packer-cn/builder/amazon/common/access_config.go

package common

import (
	"fmt"
	"io/ioutil"
	"net/http"
	"strings"
	"unicode"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/credentials"
	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
	"github.com/aws/aws-sdk-go/aws/ec2metadata"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/mitchellh/packer/template/interpolate"
)

// AccessConfig is for common configuration related to AWS access
type AccessConfig struct {
	AccessKey      string `mapstructure:"access_key"`
	SecretKey      string `mapstructure:"secret_key"`
	RawRegion      string `mapstructure:"region"`
	SkipValidation bool   `mapstructure:"skip_region_validation"`
	Token          string `mapstructure:"token"`
	ProfileName    string `mapstructure:"profile"`
}

// Config returns a valid aws.Config object for access to AWS services, or
// an error if the authentication and region couldn't be resolved
func (c *AccessConfig) Config() (*aws.Config, error) {
	var creds *credentials.Credentials

	region, err := c.Region()
	if err != nil {
		return nil, err
	}
	config := aws.NewConfig().WithRegion(region).WithMaxRetries(11)
	if c.ProfileName != "" {
		profile, err := NewFromProfile(c.ProfileName)
		if err != nil {
			return nil, err
		}
		creds, err = profile.CredentialsFromProfile(config)
		if err != nil {
			return nil, err
		}
	} else {
		creds = credentials.NewChainCredentials([]credentials.Provider{
			&credentials.StaticProvider{Value: credentials.Value{
				AccessKeyID:     c.AccessKey,
				SecretAccessKey: c.SecretKey,
				SessionToken:    c.Token,
			}},
			&credentials.EnvProvider{},
			&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},
			&ec2rolecreds.EC2RoleProvider{
				Client: ec2metadata.New(session.New(config)),
			},
		})
	}
	return config.WithCredentials(creds), nil
}

// Region returns the aws.Region object for access to AWS services, requesting
// the region from the instance metadata if possible.
func (c *AccessConfig) Region() (string, error) {
	if c.RawRegion != "" {
		if !c.SkipValidation {
			if valid := ValidateRegion(c.RawRegion); valid == false {
				return "", fmt.Errorf("Not a valid region: %s", c.RawRegion)
			}
		}
		return c.RawRegion, nil
	}

	md, err := GetInstanceMetaData("placement/availability-zone")
	if err != nil {
		return "", err
	}

	region := strings.TrimRightFunc(string(md), unicode.IsLetter)
	return region, nil
}

func (c *AccessConfig) Prepare(ctx *interpolate.Context) []error {
	var errs []error
	if c.RawRegion != "" && !c.SkipValidation {
		if valid := ValidateRegion(c.RawRegion); valid == false {
			errs = append(errs, fmt.Errorf("Unknown region: %s", c.RawRegion))
		}
	}

	if len(errs) > 0 {
		return errs
	}

	return nil
}

func GetInstanceMetaData(path string) (contents []byte, err error) {
	url := "http://169.254.169.254/latest/meta-data/" + path

	resp, err := http.Get(url)
	if err != nil {
		return
	}
	defer resp.Body.Close()

	if resp.StatusCode != 200 {
		err = fmt.Errorf("Code %d returned for url %s", resp.StatusCode, url)
		return
	}

	body, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		return
	}
	return []byte(body), err
}
builder/amazon/common: AccessConfig for standard access config 2013-07-16 00:08:19 -04:00			`package common`

			`import (`
builder/amazon/chroot: boilerplate 2013-07-29 19:42:35 -04:00			`"fmt"`
Migrate from mitchellh/goamz to awslabs/aws-sdk-go This commit moves the Amazon builders of Packer away from the Hashicorp fork of the goamz library to the official AWS SDK for Go, in order that third party plugins may depend on the more complete official library more easily. 2015-04-05 17:58:48 -04:00			`"io/ioutil"`
			`"net/http"`
builder/amazon/chroot: boilerplate 2013-07-29 19:42:35 -04:00			`"strings"`
			`"unicode"`
amazon/ebs: use new interpolation stuff 2015-05-27 14:35:56 -04:00
Migrate to new AWS repo 2015-06-03 17:13:52 -04:00			`"github.com/aws/aws-sdk-go/aws"`
			`"github.com/aws/aws-sdk-go/aws/credentials"`
Update use of ec2rolecreds to match upstream 2015-08-10 16:59:56 -04:00			`"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"`
Create a session for EC2RoleProvider; prevents crash; fixes #3123 2016-02-19 20:10:05 -05:00			`"github.com/aws/aws-sdk-go/aws/ec2metadata"`
			`"github.com/aws/aws-sdk-go/aws/session"`
amazon/ebs: use new interpolation stuff 2015-05-27 14:35:56 -04:00			`"github.com/mitchellh/packer/template/interpolate"`
builder/amazon/common: AccessConfig for standard access config 2013-07-16 00:08:19 -04:00			`)`

