in signer/msk_auth_token_provider.go [226:258]
func constructAuthToken(ctx context.Context, region string, credentials *aws.Credentials) (string, int64, error) {
endpointURL := fmt.Sprintf(endpointURLTemplate, region)
if credentials == nil || credentials.AccessKeyID == "" || credentials.SecretAccessKey == "" {
return "", 0, fmt.Errorf("aws credentials cannot be empty")
}
if AwsDebugCreds {
logCallerIdentity(ctx, region, *credentials)
}
req, err := buildRequest(DefaultExpirySeconds, endpointURL)
if err != nil {
return "", 0, fmt.Errorf("failed to build request for signing: %w", err)
}
signedURL, err := signRequest(ctx, req, region, credentials)
if err != nil {
return "", 0, fmt.Errorf("failed to sign request with aws sig v4: %w", err)
}
expirationTimeMs, err := getExpirationTimeMs(signedURL)
if err != nil {
return "", 0, fmt.Errorf("failed to extract expiration from signed url: %w", err)
}
signedURLWithUserAgent, err := addUserAgent(signedURL)
if err != nil {
return "", 0, fmt.Errorf("failed to add user agent to the signed url: %w", err)
}
return base64Encode(signedURLWithUserAgent), expirationTimeMs, nil
}