update deps to match the aws provider
Update the aws-sdk-go-base and aws-sdk-go packages to ensure the same client behavior as the aws provider.
This commit is contained in:
parent
a56e53ec5b
commit
01f4dd4588
4
go.mod
4
go.mod
|
@ -17,7 +17,7 @@ require (
|
||||||
github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2
|
github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2
|
||||||
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da // indirect
|
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da // indirect
|
||||||
github.com/armon/go-radix v1.0.0 // indirect
|
github.com/armon/go-radix v1.0.0 // indirect
|
||||||
github.com/aws/aws-sdk-go v1.21.7
|
github.com/aws/aws-sdk-go v1.22.0
|
||||||
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f // indirect
|
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f // indirect
|
||||||
github.com/blang/semver v3.5.1+incompatible
|
github.com/blang/semver v3.5.1+incompatible
|
||||||
github.com/boltdb/bolt v1.3.1 // indirect
|
github.com/boltdb/bolt v1.3.1 // indirect
|
||||||
|
@ -42,7 +42,7 @@ require (
|
||||||
github.com/gorilla/websocket v1.4.0 // indirect
|
github.com/gorilla/websocket v1.4.0 // indirect
|
||||||
github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 // indirect
|
github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 // indirect
|
||||||
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
|
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
|
||||||
github.com/hashicorp/aws-sdk-go-base v0.2.0
|
github.com/hashicorp/aws-sdk-go-base v0.3.0
|
||||||
github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089
|
github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089
|
||||||
github.com/hashicorp/errwrap v1.0.0
|
github.com/hashicorp/errwrap v1.0.0
|
||||||
github.com/hashicorp/go-azure-helpers v0.5.0
|
github.com/hashicorp/go-azure-helpers v0.5.0
|
||||||
|
|
4
go.sum
4
go.sum
|
@ -85,6 +85,8 @@ github.com/aws/aws-sdk-go v1.16.36 h1:POeH34ZME++pr7GBGh+ZO6Y5kOwSMQpqp5BGUgooJ6
|
||||||
github.com/aws/aws-sdk-go v1.16.36/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
|
github.com/aws/aws-sdk-go v1.16.36/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
|
||||||
github.com/aws/aws-sdk-go v1.21.7 h1:ml+k7szyVaq4YD+3LhqOGl9tgMTqgMbpnuUSkB6UJvQ=
|
github.com/aws/aws-sdk-go v1.21.7 h1:ml+k7szyVaq4YD+3LhqOGl9tgMTqgMbpnuUSkB6UJvQ=
|
||||||
github.com/aws/aws-sdk-go v1.21.7/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
|
github.com/aws/aws-sdk-go v1.21.7/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
|
||||||
|
github.com/aws/aws-sdk-go v1.22.0 h1:e88V6+dSEyBibUy0ekOydtTfNWzqG3hrtCR8SF6UqqY=
|
||||||
|
github.com/aws/aws-sdk-go v1.22.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
|
||||||
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA=
|
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA=
|
||||||
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
|
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
|
||||||
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0=
|
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0=
|
||||||
|
@ -204,6 +206,8 @@ github.com/grpc-ecosystem/grpc-gateway v1.8.5 h1:2+KSC78XiO6Qy0hIjfc1OD9H+hsaJdJ
|
||||||
github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
|
github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
|
||||||
github.com/hashicorp/aws-sdk-go-base v0.2.0 h1:5bjZnWCvQg9Im5CHZr9t90IaFC4uvVlMl2fTh23IoCk=
|
github.com/hashicorp/aws-sdk-go-base v0.2.0 h1:5bjZnWCvQg9Im5CHZr9t90IaFC4uvVlMl2fTh23IoCk=
|
||||||
github.com/hashicorp/aws-sdk-go-base v0.2.0/go.mod h1:ZIWACGGi0N7a4DZbf15yuE1JQORmWLtBcVM6F5SXNFU=
|
github.com/hashicorp/aws-sdk-go-base v0.2.0/go.mod h1:ZIWACGGi0N7a4DZbf15yuE1JQORmWLtBcVM6F5SXNFU=
|
||||||
|
github.com/hashicorp/aws-sdk-go-base v0.3.0 h1:CPWKWCuOwpIFNsy8FUI9IT2QI7mGwgVPc4hrXW9I4L4=
|
||||||
|
github.com/hashicorp/aws-sdk-go-base v0.3.0/go.mod h1:ZIWACGGi0N7a4DZbf15yuE1JQORmWLtBcVM6F5SXNFU=
|
||||||
github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089 h1:1eDpXAxTh0iPv+1kc9/gfSI2pxRERDsTk/lNGolwHn8=
|
github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089 h1:1eDpXAxTh0iPv+1kc9/gfSI2pxRERDsTk/lNGolwHn8=
|
||||||
github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089/go.mod h1:mFrjN1mfidgJfYP1xrJCF+AfRhr6Eaqhb2+sfyn/OOI=
|
github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089/go.mod h1:mFrjN1mfidgJfYP1xrJCF+AfRhr6Eaqhb2+sfyn/OOI=
|
||||||
github.com/hashicorp/errwrap v0.0.0-20180715044906-d6c0cd880357/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
|
github.com/hashicorp/errwrap v0.0.0-20180715044906-d6c0cd880357/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
|
||||||
|
|
|
@ -83,7 +83,7 @@ var awsPartition = partition{
|
||||||
DNSSuffix: "amazonaws.com",
|
DNSSuffix: "amazonaws.com",
|
||||||
RegionRegex: regionRegex{
|
RegionRegex: regionRegex{
|
||||||
Regexp: func() *regexp.Regexp {
|
Regexp: func() *regexp.Regexp {
|
||||||
reg, _ := regexp.Compile("^(us|eu|ap|sa|ca)\\-\\w+\\-\\d+$")
|
reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me)\\-\\w+\\-\\d+$")
|
||||||
return reg
|
return reg
|
||||||
}(),
|
}(),
|
||||||
},
|
},
|
||||||
|
@ -775,6 +775,7 @@ var awsPartition = partition{
|
||||||
"codebuild": service{
|
"codebuild": service{
|
||||||
|
|
||||||
Endpoints: endpoints{
|
Endpoints: endpoints{
|
||||||
|
"ap-east-1": endpoint{},
|
||||||
"ap-northeast-1": endpoint{},
|
"ap-northeast-1": endpoint{},
|
||||||
"ap-northeast-2": endpoint{},
|
"ap-northeast-2": endpoint{},
|
||||||
"ap-south-1": endpoint{},
|
"ap-south-1": endpoint{},
|
||||||
|
@ -786,6 +787,7 @@ var awsPartition = partition{
|
||||||
"eu-west-1": endpoint{},
|
"eu-west-1": endpoint{},
|
||||||
"eu-west-2": endpoint{},
|
"eu-west-2": endpoint{},
|
||||||
"eu-west-3": endpoint{},
|
"eu-west-3": endpoint{},
|
||||||
|
"me-south-1": endpoint{},
|
||||||
"sa-east-1": endpoint{},
|
"sa-east-1": endpoint{},
|
||||||
"us-east-1": endpoint{},
|
"us-east-1": endpoint{},
|
||||||
"us-east-1-fips": endpoint{
|
"us-east-1-fips": endpoint{
|
||||||
|
@ -827,6 +829,7 @@ var awsPartition = partition{
|
||||||
"ap-southeast-2": endpoint{},
|
"ap-southeast-2": endpoint{},
|
||||||
"ca-central-1": endpoint{},
|
"ca-central-1": endpoint{},
|
||||||
"eu-central-1": endpoint{},
|
"eu-central-1": endpoint{},
|
||||||
|
"eu-north-1": endpoint{},
|
||||||
"eu-west-1": endpoint{},
|
"eu-west-1": endpoint{},
|
||||||
"eu-west-2": endpoint{},
|
"eu-west-2": endpoint{},
|
||||||
"eu-west-3": endpoint{},
|
"eu-west-3": endpoint{},
|
||||||
|
@ -1891,6 +1894,8 @@ var awsPartition = partition{
|
||||||
|
|
||||||
Endpoints: endpoints{
|
Endpoints: endpoints{
|
||||||
"ap-northeast-1": endpoint{},
|
"ap-northeast-1": endpoint{},
|
||||||
|
"ap-northeast-2": endpoint{},
|
||||||
|
"ap-south-1": endpoint{},
|
||||||
"ap-southeast-1": endpoint{},
|
"ap-southeast-1": endpoint{},
|
||||||
"ap-southeast-2": endpoint{},
|
"ap-southeast-2": endpoint{},
|
||||||
"eu-central-1": endpoint{},
|
"eu-central-1": endpoint{},
|
||||||
|
@ -2178,6 +2183,7 @@ var awsPartition = partition{
|
||||||
"eu-west-1": endpoint{},
|
"eu-west-1": endpoint{},
|
||||||
"eu-west-2": endpoint{},
|
"eu-west-2": endpoint{},
|
||||||
"eu-west-3": endpoint{},
|
"eu-west-3": endpoint{},
|
||||||
|
"me-south-1": endpoint{},
|
||||||
"sa-east-1": endpoint{},
|
"sa-east-1": endpoint{},
|
||||||
"us-east-1": endpoint{},
|
"us-east-1": endpoint{},
|
||||||
"us-east-2": endpoint{},
|
"us-east-2": endpoint{},
|
||||||
|
@ -2470,6 +2476,7 @@ var awsPartition = partition{
|
||||||
"eu-west-1": endpoint{},
|
"eu-west-1": endpoint{},
|
||||||
"eu-west-2": endpoint{},
|
"eu-west-2": endpoint{},
|
||||||
