Esempio n. 1
0
func NewAwsConfig(
	accessKey string,
	secretKey string,
	regionName string,
	endpoint string,
	disableSSL bool,
) *aws.Config {
	var creds *credentials.Credentials

	if accessKey == "" && secretKey == "" {
		creds = credentials.AnonymousCredentials
	} else {
		creds = credentials.NewStaticCredentials(accessKey, secretKey, "")
	}

	if len(regionName) == 0 {
		regionName = "us-east-1"
	}

	awsConfig := &aws.Config{
		Region:           aws.String(regionName),
		Credentials:      creds,
		S3ForcePathStyle: aws.Bool(true),
		MaxRetries:       aws.Int(maxRetries),
		DisableSSL:       aws.Bool(disableSSL),
	}

	if len(endpoint) != 0 {
		endpoint := fmt.Sprintf("%s", endpoint)
		awsConfig.Endpoint = &endpoint
	}

	return awsConfig
}
Esempio n. 2
0
// NewDownloader inits and returns a Downloader pointer
func NewDownloader(agrs *cfg.InArgs, conf *cfg.Cfg) (*Downloader, error) {
	if agrs == nil || conf == nil {
		return nil, ErrInvalidArgs
	}
	creds := credentials.NewStaticCredentials(conf.AWSAccessKeyID, conf.AWSSecretKey, "")
	if _, err := creds.Get(); err != nil {
		return nil, err
	}

	awsConf := &aws.Config{Credentials: creds, Region: aws.String(conf.Region)}
	sess := session.New(awsConf)
	client := s3.New(sess, awsConf)

	manager := NewS3DownloadManager(sess)

	d := &Downloader{
		downloadManager: manager,
		args:            agrs,
		pageLister:      client,
		regexp:          regexp.MustCompile(agrs.Regexp),
		workers:         make(chan int, 50),
		fileCreator:     &fsAdapter{},
	}

	d.pageIterator = d.pickPageIterator()
	return d, nil
}
func (p *EBSPlugin) prepare() error {
	if p.AccessKeyID != "" && p.SecretAccessKey != "" {
		p.Credentials = credentials.NewStaticCredentials(p.AccessKeyID, p.SecretAccessKey, "")
	}

	p.EC2 = ec2.New(session.New(&aws.Config{Credentials: p.Credentials, Region: &p.Region}))
	resp, err := p.EC2.DescribeVolumes(&ec2.DescribeVolumesInput{
		Filters: []*ec2.Filter{
			{
				Name: aws.String("attachment.instance-id"),
				Values: []*string{
					&p.InstanceID,
				},
			},
		},
	})
	if err != nil {
		return err
	}
	if resp.NextToken != nil {
		return errors.New("DescribeVolumes response has NextToken")
	}

	p.Volumes = resp.Volumes
	if len(p.Volumes) == 0 {
		return errors.New("DescribeVolumes response has no volumes")
	}

	return nil
}
Esempio n. 4
0
// Return a new CLIConfig with stored profile settings
func NewFromProfile(name string) (*CLIConfig, error) {
	c := &CLIConfig{}
	c.AssumeRoleInput = new(sts.AssumeRoleInput)
	err := c.Prepare(name)
	if err != nil {
		return nil, err
	}
	sessName, err := c.getSessionName(c.profileCfg.Key("role_session_name").Value())
	if err != nil {
		return nil, err
	}
	c.AssumeRoleInput.RoleSessionName = aws.String(sessName)
	arn := c.profileCfg.Key("role_arn").Value()
	if arn != "" {
		c.AssumeRoleInput.RoleArn = aws.String(arn)
	}
	id := c.profileCfg.Key("external_id").Value()
	if id != "" {
		c.AssumeRoleInput.ExternalId = aws.String(id)
	}
	c.SourceCredentials = credentials.NewStaticCredentials(
		c.profileCred.Key("aws_access_key_id").Value(),
		c.profileCred.Key("aws_secret_access_key").Value(),
		c.profileCred.Key("aws_session_token").Value(),
	)
	return c, nil
}
Esempio n. 5
0
func listS3(wg *sync.WaitGroup, index int, results chan<- []string) {

