package main
import (
+ "bufio"
"bytes"
"context"
"crypto/sha256"
func (v *S3Volume) bootstrapIAMCredentials() error {
if v.AccessKey != "" || v.SecretKey != "" {
+ if v.IAMRole != "" {
+ return errors.New("invalid DriverParameters: AccessKey and SecretKey must be blank if IAMRole is specified")
+ }
return nil
}
ttl, err := v.updateIAMCredentials()
return 0, fmt.Errorf("error getting %s: %s", url, err)
}
defer resp.Body.Close()
- if resp.StatusCode != http.StatusOK {
+ if resp.StatusCode == http.StatusNotFound {
+ return 0, fmt.Errorf("this instance does not have an IAM role assigned -- either assign a role, or configure AccessKey and SecretKey explicitly in DriverParameters (error getting %s: HTTP status %s)", url, resp.Status)
+ } else if resp.StatusCode != http.StatusOK {
return 0, fmt.Errorf("error getting %s: HTTP status %s", url, resp.Status)
}
+ body := bufio.NewReader(resp.Body)
var role string
- _, err = fmt.Fscanf(resp.Body, "%s\n", &role)
+ _, err = fmt.Fscanf(body, "%s\n", &role)
if err != nil {
return 0, fmt.Errorf("error reading response from %s: %s", url, err)
}
+ if n, _ := body.Read(make([]byte, 64)); n > 0 {
+ v.logger.Warnf("ignoring additional data returned by metadata endpoint %s after the single role name that we expected", url)
+ }
v.logger.WithField("Role", role).Debug("looked up IAM role name")
url = url + role
}
projects / arvados.git / blobdiff