s3 cache client-side support

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax
2022-08-30 17:00:10 +02:00
parent 6804bcbf12
commit 57d22a7bd1
305 changed files with 45257 additions and 6 deletions

140
vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md generated vendored Normal file
View File

@ -0,0 +1,140 @@
# v1.15.5 (2022-05-09)
* **Bug Fix**: Fixes a bug in LoadDefaultConfig to correctly assign ConfigSources so all config resolvers have access to the config sources. This fixes the feature/ec2/imds client not having configuration applied via config.LoadOptions such as EC2IMDSClientEnableState. PR [#1682](https://github.com/aws/aws-sdk-go-v2/pull/1682)
# v1.15.4 (2022-04-25)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.15.3 (2022-03-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.15.2 (2022-03-24)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.15.1 (2022-03-23)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.15.0 (2022-03-08)
* **Feature**: Updated `github.com/aws/smithy-go` to latest version
* **Dependency Update**: Updated to the latest SDK module versions
# v1.14.0 (2022-02-24)
* **Feature**: Adds support for loading RetryMaxAttempts and RetryMod from the environment and shared configuration files. These parameters drive how the SDK's API client will initialize its default retryer, if custome retryer has not been specified. See [config](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/config) module and [aws.Config](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/aws#Config) for more information about and how to use these new options.
* **Feature**: Adds support for the `ca_bundle` parameter in shared config and credentials files. The usage of the file is the same as environment variable, `AWS_CA_BUNDLE`, but sourced from shared config. Fixes [#1589](https://github.com/aws/aws-sdk-go-v2/issues/1589)
* **Feature**: Updated `github.com/aws/smithy-go` to latest version
* **Dependency Update**: Updated to the latest SDK module versions
# v1.13.1 (2022-01-28)
* **Bug Fix**: Fixes LoadDefaultConfig handling of errors returned by passed in functional options. Previously errors returned from the LoadOptions passed into LoadDefaultConfig were incorrectly ignored. [#1562](https://github.com/aws/aws-sdk-go-v2/pull/1562). Thanks to [Pinglei Guo](https://github.com/pingleig) for submitting this PR.
* **Bug Fix**: Fixes the SDK's handling of `duration_sections` in the shared credentials file or specified in multiple shared config and shared credentials files under the same profile. [#1568](https://github.com/aws/aws-sdk-go-v2/pull/1568). Thanks to [Amir Szekely](https://github.com/kichik) for help reproduce this bug.
* **Bug Fix**: Updates `config` module to use os.UserHomeDir instead of hard coded environment variable for OS. [#1563](https://github.com/aws/aws-sdk-go-v2/pull/1563)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.13.0 (2022-01-14)
* **Feature**: Updated `github.com/aws/smithy-go` to latest version
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.0 (2022-01-07)
* **Feature**: Add load option for CredentialCache. Adds a new member to the LoadOptions struct, CredentialsCacheOptions. This member allows specifying a function that will be used to configure the CredentialsCache. The CredentialsCacheOptions will only be used if the configuration loader will wrap the underlying credential provider in the CredentialsCache.
* **Feature**: Updated `github.com/aws/smithy-go` to latest version
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.1 (2021-12-21)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.0 (2021-12-02)
* **Feature**: Add support for specifying `EndpointResolverWithOptions` on `LoadOptions`, and associated `WithEndpointResolverWithOptions`.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.10.3 (2021-11-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.10.2 (2021-11-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.10.1 (2021-11-12)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.10.0 (2021-11-06)
* **Feature**: The SDK now supports configuration of FIPS and DualStack endpoints using environment variables, shared configuration, or programmatically.
* **Feature**: Updated `github.com/aws/smithy-go` to latest version
* **Dependency Update**: Updated to the latest SDK module versions
# v1.9.0 (2021-10-21)
* **Feature**: Updated to latest version
* **Dependency Update**: Updated to the latest SDK module versions
# v1.8.3 (2021-10-11)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.8.2 (2021-09-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.8.1 (2021-09-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.8.0 (2021-09-02)
* **Feature**: Add support for S3 Multi-Region Access Point ARNs.
# v1.7.0 (2021-08-27)
* **Feature**: Updated `github.com/aws/smithy-go` to latest version
* **Dependency Update**: Updated to the latest SDK module versions
# v1.6.1 (2021-08-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.6.0 (2021-08-04)
* **Feature**: adds error handling for defered close calls
* **Dependency Update**: Updated `github.com/aws/smithy-go` to latest version.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.5.0 (2021-07-15)
* **Feature**: Support has been added for EC2 IPv6-enabled Instance Metadata Service Endpoints.
* **Dependency Update**: Updated `github.com/aws/smithy-go` to latest version
* **Dependency Update**: Updated to the latest SDK module versions
# v1.4.1 (2021-07-01)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.4.0 (2021-06-25)
* **Feature**: Adds configuration setting for enabling endpoint discovery.
* **Feature**: Updated `github.com/aws/smithy-go` to latest version
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.0 (2021-05-20)
* **Feature**: SSO credentials can now be defined alongside other credential providers within the same configuration profile.
* **Bug Fix**: Profile names were incorrectly normalized to lower-case, which could result in unexpected profile configurations.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.2.0 (2021-05-14)
* **Feature**: Constant has been added to modules to enable runtime version inspection for reporting.
* **Dependency Update**: Updated to the latest SDK module versions

202
vendor/github.com/aws/aws-sdk-go-v2/config/LICENSE.txt generated vendored Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

198
vendor/github.com/aws/aws-sdk-go-v2/config/config.go generated vendored Normal file
View File

@ -0,0 +1,198 @@
package config
import (
"context"
"github.com/aws/aws-sdk-go-v2/aws"
)
// defaultLoaders are a slice of functions that will read external configuration
// sources for configuration values. These values are read by the AWSConfigResolvers
// using interfaces to extract specific information from the external configuration.
var defaultLoaders = []loader{
loadEnvConfig,
loadSharedConfigIgnoreNotExist,
}
// defaultAWSConfigResolvers are a slice of functions that will resolve external
// configuration values into AWS configuration values.
//
// This will setup the AWS configuration's Region,
var defaultAWSConfigResolvers = []awsConfigResolver{
// Resolves the default configuration the SDK's aws.Config will be
// initialized with.
resolveDefaultAWSConfig,
// Sets the logger to be used. Could be user provided logger, and client
// logging mode.
resolveLogger,
resolveClientLogMode,
// Sets the HTTP client and configuration to use for making requests using
// the HTTP transport.
resolveHTTPClient,
resolveCustomCABundle,
// Sets the endpoint resolving behavior the API Clients will use for making
// requests to. Clients default to their own clients this allows overrides
// to be specified. The resolveEndpointResolver option is deprecated, but
// we still need to set it for backwards compatibility on config
// construction.
resolveEndpointResolver,
resolveEndpointResolverWithOptions,
// Sets the retry behavior API clients will use within their retry attempt
// middleware. Defaults to unset, allowing API clients to define their own
// retry behavior.
resolveRetryer,
// Sets the region the API Clients should use for making requests to.
resolveRegion,
resolveEC2IMDSRegion,
resolveDefaultRegion,
// Sets the additional set of middleware stack mutators that will custom
// API client request pipeline middleware.
resolveAPIOptions,
// Resolves the DefaultsMode that should be used by SDK clients. If this
// mode is set to DefaultsModeAuto.
//
// Comes after HTTPClient and CustomCABundle to ensure the HTTP client is
// configured if provided before invoking IMDS if mode is auto. Comes
// before resolving credentials so that those subsequent clients use the
// configured auto mode.
resolveDefaultsModeOptions,
// Sets the resolved credentials the API clients will use for
// authentication. Provides the SDK's default credential chain.
//
// Should probably be the last step in the resolve chain to ensure that all
// other configurations are resolved first in case downstream credentials
// implementations depend on or can be configured with earlier resolved
// configuration options.
resolveCredentials,
}
// A Config represents a generic configuration value or set of values. This type
// will be used by the AWSConfigResolvers to extract
//
// General the Config type will use type assertion against the Provider interfaces
// to extract specific data from the Config.
type Config interface{}
// A loader is used to load external configuration data and returns it as
// a generic Config type.
//
// The loader should return an error if it fails to load the external configuration
// or the configuration data is malformed, or required components missing.
type loader func(context.Context, configs) (Config, error)
// An awsConfigResolver will extract configuration data from the configs slice
// using the provider interfaces to extract specific functionality. The extracted
// configuration values will be written to the AWS Config value.
//
// The resolver should return an error if it it fails to extract the data, the
// data is malformed, or incomplete.
type awsConfigResolver func(ctx context.Context, cfg *aws.Config, configs configs) error
// configs is a slice of Config values. These values will be used by the
// AWSConfigResolvers to extract external configuration values to populate the
// AWS Config type.
//
// Use AppendFromLoaders to add additional external Config values that are
// loaded from external sources.
//
// Use ResolveAWSConfig after external Config values have been added or loaded
// to extract the loaded configuration values into the AWS Config.
type configs []Config
// AppendFromLoaders iterates over the slice of loaders passed in calling each
// loader function in order. The external config value returned by the loader
// will be added to the returned configs slice.
//
// If a loader returns an error this method will stop iterating and return
// that error.
func (cs configs) AppendFromLoaders(ctx context.Context, loaders []loader) (configs, error) {
for _, fn := range loaders {
cfg, err := fn(ctx, cs)
if err != nil {
return nil, err
}
cs = append(cs, cfg)
}
return cs, nil
}
// ResolveAWSConfig returns a AWS configuration populated with values by calling
// the resolvers slice passed in. Each resolver is called in order. Any resolver
// may overwrite the AWS Configuration value of a previous resolver.
//
// If an resolver returns an error this method will return that error, and stop
// iterating over the resolvers.
func (cs configs) ResolveAWSConfig(ctx context.Context, resolvers []awsConfigResolver) (aws.Config, error) {
var cfg aws.Config
for _, fn := range resolvers {
if err := fn(ctx, &cfg, cs); err != nil {
return aws.Config{}, err
}
}
return cfg, nil
}
// ResolveConfig calls the provide function passing slice of configuration sources.
// This implements the aws.ConfigResolver interface.
func (cs configs) ResolveConfig(f func(configs []interface{}) error) error {
var cfgs []interface{}
for i := range cs {
cfgs = append(cfgs, cs[i])
}
return f(cfgs)
}
// LoadDefaultConfig reads the SDK's default external configurations, and
// populates an AWS Config with the values from the external configurations.
//
// An optional variadic set of additional Config values can be provided as input
// that will be prepended to the configs slice. Use this to add custom configuration.
// The custom configurations must satisfy the respective providers for their data
// or the custom data will be ignored by the resolvers and config loaders.
//
// cfg, err := config.LoadDefaultConfig( context.TODO(),
// WithSharedConfigProfile("test-profile"),
// )
// if err != nil {
// panic(fmt.Sprintf("failed loading config, %v", err))
// }
//
//
// The default configuration sources are:
// * Environment Variables
// * Shared Configuration and Shared Credentials files.
func LoadDefaultConfig(ctx context.Context, optFns ...func(*LoadOptions) error) (cfg aws.Config, err error) {
var options LoadOptions
for _, optFn := range optFns {
if err := optFn(&options); err != nil {
return aws.Config{}, err
}
}
// assign Load Options to configs
var cfgCpy = configs{options}
cfgCpy, err = cfgCpy.AppendFromLoaders(ctx, defaultLoaders)
if err != nil {
return aws.Config{}, err
}
cfg, err = cfgCpy.ResolveAWSConfig(ctx, defaultAWSConfigResolvers)
if err != nil {
return aws.Config{}, err
}
return cfg, nil
}

View File

@ -0,0 +1,47 @@
package config
import (
"context"
"os"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
)
const execEnvVar = "AWS_EXECUTION_ENV"
// DefaultsModeOptions is the set of options that are used to configure
type DefaultsModeOptions struct {
// The SDK configuration defaults mode. Defaults to legacy if not specified.
//
// Supported modes are: auto, cross-region, in-region, legacy, mobile, standard
Mode aws.DefaultsMode
// The EC2 Instance Metadata Client that should be used when performing environment
// discovery when aws.DefaultsModeAuto is set.
//
// If not specified the SDK will construct a client if the instance metadata service has not been disabled by
// the AWS_EC2_METADATA_DISABLED environment variable.
IMDSClient *imds.Client
}
func resolveDefaultsModeRuntimeEnvironment(ctx context.Context, envConfig *EnvConfig, client *imds.Client) (aws.RuntimeEnvironment, error) {
getRegionOutput, err := client.GetRegion(ctx, &imds.GetRegionInput{})
// honor context timeouts, but if we couldn't talk to IMDS don't fail runtime environment introspection.
select {
case <-ctx.Done():
return aws.RuntimeEnvironment{}, err
default:
}
var imdsRegion string
if err == nil {
imdsRegion = getRegionOutput.Region
}
return aws.RuntimeEnvironment{
EnvironmentIdentifier: aws.ExecutionEnvironmentID(os.Getenv(execEnvVar)),
Region: envConfig.Region,
EC2InstanceMetadataRegion: imdsRegion,
}, nil
}

20
vendor/github.com/aws/aws-sdk-go-v2/config/doc.go generated vendored Normal file
View File