	var creds *credentials.Credentials
	if *accessFlag != "" && *secretFlag != "" {
		creds = credentials.NewStaticCredentials(*accessFlag, *secretFlag, "")
	} else {
		creds = credentials.AnonymousCredentials
	}
	sess := session.New(aws.NewConfig().WithCredentials(creds).WithRegion(*regionFlag).WithEndpoint(*endpointFlag).WithS3ForcePathStyle(true))

	prefix := fmt.Sprintf("%s%x", *prefixFlag, index)

	svc := s3.New(sess)
	inputparams := &s3.ListObjectsInput{
		Bucket: aws.String(*bucketFlag),
		Prefix: aws.String(prefix),
	}

	result := make([]string, 0, 1000)

	svc.ListObjectsPages(inputparams, func(page *s3.ListObjectsOutput, lastPage bool) bool {

		for _, value := range page.Contents {
			result = append(result, *value.Key)
		}

		if lastPage {
			results <- result
			wg.Done()
			return false
		} else {
			return true
		}
	})
}
func TestSignWithRequestBody_Overwrite(t *testing.T) {
	creds := credentials.NewStaticCredentials("AKID", "SECRET", "SESSION")
	signer := NewSigner(creds)

	var expectBody []byte

	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		b, err := ioutil.ReadAll(r.Body)
		r.Body.Close()
		assert.NoError(t, err)
		assert.Equal(t, len(expectBody), len(b))
		w.WriteHeader(http.StatusOK)
	}))

	req, err := http.NewRequest("GET", server.URL, strings.NewReader("invalid body"))

	_, err = signer.Sign(req, nil, "service", "region", time.Now())
	req.ContentLength = 0

	assert.NoError(t, err)

	resp, err := http.DefaultClient.Do(req)
	assert.NoError(t, err)
	assert.Equal(t, http.StatusOK, resp.StatusCode)
}
Esempio n. 7
0
File: aws.go Progetto: ycaihua/gizmo
// MustClient will use the cache cluster ID to describe
// the cache cluster and instantiate a memcache.Client
// with the cache nodes returned from AWS.
func (e *ElastiCache) MustClient() *memcache.Client {
	var creds *credentials.Credentials
	if e.AccessKey != "" {
		creds = credentials.NewStaticCredentials(e.AccessKey, e.SecretKey, "")
	} else {
		creds = credentials.NewEnvCredentials()
	}

	ecclient := elasticache.New(session.New(&aws.Config{
		Credentials: creds,
		Region:      &e.Region,
	}))

	resp, err := ecclient.DescribeCacheClusters(&elasticache.DescribeCacheClustersInput{
		CacheClusterId:    &e.ClusterID,
		ShowCacheNodeInfo: aws.Bool(true),
	})
	if err != nil {
		log.Fatalf("unable to describe cache cluster: %s", err)
	}

	var nodes []string
	for _, cluster := range resp.CacheClusters {
		for _, cnode := range cluster.CacheNodes {
			addr := fmt.Sprintf("%s:%d", *cnode.Endpoint.Address, *cnode.Endpoint.Port)
			nodes = append(nodes, addr)
		}
	}

	return memcache.New(nodes...)
}
Esempio n. 8
0
// GetSessions returns the current session from the SessionProvider.
func (dsp *ConfigurableSessionProvider) GetSession() *session.Session {
	dsp.sessionMutex.Lock()
	defer dsp.sessionMutex.Unlock()

