]>
Commit | Line | Data |
---|---|---|
bae9f6d2 JC |
1 | package session |
2 | ||
3 | import ( | |
4 | "crypto/tls" | |
5 | "crypto/x509" | |
6 | "fmt" | |
7 | "io" | |
8 | "io/ioutil" | |
9 | "net/http" | |
10 | "os" | |
11 | ||
12 | "github.com/aws/aws-sdk-go/aws" | |
13 | "github.com/aws/aws-sdk-go/aws/awserr" | |
14 | "github.com/aws/aws-sdk-go/aws/client" | |
15 | "github.com/aws/aws-sdk-go/aws/corehandlers" | |
16 | "github.com/aws/aws-sdk-go/aws/credentials" | |
17 | "github.com/aws/aws-sdk-go/aws/credentials/stscreds" | |
18 | "github.com/aws/aws-sdk-go/aws/defaults" | |
19 | "github.com/aws/aws-sdk-go/aws/endpoints" | |
20 | "github.com/aws/aws-sdk-go/aws/request" | |
21 | ) | |
22 | ||
23 | // A Session provides a central location to create service clients from and | |
24 | // store configurations and request handlers for those services. | |
25 | // | |
26 | // Sessions are safe to create service clients concurrently, but it is not safe | |
27 | // to mutate the Session concurrently. | |
28 | // | |
29 | // The Session satisfies the service client's client.ClientConfigProvider. | |
30 | type Session struct { | |
31 | Config *aws.Config | |
32 | Handlers request.Handlers | |
33 | } | |
34 | ||
35 | // New creates a new instance of the handlers merging in the provided configs | |
36 | // on top of the SDK's default configurations. Once the Session is created it | |
37 | // can be mutated to modify the Config or Handlers. The Session is safe to be | |
38 | // read concurrently, but it should not be written to concurrently. | |
39 | // | |
40 | // If the AWS_SDK_LOAD_CONFIG environment is set to a truthy value, the New | |
41 | // method could now encounter an error when loading the configuration. When | |
42 | // The environment variable is set, and an error occurs, New will return a | |
43 | // session that will fail all requests reporting the error that occurred while | |
44 | // loading the session. Use NewSession to get the error when creating the | |
45 | // session. | |
46 | // | |
47 | // If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value | |
48 | // the shared config file (~/.aws/config) will also be loaded, in addition to | |
49 | // the shared credentials file (~/.aws/credentials). Values set in both the | |
50 | // shared config, and shared credentials will be taken from the shared | |
51 | // credentials file. | |
52 | // | |
53 | // Deprecated: Use NewSession functions to create sessions instead. NewSession | |
54 | // has the same functionality as New except an error can be returned when the | |
55 | // func is called instead of waiting to receive an error until a request is made. | |
56 | func New(cfgs ...*aws.Config) *Session { | |
57 | // load initial config from environment | |
58 | envCfg := loadEnvConfig() | |
59 | ||
60 | if envCfg.EnableSharedConfig { | |
61 | s, err := newSession(Options{}, envCfg, cfgs...) | |
62 | if err != nil { | |
63 | // Old session.New expected all errors to be discovered when | |
64 | // a request is made, and would report the errors then. This | |
65 | // needs to be replicated if an error occurs while creating | |
66 | // the session. | |
67 | msg := "failed to create session with AWS_SDK_LOAD_CONFIG enabled. " + | |
68 | "Use session.NewSession to handle errors occurring during session creation." | |
69 | ||
70 | // Session creation failed, need to report the error and prevent | |
71 | // any requests from succeeding. | |
72 | s = &Session{Config: defaults.Config()} | |
73 | s.Config.MergeIn(cfgs...) | |
74 | s.Config.Logger.Log("ERROR:", msg, "Error:", err) | |
75 | s.Handlers.Validate.PushBack(func(r *request.Request) { | |
