forked from fujiwara/stretcher
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaws.go
120 lines (104 loc) · 2.79 KB
/
aws.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package stretcher
import (
"errors"
"log"
"os"
"path/filepath"
"time"
"github.com/AdRoll/goamz/aws"
homedir "github.com/mitchellh/go-homedir"
ini "github.com/vaughan0/go-ini"
)
const (
AWSDefaultRegionName = "us-east-1"
AWSDefaultProfileName = "default"
)
func isValidAuth(auth aws.Auth) bool {
return auth.AccessKey != "" && auth.SecretKey != ""
}
func isValidRegion(region aws.Region) bool {
return region.Name != ""
}
func LoadAWSCredentials(profileName string) (aws.Auth, aws.Region, error) {
if profileName == "" {
if p := os.Getenv("AWS_DEFAULT_PROFILE"); p != "" {
profileName = p
} else {
profileName = AWSDefaultProfileName
}
}
var awsAuth aws.Auth
var awsRegion aws.Region
// load from File (~/.aws/config, ~/.aws/credentials)
configFile := os.Getenv("AWS_CONFIG_FILE")
if configFile == "" {
if dir, err := homedir.Dir(); err == nil {
configFile = filepath.Join(dir, ".aws", "config")
}
}
dir, _ := filepath.Split(configFile)
_profile := AWSDefaultProfileName
if profileName != AWSDefaultProfileName {
_profile = "profile " + profileName
}
auth, region, _ := loadAWSConfigFile(configFile, _profile)
if isValidAuth(auth) {
awsAuth = auth
}
if isValidRegion(region) {
awsRegion = region
}
credFile := filepath.Join(dir, "credentials")
auth, region, _ = loadAWSConfigFile(credFile, profileName)
if isValidAuth(auth) {
awsAuth = auth
}
if isValidRegion(region) {
awsRegion = region
}
// Override by environment valiable
if region := os.Getenv("AWS_DEFAULT_REGION"); region != "" {
awsRegion = aws.GetRegion(region)
}
if os.Getenv("AWS_ACCESS_KEY_ID") != "" && os.Getenv("AWS_SECRET_ACCESS_KEY") != "" {
if auth, _ := aws.EnvAuth(); isValidAuth(auth) {
awsAuth = auth
}
}
if isValidAuth(awsAuth) && isValidRegion(awsRegion) {
return awsAuth, awsRegion, nil
}
// Otherwise, use IAM Role
cred, err := aws.GetInstanceCredentials()
if err == nil {
exptdate, err := time.Parse("2006-01-02T15:04:05Z", cred.Expiration)
if err == nil {
auth := aws.NewAuth(cred.AccessKeyId, cred.SecretAccessKey, cred.Token, exptdate)
awsAuth = *auth
}
}
if isValidAuth(awsAuth) && isValidRegion(awsRegion) {
return awsAuth, awsRegion, nil
}
return awsAuth, awsRegion, errors.New("cannot detect valid credentials or region")
}
func loadAWSConfigFile(fileName string, profileName string) (aws.Auth, aws.Region, error) {
var auth aws.Auth
var region aws.Region
conf, err := ini.LoadFile(fileName)
if err != nil {
return auth, region, err
}
log.Printf("Loading file %s [%s]", fileName, profileName)
for key, value := range conf[profileName] {
switch key {
case "aws_access_key_id":
auth.AccessKey = value
case "aws_secret_access_key":
auth.SecretKey = value
case "region":
region = aws.GetRegion(value)
}
}
return auth, region, nil
}