Struct: processcreds.ProcessProvider

import "../ibm-cos-sdk-go/aws/credentials/processcreds"

Overview

ProcessProvider satisfies the credentials.Provider interface, and is a client to retrieve credentials from a process.

Implemented Interfaces

s3crypto.Cipher, credentials.Provider, s3manager.ReadSeekerWriteTo, s3manager.WriterReadFrom

Structure Field Summary

• Duration time.Duration

  Expiry duration of the credentials.

• ExpiryWindow time.Duration

  ExpiryWindow will allow the credentials to trigger refreshing prior to the credentials actually expiring.

• MaxBufSize int

  MaxBufSize limits memory usage from growing to an enormous amount due to a faulty process.

• Timeout time.Duration

  Timeout limits the time a process can run.

Method Summary

• func (p *ProcessProvider) IsExpired() bool

  IsExpired returns true if the credentials retrieved are expired, or not yet retrieved.

• func (p *ProcessProvider) Retrieve() (credentials.Value, error)

  Retrieve executes the 'credential_process' and returns the credentials.

Methods included from credentials.Expiry

credentials.Expiry.ExpiresAt(), credentials.Expiry.SetExpiration()

Structure Field Details

Duration time.Duration

Expiry duration of the credentials. Defaults to 15 minutes if not set.

ExpiryWindow time.Duration

ExpiryWindow will allow the credentials to trigger refreshing prior to the credentials actually expiring. This is beneficial so race conditions with expiring credentials do not cause request to fail unexpectedly due to ExpiredTokenException exceptions.

So a ExpiryWindow of 10s would cause calls to IsExpired() to return true 10 seconds before the credentials are actually expired.

If ExpiryWindow is 0 or less it will be ignored.

MaxBufSize int

MaxBufSize limits memory usage from growing to an enormous amount due to a faulty process.

Timeout time.Duration

Timeout limits the time a process can run.

Method Details

func (p *ProcessProvider) IsExpired() bool

IsExpired returns true if the credentials retrieved are expired, or not yet retrieved.

// File 'aws/credentials/processcreds/provider.go', line 301

func (p *ProcessProvider) IsExpired() bool {
	if p.staticCreds {
		return false
	}
	return p.Expiry.IsExpired()
}

func (p *ProcessProvider) Retrieve() (credentials.Value, error)

Retrieve executes the 'credential_process' and returns the credentials.

// File 'aws/credentials/processcreds/provider.go', line 249

func (p *ProcessProvider) Retrieve() (credentials.Value, error) {
	out, err := p.executeCredentialProcess()
	if err != nil {
		return credentials.Value{ProviderName: ProviderName}, err
	}

	// Serialize and validate response
	resp := &CredentialProcessResponse{}
	if err = json.Unmarshal(out, resp); err != nil {
		return credentials.Value{ProviderName: ProviderName}, awserr.New(
			ErrCodeProcessProviderParse,
			fmt.Sprintf("%s: %s", errMsgProcessProviderParse, string(out)),
			err)
	}

	if resp.Version != 1 {
		return credentials.Value{ProviderName: ProviderName}, awserr.New(
			ErrCodeProcessProviderVersion,
			errMsgProcessProviderVersion,
			nil)
	}

	if len(resp.AccessKeyID) == 0 {
		return credentials.Value{ProviderName: ProviderName}, awserr.New(
			ErrCodeProcessProviderRequired,
			errMsgProcessProviderMissKey,
			nil)
	}

	if len(resp.SecretAccessKey) == 0 {
		return credentials.Value{ProviderName: ProviderName}, awserr.New(
			ErrCodeProcessProviderRequired,
			errMsgProcessProviderMissSecret,
			nil)
	}

	// Handle expiration
	p.staticCreds = resp.Expiration == nil
	if resp.Expiration != nil {
		p.SetExpiration(*resp.Expiration, p.ExpiryWindow)
	}

	return credentials.Value{
		ProviderName:    ProviderName,
		AccessKeyID:     resp.AccessKeyID,
		SecretAccessKey: resp.SecretAccessKey,
		SessionToken:    resp.SessionToken,
	}, nil
}