YQ Connector: prepare code base for S3 integration

1. Кодовая база Коннектора переписана с помощью Go дженериков так, чтобы добавление нового источника данных (в частности S3 + csv) максимально переиспользовало имеющийся код (чтобы сохранялась логика нарезания на блоки данных, учёт трафика и пр.) 2. API Connector расширено для работы с S3, но ещё пока не протестировано.
author: vitalyisaev <vitalyisaev@ydb.tech> 2023-12-12 21:55:07 +0300
committer: vitalyisaev <vitalyisaev@ydb.tech> 2023-12-12 22:25:10 +0300
commit: 4967f99474a4040ba150eb04995de06342252718 (patch)
tree: c9c118836513a8fab6e9fcfb25be5d404338bca7 /vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds
parent: 2ce9cccb9b0bdd4cd7a3491dc5cbf8687cda51de (diff)
download: ydb-4967f99474a4040ba150eb04995de06342252718.tar.gz
5 files changed, 743 insertions, 0 deletions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/doc.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/doc.go
new file mode 100644
index 0000000000..a3137b8fa9
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/doc.go
@@ -0,0 +1,92 @@
+// Package processcreds is a credentials provider to retrieve credentials from a
+// external CLI invoked process.
+//
+// WARNING: The following describes a method of sourcing credentials from an external
+// process. This can potentially be dangerous, so proceed with caution. Other
+// credential providers should be preferred if at all possible. If using this
+// option, you should make sure that the config file is as locked down as possible
+// using security best practices for your operating system.
+//
+// # Concurrency and caching
+//
+// The Provider is not safe to be used concurrently, and does not provide any
+// caching of credentials retrieved. You should wrap the Provider with a
+// `aws.CredentialsCache` to provide concurrency safety, and caching of
+// credentials.
+//
+// # Loading credentials with the SDKs AWS Config
+//
+// You can use credentials from a AWS shared config `credential_process` in a
+// variety of ways.
+//
+// One way is to setup your shared config file, located in the default
+// location, with the `credential_process` key and the command you want to be
+// called. You also need to set the AWS_SDK_LOAD_CONFIG environment variable
+// (e.g., `export AWS_SDK_LOAD_CONFIG=1`) to use the shared config file.
+//
+//	[default]
+//	credential_process = /command/to/call
+//
+// Loading configuration using external will use the credential process to
+// retrieve credentials. NOTE: If there are credentials in the profile you are
+// using, the credential process will not be used.
+//
+//	// Initialize a session to load credentials.
+//	cfg, _ := config.LoadDefaultConfig(context.TODO())
+//
+//	// Create S3 service client to use the credentials.
+//	svc := s3.NewFromConfig(cfg)
+//
+// # Loading credentials with the Provider directly
+//
+// Another way to use the credentials process provider is by using the
+// `NewProvider` constructor to create the provider and providing a it with a
+// command to be executed to retrieve credentials.
+//
+// The following example creates a credentials provider for a command, and wraps
+// it with the CredentialsCache before assigning the provider to the Amazon S3 API
+// client's Credentials option.
+//
+//	 // Create credentials using the Provider.
+//		provider := processcreds.NewProvider("/path/to/command")
+//
+//	 // Create the service client value configured for credentials.
+//	 svc := s3.New(s3.Options{
+//	   Credentials: aws.NewCredentialsCache(provider),
+//	 })
+//
+// If you need more control, you can set any configurable options in the
+// credentials using one or more option functions.
+//
+//	provider := processcreds.NewProvider("/path/to/command",
+//	    func(o *processcreds.Options) {
+//	      // Override the provider's default timeout
+//	      o.Timeout = 2 * time.Minute
+//	    })
+//
+// You can also use your own `exec.Cmd` value by satisfying a value that satisfies
+// the `NewCommandBuilder` interface and use the `NewProviderCommand` constructor.
