Esempio n. 1
0
func ExampleV4Signer() {
	// Get auth from env vars
	auth, err := aws.EnvAuth()
	if err != nil {
		fmt.Println(err)
	}

	// Create a signer with the auth, name of the service, and aws region
	signer := aws.NewV4Signer(auth, "dynamodb", aws.USEast)

	// Create a request
	req, err := http.NewRequest("POST", aws.USEast.DynamoDBEndpoint, strings.NewReader("sample_request"))
	if err != nil {
		fmt.Println(err)
	}

	// Date or x-amz-date header is required to sign a request
	req.Header.Add("Date", time.Now().UTC().Format(http.TimeFormat))

	// Sign the request
	signer.Sign(req)

	// Issue signed request
	http.DefaultClient.Do(req)
}
Esempio n. 2
0
func (s *Server) queryServer(target string, query *Query) ([]byte, error) {
	data := strings.NewReader(query.String())
	hreq, err := http.NewRequest("POST", s.Region.DynamoDBEndpoint+"/", data)
	if err != nil {
		return nil, err
	}

	hreq.Header.Set("Content-Type", "application/x-amz-json-1.0")
	hreq.Header.Set("X-Amz-Date", time.Now().UTC().Format(aws.ISO8601BasicFormat))
	hreq.Header.Set("X-Amz-Target", target)

	signer := aws.NewV4Signer(s.Auth, "dynamodb", s.Region)
	signer.Sign(hreq)

	resp, err := http.DefaultClient.Do(hreq)

	if err != nil {
		fmt.Printf("Error calling Amazon")
		return nil, err
	}

	defer resp.Body.Close()

	body, err := ioutil.ReadAll(resp.Body)

	if err != nil {
		fmt.Printf("Could not read response body")
		return nil, err
	}

	return body, nil
}
Esempio n. 3
0
func (s *V4SignerSuite) TestCases(c *gocheck.C) {
	signer := aws.NewV4Signer(s.auth, "host", s.region)

	for _, testCase := range s.cases {

		req, err := http.NewRequest(testCase.request.method, "http://"+testCase.request.host+testCase.request.url, strings.NewReader(testCase.request.body))
		c.Assert(err, gocheck.IsNil, gocheck.Commentf("Testcase: %s", testCase.label))
		for _, v := range testCase.request.headers {
			h := strings.SplitN(v, ":", 2)
			req.Header.Add(h[0], h[1])
		}
		req.Header.Set("host", req.Host)

		t := signer.RequestTime(req)

		canonicalRequest := signer.CanonicalRequest(req)
		c.Check(canonicalRequest, gocheck.Equals, testCase.canonicalRequest, gocheck.Commentf("Testcase: %s", testCase.label))

		stringToSign := signer.StringToSign(t, canonicalRequest)
		c.Check(stringToSign, gocheck.Equals, testCase.stringToSign, gocheck.Commentf("Testcase: %s", testCase.label))

		signature := signer.Signature(t, stringToSign)
		c.Check(signature, gocheck.Equals, testCase.signature, gocheck.Commentf("Testcase: %s", testCase.label))

		authorization := signer.Authorization(req.Header, t, signature)
		c.Check(authorization, gocheck.Equals, testCase.authorization, gocheck.Commentf("Testcase: %s", testCase.label))

		signer.Sign(req)
		c.Check(req.Header.Get("Authorization"), gocheck.Equals, testCase.authorization, gocheck.Commentf("Testcase: %s", testCase.label))
	}
}
Esempio n. 4
0
// queryV4Signprepares and runs the req request, signed with aws v4 signatures.
// If resp is not nil, the XML data contained in the response
// body will be unmarshalled on it.
func (s3 *S3) queryV4Sign(req *request, resp interface{}) error {
	if req.headers == nil {
		req.headers = map[string][]string{}
	}

	err := s3.setBaseURL(req)
	if err != nil {
		return err
	}

	hreq, err := s3.setupHttpRequest(req)
	if err != nil {
		return err
	}

	// req.Host must be set for V4 signature calculation
	hreq.Host = hreq.URL.Host

	signer := aws.NewV4Signer(s3.Auth, "s3", s3.Region)
	signer.IncludeXAmzContentSha256 = true
	signer.Sign(hreq)