76 | r.Error = err | |
77 | }) | |
78 | } | |
79 | return s | |
80 | } | |
81 | ||
82 | return deprecatedNewSession(cfgs...) | |
83 | } | |
84 | ||
85 | // NewSession returns a new Session created from SDK defaults, config files, | |
86 | // environment, and user provided config files. Once the Session is created | |
87 | // it can be mutated to modify the Config or Handlers. The Session is safe to | |
88 | // be read concurrently, but it should not be written to concurrently. | |
89 | // | |
90 | // If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value | |
91 | // the shared config file (~/.aws/config) will also be loaded in addition to | |
92 | // the shared credentials file (~/.aws/credentials). Values set in both the | |
93 | // shared config, and shared credentials will be taken from the shared | |
94 | // credentials file. Enabling the Shared Config will also allow the Session | |
95 | // to be built with retrieving credentials with AssumeRole set in the config. | |
96 | // | |
97 | // See the NewSessionWithOptions func for information on how to override or | |
98 | // control through code how the Session will be created. Such as specifying the | |
99 | // config profile, and controlling if shared config is enabled or not. | |
100 | func NewSession(cfgs ...*aws.Config) (*Session, error) { | |
101 | opts := Options{} | |
102 | opts.Config.MergeIn(cfgs...) | |
103 | ||
104 | return NewSessionWithOptions(opts) | |
105 | } | |
106 | ||
107 | // SharedConfigState provides the ability to optionally override the state | |
108 | // of the session's creation based on the shared config being enabled or | |
109 | // disabled. | |
110 | type SharedConfigState int | |
111 | ||
112 | const ( | |
113 | // SharedConfigStateFromEnv does not override any state of the | |
114 | // AWS_SDK_LOAD_CONFIG env var. It is the default value of the | |
115 | // SharedConfigState type. | |
116 | SharedConfigStateFromEnv SharedConfigState = iota | |
117 | ||
118 | // SharedConfigDisable overrides the AWS_SDK_LOAD_CONFIG env var value | |
119 | // and disables the shared config functionality. | |
120 | SharedConfigDisable | |
121 | ||
122 | // SharedConfigEnable overrides the AWS_SDK_LOAD_CONFIG env var value | |
123 | // and enables the shared config functionality. | |
124 | SharedConfigEnable | |
125 | ) | |
126 | ||
127 | // Options provides the means to control how a Session is created and what | |
128 | // configuration values will be loaded. | |
129 | // | |
130 | type Options struct { | |
131 | // Provides config values for the SDK to use when creating service clients | |
132 | // and making API requests to services. Any value set in with this field | |
133 | // will override the associated value provided by the SDK defaults, | |
134 | // environment or config files where relevant. | |
135 | // | |
136 | // If not set, configuration values from from SDK defaults, environment, | |
137 | // config will be used. | |
138 | Config aws.Config | |
139 | ||
140 | // Overrides the config profile the Session should be created from. If not | |
141 | // set the value of the environment variable will be loaded (AWS_PROFILE, | |
142 | // or AWS_DEFAULT_PROFILE if the Shared Config is enabled). | |
143 | // | |
144 | // If not set and environment variables are not set the "default" | |
145 | // (DefaultSharedConfigProfile) will be used as the profile to load the | |
146 | // session config from. | |
147 | Profile string | |
148 | ||
149 | // Instructs how the Session will be created based on the AWS_SDK_LOAD_CONFIG | |
150 | // environment variable. By default a Session will be created using the | |
