-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.go
122 lines (102 loc) · 2.44 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package main
import (
"bufio"
"bytes"
flags "github.com/jessevdk/go-flags"
awsauth "github.com/smartystreets/go-aws-auth"
"io"
"log"
"net/http"
"os"
"path/filepath"
"syscall"
"text/template"
)
type Options struct {
Verbose []bool `short:"v" long:"verbose" description:"verbose output"`
Url string `short:"u" long:"url" description:"endpoint URL" default:"https://s3.amazonaws.com"`
Bucket string `short:"b" long:"bucket" description:"S3 bucket" required:"true"`
Key string `short:"k" long:"key" description:"S3 key" default:"{{.Role}}/user-script"`
}
type Config struct {
Role string
}
func getIAMRoleList() []string {
var roles []string
url := "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
client := &http.Client{}
req, err := http.NewRequest("GET", url, nil)
if err != nil {
return roles
}
resp, err := client.Do(req)
if err != nil {
return roles
}
scanner := bufio.NewScanner(resp.Body)
for scanner.Scan() {
roles = append(roles, scanner.Text())
}
return roles
}
func expandRole(s string, role string) string {
t := template.New("key template")
t, err := t.Parse(s)
if err != nil {
log.Fatal(err)
}
var expandedKey bytes.Buffer
err = t.Execute(&expandedKey, Config{Role: role})
if err != nil {
log.Fatal(err)
}
return expandedKey.String()
}
func downloadFile(url string, path string) {
req, _ := http.NewRequest("GET", url, nil)
client := &http.Client{}
awsauth.Sign(req)
resp, err := client.Do(req)
if err != nil {
log.Fatal(err)
}
if resp.StatusCode >= 400 {
log.Fatalf("bad status code: %d", resp.StatusCode)
}
defer resp.Body.Close()
out, err := os.Create(path)
defer out.Close()
_, err = io.Copy(out, resp.Body)
}
func main() {
prog := filepath.Base(os.Args[0])
log.SetFlags(0)
log.SetPrefix(prog + ": ")
var opts Options
parser := flags.NewParser(&opts, flags.Default)
_, err := parser.Parse()
if err != nil {
os.Exit(2)
}
roles := getIAMRoleList()
if len(roles) > 0 {
role := roles[0]
opts.Key = expandRole(opts.Key, role)
}
fullUrl := opts.Url + "/" + opts.Bucket + "/" + opts.Key
if len(opts.Verbose) > 0 {
log.Printf("downloading: %s\n", fullUrl)
}
downloadFile(fullUrl, "user-script")
err = os.Chmod("user-script", 0700)
if err != nil {
log.Fatal(err)
}
if len(opts.Verbose) > 0 {
log.Println("executing: ./user-script")
}
err = syscall.Exec("./user-script", []string{"./user-script"}, os.Environ())
if err != nil {
log.Fatal(err)
}
}