Documentation ¶
Index ¶
- Variables
- func DownloadSAMLMetadata(metadataUrl string) (*samlTypes.EntityDescriptor, error)
- func GetFederationURL(host string, token string, car CAR) (string, error)
- func GetSessionDuration(host string, token string) (int, error)
- func GetVersion(host string) (string, error)
- func ReadSAMLMetadataFile(metadataFile string) (*samlTypes.EntityDescriptor, error)
- type AccessData
- type Account
- type AccountResponse
- type AccountsResponse
- type AuthData
- type AuthRequest
- type AuthResponse
- type CAR
- func GetAllCARsByName(host string, token string, carName string) ([]CAR, error)
- func GetCARByName(host string, token string, carName string) (CAR, error)
- func GetCARByNameAndAccount(host string, token string, carName string, accountNumber string) (CAR, error)
- func GetCARS(host string, token string) ([]CAR, error)
- func GetCARSOnAccount(host string, token string, accID uint) ([]CAR, error)
- func GetCARSOnProject(host string, token string, projID uint, accID uint) ([]CAR, error)
- type CARResponse
- type CSRFResponse
- type ConsoleAccessCAR
- type ConsoleAccessCARResponse
- type IDMS
- type IDMSResponse
- type Project
- type ProjectResponse
- type ProjectsResponse
- type SSOAuthResponse
- type STAK
- type STAKRequest
- type STAKResponse
- type SamlCallbackResult
- type Session
- type TokenData
- type URLRequest
- type URLResponse
Constants ¶
This section is empty.
Variables ¶
var (
// SAMLLocalAuthPort is the port to use to accept back the access token from SAML
SAMLLocalAuthPort = "8400"
)
Functions ¶
func DownloadSAMLMetadata ¶
func DownloadSAMLMetadata(metadataUrl string) (*samlTypes.EntityDescriptor, error)
func GetFederationURL ¶
GetFederationURL queries the Kion API to generate a federation URL.
func GetSessionDuration ¶ added in v0.2.0
GetSessionDuration returns the AWS session duration configuration Kion uses to generate session tokens. If 403 is received, we assume the shortest setting of 15 minutes.
func GetVersion ¶ added in v0.1.0
GetVersion returns the targeted Kion's version number.
func ReadSAMLMetadataFile ¶
func ReadSAMLMetadataFile(metadataFile string) (*samlTypes.EntityDescriptor, error)
Types ¶
type AccessData ¶
type AccessData struct {
Access TokenData `json:"access"`
}
type Account ¶
type Account struct { Email string `json:"account_email"` Name string `json:"account_name"` Number string `json:"account_number"` TypeID uint `json:"account_type_id"` ID uint `json:"id"` IncludeLinkedAccountSpend bool `json:"include_linked_account_spend"` LinkedAccountNumber string `json:"linked_account_number"` LinkedRole string `json:"linked_role"` PayerID uint `json:"payer_id"` ProjectID uint `json:"project_id"` SkipAccessChecking bool `json:"skip_access_checking"` UseOrgAccountInfo bool `json:"use_org_account_info"` }
Account maps to the Kion API response for account data.
func GetAccount ¶
GetAccount returns an account by the given account number.
type AccountResponse ¶
AccountResponse maps to the Kion API response.
type AccountsResponse ¶
AccountsResponse maps to the Kion API response.
type AuthData ¶
func AuthenticateSAML ¶
func AuthenticateSAMLOld ¶ added in v0.4.0
func AuthenticateSAMLOld(appUrl string, metadata *samlTypes.EntityDescriptor, serviceProviderIssuer string) (*AuthData, error)
AuthenticateSAMLOld is the old version of AuthenticateSAML that does not use a cookie-based exchange.
type AuthRequest ¶
type AuthRequest struct { IDMSID uint `json:"idms"` Username string `json:"username"` Password string `json:"password"` }
AuthRequest maps to the required post body when interfacing with the Kion API.
type AuthResponse ¶
AuthResponse maps to the Kion API response.
type CAR ¶
type CAR struct { AccountID uint `json:"account_id"` AccountNumber string `json:"account_number"` AccountType string `json:"account_type"` AccountTypeID uint `json:"account_type_id"` AccountName string `json:"account_name"` ApplyToAllAccounts bool `json:"apply_to_all_accounts"` AwsIamPath string `json:"aws_iam_path"` AwsIamRoleName string `json:"aws_iam_role_name"` CloudAccessRoleType string `json:"cloud_access_role_type"` CreatedAt struct { Time time.Time `json:"Time"` Valid bool `json:"Valid"` } `json:"created_at"` DeletedAt struct { Time time.Time `json:"Time"` Valid bool `json:"Valid"` } `json:"deleted_at"` FutureAccounts bool `json:"future_accounts"` ID uint `json:"id"` LongTermAccessKeys bool `json:"long_term_access_keys"` Name string `json:"name"` ProjectID uint `json:"project_id"` ShortTermAccessKeys bool `json:"short_term_access_keys"` UpdatedAt struct { Time time.Time `json:"Time"` Valid bool `json:"Valid"` } `json:"updated_at"` WebAccess bool `json:"web_access"` }
CAR maps to the Kion API response for cloud access roles.
