func (sb signerBuilder) BuildSigner() signer {
	endpoint := "https://" + sb.ServiceName + "." + sb.Region + ".amazonaws.com"
	var req *http.Request
	if sb.Method == "POST" {
		body := []byte(sb.Query.Encode())
		reader := bytes.NewReader(body)
		req, _ = http.NewRequest(sb.Method, endpoint, reader)
		req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
		req.Header.Add("Content-Length", string(len(body)))
	} else {
		req, _ = http.NewRequest(sb.Method, endpoint, nil)
		req.URL.RawQuery = sb.Query.Encode()
	}

	sig := signer{
		Request: req,
		Time:    sb.SignTime,
		Credentials: credentials.NewStaticCredentials(
			"AKID",
			"SECRET",
			sb.SessionToken),
	}

	if os.Getenv("DEBUG") != "" {
		sig.Debug = aws.LogDebug
		sig.Logger = aws.NewDefaultLogger()
	}

	return sig
}
Exemple #2
0
func New(conf *AwsConfig) (*AwsImages, error) {
	checkCfg := "Please check your configuration"

	if len(conf.Regions) == 0 {
		return nil, errors.New("AWS Regions are not set. " + checkCfg)
	}

	if conf.AccessKey == "" {
		return nil, errors.New("AWS Access Key is not set. " + checkCfg)
	}

	if conf.SecretKey == "" {
		return nil, errors.New("AWS Secret Key is not set. " + checkCfg)
	}

	// increase the timeout
	timeout := time.Second * 30
	client := &http.Client{
		Transport: &http.Transport{TLSHandshakeTimeout: timeout},
		Timeout:   timeout,
	}

	creds := credentials.NewStaticCredentials(conf.AccessKey, conf.SecretKey, "")
	awsCfg := &awsclient.Config{
		Credentials: creds,
		HTTPClient:  client,
		Logger:      awsclient.NewDefaultLogger(),
	}

	m := newMultiRegion(awsCfg, filterRegions(conf.Regions, conf.RegionsExclude))
	return &AwsImages{
		services: m,
		images:   make(map[string][]*ec2.Image),
	}, nil
}
func copyConfig(config *Config) *aws.Config {
	if config == nil {
		config = &Config{}
	}
	c := &aws.Config{
		Credentials: credentials.AnonymousCredentials,
		Endpoint:    config.Endpoint,
		HTTPClient:  config.HTTPClient,
		Logger:      config.Logger,
		LogLevel:    config.LogLevel,
		MaxRetries:  config.MaxRetries,
	}

	if c.HTTPClient == nil {
		c.HTTPClient = http.DefaultClient
	}
	if c.Logger == nil {
		c.Logger = aws.NewDefaultLogger()
	}
	if c.LogLevel == nil {
		c.LogLevel = aws.LogLevel(aws.LogOff)
	}
	if c.MaxRetries == nil {
		c.MaxRetries = aws.Int(DefaultRetries)
	}

	return c
}
Exemple #4
0
// Config returns the default configuration without credentials.
// To retrieve a config with credentials also included use
// `defaults.Get().Config` instead.
//
// Generally you shouldn't need to use this method directly, but
// is available if you need to reset the configuration of an
// existing service client or session.
func Config() *aws.Config {
	return aws.NewConfig().
		WithCredentials(credentials.AnonymousCredentials).
		WithRegion(os.Getenv("AWS_REGION")).
		WithHTTPClient(http.DefaultClient).
		WithMaxRetries(aws.UseServiceDefaultRetries).
		WithLogger(aws.NewDefaultLogger()).
		WithLogLevel(aws.LogOff).
		WithSleepDelay(time.Sleep)
}
Exemple #5
0
Fichier : s3.go Projet : TV4/s3
func awsConfig(id, secret, region string) *aws.Config {
	return &aws.Config{
		Credentials: credentials.NewChainCredentials([]credentials.Provider{
			&credentials.StaticProvider{
				Value: credentials.Value{AccessKeyID: id, SecretAccessKey: secret},
			},
		}),
		Logger: aws.NewDefaultLogger(),
		Region: &region,
	}
}
Exemple #6
0
func newDynamoTestConfig() *aws.Config {
	hostport := os.Getenv("DYNAMODB_HOSTPORT")
	if hostport == "" {
		println("DYNAMODB_HOSTPORT is undefined")
		if testing.Short() {
			println("This test should not run when testing.short")
		}
		os.Exit(1)
	}
	endpoint := "http://" + hostport
	cfg := aws.NewConfig().
		WithCredentials(credentials.NewStaticCredentials("aws_id", "aws_secret", "")).
		WithEndpoint(endpoint).
		WithRegion("us-east-1").
		WithLogger(aws.NewDefaultLogger())
	if testing.Verbose() {
		cfg = cfg.WithLogLevel(aws.LogDebugWithHTTPBody)
	}
	return cfg
}
Exemple #7
0
func buildSigner(serviceName string, region string, signTime time.Time, query url.Values) signer {
	endpoint := "https://" + serviceName + "." + region + ".amazonaws.com"
	req, _ := http.NewRequest("POST", endpoint, nil)
	req.URL.RawQuery = query.Encode()

	signer := signer{
		Request: req,
		Time:    signTime,
		Credentials: credentials.NewStaticCredentials(
			"AKIAJG6V72ZBDMWPMSWQ",
			"P9MvpCRxpwo2UexwMYbduHEoVcBPJQZO2GVsKNCD",
			""),
	}

	if os.Getenv("DEBUG") != "" {
		signer.Debug = 1
		signer.Logger = aws.NewDefaultLogger()
	}