	if dsp._session != nil {
		return dsp._session
	}

	cfgs := []*aws.Config{
		aws.NewConfig().WithRegion(dsp.ConfigRegion),
	}

	if dsp.ConfigAccessKey != "" {
		cfgs = append(cfgs, aws.NewConfig().WithCredentials(credentials.NewStaticCredentials(
			dsp.ConfigAccessKey,
			dsp.ConfigSecretKey,
			dsp.ConfigSessionToken,
		)))
	} else if !dsp.ConfigDisableENVCredentials {
		// NOTE: We may want to init all credential providers in one config, as they might overwrite each other
		cfgs = append(cfgs, aws.NewConfig().WithCredentials(credentials.NewCredentials(&credentials.EnvProvider{})))
	} else {
		panic("no valid configuration parameters for aws credentials found.")
	}

	dsp._session = session.New(cfgs...)
	return dsp._session
}
Esempio n. 9
0
func NewS3Client(accessKey string, secretKey string, regionName string, endpoint string) (S3Client, error) {
	var creds *credentials.Credentials

	if accessKey == "" && secretKey == "" {
		creds = credentials.AnonymousCredentials
	} else {
		creds = credentials.NewStaticCredentials(accessKey, secretKey, "")
	}

	if len(regionName) == 0 {
		regionName = "us-east-1"
	}

	awsConfig := &aws.Config{
		Region:      &regionName,
		Credentials: creds,
	}

	if len(endpoint) != 0 {
		endpoint := fmt.Sprintf("https://%s", endpoint)
		awsConfig.Endpoint = &endpoint
	}

	client := s3.New(awsConfig)

	return &s3client{
		client: client,
	}, nil
}
Esempio n. 10
0
func (s *GoofysTest) SetUpSuite(t *C) {
	//addr := "play.minio.io:9000"
	const LOCAL_TEST = true

	if LOCAL_TEST {
		addr := "127.0.0.1:8080"

		err := s.waitFor(t, addr)
		t.Assert(err, IsNil)

		s.awsConfig = &aws.Config{
			//Credentials: credentials.AnonymousCredentials,
			Credentials:      credentials.NewStaticCredentials("foo", "bar", ""),
			Region:           aws.String("us-west-2"),
			Endpoint:         aws.String(addr),
			DisableSSL:       aws.Bool(true),
			S3ForcePathStyle: aws.Bool(true),
			MaxRetries:       aws.Int(0),
			//Logger: t,
			//LogLevel: aws.LogLevel(aws.LogDebug),
			//LogLevel: aws.LogLevel(aws.LogDebug | aws.LogDebugWithHTTPBody),
		}
	} else {
		s.awsConfig = &aws.Config{
			Region:     aws.String("us-west-2"),
			DisableSSL: aws.Bool(true),
		}
	}
	s.s3 = s3.New(s.awsConfig)

	_, err := s.s3.ListBuckets(nil)
	t.Assert(err, IsNil)
}
Esempio n. 11
0
// NewSNSPublisher will initiate the SNS client.
// If no credentials are passed in with the config,
// the publisher is instantiated with the AWS_ACCESS_KEY
// and the AWS_SECRET_KEY environment variables.
func NewSNSPublisher(cfg *config.SNS) (*SNSPublisher, error) {
	p := &SNSPublisher{}

	if cfg.Topic == "" {
		return p, errors.New("SNS topic name is required")
	}
	p.topic = cfg.Topic

	if cfg.Region == "" {
		return p, errors.New("SNS region is required")
	}

	var creds *credentials.Credentials
	if cfg.AccessKey != "" {
		creds = credentials.NewStaticCredentials(cfg.AccessKey, cfg.SecretKey, "")
	} else {
		creds = credentials.NewEnvCredentials()
	}

	p.sns = sns.New(session.New(&aws.Config{
		Credentials: creds,
		Region:      &cfg.Region,
	}))
	return p, nil
}
Esempio n. 12
0
func New(conf *AwsConfig) (*AwsImages, error) {
	checkCfg := "Please check your configuration"

	if len(conf.Regions) == 0 {
		return nil, errors.New("AWS Regions are not set. " + checkCfg)
	}

	if conf.AccessKey == "" {
		return nil, errors.New("AWS Access Key is not set. " + checkCfg)
	}

	if conf.SecretKey == "" {
		return nil, errors.New("AWS Secret Key is not set. " + checkCfg)
	}

	// increase the timeout
	timeout := time.Second * 30
	client := &http.Client{
		Transport: &http.Transport{TLSHandshakeTimeout: timeout},
		Timeout:   timeout,
	}

	creds := credentials.NewStaticCredentials(conf.AccessKey, conf.SecretKey, "")
	awsCfg := &awsclient.Config{
		Credentials: creds,
		HTTPClient:  client,
		Logger:      awsclient.NewDefaultLogger(),
	}

	m := newMultiRegion(awsCfg, filterRegions(conf.Regions, conf.RegionsExclude))
	return &AwsImages{
		services: m,
		images:   make(map[string][]*ec2.Image),
	}, nil
}
Esempio n. 13
0
func New(config Config) (*Client, error) {
	credentials := credentials.NewStaticCredentials(config.AccessKey, config.SecretKey, "")
	sdkConfig := &aws.Config{
		Credentials: credentials,
		Region:      aws.String(config.Region),
	}

	session := session.New(sdkConfig)

	if config.CloudFormationWaitTimeout == 0 {
		return nil, fmt.Errorf("AWS config CloudFormationWaitTimeout must be a positive timeout")
	}

	ec2EndpointConfig, err := config.getEndpoint("ec2")
	if err != nil {
		return nil, err
	}
	cloudformationEndpointConfig, err := config.getEndpoint("cloudformation")
	if err != nil {
		return nil, err
	}
	iamEndpointConfig, err := config.getEndpoint("iam")
	if err != nil {
		return nil, err
	}

	return &Client{
		EC2:            ec2.New(session, ec2EndpointConfig),
		CloudFormation: cloudformation.New(session, cloudformationEndpointConfig),
		IAM:            iam.New(session, iamEndpointConfig),
		Clock:          clockImpl{},
		CloudFormationWaitTimeout: config.CloudFormationWaitTimeout,
	}, nil
}
Esempio n. 14
0
func main() {
	if accessKey == "" {
		die("AWS_ACCESS_KEY is not set")
	}
	if secretKey == "" {
		die("AWS_SECRET_KEY is not set")
	}
	if hostedZone == "" {
		die("ROUTE53_HOSTED_ZONE is not set")
	}

	opts := &dnsclient.Options{
		Creds:       credentials.NewStaticCredentials(accessKey, secretKey, ""),
		HostedZone:  hostedZone,
		Log:         logging.NewCustom("dnsclient", os.Getenv("ROUTE53_DEBUG") == "1"),
		SyncTimeout: 5 * time.Minute,
	}

	if d, err := time.ParseDuration(os.Getenv("ROUTE53_TIMEOUT")); err == nil {
		opts.SyncTimeout = d
	}

	opts.Log.Debug("Options: %# v", opts)

	var err error
	client, err = dnsclient.NewRoute53Client(opts)
	if err != nil {
		die(err)
	}

	if err := Resources.Main(os.Args[1:]); err != nil {
		die(err)
	}
}
Esempio n. 15
0
func (sb signerBuilder) BuildSigner() signer {
	endpoint := "https://" + sb.ServiceName + "." + sb.Region + ".amazonaws.com"
	var req *http.Request
	if sb.Method == "POST" {
		body := []byte(sb.Query.Encode())
		reader := bytes.NewReader(body)
		req, _ = http.NewRequest(sb.Method, endpoint, reader)
		req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
		req.Header.Add("Content-Length", string(len(body)))
	} else {
		req, _ = http.NewRequest(sb.Method, endpoint, nil)
		req.URL.RawQuery = sb.Query.Encode()
	}

	sig := signer{
		Request: req,
		Time:    sb.SignTime,
		Credentials: credentials.NewStaticCredentials(
			"AKID",
			"SECRET",
			sb.SessionToken),
	}

