Documentation ¶
Index ¶
- Constants
- Variables
- func DefaultSharedConfigFilename() string
- func DefaultSharedCredentialsFilename() string
- func GetContainerCredentialsEndpointPath(configs Configs) (string, bool, error)
- func GetCredentialsEndpoint(configs Configs) (string, bool, error)
- func GetCredentialsValue(configs Configs) (aws.Credentials, bool, error)
- func GetCustomCABundle(configs Configs) ([]byte, bool, error)
- func GetMFATokenFunc(configs Configs) (func() (string, error), bool, error)
- func GetRegion(configs Configs) (string, bool, error)
- func GetSharedConfigFiles(configs Configs) ([]string, bool, error)
- func GetSharedConfigProfile(configs Configs) (string, bool, error)
- func LoadDefaultAWSConfig(configs ...Config) (aws.Config, error)
- func ResolveAssumeRoleCredentials(cfg *aws.Config, configs Configs) error
- func ResolveContainerEndpointPathCredentials(cfg *aws.Config, configs Configs) error
- func ResolveCredentialsValue(cfg *aws.Config, configs Configs) error
- func ResolveCustomCABundle(cfg *aws.Config, configs Configs) error
- func ResolveDefaultAWSConfig(cfg *aws.Config, configs Configs) error
- func ResolveEndpointCredentials(cfg *aws.Config, configs Configs) error
- func ResolveFallbackEC2Credentials(cfg *aws.Config, configs Configs) error
- func ResolveRegion(cfg *aws.Config, configs Configs) error
- type AWSConfigResolver
- type AssumeRoleConfig
- type AssumeRoleConfigProvider
- type Config
- type ConfigLoader
- type Configs
- type ContainerCredentialsEndpointPathProvider
- type CredentialsEndpointProvider
- type CredentialsValueProvider
- type CustomCABundleProvider
- type EnvConfig
- func (c EnvConfig) GetContainerCredentailsEndpointPath() (string, error)
- func (c EnvConfig) GetCredentialsEndpoint() (string, error)
- func (c EnvConfig) GetCredentialsValue() (aws.Credentials, error)
- func (c EnvConfig) GetCustomCABundle() ([]byte, error)
- func (c EnvConfig) GetRegion() (string, error)
- func (c EnvConfig) GetSharedConfigFiles() ([]string, error)
- func (c EnvConfig) GetSharedConfigProfile() (string, error)
- type MFATokenFuncProvider
- type RegionProvider
- type SharedConfig
- type SharedConfigAssumeRoleError
- type SharedConfigFileNotExistError
- type SharedConfigFilesProvider
- type SharedConfigLoadError
- type SharedConfigNotExistErrors
- type SharedConfigProfileNotExistError
- type SharedConfigProfileProvider
- type WithAssumeRoleConfig
- type WithContainerCredentialsEndpointPath
- type WithCredentialsEndpoint
- type WithCredentialsValue
- type WithCustomCABundle
- type WithEC2MetadataRegion
- type WithMFATokenFunc
- type WithRegion
- type WithSharedConfigFiles
- type WithSharedConfigProfile
Constants ¶
const ( AWSAccessKeyIDEnvVar = "AWS_ACCESS_KEY_ID" AWSAccessKeyEnvVar = "AWS_ACCESS_KEY" AWSSecreteAccessKeyEnvVar = "AWS_SECRET_ACCESS_KEY" AWSSecreteKeyEnvVar = "AWS_SECRET_KEY" AWSSessionTokenEnvVar = "AWS_SESSION_TOKEN" AWSCredentialsEndpointEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI" // TODO shorter name? AWSContainerCredentialsEndpointPathEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" AWSRegionEnvVar = "AWS_REGION" AWSDefaultRegionEnvVar = "AWS_DEFAULT_REGION" AWSProfileEnvVar = "AWS_PROFILE" AWSDefaultProfileEnvVar = "AWS_DEFAULT_PROFILE" AWSConfigFileEnvVar = "AWS_CONFIG_FILE" AWSCustomCABundleEnvVar = "AWS_CA_BUNDLE" )
Environment variables that will be read for configuration values.
const CredentialsSourceName = "EnvConfigCredentials"
CredentialsSourceName provides a name of the provider when config is loaded from environment.
