kion

package
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 30, 2024 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// SAMLLocalAuthPort is the port to use to accept back the access token from SAML
	SAMLLocalAuthPort = "8400"
)

Functions

func DownloadSAMLMetadata

func DownloadSAMLMetadata(metadataUrl string) (*samlTypes.EntityDescriptor, error)

func GetFederationURL

func GetFederationURL(host string, token string, car CAR) (string, error)

GetFederationURL queries the Kion API to generate a federation URL.

func GetSessionDuration added in v0.2.0

func GetSessionDuration(host string, token string) (int, error)

GetSessionDuration returns the AWS session duration configuration Kion uses to generate session tokens. If 403 is received, we assume the shortest setting of 15 minutes.

func GetVersion added in v0.1.0

func GetVersion(host string, token string) (string, error)

GetVersion returns the targeted Kion's version number.

func ReadSAMLMetadataFile

func ReadSAMLMetadataFile(metadataFile string) (*samlTypes.EntityDescriptor, error)

Types

type AccessData

type AccessData struct {
	Access TokenData `json:"access"`
}

type Account

type Account struct {
	Email                     string `json:"account_email"`
	Name                      string `json:"account_name"`
	Number                    string `json:"account_number"`
	TypeID                    uint   `json:"account_type_id"`
	ID                        uint   `json:"id"`
	IncludeLinkedAccountSpend bool   `json:"include_linked_account_spend"`
	LinkedAccountNumber       string `json:"linked_account_number"`
	LinkedRole                string `json:"linked_role"`
	PayerID                   uint   `json:"payer_id"`
	ProjectID                 uint   `json:"project_id"`
	SkipAccessChecking        bool   `json:"skip_access_checking"`
	UseOrgAccountInfo         bool   `json:"use_org_account_info"`
}

Account maps to the Kion API response for account data.

func GetAccount

func GetAccount(host string, token string, accountNum string) (*Account, int, error)

GetAccount returns an account by the given account number.

func GetAccountsOnProject

func GetAccountsOnProject(host string, token string, id uint) ([]Account, int, error)

GetAccountsOnProject returns a list of Accounts associated with a given Kion project.

type AccountResponse

type AccountResponse struct {
	Status  int     `json:"status"`
	Account Account `json:"data"`
}

AccountResponse maps to the Kion API response.

type AccountsResponse

type AccountsResponse struct {
	Status   int       `json:"status"`
	Accounts []Account `json:"data"`
}

AccountsResponse maps to the Kion API response.

type AuthData

type AuthData struct {
	AuthToken string
	Cookies   []*http.Cookie
	CSRFToken string
}

func AuthenticateSAML

func AuthenticateSAML(appUrl string, metadata *samlTypes.EntityDescriptor, serviceProviderIssuer string) (*AuthData, error)

type AuthRequest

type AuthRequest struct {
	IDMSID   uint   `json:"idms"`
	Username string `json:"username"`
	Password string `json:"password"`
}

AuthRequest maps to the required post body when interfacing with the Kion API.

type AuthResponse

type AuthResponse struct {
	Status  int     `json:"status"`
	Session Session `json:"data"`
}

AuthResponse maps to the Kion API response.

type CAR

type CAR struct {
	AccountID           uint   `json:"account_id"`
	AccountNumber       string `json:"account_number"`
	AccountType         string `json:"account_type"`
	AccountTypeID       uint   `json:"account_type_id"`
	AccountName         string `json:"account_name"`
	ApplyToAllAccounts  bool   `json:"apply_to_all_accounts"`
	AwsIamPath          string `json:"aws_iam_path"`
	AwsIamRoleName      string `json:"aws_iam_role_name"`
	CloudAccessRoleType string `json:"cloud_access_role_type"`
	CreatedAt           struct {
		Time  time.Time `json:"Time"`
		Valid bool      `json:"Valid"`
	} `json:"created_at"`
	DeletedAt struct {
		Time  time.Time `json:"Time"`
		Valid bool      `json:"Valid"`
	} `json:"deleted_at"`
	FutureAccounts      bool   `json:"future_accounts"`
	ID                  uint   `json:"id"`
	LongTermAccessKeys  bool   `json:"long_term_access_keys"`
	Name                string `json:"name"`
	ProjectID           uint   `json:"project_id"`
	ShortTermAccessKeys bool   `json:"short_term_access_keys"`
	UpdatedAt           struct {
		Time  time.Time `json:"Time"`
		Valid bool      `json:"Valid"`
	} `json:"updated_at"`
	WebAccess bool `json:"web_access"`
}

CAR maps to the Kion API response for cloud access roles.

func GetAllCARsByName added in v0.1.0

func GetAllCARsByName(host string, token string, carName string) ([]CAR, error)

GetAllCARsByName returns a slice of cars that matches a given name.

func GetCARByName added in v0.0.2

func GetCARByName(host string, token string, carName string) (CAR, error)

GetCARByName returns a car that matches a given name. IMPORTANT: please use GetCARByNameAndAccount instead where possible as there are no constraints against CARs with duplicate names, this function is kept as a convenience and workaround for users on older version of Kion that have limited permissions.

func GetCARByNameAndAccount added in v0.1.0

func GetCARByNameAndAccount(host string, token string, carName string, accountNumber string) (CAR, error)

GetCARByNameAndAccount returns a car that matches by name and account number.

func GetCARS

func GetCARS(host string, token string) ([]CAR, error)

GetCARS queries the Kion API for all cloud access roles to which the authenticated user has access. Deleted CARs will be excluded.

func GetCARSOnAccount

func GetCARSOnAccount(host string, token string, accID uint) ([]CAR, error)

GetCARSOnAccount returns all cloud access roles that match a given account.

