Class: AliyunSDK::STS::Protocol

Inherits:
Object
  • Object
show all
Includes:
Common::Logging
Defined in:
lib/aliyun_sdk/sts/protocol.rb

Overview

Protocol implements the STS Open API which is low-level. User should refer to Client for normal use.

Constant Summary collapse

ENDPOINT =
'https://sts.aliyuncs.com'
FORMAT =
'XML'
API_VERSION =
'2015-04-01'
SIGNATURE_METHOD =
'HMAC-SHA1'
SIGNATURE_VERSION =
'1.0'

Constants included from Common::Logging

Common::Logging::DEFAULT_LOG_FILE, Common::Logging::MAX_NUM_LOG, Common::Logging::ROTATE_SIZE

Instance Method Summary collapse

Methods included from Common::Logging

#logger, set_log_file, set_log_level

Constructor Details

#initialize(config) ⇒ Protocol

Returns a new instance of Protocol.



22
23
24
# File 'lib/aliyun_sdk/sts/protocol.rb', line 22

def initialize(config)
  @config = config
end

Instance Method Details

#assume_role(role, session, policy = nil, duration = 3600) ⇒ STS::Token

Assume a role

Parameters:

  • role (String)

    the role arn

  • session (String)

    the session name

  • policy (STS::Policy) (defaults to: nil)

    the policy

  • duration (Fixnum) (defaults to: 3600)

    the duration seconds for the requested token

Returns:



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# File 'lib/aliyun_sdk/sts/protocol.rb', line 33

def assume_role(role, session, policy = nil, duration = 3600)
  logger.info("Begin assume role, role: #{role}, session: #{session}, "\
              "policy: #{policy}, duration: #{duration}")

  params = {
    'Action' => 'AssumeRole',
    'RoleArn' => role,
    'RoleSessionName' => session,
    'DurationSeconds' => duration.to_s
  }
  params.merge!({'Policy' => policy.serialize}) if policy

  body = do_request(params)
  doc = parse_xml(body)

  creds_node = doc.at_css("Credentials")
  creds = {
    session_name: session,
    access_key_id: get_node_text(creds_node, 'AccessKeyId'),
    access_key_secret: get_node_text(creds_node, 'AccessKeySecret'),
    security_token: get_node_text(creds_node, 'SecurityToken'),
    expiration: get_node_text(
      creds_node, 'Expiration') { |x| Time.parse(x) },
  }

  logger.info("Done assume role, creds: #{creds}")

  Token.new(creds)
end