creds: Add Expiration value (#1936)

Export expiration of the credentials, if any. Zero time means no
expiration.

pkg/credentials/assume_role.go

@@ -237,6 +237,7 @@ func (m *STSAssumeRole) Retrieve() (Value, error) {
 		AccessKeyID:     a.Result.Credentials.AccessKey,
 		SecretAccessKey: a.Result.Credentials.SecretKey,
 		SessionToken:    a.Result.Credentials.SessionToken,
+		Expiration:      a.Result.Credentials.Expiration,
 		SignerType:      SignatureV4,
 	}, nil
 }

pkg/credentials/credentials.go

@@ -30,17 +30,20 @@ const (
 	defaultExpiryWindow = 0.8
 )
 
-// A Value is the AWS credentials value for individual credential fields.
+// A Value is the S3 credentials value for individual credential fields.
 type Value struct {
-	// AWS Access key ID
+	// S3 Access key ID
 	AccessKeyID string
 
-	// AWS Secret Access Key
+	// S3 Secret Access Key
 	SecretAccessKey string
 
-	// AWS Session Token
+	// S3 Session Token
 	SessionToken string
 
+	// Expiration of this credentials - null means no expiration associated
+	Expiration time.Time
+
 	// Signature Type.
 	SignerType SignatureType
 }

pkg/credentials/file_aws_credentials.go

@@ -129,6 +129,7 @@ func (p *FileAWSCredentials) Retrieve() (Value, error) {
 			AccessKeyID:     externalProcessCredentials.AccessKeyID,
 			SecretAccessKey: externalProcessCredentials.SecretAccessKey,
 			SessionToken:    externalProcessCredentials.SessionToken,
+			Expiration:      externalProcessCredentials.Expiration,
 			SignerType:      SignatureV4,
 		}, nil
 	}

pkg/credentials/iam_aws.go

@@ -209,6 +209,7 @@ func (m *IAM) Retrieve() (Value, error) {
 		AccessKeyID:     roleCreds.AccessKeyID,
 		SecretAccessKey: roleCreds.SecretAccessKey,
 		SessionToken:    roleCreds.Token,
+		Expiration:      roleCreds.Expiration,
 		SignerType:      SignatureV4,
 	}, nil
 }

pkg/credentials/sts_client_grants.go

@@ -177,6 +177,7 @@ func (m *STSClientGrants) Retrieve() (Value, error) {
 		AccessKeyID:     a.Result.Credentials.AccessKey,
 		SecretAccessKey: a.Result.Credentials.SecretKey,
 		SessionToken:    a.Result.Credentials.SessionToken,
+		Expiration:      a.Result.Credentials.Expiration,
 		SignerType:      SignatureV4,
 	}, nil
 }

pkg/credentials/sts_custom_identity.go

@@ -113,6 +113,7 @@ func (c *CustomTokenIdentity) Retrieve() (value Value, err error) {
 		AccessKeyID:     cr.AccessKey,
 		SecretAccessKey: cr.SecretKey,
 		SessionToken:    cr.SessionToken,
+		Expiration:      cr.Expiration,
 		SignerType:      SignatureV4,
 	}, nil
 }

pkg/credentials/sts_ldap_identity.go

@@ -184,6 +184,7 @@ func (k *LDAPIdentity) Retrieve() (value Value, err error) {
 		AccessKeyID:     cr.AccessKey,
 		SecretAccessKey: cr.SecretKey,
 		SessionToken:    cr.SessionToken,
+		Expiration:      cr.Expiration,
 		SignerType:      SignatureV4,
 	}, nil
 }

pkg/credentials/sts_tls_identity.go

@@ -188,6 +188,7 @@ func (i *STSCertificateIdentity) Retrieve() (Value, error) {
 		AccessKeyID:     response.Result.Credentials.AccessKey,
 		SecretAccessKey: response.Result.Credentials.SecretKey,
 		SessionToken:    response.Result.Credentials.SessionToken,
+		Expiration:      response.Result.Credentials.Expiration,
 		SignerType:      SignatureDefault,
 	}, nil
 }

pkg/credentials/sts_web_identity.go

@@ -195,6 +195,7 @@ func (m *STSWebIdentity) Retrieve() (Value, error) {
 		AccessKeyID:     a.Result.Credentials.AccessKey,
 		SecretAccessKey: a.Result.Credentials.SecretKey,
 		SessionToken:    a.Result.Credentials.SessionToken,
+		Expiration:      a.Result.Credentials.Expiration,
 		SignerType:      SignatureV4,
 	}, nil
 }