minaws 0.3.0

A synchronous subset of the AWS SDK.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

use std::collections::HashMap;
use std::error;
use std::fmt::Display;
use std::io;
use std::path::Path;
use std::time::SystemTime;

pub use aws_credential_types::Credentials;
use once_cell::sync::OnceCell;
use ureq::Response;

use crate::request::{self, with_retry};

type Result<T> = std::result::Result<T, Error>;

#[derive(Debug)]
pub enum Error {
    Io(io::Error),
    SerdeJson(serde_json::Error),
    Request(Box<request::Error>),
}

impl Display for Error {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::Io(e) => write!(f, "io error: {}", e),
            Self::SerdeJson(e) => write!(f, "json error: {}", e),
            Self::Request(e) => write!(f, "http request error: {}", e),
        }
    }
}

impl error::Error for Error {}

impl From<io::Error> for Error {
    fn from(e: io::Error) -> Self {
        Self::Io(e)
    }
}

impl From<serde_json::Error> for Error {
    fn from(e: serde_json::Error) -> Self {
        Self::SerdeJson(e)
    }
}

impl From<request::Error> for Error {
    fn from(e: request::Error) -> Self {
        Self::Request(Box::new(e))
    }
}

pub struct Imds {
    token: OnceCell<String>,
    endpoint: String,
}

impl Default for Imds {
    fn default() -> Self {
        Self {
            token: OnceCell::new(),
            endpoint: "http://169.254.169.254".into(),
        }
    }
}

impl Imds {
    pub fn get(&self, path: &Path) -> Result<Response> {
        let token_url = format!("{}/latest/api/token", self.endpoint);
        let token = self.token.get_or_try_init(|| {
            with_retry(
                || {
                    ureq::put(&token_url)
                        .set("X-aws-ec2-metadata-token-ttl-seconds", "21600")
                        .call()
                },
                5,
            )
            .map_err(|e| io::Error::new(io::ErrorKind::Other, format!("{}", e)))?
            .into_string()
        })?;
        let path_str = path.to_string_lossy();
        let url = format!("{}/{}", self.endpoint, path_str);
        with_retry(
            || {
                ureq::get(&url)
                    .set("X-aws-ec2-metadata-token", token)
                    .call()
            },
            5,
        )
        .map_err(Into::into)
    }

    pub fn get_user_data(&self) -> Result<String> {
        self.get(Path::new("latest/user-data"))
            .and_then(|response| response.into_string().map_err(Into::into))
    }

    pub fn get_region(&self) -> Result<String> {
        self.get_metadata(Path::new("placement/region"))
    }

    pub fn get_metadata(&self, path: &Path) -> Result<String> {
        let full_path = Path::new("latest/meta-data").join(path);
        self.get(&full_path)
            .and_then(|response| response.into_string().map_err(Into::into))
    }

    pub fn get_credentials(&self) -> Result<Credentials> {
        let role_path = Path::new("iam/security-credentials/");
        let role = self.get_metadata(role_path)?;
        let credentials_path = role_path.join(&role);
        let credentials_str = self.get_metadata(&credentials_path)?;
        let map: HashMap<String, String> = serde_json::from_str(&credentials_str)?;
        Credentials::from_map(map)
    }
}

trait CredentialsExt {
    fn from_map(map: HashMap<String, String>) -> Result<Credentials>;
}

impl CredentialsExt for Credentials {
    fn from_map(map: HashMap<String, String>) -> Result<Credentials> {
        let access_key_id = map
            .get("AccessKeyId")
            .ok_or_else(|| io::Error::new(io::ErrorKind::NotFound, "AccessKeyId not found"))?;
        let secret_access_key = map
            .get("SecretAccessKey")
            .ok_or_else(|| io::Error::new(io::ErrorKind::NotFound, "SecretAccessKey not found"))?;
        let session_token = map.get("Token").cloned();
        let expiration_str = map.get("Expiration");
        let expires_after = if let Some(e) = expiration_str {
            let parsed = chrono::DateTime::parse_from_rfc3339(e).map_err(|e| {
                io::Error::new(
                    io::ErrorKind::InvalidInput,
                    format!("Unable to parse expiration: {}", e),
                )
            })?;
            Some(SystemTime::from(parsed))
        } else {
            None
        };
        Ok(Credentials::new(
            access_key_id,
            secret_access_key,
            session_token,
            expires_after,
            "imds",
        ))
    }
}