	_, err = s3.doHttpRequest(hreq, resp)
	return err
}
Esempio n. 5
0
func (s *Server) queryServer(target string, query Query) ([]byte, error) {
	numRetries := 0
	for {
		data := strings.NewReader(query.String())
		hreq, err := http.NewRequest("POST", s.Region.DynamoDBEndpoint+"/", data)
		if err != nil {
			return nil, err
		}

		hreq.Header.Set("Content-Type", "application/x-amz-json-1.0")
		hreq.Header.Set("X-Amz-Date", time.Now().UTC().Format(aws.ISO8601BasicFormat))
		hreq.Header.Set("X-Amz-Target", target)

		token := s.Auth.Token()
		if token != "" {
			hreq.Header.Set("X-Amz-Security-Token", token)
		}

		signer := aws.NewV4Signer(s.Auth, "dynamodb", s.Region)
		signer.Sign(hreq)

		resp, err := http.DefaultClient.Do(hreq)
		if err != nil {
			if s.RetryPolicy.ShouldRetry(target, resp, err, numRetries) {
				time.Sleep(s.RetryPolicy.Delay(target, resp, err, numRetries))
				numRetries++
				continue
			}
			return nil, err
		}

		defer resp.Body.Close()

		body, err := ioutil.ReadAll(resp.Body)
		if err != nil {
			if s.RetryPolicy.ShouldRetry(target, resp, err, numRetries) {
				time.Sleep(s.RetryPolicy.Delay(target, resp, err, numRetries))
				numRetries++
				continue
			}
			return nil, err
		}

		// http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ErrorHandling.html
		// "A response code of 200 indicates the operation was successful."
		if resp.StatusCode != 200 {
			err := buildError(resp, body)
			if s.RetryPolicy.ShouldRetry(target, resp, err, numRetries) {
				time.Sleep(s.RetryPolicy.Delay(target, resp, err, numRetries))
				numRetries++
				continue
			}
			return nil, err
		}

		return body, nil
	}
}
Esempio n. 6
0
func (rds *RDS) DownloadCompleteDBLogFile(id, filename string) (io.ReadCloser, error) {
	url := fmt.Sprintf(
		"%s/v13/downloadCompleteLogFile/%s/%s",
		rds.Region.RDSEndpoint.Endpoint,
		id,
		filename,
	)
	hreq, err := http.NewRequest("GET", url, nil)
	if err != nil {
		if debug {
			log.Printf("Error http.NewRequest GET %s", url)
		}
		return nil, err
	}
	token := rds.Auth.Token()
	if token != "" {
		hreq.Header.Set("X-Amz-Security-Token", token)
	}
	hreq.Header.Set("X-Amz-Date", time.Now().UTC().Format(aws.ISO8601BasicFormat))
	signer := aws.NewV4Signer(rds.Auth, "rds", rds.Region)
	signer.Sign(hreq)
	resp, err := http.DefaultClient.Do(hreq)
	if err != nil {
		if debug {
			log.Print("Error calling Amazon")
		}
		return nil, err
	}
	if resp.StatusCode == 200 {
		return resp.Body, nil
	} else {
		defer resp.Body.Close()
		body, err := ioutil.ReadAll(resp.Body)
		if err != nil {
			if debug {
				log.Printf("Could not read response body")
			}
			return nil, err
		}
		msg := fmt.Sprintf(
			"Responce:\n\tStatusCode: %d\n\tBody: %s\n",
			resp.StatusCode,
			string(body),
		)
		if debug {
			log.Printf(msg)
		}
		err = errors.New(msg)
		return nil, err
	}
}
Esempio n. 7
0
func (s *SQS) query(queueUrl string, params map[string]string, resp interface{}) (err error) {
	var url_ *url.URL

