本文整理汇总了Golang中github.com/aws/aws-sdk-go/service/iam.IAM类的典型用法代码示例。如果您正苦于以下问题:Golang IAM类的具体用法?Golang IAM怎么用?Golang IAM使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了IAM类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: CreateUser
func (u *User) CreateUser(svc *iam.IAM) error {
params := &iam.CreateUserInput{
UserName: aws.String(u.UserName), // Required
Path: aws.String("/"),
}
_, err := svc.CreateUser(params)
if err != nil {
return err
}
return nil
}
示例2: ValidateAccountId
// ValidateAccountId returns a context-specific error if the configured account
// id is explicitly forbidden or not authorised; and nil if it is authorised.
func (c *Config) ValidateAccountId(iamconn *iam.IAM) error {
if c.AllowedAccountIds == nil && c.ForbiddenAccountIds == nil {
return nil
}
log.Printf("[INFO] Validating account ID")
out, err := iamconn.GetUser(nil)
if err != nil {
return fmt.Errorf("Failed getting account ID from IAM: %s", err)
}
account_id := strings.Split(*out.User.ARN, ":")[4]
if c.ForbiddenAccountIds != nil {
for _, id := range c.ForbiddenAccountIds {
if id == account_id {
return fmt.Errorf("Forbidden account ID (%s)", id)
}
}
}
if c.AllowedAccountIds != nil {
for _, id := range c.AllowedAccountIds {
if id == account_id {
return nil
}
}
return fmt.Errorf("Account ID not allowed (%s)", account_id)
}
return nil
}
示例3: GetGroupPolicy
func (g *Group) GetGroupPolicy(cli *iam.IAM, groupName, policyName string) {
//get-group-policy
req := &iam.GetGroupPolicyInput{
GroupName: aws.String(groupName),
PolicyName: aws.String(policyName),
}
resp, err := cli.GetGroupPolicy(req)
raiseError(err)
policyDocument := parsePolicyDocument(decodeUri(*resp.PolicyDocument))
if len(policyDocument.Statement) < 1 {
fmt.Printf("\"%s\", \"%s\", \"\"\n",
*resp.GroupName,
*resp.PolicyName,
)
}
for i := 0; i < len(policyDocument.Statement); i++ {
if len(policyDocument.Statement[i].Action) < 1 {
fmt.Printf("\"%s\", \"%s\", \"\"\n",
*resp.GroupName,
*resp.PolicyName,
)
}
for j := 0; j < len(policyDocument.Statement[i].Action); j++ {
fmt.Printf("\"%s\", \"%s\", \"%s\"\n",
*resp.GroupName,
*resp.PolicyName,
policyDocument.Statement[i].Action[j],
)
}
}
}
示例4: instanceProfileAddRole
func instanceProfileAddRole(iamconn *iam.IAM, profileName, roleName string) error {
request := &iam.AddRoleToInstanceProfileInput{
InstanceProfileName: aws.String(profileName),
RoleName: aws.String(roleName),
}
_, err := iamconn.AddRoleToInstanceProfile(request)
return err
}
示例5: GetAccountId
func GetAccountId(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (string, error) {
// If we have creds from instance profile, we can use metadata API
if authProviderName == ec2rolecreds.ProviderName {
log.Println("[DEBUG] Trying to get account ID via AWS Metadata API")
cfg := &aws.Config{}
setOptionalEndpoint(cfg)
metadataClient := ec2metadata.New(session.New(cfg))
info, err := metadataClient.IAMInfo()
if err != nil {
// This can be triggered when no IAM Role is assigned
// or AWS just happens to return invalid response
return "", fmt.Errorf("Failed getting EC2 IAM info: %s", err)
}
return parseAccountIdFromArn(info.InstanceProfileArn)
}
// Then try IAM GetUser
log.Println("[DEBUG] Trying to get account ID via iam:GetUser")
outUser, err := iamconn.GetUser(nil)
if err == nil {
return parseAccountIdFromArn(*outUser.User.Arn)
}
awsErr, ok := err.(awserr.Error)
// AccessDenied and ValidationError can be raised
// if credentials belong to federated profile, so we ignore these
if !ok || (awsErr.Code() != "AccessDenied" && awsErr.Code() != "ValidationError") {
return "", fmt.Errorf("Failed getting account ID via 'iam:GetUser': %s", err)
}
log.Printf("[DEBUG] Getting account ID via iam:GetUser failed: %s", err)
// Then try STS GetCallerIdentity
