From 23e092deda1e17cbc8094f874b05aff234c1c433 Mon Sep 17 00:00:00 2001 From: Dmitry Kolesnikov Date: Sun, 8 Sep 2024 21:34:31 +0300 Subject: [PATCH] (fea): assume role for aws v4 signature --- x/awsapi/awsapi.go | 36 ++++++++++++++++++++++++++++++++++-- x/awsapi/go.mod | 15 +++++++++++++-- x/awsapi/go.sum | 30 ++++++++++++++++++++++++++---- x/awsapi/version.go | 2 +- 4 files changed, 74 insertions(+), 9 deletions(-) diff --git a/x/awsapi/awsapi.go b/x/awsapi/awsapi.go index 4d0863b..287a476 100644 --- a/x/awsapi/awsapi.go +++ b/x/awsapi/awsapi.go @@ -10,6 +10,7 @@ package awsapi import ( "bytes" + "context" "crypto/sha256" "encoding/hex" "io" @@ -18,20 +19,51 @@ import ( "github.com/aws/aws-sdk-go-v2/aws" v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/credentials/stscreds" + "github.com/aws/aws-sdk-go-v2/service/sts" "github.com/fogfish/gurl/v2/http" ) // Configure HTTP Stack to use AWS Sign V4 -func WithSignatureV4(config aws.Config) http.Config { +func WithSignatureV4(conf aws.Config) http.Config { return func(p *http.Protocol) { p.Socket = &signer{ - config: config, + config: conf, signer: v4.NewSigner(), socket: p.Socket, } } } +// Configure HTTP Stack to use AWS Sign V4 using assumed role +func WithAssumedRole(conf aws.Config, role, externalID string) http.Config { + if role == "" && externalID == "" { + return WithSignatureV4(conf) + } + + return func(p *http.Protocol) { + assumed, err := config.LoadDefaultConfig(context.Background(), + config.WithCredentialsProvider( + aws.NewCredentialsCache( + stscreds.NewAssumeRoleProvider(sts.NewFromConfig(conf), role, + func(aro *stscreds.AssumeRoleOptions) { + if externalID != "" { + aro.ExternalID = aws.String(externalID) + } + }, + ), + ), + ), + ) + if err != nil { + panic(err) + } + + WithSignatureV4(assumed)(p) + } +} + type signer struct { config aws.Config signer *v4.Signer diff --git a/x/awsapi/go.mod b/x/awsapi/go.mod index 895b246..1c24833 100644 --- a/x/awsapi/go.mod +++ b/x/awsapi/go.mod @@ -3,12 +3,23 @@ module github.com/fogfish/gurl/x/awsapi go 1.21.0 require ( - github.com/aws/aws-sdk-go-v2 v1.25.3 + github.com/aws/aws-sdk-go-v2 v1.30.5 + github.com/aws/aws-sdk-go-v2/config v1.27.33 + github.com/aws/aws-sdk-go-v2/credentials v1.17.32 + github.com/aws/aws-sdk-go-v2/service/sts v1.30.7 github.com/fogfish/gurl/v2 v2.8.3 ) require ( github.com/ajg/form v1.5.2-0.20200323032839-9aeb3cf462e1 // indirect - github.com/aws/smithy-go v1.20.1 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.22.7 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7 // indirect + github.com/aws/smithy-go v1.20.4 // indirect golang.org/x/net v0.17.0 // indirect ) diff --git a/x/awsapi/go.sum b/x/awsapi/go.sum index 29205a4..8fa9273 100644 --- a/x/awsapi/go.sum +++ b/x/awsapi/go.sum @@ -1,9 +1,31 @@ github.com/ajg/form v1.5.2-0.20200323032839-9aeb3cf462e1 h1:8Qzi+0Uch1VJvdrOhJ8U8FqoPLbUdETPgMqGJ6DSMSQ= github.com/ajg/form v1.5.2-0.20200323032839-9aeb3cf462e1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY= -github.com/aws/aws-sdk-go-v2 v1.25.3 h1:xYiLpZTQs1mzvz5PaI6uR0Wh57ippuEthxS4iK5v0n0= -github.com/aws/aws-sdk-go-v2 