Documentation
¶
Index ¶
- Constants
- Variables
- func FindMasterCredentialsNameFor(profileName string, keyring *CredentialKeyring, config *ProfileConfig) (string, error)
- func FormatKeyForDisplay(k string) string
- func GetUsernameFromSession(ctx context.Context, cfg aws.Config) (string, error)
- func IsCurrentSessionKey(s string) bool
- func IsOIDCTokenKey(k string) bool
- func IsOldSessionKey(s string) bool
- func IsSessionKey(s string) bool
- func NewAssumeRoleProvider(credsProvider aws.CredentialsProvider, k keyring.Keyring, ...) (aws.CredentialsProvider, error)
- func NewAssumeRoleWithWebIdentityProvider(k keyring.Keyring, config *ProfileConfig, useSessionCache bool) (aws.CredentialsProvider, error)
- func NewAwsConfig(region, stsRegionalEndpoints, endpointURL string) aws.Config
- func NewAwsConfigWithCredsProvider(credsProvider aws.CredentialsProvider, ...) aws.Config
- func NewCredentialProcessProvider(k keyring.Keyring, config *ProfileConfig, useSessionCache bool) (aws.CredentialsProvider, error)
- func NewSSORoleCredentialsProvider(k keyring.Keyring, config *ProfileConfig, useSessionCache bool) (aws.CredentialsProvider, error)
- func NewSessionTokenProvider(credsProvider aws.CredentialsProvider, k keyring.Keyring, ...) (aws.CredentialsProvider, error)
- func NewTempCredentialsProvider(config *ProfileConfig, keyring *CredentialKeyring, disableSessions bool, ...) (aws.CredentialsProvider, error)
- func ProcessMfaProvider(processCmd string) (string, error)
- func ResolveSSOStartURL(inlineStartURL, ssoSessionStartURL string) string
- func SyncOIDCTokenToStandardCache(config *ProfileConfig, k keyring.Keyring) error
- type AssumeRoleProvider
- type AssumeRoleWithWebIdentityProvider
- type CachedSessionProvider
- type ConfigFile
- func (c *ConfigFile) Add(profile ProfileSection) error
- func (c *ConfigFile) ProfileNames() []string
- func (c *ConfigFile) ProfileSection(name string) (ProfileSection, bool)
- func (c *ConfigFile) ProfileSections() []ProfileSection
- func (c *ConfigFile) ResolvedSSOStartURL(p ProfileSection) string
- func (c *ConfigFile) SSOSessionSection(name string) (SSOSessionSection, bool)
- func (c *ConfigFile) SSOSessionStartURLs() map[string]string
- func (c *ConfigFile) Save() error
- type ConfigLoader
- type CredentialKeyring
- func (ck *CredentialKeyring) Get(credentialsName string) (creds aws.Credentials, err error)
- func (ck *CredentialKeyring) Has(credentialsName string) (bool, error)
- func (ck *CredentialKeyring) Keys() (credentialsNames []string, err error)
- func (ck *CredentialKeyring) Remove(credentialsName string) error
- func (ck *CredentialKeyring) Set(credentialsName string, creds aws.Credentials) error
- type CredentialProcessProvider
- type FederationTokenProvider
- type KeyringProvider
- type Mfa
- type OIDCTokenCacher
- type OIDCTokenData
- type OIDCTokenKeyring
- func (o OIDCTokenKeyring) Get(startURL string) (*ssooidc.CreateTokenOutput, error)
- func (o OIDCTokenKeyring) Has(startURL string) (bool, error)
- func (o *OIDCTokenKeyring) Keys() (kk []string, err error)
- func (o OIDCTokenKeyring) Remove(startURL string) error
- func (o *OIDCTokenKeyring) RemoveAll() (n int, err error)
- func (o OIDCTokenKeyring) Set(startURL string, token *ssooidc.CreateTokenOutput) error
- type ProfileConfig
- func (c *ProfileConfig) GetSessionTokenDuration() time.Duration
- func (c *ProfileConfig) HasCredentialProcess() bool
- func (c *ProfileConfig) HasMfaSerial() bool
- func (c *ProfileConfig) HasRole() bool
- func (c *ProfileConfig) HasSSOSession() bool
- func (c *ProfileConfig) HasSSOStartURL() bool
- func (c *ProfileConfig) HasSourceProfile() bool
- func (c *ProfileConfig) HasWebIdentity() bool
- func (c *ProfileConfig) IsChained() bool
- func (c *ProfileConfig) SetSessionTags(s string) error
- func (c *ProfileConfig) SetTransitiveSessionTags(s string)
- type ProfileSection