151 | // value provided by the AWS_SDK_LOAD_CONFIG environment variable. | |
152 | // | |
153 | // Setting this value to SharedConfigEnable or SharedConfigDisable | |
154 | // will allow you to override the AWS_SDK_LOAD_CONFIG environment variable | |
155 | // and enable or disable the shared config functionality. | |
156 | SharedConfigState SharedConfigState | |
157 | ||
158 | // When the SDK's shared config is configured to assume a role with MFA | |
159 | // this option is required in order to provide the mechanism that will | |
160 | // retrieve the MFA token. There is no default value for this field. If | |
161 | // it is not set an error will be returned when creating the session. | |
162 | // | |
163 | // This token provider will be called when ever the assumed role's | |
164 | // credentials need to be refreshed. Within the context of service clients | |
165 | // all sharing the same session the SDK will ensure calls to the token | |
166 | // provider are atomic. When sharing a token provider across multiple | |
167 | // sessions additional synchronization logic is needed to ensure the | |
168 | // token providers do not introduce race conditions. It is recommend to | |
169 | // share the session where possible. | |
170 | // | |
171 | // stscreds.StdinTokenProvider is a basic implementation that will prompt | |
172 | // from stdin for the MFA token code. | |
173 | // | |
174 | // This field is only used if the shared configuration is enabled, and | |
175 | // the config enables assume role wit MFA via the mfa_serial field. | |
176 | AssumeRoleTokenProvider func() (string, error) | |
177 | ||
178 | // Reader for a custom Credentials Authority (CA) bundle in PEM format that | |
179 | // the SDK will use instead of the default system's root CA bundle. Use this | |
180 | // only if you want to replace the CA bundle the SDK uses for TLS requests. | |
181 | // | |
182 | // Enabling this option will attempt to merge the Transport into the SDK's HTTP | |
183 | // client. If the client's Transport is not a http.Transport an error will be | |
184 | // returned. If the Transport's TLS config is set this option will cause the SDK | |
185 | // to overwrite the Transport's TLS config's RootCAs value. If the CA | |
186 | // bundle reader contains multiple certificates all of them will be loaded. | |
187 | // | |
188 | // The Session option CustomCABundle is also available when creating sessions | |
189 | // to also enable this feature. CustomCABundle session option field has priority | |
190 | // over the AWS_CA_BUNDLE environment variable, and will be used if both are set. | |
191 | CustomCABundle io.Reader | |
192 | } | |
193 | ||
194 | // NewSessionWithOptions returns a new Session created from SDK defaults, config files, | |
195 | // environment, and user provided config files. This func uses the Options | |
196 | // values to configure how the Session is created. | |
197 | // | |
198 | // If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value | |
199 | // the shared config file (~/.aws/config) will also be loaded in addition to | |
200 | // the shared credentials file (~/.aws/credentials). Values set in both the | |
201 | // shared config, and shared credentials will be taken from the shared | |
202 | // credentials file. Enabling the Shared Config will also allow the Session | |
203 | // to be built with retrieving credentials with AssumeRole set in the config. | |
204 | // | |
205 | // // Equivalent to session.New | |
206 | // sess := session.Must(session.NewSessionWithOptions(session.Options{})) | |
207 | // | |
208 | // // Specify profile to load for the session's config | |
