()
| 72 | } |
| 73 | |
| 74 | func (p *FileAWSCredentials) retrieve() (Value, error) { |
| 75 | if p.Filename == "" { |
| 76 | p.Filename = os.Getenv("AWS_SHARED_CREDENTIALS_FILE") |
| 77 | if p.Filename == "" { |
| 78 | homeDir, err := os.UserHomeDir() |
| 79 | if err != nil { |
| 80 | return Value{}, err |
| 81 | } |
| 82 | p.Filename = filepath.Join(homeDir, ".aws", "credentials") |
| 83 | } |
| 84 | } |
| 85 | if p.Profile == "" { |
| 86 | p.Profile = os.Getenv("AWS_PROFILE") |
| 87 | if p.Profile == "" { |
| 88 | p.Profile = "default" |
| 89 | } |
| 90 | } |
| 91 | |
| 92 | p.retrieved = false |
| 93 | |
| 94 | iniProfile, err := loadProfile(p.Filename, p.Profile) |
| 95 | if err != nil { |
| 96 | return Value{}, err |
| 97 | } |
| 98 | |
| 99 | // Default to empty string if not found. |
| 100 | id := iniProfile.Key("aws_access_key_id") |
| 101 | // Default to empty string if not found. |
| 102 | secret := iniProfile.Key("aws_secret_access_key") |
| 103 | // Default to empty string if not found. |
| 104 | token := iniProfile.Key("aws_session_token") |
| 105 | |
| 106 | // If credential_process is defined, obtain credentials by executing |
| 107 | // the external process |
| 108 | credentialProcess := strings.TrimSpace(iniProfile.Key("credential_process").String()) |
| 109 | if credentialProcess != "" { |
| 110 | args := strings.Fields(credentialProcess) |
| 111 | if len(args) <= 1 { |
| 112 | return Value{}, errors.New("invalid credential process args") |
| 113 | } |
| 114 | cmd := exec.Command(args[0], args[1:]...) |
| 115 | out, err := cmd.Output() |
| 116 | if err != nil { |
| 117 | return Value{}, err |
| 118 | } |
| 119 | var externalProcessCredentials externalProcessCredentials |
| 120 | err = json.Unmarshal([]byte(out), &externalProcessCredentials) |
| 121 | if err != nil { |
| 122 | return Value{}, err |
| 123 | } |
| 124 | p.retrieved = true |
| 125 | p.SetExpiration(externalProcessCredentials.Expiration, DefaultExpiryWindow) |
| 126 | return Value{ |
| 127 | AccessKeyID: externalProcessCredentials.AccessKeyID, |
| 128 | SecretAccessKey: externalProcessCredentials.SecretAccessKey, |
| 129 | SessionToken: externalProcessCredentials.SessionToken, |
| 130 | Expiration: externalProcessCredentials.Expiration, |
| 131 | SignerType: SignatureV4, |
no test coverage detected