Exemple #1
0
// ReadIAM explicitly mutates the global shared conf.Vals state by reading in the IAM. Use
// this function at program startup or any time you need to force a refresh of the IAM
// credentials.
func ReadIAM(rf *roles_files.RolesFiles) error {
	roles_read_err := rf.RolesRead()
	if roles_read_err != nil {
		e := fmt.Sprintf("conf_iam.ReadIAM:cannot perform initial roles read: %s",
			roles_read_err.Error())
		return errors.New(e)
	}
	return AssignCredentials(rf)
}
Exemple #2
0
// ReadIAMToConf will read the credentials data from rf and safely assign it to conf c.
func ReadIAMToConf(rf *roles_files.RolesFiles, c *conf.AWS_Conf) error {
	if rf == nil || c == nil {
		return errors.New("conf_iam.ReadIAMToConf: rf or c is nil")
	}
	roles_read_err := rf.RolesRead()
	if roles_read_err != nil {
		e := fmt.Sprintf("conf_iam.ReadIAM:cannot perform initial roles read: %s",
			roles_read_err.Error())
		return errors.New(e)
	}
	return AssignCredentialsToConf(rf, c)
}
Exemple #3
0
// AssignCredentials locks the global state and copy over roles data.
func AssignCredentials(rf *roles_files.RolesFiles) error {
	accessKey, secret, token, get_err := rf.Get()
	if get_err != nil {
		e := fmt.Sprintf("conf_iam.ReadIAM:cannot get a role file:%s",
			get_err.Error())
		return errors.New(e)
	}
	conf.Vals.ConfLock.Lock()
	conf.Vals.IAM.Credentials.AccessKey = accessKey
	conf.Vals.IAM.Credentials.Secret = secret
	conf.Vals.IAM.Credentials.Token = token
	conf.Vals.ConfLock.Unlock()
	e := fmt.Sprintf("IAM credentials assigned at %v", time.Now())
	slog.SLog(syslog.LOG_NOTICE, e, true)
	return nil
}
Exemple #4
0
// AssignCredentialsToConf will safely copy the credentials data from rf to the conf c.
func AssignCredentialsToConf(rf *roles_files.RolesFiles, c *conf.AWS_Conf) error {
	if rf == nil || c == nil {
		return errors.New("conf_iam.AssignCredentialsToConf: rf or c is nil")
	}
	accessKey, secret, token, get_err := rf.Get()
	if get_err != nil {
		e := fmt.Sprintf("conf_iam.AssignCredentialsToConf:cannot get a role file:%s",
			get_err.Error())
		return errors.New(e)
	}
	c.ConfLock.Lock()
	c.IAM.Credentials.AccessKey = accessKey
	c.IAM.Credentials.Secret = secret
	c.IAM.Credentials.Token = token
	c.ConfLock.Unlock()
	e := fmt.Sprintf("IAM credentials assigned at %v", time.Now())
	log.Printf(e)
	return nil
}
Exemple #5
0
// WatchIAM will receive notifications for changes in IAM files and update credentials when a read signal is received.
func WatchIAM(rf *roles_files.RolesFiles, watch_err_chan chan error) {
	err_chan := make(chan error)
	read_signal := make(chan bool)
	go rf.RolesWatch(err_chan, read_signal)
	e := "IAM watching set to true, waiting..."
	slog.SLog(syslog.LOG_NOTICE, e, true)
	for {
		select {
		case roles_watch_err := <-err_chan:
			watch_err_chan <- roles_watch_err
		case <-read_signal:
			e := "WatchIAM received a read signal"
			slog.SLog(syslog.LOG_NOTICE, e, true)
			assign_err := AssignCredentials(rf)
			if assign_err != nil {
				watch_err_chan <- assign_err
			}
		}
	}
}
Exemple #6
0
// WatchIAMToConf will begin rf's RolesWatch method and wait to receive signals that new credentials
// are available to be assigned, which will then be safely copied to conf c.
func WatchIAMToConf(rf *roles_files.RolesFiles, c *conf.AWS_Conf, watch_err_chan chan error) {
	if rf == nil || c == nil {
		watch_err_chan <- errors.New("conf_iam.WatchIAMToConf: rf or c is nil")
		return
	}
	err_chan := make(chan error)
	read_signal := make(chan bool)
	go rf.RolesWatch(err_chan, read_signal)
	e := "IAM watching set to true, waiting..."
	log.Printf(e)
	for {
		select {
		case roles_watch_err := <-err_chan:
			watch_err_chan <- roles_watch_err
		case <-read_signal:
			e := "WatchIAM received a read signal"
			log.Printf(e)
			assign_err := AssignCredentialsToConf(rf, c)
			if assign_err != nil {
				watch_err_chan <- assign_err
			}
		}
	}
}