providers

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 27, 2023 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package providers provides types, errors, constants & New* creation functions for managing Credential Providers.

Index

Constants

View Source 
const (
	DefaultAWSRegion         string = "us-east-1"
	DefaultCredsProviderName string = "default"
)

Variables

View Source 
var ErrInvalidAwsAccessKeyIdEnvValue = errors.New("emtpy or invalid value supplied for the AWS Access Key ID environment variable")
View Source 
var ErrInvalidBaseProviderConfig = errors.New("no base credentials provider found")
View Source 
var ErrInvalidProviderName = errors.New("invalid or empty provider name supplied")
View Source 
var ErrInvalidSecretAccessKeyEnvValue = errors.New("emtpy or invalid value supplied for the AWS Secret Access Key environment variable")
View Source 
var ErrNilProvider = errors.New("nil provider")
View Source 
var ErrUnknownProvider = errors.New("unknown provider")

Functions

This section is empty.

Types

type AssumeRoleCredsProvider 

type AssumeRoleCredsProvider struct {
	DefaultCredsProvider
}

func NewAssumeRoleCredsProvider 

func NewAssumeRoleCredsProvider(context context.Context, name string, options ...CredsProviderOptionsFunc) (*AssumeRoleCredsProvider, error)

NewAssumeRoleCredsProvider creates an AWS client provider with base credentials and an assumed role using the supplied options

AssumeRoleCredsProvider is an extension of the supplied CredsProvider, but additionally uses a role arn (or an aws accountid & role name) to assume that role;

When using this provider, the credentials obtained using base `CredsProvider` are used to assume the supplied role & the stscreds are used to obtain the AWS credentials for this provider.

If no base CredsProvider is supplied, a DefaultCredsProvider is initialized using the default credentials chain & supplied AWS region.

If no RoleArn (or RoleName and AccountID) is supplied, the base CredsProvider credentials are used for this provider's aws.Config.

AWS Region supplied as options for this provider are used as the final AWS region in the aws.Config.

The default or (supplied base) credentials must have the required permissions to be able to assume the role

func (*AssumeRoleCredsProvider) String 

func (p *AssumeRoleCredsProvider) String() string

type CredsProvider 

type CredsProvider interface {
	Key() string
	Config() aws.Config
	// contains filtered or unexported methods
}

CredsProvider is the interface for all CredsProvider types

func Default 

func Default() (CredsProvider, error)

Default returns the 'default' provider

func Get 

func Get(providerName string) (CredsProvider, error)

Get returns the named CredsProvider

type CredsProviderOptions 

type CredsProviderOptions struct {

	// Name for this provider. This name would be used to store & retrieve the provider
	// using the providers.Get() function.
	Name string

	// The AWS Region to set in the config.
	Region *string

	// Is aws.Config to be validated after initialization. Default is false.
	Validation bool

	// Additional LoadOptions to pass to config.LoadDefaultConfig(...) AWS SDK
	// API.
	LoadOptionFns []func(*config.LoadOptions) error

	// The Environment Variable name to fetch the AWS Access Key Id. When not
	// supplied, AWS_ACCESS_KEY_ID is the default.
	AccessKeyIdVar *string

	// The Environment Variable name to fetch the AWS Secret Access Key. When
	// not supplied, AWS_SECRET_ACCESS_KEY is the default.
	SecretAccessKeyVar *string

	// The Environment Variable name to fetch the AWS Session Token. When
	//not supplied AWS_SESSION_TOKEN is the default.
	SessionTokenVar *string

	// The Environment Variable name to fetch the AWS Region from. When
	//no supplied AWS_REGION is the default.
	RegionVar *string

	// The AWS credentials file to use. If not supplied, the default is
	// ~/.aws/credentials
	CredentialsFile *string

	// The AWS config file to use. If not supplied, the default is
	// ~/.aws/config
	ConfigFile *string

	// The config profile to use. If not supplied, the default is
	// the profile named `default`
	ConfigProfile *string

