|
|
@@ -2,12 +2,15 @@ package imguploader
|
|
|
|
|
|
import (
|
|
|
"context"
|
|
|
+ "fmt"
|
|
|
"os"
|
|
|
"time"
|
|
|
|
|
|
"github.com/aws/aws-sdk-go/aws"
|
|
|
"github.com/aws/aws-sdk-go/aws/credentials"
|
|
|
"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
|
|
|
+ "github.com/aws/aws-sdk-go/aws/credentials/endpointcreds"
|
|
|
+ "github.com/aws/aws-sdk-go/aws/defaults"
|
|
|
"github.com/aws/aws-sdk-go/aws/ec2metadata"
|
|
|
"github.com/aws/aws-sdk-go/aws/endpoints"
|
|
|
"github.com/aws/aws-sdk-go/aws/session"
|
|
|
@@ -50,7 +53,7 @@ func (u *S3Uploader) Upload(ctx context.Context, imageDiskPath string) (string,
|
|
|
SecretAccessKey: u.secretKey,
|
|
|
}},
|
|
|
&credentials.EnvProvider{},
|
|
|
- &ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(sess), ExpiryWindow: 5 * time.Minute},
|
|
|
+ remoteCredProvider(sess),
|
|
|
})
|
|
|
cfg := &aws.Config{
|
|
|
Region: aws.String(u.region),
|
|
|
@@ -85,3 +88,27 @@ func (u *S3Uploader) Upload(ctx context.Context, imageDiskPath string) (string,
|
|
|
}
|
|
|
return image_url, nil
|
|
|
}
|
|
|
+
|
|
|
+func remoteCredProvider(sess *session.Session) credentials.Provider {
|
|
|
+ ecsCredURI := os.Getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI")
|
|
|
+
|
|
|
+ if len(ecsCredURI) > 0 {
|
|
|
+ return ecsCredProvider(sess, ecsCredURI)
|
|
|
+ }
|
|
|
+ return ec2RoleProvider(sess)
|
|
|
+}
|
|
|
+
|
|
|
+func ecsCredProvider(sess *session.Session, uri string) credentials.Provider {
|
|
|
+ const host = `169.254.170.2`
|
|
|
+
|
|
|
+ d := defaults.Get()
|
|
|
+ return endpointcreds.NewProviderClient(
|
|
|
+ *d.Config,
|
|
|
+ d.Handlers,
|
|
|
+ fmt.Sprintf("http://%s%s", host, uri),
|
|
|
+ func(p *endpointcreds.Provider) { p.ExpiryWindow = 5 * time.Minute })
|
|
|
+}
|
|
|
+
|
|
|
+func ec2RoleProvider(sess *session.Session) credentials.Provider {
|
|
|
+ return &ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(sess), ExpiryWindow: 5 * time.Minute}
|
|
|
+}
|
Aidan Rowe