-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
credentials: Expose provider names #512
Conversation
@radeksimko thanks for taking the time to put this PR together. I like the idea of adding a Name to the I think we make this change without creating a breaking change to the Providers interface. If instead of adding a Name func to each Provider. The providers could be responsible for setting the fields themselves. Since the providers are solely responsible for filling the Its possible that a provider implementor forgets to provide this field, but it would also not require a breaking change, nor add additional logic to the |
I was actually playing with this version before I submitted the PR. The reason I have chosen the implementation with If we were to rely on a The ultimate question is then, do we want to make this work? p := &awsCredentials.StaticProvider{Value: awsCredentials.Value{
AccessKeyID: key,
SecretAccessKey: secret,
SessionToken: token,
}}
p.Name // this would be always empty, because no method was called to set it
Agreed that no changes would have to be made to I think it's necessary to add some logic to the I'm fine with implementing the changes you suggested, after all I've been in that stage already a few days ago 😃 , can you just confirm you're ok with all the pros (no breaking change) and cons (providerName likely to be empty in many cases)? |
Thanks for the feedback @radeksimko. I agree avoiding the breaking change would be great. We'd like to go down this path of ensuring no breaking changes.
I was thinking that the individual Providers would have a const provider name which is used by default when the Provider returns a credentials Value via Retrieve. Optionally we could add a way of setting a custom provider name which will override the default in
If the chain provider just passes the credential object return by the nested provider then the
In this case I would expect the StaticProvider's |
Constant is a great idea (I'm actually now embarrassed I didn't come up with this 😃 ) and solves the problems I raised! I will make those changes asap. |
Awesome!, and thanks for your time and help getting this feature implemented. |
@jasdel Modifications done. I thought I could make this even cleaner by moving each provider into a special package from OT: Thank you (and the rest of the team behind AWS SDK) for changing my perception of Amazon & OSS. Nothing personal against your colleagues & maintainers of Boto, but PRs w/out any response for 1year+ (I am able to find even 4 years old PRs with 0 responses) don't usually leave any positive feelings. 😉 |
@radeksimko thanks for making the updates, and glad we can help :) We'll review your changes and get back to you with feedback soon. Thanks again for taking the time to put this PR together. |
Looks good @radeksimko thanks again for taking the time, and working with us to add this feature to the credentials. |
credentials: Expose provider names
References: aws#512
References: aws#512
performance benchmarks Refactor to make code more usable Refactor to make code more usable Refactor to not use singleton for mock server Ensures methods from findAndGetMethod will return method who succeed the request checking out what is in upstream/master profiling memory tests Logging renaming struct credentials: Expose provider names credentials: Add tests covering provider names Using whitelists instead of blacklists. Added new method to return the signature while hoisting all headers Added new method to return the signature while hoisting all headers Update to use whitelists and blacklists depending on whether it is a presign function or not updated names and using http.Header Update unit test more tests and verified that x-amz-meta-* are not good in query. Changed filter to Validator. Allow for rules to be added to the validator Fixed typo Changing to be private Changing buildQuery to use the rule. Fixing pattern for one of the validators More tests and added more rules service/waf: add support for http body inspection and size contraints AWS WAF You can now configure AWS WAF to block, allow, or monitor (count) requests based on the content in HTTP request bodies. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from an HTML form. You can also set size constraints on specified parts of the requests, which let AWS WAF allow, block, or count web requests based on the lengths of specified parts of the requests such as query strings, URIs, or request body. service/ssm: Add support for EC2 instance id length increase Amazon Simple Systems Management Service Add paginators and remove of instance id length constraint Tag release v1.1.0 References: aws#512 Usage of enviroment variables to change outputer Performance tests and mock server Moving things around. Added new reflection method Response are stored. Fix saving to file bug removing this blank file Fixed marshaller Fixing import Gofmt fix for request pagination credentials: Expose provider names credentials: Add tests covering provider names Update to use whitelists and blacklists depending on whether it is a presign function or not updated names and using http.Header Update unit test more tests and verified that x-amz-meta-* are not good in query. Changed filter to Validator. Allow for rules to be added to the validator Fixed typo Changing to be private More tests and added more rules service/waf: add support for http body inspection and size contraints AWS WAF You can now configure AWS WAF to block, allow, or monitor (count) requests based on the content in HTTP request bodies. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from an HTML form. You can also set size constraints on specified parts of the requests, which let AWS WAF allow, block, or count web requests based on the lengths of specified parts of the requests such as query strings, URIs, or request body. service/ssm: Add support for EC2 instance id length increase Amazon Simple Systems Management Service Add paginators and remove of instance id length constraint Tag release v1.1.0 References: aws#512 Add support for converting data of type []byte to DynamodbAttribute. Document ConvertTo []byte support is only for map[string]interface[] Don't unmarshal unmodeled API operation responses Updates the SDK to not unmarshal the HTTP response body of opertions which do not have modeled output shapes. This ensures the SDK does not attempt to unmarshal invalid response from a service. If the response has a body it will be discarded and closed. This change also adds named request handlers for build and unmarshaler. This allows you to remove protocol build and unmarshal handlers by name. The name pattern is: ``` awssdk.<protocol>.Build|Unmarshal|UnmarshalMeta|UnmarshalError ``` Add Generated service clients for named request handlers Fix up example code for unwrapping awserr.Error Update go-jmespath to 0b12d6b52 Fix aws#457 Fix aws#535 Replace API gen shape tag strings with types to improve maintainability Add idempotency token auto fill Adds support for service models which specify a shape member is the idempotency token to be auto filled with a random UUID if the member's value is not already set. This replaces the needs for customizations per service per request when an idempotency token should always be provided, but optionally set by the user. Update protocol marshaler test definitions for idempotency token Code generate protocol marshaler tests for idempotency token Fix go tip vet failing Mock server to handle benchmarking requests. Added cucumber tests for performance benchmarks Refactor to make code more usable Refactor to make code more usable Refactor to not use singleton for mock server Ensures methods from findAndGetMethod will return method who succeed the request
…rtitions, regions, and service models. (aws#512)
Breaking Change --- * `aws/endpoints`: Several functions and types have been removed * Removes `DecodeModel` and `DecodeModelOptions` from the package ([aws#509](aws/aws-sdk-go-v2#509)) * Remove Region Constants, Partition Constants, and types use for exploring the endpoint data model ([aws#512](aws/aws-sdk-go-v2#512)) * `service/s3/s3crypto`: Package and associated encryption/decryption clients have been removed from the SDK ([aws#511](aws/aws-sdk-go-v2#511)) * `aws/external`: Removes several export constants and types ([aws#508](aws/aws-sdk-go-v2#508)) * No longer exports AWS environment constants used by the external environment configuration loader * `DefaultSharedConfigProfile` is now defined an exported constant * `aws`: `ErrMissingRegion`, `ErrMissingEndpoint`, `ErrStaticCredentialsEmpty` are now concrete error types ([aws#510](aws/aws-sdk-go-v2#510)) Services --- * Synced the V2 SDK with latest AWS service API definitions. SDK Features --- * `aws/signer/v4`: New methods `SignHTTP` and `PresignHTTP` have been added ([aws#519](aws/aws-sdk-go-v2#519)) * `SignHTTP` replaces `Sign`, and usage of `Sign` should be migrated before it's removal at a later date * `PresignHTTP` replaces `Presign`, and usage of `Presign` should be migrated before it's removal at a later date * `DisableRequestBodyOverwrite` and `UnsignedPayload` are now deprecated options and have no effect on `SignHTTP` or `PresignHTTP`. These options will be removed at a later date. * `aws/external`: Add Support for setting a default fallback region and resolving region from EC2 IMDS ([aws#523](aws/aws-sdk-go-v2#523)) * `WithDefaultRegion` helper has been added which can be passed to `LoadDefaultAWSConfig` * This helper can be used to configure a default fallback region in the event a region fails to be resolved from other sources * Support has been added to resolve region using EC2 IMDS when available * The IMDS region will be used if region as not found configured in either the shared config or the process environment. * Fixes [aws#244](aws/aws-sdk-go-v2#244) * Fixes [aws#515](aws/aws-sdk-go-v2#515) SDK Enhancements --- * `service/dynamodb/expression`: Add IsSet helper for ConditionBuilder and KeyConditionBuilder ([aws#494](aws/aws-sdk-go-v2#494)) * Adds a IsSet helper for ConditionBuilder and KeyConditionBuilder to make it easier to determine if the condition builders have any conditions added to them. * Implements [aws#493](aws/aws-sdk-go-v2#493). * `internal/ini`: Normalize Section keys to lowercase ([aws#495](aws/aws-sdk-go-v2#495)) * Update's SDK's ini utility to store all keys as lowercase. This brings the SDK inline with the AWS CLI's behavior. SDK Bugs --- * `internal/sdk`: Fix SDK's UUID utility to handle partial read ([aws#536](aws/aws-sdk-go-v2#536)) * Fixes the SDK's UUID utility to correctly handle partial reads from its crypto rand source. This error was sometimes causing the SDK's InvocationID value to fail to be obtained, due to a partial read from crypto.Rand. * Fix [aws#534](aws/aws-sdk-go-v2#534) * `aws/defaults`: Fix request metadata headers causing signature errors ([aws#536](aws/aws-sdk-go-v2#536)) * Fixes the SDK's adding the request metadata headers in the wrong location within the request handler stack. This created a situation where a request that was retried would sign the new attempt using the old value of the header. The header value would then be changed before sending the request. * Fix [aws#533](aws/aws-sdk-go-v2#533) * Fix [aws#521](aws/aws-sdk-go-v2#521)
This should help in situations such as debugging the
ChainProvider
or even giving the user better idea of what's happening under the hood - i.e. where are the used credentials coming from.This PR may introduce a breaking change for users having custom providers as these will be missing the new method per modified interface (
Name()
).