Class: Aws::SharedConfig Private

Inherits:

Object

• Object
• Aws::SharedConfig

Defined in:

lib/aws-sdk-core/shared_config.rb

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Constant Summary

SSO_PROFILE_KEYS =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

%w[sso_start_url sso_region sso_account_id sso_role_name].freeze

Instance Attribute Summary

• #config_path ⇒ String readonly private
• #credentials_path ⇒ String readonly private
• #profile_name ⇒ String readonly private

Class Method Summary

• .config_reader(*attrs) ⇒ Object private

  Add an accessor method (similar to attr_reader) to return a configuration value Uses the get_config_value below to control where values are loaded from.

Instance Method Summary

• #assume_role_credentials_from_config(opts = {}) ⇒ Object private

  Attempts to assume a role from shared config or shared credentials file.

• #assume_role_web_identity_credentials_from_config(opts = {}) ⇒ Object private
• #config_enabled? ⇒ Boolean private

  Returns ‘true` if use of the shared config file is enabled.

• #credentials(opts = {}) ⇒ Aws::Credentials private

  Sources static credentials from shared credential/config files.

• #fresh(options = {}) ⇒ Object private
• #initialize(options = {}) ⇒ SharedConfig constructor private

  Constructs a new SharedConfig provider object.

• #loadable?(path) ⇒ Boolean private

  Returns ‘true` if a credential file exists and has appropriate read permissions at #path.

• #sso_credentials_from_config(opts = {}) ⇒ Object private

  Attempts to load from shared config or shared credentials file.

Constructor Details

#initialize(options = {}) ⇒ SharedConfig

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Constructs a new SharedConfig provider object. This will load the shared credentials file, and optionally the shared configuration file, as ini files which support profiles.

By default, the shared credential file (the default path for which is ‘~/.aws/credentials`) and the shared config file (the default path for which is `~/.aws/config`) are loaded. However, if you set the `ENV` environment variable, only the shared credential file will be loaded. You can specify the shared credential file path with the `ENV` environment variable or with the `:credentials_path` option. Similarly, you can specify the shared config file path with the `ENV` environment variable or with the `:config_path` option.

The default profile name is ‘default’. You can specify the profile name with the ‘ENV` environment variable or with the `:profile_name` option.

Parameters:

• options (Hash) (defaults to: {})

Options Hash (options):

• :credentials_path (String) —

  Path to the shared credentials file. If not specified, will check ‘ENV` before using the default value of “#Dir.home/.aws/credentials”.

• :config_path (String) —

  Path to the shared config file. If not specified, will check ‘ENV` before using the default value of “#Dir.home/.aws/config”.

• :profile_name (String) —

  The credential/config profile name to use. If not specified, will check ‘ENV` before using the fixed default value of ’default’.

• :config_enabled (Boolean) —

  If true, loads the shared config file and enables new config values outside of the old shared credential spec.

# File 'lib/aws-sdk-core/shared_config.rb', line 48

def initialize(options = {})
  @parsed_config = nil
  @profile_name = determine_profile(options)
  @config_enabled = options[:config_enabled]
  @credentials_path = options[:credentials_path] ||
                      determine_credentials_path
  @parsed_credentials = {}
  load_credentials_file if loadable?(@credentials_path)
  if @config_enabled
    @config_path = options[:config_path] || determine_config_path
    load_config_file if loadable?(@config_path)
  end
end

Instance Attribute Details

#config_path ⇒ String (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

• (String)

# File 'lib/aws-sdk-core/shared_config.rb', line 12

def config_path
  @config_path
end

#credentials_path ⇒ String (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

• (String)

# File 'lib/aws-sdk-core/shared_config.rb', line 9

def credentials_path
  @credentials_path
end

#profile_name ⇒ String (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

• (String)

# File 'lib/aws-sdk-core/shared_config.rb', line 15

def profile_name
  @profile_name
end

Class Method Details

.config_reader(*attrs) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Add an accessor method (similar to attr_reader) to return a configuration value Uses the get_config_value below to control where values are loaded from

# File 'lib/aws-sdk-core/shared_config.rb', line 155

def self.config_reader(*attrs)
  attrs.each do |attr|
    define_method(attr) { |opts = {}| get_config_value(attr.to_s, opts) }
  end
end

Instance Method Details

#assume_role_credentials_from_config(opts = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Attempts to assume a role from shared config or shared credentials file. Will always attempt first to assume a role from the shared credentials file, if present.

