diff options
author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2020-01-13 20:48:38 +0000 |
---|---|---|
committer | evergreen <evergreen@mongodb.com> | 2020-01-13 20:48:38 +0000 |
commit | 87f20a3aa53d88846a34d299e9b0e7b39531a6e7 (patch) | |
tree | eb8b1f6611af0a5e6bdbb0b36dcfca4ff90f1294 /src/mongo/client | |
parent | 02068498362c414b14ba6dcf10a87b3a7ddc32d3 (diff) | |
download | mongo-87f20a3aa53d88846a34d299e9b0e7b39531a6e7.tar.gz |
SERVER-45471 Add support to IAM Auth for AWS lambda
Diffstat (limited to 'src/mongo/client')
-rw-r--r-- | src/mongo/client/sasl_iam_client_conversation.cpp | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/mongo/client/sasl_iam_client_conversation.cpp b/src/mongo/client/sasl_iam_client_conversation.cpp index 1c3768a5940..e99b9895024 100644 --- a/src/mongo/client/sasl_iam_client_conversation.cpp +++ b/src/mongo/client/sasl_iam_client_conversation.cpp @@ -92,6 +92,22 @@ iam::AWSCredentials SaslIAMClientConversation::_getUserCredentials() const { } iam::AWSCredentials SaslIAMClientConversation::_getLocalAWSCredentials() const { + // Check the environment variables + // These are set by AWS Lambda to pass in credentials and can be set by users. + StringData awsAccessKeyId = getenv("AWS_ACCESS_KEY_ID"); + StringData awsSecretAccessKey = getenv("AWS_SECRET_ACCESS_KEY"); + StringData awsSessionToken = getenv("AWS_SESSION_TOKEN"); + + if (!awsAccessKeyId.empty() && !awsSecretAccessKey.empty()) { + if (!awsSessionToken.empty()) { + return iam::AWSCredentials(awsAccessKeyId.toString(), + awsSecretAccessKey.toString(), + awsSessionToken.toString()); + } + + return iam::AWSCredentials(awsAccessKeyId.toString(), awsSecretAccessKey.toString()); + } + StringData ecsMetadata = getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"); if (!ecsMetadata.empty()) { return _getEcsCredentials(ecsMetadata); |