Documentation
¶
Index ¶
- func GetCredentials(role string, ipRestrict bool, assumeRole []string, region string) (*aws.Credentials, error)
- func GetCredentialsC(client HTTPClient, role string, ipRestrict bool, assumeRole []string) (*aws.Credentials, error)
- type Account
- type Client
- func (c *Client) CloseIdleConnections()
- func (c *Client) GetResourceURL(arn string) (string, error)
- func (c *Client) GetRoleCredentials(role string, ipRestrict bool) (*aws.Credentials, error)
- func (c *Client) Roles() ([]string, error)
- func (c *Client) RolesExtended() ([]ConsolemeEligibleRolesResponse, error)
- type ClientMock
- type ConsoleMeCredentialRequestMetadata
- type ConsolemeAppDetails
- type ConsolemeCredentialErrorMessageType
- type ConsolemeCredentialRequestType
- type ConsolemeCredentialResponseType
- type ConsolemeEligibleRolesResponse
- type ConsolemeWebResponse
- type CredentialProcess
- type Credentials
- type HTTPClient
- type RefreshableProvider
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetCredentials ¶
func GetCredentials(role string, ipRestrict bool, assumeRole []string, region string) (*aws.Credentials, error)
GetCredentials requests credentials from ConsoleMe then follows the provided chain of roles to assume. Roles are assumed in the order in which they appear in the assumeRole slice.
func GetCredentialsC ¶
func GetCredentialsC(client HTTPClient, role string, ipRestrict bool, assumeRole []string) (*aws.Credentials, error)
GetCredentialsC uses the provided Client to request credentials from ConsoleMe then follows the provided chain of roles to assume. Roles are assumed in the order in which they appear in the assumeRole slice.
Types ¶
type Client ¶
Client represents a ConsoleMe client.
func NewClient ¶
NewClient takes a ConsoleMe hostname and *http.Client, and returns a ConsoleMe client that will talk to that ConsoleMe instance for AWS Credentials.
func (*Client) CloseIdleConnections ¶
func (c *Client) CloseIdleConnections()
CloseIdleConnections calls CloseIdleConnections() on the client's HTTP transport.
func (*Client) GetResourceURL ¶
GetResourceURL gets resource URL from ConsoleMe given an ARN
func (*Client) GetRoleCredentials ¶
func (*Client) RolesExtended ¶ added in v0.3.4
func (c *Client) RolesExtended() ([]ConsolemeEligibleRolesResponse, error)
RolesExtended returns all eligible role along with additional details, using v2 of eligible roles endpoint
type ClientMock ¶
type ClientMock struct {
DoFunc func(req *http.Request) (*http.Response, error)
GetRoleCredentialsFunc func(role string, ipRestrict bool) (*aws.Credentials, error)
}
func (*ClientMock) CloseIdleConnections ¶
func (c *ClientMock) CloseIdleConnections()
func (*ClientMock) GetRoleCredentials ¶
func (c *ClientMock) GetRoleCredentials(role string, ipRestrict bool) (*aws.Credentials, error)
type ConsoleMeCredentialRequestMetadata ¶
type ConsoleMeCredentialRequestMetadata struct {
}
type ConsolemeAppDetails ¶ added in v0.3.4
type ConsolemeAppDetails struct {
Name string `json:"name"`
Owner string `json:"owner"`
OwnerURL string `json:"owner_url"`
AppURL string `json:"app_url"`
}
ConsolemeAppDetails represents the structure of details returned by ConsoleMe about a single app
type ConsolemeCredentialRequestType ¶
type ConsolemeCredentialRequestType struct {
RequestedRole string `json:"requested_role"`
NoIpRestricton bool `json:"no_ip_restrictions"`
Metadata *metadata.InstanceInfo `json:"metadata,omitempty"`
}
type ConsolemeCredentialResponseType ¶
type ConsolemeCredentialResponseType struct {
Credentials *aws.Credentials `json:"Credentials"`
}
type ConsolemeEligibleRolesResponse ¶ added in v0.3.4
type ConsolemeEligibleRolesResponse struct {
Arn string `json:"arn"`
AccountNumber string `json:"account_id"`
AccountName string `json:"account_friendly_name"`
RoleName string `json:"role_name"`
Apps struct {
AppDetails []ConsolemeAppDetails `json:"app_details"`
} `json:"apps"`
}
ConsolemeEligibleRolesResponse represents the response structure of ConsoleMe's model for detailed eligible roles
type ConsolemeWebResponse ¶
type ConsolemeWebResponse struct {
Status string `json:"status"`
Reason string `json:"reason"`
RedirectURL string `json:"redirect_url"`
StatusCode int `json:"status_code"`
Message string `json:"message"`
Errors []string `json:"errors"`
Data map[string]json.RawMessage `json:"data"`
}
ConsolemeWebResponse represents the response structure of ConsoleMe's model WebResponse
type CredentialProcess ¶
type Credentials ¶
type HTTPClient ¶
type HTTPClient interface {
Do(req *http.Request) (*http.Response, error)
GetRoleCredentials(role string, ipRestrict bool) (*aws.Credentials, error)
CloseIdleConnections()
// contains filtered or unexported methods
}
HTTPClient is the interface we expect HTTP clients to implement.
func GetTestClient ¶
func GetTestClient(responseBody interface{}) (HTTPClient, error)
type RefreshableProvider ¶
type RefreshableProvider struct {
sync.RWMutex
Expiration types.Time
LastRefreshed types.Time
Region string
RoleName string
RoleArn string
NoIpRestrict bool
AssumeChain []string
// contains filtered or unexported fields
}
func NewRefreshableProvider ¶
func NewRefreshableProvider(client HTTPClient, role, region string, assumeChain []string, noIpRestrict bool) (*RefreshableProvider, error)
NewRefreshableProvider creates an AWS credential provider that will automatically refresh credentials when they are close to expiring
func (*RefreshableProvider) AutoRefresh ¶
func (rp *RefreshableProvider) AutoRefresh()
func (*RefreshableProvider) IsExpired ¶
func (rp *RefreshableProvider) IsExpired() bool
IsExpired always returns false because we should never have expired credentials
func (*RefreshableProvider) Retrieve ¶
func (rp *RefreshableProvider) Retrieve() (credentials.Value, error)
Retrieve returns the AWS credentials from the provider
Source Files