func (sb signerBuilder) BuildSigner() signer {
endpoint := "https://" + sb.ServiceName + "." + sb.Region + ".amazonaws.com"
var req *http.Request
if sb.Method == "POST" {
body := []byte(sb.Query.Encode())
reader := bytes.NewReader(body)
req, _ = http.NewRequest(sb.Method, endpoint, reader)
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
req.Header.Add("Content-Length", string(len(body)))
} else {
req, _ = http.NewRequest(sb.Method, endpoint, nil)
req.URL.RawQuery = sb.Query.Encode()
}
sig := signer{
Request: req,
Time: sb.SignTime,
Credentials: credentials.NewStaticCredentials(
"AKID",
"SECRET",
sb.SessionToken),
}
if os.Getenv("DEBUG") != "" {
sig.Debug = aws.LogDebug
sig.Logger = aws.NewDefaultLogger()
}
return sig
}
func New(conf *AwsConfig) (*AwsImages, error) {
checkCfg := "Please check your configuration"
if len(conf.Regions) == 0 {
return nil, errors.New("AWS Regions are not set. " + checkCfg)
}
if conf.AccessKey == "" {
return nil, errors.New("AWS Access Key is not set. " + checkCfg)
}
if conf.SecretKey == "" {
return nil, errors.New("AWS Secret Key is not set. " + checkCfg)
}
// increase the timeout
timeout := time.Second * 30
client := &http.Client{
Transport: &http.Transport{TLSHandshakeTimeout: timeout},
Timeout: timeout,
}
creds := credentials.NewStaticCredentials(conf.AccessKey, conf.SecretKey, "")
awsCfg := &awsclient.Config{
Credentials: creds,
HTTPClient: client,
Logger: awsclient.NewDefaultLogger(),
}
m := newMultiRegion(awsCfg, filterRegions(conf.Regions, conf.RegionsExclude))
return &AwsImages{
services: m,
images: make(map[string][]*ec2.Image),
}, nil
}
func copyConfig(config *Config) *aws.Config {
if config == nil {
config = &Config{}
}
c := &aws.Config{
Credentials: credentials.AnonymousCredentials,
Endpoint: config.Endpoint,
HTTPClient: config.HTTPClient,
Logger: config.Logger,
LogLevel: config.LogLevel,
MaxRetries: config.MaxRetries,
}
if c.HTTPClient == nil {
c.HTTPClient = http.DefaultClient
}
if c.Logger == nil {
c.Logger = aws.NewDefaultLogger()
}
if c.LogLevel == nil {
c.LogLevel = aws.LogLevel(aws.LogOff)
}
if c.MaxRetries == nil {
c.MaxRetries = aws.Int(DefaultRetries)
}
return c
}
// Config returns the default configuration without credentials.
// To retrieve a config with credentials also included use
// `defaults.Get().Config` instead.
//
// Generally you shouldn't need to use this method directly, but
// is available if you need to reset the configuration of an
// existing service client or session.
func Config() *aws.Config {
return aws.NewConfig().
WithCredentials(credentials.AnonymousCredentials).
WithRegion(os.Getenv("AWS_REGION")).
WithHTTPClient(http.DefaultClient).
WithMaxRetries(aws.UseServiceDefaultRetries).
WithLogger(aws.NewDefaultLogger()).
WithLogLevel(aws.LogOff).
WithSleepDelay(time.Sleep)
}
func awsConfig(id, secret, region string) *aws.Config {
return &aws.Config{
Credentials: credentials.NewChainCredentials([]credentials.Provider{
&credentials.StaticProvider{
Value: credentials.Value{AccessKeyID: id, SecretAccessKey: secret},
},
}),
Logger: aws.NewDefaultLogger(),
Region: ®ion,
}
}
func newDynamoTestConfig() *aws.Config {
hostport := os.Getenv("DYNAMODB_HOSTPORT")
if hostport == "" {
println("DYNAMODB_HOSTPORT is undefined")
if testing.Short() {
println("This test should not run when testing.short")
}
os.Exit(1)
}
endpoint := "http://" + hostport
cfg := aws.NewConfig().
WithCredentials(credentials.NewStaticCredentials("aws_id", "aws_secret", "")).
WithEndpoint(endpoint).
WithRegion("us-east-1").
WithLogger(aws.NewDefaultLogger())
if testing.Verbose() {
cfg = cfg.WithLogLevel(aws.LogDebugWithHTTPBody)
}
return cfg
}
func buildSigner(serviceName string, region string, signTime time.Time, query url.Values) signer {
endpoint := "https://" + serviceName + "." + region + ".amazonaws.com"
req, _ := http.NewRequest("POST", endpoint, nil)
req.URL.RawQuery = query.Encode()
signer := signer{
Request: req,
Time: signTime,
Credentials: credentials.NewStaticCredentials(
"AKIAJG6V72ZBDMWPMSWQ",
"P9MvpCRxpwo2UexwMYbduHEoVcBPJQZO2GVsKNCD",
""),
}
if os.Getenv("DEBUG") != "" {
signer.Debug = 1
signer.Logger = aws.NewDefaultLogger()
}
return signer
}
func copyConfig(config *Config) *aws.Config {
if config == nil {
config = &Config{}
}
c := &aws.Config{
Credentials: credentials.AnonymousCredentials,
Endpoint: config.Endpoint,
HTTPClient: config.HTTPClient,
Logger: config.Logger,
LogLevel: config.LogLevel,
MaxRetries: config.MaxRetries,
}
if c.HTTPClient == nil {
c.HTTPClient = &http.Client{
Transport: &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
// use a shorter timeout than default because the metadata
// service is local if it is running, and to fail faster
// if not running on an ec2 instance.
