]> git.immae.eu Git - github/fretlink/terraform-provider-statuscake.git/blob - vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
Initial transfer of provider code
[github/fretlink/terraform-provider-statuscake.git] / vendor / github.com / aws / aws-sdk-go / aws / credentials / credentials.go
1 // Package credentials provides credential retrieval and management
2 //
3 // The Credentials is the primary method of getting access to and managing
4 // credentials Values. Using dependency injection retrieval of the credential
5 // values is handled by a object which satisfies the Provider interface.
6 //
7 // By default the Credentials.Get() will cache the successful result of a
8 // Provider's Retrieve() until Provider.IsExpired() returns true. At which
9 // point Credentials will call Provider's Retrieve() to get new credential Value.
10 //
11 // The Provider is responsible for determining when credentials Value have expired.
12 // It is also important to note that Credentials will always call Retrieve the
13 // first time Credentials.Get() is called.
14 //
15 // Example of using the environment variable credentials.
16 //
17 // creds := credentials.NewEnvCredentials()
18 //
19 // // Retrieve the credentials value
20 // credValue, err := creds.Get()
21 // if err != nil {
22 // // handle error
23 // }
24 //
25 // Example of forcing credentials to expire and be refreshed on the next Get().
26 // This may be helpful to proactively expire credentials and refresh them sooner
27 // than they would naturally expire on their own.
28 //
29 // creds := credentials.NewCredentials(&ec2rolecreds.EC2RoleProvider{})
30 // creds.Expire()
31 // credsValue, err := creds.Get()
32 // // New credentials will be retrieved instead of from cache.
33 //
34 //
35 // Custom Provider
36 //
37 // Each Provider built into this package also provides a helper method to generate
38 // a Credentials pointer setup with the provider. To use a custom Provider just
39 // create a type which satisfies the Provider interface and pass it to the
40 // NewCredentials method.
41 //
42 // type MyProvider struct{}
43 // func (m *MyProvider) Retrieve() (Value, error) {...}
44 // func (m *MyProvider) IsExpired() bool {...}
45 //
46 // creds := credentials.NewCredentials(&MyProvider{})
47 // credValue, err := creds.Get()
48 //
49 package credentials
50
51 import (
52 "sync"
53 "time"
54 )
55
56 // AnonymousCredentials is an empty Credential object that can be used as
57 // dummy placeholder credentials for requests that do not need signed.
58 //
59 // This Credentials can be used to configure a service to not sign requests
60 // when making service API calls. For example, when accessing public
61 // s3 buckets.
62 //
63 // svc := s3.New(session.Must(session.NewSession(&aws.Config{
64 // Credentials: credentials.AnonymousCredentials,
65 // })))
66 // // Access public S3 buckets.
67 //
68 // @readonly
69 var AnonymousCredentials = NewStaticCredentials("", "", "")
70
71 // A Value is the AWS credentials value for individual credential fields.
72 type Value struct {
73 // AWS Access key ID
74 AccessKeyID string
75
76 // AWS Secret Access Key
77 SecretAccessKey string
78
79 // AWS Session Token
80 SessionToken string
81
82 // Provider used to get credentials
83 ProviderName string
84 }
85
86 // A Provider is the interface for any component which will provide credentials
87 // Value. A provider is required to manage its own Expired state, and what to
88 // be expired means.
89 //
90 // The Provider should not need to implement its own mutexes, because
91 // that will be managed by Credentials.
92 type Provider interface {
93 // Retrieve returns nil if it successfully retrieved the value.
94 // Error is returned if the value were not obtainable, or empty.
95 Retrieve() (Value, error)
96
97 // IsExpired returns if the credentials are no longer valid, and need
98 // to be retrieved.
99 IsExpired() bool
100 }
101
102 // An ErrorProvider is a stub credentials provider that always returns an error
103 // this is used by the SDK when construction a known provider is not possible
104 // due to an error.
105 type ErrorProvider struct {
106 // The error to be returned from Retrieve
107 Err error
108
109 // The provider name to set on the Retrieved returned Value
110 ProviderName string
111 }
112
113 // Retrieve will always return the error that the ErrorProvider was created with.
