Skip to content

Commit

Permalink
Tidy up by removing experiments
Browse files Browse the repository at this point in the history
  • Loading branch information
@ColinHebert
ColinHebert committed May 17, 2019
1 parent 053a2a9 commit df22fae
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 5 deletions.
2 changes: 1 addition & 1 deletion iam/iam.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ func (iam *Client) EndpointFor(service, region string, optFns ...func(*endpoints
}

// AssumeRole returns an IAM role Credentials using AWS STS.
func (iam *Client) AssumeRole(roleARN, remoteIP string, sessionTTL time.Duration, externalId string) (*Credentials, error) {
func (iam *Client) AssumeRole(roleARN, externalId string, remoteIP string, sessionTTL time.Duration) (*Credentials, error) {
hitCache := true
item, err := cache.Fetch(roleARN, sessionTTL, func() (interface{}, error) {
hitCache = false
Expand Down
12 changes: 8 additions & 4 deletions server/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,12 @@ func (s *Server) roleHandler(logger *log.Entry, w http.ResponseWriter, r *http.R
return
}

externalId, err := s.GetExternalIdMapping(remoteIP)
if err != nil {
http.Error(w, err.Error(), http.StatusNotFound)
return
}

roleLogger := logger.WithFields(log.Fields{
"pod.iam.role": roleMapping.Role,
"ns.name": roleMapping.Namespace,
Expand All @@ -313,9 +319,7 @@ func (s *Server) roleHandler(logger *log.Entry, w http.ResponseWriter, r *http.R
return
}

externalId := mux.Vars(r)["externalId"]

credentials, err := s.iam.AssumeRole(wantedRoleARN, remoteIP, s.IAMRoleSessionTTL, externalId)
credentials, err := s.iam.AssumeRole(wantedRoleARN, externalId, remoteIP, s.IAMRoleSessionTTL)
if err != nil {
roleLogger.Errorf("Error assuming role %+v", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
Expand Down Expand Up @@ -379,7 +383,7 @@ func (s *Server) Run(host, token, nodeName string, insecure bool) error {
r.Handle("/{version}/meta-data/iam/security-credentials/", securityHandler)
r.Handle(
"/{version}/meta-data/iam/security-credentials/{role:.*}",
newAppHandler("roleHandler", s.roleHandler)).Queries("externalId", "{externalId}")
newAppHandler("roleHandler", s.roleHandler))
r.Handle("/healthz", newAppHandler("healthHandler", s.healthHandler))

if s.MetricsPort == s.AppPort {
Expand Down

0 comments on commit df22fae

Please sign in to comment.