Variables ¶
var DefaultAWSConfigResolvers = []AWSConfigResolver{ ResolveDefaultAWSConfig, ResolveCustomCABundle, ResolveRegion, ResolveFallbackEC2Credentials, ResolveCredentialsValue, ResolveEndpointCredentials, ResolveContainerEndpointPathCredentials, ResolveAssumeRoleCredentials, }
DefaultAWSConfigResolvers are a slice of functions that will resolve external configuration values into AWS configuration values.
This will setup the AWS configuration's Region,
var DefaultConfigLoaders = []ConfigLoader{ LoadEnvConfig, LoadSharedConfigIgnoreNotExist, }
DefaultConfigLoaders are a slice of functions that will read external configuration sources for configuration values. These values are read by the AWSConfigResolvers using interfaces to extract specific information from the external configuration.
DefaultSharedConfigFiles is a slice of the default shared config files that the will be used in order to load the SharedConfig.
DefaultSharedConfigProfile is the default profile to be used when loading configuration from the config files if another profile name is not provided.
Functions ¶
func DefaultSharedConfigFilename ¶
func DefaultSharedConfigFilename() string
DefaultSharedConfigFilename returns the SDK's default file path for the shared config file.
Builds the shared config file path based on the OS's platform.
- Linux/Unix: $HOME/.aws/config
- Windows: %USERPROFILE%\.aws\config
func DefaultSharedCredentialsFilename ¶
func DefaultSharedCredentialsFilename() string
DefaultSharedCredentialsFilename returns the SDK's default file path for the shared credentials file.
Builds the shared config file path based on the OS's platform.
- Linux/Unix: $HOME/.aws/credentials
- Windows: %USERPROFILE%\.aws\credentials
func GetContainerCredentialsEndpointPath ¶
GetContainerCredentialsEndpointPath searchds the Configs for a ContainerCredentialsEndpointPathProvider and returns the value if found. Returns an error if a provider fails before a value is found.
func GetCredentialsEndpoint ¶
GetCredentialsEndpoint searchds the Configs for a CredentialsEndpointProvider and returns the value if found. Returns an error if a provider fails before a value is found.
func GetCredentialsValue ¶
func GetCredentialsValue(configs Configs) (aws.Credentials, bool, error)
GetCredentialsValue searchds the Configs for a CredentialsValueProvider and returns the value if found. Returns an error if a provider fails before a value is found.
func GetCustomCABundle ¶
GetCustomCABundle searchds the Configs for a CustomCABundleProvider and returns the value if found. Returns an error if a provider fails before a value is found.
func GetMFATokenFunc ¶
GetMFATokenFunc searchds the Configs for a MFATokenFuncProvider and returns the value if found. Returns an error if a provider fails before a value is found.
func GetRegion ¶
GetRegion searchds the Configs for a RegionProvider and returns the value if found. Returns an error if a provider fails before a value is found.
func GetSharedConfigFiles ¶
GetSharedConfigFiles searchds the Configs for a SharedConfigFilesProvider and returns the value if found. Returns an error if a provider fails before a value is found.
func GetSharedConfigProfile ¶
GetSharedConfigProfile searchds the Configs for a SharedConfigProfileProvider and returns the value if found. Returns an error if a provider fails before a value is found.
func LoadDefaultAWSConfig ¶
LoadDefaultAWSConfig reads the SDK's default external configurations, and populates an AWS Config with the values from the external configurations.
An optional variadic set of additional Config values can be provided as input that will be prepended to the Configs slice. Use this to add custom configuration. The custom configurations must satisfy the respective providers for their data or the custom data will be ignored by the resolvers and config loaders.
cfg, err := external.LoadDefaultAWSConfig( WithSharedConfigProfile("test-profile"), ) if err != nil { panic(fmt.Sprintf("failed loading config, %v", err)) }
The default configuration sources are: * Environment Variables * Shared Configuration and Shared Credentials files.
func ResolveAssumeRoleCredentials ¶
ResolveAssumeRoleCredentials extracts the assume role configuration from the external configurations.
Config providers used:
func ResolveContainerEndpointPathCredentials ¶
ResolveContainerEndpointPathCredentials will extract the container credentials endpoint from the config slice. Using the endpoint provided, to create a endpoint credential provider.