+//
+//	// Create an exec.Cmd
+//	cmdBuilder := processcreds.NewCommandBuilderFunc(
+//		func(ctx context.Context) (*exec.Cmd, error) {
+//			cmd := exec.CommandContext(ctx,
+//				"customCLICommand",
+//				"-a", "argument",
+//			)
+//			cmd.Env = []string{
+//				"ENV_VAR_FOO=value",
+//				"ENV_VAR_BAR=other_value",
+//			}
+//
+//			return cmd, nil
+//		},
+//	)
+//
+//	// Create credentials using your exec.Cmd and custom timeout
+//	provider := processcreds.NewProviderCommand(cmdBuilder,
+//		func(opt *processcreds.Provider) {
+//			// optionally override the provider's default timeout
+//			opt.Timeout = 1 * time.Second
+//		})
+package processcreds
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/gotest/ya.make b/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/gotest/ya.make
new file mode 100644
index 0000000000..6e85ac6c6a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/gotest/ya.make
@@ -0,0 +1,5 @@
+GO_TEST_FOR(vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds)
+
+LICENSE(Apache-2.0)
+
+END()
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go
new file mode 100644
index 0000000000..fe9345e287
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go
@@ -0,0 +1,281 @@
+package processcreds
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"runtime"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/internal/sdkio"
+)
+
+const (
+	// ProviderName is the name this credentials provider will label any
+	// returned credentials Value with.
+	ProviderName = `ProcessProvider`
+
+	// DefaultTimeout default limit on time a process can run.
+	DefaultTimeout = time.Duration(1) * time.Minute
+)
+
+// ProviderError is an error indicating failure initializing or executing the
+// process credentials provider
+type ProviderError struct {
+	Err error
+}
+
+// Error returns the error message.
+func (e *ProviderError) Error() string {
+	return fmt.Sprintf("process provider error: %v", e.Err)
+}
+
+// Unwrap returns the underlying error the provider error wraps.
+func (e *ProviderError) Unwrap() error {
+	return e.Err
+}
+
+// Provider satisfies the credentials.Provider interface, and is a
+// client to retrieve credentials from a process.
+type Provider struct {
+	// Provides a constructor for exec.Cmd that are invoked by the provider for
+	// retrieving credentials. Use this to provide custom creation of exec.Cmd
+	// with things like environment variables, or other configuration.
+	//
+	// The provider defaults to the DefaultNewCommand function.
+	commandBuilder NewCommandBuilder
+
+	options Options
+}
+
+// Options is the configuration options for configuring the Provider.
+type Options struct {
+	// Timeout limits the time a process can run.
+	Timeout time.Duration
+}
+
+// NewCommandBuilder provides the interface for specifying how command will be
+// created that the Provider will use to retrieve credentials with.
+type NewCommandBuilder interface {
+	NewCommand(context.Context) (*exec.Cmd, error)
+}
+
+// NewCommandBuilderFunc provides a wrapper type around a function pointer to
+// satisfy the NewCommandBuilder interface.
+type NewCommandBuilderFunc func(context.Context) (*exec.Cmd, error)
+
+// NewCommand calls the underlying function pointer the builder was initialized with.
+func (fn NewCommandBuilderFunc) NewCommand(ctx context.Context) (*exec.Cmd, error) {
+	return fn(ctx)
+}
+
+// DefaultNewCommandBuilder provides the default NewCommandBuilder
+// implementation used by the provider. It takes a command and arguments to
+// invoke. The command will also be initialized with the current process
+// environment variables, stderr, and stdin pipes.
+type DefaultNewCommandBuilder struct {
+	Args []string
+}
+
+// NewCommand returns an initialized exec.Cmd with the builder's initialized
+// Args. The command is also initialized current process environment variables,
+// stderr, and stdin pipes.
+func (b DefaultNewCommandBuilder) NewCommand(ctx context.Context) (*exec.Cmd, error) {
+	var cmdArgs []string
+	if runtime.GOOS == "windows" {
+		cmdArgs = []string{"cmd.exe", "/C"}
+	} else {
+		cmdArgs = []string{"sh", "-c"}
+	}
+
+	if len(b.Args) == 0 {
+		return nil, &ProviderError{
+			Err: fmt.Errorf("failed to prepare command: command must not be empty"),
+		}
+	}
+
+	cmdArgs = append(cmdArgs, b.Args...)
+	cmd := exec.CommandContext(ctx, cmdArgs[0], cmdArgs[1:]...)
+	cmd.Env = os.Environ()
+
+	cmd.Stderr = os.Stderr // display stderr on console for MFA
+	cmd.Stdin = os.Stdin   // enable stdin for MFA
+
+	return cmd, nil
+}
+
+// NewProvider returns a pointer to a new Credentials object wrapping the
+// Provider.