	// The Role ARN to assume for the final credentials to use. When Role
	// ARN is supplied, the AccountID & RoleName are ignored.
	RoleArn *string

	// The Account ID for the role to assume for the final credentials to
	// use. RoleName must also be supplied. If RoleArn is supplied, it
	// takes precedence
	AccountId *string

	// The Role Name to assume for the final credentials. AccountId must
	// also be supplied. If RoleArn is supplied, it takes precedence
	RoleName *string

	// The base CredsProvider name, to use & build the STS client for assuming
	// the role for the final credentials. If the named provider does
	// not exists this value is ignore. If BaseCredsProvider value is
	// supplied it takes precedence.
	BaseCredsProviderName *string

	// The base CredsProvider to use & build the STS client for assuming
	// the role for the final credentials. If the BaseCredsProviderName is
	// also supplied, it is ignored & this CredsProvider takes precedence
	BaseCredsProvider CredsProvider
}

CredsProviderOptions are a set of options that are valid for `CredProviders` types Not all options are used for all `CredProviders`.

type CredsProviderOptionsFunc 

type CredsProviderOptionsFunc func(*CredsProviderOptions)

CredsProviderOptionsFunc is a type alias for CredsProviderOptions functional option

func ValidateProvider 

func ValidateProvider() CredsProviderOptionsFunc

ValidateProvider turns on credential validation. This acts as an early failure check. The NewXXXCredsProvider() builder functions fails with a no-nil error if the credentials are invalid.

If invalid credentials are not validated at this stage, any API operations using an AWS SDK client generated with this provider will result in errors due to failure to sign requests properly.

The validation step performs an `sts:GetCallerIdentity()` operation which does not require any specific permissions.

func WithAccessKeyIdFrom 

func WithAccessKeyIdFrom(envVarKey string) CredsProviderOptionsFunc

WithAccessKeyIdFrom specify the environemt variable to use to read access key id

func WithAccountId 

func WithAccountId(accountid string) CredsProviderOptionsFunc

WithAccountId specify the aws account Id for the role to assume; must also specify role name

func WithBaseCredsProvider 

func WithBaseCredsProvider(base CredsProvider) CredsProviderOptionsFunc

WithBaseCredsProvider supply a creds provider to use as the baseline provider to assume the role supplied. These credentials must be for a princpal that has sts:assumeRole permissions on the supplied role arn; This option takes precendence over the creds provider name.

func WithBaseCredsProviderName 

func WithBaseCredsProviderName(name string) CredsProviderOptionsFunc

WithBaseCredsProvideName specify the name of the existing creds provider to use as the baseline provider to assume the role supplied. These credentials must be for a princpal that has sts:assumeRole permissions on the supplied role arn; If a base CredsProvider is also supplied, that option takes precendence over this.

func WithConfigFile 

func WithConfigFile(path string) CredsProviderOptionsFunc

WithConfigFile specify config path for the config file to use

func WithConfigLoadOptFns 

func WithConfigLoadOptFns(optFns ...func(*config.LoadOptions) error) CredsProviderOptionsFunc

WithConfigLoadOptFns supplies functional options to pass additional configuration options directly to underlying calls to `config.LoadDefaultConfig()`

func WithConfigProfile 

func WithConfigProfile(profile string) CredsProviderOptionsFunc

WithConfigProfile specify config path for the config file to use

func WithCredentialsFile 

func WithCredentialsFile(path string) CredsProviderOptionsFunc

WithCredentialsFile specify path for the credentials file to use

func WithDefaultRegion 

func WithDefaultRegion() CredsProviderOptionsFunc

WithDefaultRegion sets `providers.AWSDefaultRegion` (us-east-1) as the AWS Region to use by the ßnderlying aws.onfig

func WithRegion 

func WithRegion(region string) CredsProviderOptionsFunc

WithRegion sets the supplied region as the AWS Region to use by the underlying aws.Config

func WithRegionFrom 

func WithRegionFrom(envVarKey string) CredsProviderOptionsFunc

WithRegionFrom specify the environment variable to use to read aws region

func WithRoleArn 

func WithRoleArn(arn string) CredsProviderOptionsFunc

WithRoleArn specify the role arn to assume; if supplied account id and role name are ignored

