Class: STSCredentialsProvider

Inherits:
Object
  • Object
show all
Defined in:
lib/STSCredentialsProvider.rb

Instance Method Summary collapse

Constructor Details

#initialize(args) ⇒ STSCredentialsProvider

Returns a new instance of STSCredentialsProvider.

Raises:

  • (ArgumentError) 


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/STSCredentialsProvider.rb', line 5

def initialize(args)
    raise ArgumentError.new("Param to STSCredentialsProvider.new() must be present, of type hash") if args.nil? or !args.is_a? Hash
    @role = args[:role]
    @creds_file = args[:creds_file]
    @region = args[:region]
    @session_name = args[:session_name]
    @duration = args[:duration]
    @output_arn = args[:output_arn]

    # Validation
    raise ArgumentError.new("No value for AWS IAM Role that the session credentials will assume, use --role-arn ROLE_ARN") if @role.nil?

    raise ArgumentError.new("No value for the fully qualified path that the session credentials will be written to, use --file FILEPATH") if @creds_file.nil?
    raise ArgumentError.new("Unable to write to directory " + File.dirname(@creds_file) + ".") unless File.writable?(File.dirname(@creds_file))
    raise ArgumentError.new("Unable to write to file " + @creds_file + ".") unless (File.exist?(@creds_file) ? File.writable?(@creds_file) : true)

    @session_name = Socket.gethostname if @session_name.nil?
end

Instance Method Details

#configure_aws_clientObject 



24
25
26
27
28
29
30
31
 
# File 'lib/STSCredentialsProvider.rb', line 24

def configure_aws_client
    Aws.use_bundled_cert!
    if !@region.nil?
        Aws.config.update({
            region: @region,
        })
    end
end

#getObject 



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/STSCredentialsProvider.rb', line 42

def get
    configure_aws_client()
    resp = get_session_creds()

    if resp.nil? or resp.credentials.nil? or resp.credentials.access_key_id.nil? or resp.credentials.secret_access_key.nil? or resp.credentials.session_token.nil?
        raise RuntimeError.new("Unexpected response from call to AWS STS, did not have expected fields, response: #{resp.inspect}")
    end

    puts resp.assumed_role_user.arn if @output_arn

    str = "[default]\naws_access_key_id = #{resp.credentials.access_key_id}\naws_secret_access_key = #{resp.credentials.secret_access_key}\naws_session_token = #{resp.credentials.session_token}\n"
    begin
        file = File.open(@creds_file, "w")
        file.write(str)
    rescue IOError => e
        raise RuntimeError.new("Unable to write to file " + @creds_file + ". Error: #{e}")
    ensure
        file.close unless file.nil?
    end
end

#get_session_credsObject 



33
34
35
36
37
38
39
40
 
# File 'lib/STSCredentialsProvider.rb', line 33

def get_session_creds
    sts = Aws::STS::Client.new
    return sts.assume_role({
        role_arn: @role,
        role_session_name: @session_name,
        duration_seconds: @duration
    })
end