-
-
Save ysaito1001/6619bf34f2c53d81d37cdd58515092ce to your computer and use it in GitHub Desktop.
Port generate_rds_iam_token to runtime crates of version 0.57.x
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
* SPDX-License-Identifier: Apache-2.0 | |
*/ | |
/* | |
* [dependencies] of Cargo.toml for this example looks as follows: | |
[dependencies] | |
aws-config = "0.57.0" | |
aws-credential-types = "0.57.0" | |
aws-runtime = "0.57.0" | |
aws-smithy-async = "0.57.0" | |
aws-smithy-runtime-api = { version = "0.57.0", features = ["test-util"] } | |
aws-smithy-types = "0.57.0" | |
aws-types = "0.57.0" | |
http = "0.2.3" | |
*/ | |
use aws_credential_types::Credentials; | |
use aws_runtime::auth::{sigv4::SigV4Signer, SigV4OperationSigningConfig}; | |
use aws_runtime::auth::{HttpSignatureType, SigningOptions}; | |
use aws_smithy_async::time::SystemTimeSource; | |
use aws_smithy_runtime_api::box_error::BoxError; | |
use aws_smithy_runtime_api::client::auth::{AuthSchemeEndpointConfig, Sign}; | |
use aws_smithy_runtime_api::client::identity::Identity; | |
use aws_smithy_runtime_api::client::orchestrator::HttpRequest; | |
use aws_smithy_runtime_api::client::runtime_components::RuntimeComponentsBuilder; | |
use aws_smithy_types::body::SdkBody; | |
use aws_smithy_types::config_bag::{ConfigBag, Layer}; | |
use aws_types::region::{Region, SigningRegion}; | |
use aws_types::sdk_config::SharedTimeSource; | |
use aws_types::SigningName; | |
use http::Request; | |
use std::time::Duration; | |
fn main() { | |
let db_hostname = "prod-instance.us-east-1.rds.amazonaws.com"; | |
let region = Region::from_static("us-east-1"); | |
let port = 3306; | |
let db_username = "dbuser"; | |
let credentials = Credentials::new("AKIDEXAMPLE", "secret", None, None, "example"); | |
dbg!( | |
generate_rds_iam_token(db_hostname, region, port, db_username, credentials) | |
.expect("should generate a token") | |
); | |
} | |
fn generate_rds_iam_token( | |
db_hostname: &str, | |
region: Region, | |
port: u16, | |
db_username: &str, | |
credentials: Credentials, | |
) -> Result<String, BoxError> { | |
let mut request: HttpRequest = Request::builder() | |
.uri(format!( | |
"http://{db_hostname}:{port}/?Action=connect&DBUser={db_user}", | |
db_hostname = db_hostname, | |
port = port, | |
db_user = db_username | |
)) | |
.body(SdkBody::empty()) | |
.unwrap() | |
.try_into() | |
.unwrap(); | |
let identity = Identity::new(credentials, None); | |
let mut signing_options = SigningOptions::default(); | |
signing_options.signature_type = HttpSignatureType::HttpRequestQueryParams; | |
signing_options.expires_in = Some(Duration::from_secs(15 * 60)); | |
let signing_config = SigV4OperationSigningConfig { | |
region: Some(SigningRegion::from(region)), | |
name: Some(SigningName::from_static("rds-db")), | |
signing_options, | |
..Default::default() | |
}; | |
let time_source = SharedTimeSource::new(SystemTimeSource::new()); | |
let mut rc_builder = RuntimeComponentsBuilder::for_tests(); | |
rc_builder.set_time_source(Some(time_source)); | |
let runtime_components = rc_builder.build().unwrap(); | |
let mut layer = Layer::new("SigningConfig"); | |
layer.store_put(signing_config); | |
let config_bag = ConfigBag::of_layers(vec![layer]); | |
let signer = SigV4Signer::new(); | |
let _ = signer.sign_http_request( | |
&mut request, | |
&identity, | |
AuthSchemeEndpointConfig::empty(), | |
&runtime_components, | |
&config_bag, | |
); | |
let mut uri = request.uri().to_string(); | |
assert!(uri.starts_with("http://")); | |
Ok(uri.split_off("http://".len())) | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment