// Retrieve generates a new set of temporary credentials using STS. func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) { // Apply defaults where parameters are not set. if p.Client == nil { p.Client = sts.New(nil) } if p.RoleSessionName == "" { // Try to work out a role name that will hopefully end up unique. p.RoleSessionName = fmt.Sprintf("%d", time.Now().UTC().UnixNano()) } if p.Duration == 0 { // Expire as often as AWS permits. p.Duration = 15 * time.Minute } roleOutput, err := p.Client.AssumeRole(&sts.AssumeRoleInput{ DurationSeconds: aws.Int64(int64(p.Duration / time.Second)), RoleArn: aws.String(p.RoleARN), RoleSessionName: aws.String(p.RoleSessionName), ExternalId: p.ExternalID, }) if err != nil { return credentials.Value{}, err } // We will proactively generate new credentials before they expire. p.SetExpiration(*roleOutput.Credentials.Expiration, p.ExpiryWindow) return credentials.Value{ AccessKeyID: *roleOutput.Credentials.AccessKeyId, SecretAccessKey: *roleOutput.Credentials.SecretAccessKey, SessionToken: *roleOutput.Credentials.SessionToken, }, nil }
// A response where every record in the given input is a success. func successfulResponse(input *kinesis.PutRecordsInput) (*kinesis.PutRecordsOutput, error) { records := make([]*kinesis.PutRecordsResultEntry, len(input.Records)) for i := range input.Records { records[i] = &kinesis.PutRecordsResultEntry{ SequenceNumber: aws.String("sequence_number"), ShardId: aws.String("an_shard"), } } output := &kinesis.PutRecordsOutput{ FailedRecordCount: aws.Int64(0), Records: records, } return output, nil }
// NOTE: calls are totally synchronized for sanity func (s *StubClient) GetRecords(input *kinesis.GetRecordsInput) (*kinesis.GetRecordsOutput, error) { s.Lock() defer s.Unlock() var nextIterator *string nextRecord := s.getNextRecord(*input.ShardIterator) if nextRecord != "" { nextIterator = input.ShardIterator } output := &kinesis.GetRecordsOutput{ MillisBehindLatest: aws.Int64(123), NextShardIterator: nextIterator, Records: makeRecords(nextRecord), } return output, nil }
// Return an output response with the given error codes. Blank strings imply // that a message was not an error. func outputWithErrors(codes ...string) *kinesis.PutRecordsOutput { resultEntries := make([]*kinesis.PutRecordsResultEntry, len(codes)) errorCount := 0 for i, code := range codes { resultEntries[i] = &kinesis.PutRecordsResultEntry{ ErrorCode: aws.String(code), } if code != "" { errorCount++ } } return &kinesis.PutRecordsOutput{ FailedRecordCount: aws.Int64(int64(errorCount)), Records: resultEntries, } }