ec2tokens

package

v0.27.0 Latest Latest Go to latest Published: Jan 6, 2022 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/QumulusTechnology/gophercloud

Links

Open Source Insights

Documentation ¶

Overview ¶

Package tokens provides information and interaction with the EC2 token API resource for the OpenStack Identity service.

For more information, see: https://docs.openstack.org/api-ref/identity/v2-ext/

Example to Create a Token From an EC2 access and secret keys

var authOptions tokens.AuthOptionsBuilder
authOptions = &ec2tokens.AuthOptions{
	Access: "a7f1e798b7c2417cba4a02de97dc3cdc",
	Secret: "18f4f6761ada4e3795fa5273c30349b9",
}

token, err := ec2tokens.Create(identityClient, authOptions).ExtractToken()
if err != nil {
	panic(err)
}

Example to auth a client using EC2 access and secret keys

client, err := openstack.NewClient("http://localhost:5000/v3")
if err != nil {
	panic(err)
}

var authOptions tokens.AuthOptionsBuilder
authOptions = &ec2tokens.AuthOptions{
	Access:      "a7f1e798b7c2417cba4a02de97dc3cdc",
	Secret:      "18f4f6761ada4e3795fa5273c30349b9",
	AllowReauth: true,
}

err = openstack.AuthenticateV3(client, authOptions, gophercloud.EndpointOpts{})
if err != nil {
	panic(err)
}

Index ¶

Constants
func Create(c *gophercloud.ServiceClient, opts tokens.AuthOptionsBuilder) (r tokens.CreateResult)
func EC2CredentialsBuildAuthorizationHeaderV4(opts AuthOptions, signedHeaders string, signature string, date time.Time) string
func EC2CredentialsBuildCanonicalHeadersV4(headers map[string]string, signedHeaders string) string
func EC2CredentialsBuildCanonicalQueryStringV2(params map[string]string) string
func EC2CredentialsBuildCanonicalQueryStringV4(verb string, params map[string]string) string
func EC2CredentialsBuildSignatureKeyV4(secret, region, service string, date time.Time) []byte
func EC2CredentialsBuildSignatureV4(key []byte, stringToSign []byte) string
func EC2CredentialsBuildStringToSignV2(opts AuthOptions) []byte
func EC2CredentialsBuildStringToSignV4(opts AuthOptions, signedHeaders string, bodyHash string, date time.Time) []byte
func ValidateS3Token(c *gophercloud.ServiceClient, opts tokens.AuthOptionsBuilder) (r tokens.CreateResult)
type AuthOptions

Constants ¶

View Source

const (
	// EC2CredentialsAwsRequestV4 is a constant, used to generate AWS
	// Credential V4.
	EC2CredentialsAwsRequestV4 = "aws4_request"
	// EC2CredentialsHmacSha1V2 is a HMAC SHA1 signature method. Used to
	// generate AWS Credential V2.
	EC2CredentialsHmacSha1V2 = "HmacSHA1"
	// EC2CredentialsHmacSha256V2 is a HMAC SHA256 signature method. Used
	// to generate AWS Credential V2.
	EC2CredentialsHmacSha256V2 = "HmacSHA256"
	// EC2CredentialsAwsHmacV4 is an AWS signature V4 signing method.
	// More details:
	// https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
	EC2CredentialsAwsHmacV4 = "AWS4-HMAC-SHA256"
	// EC2CredentialsTimestampFormatV4 is an AWS signature V4 timestamp
	// format.
	EC2CredentialsTimestampFormatV4 = "20060102T150405Z"
	// EC2CredentialsDateFormatV4 is an AWS signature V4 date format.
	EC2CredentialsDateFormatV4 = "20060102"
)

Variables ¶

This section is empty.

Functions ¶

func Create ¶

func Create(c *gophercloud.ServiceClient, opts tokens.AuthOptionsBuilder) (r tokens.CreateResult)

Create authenticates and either generates a new token from EC2 credentials

func EC2CredentialsBuildAuthorizationHeaderV4 ¶

func EC2CredentialsBuildAuthorizationHeaderV4(opts AuthOptions, signedHeaders string, signature string, date time.Time) string

EC2CredentialsBuildAuthorizationHeaderV4 builds an AWS v4 Authorization header based on auth parameters, date and signature

func EC2CredentialsBuildCanonicalHeadersV4 ¶

func EC2CredentialsBuildCanonicalHeadersV4(headers map[string]string, signedHeaders string) string

EC2CredentialsBuildCanonicalHeadersV4 builds a canonical string based on "headers" map and "signedHeaders" string parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L216

func EC2CredentialsBuildCanonicalQueryStringV2 ¶

func EC2CredentialsBuildCanonicalQueryStringV2(params map[string]string) string

EC2CredentialsBuildCanonicalQueryStringV2 builds a canonical query string for an AWS signature V2. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L133

func EC2CredentialsBuildCanonicalQueryStringV4 ¶

func EC2CredentialsBuildCanonicalQueryStringV4(verb string, params map[string]string) string