func WithRoleName 

func WithRoleName(name string) CredsProviderOptionsFunc

WithRoleName specify the role name for the role to assume; must also specify account id

func WithSecretAccessKeyFrom 

func WithSecretAccessKeyFrom(envVarKey string) CredsProviderOptionsFunc

WithSecretAccessKeyFrom specify the environment variable to use to read secret access key

func WithSessionTokenFrom 

func WithSessionTokenFrom(envVarKey string) CredsProviderOptionsFunc

WithSessionTokenFrom specify the environment variable to use to read session token

type DefaultCredsProvider 

type DefaultCredsProvider struct {
	CredsProviderOptions
	// contains filtered or unexported fields
}

DefaultCredsProvider type

func NewDefaultCredsProvider 

func NewDefaultCredsProvider(context context.Context, name string, options ...CredsProviderOptionsFunc) (*DefaultCredsProvider, error)

NewDefaultCredsProvider creates an AWS client provider based on the default credential chain using the supplied options

DefaultCredsProvider is a default Client Provider wrapper; This behaves like the underlying AWS SDK client configuration & uses the default credentials chain to use environment, shared config or AWS IAM roles in a specified order, determined by the AWS SDK itself.

func (*DefaultCredsProvider) Config 

func (p *DefaultCredsProvider) Config() aws.Config

func (*DefaultCredsProvider) Key 

func (p *DefaultCredsProvider) Key() string

func (*DefaultCredsProvider) String 

func (p *DefaultCredsProvider) String() string

type EnvironmentCredsProvider 

type EnvironmentCredsProvider struct {
	DefaultCredsProvider
}

EnvironmentCredsProvider type

func NewEnvironmentCredsProvider 

func NewEnvironmentCredsProvider(context context.Context, name string, options ...CredsProviderOptionsFunc) (*EnvironmentCredsProvider, error)

NewEnvironmentCredsProvider creates an AWS client provider based on the static credentials from env vars using the supplied options

EnvironmentCredsProvider uses AWS credentials supplied via environment variables. By default it uses standard AWS environment variables for static credential. It also allows overriding & using other variables name for the three.

  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY
  • AWS_SESSION_TOKEN

AWS Region is set using the following precendence 1- If specified with option WithRegionFrom(envvar) & non-empty value is set for that env var 2- If a non-empty value exists for env var AWS_REGION 3- AWS Regsion set with WithDefaultRegion() or WithRegion(region) options 4- The AWsDefaultRegion

func (*EnvironmentCredsProvider) String 

func (p *EnvironmentCredsProvider) String() string

type EnvironmentCredsProviderBuilder 

type EnvironmentCredsProviderBuilder struct {
	Provider *EnvironmentCredsProvider
}

type EnvirontmentClientProviderOption 

type EnvirontmentClientProviderOption func(CredsProvider)

type SharedConfigCredsProvider 

type SharedConfigCredsProvider struct {
	DefaultCredsProvider
}

SharedConfigCredsProvider type

func NewSharedConfigCredsProvider 

func NewSharedConfigCredsProvider(context context.Context, name string, options ...CredsProviderOptionsFunc) (*SharedConfigCredsProvider, error)

NewSharedConfigCredsProvider creates an AWS client provider based on the AWS SDK shared credentials & config using the supplied options

SharedConfigCredsProvider uses AWS shared configuration files. By default the AWS SDK default shared credentials & config files are used. It also allows overriding & loading shard configuration from custom locations ~/.aws/credentials ~/.aws/cofig If not supplied, this provider uses `default` as the default value for the config profile to use.

func (*SharedConfigCredsProvider) String 

func (p *SharedConfigCredsProvider) String() string

type WebIdentityClientProvider 

type WebIdentityClientProvider struct {
	DefaultCredsProvider
}

todo

type WebTokenClientProvider 

type WebTokenClientProvider struct {
	DefaultCredsProvider
}

todo

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.