Amazon-S3-Thin
view release on metacpan or search on metacpan
lib/Amazon/S3/Thin/Credentials.pm view on Meta::CPAN
=cut
sub from_metadata {
my ($class, $args) = @_;
my $ua = $args->{ua} // LWP::UserAgent->new;
# Default to the more secure v2 metadata provider
if (!$args->{version} or $args->{version} != 1) {
my $res = $ua->put('http://169.254.169.254/latest/api/token', 'X-aws-ec2-metadata-token-ttl-seconds' => 90);
croak 'Error retreiving v2 token from metadata provider: ' . $res->decoded_content
unless $res->is_success;
$ua->default_header('X-aws-ec2-metadata-token' => $res->decoded_content);
}
return _instance_metadata($ua, $args->{role});
}
sub _instance_metadata {
my ($ua, $role) = @_;
my $res = $ua->get('http://169.254.169.254/latest/meta-data/iam/security-credentials');
croak 'Error querying metadata service for roles: ' . $res->decoded_content unless $res->is_success;
my @roles = split /\n/, $res->decoded_content;
return unless @roles > 0;
my $target_role = (defined $role and grep { $role eq $_ } @roles)
? $role
: $roles[0];
my $cred = $ua->get('http://169.254.169.254/latest/meta-data/iam/security-credentials/' . $target_role);
croak 'Error querying metadata service for credentials: ' . $cred->decoded_content unless $cred->is_success;
my $obj = eval { $JSON->decode($cred->decoded_content) };
croak "Invalid data returned from metadata service: $@" if $@;
return __PACKAGE__->new($obj->{AccessKeyId}, $obj->{SecretAccessKey}, $obj->{Token});
}
=head2 from_ecs_container()
Instantiate C<Amazon::S3::Thin::Credentials> and attempts to populate the credentials from
the L<ECS task role|https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html>.
lib/Amazon/S3/Thin/Credentials.pm view on Meta::CPAN
my ($class, $args) = @_;
my $ua = $args->{ua} // LWP::UserAgent->new;
my $relative_uri = $ENV{AWS_CONTAINER_CREDENTIALS_RELATIVE_URI};
croak 'The environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is not set' unless defined $relative_uri;
my $cred = $ua->get('http://169.254.170.2' . $relative_uri);
croak 'Error retrieving container credentials' unless $cred->is_success;
my $obj = eval { $JSON->decode($cred->decoded_content) };
croak "Invalid data returned: $@" if $@;
return __PACKAGE__->new($obj->{AccessKeyId}, $obj->{SecretAccessKey}, $obj->{Token});
}
=head2 access_key_id()
Returns access_key_id
=cut
my $s3client = Amazon::S3::Thin->new($arg);
isa_ok($s3client->{signer}, 'Amazon::S3::Thin::Signer::V4', 'new v4');
package MockUA;
sub new { bless {}, shift; }
sub get { return MockResponse->new; };
package MockResponse;
sub new { bless {}, shift; }
sub is_success { !!1; }
sub decoded_content { '{"AccessKeyId": "Key", "SecretAccessKey": "Secret", "Token": "Token"}'; }
}
BEGIN {
$ENV{AWS_ACCESS_KEY_ID} = 'dummy';
$ENV{AWS_SECRET_ACCESS_KEY} = 'dummy';
}
{
diag "test from_env";
my $arg = +{
region => 'ap-northeast-1',
t/02_credentials_ecs_container.t view on Meta::CPAN
}
sub is_success {
my $self = shift;
my $latest_uri = $self->{request}->{uri};
return $latest_uri !~ qr{/internal_server_error$};
}
sub decoded_content {
my $self = shift;
my $latest_uri = $self->{request}->{uri};
if ($latest_uri =~ qr{/foobar$}) {
return <<'JSON';
{
"AccessKeyId" : "DUMMY-ACCESS-KEY",
"Expiration" : "2022-08-01T12:00:00Z",
"RoleArn" : "DUMMY-TASK-ROLE-ARN",
t/02_credentials_metadata.t view on Meta::CPAN
package MockResponse;
sub new {
my ($class, $self) = @_;
bless $self, $class;
}
sub is_success { !!1; }
sub decoded_content {
my $self = shift;
my $latest_uri = $self->{request}->{uri};
if ($latest_uri =~ qr{/latest/api/token$}) {
return 'DUMMY-METADATA-TOKEN';
} elsif ($latest_uri =~ qr{/latest/meta-data/iam/security-credentials$}) {
return <<'TEXT';
DUMMY-INSTANCE-PROFILE-1
DUMMY-INSTANCE-PROFILE-2
( run in 0.270 second using v1.01-cache-2.11-cpan-26ccb49234f )