func GetAllCARsByName ¶ added in v0.1.0
GetAllCARsByName returns a slice of cars that matches a given name.
func GetCARByName ¶ added in v0.0.2
GetCARByName returns a car that matches a given name. IMPORTANT: please use GetCARByNameAndAccount instead where possible as there are no constraints against CARs with duplicate names, this function is kept as a convenience and workaround for users on older version of Kion that have limited permissions.
func GetCARByNameAndAccount ¶ added in v0.1.0
func GetCARByNameAndAccount(host string, token string, carName string, accountNumber string) (CAR, error)
GetCARByNameAndAccount returns a car that matches by name and account number.
func GetCARS ¶
GetCARS queries the Kion API for all cloud access roles to which the authenticated user has access. Deleted CARs will be excluded.
func GetCARSOnAccount ¶
GetCARSOnAccount returns all cloud access roles that match a given account.
type CARResponse ¶
CARResponse maps to the Kion API response.
type CSRFResponse ¶
type CSRFResponse struct {
Data string `json:"data"`
}
type ConsoleAccessCAR ¶ added in v0.0.2
type ConsoleAccessCAR struct { CARName string `json:"name"` CARID uint `json:"id"` CARRoleType string `json:"role_type"` Accounts []Account `json:"accounts"` ConsoleAccess bool `json:"console_access"` STAKAccess bool `json:"short_term_key_access"` LTAKAccess bool `json:"long_term_key_access"` AwsIamRoleName string `json:"aws_iam_role_name"` }
ConsoleAccessCAR maps to the Kion API response for CAR data.
func GetConsoleAccessCARS ¶ added in v0.0.2
func GetConsoleAccessCARS(host string, token string, projID uint) ([]ConsoleAccessCAR, error)
GetConsoleAccessCARS hits the private API endpoint to gather all cloud access roles a user has access to. This method should only be used as a fallback.
type ConsoleAccessCARResponse ¶ added in v0.0.2
type ConsoleAccessCARResponse struct { Status int `json:"status"` ConsoleAccessCARs []ConsoleAccessCAR `json:"data"` }
ConsoleAccessResponse maps to the Kion V1 API response.
type IDMS ¶
type IDMS struct { ID uint `json:"id"` IdmsTypeID uint `json:"idms_type_id"` Name string `json:"name"` }
IDMS maps to the Kion API response for configured IDMSs.
type IDMSResponse ¶
IDMSResponse maps to the Kion API response.
type Project ¶
type Project struct { Archived bool `json:"archived"` AutoPay bool `json:"auto_pay"` DefaultAwsRegion string `json:"default_aws_region"` Description string `json:"description"` ID uint `json:"id"` Name string `json:"name"` OuID uint `json:"ou_id"` }
Project maps to the Kion API response for projects.
func GetProjectByID ¶ added in v0.1.0
GetProjectByID returns the project for a given project ID. Note that if a user has car access only to a project this will return a 403. To accommodate users with minimal permissions test response codes and fallback accordingly or use GetProjects which will work but be more verbose.
type ProjectResponse ¶
ProjectResponse maps to the Kion API response.
type ProjectsResponse ¶ added in v0.1.0
ProjectsResponse maps to the Kion API response.
type SSOAuthResponse ¶
type SSOAuthResponse struct {
Data AccessData `json:"data"`
}
type STAK ¶
type STAK struct { AccessKey string `json:"access_key"` SecretAccessKey string `json:"secret_access_key"` SessionToken string `json:"session_token"` Duration int64 `json:"duration"` Expiration time.Time }
STAK maps to the Kion API response for short term access keys.
type STAKRequest ¶
type STAKRequest struct { AccountNumber string `json:"account_number"` CARName string `json:"cloud_access_role_name"` }
STAKRequest maps to the required post body when interfacing with the Kion API.
type STAKResponse ¶
STAKResponse maps to the Kion API response.
type SamlCallbackResult ¶
type Session ¶
type Session struct { // ID int `json:"id"` IDMSID uint UserName string // UserID int `json:"user_id"` Access struct { Expiry string `json:"expiry"` Token string `json:"token"` } `json:"access"` Refresh struct { Expiry string `json:"expiry"` Token string `json:"token"` } `json:"refresh"` }
Session maps to the session data returned by Kion after authentication.
type URLRequest ¶
type URLRequest struct { AccountID uint `json:"account_id"` AccountName string `json:"account_name"` AccountNumber string `json:"account_number"` AWSIAMRoleName string `json:"aws_iam_role_name"` AccountTypeID uint `json:"account_type_id"` RoleID uint `json:"role_id"` RoleType string `json:"role_type"` }
URLRequest maps to the required post body when interfacing with the Kion API.
type URLResponse ¶
URLResponse maps to the Kion API response.