fionera
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
195 Commits
9 Branches
34 MiB
 
 
 
Tree: 6d68ad982f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6d68ad982f'
${ noResults }
transfer.sh/transfersh-server/vendor/github.com/goamz/goamz/aws/aws.go

434 lines
11 KiB
Raw Blame History 

  1. //

  2. // goamz - Go packages to interact with the Amazon Web Services.

  3. //

  4. //   https://wiki.ubuntu.com/goamz

  5. //

  6. // Copyright (c) 2011 Canonical Ltd.

  7. //

  8. // Written by Gustavo Niemeyer <gustavo.niemeyer@canonical.com>

  9. //

  10. package aws

  11. 

  12. import (

  13. 	"encoding/json"

  14. 	"encoding/xml"

  15. 	"errors"

  16. 	"fmt"

  17. 	"io/ioutil"

  18. 	"net/http"

  19. 	"net/url"

  20. 	"os"

  21. 	"time"

  22. 

  23. 	"github.com/vaughan0/go-ini"

  24. )

  25. 

  26. // Defines the valid signers

  27. const (

  28. 	V2Signature      = iota

  29. 	V4Signature      = iota

  30. 	Route53Signature = iota

  31. )

  32. 

  33. // Defines the service endpoint and correct Signer implementation to use

  34. // to sign requests for this endpoint

  35. type ServiceInfo struct {

  36. 	Endpoint string

  37. 	Signer   uint

  38. }

  39. 

  40. // Region defines the URLs where AWS services may be accessed.

  41. //

  42. // See http://goo.gl/d8BP1 for more details.

  43. type Region struct {

  44. 	Name                    string // the canonical name of this region.

  45. 	EC2Endpoint             string

  46. 	S3Endpoint              string

  47. 	S3BucketEndpoint        string // Not needed by AWS S3. Use ${bucket} for bucket name.

  48. 	S3LocationConstraint    bool   // true if this region requires a LocationConstraint declaration.

  49. 	S3LowercaseBucket       bool   // true if the region requires bucket names to be lower case.

  50. 	SDBEndpoint             string

  51. 	SESEndpoint             string

  52. 	SNSEndpoint             string

  53. 	SQSEndpoint             string

  54. 	IAMEndpoint             string

  55. 	ELBEndpoint             string

  56. 	DynamoDBEndpoint        string

  57. 	CloudWatchServicepoint  ServiceInfo

  58. 	AutoScalingEndpoint     string

  59. 	RDSEndpoint             ServiceInfo

  60. 	STSEndpoint             string

  61. 	CloudFormationEndpoint  string

  62. 	ECSEndpoint             string

  63. 	DynamoDBStreamsEndpoint string

  64. }

  65. 

  66. var Regions = map[string]Region{

  67. 	APNortheast.Name:  APNortheast,

  68. 	APSoutheast.Name:  APSoutheast,

  69. 	APSoutheast2.Name: APSoutheast2,

  70. 	EUCentral.Name:    EUCentral,

  71. 	EUWest.Name:       EUWest,

  72. 	USEast.Name:       USEast,

  73. 	USWest.Name:       USWest,

  74. 	USWest2.Name:      USWest2,

  75. 	USGovWest.Name:    USGovWest,

  76. 	SAEast.Name:       SAEast,

  77. 	CNNorth.Name:      CNNorth,

  78. }

  79. 

  80. // Designates a signer interface suitable for signing AWS requests, params

  81. // should be appropriately encoded for the request before signing.

  82. //

  83. // A signer should be initialized with Auth and the appropriate endpoint.

  84. type Signer interface {

  85. 	Sign(method, path string, params map[string]string)

  86. }

  87. 

  88. // An AWS Service interface with the API to query the AWS service

  89. //

  90. // Supplied as an easy way to mock out service calls during testing.

  91. type AWSService interface {

  92. 	// Queries the AWS service at a given method/path with the params and

  93. 	// returns an http.Response and error

  94. 	Query(method, path string, params map[string]string) (*http.Response, error)

  95. 	// Builds an error given an XML payload in the http.Response, can be used

  96. 	// to process an error if the status code is not 200 for example.

