def home(url):
pattern = re.compile('^/(.+?)/meta-data/iam/info$')
match = re.match(pattern, '/{0}'.format(url))
if match:
return jsonify(roles.get_role_info_from_ip(request.remote_addr))
pattern = re.compile('^/(.+?)/meta-data/iam/security-credentials$')
match = re.match(pattern, '/{0}'.format(url))
if match:
return redirect('{0}/{1}/'.format(app.config['METADATA_URL'], url),
code=301)
pattern = re.compile('^/(.+?)/meta-data/iam/security-credentials/$')
match = re.match(pattern, '/{0}'.format(url))
if match:
return roles.get_role_name_from_ip(request.remote_addr)
pattern = re.compile('^/(.+?)/meta-data/iam/security-credentials/(.*)$')
match = re.match(pattern, '/{0}'.format(url))
if match:
logging.debug('Matched security credentials request url.')
ip_role_match = roles.get_role_name_from_ip(request.remote_addr)
if ip_role_match != match.groups()[1]:
return '', 404
assumed_role = roles.get_assumed_role(requested_role=match.groups()[1],
api_version=match.groups()[0])
return jsonify(assumed_role)
logging.debug('Did not match credentials request url; passing through.')
req = requests.get('{0}/{1}'.format(app.config['METADATA_URL'], url),
stream=True)
return Response(stream_with_context(req.iter_content()),
content_type=req.headers['content-type'])
def get_iam_info(api_version):
role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr)
if role_name_from_ip:
log.debug('Providing IAM role info for {0}'.format(role_name_from_ip))
return jsonify(roles.get_role_info_from_ip(request.remote_addr))
else:
log.error('Role name not found; returning 404.')
return '', 404
def get_iam_info(api_version, junk=None):
role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr)
if role_name_from_ip:
logger.debug('Providing IAM role info for {0}'.format(role_name_from_ip))
return jsonify(roles.get_role_info_from_ip(request.remote_addr))
else:
logger.error('Role name not found; returning 404.')
return '', 404
def iam_role_name(api_version):
if not _supports_iam(api_version):
return passthrough(request.path)
role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr)
if role_name_from_ip:
return role_name_from_ip
else:
log.error('Role name not found; returning 404.')
return '', 404
def iam_role_name(api_version):
if not _supports_iam(api_version):
return passthrough(request.path)
role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr)
if role_name_from_ip:
return role_name_from_ip
else:
logger.error('Role name not found; returning 404.')
return '', 404
def get_role_credentials(api_version, requested_role):
role_name = roles.get_role_name_from_ip(request.remote_addr)
if role_name != requested_role:
return '', 403
try:
assumed_role = roles.get_assumed_role(requested_role=requested_role,
api_version=api_version)
except GetRoleError as e:
return '', e.args[0][0]
return jsonify(assumed_role)
def iam_role_info(api_version, junk=None):
if not _supports_iam(api_version):
return passthrough(request.path)
role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr)
if role_name_from_ip:
log.debug('Providing IAM role info for {0}'.format(role_name_from_ip))
return jsonify(roles.get_role_info_from_ip(request.remote_addr))
else:
log.error('Role name not found; returning 404.')
return '', 404
def iam_role_info(api_version, junk=None):
if not _supports_iam(api_version):
return passthrough(request.path)
role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr)
if role_name_from_ip:
log.debug('Providing IAM role info for {0}'.format(role_name_from_ip))
return jsonify(roles.get_role_info_from_ip(request.remote_addr))
else:
log.error('Role name not found; returning 404.')
