ec2rolecreds

package
v0.9.14 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 8, 2015 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewCredentials

func NewCredentials(client *ec2metadata.Client, window time.Duration) *credentials.Credentials

NewCredentials returns a pointer to a new Credentials object wrapping the EC2RoleProvider.

Takes a custom http.Client which can be configured for custom handling of things such as timeout.

Endpoint is the URL that the EC2RoleProvider will connect to when retrieving role and credentials.

Window is the expiry window that will be subtracted from the expiry returned by the role credential request. This is done so that the credentials will expire sooner than their actual lifespan.

Types

type EC2RoleProvider

type EC2RoleProvider struct {
	credentials.Expiry

	// EC2Metadata client to use when connecting to EC2 metadata service
	Client *ec2metadata.Client

	// ExpiryWindow will allow the credentials to trigger refreshing prior to
	// the credentials actually expiring. This is beneficial so race conditions
	// with expiring credentials do not cause request to fail unexpectedly
	// due to ExpiredTokenException exceptions.
	//
	// So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
	// 10 seconds before the credentials are actually expired.
	//
	// If ExpiryWindow is 0 or less it will be ignored.
	ExpiryWindow time.Duration
}

A EC2RoleProvider retrieves credentials from the EC2 service, and keeps track if those credentials are expired.

Example how to configure the EC2RoleProvider with custom http Client, Endpoint or ExpiryWindow

p := &ec2rolecreds.EC2RoleProvider{
    // Pass in a custom timeout to be used when requesting
    // IAM EC2 Role credentials.
    Client: &http.Client{
        Timeout: 10 * time.Second,
    },
    // Use default EC2 Role metadata endpoint, Alternate endpoints can be
    // specified setting Endpoint to something else.
    Endpoint: "",
    // Do not use early expiry of credentials. If a non zero value is
    // specified the credentials will be expired early
    ExpiryWindow: 0,
}

func (*EC2RoleProvider) Retrieve

func (m *EC2RoleProvider) Retrieve() (credentials.Value, error)

Retrieve retrieves credentials from the EC2 service. Error will be returned if the request fails, or unable to extract the desired credentials.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL