue, configuredRegion string, logger hclog.Logger) (map[string]interface{}, error)

GenerateLoginData populates the necessary data to send to the Vault server for generating a token This is useful for other API clients to use

func GetRegion ¶

func GetRegion(configuredRegion string) (string, error)

It's impossible to mimic "normal" AWS behavior here because it's not consistent or well-defined. For example, boto3, the Python SDK (which the aws cli uses), loads `~/.aws/config` by default and only reads the `AWS_DEFAULT_REGION` environment variable (and not `AWS_REGION`, while the golang SDK does _mostly_ the opposite -- it reads the region **only** from `AWS_REGION` and not at all `~/.aws/config`, **unless** the `AWS_SDK_LOAD_CONFIG` environment variable is set. So, we must define our own approach to walking AWS config and deciding what to use.

Our chosen approach is:

"More specific takes precedence over less specific."

1. User-provided configuration is the most explicit. 2. Environment variables are potentially shared across many invocations and so they have less precedence. 3. Configuration in `~/.aws/config` is shared across all invocations of a given user and so this has even less precedence. 4. Configuration retrieved from the EC2 instance metadata service is shared by all invocations on a given machine, and so it has the lowest precedence.

This approach should be used in future updates to this logic.

func RetrieveCreds ¶ added in v0.2.1

func RetrieveCreds(accessKey, secretKey, sessionToken string, logger hclog.Logger) (*credentials.Credentials, error)

Types ¶

type CredentialsConfig ¶

type CredentialsConfig struct {
	// The access key if static credentials are being used
	AccessKey string

	// The secret key if static credentials are being used
	SecretKey string

	// The session token if it is being used
	SessionToken string

	// If specified, the region will be provided to the config of the
	// EC2RoleProvider's client. This may be useful if you want to e.g. reuse
	// the client elsewhere.
	Region string

	// The filename for the shared credentials provider, if being used
	Filename string

	// The profile for the shared credentials provider, if being used
	Profile string

	// The http.Client to use, or nil for the client to use its default
	HTTPClient *http.Client

	// The logger to use for credential acquisition debugging
	Logger hclog.Logger
}

func (*CredentialsConfig) GenerateCredentialChain ¶

func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials, error)

type MockIAM ¶

type MockIAM struct {
	iamiface.IAMAPI

	CreateAccessKeyOutput *iam.CreateAccessKeyOutput
	DeleteAccessKeyOutput *iam.DeleteAccessKeyOutput
	GetUserOutput         *iam.GetUserOutput
}

func (*MockIAM) CreateAccessKey ¶

func (m *MockIAM) CreateAccessKey(*iam.CreateAccessKeyInput) (*iam.CreateAccessKeyOutput, error)

func (*MockIAM) DeleteAccessKey ¶

func (m *MockIAM) DeleteAccessKey(*iam.DeleteAccessKeyInput) (*iam.DeleteAccessKeyOutput, error)

func (*MockIAM) GetUser ¶

func (m *MockIAM) GetUser(*iam.GetUserInput) (*iam.GetUserOutput, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL