зеркало из https://github.com/github/s3gof3r.git
98 строки
2.2 KiB
Go
98 строки
2.2 KiB
Go
package s3gof3r
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"os"
|
|
"time"
|
|
|
|
"github.com/github/s3gof3r/internal/s3client"
|
|
)
|
|
|
|
// Keys for an Amazon Web Services account.
|
|
// Used for signing http requests.
|
|
type Keys struct {
|
|
AccessKey string
|
|
SecretKey string
|
|
SecurityToken string
|
|
}
|
|
|
|
type mdCreds struct {
|
|
Code string
|
|
LastUpdated string
|
|
Type string
|
|
AccessKeyID string `xml:"AccessKeyId"`
|
|
SecretAccessKey string
|
|
Token string
|
|
Expiration string
|
|
}
|
|
|
|
// InstanceKeys Requests the AWS keys from the instance-based metadata on EC2
|
|
// Assumes only one IAM role.
|
|
func InstanceKeys() (Keys, error) {
|
|
rolePath := "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
|
|
var creds mdCreds
|
|
|
|
// request the role name for the instance
|
|
// assumes there is only one
|
|
resp, err := ClientWithTimeout(2 * time.Second).Get(rolePath)
|
|
if err != nil {
|
|
return Keys{}, err
|
|
}
|
|
if resp.StatusCode != 200 {
|
|
return Keys{}, s3client.NewRespError(resp)
|
|
}
|
|
|
|
role, err := ioutil.ReadAll(resp.Body)
|
|
closeErr := resp.Body.Close()
|
|
if err != nil {
|
|
return Keys{}, err
|
|
}
|
|
if closeErr != nil {
|
|
return Keys{}, closeErr
|
|
}
|
|
|
|
// request the credential metadata for the role
|
|
resp, err = http.Get(rolePath + string(role))
|
|
if err != nil {
|
|
return Keys{}, err
|
|
}
|
|
if resp.StatusCode != 200 {
|
|
return Keys{}, s3client.NewRespError(resp)
|
|
}
|
|
|
|
metadata, err := ioutil.ReadAll(resp.Body)
|
|
closeErr = resp.Body.Close()
|
|
if err != nil {
|
|
return Keys{}, err
|
|
}
|
|
if closeErr != nil {
|
|
return Keys{}, closeErr
|
|
}
|
|
|
|
if err = json.Unmarshal([]byte(metadata), &creds); err != nil {
|
|
return Keys{}, err
|
|
}
|
|
|
|
return Keys{
|
|
AccessKey: creds.AccessKeyID,
|
|
SecretKey: creds.SecretAccessKey,
|
|
SecurityToken: creds.Token,
|
|
}, nil
|
|
}
|
|
|
|
// EnvKeys Reads the AWS keys from the environment
|
|
func EnvKeys() (keys Keys, err error) {
|
|
keys = Keys{
|
|
AccessKey: os.Getenv("AWS_ACCESS_KEY_ID"),
|
|
SecretKey: os.Getenv("AWS_SECRET_ACCESS_KEY"),
|
|
SecurityToken: os.Getenv("AWS_SECURITY_TOKEN"),
|
|
}
|
|
if keys.AccessKey == "" || keys.SecretKey == "" {
|
|
err = fmt.Errorf("keys not set in environment: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY")
|
|
}
|
|
return
|
|
}
|