Config providers used: * ContainerCredentialsEndpointPathProvider
func ResolveCredentialsValue ¶
ResolveCredentialsValue extracts the first instance of Credentials from the config slices.
Config providers used: * CredentialsValueProvider
func ResolveCustomCABundle ¶
ResolveCustomCABundle extracts the first instance of a custom CA bundle filename from the external configurations. It will update the HTTP Client's builder to be configured with the custom CA bundle.
Config provider used: * CustomCABundleProvider
func ResolveDefaultAWSConfig ¶
ResolveDefaultAWSConfig will write default configuration values into the cfg value. It will write the default values, overwriting any previous value.
This should be used as the first resolver in the slice of resolvers when resolving external configuration.
func ResolveEndpointCredentials ¶
ResolveEndpointCredentials will extract the credentials endpoint from the config slice. Using the endpoint, provided, to create a endpoint credential provider.
Config providers used: * CredentialsEndpointProvider
func ResolveFallbackEC2Credentials ¶
ResolveFallbackEC2Credentials will configure the AWS config credentials to use EC2 Instance Role always.
Types ¶
type AWSConfigResolver ¶
An AWSConfigResolver will extract configuration data from the Configs slice using the provider interfaces to extract specific functionality. The extracted configuration values will be written to the AWS Config value.
The resolver should return an error if it it fails to extract the data, the data is malformed, or incomplete.
type AssumeRoleConfig ¶
type AssumeRoleConfig struct { RoleARN string ExternalID string MFASerial string RoleSessionName string Source *SharedConfig // contains filtered or unexported fields }
AssumeRoleConfig provides the values defining the configuration for an IAM assume role.
func GetAssumeRoleConfig ¶
func GetAssumeRoleConfig(configs Configs) (AssumeRoleConfig, bool, error)
GetAssumeRoleConfig searchds the Configs for a AssumeRoleConfigProvider and returns the value if found. Returns an error if a provider fails before a value is found.
type AssumeRoleConfigProvider ¶
type AssumeRoleConfigProvider interface {
GetAssumeRoleConfig() (AssumeRoleConfig, error)
}
AssumeRoleConfigProvider provides access to the assume role config external configuration value.
type Config ¶
type Config interface{}
A Config represents a generic configuration value or set of values. This type will be used by the AWSConfigResolvers to extract
General the Config type will use type assertion against the Provider interfaces to extract specific data from the Config.
func LoadEnvConfig ¶
LoadEnvConfig reads configuration values from the OS's environment variables. Returning the a Config typed EnvConfig to satisfy the ConfigLoader func type.
func LoadSharedConfig ¶
LoadSharedConfig uses the Configs passed in to load the SharedConfig from file The file names and profile name are sourced from the Configs.
If profile name is not provided DefaultSharedConfigProfile (default) will be used.
If shared config filenames are not provided DefaultSharedConfigFiles will be used.
Config providers used: * SharedConfigProfileProvider * SharedConfigFilesProvider
func LoadSharedConfigIgnoreNotExist ¶
LoadSharedConfigIgnoreNotExist is an alias for LoadSharedConfig with the addition of ignoring when none of the files exist or when the profile is not found in any of the files.
type ConfigLoader ¶
A ConfigLoader is used to load external configuration data and returns it as a generic Config type.
The loader should return an error if it fails to load the external configuration or the configuration data is malformed, or required components missing.
type Configs ¶
type Configs []Config
Configs is a slice of Config values. These values will be used by the AWSConfigResolvers to extract external configuration values to populate the AWS Config type.
Use AppendFromLoaders to add additional external Config values that are loaded from external sources.
Use ResolveAWSConfig after external Config values have been added or loaded to extract the loaded configuration values into the AWS Config.
func (Configs) AppendFromLoaders ¶
func (cs Configs) AppendFromLoaders(loaders []ConfigLoader) (Configs, error)
AppendFromLoaders iterates over the slice of loaders passed in calling each loader function in order. The external config value returned by the loader will be added to the returned Configs slice.
If a loader returns an error this method will stop iterating and return that error.
func (Configs) ResolveAWSConfig ¶
func (cs Configs) ResolveAWSConfig(resolvers []AWSConfigResolver) (aws.Config, error)
ResolveAWSConfig returns a AWS configuration populated with values by calling the resolvers slice passed in. Each resolver is called in order. Any resolver may overwrite the AWs Configuration value of a previous resolver.