@ -0,0 +1,20 @@
// Package config provides utilities for loading configuration from multiple
// sources that can be used to configure the SDK's API clients, and utilities.
//
// The config package will load configuration from environment variables, AWS
// shared configuration file (~/.aws/config), and AWS shared credentials file
// (~/.aws/credentials).
//
// Use the LoadDefaultConfig to load configuration from all the SDK's supported
// sources, and resolve credentials using the SDK's default credential chain.
//
// LoadDefaultConfig allows for a variadic list of additional Config sources that can
// provide one or more configuration values which can be used to programmatically control the resolution
// of a specific value, or allow for broader range of additional configuration sources not supported by the SDK.
// A Config source implements one or more provider interfaces defined in this package. Config sources passed in will
// take precedence over the default environment and shared config sources used by the SDK. If one or more Config sources
// implement the same provider interface, priority will be handled by the order in which the sources were passed in.
//
// A number of helpers (prefixed by ``With``) are provided in this package that implement their respective provider
// interface. These helpers should be used for overriding configuration programmatically at runtime.
package config

View File

@ -0,0 +1,665 @@
package config
import (
"bytes"
"context"
"fmt"
"io"
"io/ioutil"
"os"
"strconv"
"strings"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
)
// CredentialsSourceName provides a name of the provider when config is
// loaded from environment.
const CredentialsSourceName = "EnvConfigCredentials"
// Environment variables that will be read for configuration values.
const (
awsAccessKeyIDEnvVar = "AWS_ACCESS_KEY_ID"
awsAccessKeyEnvVar = "AWS_ACCESS_KEY"
awsSecretAccessKeyEnvVar = "AWS_SECRET_ACCESS_KEY"
awsSecretKeyEnvVar = "AWS_SECRET_KEY"
awsSessionTokenEnvVar = "AWS_SESSION_TOKEN"
awsContainerCredentialsEndpointEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
awsContainerCredentialsRelativePathEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
awsContainerPProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
awsRegionEnvVar = "AWS_REGION"
awsDefaultRegionEnvVar = "AWS_DEFAULT_REGION"
awsProfileEnvVar = "AWS_PROFILE"
awsDefaultProfileEnvVar = "AWS_DEFAULT_PROFILE"
awsSharedCredentialsFileEnvVar = "AWS_SHARED_CREDENTIALS_FILE"
awsConfigFileEnvVar = "AWS_CONFIG_FILE"
awsCustomCABundleEnvVar = "AWS_CA_BUNDLE"
awsWebIdentityTokenFilePathEnvVar = "AWS_WEB_IDENTITY_TOKEN_FILE"
awsRoleARNEnvVar = "AWS_ROLE_ARN"
awsRoleSessionNameEnvVar = "AWS_ROLE_SESSION_NAME"
awsEnableEndpointDiscoveryEnvVar = "AWS_ENABLE_ENDPOINT_DISCOVERY"
awsS3UseARNRegionEnvVar = "AWS_S3_USE_ARN_REGION"
awsEc2MetadataServiceEndpointModeEnvVar = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE"
awsEc2MetadataServiceEndpointEnvVar = "AWS_EC2_METADATA_SERVICE_ENDPOINT"
awsEc2MetadataDisabled = "AWS_EC2_METADATA_DISABLED"
awsS3DisableMultiRegionAccessPointEnvVar = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS"
awsUseDualStackEndpoint = "AWS_USE_DUALSTACK_ENDPOINT"
awsUseFIPSEndpoint = "AWS_USE_FIPS_ENDPOINT"
awsDefaultMode = "AWS_DEFAULTS_MODE"
awsRetryMaxAttempts = "AWS_MAX_ATTEMPTS"
awsRetryMode = "AWS_RETRY_MODE"
)
var (
credAccessEnvKeys = []string{
awsAccessKeyIDEnvVar,
awsAccessKeyEnvVar,
}
credSecretEnvKeys = []string{
awsSecretAccessKeyEnvVar,
awsSecretKeyEnvVar,
}
regionEnvKeys = []string{
awsRegionEnvVar,
awsDefaultRegionEnvVar,
}
profileEnvKeys = []string{
awsProfileEnvVar,
awsDefaultProfileEnvVar,
}
)
// EnvConfig is a collection of environment values the SDK will read
// setup config from. All environment values are optional. But some values
// such as credentials require multiple values to be complete or the values
// will be ignored.
type EnvConfig struct {
// Environment configuration values. If set both Access Key ID and Secret Access
// Key must be provided. Session Token and optionally also be provided, but is
// not required.
//
// # Access Key ID
// AWS_ACCESS_KEY_ID=AKID
// AWS_ACCESS_KEY=AKID # only read if AWS_ACCESS_KEY_ID is not set.
//
// # Secret Access Key
// AWS_SECRET_ACCESS_KEY=SECRET
// AWS_SECRET_KEY=SECRET # only read if AWS_SECRET_ACCESS_KEY is not set.
//
// # Session Token
// AWS_SESSION_TOKEN=TOKEN
Credentials aws.Credentials
// ContainerCredentialsEndpoint value is the HTTP enabled endpoint to retrieve credentials
// using the endpointcreds.Provider
ContainerCredentialsEndpoint string
// ContainerCredentialsRelativePath is the relative URI path that will be used when attempting to retrieve
// credentials from the container endpoint.
ContainerCredentialsRelativePath string
// ContainerAuthorizationToken is the authorization token that will be included in the HTTP Authorization
// header when attempting to retrieve credentials from the container credentials endpoint.
ContainerAuthorizationToken string
// Region value will instruct the SDK where to make service API requests to. If is
// not provided in the environment the region must be provided before a service
// client request is made.
//
// AWS_REGION=us-west-2
// AWS_DEFAULT_REGION=us-west-2
Region string
// Profile name the SDK should load use when loading shared configuration from the
// shared configuration files. If not provided "default" will be used as the
// profile name.
//
// AWS_PROFILE=my_profile
// AWS_DEFAULT_PROFILE=my_profile
SharedConfigProfile string
// Shared credentials file path can be set to instruct the SDK to use an alternate
// file for the shared credentials. If not set the file will be loaded from
// $HOME/.aws/credentials on Linux/Unix based systems, and
// %USERPROFILE%\.aws\credentials on Windows.
//
// AWS_SHARED_CREDENTIALS_FILE=$HOME/my_shared_credentials
SharedCredentialsFile string
// Shared config file path can be set to instruct the SDK to use an alternate
// file for the shared config. If not set the file will be loaded from
// $HOME/.aws/config on Linux/Unix based systems, and
// %USERPROFILE%\.aws\config on Windows.
//
// AWS_CONFIG_FILE=$HOME/my_shared_config
SharedConfigFile string
// Sets the path to a custom Credentials Authority (CA) Bundle PEM file
// that the SDK will use instead of the system's root CA bundle.
// Only use this if you want to configure the SDK to use a custom set
// of CAs.
//
// Enabling this option will attempt to merge the Transport
// into the SDK's HTTP client. If the client's Transport is
// not a http.Transport an error will be returned. If the
// Transport's TLS config is set this option will cause the
// SDK to overwrite the Transport's TLS config's RootCAs value.
//
// Setting a custom HTTPClient in the aws.Config options will override this setting.
// To use this option and custom HTTP client, the HTTP client needs to be provided
// when creating the config. Not the service client.
//
// AWS_CA_BUNDLE=$HOME/my_custom_ca_bundle
CustomCABundle string
// Enables endpoint discovery via environment variables.
//
// AWS_ENABLE_ENDPOINT_DISCOVERY=true
EnableEndpointDiscovery aws.EndpointDiscoveryEnableState
// Specifies the WebIdentity token the SDK should use to assume a role
// with.
//
// AWS_WEB_IDENTITY_TOKEN_FILE=file_path
WebIdentityTokenFilePath string
// Specifies the IAM role arn to use when assuming an role.
//
// AWS_ROLE_ARN=role_arn
RoleARN string
// Specifies the IAM role session name to use when assuming a role.
//
// AWS_ROLE_SESSION_NAME=session_name
RoleSessionName string
// Specifies if the S3 service should allow ARNs to direct the region
// the client's requests are sent to.
//
// AWS_S3_USE_ARN_REGION=true
S3UseARNRegion *bool
// Specifies if the EC2 IMDS service client is enabled.
//
// AWS_EC2_METADATA_DISABLED=true
EC2IMDSClientEnableState imds.ClientEnableState
// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
//
// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
EC2IMDSEndpointMode imds.EndpointModeState
// Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode.
//
// AWS_EC2_METADATA_SERVICE_ENDPOINT=http://fd00:ec2::254
EC2IMDSEndpoint string
// Specifies if the S3 service should disable multi-region access points
// support.
//
// AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS=true
S3DisableMultiRegionAccessPoints *bool
// Specifies that SDK clients must resolve a dual-stack endpoint for
// services.
//
// AWS_USE_DUALSTACK_ENDPOINT=true
UseDualStackEndpoint aws.DualStackEndpointState
// Specifies that SDK clients must resolve a FIPS endpoint for
// services.
//
// AWS_USE_FIPS_ENDPOINT=true
UseFIPSEndpoint aws.FIPSEndpointState
// Specifies the SDK Defaults Mode used by services.
//
// AWS_DEFAULTS_MODE=standard
DefaultsMode aws.DefaultsMode
// Specifies the maximum number attempts an API client will call an
// operation that fails with a retryable error.
//
// AWS_MAX_ATTEMPTS=3
RetryMaxAttempts int
// Specifies the retry model the API client will be created with.
//
// aws_retry_mode=standard
RetryMode aws.RetryMode
}
// loadEnvConfig reads configuration values from the OS's environment variables.
// Returning the a Config typed EnvConfig to satisfy the ConfigLoader func type.
func loadEnvConfig(ctx context.Context, cfgs configs) (Config, error) {
return NewEnvConfig()
}
// NewEnvConfig retrieves the SDK's environment configuration.
// See `EnvConfig` for the values that will be retrieved.
func NewEnvConfig() (EnvConfig, error) {
var cfg EnvConfig
creds := aws.Credentials{
Source: CredentialsSourceName,
}
setStringFromEnvVal(&creds.AccessKeyID, credAccessEnvKeys)
setStringFromEnvVal(&creds.SecretAccessKey, credSecretEnvKeys)
if creds.HasKeys() {
creds.SessionToken = os.Getenv(awsSessionTokenEnvVar)
cfg.Credentials = creds
}
cfg.ContainerCredentialsEndpoint = os.Getenv(awsContainerCredentialsEndpointEnvVar)
cfg.ContainerCredentialsRelativePath = os.Getenv(awsContainerCredentialsRelativePathEnvVar)
cfg.ContainerAuthorizationToken = os.Getenv(awsContainerPProviderAuthorizationEnvVar)
setStringFromEnvVal(&cfg.Region, regionEnvKeys)
setStringFromEnvVal(&cfg.SharedConfigProfile, profileEnvKeys)
cfg.SharedCredentialsFile = os.Getenv(awsSharedCredentialsFileEnvVar)
cfg.SharedConfigFile = os.Getenv(awsConfigFileEnvVar)
cfg.CustomCABundle = os.Getenv(awsCustomCABundleEnvVar)
cfg.WebIdentityTokenFilePath = os.Getenv(awsWebIdentityTokenFilePathEnvVar)
cfg.RoleARN = os.Getenv(awsRoleARNEnvVar)
cfg.RoleSessionName = os.Getenv(awsRoleSessionNameEnvVar)
if err := setEndpointDiscoveryTypeFromEnvVal(&cfg.EnableEndpointDiscovery, []string{awsEnableEndpointDiscoveryEnvVar}); err != nil {
return cfg, err
}
if err := setBoolPtrFromEnvVal(&cfg.S3UseARNRegion, []string{awsS3UseARNRegionEnvVar}); err != nil {
return cfg, err
}
setEC2IMDSClientEnableState(&cfg.EC2IMDSClientEnableState, []string{awsEc2MetadataDisabled})
if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, []string{awsEc2MetadataServiceEndpointModeEnvVar}); err != nil {
return cfg, err
}
cfg.EC2IMDSEndpoint = os.Getenv(awsEc2MetadataServiceEndpointEnvVar)
if err := setBoolPtrFromEnvVal(&cfg.S3DisableMultiRegionAccessPoints, []string{awsS3DisableMultiRegionAccessPointEnvVar}); err != nil {
return cfg, err
}
if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, []string{awsUseDualStackEndpoint}); err != nil {
return cfg, err
}
if err := setUseFIPSEndpointFromEnvVal(&cfg.UseFIPSEndpoint, []string{awsUseFIPSEndpoint}); err != nil {
return cfg, err
}
if err := setDefaultsModeFromEnvVal(&cfg.DefaultsMode, []string{awsDefaultMode}); err != nil {
return cfg, err
}
if err := setIntFromEnvVal(&cfg.RetryMaxAttempts, []string{awsRetryMaxAttempts}); err != nil {
return cfg, err
}
if err := setRetryModeFromEnvVal(&cfg.RetryMode, []string{awsRetryMode}); err != nil {
return cfg, err
}
return cfg, nil
}
func (c EnvConfig) getDefaultsMode(ctx context.Context) (aws.DefaultsMode, bool, error) {
if len(c.DefaultsMode) == 0 {
return "", false, nil
}
return c.DefaultsMode, true, nil
}
// GetRetryMaxAttempts returns the value of AWS_MAX_ATTEMPTS if was specified,
// and not 0.
func (c EnvConfig) GetRetryMaxAttempts(ctx context.Context) (int, bool, error) {
if c.RetryMaxAttempts == 0 {
return 0, false, nil
}
return c.RetryMaxAttempts, true, nil
}
// GetRetryMode returns the RetryMode of AWS_RETRY_MODE if was specified, and a
// valid value.
func (c EnvConfig) GetRetryMode(ctx context.Context) (aws.RetryMode, bool, error) {
if len(c.RetryMode) == 0 {
return "", false, nil
}
return c.RetryMode, true, nil
}
func setEC2IMDSClientEnableState(state *imds.ClientEnableState, keys []string) {
for _, k := range keys {
value := os.Getenv(k)
if len(value) == 0 {
continue
}
switch {
case strings.EqualFold(value, "true"):
*state = imds.ClientDisabled
case strings.EqualFold(value, "false"):
*state = imds.ClientEnabled
default:
continue
}
break
}
}
func setDefaultsModeFromEnvVal(mode *aws.DefaultsMode, keys []string) error {
for _, k := range keys {
if value := os.Getenv(k); len(value) > 0 {
if ok := mode.SetFromString(value); !ok {
return fmt.Errorf("invalid %s value: %s", k, value)
}
break
}
}
return nil
}
func setRetryModeFromEnvVal(mode *aws.RetryMode, keys []string) (err error) {
for _, k := range keys {
if value := os.Getenv(k); len(value) > 0 {
*mode, err = aws.ParseRetryMode(value)
if err != nil {
return fmt.Errorf("invalid %s value, %w", k, err)
}
break
}
}
return nil
}
func setEC2IMDSEndpointMode(mode *imds.EndpointModeState, keys []string) error {
for _, k := range keys {
value := os.Getenv(k)
if len(value) == 0 {
continue
}
if err := mode.SetFromString(value); err != nil {
return fmt.Errorf("invalid value for environment variable, %s=%s, %v", k, value, err)
}
}
return nil
}
// GetRegion returns the AWS Region if set in the environment. Returns an empty
// string if not set.
func (c EnvConfig) getRegion(ctx context.Context) (string, bool, error) {
if len(c.Region) == 0 {
return "", false, nil
}
return c.Region, true, nil
}
// GetSharedConfigProfile returns the shared config profile if set in the
// environment. Returns an empty string if not set.
func (c EnvConfig) getSharedConfigProfile(ctx context.Context) (string, bool, error) {
if len(c.SharedConfigProfile) == 0 {
return "", false, nil
}
return c.SharedConfigProfile, true, nil
}
// getSharedConfigFiles returns a slice of filenames set in the environment.
//
// Will return the filenames in the order of:
// * Shared Config
func (c EnvConfig) getSharedConfigFiles(context.Context) ([]string, bool, error) {
var files []string
if v := c.SharedConfigFile; len(v) > 0 {
files = append(files, v)
}
if len(files) == 0 {
return nil, false, nil
}
return files, true, nil
}
// getSharedCredentialsFiles returns a slice of filenames set in the environment.
//
// Will return the filenames in the order of:
// * Shared Credentials
func (c EnvConfig) getSharedCredentialsFiles(context.Context) ([]string, bool, error) {
var files []string
if v := c.SharedCredentialsFile; len(v) > 0 {
files = append(files, v)
}
if len(files) == 0 {
return nil, false, nil
}
return files, true, nil
}
// GetCustomCABundle returns the custom CA bundle's PEM bytes if the file was
func (c EnvConfig) getCustomCABundle(context.Context) (io.Reader, bool, error) {
if len(c.CustomCABundle) == 0 {
return nil, false, nil
}
b, err := ioutil.ReadFile(c.CustomCABundle)
if err != nil {
return nil, false, err
}
return bytes.NewReader(b), true, nil
}
// GetS3UseARNRegion returns whether to allow ARNs to direct the region
// the S3 client's requests are sent to.
func (c EnvConfig) GetS3UseARNRegion(ctx context.Context) (value, ok bool, err error) {
if c.S3UseARNRegion == nil {
return false, false, nil
}
return *c.S3UseARNRegion, true, nil
}
// GetS3DisableMultRegionAccessPoints returns whether to disable multi-region access point
// support for the S3 client.
func (c EnvConfig) GetS3DisableMultRegionAccessPoints(ctx context.Context) (value, ok bool, err error) {
if c.S3DisableMultiRegionAccessPoints == nil {
return false, false, nil
}
return *c.S3DisableMultiRegionAccessPoints, true, nil
}
// GetUseDualStackEndpoint returns whether the service's dual-stack endpoint should be
// used for requests.
func (c EnvConfig) GetUseDualStackEndpoint(ctx context.Context) (value aws.DualStackEndpointState, found bool, err error) {
if c.UseDualStackEndpoint == aws.DualStackEndpointStateUnset {
return aws.DualStackEndpointStateUnset, false, nil
}
return c.UseDualStackEndpoint, true, nil
}
// GetUseFIPSEndpoint returns whether the service's FIPS endpoint should be
// used for requests.
func (c EnvConfig) GetUseFIPSEndpoint(ctx context.Context) (value aws.FIPSEndpointState, found bool, err error) {
if c.UseFIPSEndpoint == aws.FIPSEndpointStateUnset {
return aws.FIPSEndpointStateUnset, false, nil
}
return c.UseFIPSEndpoint, true, nil
}
func setStringFromEnvVal(dst *string, keys []string) {
for _, k := range keys {
if v := os.Getenv(k); len(v) > 0 {
*dst = v
break
}
}
}
func setIntFromEnvVal(dst *int, keys []string) error {
for _, k := range keys {
if v := os.Getenv(k); len(v) > 0 {
i, err := strconv.ParseInt(v, 10, 64)
if err != nil {
return fmt.Errorf("invalid value %s=%s, %w", k, v, err)
}
*dst = int(i)
break
}
}
return nil
}
func setBoolPtrFromEnvVal(dst **bool, keys []string) error {
for _, k := range keys {
value := os.Getenv(k)
if len(value) == 0 {
continue
}
if *dst == nil {
*dst = new(bool)
}
switch {
case strings.EqualFold(value, "false"):
**dst = false
case strings.EqualFold(value, "true"):
**dst = true
default:
return fmt.Errorf(
"invalid value for environment variable, %s=%s, need true or false",
k, value)
}
break
}
return nil
}
func setEndpointDiscoveryTypeFromEnvVal(dst *aws.EndpointDiscoveryEnableState, keys []string) error {
for _, k := range keys {
value := os.Getenv(k)
if len(value) == 0 {
continue // skip if empty
}
switch {
case strings.EqualFold(value, endpointDiscoveryDisabled):
*dst = aws.EndpointDiscoveryDisabled
case strings.EqualFold(value, endpointDiscoveryEnabled):
*dst = aws.EndpointDiscoveryEnabled
case strings.EqualFold(value, endpointDiscoveryAuto):
*dst = aws.EndpointDiscoveryAuto
default:
return fmt.Errorf(
"invalid value for environment variable, %s=%s, need true, false or auto",
k, value)
}
}
return nil
}
func setUseDualStackEndpointFromEnvVal(dst *aws.DualStackEndpointState, keys []string) error {
for _, k := range keys {
value := os.Getenv(k)
if len(value) == 0 {
continue // skip if empty
}
switch {
case strings.EqualFold(value, "true"):
*dst = aws.DualStackEndpointStateEnabled
case strings.EqualFold(value, "false"):
*dst = aws.DualStackEndpointStateDisabled
default:
return fmt.Errorf(
"invalid value for environment variable, %s=%s, need true, false",
k, value)
}
}
return nil
}
func setUseFIPSEndpointFromEnvVal(dst *aws.FIPSEndpointState, keys []string) error {
for _, k := range keys {
value := os.Getenv(k)
if len(value) == 0 {
continue // skip if empty
}
switch {
case strings.EqualFold(value, "true"):
*dst = aws.FIPSEndpointStateEnabled
case strings.EqualFold(value, "false"):
*dst = aws.FIPSEndpointStateDisabled
default:
return fmt.Errorf(
"invalid value for environment variable, %s=%s, need true, false",
k, value)
}
}
return nil
}
// GetEnableEndpointDiscovery returns resolved value for EnableEndpointDiscovery env variable setting.
func (c EnvConfig) GetEnableEndpointDiscovery(ctx context.Context) (value aws.EndpointDiscoveryEnableState, found bool, err error) {
if c.EnableEndpointDiscovery == aws.EndpointDiscoveryUnset {
return aws.EndpointDiscoveryUnset, false, nil
}
return c.EnableEndpointDiscovery, true, nil
}
// GetEC2IMDSClientEnableState implements a EC2IMDSClientEnableState options resolver interface.
func (c EnvConfig) GetEC2IMDSClientEnableState() (imds.ClientEnableState, bool, error) {
if c.EC2IMDSClientEnableState == imds.ClientDefaultEnableState {
return imds.ClientDefaultEnableState, false, nil
}
return c.EC2IMDSClientEnableState, true, nil
}
// GetEC2IMDSEndpointMode implements a EC2IMDSEndpointMode option resolver interface.
func (c EnvConfig) GetEC2IMDSEndpointMode() (imds.EndpointModeState, bool, error) {
if c.EC2IMDSEndpointMode == imds.EndpointModeStateUnset {
return imds.EndpointModeStateUnset, false, nil
}
return c.EC2IMDSEndpointMode, true, nil
}
// GetEC2IMDSEndpoint implements a EC2IMDSEndpoint option resolver interface.
func (c EnvConfig) GetEC2IMDSEndpoint() (string, bool, error) {
if len(c.EC2IMDSEndpoint) == 0 {
return "", false, nil
}
return c.EC2IMDSEndpoint, true, nil
}

View File

@ -0,0 +1,4 @@
package config
//go:generate go run -tags codegen ./codegen -output=provider_assert_test.go
//go:generate gofmt -s -w ./

View File

@ -0,0 +1,6 @@
// Code generated by internal/repotools/cmd/updatemodulemeta DO NOT EDIT.
package config
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.15.5"

View File

@ -0,0 +1,926 @@
package config
import (
"context"
"io"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds"
"github.com/aws/aws-sdk-go-v2/credentials/endpointcreds"
"github.com/aws/aws-sdk-go-v2/credentials/processcreds"
"github.com/aws/aws-sdk-go-v2/credentials/ssocreds"
"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
"github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
"github.com/aws/smithy-go/logging"
"github.com/aws/smithy-go/middleware"
)
// LoadOptionsFunc is a type alias for LoadOptions functional option
type LoadOptionsFunc func(*LoadOptions) error
// LoadOptions are discrete set of options that are valid for loading the
// configuration
type LoadOptions struct {
// Region is the region to send requests to.
Region string
// Credentials object to use when signing requests.
Credentials aws.CredentialsProvider
// HTTPClient the SDK's API clients will use to invoke HTTP requests.
HTTPClient HTTPClient
// EndpointResolver that can be used to provide or override an endpoint for
// the given service and region.
//
// See the `aws.EndpointResolver` documentation on usage.
//
// Deprecated: See EndpointResolverWithOptions
EndpointResolver aws.EndpointResolver
// EndpointResolverWithOptions that can be used to provide or override an
// endpoint for the given service and region.
//
// See the `aws.EndpointResolverWithOptions` documentation on usage.
EndpointResolverWithOptions aws.EndpointResolverWithOptions
// RetryMaxAttempts specifies the maximum number attempts an API client
// will call an operation that fails with a retryable error.
//
// This value will only be used if Retryer option is nil.
RetryMaxAttempts int
// RetryMode specifies the retry model the API client will be created with.
//
// This value will only be used if Retryer option is nil.
RetryMode aws.RetryMode
// Retryer is a function that provides a Retryer implementation. A Retryer
// guides how HTTP requests should be retried in case of recoverable
// failures.
//
// If not nil, RetryMaxAttempts, and RetryMode will be ignored.
Retryer func() aws.Retryer
// APIOptions provides the set of middleware mutations modify how the API
// client requests will be handled. This is useful for adding additional
// tracing data to a request, or changing behavior of the SDK's client.
APIOptions []func(*middleware.Stack) error
// Logger writer interface to write logging messages to.
Logger logging.Logger
// ClientLogMode is used to configure the events that will be sent to the
// configured logger. This can be used to configure the logging of signing,
// retries, request, and responses of the SDK clients.
//
// See the ClientLogMode type documentation for the complete set of logging
// modes and available configuration.
ClientLogMode *aws.ClientLogMode
// SharedConfigProfile is the profile to be used when loading the SharedConfig
SharedConfigProfile string
// SharedConfigFiles is the slice of custom shared config files to use when
// loading the SharedConfig. A non-default profile used within config file
// must have name defined with prefix 'profile '. eg [profile xyz]
// indicates a profile with name 'xyz'. To read more on the format of the
// config file, please refer the documentation at
// https://docs.aws.amazon.com/credref/latest/refdocs/file-format.html#file-format-config
//
// If duplicate profiles are provided within the same, or across multiple
// shared config files, the next parsed profile will override only the
// properties that conflict with the previously defined profile. Note that
// if duplicate profiles are provided within the SharedCredentialsFiles and
// SharedConfigFiles, the properties defined in shared credentials file
// take precedence.
SharedConfigFiles []string
// SharedCredentialsFile is the slice of custom shared credentials files to
// use when loading the SharedConfig. The profile name used within
// credentials file must not prefix 'profile '. eg [xyz] indicates a
// profile with name 'xyz'. Profile declared as [profile xyz] will be
// ignored. To read more on the format of the credentials file, please
// refer the documentation at
// https://docs.aws.amazon.com/credref/latest/refdocs/file-format.html#file-format-creds
//
// If duplicate profiles are provided with a same, or across multiple
// shared credentials files, the next parsed profile will override only
// properties that conflict with the previously defined profile. Note that
// if duplicate profiles are provided within the SharedCredentialsFiles and
// SharedConfigFiles, the properties defined in shared credentials file
// take precedence.
SharedCredentialsFiles []string
// CustomCABundle is CA bundle PEM bytes reader
CustomCABundle io.Reader
// DefaultRegion is the fall back region, used if a region was not resolved
// from other sources
DefaultRegion string
// UseEC2IMDSRegion indicates if SDK should retrieve the region
// from the EC2 Metadata service
UseEC2IMDSRegion *UseEC2IMDSRegion
// CredentialsCacheOptions is a function for setting the
// aws.CredentialsCacheOptions
CredentialsCacheOptions func(*aws.CredentialsCacheOptions)
// ProcessCredentialOptions is a function for setting
// the processcreds.Options
ProcessCredentialOptions func(*processcreds.Options)
// EC2RoleCredentialOptions is a function for setting
// the ec2rolecreds.Options
EC2RoleCredentialOptions func(*ec2rolecreds.Options)
// EndpointCredentialOptions is a function for setting
// the endpointcreds.Options
EndpointCredentialOptions func(*endpointcreds.Options)
// WebIdentityRoleCredentialOptions is a function for setting
// the stscreds.WebIdentityRoleOptions
WebIdentityRoleCredentialOptions func(*stscreds.WebIdentityRoleOptions)
// AssumeRoleCredentialOptions is a function for setting the
// stscreds.AssumeRoleOptions
AssumeRoleCredentialOptions func(*stscreds.AssumeRoleOptions)
// SSOProviderOptions is a function for setting
// the ssocreds.Options
SSOProviderOptions func(options *ssocreds.Options)
// LogConfigurationWarnings when set to true, enables logging
// configuration warnings
LogConfigurationWarnings *bool
// S3UseARNRegion specifies if the S3 service should allow ARNs to direct
// the region, the client's requests are sent to.
S3UseARNRegion *bool
// EnableEndpointDiscovery specifies if endpoint discovery is enable for
// the client.
EnableEndpointDiscovery aws.EndpointDiscoveryEnableState
// Specifies if the EC2 IMDS service client is enabled.
//
// AWS_EC2_METADATA_DISABLED=true
EC2IMDSClientEnableState imds.ClientEnableState
// Specifies the EC2 Instance Metadata Service default endpoint selection
// mode (IPv4 or IPv6)
EC2IMDSEndpointMode imds.EndpointModeState
// Specifies the EC2 Instance Metadata Service endpoint to use. If
// specified it overrides EC2IMDSEndpointMode.
EC2IMDSEndpoint string
// Specifies that SDK clients must resolve a dual-stack endpoint for
// services.
UseDualStackEndpoint aws.DualStackEndpointState
// Specifies that SDK clients must resolve a FIPS endpoint for
// services.
UseFIPSEndpoint aws.FIPSEndpointState
// Specifies the SDK configuration mode for defaults.
DefaultsModeOptions DefaultsModeOptions
}
func (o LoadOptions) getDefaultsMode(ctx context.Context) (aws.DefaultsMode, bool, error) {
if len(o.DefaultsModeOptions.Mode) == 0 {
return "", false, nil
}
return o.DefaultsModeOptions.Mode, true, nil
}
// GetRetryMaxAttempts returns the RetryMaxAttempts if specified in the
// LoadOptions and not 0.
func (o LoadOptions) GetRetryMaxAttempts(ctx context.Context) (int, bool, error) {
if o.RetryMaxAttempts == 0 {
return 0, false, nil
}
return o.RetryMaxAttempts, true, nil
}
// GetRetryMode returns the RetryMode specified in the LoadOptions.
func (o LoadOptions) GetRetryMode(ctx context.Context) (aws.RetryMode, bool, error) {
if len(o.RetryMode) == 0 {
return "", false, nil
}
return o.RetryMode, true, nil
}
func (o LoadOptions) getDefaultsModeIMDSClient(ctx context.Context) (*imds.Client, bool, error) {
if o.DefaultsModeOptions.IMDSClient == nil {
return nil, false, nil
}
return o.DefaultsModeOptions.IMDSClient, true, nil
}
// getRegion returns Region from config's LoadOptions
func (o LoadOptions) getRegion(ctx context.Context) (string, bool, error) {
if len(o.Region) == 0 {
return "", false, nil
}
return o.Region, true, nil
}
// WithRegion is a helper function to construct functional options
// that sets Region on config's LoadOptions. Setting the region to
// an empty string, will result in the region value being ignored.
// If multiple WithRegion calls are made, the last call overrides
// the previous call values.
func WithRegion(v string) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.Region = v
return nil
}
}
// getDefaultRegion returns DefaultRegion from config's LoadOptions
func (o LoadOptions) getDefaultRegion(ctx context.Context) (string, bool, error) {
if len(o.DefaultRegion) == 0 {
return "", false, nil
}
return o.DefaultRegion, true, nil
}
// WithDefaultRegion is a helper function to construct functional options
// that sets a DefaultRegion on config's LoadOptions. Setting the default
// region to an empty string, will result in the default region value
// being ignored. If multiple WithDefaultRegion calls are made, the last
// call overrides the previous call values. Note that both WithRegion and
// WithEC2IMDSRegion call takes precedence over WithDefaultRegion call
// when resolving region.
func WithDefaultRegion(v string) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.DefaultRegion = v
return nil
}
}
// getSharedConfigProfile returns SharedConfigProfile from config's LoadOptions
func (o LoadOptions) getSharedConfigProfile(ctx context.Context) (string, bool, error) {
if len(o.SharedConfigProfile) == 0 {
return "", false, nil
}
return o.SharedConfigProfile, true, nil
}
// WithSharedConfigProfile is a helper function to construct functional options
// that sets SharedConfigProfile on config's LoadOptions. Setting the shared
// config profile to an empty string, will result in the shared config profile
// value being ignored.
// If multiple WithSharedConfigProfile calls are made, the last call overrides
// the previous call values.
func WithSharedConfigProfile(v string) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.SharedConfigProfile = v
return nil
}
}
// getSharedConfigFiles returns SharedConfigFiles set on config's LoadOptions
func (o LoadOptions) getSharedConfigFiles(ctx context.Context) ([]string, bool, error) {
if o.SharedConfigFiles == nil {
return nil, false, nil
}
return o.SharedConfigFiles, true, nil
}
// WithSharedConfigFiles is a helper function to construct functional options
// that sets slice of SharedConfigFiles on config's LoadOptions.
// Setting the shared config files to an nil string slice, will result in the
// shared config files value being ignored.
// If multiple WithSharedConfigFiles calls are made, the last call overrides
// the previous call values.
func WithSharedConfigFiles(v []string) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.SharedConfigFiles = v
return nil
}
}
// getSharedCredentialsFiles returns SharedCredentialsFiles set on config's LoadOptions
func (o LoadOptions) getSharedCredentialsFiles(ctx context.Context) ([]string, bool, error) {
if o.SharedCredentialsFiles == nil {
return nil, false, nil
}
return o.SharedCredentialsFiles, true, nil
}
// WithSharedCredentialsFiles is a helper function to construct functional options
// that sets slice of SharedCredentialsFiles on config's LoadOptions.
// Setting the shared credentials files to an nil string slice, will result in the
// shared credentials files value being ignored.
// If multiple WithSharedCredentialsFiles calls are made, the last call overrides
// the previous call values.
func WithSharedCredentialsFiles(v []string) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.SharedCredentialsFiles = v
return nil
}
}
// getCustomCABundle returns CustomCABundle from LoadOptions
func (o LoadOptions) getCustomCABundle(ctx context.Context) (io.Reader, bool, error) {
if o.CustomCABundle == nil {
return nil, false, nil
}
return o.CustomCABundle, true, nil
}
// WithCustomCABundle is a helper function to construct functional options
// that sets CustomCABundle on config's LoadOptions. Setting the custom CA Bundle
// to nil will result in custom CA Bundle value being ignored.
// If multiple WithCustomCABundle calls are made, the last call overrides the
// previous call values.
func WithCustomCABundle(v io.Reader) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.CustomCABundle = v
return nil
}
}
// UseEC2IMDSRegion provides a regionProvider that retrieves the region
// from the EC2 Metadata service.
type UseEC2IMDSRegion struct {
// If unset will default to generic EC2 IMDS client.
Client *imds.Client
}
// getRegion attempts to retrieve the region from EC2 Metadata service.
func (p *UseEC2IMDSRegion) getRegion(ctx context.Context) (string, bool, error) {
if ctx == nil {
ctx = context.Background()
}
client := p.Client
if client == nil {
client = imds.New(imds.Options{})
}
result, err := client.GetRegion(ctx, nil)
if err != nil {
return "", false, err
}
if len(result.Region) != 0 {
return result.Region, true, nil
}
return "", false, nil
}
// getEC2IMDSRegion returns the value of EC2 IMDS region.
func (o LoadOptions) getEC2IMDSRegion(ctx context.Context) (string, bool, error) {
if o.UseEC2IMDSRegion == nil {
return "", false, nil
}
return o.UseEC2IMDSRegion.getRegion(ctx)
}
// WithEC2IMDSRegion is a helper function to construct functional options
// that enables resolving EC2IMDS region. The function takes
// in a UseEC2IMDSRegion functional option, and can be used to set the
// EC2IMDS client which will be used to resolve EC2IMDSRegion.
// If no functional option is provided, an EC2IMDS client is built and used
// by the resolver. If multiple WithEC2IMDSRegion calls are made, the last
// call overrides the previous call values. Note that the WithRegion calls takes
// precedence over WithEC2IMDSRegion when resolving region.
func WithEC2IMDSRegion(fnOpts ...func(o *UseEC2IMDSRegion)) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.UseEC2IMDSRegion = &UseEC2IMDSRegion{}
for _, fn := range fnOpts {
fn(o.UseEC2IMDSRegion)
}
return nil
}
}
// getCredentialsProvider returns the credentials value
func (o LoadOptions) getCredentialsProvider(ctx context.Context) (aws.CredentialsProvider, bool, error) {
if o.Credentials == nil {
return nil, false, nil
}
return o.Credentials, true, nil
}
// WithCredentialsProvider is a helper function to construct functional options
// that sets Credential provider value on config's LoadOptions. If credentials
// provider is set to nil, the credentials provider value will be ignored.
// If multiple WithCredentialsProvider calls are made, the last call overrides
// the previous call values.
func WithCredentialsProvider(v aws.CredentialsProvider) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.Credentials = v
return nil
}
}
// getCredentialsCacheOptionsProvider returns the wrapped function to set aws.CredentialsCacheOptions
func (o LoadOptions) getCredentialsCacheOptions(ctx context.Context) (func(*aws.CredentialsCacheOptions), bool, error) {
if o.CredentialsCacheOptions == nil {
return nil, false, nil
}
return o.CredentialsCacheOptions, true, nil
}
// WithCredentialsCacheOptions is a helper function to construct functional
// options that sets a function to modify the aws.CredentialsCacheOptions the
// aws.CredentialsCache will be configured with, if the CredentialsCache is used
// by the configuration loader.
//
// If multiple WithCredentialsCacheOptions calls are made, the last call
// overrides the previous call values.
func WithCredentialsCacheOptions(v func(*aws.CredentialsCacheOptions)) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.CredentialsCacheOptions = v
return nil
}
}
// getProcessCredentialOptions returns the wrapped function to set processcreds.Options
func (o LoadOptions) getProcessCredentialOptions(ctx context.Context) (func(*processcreds.Options), bool, error) {
if o.ProcessCredentialOptions == nil {
return nil, false, nil
}
return o.ProcessCredentialOptions, true, nil
}
// WithProcessCredentialOptions is a helper function to construct functional options
// that sets a function to use processcreds.Options on config's LoadOptions.
// If process credential options is set to nil, the process credential value will
// be ignored. If multiple WithProcessCredentialOptions calls are made, the last call
// overrides the previous call values.
func WithProcessCredentialOptions(v func(*processcreds.Options)) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.ProcessCredentialOptions = v
return nil
}
}
// getEC2RoleCredentialOptions returns the wrapped function to set the ec2rolecreds.Options
func (o LoadOptions) getEC2RoleCredentialOptions(ctx context.Context) (func(*ec2rolecreds.Options), bool, error) {
if o.EC2RoleCredentialOptions == nil {
return nil, false, nil
}
return o.EC2RoleCredentialOptions, true, nil
}
// WithEC2RoleCredentialOptions is a helper function to construct functional options
// that sets a function to use ec2rolecreds.Options on config's LoadOptions. If
// EC2 role credential options is set to nil, the EC2 role credential options value
// will be ignored. If multiple WithEC2RoleCredentialOptions calls are made,
// the last call overrides the previous call values.
func WithEC2RoleCredentialOptions(v func(*ec2rolecreds.Options)) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.EC2RoleCredentialOptions = v
return nil
}
}
// getEndpointCredentialOptions returns the wrapped function to set endpointcreds.Options
func (o LoadOptions) getEndpointCredentialOptions(context.Context) (func(*endpointcreds.Options), bool, error) {
if o.EndpointCredentialOptions == nil {
return nil, false, nil
}
return o.EndpointCredentialOptions, true, nil
}
// WithEndpointCredentialOptions is a helper function to construct functional options
// that sets a function to use endpointcreds.Options on config's LoadOptions. If
// endpoint credential options is set to nil, the endpoint credential options
// value will be ignored. If multiple WithEndpointCredentialOptions calls are made,
// the last call overrides the previous call values.
func WithEndpointCredentialOptions(v func(*endpointcreds.Options)) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.EndpointCredentialOptions = v
return nil
}
}
// getWebIdentityRoleCredentialOptions returns the wrapped function
func (o LoadOptions) getWebIdentityRoleCredentialOptions(context.Context) (func(*stscreds.WebIdentityRoleOptions), bool, error) {
if o.WebIdentityRoleCredentialOptions == nil {
return nil, false, nil
}
return o.WebIdentityRoleCredentialOptions, true, nil
}
// WithWebIdentityRoleCredentialOptions is a helper function to construct
// functional options that sets a function to use stscreds.WebIdentityRoleOptions
// on config's LoadOptions. If web identity role credentials options is set to nil,
// the web identity role credentials value will be ignored. If multiple
// WithWebIdentityRoleCredentialOptions calls are made, the last call
// overrides the previous call values.
func WithWebIdentityRoleCredentialOptions(v func(*stscreds.WebIdentityRoleOptions)) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.WebIdentityRoleCredentialOptions = v
return nil
}
}
// getAssumeRoleCredentialOptions returns AssumeRoleCredentialOptions from LoadOptions
func (o LoadOptions) getAssumeRoleCredentialOptions(context.Context) (func(options *stscreds.AssumeRoleOptions), bool, error) {
if o.AssumeRoleCredentialOptions == nil {
return nil, false, nil
}
return o.AssumeRoleCredentialOptions, true, nil
}
// WithAssumeRoleCredentialOptions is a helper function to construct
// functional options that sets a function to use stscreds.AssumeRoleOptions
// on config's LoadOptions. If assume role credentials options is set to nil,
// the assume role credentials value will be ignored. If multiple
// WithAssumeRoleCredentialOptions calls are made, the last call overrides
// the previous call values.
func WithAssumeRoleCredentialOptions(v func(*stscreds.AssumeRoleOptions)) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.AssumeRoleCredentialOptions = v
return nil
}
}
func (o LoadOptions) getHTTPClient(ctx context.Context) (HTTPClient, bool, error) {
if o.HTTPClient == nil {
return nil, false, nil
}
return o.HTTPClient, true, nil
}
// WithHTTPClient is a helper function to construct functional options
// that sets HTTPClient on LoadOptions. If HTTPClient is set to nil,
// the HTTPClient value will be ignored.
// If multiple WithHTTPClient calls are made, the last call overrides
// the previous call values.
func WithHTTPClient(v HTTPClient) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.HTTPClient = v
return nil
}
}
func (o LoadOptions) getAPIOptions(ctx context.Context) ([]func(*middleware.Stack) error, bool, error) {
if o.APIOptions == nil {
return nil, false, nil
}
return o.APIOptions, true, nil
}
// WithAPIOptions is a helper function to construct functional options
// that sets APIOptions on LoadOptions. If APIOptions is set to nil, the
// APIOptions value is ignored. If multiple WithAPIOptions calls are
// made, the last call overrides the previous call values.
func WithAPIOptions(v []func(*middleware.Stack) error) LoadOptionsFunc {
return func(o *LoadOptions) error {
if v == nil {
return nil
}
o.APIOptions = append(o.APIOptions, v...)
return nil
}
}
func (o LoadOptions) getRetryMaxAttempts(ctx context.Context) (int, bool, error) {
if o.RetryMaxAttempts == 0 {
return 0, false, nil
}
return o.RetryMaxAttempts, true, nil
}
// WithRetryMaxAttempts is a helper function to construct functional options that sets
// RetryMaxAttempts on LoadOptions. If RetryMaxAttempts is unset, the RetryMaxAttempts value is
// ignored. If multiple WithRetryMaxAttempts calls are made, the last call overrides
// the previous call values.
//
// Will be ignored of LoadOptions.Retryer or WithRetryer are used.
func WithRetryMaxAttempts(v int) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.RetryMaxAttempts = v
return nil
}
}
func (o LoadOptions) getRetryMode(ctx context.Context) (aws.RetryMode, bool, error) {
if o.RetryMode == "" {
return "", false, nil
}
return o.RetryMode, true, nil
}
// WithRetryMode is a helper function to construct functional options that sets
// RetryMode on LoadOptions. If RetryMode is unset, the RetryMode value is
// ignored. If multiple WithRetryMode calls are made, the last call overrides
// the previous call values.
//
// Will be ignored of LoadOptions.Retryer or WithRetryer are used.
func WithRetryMode(v aws.RetryMode) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.RetryMode = v
return nil
}
}
func (o LoadOptions) getRetryer(ctx context.Context) (func() aws.Retryer, bool, error) {
if o.Retryer == nil {
return nil, false, nil
}
return o.Retryer, true, nil
}
// WithRetryer is a helper function to construct functional options
// that sets Retryer on LoadOptions. If Retryer is set to nil, the
// Retryer value is ignored. If multiple WithRetryer calls are
// made, the last call overrides the previous call values.
func WithRetryer(v func() aws.Retryer) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.Retryer = v
return nil
}
}
func (o LoadOptions) getEndpointResolver(ctx context.Context) (aws.EndpointResolver, bool, error) {
if o.EndpointResolver == nil {
return nil, false, nil
}
return o.EndpointResolver, true, nil
}
// WithEndpointResolver is a helper function to construct functional options
// that sets the EndpointResolver on LoadOptions. If the EndpointResolver is set to nil,
// the EndpointResolver value is ignored. If multiple WithEndpointResolver calls
// are made, the last call overrides the previous call values.
//
// Deprecated: See WithEndpointResolverWithOptions
func WithEndpointResolver(v aws.EndpointResolver) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.EndpointResolver = v
return nil
}
}
func (o LoadOptions) getEndpointResolverWithOptions(ctx context.Context) (aws.EndpointResolverWithOptions, bool, error) {
if o.EndpointResolverWithOptions == nil {
return nil, false, nil
}
return o.EndpointResolverWithOptions, true, nil
}
// WithEndpointResolverWithOptions is a helper function to construct functional options
// that sets the EndpointResolverWithOptions on LoadOptions. If the EndpointResolverWithOptions is set to nil,
// the EndpointResolver value is ignored. If multiple WithEndpointResolver calls
// are made, the last call overrides the previous call values.
func WithEndpointResolverWithOptions(v aws.EndpointResolverWithOptions) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.EndpointResolverWithOptions = v
return nil
}
}
func (o LoadOptions) getLogger(ctx context.Context) (logging.Logger, bool, error) {
if o.Logger == nil {
return nil, false, nil
}
return o.Logger, true, nil
}
// WithLogger is a helper function to construct functional options
// that sets Logger on LoadOptions. If Logger is set to nil, the
// Logger value will be ignored. If multiple WithLogger calls are made,
// the last call overrides the previous call values.
func WithLogger(v logging.Logger) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.Logger = v
return nil
}
}
func (o LoadOptions) getClientLogMode(ctx context.Context) (aws.ClientLogMode, bool, error) {
if o.ClientLogMode == nil {
return 0, false, nil
}
return *o.ClientLogMode, true, nil
}
// WithClientLogMode is a helper function to construct functional options
// that sets client log mode on LoadOptions. If client log mode is set to nil,
// the client log mode value will be ignored. If multiple WithClientLogMode calls are made,
// the last call overrides the previous call values.
func WithClientLogMode(v aws.ClientLogMode) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.ClientLogMode = &v
return nil
}
}
func (o LoadOptions) getLogConfigurationWarnings(ctx context.Context) (v bool, found bool, err error) {
if o.LogConfigurationWarnings == nil {
return false, false, nil
}
return *o.LogConfigurationWarnings, true, nil
}
// WithLogConfigurationWarnings is a helper function to construct
// functional options that can be used to set LogConfigurationWarnings
// on LoadOptions.
//
// If multiple WithLogConfigurationWarnings calls are made, the last call
// overrides the previous call values.
func WithLogConfigurationWarnings(v bool) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.LogConfigurationWarnings = &v
return nil
}
}
// GetS3UseARNRegion returns whether to allow ARNs to direct the region
// the S3 client's requests are sent to.
func (o LoadOptions) GetS3UseARNRegion(ctx context.Context) (v bool, found bool, err error) {
if o.S3UseARNRegion == nil {
return false, false, nil
}
return *o.S3UseARNRegion, true, nil
}
// WithS3UseARNRegion is a helper function to construct functional options
// that can be used to set S3UseARNRegion on LoadOptions.
// If multiple WithS3UseARNRegion calls are made, the last call overrides
// the previous call values.
func WithS3UseARNRegion(v bool) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.S3UseARNRegion = &v
return nil
}
}
// GetEnableEndpointDiscovery returns if the EnableEndpointDiscovery flag is set.
func (o LoadOptions) GetEnableEndpointDiscovery(ctx context.Context) (value aws.EndpointDiscoveryEnableState, ok bool, err error) {
if o.EnableEndpointDiscovery == aws.EndpointDiscoveryUnset {
return aws.EndpointDiscoveryUnset, false, nil
}
return o.EnableEndpointDiscovery, true, nil
}
// WithEndpointDiscovery is a helper function to construct functional options
// that can be used to enable endpoint discovery on LoadOptions for supported clients.
// If multiple WithEndpointDiscovery calls are made, the last call overrides
// the previous call values.
func WithEndpointDiscovery(v aws.EndpointDiscoveryEnableState) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.EnableEndpointDiscovery = v
return nil
}
}
// getSSOProviderOptions returns AssumeRoleCredentialOptions from LoadOptions
func (o LoadOptions) getSSOProviderOptions(context.Context) (func(options *ssocreds.Options), bool, error) {
if o.SSOProviderOptions == nil {
return nil, false, nil
}
return o.SSOProviderOptions, true, nil
}
// WithSSOProviderOptions is a helper function to construct
// functional options that sets a function to use ssocreds.Options
// on config's LoadOptions. If the SSO credential provider options is set to nil,
// the sso provider options value will be ignored. If multiple
// WithSSOProviderOptions calls are made, the last call overrides
// the previous call values.
func WithSSOProviderOptions(v func(*ssocreds.Options)) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.SSOProviderOptions = v
return nil
}
}
// GetEC2IMDSClientEnableState implements a EC2IMDSClientEnableState options resolver interface.
func (o LoadOptions) GetEC2IMDSClientEnableState() (imds.ClientEnableState, bool, error) {
if o.EC2IMDSClientEnableState == imds.ClientDefaultEnableState {
return imds.ClientDefaultEnableState, false, nil
}
return o.EC2IMDSClientEnableState, true, nil
}
// GetEC2IMDSEndpointMode implements a EC2IMDSEndpointMode option resolver interface.
func (o LoadOptions) GetEC2IMDSEndpointMode() (imds.EndpointModeState, bool, error) {
if o.EC2IMDSEndpointMode == imds.EndpointModeStateUnset {
return imds.EndpointModeStateUnset, false, nil
}
return o.EC2IMDSEndpointMode, true, nil
}
// GetEC2IMDSEndpoint implements a EC2IMDSEndpoint option resolver interface.
func (o LoadOptions) GetEC2IMDSEndpoint() (string, bool, error) {
if len(o.EC2IMDSEndpoint) == 0 {
return "", false, nil
}
return o.EC2IMDSEndpoint, true, nil
}
// WithEC2IMDSClientEnableState is a helper function to construct functional options that sets the EC2IMDSClientEnableState.
func WithEC2IMDSClientEnableState(v imds.ClientEnableState) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.EC2IMDSClientEnableState = v
return nil
}
}
// WithEC2IMDSEndpointMode is a helper function to construct functional options that sets the EC2IMDSEndpointMode.
func WithEC2IMDSEndpointMode(v imds.EndpointModeState) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.EC2IMDSEndpointMode = v
return nil
}
}
// WithEC2IMDSEndpoint is a helper function to construct functional options that sets the EC2IMDSEndpoint.
func WithEC2IMDSEndpoint(v string) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.EC2IMDSEndpoint = v
return nil
}
}
// WithUseDualStackEndpoint is a helper function to construct
// functional options that can be used to set UseDualStackEndpoint on LoadOptions.
func WithUseDualStackEndpoint(v aws.DualStackEndpointState) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.UseDualStackEndpoint = v
return nil
}
}
// GetUseDualStackEndpoint returns whether the service's dual-stack endpoint should be
// used for requests.
func (o LoadOptions) GetUseDualStackEndpoint(ctx context.Context) (value aws.DualStackEndpointState, found bool, err error) {
if o.UseDualStackEndpoint == aws.DualStackEndpointStateUnset {
return aws.DualStackEndpointStateUnset, false, nil
}
return o.UseDualStackEndpoint, true, nil
}
// WithUseFIPSEndpoint is a helper function to construct
// functional options that can be used to set UseFIPSEndpoint on LoadOptions.
func WithUseFIPSEndpoint(v aws.FIPSEndpointState) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.UseFIPSEndpoint = v
return nil
}
}
// GetUseFIPSEndpoint returns whether the service's FIPS endpoint should be
// used for requests.
func (o LoadOptions) GetUseFIPSEndpoint(ctx context.Context) (value aws.FIPSEndpointState, found bool, err error) {
if o.UseFIPSEndpoint == aws.FIPSEndpointStateUnset {
return aws.FIPSEndpointStateUnset, false, nil
}
return o.UseFIPSEndpoint, true, nil
}
// WithDefaultsMode sets the SDK defaults configuration mode to the value provided.
//
// Zero or more functional options can be provided to provide configuration options for performing
// environment discovery when using aws.DefaultsModeAuto.
func WithDefaultsMode(mode aws.DefaultsMode, optFns ...func(options *DefaultsModeOptions)) LoadOptionsFunc {
do := DefaultsModeOptions{
Mode: mode,
}
for _, fn := range optFns {
fn(&do)
}
return func(options *LoadOptions) error {
options.DefaultsModeOptions = do
return nil
}
}