- type SSORoleCredentialsProvider
- type SSOSessionSection
- type SessionKeyring
- func (sk *SessionKeyring) Get(key SessionMetadata) (creds *ststypes.Credentials, err error)
- func (sk *SessionKeyring) GetAllMetadata() (mm []SessionMetadata, err error)
- func (sk *SessionKeyring) Has(key SessionMetadata) (bool, error)
- func (sk *SessionKeyring) Keys() (kk []SessionMetadata, err error)
- func (sk *SessionKeyring) Remove(key SessionMetadata) error
- func (sk *SessionKeyring) RemoveAll() (n int, err error)
- func (sk *SessionKeyring) RemoveForProfile(profileName string) (n int, err error)
- func (sk *SessionKeyring) RemoveOldSessions() (n int, err error)
- func (sk *SessionKeyring) Set(key SessionMetadata, creds *ststypes.Credentials) error
- type SessionMetadata
- type SessionTokenProvider
- type StsSessionProvider
- type TempCredentialsCreator
Constants ¶
const ( // DefaultSessionDuration is the default duration for GetSessionToken or AssumeRole sessions DefaultSessionDuration = time.Hour * 1 // DefaultChainedSessionDuration is the default duration for GetSessionToken sessions when chaining DefaultChainedSessionDuration = time.Hour * 8 // RoleChainingMaximumDuration is the maximum duration for AssumeRole sessions when role chaining RoleChainingMaximumDuration = time.Hour * 1 )
Variables ¶
var ErrNotFound = keyring.ErrKeyNotFound
Functions ¶
func FindMasterCredentialsNameFor ¶
func FindMasterCredentialsNameFor(profileName string, keyring *CredentialKeyring, config *ProfileConfig) (string, error)
func FormatKeyForDisplay ¶
func GetUsernameFromSession ¶
GetUsernameFromSession returns the IAM username (or root) associated with the current aws session
func IsCurrentSessionKey ¶
func IsOIDCTokenKey ¶
func IsOldSessionKey ¶
func IsSessionKey ¶
func NewAssumeRoleProvider ¶
func NewAssumeRoleProvider(credsProvider aws.CredentialsProvider, k keyring.Keyring, config *ProfileConfig, useSessionCache bool) (aws.CredentialsProvider, error)
NewAssumeRoleProvider returns a provider that generates credentials using AssumeRole
func NewAssumeRoleWithWebIdentityProvider ¶
func NewAssumeRoleWithWebIdentityProvider(k keyring.Keyring, config *ProfileConfig, useSessionCache bool) (aws.CredentialsProvider, error)
NewAssumeRoleWithWebIdentityProvider returns a provider that generates credentials using AssumeRoleWithWebIdentity
func NewAwsConfig ¶
func NewAwsConfigWithCredsProvider ¶
func NewAwsConfigWithCredsProvider(credsProvider aws.CredentialsProvider, region, stsRegionalEndpoints, endpointURL string) aws.Config
func NewCredentialProcessProvider ¶
func NewCredentialProcessProvider(k keyring.Keyring, config *ProfileConfig, useSessionCache bool) (aws.CredentialsProvider, error)
NewCredentialProcessProvider creates a provider to retrieve credentials from an external executable as described in https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes
func NewSSORoleCredentialsProvider ¶
func NewSSORoleCredentialsProvider(k keyring.Keyring, config *ProfileConfig, useSessionCache bool) (aws.CredentialsProvider, error)
NewSSORoleCredentialsProvider creates a provider for SSO credentials
func NewSessionTokenProvider ¶
func NewSessionTokenProvider(credsProvider aws.CredentialsProvider, k keyring.Keyring, config *ProfileConfig, useSessionCache bool) (aws.CredentialsProvider, error)
func NewTempCredentialsProvider ¶
func NewTempCredentialsProvider(config *ProfileConfig, keyring *CredentialKeyring, disableSessions bool, disableCache bool) (aws.CredentialsProvider, error)
NewTempCredentialsProvider creates a credential provider for the given config
func ProcessMfaProvider ¶
func ResolveSSOStartURL ¶ added in v7.12.4
ResolveSSOStartURL applies the canonical precedence for a profile's SSO start URL: the referenced [sso-session] section's sso_start_url wins, falling back to the profile's inline sso_start_url only when the session url is empty.
