73 lines
2.3 KiB
Go
73 lines
2.3 KiB
Go
// Copyright (C) MongoDB, Inc. 2023-present.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
// not use this file except in compliance with the License. You may obtain
|
|
// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Based on github.com/aws/aws-sdk-go by Amazon.com, Inc. with code from:
|
|
// - github.com/aws/aws-sdk-go/blob/v1.44.225/aws/credentials/chain_provider.go
|
|
// See THIRD-PARTY-NOTICES for original license terms
|
|
|
|
package credentials
|
|
|
|
import (
|
|
"gitea.psichedelico.com/go/bson/internal/aws/awserr"
|
|
)
|
|
|
|
// A ChainProvider will search for a provider which returns credentials
|
|
// and cache that provider until Retrieve is called again.
|
|
//
|
|
// The ChainProvider provides a way of chaining multiple providers together
|
|
// which will pick the first available using priority order of the Providers
|
|
// in the list.
|
|
//
|
|
// If none of the Providers retrieve valid credentials Value, ChainProvider's
|
|
// Retrieve() will return the error ErrNoValidProvidersFoundInChain.
|
|
//
|
|
// If a Provider is found which returns valid credentials Value ChainProvider
|
|
// will cache that Provider for all calls to IsExpired(), until Retrieve is
|
|
// called again.
|
|
type ChainProvider struct {
|
|
Providers []Provider
|
|
curr Provider
|
|
}
|
|
|
|
// NewChainCredentials returns a pointer to a new Credentials object
|
|
// wrapping a chain of providers.
|
|
func NewChainCredentials(providers []Provider) *Credentials {
|
|
return NewCredentials(&ChainProvider{
|
|
Providers: append([]Provider{}, providers...),
|
|
})
|
|
}
|
|
|
|
// Retrieve returns the credentials value or error if no provider returned
|
|
// without error.
|
|
//
|
|
// If a provider is found it will be cached and any calls to IsExpired()
|
|
// will return the expired state of the cached provider.
|
|
func (c *ChainProvider) Retrieve() (Value, error) {
|
|
var errs = make([]error, 0, len(c.Providers))
|
|
for _, p := range c.Providers {
|
|
creds, err := p.Retrieve()
|
|
if err == nil {
|
|
c.curr = p
|
|
return creds, nil
|
|
}
|
|
errs = append(errs, err)
|
|
}
|
|
c.curr = nil
|
|
|
|
var err = awserr.NewBatchError("NoCredentialProviders", "no valid providers in chain", errs)
|
|
return Value{}, err
|
|
}
|
|
|
|
// IsExpired will returned the expired state of the currently cached provider
|
|
// if there is one. If there is no current provider, true will be returned.
|
|
func (c *ChainProvider) IsExpired() bool {
|
|
if c.curr != nil {
|
|
return c.curr.IsExpired()
|
|
}
|
|
|
|
return true
|
|
}
|