v1.25.3/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I= -github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw= -github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= +github.com/aws/aws-sdk-go-v2 v1.30.5 h1:mWSRTwQAb0aLE17dSzztCVJWI9+cRMgqebndjwDyK0g= +github.com/aws/aws-sdk-go-v2 v1.30.5/go.mod h1:CT+ZPWXbYrci8chcARI3OmI/qgd+f6WtuLOoaIA8PR0= +github.com/aws/aws-sdk-go-v2/config v1.27.33 h1:Nof9o/MsmH4oa0s2q9a0k7tMz5x/Yj5k06lDODWz3BU= +github.com/aws/aws-sdk-go-v2/config v1.27.33/go.mod h1:kEqdYzRb8dd8Sy2pOdEbExTTF5v7ozEXX0McgPE7xks= +github.com/aws/aws-sdk-go-v2/credentials v1.17.32 h1:7Cxhp/BnT2RcGy4VisJ9miUPecY+lyE9I8JvcZofn9I= +github.com/aws/aws-sdk-go-v2/credentials v1.17.32/go.mod h1:P5/QMF3/DCHbXGEGkdbilXHsyTBX5D3HSwcrSc9p20I= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 h1:pfQ2sqNpMVK6xz2RbqLEL0GH87JOwSxPV2rzm8Zsb74= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13/go.mod h1:NG7RXPUlqfsCLLFfi0+IpKN4sCB9D9fw/qTaSB+xRoU= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17 h1:pI7Bzt0BJtYA0N/JEC6B8fJ4RBrEMi1LBrkMdFYNSnQ= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17/go.mod h1:Dh5zzJYMtxfIjYW+/evjQ8uj2OyR/ve2KROHGHlSFqE= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17 h1:Mqr/V5gvrhA2gvgnF42Zh5iMiQNcOYthFYwCyrnuWlc= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17/go.mod h1:aLJpZlCmjE+V+KtN1q1uyZkfnUWpQGpbsn89XPKyzfU= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 h1:KypMCbLPPHEmf9DgMGw51jMj77VfGPAN2Kv4cfhlfgI= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4/go.mod h1:Vz1JQXliGcQktFTN/LN6uGppAIRoLBR2bMvIMP0gOjc= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19 h1:rfprUlsdzgl7ZL2KlXiUAoJnI/VxfHCvDFr2QDFj6u4= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19/go.mod h1:SCWkEdRq8/7EK60NcvvQ6NXKuTcchAD4ROAsC37VEZE= +github.com/aws/aws-sdk-go-v2/service/sso v1.22.7 h1:pIaGg+08llrP7Q5aiz9ICWbY8cqhTkyy+0SHvfzQpTc= +github.com/aws/aws-sdk-go-v2/service/sso v1.22.7/go.mod h1:eEygMHnTKH/3kNp9Jr1n3PdejuSNcgwLe1dWgQtO0VQ= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7 h1:/Cfdu0XV3mONYKaOt1Gr0k1KvQzkzPyiKUdlWJqy+J4= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7/go.mod h1:bCbAxKDqNvkHxRaIMnyVPXPo+OaPRwvmgzMxbz1VKSA= +github.com/aws/aws-sdk-go-v2/service/sts v1.30.7 h1:NKTa1eqZYw8tiHSRGpP0VtTdub/8KNk8sDkNPFaOKDE= +github.com/aws/aws-sdk-go-v2/service/sts v1.30.7/go.mod h1:NXi1dIAGteSaRLqYgarlhP/Ij0cFT+qmCwiJqWh/U5o= +github.com/aws/smithy-go v1.20.4 h1:2HK1zBdPgRbjFOHlfeQZfpC4r72MOb9bZkiFwggKO+4= +github.com/aws/smithy-go v1.20.4/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/fogfish/gurl/v2 v2.8.3 h1:CH8dOHz+lMPg3M0/S5bWk5z3RD9FG4L8+uQMEv36ibU= github.com/fogfish/gurl/v2 v2.8.3/go.mod h1:VDPaGeyMSZsbFByZXwKZuwKgOC1mOQNlOYhM4RgOVWQ= github.com/fogfish/it/v2 v2.0.1 h1:vu3kV2xzYDPHoMHMABxXeu5CoMcTfRc4gkWkzOUkRJY= diff --git a/x/awsapi/version.go b/x/awsapi/version.go index 45364bb..5b021d8 100644 --- a/x/awsapi/version.go +++ b/x/awsapi/version.go @@ -8,4 +8,4 @@ package awsapi -const Version = "x/awsapi/v0.0.3" +const Version = "x/awsapi/v0.0.4"