Documentation
¶
Overview ¶
Package dns provides a minimal Route53 REST client (no AWS SDK).
This client issues AWS SigV4-signed HTTP requests directly to the Route53 API (version 2013-04-01) for the two operations dddns needs: listing a single A record set and upserting an A record. The public signatures match the prior SDK-backed implementation so callers are unaffected.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SignRequest ¶ added in v0.3.0
func SignRequest(req *http.Request, accessKey, secretKey, sessionToken, region, service, payloadHash string, now time.Time)
SignRequest attaches an AWS Signature Version 4 Authorization header to req.
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/create-signed-request.html
This is a minimal implementation covering the subset dddns needs:
- no presigned query strings (Authorization header form only)
- the caller provides the payload hash (hex SHA-256) so streaming payloads stay simple; for the two request shapes dddns uses — GET with no body and POST with an XML body fully buffered in memory — this is straightforward
sessionToken handling (for STS temporary credentials — e.g. the creds Lambda injects as AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY / AWS_SESSION_TOKEN env vars via its execution role): when non-empty, the token is set as the X-Amz-Security-Token header on the request *before* the canonical request is built, so the header appears in both the alphabetically-sorted canonical-headers block and the signed-headers list. Long-lived IAM user credentials pass "" and get byte-identical behaviour to the no-token form (proven by TestSigV4 vector tests).
Types ¶
type Route53Client ¶
type Route53Client struct {
// contains filtered or unexported fields
}
Route53Client issues signed HTTP requests to the Route53 REST API.
func NewFromConfig ¶ added in v0.2.0
NewFromConfig constructs a Route53Client from a fully-populated dddns Config. The config file has no session-token field — cron/serve installs use long-lived IAM user credentials. Lambda builds its client via NewRoute53Client directly with the env-var-sourced token.
func NewRoute53Client ¶
func NewRoute53Client(_ context.Context, _, accessKey, secretKey, sessionToken, hostedZoneID, hostname string, ttl int64) (*Route53Client, error)
NewRoute53Client creates a Route53 client with the given static credentials.
The region parameter is retained for API compatibility with earlier callers; Route53 is a global service so SigV4 signing always uses us-east-1 regardless of what the caller passes.
sessionToken is empty for the normal cron/serve path (long-lived IAM user access key + secret). It's populated by the Lambda deployment form, which reads AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY / AWS_SESSION_TOKEN from Lambda's env vars — those are STS temporary credentials issued to the Lambda's execution role, and Route53 rejects them unless the token flows through as an X-Amz-Security-Token header in the signed request.
ctx is accepted for API symmetry with the prior SDK-based constructor but is not currently used — construction is purely local (no network calls).
func (*Route53Client) GetCurrentIP ¶
func (r *Route53Client) GetCurrentIP(ctx context.Context) (string, error)
GetCurrentIP retrieves the current A record for the configured hostname.
Source Files