credential cleanup/working on Windows
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
1f0e3d0632
commit
691a32d719
19
README.md
19
README.md
|
@ -1,4 +1,4 @@
|
|||
# AWS SDK for Zig (zig-native branch)
|
||||
# AWS SDK for Zig (zig native branch)
|
||||
|
||||
[![Build Status](https://drone.lerch.org/api/badges/lobo/aws-sdk-for-zig/status.svg?ref=refs/heads/master)](https://drone.lerch.org/api/badges/lobo/aws-sdk-for-zig/)
|
||||
|
||||
|
@ -10,9 +10,19 @@ services only support XML, and zig 0.8.0 and master both trigger compile
|
|||
errors while incorporating the XML parser. S3 also requires some plumbing
|
||||
tweaks in the signature calculation. Examples of usage are in src/main.zig.
|
||||
|
||||
Current executable size for the demo is 868k after compiling with -Drelease-safe
|
||||
and [stripping the executable after compilation](https://github.com/ziglang/zig/issues/351).
|
||||
This is for x86_linux, (which is all that's tested at the moment).
|
||||
Current executable size for the demo is 953k (90k of which is the AWS PEM file)
|
||||
after compiling with -Drelease-safe and
|
||||
[stripping the executable after compilation](https://github.com/ziglang/zig/issues/351).
|
||||
This is for x86_linux. Tested targets:
|
||||
|
||||
* x86_64-linux
|
||||
* riscv64-linux
|
||||
* aarch64-linux
|
||||
* x86_64 Windows
|
||||
|
||||
Tested/not working:
|
||||
|
||||
* arm-linux
|
||||
|
||||
## Building
|
||||
|
||||
|
@ -51,6 +61,7 @@ Only environment variable based credentials can be used at the moment.
|
|||
TODO List:
|
||||
|
||||
* Add STS key support
|
||||
* Add option to cache signature keys
|
||||
* Implement credentials provider
|
||||
* Implement jitter/exponential backoff
|
||||
* Implement timeouts and other TODO's in the code
|
||||
|
|
|
@ -1,6 +1,33 @@
|
|||
const std = @import("std");
|
||||
|
||||
pub const Credentials = struct {
|
||||
access_key: []const u8,
|
||||
secret_key: []const u8,
|
||||
secret_key: []u8,
|
||||
session_token: ?[]const u8,
|
||||
// uint64_t expiration_timepoint_seconds);
|
||||
|
||||
allocator: std.mem.Allocator,
|
||||
|
||||
const Self = @This();
|
||||
|
||||
pub fn init(
|
||||
allocator: std.mem.Allocator,
|
||||
access_key: []const u8,
|
||||
secret_key: []u8,
|
||||
session_token: ?[]const u8,
|
||||
) Self {
|
||||
return .{
|
||||
.access_key = access_key,
|
||||
.secret_key = secret_key,
|
||||
.session_token = session_token,
|
||||
|
||||
.allocator = allocator,
|
||||
};
|
||||
}
|
||||
pub fn deinit(self: Self) void {
|
||||
for (self.secret_key) |_, i| self.secret_key[i] = 0;
|
||||
self.allocator.free(self.access_key);
|
||||
self.allocator.free(self.secret_key);
|
||||
if (self.session_token) |t| self.allocator.free(t);
|
||||
}
|
||||
};
|
||||
|
|
|
@ -5,19 +5,31 @@
|
|||
//! 4. ECS Container credentials, using AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
|
||||
//! 5. EC2 instance profile credentials
|
||||
const std = @import("std");
|
||||
const builtin = @import("builtin");
|
||||
const auth = @import("aws_authentication.zig");
|
||||
|
||||
pub fn getCredentials(allocator: std.mem.Allocator) !auth.Credentials {
|
||||
_ = allocator;
|
||||
if (getEnvironmentCredentials()) |cred| return cred;
|
||||
if (try getEnvironmentCredentials(allocator)) |cred| return cred;
|
||||
// TODO: 2-5
|
||||
return error.NotImplemented;
|
||||
}
|
||||
|
||||
fn getEnvironmentCredentials() ?auth.Credentials {
|
||||
return auth.Credentials{
|
||||
.access_key = std.os.getenv("AWS_ACCESS_KEY_ID") orelse return null,
|
||||
.secret_key = std.os.getenv("AWS_SECRET_ACCESS_KEY") orelse return null,
|
||||
.session_token = std.os.getenv("AWS_SESSION_TOKEN"),
|
||||
fn getEnvironmentCredentials(allocator: std.mem.Allocator) !?auth.Credentials {
|
||||
const secret_key = (try getEnvironmentVariable(allocator, "AWS_SECRET_ACCESS_KEY")) orelse return null;
|
||||
defer allocator.free(secret_key); //yes, we're not zeroing. But then, the secret key is in an environment var anyway
|
||||
const mutable_key = try allocator.dupe(u8, secret_key);
|
||||
// Use cross-platform API (requires allocation)
|
||||
return auth.Credentials.init(
|
||||
allocator,
|
||||
(try getEnvironmentVariable(allocator, "AWS_ACCESS_KEY_ID")) orelse return null,
|
||||
mutable_key,
|
||||
try getEnvironmentVariable(allocator, "AWS_SESSION_TOKEN"),
|
||||
);
|
||||
}
|
||||
|
||||
fn getEnvironmentVariable(allocator: std.mem.Allocator, key: []const u8) !?[]const u8 {
|
||||
return std.process.getEnvVarOwned(allocator, key) catch |e| switch (e) {
|
||||
std.process.GetEnvVarOwnedError.EnvironmentVariableNotFound => return null,
|
||||
else => return e,
|
||||
};
|
||||
}
|
||||
|
|
|
@ -98,7 +98,7 @@ pub const AwsHttp = struct {
|
|||
defer endpoint.deinit();
|
||||
log.debug("Calling endpoint {s}", .{endpoint.uri});
|
||||
const creds = try credentials.getCredentials(self.allocator);
|
||||
// defer allocator.free(), except sometimes we don't need freeing...
|
||||
defer creds.deinit();
|
||||
const signing_config: signing.Config = .{
|
||||
.region = options.region,
|
||||
.service = options.sigv4_service_name orelse service,
|
||||
|
@ -217,8 +217,15 @@ fn addHeaders(allocator: std.mem.Allocator, headers: *std.ArrayList(base.Header)
|
|||
return null;
|
||||
}
|
||||
|
||||
fn getEnvironmentVariable(allocator: std.mem.Allocator, key: []const u8) !?[]const u8 {
|
||||
return std.process.getEnvVarOwned(allocator, key) catch |e| switch (e) {
|
||||
std.process.GetEnvVarOwnedError.EnvironmentVariableNotFound => return null,
|
||||
else => return e,
|
||||
};
|
||||
}
|
||||
|
||||
fn regionSubDomain(allocator: std.mem.Allocator, service: []const u8, region: []const u8, useDualStack: bool) !EndPoint {
|
||||
const environment_override = std.os.getenv("AWS_ENDPOINT_URL");
|
||||
const environment_override = try getEnvironmentVariable(allocator, "AWS_ENDPOINT_URL");
|
||||
if (environment_override) |override| {
|
||||
const uri = try allocator.dupeZ(u8, override);
|
||||
return endPointFromUri(allocator, uri);
|
||||
|
|
Loading…
Reference in New Issue
Block a user