Class: AwsAssumeRole::Store::SharedConfigWithKeyring

Inherits:

Vendored::Aws::SharedConfig

• Object
• Vendored::Aws::SharedConfig
• AwsAssumeRole::Store::SharedConfigWithKeyring

Includes:

Logging, AwsAssumeRole::Store

Defined in:

lib/aws_assume_role/store/shared_config_with_keyring.rb

Instance Attribute Summary

• #parsed_config ⇒ Object readonly

  Returns the value of attribute parsed_config.

Attributes inherited from Vendored::Aws::SharedConfig

#config_path, #credentials_path, #profile_name

Instance Method Summary

• #credentials(opts = {}) ⇒ Object
• #delete_profile(profile_name) ⇒ Object
• #fresh(options = {}) ⇒ Object private
• #initialize(options = {}) ⇒ SharedConfigWithKeyring constructor

  A new instance of SharedConfigWithKeyring.

• #migrate_profile(profile_name) ⇒ Object
• #profile_hash(profile_name) ⇒ Object
• #profile_region(profile_name) ⇒ Object
• #profile_role(profile_name) ⇒ Object
• #profiles ⇒ Object
• #save_profile(profile_name, hash) ⇒ Object

Methods included from Logging

included

Methods inherited from Vendored::Aws::SharedConfig

#assume_role_credentials_from_config, #config_enabled?, #loadable?, #region

Constructor Details

#initialize(options = {}) ⇒ SharedConfigWithKeyring

Returns a new instance of SharedConfigWithKeyring.

Parameters:

• options (Hash) (defaults to: {})

Options Hash (options):

• :credentials_path (String) —

  Path to the shared credentials file. Defaults to “#Dir.home/.aws/credentials”.

• :config_path (String) —

  Path to the shared config file. Defaults to “#Dir.home/.aws/config”.

• :profile_name (String) —

  The credential/config profile name to use. If not specified, will check ‘ENV` before using the fixed default value of ’default’.

• :config_enabled (Boolean) —

  If true, loads the shared config file and enables new config values outside of the old shared credential spec.

# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 26

def initialize(options = {})
    @profile_name = determine_profile(options)
    @config_enabled = options[:config_enabled]
    @credentials_path = options[:credentials_path] ||
                        determine_credentials_path
    @parsed_credentials = {}
    load_credentials_file if loadable?(@credentials_path)
    return unless @config_enabled
    @config_path = options[:config_path] || determine_config_path
    load_config_file if loadable?(@config_path)
end

Instance Attribute Details

#parsed_config ⇒ Object (readonly)

Returns the value of attribute parsed_config.

# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 13

def parsed_config
  @parsed_config
end

Instance Method Details

#credentials(opts = {}) ⇒ Object

# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 58

def credentials(opts = {})
    logger.debug "SharedConfigWithKeyring asked for credentials with opts #{opts}"
    p = opts[:profile] || @profile_name
    validate_profile_exists(p) if credentials_present?
    credentials_from_keyring(p, opts) || credentials_from_shared(p, opts) || credentials_from_config(p, opts)
end

#delete_profile(profile_name) ⇒ Object

# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 86

def delete_profile(profile_name)
    # Keyring does not return errors for non-existent things, so always attempt.
    Keyring.delete_credentials(profile_name)
    semaphore.synchronize do
        raise KeyError if configuration["profile #{profile_name}"].blank?
        configuration.delete_section("profile #{profile_name}")
        save_configuration
    end
end

#fresh(options = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 39

def fresh(options = {})
    @configuration = nil
    @semaphore = nil
    @assume_role_shared_config = nil
    @profile_name = nil
    @credentials_path = nil
    @config_path = nil
    @parsed_credentials = {}
    @parsed_config = nil
    @config_enabled = options[:config_enabled] ? true : false
    @profile_name = determine_profile(options)
    @credentials_path = options[:credentials_path] ||
                        determine_credentials_path
    load_credentials_file if loadable?(@credentials_path)
    return unless @config_enabled
    @config_path = options[:config_path] || determine_config_path
    load_config_file if loadable?(@config_path)
end

#migrate_profile(profile_name) ⇒ Object

# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 96

def migrate_profile(profile_name)
    validate_profile_exists(profile_name)
    save_profile(profile_name, configuration["profile #{profile_name}"])
end

#profile_hash(profile_name) ⇒ Object

# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 109

def profile_hash(profile_name)
    {} || @parsed_config[profile_key(profile_name)]
end

#profile_region(profile_name) ⇒ Object

# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 101

def profile_region(profile_name)
    resolve_profile_parameter(profile_name, "region")
end

#profile_role(profile_name) ⇒ Object

# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 105

def profile_role(profile_name)
    resolve_profile_parameter(profile_name, "role_arn")
end

#profiles ⇒ Object

# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 82

def profiles
    configuration.sections.map { |c| c.gsub("profile ", "") }
end

#save_profile(profile_name, hash) ⇒ Object

# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 65

def save_profile(profile_name, hash)
    ckey = "profile #{profile_name}"
    merged_config = configuration[ckey].deep_symbolize_keys.merge hash.to_h
    merged_config[:mfa_serial] = merged_config[:serial_number] if merged_config[:serial_number]
    credentials = Aws::Credentials.new(merged_config.delete(:aws_access_key_id),
                                       merged_config.delete(:aws_secret_access_key))
    semaphore.synchronize do
        Keyring.save_credentials profile_name, credentials if credentials.set?
        merged_config = merged_config.slice :region, :role_arn, :mfa_serial, :source_profile,
                                            :role_session_name, :external_id, :duration_seconds,
                                            :yubikey_oath_name
        configuration.delete_section ckey
        configuration[ckey] = merged_config.compact
        save_configuration
    end
end