...
AWS SDK for Go API Reference
Feedback
Blog
Developer Guide
We announced the upcoming end-of-support for AWS SDK for Go (v1). We recommend that you migrate to AWS SDK for Go v2. For dates, additional details, and information on how to migrate, please refer to the linked announcement.
import "github.com/aws/aws-sdk-go/aws/credentials/endpointcreds"
Overview
Index

Overview ▾

Package endpointcreds provides support for retrieving credentials from an arbitrary HTTP endpoint.

The credentials endpoint Provider can receive both static and refreshable credentials that will expire. Credentials are static when an "Expiration" value is not provided in the endpoint's response.

Static credentials will never expire once they have been retrieved. The format of the static credentials response: 

{
    "AccessKeyId" : "MUA...",
    "SecretAccessKey" : "/7PC5om....",
}

Refreshable credentials will expire within the "ExpiryWindow" of the Expiration value in the response. The format of the refreshable credentials response: 

{
    "AccessKeyId" : "MUA...",
    "SecretAccessKey" : "/7PC5om....",
    "Token" : "AQoDY....=",
    "Expiration" : "2016-02-25T06:03:31Z"
}

Errors should be returned in the following format and only returned with 400 or 500 HTTP status codes. 

{
    "code": "ErrorCode",
    "message": "Helpful error message."
}

Constants 

const ProviderName = `CredentialsEndpointProvider`

ProviderName is the name of the credentials provider.

func NewCredentialsClient 

func NewCredentialsClient(cfg aws.Config, handlers request.Handlers, endpoint string, options ...func(*Provider)) *credentials.Credentials

NewCredentialsClient returns a pointer to a new Credentials object wrapping the endpoint credentials Provider.

func NewProviderClient 

func NewProviderClient(cfg aws.Config, handlers request.Handlers, endpoint string, options ...func(*Provider)) credentials.Provider

NewProviderClient returns a credentials Provider for retrieving AWS credentials from arbitrary endpoint.

type AuthTokenProvider 

type AuthTokenProvider interface {
    GetToken() (string, error)
}

AuthTokenProvider defines an interface to dynamically load a value to be passed for the Authorization header of a credentials request.

type Provider 

type Provider struct {
    credentials.Expiry

    // Requires a AWS Client to make HTTP requests to the endpoint with.
    // the Endpoint the request will be made to is provided by the aws.Config's
    // Endpoint value.
    Client *client.Client

    // ExpiryWindow will allow the credentials to trigger refreshing prior to
    // the credentials actually expiring. This is beneficial so race conditions
    // with expiring credentials do not cause request to fail unexpectedly
    // due to ExpiredTokenException exceptions.
    //
    // So a ExpiryWindow of 10s would cause calls to IsExpired() to return true
    // 10 seconds before the credentials are actually expired.
    //
    // If ExpiryWindow is 0 or less it will be ignored.
    ExpiryWindow time.Duration

    // Optional authorization token value if set will be used as the value of
    // the Authorization header of the endpoint credential request.
    //
    // When constructed from environment, the provider will use the value of
    // AWS_CONTAINER_AUTHORIZATION_TOKEN environment variable as the token
    //
    // Will be overridden if AuthorizationTokenProvider is configured
    AuthorizationToken string

    // Optional auth provider func to dynamically load the auth token from a file
    // everytime a credential is retrieved
    //
    // When constructed from environment, the provider will read and use the content
    // of the file pointed to by AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variable
    // as the auth token everytime credentials are retrieved
    //
    // Will override AuthorizationToken if configured
    AuthorizationTokenProvider AuthTokenProvider
    // contains filtered or unexported fields
}

Provider satisfies the credentials.Provider interface, and is a client to retrieve credentials from an arbitrary endpoint.

func (*Provider) IsExpired 

func (p *Provider) IsExpired() bool

IsExpired returns true if the credentials retrieved are expired, or not yet retrieved.

func (*Provider) Retrieve 

func (p *Provider) Retrieve() (credentials.Value, error)

Retrieve will attempt to request the credentials from the endpoint the Provider was configured for. And error will be returned if the retrieval fails.

func (*Provider) RetrieveWithContext 

func (p *Provider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error)

RetrieveWithContext will attempt to request the credentials from the endpoint the Provider was configured for. And error will be returned if the retrieval fails.

type TokenProviderFunc 

type TokenProviderFunc func() (string, error)

TokenProviderFunc is a func type implementing AuthTokenProvider interface and enables customizing token provider behavior

func (TokenProviderFunc) GetToken 

func (p TokenProviderFunc) GetToken() (string, error)

GetToken func retrieves auth token according to TokenProviderFunc implementation