// InitializeAWS sets up access to the AWS Simple Token Service
func InitializeAWS() error {
if *awsRegion == "" {
*awsRegion = aws.InstanceRegion()
if *awsRegion == "unknown" {
*awsRegion = "us-east-1"
}
}
if *awsAccessKey == "" || *awsSecretKey == "" {
return fmt.Errorf("you must specify aws-access-key-id and " +
"aws-secret-access-key in the config file or " +
"AWSAUTHD_AWS_ACCESS_KEY_ID and AWSAUTHD_AWS_SECRET_ACCESS_KEY in " +
"the environment. These must be regular permanent credentials, not " +
"temporary or instance credentials.")
}
maybeAWSAuth := aws.Auth{
AccessKey: *awsAccessKey,
SecretKey: *awsSecretKey,
}
stsConnection := sts.New(maybeAWSAuth, aws.GetRegion(*awsRegion))
_, err := stsConnection.GetFederationToken("snakeoil", "", 900)
if err != nil {
return fmt.Errorf("Your credentials don't work to call "+
"GetFederationToken(). You must specify aws-access-key-id and "+
"aws-secret-access-key in the config file or "+
"AWSAUTHD_AWS_ACCESS_KEY_ID and AWSAUTHD_AWS_SECRET_ACCESS_KEY in "+
"the environment. These must be regular permanent credentials, not "+
"temporary or instance credentials. (err=%s)", err)
}
// If GetFederationToken worked then we are good to go.
awsAuth = maybeAWSAuth
return nil
}
// GetCredentials fetches credentials for the specified user and policy.
func GetCredentials(user string, policyString string,
tokenLifetime time.Duration) (*sts.Credentials, error) {
stsConnection := sts.New(awsAuth, aws.GetRegion(*awsRegion))
getTokenResult, err := stsConnection.GetFederationToken(user, policyString,
int(tokenLifetime.Seconds()))
if err != nil {
return nil, fmt.Errorf("GetFederationToken: %s", err)
}
return &getTokenResult.Credentials, nil
}
func (s *S) SetUpSuite(c *gocheck.C) {
testServer.Start()
auth := aws.Auth{AccessKey: "abc", SecretKey: "123"}
s.sts = sts.New(auth, aws.Region{STSEndpoint: testServer.URL})
}
