Use shared AWS credential configuration.
This commit is contained in:
parent
a7b632eb5e
commit
a2f66682df
|
@ -0,0 +1,49 @@
|
||||||
|
package aws
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/aws/aws-sdk-go/aws"
|
||||||
|
"github.com/aws/aws-sdk-go/aws/client"
|
||||||
|
"github.com/awslabs/aws-sdk-go/aws/credentials"
|
||||||
|
"github.com/kelseyhightower/confd/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds"
|
||||||
|
"github.com/kelseyhightower/confd/vendor/github.com/aws/aws-sdk-go/aws/session"
|
||||||
|
)
|
||||||
|
|
||||||
|
type AwsCredentials struct {
|
||||||
|
Region string `toml:"region"` // AWS Region
|
||||||
|
AccessKey string `toml:"access_key"` // Explicit AWS Access Key ID
|
||||||
|
SecretKey string `toml:"secret_key"` // Explicit AWS Secret Access Key
|
||||||
|
RoleArn string `toml:"role_arn"` // Role ARN to assume
|
||||||
|
Profile string `toml:"profile"` // the shared profile to use
|
||||||
|
SharedCredentialFile string `toml:"shared_credential_file"` // location of shared credential file
|
||||||
|
Token string `toml:"token"` // STS session token
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *AwsCredentials) Credentials() client.ConfigProvider {
|
||||||
|
if c.RoleArn != "" {
|
||||||
|
return c.assumeCredentials()
|
||||||
|
} else {
|
||||||
|
return c.rootCredentials()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *AwsCredentials) rootCredentials() client.ConfigProvider {
|
||||||
|
config := &aws.Config{
|
||||||
|
Region: aws.String(c.Region),
|
||||||
|
}
|
||||||
|
if c.AccessKey != "" || c.SecretKey != "" {
|
||||||
|
config.Credentials = credentials.NewStaticCredentials(c.AccessKey, c.SecretKey, c.Token)
|
||||||
|
} else if c.Profile != "" || c.SharedCredentialFile != "" {
|
||||||
|
config.Credentials = credentials.NewSharedCredentials(c.SharedCredentialFile, c.Profile)
|
||||||
|
}
|
||||||
|
|
||||||
|
return session.New(config)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *AwsCredentials) assumeCredentials() client.ConfigProvider {
|
||||||
|
rootCredentials := c.rootCredentials()
|
||||||
|
config := &aws.Config{
|
||||||
|
Region: aws.String(c.Region),
|
||||||
|
}
|
||||||
|
config.Credentials = stscreds.NewCredentials(rootCredentials, c.RoleArn)
|
||||||
|
return session.New(config)
|
||||||
|
}
|
|
@ -6,21 +6,18 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go/aws"
|
"github.com/aws/aws-sdk-go/aws"
|
||||||
"github.com/aws/aws-sdk-go/aws/credentials"
|
|
||||||
"github.com/aws/aws-sdk-go/aws/session"
|
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go/service/cloudwatch"
|
"github.com/aws/aws-sdk-go/service/cloudwatch"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/internal"
|
"github.com/influxdata/telegraf/internal"
|
||||||
|
influxaws "github.com/influxdata/telegraf/internal/config/aws"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
type (
|
type (
|
||||||
CloudWatch struct {
|
CloudWatch struct {
|
||||||
Region string `toml:"region"`
|
influxaws.AwsCredentials
|
||||||
AccessKey string `toml:"access_key"`
|
|
||||||
SecretKey string `toml:"secret_key"`
|
|
||||||
Period internal.Duration `toml:"period"`
|
Period internal.Duration `toml:"period"`
|
||||||
Delay internal.Duration `toml:"delay"`
|
Delay internal.Duration `toml:"delay"`
|
||||||
Namespace string `toml:"namespace"`
|
Namespace string `toml:"namespace"`
