credential

package

v0.1.6 Latest Latest Go to latest Published: Jun 2, 2023 License: MPL-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hashicorp/boundary-plugin-aws

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GetCredentialsConfig(in *structpb.Struct, region string) (*awsutil.CredentialsConfig, error)
type AwsCredentialPersistedState
- func AwsCredentialPersistedStateFromProto(in *structpb.Struct, opts ...AwsCredentialPersistedStateOption) (*AwsCredentialPersistedState, error)
- func NewAwsCredentialPersistedState(opts ...AwsCredentialPersistedStateOption) (*AwsCredentialPersistedState, error)
type AwsCredentialPersistedStateOption
type CredentialAttributes
- func GetCredentialAttributes(in *structpb.Struct) (*CredentialAttributes, error)

Constants ¶

View Source

const (
	// ConstAccessKey is the key for the region in the aws credentials.
	ConstRegion = "region"

	// ConstAccessKey is the key for the access key id in the aws credentials.
	ConstAccessKeyId = "access_key_id"

	// ConstSecretAccessKey is the key for the secret access key in the aws credentials.
	ConstSecretAccessKey = "secret_access_key"

	// ConstDisableCredentialRotation is the key for the disable credential rotation in the aws credentials.
	ConstDisableCredentialRotation = "disable_credential_rotation"

	// ConstCredsLastRotatedTime is the key for the last rotated time in the aws credentials.
	ConstCredsLastRotatedTime = "creds_last_rotated_time"
)

Variables ¶

This section is empty.

Functions ¶

func GetCredentialsConfig ¶

func GetCredentialsConfig(in *structpb.Struct, region string) (*awsutil.CredentialsConfig, error)

GetCredentialsConfig parses values out of a protobuf struct input and returns a CredentialsConfig used for configuring an AWS session. An error is returned if any of the following fields are missing from the protobuf struct input or have invalid value types: access_key_id, secret_access_key. An error is returned if any unrecognized fields are found in the protobuf struct input.

Types ¶

type AwsCredentialPersistedState ¶

type AwsCredentialPersistedState struct {
	// AccessKeyId is the access key id for the AWS credential.
	AccessKeyId string
	// SecretAccessKey is the secret access key for the AWS credential.
	SecretAccessKey string
	// CredsLastRotatedTime is the last rotation of aws secrets for the AWS credential.
	CredsLastRotatedTime time.Time
	// contains filtered or unexported fields
}

AwsCredentialPersistedState is the persisted state for the AWS credential.

func AwsCredentialPersistedStateFromProto ¶

func AwsCredentialPersistedStateFromProto(in *structpb.Struct, opts ...AwsCredentialPersistedStateOption) (*AwsCredentialPersistedState, error)

AwsCredentialPersistedStateFromProto parses values out of a protobuf struct input and returns a AwsCredentialPersistedState used for configuring an AWS session. An error is returned if any of the following fields are missing from the protobuf struct input or have invalid value types: access_key_id, secret_access_key, & creds_last_rotated_time.

func NewAwsCredentialPersistedState ¶

func NewAwsCredentialPersistedState(opts ...AwsCredentialPersistedStateOption) (*AwsCredentialPersistedState, error)

NewAwsCredentialPersistedState returns a AwsCredentialPersistedState. Supported options include: WithAccessKeyId, WithSecretAccessKey WithCredsLastRotatedTime, & WithRegion.

func (*AwsCredentialPersistedState) DeleteCreds ¶

func (s *AwsCredentialPersistedState) DeleteCreds() error

DeleteCreds deletes the credentials in the state. The access key ID, secret access key, and rotation time fields are zeroed out in the state just to ensure that they cannot be re-used after.

func (*AwsCredentialPersistedState) GetSession ¶

func (s *AwsCredentialPersistedState) GetSession() (*session.Session, error)

GetSession returns a configured AWS session for the credentials in the state.

func (*AwsCredentialPersistedState) ReplaceCreds ¶

func (s *AwsCredentialPersistedState) ReplaceCreds(accessKeyId, secretAccessKey string) error

ReplaceCreds replaces the access key in the state with a new key. If the existing key was rotated at any point in time, it is deleted first, otherwise it's left alone.

func (*AwsCredentialPersistedState) RotateCreds ¶

func (s *AwsCredentialPersistedState) RotateCreds() error

RotateCreds takes the access key and secret key from the persisted state and creates a new access/secret key, then deletes the old access key. If deletion of the old access key is successful, the new access key/secret key are written into the credentials config and the persisted state. On any error, the old credentials are not overwritten. This ensures that any generated new secret key never leaves this function in case of an error, even though it will still result in an extraneous access key existing.

func (*AwsCredentialPersistedState) ToMap ¶

func (s *AwsCredentialPersistedState) ToMap() map[string]any

ToMap returns a map of the credentials stored in the persisted state, which includes the following keys: access_key_id, secret_access_key, & creds_last_rotated_time

func (*AwsCredentialPersistedState) ValidateCreds ¶

func (s *AwsCredentialPersistedState) ValidateCreds() error

ValidateCreds takes the access key and secret key from the persisted state and runs sts.GetCallerIdentity for the current credentials, which is done to check that the credentials are valid.

type AwsCredentialPersistedStateOption ¶

type AwsCredentialPersistedStateOption func(s *AwsCredentialPersistedState) error

func WithAccessKeyId ¶

func WithAccessKeyId(x string) AwsCredentialPersistedStateOption

WithAccessKeyId sets the value for AccesskeyId in the storage persisted state.

func WithCredsLastRotatedTime ¶

func WithCredsLastRotatedTime(t time.Time) AwsCredentialPersistedStateOption

WithCredsLastRotatedTime sets the value for CredsLastRotatedTime in the storage persisted state.

func WithRegion ¶

func WithRegion(with string) AwsCredentialPersistedStateOption

WithRegion sets the value for region in the storage persisted state.

func WithSecretAccessKey ¶

func WithSecretAccessKey(x string) AwsCredentialPersistedStateOption

WithSecretAccessKey sets the value for SecretAccessKey in the storage persisted state.

func WithStateTestOpts ¶

func WithStateTestOpts(opts []awsutil.Option) AwsCredentialPersistedStateOption

WithStateTestOpts enables unit testing different edge cases when using CredentialsConfig. This should never be used in production code. This should only be used in unit tests.

type CredentialAttributes ¶

type CredentialAttributes struct {
	// Region is the region associated with the aws credentials
	Region string

	// DisableCredentialRotation disables the rotation of aws secrets associated with the plugin
	DisableCredentialRotation bool
}

CredentialAttributes contains attributes used for AWS credentials

func GetCredentialAttributes ¶

func GetCredentialAttributes(in *structpb.Struct) (*CredentialAttributes, error)

GetCredentialAttributes parses values out of a protobuf struct input and returns a CredentialAttributes used for configuring an AWS session. An error is returned if any of the following fields are missing from the protobuf struct input or have invalid value types: region, disableCredentialRotation

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL