-
Notifications
You must be signed in to change notification settings - Fork 13
/
credentials.go
56 lines (50 loc) · 1.47 KB
/
credentials.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
package aws
import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/client"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/session"
)
type CredentialConfig struct {
Region string
AccessKey string
SecretKey string
RoleARN string
Profile string
Filename string
Token string
EndpointURL string
}
func (c *CredentialConfig) Credentials() (client.ConfigProvider, error) {
if c.RoleARN != "" {
return c.assumeCredentials()
}
return c.rootCredentials()
}
func (c *CredentialConfig) rootCredentials() (client.ConfigProvider, error) {
config := &aws.Config{
Region: aws.String(c.Region),
}
if c.EndpointURL != "" {
config.Endpoint = &c.EndpointURL
}
if c.AccessKey != "" || c.SecretKey != "" {
config.Credentials = credentials.NewStaticCredentials(c.AccessKey, c.SecretKey, c.Token)
} else if c.Profile != "" || c.Filename != "" {
config.Credentials = credentials.NewSharedCredentials(c.Filename, c.Profile)
}
return session.NewSession(config) //nolint:wrapcheck
}
func (c *CredentialConfig) assumeCredentials() (client.ConfigProvider, error) {
rootCredentials, err := c.rootCredentials()
if err != nil {
return nil, err
}
config := &aws.Config{
Region: aws.String(c.Region),
Endpoint: &c.EndpointURL,
}
config.Credentials = stscreds.NewCredentials(rootCredentials, c.RoleARN)
return session.NewSession(config) //nolint:wrapcheck
}