Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func StdinStderrTokenProvider ¶ added in v0.3.0
StdinStderrTokenProvider gets MFA token from standard input.
Types ¶
type FormatError ¶ added in v0.3.0
type FormatError struct {
// contains filtered or unexported fields
}
FormatError is returned when there is a problem with token that is an encoded sts request. This can include the url, data, action or anything else that prevents the sts call from being made.
func (FormatError) Error ¶ added in v0.3.0
func (e FormatError) Error() string
type Generator ¶ added in v0.3.0
type Generator interface {
// Get a token using the provided options
GetWithOptions(options *GetTokenOptions) (Token, error)
// GetWithSTS returns a token valid for clusterID using the given STS client.
GetWithSTS(clusterID string, stsAPI stsiface.STSAPI) (Token, error)
// FormatJSON returns the client auth formatted json for the ExecCredential auth
FormatJSON(Token) string
}
Generator provides new tokens for the AWS IAM Authenticator.
type GetTokenOptions ¶ added in v0.5.0
type GetTokenOptions struct {
Region string
ClusterID string
AssumeRoleARN string
AssumeRoleExternalID string
SessionName string
}
GetTokenOptions is passed to GetWithOptions to provide an extensible get token interface
type Identity ¶
type Identity struct {
// ARN is the raw Amazon Resource Name returned by sts:GetCallerIdentity
ARN string
// CanonicalARN is the Amazon Resource Name converted to a more canonical
// representation. In particular, STS assumed role ARNs like
// "arn:aws:sts::ACCOUNTID:assumed-role/ROLENAME/SESSIONNAME" are converted
// to their IAM ARN equivalent "arn:aws:iam::ACCOUNTID:role/NAME"
CanonicalARN string
// AccountID is the 12 digit AWS account number.
AccountID string
// UserID is the unique user/role ID (e.g., "AROAAAAAAAAAAAAAAAAAA").
UserID string
// SessionName is the STS session name (or "" if this is not a
// session-based identity). For EC2 instance roles, this will be the EC2
// instance ID (e.g., "i-0123456789abcdef0"). You should only rely on it
// if you trust that _only_ EC2 is allowed to assume the IAM Role. If IAM
// users or other roles are allowed to assume the role, they can provide
// (nearly) arbitrary strings here.
SessionName string
// The AWS Access Key ID used to authenticate the request. This can be used
// in conjunction with CloudTrail to determine the identity of the individual
// if the individual assumed an IAM role before making the request.
AccessKeyID string
// ASW STS endpoint used to authenticate (expected values is sts endpoint eg: sts.us-west-2.amazonaws.com)
STSEndpoint string
}
Identity is returned on successful Verify() results. It contains a parsed version of the AWS identity used to create the token.
type STSError ¶ added in v0.3.0
type STSError struct {
// contains filtered or unexported fields
}
STSError is returned when there was either an error calling STS or a problem processing the data returned from STS.
func NewSTSError ¶ added in v0.3.0
NewSTSError creates a error of type STS.
type STSThrottling ¶ added in v0.6.28
type STSThrottling struct {
// contains filtered or unexported fields
}
STSThrottling is returned when there was STS Throttling.
func NewSTSThrottling ¶ added in v0.6.28
func NewSTSThrottling(m string) STSThrottling
NewSTSError creates a error of type STS.
func (STSThrottling) Error ¶ added in v0.6.28
func (e STSThrottling) Error() string
type Token ¶ added in v0.4.0
Token is generated and used by Kubernetes client-go to authenticate with a Kubernetes cluster.
type Verifier ¶ added in v0.3.0
Verifier validates tokens by calling STS and returning the associated identity.
func NewVerifier ¶ added in v0.3.0
NewVerifier creates a Verifier that is bound to the clusterID and uses the default http client.
Source Files