Documentation
¶
Overview ¶
Package token is heavily inspired by aws-iam-authenticator's token package. The package was modified to better work with pharos authentication scheme https://github.com/kubernetes-sigs/aws-iam-authenticator/blob/1097f929eb323964ccc2f1af3f26f493e2756f7d/pkg/token/token.go
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Generator ¶
Generator provides new tokens to be used for authenticating with the pharos-api-server.
func NewGenerator ¶
NewGenerator creates a Generator and returns it.
type Identity ¶
type Identity struct {
// ARN is the raw Amazon Resource Name returned by sts:GetCallerIdentity
ARN string
// CanonicalARN is the Amazon Resource Name converted to a more canonical
// representation. In particular, STS assumed role ARNs like
// "arn:aws:sts::ACCOUNTID:assumed-role/ROLENAME/SESSIONNAME" are converted
// to their IAM ARN equivalent "arn:aws:iam::ACCOUNTID:role/NAME"
CanonicalARN string
// AccountID is the 12 digit AWS account number.
AccountID string
// UserID is the unique user/role ID (e.g., "AROAAAAAAAAAAAAAAAAAA").
UserID string
// SessionName is the STS session name (or "" if this is not a
// session-based identity). For EC2 instance roles, this will be the EC2
// instance ID (e.g., "i-0123456789abcdef0"). You should only rely on it
// if you trust that _only_ EC2 is allowed to assume the IAM Role. If IAM
// users or other roles are allowed to assume the role, they can provide
// (nearly) arbitrary strings here.
SessionName string
}
Identity is returned on successful Verify() results. It contains a parsed version of the AWS identity used to create the token.
Source Files
Click to show internal directories.
Click to hide internal directories.