1 files changed, 97 insertions, 0 deletions
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
new file mode 100644
index 0000000..20510d9
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
@@ -0,0 +1,97 @@
+package stscreds
+import (
+        "fmt"
+        "io/ioutil"
+        "strconv"
+        "time"
+        "github.com/aws/aws-sdk-go/aws"
+        "github.com/aws/aws-sdk-go/aws/awserr"
+        "github.com/aws/aws-sdk-go/aws/client"
+        "github.com/aws/aws-sdk-go/aws/credentials"
+        "github.com/aws/aws-sdk-go/service/sts"
+        "github.com/aws/aws-sdk-go/service/sts/stsiface"
+)
+const (
+        // ErrCodeWebIdentity will be used as an error code when constructing
+        // a new error to be returned during session creation or retrieval.
+        ErrCodeWebIdentity = "WebIdentityErr"
+        // WebIdentityProviderName is the web identity provider name
+        WebIdentityProviderName = "WebIdentityCredentials"
+)
+// now is used to return a time.Time object representing
+// the current time. This can be used to easily test and
+// compare test values.
+var now = time.Now
+// WebIdentityRoleProvider is used to retrieve credentials using
+// an OIDC token.
+type WebIdentityRoleProvider struct {
+        credentials.Expiry
+        client       stsiface.STSAPI
+        ExpiryWindow time.Duration
+        tokenFilePath   string
+        roleARN         string
+        roleSessionName string
+}
+// NewWebIdentityCredentials will return a new set of credentials with a given
+// configuration, role arn, and token file path.
+func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName, path string) *credentials.Credentials {
+        svc := sts.New(c)
+        p := NewWebIdentityRoleProvider(svc, roleARN, roleSessionName, path)
+        return credentials.NewCredentials(p)
+}
+// NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the
+// provided stsiface.STSAPI
+func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider {
+        return &WebIdentityRoleProvider{
+                client:          svc,
+                tokenFilePath:   path,
+                roleARN:         roleARN,
+                roleSessionName: roleSessionName,
+        }
+}
+// Retrieve will attempt to assume a role from a token which is located at
+// 'WebIdentityTokenFilePath' specified destination and if that is empty an
+// error will be returned.
+func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) {
+        b, err := ioutil.ReadFile(p.tokenFilePath)
+        if err != nil {
+                errMsg := fmt.Sprintf("unable to read file at %s", p.tokenFilePath)
+                return credentials.Value{}, awserr.New(ErrCodeWebIdentity, errMsg, err)
+        }
+        sessionName := p.roleSessionName
+        if len(sessionName) == 0 {
+                // session name is used to uniquely identify a session. This simply
+                // uses unix time in nanoseconds to uniquely identify sessions.
+                sessionName = strconv.FormatInt(now().UnixNano(), 10)
+        }
+        resp, err := p.client.AssumeRoleWithWebIdentity(&sts.AssumeRoleWithWebIdentityInput{
+                RoleArn:          &p.roleARN,
+                RoleSessionName:  &sessionName,
+                WebIdentityToken: aws.String(string(b)),
+        })
+        if err != nil {
+                return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed to retrieve credentials", err)
+        }
+        p.SetExpiration(aws.TimeValue(resp.Credentials.Expiration), p.ExpiryWindow)
+        value := credentials.Value{
+                AccessKeyID:     aws.StringValue(resp.Credentials.AccessKeyId),
+                SecretAccessKey: aws.StringValue(resp.Credentials.SecretAccessKey),
+                SessionToken:    aws.StringValue(resp.Credentials.SessionToken),
+                ProviderName:    WebIdentityProviderName,
+        }
+        return value, nil
+}

diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go new file mode 100644 index 0000000..20510d9 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
@@ -0,0 +1,97 @@
	1	package stscreds
	2
	3	import (
	4	"fmt"
	5	"io/ioutil"
	6	"strconv"
	7	"time"
	8
	9	"github.com/aws/aws-sdk-go/aws"
	10	"github.com/aws/aws-sdk-go/aws/awserr"
	11	"github.com/aws/aws-sdk-go/aws/client"
	12	"github.com/aws/aws-sdk-go/aws/credentials"
	13	"github.com/aws/aws-sdk-go/service/sts"
	14	"github.com/aws/aws-sdk-go/service/sts/stsiface"
	15	)
	16
	17	const (
	18	// ErrCodeWebIdentity will be used as an error code when constructing
	19	// a new error to be returned during session creation or retrieval.
	20	ErrCodeWebIdentity = "WebIdentityErr"
	21
	22	// WebIdentityProviderName is the web identity provider name
	23	WebIdentityProviderName = "WebIdentityCredentials"
	24	)
	25
	26	// now is used to return a time.Time object representing
	27	// the current time. This can be used to easily test and
	28	// compare test values.
	29	var now = time.Now
	30
	31	// WebIdentityRoleProvider is used to retrieve credentials using
	32	// an OIDC token.
	33	type WebIdentityRoleProvider struct {
	34	credentials.Expiry
	35
	36	client stsiface.STSAPI
	37	ExpiryWindow time.Duration
	38
	39	tokenFilePath string
	40	roleARN string
	41	roleSessionName string
	42	}
	43
	44	// NewWebIdentityCredentials will return a new set of credentials with a given
	45	// configuration, role arn, and token file path.
	46	func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName, path string) *credentials.Credentials {
	47	svc := sts.New(c)
	48	p := NewWebIdentityRoleProvider(svc, roleARN, roleSessionName, path)
	49	return credentials.NewCredentials(p)
	50	}
	51
	52	// NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the
	53	// provided stsiface.STSAPI
	54	func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider {
	55	return &WebIdentityRoleProvider{
	56	client: svc,
	57	tokenFilePath: path,
	58	roleARN: roleARN,
	59	roleSessionName: roleSessionName,
	60	}
	61	}
	62
	63	// Retrieve will attempt to assume a role from a token which is located at
	64	// 'WebIdentityTokenFilePath' specified destination and if that is empty an
	65	// error will be returned.
	66	func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) {
	67	b, err := ioutil.ReadFile(p.tokenFilePath)
	68	if err != nil {
	69	errMsg := fmt.Sprintf("unable to read file at %s", p.tokenFilePath)
	70	return credentials.Value{}, awserr.New(ErrCodeWebIdentity, errMsg, err)
	71	}
	72
	73	sessionName := p.roleSessionName
	74	if len(sessionName) == 0 {
	75	// session name is used to uniquely identify a session. This simply
	76	// uses unix time in nanoseconds to uniquely identify sessions.
	77	sessionName = strconv.FormatInt(now().UnixNano(), 10)
	78	}
	79	resp, err := p.client.AssumeRoleWithWebIdentity(&sts.AssumeRoleWithWebIdentityInput{
	80	RoleArn: &p.roleARN,
	81	RoleSessionName: &sessionName,
	82	WebIdentityToken: aws.String(string(b)),
	83	})
	84	if err != nil {
	85	return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed to retrieve credentials", err)
	86	}
	87
	88	p.SetExpiration(aws.TimeValue(resp.Credentials.Expiration), p.ExpiryWindow)
	89
	90	value := credentials.Value{
	91	AccessKeyID: aws.StringValue(resp.Credentials.AccessKeyId),
	92	SecretAccessKey: aws.StringValue(resp.Credentials.SecretAccessKey),
	93	SessionToken: aws.StringValue(resp.Credentials.SessionToken),
	94	ProviderName: WebIdentityProviderName,
	95	}
	96	return value, nil
	97	}