	if os.Getenv("DEBUG") != "" {
		sig.Debug = aws.LogDebug
		sig.Logger = aws.NewDefaultLogger()
	}

	return sig
}
Esempio n. 16
0
func (h *awsAuthHeaderer) SignRequest(r *http.Request) *http.Request {
	region := h.region

	var body io.ReadSeeker
	if r.Body != nil {
		body = r.Body.(io.ReadSeeker)
	}

	if len(region) == 0 {
		region = guessAWSRegion(r.URL.Host)
	}
	v4.Sign(&request.Request{
		ClientInfo: metadata.ClientInfo{
			SigningRegion: region,
			SigningName:   awsS3Service,
		},
		Config: aws.Config{
			Credentials: credentials.NewStaticCredentials(h.accessKeyID, h.secretAccessKey, ""),
		},
		HTTPRequest: r,
		Body:        body,
		Time:        time.Now(),
	})

	return r
}
func TestIgnorePreResignRequestWithValidCreds(t *testing.T) {
	svc := awstesting.NewClient(&aws.Config{
		Credentials: credentials.NewStaticCredentials("AKID", "SECRET", "SESSION"),
		Region:      aws.String("us-west-2"),
	})
	r := svc.NewRequest(
		&request.Operation{
			Name:       "BatchGetItem",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		},
		nil,
		nil,
	)
	r.ExpireTime = time.Minute * 10

	SignSDKRequest(r)
	sig := r.HTTPRequest.URL.Query().Get("X-Amz-Signature")

	signSDKRequestWithCurrTime(r, func() time.Time {
		// Simulate one second has passed so that signature's date changes
		// when it is resigned.
		return time.Now().Add(1 * time.Second)
	})
	assert.NotEqual(t, sig, r.HTTPRequest.URL.Query().Get("X-Amz-Signature"))
}
Esempio n. 18
0
func loadManager(config *config.Config) (*sneaker.Manager, error) {
	u, err := url.Parse(config.SneakerS3.SneakerS3Path)
	if err != nil {

		return nil, err
	}
	if u.Path != "" && u.Path[0] == '/' {
		u.Path = u.Path[1:]
	}

	// here, we provide access and secret keys for aws
	creds := credentials.NewStaticCredentials(config.SneakerS3.AwsAccesskeyId, config.SneakerS3.AwsSecretAccessKey, "")

	// we'r gonna use aws providers and region to init aws config
	session := session.New(aws.NewConfig().WithCredentials(creds).WithRegion(config.SneakerS3.AwsRegion))

	return &sneaker.Manager{
		Objects: s3.New(session),
		Envelope: sneaker.Envelope{
			KMS: kms.New(session),
		},
		Bucket: u.Host,
		Prefix: u.Path,
		KeyId:  config.SneakerS3.SneakerMasterKey,
	}, nil
}
Esempio n. 19
0
// New initializes a new S3 client connection based on config.
func New() *S3Client {
	var (
		cfg *aws.Config
	)

	if config.S3.Endpoint != "" {
		cfg = &aws.Config{
			Endpoint:         aws.String(config.S3.Endpoint),
			DisableSSL:       aws.Bool(strings.HasPrefix(config.S3.Endpoint, "http://")),
			Region:           aws.String(config.S3.Region),
			S3ForcePathStyle: aws.Bool(config.S3.PathStyle),
		}
	} else {
		cfg = &aws.Config{
			Region:           aws.String(config.S3.Region),
			S3ForcePathStyle: aws.Bool(config.S3.PathStyle),
		}
	}

	if config.S3.Access != "" && config.S3.Secret != "" {
		cfg.Credentials = credentials.NewStaticCredentials(
			config.S3.Access,
			config.S3.Secret,
			"",
		)
	}

	return &S3Client{
		client: s3.New(
			session.New(),
			cfg,
		),
	}
}
Esempio n. 20
0
File: aws.go Progetto: gmelika/rack
func Credentials(req *Request) *credentials.Credentials {
	if req != nil {
		if access, ok := req.ResourceProperties["AccessId"].(string); ok && access != "" {
			if secret, ok := req.ResourceProperties["SecretAccessKey"].(string); ok && secret != "" {
				return credentials.NewStaticCredentials(access, secret, "")
			}
		}
	}

	if os.Getenv("AWS_ACCESS") != "" {
		return credentials.NewStaticCredentials(os.Getenv("AWS_ACCESS"), os.Getenv("AWS_SECRET"), "")
	}

