diff --git a/include/aws/auth/credentials.h b/include/aws/auth/credentials.h index 239cf73a..5ba5582e 100644 --- a/include/aws/auth/credentials.h +++ b/include/aws/auth/credentials.h @@ -226,31 +226,9 @@ struct aws_credentials_provider_imds_options { }; /* - * Configuration options for the provider that sources credentials from ECS container metadata - * - * ECS creds provider can be used to access creds via either - * relative uri to a fixed endpoint http://169.254.170.2, - * or via a full uri specified by environment variables: - * AWS_CONTAINER_CREDENTIALS_RELATIVE_URI - * AWS_CONTAINER_CREDENTIALS_FULL_URI - * - * If both relative uri and absolute uri are set, relative uri - * has higher priority. - * - * Currently, the ECS creds provider doesn't read those environment variables and requires host & path_and_query - * TODO: Support AWS_CONTAINER_CREDENTIALS_RELATIVE_URI and AWS_CONTAINER_CREDENTIALS_FULL_URI - * parameters. - * - * For the Authorization token, there are three ways (in order of priority). - * 1. auth_token parameter - * 2. AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE (env var which contains absolute path to the token file. The file will be - * re-read for each call to get credentials.) - * 3. AWS_CONTAINER_AUTHORIZATION_TOKEN (env var which contains static auth token) - * - * While above information is used in request only, endpoint info - * is needed when creating ecs provider to initiate the connection - * manager, more specifically, host and http scheme (tls or not) - * from endpoint are needed. + * Configuration options for the provider that sources credentials from ECS container metadata. + * This options struct doesn't read anything from the environment and requires everything to be explicitly passed in. If + * you need to read properties from the environment, use the `aws_credentials_provider_ecs_environment_options`. */ struct aws_credentials_provider_ecs_options { struct aws_credentials_provider_shutdown_options shutdown_options; @@ -270,17 +248,19 @@ struct aws_credentials_provider_ecs_options { */ struct aws_byte_cursor path_and_query; - /* - * Authorization token to include in the credentials query - */ - struct aws_byte_cursor auth_token; - /* * Authorization token file path to include in the credentials query. The file will be re-read for each call to * get_credentials. + * This has higher priority than `auth_token`. */ struct aws_byte_cursor auth_token_file_path; + /* + * Authorization token to include in the credentials query. + * No effect if `auth_token_file_path` is set. + */ + struct aws_byte_cursor auth_token; + /* * Client TLS context to use when making query. * If set, port 443 is used. If NULL, port 80 is used. @@ -296,6 +276,19 @@ struct aws_credentials_provider_ecs_options { uint32_t port; }; +/* + * Configuration options for the provider that sources credentials from ECS container metadata. + * The ECS creds provider can be used to access creds via either a relative URI to a fixed endpoint + * (http://169.254.170.2) or via a full URI specified by environment variables (in order of priority): + * AWS_CONTAINER_CREDENTIALS_RELATIVE_URI + * AWS_CONTAINER_CREDENTIALS_FULL_URI + * + * For the Authorization token, there are two ways (in order of priority): + * 1. AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE (an env var which contains the absolute path to the token file. The file + * will be re-read for each call to get credentials.) + * 2. AWS_CONTAINER_AUTHORIZATION_TOKEN (an env var that contains a static auth token) + */ + struct aws_credentials_provider_ecs_environment_options { struct aws_credentials_provider_shutdown_options shutdown_options;