209 | // sess := session.Must(session.NewSessionWithOptions(session.Options{ | |
210 | // Profile: "profile_name", | |
211 | // })) | |
212 | // | |
213 | // // Specify profile for config and region for requests | |
214 | // sess := session.Must(session.NewSessionWithOptions(session.Options{ | |
215 | // Config: aws.Config{Region: aws.String("us-east-1")}, | |
216 | // Profile: "profile_name", | |
217 | // })) | |
218 | // | |
219 | // // Force enable Shared Config support | |
220 | // sess := session.Must(session.NewSessionWithOptions(session.Options{ | |
221 | // SharedConfigState: session.SharedConfigEnable, | |
222 | // })) | |
223 | func NewSessionWithOptions(opts Options) (*Session, error) { | |
224 | var envCfg envConfig | |
225 | if opts.SharedConfigState == SharedConfigEnable { | |
226 | envCfg = loadSharedEnvConfig() | |
227 | } else { | |
228 | envCfg = loadEnvConfig() | |
229 | } | |
230 | ||
231 | if len(opts.Profile) > 0 { | |
232 | envCfg.Profile = opts.Profile | |
233 | } | |
234 | ||
235 | switch opts.SharedConfigState { | |
236 | case SharedConfigDisable: | |
237 | envCfg.EnableSharedConfig = false | |
238 | case SharedConfigEnable: | |
239 | envCfg.EnableSharedConfig = true | |
240 | } | |
241 | ||
242 | // Only use AWS_CA_BUNDLE if session option is not provided. | |
243 | if len(envCfg.CustomCABundle) != 0 && opts.CustomCABundle == nil { | |
244 | f, err := os.Open(envCfg.CustomCABundle) | |
245 | if err != nil { | |
246 | return nil, awserr.New("LoadCustomCABundleError", | |
247 | "failed to open custom CA bundle PEM file", err) | |
248 | } | |
249 | defer f.Close() | |
250 | opts.CustomCABundle = f | |
251 | } | |
252 | ||
253 | return newSession(opts, envCfg, &opts.Config) | |
254 | } | |
255 | ||
256 | // Must is a helper function to ensure the Session is valid and there was no | |
257 | // error when calling a NewSession function. | |
258 | // | |
259 | // This helper is intended to be used in variable initialization to load the | |
260 | // Session and configuration at startup. Such as: | |
261 | // | |
262 | // var sess = session.Must(session.NewSession()) | |
263 | func Must(sess *Session, err error) *Session { | |
264 | if err != nil { | |
265 | panic(err) | |
266 | } | |
267 | ||
268 | return sess | |
269 | } | |
270 | ||
271 | func deprecatedNewSession(cfgs ...*aws.Config) *Session { | |
272 | cfg := defaults.Config() | |
273 | handlers := defaults.Handlers() | |
274 | ||
275 | // Apply the passed in configs so the configuration can be applied to the | |
276 | // default credential chain | |
277 | cfg.MergeIn(cfgs...) | |
278 | if cfg.EndpointResolver == nil { | |
279 | // An endpoint resolver is required for a session to be able to provide | |
280 | // endpoints for service client configurations. | |
281 | cfg.EndpointResolver = endpoints.DefaultResolver() | |
282 | } | |
283 | cfg.Credentials = defaults.CredChain(cfg, handlers) | |
284 | ||
285 | // Reapply any passed in configs to override credentials if set | |
286 | cfg.MergeIn(cfgs...) | |
287 | ||
288 | s := &Session{ | |
289 | Config: cfg, | |
290 | Handlers: handlers, | |
291 | } | |
292 | ||
293 | initHandlers(s) | |
294 | ||
295 | return s | |
296 | } | |
297 | ||
298 | func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, error) { | |
299 | cfg := defaults.Config() | |
300 | handlers := defaults.Handlers() | |
301 | ||
302 | // Get a merged version of the user provided config to determine if | |
303 | // credentials were. | |
304 | userCfg := &aws.Config{} | |
305 | userCfg.MergeIn(cfgs...) | |
306 | ||
307 | // Order config files will be loaded in with later files overwriting | |
