mod_http_xep227: Add support for import via APIs rather than direct store manipulation
In particular this transitions PEP nodes and data to be imported via mod_pep's
APIs, fixing issues with importing at runtime while PEP data may already be
live in RAM.
Next obvious candidate for this approach is rosters, so clients get immediate
roster pushes and other special handling (such as emitting subscribes to reach
the desired subscription state).
local http = require "net.http";
local json = require "util.json";
local parse_timestamp = require "util.datetime".parse;
module:set_global();
local current_credentials = module:shared("/*/aws_profile/credentials");
local function get_role_credentials(role_name, cb)
http.request("http://169.254.169.254/latest/meta-data/iam/security-credentials/"..role_name, nil, function (credentials_json)
local credentials = credentials_json and json.decode(credentials_json);
if not credentials or not (credentials.AccessKeyId and credentials.SecretAccessKey) then
module:log("warn", "Failed to fetch credentials for %q", role_name);
cb(nil);
return;
end
local expiry = parse_timestamp(credentials.Expiration);
local ttl = os.difftime(expiry, os.time());
cb({
access_key = credentials.AccessKeyId;
secret_key = credentials.SecretAccessKey;
ttl = ttl;
expiry = expiry;
});
end);
end
local function get_credentials(cb)
http.request("http://169.254.169.254/latest/meta-data/iam/security-credentials", nil, function (role_name)
role_name = role_name and role_name:match("%S+");
if not role_name then
module:log("warn", "Unable to discover role name");
cb(nil);
return;
end
get_role_credentials(role_name, cb);
end);
end
function refresh_credentials(force)
if not force and current_credentials.expiry and current_credentials.expiry - os.time() > 300 then
return;
end
get_credentials(function (credentials)
if not credentials then
module:log("warn", "Failed to refresh credentials!");
return;
end
current_credentials.access_key = credentials.access_key;
current_credentials.secret_key = credentials.secret_key;
current_credentials.expiry = credentials.expiry;
module:timer(credentials.ttl or 240, refresh_credentials);
module:fire_event("aws_profile/credentials-refreshed", current_credentials);
end);
end
function module.load()
refresh_credentials(true);
end