-
Notifications
You must be signed in to change notification settings - Fork 1k
/
aws_common.go
98 lines (80 loc) · 2.89 KB
/
aws_common.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package scalers
import (
"fmt"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/session"
)
type awsAuthorizationMetadata struct {
awsRoleArn string
awsAccessKeyID string
awsSecretAccessKey string
awsSessionToken string
podIdentityOwner bool
}
type awsConfigMetadata struct {
awsRegion string
awsEndpoint string
awsAuthorization awsAuthorizationMetadata
}
func getAwsConfig(awsRegion string, awsEndpoint string, awsAuthorization awsAuthorizationMetadata) (*session.Session, *aws.Config) {
metadata := &awsConfigMetadata{
awsRegion: awsRegion,
awsEndpoint: awsEndpoint,
awsAuthorization: awsAuthorization}
sess := session.Must(session.NewSession(&aws.Config{
Region: aws.String(metadata.awsRegion),
Endpoint: aws.String(metadata.awsEndpoint),
}))
if !metadata.awsAuthorization.podIdentityOwner {
return sess, &aws.Config{
Region: aws.String(metadata.awsRegion),
Endpoint: aws.String(metadata.awsEndpoint),
}
}
creds := credentials.NewStaticCredentials(metadata.awsAuthorization.awsAccessKeyID, metadata.awsAuthorization.awsSecretAccessKey, "")
if metadata.awsAuthorization.awsRoleArn != "" {
creds = stscreds.NewCredentials(sess, metadata.awsAuthorization.awsRoleArn)
}
return sess, &aws.Config{
Region: aws.String(metadata.awsRegion),
Endpoint: aws.String(metadata.awsEndpoint),
Credentials: creds,
}
}
func getAwsAuthorization(authParams, metadata, resolvedEnv map[string]string) (awsAuthorizationMetadata, error) {
meta := awsAuthorizationMetadata{}
if metadata["identityOwner"] == "operator" {
meta.podIdentityOwner = false
} else if metadata["identityOwner"] == "" || metadata["identityOwner"] == "pod" {
meta.podIdentityOwner = true
switch {
case authParams["awsRoleArn"] != "":
meta.awsRoleArn = authParams["awsRoleArn"]
case (authParams["awsAccessKeyID"] != "" || authParams["awsAccessKeyId"] != "") && authParams["awsSecretAccessKey"] != "":
meta.awsAccessKeyID = authParams["awsAccessKeyID"]
if meta.awsAccessKeyID == "" {
meta.awsAccessKeyID = authParams["awsAccessKeyId"]
}
meta.awsSecretAccessKey = authParams["awsSecretAccessKey"]
meta.awsSessionToken = authParams["awsSessionToken"]
default:
if metadata["awsAccessKeyID"] != "" {
meta.awsAccessKeyID = metadata["awsAccessKeyID"]
} else if metadata["awsAccessKeyIDFromEnv"] != "" {
meta.awsAccessKeyID = resolvedEnv[metadata["awsAccessKeyIDFromEnv"]]
}
if len(meta.awsAccessKeyID) == 0 {
return meta, fmt.Errorf("awsAccessKeyID not found")
}
if metadata["awsSecretAccessKeyFromEnv"] != "" {
meta.awsSecretAccessKey = resolvedEnv[metadata["awsSecretAccessKeyFromEnv"]]
}
if len(meta.awsSecretAccessKey) == 0 {
return meta, fmt.Errorf("awsSecretAccessKey not found")
}
}
}
return meta, nil
}