308 | // previous config file values. | |
309 | cfgFiles := []string{envCfg.SharedConfigFile, envCfg.SharedCredentialsFile} | |
310 | if !envCfg.EnableSharedConfig { | |
311 | // The shared config file (~/.aws/config) is only loaded if instructed | |
312 | // to load via the envConfig.EnableSharedConfig (AWS_SDK_LOAD_CONFIG). | |
313 | cfgFiles = cfgFiles[1:] | |
314 | } | |
315 | ||
316 | // Load additional config from file(s) | |
317 | sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles) | |
318 | if err != nil { | |
319 | return nil, err | |
320 | } | |
321 | ||
322 | if err := mergeConfigSrcs(cfg, userCfg, envCfg, sharedCfg, handlers, opts); err != nil { | |
323 | return nil, err | |
324 | } | |
325 | ||
326 | s := &Session{ | |
327 | Config: cfg, | |
328 | Handlers: handlers, | |
329 | } | |
330 | ||
331 | initHandlers(s) | |
332 | ||
333 | // Setup HTTP client with custom cert bundle if enabled | |
334 | if opts.CustomCABundle != nil { | |
335 | if err := loadCustomCABundle(s, opts.CustomCABundle); err != nil { | |
336 | return nil, err | |
337 | } | |
338 | } | |
339 | ||
340 | return s, nil | |
341 | } | |
342 | ||
343 | func loadCustomCABundle(s *Session, bundle io.Reader) error { | |
344 | var t *http.Transport | |
345 | switch v := s.Config.HTTPClient.Transport.(type) { | |
346 | case *http.Transport: | |
347 | t = v | |
348 | default: | |
349 | if s.Config.HTTPClient.Transport != nil { | |
350 | return awserr.New("LoadCustomCABundleError", | |
351 | "unable to load custom CA bundle, HTTPClient's transport unsupported type", nil) | |
352 | } | |
353 | } | |
354 | if t == nil { | |
355 | t = &http.Transport{} | |
356 | } | |
357 | ||
358 | p, err := loadCertPool(bundle) | |
359 | if err != nil { | |
360 | return err | |
361 | } | |
362 | if t.TLSClientConfig == nil { | |
363 | t.TLSClientConfig = &tls.Config{} | |
364 | } | |
365 | t.TLSClientConfig.RootCAs = p | |
366 | ||
367 | s.Config.HTTPClient.Transport = t | |
368 | ||
369 | return nil | |
370 | } | |
371 | ||
372 | func loadCertPool(r io.Reader) (*x509.CertPool, error) { | |
373 | b, err := ioutil.ReadAll(r) | |
374 | if err != nil { | |
375 | return nil, awserr.New("LoadCustomCABundleError", | |
376 | "failed to read custom CA bundle PEM file", err) | |
377 | } | |
378 | ||
379 | p := x509.NewCertPool() | |
380 | if !p.AppendCertsFromPEM(b) { | |
381 | return nil, awserr.New("LoadCustomCABundleError", | |
382 | "failed to load custom CA bundle PEM file", err) | |
383 | } | |
384 | ||
385 | return p, nil | |
386 | } | |
387 | ||
388 | func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers, sessOpts Options) error { | |
389 | // Merge in user provided configuration | |
390 | cfg.MergeIn(userCfg) | |
391 | ||
392 | // Region if not already set by user | |
393 | if len(aws.StringValue(cfg.Region)) == 0 { | |
394 | if len(envCfg.Region) > 0 { | |
395 | cfg.WithRegion(envCfg.Region) | |
396 | } else if envCfg.EnableSharedConfig && len(sharedCfg.Region) > 0 { | |
397 | cfg.WithRegion(sharedCfg.Region) | |
398 | } | |
399 | } | |
400 | ||
401 | // Configure credentials if not already set | |
402 | if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { | |
403 | if len(envCfg.Creds.AccessKeyID) > 0 { | |
404 | cfg.Credentials = credentials.NewStaticCredentialsFromCreds( | |
405 | envCfg.Creds, | |
406 | ) | |
407 | } else if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.RoleARN) > 0 && sharedCfg.AssumeRoleSource != nil { | |
408 | cfgCp := *cfg | |
409 | cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds( | |
410 | sharedCfg.AssumeRoleSource.Creds, | |
411 | ) | |
412 | if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil { | |
413 | // AssumeRole Token provider is required if doing Assume Role | |
414 | // with MFA. | |
415 | return AssumeRoleTokenProviderNotSetError{} | |
416 | } | |
417 | cfg.Credentials = stscreds.NewCredentials( | |
418 | &Session{ | |
419 | Config: &cfgCp, | |
420 | Handlers: handlers.Copy(), | |
421 | }, | |
422 | sharedCfg.AssumeRole.RoleARN, | |
423 | func(opt *stscreds.AssumeRoleProvider) { | |
424 | opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName | |
425 | ||
426 | // Assume role with external ID | |
427 | if len(sharedCfg.AssumeRole.ExternalID) > 0 { | |
428 | opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID) | |
429 | } | |
430 | ||
431 | // Assume role with MFA | |
432 | if len(sharedCfg.AssumeRole.MFASerial) > 0 { | |
433 | opt.SerialNumber = aws.String(sharedCfg.AssumeRole.MFASerial) | |
434 | opt.TokenProvider = sessOpts.AssumeRoleTokenProvider | |
435 | } | |
436 | }, | |
437 | ) | |
438 | } else if len(sharedCfg.Creds.AccessKeyID) > 0 { | |
439 | cfg.Credentials = credentials.NewStaticCredentialsFromCreds( | |
440 | sharedCfg.Creds, | |
441 | ) | |
442 | } else { | |
443 | // Fallback to default credentials provider, include mock errors | |
444 | // for the credential chain so user can identify why credentials | |
445 | // failed to be retrieved. | |
446 | cfg.Credentials = credentials.NewCredentials(&credentials.ChainProvider{ | |
447 | VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors), | |
448 | Providers: []credentials.Provider{ | |
449 | &credProviderError{Err: awserr.New("EnvAccessKeyNotFound", "failed to find credentials in the environment.", nil)}, | |
450 | &credProviderError{Err: awserr.New("SharedCredsLoad", fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil)}, | |
451 | defaults.RemoteCredProvider(*cfg, handlers), | |
452 | }, | |
453 | }) | |
454 | } | |
455 | } | |
456 | ||
457 | return nil | |
458 | } | |
459 | ||
460 | // AssumeRoleTokenProviderNotSetError is an error returned when creating a session when the | |
461 | // MFAToken option is not set when shared config is configured load assume a | |
462 | // role with an MFA token. | |
463 | type AssumeRoleTokenProviderNotSetError struct{} | |
464 | ||
465 | // Code is the short id of the error. | |
466 | func (e AssumeRoleTokenProviderNotSetError) Code() string { | |
467 | return "AssumeRoleTokenProviderNotSetError" | |
468 | } | |
469 | ||
470 | // Message is the description of the error | |
471 | func (e AssumeRoleTokenProviderNotSetError) Message() string { | |
472 | return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.") | |
473 | } | |
474 | ||
475 | // OrigErr is the underlying error that caused the failure. | |
476 | func (e AssumeRoleTokenProviderNotSetError) OrigErr() error { | |
477 | return nil | |
478 | } | |
479 | ||
480 | // Error satisfies the error interface. | |
481 | func (e AssumeRoleTokenProviderNotSetError) Error() string { | |
482 | return awserr.SprintError(e.Code(), e.Message(), "", nil) | |
483 | } | |
484 | ||
485 | type credProviderError struct { | |
486 | Err error | |
487 | } | |
488 | ||
489 | var emptyCreds = credentials.Value{} | |
490 | ||
491 | func (c credProviderError) Retrieve() (credentials.Value, error) { | |
492 | return credentials.Value{}, c.Err | |
493 | } | |
494 | func (c credProviderError) IsExpired() bool { | |
495 | return true | |
496 | } | |
497 | ||
498 | func initHandlers(s *Session) { | |
499 | // Add the Validate parameter handler if it is not disabled. | |
500 | s.Handlers.Validate.Remove(corehandlers.ValidateParametersHandler) | |
501 | if !aws.BoolValue(s.Config.DisableParamValidation) { | |