Timeout: 5 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
},
}
}
if c.Logger == nil {
c.Logger = aws.NewDefaultLogger()
}
if c.LogLevel == nil {
c.LogLevel = aws.LogLevel(aws.LogOff)
}
if c.MaxRetries == nil {
c.MaxRetries = aws.Int(DefaultRetries)
}
return c
}
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
)
// DefaultChainCredentials is a Credentials which will find the first available
// credentials Value from the list of Providers.
//
// This should be used in the default case. Once the type of credentials are
// known switching to the specific Credentials will be more efficient.
var DefaultChainCredentials = credentials.NewChainCredentials(
[]credentials.Provider{
&credentials.EnvProvider{},
&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},
&ec2rolecreds.EC2RoleProvider{ExpiryWindow: 5 * time.Minute},
})
// DefaultConfig is the default all service configuration will be based off of.
// By default, all clients use this structure for initialization options unless
// a custom configuration object is passed in.
//
// You may modify this global structure to change all default configuration
// in the SDK. Note that configuration options are copied by value, so any
// modifications must happen before constructing a client.
var DefaultConfig = aws.NewConfig().
WithCredentials(DefaultChainCredentials).
WithRegion(os.Getenv("AWS_REGION")).
WithHTTPClient(http.DefaultClient).
WithMaxRetries(aws.DefaultRetries).
WithLogger(aws.NewDefaultLogger()).
WithLogLevel(aws.LogOff)
func (p *SigningRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
glog.V(2).Infof("Got request: %s %s", req.Method, req.URL)
// Fix the host header in case broken by proxy-rewrite
if req.URL.Host != "" {
req.Host = req.URL.Host
}
// I think the AWS authentication proxy does not like forwarded headers
for k := range req.Header {
lk := strings.ToLower(k)
if lk == "x-forwarded-host" {
delete(req.Header, k)
}
if lk == "x-forwarded-for" {
delete(req.Header, k)
}
if lk == "x-forwarded-proto" {
delete(req.Header, k)
}
if lk == "x-forward-for" {
delete(req.Header, k)
}
if lk == "x-forward-proto" {
delete(req.Header, k)
}
if lk == "x-forward-port" {
delete(req.Header, k)
}
if lk == "x-forwarded-port" {
delete(req.Header, k)
}
if lk == "x-forwarded-prefix" {
delete(req.Header, k)
}
if lk == "x-netflix-httpclientname" {
delete(req.Header, k)
}
if lk == "x-newrelic-id" {
delete(req.Header, k)
}
if lk == "x-newrelic-transaction" {
delete(req.Header, k)
}
if lk == "netflix.nfhttpclient.version" {
delete(req.Header, k)
}
}
// We're going to put our own auth headers on here
delete(req.Header, "Authorization")
var body []byte
var err error
if req.Body != nil {
body, err = ioutil.ReadAll(req.Body)
if err != nil {
glog.Infof("error reading request body: %v", err)
return nil, err
}
}
if req.Method == "GET" || req.Method == "HEAD" {
delete(req.Header, "Content-Length")
}
oldPath := req.URL.Path
if oldPath != "" {
// Escape the path before signing so that the path in the signature and
// the path in the request match.
req.URL.Path = req.URL.EscapedPath()
glog.V(4).Infof("Path -> %q", req.URL.Path)
}
awsReq := &request.Request{}
awsReq.Config.Credentials = p.credentials
awsReq.Config.Region = aws.String(p.region)
awsReq.ClientInfo.ServiceName = SERVICE_NAME
awsReq.HTTPRequest = req
awsReq.Time = time.Now()
awsReq.ExpireTime = 0
if body != nil {
awsReq.Body = bytes.NewReader(body)
}
if glog.V(4) {
awsReq.Config.LogLevel = aws.LogLevel(aws.LogDebugWithSigning)
awsReq.Config.Logger = aws.NewDefaultLogger()
}
v4.Sign(awsReq)
if awsReq.Error != nil {
glog.Warningf("error signing request: %v", awsReq.Error)
return nil, awsReq.Error
}
req.URL.Path = oldPath
if body != nil {
req.Body = ioutil.NopCloser(bytes.NewReader(body))
}
response, err := p.inner.RoundTrip(req)
if err != nil {
glog.Warning("Request error: ", err)
return nil, err
} else {
glog.V(2).Infof("response %s", response.Status)
return response, err
}
}