"eu-west-3": endpoint{},
|
"eu-west-3": endpoint{},
|
||||||
|
"me-south-1": endpoint{},
|
||||||
"sa-east-1": endpoint{},
|
"sa-east-1": endpoint{},
|
||||||
"us-east-1": endpoint{
|
"us-east-1": endpoint{
|
||||||
SSLCommonName: "{service}.{dnsSuffix}",
|
SSLCommonName: "{service}.{dnsSuffix}",
|
||||||
|
@ -2927,6 +2934,7 @@ var awsPartition = partition{
|
||||||
"securityhub": service{
|
"securityhub": service{
|
||||||
|
|
||||||
Endpoints: endpoints{
|
Endpoints: endpoints{
|
||||||
|
"ap-east-1": endpoint{},
|
||||||
"ap-northeast-1": endpoint{},
|
"ap-northeast-1": endpoint{},
|
||||||
"ap-northeast-2": endpoint{},
|
"ap-northeast-2": endpoint{},
|
||||||
"ap-south-1": endpoint{},
|
"ap-south-1": endpoint{},
|
||||||
|
@ -4545,6 +4553,7 @@ var awsusgovPartition = partition{
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Endpoints: endpoints{
|
Endpoints: endpoints{
|
||||||
|
"us-gov-east-1": endpoint{},
|
||||||
"us-gov-west-1": endpoint{},
|
"us-gov-west-1": endpoint{},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -170,10 +170,13 @@ func PartitionForRegion(ps []Partition, regionID string) (Partition, bool) {
|
||||||
// A Partition provides the ability to enumerate the partition's regions
|
// A Partition provides the ability to enumerate the partition's regions
|
||||||
// and services.
|
// and services.
|
||||||
type Partition struct {
|
type Partition struct {
|
||||||
id string
|
id, dnsSuffix string
|
||||||
p *partition
|
p *partition
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DNSSuffix returns the base domain name of the partition.
|
||||||
|
func (p Partition) DNSSuffix() string { return p.dnsSuffix }
|
||||||
|
|
||||||
// ID returns the identifier of the partition.
|
// ID returns the identifier of the partition.
|
||||||
func (p Partition) ID() string { return p.id }
|
func (p Partition) ID() string { return p.id }
|
||||||
|
|
||||||
|
|
|
@ -54,8 +54,9 @@ type partition struct {
|
||||||
|
|
||||||
func (p partition) Partition() Partition {
|
func (p partition) Partition() Partition {
|
||||||
return Partition{
|
return Partition{
|
||||||
id: p.ID,
|
dnsSuffix: p.DNSSuffix,
|
||||||
p: &p,
|
id: p.ID,
|
||||||
|
p: &p,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -21,9 +21,10 @@ func resolveCredentials(cfg *aws.Config,
|
||||||
) (*credentials.Credentials, error) {
|
) (*credentials.Credentials, error) {
|
||||||
|
|
||||||
switch {
|
switch {
|
||||||
case len(envCfg.Profile) != 0:
|
case len(sessOpts.Profile) != 0:
|
||||||
// User explicitly provided an Profile, so load from shared config
|
// User explicitly provided an Profile in the session's configuration
|
||||||
// first.
|
// so load that profile from shared config first.
|
||||||
|
// Github(aws/aws-sdk-go#2727)
|
||||||
return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts)
|
return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts)
|
||||||
|
|
||||||
case envCfg.Creds.HasKeys():
|
case envCfg.Creds.HasKeys():
|
||||||
|
|
|
@ -1,97 +1,93 @@
|
||||||
/*
|
/*
|
||||||
Package session provides configuration for the SDK's service clients.
|
Package session provides configuration for the SDK's service clients. Sessions
|
||||||
|
can be shared across service clients that share the same base configuration.
|
||||||
Sessions can be shared across all service clients that share the same base
|
|
||||||
configuration. The Session is built from the SDK's default configuration and
|
|
||||||
request handlers.
|
|
||||||
|
|
||||||
Sessions should be cached when possible, because creating a new Session will
|
|
||||||
load all configuration values from the environment, and config files each time
|
|
||||||
the Session is created. Sharing the Session value across all of your service
|
|
||||||
clients will ensure the configuration is loaded the fewest number of times possible.
