Method: Aws::SSOCredentials#initialize

Defined in:
lib/aws-sdk-core/sso_credentials.rb

#initialize(options = {}) ⇒ SSOCredentials

Returns a new instance of SSOCredentials.

Options Hash (options):

  • :sso_account_id (required, String)

    The AWS account ID that temporary AWS credentials will be resolved for

  • :sso_role_name (required, String)

    The corresponding IAM role in the AWS account that temporary AWS credentials will be resolved for.

  • :sso_region (required, String)

    The AWS region where the SSO directory for the given sso_start_url is hosted.

  • :sso_session (String)

    The SSO Token used for fetching the token. If provided, refresh logic from the Aws::SSOTokenProvider will be used.

  • :sso_start_url (String) — default: legacy profiles

    If provided, legacy token fetch behavior will be used, which does not support token refreshing. The start URL is provided by the SSO service via the console and is the URL used to login to the SSO directory. This is also sometimes referred to as the “User Portal URL”.

  • :client (SSO::Client)

    Optional SSO::Client. If not provided, a client will be constructed.

  • before_refresh (Callable)

    Proc called before credentials are refreshed. before_refresh is called with an instance of this object when AWS credentials are required and need to be refreshed.



69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
# File 'lib/aws-sdk-core/sso_credentials.rb', line 69

def initialize(options = {})
  options = options.select {|k, v| !v.nil? }
  if (options[:sso_session])
    missing_keys = TOKEN_PROVIDER_REQUIRED_OPTS.select { |k| options[k].nil? }
    unless missing_keys.empty?
      raise ArgumentError, "Missing required keys: #{missing_keys}"
    end
    @legacy = false
    @sso_role_name = options.delete(:sso_role_name)
     = options.delete(:sso_account_id)

    # if client has been passed, don't pass through to SSOTokenProvider
    @client = options.delete(:client)
    options.delete(:sso_start_url)
    @token_provider = Aws::SSOTokenProvider.new(options.dup)
    @sso_session = options.delete(:sso_session)
    @sso_region = options.delete(:sso_region)

    unless @client
      client_opts = {}
      options.each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) }
      client_opts[:region] = @sso_region
      client_opts[:credentials] = nil
      @client = Aws::SSO::Client.new(client_opts)
    end
    @metrics = ['CREDENTIALS_SSO']
  else # legacy behavior
    missing_keys = LEGACY_REQUIRED_OPTS.select { |k| options[k].nil? }
    unless missing_keys.empty?
      raise ArgumentError, "Missing required keys: #{missing_keys}"
    end
    @legacy = true
    @sso_start_url = options.delete(:sso_start_url)
    @sso_region = options.delete(:sso_region)
    @sso_role_name = options.delete(:sso_role_name)
     = options.delete(:sso_account_id)

    # validate we can read the token file
    read_cached_token

    client_opts = {}
    options.each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) }
    client_opts[:region] = @sso_region
    client_opts[:credentials] = nil

    @client = options[:client] || Aws::SSO::Client.new(client_opts)
    @metrics = ['CREDENTIALS_SSO_LEGACY']
  end

  @async_refresh = true
  super
end