github.com/NaverCloudPlatform/ncloud-sdk-go-v2@v1.6.13/ncloud/credentials/server_role_provider.go (about) 1 package credentials 2 3 import ( 4 "bufio" 5 "encoding/json" 6 "errors" 7 "fmt" 8 "github.com/NaverCloudPlatform/ncloud-sdk-go-v2/ncloud/metadata" 9 "strings" 10 "time" 11 ) 12 13 type ServerRoleProvider struct { 14 ApiClient *metadata.ApiClient 15 } 16 17 func (p *ServerRoleProvider) Name() string { 18 return "ServerRoleProvider" 19 } 20 21 func (p *ServerRoleProvider) Retrieve() (Value, error) { 22 credentials, err := reqCredentialsList(p.ApiClient) 23 if err != nil { 24 return Value{}, err 25 } 26 27 if len(credentials) == 0 { 28 return Value{}, errors.New("empty role list") 29 } 30 roleId := credentials[0] 31 32 roleCreds, err := reqCredentials(p.ApiClient, roleId) 33 if err != nil { 34 return Value{}, err 35 } 36 37 return Value{ 38 AccessKey: roleCreds.AccessKeyID, 39 SecretKey: roleCreds.SecretAccessKey, 40 Expiration: roleCreds.Expiration, 41 }, nil 42 } 43 44 func reqCredentialsList(client *metadata.ApiClient) ([]string, error) { 45 resp, err := client.GetMetadata(iamSecurityCredsPath) 46 if err != nil { 47 return nil, errors.New("no server role found") 48 } 49 var credentials []string 50 s := bufio.NewScanner(strings.NewReader(resp)) 51 for s.Scan() { 52 credentials = append(credentials, s.Text()) 53 } 54 if err := s.Err(); err != nil { 55 return nil, errors.New("failed to read server role from metadata api") 56 } 57 return credentials, nil 58 } 59 60 type roleCredRespBody struct { 61 AccessKeyID string `json:"AccessKeyId"` 62 SecretAccessKey string `json:"SecretAccessKey"` 63 Expiration time.Time `json:"Expiration"` 64 Code string `json:"Code"` 65 Message string `json:"Message"` 66 } 67 68 const iamSecurityCredsPath = "iam/security-credentials/" 69 70 func reqCredentials(client *metadata.ApiClient, roleId string) (roleCredRespBody, error) { 71 resp, err := client.GetMetadata(iamSecurityCredsPath + roleId) 72 if err != nil { 73 return roleCredRespBody{}, 74 errors.New(fmt.Sprintf("failed to get %s server role credentials", roleId)) 75 } 76 respCreds := roleCredRespBody{} 77 if err := json.NewDecoder(strings.NewReader(resp)).Decode(&respCreds); err != nil { 78 return roleCredRespBody{}, 79 errors.New(fmt.Sprintf("failed to decode %s server role credentials", roleId)) 80 } 81 return respCreds, nil 82 }