예제 #1
0
// Retrieve generates a new set of temporary credentials using STS.
func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {

	// Apply defaults where parameters are not set.
	if p.Client == nil {
		p.Client = sts.New(nil)
	}
	if p.RoleSessionName == "" {
		// Try to work out a role name that will hopefully end up unique.
		p.RoleSessionName = fmt.Sprintf("%d", time.Now().UTC().UnixNano())
	}
	if p.Duration == 0 {
		// Expire as often as AWS permits.
		p.Duration = 15 * time.Minute
	}

	roleOutput, err := p.Client.AssumeRole(&sts.AssumeRoleInput{
		DurationSeconds: aws.Int64(int64(p.Duration / time.Second)),
		RoleArn:         aws.String(p.RoleARN),
		RoleSessionName: aws.String(p.RoleSessionName),
		ExternalId:      p.ExternalID,
	})

	if err != nil {
		return credentials.Value{}, err
	}

	// We will proactively generate new credentials before they expire.
	p.SetExpiration(*roleOutput.Credentials.Expiration, p.ExpiryWindow)

	return credentials.Value{
		AccessKeyID:     *roleOutput.Credentials.AccessKeyId,
		SecretAccessKey: *roleOutput.Credentials.SecretAccessKey,
		SessionToken:    *roleOutput.Credentials.SessionToken,
	}, nil
}
예제 #2
0
// A response where every record in the given input is a success.
func successfulResponse(input *kinesis.PutRecordsInput) (*kinesis.PutRecordsOutput, error) {
	records := make([]*kinesis.PutRecordsResultEntry, len(input.Records))
	for i := range input.Records {
		records[i] = &kinesis.PutRecordsResultEntry{
			SequenceNumber: aws.String("sequence_number"),
			ShardId:        aws.String("an_shard"),
		}
	}
	output := &kinesis.PutRecordsOutput{
		FailedRecordCount: aws.Int64(0),
		Records:           records,
	}
	return output, nil
}
예제 #3
0
// NOTE: calls are totally synchronized for sanity
func (s *StubClient) GetRecords(input *kinesis.GetRecordsInput) (*kinesis.GetRecordsOutput, error) {
	s.Lock()
	defer s.Unlock()

	var nextIterator *string
	nextRecord := s.getNextRecord(*input.ShardIterator)
	if nextRecord != "" {
		nextIterator = input.ShardIterator
	}

	output := &kinesis.GetRecordsOutput{
		MillisBehindLatest: aws.Int64(123),
		NextShardIterator:  nextIterator,
		Records:            makeRecords(nextRecord),
	}

	return output, nil
}
예제 #4
0
// Return an output response with the given error codes. Blank strings imply
// that a message was not an error.
func outputWithErrors(codes ...string) *kinesis.PutRecordsOutput {
	resultEntries := make([]*kinesis.PutRecordsResultEntry, len(codes))

	errorCount := 0
	for i, code := range codes {
		resultEntries[i] = &kinesis.PutRecordsResultEntry{
			ErrorCode: aws.String(code),
		}

		if code != "" {
			errorCount++
		}
	}

	return &kinesis.PutRecordsOutput{
		FailedRecordCount: aws.Int64(int64(errorCount)),
		Records:           resultEntries,
	}
}