log.Println("[DEBUG] Trying to get account ID via sts:GetCallerIdentity")
outCallerIdentity, err := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
if err == nil {
return *outCallerIdentity.Account, nil
}
log.Printf("[DEBUG] Getting account ID via sts:GetCallerIdentity failed: %s", err)
// Then try IAM ListRoles
log.Println("[DEBUG] Trying to get account ID via iam:ListRoles")
outRoles, err := iamconn.ListRoles(&iam.ListRolesInput{
MaxItems: aws.Int64(int64(1)),
})
if err != nil {
return "", fmt.Errorf("Failed getting account ID via 'iam:ListRoles': %s", err)
}
if len(outRoles.Roles) < 1 {
return "", fmt.Errorf("Failed getting account ID via 'iam:ListRoles': No roles available")
}
return parseAccountIdFromArn(*outRoles.Roles[0].Arn)
}
示例6: detachPolicyFromUser
func detachPolicyFromUser(conn *iam.IAM, user string, arn string) error {
_, err := conn.DetachUserPolicy(&iam.DetachUserPolicyInput{
UserName: aws.String(user),
PolicyArn: aws.String(arn),
})
if err != nil {
return err
}
return nil
}
示例7: detachPolicyFromRole
func detachPolicyFromRole(conn *iam.IAM, role string, arn string) error {
_, err := conn.DetachRolePolicy(&iam.DetachRolePolicyInput{
RoleName: aws.String(role),
PolicyArn: aws.String(arn),
})
if err != nil {
return err
}
return nil
}
示例8: detachPolicyFromGroup
func detachPolicyFromGroup(conn *iam.IAM, group string, arn string) error {
_, err := conn.DetachGroupPolicy(&iam.DetachGroupPolicyInput{
GroupName: aws.String(group),
PolicyArn: aws.String(arn),
})
if err != nil {
return err
}
return nil
}
示例9: ValidateCredentials
// Validate credentials early and fail before we do any graph walking
func (c *Config) ValidateCredentials(iamconn *iam.IAM) error {
_, err := iamconn.GetUser(nil)
if awsErr, ok := err.(awserr.Error); ok {
if awsErr.Code() == "SignatureDoesNotMatch" {
return fmt.Errorf("Failed authenticating with AWS: please verify credentials")
}
}
return err
}
示例10: UserAccount
func UserAccount(iamsvc *iam.IAM) (string, error) {
getUserInput := &iam.GetUserInput{}
getUserOutput, err := iamsvc.GetUser(getUserInput)
if err != nil {
return "", err
}
userAccount := strings.Split(*getUserOutput.User.Arn, ":")
return userAccount[4], nil
}
示例11: iamPolicyListVersions
func iamPolicyListVersions(arn string, iamconn *iam.IAM) ([]*iam.PolicyVersion, error) {
request := &iam.ListPolicyVersionsInput{
PolicyARN: aws.String(arn),
}
response, err := iamconn.ListPolicyVersions(request)
if err != nil {
return nil, fmt.Errorf("Error listing versions for IAM policy %s: %s", arn, err)
}
return response.Versions, nil
}
示例12: detachPolicyFromUsers
func detachPolicyFromUsers(conn *iam.IAM, users []*string, arn string) error {
for _, u := range users {
_, err := conn.DetachUserPolicy(&iam.DetachUserPolicyInput{
UserName: u,
PolicyArn: aws.String(arn),
})
if err != nil {
return err
}
}
return nil
}
示例13: iamPolicyDeleteVersion
func iamPolicyDeleteVersion(arn, versionID string, iamconn *iam.IAM) error {
request := &iam.DeletePolicyVersionInput{
PolicyARN: aws.String(arn),
VersionID: aws.String(versionID),
}
_, err := iamconn.DeletePolicyVersion(request)
if err != nil {
return fmt.Errorf("Error deleting version %s from IAM policy %s: %s", versionID, arn, err)
}
return nil
}
示例14: detachPolicyFromRoles
func detachPolicyFromRoles(conn *iam.IAM, roles []*string, arn string) error {
for _, r := range roles {
_, err := conn.DetachRolePolicy(&iam.DetachRolePolicyInput{
RoleName: r,
PolicyArn: aws.String(arn),
})
if err != nil {
return err
}
}
return nil
}
示例15: detachPolicyFromGroups
func detachPolicyFromGroups(conn *iam.IAM, groups []*string, arn string) error {
for _, g := range groups {
_, err := conn.DetachGroupPolicy(&iam.DetachGroupPolicyInput{
GroupName: g,
PolicyArn: aws.String(arn),
})
if err != nil {
return err
}
}
return nil
}