Authentication layer designed to work with hashicorp vault's aws credentialling system. Given a function that takes no arguments but can produce a credential map, we want to store the latest version of the map but also be prepared for the current credentials to time out thus necessitating a new auth request. In order to do this, providers need to throw exceptions of the type: (ex-info "Doesn't matter" {:exception-action :request-credentials} This layer will then catch such exceptions and attempt threadsafe reauthentication.
Authentication layer designed to work with hashicorp vault's aws credentialling system. Given a function that takes no arguments but can produce a credential map, we want to store the latest version of the map but also be prepared for the current credentials to time out thus necessitating a new auth request. In order to do this, providers need to throw exceptions of the type: (ex-info "Doesn't matter" {:exception-action :request-credentials} This layer will then catch such exceptions and attempt threadsafe reauthentication.
(auth-provider cred-fn
{:keys [cred-propagation-ms cred-request-timeout-ms
re-request-time-ms src-provider]
:or {cred-propagation-ms 50
cred-request-timeout-ms 2000
re-request-time-ms (* 20 60 1000)
src-provider (cache/forwarding-provider
:url-parts->provider
io-prot/url-parts->provider)}})
You need to call com.stuartsierra.component/start on this to enable the credential request system.
You need to call com.stuartsierra.component/start on this to enable the credential request system.
(vault-aws-auth-provider
{:keys [vault-path] :or {vault-path "aws/sts/core"} :as options})
(with-credential-update timeout-ms cred-request-fn execute-fn)
Attempt an s3 operation. If the operation fails with an invalid access key, request new aws credentials from vault exactly once. Continue attempting operation until it either fails with a different exception, hits the timeout, or succeeds
Attempt an s3 operation. If the operation fails with an invalid access key, request new aws credentials from vault exactly once. Continue attempting operation until it either fails with a different exception, hits the timeout, or succeeds
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close