	// return credentials.NewCredentials(&credentials.EC2RoleProvider{})
	return credentials.NewEnvCredentials()
}
Esempio n. 21
0
func initAWS() {
	defer Track("initAWS", Now(), debugOut)

	AWSSession = session.New()

	// Region
	if GlobalConfig.Get("awsRegion") != "" {
		// CLI trumps
		AWSSession.Config.Region = aws.String(GlobalConfig.Get("awsRegion"))
	} else if os.Getenv("AWS_REGION") == "" {
		// Grab it from this EC2 instace
		region, err := ec2metadata.New(session.New()).Region()
		if err != nil {
			fmt.Printf("Cannot set AWS region: '%v'\n", err)
			os.Exit(1)
		}
		AWSSession.Config.Region = aws.String(region)
	}

	// Creds
	if GlobalConfig.Get("awsAccessKey") != "" && GlobalConfig.Get("awsSecretKey") != "" {
		// CLI trumps
		creds := credentials.NewStaticCredentials(
			GlobalConfig.Get("awsAccessKey"),
			GlobalConfig.Get("awsSecretKey"),
			"")
		AWSSession.Config.Credentials = creds
	}

}
Esempio n. 22
0
func testAccStepReadSTS(t *testing.T, name string) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.ReadOperation,
		Path:      "sts/" + name,
		Check: func(resp *logical.Response) error {
			var d struct {
				AccessKey string `mapstructure:"access_key"`
				SecretKey string `mapstructure:"secret_key"`
				STSToken  string `mapstructure:"security_token"`
			}
			if err := mapstructure.Decode(resp.Data, &d); err != nil {
				return err
			}
			log.Printf("[WARN] Generated credentials: %v", d)

			// Build a client and verify that the credentials work
			creds := credentials.NewStaticCredentials(d.AccessKey, d.SecretKey, d.STSToken)
			awsConfig := &aws.Config{
				Credentials: creds,
				Region:      aws.String("us-east-1"),
				HTTPClient:  cleanhttp.DefaultClient(),
			}
			client := ec2.New(session.New(awsConfig))

			log.Printf("[WARN] Verifying that the generated credentials work...")
			_, err := client.DescribeInstances(&ec2.DescribeInstancesInput{})
			if err != nil {
				return err
			}

			return nil
		},
	}
}
Esempio n. 23
0
func TestS3Put(t *testing.T) {
	testServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if strings.ToUpper(r.Method) != "PUT" {
			t.Fatalf("wanted GET but found %s\n", r.Method)
		}
		url := *r.URL
		if url.Path != "/bucket/uuid" {
			t.Fatalf("Want /bucket/uuid but got %s\n", url.Path)
		}
		if r.Header.Get("Content-type") != "text/plain" {
			t.Fatalf("Want text/plain but got %s\n", r.Header.Get("Content-type"))
		}
		w.WriteHeader(200)
	}))
	defer testServer.Close()

	awsAccessKey = "key"
	awsAccessSecret = "sekrit"
	awsRegion = "us-west-1"

	awsConfig = func() *aws.Config {
		return aws.NewConfig().WithCredentials(credentials.NewStaticCredentials(awsAccessKey, awsAccessSecret, "")).WithRegion(awsRegion).WithMaxRetries(3).
			WithEndpoint(testServer.URL).WithS3ForcePathStyle(true)
	}

	fileName = "/etc/hosts"
	bucketName = "bucket"
	contentType = "text/plain"
	buildID = "uuid"

