Struct: ibmiam.TrustedProfileProvider

import "../ibm-cos-sdk-go/aws/credentials/ibmiam"

Overview

Provider Struct

Implemented Interfaces

s3crypto.Cipher, credentials.Provider, s3manager.ReadSeekerWriteTo, s3manager.WriterReadFrom

Structure Field Summary collapse

Constructor Functions collapse

Method Summary collapse

Structure Field Details

ErrorStatus error

Error

Function Details

func NewEnvProviderTrustedProfile(config *aws.Config) *TrustedProfileProvider

NewEnvProvider constructor of the IBM IAM provider that loads IAM trusted profile credentials from environment variables Parameter:

AWS Config

Returns:

A new provider with AWS config, Trusted Profile ID, CR token file path or ApiKey, IBM IAM Authentication Server Endpoint and Service Instance ID


23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
// File 'aws/credentials/ibmiam/env_provider_trusted_profile.go', line 23

func NewEnvProviderTrustedProfile(config *aws.Config) *TrustedProfileProvider { trustedProfileID := os.Getenv("TRUSTED_PROFILE_ID") trustedProfileName := os.Getenv("TRUSTED_PROFILE_NAME") iamAccountID := os.Getenv("IAM_ACCOUNT_ID") serviceInstanceID := os.Getenv("IBM_SERVICE_INSTANCE_ID") crTokenFilePath := os.Getenv("CR_TOKEN_FILE_PATH") authEndPoint := os.Getenv("IBM_AUTH_ENDPOINT") serviceIdApiKey := os.Getenv("IBM_SERVICE_ID_API_KEY") tpConfig := &TrustedProfileConfig{ TrustedProfileID: trustedProfileID, ServiceIDApiKey: serviceIdApiKey, TrustedProfileName: trustedProfileName, IAMAccountID: iamAccountID, CrTokenFilePath: crTokenFilePath, } if crTokenFilePath != "" { return NewTrustedProfileProviderWithConfig(TrustedProfileProviderName, config, authEndPoint, tpConfig, serviceInstanceID, ResourceComputeResource) } else { return NewTrustedProfileProviderWithConfig(TrustedProfileProviderName, config, authEndPoint, tpConfig, serviceInstanceID, ResourceServiceID) } }

func NewTrustedProfileProviderCR(config *aws.Config, authEndPoint string, trustedProfileID string, crTokenFilePath string, serviceInstanceID string) *TrustedProfileProvider

NewTrustedProfileProviderWithCR constructor of the IBM IAM provider that uses IAM trusted-profile details passed Returns: New TrustedProfileProvider (AWS type)



20
21
22
23
24
25
26
27
28
29
// File 'aws/credentials/ibmiam/trusted_profile_provider.go', line 20

func NewTrustedProfileProviderCR(config *aws.Config, authEndPoint string, trustedProfileID string, crTokenFilePath string, serviceInstanceID string) *TrustedProfileProvider { tpConfig := &TrustedProfileConfig{ TrustedProfileID: trustedProfileID, CrTokenFilePath: crTokenFilePath, } // Resource type ResourceComputeResource is passed to identify that this is a CR-token based // resource. return NewTrustedProfileProviderWithConfig(TrustedProfileProviderName, config, authEndPoint, tpConfig, serviceInstanceID, ResourceComputeResource) }

func NewTrustedProfileProviderServiceIdWithTrustedProfileId(config *aws.Config, authEndPoint string, trustedProfileID string, serviceIdApiKey string, serviceInstanceID string) *TrustedProfileProvider

NewTrustedProfileCredentials constructor for IBM IAM that uses IAM trusted-profile-id , serviceId-api-key credentials passed Returns: credentials.NewCredentials(newTrustedProfileProvider()) (AWS type)



