// Retrieve generates a new set of temporary credentials using STS. func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) { // Apply defaults where parameters are not set. if p.Client == nil { p.Client = sts.New(nil) } if p.RoleSessionName == "" { // Try to work out a role name that will hopefully end up unique. p.RoleSessionName = fmt.Sprintf("%d", time.Now().UTC().UnixNano()) } if p.Duration == 0 { // Expire as often as AWS permits. p.Duration = 15 * time.Minute } roleOutput, err := p.Client.AssumeRole(&sts.AssumeRoleInput{ DurationSeconds: aws.Int64(int64(p.Duration / time.Second)), RoleArn: aws.String(p.RoleARN), RoleSessionName: aws.String(p.RoleSessionName), ExternalId: p.ExternalID, }) if err != nil { return credentials.Value{}, err } // We will proactively generate new credentials before they expire. p.SetExpiration(*roleOutput.Credentials.Expiration, p.ExpiryWindow) return credentials.Value{ AccessKeyID: *roleOutput.Credentials.AccessKeyId, SecretAccessKey: *roleOutput.Credentials.SecretAccessKey, SessionToken: *roleOutput.Credentials.SessionToken, }, nil }
func putVersions(vs Versions) error { data, err := json.MarshalIndent(vs, "", " ") if err != nil { return err } S3 := s3.New(&aws.Config{ Region: aws.String(os.Getenv("AWS_DEFAULT_REGION")), }) _, err = S3.PutObject(&s3.PutObjectInput{ ACL: aws.String("public-read"), Body: bytes.NewReader(data), Bucket: aws.String("convox"), ContentLength: aws.Int64(int64(len(data))), Key: aws.String("release/versions.json"), }) return err }
// Walk a bucket to create initial versions.json file func importVersions() (Versions, error) { S3 := s3.New(&aws.Config{ Region: aws.String(os.Getenv("AWS_DEFAULT_REGION")), }) res, err := S3.ListObjects(&s3.ListObjectsInput{ Bucket: aws.String("convox"), Delimiter: aws.String("/"), Prefix: aws.String("release/"), }) if err != nil { return nil, err } vs := Versions{} for _, p := range res.CommonPrefixes { parts := strings.Split(*p.Prefix, "/") version := parts[1] if version == "latest" { continue } vs = append(vs, Version{ Version: version, Published: false, Required: false, }) } err = putVersions(vs) return vs, err }