// initializeCredentialsEndpoint sets the credentials endpoint for all containers in a task if needed.
func (task *Task) initializeCredentialsEndpoint(credentialsManager credentials.Manager) {
id := task.GetCredentialsId()
if id == "" {
// No credentials set for the task. Do not inject the endpoint environment variable.
return
}
taskCredentials, ok := credentialsManager.GetTaskCredentials(id)
if !ok {
// Task has credentials id set, but credentials manager is unaware of
// the id. This should never happen as the payload handler sets
// credentialsId for the task after adding credentials to the
// credentials manager
seelog.Errorf("Unable to get credentials for task: %s", task.Arn)
return
}
credentialsEndpointRelativeURI := taskCredentials.IAMRoleCredentials.GenerateCredentialsEndpointRelativeURI()
for _, container := range task.Containers {
// container.Environment map would not be initialized if there are
// no environment variables to be set or overridden in the container
// config. Check if that's the case and initilialize if needed
if container.Environment == nil {
container.Environment = make(map[string]string)
}
container.Environment[awsSDKCredentialsRelativeURIPathEnvironmentVariableName] = credentialsEndpointRelativeURI
}
}
// processCredentialsV1Request returns the response json containing credentials for the credentials id in the request
func processCredentialsV1Request(credentialsManager credentials.Manager, r *http.Request) ([]byte, string, *errorMessage, error) {
credentialsId, ok := handlers.ValueFromRequest(r, credentials.CredentialsIdQueryParameterName)
if !ok {
errText := "CredentialsV1Request: No ID in the request"
log.Infof("%s. Request IP Address: %s", errText, r.RemoteAddr)
msg := &errorMessage{
Code: NoIdInRequest,
Message: errText,
httpErrorCode: http.StatusBadRequest,
}
return nil, "", msg, errors.New(errText)
}
credentials, ok := credentialsManager.GetTaskCredentials(credentialsId)
if !ok {
errText := "CredentialsV1Request: ID not found"
log.Infof("%s. Request IP Address: %s", errText, r.RemoteAddr)
msg := &errorMessage{
Code: InvalidIdInRequest,
Message: errText,
httpErrorCode: http.StatusBadRequest,
}
return nil, "", msg, errors.New(errText)
}
if credentials == nil {
// This can happen when the agent is restarted and is reconciling its state.
errText := "CredentialsV1Request: Credentials uninitialized for ID"
log.Infof("%s. Request IP Address: %s", errText, r.RemoteAddr)
msg := &errorMessage{
Code: CredentialsUninitialized,
Message: errText,
httpErrorCode: http.StatusServiceUnavailable,
}
return nil, "", msg, errors.New(errText)
}
credentialsJSON, err := json.Marshal(credentials.IAMRoleCredentials)
if err != nil {
errText := "CredentialsV1Request: Error marshaling credentials"
log.Errorf("%s. Request IP Address: %s", errText, r.RemoteAddr)
msg := &errorMessage{
Code: InternalServerError,
Message: "Internal server error",
httpErrorCode: http.StatusInternalServerError,
}
return nil, "", msg, errors.New(errText)
}
//Success
return credentialsJSON, credentials.ARN, nil, nil
}