If an resolver returns an error this method will return that error, and stop iterating over the resolvers.
type ContainerCredentialsEndpointPathProvider ¶
type ContainerCredentialsEndpointPathProvider interface {
GetContainerCredentialsEndpointPath() (string, error)
}
ContainerCredentialsEndpointPathProvider provides access to the credentials endpoint path external configuration value.
type CredentialsEndpointProvider ¶
CredentialsEndpointProvider provides access to the credentials endpoint external configuration value.
type CredentialsValueProvider ¶
type CredentialsValueProvider interface {
GetCredentialsValue() (aws.Credentials, error)
}
CredentialsValueProvider provides access to the credentials external configuration value.
type CustomCABundleProvider ¶
CustomCABundleProvider provides access to the custom CA bundle PEM bytes.
type EnvConfig ¶
type EnvConfig struct { // Environment configuration values. If set both Access Key ID and Secret Access // Key must be provided. Session Token and optionally also be provided, but is // not required. // // # Access Key ID // AWS_ACCESS_KEY_ID=AKID // AWS_ACCESS_KEY=AKID # only read if AWS_ACCESS_KEY_ID is not set. // // # Secret Access Key // AWS_SECRET_ACCESS_KEY=SECRET // AWS_SECRET_KEY=SECRET=SECRET # only read if AWS_SECRET_ACCESS_KEY is not set. // // # Session Token // AWS_SESSION_TOKEN=TOKEN Credentials aws.Credentials // TODO doc CredentialsEndpoint string // TODO doc, shorter name? ContainerCredentialsEndpointPath string // Region value will instruct the SDK where to make service API requests to. If is // not provided in the environment the region must be provided before a service // client request is made. // // AWS_REGION=us-west-2 // AWS_DEFAULT_REGION=us-west-2 Region string // shared configuration files. If not provided "default" will be used as the // profile name. // // AWS_PROFILE=my_profile // AWS_DEFAULT_PROFILE=my_profile SharedConfigProfile string // file for the shared credentials. If not set the file will be loaded from // $HOME/.aws/credentials on Linux/Unix based systems, and // %USERPROFILE%\.aws\credentials on Windows. // // AWS_SHARED_CREDENTIALS_FILE=$HOME/my_shared_credentials SharedCredentialsFile string // file for the shared config. If not set the file will be loaded from // $HOME/.aws/config on Linux/Unix based systems, and // %USERPROFILE%\.aws\config on Windows. // // AWS_CONFIG_FILE=$HOME/my_shared_config SharedConfigFile string // Sets the path to a custom Credentials Authroity (CA) Bundle PEM file // that the SDK will use instead of the system's root CA bundle. // Only use this if you want to configure the SDK to use a custom set // of CAs. // // Enabling this option will attempt to merge the Transport // into the SDK's HTTP client. If the client's Transport is // not a http.Transport an error will be returned. If the // Transport's TLS config is set this option will cause the // SDK to overwrite the Transport's TLS config's RootCAs value. // // Setting a custom HTTPClient in the aws.Config options will override this setting. // To use this option and custom HTTP client, the HTTP client needs to be provided // when creating the session. Not the service client. // // AWS_CA_BUNDLE=$HOME/my_custom_ca_bundle CustomCABundle string }
EnvConfig is a collection of environment values the SDK will read setup config from. All environment values are optional. But some values such as credentials require multiple values to be complete or the values will be ignored.
func NewEnvConfig ¶
NewEnvConfig retrieves the SDK's environment configuration. See `EnvConfig` for the values that will be retrieved.
func (EnvConfig) GetContainerCredentailsEndpointPath ¶
GetContainerCredentailsEndpointPath returns the container credentails endpoint path string if set.
func (EnvConfig) GetCredentialsEndpoint ¶
GetCredentialsEndpoint returns the credentials endpoint string if set.
func (EnvConfig) GetCredentialsValue ¶
func (c EnvConfig) GetCredentialsValue() (aws.Credentials, error)
GetCredentialsValue returns the AWS Credentials if both AccessKey and ScreteAccessKey are set in the environment. Returns a zero value Credentials if not set.
func (EnvConfig) GetCustomCABundle ¶
GetCustomCABundle returns the custom CA bundle's PEM bytes if the file was
func (EnvConfig) GetRegion ¶
GetRegion returns the AWS Region if set in the environment. Returns an empty string if not set.
func (EnvConfig) GetSharedConfigFiles ¶
GetSharedConfigFiles returns a slice of filenames set in the environment.
