credential cleanup/working on Windows
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
Emil Lerch 2022-01-20 12:18:47 -08:00
parent 1f0e3d0632
commit 691a32d719
Signed by: lobo
GPG Key ID: A7B62D657EF764F8
4 changed files with 71 additions and 14 deletions

View File

@ -1,4 +1,4 @@
# AWS SDK for Zig (zig-native branch)
# AWS SDK for Zig (zig native branch)
[![Build Status](https://drone.lerch.org/api/badges/lobo/aws-sdk-for-zig/status.svg?ref=refs/heads/master)](https://drone.lerch.org/api/badges/lobo/aws-sdk-for-zig/)
@ -10,9 +10,19 @@ services only support XML, and zig 0.8.0 and master both trigger compile
errors while incorporating the XML parser. S3 also requires some plumbing
tweaks in the signature calculation. Examples of usage are in src/main.zig.
Current executable size for the demo is 868k after compiling with -Drelease-safe
and [stripping the executable after compilation](https://github.com/ziglang/zig/issues/351).
This is for x86_linux, (which is all that's tested at the moment).
Current executable size for the demo is 953k (90k of which is the AWS PEM file)
after compiling with -Drelease-safe and
[stripping the executable after compilation](https://github.com/ziglang/zig/issues/351).
This is for x86_linux. Tested targets:
* x86_64-linux
* riscv64-linux
* aarch64-linux
* x86_64 Windows
Tested/not working:
* arm-linux
## Building
@ -51,6 +61,7 @@ Only environment variable based credentials can be used at the moment.
TODO List:
* Add STS key support
* Add option to cache signature keys
* Implement credentials provider
* Implement jitter/exponential backoff
* Implement timeouts and other TODO's in the code

View File

@ -1,6 +1,33 @@
const std = @import("std");
pub const Credentials = struct {
access_key: []const u8,
secret_key: []const u8,
secret_key: []u8,
session_token: ?[]const u8,
// uint64_t expiration_timepoint_seconds);
allocator: std.mem.Allocator,
const Self = @This();
pub fn init(
allocator: std.mem.Allocator,
access_key: []const u8,
secret_key: []u8,
session_token: ?[]const u8,
) Self {
return .{
.access_key = access_key,
.secret_key = secret_key,
.session_token = session_token,
.allocator = allocator,
};
}
pub fn deinit(self: Self) void {
for (self.secret_key) |_, i| self.secret_key[i] = 0;
self.allocator.free(self.access_key);
self.allocator.free(self.secret_key);
if (self.session_token) |t| self.allocator.free(t);
}
};

View File

@ -5,19 +5,31 @@
//! 4. ECS Container credentials, using AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
//! 5. EC2 instance profile credentials
const std = @import("std");
const builtin = @import("builtin");
const auth = @import("aws_authentication.zig");
pub fn getCredentials(allocator: std.mem.Allocator) !auth.Credentials {
_ = allocator;
if (getEnvironmentCredentials()) |cred| return cred;
if (try getEnvironmentCredentials(allocator)) |cred| return cred;
// TODO: 2-5
return error.NotImplemented;
}
fn getEnvironmentCredentials() ?auth.Credentials {
return auth.Credentials{
.access_key = std.os.getenv("AWS_ACCESS_KEY_ID") orelse return null,
.secret_key = std.os.getenv("AWS_SECRET_ACCESS_KEY") orelse return null,
.session_token = std.os.getenv("AWS_SESSION_TOKEN"),
fn getEnvironmentCredentials(allocator: std.mem.Allocator) !?auth.Credentials {
const secret_key = (try getEnvironmentVariable(allocator, "AWS_SECRET_ACCESS_KEY")) orelse return null;
defer allocator.free(secret_key); //yes, we're not zeroing. But then, the secret key is in an environment var anyway
const mutable_key = try allocator.dupe(u8, secret_key);
// Use cross-platform API (requires allocation)
return auth.Credentials.init(
allocator,
(try getEnvironmentVariable(allocator, "AWS_ACCESS_KEY_ID")) orelse return null,
mutable_key,
try getEnvironmentVariable(allocator, "AWS_SESSION_TOKEN"),
);
}
fn getEnvironmentVariable(allocator: std.mem.Allocator, key: []const u8) !?[]const u8 {
return std.process.getEnvVarOwned(allocator, key) catch |e| switch (e) {
std.process.GetEnvVarOwnedError.EnvironmentVariableNotFound => return null,
else => return e,
};
}

View File

@ -98,7 +98,7 @@ pub const AwsHttp = struct {
defer endpoint.deinit();
log.debug("Calling endpoint {s}", .{endpoint.uri});
const creds = try credentials.getCredentials(self.allocator);
// defer allocator.free(), except sometimes we don't need freeing...
defer creds.deinit();
const signing_config: signing.Config = .{
.region = options.region,
.service = options.sigv4_service_name orelse service,
@ -217,8 +217,15 @@ fn addHeaders(allocator: std.mem.Allocator, headers: *std.ArrayList(base.Header)
return null;
}
fn getEnvironmentVariable(allocator: std.mem.Allocator, key: []const u8) !?[]const u8 {
return std.process.getEnvVarOwned(allocator, key) catch |e| switch (e) {
std.process.GetEnvVarOwnedError.EnvironmentVariableNotFound => return null,
else => return e,
};
}
fn regionSubDomain(allocator: std.mem.Allocator, service: []const u8, region: []const u8, useDualStack: bool) !EndPoint {
const environment_override = std.os.getenv("AWS_ENDPOINT_URL");
const environment_override = try getEnvironmentVariable(allocator, "AWS_ENDPOINT_URL");
if (environment_override) |override| {
const uri = try allocator.dupeZ(u8, override);
return endPointFromUri(allocator, uri);