2022-01-12 17:18:16 +00:00
|
|
|
//! Implements the standard credential chain:
|
|
|
|
|
//! 1. Environment variables
|
|
|
|
|
//! 2. Web identity token from STS
|
|
|
|
|
//! 3. Credentials/config files
|
|
|
|
|
//! 4. ECS Container credentials, using AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
|
|
|
|
|
//! 5. EC2 instance profile credentials
|
|
|
|
|
const std = @import("std");
|
2022-01-20 20:18:47 +00:00
|
|
|
const builtin = @import("builtin");
|
2022-01-12 17:18:16 +00:00
|
|
|
const auth = @import("aws_authentication.zig");
|
|
|
|
|
|
|
|
|
|
pub fn getCredentials(allocator: std.mem.Allocator) !auth.Credentials {
|
2022-01-20 20:18:47 +00:00
|
|
|
if (try getEnvironmentCredentials(allocator)) |cred| return cred;
|
2022-01-12 17:18:16 +00:00
|
|
|
// TODO: 2-5
|
|
|
|
|
return error.NotImplemented;
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-20 20:18:47 +00:00
|
|
|
fn getEnvironmentCredentials(allocator: std.mem.Allocator) !?auth.Credentials {
|
|
|
|
|
const secret_key = (try getEnvironmentVariable(allocator, "AWS_SECRET_ACCESS_KEY")) orelse return null;
|
|
|
|
|
defer allocator.free(secret_key); //yes, we're not zeroing. But then, the secret key is in an environment var anyway
|
|
|
|
|
const mutable_key = try allocator.dupe(u8, secret_key);
|
|
|
|
|
// Use cross-platform API (requires allocation)
|
|
|
|
|
return auth.Credentials.init(
|
|
|
|
|
allocator,
|
|
|
|
|
(try getEnvironmentVariable(allocator, "AWS_ACCESS_KEY_ID")) orelse return null,
|
|
|
|
|
mutable_key,
|
|
|
|
|
try getEnvironmentVariable(allocator, "AWS_SESSION_TOKEN"),
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn getEnvironmentVariable(allocator: std.mem.Allocator, key: []const u8) !?[]const u8 {
|
|
|
|
|
return std.process.getEnvVarOwned(allocator, key) catch |e| switch (e) {
|
|
|
|
|
std.process.GetEnvVarOwnedError.EnvironmentVariableNotFound => return null,
|
|
|
|
|
else => return e,
|
2022-01-12 17:18:16 +00:00
|
|
|
};
|
|
|
|
|
}
|
