Documentation
¶
Overview ¶
Package kion provides functions to interact with the Kion API.
Index ¶
- Variables
- func ConvertAccessType(accessType string) string
- func CreateFavorite(host string, token string, favorite structs.Favorite) (structs.Favorite, int, error)
- func DeleteFavorite(host string, token string, favoriteName string) (int, error)
- func DownloadSAMLMetadata(metadataURL string) (*samlTypes.EntityDescriptor, error)
- func GetAPIFavorites(host string, token string) ([]structs.Favorite, int, error)
- func GetFederationURL(host string, token string, car CAR) (string, error)
- func GetSessionDuration(host string, token string) (int, error)
- func GetVersion(host string) (string, error)
- func ReadSAMLMetadataFile(metadataFile string) (*samlTypes.EntityDescriptor, error)
- type APIRespBody
- type AccessData
- type Account
- type AuthData
- type AuthRequest
- type CAR
- func GetAllCARsByName(host string, token string, carName string) ([]CAR, error)
- func GetCARByName(host string, token string, carName string) (CAR, error)
- func GetCARByNameAndAccount(host string, token string, carName string, accountNumber string) (CAR, error)
- func GetCARByNameAndAlias(host string, token string, carName string, accountAlias string) (CAR, error)
- func GetCARS(host string, token string, alias string) ([]CAR, error)
- func GetCARSOnAccount(host string, token string, accID uint) ([]CAR, error)
- func GetCARSOnProject(host string, token string, projID uint, accID uint) ([]CAR, error)
- type CSRFResponse
- type ConsoleAccessCAR
- type FavoritesResponse
- type IDMS
- type Project
- type SSOAuthResponse
- type STAK
- type STAKRequest
- type SamlCallbackResult
- type Session
- type TokenData
- type URLRequest
Constants ¶
This section is empty.
Variables ¶
var ( // SAMLLocalAuthPort is the port to use to accept back the access token from SAML SAMLLocalAuthPort = "8400" AuthPage = `` /* 2685-byte string literal not displayed */ )
Functions ¶
func ConvertAccessType ¶ added in v0.15.0
ConvertAccessType converts the access type string between what the API uses and the CLI. It converts "console_access" to "web", and vice versa, and "short_term_key_access" to "cli" and vice versa. If the access type does not match any of these, it returns the original string.
func CreateFavorite ¶ added in v0.15.0
func DeleteFavorite ¶ added in v0.15.0
func DownloadSAMLMetadata ¶
func DownloadSAMLMetadata(metadataURL string) (*samlTypes.EntityDescriptor, error)
func GetAPIFavorites ¶ added in v0.15.0
GetAPIFavorites returns a list of a user's Favorites associated with a given Kion from the API
func GetFederationURL ¶
GetFederationURL queries the Kion API to generate a federation URL.
func GetSessionDuration ¶ added in v0.2.0
GetSessionDuration returns the AWS session duration configuration Kion uses to generate session tokens. If 403 is received, we assume the shortest setting of 15 minutes.
func GetVersion ¶ added in v0.1.0
GetVersion returns the targeted Kion's version number.
func ReadSAMLMetadataFile ¶
func ReadSAMLMetadataFile(metadataFile string) (*samlTypes.EntityDescriptor, error)
Types ¶
type APIRespBody ¶ added in v0.15.0
type APIRespBody struct {
Status int `json:"status"`
Message string `json:"message"`
Data json.RawMessage `json:"data"`
}
type AccessData ¶
type AccessData struct {
Access TokenData `json:"access"`
}
type Account ¶
type Account struct {
Email string `json:"account_email"`
Name string `json:"account_name"`
Alias string `json:"account_alias"`
Number string `json:"account_number"`
TypeID uint `json:"account_type_id"`
ID uint `json:"id"`
IncludeLinkedAccountSpend bool `json:"include_linked_account_spend"`
LinkedAccountNumber string `json:"linked_account_number"`
LinkedRole string `json:"linked_role"`
PayerID uint `json:"payer_id"`
ProjectID uint `json:"project_id"`
SkipAccessChecking bool `json:"skip_access_checking"`
UseOrgAccountInfo bool `json:"use_org_account_info"`
}
Account maps to the Kion API response for account data.
func GetAccount ¶
GetAccount returns an account by the given account number.
type AuthData ¶
func AuthenticateSAML ¶
func AuthenticateSAMLOld ¶ added in v0.4.0
func AuthenticateSAMLOld(appURL string, metadata *samlTypes.EntityDescriptor, serviceProviderIssuer string, printURL bool) (*AuthData, error)
AuthenticateSAMLOld is the old version of AuthenticateSAML that does not use a cookie-based exchange.
type AuthRequest ¶
type AuthRequest struct {
IDMSID uint `json:"idms"`
Username string `json:"username"`
Password string `json:"password"`
}
AuthRequest maps to the required post body when interfacing with the Kion API.