  97. 	BuildError(r *http.Response) error

  98. }

  99. 

  100. // Implements a Server Query/Post API to easily query AWS services and build

  101. // errors when desired

  102. type Service struct {

  103. 	service ServiceInfo

  104. 	signer  Signer

  105. }

  106. 

  107. // Create a base set of params for an action

  108. func MakeParams(action string) map[string]string {

  109. 	params := make(map[string]string)

  110. 	params["Action"] = action

  111. 	return params

  112. }

  113. 

  114. // Create a new AWS server to handle making requests

  115. func NewService(auth Auth, service ServiceInfo) (s *Service, err error) {

  116. 	var signer Signer

  117. 	switch service.Signer {

  118. 	case V2Signature:

  119. 		signer, err = NewV2Signer(auth, service)

  120. 	// case V4Signature:

  121. 	// 	signer, err = NewV4Signer(auth, service, Regions["eu-west-1"])

  122. 	default:

  123. 		err = fmt.Errorf("Unsupported signer for service")

  124. 	}

  125. 	if err != nil {

  126. 		return

  127. 	}

  128. 	s = &Service{service: service, signer: signer}

  129. 	return

  130. }

  131. 

  132. func (s *Service) Query(method, path string, params map[string]string) (resp *http.Response, err error) {

  133. 	params["Timestamp"] = time.Now().UTC().Format(time.RFC3339)

  134. 	u, err := url.Parse(s.service.Endpoint)

  135. 	if err != nil {

  136. 		return nil, err

  137. 	}

  138. 	u.Path = path

  139. 

  140. 	s.signer.Sign(method, path, params)

  141. 	if method == "GET" {

  142. 		u.RawQuery = multimap(params).Encode()

  143. 		resp, err = http.Get(u.String())

  144. 	} else if method == "POST" {

  145. 		resp, err = http.PostForm(u.String(), multimap(params))

  146. 	}

  147. 

  148. 	return

  149. }

  150. 

  151. func (s *Service) BuildError(r *http.Response) error {

  152. 	errors := ErrorResponse{}

  153. 	xml.NewDecoder(r.Body).Decode(&errors)

  154. 	var err Error

  155. 	err = errors.Errors

  156. 	err.RequestId = errors.RequestId

  157. 	err.StatusCode = r.StatusCode

  158. 	if err.Message == "" {

  159. 		err.Message = r.Status

  160. 	}

  161. 	return &err

  162. }

  163. 

  164. type ErrorResponse struct {

  165. 	Errors    Error  `xml:"Error"`

  166. 	RequestId string // A unique ID for tracking the request

  167. }

  168. 

  169. type Error struct {

  170. 	StatusCode int

  171. 	Type       string

  172. 	Code       string

  173. 	Message    string

  174. 	RequestId  string

  175. }

  176. 

  177. func (err *Error) Error() string {

  178. 	return fmt.Sprintf("Type: %s, Code: %s, Message: %s",

  179. 		err.Type, err.Code, err.Message,

  180. 	)

  181. }

  182. 

  183. type Auth struct {

  184. 	AccessKey, SecretKey string

  185. 	token                string

  186. 	expiration           time.Time

  187. }

  188. 

  189. func (a *Auth) Token() string {

  190. 	if a.token == "" {

  191. 		return ""

  192. 	}

  193. 	if time.Since(a.expiration) >= -30*time.Second { //in an ideal world this should be zero assuming the instance is synching it's clock

  194. 		*a, _ = GetAuth("", "", "", time.Time{})

  195. 	}

  196. 	return a.token

  197. }

  198. 

  199. func (a *Auth) Expiration() time.Time {

  200. 	return a.expiration

  201. }

  202. 

  203. // To be used with other APIs that return auth credentials such as STS

  204. func NewAuth(accessKey, secretKey, token string, expiration time.Time) *Auth {

  205. 	return &Auth{

  206. 		AccessKey:  accessKey,

  207. 		SecretKey:  secretKey,

  208. 		token:      token,

  209. 		expiration: expiration,

  210. 	}

  211. }

  212. 

