-
Notifications
You must be signed in to change notification settings - Fork 319
/
arn.go
50 lines (42 loc) · 1.33 KB
/
arn.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
package iam
import (
"context"
"fmt"
"regexp"
"strings"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
)
const fullArnPrefix = "arn:"
// ARNRegexp is the regex to check that the base ARN is valid,
// see http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns.
var ARNRegexp = regexp.MustCompile(`^arn:(\w|-)*:iam::\d+:role\/?(\w+|-|\/|\.)*$`)
// IsValidBaseARN validates that the base ARN is valid.
func IsValidBaseARN(arn string) bool {
return ARNRegexp.MatchString(arn)
}
// RoleARN returns the full iam role ARN.
func (iam *Client) RoleARN(role string) string {
if strings.HasPrefix(strings.ToLower(role), fullArnPrefix) {
return role
}
return fmt.Sprintf("%s%s", iam.BaseARN, role)
}
// GetBaseArn get the base ARN from metadata service.
func GetBaseArn() (string, error) {
cfg, err := config.LoadDefaultConfig(context.TODO())
if err != nil {
return "", err
}
client := imds.NewFromConfig(cfg)
iamInfo, err := client.GetIAMInfo(context.TODO(), &imds.GetIAMInfoInput{})
if err != nil {
return "", err
}
arn := strings.Replace(iamInfo.IAMInfo.InstanceProfileArn, "instance-profile", "role", 1)
baseArn := strings.Split(arn, "/")
if len(baseArn) < 2 {
return "", fmt.Errorf("can't determine BaseARN")
}
return fmt.Sprintf("%s/", baseArn[0]), nil
}