Struct: ibmiam.TrustedProfileProvider

import "../ibm-cos-sdk-go/aws/credentials/ibmiam"

Overview

Provider Struct

Implemented Interfaces

s3crypto.Cipher, credentials.Provider, s3manager.ReadSeekerWriteTo, s3manager.WriterReadFrom

Structure Field Summary collapse

Constructor Functions collapse

Method Summary collapse

Structure Field Details

ErrorStatus error

Error

Function Details

func NewEnvProviderTrustedProfile(config *aws.Config) *TrustedProfileProvider

NewEnvProvider constructor of the IBM IAM provider that loads IAM trusted profile credentials from environment variables Parameter:

AWS Config

Returns:

A new provider with AWS config, Trusted Profile ID, CR token file path, IBM IAM Authentication Server Endpoint and Service Instance ID


23
24
25
26
27
28
29
30
// File 'aws/credentials/ibmiam/env_provider_trusted_profile.go', line 23

func NewEnvProviderTrustedProfile(config *aws.Config) *TrustedProfileProvider { trustedProfileID := os.Getenv("TRUSTED_PROFILE_ID") serviceInstanceID := os.Getenv("IBM_SERVICE_INSTANCE_ID") crTokenFilePath := os.Getenv("CR_TOKEN_FILE_PATH") authEndPoint := os.Getenv("IBM_AUTH_ENDPOINT") return NewTrustedProfileProvider(EnvProviderTrustedProfileName, config, authEndPoint, trustedProfileID, crTokenFilePath, serviceInstanceID, "CR") }

func NewTrustedProfileProviderCR(config *aws.Config, authEndPoint string, trustedProfileID string, crTokenFilePath string, serviceInstanceID string) *TrustedProfileProvider

NewTrustedProfileProviderWithCR constructor of the IBM IAM provider that uses IAM trusted-profile details passed Returns: New TrustedProfileProvider (AWS type)



19
20
21
22
23
// File 'aws/credentials/ibmiam/trusted_profile_provider.go', line 19

func NewTrustedProfileProviderCR(config *aws.Config, authEndPoint string, trustedProfileID string, crTokenFilePath string, serviceInstanceID string) *TrustedProfileProvider { // Resource type ResourceComputeResource is passed to identify that this is a CR-token based // resource. return NewTrustedProfileProvider(TrustedProfileProviderName, config, authEndPoint, trustedProfileID, crTokenFilePath, serviceInstanceID, string(ResourceComputeResource)) }

Method Details

func (p *TrustedProfileProvider) IsExpired() bool

IsExpired …

TrustedProfileProvider expired or not - boolean


155
156
157
// File 'aws/credentials/ibmiam/trusted_profile.go', line 155

func (p *TrustedProfileProvider) IsExpired() bool { return true }

func (p *TrustedProfileProvider) IsValid() bool

IsValid … Returns:

TrustedProfileProvider validation - boolean


110
111
112
// File 'aws/credentials/ibmiam/trusted_profile.go', line 110

func (p *TrustedProfileProvider) IsValid() bool { return nil == p.ErrorStatus }

func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error)

Retrieve … Returns:

Credential values Error


119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
// File 'aws/credentials/ibmiam/trusted_profile.go', line 119

func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error) { if p.ErrorStatus != nil { if p.logLevel.Matches(aws.LogDebug) { p.logger.Log(debugLog, ibmiamProviderLog, p.providerName, p.ErrorStatus) } return credentials.Value{ProviderName: p.providerName}, p.ErrorStatus } // The respective resourceTypes's class should be called based on the resourceType parameter. // Since only cr-token based resources is supported now, it is assigned to ContainerAuthenticator // directly. when other resource types are supported, the respective class should be used accordingly. tokenValue, err := p.authenticator.(*core.ContainerAuthenticator).GetToken() if err != nil { var returnErr error if p.logLevel.Matches(aws.LogDebug) { p.logger.Log(debugLog, ibmiamProviderLog, p.providerName, "ERROR ON GET", err) } returnErr = awserr.New("TokenManagerRetrieveError", "error retrieving the token", err) return credentials.Value{}, returnErr } return credentials.Value{ Token: token.Token{ AccessToken: tokenValue, TokenType: "Bearer", }, ProviderName: p.providerName, ProviderType: p.providerType, ServiceInstanceID: p.serviceInstanceID, }, nil }