41
42
43
44
45
46
47
48
49
50
// File 'aws/credentials/ibmiam/trusted_profile_provider.go', line 41

func NewTrustedProfileProviderServiceIdWithTrustedProfileId(config *aws.Config, authEndPoint string, trustedProfileID string, serviceIdApiKey string, serviceInstanceID string) *TrustedProfileProvider { tpConfig := &TrustedProfileConfig{ TrustedProfileID: trustedProfileID, ServiceIDApiKey: serviceIdApiKey, } // Resource type ResourceServiceID is passed to identify that this is a Service Id based // resource. return NewTrustedProfileProviderWithConfig(TrustedProfileProviderName, config, authEndPoint, tpConfig, serviceInstanceID, ResourceServiceID) }

func NewTrustedProfileProviderServiceIdWithTrustedProfileName(config *aws.Config, authEndPoint string, trustedProfileName string, iamAccountId string, serviceIdApiKey string, serviceInstanceID string) *TrustedProfileProvider

NewTrustedProfileCredentials constructor for IBM IAM that uses IAM trusted-profile-name, iam-account-id, serviceId-api-key credentials passed Returns: credentials.NewCredentials(newTrustedProfileProvider()) (AWS type)



62
63
64
65
66
67
68
69
70
71
72
// File 'aws/credentials/ibmiam/trusted_profile_provider.go', line 62

func NewTrustedProfileProviderServiceIdWithTrustedProfileName(config *aws.Config, authEndPoint string, trustedProfileName string, iamAccountId string, serviceIdApiKey string, serviceInstanceID string) *TrustedProfileProvider { tpConfig := &TrustedProfileConfig{ TrustedProfileName: trustedProfileName, IAMAccountID: iamAccountId, ServiceIDApiKey: serviceIdApiKey, } // Resource type ResourceServiceID is passed to identify that this is a Service Id based // resource. return NewTrustedProfileProviderWithConfig(TrustedProfileProviderName, config, authEndPoint, tpConfig, serviceInstanceID, ResourceServiceID) }

Method Details

func (p *TrustedProfileProvider) IsExpired() bool

IsExpired ...

TrustedProfileProvider expired or not - boolean


317
318
319
// File 'aws/credentials/ibmiam/trusted_profile.go', line 317

func (p *TrustedProfileProvider) IsExpired() bool { return true }

func (p *TrustedProfileProvider) IsValid() bool

IsValid ... Returns:

TrustedProfileProvider validation - boolean


268
269
270
// File 'aws/credentials/ibmiam/trusted_profile.go', line 268

func (p *TrustedProfileProvider) IsValid() bool { return nil == p.ErrorStatus }

func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error)

Retrieve ... Returns:

Credential values Error


277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
// File 'aws/credentials/ibmiam/trusted_profile.go', line 277

func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error) { if p.ErrorStatus != nil { if p.logLevel.Matches(aws.LogDebug) { p.logger.Log(debugLog, ibmiamProviderLog, p.providerName, p.ErrorStatus) } return credentials.Value{ProviderName: p.providerName}, p.ErrorStatus } // The respective resourceTypes's class should be called based on the resourceType parameter. var tokenValue string var err error if p.resourceType == ResourceComputeResource { tokenValue, err = p.authenticator.(*core.ContainerAuthenticator).GetToken() // Cr-token based resources, hence it is assigned to ContainerAuthenticator. } else if p.resourceType == ResourceServiceID { tokenValue, err = p.authenticator.(*core.IamAssumeAuthenticator).GetToken() // Service-Id based resources, hence it is assigned to IamAssumeAuthenticator } if err != nil { var returnErr error if p.logLevel.Matches(aws.LogDebug) { p.logger.Log(debugLog, ibmiamProviderLog, p.providerName, "ERROR ON GET", err) } returnErr = awserr.New("TokenManagerRetrieveError", "error retrieving the token", err) return credentials.Value{}, returnErr } // When other resource types are supported, the respective class should be used accordingly. return credentials.Value{ Token: token.Token{ AccessToken: tokenValue, TokenType: "Bearer", }, ProviderName: p.providerName, ProviderType: p.providerType, ServiceInstanceID: p.serviceInstanceID, }, nil }