lambda/core/credentials.go (69 lines of code) (raw):
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package core
import (
"fmt"
"sync"
"time"
)
const (
UNBLOCKED = iota
BLOCKED
)
var ErrCredentialsNotFound = fmt.Errorf("credentials not found for the provided token")
type Credentials struct {
AwsKey string `json:"AccessKeyId"`
AwsSecret string `json:"SecretAccessKey"`
AwsSession string `json:"Token"`
Expiration time.Time `json:"Expiration"`
}
type CredentialsService interface {
SetCredentials(token, awsKey, awsSecret, awsSession string, expiration time.Time)
GetCredentials(token string) (*Credentials, error)
UpdateCredentials(awsKey, awsSecret, awsSession string, expiration time.Time) error
}
type credentialsServiceImpl struct {
credentials map[string]Credentials
contentMutex *sync.Mutex
serviceMutex *sync.Mutex
currentState int
}
func NewCredentialsService() CredentialsService {
credentialsService := &credentialsServiceImpl{
credentials: make(map[string]Credentials),
contentMutex: &sync.Mutex{},
serviceMutex: &sync.Mutex{},
currentState: UNBLOCKED,
}
return credentialsService
}
func (c *credentialsServiceImpl) SetCredentials(token, awsKey, awsSecret, awsSession string, expiration time.Time) {
c.contentMutex.Lock()
defer c.contentMutex.Unlock()
c.credentials[token] = Credentials{
AwsKey: awsKey,
AwsSecret: awsSecret,
AwsSession: awsSession,
Expiration: expiration,
}
}
func (c *credentialsServiceImpl) GetCredentials(token string) (*Credentials, error) {
c.serviceMutex.Lock()
defer c.serviceMutex.Unlock()
c.contentMutex.Lock()
defer c.contentMutex.Unlock()
if credentials, ok := c.credentials[token]; ok {
return &credentials, nil
}
return nil, ErrCredentialsNotFound
}
func (c *credentialsServiceImpl) UpdateCredentials(awsKey, awsSecret, awsSession string, expiration time.Time) error {
mapSize := len(c.credentials)
if mapSize != 1 {
return fmt.Errorf("there are %d set of credentials", mapSize)
}
var token string
for key := range c.credentials {
token = key
}
c.SetCredentials(token, awsKey, awsSecret, awsSession, expiration)
return nil
}