51
vendor/github.com/aws/aws-sdk-go-v2/config/local.go generated vendored Normal file
View File

@ -0,0 +1,51 @@
package config
import (
"fmt"
"net"
"net/url"
)
var lookupHostFn = net.LookupHost
func isLoopbackHost(host string) (bool, error) {
ip := net.ParseIP(host)
if ip != nil {
return ip.IsLoopback(), nil
}
// Host is not an ip, perform lookup
addrs, err := lookupHostFn(host)
if err != nil {
return false, err
}
if len(addrs) == 0 {
return false, fmt.Errorf("no addrs found for host, %s", host)
}
for _, addr := range addrs {
if !net.ParseIP(addr).IsLoopback() {
return false, nil
}
}
return true, nil
}
func validateLocalURL(v string) error {
u, err := url.Parse(v)
if err != nil {
return err
}
host := u.Hostname()
if len(host) == 0 {
return fmt.Errorf("unable to parse host from local HTTP cred provider URL")
} else if isLoopback, err := isLoopbackHost(host); err != nil {
return fmt.Errorf("failed to resolve host %q, %v", host, err)
} else if !isLoopback {
return fmt.Errorf("invalid endpoint host, %q, only host resolving to loopback addresses are allowed", host)
}
return nil
}

533
vendor/github.com/aws/aws-sdk-go-v2/config/provider.go generated vendored Normal file
View File

@ -0,0 +1,533 @@
package config
import (
"context"
"io"
"net/http"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds"
"github.com/aws/aws-sdk-go-v2/credentials/endpointcreds"
"github.com/aws/aws-sdk-go-v2/credentials/processcreds"
"github.com/aws/aws-sdk-go-v2/credentials/ssocreds"
"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
"github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
"github.com/aws/smithy-go/logging"
"github.com/aws/smithy-go/middleware"
)
// sharedConfigProfileProvider provides access to the shared config profile
// name external configuration value.
type sharedConfigProfileProvider interface {
getSharedConfigProfile(ctx context.Context) (string, bool, error)
}
// getSharedConfigProfile searches the configs for a sharedConfigProfileProvider
// and returns the value if found. Returns an error if a provider fails before a
// value is found.
func getSharedConfigProfile(ctx context.Context, configs configs) (value string, found bool, err error) {
for _, cfg := range configs {
if p, ok := cfg.(sharedConfigProfileProvider); ok {
value, found, err = p.getSharedConfigProfile(ctx)
if err != nil || found {
break
}
}
}
return
}
// sharedConfigFilesProvider provides access to the shared config filesnames
// external configuration value.
type sharedConfigFilesProvider interface {
getSharedConfigFiles(ctx context.Context) ([]string, bool, error)
}
// getSharedConfigFiles searches the configs for a sharedConfigFilesProvider
// and returns the value if found. Returns an error if a provider fails before a
// value is found.
func getSharedConfigFiles(ctx context.Context, configs configs) (value []string, found bool, err error) {
for _, cfg := range configs {
if p, ok := cfg.(sharedConfigFilesProvider); ok {
value, found, err = p.getSharedConfigFiles(ctx)
if err != nil || found {
break
}
}
}
return
}
// sharedCredentialsFilesProvider provides access to the shared credentials filesnames
// external configuration value.
type sharedCredentialsFilesProvider interface {
getSharedCredentialsFiles(ctx context.Context) ([]string, bool, error)
}
// getSharedCredentialsFiles searches the configs for a sharedCredentialsFilesProvider
// and returns the value if found. Returns an error if a provider fails before a
// value is found.
func getSharedCredentialsFiles(ctx context.Context, configs configs) (value []string, found bool, err error) {
for _, cfg := range configs {
if p, ok := cfg.(sharedCredentialsFilesProvider); ok {
value, found, err = p.getSharedCredentialsFiles(ctx)
if err != nil || found {
break
}
}
}
return
}
// customCABundleProvider provides access to the custom CA bundle PEM bytes.
type customCABundleProvider interface {
getCustomCABundle(ctx context.Context) (io.Reader, bool, error)
}
// getCustomCABundle searches the configs for a customCABundleProvider
// and returns the value if found. Returns an error if a provider fails before a
// value is found.
func getCustomCABundle(ctx context.Context, configs configs) (value io.Reader, found bool, err error) {
for _, cfg := range configs {
if p, ok := cfg.(customCABundleProvider); ok {
value, found, err = p.getCustomCABundle(ctx)
if err != nil || found {
break
}
}
}
return
}
// regionProvider provides access to the region external configuration value.
type regionProvider interface {
getRegion(ctx context.Context) (string, bool, error)
}
// getRegion searches the configs for a regionProvider and returns the value
// if found. Returns an error if a provider fails before a value is found.
func getRegion(ctx context.Context, configs configs) (value string, found bool, err error) {
for _, cfg := range configs {
if p, ok := cfg.(regionProvider); ok {
value, found, err = p.getRegion(ctx)
if err != nil || found {
break
}
}
}
return
}
// ec2IMDSRegionProvider provides access to the ec2 imds region
// configuration value
type ec2IMDSRegionProvider interface {
getEC2IMDSRegion(ctx context.Context) (string, bool, error)
}
// getEC2IMDSRegion searches the configs for a ec2IMDSRegionProvider and
// returns the value if found. Returns an error if a provider fails before
// a value is found.
func getEC2IMDSRegion(ctx context.Context, configs configs) (region string, found bool, err error) {
for _, cfg := range configs {
if provider, ok := cfg.(ec2IMDSRegionProvider); ok {
region, found, err = provider.getEC2IMDSRegion(ctx)
if err != nil || found {
break
}
}
}
return
}
// credentialsProviderProvider provides access to the credentials external
// configuration value.
type credentialsProviderProvider interface {
getCredentialsProvider(ctx context.Context) (aws.CredentialsProvider, bool, error)
}
// getCredentialsProvider searches the configs for a credentialsProviderProvider
// and returns the value if found. Returns an error if a provider fails before a
// value is found.
func getCredentialsProvider(ctx context.Context, configs configs) (p aws.CredentialsProvider, found bool, err error) {
for _, cfg := range configs {
if provider, ok := cfg.(credentialsProviderProvider); ok {
p, found, err = provider.getCredentialsProvider(ctx)
if err != nil || found {
break
}
}
}
return
}
// credentialsCacheOptionsProvider is an interface for retrieving a function for setting
// the aws.CredentialsCacheOptions.
type credentialsCacheOptionsProvider interface {
getCredentialsCacheOptions(ctx context.Context) (func(*aws.CredentialsCacheOptions), bool, error)
}
// getCredentialsCacheOptionsProvider is an interface for retrieving a function for setting
// the aws.CredentialsCacheOptions.
func getCredentialsCacheOptionsProvider(ctx context.Context, configs configs) (
f func(*aws.CredentialsCacheOptions), found bool, err error,
) {
for _, config := range configs {
if p, ok := config.(credentialsCacheOptionsProvider); ok {
f, found, err = p.getCredentialsCacheOptions(ctx)
if err != nil || found {
break
}
}
}
return
}
// processCredentialOptions is an interface for retrieving a function for setting
// the processcreds.Options.
type processCredentialOptions interface {
getProcessCredentialOptions(ctx context.Context) (func(*processcreds.Options), bool, error)
}
// getProcessCredentialOptions searches the slice of configs and returns the first function found
func getProcessCredentialOptions(ctx context.Context, configs configs) (f func(*processcreds.Options), found bool, err error) {
for _, config := range configs {
if p, ok := config.(processCredentialOptions); ok {
f, found, err = p.getProcessCredentialOptions(ctx)
if err != nil || found {
break
}
}
}
return
}
// ec2RoleCredentialOptionsProvider is an interface for retrieving a function
// for setting the ec2rolecreds.Provider options.
type ec2RoleCredentialOptionsProvider interface {
getEC2RoleCredentialOptions(ctx context.Context) (func(*ec2rolecreds.Options), bool, error)
}
// getEC2RoleCredentialProviderOptions searches the slice of configs and returns the first function found
func getEC2RoleCredentialProviderOptions(ctx context.Context, configs configs) (f func(*ec2rolecreds.Options), found bool, err error) {
for _, config := range configs {
if p, ok := config.(ec2RoleCredentialOptionsProvider); ok {
f, found, err = p.getEC2RoleCredentialOptions(ctx)
if err != nil || found {
break
}
}
}
return
}
// defaultRegionProvider is an interface for retrieving a default region if a region was not resolved from other sources
type defaultRegionProvider interface {
getDefaultRegion(ctx context.Context) (string, bool, error)
}
// getDefaultRegion searches the slice of configs and returns the first fallback region found
func getDefaultRegion(ctx context.Context, configs configs) (value string, found bool, err error) {
for _, config := range configs {
if p, ok := config.(defaultRegionProvider); ok {
value, found, err = p.getDefaultRegion(ctx)
if err != nil || found {
break
}
}
}
return
}
// endpointCredentialOptionsProvider is an interface for retrieving a function for setting
// the endpointcreds.ProviderOptions.
type endpointCredentialOptionsProvider interface {
getEndpointCredentialOptions(ctx context.Context) (func(*endpointcreds.Options), bool, error)
}
// getEndpointCredentialProviderOptions searches the slice of configs and returns the first function found
func getEndpointCredentialProviderOptions(ctx context.Context, configs configs) (f func(*endpointcreds.Options), found bool, err error) {
for _, config := range configs {
if p, ok := config.(endpointCredentialOptionsProvider); ok {
f, found, err = p.getEndpointCredentialOptions(ctx)
if err != nil || found {
break
}
}
}
return
}
// webIdentityRoleCredentialOptionsProvider is an interface for retrieving a function for setting
// the stscreds.WebIdentityRoleProvider.
type webIdentityRoleCredentialOptionsProvider interface {
getWebIdentityRoleCredentialOptions(ctx context.Context) (func(*stscreds.WebIdentityRoleOptions), bool, error)
}
// getWebIdentityCredentialProviderOptions searches the slice of configs and returns the first function found
func getWebIdentityCredentialProviderOptions(ctx context.Context, configs configs) (f func(*stscreds.WebIdentityRoleOptions), found bool, err error) {
for _, config := range configs {
if p, ok := config.(webIdentityRoleCredentialOptionsProvider); ok {
f, found, err = p.getWebIdentityRoleCredentialOptions(ctx)
if err != nil || found {
break
}
}
}
return
}
// assumeRoleCredentialOptionsProvider is an interface for retrieving a function for setting
// the stscreds.AssumeRoleOptions.
type assumeRoleCredentialOptionsProvider interface {
getAssumeRoleCredentialOptions(ctx context.Context) (func(*stscreds.AssumeRoleOptions), bool, error)
}
// getAssumeRoleCredentialProviderOptions searches the slice of configs and returns the first function found
func getAssumeRoleCredentialProviderOptions(ctx context.Context, configs configs) (f func(*stscreds.AssumeRoleOptions), found bool, err error) {
for _, config := range configs {
if p, ok := config.(assumeRoleCredentialOptionsProvider); ok {
f, found, err = p.getAssumeRoleCredentialOptions(ctx)
if err != nil || found {
break
}
}
}
return
}
// HTTPClient is an HTTP client implementation
type HTTPClient interface {
Do(*http.Request) (*http.Response, error)
}
// httpClientProvider is an interface for retrieving HTTPClient
type httpClientProvider interface {
getHTTPClient(ctx context.Context) (HTTPClient, bool, error)
}
// getHTTPClient searches the slice of configs and returns the HTTPClient set on configs
func getHTTPClient(ctx context.Context, configs configs) (client HTTPClient, found bool, err error) {
for _, config := range configs {
if p, ok := config.(httpClientProvider); ok {
client, found, err = p.getHTTPClient(ctx)
if err != nil || found {
break
}
}
}
return
}
// apiOptionsProvider is an interface for retrieving APIOptions
type apiOptionsProvider interface {
getAPIOptions(ctx context.Context) ([]func(*middleware.Stack) error, bool, error)
}
// getAPIOptions searches the slice of configs and returns the APIOptions set on configs
func getAPIOptions(ctx context.Context, configs configs) (apiOptions []func(*middleware.Stack) error, found bool, err error) {
for _, config := range configs {
if p, ok := config.(apiOptionsProvider); ok {
// retrieve APIOptions from configs and set it on cfg
apiOptions, found, err = p.getAPIOptions(ctx)
if err != nil || found {
break
}
}
}
return
}
// endpointResolverProvider is an interface for retrieving an aws.EndpointResolver from a configuration source
type endpointResolverProvider interface {
getEndpointResolver(ctx context.Context) (aws.EndpointResolver, bool, error)
}
// getEndpointResolver searches the provided config sources for a EndpointResolverFunc that can be used
// to configure the aws.Config.EndpointResolver value.
func getEndpointResolver(ctx context.Context, configs configs) (f aws.EndpointResolver, found bool, err error) {
for _, c := range configs {
if p, ok := c.(endpointResolverProvider); ok {
f, found, err = p.getEndpointResolver(ctx)
if err != nil || found {
break
}
}
}
return
}
// endpointResolverWithOptionsProvider is an interface for retrieving an aws.EndpointResolverWithOptions from a configuration source
type endpointResolverWithOptionsProvider interface {
getEndpointResolverWithOptions(ctx context.Context) (aws.EndpointResolverWithOptions, bool, error)
}
// getEndpointResolver searches the provided config sources for a EndpointResolverFunc that can be used
// to configure the aws.Config.EndpointResolver value.
func getEndpointResolverWithOptions(ctx context.Context, configs configs) (f aws.EndpointResolverWithOptions, found bool, err error) {
for _, c := range configs {
if p, ok := c.(endpointResolverWithOptionsProvider); ok {
f, found, err = p.getEndpointResolverWithOptions(ctx)
if err != nil || found {
break
}
}
}
return
}
// loggerProvider is an interface for retrieving a logging.Logger from a configuration source.
type loggerProvider interface {
getLogger(ctx context.Context) (logging.Logger, bool, error)
}
// getLogger searches the provided config sources for a logging.Logger that can be used
// to configure the aws.Config.Logger value.
func getLogger(ctx context.Context, configs configs) (l logging.Logger, found bool, err error) {
for _, c := range configs {
if p, ok := c.(loggerProvider); ok {
l, found, err = p.getLogger(ctx)
if err != nil || found {
break
}
}
}
return
}
// clientLogModeProvider is an interface for retrieving the aws.ClientLogMode from a configuration source.
type clientLogModeProvider interface {
getClientLogMode(ctx context.Context) (aws.ClientLogMode, bool, error)
}
func getClientLogMode(ctx context.Context, configs configs) (m aws.ClientLogMode, found bool, err error) {
for _, c := range configs {
if p, ok := c.(clientLogModeProvider); ok {
m, found, err = p.getClientLogMode(ctx)
if err != nil || found {
break
}
}
}
return
}
// retryProvider is an configuration provider for custom Retryer.
type retryProvider interface {
getRetryer(ctx context.Context) (func() aws.Retryer, bool, error)
}
func getRetryer(ctx context.Context, configs configs) (v func() aws.Retryer, found bool, err error) {
for _, c := range configs {
if p, ok := c.(retryProvider); ok {
v, found, err = p.getRetryer(ctx)
if err != nil || found {
break
}
}
}
return
}
// logConfigurationWarningsProvider is an configuration provider for
// retrieving a boolean indicating whether configuration issues should
// be logged when loading from config sources
type logConfigurationWarningsProvider interface {
getLogConfigurationWarnings(ctx context.Context) (bool, bool, error)
}
func getLogConfigurationWarnings(ctx context.Context, configs configs) (v bool, found bool, err error) {
for _, c := range configs {
if p, ok := c.(logConfigurationWarningsProvider); ok {
v, found, err = p.getLogConfigurationWarnings(ctx)
if err != nil || found {
break
}
}
}
return
}
// ssoCredentialOptionsProvider is an interface for retrieving a function for setting
// the ssocreds.Options.
type ssoCredentialOptionsProvider interface {
getSSOProviderOptions(context.Context) (func(*ssocreds.Options), bool, error)
}
func getSSOProviderOptions(ctx context.Context, configs configs) (v func(options *ssocreds.Options), found bool, err error) {
for _, c := range configs {
if p, ok := c.(ssoCredentialOptionsProvider); ok {
v, found, err = p.getSSOProviderOptions(ctx)
if err != nil || found {
break
}
}
}
return v, found, err
}
type defaultsModeIMDSClientProvider interface {
getDefaultsModeIMDSClient(context.Context) (*imds.Client, bool, error)
}
func getDefaultsModeIMDSClient(ctx context.Context, configs configs) (v *imds.Client, found bool, err error) {
for _, c := range configs {
if p, ok := c.(defaultsModeIMDSClientProvider); ok {
v, found, err = p.getDefaultsModeIMDSClient(ctx)
if err != nil || found {
break
}
}
}
return v, found, err
}
type defaultsModeProvider interface {
getDefaultsMode(context.Context) (aws.DefaultsMode, bool, error)
}
func getDefaultsMode(ctx context.Context, configs configs) (v aws.DefaultsMode, found bool, err error) {
for _, c := range configs {
if p, ok := c.(defaultsModeProvider); ok {
v, found, err = p.getDefaultsMode(ctx)
if err != nil || found {
break
}
}
}
return v, found, err
}
type retryMaxAttemptsProvider interface {
GetRetryMaxAttempts(context.Context) (int, bool, error)
}
func getRetryMaxAttempts(ctx context.Context, configs configs) (v int, found bool, err error) {
for _, c := range configs {
if p, ok := c.(retryMaxAttemptsProvider); ok {
v, found, err = p.GetRetryMaxAttempts(ctx)
if err != nil || found {
break
}
}
}
return v, found, err
}
type retryModeProvider interface {
GetRetryMode(context.Context) (aws.RetryMode, bool, error)
}
func getRetryMode(ctx context.Context, configs configs) (v aws.RetryMode, found bool, err error) {
for _, c := range configs {
if p, ok := c.(retryModeProvider); ok {
v, found, err = p.GetRetryMode(ctx)
if err != nil || found {
break
}
}
}
return v, found, err
}

