Vendor aws-sdk-go (dep ensure) (#178)

vendor/github.com/aws/aws-sdk-go/service/rds/rdsutils/connect.go

@@ -0,0 +1,70 @@
+package rdsutils
+
+import (
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/signer/v4"
+)
+
+// BuildAuthToken will return a authentication token for the database's connect
+// based on the RDS database endpoint, AWS region, IAM user or role, and AWS credentials.
+//
+// Endpoint consists of the hostname and port, IE hostname:port, of the RDS database.
+// Region is the AWS region the RDS database is in and where the authentication token
+// will be generated for. DbUser is the IAM user or role the request will be authenticated
+// for. The creds is the AWS credentials the authentication token is signed with.
+//
+// An error is returned if the authentication token is unable to be signed with
+// the credentials, or the endpoint is not a valid URL.
+//
+// The following example shows how to use BuildAuthToken to create an authentication
+// token for connecting to a MySQL database in RDS.
+//
+//   authToken, err := BuildAuthToken(dbEndpoint, awsRegion, dbUser, awsCreds)
+//
+//   // Create the MySQL DNS string for the DB connection
+//   // user:password@protocol(endpoint)/dbname?<params>
+//   dnsStr = fmt.Sprintf("%s:%s@tcp(%s)/%s?tls=true",
+//      dbUser, authToken, dbEndpoint, dbName,
+//   )
+//
+//   // Use db to perform SQL operations on database
+//   db, err := sql.Open("mysql", dnsStr)
+//
+// See http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
+// for more information on using IAM database authentication with RDS.
+func BuildAuthToken(endpoint, region, dbUser string, creds *credentials.Credentials) (string, error) {
+	// the scheme is arbitrary and is only needed because validation of the URL requires one.
+	if !(strings.HasPrefix(endpoint, "http://") || strings.HasPrefix(endpoint, "https://")) {
+		endpoint = "https://" + endpoint
+	}
+
+	req, err := http.NewRequest("GET", endpoint, nil)
+	if err != nil {
+		return "", err
+	}
+	values := req.URL.Query()
+	values.Set("Action", "connect")
+	values.Set("DBUser", dbUser)
+	req.URL.RawQuery = values.Encode()
+
+	signer := v4.Signer{
+		Credentials: creds,
+	}
+	_, err = signer.Presign(req, nil, "rds-db", region, 15*time.Minute, time.Now())
+	if err != nil {
+		return "", err
+	}
+
+	url := req.URL.String()
+	if strings.HasPrefix(url, "http://") {
+		url = url[len("http://"):]
+	} else if strings.HasPrefix(url, "https://") {
+		url = url[len("https://"):]
+	}
+
+	return url, nil
+}

vendor/github.com/aws/aws-sdk-go/service/rds/rdsutils/connect_test.go

@@ -0,0 +1,42 @@
+package rdsutils_test
+
+import (
+	"regexp"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/service/rds/rdsutils"
+)
+
+func TestBuildAuthToken(t *testing.T) {
+	cases := []struct {
+		endpoint      string
+		region        string
+		user          string
+		expectedRegex string
+	}{
+		{
+			"https://prod-instance.us-east-1.rds.amazonaws.com:3306",
+			"us-west-2",
+			"mysqlUser",
+			`^prod-instance\.us-east-1\.rds\.amazonaws\.com:3306\?Action=connect.*?DBUser=mysqlUser.*`,
+		},
+		{
+			"prod-instance.us-east-1.rds.amazonaws.com:3306",
+			"us-west-2",
+			"mysqlUser",
+			`^prod-instance\.us-east-1\.rds\.amazonaws\.com:3306\?Action=connect.*?DBUser=mysqlUser.*`,
+		},
+	}
+
+	for _, c := range cases {
+		creds := credentials.NewStaticCredentials("AKID", "SECRET", "SESSION")
+		url, err := rdsutils.BuildAuthToken(c.endpoint, c.region, c.user, creds)
+		if err != nil {
+			t.Errorf("expect no error, got %v", err)
+		}
+		if re, a := regexp.MustCompile(c.expectedRegex), url; !re.MatchString(a) {
+			t.Errorf("expect %s to match %s", re, a)
+		}
+	}
+}