forked from aws/aws-lambda-runtime-interface-emulator
-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathcredentials.go
More file actions
119 lines (94 loc) · 2.61 KB
/
credentials.go
File metadata and controls
119 lines (94 loc) · 2.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package core
import (
"fmt"
"sync"
"time"
log "github.com/sirupsen/logrus"
)
const (
UNBLOCKED = iota
BLOCKED
)
var ErrCredentialsNotFound = fmt.Errorf("credentials not found for the provided token")
type Credentials struct {
AwsKey string `json:"AccessKeyId"`
AwsSecret string `json:"SecretAccessKey"`
AwsSession string `json:"Token"`
Expiration time.Time `json:"Expiration"`
}
type CredentialsService interface {
SetCredentials(token, awsKey, awsSecret, awsSession string)
GetCredentials(token string) (*Credentials, error)
UpdateCredentials(awsKey, awsSecret, awsSession string) error
BlockService()
UnblockService()
}
type credentialsServiceImpl struct {
credentials map[string]Credentials
contentMutex *sync.Mutex
serviceMutex *sync.Mutex
currentState int
}
func NewCredentialsService() CredentialsService {
credentialsService := &credentialsServiceImpl{
credentials: make(map[string]Credentials),
contentMutex: &sync.Mutex{},
serviceMutex: &sync.Mutex{},
currentState: UNBLOCKED,
}
return credentialsService
}
func (c *credentialsServiceImpl) SetCredentials(token, awsKey, awsSecret, awsSession string) {
c.contentMutex.Lock()
defer c.contentMutex.Unlock()
c.credentials[token] = Credentials{
AwsKey: awsKey,
AwsSecret: awsSecret,
AwsSession: awsSession,
Expiration: time.Now().Add(16 * time.Minute),
}
}
func (c *credentialsServiceImpl) GetCredentials(token string) (*Credentials, error) {
c.serviceMutex.Lock()
defer c.serviceMutex.Unlock()
c.contentMutex.Lock()
defer c.contentMutex.Unlock()
if credentials, ok := c.credentials[token]; ok {
return &credentials, nil
}
return nil, ErrCredentialsNotFound
}
func (c *credentialsServiceImpl) BlockService() {
if c.currentState == BLOCKED {
return
}
log.Info("blocking the credentials service")
c.serviceMutex.Lock()
c.contentMutex.Lock()
defer c.contentMutex.Unlock()
c.currentState = BLOCKED
}
func (c *credentialsServiceImpl) UnblockService() {
if c.currentState == UNBLOCKED {
return
}
log.Info("unblocking the credentials service")
c.contentMutex.Lock()
defer c.contentMutex.Unlock()
c.currentState = UNBLOCKED
c.serviceMutex.Unlock()
}
func (c *credentialsServiceImpl) UpdateCredentials(awsKey, awsSecret, awsSession string) error {
mapSize := len(c.credentials)
if mapSize != 1 {
return fmt.Errorf("there are %d set of credentials", mapSize)
}
var token string
for key := range c.credentials {
token = key
}
c.SetCredentials(token, awsKey, awsSecret, awsSession)
return nil
}