This mirrors how ConfigLoader.populateFromConfigFile resolves SSOStartURL and is the single source of truth for that rule. Callers that have already resolved the [sso-session] url (e.g. from a prefetched map) pass it directly; see ConfigFile.ResolvedSSOStartURL for the section-lookup convenience.
func SyncOIDCTokenToStandardCache ¶ added in v7.10.0
func SyncOIDCTokenToStandardCache(config *ProfileConfig, k keyring.Keyring) error
SyncOIDCTokenToStandardCache writes the OIDC access token for the given profile from the keyring to the standard AWS SSO cache file (~/.aws/sso/cache/<sha1>.json), so that other AWS tools that read the standard file location can use it.
Types ¶
type AssumeRoleProvider ¶
type AssumeRoleProvider struct {
StsClient *sts.Client
RoleARN string
RoleSessionName string
ExternalID string
Duration time.Duration
Tags map[string]string
TransitiveTagKeys []string
SourceIdentity string
Mfa
}
AssumeRoleProvider retrieves temporary credentials from STS using AssumeRole
func (*AssumeRoleProvider) Retrieve ¶
func (p *AssumeRoleProvider) Retrieve(ctx context.Context) (aws.Credentials, error)
Retrieve generates a new set of temporary credentials using STS AssumeRole
func (*AssumeRoleProvider) RetrieveStsCredentials ¶
func (p *AssumeRoleProvider) RetrieveStsCredentials(ctx context.Context) (*ststypes.Credentials, error)
type AssumeRoleWithWebIdentityProvider ¶
type AssumeRoleWithWebIdentityProvider struct {
StsClient *sts.Client
RoleARN string
RoleSessionName string
WebIdentityTokenFile string
WebIdentityTokenProcess string
ExternalID string
Duration time.Duration
}
AssumeRoleWithWebIdentityProvider retrieves temporary credentials from STS using AssumeRoleWithWebIdentity
func (*AssumeRoleWithWebIdentityProvider) Retrieve ¶
func (p *AssumeRoleWithWebIdentityProvider) Retrieve(ctx context.Context) (aws.Credentials, error)
Retrieve generates a new set of temporary credentials using STS AssumeRoleWithWebIdentity
func (*AssumeRoleWithWebIdentityProvider) RetrieveStsCredentials ¶
func (p *AssumeRoleWithWebIdentityProvider) RetrieveStsCredentials(ctx context.Context) (*ststypes.Credentials, error)
type CachedSessionProvider ¶
type CachedSessionProvider struct {
SessionKey SessionMetadata
SessionProvider StsSessionProvider
Keyring *SessionKeyring
ExpiryWindow time.Duration
}
CachedSessionProvider retrieves cached credentials from the keyring, or if no credentials are cached retrieves temporary credentials using the CredentialsFunc
func (*CachedSessionProvider) Retrieve ¶
func (p *CachedSessionProvider) Retrieve(ctx context.Context) (aws.Credentials, error)
Retrieve returns cached credentials from the keyring, or if no credentials are cached generates a new set of temporary credentials using the CredentialsFunc
func (*CachedSessionProvider) RetrieveStsCredentials ¶
func (p *CachedSessionProvider) RetrieveStsCredentials(ctx context.Context) (*ststypes.Credentials, error)
type ConfigFile ¶
type ConfigFile struct {
Path string
// contains filtered or unexported fields
}
ConfigFile is an abstraction over what is in ~/.aws/config
func LoadConfig ¶
func LoadConfig(path string) (*ConfigFile, error)
LoadConfig loads and parses a config file. No error is returned if the file doesn't exist
func LoadConfigFromEnv ¶
func LoadConfigFromEnv() (*ConfigFile, error)
LoadConfigFromEnv finds the config file from the environment
func (*ConfigFile) Add ¶
func (c *ConfigFile) Add(profile ProfileSection) error
Add the profile to the configuration file
func (*ConfigFile) ProfileNames ¶
func (c *ConfigFile) ProfileNames() []string
ProfileNames returns a slice of profile names from the AWS config
func (*ConfigFile) ProfileSection ¶
func (c *ConfigFile) ProfileSection(name string) (ProfileSection, bool)
ProfileSection returns the profile section with the matching name. If there isn't any, an empty profile with the provided name is returned, along with false.
