aws-sdk-for-zig/src/aws_credentials.zig

//! Implements the standard credential chain:
//! 1. Environment variables
//! 2. Web identity token from STS
//! 3. Credentials/config files
//! 4. ECS Container credentials, using AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
//! 5. EC2 instance profile credentials
const std = @import("std");
const builtin = @import("builtin");
const auth = @import("aws_authentication.zig");

pub fn getCredentials(allocator: std.mem.Allocator) !auth.Credentials {
    if (try getEnvironmentCredentials(allocator)) |cred| return cred;
    // TODO: 2-5
    return error.NotImplemented;
}

fn getEnvironmentCredentials(allocator: std.mem.Allocator) !?auth.Credentials {
    const secret_key = (try getEnvironmentVariable(allocator, "AWS_SECRET_ACCESS_KEY")) orelse return null;
    defer allocator.free(secret_key); //yes, we're not zeroing. But then, the secret key is in an environment var anyway
    const mutable_key = try allocator.dupe(u8, secret_key);
    // Use cross-platform API (requires allocation)
    return auth.Credentials.init(
        allocator,
        (try getEnvironmentVariable(allocator, "AWS_ACCESS_KEY_ID")) orelse return null,
        mutable_key,
        (try getEnvironmentVariable(allocator, "AWS_SESSION_TOKEN")) orelse
            try getEnvironmentVariable(allocator, "AWS_SECURITY_TOKEN"), // Security token is backward compat only
    );
}

fn getEnvironmentVariable(allocator: std.mem.Allocator, key: []const u8) !?[]const u8 {
    return std.process.getEnvVarOwned(allocator, key) catch |e| switch (e) {
        std.process.GetEnvVarOwnedError.EnvironmentVariableNotFound => return null,
        else => return e,
    };
}
build works, c_allocator no longer required 2022-01-12 17:18:16 +00:00			`//! Implements the standard credential chain:`
			`//! 1. Environment variables`
			`//! 2. Web identity token from STS`
			`//! 3. Credentials/config files`
			`//! 4. ECS Container credentials, using AWS_CONTAINER_CREDENTIALS_RELATIVE_URI`
			`//! 5. EC2 instance profile credentials`
			`const std = @import("std");`
credential cleanup/working on Windows 2022-01-20 20:18:47 +00:00			`const builtin = @import("builtin");`
build works, c_allocator no longer required 2022-01-12 17:18:16 +00:00			`const auth = @import("aws_authentication.zig");`

			`pub fn getCredentials(allocator: std.mem.Allocator) !auth.Credentials {`
credential cleanup/working on Windows 2022-01-20 20:18:47 +00:00			`if (try getEnvironmentCredentials(allocator)) \|cred\| return cred;`
build works, c_allocator no longer required 2022-01-12 17:18:16 +00:00			`// TODO: 2-5`
			`return error.NotImplemented;`
			`}`

credential cleanup/working on Windows 2022-01-20 20:18:47 +00:00			`fn getEnvironmentCredentials(allocator: std.mem.Allocator) !?auth.Credentials {`
			`const secret_key = (try getEnvironmentVariable(allocator, "AWS_SECRET_ACCESS_KEY")) orelse return null;`
			`defer allocator.free(secret_key); //yes, we're not zeroing. But then, the secret key is in an environment var anyway`
			`const mutable_key = try allocator.dupe(u8, secret_key);`
			`// Use cross-platform API (requires allocation)`
			`return auth.Credentials.init(`
			`allocator,`
			`(try getEnvironmentVariable(allocator, "AWS_ACCESS_KEY_ID")) orelse return null,`
			`mutable_key,`
support for STS tokens 2022-01-21 03:42:55 +00:00			`(try getEnvironmentVariable(allocator, "AWS_SESSION_TOKEN")) orelse`
add comment about AWS_SECURITY_TOKEN 2022-01-21 14:41:10 +00:00			`try getEnvironmentVariable(allocator, "AWS_SECURITY_TOKEN"), // Security token is backward compat only`
credential cleanup/working on Windows 2022-01-20 20:18:47 +00:00			`);`
			`}`

			`fn getEnvironmentVariable(allocator: std.mem.Allocator, key: []const u8) !?[]const u8 {`
			`return std.process.getEnvVarOwned(allocator, key) catch \|e\| switch (e) {`
			`std.process.GetEnvVarOwnedError.EnvironmentVariableNotFound => return null,`
			`else => return e,`
build works, c_allocator no longer required 2022-01-12 17:18:16 +00:00			`};`
			`}`