Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option callbacks to aws.Config for modifying default credentials #4160

Closed
rittneje opened this issue Nov 4, 2021 · 2 comments · Fixed by #4174
Closed

Add option callbacks to aws.Config for modifying default credentials #4160

rittneje opened this issue Nov 4, 2021 · 2 comments · Fixed by #4174
Labels
feature-request A feature should be added or improved.

Comments

@rittneje
Copy link
Contributor

rittneje commented Nov 4, 2021

Is your feature request related to a problem? Please describe.

We load our credentials via the default chain. In particular we are ultimately using stscreds.WebIdentityRoleProvider. We would like to be able to set the ExpiryWindow. That way we can generate presigned URLs that will be valid for 15 minutes, without worrying about whether the backing role credentials will expire sooner than that. However, right now this cannot be done, because we only get a credentials.Credentials instance, and the provider is a private field.

Describe the solution you'd like

Add options functions to the aws.Config to allow modifying the default credentials.

type Config struct {
    ...
    DefaultCredentialsOptions *DefaultCredentialsOptions
}

type DefaultCredentialsOptions struct {
    ...
    WebIdentityRoleProviderOption func(*stscreds.WebIdentityRoleProvider)
}

When the default credentials are being created, the corresponding function would be applied to the provider before it gets wrapped into a credentials.Credentials. If the function is nil then it is a no-op. In our case we would do this:

credOptions := &aws.DefaultCredentialsOptions{
    WebIdentityRoleProviderOption: func(creds *stscreds.WebIdentityRoleProvider) {
        creds.ExpiryWindow = 15 * time.Minute
    },
}

Describe alternatives you've considered
We can of course manually create the stscreds.WebIdentityRoleProvider ourselves but that is annoying and requires special code for anything running in EKS as opposed to a lambda.
@rittneje rittneje added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Nov 4, 2021
@rittneje rittneje mentioned this issue Nov 12, 2021
Merged
@jasdel jasdel mentioned this issue Dec 6, 2021
Merged
@jasdel
Copy link
Contributor

jasdel commented Dec 7, 2021

Thanks for taking the time to create this issue @rittneje. I've updated the PR with feedback on the design and proposal moving forward.

Also, this hasn't been merged yet, but I created a PR in the V2 SDK which addresses this issue directly without needing to use factories, since the v2 SDK already exposes many functional options for its components. aws/aws-sdk-go-v2#1523

jasdel pushed a commit that referenced this issue Jan 4, 2022
@rittneje
add options for customizing credential providers (#4174)
92b5621 
Fixes #4160. It's a little different than what I originally proposed, since (1) this avoid an import cycle, and (2) this is a little more flexible.

Adds a NewWebIdentityRoleProviderWithOptions constructor to be similar to the other credential providers defined by the SDK.
@github-actions
Copy link

github-actions bot commented Jan 4, 2022

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@vudh1 vudh1 removed the needs-triage This issue or PR still needs to be triaged. label Jul 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request A feature should be added or improved.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add options for customizing credential providers rittneje/aws-sdk-go
3 participants
@jasdel @rittneje @vudh1