	if queueUrl != "" && len(queueUrl) > len(s.Region.SQSEndpoint) {
		url_, err = url.Parse(queueUrl)
	} else {
		url_, err = url.Parse(s.Region.SQSEndpoint)
	}

	if err != nil {
		return err
	}

	params["Version"] = "2012-11-05"
	hreq, err := http.NewRequest("POST", url_.String(), strings.NewReader(multimap(params).Encode()))
	if err != nil {
		return err
	}

	hreq.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	hreq.Header.Set("X-Amz-Date", time.Now().UTC().Format(aws.ISO8601BasicFormat))

	if s.Auth.Token() != "" {
		hreq.Header.Set("X-Amz-Security-Token", s.Auth.Token())
	}

	signer := aws.NewV4Signer(s.Auth, "sqs", s.Region)
	signer.Sign(hreq)

	r, err := http.DefaultClient.Do(hreq)

	if err != nil {
		return err
	}

	defer r.Body.Close()

	if debug {
		dump, _ := httputil.DumpResponse(r, true)
		log.Printf("DUMP:\n", string(dump))
	}

	if r.StatusCode != 200 {
		return buildError(r)
	}
	err = xml.NewDecoder(r.Body).Decode(resp)
	io.Copy(ioutil.Discard, r.Body)

	return err
}
Esempio n. 8
0
func (c *Client) Do(req *RawRequest) *Response {
	j, jerr := json.Marshal(req.Param)
	if jerr != nil {
		return &Response{jerr, nil}
	}
	hreq, err := http.NewRequest("POST", c.Region.DynamoDBEndpoint+"/", bytes.NewReader(j))
	if err != nil {
		return &Response{err, nil}
	}

	hreq.Header.Set("Content-Type", "application/x-amz-json-1.0")
	hreq.Header.Set("X-Amz-Date", time.Now().UTC().Format(aws.ISO8601BasicFormat))
	hreq.Header.Set("X-Amz-Target", target(req.Target))

	token := c.Auth.Token()
	if token != "" {
		hreq.Header.Set("X-Amz-Security-Token", token)
	}

	signer := aws.NewV4Signer(c.Auth, "dynamodb", c.Region)
	signer.Sign(hreq)

	for attempt := attempts.Start(); attempt.Next(); {
		resp, err := c.HTTPClient.Do(hreq)

		if err != nil {
			if shouldRetry(err) {
				continue
			}
			return &Response{err, nil}
		}

		defer resp.Body.Close()
		body, err := ioutil.ReadAll(resp.Body)
		if err != nil {
			return &Response{ErrFailedtoReadResponse, nil}
		}
		if resp.StatusCode != 200 {
			err = NewError(resp, body)
			if shouldRetry(err) {
				continue
			}
			return &Response{err, nil}
		}
		return &Response{nil, body}
	}
	return &Response{err, nil}
}
Esempio n. 9
0
func main() {
	var (
		auth          aws.Auth
		targetURL     url.URL
		listenAddress string
		serviceName   string
		region        aws.Region
	)
	const flagEnvPrefix = "AWS_AUTH_PROXY"

	fs := flag.NewFlagSet("aws-auth-proxy", flag.ExitOnError)

	fs.StringVar(&auth.AccessKey, "access-key", "", "aws access key id")
	fs.StringVar(&auth.SecretKey, "secret-key", "", "aws secret access key")
	fs.StringVar(&serviceName, "service-name", "", "aws service name")
	var regionName string
	fs.StringVar(&regionName, "region-name", "", "aws region name")
	fs.StringVar(&targetURL.Host, "upstream-host", "", "host or host:port for upstream endpoint")
	fs.StringVar(&targetURL.Scheme, "upstream-scheme", "https", "scheme for upstream endpoint")
	fs.StringVar(&listenAddress, "listen-address", ":8080", "address for proxy to listen on")

