in drainer/handler.py [0:0]
def get_bearer_token(cluster, region):
"""Creates the authentication to token required by AWS IAM Authenticator. This is
done by creating a base64 encoded string which represents a HTTP call to the STS
GetCallerIdentity Query Request (https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html).
The AWS IAM Authenticator decodes the base64 string and makes the request on behalf of the user.
"""
STS_TOKEN_EXPIRES_IN = 60
session = boto3.session.Session()
client = session.client('sts', region_name=region)
service_id = client.meta.service_model.service_id
signer = RequestSigner(
service_id,
region,
'sts',
'v4',
session.get_credentials(),
session.events
)
params = {
'method': 'GET',
'url': 'https://sts.{}.amazonaws.com/?Action=GetCallerIdentity&Version=2011-06-15'.format(region),
'body': {},
'headers': {
'x-k8s-aws-id': cluster
},
'context': {}
}
signed_url = signer.generate_presigned_url(
params,
region_name=region,
expires_in=STS_TOKEN_EXPIRES_IN,
operation_name=''
)
base64_url = base64.urlsafe_b64encode(signed_url.encode('utf-8')).decode('utf-8')
# need to remove base64 encoding padding:
# https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/202
return 'k8s-aws-v1.' + re.sub(r'=*', '', base64_url)