func GetCARSOnProject

func GetCARSOnProject(host string, token string, projID uint, accID uint) ([]CAR, error)

GetCARSOnProject returns all cloud access roles that match a given project and account.

type CARResponse

type CARResponse struct {
	Status int   `json:"status"`
	CARS   []CAR `json:"data"`
}

CARResponse maps to the Kion API response.

type CSRFResponse

type CSRFResponse struct {
	Data string `json:"data"`
}

type ConsoleAccessCAR added in v0.0.2

type ConsoleAccessCAR struct {
	CARName        string    `json:"name"`
	CARID          uint      `json:"id"`
	CARRoleType    string    `json:"role_type"`
	Accounts       []Account `json:"accounts"`
	ConsoleAccess  bool      `json:"console_access"`
	STAKAccess     bool      `json:"short_term_key_access"`
	LTAKAccess     bool      `json:"long_term_key_access"`
	AwsIamRoleName string    `json:"aws_iam_role_name"`
}

ConsoleAccessCAR maps to the Kion API response for CAR data.

func GetConsoleAccessCARS added in v0.0.2

func GetConsoleAccessCARS(host string, token string, projID uint) ([]ConsoleAccessCAR, error)

GetConsoleAccessCARS hits the private API endpoint to gather all cloud access roles a user has access to. This method should only be used as a fallback.

type ConsoleAccessCARResponse added in v0.0.2

type ConsoleAccessCARResponse struct {
	Status            int                `json:"status"`
	ConsoleAccessCARs []ConsoleAccessCAR `json:"data"`
}

ConsoleAccessResponse maps to the Kion V1 API response.

type IDMS

type IDMS struct {
	ID         uint   `json:"id"`
	IdmsTypeID uint   `json:"idms_type_id"`
	Name       string `json:"name"`
}

IDMS maps to the Kion API response for configured IDMSs.

func GetIDMSs

func GetIDMSs(host string) ([]IDMS, error)

GetIDMSs queries the Kion API for all configured IDMS systems with which a user can authenticate via username and password.

type IDMSResponse

type IDMSResponse struct {
	Status int    `json:"status"`
	IDMSs  []IDMS `json:"data"`
}

IDMSResponse maps to the Kion API response.

type Project

type Project struct {
	Archived         bool   `json:"archived"`
	AutoPay          bool   `json:"auto_pay"`
	DefaultAwsRegion string `json:"default_aws_region"`
	Description      string `json:"description"`
	ID               uint   `json:"id"`
	Name             string `json:"name"`
	OuID             uint   `json:"ou_id"`
}

Project maps to the Kion API response for projects.

func GetProjectByID added in v0.1.0

func GetProjectByID(host string, token string, id uint) (Project, error)

GetProjectByID returns the project for a given project ID. Note that if a user has car access only to a project this will return a 403. To accommodate users with minimal permissions test response codes and fallback accordingly or use GetProjects which will work but be more verbose.

func GetProjects

func GetProjects(host string, token string) ([]Project, error)

GetProject queries the Kion API for a list of all projects within the application.

type ProjectResponse

type ProjectResponse struct {
	Status  int     `json:"status"`
	Project Project `json:"data"`
}

ProjectResponse maps to the Kion API response.

type ProjectsResponse added in v0.1.0

type ProjectsResponse struct {
	Status   int       `json:"status"`
	Projects []Project `json:"data"`
}

ProjectsResponse maps to the Kion API response.

type SSOAuthResponse

type SSOAuthResponse struct {
	Data AccessData `json:"data"`
}

type STAK

type STAK struct {
	AccessKey       string `json:"access_key"`
	SecretAccessKey string `json:"secret_access_key"`
	SessionToken    string `json:"session_token"`
	Duration        int64  `json:"duration"`
	Expiration      time.Time
}

STAK maps to the Kion API response for short term access keys.

func GetSTAK

func GetSTAK(host string, token string, carName string, accNum string) (STAK, error)

GetSTAK queries the Kion API to generate short term access keys.

type STAKRequest

type STAKRequest struct {
	AccountNumber string `json:"account_number"`
	CARName       string `json:"cloud_access_role_name"`
}

STAKRequest maps to the required post body when interfacing with the Kion API.

type STAKResponse

type STAKResponse struct {
	Status int  `json:"status"`
	STAK   STAK `json:"data"`
}

STAKResponse maps to the Kion API response.

type SamlCallbackResult

type SamlCallbackResult struct {
	Data *AuthData
	Err  error
}

type Session

type Session struct {
	// ID       int `json:"id"`
	IDMSID   uint
	UserName string
	// UserID   int `json:"user_id"`
	Access struct {
		Expiry string `json:"expiry"`
		Token  string `json:"token"`
	} `json:"access"`
	Refresh struct {
		Expiry string `json:"expiry"`
		Token  string `json:"token"`
	} `json:"refresh"`
}

Session maps to the session data returned by Kion after authentication.

func Authenticate

func Authenticate(host string, idmsID uint, un string, pw string) (Session, error)

Authenticate queries the Kion API to authenticate a user via username and password.

type TokenData

type TokenData struct {
	Token string `json:"token"`
}

type URLRequest

type URLRequest struct {
	AccountID      uint   `json:"account_id"`
	AccountName    string `json:"account_name"`
	AccountNumber  string `json:"account_number"`
	AWSIAMRoleName string `json:"aws_iam_role_name"`
	AccountTypeID  uint   `json:"account_type_id"`
	RoleID         uint   `json:"role_id"`
	RoleType       string `json:"role_type"`
}

URLRequest maps to the required post body when interfacing with the Kion API.

type URLResponse

type URLResponse struct {
	Status int    `json:"status"`
	URL    string `json:"data"`
}

URLResponse maps to the Kion API response.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL