def home(url): pattern = re.compile('^/(.+?)/meta-data/iam/info$') match = re.match(pattern, '/{0}'.format(url)) if match: return jsonify(roles.get_role_info_from_ip(request.remote_addr)) pattern = re.compile('^/(.+?)/meta-data/iam/security-credentials$') match = re.match(pattern, '/{0}'.format(url)) if match: return redirect('{0}/{1}/'.format(app.config['METADATA_URL'], url), code=301) pattern = re.compile('^/(.+?)/meta-data/iam/security-credentials/$') match = re.match(pattern, '/{0}'.format(url)) if match: return roles.get_role_name_from_ip(request.remote_addr) pattern = re.compile('^/(.+?)/meta-data/iam/security-credentials/(.*)$') match = re.match(pattern, '/{0}'.format(url)) if match: logging.debug('Matched security credentials request url.') ip_role_match = roles.get_role_name_from_ip(request.remote_addr) if ip_role_match != match.groups()[1]: return '', 404 assumed_role = roles.get_assumed_role(requested_role=match.groups()[1], api_version=match.groups()[0]) return jsonify(assumed_role) logging.debug('Did not match credentials request url; passing through.') req = requests.get('{0}/{1}'.format(app.config['METADATA_URL'], url), stream=True) return Response(stream_with_context(req.iter_content()), content_type=req.headers['content-type'])
def get_iam_info(api_version): role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr) if role_name_from_ip: log.debug('Providing IAM role info for {0}'.format(role_name_from_ip)) return jsonify(roles.get_role_info_from_ip(request.remote_addr)) else: log.error('Role name not found; returning 404.') return '', 404
def get_iam_info(api_version, junk=None): role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr) if role_name_from_ip: logger.debug('Providing IAM role info for {0}'.format(role_name_from_ip)) return jsonify(roles.get_role_info_from_ip(request.remote_addr)) else: logger.error('Role name not found; returning 404.') return '', 404
def iam_role_name(api_version): if not _supports_iam(api_version): return passthrough(request.path) role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr) if role_name_from_ip: return role_name_from_ip else: log.error('Role name not found; returning 404.') return '', 404
def iam_role_name(api_version): if not _supports_iam(api_version): return passthrough(request.path) role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr) if role_name_from_ip: return role_name_from_ip else: logger.error('Role name not found; returning 404.') return '', 404
def get_role_credentials(api_version, requested_role): role_name = roles.get_role_name_from_ip(request.remote_addr) if role_name != requested_role: return '', 403 try: assumed_role = roles.get_assumed_role(requested_role=requested_role, api_version=api_version) except GetRoleError as e: return '', e.args[0][0] return jsonify(assumed_role)
def iam_role_info(api_version, junk=None): if not _supports_iam(api_version): return passthrough(request.path) role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr) if role_name_from_ip: log.debug('Providing IAM role info for {0}'.format(role_name_from_ip)) return jsonify(roles.get_role_info_from_ip(request.remote_addr)) else: log.error('Role name not found; returning 404.') return '', 404
def get_role_credentials(api_version, requested_role, junk=None): if not roles.check_role_name_from_ip(request.remote_addr, requested_role): return '', 403 role_name = roles.get_role_name_from_ip(request.remote_addr, stripped=False) try: assumed_role = roles.get_assumed_role_credentials( requested_role=role_name, api_version=api_version) except GetRoleError as e: return '', e.args[0][0] return jsonify(assumed_role)
def get_role_credentials(api_version, requested_role): role_name = roles.get_role_name_from_ip(request.remote_addr) if role_name != requested_role: return '', 403 try: assumed_role = roles.get_assumed_role( requested_role=requested_role, api_version=api_version ) except GetRoleError as e: return '', e.args[0][0] return jsonify(assumed_role)
def home(url): pattern = re.compile('^/(.+?)/meta-data/iam/info$') match = re.match(pattern, '/{0}'.format(url)) if match: return jsonify(roles.get_role_info_from_ip(request.remote_addr)) pattern = re.compile('^/(.+?)/meta-data/iam/security-credentials$') match = re.match(pattern, '/{0}'.format(url)) if match: return redirect( '{0}/{1}/'.format(app.config['METADATA_URL'], url), code=301 ) pattern = re.compile('^/(.+?)/meta-data/iam/security-credentials/$') match = re.match(pattern, '/{0}'.format(url)) if match: return roles.get_role_name_from_ip(request.remote_addr) pattern = re.compile('^/(.+?)/meta-data/iam/security-credentials/(.*)$') match = re.match(pattern, '/{0}'.format(url)) if match: logging.debug('Matched security credentials request url.') ip_role_match = roles.get_role_name_from_ip(request.remote_addr) if ip_role_match != match.groups()[1]: return '', 404 assumed_role = roles.get_assumed_role( requested_role=match.groups()[1], api_version=match.groups()[0] ) return jsonify(assumed_role) logging.debug('Did not match credentials request url; passing through.') req = requests.get( '{0}/{1}'.format(app.config['METADATA_URL'], url), stream=True ) return Response( stream_with_context(req.iter_content()), content_type=req.headers['content-type'] )
def iam_sts_credentials(api_version, requested_role, junk=None): if not _supports_iam(api_version): return passthrough(request.path) if not roles.check_role_name_from_ip(request.remote_addr, requested_role): msg = "Role name {0} doesn't match expected role for container" log.error(msg.format(requested_role)) return '', 404 role_name = roles.get_role_name_from_ip(request.remote_addr, stripped=False) log.debug('Providing assumed role credentials for {0}'.format(role_name)) assumed_role = roles.get_assumed_role_credentials(requested_role=role_name, api_version=api_version) return jsonify(assumed_role)
def get_role_credentials(api_version, requested_role): if not roles.check_role_name_from_ip(request.remote_addr, requested_role): return '', 403 role_name = roles.get_role_name_from_ip( request.remote_addr, stripped=False ) try: assumed_role = roles.get_assumed_role_credentials( requested_role=role_name, api_version=api_version ) except GetRoleError as e: return '', e.args[0][0] return jsonify(assumed_role)
def iam_sts_credentials(api_version, requested_role, junk=None): if not _supports_iam(api_version): return passthrough(request.path) if not roles.check_role_name_from_ip(request.remote_addr, requested_role): msg = "Role name {0} doesn't match expected role for container" log.error(msg.format(requested_role)) return '', 404 role_name = roles.get_role_name_from_ip( request.remote_addr, stripped=False ) log.debug('Providing assumed role credentials for {0}'.format(role_name)) assumed_role = roles.get_assumed_role_credentials( requested_role=role_name, api_version=api_version ) return jsonify(assumed_role)
def get_security_credentials_slash(api_version): role_name = roles.get_role_name_from_ip(request.remote_addr) if role_name is None: return '', 404 return role_name, 200