|
|
||||||
|
|
||||||
Concurrency
|
|
||||||
|
|
||||||
Sessions are safe to use concurrently as long as the Session is not being
|
Sessions are safe to use concurrently as long as the Session is not being
|
||||||
modified. The SDK will not modify the Session once the Session has been created.
|
modified. Sessions should be cached when possible, because creating a new
|
||||||
Creating service clients concurrently from a shared Session is safe.
|
Session will load all configuration values from the environment, and config
|
||||||
|
files each time the Session is created. Sharing the Session value across all of
|
||||||
|
your service clients will ensure the configuration is loaded the fewest number
|
||||||
|
of times possible.
|
||||||
|
|
||||||
Sessions from Shared Config
|
Sessions options from Shared Config
|
||||||
|
|
||||||
Sessions can be created using the method above that will only load the
|
|
||||||
additional config if the AWS_SDK_LOAD_CONFIG environment variable is set.
|
|
||||||
Alternatively you can explicitly create a Session with shared config enabled.
|
|
||||||
To do this you can use NewSessionWithOptions to configure how the Session will
|
|
||||||
be created. Using the NewSessionWithOptions with SharedConfigState set to
|
|
||||||
SharedConfigEnable will create the session as if the AWS_SDK_LOAD_CONFIG
|
|
||||||
environment variable was set.
|
|
||||||
|
|
||||||
Creating Sessions
|
|
||||||
|
|
||||||
When creating Sessions optional aws.Config values can be passed in that will
|
|
||||||
override the default, or loaded config values the Session is being created
|
|
||||||
with. This allows you to provide additional, or case based, configuration
|
|
||||||
as needed.
|
|
||||||
|
|
||||||
By default NewSession will only load credentials from the shared credentials
|
By default NewSession will only load credentials from the shared credentials
|
||||||
file (~/.aws/credentials). If the AWS_SDK_LOAD_CONFIG environment variable is
|
file (~/.aws/credentials). If the AWS_SDK_LOAD_CONFIG environment variable is
|
||||||
set to a truthy value the Session will be created from the configuration
|
set to a truthy value the Session will be created from the configuration
|
||||||
values from the shared config (~/.aws/config) and shared credentials
|
values from the shared config (~/.aws/config) and shared credentials
|
||||||
(~/.aws/credentials) files. See the section Sessions from Shared Config for
|
(~/.aws/credentials) files. Using the NewSessionWithOptions with
|
||||||
more information.
|
SharedConfigState set to SharedConfigEnable will create the session as if the
|
||||||
|
AWS_SDK_LOAD_CONFIG environment variable was set.
|
||||||
|
|
||||||
Create a Session with the default config and request handlers. With credentials
|
Credential and config loading order
|
||||||
region, and profile loaded from the environment and shared config automatically.
|
|
||||||
Requires the AWS_PROFILE to be set, or "default" is used.
|
The Session will attempt to load configuration and credentials from the
|
||||||
|
environment, configuration files, and other credential sources. The order
|
||||||
|
configuration is loaded in is:
|
||||||
|
|
||||||
|
* Environment Variables
|
||||||
|
* Shared Credentials file
|
||||||
|
* Shared Configuration file (if SharedConfig is enabled)
|
||||||
|
* EC2 Instance Metadata (credentials only)
|
||||||
|
|
||||||
|
The Environment variables for credentials will have precedence over shared
|
||||||
|
config even if SharedConfig is enabled. To override this behavior, and use
|
||||||
|
shared config credentials instead specify the session.Options.Profile, (e.g.
|
||||||
|
when using credential_source=Environment to assume a role).
|
||||||
|
|
||||||
|
sess, err := session.NewSessionWithOptions(session.Options{
|
||||||
|
Profile: "myProfile",
|
||||||
|
})
|
||||||
|
|
||||||
|
Creating Sessions
|
||||||
|
|
||||||
|
Creating a Session without additional options will load credentials region, and
|
||||||
|
profile loaded from the environment and shared config automatically. See,
|
||||||
|
"Environment Variables" section for information on environment variables used
|
||||||
|
by Session.
|
||||||
|
|
||||||
// Create Session
|
// Create Session
|
||||||
sess := session.Must(session.NewSession())
|
sess, err := session.NewSession()
|
||||||
|
|
||||||
|
|
||||||
|
When creating Sessions optional aws.Config values can be passed in that will
|
||||||
|
override the default, or loaded, config values the Session is being created
|
||||||
|
with. This allows you to provide additional, or case based, configuration
|
||||||
|
as needed.