# File 'lib/aws-sdk-core/shared_config.rb', line 114

def assume_role_credentials_from_config(opts = {})
  p = opts.delete(:profile) || @profile_name
  chain_config = opts.delete(:chain_config)
  credentials = assume_role_from_profile(@parsed_credentials, p, opts, chain_config)
  if @parsed_config
    credentials ||= assume_role_from_profile(@parsed_config, p, opts, chain_config)
  end
  credentials
end

#assume_role_web_identity_credentials_from_config(opts = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-core/shared_config.rb', line 124

def assume_role_web_identity_credentials_from_config(opts = {})
  p = opts[:profile] || @profile_name
  if @config_enabled && @parsed_config
    entry = @parsed_config.fetch(p, {})
    if entry['web_identity_token_file'] && entry['role_arn']
      cfg = {
        role_arn: entry['role_arn'],
        web_identity_token_file: entry['web_identity_token_file'],
        role_session_name: entry['role_session_name']
      }
      cfg[:region] = opts[:region] if opts[:region]
      AssumeRoleWebIdentityCredentials.new(cfg)
    end
  end
end

#config_enabled? ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns ‘true` if use of the shared config file is enabled.

Returns:

• (Boolean) —

  returns ‘true` if use of the shared config file is enabled.

# File 'lib/aws-sdk-core/shared_config.rb', line 90

def config_enabled?
  @config_enabled ? true : false
end

#credentials(opts = {}) ⇒ Aws::Credentials

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sources static credentials from shared credential/config files.

Parameters:

• opts (Hash) (defaults to: {})
• options (Hash) —

  a customizable set of options

Returns:

• (Aws::Credentials) —

  credentials sourced from configuration values, or ‘nil` if no valid credentials were found.

# File 'lib/aws-sdk-core/shared_config.rb', line 101

def credentials(opts = {})
  p = opts[:profile] || @profile_name
  validate_profile_exists(p) if credentials_present?
  if (credentials = credentials_from_shared(p, opts))
    credentials
  elsif (credentials = credentials_from_config(p, opts))
    credentials
  end
end

#fresh(options = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-core/shared_config.rb', line 63

def fresh(options = {})
  @profile_name = nil
  @credentials_path = nil
  @config_path = nil
  @parsed_credentials = {}
  @parsed_config = nil
  @config_enabled = options[:config_enabled] ? true : false
  @profile_name = determine_profile(options)
  @credentials_path = options[:credentials_path] ||
                      determine_credentials_path
  load_credentials_file if loadable?(@credentials_path)
  if @config_enabled
    @config_path = options[:config_path] || determine_config_path
    load_config_file if loadable?(@config_path)
  end
end

#loadable?(path) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This method does not indicate if the file found at #path will be parsable, only if it can be read.

Returns ‘true` if a credential file exists and has appropriate read permissions at #path.

Returns:

• (Boolean) —

  Returns ‘true` if a credential file exists and has appropriate read permissions at #path.

# File 'lib/aws-sdk-core/shared_config.rb', line 84

def loadable?(path)
  !path.nil? && File.exist?(path) && File.readable?(path)
end

#sso_credentials_from_config(opts = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Attempts to load from shared config or shared credentials file. Will always attempt first to load from the shared credentials file, if present.

# File 'lib/aws-sdk-core/shared_config.rb', line 143

def sso_credentials_from_config(opts = {})
  p = opts[:profile] || @profile_name
  credentials = sso_credentials_from_profile(@parsed_credentials, p)
  if @parsed_config
    credentials ||= sso_credentials_from_profile(@parsed_config, p)
  end
  credentials
end