			`// AccessConfig is for common configuration related to AWS access`
			`type AccessConfig struct {`
make fmt run 2016-06-06 14:37:09 -04:00			AccessKey string `mapstructure:"access_key"`
			SecretKey string `mapstructure:"secret_key"`
			RawRegion string `mapstructure:"region"`
			SkipValidation bool `mapstructure:"skip_region_validation"`
			Token string `mapstructure:"token"`
			ProfileName string `mapstructure:"profile"`
builder/amazon/common: AccessConfig for standard access config 2013-07-16 00:08:19 -04:00			`}`

Migrate from mitchellh/goamz to awslabs/aws-sdk-go This commit moves the Amazon builders of Packer away from the Hashicorp fork of the goamz library to the official AWS SDK for Go, in order that third party plugins may depend on the more complete official library more easily. 2015-04-05 17:58:48 -04:00			`// Config returns a valid aws.Config object for access to AWS services, or`
			`// an error if the authentication and region couldn't be resolved`
			`func (c AccessConfig) Config() (aws.Config, error) {`
IAM Role Switching Adds initial IAM Role Switching support and support for AWS CLI Credential and Config files. See: https://github.com/mitchellh/packer/issues/3109 2016-02-01 19:55:59 -05:00			`var creds *credentials.Credentials`

Migrate from mitchellh/goamz to awslabs/aws-sdk-go This commit moves the Amazon builders of Packer away from the Hashicorp fork of the goamz library to the official AWS SDK for Go, in order that third party plugins may depend on the more complete official library more easily. 2015-04-05 17:58:48 -04:00			`region, err := c.Region()`
			`if err != nil {`
			`return nil, err`
builder/amazon/common: save access/secret key from env [GH-434] 2013-09-18 16:59:23 -04:00			`}`
Moved assume credentials to CLIConfig. Added new functions and methods to CLIConfig. Ran gofmt. 2016-02-03 16:53:01 -05:00			`config := aws.NewConfig().WithRegion(region).WithMaxRetries(11)`
IAM Role Switching Adds initial IAM Role Switching support and support for AWS CLI Credential and Config files. See: https://github.com/mitchellh/packer/issues/3109 2016-02-01 19:55:59 -05:00			`if c.ProfileName != "" {`
Moved assume credentials to CLIConfig. Added new functions and methods to CLIConfig. Ran gofmt. 2016-02-03 16:53:01 -05:00			`profile, err := NewFromProfile(c.ProfileName)`
			`if err != nil {`
			`return nil, err`
			`}`
			`creds, err = profile.CredentialsFromProfile(config)`
			`if err != nil {`
			`return nil, err`
			`}`
			`} else {`
IAM Role Switching Adds initial IAM Role Switching support and support for AWS CLI Credential and Config files. See: https://github.com/mitchellh/packer/issues/3109 2016-02-01 19:55:59 -05:00			`creds = credentials.NewChainCredentials([]credentials.Provider{`
			`&credentials.StaticProvider{Value: credentials.Value{`
			`AccessKeyID: c.AccessKey,`
			`SecretAccessKey: c.SecretKey,`
			`SessionToken: c.Token,`
			`}},`
			`&credentials.EnvProvider{},`
			`&credentials.SharedCredentialsProvider{Filename: "", Profile: ""},`
Create a session for EC2RoleProvider; prevents crash; fixes #3123 2016-02-19 20:10:05 -05:00			`&ec2rolecreds.EC2RoleProvider{`
fix new session error when creating cred chain. the old and deprecated method won't error and so is safe to use even if we're not in amazon. 2016-11-14 14:39:22 -05:00			`Client: ec2metadata.New(session.New(config)),`
Create a session for EC2RoleProvider; prevents crash; fixes #3123 2016-02-19 20:10:05 -05:00			`},`
IAM Role Switching Adds initial IAM Role Switching support and support for AWS CLI Credential and Config files. See: https://github.com/mitchellh/packer/issues/3109 2016-02-01 19:55:59 -05:00			`})`
			`}`
			`return config.WithCredentials(creds), nil`
			`}`