|
||||||
|
|
||||||
// Create a Session with a custom region
|
// Create a Session with a custom region
|
||||||
sess := session.Must(session.NewSession(&aws.Config{
|
sess, err := session.NewSession(&aws.Config{
|
||||||
Region: aws.String("us-east-1"),
|
Region: aws.String("us-west-2"),
|
||||||
}))
|
})
|
||||||
|
|
||||||
// Create a S3 client instance from a session
|
Use NewSessionWithOptions to provide additional configuration driving how the
|
||||||
sess := session.Must(session.NewSession())
|
Session's configuration will be loaded. Such as, specifying shared config
|
||||||
|
profile, or override the shared config state, (AWS_SDK_LOAD_CONFIG).
|
||||||
svc := s3.New(sess)
|
|
||||||
|
|
||||||
Create Session With Option Overrides
|
|
||||||
|
|
||||||
In addition to NewSession, Sessions can be created using NewSessionWithOptions.
|
|
||||||
This func allows you to control and override how the Session will be created
|
|
||||||
through code instead of being driven by environment variables only.
|
|
||||||
|
|
||||||
Use NewSessionWithOptions when you want to provide the config profile, or
|
|
||||||
override the shared config state (AWS_SDK_LOAD_CONFIG).
|
|
||||||
|
|
||||||
// Equivalent to session.NewSession()
|
// Equivalent to session.NewSession()
|
||||||
sess := session.Must(session.NewSessionWithOptions(session.Options{
|
sess, err := session.NewSessionWithOptions(session.Options{
|
||||||
// Options
|
// Options
|
||||||
}))
|
})
|
||||||
|
|
||||||
// Specify profile to load for the session's config
|
sess, err := session.NewSessionWithOptions(session.Options{
|
||||||
sess := session.Must(session.NewSessionWithOptions(session.Options{
|
// Specify profile to load for the session's config
|
||||||
Profile: "profile_name",
|
Profile: "profile_name",
|
||||||
}))
|
|
||||||
|
|
||||||
// Specify profile for config and region for requests
|
// Provide SDK Config options, such as Region.
|
||||||
sess := session.Must(session.NewSessionWithOptions(session.Options{
|
Config: aws.Config{
|
||||||
Config: aws.Config{Region: aws.String("us-east-1")},
|
Region: aws.String("us-west-2"),
|
||||||
Profile: "profile_name",
|
},
|
||||||
}))
|
|
||||||
|
|
||||||
// Force enable Shared Config support
|
// Force enable Shared Config support
|
||||||
sess := session.Must(session.NewSessionWithOptions(session.Options{
|
|
||||||
SharedConfigState: session.SharedConfigEnable,
|
SharedConfigState: session.SharedConfigEnable,
|
||||||
}))
|
})
|
||||||
|
|
||||||
Adding Handlers
|
Adding Handlers
|
||||||
|
|
||||||
You can add handlers to a session for processing HTTP requests. All service
|
You can add handlers to a session to decorate API operation, (e.g. adding HTTP
|
||||||
clients that use the session inherit the handlers. For example, the following
|
headers). All clients that use the Session receive a copy of the Session's
|
||||||
handler logs every request and its payload made by a service client:
|
handlers. For example, the following request handler added to the Session logs
|
||||||
|
every requests made.
|
||||||
|
|
||||||
// Create a session, and add additional handlers for all service
|
// Create a session, and add additional handlers for all service
|
||||||
// clients created with the Session to inherit. Adds logging handler.
|
// clients created with the Session to inherit. Adds logging handler.
|
||||||
|
@ -99,22 +95,15 @@ handler logs every request and its payload made by a service client:
|
||||||
|
|
||||||
sess.Handlers.Send.PushFront(func(r *request.Request) {
|
sess.Handlers.Send.PushFront(func(r *request.Request) {
|
||||||
// Log every request made and its payload
|
// Log every request made and its payload
|
||||||
logger.Printf("Request: %s/%s, Payload: %s",
|
logger.Printf("Request: %s/%s, Params: %s",
|
||||||
r.ClientInfo.ServiceName, r.Operation, r.Params)
|
r.ClientInfo.ServiceName, r.Operation, r.Params)
|
||||||
})
|
})
|
||||||
|
|
||||||
Deprecated "New" function
|
|
||||||
|
|
||||||
The New session function has been deprecated because it does not provide good
|
|
||||||
way to return errors that occur when loading the configuration files and values.
|
|
||||||
Because of this, NewSession was created so errors can be retrieved when
|
|
||||||
creating a session fails.