	putS3Cmd.Run(nil, []string{})
}
Esempio n. 24
0
func BenchmarkPutItem(b *testing.B) {
	cfg := aws.Config{
		DisableSSL:  aws.Bool(true),
		Credentials: credentials.NewStaticCredentials("AKID", "SECRET", ""),
	}
	server := successRespServer([]byte(`{}`))
	cfg.Endpoint = aws.String(server.URL)

	svc := dynamodb.New(&cfg)
	svc.Handlers.Send.Clear()
	svc.Handlers.Send.PushBack(func(r *service.Request) {
		r.HTTPResponse = &http.Response{
			StatusCode: http.StatusOK,
			Status:     http.StatusText(http.StatusOK),
			Body:       noopBody,
		}
	})

	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		av, err := dynamodbattribute.ConvertToMap(dbItem{Key: "MyKey", Data: "MyData"})
		if err != nil {
			b.Fatal("benchPutItem, expect no ConvertToMap errors", err)
		}
		params := &dynamodb.PutItemInput{
			Item:      av,
			TableName: aws.String("tablename"),
		}
		_, err = svc.PutItem(params)
		if err != nil {
			b.Error("benchPutItem, expect no request errors", err)
		}
	}
}
Esempio n. 25
0
func New(config Config) *Client {
	credentials := credentials.NewStaticCredentials(config.AccessKey, config.SecretKey, "")
	sdkConfig := &aws.Config{
		Credentials: credentials,
		Region:      aws.String(config.RegionName),
	}

	endpointOverrides := config.EndpointOverrides
	if endpointOverrides == nil {
		endpointOverrides = &Endpoints{}
	}

	route53Client := route53.New(sdkConfig.Merge(&aws.Config{MaxRetries: aws.Int(7), Endpoint: aws.String(endpointOverrides.Route53)}))
	ec2Client := ec2.New(sdkConfig.Merge(&aws.Config{MaxRetries: aws.Int(7), Endpoint: aws.String(endpointOverrides.EC2)}))
	s3Client := s3.New(sdkConfig.Merge(&aws.Config{MaxRetries: aws.Int(7), Endpoint: aws.String(endpointOverrides.S3), S3ForcePathStyle: aws.Bool(true)}))
	cloudformationClient := cloudformation.New(sdkConfig.Merge(&aws.Config{MaxRetries: aws.Int(7), Endpoint: aws.String(endpointOverrides.Cloudformation)}))

	return &Client{
		EC2:            ec2Client,
		S3:             s3Client,
		Route53:        route53Client,
		Cloudformation: cloudformationClient,
		// HostedZoneID:   config.HostedZoneID,
		// HostedZoneName: config.HostedZoneName,
		Bucket: config.Bucket,
	}
}
Esempio n. 26
0
func (a Artifact) Download(update *cr.Update) (string, error) {
	s3svc := s3.New(session.New(&aws.Config{
		Region:      aws.String(s3Region),
		Credentials: credentials.NewStaticCredentials(s3AccessKey, s3SecretKey, ""),
	}))

	key := fmt.Sprintf("/%s/%s", a.ExecutablePrefix, update.Filename)
	params := &s3.GetObjectInput{
		Bucket: aws.String(s3Bucket),
		Key:    aws.String(key),
	}
	resp, err := s3svc.GetObject(params)
	if err != nil {
		return "", err
	}

	artifactPath := filepath.Join(a.ExecutableDir, a.VersionedArtifact(update.Version))
	artifact, err := os.Create(artifactPath)
	if err != nil {
		return "", err
	}
	artifact.Chmod(0755)
	defer artifact.Close()

