Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

combined functions for cleaner code

pull/4979/head
Tim Dery 9 months ago
parent
122dfa12ac
commit
7da9a45c61
1 changed files with 19 additions and 61 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 76
      dnsapi/dns_aws.sh

76
dnsapi/dns_aws.sh
View File

@ -209,75 +209,33 @@ _use_container_role() {
_use_instance_role() {
# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
# https://aws.amazon.com/blogs/security/get-the-full-benefits-of-imdsv2-and-disable-imdsv1-across-your-aws-infrastructure/
_url="http://169.254.169.254/latest/meta-data/"
_response=$(curl --write-out "%{http_code}\n" -s -HEAD $_url)
_debug "_response" "$_response"
if [ "$_response" -eq "401" ]; then
_use_imdsv2_instance_role
else
_use_imdsv1_instance_role
fi
}
_use_imdsv2_instance_role() {
_request_token_url="http://169.254.169.254/latest/api/token"
_instance_role_url="http://169.254.169.254/latest/meta-data/iam"
_request_token="$(curl -s -X PUT "$_request_token_url" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")"
_debug "_request_token" "$_request_token"
if [ -z "$_request_token" ]; then
_instance_role_name_url="http://169.254.169.254/latest/meta-data/iam/security-credentials/"
#_response=$(curl --write-out "%{http_code}\n" -s -HEAD $_url)
if _get "$_instance_role_name_url" true 1 | _head_n 1 | grep -Fq 401; then
_debug "Using IMDSv2"
_token_url="http://169.254.169.254/latest/api/token"
export _H1="X-aws-ec2-metadata-token-ttl-seconds: 21600"
_token="$(_post "" "$_token_url" "" "PUT")"
_debug "_token" "$_token"
if [ -z "$_token" ]; then
_debug "Unable to fetch IMDSv2 token from instance metadata"
return 1
fi
_instance_role_name="$(curl -s -H "X-aws-ec2-metadata-token: $_request_token" http://169.254.169.254/latest/meta-data/iam/security-credentials/)"
_debug "_instance_role_name" "$_instance_role_name"
if [ -z "$_instance_role_name" ]; then
_debug "Unable to fetch instance role name from instance metadata"
return 1
export _H1="X-aws-ec2-metadata-token: $_token"
fi
_use_metadata_imdsv2 "http://169.254.169.254/latest/meta-data/iam/security-credentials/$_instance_role_name" "$_request_token"
}
_use_metadata_imdsv2() {
_aws_creds="$(
curl -s -H "X-aws-ec2-metadata-token: $2" "$1" |
_normalizeJson |
tr '{,}' '\n' |
while read -r _line; do
_key="$(echo "${_line%%:*}" | tr -d '"')"
_value="${_line#*:}"
_debug3 "_key" "$_key"
_secure_debug3 "_value" "$_value"
case "$_key" in
AccessKeyId) echo "AWS_ACCESS_KEY_ID=$_value" ;;
SecretAccessKey) echo "AWS_SECRET_ACCESS_KEY=$_value" ;;
Token) echo "AWS_SESSION_TOKEN=$_value" ;;
esac
done |
paste -sd' ' -
)"
_secure_debug "_aws_creds" "$_aws_creds"
if [ -z "$_aws_creds" ]; then
return 1
fi
eval "$_aws_creds"
_using_role=true
}
_use_imdsv1_instance_role() {
_url="http://169.254.169.254/latest/meta-data/iam/security-credentials/"
_debug "_url" "$_url"
if ! _get "$_url" true 1 | _head_n 1 | grep -Fq 200; then
if ! _get "$_instance_role_name_url" true 1 | _head_n 1 | grep -Fq 200; then
_debug "Unable to fetch IAM role from instance metadata"
return 1
fi
_aws_role=$(_get "$_url" "" 1)
_debug "_aws_role" "$_aws_role"
_use_metadata_imdsv1 "$_url$_aws_role"
_instance_role_name=$(_get "$_instance_role_name_url" "" 1)
_debug "_instance_role_name" "$_instance_role_name"
_use_metadata "$_instance_role_name_url$_instance_role_name" "$_token"
}
_use_metadata_imdsv1() {
_use_metadata() {
export _H1="X-aws-ec2-metadata-token: $2"
_aws_creds="$(
_get "$1" "" 1 |
_normalizeJson |

Write Preview
Loading…
Cancel
Save