mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-01-18 18:59:30 +00:00
171ba6a65d
Bumps the github-dependencies group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/IBM/keyprotect-go-client](https://github.com/IBM/keyprotect-go-client) | `0.12.2` | `0.14.1` | | [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.53.14` | `1.54.6` | | [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) | `1.28.1` | `1.29.1` | | [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) | `1.12.0` | `1.14.0` | | [github.com/kubernetes-csi/csi-lib-utils](https://github.com/kubernetes-csi/csi-lib-utils) | `0.17.0` | `0.18.1` | | [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.17.1` | `2.19.0` | | [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.18.0` | `1.19.1` | | [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.6.0` | `1.7.0` | Updates `github.com/IBM/keyprotect-go-client` from 0.12.2 to 0.14.1 - [Release notes](https://github.com/IBM/keyprotect-go-client/releases) - [Changelog](https://github.com/IBM/keyprotect-go-client/blob/master/CHANGELOG.md) - [Commits](https://github.com/IBM/keyprotect-go-client/compare/v0.12.2...v0.14.1) Updates `github.com/aws/aws-sdk-go` from 1.53.14 to 1.54.6 - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.53.14...v1.54.6) Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.28.1 to 1.29.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecr/v1.28.1...service/s3/v1.29.1) Updates `github.com/hashicorp/vault/api` from 1.12.0 to 1.14.0 - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/vault/compare/v1.12.0...v1.14.0) Updates `github.com/kubernetes-csi/csi-lib-utils` from 0.17.0 to 0.18.1 - [Release notes](https://github.com/kubernetes-csi/csi-lib-utils/releases) - [Commits](https://github.com/kubernetes-csi/csi-lib-utils/compare/v0.17.0...v0.18.1) Updates `github.com/onsi/ginkgo/v2` from 2.17.1 to 2.19.0 - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.17.1...v2.19.0) Updates `github.com/onsi/gomega` from 1.32.0 to 1.33.1 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.32.0...v1.33.1) Updates `github.com/prometheus/client_golang` from 1.18.0 to 1.19.1 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.18.0...v1.19.1) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.6.0 to 1.7.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.6.0...sdk/azcore/v1.7.0) --- updated-dependencies: - dependency-name: github.com/IBM/keyprotect-go-client dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/hashicorp/vault/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/kubernetes-csi/csi-lib-utils dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
174 lines
6.0 KiB
Go
174 lines
6.0 KiB
Go
package aws
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"reflect"
|
|
"time"
|
|
|
|
"github.com/aws/aws-sdk-go-v2/internal/sdk"
|
|
)
|
|
|
|
// AnonymousCredentials provides a sentinel CredentialsProvider that should be
|
|
// used to instruct the SDK's signing middleware to not sign the request.
|
|
//
|
|
// Using `nil` credentials when configuring an API client will achieve the same
|
|
// result. The AnonymousCredentials type allows you to configure the SDK's
|
|
// external config loading to not attempt to source credentials from the shared
|
|
// config or environment.
|
|
//
|
|
// For example you can use this CredentialsProvider with an API client's
|
|
// Options to instruct the client not to sign a request for accessing public
|
|
// S3 bucket objects.
|
|
//
|
|
// The following example demonstrates using the AnonymousCredentials to prevent
|
|
// SDK's external config loading attempt to resolve credentials.
|
|
//
|
|
// cfg, err := config.LoadDefaultConfig(context.TODO(),
|
|
// config.WithCredentialsProvider(aws.AnonymousCredentials{}),
|
|
// )
|
|
// if err != nil {
|
|
// log.Fatalf("failed to load config, %v", err)
|
|
// }
|
|
//
|
|
// client := s3.NewFromConfig(cfg)
|
|
//
|
|
// Alternatively you can leave the API client Option's `Credential` member to
|
|
// nil. If using the `NewFromConfig` constructor you'll need to explicitly set
|
|
// the `Credentials` member to nil, if the external config resolved a
|
|
// credential provider.
|
|
//
|
|
// client := s3.New(s3.Options{
|
|
// // Credentials defaults to a nil value.
|
|
// })
|
|
//
|
|
// This can also be configured for specific operations calls too.
|
|
//
|
|
// cfg, err := config.LoadDefaultConfig(context.TODO())
|
|
// if err != nil {
|
|
// log.Fatalf("failed to load config, %v", err)
|
|
// }
|
|
//
|
|
// client := s3.NewFromConfig(config)
|
|
//
|
|
// result, err := client.GetObject(context.TODO(), s3.GetObject{
|
|
// Bucket: aws.String("example-bucket"),
|
|
// Key: aws.String("example-key"),
|
|
// }, func(o *s3.Options) {
|
|
// o.Credentials = nil
|
|
// // Or
|
|
// o.Credentials = aws.AnonymousCredentials{}
|
|
// })
|
|
type AnonymousCredentials struct{}
|
|
|
|
// Retrieve implements the CredentialsProvider interface, but will always
|
|
// return error, and cannot be used to sign a request. The AnonymousCredentials
|
|
// type is used as a sentinel type instructing the AWS request signing
|
|
// middleware to not sign a request.
