-
Notifications
You must be signed in to change notification settings - Fork 1
/
client_opts.go
158 lines (142 loc) · 4.98 KB
/
client_opts.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
package s3client
import (
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/credentials"
"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
"github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
)
// ClientOpts represents options for configuring an S3 client.
type ClientOpts struct {
// Region is the AWS region to connect to.
Region string
// Endpoint is the endpoint to connect to.
Endpoint string
// AccessKey is the access key to use for authentication.
AccessKey string
// SecretKey is the secret key to use for authentication.
SecretKey string
// AssumeRoleARN is the part of assume role parameter for assume role authentication.
AssumeRoleARN string
// AssumeRoleSessionName is the part of assume role parameter for assume role authentication.
AssumeRoleSessionName string
// AssumeRoleExternalID is the part of assume role parameter for assume role authentication.
AssumeRoleExternalID string
// AssumeRoleDuration is the part of assume role parameter for assume role authentication.
AssumeRoleDuration *time.Duration
// EC2IMDSClientEnableState is used for IMDS authentication.
EC2IMDSClientEnableState *imds.ClientEnableState
}
// LoadOptions returns a slice of functions that can be passed to the config.Load function
// from the AWS SDK to configure an AWS client with the specified options.
func (o *ClientOpts) LoadOptions() []func(options *config.LoadOptions) error {
var loadOpts []func(options *config.LoadOptions) error
if o.Region != "" {
if o.Region == "minio" {
//nolint:staticcheck
// This is a special case for minio.
// https://github.com/minio/minio/discussions/12030#discussioncomment-590564
// this is backwards compatible flag to make it work with minio.
loadOpts = append(loadOpts, config.WithEndpointResolverWithOptions(
aws.EndpointResolverWithOptionsFunc(
func(service string, region string, options ...interface{}) (aws.Endpoint, error) {
return aws.Endpoint{
URL: o.Endpoint,
SigningRegion: region,
HostnameImmutable: true,
}, nil
},
),
))
}
// Add a function to the slice that sets the region on the LoadOptions.
loadOpts = append(loadOpts, config.WithRegion(o.Region))
}
if o.EC2IMDSClientEnableState != nil {
// If IMDS is specified, this authentication method should be handled.
loadOpts = append(loadOpts, config.WithEC2IMDSClientEnableState(
*o.EC2IMDSClientEnableState),
)
} else {
// If IMDS is not specified, this authentication method should be disabled.
loadOpts = append(loadOpts, config.WithEC2IMDSClientEnableState(
imds.ClientDisabled),
)
}
if o.AccessKey != "" && o.SecretKey != "" {
// Add a function to the slice that sets the credentials' provider on the LoadOptions.
loadOpts = append(loadOpts, config.WithCredentialsProvider(
credentials.NewStaticCredentialsProvider(
o.AccessKey,
o.SecretKey,
"",
),
))
}
if o.AssumeRoleARN == "" {
return loadOpts
}
loadOpts = append(loadOpts,
config.WithAssumeRoleCredentialOptions(func(options *stscreds.AssumeRoleOptions) {
options.RoleARN = o.AssumeRoleARN
if o.AssumeRoleSessionName != "" {
options.RoleSessionName = o.AssumeRoleSessionName
}
if o.AssumeRoleExternalID != "" {
options.ExternalID = aws.String(o.AssumeRoleExternalID)
}
if o.AssumeRoleDuration != nil {
options.Duration = *o.AssumeRoleDuration
}
}),
)
return loadOpts
}
// ClientOptsFunc is a function that takes a *ClientOpts pointer and returns an error.
type ClientOptsFunc func(*ClientOpts) error
// WithRegion returns a ClientOptsFunc that sets the region field on the ClientOpts.
func WithRegion(region string) ClientOptsFunc {
return func(opts *ClientOpts) error {
opts.Region = region
return nil
}
}
// WithEndpoint returns a ClientOptsFunc that sets the endpoint field on the ClientOpts.
func WithEndpoint(endpoint string) ClientOptsFunc {
return func(opts *ClientOpts) error {
opts.Endpoint = endpoint
return nil
}
}
// WithStaticCredentials returns a ClientOptsFunc that sets the access key and secret key fields on the ClientOpts.
func WithStaticCredentials(a, s string) ClientOptsFunc {
return func(opts *ClientOpts) error {
opts.AccessKey = a
opts.SecretKey = s
return nil
}
}
// WithAssumeRoleCredentialOptions returns a ClientOptsFunc that sets of parameters for AssumeRole fields on the ClientOpts.
func WithAssumeRoleCredentialOptions(a, s, id string, t *time.Duration) ClientOptsFunc {
return func(opts *ClientOpts) error {
opts.AssumeRoleARN = a
if s != "" {
opts.AssumeRoleSessionName = s
}
if id != "" {
opts.AssumeRoleExternalID = id
}
if t != nil {
opts.AssumeRoleDuration = t
}
return nil
}
}
// WithEC2IMDSClientEnableState returns a ClientOptsFunc that sets EC2IMDSClientEnableState fields on the ClientOpts.
func WithEC2IMDSClientEnableState(s *imds.ClientEnableState) ClientOptsFunc {
return func(opts *ClientOpts) error {
opts.EC2IMDSClientEnableState = s
return nil
}
}