Will return the filenames in the order of: * Shared Credentials * Shared Config
func (EnvConfig) GetSharedConfigProfile ¶
GetSharedConfigProfile returns the shared config profile if set in the environment. Returns an empty string if not set.
type MFATokenFuncProvider ¶
MFATokenFuncProvider provides access to the MFA token function needed for Assume Role with MFA.
type RegionProvider ¶
RegionProvider provides access to the region external configuration value.
type SharedConfig ¶
type SharedConfig struct { // and aws_secret_access_key must be provided together in the same file // to be considered valid. The values will be ignored if not a complete group. // aws_session_token is an optional field that can be provided if both of the // other two fields are also provided. // // aws_access_key_id // aws_secret_access_key // aws_session_token Credentials aws.Credentials // and signing requests. // // region Region string }
SharedConfig represents the configuration fields of the SDK config files.
func NewSharedConfig ¶
func NewSharedConfig(profile string, filenames []string) (SharedConfig, error)
NewSharedConfig retrieves the configuration from the list of files using the profile provided. The order the files are listed will determine precedence. Values in subsequent files will overwrite values defined in earlier files.
For example, given two files A and B. Both define credentials. If the order of the files are A then B, B's credential values will be used instead of A's.
func (SharedConfig) GetAssumeRoleConfig ¶
func (c SharedConfig) GetAssumeRoleConfig() (AssumeRoleConfig, error)
GetAssumeRoleConfig returns the assume role config for a profile. Will be a zero value if not set.
func (SharedConfig) GetCredentialsValue ¶
func (c SharedConfig) GetCredentialsValue() (aws.Credentials, error)
GetCredentialsValue returns the credentials for a profile if they were set.
func (SharedConfig) GetRegion ¶
func (c SharedConfig) GetRegion() (string, error)
GetRegion returns the region for the profile if a region is set.
type SharedConfigAssumeRoleError ¶
type SharedConfigAssumeRoleError struct {}
SharedConfigAssumeRoleError is an error for the shared config when the profile contains assume role information, but that information is invalid or not complete.
func (SharedConfigAssumeRoleError) Error ¶
func (e SharedConfigAssumeRoleError) Error() string
type SharedConfigFileNotExistError ¶
type SharedConfigFileNotExistError struct {}
SharedConfigFileNotExistError is an error for the shared config when the filename does not exist.
func (SharedConfigFileNotExistError) Cause ¶
func (e SharedConfigFileNotExistError) Cause() error
Cause is the underlying error that caused the failure.
func (SharedConfigFileNotExistError) Error ¶
func (e SharedConfigFileNotExistError) Error() string
type SharedConfigFilesProvider ¶
type SharedConfigFilesProvider interface {
}SharedConfigFilesProvider provides access to the shared config filesnames external configuration value.
type SharedConfigLoadError ¶
type SharedConfigLoadError struct {}
SharedConfigLoadError is an error for the shared config file failed to load.
func (SharedConfigLoadError) Cause ¶
func (e SharedConfigLoadError) Cause() error
Cause is the underlying error that caused the failure.
func (SharedConfigLoadError) Error ¶
func (e SharedConfigLoadError) Error() string
type SharedConfigNotExistErrors ¶
type SharedConfigNotExistErrors []error
SharedConfigNotExistErrors provides an error type for failure to load shared config because resources do not exist.
func (SharedConfigNotExistErrors) Error ¶
func (es SharedConfigNotExistErrors) Error() string
type SharedConfigProfileNotExistError ¶
type SharedConfigProfileNotExistError struct {}
SharedConfigProfileNotExistError is an error for the shared config when the profile was not find in the config file.
func (SharedConfigProfileNotExistError) Cause ¶
func (e SharedConfigProfileNotExistError) Cause() error
Cause is the underlying error that caused the failure.
