WIP - IAM role support

lmaitresym · Feb 12, 2014 · 6ae075f · 6ae075f
1 parent 2599b6f
commit 6ae075f
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 3 deletions.
diff --git a/awsauth.go b/awsauth.go
@@ -14,7 +14,7 @@ var Keys *Credentials
 type Credentials struct {
 	AccessKeyID     string
 	SecretAccessKey string
-	SecurityToken   string
+	SecurityToken   string `json:"Token"`
 }
 
 // Sign signs a request bound for AWS. It automatically chooses the best

diff --git a/awsauth_test.go b/awsauth_test.go
@@ -4,7 +4,7 @@ import (
 	. "github.com/smartystreets/goconvey/convey"
 	"net/http"
 	"net/url"
-	"os"
+	//"os"
 	"strings"
 	"testing"
 )
@@ -138,7 +138,8 @@ func TestSign(t *testing.T) {
 }
 
 func envCredentialsSet() bool {
-	return os.Getenv(envAccessKeyID) != "" && os.Getenv(envSecretAccessKey) != ""
+	// return os.Getenv(envAccessKeyID) != "" && os.Getenv(envSecretAccessKey) != ""
+	return true
 }
 
 func newRequest(method string, url string, v url.Values) *http.Request {

diff --git a/common.go b/common.go
@@ -14,6 +14,7 @@ import (
 	"os"
 	"strings"
 	"time"
+	"encoding/json"
 )
 
 func serviceAndRegion(host string) (string, string) {
@@ -47,8 +48,53 @@ func checkKeys() {
 			os.Getenv(envAccessKeyID),
 			os.Getenv(envSecretAccessKey),
 			os.Getenv(envSecurityToken),
+
 		}
 	}
+	// if accesskey and the secretkey are blank, get the key from the role
+	if Keys.AccessKeyID == "" {
+
+		Keys = getIAMRoleCredentials()
+	}
+	// if the expiration is set and it's less than 5 minutes in the future, get a new key
+}
+
+func getIAMRoleCredentials() *Credentials {
+
+	// Hack city!!
+
+	// Get a list of the roles that are available to this instance
+	url := "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
+	client := &http.Client{}
+	req, _ := http.NewRequest("GET", url, nil)
+	resp, _ := client.Do(req)
+	buf := new(bytes.Buffer)
+	buf.ReadFrom(resp.Body)
+	role := buf.String()
+
+
+
+	// append the url to get the url to the role
+	var buffer bytes.Buffer
+	buffer.WriteString(url)
+	buffer.WriteString(role)
+	roleurl := buffer.String()
+
+	// Get the role
+
+	rolereq, _ := http.NewRequest("GET", roleurl, nil)
+
+
+	roleresp, _ := client.Do(rolereq)
+	rolebuf := new(bytes.Buffer)
+	rolebuf.ReadFrom(roleresp.Body)
+
+	creds := Credentials{}
+
+	_ = json.Unmarshal(rolebuf.Bytes(), &creds)
+
+	return &creds
+
 }
 
 func augmentRequestQuery(req *http.Request, values url.Values) *http.Request {