+//
+// The provider defaults to the DefaultNewCommandBuilder for creating command
+// the Provider will use to retrieve credentials with.
+func NewProvider(command string, options ...func(*Options)) *Provider {
+	var args []string
+
+	// Ensure that the command arguments are not set if the provided command is
+	// empty. This will error out when the command is executed since no
+	// arguments are specified.
+	if len(command) > 0 {
+		args = []string{command}
+	}
+
+	commanBuilder := DefaultNewCommandBuilder{
+		Args: args,
+	}
+	return NewProviderCommand(commanBuilder, options...)
+}
+
+// NewProviderCommand returns a pointer to a new Credentials object with the
+// specified command, and default timeout duration. Use this to provide custom
+// creation of exec.Cmd for options like environment variables, or other
+// configuration.
+func NewProviderCommand(builder NewCommandBuilder, options ...func(*Options)) *Provider {
+	p := &Provider{
+		commandBuilder: builder,
+		options: Options{
+			Timeout: DefaultTimeout,
+		},
+	}
+
+	for _, option := range options {
+		option(&p.options)
+	}
+
+	return p
+}
+
+// A CredentialProcessResponse is the AWS credentials format that must be
+// returned when executing an external credential_process.
+type CredentialProcessResponse struct {
+	// As of this writing, the Version key must be set to 1. This might
+	// increment over time as the structure evolves.
+	Version int
+
+	// The access key ID that identifies the temporary security credentials.
+	AccessKeyID string `json:"AccessKeyId"`
+
+	// The secret access key that can be used to sign requests.
+	SecretAccessKey string
+
+	// The token that users must pass to the service API to use the temporary credentials.
+	SessionToken string
+
+	// The date on which the current credentials expire.
+	Expiration *time.Time
+}
+
+// Retrieve executes the credential process command and returns the
+// credentials, or error if the command fails.
+func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) {
+	out, err := p.executeCredentialProcess(ctx)
+	if err != nil {
+		return aws.Credentials{Source: ProviderName}, err
+	}
+
+	// Serialize and validate response
+	resp := &CredentialProcessResponse{}
+	if err = json.Unmarshal(out, resp); err != nil {
+		return aws.Credentials{Source: ProviderName}, &ProviderError{
+			Err: fmt.Errorf("parse failed of process output: %s, error: %w", out, err),
+		}
+	}
+
+	if resp.Version != 1 {
+		return aws.Credentials{Source: ProviderName}, &ProviderError{
+			Err: fmt.Errorf("wrong version in process output (not 1)"),
+		}
+	}
+
+	if len(resp.AccessKeyID) == 0 {
+		return aws.Credentials{Source: ProviderName}, &ProviderError{
+			Err: fmt.Errorf("missing AccessKeyId in process output"),
+		}
+	}
+
+	if len(resp.SecretAccessKey) == 0 {
+		return aws.Credentials{Source: ProviderName}, &ProviderError{
+			Err: fmt.Errorf("missing SecretAccessKey in process output"),
+		}
+	}
+
+	creds := aws.Credentials{
+		Source:          ProviderName,
+		AccessKeyID:     resp.AccessKeyID,
+		SecretAccessKey: resp.SecretAccessKey,
+		SessionToken:    resp.SessionToken,
+	}
+
+	// Handle expiration
+	if resp.Expiration != nil {
+		creds.CanExpire = true
+		creds.Expires = *resp.Expiration
+	}
+
+	return creds, nil
+}
+
+// executeCredentialProcess starts the credential process on the OS and
+// returns the results or an error.