func (*ConfigFile) ProfileSections ¶
func (c *ConfigFile) ProfileSections() []ProfileSection
ProfileSections returns all the profile sections in the config
func (*ConfigFile) ResolvedSSOStartURL ¶ added in v7.12.4
func (c *ConfigFile) ResolvedSSOStartURL(p ProfileSection) string
ResolvedSSOStartURL returns the SSO start URL for a profile section using the precedence defined by ResolveSSOStartURL, looking up the referenced [sso-session] section as needed. Returns "" when the profile has neither an inline sso_start_url nor a resolvable sso-session url.
func (*ConfigFile) SSOSessionSection ¶
func (c *ConfigFile) SSOSessionSection(name string) (SSOSessionSection, bool)
SSOSessionSection returns the [sso-session] section with the matching name. If there isn't any, an empty sso-session with the provided name is returned, along with false.
func (*ConfigFile) SSOSessionStartURLs ¶ added in v7.12.4
func (c *ConfigFile) SSOSessionStartURLs() map[string]string
SSOSessionStartURLs returns a map of sso-session name → sso_start_url for all [sso-session] sections in the config file.
func (*ConfigFile) Save ¶
func (c *ConfigFile) Save() error
type ConfigLoader ¶
type ConfigLoader struct {
BaseConfig ProfileConfig
File *ConfigFile
ActiveProfile string
// contains filtered or unexported fields
}
ConfigLoader loads config from configfile and environment variables
func NewConfigLoader ¶
func NewConfigLoader(baseConfig ProfileConfig, file *ConfigFile, activeProfile string) *ConfigLoader
func (*ConfigLoader) GetProfileConfig ¶
func (cl *ConfigLoader) GetProfileConfig(profileName string) (*ProfileConfig, error)
GetProfileConfig loads the profile from the config file and environment variables into config
type CredentialKeyring ¶
func (*CredentialKeyring) Get ¶
func (ck *CredentialKeyring) Get(credentialsName string) (creds aws.Credentials, err error)
func (*CredentialKeyring) Has ¶
func (ck *CredentialKeyring) Has(credentialsName string) (bool, error)
func (*CredentialKeyring) Keys ¶
func (ck *CredentialKeyring) Keys() (credentialsNames []string, err error)
func (*CredentialKeyring) Remove ¶
func (ck *CredentialKeyring) Remove(credentialsName string) error
func (*CredentialKeyring) Set ¶
func (ck *CredentialKeyring) Set(credentialsName string, creds aws.Credentials) error
type CredentialProcessProvider ¶
type CredentialProcessProvider struct {
CredentialProcess string
}
CredentialProcessProvider implements interface aws.CredentialsProvider to retrieve credentials from an external executable as described in https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes
func (*CredentialProcessProvider) Retrieve ¶
func (p *CredentialProcessProvider) Retrieve(ctx context.Context) (aws.Credentials, error)
Retrieve obtains a new set of temporary credentials using an external process, required to satisfy interface aws.CredentialsProvider
func (*CredentialProcessProvider) RetrieveStsCredentials ¶
func (p *CredentialProcessProvider) RetrieveStsCredentials(ctx context.Context) (*ststypes.Credentials, error)
type FederationTokenProvider ¶
FederationTokenProvider retrieves temporary credentials from STS using GetFederationToken
func NewFederationTokenProvider ¶
func NewFederationTokenProvider(ctx context.Context, credsProvider aws.CredentialsProvider, config *ProfileConfig) (*FederationTokenProvider, error)
func (*FederationTokenProvider) Retrieve ¶
func (f *FederationTokenProvider) Retrieve(ctx context.Context) (creds aws.Credentials, err error)
Retrieve generates a new set of temporary credentials using STS GetFederationToken
type KeyringProvider ¶
type KeyringProvider struct {