|
|
||||||
|
|
||||||
Shared Config Fields
|
Shared Config Fields
|
||||||
|
|
||||||
By default the SDK will only load the shared credentials file's (~/.aws/credentials)
|
By default the SDK will only load the shared credentials file's
|
||||||
credentials values, and all other config is provided by the environment variables,
|
(~/.aws/credentials) credentials values, and all other config is provided by
|
||||||
SDK defaults, and user provided aws.Config values.
|
the environment variables, SDK defaults, and user provided aws.Config values.
|
||||||
|
|
||||||
If the AWS_SDK_LOAD_CONFIG environment variable is set, or SharedConfigEnable
|
If the AWS_SDK_LOAD_CONFIG environment variable is set, or SharedConfigEnable
|
||||||
option is used to create the Session the full shared config values will be
|
option is used to create the Session the full shared config values will be
|
||||||
|
@ -125,24 +114,31 @@ files have the same format.
|
||||||
|
|
||||||
If both config files are present the configuration from both files will be
|
If both config files are present the configuration from both files will be
|
||||||
read. The Session will be created from configuration values from the shared
|
read. The Session will be created from configuration values from the shared
|
||||||
credentials file (~/.aws/credentials) over those in the shared config file (~/.aws/config).
|
credentials file (~/.aws/credentials) over those in the shared config file
|
||||||
|
(~/.aws/config).
|
||||||
|
|
||||||
Credentials are the values the SDK should use for authenticating requests with
|
Credentials are the values the SDK uses to authenticating requests with AWS
|
||||||
AWS Services. They are from a configuration file will need to include both
|
Services. When specified in a file, both aws_access_key_id and
|
||||||
aws_access_key_id and aws_secret_access_key must be provided together in the
|
aws_secret_access_key must be provided together in the same file to be
|
||||||
same file to be considered valid. The values will be ignored if not a complete
|
considered valid. They will be ignored if both are not present.
|
||||||
group. aws_session_token is an optional field that can be provided if both of
|
aws_session_token is an optional field that can be provided in addition to the
|
||||||
the other two fields are also provided.
|
other two fields.
|
||||||
|
|
||||||
aws_access_key_id = AKID
|
aws_access_key_id = AKID
|
||||||
aws_secret_access_key = SECRET
|
aws_secret_access_key = SECRET
|
||||||
aws_session_token = TOKEN
|
aws_session_token = TOKEN
|
||||||
|
|
||||||
Assume Role values allow you to configure the SDK to assume an IAM role using
|
; region only supported if SharedConfigEnabled.
|
||||||
a set of credentials provided in a config file via the source_profile field.
|
region = us-east-1
|
||||||
Both "role_arn" and "source_profile" are required. The SDK supports assuming
|
|
||||||
a role with MFA token if the session option AssumeRoleTokenProvider
|
Assume Role configuration
|
||||||
is set.
|
|
||||||
|
The role_arn field allows you to configure the SDK to assume an IAM role using
|
||||||
|
a set of credentials from another source. Such as when paired with static
|
||||||
|
credentials, "profile_source", "credential_process", or "credential_source"
|
||||||
|
fields. If "role_arn" is provided, a source of credentials must also be
|
||||||
|
specified, such as "source_profile", "credential_source", or
|
||||||
|
"credential_process".
|
||||||
|
|
||||||
role_arn = arn:aws:iam::<account_number>:role/<role_name>
|
role_arn = arn:aws:iam::<account_number>:role/<role_name>
|
||||||
source_profile = profile_with_creds
|
source_profile = profile_with_creds
|
||||||
|
@ -150,40 +146,16 @@ is set.
|
||||||
mfa_serial = <serial or mfa arn>
|
mfa_serial = <serial or mfa arn>
|
||||||
role_session_name = session_name
|
role_session_name = session_name
|
||||||
|
|
||||||
Region is the region the SDK should use for looking up AWS service endpoints
|
|
||||||
and signing requests.
|
|
||||||
|
|
||||||
region = us-east-1
|
The SDK supports assuming a role with MFA token. If "mfa_serial" is set, you
|
||||||
|
must also set the Session Option.AssumeRoleTokenProvider. The Session will fail
|
||||||
Assume Role with MFA token
|
to load if the AssumeRoleTokenProvider is not specified.
|
||||||
|
|
||||||
To create a session with support for assuming an IAM role with MFA set the
|
|
||||||
session option AssumeRoleTokenProvider to a function that will prompt for the
|
|
||||||
MFA token code when the SDK assumes the role and refreshes the role's credentials.
|
|
||||||
This allows you to configure the SDK via the shared config to assumea role
|
|
||||||
with MFA tokens.