return '', 404
def get_role_credentials(api_version, requested_role, junk=None):
if not roles.check_role_name_from_ip(request.remote_addr, requested_role):
return '', 403
role_name = roles.get_role_name_from_ip(request.remote_addr,
stripped=False)
try:
assumed_role = roles.get_assumed_role_credentials(
requested_role=role_name, api_version=api_version)
except GetRoleError as e:
return '', e.args[0][0]
return jsonify(assumed_role)
def get_role_credentials(api_version, requested_role):
role_name = roles.get_role_name_from_ip(request.remote_addr)
if role_name != requested_role:
return '', 403
try:
assumed_role = roles.get_assumed_role(
requested_role=requested_role,
api_version=api_version
)
except GetRoleError as e:
return '', e.args[0][0]
return jsonify(assumed_role)
def home(url):
pattern = re.compile('^/(.+?)/meta-data/iam/info$')
match = re.match(pattern, '/{0}'.format(url))
if match:
return jsonify(roles.get_role_info_from_ip(request.remote_addr))
pattern = re.compile('^/(.+?)/meta-data/iam/security-credentials$')
match = re.match(pattern, '/{0}'.format(url))
if match:
return redirect(
'{0}/{1}/'.format(app.config['METADATA_URL'], url),
code=301
)
pattern = re.compile('^/(.+?)/meta-data/iam/security-credentials/$')
match = re.match(pattern, '/{0}'.format(url))
if match:
return roles.get_role_name_from_ip(request.remote_addr)
pattern = re.compile('^/(.+?)/meta-data/iam/security-credentials/(.*)$')
match = re.match(pattern, '/{0}'.format(url))
if match:
logging.debug('Matched security credentials request url.')
ip_role_match = roles.get_role_name_from_ip(request.remote_addr)
if ip_role_match != match.groups()[1]:
return '', 404
assumed_role = roles.get_assumed_role(
requested_role=match.groups()[1],
api_version=match.groups()[0]
)
return jsonify(assumed_role)
logging.debug('Did not match credentials request url; passing through.')
req = requests.get(
'{0}/{1}'.format(app.config['METADATA_URL'], url),
stream=True
)
return Response(
stream_with_context(req.iter_content()),
content_type=req.headers['content-type']
)
def iam_sts_credentials(api_version, requested_role, junk=None):
if not _supports_iam(api_version):
return passthrough(request.path)
if not roles.check_role_name_from_ip(request.remote_addr, requested_role):
msg = "Role name {0} doesn't match expected role for container"
log.error(msg.format(requested_role))
return '', 404
role_name = roles.get_role_name_from_ip(request.remote_addr,
stripped=False)
log.debug('Providing assumed role credentials for {0}'.format(role_name))
assumed_role = roles.get_assumed_role_credentials(requested_role=role_name,
api_version=api_version)
return jsonify(assumed_role)
def get_role_credentials(api_version, requested_role):
if not roles.check_role_name_from_ip(request.remote_addr, requested_role):
return '', 403
role_name = roles.get_role_name_from_ip(
request.remote_addr,
stripped=False
)
try:
assumed_role = roles.get_assumed_role_credentials(
requested_role=role_name,
api_version=api_version
)
except GetRoleError as e:
return '', e.args[0][0]
return jsonify(assumed_role)
def iam_sts_credentials(api_version, requested_role, junk=None):
if not _supports_iam(api_version):
return passthrough(request.path)
if not roles.check_role_name_from_ip(request.remote_addr, requested_role):
msg = "Role name {0} doesn't match expected role for container"
log.error(msg.format(requested_role))
return '', 404
role_name = roles.get_role_name_from_ip(
request.remote_addr,
stripped=False
)
log.debug('Providing assumed role credentials for {0}'.format(role_name))
assumed_role = roles.get_assumed_role_credentials(
requested_role=role_name,
api_version=api_version
)
return jsonify(assumed_role)
def get_security_credentials_slash(api_version):
role_name = roles.get_role_name_from_ip(request.remote_addr)
if role_name is None:
return '', 404
return role_name, 200
def get_security_credentials_slash(api_version):
role_name = roles.get_role_name_from_ip(request.remote_addr)
if role_name is None:
return '', 404
return role_name, 200