Package: ibmiam

import "../ibm-cos-sdk-go/aws/signer/ibmiam"

Variables

var SignRequestHandler = writable

SignRequestHandler is a named request handler the SDK will use to sign service client request with using the IBM IAM signature.

Value:

request.NamedHandler{
	Name: signRequestHandlerLog, Fn: Sign,
}

Function Summary collapse

Function Details

func Sign(req *request.Request)

Sign signs IBM IAM requests with the token type, access token and service instance id request is made to, and time the request is signed at.

Returns a list of HTTP headers that were included in the signature or an error if signing the request failed. Generally for signed requests this value is not needed as the full request context will be captured by the http.Request value. It is included for reference though.



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
// File 'aws/signer/ibmiam/ibmiam.go', line 29


func Sign(req *request.Request) {

	// Sets the logger for the Request to be signed
	logger := req.Config.Logger
	if !req.Config.LogLevel.Matches(aws.LogDebug) {
		logger = nil
	}

	// Obtains the IBM IAM Credentials Object
	// The objects includes:
	//		IBM IAM Token
	//		IBM IAM Service Instance ID
	value, err := req.Config.Credentials.Get()
	if err != nil {
		if logger != nil {
			logger.Log(debugLog, signRequestHandlerLog, "CREDENTIAL GET ERROR", err)
		}
		req.Error = err
		req.SignedHeaderVals = nil
		return
	}

	// Check the type of the Token
	// If does not exist, return with an error in the request
	if value.TokenType == "" {
		err = errTokenTypeNotSet
		if logger != nil {
			logger.Log(debugLog, err)
		}
		req.Error = err
		req.SignedHeaderVals = nil
		return
	}

	// Checks the Access Token
	// If does not exist, return with an error in the request
	if value.AccessToken == "" {
		err = errAccessTokenNotSet
		if logger != nil {
			logger.Log(debugLog, err)
		}
		req.Error = err
		req.SignedHeaderVals = nil
		return
	}

	// Get the Service Instance ID from the IBM IAM Credentials object
	serviceInstanceID := req.HTTPRequest.Header.Get("ibm-service-instance-id")
	if serviceInstanceID == "" && value.ServiceInstanceID != "" {
		// Log the Service Instance ID
		if logger != nil {
			logger.Log(debugLog, "Setting the 'ibm-service-instance-id' from the Credentials")

		}
		req.HTTPRequest.Header.Set("ibm-service-instance-id", value.ServiceInstanceID)
	}

	// Use the IBM IAM Token Bearer as the Authorization Header
	authString := value.TokenType + " " + value.AccessToken
	req.HTTPRequest.Header.Set("Authorization", authString)
	if logger != nil {
		logger.Log(debugLog, signRequestHandlerLog, "Set Header Authorization", authString)
	}
}