creds

Documentation

Index

• Constants
• Variables
• func FromSTS(src *sts.Credentials) aws.Credentials
• func Set(c *aws.Client, cp aws.CredentialsProvider)
• func ValidFor(cr *aws.Credentials, d time.Duration) bool
• func ValidUntil(cr *aws.Credentials, t time.Time) bool
• type Client
  • func NewClient(cfg *aws.Config) Client
  • func (Client) GobDecode([]byte) error
  • func (Client) GobEncode() ([]byte, error)
• type Ident
  • func (id Ident) SessName() string
  • func (id *Ident) Set(out *sts.GetCallerIdentityOutput)
• type Provider
  • func RenewableProvider(fn RenewFunc) *Provider
  • func StaticProvider(cr aws.Credentials, err error) *Provider
  • func WrapProvider(cp aws.CredentialsProvider) *Provider
  • func (p *Provider) Creds() (aws.Credentials, error)
  • func (p *Provider) Ensure(d time.Duration) error
  • func (p *Provider) Retrieve() (aws.Credentials, error)
  • func (p *Provider) Store(cr aws.Credentials, err error)
• type Proxy
  • func (p *Proxy) AssumeRole(role arn.ARN, d time.Duration) *Provider
  • func (p *Proxy) Init() error
  • func (p *Proxy) Provider(in *sts.AssumeRoleInput) *Provider
  • func (p *Proxy) Role(account, role string) arn.ARN
• type RenewFunc

Constants

const (
	ProxyProviderName  = "ProxyCredentialsProvider"
	StaticProviderName = "StaticCredentialsProvider"
)

Source names of credentials providers.

Variables

var ErrUnable = errors.New("creds: unable to satisfy minimum expiration time")

ErrUnable is returned by Provider if the credentials do not satisfy the requested validity duration after successful renewal.

Functions

func FromSTS

func FromSTS(src *sts.Credentials) aws.Credentials

FromSTS converts STS credentials to client credentials.

func Set

func Set(c *aws.Client, cp aws.CredentialsProvider)

Set is a convenience function to set client credentials. SDK v2 is a bit confused about which field to use for this purpose.

func ValidFor

func ValidFor(cr *aws.Credentials, d time.Duration) bool

ValidFor returns true if credentials cr will remain valid for duration d.

func ValidUntil

func ValidUntil(cr *aws.Credentials, t time.Time) bool

ValidUntil returns true if credentials cr will remain valid until time t.

Types

type Client

type Client struct{ sts.STS }

Client extends STS API client.

func NewClient

func NewClient(cfg *aws.Config) Client

NewClient returns a new STS client.

func (Client) GobDecode

func (Client) GobDecode([]byte) error

GobDecode prevents the client from being decoded by gob.

func (Client) GobEncode

func (Client) GobEncode() ([]byte, error)

GobEncode prevents the client from being encoded by gob.

type Ident

type Ident struct {
	arn.ARN
	Account string
	UserID  string
}

Ident contains the results of sts:GetCallerIdentity API call.

func (Ident) SessName

func (id Ident) SessName() string

SessName returns the RoleSessionName for the current identity.

func (*Ident) Set

func (id *Ident) Set(out *sts.GetCallerIdentityOutput)

Set updates identity information from call output.

type Provider

type Provider struct {
	// contains filtered or unexported fields
}

Provider is a replacement for aws.SafeCredentialsProvider. It allows clients to ensure credential validity for a period of time in the future. It also caches errors to avoid unnecessary network traffic. Provider values must not be copied.

func RenewableProvider

func RenewableProvider(fn RenewFunc) *Provider

RenewableProvider returns an aws.CredentialsProvider that automatically renews its credentials as they expire.

func StaticProvider

func StaticProvider(cr aws.Credentials, err error) *Provider

StaticProvider returns an aws.CredentialsProvider that provides static credentials or an error.

func WrapProvider

func WrapProvider(cp aws.CredentialsProvider) *Provider

WrapProvider converts an existing aws.CredentialsProvider to a Provider instance. If cp is a SafeCredentialsProvider, it must not be used by other goroutines during this call, and its RetrieveFn will no longer be protected by a single mutex if the old and new providers are used concurrently.

func (*Provider) Creds

func (p *Provider) Creds() (aws.Credentials, error)

Creds returns currently cached credentials and error without renewal.

func (*Provider) Ensure

func (p *Provider) Ensure(d time.Duration) error

Ensure ensures that credentials will remain valid for the specified duration, renewing them if necessary. A negative duration forces unconditional renewal. ErrUnable is returned if the validity period cannot be satisfied.

func (*Provider) Retrieve

func (p *Provider) Retrieve() (aws.Credentials, error)

Retrieve implements aws.CredentialsProvider.

func (*Provider) Store

func (p *Provider) Store(cr aws.Credentials, err error)

Store replaces any cached credentials and/or error with the specified values.

type Proxy

type Proxy struct {
	Client   Client
	Ident    Ident
	SessName string
}

Proxy provides IAM role credentials via sts:AssumeRole API.

func (*Proxy) AssumeRole

func (p *Proxy) AssumeRole(role arn.ARN, d time.Duration) *Provider

AssumeRole returns a new Provider for the specified role. Default session duration is used if d is zero.

func (*Proxy) Init

func (p *Proxy) Init() error

Init initializes client identity information and role session name.

func (*Proxy) Provider

func (p *Proxy) Provider(in *sts.AssumeRoleInput) *Provider

Provider returns a new Provider that calls AssumeRole with the specified input.

func (*Proxy) Role

func (p *Proxy) Role(account, role string) arn.ARN

Role returns the ARN for the specified account and role name. Account may be empty to use the account of the client credentials.

type RenewFunc

type RenewFunc func() (aws.Credentials, error)

RenewFunc renews client credentials. CanExpire and Expires fields control error caching if an error is returned. If CanExpire is false, Provider automatically caches the error for a limited amount of time.