  213. // ResponseMetadata

  214. type ResponseMetadata struct {

  215. 	RequestId string // A unique ID for tracking the request

  216. }

  217. 

  218. type BaseResponse struct {

  219. 	ResponseMetadata ResponseMetadata

  220. }

  221. 

  222. var unreserved = make([]bool, 128)

  223. var hex = "0123456789ABCDEF"

  224. 

  225. func init() {

  226. 	// RFC3986

  227. 	u := "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz01234567890-_.~"

  228. 	for _, c := range u {

  229. 		unreserved[c] = true

  230. 	}

  231. }

  232. 

  233. func multimap(p map[string]string) url.Values {

  234. 	q := make(url.Values, len(p))

  235. 	for k, v := range p {

  236. 		q[k] = []string{v}

  237. 	}

  238. 	return q

  239. }

  240. 

  241. type credentials struct {

  242. 	Code            string

  243. 	LastUpdated     string

  244. 	Type            string

  245. 	AccessKeyId     string

  246. 	SecretAccessKey string

  247. 	Token           string

  248. 	Expiration      string

  249. }

  250. 

  251. // GetMetaData retrieves instance metadata about the current machine.

  252. //

  253. // See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AESDG-chapter-instancedata.html for more details.

  254. func GetMetaData(path string) (contents []byte, err error) {

  255. 	url := "http://169.254.169.254/latest/meta-data/" + path

  256. 

  257. 	resp, err := RetryingClient.Get(url)

  258. 	if err != nil {

  259. 		return

  260. 	}

  261. 	defer resp.Body.Close()

  262. 

  263. 	if resp.StatusCode != 200 {

  264. 		err = fmt.Errorf("Code %d returned for url %s", resp.StatusCode, url)

  265. 		return

  266. 	}

  267. 

  268. 	body, err := ioutil.ReadAll(resp.Body)

  269. 	if err != nil {

  270. 		return

  271. 	}

  272. 	return []byte(body), err

  273. }

  274. 

  275. func getInstanceCredentials() (cred credentials, err error) {

  276. 	credentialPath := "iam/security-credentials/"

  277. 

  278. 	// Get the instance role

  279. 	role, err := GetMetaData(credentialPath)

  280. 	if err != nil {

  281. 		return

  282. 	}

  283. 

  284. 	// Get the instance role credentials

  285. 	credentialJSON, err := GetMetaData(credentialPath + string(role))

  286. 	if err != nil {

  287. 		return

  288. 	}

  289. 

  290. 	err = json.Unmarshal([]byte(credentialJSON), &cred)

  291. 	return

  292. }

  293. 

  294. // GetAuth creates an Auth based on either passed in credentials,

  295. // environment information or instance based role credentials.

  296. func GetAuth(accessKey string, secretKey, token string, expiration time.Time) (auth Auth, err error) {

  297. 	// First try passed in credentials

  298. 	if accessKey != "" && secretKey != "" {

  299. 		return Auth{accessKey, secretKey, token, expiration}, nil

  300. 	}

  301. 

  302. 	// Next try to get auth from the shared credentials file

  303. 	auth, err = SharedAuth()

  304. 	if err == nil {

  305. 		// Found auth, return

  306. 		return

  307. 	}

  308. 

  309. 	// Next try to get auth from the environment

  310. 	auth, err = EnvAuth()

  311. 	if err == nil {

  312. 		// Found auth, return

  313. 		return

  314. 	}

  315. 

  316. 	// Next try getting auth from the instance role

  317. 	cred, err := getInstanceCredentials()

  318. 	if err == nil {

  319. 		// Found auth, return

  320. 		auth.AccessKey = cred.AccessKeyId

  321. 		auth.SecretKey = cred.SecretAccessKey

  322. 		auth.token = cred.Token

  323. 		exptdate, err := time.Parse("2006-01-02T15:04:05Z", cred.Expiration)

  324. 		if err != nil {

  325. 			err = fmt.Errorf("Error Parseing expiration date: cred.Expiration :%s , error: %s \n", cred.Expiration, err)

  326. 		}

  327. 		auth.expiration = exptdate

  328. 		return auth, err

  329. 	}

  330. 	err = errors.New("No valid AWS authentication found")

  331. 	return auth, err

  332. }

  333. 

