packer-cn/builder/amazon/common/access_config.go

135 lines
3.5 KiB
Go
Raw Normal View History

package common
import (
2013-07-29 19:42:35 -04:00
"fmt"
2017-03-01 19:43:09 -05:00
"log"
"os"
2015-06-03 17:13:52 -04:00
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/session"
2017-04-04 16:39:01 -04:00
"github.com/hashicorp/packer/template/interpolate"
)
// AccessConfig is for common configuration related to AWS access
type AccessConfig struct {
AccessKey string `mapstructure:"access_key"`
AssumeRoleArn string `mapstructure:"assume_role_arn"`
CustomEndpointEc2 string `mapstructure:"custom_endpoint_ec2"`
2017-02-27 13:44:07 -05:00
ExternalID string `mapstructure:"external_id"`
MFACode string `mapstructure:"mfa_code"`
MFASerial string `mapstructure:"mfa_serial"`
2017-03-01 19:43:09 -05:00
ProfileName string `mapstructure:"profile"`
RawRegion string `mapstructure:"region"`
SecretKey string `mapstructure:"secret_key"`
SkipValidation bool `mapstructure:"skip_region_validation"`
Token string `mapstructure:"token"`
2017-03-01 19:43:09 -05:00
session *session.Session
}
// Config returns a valid aws.Config object for access to AWS services, or
// an error if the authentication and region couldn't be resolved
2017-03-01 19:43:09 -05:00
func (c *AccessConfig) Session() (*session.Session, error) {
if c.session != nil {
return c.session, nil
}
region, err := c.Region()
if err != nil {
return nil, err
}
if c.AssumeRoleArn != "" {
2017-03-01 19:43:09 -05:00
var options []func(*stscreds.AssumeRoleProvider)
2017-02-27 13:44:07 -05:00
if c.MFACode != "" {
2017-03-01 19:43:09 -05:00
options = append(options, func(p *stscreds.AssumeRoleProvider) {
2017-02-27 13:44:07 -05:00
p.SerialNumber = aws.String(c.MFASerial)
p.TokenProvider = func() (string, error) {
return c.MFACode, nil
}
2017-03-01 19:43:09 -05:00
})
2017-02-27 13:44:07 -05:00
}
2017-03-01 19:43:09 -05:00
}
2017-02-27 13:44:07 -05:00
2017-03-01 19:43:09 -05:00
if c.ProfileName != "" {
err := os.Setenv("AWS_PROFILE", c.ProfileName)
if err != nil {
log.Printf("Set env error: %s", err)
}
}
config := aws.NewConfig().WithRegion(region).WithMaxRetries(11).WithCredentialsChainVerboseErrors(true)
if c.CustomEndpointEc2 != "" {
2017-06-09 13:46:01 -04:00
config = config.WithEndpoint(aws.String(c.CustomEndpointEc2))
}
2017-06-09 13:46:01 -04:00
2017-03-01 19:43:09 -05:00
if c.AccessKey != "" {
creds := credentials.NewChainCredentials(
[]credentials.Provider{
&credentials.StaticProvider{
Value: credentials.Value{
AccessKeyID: c.AccessKey,
SecretAccessKey: c.SecretKey,
SessionToken: c.Token,
},
},
})
config = config.WithCredentials(creds)
}
2017-02-27 13:44:07 -05:00
2017-03-01 19:43:09 -05:00
opts := session.Options{
SharedConfigState: session.SharedConfigEnable,
Config: *config,
}
2017-03-01 19:43:09 -05:00
if c.MFACode != "" {
opts.AssumeRoleTokenProvider = func() (string, error) {
return c.MFACode, nil
}
}
c.session, err = session.NewSessionWithOptions(opts)
if err != nil {
return nil, err
}
return c.session, nil
}
2013-07-29 19:42:35 -04:00
// Region returns the aws.Region object for access to AWS services, requesting
// the region from the instance metadata if possible.
func (c *AccessConfig) Region() (string, error) {
2013-07-29 19:42:35 -04:00
if c.RawRegion != "" {
if !c.SkipValidation {
2017-03-28 21:29:55 -04:00
if valid := ValidateRegion(c.RawRegion); !valid {
return "", fmt.Errorf("Not a valid region: %s", c.RawRegion)
}
}
return c.RawRegion, nil
2013-07-29 19:42:35 -04:00
}
sess := session.New()
ec2meta := ec2metadata.New(sess)
identity, err := ec2meta.GetInstanceIdentityDocument()
2013-07-29 19:42:35 -04:00
if err != nil {
return "", err
2013-07-29 19:42:35 -04:00
}
return identity.Region, nil
2013-07-29 19:42:35 -04:00
}
func (c *AccessConfig) Prepare(ctx *interpolate.Context) []error {
var errs []error
if c.RawRegion != "" && !c.SkipValidation {
2017-03-28 21:29:55 -04:00
if valid := ValidateRegion(c.RawRegion); !valid {
errs = append(errs, fmt.Errorf("Unknown region: %s", c.RawRegion))
2013-07-29 19:42:35 -04:00
}
}
if len(errs) > 0 {
return errs
}
return nil
}