Skip to content

Commit

Permalink
[WIP] support explicit session TTLs (#48)
Browse files Browse the repository at this point in the history 
* support explicit session TTLs

* Use correct flag

* Actually correct flag
  • Loading branch information
@sudermanjr
sudermanjr authored Oct 12, 2022
1 parent 3eafee6 commit bd425bb
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
4 changes: 4 additions & 0 deletions aws.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -287,7 +287,11 @@ func (c Config) getAWSCredentials() (*AWSCredentials, error) {
func (c Config) AWSLogin() (*AWSCredentials, error) {
endpoint := fmt.Sprintf("%s/sts/%s", c.Path, c.Role)
klog.V(3).Infof("attempting to get aws credentials from vault at %s", endpoint)

cmd := exec.Command("vault", "write", endpoint, "-format=json")
if c.TTL != "" {
cmd.Args = append(cmd.Args, fmt.Sprintf("ttl=%s", c.TTL))
}

data, err := cmd.CombinedOutput()
if err != nil {
Expand Down
1 change: 1 addition & 0 deletions config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ type Config struct {
AWSBaseURL string
Path string
Role string
TTL string
// BufferSeconds is the number of seconds to renew before expiration
BufferSeconds int64
}
Expand Down

0 comments on commit bd425bb

Please sign in to comment.