type CAR ¶
type CAR struct {
AccountID uint `json:"account_id"`
AccountNumber string `json:"account_number"`
AccountType string `json:"account_type"`
AccountTypeID uint `json:"account_type_id"`
AccountName string `json:"account_name"`
AccountAlias string `json:"account_alias"`
ApplyToAllAccounts bool `json:"apply_to_all_accounts"`
AwsIamPath string `json:"aws_iam_path"`
AwsIamRoleName string `json:"aws_iam_role_name"`
CloudAccessRoleType string `json:"cloud_access_role_type"`
CreatedAt struct {
Time time.Time `json:"Time"`
Valid bool `json:"Valid"`
} `json:"created_at"`
DeletedAt struct {
Time time.Time `json:"Time"`
Valid bool `json:"Valid"`
} `json:"deleted_at"`
FutureAccounts bool `json:"future_accounts"`
ID uint `json:"id"`
LongTermAccessKeys bool `json:"long_term_access_keys"`
Name string `json:"name"`
ProjectID uint `json:"project_id"`
ShortTermAccessKeys bool `json:"short_term_access_keys"`
UpdatedAt struct {
Time time.Time `json:"Time"`
Valid bool `json:"Valid"`
} `json:"updated_at"`
WebAccess bool `json:"web_access"`
}
CAR maps to the Kion API response for cloud access roles.
func GetAllCARsByName ¶ added in v0.1.0
GetAllCARsByName returns a slice of cars that matches a given name.
func GetCARByName ¶ added in v0.0.2
GetCARByName returns a car that matches a given name. IMPORTANT: please use GetCARByNameAndAccount instead where possible as there are no constraints against CARs with duplicate names, this function is kept as a convenience and workaround for users on older version of Kion that have limited permissions.
func GetCARByNameAndAccount ¶ added in v0.1.0
func GetCARByNameAndAccount(host string, token string, carName string, accountNumber string) (CAR, error)
GetCARByNameAndAccount returns a car that matches by name and account number.
func GetCARByNameAndAlias ¶ added in v0.6.0
func GetCARByNameAndAlias(host string, token string, carName string, accountAlias string) (CAR, error)
GetCARByNameAndAlias returns a car that matches by name and account alias.
func GetCARS ¶
GetCARS queries the Kion API for all cloud access roles to which the authenticated user has access. Deleted CARs will be excluded.
func GetCARSOnAccount ¶
GetCARSOnAccount returns all cloud access roles that match a given account.
type CSRFResponse ¶
type CSRFResponse struct {
Data string `json:"data"`
}
type ConsoleAccessCAR ¶ added in v0.0.2
type ConsoleAccessCAR struct {
CARName string `json:"name"`
CARID uint `json:"id"`
CARRoleType string `json:"role_type"`
Accounts []Account `json:"accounts"`
ConsoleAccess bool `json:"console_access"`
STAKAccess bool `json:"short_term_key_access"`
LTAKAccess bool `json:"long_term_key_access"`
AwsIamRoleName string `json:"aws_iam_role_name"`
}
ConsoleAccessCAR maps to the Kion API response for CAR data.
func GetConsoleAccessCARS ¶ added in v0.0.2
func GetConsoleAccessCARS(host string, token string, projID uint) ([]ConsoleAccessCAR, error)
GetConsoleAccessCARS hits the private API endpoint to gather all cloud access roles a user has access to. This method should only be used as a fallback.
type FavoritesResponse ¶ added in v0.15.0
type FavoritesResponse struct {
Status int `json:"status"`
Favorites []structs.Favorite `json:"data"`
}
FavoritesResponse maps to the Kion API response.
type IDMS ¶
type IDMS struct {
ID uint `json:"id"`
IdmsTypeID uint `json:"idms_type_id"`
Name string `json:"name"`
}
IDMS maps to the Kion API response for configured IDMSs.
type Project ¶
type Project struct {
Archived bool `json:"archived"`
AutoPay bool `json:"auto_pay"`
DefaultAwsRegion string `json:"default_aws_region"`
Description string `json:"description"`
ID uint `json:"id"`
Name string `json:"name"`
OuID uint `json:"ou_id"`
}
Project maps to the Kion API response for projects.
func GetProjectByID ¶ added in v0.1.0
GetProjectByID returns the project for a given project ID. Note that if a user has car access only to a project this will return a 403. To accommodate users with minimal permissions test response codes and fallback accordingly or use GetProjects which will work but be more verbose.
type SSOAuthResponse ¶
type SSOAuthResponse struct {
Data AccessData `json:"data"`
}
type STAK ¶
type STAK struct {
AccessKey string `json:"access_key"`
SecretAccessKey string `json:"secret_access_key"`
SessionToken string `json:"session_token"`
Duration int64 `json:"duration"`
Expiration time.Time
}
STAK maps to the Kion API response for short term access keys.
type STAKRequest ¶
type STAKRequest struct {
AccountNumber string `json:"account_number"`
AccountAlias string `json:"account_alias"`
CARName string `json:"cloud_access_role_name"`
}
STAKRequest maps to the required post body when interfacing with the Kion API.
type SamlCallbackResult ¶
type Session ¶
type Session struct {
// ID int `json:"id"`
IDMSID uint
UserName string
// UserID int `json:"user_id"`
Access struct {
Expiry string `json:"expiry"`
Token string `json:"token"`
} `json:"access"`
Refresh struct {
Expiry string `json:"expiry"`
Token string `json:"token"`
} `json:"refresh"`
}
Session maps to the session data returned by Kion after authentication.
type URLRequest ¶
type URLRequest struct {
AccountID uint `json:"account_id"`
AccountName string `json:"account_name"`
AccountNumber string `json:"account_number"`
AWSIAMRoleName string `json:"aws_iam_role_name"`
AccountTypeID uint `json:"account_type_id"`
RoleID uint `json:"role_id"`
RoleType string `json:"role_type"`
}
URLRequest maps to the required post body when interfacing with the Kion API.
Source Files