	if _, err := io.Copy(artifact, resp.Body); err != nil {
		return "", err
	}

	return artifactPath, nil
}
Esempio n. 27
0
// Create a new StorageClient object based on a configuration file.
func (c *Config) NewClient() (dialects.StorageClient, error) {
	creds := credentials.NewStaticCredentials(c.AccessKeyID, c.SecretAccessKey, "")
	_, err := creds.Get()
	if err != nil {
		return nil, err
	}
	converterFunction, err := dialects.GetBatchConverterFunction(c.FileFormat)
	if err != nil {
		return nil, err
	}
	config := &aws.Config{
		Region:           &c.Region,
		Credentials:      creds,
		Endpoint:         &c.Endpoint,
		S3ForcePathStyle: aws.Bool(true)}
	return &S3Storage{
		AccessKeyID:     c.AccessKeyID,
		SecretAccessKey: c.SecretAccessKey,
		Bucket:          c.Bucket,
		BlobPath:        c.BlobPath,
		Region:          c.Region,
		FileFormat:      c.FileFormat,
		BatchConverter:  converterFunction,
		Client:          s3.New(session.New(), config)}, nil
}
Esempio n. 28
0
func TestGet(t *testing.T) {
	assert := assert.New(t)
	svc := awstesting.NewClient(&aws.Config{
		Credentials: credentials.NewStaticCredentials("AKID", "SECRET", "SESSION"),
		Region:      aws.String("ap-southeast-2"),
	})
	r := svc.NewRequest(
		&request.Operation{
			Name:       "OpName",
			HTTPMethod: "GET",
			HTTPPath:   "/",
		},
		nil,
		nil,
	)

	r.Build()
	assert.Equal("GET", r.HTTPRequest.Method)
	assert.Equal("", r.HTTPRequest.URL.Query().Get("Signature"))

	Sign(r)
	assert.NoError(r.Error)
	t.Logf("Signature: %s", r.HTTPRequest.URL.Query().Get("Signature"))
	assert.NotEqual("", r.HTTPRequest.URL.Query().Get("Signature"))
}
Esempio n. 29
0
func clientIAM(s logical.Storage) (*iam.IAM, error) {
	entry, err := s.Get("config/root")
	if err != nil {
		return nil, err
	}
	if entry == nil {
		return nil, fmt.Errorf(
			"root credentials haven't been configured. Please configure\n" +
				"them at the 'config/root' endpoint")
	}

	var config rootConfig
	if err := entry.DecodeJSON(&config); err != nil {
		return nil, fmt.Errorf("error reading root configuration: %s", err)
	}

	creds := credentials.NewStaticCredentials(config.AccessKey, config.SecretKey, "")
	awsConfig := &aws.Config{
		Credentials: creds,
		Region:      aws.String(config.Region),
		HTTPClient:  cleanhttp.DefaultClient(),
	}

	return iam.New(session.New(awsConfig)), nil
}
Esempio n. 30
0
func (r *Route53Provider) Init(rootDomainName string) error {
	var region, accessKey, secretKey string
	if region = os.Getenv("AWS_REGION"); len(region) == 0 {
		return fmt.Errorf("AWS_REGION is not set")
	}

	if accessKey = os.Getenv("AWS_ACCESS_KEY"); len(accessKey) == 0 {
		return fmt.Errorf("AWS_ACCESS_KEY is not set")
	}

	if secretKey = os.Getenv("AWS_SECRET_KEY"); len(secretKey) == 0 {
		return fmt.Errorf("AWS_SECRET_KEY is not set")
	}

	// Comply with the API's 5 req/s rate limit. If there are other
	// clients using the same account the AWS SDK will throttle the
	// requests automatically if the global rate limit is exhausted.
	r.limiter = ratelimit.NewBucketWithRate(5.0, 1)

	creds := credentials.NewStaticCredentials(accessKey, secretKey, "")
	config := aws.NewConfig().WithMaxRetries(route53MaxRetries).
		WithCredentials(creds).
		WithRegion(region)

	r.client = awsRoute53.New(session.New(config))

	if err := r.setHostedZone(rootDomainName); err != nil {
		return err
	}

	logrus.Infof("Configured %s with hosted zone %s in region %s",
		r.GetName(), rootDomainName, region)

	return nil
}