Use shared AWS credential configuration.

This commit is contained in:
John Engelman 2016-05-04 11:24:11 -05:00
parent a7b632eb5e
commit a2f66682df
4 changed files with 81 additions and 49 deletions

View File

@ -0,0 +1,49 @@
package aws
import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/client"
"github.com/awslabs/aws-sdk-go/aws/credentials"
"github.com/kelseyhightower/confd/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/kelseyhightower/confd/vendor/github.com/aws/aws-sdk-go/aws/session"
)
type AwsCredentials struct {
Region string `toml:"region"` // AWS Region
AccessKey string `toml:"access_key"` // Explicit AWS Access Key ID
SecretKey string `toml:"secret_key"` // Explicit AWS Secret Access Key
RoleArn string `toml:"role_arn"` // Role ARN to assume
Profile string `toml:"profile"` // the shared profile to use
SharedCredentialFile string `toml:"shared_credential_file"` // location of shared credential file
Token string `toml:"token"` // STS session token
}
func (c *AwsCredentials) Credentials() client.ConfigProvider {
if c.RoleArn != "" {
return c.assumeCredentials()
} else {
return c.rootCredentials()
}
}
func (c *AwsCredentials) rootCredentials() client.ConfigProvider {
config := &aws.Config{
Region: aws.String(c.Region),
}
if c.AccessKey != "" || c.SecretKey != "" {
config.Credentials = credentials.NewStaticCredentials(c.AccessKey, c.SecretKey, c.Token)
} else if c.Profile != "" || c.SharedCredentialFile != "" {
config.Credentials = credentials.NewSharedCredentials(c.SharedCredentialFile, c.Profile)
}
return session.New(config)
}
func (c *AwsCredentials) assumeCredentials() client.ConfigProvider {
rootCredentials := c.rootCredentials()
config := &aws.Config{
Region: aws.String(c.Region),
}
config.Credentials = stscreds.NewCredentials(rootCredentials, c.RoleArn)
return session.New(config)
}

View File

@ -6,21 +6,18 @@ import (
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/cloudwatch"
"github.com/influxdata/telegraf"
"github.com/influxdata/telegraf/internal"
influxaws "github.com/influxdata/telegraf/internal/config/aws"
"github.com/influxdata/telegraf/plugins/inputs"
)
type (
CloudWatch struct {
Region string `toml:"region"`
AccessKey string `toml:"access_key"`
SecretKey string `toml:"secret_key"`
influxaws.AwsCredentials
Period internal.Duration `toml:"period"`
Delay internal.Duration `toml:"delay"`
Namespace string `toml:"namespace"`
@ -58,10 +55,12 @@ func (c *CloudWatch) SampleConfig() string {
## Amazon Credentials
## Credentials are loaded in the following order
## 1) explicit credentials from 'access_key' and 'secret_key'
## 2) environment variables
## 3) shared credentials file
## 4) EC2 Instance Profile
## 1) Assumed credentials via STS if role_arn is specified
## 2) explicit credentials from 'access_key' and 'secret_key'
## 3) shared profile from 'profile'
## 4) environment variables
## 5) shared credentials file
## 6) EC2 Instance Profile
#access_key = ""
#secret_key = ""
@ -161,14 +160,9 @@ func init() {
* Initialize CloudWatch client
*/
func (c *CloudWatch) initializeCloudWatch() error {
config := &aws.Config{
Region: aws.String(c.Region),
}
if c.AccessKey != "" || c.SecretKey != "" {
config.Credentials = credentials.NewStaticCredentials(c.AccessKey, c.SecretKey, "")
}
configProvider := c.Credentials()
c.client = cloudwatch.New(session.New(config))
c.client = cloudwatch.New(configProvider)
return nil
}

View File

@ -8,18 +8,15 @@ import (
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/cloudwatch"
"github.com/influxdata/telegraf"
influxaws "github.com/influxdata/telegraf/internal/config/aws"
"github.com/influxdata/telegraf/plugins/outputs"
)
type CloudWatch struct {
Region string `toml:"region"` // AWS Region
AccessKey string `toml:"access_key"` // Explicit AWS Access Key ID
SecretKey string `toml:"secret_key"` // Explicit AWS Secret Access Key
influxaws.AwsCredentials
Namespace string `toml:"namespace"` // CloudWatch Metrics Namespace
svc *cloudwatch.CloudWatch
}
@ -30,10 +27,12 @@ var sampleConfig = `
## Amazon Credentials
## Credentials are loaded in the following order
## 1) explicit credentials from 'access_key' and 'secret_key'
## 2) environment variables
## 3) shared credentials file
## 4) EC2 Instance Profile
## 1) Assumed credentials via STS if role_arn is specified
## 2) explicit credentials from 'access_key' and 'secret_key'
## 3) shared profile from 'profile'
## 4) environment variables
## 5) shared credentials file
## 6) EC2 Instance Profile
#access_key = ""
#secret_key = ""
@ -50,14 +49,9 @@ func (c *CloudWatch) Description() string {
}
func (c *CloudWatch) Connect() error {
Config := &aws.Config{
Region: aws.String(c.Region),
}
if c.AccessKey != "" || c.SecretKey != "" {
Config.Credentials = credentials.NewStaticCredentials(c.AccessKey, c.SecretKey, "")
}
configProvider := c.Credentials()
svc := cloudwatch.New(session.New(Config))
svc := cloudwatch.New(configProvider)
params := &cloudwatch.ListMetricsInput{
Namespace: aws.String(c.Namespace),

View File

@ -8,18 +8,15 @@ import (
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/kinesis"
"github.com/influxdata/telegraf"
influxaws "github.com/influxdata/telegraf/internal/config/aws"
"github.com/influxdata/telegraf/plugins/outputs"
)
type KinesisOutput struct {
Region string `toml:"region"`
AccessKey string `toml:"access_key"`
SecretKey string `toml:"secret_key"`
influxaws.AwsCredentials
StreamName string `toml:"streamname"`
PartitionKey string `toml:"partitionkey"`
Format string `toml:"format"`
@ -33,10 +30,12 @@ var sampleConfig = `
## Amazon Credentials
## Credentials are loaded in the following order
## 1) explicit credentials from 'access_key' and 'secret_key'
## 2) environment variables
## 3) shared credentials file
## 4) EC2 Instance Profile
## 1) Assumed credentials via STS if role_arn is specified
## 2) explicit credentials from 'access_key' and 'secret_key'
## 3) shared profile from 'profile'
## 4) environment variables
## 5) shared credentials file
## 6) EC2 Instance Profile
#access_key = ""
#secret_key = ""
@ -75,13 +74,9 @@ func (k *KinesisOutput) Connect() error {
if k.Debug {
log.Printf("kinesis: Establishing a connection to Kinesis in %+v", k.Region)
}
Config := &aws.Config{
Region: aws.String(k.Region),
}
if k.AccessKey != "" || k.SecretKey != "" {
Config.Credentials = credentials.NewStaticCredentials(k.AccessKey, k.SecretKey, "")
}
svc := kinesis.New(session.New(Config))
configProvider := k.Credentials()
svc := kinesis.New(configProvider)
KinesisParams := &kinesis.ListStreamsInput{
Limit: aws.Int64(100),