Struct: ibmiam.TrustedProfileProvider

import "../ibm-cos-sdk-go/aws/credentials/ibmiam"

Overview

Provider Struct

Implemented Interfaces

s3crypto.Cipher, credentials.Provider, s3manager.ReadSeekerWriteTo, s3manager.WriterReadFrom

Structure Field Summary collapse

Constructor Functions collapse

Method Summary collapse

Structure Field Details

ErrorStatus error

Error

Function Details

func NewEnvProviderTrustedProfile(config *aws.Config) *TrustedProfileProvider

NewEnvProvider constructor of the IBM IAM provider that loads IAM trusted profile credentials from environment variables Parameter:

AWS Config

Returns:

A new provider with AWS config, Trusted Profile ID, CR token file path or ApiKey, IBM IAM Authentication Server Endpoint and
Service Instance ID



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
// File 'aws/credentials/ibmiam/env_provider_trusted_profile.go', line 23


func NewEnvProviderTrustedProfile(config *aws.Config) *TrustedProfileProvider {
	trustedProfileID := os.Getenv("TRUSTED_PROFILE_ID")
	trustedProfileName := os.Getenv("TRUSTED_PROFILE_NAME")
	iamAccountID := os.Getenv("IAM_ACCOUNT_ID")
	serviceInstanceID := os.Getenv("IBM_SERVICE_INSTANCE_ID")
	crTokenFilePath := os.Getenv("CR_TOKEN_FILE_PATH")
	authEndPoint := os.Getenv("IBM_AUTH_ENDPOINT")
	serviceIdApiKey := os.Getenv("IBM_SERVICE_ID_API_KEY")

	tpConfig := &TrustedProfileConfig{
		TrustedProfileID:   trustedProfileID,
		ServiceIDApiKey:    serviceIdApiKey,
		TrustedProfileName: trustedProfileName,
		IAMAccountID:       iamAccountID,
		CrTokenFilePath:    crTokenFilePath,
	}
	if crTokenFilePath != "" {
		return NewTrustedProfileProviderWithConfig(TrustedProfileProviderName, config, authEndPoint, tpConfig, serviceInstanceID, ResourceComputeResource)
	} else {
		return NewTrustedProfileProviderWithConfig(TrustedProfileProviderName, config, authEndPoint, tpConfig, serviceInstanceID, ResourceServiceID)

	}

}

func NewTrustedProfileProviderCR(config *aws.Config, authEndPoint string, trustedProfileID string, crTokenFilePath string, serviceInstanceID string) *TrustedProfileProvider

NewTrustedProfileProviderWithCR constructor of the IBM IAM provider that uses IAM trusted-profile details passed Returns: New TrustedProfileProvider (AWS type)



20
21
22
23
24
25
26
27
28
29
 
// File 'aws/credentials/ibmiam/trusted_profile_provider.go', line 20


func NewTrustedProfileProviderCR(config *aws.Config, authEndPoint string, trustedProfileID string, crTokenFilePath string, serviceInstanceID string) *TrustedProfileProvider {

	tpConfig := &TrustedProfileConfig{
		TrustedProfileID: trustedProfileID,
		CrTokenFilePath:  crTokenFilePath,
	}
	// Resource type ResourceComputeResource is passed to identify that this is a CR-token based
	// resource.
	return NewTrustedProfileProviderWithConfig(TrustedProfileProviderName, config, authEndPoint, tpConfig, serviceInstanceID, ResourceComputeResource)
}

func NewTrustedProfileProviderServiceIdWithTrustedProfileId(config *aws.Config, authEndPoint string, trustedProfileID string, serviceIdApiKey string, serviceInstanceID string) *TrustedProfileProvider

NewTrustedProfileCredentials constructor for IBM IAM that uses IAM trusted-profile-id , serviceId-api-key credentials passed Returns: credentials.NewCredentials(newTrustedProfileProvider()) (AWS type)



