Class: Aws::STS::Presigner

Inherits:

Object

• Object
• Aws::STS::Presigner

Defined in:

lib/aws-sdk-sts/presigner.rb

Overview

Allows you to create presigned URLs for STS operations.

Examples:

signer = Aws::STS::Presigner.new
url = signer.get_caller_identity_presigned_url(
  headers: {"X-K8s-Aws-Id" => 'my-eks-cluster'}
)

Instance Method Summary

• #get_caller_identity_presigned_url(options = {}) ⇒ String

  Returns a presigned url for get_caller_identity.

• #initialize(options = {}) ⇒ Presigner constructor

  A new instance of Presigner.

Constructor Details

#initialize(options = {}) ⇒ Presigner

Returns a new instance of Presigner.

Parameters:

• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• :client (Client) —

  Optionally provide an existing STS client

# File 'lib/aws-sdk-sts/presigner.rb', line 18

def initialize(options = {})
  @client = options[:client] || Aws::STS::Client.new
end

Instance Method Details

#get_caller_identity_presigned_url(options = {}) ⇒ String

Returns a presigned url for get_caller_identity.

This can be easily converted to a token used by the EKS service: https://docs.ruby-lang.org/en/3.2/Base64.html#method-i-encode64 “k8s-aws-v1.” + Base64.urlsafe_encode64(url).chomp(“==”)

Examples:

url = signer.get_caller_identity_presigned_url(
  headers: {"X-K8s-Aws-Id" => 'my-eks-cluster'},
)

Parameters:

• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• :headers (Hash) —

  Headers that should be signed and sent along with the request. All x-amz-* headers must be present during signing. Other headers are optional.

Returns:

• (String) —

  A presigned url string.

# File 'lib/aws-sdk-sts/presigner.rb', line 40

def get_caller_identity_presigned_url(options = {})
  req = @client.build_request(:get_caller_identity, {})
  context = req.context

  param_list = Aws::Query::ParamList.new
  param_list.set('Action', 'GetCallerIdentity')
  param_list.set('Version', req.context.config.api.version)
  Aws::Query::EC2ParamBuilder.new(param_list)
    .apply(req.context.operation.input, {})

  endpoint_params = Aws::STS::EndpointParameters.new(
    region: context.config.region,
    use_dual_stack: context.config.use_dualstack_endpoint,
    use_fips: context.config.use_fips_endpoint,
    use_global_endpoint: context.config.sts_regional_endpoints == 'legacy'
  )
  endpoint = context.config.endpoint_provider
                    .resolve_endpoint(endpoint_params)
  auth_scheme = Aws::Endpoints.resolve_auth_scheme(context, endpoint)

  signer = Aws::Plugins::Sign.signer_for(
    auth_scheme, context.config
  )

  signer.presign_url(
    http_method: 'GET',
    url: "#{endpoint.url}/?#{param_list}",
    body: '',
    headers: options[:headers]
  ).to_s
end