Class: Aws::SharedConfig Private

Inherits:

Object

• Object
• Aws::SharedConfig

Defined in:

lib/aws-sdk-core/shared_config.rb

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Constant Summary

SSO_CREDENTIAL_PROFILE_KEYS =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

%w[sso_account_id sso_role_name].freeze

SSO_PROFILE_KEYS =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

%w[sso_session sso_start_url sso_region sso_account_id sso_role_name].freeze

SSO_TOKEN_PROFILE_KEYS =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

%w[sso_session].freeze

SSO_SESSION_KEYS =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

%w[sso_region sso_start_url].freeze

Instance Attribute Summary

• #config_path ⇒ String readonly private
• #credentials_path ⇒ String readonly private
• #profile_name ⇒ String readonly private

Class Method Summary

• .config_reader(*attrs) ⇒ Object private

  Add an accessor method (similar to attr_reader) to return a configuration value Uses the get_config_value below to control where values are loaded from.

Instance Method Summary

• #assume_role_credentials_from_config(opts = {}) ⇒ Object private

  Attempts to assume a role from shared config or shared credentials file.

• #assume_role_web_identity_credentials_from_config(opts = {}) ⇒ Object private
• #config_enabled? ⇒ Boolean private

  Returns ‘true` if use of the shared config file is enabled.

• #configured_endpoint(opts = {}) ⇒ Object private

  Source a custom configured endpoint from the shared configuration file.

• #credentials(opts = {}) ⇒ Aws::Credentials private

  Sources static credentials from shared credential/config files.

• #fresh(options = {}) ⇒ Object private
• #initialize(options = {}) ⇒ SharedConfig constructor private

  Constructs a new SharedConfig provider object.

• #loadable?(path) ⇒ Boolean private

  Returns ‘true` if a credential file exists and has appropriate read permissions at #path.

• #sso_credentials_from_config(opts = {}) ⇒ Object private

  Attempts to load from shared config or shared credentials file.

• #sso_token_from_config(opts = {}) ⇒ Object private

  Attempts to load from shared config or shared credentials file.

Constructor Details

#initialize(options = {}) ⇒ SharedConfig

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Constructs a new SharedConfig provider object. This will load the shared credentials file, and optionally the shared configuration file, as ini files which support profiles.

By default, the shared credential file (the default path for which is ‘~/.aws/credentials`) and the shared config file (the default path for which is `~/.aws/config`) are loaded. However, if you set the `ENV` environment variable, only the shared credential file will be loaded. You can specify the shared credential file path with the `ENV` environment variable or with the `:credentials_path` option. Similarly, you can specify the shared config file path with the `ENV` environment variable or with the `:config_path` option.

The default profile name is ‘default’. You can specify the profile name with the ‘ENV` environment variable or with the `:profile_name` option.

Parameters:

• options (Hash) (defaults to: {})

Options Hash (options):

• :credentials_path (String) —

  Path to the shared credentials file. If not specified, will check ‘ENV` before using the default value of “#Dir.home/.aws/credentials”.

• :config_path (String) —

  Path to the shared config file. If not specified, will check ‘ENV` before using the default value of “#Dir.home/.aws/config”.

• :profile_name (String) —

  The credential/config profile name to use. If not specified, will check ‘ENV` before using the fixed default value of ’default’.

• :config_enabled (Boolean) —

  If true, loads the shared config file and enables new config values outside of the old shared credential spec.

# File 'lib/aws-sdk-core/shared_config.rb', line 52

def initialize(options = {})
  @parsed_config = nil
  @profile_name = determine_profile(options)
  @config_enabled = options[:config_enabled]
  @credentials_path = options[:credentials_path] ||
                      determine_credentials_path
  @credentials_path = File.expand_path(@credentials_path) if @credentials_path
  @parsed_credentials = {}
  load_credentials_file if loadable?(@credentials_path)
  if @config_enabled
    @config_path = options[:config_path] || determine_config_path
    @config_path = File.expand_path(@config_path) if @config_path
    load_config_file if loadable?(@config_path)
  end
end

Instance Attribute Details

#config_path ⇒ String (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

• (String)

# File 'lib/aws-sdk-core/shared_config.rb', line 16

def config_path
  @config_path
end

#credentials_path ⇒ String (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

• (String)

# File 'lib/aws-sdk-core/shared_config.rb', line 13

def credentials_path
  @credentials_path
end

#profile_name ⇒ String (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

• (String)

# File 'lib/aws-sdk-core/shared_config.rb', line 19

def profile_name
  @profile_name
end

Class Method Details

.config_reader(*attrs) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Add an accessor method (similar to attr_reader) to return a configuration value Uses the get_config_value below to control where values are loaded from

# File 'lib/aws-sdk-core/shared_config.rb', line 193

def self.config_reader(*attrs)
  attrs.each do |attr|
    define_method(attr) { |opts = {}| get_config_value(attr.to_s, opts) }
  end
end

Instance Method Details

#assume_role_credentials_from_config(opts = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Attempts to assume a role from shared config or shared credentials file. Will always attempt first to assume a role from the shared credentials file, if present.

# File 'lib/aws-sdk-core/shared_config.rb', line 120

def assume_role_credentials_from_config(opts = {})
  p = opts.delete(:profile) || @profile_name
  chain_config = opts.delete(:chain_config)
  credentials = assume_role_from_profile(@parsed_credentials, p, opts, chain_config)
  if @parsed_config
    credentials ||= assume_role_from_profile(@parsed_config, p, opts, chain_config)
  end
  credentials
end

#assume_role_web_identity_credentials_from_config(opts = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-core/shared_config.rb', line 130

def assume_role_web_identity_credentials_from_config(opts = {})
  p = opts[:profile] || @profile_name
  if @config_enabled && @parsed_config
    entry = @parsed_config.fetch(p, {})
    if entry['web_identity_token_file'] && entry['role_arn']
      cfg = {
        role_arn: entry['role_arn'],
        web_identity_token_file: entry['web_identity_token_file'],
        role_session_name: entry['role_session_name']
      }
      cfg[:region] = opts[:region] if opts[:region]
      AssumeRoleWebIdentityCredentials.new(cfg)
    end
  end
end

#config_enabled? ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns ‘true` if use of the shared config file is enabled.

Returns:

• (Boolean) —

  returns ‘true` if use of the shared config file is enabled.

# File 'lib/aws-sdk-core/shared_config.rb', line 96

def config_enabled?
  @config_enabled ? true : false
end

#configured_endpoint(opts = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Source a custom configured endpoint from the shared configuration file

Parameters:

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :profile (String)
• :service_id (String)

# File 'lib/aws-sdk-core/shared_config.rb', line 175

def configured_endpoint(opts = {})
  # services section is only allowed in the shared config file (not credentials)
  profile = opts[:profile] || @profile_name
  service_id = opts[:service_id]&.gsub(" ", "_")&.downcase
  if @parsed_config && (prof_config = @parsed_config[profile])
    services_section_name = prof_config['services']
    if (services_config = @parsed_config["services #{services_section_name}"]) &&
      (service_config = services_config[service_id])
      return service_config['endpoint_url'] if service_config['endpoint_url']
    end
    return prof_config['endpoint_url']
  end
  nil
end

#credentials(opts = {}) ⇒ Aws::Credentials

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sources static credentials from shared credential/config files.

Parameters:

• opts (Hash) (defaults to: {})
• options (Hash) —

  a customizable set of options

Returns:

• (Aws::Credentials) —

  credentials sourced from configuration values, or ‘nil` if no valid credentials were found.

# File 'lib/aws-sdk-core/shared_config.rb', line 107

def credentials(opts = {})
  p = opts[:profile] || @profile_name
  validate_profile_exists(p)
  if (credentials = credentials_from_shared(p, opts))
    credentials
  elsif (credentials = credentials_from_config(p, opts))
    credentials
  end
end

#fresh(options = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-core/shared_config.rb', line 69

def fresh(options = {})
  @profile_name = nil
  @credentials_path = nil
  @config_path = nil
  @parsed_credentials = {}
  @parsed_config = nil
  @config_enabled = options[:config_enabled] ? true : false
  @profile_name = determine_profile(options)
  @credentials_path = options[:credentials_path] ||
                      determine_credentials_path
  load_credentials_file if loadable?(@credentials_path)
  if @config_enabled
    @config_path = options[:config_path] || determine_config_path
    load_config_file if loadable?(@config_path)
  end
end

#loadable?(path) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This method does not indicate if the file found at #path will be parsable, only if it can be read.

Returns ‘true` if a credential file exists and has appropriate read permissions at #path.

Returns:

• (Boolean) —

  Returns ‘true` if a credential file exists and has appropriate read permissions at #path.

# File 'lib/aws-sdk-core/shared_config.rb', line 90

def loadable?(path)
  !path.nil? && File.exist?(path) && File.readable?(path)
end

#sso_credentials_from_config(opts = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Attempts to load from shared config or shared credentials file. Will always attempt first to load from the shared credentials file, if present.

# File 'lib/aws-sdk-core/shared_config.rb', line 149

def sso_credentials_from_config(opts = {})
  p = opts[:profile] || @profile_name
  credentials = sso_credentials_from_profile(@parsed_credentials, p)
  if @parsed_config
    credentials ||= sso_credentials_from_profile(@parsed_config, p)
  end
  credentials
end

#sso_token_from_config(opts = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Attempts to load from shared config or shared credentials file. Will always attempt first to load from the shared credentials file, if present.

# File 'lib/aws-sdk-core/shared_config.rb', line 161

def sso_token_from_config(opts = {})
  p = opts[:profile] || @profile_name
  token = sso_token_from_profile(@parsed_credentials, p)
  if @parsed_config
    token ||= sso_token_from_profile(@parsed_config, p)
  end
  token
end