/
Code.js
131 lines (109 loc) · 4.72 KB
/
Code.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
const Sts = require('./sts');
const S3 = require('./s3');
const xmlparser = require('fast-xml-parser');
global.doGet = () => {
const properties = PropertiesService.getScriptProperties();
const role_arn = properties.getProperty('ROLE_ARN');
const role_session_name = 'app1';
const oidcToken = ScriptApp.getIdentityToken();
Logger.log(oidcToken);
const token = encodeURIComponent(oidcToken);
const formData = `Action=AssumeRoleWithWebIdentity&RoleSessionName=${role_session_name}&RoleArn=${role_arn}&WebIdentityToken=${token}&Version=2011-06-15`;
const res = UrlFetchApp.fetch("https://sts.amazonaws.com/", {
'method': 'post',
"payload": formData
});
const xml = res.getContentText();
const json = new xmlparser.XMLParser().parse(xml);
const text = JSON.stringify(json);
Logger.log(text);
const credentials = json['AssumeRoleWithWebIdentityResponse']['AssumeRoleWithWebIdentityResult']['Credentials'];
const access_key_id = credentials['AccessKeyId'];
const secret_access_key = credentials['SecretAccessKey'];
const session_token = credentials['SessionToken'];
const temporary_security_credentials = {
"ACCESS_KEY_ID": access_key_id,
"SECRET_ACCESS_KEY": secret_access_key,
"SESSION_TOKE": session_token
};
const region = 'ap-northeast-3';
const bucket_name = properties.getProperty('BUCKET_NAME');
const key = '/test.txt';
const payload = 'Hello World';
const contentType = 'plain/text';
const r = global.S3.putObject(access_key_id, secret_access_key, region, bucket_name, key, contentType, payload, session_token);
Logger.log(r);
return ContentService.createTextOutput(JSON.stringify(temporary_security_credentials)).setMimeType(ContentService.MimeType.JSON);
};
global.putObject = () => {
const credential = global.assumeRole();
const properties = PropertiesService.getScriptProperties();
const bucketName = properties.getProperty('BUCKET_NAME');
const key = '/test.json';
const contentType = 'application/json';
const region = 'ap-northeast-3';
const content = {
message: 'Hello world'
};
const res = global.S3.putObject(credential.AWS_ACCESS_KEY_ID
,credential.AWS_SECRET_ACCESS_KEY
,region
,bucketName
,key
,contentType
,JSON.stringify(content)
,credential.SESSION_TOKEN);
Logger.log(res);
return res;
};
global.assumeRole = () => {
const properties = PropertiesService.getScriptProperties();
const access_key_id = properties.getProperty('ACCESS_KEY_ID');
const secret_access_key = properties.getProperty('SECRET_ACCESS_KEY');
const region = 'ap-northeast-1';
const role_arn = properties.getProperty('ROLE_ARN');
const role_session_name = 'test';
const res = global.Sts.assumeRole(access_key_id, secret_access_key, region, role_arn, role_session_name);
Logger.log(res);
return res;
};
global.Signature = require('./signature-v4');
global.Sts = {
assumeRole: (access_key_id, secret_access_key, region, role_arn, role_session_name) => {
const req = new Sts(access_key_id, secret_access_key, region).assumeRole(1800, new Date(), role_arn, role_session_name);
const query = Object.entries(req.query).reduce((acc, [key, value]) => {
acc.push(key + '=' + value);
return acc;
}, []).join('&');
const url = `${req.protocol}//${req.hostname}${req.path}?${query}`;
const response = UrlFetchApp.fetch(url);
const text = response.getContentText();
const json = new xmlparser.XMLParser().parse(text);
const credential = json['AssumeRoleResponse']['AssumeRoleResult']['Credentials'];
const res = {
'AWS_ACCESS_KEY_ID': credential['AccessKeyId'],
'AWS_SECRET_ACCESS_KEY': credential['SecretAccessKey'],
'SESSION_TOKEN': credential['SessionToken']
};
return res;
}
};
global.S3 = {
putObject: (access_key_id, secret_access_key, region, bucket_name, key, contentType, payload, session_token) => {
const s3 = new S3(access_key_id, secret_access_key, region, session_token);
const req = s3.putObject(new Date(), bucket_name, key, contentType);
const headers = Object.entries(req.headers)
.filter(([key, value]) => key.toLowerCase() !== 'host')
.reduce((acc, [key, value]) => {
acc[key] = value;
return acc
}, {});
const url = `${req.protocol}//${req.hostname}${req.path}`;
const options = {
'method': 'put',
'payload': payload,
'headers': headers
};
return UrlFetchApp.fetch(url, options);
}
};