def _populate_keys_from_metadata_server(self):
# get_instance_metadata is imported here because of a circular
# dependency.
niftycloud.log.debug("Retrieving credentials from metadata server.")
from niftycloud.utils import get_instance_metadata
timeout = config.getfloat('Niftycloud', 'metadata_service_timeout', 1.0)
attempts = config.getint('Niftycloud', 'metadata_service_num_attempts', 1)
# The num_retries arg is actually the total number of attempts made,
# so the config options is named *_num_attempts to make this more
# clear to users.
metadata = get_instance_metadata(
timeout=timeout, num_retries=attempts,
data='meta-data/iam/security-credentials/')
if metadata:
creds = self._get_credentials_from_metadata(metadata)
self._access_key = creds[0]
self._secret_key = creds[1]
self._security_token = creds[2]
expires_at = creds[3]
# I'm assuming there's only one role on the instance profile.
self._credential_expiry_time = datetime.strptime(
expires_at, "%Y-%m-%dT%H:%M:%SZ")
niftycloud.log.debug("Retrieved credentials will expire in %s at: %s",
self._credential_expiry_time - datetime.now(),
expires_at)
def write_metadata(self):
fp = open(os.path.expanduser(NiftycloudConfigPath), 'w')
fp.write('[Instance]\n')
inst_data = get_instance_metadata()
for key in inst_data:
fp.write('%s = %s\n' % (key, inst_data[key]))
user_data = get_instance_userdata()
fp.write('\n%s\n' % user_data)
fp.write('[Pyami]\n')
fp.write('working_dir = %s\n' % self.working_dir)
fp.close()
# This file has the AWS credentials, should we lock it down?
# os.chmod(NiftycloudConfigPath, stat.S_IREAD | stat.S_IWRITE)
# now that we have written the file, read it into a pyami Config object
niftycloud.config = Config()
niftycloud.init_logging()