502 | s.Handlers.Validate.PushBackNamed(corehandlers.ValidateParametersHandler) | |
503 | } | |
504 | } | |
505 | ||
506 | // Copy creates and returns a copy of the current Session, coping the config | |
507 | // and handlers. If any additional configs are provided they will be merged | |
508 | // on top of the Session's copied config. | |
509 | // | |
510 | // // Create a copy of the current Session, configured for the us-west-2 region. | |
511 | // sess.Copy(&aws.Config{Region: aws.String("us-west-2")}) | |
512 | func (s *Session) Copy(cfgs ...*aws.Config) *Session { | |
513 | newSession := &Session{ | |
514 | Config: s.Config.Copy(cfgs...), | |
515 | Handlers: s.Handlers.Copy(), | |
516 | } | |
517 | ||
518 | initHandlers(newSession) | |
519 | ||
520 | return newSession | |
521 | } | |
522 | ||
523 | // ClientConfig satisfies the client.ConfigProvider interface and is used to | |
524 | // configure the service client instances. Passing the Session to the service | |
525 | // client's constructor (New) will use this method to configure the client. | |
526 | func (s *Session) ClientConfig(serviceName string, cfgs ...*aws.Config) client.Config { | |
527 | // Backwards compatibility, the error will be eaten if user calls ClientConfig | |
528 | // directly. All SDK services will use ClientconfigWithError. | |
529 | cfg, _ := s.clientConfigWithErr(serviceName, cfgs...) | |
530 | ||
531 | return cfg | |
532 | } | |
533 | ||
534 | func (s *Session) clientConfigWithErr(serviceName string, cfgs ...*aws.Config) (client.Config, error) { | |
535 | s = s.Copy(cfgs...) | |
536 | ||
537 | var resolved endpoints.ResolvedEndpoint | |
538 | var err error | |
539 | ||
540 | region := aws.StringValue(s.Config.Region) | |
541 | ||
542 | if endpoint := aws.StringValue(s.Config.Endpoint); len(endpoint) != 0 { | |
543 | resolved.URL = endpoints.AddScheme(endpoint, aws.BoolValue(s.Config.DisableSSL)) | |
544 | resolved.SigningRegion = region | |
545 | } else { | |
546 | resolved, err = s.Config.EndpointResolver.EndpointFor( | |
547 | serviceName, region, | |
548 | func(opt *endpoints.Options) { | |
549 | opt.DisableSSL = aws.BoolValue(s.Config.DisableSSL) | |
550 | opt.UseDualStack = aws.BoolValue(s.Config.UseDualStack) | |
551 | ||
552 | // Support the condition where the service is modeled but its | |
553 | // endpoint metadata is not available. | |
554 | opt.ResolveUnknownService = true | |
555 | }, | |
556 | ) | |
557 | } | |
558 | ||
559 | return client.Config{ | |
560 | Config: s.Config, | |
561 | Handlers: s.Handlers, | |
562 | Endpoint: resolved.URL, | |
563 | SigningRegion: resolved.SigningRegion, | |
564 | SigningName: resolved.SigningName, | |
565 | }, err | |
566 | } | |
567 | ||
568 | // ClientConfigNoResolveEndpoint is the same as ClientConfig with the exception | |
569 | // that the EndpointResolver will not be used to resolve the endpoint. The only | |
570 | // endpoint set must come from the aws.Config.Endpoint field. | |
571 | func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Config { | |
572 | s = s.Copy(cfgs...) | |
573 | ||
574 | var resolved endpoints.ResolvedEndpoint | |
575 | ||
576 | region := aws.StringValue(s.Config.Region) | |
577 | ||
578 | if ep := aws.StringValue(s.Config.Endpoint); len(ep) > 0 { | |
579 | resolved.URL = endpoints.AddScheme(ep, aws.BoolValue(s.Config.DisableSSL)) | |
580 | resolved.SigningRegion = region | |
581 | } | |
582 | ||
583 | return client.Config{ | |
584 | Config: s.Config, | |
585 | Handlers: s.Handlers, | |
586 | Endpoint: resolved.URL, | |
587 | SigningRegion: resolved.SigningRegion, | |
588 | SigningName: resolved.SigningName, | |
589 | } | |
590 | } |