307
vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go generated vendored Normal file
View File

@ -0,0 +1,307 @@
package config
import (
"context"
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"net/http"
"os"
"github.com/aws/aws-sdk-go-v2/aws"
awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http"
"github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
"github.com/aws/smithy-go/logging"
)
// resolveDefaultAWSConfig will write default configuration values into the cfg
// value. It will write the default values, overwriting any previous value.
//
// This should be used as the first resolver in the slice of resolvers when
// resolving external configuration.
func resolveDefaultAWSConfig(ctx context.Context, cfg *aws.Config, cfgs configs) error {
var sources []interface{}
for _, s := range cfgs {
sources = append(sources, s)
}
*cfg = aws.Config{
Credentials: aws.AnonymousCredentials{},
Logger: logging.NewStandardLogger(os.Stderr),
ConfigSources: sources,
}
return nil
}
// resolveCustomCABundle extracts the first instance of a custom CA bundle filename
// from the external configurations. It will update the HTTP Client's builder
// to be configured with the custom CA bundle.
//
// Config provider used:
// * customCABundleProvider
func resolveCustomCABundle(ctx context.Context, cfg *aws.Config, cfgs configs) error {
pemCerts, found, err := getCustomCABundle(ctx, cfgs)
if err != nil {
// TODO error handling, What is the best way to handle this?
// capture previous errors continue. error out if all errors
return err
}
if !found {
return nil
}
if cfg.HTTPClient == nil {
cfg.HTTPClient = awshttp.NewBuildableClient()
}
trOpts, ok := cfg.HTTPClient.(*awshttp.BuildableClient)
if !ok {
return fmt.Errorf("unable to add custom RootCAs HTTPClient, "+
"has no WithTransportOptions, %T", cfg.HTTPClient)
}
var appendErr error
client := trOpts.WithTransportOptions(func(tr *http.Transport) {
if tr.TLSClientConfig == nil {
tr.TLSClientConfig = &tls.Config{}
}
if tr.TLSClientConfig.RootCAs == nil {
tr.TLSClientConfig.RootCAs = x509.NewCertPool()
}
b, err := ioutil.ReadAll(pemCerts)
if err != nil {
appendErr = fmt.Errorf("failed to read custom CA bundle PEM file")
}
if !tr.TLSClientConfig.RootCAs.AppendCertsFromPEM(b) {
appendErr = fmt.Errorf("failed to load custom CA bundle PEM file")
}
})
if appendErr != nil {
return appendErr
}
cfg.HTTPClient = client
return err
}
// resolveRegion extracts the first instance of a Region from the configs slice.
//
// Config providers used:
// * regionProvider
func resolveRegion(ctx context.Context, cfg *aws.Config, configs configs) error {
v, found, err := getRegion(ctx, configs)
if err != nil {
// TODO error handling, What is the best way to handle this?
// capture previous errors continue. error out if all errors
return err
}
if !found {
return nil
}
cfg.Region = v
return nil
}
// resolveDefaultRegion extracts the first instance of a default region and sets `aws.Config.Region` to the default
// region if region had not been resolved from other sources.
func resolveDefaultRegion(ctx context.Context, cfg *aws.Config, configs configs) error {
if len(cfg.Region) > 0 {
return nil
}
v, found, err := getDefaultRegion(ctx, configs)
if err != nil {
return err
}
if !found {
return nil
}
cfg.Region = v
return nil
}
// resolveHTTPClient extracts the first instance of a HTTPClient and sets `aws.Config.HTTPClient` to the HTTPClient instance
// if one has not been resolved from other sources.
func resolveHTTPClient(ctx context.Context, cfg *aws.Config, configs configs) error {
c, found, err := getHTTPClient(ctx, configs)
if err != nil {
return err
}
if !found {
return nil
}
cfg.HTTPClient = c
return nil
}
// resolveAPIOptions extracts the first instance of APIOptions and sets `aws.Config.APIOptions` to the resolved API options
// if one has not been resolved from other sources.
func resolveAPIOptions(ctx context.Context, cfg *aws.Config, configs configs) error {
o, found, err := getAPIOptions(ctx, configs)
if err != nil {
return err
}
if !found {
return nil
}
cfg.APIOptions = o
return nil
}
// resolveEndpointResolver extracts the first instance of a EndpointResolverFunc from the config slice
// and sets the functions result on the aws.Config.EndpointResolver
func resolveEndpointResolver(ctx context.Context, cfg *aws.Config, configs configs) error {
endpointResolver, found, err := getEndpointResolver(ctx, configs)
if err != nil {
return err
}
if !found {
return nil
}
cfg.EndpointResolver = endpointResolver
return nil
}
// resolveEndpointResolver extracts the first instance of a EndpointResolverFunc from the config slice
// and sets the functions result on the aws.Config.EndpointResolver
func resolveEndpointResolverWithOptions(ctx context.Context, cfg *aws.Config, configs configs) error {
endpointResolver, found, err := getEndpointResolverWithOptions(ctx, configs)
if err != nil {
return err
}
if !found {
return nil
}
cfg.EndpointResolverWithOptions = endpointResolver
return nil
}
func resolveLogger(ctx context.Context, cfg *aws.Config, configs configs) error {
logger, found, err := getLogger(ctx, configs)
if err != nil {
return err
}
if !found {
return nil
}
cfg.Logger = logger
return nil
}
func resolveClientLogMode(ctx context.Context, cfg *aws.Config, configs configs) error {
mode, found, err := getClientLogMode(ctx, configs)
if err != nil {
return err
}
if !found {
return nil
}
cfg.ClientLogMode = mode
return nil
}
func resolveRetryer(ctx context.Context, cfg *aws.Config, configs configs) error {
retryer, found, err := getRetryer(ctx, configs)
if err != nil {
return err
}
if found {
cfg.Retryer = retryer
return nil
}
// Only load the retry options if a custom retryer has not be specified.
if err = resolveRetryMaxAttempts(ctx, cfg, configs); err != nil {
return err
}
return resolveRetryMode(ctx, cfg, configs)
}
func resolveEC2IMDSRegion(ctx context.Context, cfg *aws.Config, configs configs) error {
if len(cfg.Region) > 0 {
return nil
}
region, found, err := getEC2IMDSRegion(ctx, configs)
if err != nil {
return err
}
if !found {
return nil
}
cfg.Region = region
return nil
}
func resolveDefaultsModeOptions(ctx context.Context, cfg *aws.Config, configs configs) error {
defaultsMode, found, err := getDefaultsMode(ctx, configs)
if err != nil {
return err
}
if !found {
defaultsMode = aws.DefaultsModeLegacy
}
var environment aws.RuntimeEnvironment
if defaultsMode == aws.DefaultsModeAuto {
envConfig, _, _ := getAWSConfigSources(configs)
client, found, err := getDefaultsModeIMDSClient(ctx, configs)
if err != nil {
return err
}
if !found {
client = imds.NewFromConfig(*cfg)
}
environment, err = resolveDefaultsModeRuntimeEnvironment(ctx, envConfig, client)
if err != nil {
return err
}
}
cfg.DefaultsMode = defaultsMode
cfg.RuntimeEnvironment = environment
return nil
}
func resolveRetryMaxAttempts(ctx context.Context, cfg *aws.Config, configs configs) error {
maxAttempts, found, err := getRetryMaxAttempts(ctx, configs)
if err != nil || !found {
return err
}
cfg.RetryMaxAttempts = maxAttempts
return nil
}
func resolveRetryMode(ctx context.Context, cfg *aws.Config, configs configs) error {
retryMode, found, err := getRetryMode(ctx, configs)
if err != nil || !found {
return err
}
cfg.RetryMode = retryMode
return nil
}

