github.com/NaverCloudPlatform/ncloud-sdk-go-v2@v1.6.13/ncloud/credentials/server_role_provider.go

github.com/NaverCloudPlatform/ncloud-sdk-go-v2@v1.6.13/ncloud/credentials/server_role_provider.go (about)

     1  package credentials
     2  
     3  import (
     4  	"bufio"
     5  	"encoding/json"
     6  	"errors"
     7  	"fmt"
     8  	"github.com/NaverCloudPlatform/ncloud-sdk-go-v2/ncloud/metadata"
     9  	"strings"
    10  	"time"
    11  )
    12  
    13  type ServerRoleProvider struct {
    14  	ApiClient *metadata.ApiClient
    15  }
    16  
    17  func (p *ServerRoleProvider) Name() string {
    18  	return "ServerRoleProvider"
    19  }
    20  
    21  func (p *ServerRoleProvider) Retrieve() (Value, error) {
    22  	credentials, err := reqCredentialsList(p.ApiClient)
    23  	if err != nil {
    24  		return Value{}, err
    25  	}
    26  
    27  	if len(credentials) == 0 {
    28  		return Value{}, errors.New("empty role list")
    29  	}
    30  	roleId := credentials[0]
    31  
    32  	roleCreds, err := reqCredentials(p.ApiClient, roleId)
    33  	if err != nil {
    34  		return Value{}, err
    35  	}
    36  
    37  	return Value{
    38  		AccessKey:  roleCreds.AccessKeyID,
    39  		SecretKey:  roleCreds.SecretAccessKey,
    40  		Expiration: roleCreds.Expiration,
    41  	}, nil
    42  }
    43  
    44  func reqCredentialsList(client *metadata.ApiClient) ([]string, error) {
    45  	resp, err := client.GetMetadata(iamSecurityCredsPath)
    46  	if err != nil {
    47  		return nil, errors.New("no server role found")
    48  	}
    49  	var credentials []string
    50  	s := bufio.NewScanner(strings.NewReader(resp))
    51  	for s.Scan() {
    52  		credentials = append(credentials, s.Text())
    53  	}
    54  	if err := s.Err(); err != nil {
    55  		return nil, errors.New("failed to read server role from metadata api")
    56  	}
    57  	return credentials, nil
    58  }
    59  
    60  type roleCredRespBody struct {
    61  	AccessKeyID     string    `json:"AccessKeyId"`
    62  	SecretAccessKey string    `json:"SecretAccessKey"`
    63  	Expiration      time.Time `json:"Expiration"`
    64  	Code            string    `json:"Code"`
    65  	Message         string    `json:"Message"`
    66  }
    67  
    68  const iamSecurityCredsPath = "iam/security-credentials/"
    69  
    70  func reqCredentials(client *metadata.ApiClient, roleId string) (roleCredRespBody, error) {
    71  	resp, err := client.GetMetadata(iamSecurityCredsPath + roleId)
    72  	if err != nil {
    73  		return roleCredRespBody{},
    74  			errors.New(fmt.Sprintf("failed to get %s server role credentials", roleId))
    75  	}
    76  	respCreds := roleCredRespBody{}
    77  	if err := json.NewDecoder(strings.NewReader(resp)).Decode(&respCreds); err != nil {
    78  		return roleCredRespBody{},
    79  			errors.New(fmt.Sprintf("failed to decode %s server role credentials", roleId))
    80  	}
    81  	return respCreds, nil
    82  }