Skip to content

FFI/GO: Add IAM authentication support with automatic token refresh #4892

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

FFI/GO: Add IAM authentication support with automatic token refresh #4892

wants to merge 5 commits into from

Conversation

affonsov
Copy link
Collaborator

Add IAM Authentication Support for Go Client

Overview

This PR implements IAM authentication support for the Go client, enabling secure connections to AWS ElastiCache and MemoryDB clusters using IAM credentials instead of static passwords.

Changes

Core Implementation

  • IamAuthConfig: New configuration struct for IAM authentication

    • Supports both ElastiCache and MemoryDB service types
    • Configurable token refresh interval (default: 300 seconds)
    • Builder pattern with WithRefreshIntervalSeconds() method

  • ServerCredentials Enhancement: Extended to support two authentication modes

    • Password-based authentication (existing)
    • IAM authentication (new)
    • Modes are mutually exclusive
    • Added IsIamAuth() helper method

  • RefreshIamToken Method: Manual token refresh capability

    • Available on both standalone and cluster clients
    • Returns "OK" on success
    • Only works with IAM-authenticated clients

FFI Layer

  • Added refresh_iam_token FFI binding in ffi/src/lib.rs
  • Proper memory management with Arc reference counting
  • Comprehensive safety documentation

Issue link

This Pull Request is linked to issue (URL): [REPLACE ME]

Checklist

Before submitting the PR make sure the following are checked:

  • This Pull Request is related to one issue.
  • Commit message has a detailed description of what changed and why.
  • Tests are added or updated.
  • CHANGELOG.md and documentation files are updated.
  • Destination branch is correct - main or release
  • Create merge commit if merging release branch into main, squash otherwise.

@affonsov
feat(go): Add IAM authentication support with automatic token refresh
c4690c9 
Implement IAM authentication for ElastiCache and MemoryDB clusters in the Go client:

- Add IamAuthConfig with configurable refresh intervals
- Extend ServerCredentials to support IAM authentication mode
- Implement RefreshIamToken method for manual token refresh
- Add FFI binding for refresh_iam_token
- Include comprehensive examples for ElastiCache, MemoryDB, and cluster modes
- Add unit tests for IAM configuration and credentials

The client automatically refreshes IAM tokens based on the configured interval,
with support for manual refresh when needed. IAM and password authentication
modes are mutually exclusive.

Signed-off-by: affonsov <[email protected]>
@affonsov affonsov requested a review from a team as a code owner October 17, 2025 18:34
@affonsov
fix miri tests
ba4faf6 
Signed-off-by: affonsov <[email protected]>
@affonsov
lint fix
122b624 
Signed-off-by: affonsov <[email protected]>
@affonsov
fix ffi
83b60ce 
Signed-off-by: affonsov <[email protected]>
@affonsov
clean up tests
0ebcd4a 
Signed-off-by: affonsov <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@affonsov