builder/amazon/chroot: boilerplate 2013-07-29 19:42:35 -04:00			`// Region returns the aws.Region object for access to AWS services, requesting`
			`// the region from the instance metadata if possible.`
Migrate from mitchellh/goamz to awslabs/aws-sdk-go This commit moves the Amazon builders of Packer away from the Hashicorp fork of the goamz library to the official AWS SDK for Go, in order that third party plugins may depend on the more complete official library more easily. 2015-04-05 17:58:48 -04:00			`func (c *AccessConfig) Region() (string, error) {`
builder/amazon/chroot: boilerplate 2013-07-29 19:42:35 -04:00			`if c.RawRegion != "" {`
changing if conditionals to be ! instead of == false 2016-06-07 09:21:43 -04:00			`if !c.SkipValidation {`
Adding ability to skip region validation when using AWS 2016-06-06 14:17:12 -04:00			`if valid := ValidateRegion(c.RawRegion); valid == false {`
			`return "", fmt.Errorf("Not a valid region: %s", c.RawRegion)`
			`}`
Migrate from mitchellh/goamz to awslabs/aws-sdk-go This commit moves the Amazon builders of Packer away from the Hashicorp fork of the goamz library to the official AWS SDK for Go, in order that third party plugins may depend on the more complete official library more easily. 2015-04-05 17:58:48 -04:00			`}`
			`return c.RawRegion, nil`
builder/amazon/chroot: boilerplate 2013-07-29 19:42:35 -04:00			`}`

Migrate from mitchellh/goamz to awslabs/aws-sdk-go This commit moves the Amazon builders of Packer away from the Hashicorp fork of the goamz library to the official AWS SDK for Go, in order that third party plugins may depend on the more complete official library more easily. 2015-04-05 17:58:48 -04:00			`md, err := GetInstanceMetaData("placement/availability-zone")`
builder/amazon/chroot: boilerplate 2013-07-29 19:42:35 -04:00			`if err != nil {`
Migrate from mitchellh/goamz to awslabs/aws-sdk-go This commit moves the Amazon builders of Packer away from the Hashicorp fork of the goamz library to the official AWS SDK for Go, in order that third party plugins may depend on the more complete official library more easily. 2015-04-05 17:58:48 -04:00			`return "", err`
builder/amazon/chroot: boilerplate 2013-07-29 19:42:35 -04:00			`}`

			`region := strings.TrimRightFunc(string(md), unicode.IsLetter)`
Migrate from mitchellh/goamz to awslabs/aws-sdk-go This commit moves the Amazon builders of Packer away from the Hashicorp fork of the goamz library to the official AWS SDK for Go, in order that third party plugins may depend on the more complete official library more easily. 2015-04-05 17:58:48 -04:00			`return region, nil`
builder/amazon/chroot: boilerplate 2013-07-29 19:42:35 -04:00			`}`

amazon/ebs: use new interpolation stuff 2015-05-27 14:35:56 -04:00			`func (c AccessConfig) Prepare(ctx interpolate.Context) []error {`
			`var errs []error`
changing if conditionals to be ! instead of == false 2016-06-07 09:21:43 -04:00			`if c.RawRegion != "" && !c.SkipValidation {`
			`if valid := ValidateRegion(c.RawRegion); valid == false {`
			`errs = append(errs, fmt.Errorf("Unknown region: %s", c.RawRegion))`
builder/amazon/chroot: boilerplate 2013-07-29 19:42:35 -04:00			`}`
			`}`

builder/amazon/common: access config uses template processing 2013-08-08 17:29:46 -04:00			`if len(errs) > 0 {`
			`return errs`
			`}`

builder/amazon/common: AccessConfig for standard access config 2013-07-16 00:08:19 -04:00			`return nil`
			`}`
Migrate from mitchellh/goamz to awslabs/aws-sdk-go This commit moves the Amazon builders of Packer away from the Hashicorp fork of the goamz library to the official AWS SDK for Go, in order that third party plugins may depend on the more complete official library more easily. 2015-04-05 17:58:48 -04:00
			`func GetInstanceMetaData(path string) (contents []byte, err error) {`
			`url := "http://169.254.169.254/latest/meta-data/" + path`

			`resp, err := http.Get(url)`
			`if err != nil {`
			`return`
			`}`
			`defer resp.Body.Close()`

			`if resp.StatusCode != 200 {`
			`err = fmt.Errorf("Code %d returned for url %s", resp.StatusCode, url)`
			`return`
			`}`

			`body, err := ioutil.ReadAll(resp.Body)`
			`if err != nil {`
			`return`
			`}`
			`return []byte(body), err`
			`}`