+func (p *Provider) executeCredentialProcess(ctx context.Context) ([]byte, error) {
+	if p.options.Timeout >= 0 {
+		var cancelFunc func()
+		ctx, cancelFunc = context.WithTimeout(ctx, p.options.Timeout)
+		defer cancelFunc()
+	}
+
+	cmd, err := p.commandBuilder.NewCommand(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	// get creds json on process's stdout
+	output := bytes.NewBuffer(make([]byte, 0, int(8*sdkio.KibiByte)))
+	if cmd.Stdout != nil {
+		cmd.Stdout = io.MultiWriter(cmd.Stdout, output)
+	} else {
+		cmd.Stdout = output
+	}
+
+	execCh := make(chan error, 1)
+	go executeCommand(cmd, execCh)
+
+	select {
+	case execError := <-execCh:
+		if execError == nil {
+			break
+		}
+		select {
+		case <-ctx.Done():
+			return output.Bytes(), &ProviderError{
+				Err: fmt.Errorf("credential process timed out: %w", execError),
+			}
+		default:
+			return output.Bytes(), &ProviderError{
+				Err: fmt.Errorf("error in credential_process: %w", execError),
+			}
+		}
+	}
+
+	out := output.Bytes()
+	if runtime.GOOS == "windows" {
+		// windows adds slashes to quotes
+		out = bytes.ReplaceAll(out, []byte(`\"`), []byte(`"`))
+	}
+
+	return out, nil
+}
+
+func executeCommand(cmd *exec.Cmd, exec chan error) {
+	// Start the command
+	err := cmd.Start()
+	if err == nil {
+		err = cmd.Wait()
+	}
+
+	exec <- err
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider_test.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider_test.go
new file mode 100644
index 0000000000..5678af0dde
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider_test.go
@@ -0,0 +1,338 @@
+package processcreds
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestProviderBadCommand(t *testing.T) {
+	provider := NewProvider("/bad/process")
+	_, err := provider.Retrieve(context.Background())
+	var pe *ProviderError
+	if ok := errors.As(err, &pe); !ok {
+		t.Fatalf("expect error to be of type %T", pe)
+	}
+	if e, a := "error in credential_process", pe.Error(); !strings.Contains(a, e) {
+		t.Errorf("expected %v, got %v", e, a)
+	}
+}
+
+func TestProviderMoreEmptyCommands(t *testing.T) {
+	provider := NewProvider("")
+	_, err := provider.Retrieve(context.Background())
+	var pe *ProviderError
+	if ok := errors.As(err, &pe); !ok {
+		t.Fatalf("expect error to be of type %T", pe)
+	}
+	if e, a := "failed to prepare command", pe.Error(); !strings.Contains(a, e) {
+		t.Errorf("expected %v, got %v", e, a)
+	}
+}
+
+func TestProviderExpectErrors(t *testing.T) {
+	provider := NewProvider(
+		fmt.Sprintf(
+			"%s %s",
+			getOSCat(),
+			filepath.Join("testdata", "malformed.json"),
+		))
+	_, err := provider.Retrieve(context.Background())
+	var pe *ProviderError
+	if ok := errors.As(err, &pe); !ok {
+		t.Fatalf("expect error to be of type %T", pe)
+	}
+	if e, a := "parse failed of process output", pe.Error(); !strings.Contains(a, e) {
+		t.Errorf("expected %v, got %v", e, a)
+	}
+
+	provider = NewProvider(
+		fmt.Sprintf("%s %s",
+			getOSCat(),
+			filepath.Join("testdata", "wrongversion.json"),
+		))
+	_, err = provider.Retrieve(context.Background())
+	if ok := errors.As(err, &pe); !ok {
+		t.Fatalf("expect error to be of type %T", pe)
+	}
+	if e, a := "wrong version in process output", pe.Error(); !strings.Contains(a, e) {
+		t.Errorf("expected %v, got %v", e, a)
+	}
+
+	provider = NewProvider(
+		fmt.Sprintf(
+			"%s %s",
+			getOSCat(),
+			filepath.Join("testdata", "missingkey.json"),
+		))
+	_, err = provider.Retrieve(context.Background())
+	if ok := errors.As(err, &pe); !ok {
+		t.Fatalf("expect error to be of type %T", pe)
+	}
+	if e, a := "missing AccessKeyId", pe.Error(); !strings.Contains(a, e) {
+		t.Errorf("expected %v, got %v", e, a)
+	}
+
+	provider = NewProvider(
+		fmt.Sprintf(
+			"%s %s",
+			getOSCat(),
+			filepath.Join("testdata", "missingsecret.json"),
+		))
+	_, err = provider.Retrieve(context.Background())
