1+ /*
2+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3+ * SPDX-License-Identifier: Apache-2.0
4+ */
5+ package aws.sdk.kotlin.services.dsql
6+
7+ import aws.sdk.kotlin.runtime.auth.credentials.DefaultChainCredentialsProvider
8+ import aws.smithy.kotlin.runtime.auth.awscredentials.Credentials
9+ import aws.smithy.kotlin.runtime.auth.awssigning.AwsSignatureType
10+ import aws.smithy.kotlin.runtime.auth.awssigning.AwsSigningConfig
11+ import aws.smithy.kotlin.runtime.auth.awssigning.DefaultAwsSigner
12+ import aws.smithy.kotlin.runtime.http.HttpMethod
13+ import aws.smithy.kotlin.runtime.http.request.HttpRequest
14+ import aws.smithy.kotlin.runtime.net.url.Url
15+ import aws.smithy.kotlin.runtime.time.Clock
16+ import kotlinx.coroutines.runBlocking
17+ import kotlin.time.Duration
18+ import kotlin.time.Duration.Companion.seconds
19+
20+ /* *
21+ * Generates an IAM authentication token for use with DSQL databases
22+ * @param credentials The credentials to use when generating the auth token, defaults to resolving credentials from the [DefaultChainCredentialsProvider]
23+ */
24+ public class AuthTokenGenerator (
25+ public val credentials : Credentials ? = runBlocking { DefaultChainCredentialsProvider ().resolve() }
26+ ) {
27+ private fun String.trimScheme () = removePrefix(" http://" " https://"
28+
29+ /* *
30+ * Generates an auth token for the DbConnect action.
31+ * @param endpoint the endpoint of the database
32+ * @param region the region of the database
33+ * @param expiration how long the auth token should be valid for. Defaults to 900.seconds
34+ */
35+ public suspend fun generateDbConnectAuthToken (endpoint : Url , region : String , expiration : Duration = 900.seconds): String {
36+ val dbConnectEndpoint = endpoint.toBuilder().apply {
37+ parameters.apply {
38+ decodedParameters {
39+ add(" Action" " DbConnect"
40+ }
41+ }
42+ }.build()
43+
44+ return generateAuthToken(dbConnectEndpoint, region, expiration)
45+ }
46+
47+ /* *
48+ * Generates an auth token for the DbConnectAdmin action.
49+ * @param endpoint the endpoint of the database
50+ * @param region the region of the database
51+ * @param expiration how long the auth token should be valid for. Defaults to 900.seconds
52+ */
53+ public suspend fun generateDbConnectAdminAuthToken (endpoint : Url , region : String , expiration : Duration = 900.seconds): String {
54+ val dbConnectAdminEndpoint = endpoint.toBuilder().apply {
55+ parameters.apply {
56+ decodedParameters {
57+ add(" Action" " DbConnectAdmin"
58+ }
59+ }
60+ }.build()
61+
62+ return generateAuthToken(dbConnectAdminEndpoint, region, expiration)
63+ }
64+
65+ private suspend fun generateAuthToken (endpoint : Url , region : String , expiration : Duration ): String {
66+ val req = HttpRequest (HttpMethod .GET , endpoint)
67+
68+ val creds = credentials
69+
70+ val config = AwsSigningConfig {
71+ credentials = creds ? : DefaultChainCredentialsProvider ().resolve()
72+ this .region = region
73+ service = " dsql"
74+ signingDate = Clock .System .now()
75+ expiresAfter = expiration
76+ signatureType = AwsSignatureType .HTTP_REQUEST_VIA_QUERY_PARAMS
77+ }
78+
79+ return DefaultAwsSigner .sign(req, config).output.url.toString().trimScheme()
80+ }
81+ }
0 commit comments