	return signer
}
Exemple #8
0
func copyConfig(config *Config) *aws.Config {
	if config == nil {
		config = &Config{}
	}
	c := &aws.Config{
		Credentials: credentials.AnonymousCredentials,
		Endpoint:    config.Endpoint,
		HTTPClient:  config.HTTPClient,
		Logger:      config.Logger,
		LogLevel:    config.LogLevel,
		MaxRetries:  config.MaxRetries,
	}

	if c.HTTPClient == nil {
		c.HTTPClient = &http.Client{
			Transport: &http.Transport{
				Proxy: http.ProxyFromEnvironment,
				Dial: (&net.Dialer{
					// use a shorter timeout than default because the metadata
					// service is local if it is running, and to fail faster
					// if not running on an ec2 instance.
					Timeout:   5 * time.Second,
					KeepAlive: 30 * time.Second,
				}).Dial,
				TLSHandshakeTimeout: 10 * time.Second,
			},
		}
	}
	if c.Logger == nil {
		c.Logger = aws.NewDefaultLogger()
	}
	if c.LogLevel == nil {
		c.LogLevel = aws.LogLevel(aws.LogOff)
	}
	if c.MaxRetries == nil {
		c.MaxRetries = aws.Int(DefaultRetries)
	}

	return c
}
	"github.com/aws/aws-sdk-go/aws/credentials"
	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
)

// DefaultChainCredentials is a Credentials which will find the first available
// credentials Value from the list of Providers.
//
// This should be used in the default case. Once the type of credentials are
// known switching to the specific Credentials will be more efficient.
var DefaultChainCredentials = credentials.NewChainCredentials(
	[]credentials.Provider{
		&credentials.EnvProvider{},
		&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},
		&ec2rolecreds.EC2RoleProvider{ExpiryWindow: 5 * time.Minute},
	})

// DefaultConfig is the default all service configuration will be based off of.
// By default, all clients use this structure for initialization options unless
// a custom configuration object is passed in.
//
// You may modify this global structure to change all default configuration
// in the SDK. Note that configuration options are copied by value, so any
// modifications must happen before constructing a client.
var DefaultConfig = aws.NewConfig().
	WithCredentials(DefaultChainCredentials).
	WithRegion(os.Getenv("AWS_REGION")).
	WithHTTPClient(http.DefaultClient).
	WithMaxRetries(aws.DefaultRetries).
	WithLogger(aws.NewDefaultLogger()).
	WithLogLevel(aws.LogOff)
func (p *SigningRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
	glog.V(2).Infof("Got request: %s %s", req.Method, req.URL)

	// Fix the host header in case broken by proxy-rewrite
	if req.URL.Host != "" {
		req.Host = req.URL.Host
	}

	// I think the AWS authentication proxy does not like forwarded headers
	for k := range req.Header {
		lk := strings.ToLower(k)
		if lk == "x-forwarded-host" {
			delete(req.Header, k)
		}
		if lk == "x-forwarded-for" {
			delete(req.Header, k)
		}
		if lk == "x-forwarded-proto" {
			delete(req.Header, k)
		}
		if lk == "x-forward-for" {
			delete(req.Header, k)
		}
		if lk == "x-forward-proto" {
			delete(req.Header, k)
		}
		if lk == "x-forward-port" {
			delete(req.Header, k)
		}
		if lk == "x-forwarded-port" {
			delete(req.Header, k)
		}
		if lk == "x-forwarded-prefix" {
			delete(req.Header, k)
		}
		if lk == "x-netflix-httpclientname" {
			delete(req.Header, k)
		}
		if lk == "x-newrelic-id" {
			delete(req.Header, k)
		}
		if lk == "x-newrelic-transaction" {
			delete(req.Header, k)
		}
		if lk == "netflix.nfhttpclient.version" {
			delete(req.Header, k)
		}
	}

	// We're going to put our own auth headers on here
	delete(req.Header, "Authorization")

	var body []byte
	var err error

	if req.Body != nil {
		body, err = ioutil.ReadAll(req.Body)
		if err != nil {
			glog.Infof("error reading request body: %v", err)
			return nil, err
		}
	}

	if req.Method == "GET" || req.Method == "HEAD" {
		delete(req.Header, "Content-Length")
	}

	oldPath := req.URL.Path
	if oldPath != "" {
		// Escape the path before signing so that the path in the signature and
		// the path in the request match.
		req.URL.Path = req.URL.EscapedPath()
		glog.V(4).Infof("Path -> %q", req.URL.Path)
	}

	awsReq := &request.Request{}
	awsReq.Config.Credentials = p.credentials
	awsReq.Config.Region = aws.String(p.region)
	awsReq.ClientInfo.ServiceName = SERVICE_NAME
	awsReq.HTTPRequest = req
	awsReq.Time = time.Now()
	awsReq.ExpireTime = 0
	if body != nil {
		awsReq.Body = bytes.NewReader(body)
	}

	if glog.V(4) {
		awsReq.Config.LogLevel = aws.LogLevel(aws.LogDebugWithSigning)
		awsReq.Config.Logger = aws.NewDefaultLogger()
	}

	v4.Sign(awsReq)

	if awsReq.Error != nil {
		glog.Warningf("error signing request: %v", awsReq.Error)
		return nil, awsReq.Error
	}

	req.URL.Path = oldPath

	if body != nil {
		req.Body = ioutil.NopCloser(bytes.NewReader(body))
	}

	response, err := p.inner.RoundTrip(req)

	if err != nil {
		glog.Warning("Request error: ", err)
		return nil, err
	} else {
		glog.V(2).Infof("response %s", response.Status)
		return response, err
	}
}