// initializeCredentialsEndpoint sets the credentials endpoint for all containers in a task if needed.
func (task *Task) initializeCredentialsEndpoint(credentialsManager credentials.Manager) {
	id := task.GetCredentialsId()
	if id == "" {
		// No credentials set for the task. Do not inject the endpoint environment variable.
		return
	}
	taskCredentials, ok := credentialsManager.GetTaskCredentials(id)
	if !ok {
		// Task has credentials id set, but credentials manager is unaware of
		// the id. This should never happen as the payload handler sets
		// credentialsId for the task after adding credentials to the
		// credentials manager
		seelog.Errorf("Unable to get credentials for task: %s", task.Arn)
		return
	}

	credentialsEndpointRelativeURI := taskCredentials.IAMRoleCredentials.GenerateCredentialsEndpointRelativeURI()
	for _, container := range task.Containers {
		// container.Environment map would not be initialized if there are
		// no environment variables to be set or overridden in the container
		// config. Check if that's the case and initilialize if needed
		if container.Environment == nil {
			container.Environment = make(map[string]string)
		}
		container.Environment[awsSDKCredentialsRelativeURIPathEnvironmentVariableName] = credentialsEndpointRelativeURI
	}

}
Beispiel #2
0
// processCredentialsV1Request returns the response json containing credentials for the credentials id in the request
func processCredentialsV1Request(credentialsManager credentials.Manager, r *http.Request) ([]byte, string, *errorMessage, error) {
	credentialsId, ok := handlers.ValueFromRequest(r, credentials.CredentialsIdQueryParameterName)

	if !ok {
		errText := "CredentialsV1Request: No ID in the request"
		log.Infof("%s. Request IP Address: %s", errText, r.RemoteAddr)
		msg := &errorMessage{
			Code:          NoIdInRequest,
			Message:       errText,
			httpErrorCode: http.StatusBadRequest,
		}
		return nil, "", msg, errors.New(errText)
	}

	credentials, ok := credentialsManager.GetTaskCredentials(credentialsId)
	if !ok {
		errText := "CredentialsV1Request: ID not found"
		log.Infof("%s. Request IP Address: %s", errText, r.RemoteAddr)
		msg := &errorMessage{
			Code:          InvalidIdInRequest,
			Message:       errText,
			httpErrorCode: http.StatusBadRequest,
		}
		return nil, "", msg, errors.New(errText)
	}

	if credentials == nil {
		// This can happen when the agent is restarted and is reconciling its state.
		errText := "CredentialsV1Request: Credentials uninitialized for ID"
		log.Infof("%s. Request IP Address: %s", errText, r.RemoteAddr)
		msg := &errorMessage{
			Code:          CredentialsUninitialized,
			Message:       errText,
			httpErrorCode: http.StatusServiceUnavailable,
		}
		return nil, "", msg, errors.New(errText)
	}

	credentialsJSON, err := json.Marshal(credentials.IAMRoleCredentials)
	if err != nil {
		errText := "CredentialsV1Request: Error marshaling credentials"
		log.Errorf("%s. Request IP Address: %s", errText, r.RemoteAddr)
		msg := &errorMessage{
			Code:          InternalServerError,
			Message:       "Internal server error",
			httpErrorCode: http.StatusInternalServerError,
		}
		return nil, "", msg, errors.New(errText)
	}

	//Success
	return credentialsJSON, credentials.ARN, nil, nil
}