From 42ac5f4b9e79fb3a7af479863f120a3d457bdf7f Mon Sep 17 00:00:00 2001 From: Anis Eleuch Date: Fri, 16 Feb 2024 18:52:09 +0100 Subject: [PATCH] creds: Add Expiration value (#1936) Export expiration of the credentials, if any. Zero time means no expiration. --- pkg/credentials/assume_role.go | 1 + pkg/credentials/credentials.go | 11 +++++++---- pkg/credentials/file_aws_credentials.go | 1 + pkg/credentials/iam_aws.go | 1 + pkg/credentials/sts_client_grants.go | 1 + pkg/credentials/sts_custom_identity.go | 1 + pkg/credentials/sts_ldap_identity.go | 1 + pkg/credentials/sts_tls_identity.go | 1 + pkg/credentials/sts_web_identity.go | 1 + 9 files changed, 15 insertions(+), 4 deletions(-) diff --git a/pkg/credentials/assume_role.go b/pkg/credentials/assume_role.go index 800c4a294..d245bc07a 100644 --- a/pkg/credentials/assume_role.go +++ b/pkg/credentials/assume_role.go @@ -237,6 +237,7 @@ func (m *STSAssumeRole) Retrieve() (Value, error) { AccessKeyID: a.Result.Credentials.AccessKey, SecretAccessKey: a.Result.Credentials.SecretKey, SessionToken: a.Result.Credentials.SessionToken, + Expiration: a.Result.Credentials.Expiration, SignerType: SignatureV4, }, nil } diff --git a/pkg/credentials/credentials.go b/pkg/credentials/credentials.go index af6104967..68f9b3815 100644 --- a/pkg/credentials/credentials.go +++ b/pkg/credentials/credentials.go @@ -30,17 +30,20 @@ const ( defaultExpiryWindow = 0.8 ) -// A Value is the AWS credentials value for individual credential fields. +// A Value is the S3 credentials value for individual credential fields. type Value struct { - // AWS Access key ID + // S3 Access key ID AccessKeyID string - // AWS Secret Access Key + // S3 Secret Access Key SecretAccessKey string - // AWS Session Token + // S3 Session Token SessionToken string + // Expiration of this credentials - null means no expiration associated + Expiration time.Time + // Signature Type. SignerType SignatureType } diff --git a/pkg/credentials/file_aws_credentials.go b/pkg/credentials/file_aws_credentials.go index 5b073763e..8c5c4eb2d 100644 --- a/pkg/credentials/file_aws_credentials.go +++ b/pkg/credentials/file_aws_credentials.go @@ -129,6 +129,7 @@ func (p *FileAWSCredentials) Retrieve() (Value, error) { AccessKeyID: externalProcessCredentials.AccessKeyID, SecretAccessKey: externalProcessCredentials.SecretAccessKey, SessionToken: externalProcessCredentials.SessionToken, + Expiration: externalProcessCredentials.Expiration, SignerType: SignatureV4, }, nil } diff --git a/pkg/credentials/iam_aws.go b/pkg/credentials/iam_aws.go index c5153c4ca..90d075ab1 100644 --- a/pkg/credentials/iam_aws.go +++ b/pkg/credentials/iam_aws.go @@ -209,6 +209,7 @@ func (m *IAM) Retrieve() (Value, error) { AccessKeyID: roleCreds.AccessKeyID, SecretAccessKey: roleCreds.SecretAccessKey, SessionToken: roleCreds.Token, + Expiration: roleCreds.Expiration, SignerType: SignatureV4, }, nil } diff --git a/pkg/credentials/sts_client_grants.go b/pkg/credentials/sts_client_grants.go index 9e92c1e0f..62bfbb6b0 100644 --- a/pkg/credentials/sts_client_grants.go +++ b/pkg/credentials/sts_client_grants.go @@ -177,6 +177,7 @@ func (m *STSClientGrants) Retrieve() (Value, error) { AccessKeyID: a.Result.Credentials.AccessKey, SecretAccessKey: a.Result.Credentials.SecretKey, SessionToken: a.Result.Credentials.SessionToken, + Expiration: a.Result.Credentials.Expiration, SignerType: SignatureV4, }, nil } diff --git a/pkg/credentials/sts_custom_identity.go b/pkg/credentials/sts_custom_identity.go index e1f9ce4be..75e1a77d3 100644 --- a/pkg/credentials/sts_custom_identity.go +++ b/pkg/credentials/sts_custom_identity.go @@ -113,6 +113,7 @@ func (c *CustomTokenIdentity) Retrieve() (value Value, err error) { AccessKeyID: cr.AccessKey, SecretAccessKey: cr.SecretKey, SessionToken: cr.SessionToken, + Expiration: cr.Expiration, SignerType: SignatureV4, }, nil } diff --git a/pkg/credentials/sts_ldap_identity.go b/pkg/credentials/sts_ldap_identity.go index ec5f3f097..b8df289f2 100644 --- a/pkg/credentials/sts_ldap_identity.go +++ b/pkg/credentials/sts_ldap_identity.go @@ -184,6 +184,7 @@ func (k *LDAPIdentity) Retrieve() (value Value, err error) { AccessKeyID: cr.AccessKey, SecretAccessKey: cr.SecretKey, SessionToken: cr.SessionToken, + Expiration: cr.Expiration, SignerType: SignatureV4, }, nil } diff --git a/pkg/credentials/sts_tls_identity.go b/pkg/credentials/sts_tls_identity.go index dee0a8cbb..10083502d 100644 --- a/pkg/credentials/sts_tls_identity.go +++ b/pkg/credentials/sts_tls_identity.go @@ -188,6 +188,7 @@ func (i *STSCertificateIdentity) Retrieve() (Value, error) { AccessKeyID: response.Result.Credentials.AccessKey, SecretAccessKey: response.Result.Credentials.SecretKey, SessionToken: response.Result.Credentials.SessionToken, + Expiration: response.Result.Credentials.Expiration, SignerType: SignatureDefault, }, nil } diff --git a/pkg/credentials/sts_web_identity.go b/pkg/credentials/sts_web_identity.go index 2e2af50b4..596d95152 100644 --- a/pkg/credentials/sts_web_identity.go +++ b/pkg/credentials/sts_web_identity.go @@ -195,6 +195,7 @@ func (m *STSWebIdentity) Retrieve() (Value, error) { AccessKeyID: a.Result.Credentials.AccessKey, SecretAccessKey: a.Result.Credentials.SecretKey, SessionToken: a.Result.Credentials.SessionToken, + Expiration: a.Result.Credentials.Expiration, SignerType: SignatureV4, }, nil }