	if err := flagutil.SetFlagsFromEnv(fs, flagEnvPrefix); err != nil {
		log.Fatal(err)
	}

	if len(os.Args) >= 2 && os.Args[1] == "--help" {
		fs.PrintDefaults()
		fmt.Printf("\nflagutil prefix is '%s'\n", flagEnvPrefix)
		fmt.Printf("example:\n\t-access-key=xxx OR export %s_ACCESS_KEY=xxx\n", flagEnvPrefix)
		os.Exit(0)
	}
	fs.Parse(os.Args[1:])

	region = aws.GetRegion(regionName)

	signer := aws.NewV4Signer(auth, serviceName, region)

	proxyHandler := &AWSProxy{
		TargetURL: &targetURL,
		Signer:    signer,
	}
	fmt.Printf("Listening on %s\n", listenAddress)
	log.Fatal(http.ListenAndServe(listenAddress, proxyHandler))

}
Esempio n. 10
0
func (s *Server) queryServer(target string, query *Query) ([]byte, error) {
	data := strings.NewReader(query.String())
	fmt.Println("data in server request", data, reflect.TypeOf(data))
	hreq, err := http.NewRequest("POST", s.Region.DynamoDBEndpoint+"/", data)
	if err != nil {
		return nil, err
	}

	hreq.Header.Set("Content-Type", "application/x-amz-json-1.0")
	hreq.Header.Set("X-Amz-Date", time.Now().UTC().Format(aws.ISO8601BasicFormat))
	hreq.Header.Set("X-Amz-Target", target)

	token := s.Auth.Token()
	if token != "" {
		hreq.Header.Set("X-Amz-Security-Token", token)
	}

	signer := aws.NewV4Signer(s.Auth, "dynamodb", s.Region)
	signer.Sign(hreq)

	resp, err := http.DefaultClient.Do(hreq)

	if err != nil {
		log.Printf("Error calling Amazon")
		return nil, err
	}

	defer resp.Body.Close()

	body, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		log.Printf("Could not read response body")
		return nil, err
	}

	// http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ErrorHandling.html
	// "A response code of 200 indicates the operation was successful."
	if resp.StatusCode != 200 {
		ddbErr := buildError(resp, body)
		return nil, ddbErr
	}

	return body, nil
}
Esempio n. 11
0
// queryV4Signprepares and runs the req request, signed with aws v4 signatures.
// If resp is not nil, the XML data contained in the response
// body will be unmarshalled on it.
func (s3 *S3) queryV4Sign(req *request, resp interface{}) error {
	if req.headers == nil {
		req.headers = map[string][]string{}
	}

	s3.setBaseURL(req)

	hreq, err := s3.setupHttpRequest(req)
	if err != nil {
		return err
	}

	signer := aws.NewV4Signer(s3.Auth, "s3", s3.Region)
	signer.IncludeXAmzContentSha256 = true
	signer.Sign(hreq)

	_, err = s3.doHttpRequest(hreq, resp)
	return err
}
Esempio n. 12
0
func (k *Kinesis) query(target string, query *Query) ([]byte, error) {
	data := strings.NewReader(query.String())
	hreq, err := http.NewRequest("POST", k.Region.KinesisEndpoint+"/", data)

	if err != nil {
		return nil, err
	}

	hreq.Header.Set("Content-Type", "application/x-amz-json-1.1")
	hreq.Header.Set("X-Amz-Date", time.Now().UTC().Format(aws.ISO8601BasicFormat))
	hreq.Header.Set("X-Amz-Target", target)

	signer := aws.NewV4Signer(k.Auth, "kinesis", k.Region)
	signer.Sign(hreq)

	resp, err := http.DefaultClient.Do(hreq)

	if err != nil {
		log.Printf("kinesis: Error calling Amazon\n: %v", err)
		return nil, err
	}

	defer resp.Body.Close()

	body, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		log.Printf("kinesis: Could not read response body\n")
		return nil, err
	}

	if debug {
		log.Printf("kinesis: response:\n")
		log.Printf("kinesis: %s", string(body))
	}