|
|
func (AnonymousCredentials) Retrieve(context.Context) (Credentials, error) {
|
|
return Credentials{Source: "AnonymousCredentials"},
|
|
fmt.Errorf("the AnonymousCredentials is not a valid credential provider, and cannot be used to sign AWS requests with")
|
|
}
|
|
|
|
// A Credentials is the AWS credentials value for individual credential fields.
|
|
type Credentials struct {
|
|
// AWS Access key ID
|
|
AccessKeyID string
|
|
|
|
// AWS Secret Access Key
|
|
SecretAccessKey string
|
|
|
|
// AWS Session Token
|
|
SessionToken string
|
|
|
|
// Source of the credentials
|
|
Source string
|
|
|
|
// States if the credentials can expire or not.
|
|
CanExpire bool
|
|
|
|
// The time the credentials will expire at. Should be ignored if CanExpire
|
|
// is false.
|
|
Expires time.Time
|
|
|
|
// The ID of the account for the credentials.
|
|
AccountID string
|
|
}
|
|
|
|
// Expired returns if the credentials have expired.
|
|
func (v Credentials) Expired() bool {
|
|
if v.CanExpire {
|
|
// Calling Round(0) on the current time will truncate the monotonic
|
|
// reading only. Ensures credential expiry time is always based on
|
|
// reported wall-clock time.
|
|
return !v.Expires.After(sdk.NowTime().Round(0))
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
// HasKeys returns if the credentials keys are set.
|
|
func (v Credentials) HasKeys() bool {
|
|
return len(v.AccessKeyID) > 0 && len(v.SecretAccessKey) > 0
|
|
}
|
|
|
|
// A CredentialsProvider is the interface for any component which will provide
|
|
// credentials Credentials. A CredentialsProvider is required to manage its own
|
|
// Expired state, and what to be expired means.
|
|
//
|
|
// A credentials provider implementation can be wrapped with a CredentialCache
|
|
// to cache the credential value retrieved. Without the cache the SDK will
|
|
// attempt to retrieve the credentials for every request.
|
|
type CredentialsProvider interface {
|
|
// Retrieve returns nil if it successfully retrieved the value.
|
|
// Error is returned if the value were not obtainable, or empty.
|
|
Retrieve(ctx context.Context) (Credentials, error)
|
|
}
|
|
|
|
// CredentialsProviderFunc provides a helper wrapping a function value to
|
|
// satisfy the CredentialsProvider interface.
|
|
type CredentialsProviderFunc func(context.Context) (Credentials, error)
|
|
|
|
// Retrieve delegates to the function value the CredentialsProviderFunc wraps.
|
|
func (fn CredentialsProviderFunc) Retrieve(ctx context.Context) (Credentials, error) {
|
|
return fn(ctx)
|
|
}
|
|
|
|
type isCredentialsProvider interface {
|
|
IsCredentialsProvider(CredentialsProvider) bool
|
|
}
|
|
|
|
// IsCredentialsProvider returns whether the target CredentialProvider is the same type as provider when comparing the
|
|
// implementation type.
|
|
//
|
|
// If provider has a method IsCredentialsProvider(CredentialsProvider) bool it will be responsible for validating
|
|
// whether target matches the credential provider type.
|
|
//
|
|
// When comparing the CredentialProvider implementations provider and target for equality, the following rules are used:
|
|
//
|
|
// If provider is of type T and target is of type V, true if type *T is the same as type *V, otherwise false
|
|
// If provider is of type *T and target is of type V, true if type *T is the same as type *V, otherwise false
|
|
// If provider is of type T and target is of type *V, true if type *T is the same as type *V, otherwise false
|
|
// If provider is of type *T and target is of type *V,true if type *T is the same as type *V, otherwise false
|
|
func IsCredentialsProvider(provider, target CredentialsProvider) bool {
|
|
if target == nil || provider == nil {
|
|
return provider == target
|
|
}
|
|
|
|
if x, ok := provider.(isCredentialsProvider); ok {
|
|
return x.IsCredentialsProvider(target)
|
|
}
|
|
|
|
targetType := reflect.TypeOf(target)
|
|
if targetType.Kind() != reflect.Ptr {
|
|
targetType = reflect.PtrTo(targetType)
|
|
}
|
|
|
|
providerType := reflect.TypeOf(provider)
|
|
if providerType.Kind() != reflect.Ptr {
|
|
providerType = reflect.PtrTo(providerType)
|
|
}
|
|
|
|
return targetType.AssignableTo(providerType)
|
|
}
|