|
||||||
|
@ -58,10 +55,12 @@ func (c *CloudWatch) SampleConfig() string {
|
||||||
|
|
||||||
## Amazon Credentials
|
## Amazon Credentials
|
||||||
## Credentials are loaded in the following order
|
## Credentials are loaded in the following order
|
||||||
## 1) explicit credentials from 'access_key' and 'secret_key'
|
## 1) Assumed credentials via STS if role_arn is specified
|
||||||
## 2) environment variables
|
## 2) explicit credentials from 'access_key' and 'secret_key'
|
||||||
## 3) shared credentials file
|
## 3) shared profile from 'profile'
|
||||||
## 4) EC2 Instance Profile
|
## 4) environment variables
|
||||||
|
## 5) shared credentials file
|
||||||
|
## 6) EC2 Instance Profile
|
||||||
#access_key = ""
|
#access_key = ""
|
||||||
#secret_key = ""
|
#secret_key = ""
|
||||||
|
|
||||||
|
@ -161,14 +160,9 @@ func init() {
|
||||||
* Initialize CloudWatch client
|
* Initialize CloudWatch client
|
||||||
*/
|
*/
|
||||||
func (c *CloudWatch) initializeCloudWatch() error {
|
func (c *CloudWatch) initializeCloudWatch() error {
|
||||||
config := &aws.Config{
|
configProvider := c.Credentials()
|
||||||
Region: aws.String(c.Region),
|
|
||||||
}
|
|
||||||
if c.AccessKey != "" || c.SecretKey != "" {
|
|
||||||
config.Credentials = credentials.NewStaticCredentials(c.AccessKey, c.SecretKey, "")
|
|
||||||
}
|
|
||||||
|
|
||||||
c.client = cloudwatch.New(session.New(config))
|
c.client = cloudwatch.New(configProvider)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -8,18 +8,15 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go/aws"
|
"github.com/aws/aws-sdk-go/aws"
|
||||||
"github.com/aws/aws-sdk-go/aws/credentials"
|
|
||||||
"github.com/aws/aws-sdk-go/aws/session"
|
|
||||||
"github.com/aws/aws-sdk-go/service/cloudwatch"
|
"github.com/aws/aws-sdk-go/service/cloudwatch"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
|
influxaws "github.com/influxdata/telegraf/internal/config/aws"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
type CloudWatch struct {
|
type CloudWatch struct {
|
||||||
Region string `toml:"region"` // AWS Region
|
influxaws.AwsCredentials
|
||||||
AccessKey string `toml:"access_key"` // Explicit AWS Access Key ID
|
|
||||||
SecretKey string `toml:"secret_key"` // Explicit AWS Secret Access Key
|
|
||||||
Namespace string `toml:"namespace"` // CloudWatch Metrics Namespace
|
Namespace string `toml:"namespace"` // CloudWatch Metrics Namespace
|
||||||
svc *cloudwatch.CloudWatch
|
svc *cloudwatch.CloudWatch
|
||||||
}
|
}
|
||||||
|
@ -30,10 +27,12 @@ var sampleConfig = `
|
||||||
|
|
||||||
## Amazon Credentials
|
## Amazon Credentials
|
||||||
## Credentials are loaded in the following order
|
## Credentials are loaded in the following order
|
||||||
## 1) explicit credentials from 'access_key' and 'secret_key'
|
## 1) Assumed credentials via STS if role_arn is specified
|
||||||
## 2) environment variables
|
## 2) explicit credentials from 'access_key' and 'secret_key'
|
||||||
## 3) shared credentials file
|
## 3) shared profile from 'profile'
|
||||||
## 4) EC2 Instance Profile
|
## 4) environment variables
|
||||||
|
## 5) shared credentials file
|
||||||
|
## 6) EC2 Instance Profile
|
||||||
#access_key = ""
|
#access_key = ""
|
||||||
#secret_key = ""
|
#secret_key = ""
|
||||||
|
|
||||||
|
@ -50,14 +49,9 @@ func (c *CloudWatch) Description() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *CloudWatch) Connect() error {
