-
Notifications
You must be signed in to change notification settings - Fork 0
/
CredentialsCacherProvider.go
89 lines (72 loc) · 1.99 KB
/
CredentialsCacherProvider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package main
import (
"encoding/json"
"github.com/aws/aws-sdk-go/aws/credentials"
"io/ioutil"
"os"
"path/filepath"
"time"
)
type CredentialsCacher interface {
Store(c *CacheableCredentials) error
ExpirationTime() time.Time
}
type CacheableCredentials struct {
AccessKeyId string
SecretAccessKey string
SessionToken string
Expiration int64
}
type CachedCredentials struct {
Credentials CacheableCredentials
}
type CredentialsCacherProvider struct {
CacheFilename string
credentials.Expiry
CachedCredentials
}
func (p *CredentialsCacherProvider) Store(c *CacheableCredentials) error {
data, err := json.Marshal(CachedCredentials{Credentials: *c})
if err != nil {
return err
}
err = os.MkdirAll(filepath.Dir(p.CacheFilename), 0750)
if err != nil {
return err
}
err = ioutil.WriteFile(p.CacheFilename, data, 0600)
if err != nil {
return err
}
return nil
}
func (p *CredentialsCacherProvider) ExpirationTime() time.Time {
return time.Unix(p.Credentials.Expiration, 0)
}
func (p *CredentialsCacherProvider) Retrieve() (credentials.Value, error) {
val := credentials.Value{ProviderName: "CredentialsCacherProvider"}
data, err := ioutil.ReadFile(p.CacheFilename)
if err != nil {
return val, err
}
err = json.Unmarshal(data, &p.CachedCredentials)
if err != nil {
return val, err
}
val.AccessKeyID = p.Credentials.AccessKeyId
val.SecretAccessKey = p.Credentials.SecretAccessKey
val.SessionToken = p.Credentials.SessionToken
exp_t := p.ExpirationTime()
// Flag credentials to refresh after ~90% of the actual expiration time (6 minutes for default/max
// credential lifetime of 1h, 90 seconds for minimum credential lifetime of 15m), using the ModTime()
// of the credential cache file as the anchor for the calculation
cache_s, err := os.Stat(p.CacheFilename)
if err == nil {
window := exp_t.Sub(cache_s.ModTime()) / 10
p.Expiry.SetExpiration(exp_t, window)
}
return val, nil
}
func (p *CredentialsCacherProvider) IsExpired() bool {
return p.Expiry.IsExpired()
}