parsing sts identity response

crashappsec · Dec 25, 2023 · 6e52c09 · 6e52c09
1 parent eb02b04
commit 6e52c09
Showing 1 changed file with 61 additions and 3 deletions.
diff --git a/nimutils/stsclient.nim b/nimutils/stsclient.nim
@@ -1,4 +1,4 @@
-import httpclient, strutils, tables, times, uri, std/envvars
+import httpclient, strutils, tables, times, uri, std/[envvars, json]
 import awsclient
 
 const
@@ -10,6 +10,56 @@ let
 type
   StsClient* = object of AwsClient
 
+  Arn* = object
+    partition*: string
+    service*:   string
+    region*:    string
+    account*:   string
+    resource*:  string
+
+  StsCallerIdentity* = object
+    arn*:     Arn
+    userId*:  string
+    account*: string
+
+proc `$`*(arn: Arn): string =
+  return @[
+    "arn",
+    arn.partition,
+    arn.service,
+    arn.region,
+    arn.account,
+    arn.resource,
+  ].join(":")
+
+template `or`(a, b: string): string =
+  if a != "":
+    a
+  else:
+    b
+
+proc with*(arn: Arn,
+           partition: string = "",
+           service:   string = "",
+           region:    string = "",
+           account:   string = "",
+           resource:  string = ""): Arn =
+  return Arn(partition: partition or arn.partition,
+             service:   service   or arn.service,
+             region:    region    or arn.region,
+             account:   account   or arn.account,
+             resource:  resource  or arn.resource)
+
+proc parseArn*(arn: string): Arn =
+  let parts = arn.split(":", maxsplit=6)
+  if len(parts) < 6:
+    raise newException(ValueError, "invalid arn")
+  return Arn(partition: parts[1],
+             service:   parts[2],
+             region:    parts[3],
+             account:   parts[4],
+             resource:  parts[5])
+
 proc newStsClient*(creds: AwsCredentials,
                    region: string = defRegion,
                    host: string = awsURI): StsClient =
@@ -34,12 +84,20 @@ proc newStsClient*(creds: AwsCredentials,
                    endpoint: endpoint, isAWS: endpoint.hostname == "amazonaws.com",
                    key: "", key_expires: getTime())
 
-proc getCallerIdentity*(self: var StsClient): Response =
+proc getCallerIdentity*(self: var StsClient): StsCallerIdentity =
   let params = {
     "action":  "POST",
     "payload": "Action=GetCallerIdentity&Version=2011-06-15",
   }.toTable
-  return self.request(params, newHttpHeaders(@[
+  let res = self.request(params, newHttpHeaders(@[
     ("Content-Type", "application/x-www-form-urlencoded"),
     ("Accept", "application/json"),
   ]))
+  if res.code != Http200:
+    raise newException(ValueError, res.status)
+  let
+    jsonResponse = parseJson(res.body())
+    identity     = jsonResponse["GetCallerIdentityResponse"]["GetCallerIdentityResult"]
+  return StsCallerIdentity(arn:     parseArn(identity["Arn"].getStr()),
+                           userId:  identity["UserId"].getStr(),
+                           account: identity["Account"].getStr())