Class: Aws::STS::Presigner

Inherits:
Object
  • Object
show all
Defined in:
lib/aws-sdk-sts/presigner.rb

Overview

Allows you to create presigned URLs for STS operations.

Examples:


signer = Aws::STS::Presigner.new
url = signer.get_caller_identity_presigned_url(
  headers: {"X-K8s-Aws-Id" => 'my-eks-cluster'}
)

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ Presigner

Returns a new instance of Presigner.

Parameters:

  • options (Hash) (defaults to: {})

    a customizable set of options

Options Hash (options):

  • :client (Client)

    Optionally provide an existing STS client


18
19
20
# File 'lib/aws-sdk-sts/presigner.rb', line 18

def initialize(options = {})
  @client = options[:client] || Aws::STS::Client.new
end

Instance Method Details

#get_caller_identity_presigned_url(options = {}) ⇒ String

Returns a presigned url for get_caller_identity.

This can be easily converted to a token used by the EKS service: https://ruby-doc.org/stdlib-2.3.1/libdoc/base64/rdoc/Base64.html#method-i-encode64 “k8s-aws-v1.” + Base64.urlsafe_encode64(url).chomp(“==”)

Examples:


url = signer.get_caller_identity_presigned_url(
  headers: {"X-K8s-Aws-Id" => 'my-eks-cluster'},
)

Parameters:

  • options (Hash) (defaults to: {})

    a customizable set of options

Options Hash (options):

  • :headers (Hash)

    Headers that should be signed and sent along with the request. All x-amz-* headers must be present during signing. Other headers are optional.

Returns:

  • (String)

    A presigned url string.


40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# File 'lib/aws-sdk-sts/presigner.rb', line 40

def get_caller_identity_presigned_url(options = {})
  req = @client.build_request(:get_session_token, {})

  param_list = Aws::Query::ParamList.new
  param_list.set('Action', 'GetCallerIdentity')
  param_list.set('Version', req.context.config.api.version)
  Aws::Query::EC2ParamBuilder.new(param_list)
    .apply(req.context.operation.input, {})

  signer = Aws::Sigv4::Signer.new(
    service: 'sts',
    region: req.context.config.region,
    credentials_provider: req.context.config.credentials
  )

  url = Aws::Partitions::EndpointProvider.resolve(
    req.context.config.region,
    'sts',
    req.context.config.sts_regional_endpoints,
    {
      dualstack: req.context.config.use_dualstack_endpoint,
      fips: req.context.config.use_fips_endpoint
    }
  )
  url += "/?#{param_list}"

  signer.presign_url(
    http_method: 'GET',
    url: url,
    body: '',
    headers: options[:headers]
  ).to_s
end