View File

@ -0,0 +1,470 @@
package config
import (
"context"
"fmt"
"net/url"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/credentials"
"github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds"
"github.com/aws/aws-sdk-go-v2/credentials/endpointcreds"
"github.com/aws/aws-sdk-go-v2/credentials/processcreds"
"github.com/aws/aws-sdk-go-v2/credentials/ssocreds"
"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
"github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
"github.com/aws/aws-sdk-go-v2/service/sso"
"github.com/aws/aws-sdk-go-v2/service/sts"
)
const (
// valid credential source values
credSourceEc2Metadata = "Ec2InstanceMetadata"
credSourceEnvironment = "Environment"
credSourceECSContainer = "EcsContainer"
)
var (
ecsContainerEndpoint = "http://169.254.170.2" // not constant to allow for swapping during unit-testing
)
// resolveCredentials extracts a credential provider from slice of config sources.
//
// If an explict credential provider is not found the resolver will fallback to resolving
// credentials by extracting a credential provider from EnvConfig and SharedConfig.
func resolveCredentials(ctx context.Context, cfg *aws.Config, configs configs) error {
found, err := resolveCredentialProvider(ctx, cfg, configs)
if err != nil {
return err
}
if found {
return nil
}
err = resolveCredentialChain(ctx, cfg, configs)
if err != nil {
return err
}
return nil
}
// resolveCredentialProvider extracts the first instance of Credentials from the
// config slices.
//
// The resolved CredentialProvider will be wrapped in a cache to ensure the
// credentials are only refreshed when needed. This also protects the
// credential provider to be used concurrently.
//
// Config providers used:
// * credentialsProviderProvider
func resolveCredentialProvider(ctx context.Context, cfg *aws.Config, configs configs) (bool, error) {
credProvider, found, err := getCredentialsProvider(ctx, configs)
if err != nil {
return false, err
}
if !found {
return false, nil
}
cfg.Credentials, err = wrapWithCredentialsCache(ctx, configs, credProvider)
if err != nil {
return false, err
}
return true, nil
}
// resolveCredentialChain resolves a credential provider chain using EnvConfig
// and SharedConfig if present in the slice of provided configs.
//
// The resolved CredentialProvider will be wrapped in a cache to ensure the
// credentials are only refreshed when needed. This also protects the
// credential provider to be used concurrently.
func resolveCredentialChain(ctx context.Context, cfg *aws.Config, configs configs) (err error) {
envConfig, sharedConfig, other := getAWSConfigSources(configs)
// When checking if a profile was specified programmatically we should only consider the "other"
// configuration sources that have been provided. This ensures we correctly honor the expected credential
// hierarchy.
_, sharedProfileSet, err := getSharedConfigProfile(ctx, other)
if err != nil {
return err
}
switch {
case sharedProfileSet:
err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig, other)
case envConfig.Credentials.HasKeys():
cfg.Credentials = credentials.StaticCredentialsProvider{Value: envConfig.Credentials}
case len(envConfig.WebIdentityTokenFilePath) > 0:
err = assumeWebIdentity(ctx, cfg, envConfig.WebIdentityTokenFilePath, envConfig.RoleARN, envConfig.RoleSessionName, configs)
default:
err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig, other)
}
if err != nil {
return err
}
// Wrap the resolved provider in a cache so the SDK will cache credentials.
cfg.Credentials, err = wrapWithCredentialsCache(ctx, configs, cfg.Credentials)
if err != nil {
return err
}
return nil
}
func resolveCredsFromProfile(ctx context.Context, cfg *aws.Config, envConfig *EnvConfig, sharedConfig *SharedConfig, configs configs) (err error) {
switch {
case sharedConfig.Source != nil:
// Assume IAM role with credentials source from a different profile.
err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig.Source, configs)
case sharedConfig.Credentials.HasKeys():
// Static Credentials from Shared Config/Credentials file.
cfg.Credentials = credentials.StaticCredentialsProvider{
Value: sharedConfig.Credentials,
}
case len(sharedConfig.CredentialSource) != 0:
err = resolveCredsFromSource(ctx, cfg, envConfig, sharedConfig, configs)
case len(sharedConfig.WebIdentityTokenFile) != 0:
// Credentials from Assume Web Identity token require an IAM Role, and
// that roll will be assumed. May be wrapped with another assume role
// via SourceProfile.
return assumeWebIdentity(ctx, cfg, sharedConfig.WebIdentityTokenFile, sharedConfig.RoleARN, sharedConfig.RoleSessionName, configs)
case sharedConfig.hasSSOConfiguration():
err = resolveSSOCredentials(ctx, cfg, sharedConfig, configs)
case len(sharedConfig.CredentialProcess) != 0:
// Get credentials from CredentialProcess
err = processCredentials(ctx, cfg, sharedConfig, configs)
case len(envConfig.ContainerCredentialsEndpoint) != 0:
err = resolveLocalHTTPCredProvider(ctx, cfg, envConfig.ContainerCredentialsEndpoint, envConfig.ContainerAuthorizationToken, configs)
case len(envConfig.ContainerCredentialsRelativePath) != 0:
err = resolveHTTPCredProvider(ctx, cfg, ecsContainerURI(envConfig.ContainerCredentialsRelativePath), envConfig.ContainerAuthorizationToken, configs)
default:
err = resolveEC2RoleCredentials(ctx, cfg, configs)
}
if err != nil {
return err
}
if len(sharedConfig.RoleARN) > 0 {
return credsFromAssumeRole(ctx, cfg, sharedConfig, configs)
}
return nil
}
func resolveSSOCredentials(ctx context.Context, cfg *aws.Config, sharedConfig *SharedConfig, configs configs) error {
if err := sharedConfig.validateSSOConfiguration(); err != nil {
return err
}
var options []func(*ssocreds.Options)
v, found, err := getSSOProviderOptions(ctx, configs)
if err != nil {
return err
}
if found {
options = append(options, v)
}
cfgCopy := cfg.Copy()
cfgCopy.Region = sharedConfig.SSORegion
cfg.Credentials = ssocreds.New(sso.NewFromConfig(cfgCopy), sharedConfig.SSOAccountID, sharedConfig.SSORoleName, sharedConfig.SSOStartURL, options...)
return nil
}
func ecsContainerURI(path string) string {
return fmt.Sprintf("%s%s", ecsContainerEndpoint, path)
}
func processCredentials(ctx context.Context, cfg *aws.Config, sharedConfig *SharedConfig, configs configs) error {
var opts []func(*processcreds.Options)
options, found, err := getProcessCredentialOptions(ctx, configs)
if err != nil {
return err
}
if found {
opts = append(opts, options)
}
cfg.Credentials = processcreds.NewProvider(sharedConfig.CredentialProcess, opts...)
return nil
}
func resolveLocalHTTPCredProvider(ctx context.Context, cfg *aws.Config, endpointURL, authToken string, configs configs) error {
var resolveErr error
parsed, err := url.Parse(endpointURL)
if err != nil {
resolveErr = fmt.Errorf("invalid URL, %w", err)
} else {
host := parsed.Hostname()
if len(host) == 0 {
resolveErr = fmt.Errorf("unable to parse host from local HTTP cred provider URL")
} else if isLoopback, loopbackErr := isLoopbackHost(host); loopbackErr != nil {
resolveErr = fmt.Errorf("failed to resolve host %q, %v", host, loopbackErr)
} else if !isLoopback {
resolveErr = fmt.Errorf("invalid endpoint host, %q, only loopback hosts are allowed", host)
}
}
if resolveErr != nil {
return resolveErr
}
return resolveHTTPCredProvider(ctx, cfg, endpointURL, authToken, configs)
}
func resolveHTTPCredProvider(ctx context.Context, cfg *aws.Config, url, authToken string, configs configs) error {
optFns := []func(*endpointcreds.Options){
func(options *endpointcreds.Options) {
if len(authToken) != 0 {
options.AuthorizationToken = authToken
}
options.APIOptions = cfg.APIOptions
if cfg.Retryer != nil {
options.Retryer = cfg.Retryer()
}
},
}
optFn, found, err := getEndpointCredentialProviderOptions(ctx, configs)
if err != nil {
return err
}
if found {
optFns = append(optFns, optFn)
}
provider := endpointcreds.New(url, optFns...)
cfg.Credentials, err = wrapWithCredentialsCache(ctx, configs, provider, func(options *aws.CredentialsCacheOptions) {
options.ExpiryWindow = 5 * time.Minute
})
if err != nil {
return err
}
return nil
}
func resolveCredsFromSource(ctx context.Context, cfg *aws.Config, envConfig *EnvConfig, sharedCfg *SharedConfig, configs configs) (err error) {
switch sharedCfg.CredentialSource {
case credSourceEc2Metadata:
return resolveEC2RoleCredentials(ctx, cfg, configs)
case credSourceEnvironment:
cfg.Credentials = credentials.StaticCredentialsProvider{Value: envConfig.Credentials}
case credSourceECSContainer:
if len(envConfig.ContainerCredentialsRelativePath) == 0 {
return fmt.Errorf("EcsContainer was specified as the credential_source, but 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' was not set")
}
return resolveHTTPCredProvider(ctx, cfg, ecsContainerURI(envConfig.ContainerCredentialsRelativePath), envConfig.ContainerAuthorizationToken, configs)
default:
return fmt.Errorf("credential_source values must be EcsContainer, Ec2InstanceMetadata, or Environment")
}
return nil
}
func resolveEC2RoleCredentials(ctx context.Context, cfg *aws.Config, configs configs) error {
optFns := make([]func(*ec2rolecreds.Options), 0, 2)
optFn, found, err := getEC2RoleCredentialProviderOptions(ctx, configs)
if err != nil {
return err
}
if found {
optFns = append(optFns, optFn)
}
optFns = append(optFns, func(o *ec2rolecreds.Options) {
// Only define a client from config if not already defined.
if o.Client == nil {
o.Client = imds.NewFromConfig(*cfg)
}
})
provider := ec2rolecreds.New(optFns...)
cfg.Credentials, err = wrapWithCredentialsCache(ctx, configs, provider)
if err != nil {
return err
}
return nil
}
func getAWSConfigSources(cfgs configs) (*EnvConfig, *SharedConfig, configs) {
var (
envConfig *EnvConfig
sharedConfig *SharedConfig
other configs
)
for i := range cfgs {
switch c := cfgs[i].(type) {
case EnvConfig:
if envConfig == nil {
envConfig = &c
}
case *EnvConfig:
if envConfig == nil {
envConfig = c
}
case SharedConfig:
if sharedConfig == nil {
sharedConfig = &c
}
case *SharedConfig:
if envConfig == nil {
sharedConfig = c
}
default:
other = append(other, c)
}
}
if envConfig == nil {
envConfig = &EnvConfig{}
}
if sharedConfig == nil {
sharedConfig = &SharedConfig{}
}
return envConfig, sharedConfig, other
}
// AssumeRoleTokenProviderNotSetError is an error returned when creating a
// session when the MFAToken option is not set when shared config is configured
// load assume a role with an MFA token.
type AssumeRoleTokenProviderNotSetError struct{}
// Error is the error message
func (e AssumeRoleTokenProviderNotSetError) Error() string {
return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.")
}
func assumeWebIdentity(ctx context.Context, cfg *aws.Config, filepath string, roleARN, sessionName string, configs configs) error {
if len(filepath) == 0 {
return fmt.Errorf("token file path is not set")
}
if len(roleARN) == 0 {
return fmt.Errorf("role ARN is not set")
}
optFns := []func(*stscreds.WebIdentityRoleOptions){
func(options *stscreds.WebIdentityRoleOptions) {
options.RoleSessionName = sessionName
},
}
optFn, found, err := getWebIdentityCredentialProviderOptions(ctx, configs)
if err != nil {
return err
}
if found {
optFns = append(optFns, optFn)
}
provider := stscreds.NewWebIdentityRoleProvider(sts.NewFromConfig(*cfg), roleARN, stscreds.IdentityTokenFile(filepath), optFns...)
cfg.Credentials = provider
return nil
}
func credsFromAssumeRole(ctx context.Context, cfg *aws.Config, sharedCfg *SharedConfig, configs configs) (err error) {
optFns := []func(*stscreds.AssumeRoleOptions){
func(options *stscreds.AssumeRoleOptions) {
options.RoleSessionName = sharedCfg.RoleSessionName
if sharedCfg.RoleDurationSeconds != nil {
if *sharedCfg.RoleDurationSeconds/time.Minute > 15 {
options.Duration = *sharedCfg.RoleDurationSeconds
}
}
// Assume role with external ID
if len(sharedCfg.ExternalID) > 0 {
options.ExternalID = aws.String(sharedCfg.ExternalID)
}
// Assume role with MFA
if len(sharedCfg.MFASerial) != 0 {
options.SerialNumber = aws.String(sharedCfg.MFASerial)
}
},
}
optFn, found, err := getAssumeRoleCredentialProviderOptions(ctx, configs)
if err != nil {
return err
}
if found {
optFns = append(optFns, optFn)
}
{
// Synthesize options early to validate configuration errors sooner to ensure a token provider
// is present if the SerialNumber was set.
var o stscreds.AssumeRoleOptions
for _, fn := range optFns {
fn(&o)
}
if o.TokenProvider == nil && o.SerialNumber != nil {
return AssumeRoleTokenProviderNotSetError{}
}
}
cfg.Credentials = stscreds.NewAssumeRoleProvider(sts.NewFromConfig(*cfg), sharedCfg.RoleARN, optFns...)
return nil
}
// wrapWithCredentialsCache will wrap provider with an aws.CredentialsCache
// with the provided options if the provider is not already a
// aws.CredentialsCache.
func wrapWithCredentialsCache(
ctx context.Context,
cfgs configs,
provider aws.CredentialsProvider,
optFns ...func(options *aws.CredentialsCacheOptions),
) (aws.CredentialsProvider, error) {
_, ok := provider.(*aws.CredentialsCache)
if ok {
return provider, nil
}
credCacheOptions, found, err := getCredentialsCacheOptionsProvider(ctx, cfgs)
if err != nil {
return nil, err
}
// force allocation of a new slice if the additional options are
// needed, to prevent overwriting the passed in slice of options.
optFns = optFns[:len(optFns):len(optFns)]
if found {
optFns = append(optFns, credCacheOptions)
}
return aws.NewCredentialsCache(provider, optFns...), nil
}

File diff suppressed because it is too large Load Diff