// ReadIAM explicitly mutates the global shared conf.Vals state by reading in the IAM. Use
// this function at program startup or any time you need to force a refresh of the IAM
// credentials.
func ReadIAM(rf *roles_files.RolesFiles) error {
roles_read_err := rf.RolesRead()
if roles_read_err != nil {
e := fmt.Sprintf("conf_iam.ReadIAM:cannot perform initial roles read: %s",
roles_read_err.Error())
return errors.New(e)
}
return AssignCredentials(rf)
}
// ReadIAMToConf will read the credentials data from rf and safely assign it to conf c.
func ReadIAMToConf(rf *roles_files.RolesFiles, c *conf.AWS_Conf) error {
if rf == nil || c == nil {
return errors.New("conf_iam.ReadIAMToConf: rf or c is nil")
}
roles_read_err := rf.RolesRead()
if roles_read_err != nil {
e := fmt.Sprintf("conf_iam.ReadIAM:cannot perform initial roles read: %s",
roles_read_err.Error())
return errors.New(e)
}
return AssignCredentialsToConf(rf, c)
}
// AssignCredentials locks the global state and copy over roles data.
func AssignCredentials(rf *roles_files.RolesFiles) error {
accessKey, secret, token, get_err := rf.Get()
if get_err != nil {
e := fmt.Sprintf("conf_iam.ReadIAM:cannot get a role file:%s",
get_err.Error())
return errors.New(e)
}
conf.Vals.ConfLock.Lock()
conf.Vals.IAM.Credentials.AccessKey = accessKey
conf.Vals.IAM.Credentials.Secret = secret
conf.Vals.IAM.Credentials.Token = token
conf.Vals.ConfLock.Unlock()
e := fmt.Sprintf("IAM credentials assigned at %v", time.Now())
slog.SLog(syslog.LOG_NOTICE, e, true)
return nil
}
// AssignCredentialsToConf will safely copy the credentials data from rf to the conf c.
func AssignCredentialsToConf(rf *roles_files.RolesFiles, c *conf.AWS_Conf) error {
if rf == nil || c == nil {
return errors.New("conf_iam.AssignCredentialsToConf: rf or c is nil")
}
accessKey, secret, token, get_err := rf.Get()
if get_err != nil {
e := fmt.Sprintf("conf_iam.AssignCredentialsToConf:cannot get a role file:%s",
get_err.Error())
return errors.New(e)
}
c.ConfLock.Lock()
c.IAM.Credentials.AccessKey = accessKey
c.IAM.Credentials.Secret = secret
c.IAM.Credentials.Token = token
c.ConfLock.Unlock()
e := fmt.Sprintf("IAM credentials assigned at %v", time.Now())
log.Printf(e)
return nil
}
// WatchIAM will receive notifications for changes in IAM files and update credentials when a read signal is received.
func WatchIAM(rf *roles_files.RolesFiles, watch_err_chan chan error) {
err_chan := make(chan error)
read_signal := make(chan bool)
go rf.RolesWatch(err_chan, read_signal)
e := "IAM watching set to true, waiting..."
slog.SLog(syslog.LOG_NOTICE, e, true)
for {
select {
case roles_watch_err := <-err_chan:
watch_err_chan <- roles_watch_err
case <-read_signal:
e := "WatchIAM received a read signal"
slog.SLog(syslog.LOG_NOTICE, e, true)
assign_err := AssignCredentials(rf)
if assign_err != nil {
watch_err_chan <- assign_err
}
}
}
}
// WatchIAMToConf will begin rf's RolesWatch method and wait to receive signals that new credentials
// are available to be assigned, which will then be safely copied to conf c.
func WatchIAMToConf(rf *roles_files.RolesFiles, c *conf.AWS_Conf, watch_err_chan chan error) {
if rf == nil || c == nil {
watch_err_chan <- errors.New("conf_iam.WatchIAMToConf: rf or c is nil")
return
}
err_chan := make(chan error)
read_signal := make(chan bool)
go rf.RolesWatch(err_chan, read_signal)
e := "IAM watching set to true, waiting..."
log.Printf(e)
for {
select {
case roles_watch_err := <-err_chan:
watch_err_chan <- roles_watch_err
case <-read_signal:
e := "WatchIAM received a read signal"
log.Printf(e)
assign_err := AssignCredentialsToConf(rf, c)
if assign_err != nil {
watch_err_chan <- assign_err
}
}
}
}
