github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Support more forms of EC2 authentication

pull/2459/head
Kyle Havlovitz 2016-11-01 21:20:08 -04:00
parent 9c75e69f65
commit 468bf736b4
No known key found for this signature in database
GPG Key ID: 8A5E6B173056AD6C
2 changed files with 25 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
command/agent/command.go
View File

@ -19,6 +19,8 @@ import (
"github.com/armon/go-metrics/datadog" "github.com/armon/go-metrics/datadog"
"github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
"github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/ec2" "github.com/aws/aws-sdk-go/service/ec2"
"github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/lib"
@ -196,15 +198,6 @@ func (c *Command) readConfig() *Config {
config.SkipLeaveOnInt = Bool(config.Server) config.SkipLeaveOnInt = Bool(config.Server)
} }
// Load AWS creds for discovery from the environment (if present)
if os.Getenv("AWS_ACCESS_KEY_ID") != "" {
config.EC2Discovery.AccessKeyID = os.Getenv("AWS_ACCESS_KEY_ID")
}
if os.Getenv("AWS_SECRET_ACCESS_KEY") != "" {
config.EC2Discovery.SecretAccessKey = os.Getenv("AWS_SECRET_ACCESS_KEY")
}
// Ensure we have a data directory // Ensure we have a data directory
if config.DataDir == "" && !dev { if config.DataDir == "" && !dev {
c.Ui.Error("Must specify data directory using -data-dir") c.Ui.Error("Must specify data directory using -data-dir")
@ -344,6 +337,7 @@ func (c *Command) readConfig() *Config {
c.Ui.Error(fmt.Sprintf("Unable to query EC2 insances: %s", err)) c.Ui.Error(fmt.Sprintf("Unable to query EC2 insances: %s", err))
return nil return nil
} }
c.Ui.Info(fmt.Sprintf("Discovered %d servers from EC2...", len(ec2servers)))
config.StartJoin = append(config.StartJoin, ec2servers...) config.StartJoin = append(config.StartJoin, ec2servers...)
} }
@ -405,7 +399,20 @@ func (c *Config) discoverEc2Hosts() ([]string, error) {
config := c.EC2Discovery config := c.EC2Discovery
awsConfig := &aws.Config{ awsConfig := &aws.Config{
Region: aws.String(config.Region), Region: aws.String(config.Region),
Credentials: credentials.NewStaticCredentials(config.AccessKeyID, config.SecretAccessKey, ""), Credentials: credentials.NewChainCredentials(
[]credentials.Provider{
&credentials.StaticProvider{
Value: credentials.Value{
AccessKeyID: config.AccessKeyID,
SecretAccessKey: config.SecretAccessKey,
},
},
&credentials.EnvProvider{},
&credentials.SharedCredentialsProvider{},
&ec2rolecreds.EC2RoleProvider{
Client: ec2metadata.New(session.New()),
},
}),
} }
svc := ec2.New(session.New(), awsConfig) svc := ec2.New(session.New(), awsConfig)
@ -428,9 +435,12 @@ func (c *Config) discoverEc2Hosts() ([]string, error) {
servers := make([]string, 0) servers := make([]string, 0)
for i := range resp.Reservations { for i := range resp.Reservations {
for _, instance := range resp.Reservations[i].Instances { for _, instance := range resp.Reservations[i].Instances {
// Terminated instances don't have the PrivateIpAddress field
if instance.PrivateIpAddress != nil {
servers = append(servers, *instance.PrivateIpAddress) servers = append(servers, *instance.PrivateIpAddress)
} }
} }
}
return servers, nil return servers, nil
} }

2
command/agent/command_test.go
View File

@ -282,8 +282,6 @@ func TestDiscoverEC2Hosts(t *testing.T) {
c := &Config{ c := &Config{
EC2Discovery: EC2Discovery{ EC2Discovery: EC2Discovery{
Region: os.Getenv("AWS_REGION"), Region: os.Getenv("AWS_REGION"),
AccessKeyID: os.Getenv("AWS_ACCESS_KEY_ID"),
SecretAccessKey: os.Getenv("AWS_SECRET_ACCESS_KEY"),
TagKey: "ConsulRole", TagKey: "ConsulRole",
TagValue: "Server", TagValue: "Server",
}, },