-
Notifications
You must be signed in to change notification settings - Fork 80
/
resource_principal_token_path_provider.go
138 lines (119 loc) · 4.14 KB
/
resource_principal_token_path_provider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
// Copyright (c) 2016, 2018, 2021, Oracle and/or its affiliates. All rights reserved.
// This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
package auth
import (
"fmt"
"io/ioutil"
"net/http"
)
const (
imdsPathTemplate = "/20180711/resourcePrincipalToken/{id}"
instanceIDURL = `http://169.254.169.254/opc/v2/instance/id`
//ResourcePrincipalTokenPath path for retrieving the Resource Principal Token
ResourcePrincipalTokenPath = "OCI_RESOURCE_PRINCIPAL_RPT_PATH"
//ResourceID OCID for the resource for Resource Principal
ResourceID = "OCI_RESOURCE_PRINCIPAL_RPT_ID"
)
// PathProvider is an interface that returns path and resource ID
type PathProvider interface {
Path() (*string, error)
ResourceID() (*string, error)
}
// StringRptPathProvider is a simple path provider that takes a string and returns it
type StringRptPathProvider struct {
path string
resourceID string
}
// Path returns the resource principal token path
func (pp StringRptPathProvider) Path() (*string, error) {
return &pp.path, nil
}
// ResourceID returns the resource associated with the resource principal
func (pp StringRptPathProvider) ResourceID() (*string, error) {
return &pp.resourceID, nil
}
// ImdsRptPathProvider sets the path from a default value and the resource ID from instance metadata
type ImdsRptPathProvider struct{}
// Path returns the resource principal token path
func (pp ImdsRptPathProvider) Path() (*string, error) {
path := imdsPathTemplate
return &path, nil
}
// ResourceID returns the resource associated with the resource principal
func (pp ImdsRptPathProvider) ResourceID() (*string, error) {
instanceID, err := getInstanceIDFromMetadata()
return &instanceID, err
}
// EnvRptPathProvider sets the path and resource ID from environment variables
type EnvRptPathProvider struct{}
// Path returns the resource principal token path
func (pp EnvRptPathProvider) Path() (*string, error) {
path := requireEnv(ResourcePrincipalTokenPath)
if path == nil {
return nil, fmt.Errorf("missing %s env var", ResourcePrincipalTokenPath)
}
return path, nil
}
// ResourceID returns the resource associated with the resource principal
func (pp EnvRptPathProvider) ResourceID() (*string, error) {
rpID := requireEnv(ResourceID)
if rpID == nil {
return nil, fmt.Errorf("missing %s env var", ResourceID)
}
return rpID, nil
}
//DefaultRptPathProvider path provider makes sure the behavior happens with the correct fallback.
//
//For the path,
//Use the contents of the OCI_RESOURCE_PRINCIPAL_RPT_PATH environment variable, if set.
//Otherwise, use the current path: "/20180711/resourcePrincipalToken/{id}"
//
//For the resource id,
//Use the contents of the OCI_RESOURCE_PRINCIPAL_RPT_ID environment variable, if set.
//Otherwise, use IMDS to get the instance id
//
//This path provider is used when the caller doesn't provide a specific path provider to the resource principals signer
type DefaultRptPathProvider struct {
path string
resourceID string
}
// Path returns the resource principal token path
func (pp DefaultRptPathProvider) Path() (*string, error) {
path := requireEnv(ResourcePrincipalTokenPath)
if path == nil {
rpPath := imdsPathTemplate
return &rpPath, nil
}
return path, nil
}
// ResourceID returns the resource associated with the resource principal
func (pp DefaultRptPathProvider) ResourceID() (*string, error) {
rpID := requireEnv(ResourceID)
if rpID == nil {
instanceID, err := getInstanceIDFromMetadata()
if err != nil {
return nil, err
}
return &instanceID, nil
}
return rpID, nil
}
func getInstanceIDFromMetadata() (instanceID string, err error) {
client := &http.Client{}
req, err := http.NewRequest("GET", instanceIDURL, nil)
if err != nil {
return "", err
}
req.Header.Set("Authorization", "Bearer Oracle")
resp, err := client.Do(req)
if err != nil {
return "", err
}
defer resp.Body.Close()
bodyBytes, err := ioutil.ReadAll(resp.Body)
if err != nil {
return "", err
}
bodyString := string(bodyBytes)
return bodyString, nil
}