+	if ok := errors.As(err, &pe); !ok {
+		t.Fatalf("expect error to be of type %T", pe)
+	}
+	if e, a := "missing SecretAccessKey", pe.Error(); !strings.Contains(a, e) {
+		t.Errorf("expected %v, got %v", e, a)
+	}
+}
+
+func TestProviderTimeout(t *testing.T) {
+	command := "/bin/sleep 2"
+	if runtime.GOOS == "windows" {
+		// "timeout" command does not work due to pipe redirection
+		command = "ping -n 2 127.0.0.1>nul"
+	}
+
+	provider := NewProvider(command, func(options *Options) {
+		options.Timeout = time.Duration(1) * time.Second
+	})
+	_, err := provider.Retrieve(context.Background())
+	var pe *ProviderError
+	if ok := errors.As(err, &pe); !ok {
+		t.Fatalf("expect error to be of type %T", pe)
+	}
+	if e, a := "credential process timed out", pe.Error(); !strings.Contains(a, e) {
+		t.Errorf("expected %v, got %v", e, a)
+	}
+}
+
+func TestProviderWithLongSessionToken(t *testing.T) {
+	provider := NewProvider(
+		fmt.Sprintf(
+			"%s %s",
+			getOSCat(),
+			filepath.Join("testdata", "longsessiontoken.json"),
+		))
+	v, err := provider.Retrieve(context.Background())
+	if err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+
+	// Text string same length as session token returned by AWS for AssumeRoleWithWebIdentity
+	e := "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+	if a := v.SessionToken; e != a {
+		t.Errorf("expected %v, got %v", e, a)
+	}
+}
+
+type credentialTest struct {
+	Version         int
+	AccessKeyID     string `json:"AccessKeyId"`
+	SecretAccessKey string
+	Expiration      string
+}
+
+func TestProviderStatic(t *testing.T) {
+	// static
+	provider := NewProvider(
+		fmt.Sprintf(
+			"%s %s",
+			getOSCat(),
+			filepath.Join("testdata", "static.json"),
+		))
+	v, err := provider.Retrieve(context.Background())
+	if err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+	if v.CanExpire != false {
+		t.Errorf("expected %v, got %v", "static credentials/not expired", "can expire")
+	}
+
+}
+
+func TestProviderNotExpired(t *testing.T) {
+	// non-static, not expired
+	exp := &credentialTest{}
+	exp.Version = 1
+	exp.AccessKeyID = "accesskey"
+	exp.SecretAccessKey = "secretkey"
+	exp.Expiration = time.Now().Add(1 * time.Hour).UTC().Format(time.RFC3339)
+	b, err := json.Marshal(exp)
+	if err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+
+	tmpFile, err := ioutil.TempFile(os.TempDir(), "tmp_expiring")
+	if err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+	if _, err = io.Copy(tmpFile, bytes.NewReader(b)); err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+	defer func() {
+		if err = tmpFile.Close(); err != nil {
+			t.Errorf("expected %v, got %v", "no error", err)
+		}
+		if err = os.Remove(tmpFile.Name()); err != nil {
+			t.Errorf("expected %v, got %v", "no error", err)
+		}
+	}()
+	provider := NewProvider(
+		fmt.Sprintf("%s %s", getOSCat(), tmpFile.Name()))
+	v, err := provider.Retrieve(context.Background())
+	if err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+	if v.Expired() {
+		t.Errorf("expected %v, got %v", "not expired", "expired")
+	}
+}
+
+func TestProviderExpired(t *testing.T) {
+	// non-static, expired
+	exp := &credentialTest{}
+	exp.Version = 1
+	exp.AccessKeyID = "accesskey"
+	exp.SecretAccessKey = "secretkey"
+	exp.Expiration = time.Now().Add(-1 * time.Hour).UTC().Format(time.RFC3339)
+	b, err := json.Marshal(exp)
+	if err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+
+	tmpFile, err := ioutil.TempFile(os.TempDir(), "tmp_expired")
+	if err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+	if _, err = io.Copy(tmpFile, bytes.NewReader(b)); err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+	defer func() {
+		if err = tmpFile.Close(); err != nil {
+			t.Errorf("expected %v, got %v", "no error", err)
+		}
+		if err = os.Remove(tmpFile.Name()); err != nil {
+			t.Errorf("expected %v, got %v", "no error", err)
