This repository has been archived by the owner on Feb 16, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #190 from secrethub/release/v0.29.0
Release v0.29.0
- Loading branch information
Showing
26 changed files
with
1,148 additions
and
188 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
package api | ||
|
||
import "net/http" | ||
|
||
// Errors | ||
var ( | ||
ErrCouldNotGetEndpoint = errAPI.Code("aws_endpoint_not_found").StatusError("could not find an AWS endpoint for the provided region", http.StatusBadRequest) | ||
ErrAWSException = errAPI.Code("aws_exception").StatusError("encountered an unexpected problem while verifying your identity on AWS. Please try again later.", http.StatusFailedDependency) | ||
ErrNoServiceWithRole = errAPI.Code("no_service_with_role").StatusErrorPref("no service account found that is linked to the IAM role '%s'", http.StatusNotFound) | ||
ErrNoAWSCredentials = errAPI.Code("missing_aws_credentials").StatusError("request was not signed with AWS credentials", http.StatusUnauthorized) | ||
ErrInvalidAWSCredentials = errAPI.Code("invalid_aws_credentials").StatusError("credentials were not accepted by AWS", http.StatusUnauthorized) | ||
) | ||
|
||
// AuthPayloadAWSSTS is the authentication payload used for authenticating with AWS STS. | ||
type AuthPayloadAWSSTS struct { | ||
Region string `json:"region"` | ||
Request []byte `json:"request"` | ||
} | ||
|
||
// NewAuthRequestAWSSTS returns a new AuthRequest for authentication using AWS STS. | ||
func NewAuthRequestAWSSTS(sessionType SessionType, region string, stsRequest []byte) AuthRequest { | ||
return AuthRequest{ | ||
Method: AuthMethodAWSSTS, | ||
SessionType: sessionType, | ||
Payload: &AuthPayloadAWSSTS{ | ||
Region: region, | ||
Request: stsRequest, | ||
}, | ||
} | ||
} | ||
|
||
// Validate whether the AuthPayloadAWSSTS is valid. | ||
func (pl AuthPayloadAWSSTS) Validate() error { | ||
if pl.Region == "" { | ||
return ErrMissingField("region") | ||
} | ||
if pl.Request == nil { | ||
return ErrMissingField("request") | ||
} | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package api | ||
|
||
import "net/http" | ||
|
||
// Errors | ||
var ( | ||
ErrInvalidGCPIDToken = errAPI.Code("invalid_id_token").StatusError("provided id_token is invalid", http.StatusBadRequest) | ||
ErrNoGCPServiceWithEmail = errAPI.Code("no_service_with_email").StatusErrorPref("no service account found that is linked to the GCP Service Account %s'", http.StatusUnauthorized) | ||
) | ||
|
||
// AuthPayloadGCPServiceAccount is the authentication payload used for authenticating with a GCP Service Account. | ||
type AuthPayloadGCPServiceAccount struct { | ||
IDToken string `json:"id_token"` | ||
} | ||
|
||
// NewAuthRequestGCPServiceAccount returns a new AuthRequest for authentication using a GCP Service Account. | ||
func NewAuthRequestGCPServiceAccount(sessionType SessionType, idToken string) AuthRequest { | ||
return AuthRequest{ | ||
Method: AuthMethodGCPServiceAccount, | ||
SessionType: sessionType, | ||
Payload: &AuthPayloadGCPServiceAccount{ | ||
IDToken: idToken, | ||
}, | ||
} | ||
} | ||
|
||
func (pl AuthPayloadGCPServiceAccount) Validate() error { | ||
if pl.IDToken == "" { | ||
return ErrMissingField("id_token") | ||
} | ||
return nil | ||
} |
Oops, something went wrong.