Class: KubesAws::OpenId

Inherits:
Object
  • Object
show all
Extended by:
Memoist
Includes:
Logging, Services
Defined in:
lib/kubes_aws/open_id.rb

Instance Method Summary collapse

Methods included from Logging

#logger

Methods included from Services

#eks, #iam, #secrets, #ssm

Constructor Details

#initialize(cluster) ⇒ OpenId

Returns a new instance of OpenId.



11
12
13
 
# File 'lib/kubes_aws/open_id.rb', line 11

def initialize(cluster)
  @cluster = cluster
end

Instance Method Details

#aws_regionObject 



45
46
47
 
# File 'lib/kubes_aws/open_id.rb', line 45

def aws_region
  AwsData.new.region
end

#certObject

stackoverflow.com/questions/34601260/using-ruby-openssl-to-download-and-read-certificates



35
36
37
38
39
40
41
42
 
# File 'lib/kubes_aws/open_id.rb', line 35

def cert
  uri = URI(issuer_url)
  ctx = OpenSSL::SSL::SSLContext.new
  sock = TCPSocket.new(uri.host, 443)
  ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
  ssl.connect
  ssl.peer_cert_chain.last
end

#create_providerObject

Method is idempotent



16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/kubes_aws/open_id.rb', line 16

def create_provider
  fingerprint = OpenSSL::Digest::SHA1.new(cert.to_der).to_s
  iam.create_open_id_connect_provider(
    url: issuer_url,
    thumbprint_list: [fingerprint],
    client_id_list: ["sts.amazonaws.com"]
  )
rescue Aws::IAM::Errors::EntityAlreadyExists => e
  logger.debug "#{e.class}: #{e.message}"
  logger.debug "Open ID Provider already exists"
end

#issuer_urlObject 



28
29
30
31
 
# File 'lib/kubes_aws/open_id.rb', line 28

def issuer_url
  resp = eks.describe_cluster(name: @cluster)
  resp.cluster.identity.oidc.issuer
end