-
Notifications
You must be signed in to change notification settings - Fork 152
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
AWS IAM role: Generate temporary security credentials from Role (#350)
* AWS IAM: Generate Temp creds from Role * fix error * remove unit test for role since it fails * Add unit test for restic * more tests and refactoring * fix errors * Adding the missing file & fix error * IAM role support for blockstorage + refactoring * remove static credential creation * create test profile with role * Update pkg/config/aws/role.go Co-Authored-By: Thomas Manville <tom@kasten.io> * Update pkg/config/aws/aws.go Co-Authored-By: Thomas Manville <tom@kasten.io> * Address review suggestions * Trivial:Update comment * Switch role in objectstore if env variable role set * refresh aws blockstorage creds + avoid objectsore errors * nit: import time * Some more unit test * fix ci errors * Skip objectsotre_test for listing bucket * remove refresh creds func * uncomment tests * nit
- Loading branch information
1 parent
47338da
commit 2733489
Showing
22 changed files
with
328 additions
and
142 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
// Copyright 2019 The Kanister Authors. | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package aws | ||
|
||
import ( | ||
"context" | ||
"time" | ||
|
||
"github.com/aws/aws-sdk-go/aws" | ||
"github.com/aws/aws-sdk-go/aws/credentials" | ||
"github.com/aws/aws-sdk-go/aws/credentials/stscreds" | ||
"github.com/aws/aws-sdk-go/aws/session" | ||
"github.com/pkg/errors" | ||
) | ||
|
||
// SwitchRole func uses credentials API to automatically generates New Credentials for a given role. | ||
func SwitchRole(ctx context.Context, accessKeyID string, secretAccessKey string, role string, duration time.Duration) (*credentials.Credentials, error) { | ||
creds := credentials.NewStaticCredentials(accessKeyID, secretAccessKey, "") | ||
sess, err := session.NewSession(aws.NewConfig().WithCredentials(creds)) | ||
if err != nil { | ||
return nil, errors.Wrap(err, "Failed to create session") | ||
} | ||
creds = stscreds.NewCredentials(sess, role, func(p *stscreds.AssumeRoleProvider) { | ||
p.Duration = duration | ||
}) | ||
return creds, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
package config | ||
|
||
import ( | ||
"fmt" | ||
"os" | ||
|
||
"gopkg.in/check.v1" | ||
) | ||
|
||
func GetEnvOrSkip(c *check.C, varName string) string { | ||
v := os.Getenv(varName) | ||
if v == "" { | ||
reason := fmt.Sprintf("Test %s requires the environemnt variable '%s'", c.TestName(), varName) | ||
c.Skip(reason) | ||
} | ||
return v | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.