Documentation
¶
Index ¶
- Constants
- Variables
- func AllIssuesHandlers(e *Endpoint) (http.HandlerFunc, http.HandlerFunc, http.HandlerFunc)
- func DenyXForwardedFor(w http.ResponseWriter, r *http.Request) bool
- func GenerateCredentials(token string, upstreamRoleName string, roleArn string, roleSessionName string) (*stsTypes.Credentials, error)
- func GetRemoteIP(r *http.Request) (string, error)
- func GetRemoteIPFromRequest(r *http.Request) (string, error)
- func Serve(port int, listenAddress string, dockerNetwork string)
- func VerifyToken(w http.ResponseWriter, r *http.Request) (string, string, error)
- type ContainerWithCreds
- type Endpoint
- func (e *Endpoint) AddContainer(id string, role string, ip string) error
- func (e *Endpoint) ConfigureFromDocker(cli *client.Client, ctx context.Context) (chan string, chan error)
- func (e *Endpoint) CredsByIP(ip string) (*ContainerWithCreds, bool)
- func (e *Endpoint) LoadContainersFromDocker(cli *client.Client, ctx context.Context) error
- func (e *Endpoint) MonitorNetworkEvents(cli *client.Client, ctx context.Context)
- func (e *Endpoint) RemoveAllContainers()
- func (e *Endpoint) RemoveContainer(id string)
- type RefreshableCred
Constants ¶
View Source
const DEFAULT_TOKEN_TTL_SECONDS = "21600"
View Source
const DefaultDockerNetwork = "bridge"
View Source
const DefaultLocalHostAddress = "127.0.0.1"
View Source
const DefaultPort = 9912
View Source
const EC2_METADATA_TOKEN_HEADER = "x-aws-ec2-metadata-token"
View Source
const EC2_METADATA_TOKEN_TTL_HEADER = "x-aws-ec2-metadata-token-ttl-seconds"
View Source
const REFRESHABLE_CRED_CODE = "Success"
View Source
const REFRESHABLE_CRED_TYPE = "AWS-HMAC"
View Source
const SECURITY_CREDENTIALS_RESOURCE_PATH = "/latest/meta-data/iam/security-credentials/"
View Source
const TOKEN_RESOURCE_PATH = "/latest/api/token"
View Source
const X_FORWARDED_FOR_HEADER = "X-Forwarded-For"
Variables ¶
View Source
var RefreshTime = time.Minute * time.Duration(5)
Functions ¶
func AllIssuesHandlers ¶
func AllIssuesHandlers(e *Endpoint) (http.HandlerFunc, http.HandlerFunc, http.HandlerFunc)
func DenyXForwardedFor ¶
func DenyXForwardedFor(w http.ResponseWriter, r *http.Request) bool
func GenerateCredentials ¶
func VerifyToken ¶
Types ¶
type ContainerWithCreds ¶
type ContainerWithCreds struct {
IPAddress string
RoleARN string
RoleName string
RoleSessionName string
Creds RefreshableCred
Mutex sync.Mutex
}
func (*ContainerWithCreds) UpdateCreds ¶
func (c *ContainerWithCreds) UpdateCreds(creds RefreshableCred)
type Endpoint ¶
type Endpoint struct {
PortNum int
Server *http.Server
NetworkID string
ByContainer map[string]*ContainerWithCreds
ByContainerMutex sync.Mutex
}
func (*Endpoint) AddContainer ¶
func (*Endpoint) ConfigureFromDocker ¶
func (*Endpoint) LoadContainersFromDocker ¶
func (*Endpoint) MonitorNetworkEvents ¶
func (*Endpoint) RemoveAllContainers ¶
func (e *Endpoint) RemoveAllContainers()
func (*Endpoint) RemoveContainer ¶
type RefreshableCred ¶
type RefreshableCred struct {
AccessKeyId string
SecretAccessKey string
Token string // SessionToken
Code string // REFRESHABLE_CRED_CODE
Type string // REFRESHABLE_CRED_TYPE
Expiration time.Time // time.Parse(time.RFC3339, credentialProcessOutput.Expiration)
LastUpdated time.Time // time.Now()
}
func GetUpstreamCreds ¶
func GetUpstreamCreds(token string, upstreamRoleName string) (RefreshableCred, error)
Source Files
Click to show internal directories.
Click to hide internal directories.