From e4969c3857981b060d966b6e77976c72dae41c5a Mon Sep 17 00:00:00 2001 From: Aaron Todd Date: Tue, 9 May 2023 13:29:06 -0400 Subject: [PATCH] update ssocreds pkg docs to use token provider examples (#2120) --- credentials/ssocreds/doc.go | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/credentials/ssocreds/doc.go b/credentials/ssocreds/doc.go index 43e5676d348..ece1e65f73b 100644 --- a/credentials/ssocreds/doc.go +++ b/credentials/ssocreds/doc.go @@ -11,12 +11,11 @@ // # Loading AWS SSO credentials with the AWS shared configuration file // // You can use configure AWS SSO credentials from the AWS shared configuration file by -// providing the specifying the required keys in the profile: +// specifying the required keys in the profile and referencing an sso-session: // +// sso_session // sso_account_id -// sso_region // sso_role_name -// sso_start_url // // For example, the following defines a profile "devsso" and specifies the AWS // SSO parameters that defines the target account, role, sign-on portal, and @@ -24,11 +23,15 @@ // provided, or an error will be returned. // // [profile devsso] -// sso_start_url = https://my-sso-portal.awsapps.com/start +// sso_session = dev-session // sso_role_name = SSOReadOnlyRole -// sso_region = us-east-1 // sso_account_id = 123456789012 // +// [sso-session dev-session] +// sso_start_url = https://my-sso-portal.awsapps.com/start +// sso_region = us-east-1 +// sso_registration_scopes = sso:account:access +// // Using the config module, you can load the AWS SDK shared configuration, and // specify that this profile be used to retrieve credentials. For example: // @@ -43,10 +46,17 @@ // and provide the necessary information to load and retrieve temporary // credentials using an access token from ~/.aws/sso/cache. // -// client := sso.NewFromConfig(cfg) +// ssoClient := sso.NewFromConfig(cfg) +// ssoOidcClient := ssooidc.NewFromConfig(cfg) +// tokenPath, err := ssocreds.StandardCachedTokenFilepath("dev-session") +// if err != nil { +// return err +// } // // var provider aws.CredentialsProvider -// provider = ssocreds.New(client, "123456789012", "SSOReadOnlyRole", "us-east-1", "https://my-sso-portal.awsapps.com/start") +// provider = ssocreds.New(ssoClient, "123456789012", "SSOReadOnlyRole", "https://my-sso-portal.awsapps.com/start", func(options *ssocreds.Options) { +// options.SSOTokenProvider = ssocreds.NewSSOTokenProvider(ssoOidcClient, tokenPath) +// }) // // // Wrap the provider with aws.CredentialsCache to cache the credentials until their expire time // provider = aws.NewCredentialsCache(provider)