From b9605fe66bf3621bacf40009907422409a2dc35a Mon Sep 17 00:00:00 2001 From: Matt Lewis Date: Tue, 14 Oct 2025 16:56:49 -0400 Subject: [PATCH] Support getting an expiration from a credential process helper The credential process in aws supports returning the expiration as specified [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html) This simply adds support for that specific case. --- src/aws_credentials_file.erl | 19 +++++++++++-------- .../credential_process/credentials | 2 +- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/src/aws_credentials_file.erl b/src/aws_credentials_file.erl index cbd86c1..04f7338 100644 --- a/src/aws_credentials_file.erl +++ b/src/aws_credentials_file.erl @@ -34,7 +34,8 @@ -export([fetch/1]). -spec fetch(aws_credentials_provider:options()) -> - {error, any()} | {ok, aws_credentials:credentials(), 'infinity'}. + {ok, aws_credentials:credentials(), aws_credentials_provider:expiration()} | + {error, any()}. fetch(Options) -> FilePath = get_file_path(Options), ConfigPath = does_credentials_file_exist(FilePath, config), @@ -77,18 +78,18 @@ maybe_add_home(Path) -> end. -spec maybe_add_region( - {error, any()} | {ok, aws_credentials:credentials(), 'infinity'}, + {error, any()} | {ok, aws_credentials:credentials(), aws_credentials_provider:expiration()}, {error, any()} | string(), aws_credentials_provider:options() - ) -> {ok, aws_credentials:credentials(), 'infinity'}. + ) -> {ok, aws_credentials:credentials(), aws_credentials_provider:expiration()}. maybe_add_region({error, _} = Error, _Config, _Options) -> Error; maybe_add_region(Result, {error, _Error}, _Options) -> Result; -maybe_add_region({ok, Credentials, infinity}, ConfigPath, Options) -> +maybe_add_region({ok, Credentials, Expiration}, ConfigPath, Options) -> case parse_config_file(ConfigPath, Options) of {ok, Config} -> - {ok, maps:put(region, maps:get(<<"region">>, Config), Credentials), infinity}; + {ok, maps:put(region, maps:get(<<"region">>, Config), Credentials), Expiration}; {error, _} -> - {ok, Credentials, infinity} + {ok, Credentials, Expiration} end. -spec check_path_exists(string()) -> {error, 'file_not_found'} | string(). @@ -99,7 +100,7 @@ check_path_exists(Path) -> end. -spec parse_credentials_file(string(), aws_credentials_provider:options()) -> - {error, any()} | {ok, aws_credentials:credentials(), 'infinity'}. + {error, any()} | {ok, aws_credentials:credentials(), aws_credentials_provider:expiration()}. parse_credentials_file(Path, Options) -> {ok, F} = file:read_file(Path), {ok, Profiles} = eini:parse(F), @@ -114,7 +115,7 @@ parse_credentials_file(Path, Options) -> maps:get(<<"aws_access_key_id">>, Profile), maps:get(<<"aws_secret_access_key">>, Profile), maps:get(<<"aws_session_token">>, Profile)), - infinity}; + maps:get(<<"aws_expiration">>, Profile, infinity)}; false -> {ok, aws_credentials:make_map(?MODULE, maps:get(<<"aws_access_key_id">>, Profile), @@ -151,6 +152,8 @@ read_from_profile(File, Profile) -> {true, {<<"aws_secret_access_key">>, SAK}}; ({<<"SessionToken">>, ST}) -> {true, {<<"aws_session_token">>, ST}}; + ({<<"Expiration">>, E}) -> + {true, {<<"aws_expiration">>, E}}; (_) -> false end, maps:to_list(CredResult))), diff --git a/test/aws_credentials_providers_SUITE_data/credential_process/credentials b/test/aws_credentials_providers_SUITE_data/credential_process/credentials index 15d2151..4433f53 100644 --- a/test/aws_credentials_providers_SUITE_data/credential_process/credentials +++ b/test/aws_credentials_providers_SUITE_data/credential_process/credentials @@ -1,2 +1,2 @@ [default] -credential_process = echo '{"AccessKeyId":"dummy_access_key2", "SecretAccessKey":"dummy_secret_access_key2"}' +credential_process = echo '{"AccessKeyId":"dummy_access_key2", "SecretAccessKey":"dummy_secret_access_key2", "Expiration": "2026-09-25T23:43:56"}'