	// "A response code of 200 indicates the operation was successful."
	if resp.StatusCode != 200 {
		err = buildError(resp, body)
		return nil, err
	}

	return body, nil
}
Esempio n. 13
0
func (sts *STS) query(params map[string]string, resp interface{}) error {
	params["Version"] = "2011-06-15"

	data := strings.NewReader(multimap(params).Encode())

	hreq, err := http.NewRequest("POST", sts.Region.STSEndpoint+"/", data)
	if err != nil {
		return err
	}

	hreq.Header.Set("Content-Type", "application/x-www-form-urlencoded; param=value")

	token := sts.Auth.Token()
	if token != "" {
		hreq.Header.Set("X-Amz-Security-Token", token)
	}

	signer := aws.NewV4Signer(sts.Auth, "sts", sts.Region)
	signer.Sign(hreq)

	if debug {
		log.Printf("%v -> {\n", hreq)
	}
	r, err := http.DefaultClient.Do(hreq)

	if err != nil {
		log.Printf("Error calling Amazon")
		return err
	}

	defer r.Body.Close()

	if debug {
		dump, _ := httputil.DumpResponse(r, true)
		log.Printf("response:\n")
		log.Printf("%v\n}\n", string(dump))
	}
	if r.StatusCode != 200 {
		return buildError(r)
	}
	err = xml.NewDecoder(r.Body).Decode(resp)
	return err
}
Esempio n. 14
0
func (ec *ElastiCache) query(query string, response interface{}) error {
	url := ec.Region.ElastiCacheEndpoint + "/?" + query

	hreq, err := http.NewRequest("POST", url, nil)
	if err != nil {
		return err
	}

	hreq.Header.Set("Content-Type", "application/x-amz-json-1.0")
	hreq.Header.Set("X-Amz-Date", time.Now().UTC().Format(aws.ISO8601BasicFormat))

	token := ec.Auth.Token()
	if token != "" {
		hreq.Header.Set("X-Amz-Security-Token", token)
	}

	signer := aws.NewV4Signer(ec.Auth, "elasticache", ec.Region)
	signer.Sign(hreq)

	resp, err := http.DefaultClient.Do(hreq)

	if err != nil {
		return err
	}

	defer resp.Body.Close()

	if resp.StatusCode != 200 {
		return buildError(resp)
	}

	b, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		return err
	}

	return xml.Unmarshal(b, &response)
}
Esempio n. 15
0
// prepare sets up req to be delivered to S3.
func (s3 *S3) prepare(req *request) error {
	// Copy so they can be mutated without affecting on retries.
	params := make(url.Values)
	headers := make(http.Header)
	for k, v := range req.params {
		params[k] = v
	}
	for k, v := range req.headers {
		headers[k] = v
	}
	req.params = params
	req.headers = headers

	if !req.prepared {
		req.prepared = true
		if req.method == "" {
			req.method = "GET"
		}

		if !strings.HasPrefix(req.path, "/") {
			req.path = "/" + req.path
		}

		err := s3.setBaseURL(req)
		if err != nil {
			return err
		}
	}

	if s3.Signature == aws.V2Signature && s3.Auth.Token() != "" {
		req.headers["X-Amz-Security-Token"] = []string{s3.Auth.Token()}
	} else if s3.Auth.Token() != "" {
		req.params.Set("X-Amz-Security-Token", s3.Auth.Token())
	}