114 func (p ErrorProvider) Retrieve() (Value, error) {
115 return Value{ProviderName: p.ProviderName}, p.Err
116 }
117
118 // IsExpired will always return not expired.
119 func (p ErrorProvider) IsExpired() bool {
120 return false
121 }
122
123 // A Expiry provides shared expiration logic to be used by credentials
124 // providers to implement expiry functionality.
125 //
126 // The best method to use this struct is as an anonymous field within the
127 // provider's struct.
128 //
129 // Example:
130 // type EC2RoleProvider struct {
131 // Expiry
132 // ...
133 // }
134 type Expiry struct {
135 // The date/time when to expire on
136 expiration time.Time
137
138 // If set will be used by IsExpired to determine the current time.
139 // Defaults to time.Now if CurrentTime is not set. Available for testing
140 // to be able to mock out the current time.
141 CurrentTime func() time.Time
142 }
143
144 // SetExpiration sets the expiration IsExpired will check when called.
145 //
146 // If window is greater than 0 the expiration time will be reduced by the
147 // window value.
148 //
149 // Using a window is helpful to trigger credentials to expire sooner than
150 // the expiration time given to ensure no requests are made with expired
151 // tokens.
152 func (e *Expiry) SetExpiration(expiration time.Time, window time.Duration) {
153 e.expiration = expiration
154 if window > 0 {
155 e.expiration = e.expiration.Add(-window)
156 }
157 }
158
159 // IsExpired returns if the credentials are expired.
160 func (e *Expiry) IsExpired() bool {
161 if e.CurrentTime == nil {
162 e.CurrentTime = time.Now
163 }
164 return e.expiration.Before(e.CurrentTime())
165 }
166
167 // A Credentials provides synchronous safe retrieval of AWS credentials Value.
168 // Credentials will cache the credentials value until they expire. Once the value
169 // expires the next Get will attempt to retrieve valid credentials.
170 //
171 // Credentials is safe to use across multiple goroutines and will manage the
172 // synchronous state so the Providers do not need to implement their own
173 // synchronization.
174 //
175 // The first Credentials.Get() will always call Provider.Retrieve() to get the
176 // first instance of the credentials Value. All calls to Get() after that
177 // will return the cached credentials Value until IsExpired() returns true.
178 type Credentials struct {
179 creds Value
180 forceRefresh bool
181 m sync.Mutex
182
183 provider Provider
184 }
185
186 // NewCredentials returns a pointer to a new Credentials with the provider set.
187 func NewCredentials(provider Provider) *Credentials {
188 return &Credentials{
189 provider: provider,
190 forceRefresh: true,
191 }
192 }
193
194 // Get returns the credentials value, or error if the credentials Value failed
195 // to be retrieved.
196 //
197 // Will return the cached credentials Value if it has not expired. If the
198 // credentials Value has expired the Provider's Retrieve() will be called
199 // to refresh the credentials.
200 //
201 // If Credentials.Expire() was called the credentials Value will be force
202 // expired, and the next call to Get() will cause them to be refreshed.
203 func (c *Credentials) Get() (Value, error) {
204 c.m.Lock()
205 defer c.m.Unlock()
206
207 if c.isExpired() {
208 creds, err := c.provider.Retrieve()
209 if err != nil {
210 return Value{}, err
211 }
212 c.creds = creds
213 c.forceRefresh = false
214 }
215
216 return c.creds, nil
217 }
218
219 // Expire expires the credentials and forces them to be retrieved on the
220 // next call to Get().
221 //
222 // This will override the Provider's expired state, and force Credentials
223 // to call the Provider's Retrieve().
224 func (c *Credentials) Expire() {
225 c.m.Lock()
226 defer c.m.Unlock()
227
228 c.forceRefresh = true
229 }
230
231 // IsExpired returns if the credentials are no longer valid, and need
232 // to be retrieved.
233 //
234 // If the Credentials were forced to be expired with Expire() this will
235 // reflect that override.
236 func (c *Credentials) IsExpired() bool {
237 c.m.Lock()
238 defer c.m.Unlock()
239
240 return c.isExpired()
241 }
242
243 // isExpired helper method wrapping the definition of expired credentials.
244 func (c *Credentials) isExpired() bool {
245 return c.forceRefresh || c.provider.IsExpired()
246 }