|
func (c *CloudWatch) Connect() error {
|
||||||
Config := &aws.Config{
|
configProvider := c.Credentials()
|
||||||
Region: aws.String(c.Region),
|
|
||||||
}
|
|
||||||
if c.AccessKey != "" || c.SecretKey != "" {
|
|
||||||
Config.Credentials = credentials.NewStaticCredentials(c.AccessKey, c.SecretKey, "")
|
|
||||||
}
|
|
||||||
|
|
||||||
svc := cloudwatch.New(session.New(Config))
|
svc := cloudwatch.New(configProvider)
|
||||||
|
|
||||||
params := &cloudwatch.ListMetricsInput{
|
params := &cloudwatch.ListMetricsInput{
|
||||||
Namespace: aws.String(c.Namespace),
|
Namespace: aws.String(c.Namespace),
|
||||||
|
|
|
@ -8,18 +8,15 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go/aws"
|
"github.com/aws/aws-sdk-go/aws"
|
||||||
"github.com/aws/aws-sdk-go/aws/credentials"
|
|
||||||
"github.com/aws/aws-sdk-go/aws/session"
|
|
||||||
"github.com/aws/aws-sdk-go/service/kinesis"
|
"github.com/aws/aws-sdk-go/service/kinesis"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
|
influxaws "github.com/influxdata/telegraf/internal/config/aws"
|
||||||
"github.com/influxdata/telegraf/plugins/outputs"
|
"github.com/influxdata/telegraf/plugins/outputs"
|
||||||
)
|
)
|
||||||
|
|
||||||
type KinesisOutput struct {
|
type KinesisOutput struct {
|
||||||
Region string `toml:"region"`
|
influxaws.AwsCredentials
|
||||||
AccessKey string `toml:"access_key"`
|
|
||||||
SecretKey string `toml:"secret_key"`
|
|
||||||
StreamName string `toml:"streamname"`
|
StreamName string `toml:"streamname"`
|
||||||
PartitionKey string `toml:"partitionkey"`
|
PartitionKey string `toml:"partitionkey"`
|
||||||
Format string `toml:"format"`
|
Format string `toml:"format"`
|
||||||
|
@ -33,10 +30,12 @@ var sampleConfig = `
|
||||||
|
|
||||||
## Amazon Credentials
|
## Amazon Credentials
|
||||||
## Credentials are loaded in the following order
|
## Credentials are loaded in the following order
|
||||||
## 1) explicit credentials from 'access_key' and 'secret_key'
|
## 1) Assumed credentials via STS if role_arn is specified
|
||||||
## 2) environment variables
|
## 2) explicit credentials from 'access_key' and 'secret_key'
|
||||||
## 3) shared credentials file
|
## 3) shared profile from 'profile'
|
||||||
## 4) EC2 Instance Profile
|
## 4) environment variables
|
||||||
|
## 5) shared credentials file
|
||||||
|
## 6) EC2 Instance Profile
|
||||||
#access_key = ""
|
#access_key = ""
|
||||||
#secret_key = ""
|
#secret_key = ""
|
||||||
|
|
||||||
|
@ -75,13 +74,9 @@ func (k *KinesisOutput) Connect() error {
|
||||||
if k.Debug {
|
if k.Debug {
|
||||||
log.Printf("kinesis: Establishing a connection to Kinesis in %+v", k.Region)
|
log.Printf("kinesis: Establishing a connection to Kinesis in %+v", k.Region)
|
||||||
}
|
}
|
||||||
Config := &aws.Config{
|
|
||||||
Region: aws.String(k.Region),
|
configProvider := k.Credentials()
|
||||||
}
|
svc := kinesis.New(configProvider)
|
||||||
if k.AccessKey != "" || k.SecretKey != "" {
|
|
||||||
Config.Credentials = credentials.NewStaticCredentials(k.AccessKey, k.SecretKey, "")
|
|
||||||
}
|
|
||||||
svc := kinesis.New(session.New(Config))
|
|
||||||
|
|
||||||
KinesisParams := &kinesis.ListStreamsInput{
|
KinesisParams := &kinesis.ListStreamsInput{
|
||||||
Limit: aws.Int64(100),
|
Limit: aws.Int64(100),
|
||||||
|
|
Loading…
Reference in New Issue