JustAnotherArchivist
/
transfer.sh
atdalīts no kiska/transfer.sh
1
0
Atdalīts 1
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
243 Revīzijas
17 Atzari
34 MiB
 
 
 
Koks: 84643d1dc1
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '84643d1dc1'
${ noResults }
transfer.sh/vendor/github.com/goamz/goamz/sts/sts.go

274 rindas
6.6 KiB
Neapstrādāts Vainot Vēsture 

  1. //

  2. // sts: This package provides types and functions to interact with the AWS STS API

  3. //

  4. // Depends on https://github.com/goamz/goamz

  5. //

  6. 

  7. package sts

  8. 

  9. import (

  10. 	"encoding/xml"

  11. 	"fmt"

  12. 	"log"

  13. 	"net/http"

  14. 	"net/http/httputil"

  15. 	"net/url"

  16. 	"strconv"

  17. 	"strings"

  18. 	"time"

  19. 

  20. 	"github.com/goamz/goamz/aws"

  21. )

  22. 

  23. // The STS type encapsulates operations within a specific EC2 region.

  24. type STS struct {

  25. 	aws.Auth

  26. 	aws.Region

  27. 	private byte // Reserve the right of using private data.

  28. }

  29. 

  30. // New creates a new STS Client.

  31. // We can only use us-east for region because AWS..

  32. func New(auth aws.Auth, region aws.Region) *STS {

  33. 	// Make sure we can run the package tests

  34. 	if region.Name == "" {

  35. 		return &STS{auth, region, 0}

  36. 	}

  37. 	return &STS{auth, aws.Regions["us-east-1"], 0}

  38. }

  39. 

  40. const debug = false

  41. 

  42. // ----------------------------------------------------------------------------

  43. // Request dispatching logic.

  44. 

  45. // Error encapsulates an error returned by the AWS STS API.

  46. //

  47. // See http://goo.gl/zDZbuQ  for more details.

  48. type Error struct {

  49. 	// HTTP status code (200, 403, ...)

  50. 	StatusCode int

  51. 	// STS error code

  52. 	Code string

  53. 	// The human-oriented error message

  54. 	Message   string

  55. 	RequestId string `xml:"RequestID"`

  56. }

  57. 

  58. func (err *Error) Error() string {

  59. 	if err.Code == "" {

  60. 		return err.Message

  61. 	}

  62. 

  63. 	return fmt.Sprintf("%s (%s)", err.Message, err.Code)

  64. }

  65. 

  66. type xmlErrors struct {

  67. 	RequestId string  `xml:"RequestId"`

  68. 	Errors    []Error `xml:"Error"`

  69. }

  70. 

  71. func (sts *STS) query(params map[string]string, resp interface{}) error {

  72. 	params["Version"] = "2011-06-15"

  73. 

  74. 	data := strings.NewReader(multimap(params).Encode())

  75. 

  76. 	hreq, err := http.NewRequest("POST", sts.Region.STSEndpoint+"/", data)

  77. 	if err != nil {

  78. 		return err

  79. 	}

  80. 

  81. 	hreq.Header.Set("Content-Type", "application/x-www-form-urlencoded; param=value")

  82. 

  83. 	token := sts.Auth.Token()

  84. 	if token != "" {

  85. 		hreq.Header.Set("X-Amz-Security-Token", token)

  86. 	}

  87. 

  88. 	signer := aws.NewV4Signer(sts.Auth, "sts", sts.Region)

  89. 	signer.Sign(hreq)

  90. 

  91. 	if debug {

  92. 		log.Printf("%v -> {\n", hreq)

  93. 	}

  94. 	r, err := http.DefaultClient.Do(hreq)

  95. 

  96. 	if err != nil {

  97. 		log.Printf("Error calling Amazon")

  98. 		return err

  99. 	}

  100. 

  101. 	defer r.Body.Close()

  102. 

  103. 	if debug {

  104. 		dump, _ := httputil.DumpResponse(r, true)

  105. 		log.Printf("response:\n")

  106. 		log.Printf("%v\n}\n", string(dump))

  107. 	}

  108. 	if r.StatusCode != 200 {

  109. 		return buildError(r)

  110. 	}

  111. 	err = xml.NewDecoder(r.Body).Decode(resp)

  112. 	return err

  113. }

  114. 

  115. func buildError(r *http.Response) error {

  116. 	var (

  117. 		err    Error

  118. 		errors xmlErrors

  119. 	)

  120. 	xml.NewDecoder(r.Body).Decode(&errors)

  121. 	if len(errors.Errors) > 0 {

  122. 		err = errors.Errors[0]

  123. 	}

  124. 

  125. 	err.RequestId = errors.RequestId

  126. 	err.StatusCode = r.StatusCode

  127. 	if err.Message == "" {

  128. 		err.Message = r.Status

  129. 	}

  130. 	return &err

  131. }

  132. 

  133. func makeParams(action string) map[string]string {

  134. 	params := make(map[string]string)

  135. 	params["Action"] = action

  136. 	return params

  137. }

  138. 

  139. func multimap(p map[string]string) url.Values {

  140. 	q := make(url.Values, len(p))

  141. 	for k, v := range p {

  142. 		q[k] = []string{v}

  143. 	}

  144. 	return q

  145. }

  146. 

