Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ExpiryWindow and ExpiryWindowJitterFrac to CredentialsCache #946

Merged
merged 5 commits into from
Dec 7, 2020
Merged

Add ExpiryWindow and ExpiryWindowJitterFrac to CredentialsCache #946

merged 5 commits into from
Dec 7, 2020

Conversation

skmcgrail
Copy link
Member

@skmcgrail skmcgrail commented Dec 3, 2020
edited
Loading

Refactors the credential providers to remove ExpiryWindow behavior to the CredentialsCache. Adds a ExpiryWindowJitterFrac capability to the CredentialsCache to support the addition of jitter the configured refresh window.

Fixes: #940

@skmcgrail skmcgrail requested a review from jasdel December 3, 2020 17:21
jasdel
jasdel suggested changes Dec 3, 2020
View reviewed changes
aws/credential_cache.go Outdated Show resolved Hide resolved
aws/credential_cache.go Outdated Show resolved Hide resolved
aws/credential_cache.go Show resolved Hide resolved
@skmcgrail skmcgrail requested a review from jasdel December 4, 2020 22:59
@skmcgrail skmcgrail mentioned this pull request Dec 4, 2020
Closed
@skmcgrail skmcgrail merged commit 734d12f into aws:master Dec 7, 2020
@skmcgrail skmcgrail deleted the expireJItterCache branch December 7, 2020 23:00
@dependabot dependabot bot mentioned this pull request Mar 14, 2021
Closed
@innovia
Copy link

innovia commented May 14, 2021

@skmcgrail

i'm having a super hard time, trying to get this to work, with this new change

https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/credentials/stscreds#hdr-Assume_Role

can you please share here an example of how to assume role with the service client?

@skotambkar
Copy link
Contributor

Hi @innovia, could you describe the issue are you facing?

Our migration guide has an example on how to assume a role. Please take a look - https://aws.github.io/aws-sdk-go-v2/docs/migrating/#assumerole .

@innovia
Copy link

innovia commented May 16, 2021

@skmcgrail thanks for the link,

I am using okta was and have different roles to assume per environment, I'm gonna try the link you referenced

@innovia
Copy link

innovia commented May 17, 2021

@skmcgrail I couldn't get it to work from the docs, they are very unclear...

this code (which i found by digging into github open source codes) works but is undocumented

if assumeRoleArn != "" {
    stsClient := sts.Client(t)
    creds := stscreds.NewAssumeRoleProvider(stsClient, assumeRoleArn)
    awsConfig.Credentials = creds
  }

  client := ec2.NewFromConfig(awsConfig)

but according to the doc this code should be used. but its unclear:

  if assumeRoleArn != "" {
    stsClient := sts.Client(t)
    creds := stscreds.NewAssumeRoleProvider(stsClient, assumeRoleArn)
    value, crErr := creds.Retrieve(ctx)
    if crErr != nil {
      return nil, fmt.Errorf("error retrieving credentials from sts: %+v", crErr)
    }
    awsConfig.Credentials = value
  }

it's very confusing because if I check the type of awsConfig.Credentials it's CredentialsProvider which is an interface to Retrieve but the result is this error that takes me in circles

cannot use value (type aws.Credentials) as type aws.CredentialsProvider

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasdel jasdel jasdel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

credentials/ec2rolecreds: New should not require an explict Options value to be passed to the function.
4 participants
@skmcgrail @innovia @skotambkar @jasdel