forked from 99designs/aws-vault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sessions.go
97 lines (79 loc) · 1.98 KB
/
sessions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package main
import (
"crypto/md5"
"encoding/hex"
"encoding/json"
"errors"
"fmt"
"log"
"strings"
"time"
"github.com/99designs/aws-vault/keyring"
"github.com/aws/aws-sdk-go/service/sts"
)
type KeyringSessions struct {
Keyring keyring.Keyring
Profiles profiles
}
func NewKeyringSessions(k keyring.Keyring) (*KeyringSessions, error) {
profs, err := parseProfiles()
if err != nil {
return nil, err
}
return &KeyringSessions{
Keyring: k,
Profiles: profs,
}, nil
}
func (s *KeyringSessions) key(profile string, duration time.Duration) string {
source := s.Profiles.sourceProfile(profile)
hasher := md5.New()
hasher.Write([]byte(duration.String()))
if p, ok := s.Profiles[profile]; ok {
enc := json.NewEncoder(hasher)
enc.Encode(p)
}
return fmt.Sprintf("%s session (%x)", source, hex.EncodeToString(hasher.Sum(nil))[0:10])
}
func (s *KeyringSessions) Retrieve(profile string, duration time.Duration) (session sts.Credentials, err error) {
item, err := s.Keyring.Get(s.key(profile, duration))
if err != nil {
return session, err
}
if err = json.Unmarshal(item.Data, &session); err != nil {
return session, err
}
if session.Expiration.Before(time.Now()) {
return session, errors.New("Session is expired")
}
return
}
func (s *KeyringSessions) Store(profile string, session sts.Credentials, duration time.Duration) error {
bytes, err := json.Marshal(session)
if err != nil {
return err
}
log.Printf("Writing session for %s to keyring", profile)
s.Keyring.Set(keyring.Item{
Key: s.key(profile, duration),
Label: "aws-vault session for " + profile,
Data: bytes,
TrustSelf: true,
})
return nil
}
func (s *KeyringSessions) Delete(profile string) (n int, err error) {
keys, err := s.Keyring.Keys()
if err != nil {
return n, err
}
for _, k := range keys {
if strings.HasPrefix(k, fmt.Sprintf("%s session", s.Profiles.sourceProfile(profile))) {
if err = s.Keyring.Remove(k); err != nil {
return n, err
}
n++
}
}
return
}