prosody-modules
694f8fab07d4
mod_aws_profile/mod_aws_profile.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Annotate

mod_aws_profile/mod_aws_profile.lua @ 6251:694f8fab07d4

: mod_sasl2*** : Update Compability for all of them diff --git a/mod_sasl2/README.md b/mod_sasl2/README.md --- a/mod_sasl2/README.md +++ b/mod_sasl2/README.md @@ -31,6 +31,7 @@ This module requires Prosody **trunk** a Prosody Version Status ----------------------- ---------------- - trunk as of 2024-11-24 Works + trunk as of 2025-05-25 Works + 0.13 Works 0.12 Does not work ----------------------- ---------------- diff --git a/mod_sasl2_bind2/README.md b/mod_sasl2_bind2/README.md --- a/mod_sasl2_bind2/README.md +++ b/mod_sasl2_bind2/README.md @@ -16,5 +16,6 @@ This module depends on [mod_sasl2]. It e Prosody-Version Status --------------- ---------------------- - trunk Works as of 2024-12-21 + trunk Works as of 2025-05-25 + 0.13 Works 0.12 Does not work diff --git a/mod_sasl2_fast/README.md b/mod_sasl2_fast/README.md --- a/mod_sasl2_fast/README.md +++ b/mod_sasl2_fast/README.md @@ -33,5 +33,6 @@ clients being logged out unexpectedly. Prosody-Version Status --------------- ---------------------- - trunk Works as of 2024-12-21 + trunk Works as of 2025-05-25 + 0.13 Work 0.12 Does not work diff --git a/mod_sasl2_sm/README.md b/mod_sasl2_sm/README.md --- a/mod_sasl2_sm/README.md +++ b/mod_sasl2_sm/README.md @@ -17,5 +17,6 @@ configuration options. Prosody-Version Status --------------- ---------------------- - trunk Works as of 2024-12-21 + trunk Works as of 2025-05-25 + 0.13 Work 0.12 Does not work diff --git a/mod_sasl_ssdp/README.md b/mod_sasl_ssdp/README.md --- a/mod_sasl_ssdp/README.md +++ b/mod_sasl_ssdp/README.md @@ -18,8 +18,8 @@ There are no configuration options for t # Compatibility -For SASL2 (XEP-0388) clients, it is compatible with the mod_sasl2 community module. - -For clients using RFC 6120 SASL, it requires Prosody trunk 33e5edbd6a4a or -later. It is not compatible with Prosody 0.12 (it will load, but simply -won't do anything) for "legacy SASL". + Prosody-Version Status + --------------- ---------------------- + trunk Works as of 2025-05-25 + 0.13 Works + 0.12 Does not work
author Menel <menel@snikket.de>
date Mon, 12 May 2025 11:07:45 +0200
parent 5725:616c0459aca7
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3698
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local http = require "net.http";
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 local json = require "util.json";
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 local parse_timestamp = require "util.datetime".parse;
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 module:set_global();
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 local current_credentials = module:shared("/*/aws_profile/credentials");
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 local function get_role_credentials(role_name, cb)
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 http.request("http://169.254.169.254/latest/meta-data/iam/security-credentials/"..role_name, nil, function (credentials_json)
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local credentials = credentials_json and json.decode(credentials_json);
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 if not credentials or not (credentials.AccessKeyId and credentials.SecretAccessKey) then
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 module:log("warn", "Failed to fetch credentials for %q", role_name);
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 cb(nil);
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 return;
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 end
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 local expiry = parse_timestamp(credentials.Expiration);
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 local ttl = os.difftime(expiry, os.time());
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 cb({
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 access_key = credentials.AccessKeyId;
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 secret_key = credentials.SecretAccessKey;
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 ttl = ttl;
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 expiry = expiry;
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 });
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 end);
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 end
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 local function get_credentials(cb)
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 http.request("http://169.254.169.254/latest/meta-data/iam/security-credentials", nil, function (role_name)
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 role_name = role_name and role_name:match("%S+");
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 if not role_name then
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 module:log("warn", "Unable to discover role name");
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 cb(nil);
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 return;
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 end
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 get_role_credentials(role_name, cb);
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 end);
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 end
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 function refresh_credentials(force)
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 if not force and current_credentials.expiry and current_credentials.expiry - os.time() > 300 then
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 return;
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 end
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 get_credentials(function (credentials)
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 if not credentials then
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 module:log("warn", "Failed to refresh credentials!");
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 return;
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 end
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 current_credentials.access_key = credentials.access_key;
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 current_credentials.secret_key = credentials.secret_key;
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 current_credentials.expiry = credentials.expiry;
5725
616c0459aca7 mod_aws_profile: Fix use of timer API
Kim Alvefur <zash@zash.se>
parents: 3698
diff changeset
52 module:add_timer(credentials.ttl or 240, refresh_credentials);
3698
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 module:fire_event("aws_profile/credentials-refreshed", current_credentials);
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 end);
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 end
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 function module.load()
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58 refresh_credentials(true);
1d719d4ef18f mod_aws_profile: New module for role-based access to AWS APIs
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59 end