EC2CredentialsBuildCanonicalQueryStringV2 builds a canonical query string for an AWS signature V4. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L244

func EC2CredentialsBuildSignatureKeyV4 ¶

func EC2CredentialsBuildSignatureKeyV4(secret, region, service string, date time.Time) []byte

EC2CredentialsBuildSignatureKeyV4 builds a HMAC 256 signature key based on input parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L169

func EC2CredentialsBuildSignatureV4 ¶

func EC2CredentialsBuildSignatureV4(key []byte, stringToSign []byte) string

EC2CredentialsBuildSignatureV4 builds an AWS v4 signature based on input parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L285..L286

func EC2CredentialsBuildStringToSignV2 ¶

func EC2CredentialsBuildStringToSignV2(opts AuthOptions) []byte

EC2CredentialsBuildStringToSignV2 builds a string to sign an AWS signature V2. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L148

func EC2CredentialsBuildStringToSignV4 ¶

func EC2CredentialsBuildStringToSignV4(opts AuthOptions, signedHeaders string, bodyHash string, date time.Time) []byte

EC2CredentialsBuildStringToSignV4 builds an AWS v4 signature string to sign based on input parameters. https://github.com/openstack/python-keystoneclient/blob/stable/train/keystoneclient/contrib/ec2/utils.py#L251

func ValidateS3Token ¶

func ValidateS3Token(c *gophercloud.ServiceClient, opts tokens.AuthOptionsBuilder) (r tokens.CreateResult)

ValidateS3Token authenticates an S3 request using EC2 credentials. Doesn't generate a new token ID, but returns a tokens.CreateResult.

Types ¶

type AuthOptions ¶

type AuthOptions struct {
	// Access is the EC2 Credential Access ID.
	Access string `json:"access" required:"true"`
	// Secret is the EC2 Credential Secret, used to calculate signature.
	// Not used, when a Signature is is.
	Secret string `json:"-"`
	// Host is a HTTP request Host header. Used to calculate an AWS
	// signature V2. For signature V4 set the Host inside Headers map.
	// Optional.
	Host string `json:"host"`
	// Path is a HTTP request path. Optional.
	Path string `json:"path"`
	// Verb is a HTTP request method. Optional.
	Verb string `json:"verb"`
	// Headers is a map of HTTP request headers. Optional.
	Headers map[string]string `json:"headers"`
	// Region is a region name to calculate an AWS signature V4. Optional.
	Region string `json:"-"`
	// Service is a service name to calculate an AWS signature V4. Optional.
	Service string `json:"-"`
	// Params is a map of GET method parameters. Optional.
	Params map[string]string `json:"params"`
	// AllowReauth allows Gophercloud to re-authenticate automatically
	// if/when your token expires.
	AllowReauth bool `json:"-"`
	// Signature can be either a []byte (encoded to base64 automatically) or
	// a string. You can set the singature explicitly, when you already know
	// it. In this case default Params won't be automatically set. Optional.
	Signature interface{} `json:"signature"`
	// BodyHash is a HTTP request body sha256 hash. When nil and Signature
	// is not set, a random hash is generated. Optional.
	BodyHash *string `json:"body_hash"`
	// Timestamp is a timestamp to calculate a V4 signature. Optional.
	Timestamp *time.Time `json:"-"`
	// Token is a []byte string (encoded to base64 automatically) which was
	// signed by an EC2 secret key. Used by S3 tokens for validation only.
	// Token must be set with a Signature. If a Signature is not provided,
	// a Token will be generated automatically along with a Signature.
	Token []byte `json:"token,omitempty"`
}

AuthOptions represents options for authenticating a user using EC2 credentials.

func (*AuthOptions) CanReauth ¶

func (opts *AuthOptions) CanReauth() bool

CanReauth is a method method to satisfy tokens.AuthOptionsBuilder interface

func (*AuthOptions) ToTokenV3CreateMap ¶

func (opts *AuthOptions) ToTokenV3CreateMap(map[string]interface{}) (map[string]interface{}, error)

ToTokenV3CreateMap formats an AuthOptions into a create request.

func (*AuthOptions) ToTokenV3HeadersMap ¶

func (opts *AuthOptions) ToTokenV3HeadersMap(map[string]interface{}) (map[string]string, error)

ToTokenV3HeadersMap allows AuthOptions to satisfy the AuthOptionsBuilder interface in the v3 tokens package.

func (*AuthOptions) ToTokenV3ScopeMap ¶

func (opts *AuthOptions) ToTokenV3ScopeMap() (map[string]interface{}, error)

ToTokenV3ScopeMap is a dummy method to satisfy tokens.AuthOptionsBuilder interface.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL