processcreds

package

v0.24.0 Latest Latest Go to latest Published: Jul 22, 2020 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aws/aws-sdk-go-v2

Links

Open Source Insights

Documentation ¶

Overview ¶

Package processcreds is a credential Provider to retrieve `credential_process` credentials.

WARNING: The following describes a method of sourcing credentials from an external process. This can potentially be dangerous, so proceed with caution. Other credential providers should be preferred if at all possible. If using this option, you should make sure that the config file is as locked down as possible using security best practices for your operating system.

You can use credentials from a `credential_process` in a variety of ways.

One way is to setup your shared config file, located in the default location, with the `credential_process` key and the command you want to be called. You also need to set the AWS_SDK_LOAD_CONFIG environment variable (e.g., `export AWS_SDK_LOAD_CONFIG=1`) to use the shared config file.

[default]
credential_process = /command/to/call

Loading configuration using external will use the credential process to retrieve credentials. NOTE: If there are credentials in the profile you are using, the credential process will not be used.

    // Initialize a session to load credentials.
	cfg, _ := external.LoadDefaultAWSConfig()

    // Create S3 service client to use the credentials.
    svc := s3.New(cfg)

Another way to use the `credential_process` method is by using `credentials.NewProvider()` and providing a command to be executed to retrieve credentials:

    // Create credentials using the Provider.
	cfg := aws.Config{
		Credentials: processcreds.NewProvider("/path/to/command")
	}

    // Create service client value configured for credentials.
    svc := s3.New(cfg)

You can set a non-default timeout for the `credential_process` with another constructor, `credentials.NewProviderTimeout()`, providing the timeout. To set a one minute timeout:

// Create credentials using the Provider.
provider := processcreds.NewProviderTimeout(
    "/path/to/command",
    time.Duration(500) * time.Millisecond)

If you need more control, you can set any configurable options in the credentials using one or more option functions. For example, you can set a two minute timeout, a credential duration of 60 minutes, and a maximum stdout buffer size of 2k.

provider := processcreds.NewProvider(
    "/path/to/command",
    func(opt *Provider) {
        opt.Timeout = time.Duration(2) * time.Minute
    })

You can also use your own `exec.Cmd`:

// Create an exec.Cmd
myCommand := exec.Command("/path/to/command")

// Create credentials using your exec.Cmd and custom timeout
provider := processcreds.NewProviderCommand(
	myCommand,
	func(opt *processcreds.Provider) {
		opt.Timeout = time.Duration(1) * time.Second
	})

Index ¶

Constants
type Provider
- func NewProvider(command string, options ...func(*ProviderOptions)) *Provider
- func NewProviderCommand(command *exec.Cmd, options ...func(*ProviderOptions)) *Provider
type ProviderOptions

Constants ¶

View Source

const (
	// ProviderName is the name this credentials provider will label any
	// returned credentials Value with.
	ProviderName = `ProcessProvider`

	// ErrCodeProcessProviderParse error parsing process output
	ErrCodeProcessProviderParse = "ProcessProviderParseError"

	// ErrCodeProcessProviderVersion version error in output
	ErrCodeProcessProviderVersion = "ProcessProviderVersionError"

	// ErrCodeProcessProviderRequired required attribute missing in output
	ErrCodeProcessProviderRequired = "ProcessProviderRequiredError"

	// ErrCodeProcessProviderExecution execution of command failed
	ErrCodeProcessProviderExecution = "ProcessProviderExecutionError"

	// DefaultTimeout default limit on time a process can run.
	DefaultTimeout = time.Duration(1) * time.Minute
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Provider ¶

type Provider struct {
	aws.SafeCredentialsProvider
	// contains filtered or unexported fields
}

Provider satisfies the credentials.Provider interface, and is a client to retrieve credentials from a process.

func NewProvider ¶

func NewProvider(command string, options ...func(*ProviderOptions)) *Provider

NewProvider returns a pointer to a new Credentials object wrapping the Provider. The credentials will expire every 15 minutes by default.

func NewProviderCommand ¶

func NewProviderCommand(command *exec.Cmd, options ...func(*ProviderOptions)) *Provider

NewProviderCommand returns a pointer to a new Credentials object with the specified command, and default timeout, duration and max buffer size.

type ProviderOptions ¶

type ProviderOptions struct {
	// ExpiryWindow will allow the credentials to trigger refreshing prior to
	// the credentials actually expiring. This is beneficial so race conditions
	// with expiring credentials do not cause request to fail unexpectedly
	// due to ExpiredTokenException exceptions.
	//
	// So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
	// 10 seconds before the credentials are actually expired.
	//
	// If ExpiryWindow is 0 or less it will be ignored.
	ExpiryWindow time.Duration

	// Timeout limits the time a process can run.
	Timeout time.Duration
}

ProviderOptions is the configuration options for the processcreds Provider

Source Files ¶

View all Source files

provider.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL