iam

package

v0.0.0-...-d6824a2 Latest Latest Go to latest Published: Nov 4, 2024 License: BSD-3-Clause Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/nholuongut/kube2iam

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func GetBaseArn() (string, error)
func GetEndpointFromRegion(region string) string
func GetInstanceIAMRole() (string, error)
func IsValidBaseARN(arn string) bool
func IsValidRegion(promisedLand string, regions *ec2.DescribeRegionsOutput) bool
type Client
- func NewClient(baseARN string, regional bool) *Client
type Credentials

Constants ¶

This section is empty.

Variables ¶

View Source

var ARNRegexp = regexp.MustCompile(`^arn:(\w|-)*:iam::\d+:role\/?(\w+|-|\/|\.)*$`)

ARNRegexp is the regex to check that the base ARN is valid, see http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns.

Functions ¶

func GetBaseArn ¶

func GetBaseArn() (string, error)

GetBaseArn get the base ARN from metadata service.

func GetEndpointFromRegion ¶

func GetEndpointFromRegion(region string) string

GetEndpointFromRegion forms a standard sts endpoint url given a region

func GetInstanceIAMRole ¶

func GetInstanceIAMRole() (string, error)

GetInstanceIAMRole get instance IAM role from metadata service.

func IsValidBaseARN ¶

func IsValidBaseARN(arn string) bool

IsValidBaseARN validates that the base ARN is valid.

func IsValidRegion ¶

func IsValidRegion(promisedLand string, regions *ec2.DescribeRegionsOutput) bool

IsValidRegion tests for a vaild region name

Types ¶

type Client ¶

type Client struct {
	BaseARN             string
	Endpoint            string
	UseRegionalEndpoint bool
}

Client represents an IAM client.

func NewClient ¶

func NewClient(baseARN string, regional bool) *Client

NewClient returns a new IAM client.

func (*Client) AssumeRole ¶

func (iam *Client) AssumeRole(roleARN, externalID string, remoteIP string, sessionTTL time.Duration) (*Credentials, error)

AssumeRole returns an IAM role Credentials using AWS STS.

func (*Client) GetInstanceId ¶

func (iam *Client) GetInstanceId() (string, error)

Get InstanceId for healthcheck

func (*Client) RoleARN ¶

func (iam *Client) RoleARN(role string) string

RoleARN returns the full iam role ARN.

type Credentials ¶

type Credentials struct {
	AccessKeyID     string `json:"AccessKeyId"`
	Code            string
	Expiration      string
	LastUpdated     string
	SecretAccessKey string
	Token           string
	Type            string
}

Credentials represent the security Credentials response.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL