Class: JwtAuthCognito::SSMService

Inherits:
Object
  • Object
show all
Defined in:
lib/jwt_auth_cognito/ssm_service.rb

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.certificate_cacheObject

Returns the value of attribute certificate_cache.



11
12
13
 
# File 'lib/jwt_auth_cognito/ssm_service.rb', line 11

def certificate_cache
  @certificate_cache
end

.clientObject

Returns the value of attribute client.



11
12
13
 
# File 'lib/jwt_auth_cognito/ssm_service.rb', line 11

def client
  @client
end

Class Method Details

.cache_statsObject

Gets cache stats



102
103
104
105
106
107
 
# File 'lib/jwt_auth_cognito/ssm_service.rb', line 102

def self.cache_stats
  {
    size: @certificate_cache.size,
    keys: @certificate_cache.keys
  }
end

.clear_cacheObject

Clears the certificate cache



97
98
99
 
# File 'lib/jwt_auth_cognito/ssm_service.rb', line 97

def self.clear_cache
  @certificate_cache.clear
end

.get_ca_certificate(cert_path, cert_name) ⇒ Object

Gets a certificate from AWS Parameter Store (compatible with auth-service) Uses the same path pattern: /$cert_path/$cert_name



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'lib/jwt_auth_cognito/ssm_service.rb', line 31

def self.get_ca_certificate(cert_path, cert_name)
  full_path = "/#{cert_path}/#{cert_name}"

  # Check cache first
  if @certificate_cache.key?(full_path)
    puts '📋 Using cached certificate from SSM'
    return @certificate_cache[full_path]
  end

  begin
    puts "📡 Getting certificate from Parameter Store: #{full_path}"

    client = get_client
    response = client.get_parameter({
                                      name: full_path,
                                      with_decryption: true
                                    })

    raise ConfigurationError, "Certificate parameter not found or invalid: #{full_path}" unless response.parameter&.value

    # Cache the certificate
    @certificate_cache[full_path] = response.parameter.value
    puts '✅ Certificate obtained from SSM and cached'

    response.parameter.value
  rescue Aws::SSM::Errors::ParameterNotFound
    raise ConfigurationError, "Certificate parameter not found: #{full_path}"
  rescue Aws::SSM::Errors::ServiceError => e
    puts "❌ Error getting certificate from SSM (#{full_path}): #{e.message}"
    raise ConfigurationError, "Error accessing SSM: #{e.message}"
  rescue StandardError => e
    puts "❌ Error getting certificate from SSM (#{full_path}): #{e.message}"
    raise e
  end
end

.get_clientObject

Initialize the SSM client



18
19
20
21
22
23
24
25
26
27
 
# File 'lib/jwt_auth_cognito/ssm_service.rb', line 18

def self.get_client
  @client ||= begin
    require 'aws-sdk-ssm'
    region = ENV['AWS_REGION'] || ENV['AWS_DEFAULT_REGION'] || 'us-east-1'
    Aws::SSM::Client.new(region: region)
  end
rescue LoadError
  raise ConfigurationError,
        "aws-sdk-ssm gem is required for SSM functionality. Add 'gem \"aws-sdk-ssm\"' to your Gemfile"
end

.get_parameter(parameter_name, with_decryption = true) ⇒ Object

Gets a parameter from AWS Parameter Store



68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/jwt_auth_cognito/ssm_service.rb', line 68

def self.get_parameter(parameter_name, with_decryption = true)
  # Check cache first
  return @certificate_cache[parameter_name] if @certificate_cache.key?(parameter_name)

  begin
    client = get_client
    response = client.get_parameter({
                                      name: parameter_name,
                                      with_decryption: with_decryption
                                    })

    raise ConfigurationError, "Parameter not found or invalid: #{parameter_name}" unless response.parameter&.value

    # Cache the parameter
    @certificate_cache[parameter_name] = response.parameter.value

    response.parameter.value
  rescue Aws::SSM::Errors::ParameterNotFound
    raise ConfigurationError, "Parameter not found: #{parameter_name}"
  rescue Aws::SSM::Errors::ServiceError => e
    puts "❌ Error getting parameter from SSM (#{parameter_name}): #{e.message}"
    raise ConfigurationError, "Error accessing SSM: #{e.message}"
  rescue StandardError => e
    puts "❌ Error getting parameter from SSM (#{parameter_name}): #{e.message}"
    raise e
  end
end