|
|
||||||
|
|
||||||
In order for the SDK to assume a role with MFA the SharedConfigState
|
|
||||||
session option must be set to SharedConfigEnable, or AWS_SDK_LOAD_CONFIG
|
|
||||||
environment variable set.
|
|
||||||
|
|
||||||
The shared configuration instructs the SDK to assume an IAM role with MFA
|
|
||||||
when the mfa_serial configuration field is set in the shared config
|
|
||||||
(~/.aws/config) or shared credentials (~/.aws/credentials) file.
|
|
||||||
|
|
||||||
If mfa_serial is set in the configuration, the SDK will assume the role, and
|
|
||||||
the AssumeRoleTokenProvider session option is not set an an error will
|
|
||||||
be returned when creating the session.
|
|
||||||
|
|
||||||
sess := session.Must(session.NewSessionWithOptions(session.Options{
|
sess := session.Must(session.NewSessionWithOptions(session.Options{
|
||||||
AssumeRoleTokenProvider: stscreds.StdinTokenProvider,
|
AssumeRoleTokenProvider: stscreds.StdinTokenProvider,
|
||||||
}))
|
}))
|
||||||
|
|
||||||
// Create service client value configured for credentials
|
To setup Assume Role outside of a session see the stscreds.AssumeRoleProvider
|
||||||
// from assumed role.
|
|
||||||
svc := s3.New(sess)
|
|
||||||
|
|
||||||
To setup assume role outside of a session see the stscreds.AssumeRoleProvider
|
|
||||||
documentation.
|
documentation.
|
||||||
|
|
||||||
Environment Variables
|
Environment Variables
|
||||||
|
|
|
@ -281,7 +281,7 @@ func NewSessionWithOptions(opts Options) (*Session, error) {
|
||||||
envCfg = loadEnvConfig()
|
envCfg = loadEnvConfig()
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(opts.Profile) > 0 {
|
if len(opts.Profile) != 0 {
|
||||||
envCfg.Profile = opts.Profile
|
envCfg.Profile = opts.Profile
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -5,4 +5,4 @@ package aws
|
||||||
const SDKName = "aws-sdk-go"
|
const SDKName = "aws-sdk-go"
|
||||||
|
|
||||||
// SDKVersion is the version of this SDK
|
// SDKVersion is the version of this SDK
|
||||||
const SDKVersion = "1.21.7"
|
const SDKVersion = "1.22.0"
|
||||||
|
|
|
@ -760,15 +760,15 @@ func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *reques
|
||||||
// key IDs beginning with ASIA are temporary credentials that are created using
|
// key IDs beginning with ASIA are temporary credentials that are created using
|
||||||
// STS operations. If the account in the response belongs to you, you can sign
|
// STS operations. If the account in the response belongs to you, you can sign
|
||||||
// in as the root user and review your root user access keys. Then, you can
|
// in as the root user and review your root user access keys. Then, you can
|
||||||
// pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report)
|
// pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
|
||||||
// to learn which IAM user owns the keys. To learn who requested the temporary
|
// to learn which IAM user owns the keys. To learn who requested the temporary
|
||||||
// credentials for an ASIA access key, view the STS events in your CloudTrail
|
// credentials for an ASIA access key, view the STS events in your CloudTrail
|
||||||
// logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration).
|
// logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html).
|
||||||
//
|
//
|
||||||
// This operation does not indicate the state of the access key. The key might
|
// This operation does not indicate the state of the access key. The key might
|
||||||
// be active, inactive, or deleted. Active keys might not have permissions to
|
// be active, inactive, or deleted. Active keys might not have permissions to
|
||||||
// perform an operation. Providing a deleted keys might return an error that
|
// perform an operation. Providing a deleted access key might return an error
|
||||||
// the key doesn't exist.
|
// that the key doesn't exist.
|
||||||
//
|
//
|
||||||
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
||||||
// with awserr.Error's Code and Message methods to get detailed information about
|
// with awserr.Error's Code and Message methods to get detailed information about
|
||||||
|
@ -842,8 +842,15 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ
|
||||||
|
|
||||||
// GetCallerIdentity API operation for AWS Security Token Service.
|
// GetCallerIdentity API operation for AWS Security Token Service.
|
||||||
//
|
//
|
||||||
// Returns details about the IAM identity whose credentials are used to call
|
// Returns details about the IAM user or role whose credentials are used to
|
||||||
// the API.
|
// call the operation.
|
||||||
|
//
|
||||||
|
// No permissions are required to perform this operation. If an administrator
|
||||||
|
// adds a policy to your IAM user or role that explicitly denies access to the
|
||||||
|
// sts:GetCallerIdentity action, you can still perform this operation. Permissions
|
||||||
|
// are not required because the same information is returned when an IAM user
|
||||||
|
// or role is denied access. To view an example response, see I Am Not Authorized
|
||||||
|
// to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa).
