aws

package
v0.42.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 25, 2026 License: Apache-2.0 Imports: 25 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	ProviderName = "aws"
)

ProviderName is the name of the AWS authentication provider.

Variables

This section is empty.

Functions

func NewCredentialsProvider 

func NewCredentialsProvider(ctx context.Context, opts ...auth.Option) aws.CredentialsProvider

NewCredentialsProvider creates a new credentials provider for the given options.

func ValidateSTSEndpoint 

func ValidateSTSEndpoint(endpoint string) error

ValidateSTSEndpoint checks if the provided STS endpoint is valid.

Global and regional endpoints: 

https://docs.aws.amazon.com/general/latest/gr/sts.html

VPC endpoint examples: 

https://vpce-002b7cc8966426bc6-njisq19r.sts.us-east-1.vpce.amazonaws.com
https://vpce-002b7cc8966426bc6-njisq19r-us-east-1a.sts.us-east-1.vpce.amazonaws.com

Types

type Credentials added in v0.21.0 

type Credentials struct{ types.Credentials }

Credentials is the AWS token.

func (*Credentials) GetDuration added in v0.21.0 

func (c *Credentials) GetDuration() time.Duration

GetDuration implements auth.Token.

type Implementation 

type Implementation interface {
	LoadDefaultConfig(ctx context.Context, optFns ...func(*config.LoadOptions) error) (aws.Config, error)
	AssumeRoleWithWebIdentity(ctx context.Context, params *sts.AssumeRoleWithWebIdentityInput, options sts.Options) (*sts.AssumeRoleWithWebIdentityOutput, error)
	GetAuthorizationToken(ctx context.Context, cfg aws.Config) (any, error)
	GetPublicAuthorizationToken(ctx context.Context, cfg aws.Config) (any, error)
	DescribeCluster(ctx context.Context, params *eks.DescribeClusterInput, options eks.Options) (*eks.DescribeClusterOutput, error)
	PresignGetCallerIdentity(ctx context.Context, optFn func(*sts.PresignOptions), options sts.Options) (*signerv4.PresignedHTTPRequest, error)
}

Implementation provides the required methods of the AWS libraries.

type Provider 

type Provider struct{ Implementation }

Provider implements the auth.Provider interface for AWS authentication.

func (Provider) GetAccessTokenOptionsForArtifactRepository added in v0.21.0 

func (p Provider) GetAccessTokenOptionsForArtifactRepository(artifactRepository string) ([]auth.Option, error)

GetAccessTokenOptionsForArtifactRepository implements auth.Provider.

func (Provider) GetAccessTokenOptionsForCluster added in v0.21.0 

func (Provider) GetAccessTokenOptionsForCluster(opts ...auth.Option) ([][]auth.Option, error)

GetAccessTokenOptionsForCluster implements auth.Provider.

func (Provider) GetAccessTokenOptionsForGitRepository added in v0.42.0 

func (Provider) GetAccessTokenOptionsForGitRepository(gitURL *url.URL) ([]auth.Option, error)

GetAccessTokenOptionsForGitRepository implements auth.GitCredentialsProvider. AWS requires a region for obtaining access credentials. To avoid requiring callers to pass a region in addition to the CodeCommit URL, we extract the region from the URL and inject it as STSRegion so that object-level workload identity (which requires an explicit region) works without extra config.

func (Provider) GetAudiences added in v0.21.0 

func (Provider) GetAudiences(context.Context, corev1.ServiceAccount) ([]string, error)

GetAudiences implements auth.Provider.

func (Provider) GetIdentity 

func (Provider) GetIdentity(serviceAccount corev1.ServiceAccount) (string, error)

GetIdentity implements auth.Provider.

func (Provider) GetName 

func (Provider) GetName() string

GetName implements auth.Provider.

func (Provider) NewArtifactRegistryCredentials added in v0.12.0 

func (p Provider) NewArtifactRegistryCredentials(ctx context.Context, registryInput string,
	accessToken auth.Token, opts ...auth.Option) (*auth.ArtifactRegistryCredentials, error)

NewArtifactRegistryCredentials implements auth.Provider.

func (Provider) NewControllerToken added in v0.12.0 

func (p Provider) NewControllerToken(ctx context.Context, opts ...auth.Option) (auth.Token, error)

NewControllerToken implements auth.Provider.

func (Provider) NewGitCredentials added in v0.42.0 

func (Provider) NewGitCredentials(_ context.Context, gitInput string,
	accessToken auth.Token, _ ...auth.Option) (*auth.GitCredentials, error)

NewGitCredentials implements auth.GitCredentialsProvider.

func (Provider) NewRESTConfig added in v0.21.0 

func (p Provider) NewRESTConfig(ctx context.Context, accessTokens []auth.Token,
	opts ...auth.Option) (*auth.RESTConfig, error)

NewRESTConfig implements auth.Provider.

Reference: https://docs.aws.amazon.com/eks/latest/best-practices/identity-and-access-management.html#_controlling_access_to_eks_clusters

func (Provider) NewTokenForServiceAccount 

func (p Provider) NewTokenForServiceAccount(ctx context.Context, oidcToken string,
	serviceAccount corev1.ServiceAccount, opts ...auth.Option) (auth.Token, error)

NewTokenForServiceAccount implements auth.Provider.

func (Provider) ParseArtifactRepository added in v0.12.0 

func (Provider) ParseArtifactRepository(artifactRepository string) (string, error)

ParseArtifactRepository implements auth.Provider. ParseArtifactRepository returns the ECR region, unless the registry is public.ecr.aws, in which case it returns public.ecr.aws.

func (Provider) ParseGitRepository added in v0.42.0 

func (Provider) ParseGitRepository(gitURL *url.URL) (string, error)

ParseGitRepository implements auth.GitCredentialsProvider. It validates the URL is a CodeCommit URL and returns the URL string so that it is included in the cache key: CodeCommit credentials are a SigV4 signature over the request URL, so distinct URLs must map to distinct cache entries.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.