func (SharedConfigProfileNotExistError) Error ¶
func (e SharedConfigProfileNotExistError) Error() string
type SharedConfigProfileProvider ¶
type SharedConfigProfileProvider interface {
}SharedConfigProfileProvider provides access to the shared config profile name external configuration value.
type WithAssumeRoleConfig ¶
type WithAssumeRoleConfig AssumeRoleConfig
WithAssumeRoleConfig provides wrapping of a string to satisfy the AssumeRoleConfigProvider interface.
func (WithAssumeRoleConfig) GetAssumeRoleConfig ¶
func (p WithAssumeRoleConfig) GetAssumeRoleConfig() (AssumeRoleConfig, error)
GetAssumeRoleConfig returns the AssumeRoleConfig.
type WithContainerCredentialsEndpointPath ¶
type WithContainerCredentialsEndpointPath string
WithContainerCredentialsEndpointPath provides wrapping of a string to satisfy the ContainerCredentialsEndpointPathProvider interface.
func (WithContainerCredentialsEndpointPath) GetContainerCredentialsEndpointPath ¶
func (p WithContainerCredentialsEndpointPath) GetContainerCredentialsEndpointPath() (string, error)
GetContainerCredentialsEndpointPath returns the endpoint path.
type WithCredentialsEndpoint ¶
type WithCredentialsEndpoint string
WithCredentialsEndpoint provides wrapping of a string to satisfy the CredentialsEndpointProvider interface.
func (WithCredentialsEndpoint) GetCredentialsEndpoint ¶
func (p WithCredentialsEndpoint) GetCredentialsEndpoint() (string, error)
GetCredentialsEndpoint returns the endpoint.
type WithCredentialsValue ¶
type WithCredentialsValue aws.Credentials
WithCredentialsValue provides wrapping of a credentials Value to satisfy the CredentialsValueProvider interface.
func (WithCredentialsValue) GetCredentialsValue ¶
func (v WithCredentialsValue) GetCredentialsValue() (aws.Credentials, error)
GetCredentialsValue returns the credentials value.
type WithCustomCABundle ¶
type WithCustomCABundle []byte
WithCustomCABundle provides wrapping of a region string to satisfy the CustomCABundleProvider interface.
func (WithCustomCABundle) GetCustomCABundle ¶
func (v WithCustomCABundle) GetCustomCABundle() ([]byte, error)
GetCustomCABundle returns the CA bundle PEM bytes.
type WithEC2MetadataRegion ¶
type WithEC2MetadataRegion struct {
Client *ec2metadata.EC2Metadata
}
WithEC2MetadataRegion provides a RegionProvider that retrieves the region from the EC2 Metadata service.
TODO add this provider to the default config loading?
func (WithEC2MetadataRegion) GetRegion ¶
func (p WithEC2MetadataRegion) GetRegion() (string, error)
GetRegion attempts to retreive the region from EC2 Metadata service.
type WithMFATokenFunc ¶
WithMFATokenFunc provides wrapping of a string to satisfy the MFATokenFuncProvider interface.
func (WithMFATokenFunc) GetMFATokenFunc ¶
func (p WithMFATokenFunc) GetMFATokenFunc() (func() (string, error), error)
GetMFATokenFunc returns the MFA Token function.
type WithRegion ¶
type WithRegion string
WithRegion provides wrapping of a region string to satisfy the RegionProvider interface.
func (WithRegion) GetRegion ¶
func (v WithRegion) GetRegion() (string, error)
GetRegion returns the region string.
type WithSharedConfigFiles ¶
type WithSharedConfigFiles []string
WithSharedConfigFiles wraps a slice of strings to satisfy the SharedConfigFilesProvider interface so a slice of custom shared config files ared used when loading the SharedConfig.
func (WithSharedConfigFiles) GetSharedConfigFiles ¶
func (c WithSharedConfigFiles) GetSharedConfigFiles() ([]string, error)
GetSharedConfigFiles returns the slice of shared config files.
type WithSharedConfigProfile ¶
type WithSharedConfigProfile string
WithSharedConfigProfile wraps a strings to satisfy the SharedConfigProfileProvider interface so a slice of custom shared config files ared used when loading the SharedConfig.
func (WithSharedConfigProfile) GetSharedConfigProfile ¶
func (c WithSharedConfigProfile) GetSharedConfigProfile() (string, error)
GetSharedConfigProfile returns the shared config profile.