kotovalexarian-likes-github/fog--fog-aws
1
0
Fork 0
mirror of https://github.com/fog/fog-aws.git synced 2022-11-09 13:50:52 -05:00
Code Releases Activity

ECS container credentials

Browse source
This commit is contained in:
Ryan Schlesinger 2016-07-25 16:36:29 -07:00
parent b95651ecc3
commit ecfc0a2905
No known key found for this signature in database
GPG key ID: BD9E30D205AB53BA
2 changed files with 33 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
lib/fog/aws/credential_fetcher.rb
View file

@ -6,6 +6,8 @@ module Fog
INSTANCE_METADATA_PATH = "/latest/meta-data/iam/security-credentials/" INSTANCE_METADATA_PATH = "/latest/meta-data/iam/security-credentials/"
INSTANCE_METADATA_AZ = "/latest/meta-data/placement/availability-zone/" INSTANCE_METADATA_AZ = "/latest/meta-data/placement/availability-zone/"
CONTAINER_CREDENTIALS_HOST = "http://169.254.170.2"
module ServiceMethods module ServiceMethods
def fetch_credentials(options) def fetch_credentials(options)
if options[:use_iam_profile] && Fog.mocking? if options[:use_iam_profile] && Fog.mocking?
@ -13,10 +15,23 @@ module Fog
end end
if options[:use_iam_profile] if options[:use_iam_profile]
begin begin
role_data = nil
az_data = nil
if ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
connection = options[:connection] || Excon.new(CONTAINER_CREDENTIALS_HOST)
credential_path = options[:credential_path] || ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
role_data = connection.get(:path => credential_path, :expects => 200).body
connection = options[:metadata_connection] || Excon.new(INSTANCE_METADATA_HOST)
az_data = connection.get(:path => INSTANCE_METADATA_AZ, :expects => 200).body
else
connection = options[:connection] || Excon.new(INSTANCE_METADATA_HOST) connection = options[:connection] || Excon.new(INSTANCE_METADATA_HOST)
role_name = connection.get(:path => INSTANCE_METADATA_PATH, :expects => 200).body role_name = connection.get(:path => INSTANCE_METADATA_PATH, :expects => 200).body
role_data = connection.get(:path => INSTANCE_METADATA_PATH+role_name, :expects => 200).body role_data = connection.get(:path => INSTANCE_METADATA_PATH+role_name, :expects => 200).body
az_data = connection.get(:path => INSTANCE_METADATA_AZ, :expects => 200).body az_data = connection.get(:path => INSTANCE_METADATA_AZ, :expects => 200).body
end
region = az_data[0..-2] # get region from az region = az_data[0..-2] # get region from az
session = Fog::JSON.decode(role_data) session = Fog::JSON.decode(role_data)

14
tests/credentials_tests.rb
View file

@ -28,6 +28,19 @@ Shindo.tests('AWS | credentials', ['aws']) do
:aws_credentials_expire_at => expires_at}) { Fog::Compute::AWS.fetch_credentials(:use_iam_profile => true) } :aws_credentials_expire_at => expires_at}) { Fog::Compute::AWS.fetch_credentials(:use_iam_profile => true) }
end end
ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"] = '/v1/credentials?id=task_id'
Excon.stub({:method => :get, :path => '/v1/credentials?id=task_id'}, {:status => 200, :body => Fog::JSON.encode(credentials)})
tests("#fetch_credentials") do
returns({:aws_access_key_id => 'dummykey',
:aws_secret_access_key => 'dummysecret',
:aws_session_token => 'dummytoken',
:region => "us-west-1",
:aws_credentials_expire_at => expires_at}) { Fog::Compute::AWS.fetch_credentials(:use_iam_profile => true) }
end
ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"] = nil
compute = Fog::Compute::AWS.new(:use_iam_profile => true) compute = Fog::Compute::AWS.new(:use_iam_profile => true)
tests("#refresh_credentials_if_expired") do tests("#refresh_credentials_if_expired") do
@ -54,6 +67,7 @@ Shindo.tests('AWS | credentials', ['aws']) do
end end
ensure ensure
ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"] = nil
Excon.stubs.clear Excon.stubs.clear
Excon.defaults[:mock] = old_mock_value Excon.defaults[:mock] = old_mock_value
Fog.unmock! if !fog_was_mocked Fog.unmock! if !fog_was_mocked