in api/src/gmsa_service.cpp [2643:2711]
std::string retrieve_credspec_from_s3( std::string s3_arn, std::string region,
Aws::Auth::AWSCredentials credentials, bool test = false )
{
std::string response = "";
Aws::SDKOptions options;
try
{
Aws::InitAPI( options );
{
Aws::Client::ClientConfiguration clientConfig;
clientConfig.region = region;
auto provider = Aws::MakeShared<Aws::Auth::SimpleAWSCredentialsProvider>( "alloc-tag",
credentials );
auto creds = provider->GetAWSCredentials();
if ( creds.IsEmpty() )
{
std::cerr << Util::getCurrentTime() << '\t'
<< "ERROR: Failed authentication invalid creds" << std::endl;
return std::string( "" );
}
std::smatch arn_match;
std::regex pattern( "arn:([^:]+):s3:::([^/]+)/(.+)" );
if ( !std::regex_search( s3_arn, arn_match, pattern ) )
{
std::cerr << Util::getCurrentTime() << '\t'
<< "ERROR: s3 arn provided is not valid " << s3_arn << std::endl;
return std::string( "" );
}
std::string s3Bucket = std::string( arn_match[2] );
std::string objectName = std::string( arn_match[3] );
if ( test )
{
std::cerr << s3Bucket;
std::cerr << objectName;
return dummy_credspec;
}
Aws::S3::S3Client s3Client (credentials,Aws::MakeShared<Aws::S3::S3EndpointProvider>
(Aws::S3::S3Client::ALLOCATION_TAG), clientConfig);
Aws::S3::Model::GetObjectRequest request;
request.SetBucket(s3Bucket);
request.SetKey(objectName);
Aws::S3::Model::GetObjectOutcome outcome =
s3Client.GetObject(request);
if ( !outcome.IsSuccess() )
{
const Aws::S3::S3Error& err = outcome.GetError();
std::cerr << Util::getCurrentTime() << '\t'
<< "ERROR: GetObject: " << err.GetExceptionName() << ": "
<< err.GetMessage() << std::endl;
return std::string( "" );
}
std::stringstream ss;
ss << outcome.GetResult().GetBody().rdbuf();
response = ss.str();
}
}
catch ( ... )
{
std::cerr << Util::getCurrentTime() << '\t'
<< "ERROR: retrieving credentialspec from s3 "
"failed"
<< std::endl;
return std::string( "" );
}
std::cerr << Util::getCurrentTime() << '\t'
<< "INFO: credentialspec info is successfully retrieved" << std::endl;
return response;
}