  147. // options for the AssumeRole function

  148. //

  149. // See http://goo.gl/Ld6Dbk for details

  150. type AssumeRoleParams struct {

  151. 	DurationSeconds int

  152. 	ExternalId      string

  153. 	Policy          string

  154. 	RoleArn         string

  155. 	RoleSessionName string

  156. }

  157. 

  158. type AssumedRoleUser struct {

  159. 	Arn           string `xml:"Arn"`

  160. 	AssumedRoleId string `xml:"AssumedRoleId"`

  161. }

  162. 

  163. type Credentials struct {

  164. 	AccessKeyId     string    `xml:"AccessKeyId"`

  165. 	Expiration      time.Time `xml:"Expiration"`

  166. 	SecretAccessKey string    `xml:"SecretAccessKey"`

  167. 	SessionToken    string    `xml:"SessionToken"`

  168. }

  169. 

  170. type AssumeRoleResult struct {

  171. 	AssumedRoleUser  AssumedRoleUser `xml:"AssumeRoleResult>AssumedRoleUser"`

  172. 	Credentials      Credentials     `xml:"AssumeRoleResult>Credentials"`

  173. 	PackedPolicySize int             `xml:"AssumeRoleResult>PackedPolicySize"`

  174. 	RequestId        string          `xml:"ResponseMetadata>RequestId"`

  175. }

  176. 

  177. // AssumeRole assumes the specified role

  178. //

  179. // See http://goo.gl/zDZbuQ for more details.

  180. func (sts *STS) AssumeRole(options *AssumeRoleParams) (resp *AssumeRoleResult, err error) {

  181. 	params := makeParams("AssumeRole")

  182. 

  183. 	params["RoleArn"] = options.RoleArn

  184. 	params["RoleSessionName"] = options.RoleSessionName

  185. 

  186. 	if options.DurationSeconds != 0 {

  187. 		params["DurationSeconds"] = strconv.Itoa(options.DurationSeconds)

  188. 	}

  189. 	if options.ExternalId != "" {

  190. 		params["ExternalId"] = options.ExternalId

  191. 	}

  192. 	if options.Policy != "" {

  193. 		params["Policy"] = options.Policy

  194. 	}

  195. 

  196. 	resp = new(AssumeRoleResult)

  197. 	if err := sts.query(params, resp); err != nil {

  198. 		return nil, err

  199. 	}

  200. 	return resp, nil

  201. }

  202. 

  203. // FederatedUser presents dentifiers for the federated user that is associated with the credentials.

  204. //

  205. // See http://goo.gl/uPtr7V for more details

  206. type FederatedUser struct {

  207. 	Arn             string `xml:"Arn"`

  208. 	FederatedUserId string `xml:"FederatedUserId"`

  209. }

  210. 

  211. // GetFederationToken wraps GetFederationToken response

  212. //

  213. // See http://goo.gl/Iujjeg for more details

  214. type GetFederationTokenResult struct {

  215. 	Credentials      Credentials   `xml:"GetFederationTokenResult>Credentials"`

  216. 	FederatedUser    FederatedUser `xml:"GetFederationTokenResult>FederatedUser"`

  217. 	PackedPolicySize int           `xml:"GetFederationTokenResult>PackedPolicySize"`

  218. 	RequestId        string        `xml:"ResponseMetadata>RequestId"`

  219. }

  220. 

  221. // GetFederationToken returns a set of temporary credentials for an AWS account or IAM user

  222. //

  223. // See http://goo.gl/Iujjeg for more details

  224. func (sts *STS) GetFederationToken(name, policy string, durationSeconds int) (

  225. 	resp *GetFederationTokenResult, err error) {

  226. 	params := makeParams("GetFederationToken")

  227. 	params["Name"] = name

  228. 

  229. 	if durationSeconds != 0 {

  230. 		params["DurationSeconds"] = strconv.Itoa(durationSeconds)

  231. 	}

  232. 	if policy != "" {

  233. 		params["Policy"] = policy

  234. 	}

  235. 

  236. 	resp = new(GetFederationTokenResult)

  237. 	if err := sts.query(params, resp); err != nil {

  238. 		return nil, err

  239. 	}

  240. 	return resp, nil

  241. }

  242. 

  243. // GetSessionToken wraps GetSessionToken response

  244. //

  245. // See http://goo.gl/v8s5Y for more details

  246. type GetSessionTokenResult struct {

  247. 	Credentials Credentials `xml:"GetSessionTokenResult>Credentials"`

  248. 	RequestId   string      `xml:"ResponseMetadata>RequestId"`

  249. }

  250. 

  251. // GetSessionToken returns a set of temporary credentials for an AWS account or IAM user

  252. //

  253. // See http://goo.gl/v8s5Y for more details

  254. func (sts *STS) GetSessionToken(durationSeconds int, serialnNumber, tokenCode string) (

  255. 	resp *GetSessionTokenResult, err error) {

  256. 	params := makeParams("GetSessionToken")

  257. 

  258. 	if durationSeconds != 0 {

  259. 		params["DurationSeconds"] = strconv.Itoa(durationSeconds)

  260. 	}

  261. 	if serialnNumber != "" {

  262. 		params["SerialNumber"] = serialnNumber

  263. 	}

  264. 	if tokenCode != "" {

  265. 		params["TokenCode"] = tokenCode

  266. 	}

  267. 

  268. 	resp = new(GetSessionTokenResult)

  269. 	if err := sts.query(params, resp); err != nil {

  270. 		return nil, err

  271. 	}

  272. 	return resp, nil

  273. }