+		}
+	}()
+	provider := NewProvider(
+		fmt.Sprintf("%s %s", getOSCat(), tmpFile.Name()))
+	v, err := provider.Retrieve(context.Background())
+	if err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+	if !v.Expired() {
+		t.Errorf("expected %v, got %v", "expired", "not expired")
+	}
+}
+
+func TestProviderForceExpire(t *testing.T) {
+	// non-static, not expired
+
+	// setup test credentials file
+	exp := &credentialTest{}
+	exp.Version = 1
+	exp.AccessKeyID = "accesskey"
+	exp.SecretAccessKey = "secretkey"
+	exp.Expiration = time.Now().Add(1 * time.Hour).UTC().Format(time.RFC3339)
+	b, err := json.Marshal(exp)
+	if err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+	tmpFile, err := ioutil.TempFile(os.TempDir(), "tmp_force_expire")
+	if err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+	if _, err = io.Copy(tmpFile, bytes.NewReader(b)); err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+	defer func() {
+		if err = tmpFile.Close(); err != nil {
+			t.Errorf("expected %v, got %v", "no error", err)
+		}
+		if err = os.Remove(tmpFile.Name()); err != nil {
+			t.Errorf("expected %v, got %v", "no error", err)
+		}
+	}()
+
+	// get credentials from file
+	provider := NewProvider(
+		fmt.Sprintf("%s %s", getOSCat(), tmpFile.Name()))
+	v, err := provider.Retrieve(context.Background())
+	if err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+	if v.Expired() {
+		t.Errorf("expected %v, got %v", "not expired", "expired")
+	}
+
+	// Re-retrieve credentials
+	v, err = provider.Retrieve(context.Background())
+	if err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+	if v.Expired() {
+		t.Errorf("expected %v, got %v", "not expired", "expired")
+	}
+}
+
+func TestProviderAltConstruct(t *testing.T) {
+	cmdBuilder := DefaultNewCommandBuilder{Args: []string{
+		fmt.Sprintf("%s %s", getOSCat(),
+			filepath.Join("testdata", "static.json"),
+		),
+	}}
+
+	provider := NewProviderCommand(cmdBuilder, func(options *Options) {
+		options.Timeout = time.Duration(1) * time.Second
+	})
+	v, err := provider.Retrieve(context.Background())
+	if err != nil {
+		t.Errorf("expected %v, got %v", "no error", err)
+	}
+	if v.CanExpire != false {
+		t.Errorf("expected %v, got %v", "static credentials/not expired", "expired")
+	}
+}
+
+func BenchmarkProcessProvider(b *testing.B) {
+	provider := NewProvider(
+		fmt.Sprintf(
+			"%s %s",
+			getOSCat(),
+			filepath.Join("testdata", "static.json"),
+		))
+	_, err := provider.Retrieve(context.Background())
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		b.StartTimer()
+		_, err := provider.Retrieve(context.Background())
+		if err != nil {
+			b.Fatal(err)
+		}
+		b.StopTimer()
+	}
+}
+
+func getOSCat() string {
+	if runtime.GOOS == "windows" {
+		return "type"
+	}
+	return "cat"
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/ya.make b/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/ya.make
new file mode 100644
index 0000000000..e658367510
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/ya.make
@@ -0,0 +1,27 @@
+GO_LIBRARY()
+
+LICENSE(Apache-2.0)
+
+GO_SKIP_TESTS(
+    TestProviderAltConstruct
+    TestProviderExpectErrors
+    TestProviderExpired
+    TestProviderForceExpire
+    TestProviderNotExpired
+    TestProviderStatic
+    TestProviderTimeout
+    TestProviderWithLongSessionToken
+)
+
+SRCS(
+    doc.go
+    provider.go
+)
+
+GO_TEST_SRCS(provider_test.go)
+
+END()
+
+RECURSE(
+    gotest
+)
author	vitalyisaev <vitalyisaev@ydb.tech>	2023-12-12 21:55:07 +0300
committer	vitalyisaev <vitalyisaev@ydb.tech>	2023-12-12 22:25:10 +0300
commit	4967f99474a4040ba150eb04995de06342252718 (patch)
tree	c9c118836513a8fab6e9fcfb25be5d404338bca7 /vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds
parent	2ce9cccb9b0bdd4cd7a3491dc5cbf8687cda51de (diff)
download	ydb-4967f99474a4040ba150eb04995de06342252718.tar.gz