/
authregister_client.go
140 lines (116 loc) · 4.27 KB
/
authregister_client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
// Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License"). You may not
// use this file except in compliance with the License. A copy of the
// License is located at
//
// http://aws.amazon.com/apache2.0/
//
// or in the "license" file accompanying this file. This file is distributed
// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
// either express or implied. See the License for the specific language governing
// permissions and limitations under the License.
// Package authregister is an interface to the anonymous methods of the SSM service.
package authregister
import (
"context"
"encoding/json"
"github.com/aws/amazon-ssm-agent/agent/appconfig"
logger "github.com/aws/amazon-ssm-agent/agent/log"
"github.com/aws/amazon-ssm-agent/agent/ssm/util"
"github.com/aws/amazon-ssm-agent/common/identity/credentialproviders"
"github.com/aws/amazon-ssm-agent/common/identity/credentialproviders/iirprovider"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/ssm"
)
// IClient is an interface to the authenticated registration method of the SSM service.
type IClient interface {
RegisterManagedInstanceWithContext(ctx context.Context, publicKey, publicKeyType, fingerprint, iamRole, tagsJson string) (string, error)
}
// ISsmSdk defines the functions needed from the AWS SSM SDK
type ISsmSdk interface {
RegisterManagedInstanceWithContext(ctx context.Context, input *ssm.RegisterManagedInstanceInput, opts ...request.Option) (*ssm.RegisterManagedInstanceOutput, error)
}
// Client is a service wrapper that delegates to the ssm sdk.
type Client struct {
sdk ISsmSdk
}
// RegistrationInfo contains information used to register the instance
type RegistrationInfo struct {
PrivateKey string
PublicKey string
KeyType string
InstanceId string
}
func NewClientWithConfig(log logger.T, appConfig appconfig.SsmagentConfig, imdsClient iirprovider.IEC2MdsSdkClient, awsConfig aws.Config) IClient {
if imdsClient != nil {
awsConfig.Credentials = credentials.NewCredentials(&iirprovider.IIRRoleProvider{
Config: &appConfig,
Log: log,
IMDSClient: imdsClient,
})
} else {
awsConfig.Credentials = credentialproviders.GetRemoteCreds()
}
sess := session.New(&awsConfig)
sess.Handlers.Build.PushBack(request.MakeAddToUserAgentHandler(appConfig.Agent.Name, appConfig.Agent.Version))
ssmService := ssm.New(sess)
return &Client{sdk: ssmService}
}
// NewClient creates a new SSM client instance
func NewClient(log logger.T, region string, imdsClient iirprovider.IEC2MdsSdkClient) IClient {
appConfig, appErr := appconfig.Config(true)
if appErr != nil {
log.Warnf("encountered error while loading appconfig - %v", appErr)
}
awsConfig := util.AwsConfig(log, appConfig, "ssm", region).WithLogLevel(aws.LogOff)
if appErr == nil {
if appConfig.Ssm.Endpoint != "" {
awsConfig.Endpoint = &appConfig.Ssm.Endpoint
}
if appConfig.Agent.Region != "" {
awsConfig.Region = &appConfig.Agent.Region
}
}
return NewClientWithConfig(log, appConfig, imdsClient, *awsConfig)
}
// RegisterManagedInstanceWithContext calls the RegisterManagedInstance SSM API
func (svc *Client) RegisterManagedInstanceWithContext(ctx context.Context, publicKey, publicKeyType, fingerprint, iamRole, tagsJson string) (string, error) {
params := ssm.RegisterManagedInstanceInput{
PublicKey: aws.String(publicKey),
PublicKeyType: aws.String(publicKeyType),
Fingerprint: aws.String(fingerprint),
}
if iamRole != "" {
params.IamRole = aws.String(iamRole)
}
if tagsJson != "" {
tags := []struct {
Key, Value string
}{}
err := json.Unmarshal([]byte(tagsJson), &tags)
if err != nil {
return "", err
}
var ssmTags []*ssm.Tag
for _, tag := range tags {
if tag.Key != "" && tag.Value != "" {
ssmTags = append(ssmTags, &ssm.Tag{
Key: aws.String(tag.Key),
Value: aws.String(tag.Value),
})
}
}
params.Tags = ssmTags
}
var result *ssm.RegisterManagedInstanceOutput
var err error
result, err = svc.sdk.RegisterManagedInstanceWithContext(ctx, ¶ms)
if err != nil {
return "", err
}
return *result.InstanceId, nil
}