Struct: ibmiam.TrustedProfileProvider

import "../ibm-cos-sdk-go/aws/credentials/ibmiam"

Overview

Provider Struct

Implemented Interfaces

s3crypto.Cipher, credentials.Provider, s3manager.ReadSeekerWriteTo, s3manager.WriterReadFrom

Structure Field Summary

• ErrorStatus error

  Error.

Constructor Functions

• func NewEnvProviderTrustedProfile(config *aws.Config) *TrustedProfileProvider

  NewEnvProvider constructor of the IBM IAM provider that loads IAM trusted profile credentials from environment variables Parameter:.

• func NewTrustedProfileProviderCR(config *aws.Config, authEndPoint string, trustedProfileID string, crTokenFilePath string, serviceInstanceID string) *TrustedProfileProvider

  NewTrustedProfileProviderWithCR constructor of the IBM IAM provider that uses IAM trusted-profile details passed Returns: New TrustedProfileProvider (AWS type).

Method Summary

• func (p *TrustedProfileProvider) IsExpired() bool

  IsExpired …

• func (p *TrustedProfileProvider) IsValid() bool

  IsValid …

• func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error)

  Retrieve …

Structure Field Details

ErrorStatus error

Error

Function Details

func NewEnvProviderTrustedProfile(config *aws.Config) *TrustedProfileProvider

NewEnvProvider constructor of the IBM IAM provider that loads IAM trusted profile credentials from environment variables Parameter:

AWS Config

Returns:

A new provider with AWS config, Trusted Profile ID, CR token file path, IBM IAM Authentication Server Endpoint and
Service Instance ID

// File 'aws/credentials/ibmiam/env_provider_trusted_profile.go', line 23

func NewEnvProviderTrustedProfile(config *aws.Config) *TrustedProfileProvider {
	trustedProfileID := os.Getenv("TRUSTED_PROFILE_ID")
	serviceInstanceID := os.Getenv("IBM_SERVICE_INSTANCE_ID")
	crTokenFilePath := os.Getenv("CR_TOKEN_FILE_PATH")
	authEndPoint := os.Getenv("IBM_AUTH_ENDPOINT")

	return NewTrustedProfileProvider(EnvProviderTrustedProfileName, config, authEndPoint, trustedProfileID, crTokenFilePath, serviceInstanceID, "CR")
}

func NewTrustedProfileProviderCR(config *aws.Config, authEndPoint string, trustedProfileID string, crTokenFilePath string, serviceInstanceID string) *TrustedProfileProvider

NewTrustedProfileProviderWithCR constructor of the IBM IAM provider that uses IAM trusted-profile details passed Returns: New TrustedProfileProvider (AWS type)

// File 'aws/credentials/ibmiam/trusted_profile_provider.go', line 19

func NewTrustedProfileProviderCR(config *aws.Config, authEndPoint string, trustedProfileID string, crTokenFilePath string, serviceInstanceID string) *TrustedProfileProvider {
	// Resource type ResourceComputeResource is passed to identify that this is a CR-token based
	// resource.
	return NewTrustedProfileProvider(TrustedProfileProviderName, config, authEndPoint, trustedProfileID, crTokenFilePath, serviceInstanceID, string(ResourceComputeResource))
}

Method Details

func (p *TrustedProfileProvider) IsExpired() bool

IsExpired …

TrustedProfileProvider expired or not - boolean

// File 'aws/credentials/ibmiam/trusted_profile.go', line 155

func (p *TrustedProfileProvider) IsExpired() bool {
	return true
}

func (p *TrustedProfileProvider) IsValid() bool

IsValid … Returns:

TrustedProfileProvider validation - boolean

// File 'aws/credentials/ibmiam/trusted_profile.go', line 110

func (p *TrustedProfileProvider) IsValid() bool {
	return nil == p.ErrorStatus
}

func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error)

Retrieve … Returns:

Credential values
Error

// File 'aws/credentials/ibmiam/trusted_profile.go', line 119

func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error) {
	if p.ErrorStatus != nil {
		if p.logLevel.Matches(aws.LogDebug) {
			p.logger.Log(debugLog, ibmiamProviderLog, p.providerName, p.ErrorStatus)
		}
		return credentials.Value{ProviderName: p.providerName}, p.ErrorStatus
	}

	// The respective resourceTypes's class should be called based on the resourceType parameter.
	// Since only cr-token based resources is supported now, it is assigned to ContainerAuthenticator
	// directly. when other resource types are supported, the respective class should be used accordingly.
	tokenValue, err := p.authenticator.(*core.ContainerAuthenticator).GetToken()

	if err != nil {
		var returnErr error
		if p.logLevel.Matches(aws.LogDebug) {
			p.logger.Log(debugLog, ibmiamProviderLog, p.providerName, "ERROR ON GET", err)
		}
		returnErr = awserr.New("TokenManagerRetrieveError", "error retrieving the token", err)
		return credentials.Value{}, returnErr
	}

	return credentials.Value{
		Token: token.Token{
			AccessToken: tokenValue,
			TokenType:   "Bearer",
		},
		ProviderName:      p.providerName,
		ProviderType:      p.providerType,
		ServiceInstanceID: p.serviceInstanceID,
	}, nil
}