Upgrade to 0.12

[github/fretlink/terraform-provider-statuscake.git] / vendor / github.com / aws / aws-sdk-go / aws / credentials / stscreds / assume_role_provider.go

diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
index 4108e433e64a168b26869145fa1cde8b608ceeca..b6dbfd2467de49d4c826a96a059423b0117b9d80 100644 (file)
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
@@ -80,16 +80,18 @@ package stscreds
 
 import (
        "fmt"
+       "os"
        "time"
 
        "github.com/aws/aws-sdk-go/aws"
        "github.com/aws/aws-sdk-go/aws/awserr"
        "github.com/aws/aws-sdk-go/aws/client"
        "github.com/aws/aws-sdk-go/aws/credentials"
+       "github.com/aws/aws-sdk-go/internal/sdkrand"
        "github.com/aws/aws-sdk-go/service/sts"
 )
 
-// StdinTokenProvider will prompt on stdout and read from stdin for a string value.
+// StdinTokenProvider will prompt on stderr and read from stdin for a string value.
 // An error is returned if reading from stdin fails.
 //
 // Use this function go read MFA tokens from stdin. The function makes no attempt
@@ -102,7 +104,7 @@ import (
 // Will wait forever until something is provided on the stdin.
 func StdinTokenProvider() (string, error) {
        var v string
-       fmt.Printf("Assume Role MFA token code: ")
+       fmt.Fprintf(os.Stderr, "Assume Role MFA token code: ")
        _, err := fmt.Scanln(&v)
 
        return v, err
@@ -193,6 +195,18 @@ type AssumeRoleProvider struct {
        //
        // If ExpiryWindow is 0 or less it will be ignored.
        ExpiryWindow time.Duration
+
+       // MaxJitterFrac reduces the effective Duration of each credential requested
+       // by a random percentage between 0 and MaxJitterFraction. MaxJitterFrac must
+       // have a value between 0 and 1. Any other value may lead to expected behavior.
+       // With a MaxJitterFrac value of 0, default) will no jitter will be used.
+       // 
+       // For example, with a Duration of 30m and a MaxJitterFrac of 0.1, the
+       // AssumeRole call will be made with an arbitrary Duration between 27m and
+       // 30m.
+       //
+       // MaxJitterFrac should not be negative.
+       MaxJitterFrac float64
 }
 
 // NewCredentials returns a pointer to a new Credentials object wrapping the
@@ -254,8 +268,9 @@ func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
                // Expire as often as AWS permits.
                p.Duration = DefaultDuration
        }
+       jitter := time.Duration(sdkrand.SeededRand.Float64() * p.MaxJitterFrac * float64(p.Duration))
        input := &sts.AssumeRoleInput{
-               DurationSeconds: aws.Int64(int64(p.Duration / time.Second)),
+               DurationSeconds: aws.Int64(int64((p.Duration - jitter) / time.Second)),
                RoleArn:         aws.String(p.RoleARN),
                RoleSessionName: aws.String(p.RoleSessionName),
                ExternalId:      p.ExternalID,