Struct: processcreds.ProcessProvider

import "../ibm-cos-sdk-go/aws/credentials/processcreds"

Overview

ProcessProvider satisfies the credentials.Provider interface, and is a client to retrieve credentials from a process.

Implemented Interfaces

s3crypto.Cipher, credentials.Provider, s3manager.ReadSeekerWriteTo, s3manager.WriterReadFrom

Structure Field Summary collapse

Method Summary collapse

Methods included from credentials.Expiry

credentials.Expiry.ExpiresAt(), credentials.Expiry.SetExpiration()

Structure Field Details

Duration time.Duration

Expiry duration of the credentials. Defaults to 15 minutes if not set.

ExpiryWindow time.Duration

ExpiryWindow will allow the credentials to trigger refreshing prior to the credentials actually expiring. This is beneficial so race conditions with expiring credentials do not cause request to fail unexpectedly due to ExpiredTokenException exceptions.

So a ExpiryWindow of 10s would cause calls to IsExpired() to return true 10 seconds before the credentials are actually expired.

If ExpiryWindow is 0 or less it will be ignored.

MaxBufSize int

MaxBufSize limits memory usage from growing to an enormous amount due to a faulty process.

Timeout time.Duration

Timeout limits the time a process can run.

Method Details

func (p *ProcessProvider) IsExpired() bool

IsExpired returns true if the credentials retrieved are expired, or not yet retrieved.



301
302
303
304
305
306
// File 'aws/credentials/processcreds/provider.go', line 301

func (p *ProcessProvider) IsExpired() bool { if p.staticCreds { return false } return p.Expiry.IsExpired() }

func (p *ProcessProvider) Retrieve() (credentials.Value, error)

Retrieve executes the 'credential_process' and returns the credentials.



249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
// File 'aws/credentials/processcreds/provider.go', line 249

func (p *ProcessProvider) Retrieve() (credentials.Value, error) { out, err := p.executeCredentialProcess() if err != nil { return credentials.Value{ProviderName: ProviderName}, err } // Serialize and validate response resp := &CredentialProcessResponse{} if err = json.Unmarshal(out, resp); err != nil { return credentials.Value{ProviderName: ProviderName}, awserr.New( ErrCodeProcessProviderParse, fmt.Sprintf("%s: %s", errMsgProcessProviderParse, string(out)), err) } if resp.Version != 1 { return credentials.Value{ProviderName: ProviderName}, awserr.New( ErrCodeProcessProviderVersion, errMsgProcessProviderVersion, nil) } if len(resp.AccessKeyID) == 0 { return credentials.Value{ProviderName: ProviderName}, awserr.New( ErrCodeProcessProviderRequired, errMsgProcessProviderMissKey, nil) } if len(resp.SecretAccessKey) == 0 { return credentials.Value{ProviderName: ProviderName}, awserr.New( ErrCodeProcessProviderRequired, errMsgProcessProviderMissSecret, nil) } // Handle expiration p.staticCreds = resp.Expiration == nil if resp.Expiration != nil { p.SetExpiration(*resp.Expiration, p.ExpiryWindow) } return credentials.Value{ ProviderName: ProviderName, AccessKeyID: resp.AccessKeyID, SecretAccessKey: resp.SecretAccessKey, SessionToken: resp.SessionToken, }, nil }