forked from rlmcpherson/s3gof3r
-
Notifications
You must be signed in to change notification settings - Fork 3
/
auth.go
89 lines (78 loc) · 1.86 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package s3gof3r
import (
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
"os"
"time"
)
// Keys for an Amazon Web Services account.
// Used for signing http requests.
type Keys struct {
AccessKey string
SecretKey string
SecurityToken string
}
type mdCreds struct {
Code string
LastUpdated string
Type string
AccessKeyId string
SecretAccessKey string
Token string
Expiration string
}
// InstanceKeys Requests the AWS keys from the instance-based metadata on EC2
// Assumes only one IAM role.
func InstanceKeys() (keys Keys, err error) {
rolePath := "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
var creds mdCreds
// request the role name for the instance
// assumes there is only one
resp, err := ClientWithTimeout(2 * time.Second).Get(rolePath)
if err != nil {
return
}
defer checkClose(resp.Body, &err)
if resp.StatusCode != 200 {
err = newRespError(resp)
return
}
role, err := ioutil.ReadAll(resp.Body)
if err != nil {
return
}
// request the credential metadata for the role
resp, err = http.Get(rolePath + string(role))
if err != nil {
return
}
defer checkClose(resp.Body, &err)
if resp.StatusCode != 200 {
err = newRespError(resp)
return
}
metadata, err := ioutil.ReadAll(resp.Body)
if err != nil {
return
}
if err = json.Unmarshal([]byte(metadata), &creds); err != nil {
return
}
keys = Keys{AccessKey: creds.AccessKeyId,
SecretKey: creds.SecretAccessKey,
SecurityToken: creds.Token,
}
return
}
// EnvKeys Reads the AWS keys from the environment
func EnvKeys() (keys Keys, err error) {
keys = Keys{AccessKey: os.Getenv("AWS_ACCESS_KEY_ID"),
SecretKey: os.Getenv("AWS_SECRET_ACCESS_KEY"),
}
if keys.AccessKey == "" || keys.SecretKey == "" {
err = fmt.Errorf("keys not set in environment: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY")
}
return
}