  334. // EnvAuth creates an Auth based on environment information.

  335. // The AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment

  336. // variables are used.

  337. // AWS_SESSION_TOKEN is used if present.

  338. func EnvAuth() (auth Auth, err error) {

  339. 	auth.AccessKey = os.Getenv("AWS_ACCESS_KEY_ID")

  340. 	if auth.AccessKey == "" {

  341. 		auth.AccessKey = os.Getenv("AWS_ACCESS_KEY")

  342. 	}

  343. 

  344. 	auth.SecretKey = os.Getenv("AWS_SECRET_ACCESS_KEY")

  345. 	if auth.SecretKey == "" {

  346. 		auth.SecretKey = os.Getenv("AWS_SECRET_KEY")

  347. 	}

  348. 	if auth.AccessKey == "" {

  349. 		err = errors.New("AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment")

  350. 	}

  351. 	if auth.SecretKey == "" {

  352. 		err = errors.New("AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY not found in environment")

  353. 	}

  354. 

  355. 	auth.token = os.Getenv("AWS_SESSION_TOKEN")

  356. 	return

  357. }

  358. 

  359. // SharedAuth creates an Auth based on shared credentials stored in

  360. // $HOME/.aws/credentials. The AWS_PROFILE environment variables is used to

  361. // select the profile.

  362. func SharedAuth() (auth Auth, err error) {

  363. 	var profileName = os.Getenv("AWS_PROFILE")

  364. 

  365. 	if profileName == "" {

  366. 		profileName = "default"

  367. 	}

  368. 

  369. 	var credentialsFile = os.Getenv("AWS_CREDENTIAL_FILE")

  370. 	if credentialsFile == "" {

  371. 		var homeDir = os.Getenv("HOME")

  372. 		if homeDir == "" {

  373. 			err = errors.New("Could not get HOME")

  374. 			return

  375. 		}

  376. 		credentialsFile = homeDir + "/.aws/credentials"

  377. 	}

  378. 

  379. 	file, err := ini.LoadFile(credentialsFile)

  380. 	if err != nil {

  381. 		err = errors.New("Couldn't parse AWS credentials file")

  382. 		return

  383. 	}

  384. 

  385. 	var profile = file[profileName]

  386. 	if profile == nil {

  387. 		err = errors.New("Couldn't find profile in AWS credentials file")

  388. 		return

  389. 	}

  390. 

  391. 	auth.AccessKey = profile["aws_access_key_id"]

  392. 	auth.SecretKey = profile["aws_secret_access_key"]

  393. 	auth.token = profile["aws_session_token"]

  394. 

  395. 	if auth.AccessKey == "" {

  396. 		err = errors.New("AWS_ACCESS_KEY_ID not found in environment in credentials file")

  397. 	}

  398. 	if auth.SecretKey == "" {

  399. 		err = errors.New("AWS_SECRET_ACCESS_KEY not found in credentials file")

  400. 	}

  401. 	return

  402. }

  403. 

  404. // Encode takes a string and URI-encodes it in a way suitable

  405. // to be used in AWS signatures.

  406. func Encode(s string) string {

  407. 	encode := false

  408. 	for i := 0; i != len(s); i++ {

  409. 		c := s[i]

  410. 		if c > 127 || !unreserved[c] {

  411. 			encode = true

  412. 			break

  413. 		}

  414. 	}

  415. 	if !encode {

  416. 		return s

  417. 	}

  418. 	e := make([]byte, len(s)*3)

  419. 	ei := 0

  420. 	for i := 0; i != len(s); i++ {

  421. 		c := s[i]

  422. 		if c > 127 || !unreserved[c] {

  423. 			e[ei] = '%'

  424. 			e[ei+1] = hex[c>>4]

  425. 			e[ei+2] = hex[c&0xF]

  426. 			ei += 3

  427. 		} else {

  428. 			e[ei] = c

  429. 			ei += 1

  430. 		}

  431. 	}

  432. 	return string(e[:ei])

  433. }