Keyring *CredentialKeyring
CredentialsName string
}
KeyringProvider stores and retrieves master credentials
func NewMasterCredentialsProvider ¶
func NewMasterCredentialsProvider(k *CredentialKeyring, credentialsName string) *KeyringProvider
NewMasterCredentialsProvider creates a provider for the master credentials
func (*KeyringProvider) Retrieve ¶
func (p *KeyringProvider) Retrieve(_ context.Context) (aws.Credentials, error)
type Mfa ¶
type Mfa struct {
MfaSerial string
// contains filtered or unexported fields
}
Mfa contains options for an MFA device
func NewMfa ¶
func NewMfa(config *ProfileConfig) Mfa
func (Mfa) GetMfaToken ¶
GetMfaToken returns the MFA token
type OIDCTokenCacher ¶
type OIDCTokenCacher interface {
Get(string) (*ssooidc.CreateTokenOutput, error)
Set(string, *ssooidc.CreateTokenOutput) error
Remove(string) error
}
type OIDCTokenData ¶
type OIDCTokenData struct {
Token ssooidc.CreateTokenOutput
Expiration time.Time
}
type OIDCTokenKeyring ¶
func (OIDCTokenKeyring) Get ¶
func (o OIDCTokenKeyring) Get(startURL string) (*ssooidc.CreateTokenOutput, error)
func (*OIDCTokenKeyring) Keys ¶
func (o *OIDCTokenKeyring) Keys() (kk []string, err error)
func (OIDCTokenKeyring) Remove ¶
func (o OIDCTokenKeyring) Remove(startURL string) error
func (*OIDCTokenKeyring) RemoveAll ¶
func (o *OIDCTokenKeyring) RemoveAll() (n int, err error)
func (OIDCTokenKeyring) Set ¶
func (o OIDCTokenKeyring) Set(startURL string, token *ssooidc.CreateTokenOutput) error
type ProfileConfig ¶
type ProfileConfig struct {
// ProfileName specifies the name of the profile config
ProfileName string
// SourceProfile is the profile where credentials come from
SourceProfileName string
// SourceProfile is the profile where credentials come from
SourceProfile *ProfileConfig
// ChainedFromProfile is the profile that used this profile as its source profile
ChainedFromProfile *ProfileConfig
// Region is the AWS region
Region string
// STSRegionalEndpoints sets STS endpoint resolution logic, must be "regional" or "legacy"
STSRegionalEndpoints string
// EndpointURL specifies custom endpoint URL
EndpointURL string
// Mfa config
MfaSerial string
MfaToken string
MfaPromptMethod string
// MfaProcess specifies external command to run to get an MFA token
MfaProcess string
// AssumeRole config
RoleARN string
RoleSessionName string
ExternalID string
// AssumeRoleWithWebIdentity config
WebIdentityTokenFile string
WebIdentityTokenProcess string
// GetSessionTokenDuration specifies the wanted duration for credentials generated with AssumeRole
AssumeRoleDuration time.Duration
// NonChainedGetSessionTokenDuration specifies the wanted duration for credentials generated with GetSessionToken
NonChainedGetSessionTokenDuration time.Duration
// ChainedGetSessionTokenDuration specifies the wanted duration for credentials generated with GetSessionToken when chaining
ChainedGetSessionTokenDuration time.Duration
// GetFederationTokenDuration specifies the wanted duration for credentials generated with GetFederationToken
GetFederationTokenDuration time.Duration
// SSOSession specifies the [sso-session] section name.
SSOSession string
// SSOStartURL specifies the URL for the AWS IAM Identity Center user portal, legacy option.
SSOStartURL string
// SSORegion specifies the region for the AWS IAM Identity Center user portal, legacy option.
SSORegion string
// SSORegistrationScopes specifies registration scopes for the AWS IAM Identity Center user portal.
SSORegistrationScopes string
// SSOAccountID specifies the AWS account ID for the profile.
SSOAccountID string
// SSORoleName specifies the AWS IAM Role name to target.
