ysaito1001/generate_rds_iam_token.rs Secret

## generate_rds_iam_token.rs
/*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0
 */

/*
 * [dependencies] of Cargo.toml for this example looks as follows:

[dependencies]
aws-config = "0.57.0"
aws-credential-types = "0.57.0"
aws-runtime = "0.57.0"
aws-smithy-async = "0.57.0"
aws-smithy-runtime-api = { version = "0.57.0", features = ["test-util"] }
aws-smithy-types = "0.57.0"
aws-types = "0.57.0"
http = "0.2.3"

 */


use aws_credential_types::Credentials;
use aws_runtime::auth::{sigv4::SigV4Signer, SigV4OperationSigningConfig};
use aws_runtime::auth::{HttpSignatureType, SigningOptions};
use aws_smithy_async::time::SystemTimeSource;
use aws_smithy_runtime_api::box_error::BoxError;
use aws_smithy_runtime_api::client::auth::{AuthSchemeEndpointConfig, Sign};
use aws_smithy_runtime_api::client::identity::Identity;
use aws_smithy_runtime_api::client::orchestrator::HttpRequest;
use aws_smithy_runtime_api::client::runtime_components::RuntimeComponentsBuilder;
use aws_smithy_types::body::SdkBody;
use aws_smithy_types::config_bag::{ConfigBag, Layer};
use aws_types::region::{Region, SigningRegion};
use aws_types::sdk_config::SharedTimeSource;
use aws_types::SigningName;
use http::Request;
use std::time::Duration;

fn main() {
    let db_hostname = "prod-instance.us-east-1.rds.amazonaws.com";
    let region = Region::from_static("us-east-1");
    let port = 3306;
    let db_username = "dbuser";
    let credentials = Credentials::new("AKIDEXAMPLE", "secret", None, None, "example");
    dbg!(
        generate_rds_iam_token(db_hostname, region, port, db_username, credentials)
            .expect("should generate a token")
    );
}

fn generate_rds_iam_token(
    db_hostname: &str,
    region: Region,
    port: u16,
    db_username: &str,
    credentials: Credentials,
) -> Result<String, BoxError> {
    let mut request: HttpRequest = Request::builder()
        .uri(format!(
            "http://{db_hostname}:{port}/?Action=connect&DBUser={db_user}",
            db_hostname = db_hostname,
            port = port,
            db_user = db_username
        ))
        .body(SdkBody::empty())
        .unwrap()
        .try_into()
        .unwrap();

    let identity = Identity::new(credentials, None);

    let mut signing_options = SigningOptions::default();
    signing_options.signature_type = HttpSignatureType::HttpRequestQueryParams;
    signing_options.expires_in = Some(Duration::from_secs(15 * 60));
    let signing_config = SigV4OperationSigningConfig {
        region: Some(SigningRegion::from(region)),
        name: Some(SigningName::from_static("rds-db")),
        signing_options,
        ..Default::default()
    };

    let time_source = SharedTimeSource::new(SystemTimeSource::new());
    let mut rc_builder = RuntimeComponentsBuilder::for_tests();
    rc_builder.set_time_source(Some(time_source));
    let runtime_components = rc_builder.build().unwrap();

    let mut layer = Layer::new("SigningConfig");
    layer.store_put(signing_config);
    let config_bag = ConfigBag::of_layers(vec![layer]);

    let signer = SigV4Signer::new();
    let _ = signer.sign_http_request(
        &mut request,
        &identity,
        AuthSchemeEndpointConfig::empty(),
        &runtime_components,
        &config_bag,
    );

    let mut uri = request.uri().to_string();
    assert!(uri.starts_with("http://"));
    Ok(uri.split_off("http://".len()))
}
	/*
	* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
	* SPDX-License-Identifier: Apache-2.0
	*/

	/*
	* [dependencies] of Cargo.toml for this example looks as follows:

	[dependencies]
	aws-config = "0.57.0"
	aws-credential-types = "0.57.0"
	aws-runtime = "0.57.0"
	aws-smithy-async = "0.57.0"
	aws-smithy-runtime-api = { version = "0.57.0", features = ["test-util"] }
	aws-smithy-types = "0.57.0"
	aws-types = "0.57.0"
	http = "0.2.3"

	*/


	use aws_credential_types::Credentials;
	use aws_runtime::auth::{sigv4::SigV4Signer, SigV4OperationSigningConfig};
	use aws_runtime::auth::{HttpSignatureType, SigningOptions};
	use aws_smithy_async::time::SystemTimeSource;
	use aws_smithy_runtime_api::box_error::BoxError;
	use aws_smithy_runtime_api::client::auth::{AuthSchemeEndpointConfig, Sign};
	use aws_smithy_runtime_api::client::identity::Identity;
	use aws_smithy_runtime_api::client::orchestrator::HttpRequest;
	use aws_smithy_runtime_api::client::runtime_components::RuntimeComponentsBuilder;
	use aws_smithy_types::body::SdkBody;
	use aws_smithy_types::config_bag::{ConfigBag, Layer};
	use aws_types::region::{Region, SigningRegion};
	use aws_types::sdk_config::SharedTimeSource;
	use aws_types::SigningName;
	use http::Request;
	use std::time::Duration;

	fn main() {
	let db_hostname = "prod-instance.us-east-1.rds.amazonaws.com";
	let region = Region::from_static("us-east-1");
	let port = 3306;
	let db_username = "dbuser";
	let credentials = Credentials::new("AKIDEXAMPLE", "secret", None, None, "example");
	dbg!(
	generate_rds_iam_token(db_hostname, region, port, db_username, credentials)
	.expect("should generate a token")
	);
	}

	fn generate_rds_iam_token(
	db_hostname: &str,
	region: Region,
	port: u16,
	db_username: &str,
	credentials: Credentials,
	) -> Result<String, BoxError> {
	let mut request: HttpRequest = Request::builder()
	.uri(format!(
	"http://{db_hostname}:{port}/?Action=connect&DBUser={db_user}",
	db_hostname = db_hostname,
	port = port,
	db_user = db_username
	))
	.body(SdkBody::empty())
	.unwrap()
	.try_into()
	.unwrap();

	let identity = Identity::new(credentials, None);

	let mut signing_options = SigningOptions::default();
	signing_options.signature_type = HttpSignatureType::HttpRequestQueryParams;
	signing_options.expires_in = Some(Duration::from_secs(15 * 60));
	let signing_config = SigV4OperationSigningConfig {
	region: Some(SigningRegion::from(region)),
	name: Some(SigningName::from_static("rds-db")),
	signing_options,
	..Default::default()
	};

	let time_source = SharedTimeSource::new(SystemTimeSource::new());
	let mut rc_builder = RuntimeComponentsBuilder::for_tests();
	rc_builder.set_time_source(Some(time_source));
	let runtime_components = rc_builder.build().unwrap();

	let mut layer = Layer::new("SigningConfig");
	layer.store_put(signing_config);
	let config_bag = ConfigBag::of_layers(vec![layer]);

	let signer = SigV4Signer::new();
	let _ = signer.sign_http_request(
	&mut request,
	&identity,
	AuthSchemeEndpointConfig::empty(),
	&runtime_components,
	&config_bag,
	);

	let mut uri = request.uri().to_string();
	assert!(uri.starts_with("http://"));
	Ok(uri.split_off("http://".len()))
	}