|
||||||
//
|
//
|
||||||
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
||||||
// with awserr.Error's Code and Message methods to get detailed information about
|
// with awserr.Error's Code and Message methods to get detailed information about
|
||||||
|
@ -2447,7 +2454,7 @@ type GetFederationTokenInput struct {
|
||||||
// use as managed session policies. The plain text that you use for both inline
|
// use as managed session policies. The plain text that you use for both inline
|
||||||
// and managed session policies shouldn't exceed 2048 characters. You can provide
|
// and managed session policies shouldn't exceed 2048 characters. You can provide
|
||||||
// up to 10 managed policy ARNs. For more information about ARNs, see Amazon
|
// up to 10 managed policy ARNs. For more information about ARNs, see Amazon
|
||||||
// Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html)
|
// Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
||||||
// in the AWS General Reference.
|
// in the AWS General Reference.
|
||||||
//
|
//
|
||||||
// This parameter is optional. However, if you do not pass any session policies,
|
// This parameter is optional. However, if you do not pass any session policies,
|
||||||
|
|
|
@ -1,3 +1,9 @@
|
||||||
|
# v0.3.0 (February 26, 2019)
|
||||||
|
|
||||||
|
BUG FIXES
|
||||||
|
|
||||||
|
* session: Return error instead of logging with AWS Account ID lookup failure [GH-3]
|
||||||
|
|
||||||
# v0.2.0 (February 20, 2019)
|
# v0.2.0 (February 20, 2019)
|
||||||
|
|
||||||
ENHANCEMENTS
|
ENHANCEMENTS
|
||||||
|
|
|
@ -185,13 +185,10 @@ func GetSessionWithAccountIDAndPartition(c *Config) (*session.Session, string, s
|
||||||
return sess, accountID, partition, nil
|
return sess, accountID, partition, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// DEPRECATED: Next major version of the provider should return the error instead of logging
|
return nil, "", "", fmt.Errorf(
|
||||||
// if skip_request_account_id is not enabled.
|
|
||||||
log.Printf("[WARN] %s", fmt.Sprintf(
|
|
||||||
"AWS account ID not previously found and failed retrieving via all available methods. "+
|
"AWS account ID not previously found and failed retrieving via all available methods. "+
|
||||||
"This will return an error in the next major version of the AWS provider. "+
|
|
||||||
"See https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id for workaround and implications. "+
|
"See https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id for workaround and implications. "+
|
||||||
"Errors: %s", err))
|
"Errors: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
var partition string
|
var partition string
|
||||||
|
|
|
@ -89,7 +89,7 @@ github.com/apparentlymart/go-textseg/textseg
|
||||||
github.com/armon/circbuf
|
github.com/armon/circbuf
|
||||||
# github.com/armon/go-radix v1.0.0
|
# github.com/armon/go-radix v1.0.0
|
||||||
github.com/armon/go-radix
|
github.com/armon/go-radix
|
||||||
# github.com/aws/aws-sdk-go v1.21.7
|
# github.com/aws/aws-sdk-go v1.22.0
|
||||||
github.com/aws/aws-sdk-go/aws
|
github.com/aws/aws-sdk-go/aws
|
||||||
github.com/aws/aws-sdk-go/aws/awserr
|
github.com/aws/aws-sdk-go/aws/awserr
|
||||||
github.com/aws/aws-sdk-go/service/dynamodb
|
github.com/aws/aws-sdk-go/service/dynamodb
|
||||||
|
@ -303,7 +303,7 @@ github.com/gophercloud/utils/openstack/clientconfig
|
||||||
github.com/grpc-ecosystem/grpc-gateway/runtime
|
github.com/grpc-ecosystem/grpc-gateway/runtime
|
||||||
github.com/grpc-ecosystem/grpc-gateway/utilities
|
github.com/grpc-ecosystem/grpc-gateway/utilities
|
||||||
github.com/grpc-ecosystem/grpc-gateway/internal
|
github.com/grpc-ecosystem/grpc-gateway/internal
|
||||||
# github.com/hashicorp/aws-sdk-go-base v0.2.0
|
# github.com/hashicorp/aws-sdk-go-base v0.3.0
|
||||||
github.com/hashicorp/aws-sdk-go-base
|
github.com/hashicorp/aws-sdk-go-base
|
||||||
# github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089
|
# github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089
|
||||||
github.com/hashicorp/consul/api
|
github.com/hashicorp/consul/api
|
||||||
|
|
Loading…
Reference in New Issue