SSORoleName string
// SSOUseStdout specifies that the system browser should not be automatically opened
SSOUseStdout bool
// SessionTags specifies assumed role Session Tags
SessionTags map[string]string
// TransitiveSessionTags specifies assumed role Transitive Session Tags keys
TransitiveSessionTags []string
// SourceIdentity specifies assumed role Source Identity
SourceIdentity string
// CredentialProcess specifies external command to run to get an AWS credential
CredentialProcess string
}
ProfileConfig is a collection of configuration options for creating temporary credentials
func (*ProfileConfig) GetSessionTokenDuration ¶
func (c *ProfileConfig) GetSessionTokenDuration() time.Duration
func (*ProfileConfig) HasCredentialProcess ¶
func (c *ProfileConfig) HasCredentialProcess() bool
func (*ProfileConfig) HasMfaSerial ¶
func (c *ProfileConfig) HasMfaSerial() bool
func (*ProfileConfig) HasRole ¶
func (c *ProfileConfig) HasRole() bool
func (*ProfileConfig) HasSSOSession ¶
func (c *ProfileConfig) HasSSOSession() bool
func (*ProfileConfig) HasSSOStartURL ¶
func (c *ProfileConfig) HasSSOStartURL() bool
func (*ProfileConfig) HasSourceProfile ¶
func (c *ProfileConfig) HasSourceProfile() bool
func (*ProfileConfig) HasWebIdentity ¶
func (c *ProfileConfig) HasWebIdentity() bool
func (*ProfileConfig) IsChained ¶
func (c *ProfileConfig) IsChained() bool
func (*ProfileConfig) SetSessionTags ¶
func (c *ProfileConfig) SetSessionTags(s string) error
SetSessionTags parses a comma separated key=vaue string and sets Config.SessionTags map
func (*ProfileConfig) SetTransitiveSessionTags ¶
func (c *ProfileConfig) SetTransitiveSessionTags(s string)
SetTransitiveSessionTags parses a comma separated string and sets Config.TransitiveSessionTags
type ProfileSection ¶
type ProfileSection struct {
Name string `ini:"-"`
MfaSerial string `ini:"mfa_serial,omitempty"`
RoleARN string `ini:"role_arn,omitempty"`
ExternalID string `ini:"external_id,omitempty"`
Region string `ini:"region,omitempty"`
RoleSessionName string `ini:"role_session_name,omitempty"`
DurationSeconds uint `ini:"duration_seconds,omitempty"`
SourceProfile string `ini:"source_profile,omitempty"`
IncludeProfile string `ini:"include_profile,omitempty"`
SSOSession string `ini:"sso_session,omitempty"`
SSOStartURL string `ini:"sso_start_url,omitempty"`
SSORegion string `ini:"sso_region,omitempty"`
SSOAccountID string `ini:"sso_account_id,omitempty"`
SSORoleName string `ini:"sso_role_name,omitempty"`
WebIdentityTokenFile string `ini:"web_identity_token_file,omitempty"`
WebIdentityTokenProcess string `ini:"web_identity_token_process,omitempty"`
STSRegionalEndpoints string `ini:"sts_regional_endpoints,omitempty"`
EndpointURL string `ini:"endpoint_url,omitempty"`
SessionTags string `ini:"session_tags,omitempty"`
TransitiveSessionTags string `ini:"transitive_session_tags,omitempty"`
SourceIdentity string `ini:"source_identity,omitempty"`
CredentialProcess string `ini:"credential_process,omitempty"`
MfaProcess string `ini:"mfa_process,omitempty"`
}
ProfileSection is a profile section of the config file
func (ProfileSection) IsEmpty ¶
func (s ProfileSection) IsEmpty() bool
type SSORoleCredentialsProvider ¶
type SSORoleCredentialsProvider struct {
OIDCClient *ssooidc.Client
OIDCTokenCache OIDCTokenCacher
StartURL string
SSOClient *sso.Client
AccountID string
RoleName string
UseStdout bool
}
SSORoleCredentialsProvider creates temporary credentials for an SSO Role.
func (*SSORoleCredentialsProvider) Retrieve ¶
func (p *SSORoleCredentialsProvider) Retrieve(ctx context.Context) (aws.Credentials, error)
Retrieve generates a new set of temporary credentials using SSO GetRoleCredentials.