41
42
43
44
45
46
47
48
49
50
 
// File 'aws/credentials/ibmiam/trusted_profile_provider.go', line 41


func NewTrustedProfileProviderServiceIdWithTrustedProfileId(config *aws.Config, authEndPoint string, trustedProfileID string, serviceIdApiKey string, serviceInstanceID string) *TrustedProfileProvider {

	tpConfig := &TrustedProfileConfig{
		TrustedProfileID: trustedProfileID,
		ServiceIDApiKey:  serviceIdApiKey,
	}
	// Resource type ResourceServiceID is passed to identify that this is a Service Id based
	// resource.
	return NewTrustedProfileProviderWithConfig(TrustedProfileProviderName, config, authEndPoint, tpConfig, serviceInstanceID, ResourceServiceID)
}

func NewTrustedProfileProviderServiceIdWithTrustedProfileName(config *aws.Config, authEndPoint string, trustedProfileName string, iamAccountId string, serviceIdApiKey string, serviceInstanceID string) *TrustedProfileProvider

NewTrustedProfileCredentials constructor for IBM IAM that uses IAM trusted-profile-name, iam-account-id, serviceId-api-key credentials passed Returns: credentials.NewCredentials(newTrustedProfileProvider()) (AWS type)



62
63
64
65
66
67
68
69
70
71
72
 
// File 'aws/credentials/ibmiam/trusted_profile_provider.go', line 62


func NewTrustedProfileProviderServiceIdWithTrustedProfileName(config *aws.Config, authEndPoint string, trustedProfileName string, iamAccountId string, serviceIdApiKey string, serviceInstanceID string) *TrustedProfileProvider {

	tpConfig := &TrustedProfileConfig{
		TrustedProfileName: trustedProfileName,
		IAMAccountID:       iamAccountId,
		ServiceIDApiKey:    serviceIdApiKey,
	}
	// Resource type ResourceServiceID is passed to identify that this is a Service Id based
	// resource.
	return NewTrustedProfileProviderWithConfig(TrustedProfileProviderName, config, authEndPoint, tpConfig, serviceInstanceID, ResourceServiceID)
}

Method Details

func (p *TrustedProfileProvider) IsExpired() bool

IsExpired …

TrustedProfileProvider expired or not - boolean



299
300
301
 
// File 'aws/credentials/ibmiam/trusted_profile.go', line 299


func (p *TrustedProfileProvider) IsExpired() bool {
	return true
}

func (p *TrustedProfileProvider) IsValid() bool

IsValid … Returns:

TrustedProfileProvider validation - boolean



250
251
252
 
// File 'aws/credentials/ibmiam/trusted_profile.go', line 250


func (p *TrustedProfileProvider) IsValid() bool {
	return nil == p.ErrorStatus
}

func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error)

Retrieve … Returns:

Credential values
Error



259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
 
// File 'aws/credentials/ibmiam/trusted_profile.go', line 259


func (p *TrustedProfileProvider) Retrieve() (credentials.Value, error) {
	if p.ErrorStatus != nil {
		if p.logLevel.Matches(aws.LogDebug) {
			p.logger.Log(debugLog, ibmiamProviderLog, p.providerName, p.ErrorStatus)
		}
		return credentials.Value{ProviderName: p.providerName}, p.ErrorStatus
	}

	// The respective resourceTypes's class should be called based on the resourceType parameter.
	var tokenValue string
	var err error
	if p.resourceType == ResourceComputeResource {
		tokenValue, err = p.authenticator.(*core.ContainerAuthenticator).GetToken() // Cr-token based resources, hence it is assigned to ContainerAuthenticator.
	} else if p.resourceType == ResourceServiceID {
		tokenValue, err = p.authenticator.(*core.IamAssumeAuthenticator).GetToken() // Service-Id based resources, hence it is assigned to IamAssumeAuthenticator
	}
	if err != nil {
		var returnErr error
		if p.logLevel.Matches(aws.LogDebug) {
			p.logger.Log(debugLog, ibmiamProviderLog, p.providerName, "ERROR ON GET", err)
		}
		returnErr = awserr.New("TokenManagerRetrieveError", "error retrieving the token", err)
		return credentials.Value{}, returnErr
	}
	// When other resource types are supported, the respective class should be used accordingly.
	return credentials.Value{
		Token: token.Token{
			AccessToken: tokenValue,
			TokenType:   "Bearer",
		},
		ProviderName:      p.providerName,
		ProviderType:      p.providerType,
		ServiceInstanceID: p.serviceInstanceID,
	}, nil

}