	if s3.Signature == aws.V2Signature {
		// Always sign again as it's not clear how far the
		// server has handled a previous attempt.
		u, err := url.Parse(req.baseurl)
		if err != nil {
			return err
		}

		signpathPatiallyEscaped := partiallyEscapedPath(req.path)
		req.headers["Host"] = []string{u.Host}
		req.headers["Date"] = []string{time.Now().In(time.UTC).Format(time.RFC1123)}

		sign(s3.Auth, req.method, signpathPatiallyEscaped, req.params, req.headers)
	} else {
		hreq, err := s3.setupHttpRequest(req)
		if err != nil {
			return err
		}

		hreq.Host = hreq.URL.Host
		signer := aws.NewV4Signer(s3.Auth, "s3", s3.Region)
		signer.IncludeXAmzContentSha256 = true
		signer.Sign(hreq)

		req.payload = hreq.Body
		if _, ok := headers["Content-Length"]; ok {
			req.headers["Content-Length"] = headers["Content-Length"]
		}
	}
	return nil
}
Esempio n. 16
0
func (s *RetrySuite) TestRetryPolicy(c *check.C) {
	// Save off the real endpoint, and then point it at a local proxy.
	endpoint := s.table.Server.Region.DynamoDBEndpoint
	policy := s.table.Server.RetryPolicy
	defer func() {
		s.table.Server.Region.DynamoDBEndpoint = endpoint
		s.table.Server.RetryPolicy = policy
	}()
	numCalls := 0
	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		numCalls++
		// Fake a failure the requested amount of times.
		if numCalls <= s.NumCallsToFail {
			b, _ := json.Marshal(map[string]interface{}{
				"__type": s.ErrorType,
				"Code":   "blah",
			})
			w.WriteHeader(s.ErrorStatusCode)
			io.WriteString(w, string(b))
			return
		}

		// Otherwise, proxy to actual DynamoDB endpoint. We reformat the request
		// with the same content.
		body, err := ioutil.ReadAll(r.Body)
		if err != nil {
			c.Fatal(err)
		}
		newr, err := http.NewRequest("POST", endpoint+"/", strings.NewReader(string(body)))
		headersToKeep := map[string]bool{
			"Content-Type":         true,
			"X-Amz-Date":           true,
			"X-Amz-Target":         true,
			"X-Amz-Security-Token": true,
		}
		for h, _ := range r.Header {
			if _, ok := headersToKeep[h]; ok {
				newr.Header.Set(h, r.Header.Get(h))
			}
		}

		signer := aws.NewV4Signer(s.table.Server.Auth, "dynamodb", s.table.Server.Region)
		signer.Sign(newr)

		resp, err := http.DefaultClient.Do(newr)
		if err != nil {
			c.Fatal(err)
		}
		body, err = ioutil.ReadAll(resp.Body)
		defer resp.Body.Close()
		if err != nil {
			c.Fatal(err)
		}
		w.WriteHeader(resp.StatusCode)
		io.WriteString(w, string(body))
	}))
	defer server.Close()
	rp := &retryPolicy{}
	s.table.Server.RetryPolicy = rp
	s.table.Server.Region.DynamoDBEndpoint = server.URL

	// Now make the request.
	k := &Key{HashKey: "NewHashKeyVal"}
	in := map[string]interface{}{
		"Attr1": "Attr1Val",
		"Attr2": 12,
	}
	err := s.table.PutDocument(k, in)
	if s.ExpectError {
		if err == nil {
			c.Fatalf("Expected error")
		}
	} else {
		if err != nil {
			c.Fatal(err)
		}
	}
	if rp.numCalls != s.NumCallsToFail {
		c.Fatalf("Expected %d failed calls, saw %d", s.NumCallsToFail, rp.numCalls)
	}
}
Esempio n. 17
0
func New(auth aws.Auth, region aws.Region) *SNS {
	return &SNS{auth, region, aws.NewV4Signer(auth, "sns", region), 0}
}