Add support for credential_process #1486
Conversation
| return !p.retrieved | ||
| } | ||
|
|
||
| now := time.Now() |
There was a problem hiding this comment.
you need to add lee-way you can't expire at the last nano-second @albertomurillo look at iam_aws implementation for ideas.
There was a problem hiding this comment.
you don't need this you can just call p.IsExpired() now @albertomurillo
There was a problem hiding this comment.
Nice, I updated FileAWSCredentials struct to make use of credentials.go Expiry.
Now that DefaultExpiryWindow is being used in two files, what do you think about refactoring it closer to Expiry definition in credentials.go ?
albertomurillo
force-pushed
the
credential_process
branch
from
871910d to
bb99684
Compare
Fixes minio#1485 Signed-off-by: Alberto Murillo <[email protected]>
albertomurillo
force-pushed
the
credential_process
branch
from
bb99684 to
e3f4607
Compare
| credential_process := iniProfile.Key("credential_process").String() | ||
| if credential_process != "" { | ||
| args := strings.Fields(credential_process) | ||
| cmd := exec.Command(args[0], args[1:]...) |
There was a problem hiding this comment.
Validate len(args) > 1 to avoid crash.
| @@ -90,6 +105,31 @@ func (p *FileAWSCredentials) Retrieve() (Value, error) { | |||
| // Default to empty string if not found. | |||
| token := iniProfile.Key("aws_session_token") | |||
|
|
|||
| // If credential_process is defined, obtain credentials by executing | |||
| // the external process | |||
| credential_process := iniProfile.Key("credential_process").String() | |||
There was a problem hiding this comment.
Use camel case:
| credential_process := iniProfile.Key("credential_process").String() | |
| credentialProcess := iniProfile.Key("credential_process").String() |
|
@albertomurillo Please re-submit the PR when it's ready. Closing this on our end. |
Can’t rework due to AGPL license change. I hope someone else takes over the patch. |
Fixes #1485
Signed-off-by: Alberto Murillo [email protected]