-
Notifications
You must be signed in to change notification settings - Fork 1k
/
aws_iam_authorization.go
54 lines (44 loc) · 1.6 KB
/
aws_iam_authorization.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package scalers
import "fmt"
type awsAuthorizationMetadata struct {
awsRoleArn string
awsAccessKeyID string
awsSecretAccessKey string
awsSessionToken string
podIdentityOwner bool
}
func getAwsAuthorization(authParams, metadata, resolvedEnv map[string]string) (awsAuthorizationMetadata, error) {
meta := awsAuthorizationMetadata{}
if metadata["identityOwner"] == "operator" {
meta.podIdentityOwner = false
} else if metadata["identityOwner"] == "" || metadata["identityOwner"] == "pod" {
meta.podIdentityOwner = true
switch {
case authParams["awsRoleArn"] != "":
meta.awsRoleArn = authParams["awsRoleArn"]
case (authParams["awsAccessKeyID"] != "" || authParams["awsAccessKeyId"] != "") && authParams["awsSecretAccessKey"] != "":
meta.awsAccessKeyID = authParams["awsAccessKeyID"]
if meta.awsAccessKeyID == "" {
meta.awsAccessKeyID = authParams["awsAccessKeyId"]
}
meta.awsSecretAccessKey = authParams["awsSecretAccessKey"]
meta.awsSessionToken = authParams["awsSessionToken"]
default:
if metadata["awsAccessKeyID"] != "" {
meta.awsAccessKeyID = metadata["awsAccessKeyID"]
} else if metadata["awsAccessKeyIDFromEnv"] != "" {
meta.awsAccessKeyID = resolvedEnv[metadata["awsAccessKeyIDFromEnv"]]
}
if len(meta.awsAccessKeyID) == 0 {
return meta, fmt.Errorf("awsAccessKeyID not found")
}
if metadata["awsSecretAccessKeyFromEnv"] != "" {
meta.awsSecretAccessKey = resolvedEnv[metadata["awsSecretAccessKeyFromEnv"]]
}
if len(meta.awsSecretAccessKey) == 0 {
return meta, fmt.Errorf("awsSecretAccessKey not found")
}
}
}
return meta, nil
}