func Serve()

in aws_signing_helper/serve.go [273:338]


func Serve(port int, credentialsOptions CredentialsOpts) {
	var refreshableCred = RefreshableCred{}

	roleArn, err := arn.Parse(credentialsOptions.RoleArn)
	if err != nil {
		log.Println("invalid role ARN")
		os.Exit(1)
	}

	signer, signatureAlgorithm, err := GetSigner(&credentialsOptions)
	if err != nil {
		log.Println(err)
		os.Exit(1)
	}
	defer signer.Close()

	credentialProcessOutput, _ := GenerateCredentials(&credentialsOptions, signer, signatureAlgorithm)
	refreshableCred.AccessKeyId = credentialProcessOutput.AccessKeyId
	refreshableCred.SecretAccessKey = credentialProcessOutput.SecretAccessKey
	refreshableCred.Token = credentialProcessOutput.SessionToken
	refreshableCred.Expiration, _ = time.Parse(time.RFC3339, credentialProcessOutput.Expiration)
	refreshableCred.Code = REFRESHABLE_CRED_CODE
	refreshableCred.LastUpdated = time.Now()
	refreshableCred.Type = REFRESHABLE_CRED_TYPE
	endpoint := &Endpoint{PortNum: port, TmpCred: refreshableCred}
	endpoint.Server = &http.Server{}
	roleResourceParts := strings.Split(roleArn.Resource, "/")
	roleName := roleResourceParts[len(roleResourceParts)-1] // Find role name without path
	putTokenHandler, getRoleNameHandler, getCredentialsHandler := AllIssuesHandlers(&endpoint.TmpCred, roleName, &credentialsOptions, signer, signatureAlgorithm)

	http.HandleFunc(TOKEN_RESOURCE_PATH, putTokenHandler)
	http.HandleFunc(SECURITY_CREDENTIALS_RESOURCE_PATH, getRoleNameHandler)
	http.HandleFunc(SECURITY_CREDENTIALS_RESOURCE_PATH+roleName, getCredentialsHandler)

	// Background thread that cleans up expired tokens
	ticker := time.NewTicker(5 * time.Second)
	go func() {
		for range ticker.C {
			curTime := time.Now()
			mutex.Lock()
			for key, value := range tokenMap {
				if curTime.After(value) {
					delete(tokenMap, key)
					log.Printf("removed expired token: %s", key)
				}
			}
			mutex.Unlock()
		}
	}()

	// Start the credentials endpoint
	listener, err := net.Listen("tcp", fmt.Sprintf("%s:%d", LocalHostAddress, endpoint.PortNum))
	if err != nil {
		log.Println("failed to create listener")
		os.Exit(1)
	}
	listener = NewListenerWithTTL(listener, credentialsOptions.ServerTTL)
	endpoint.PortNum = listener.Addr().(*net.TCPAddr).Port
	log.Println("Local server started on port:", endpoint.PortNum)
	log.Println("Make it available to the sdk by running:")
	log.Printf("export AWS_EC2_METADATA_SERVICE_ENDPOINT=http://%s:%d/", LocalHostAddress, endpoint.PortNum)
	if err := endpoint.Server.Serve(listener); err != nil {
		log.Println("Httpserver: ListenAndServe() error")
		os.Exit(1)
	}
}