func (*SSORoleCredentialsProvider) RetrieveStsCredentials ¶
func (p *SSORoleCredentialsProvider) RetrieveStsCredentials(ctx context.Context) (*ststypes.Credentials, error)
type SSOSessionSection ¶
type SSOSessionSection struct {
Name string `ini:"-"`
SSOStartURL string `ini:"sso_start_url,omitempty"`
SSORegion string `ini:"sso_region,omitempty"`
SSORegistrationScopes string `ini:"sso_registration_scopes,omitempty"`
}
SSOSessionSection is a [sso-session] section of the config file
type SessionKeyring ¶
func (*SessionKeyring) Get ¶
func (sk *SessionKeyring) Get(key SessionMetadata) (creds *ststypes.Credentials, err error)
func (*SessionKeyring) GetAllMetadata ¶
func (sk *SessionKeyring) GetAllMetadata() (mm []SessionMetadata, err error)
func (*SessionKeyring) Has ¶
func (sk *SessionKeyring) Has(key SessionMetadata) (bool, error)
func (*SessionKeyring) Keys ¶
func (sk *SessionKeyring) Keys() (kk []SessionMetadata, err error)
func (*SessionKeyring) Remove ¶
func (sk *SessionKeyring) Remove(key SessionMetadata) error
func (*SessionKeyring) RemoveAll ¶
func (sk *SessionKeyring) RemoveAll() (n int, err error)
func (*SessionKeyring) RemoveForProfile ¶
func (sk *SessionKeyring) RemoveForProfile(profileName string) (n int, err error)
func (*SessionKeyring) RemoveOldSessions ¶
func (sk *SessionKeyring) RemoveOldSessions() (n int, err error)
func (*SessionKeyring) Set ¶
func (sk *SessionKeyring) Set(key SessionMetadata, creds *ststypes.Credentials) error
type SessionMetadata ¶
type SessionMetadata struct {
Type string
ProfileName string
MfaSerial string
Expiration time.Time
}
func NewSessionKeyFromString ¶
func NewSessionKeyFromString(s string) (SessionMetadata, error)
func (*SessionMetadata) String ¶
func (k *SessionMetadata) String() string
func (*SessionMetadata) StringForMatching ¶
func (k *SessionMetadata) StringForMatching() string
type SessionTokenProvider ¶
SessionTokenProvider retrieves temporary credentials from STS using GetSessionToken
func (*SessionTokenProvider) Retrieve ¶
func (p *SessionTokenProvider) Retrieve(ctx context.Context) (aws.Credentials, error)
Retrieve generates a new set of temporary credentials using STS GetSessionToken
func (*SessionTokenProvider) RetrieveStsCredentials ¶
func (p *SessionTokenProvider) RetrieveStsCredentials(ctx context.Context) (*ststypes.Credentials, error)
GetSessionToken generates a new set of temporary credentials using STS GetSessionToken
type StsSessionProvider ¶
type StsSessionProvider interface {
aws.CredentialsProvider
RetrieveStsCredentials(ctx context.Context) (*ststypes.Credentials, error)
}
type TempCredentialsCreator ¶
type TempCredentialsCreator struct {
Keyring *CredentialKeyring
// DisableSessions will disable the use of GetSessionToken
DisableSessions bool
// DisableCache will disable the use of the session cache
DisableCache bool
// DisableSessionsForProfile is a profile for which sessions should not be used
DisableSessionsForProfile string
// contains filtered or unexported fields
}
func (*TempCredentialsCreator) GetProviderForProfile ¶
func (t *TempCredentialsCreator) GetProviderForProfile(config *ProfileConfig) (aws.CredentialsProvider, error)
Source Files
¶
- assumeroleprovider.go
- assumerolewithwebidentityprovider.go
- cachedsessionprovider.go
- config.go
- credentialkeyring.go
- credentialprocessprovider.go
- executeprocess.go
- federationtokenprovider.go
- getuser.go
- keyringprovider.go
- mfa.go
- mfa_unix.go
- oidctokenkeyring.go
- sessionkeyring.go
- sessiontokenprovider.go
- ssorolecredentialsprovider.go
- stsendpointresolver.go
- vault.go