Class: Miasma::Contrib::Aws::Api::Sts
- Inherits:
-
Types::Api
- Object
- Types::Api
- Miasma::Contrib::Aws::Api::Sts
- Defined in:
- lib/miasma-aws/api/sts.rb
Overview
STS helper class
Constant Summary collapse
- API_SERVICE =
Service name of the API
"sts".freeze
- API_VERSION =
Supported version of the STS API
"2011-06-15".freeze
Instance Method Summary collapse
-
#assume_role(role_arn, args = {}) ⇒ Hash
Assume new role.
- #default_mfa_serial ⇒ String
-
#mfa_session(token_code, args = {}) ⇒ Hash
Generate MFA session credentials.
Methods included from Miasma::Contrib::AwsApiCore::RequestUtils
Methods included from Miasma::Contrib::AwsApiCore::ApiCommon
#after_setup, #api_for, #connect, #connection, #custom_setup, #endpoint, #extract_creds, #get_credential, #get_region, included, #load_aws_file, #load_ecs_credentials!, #load_instance_credentials!, #make_request, #perform_request_retry, #retryable_allowed?, #signer, #sts_assume_role!, #sts_assume_role_update_required?, #sts_attribute_update_required?, #sts_mfa_session!, #sts_mfa_session_update_required?, #update_request, #uri_escape
Instance Method Details
#assume_role(role_arn, args = {}) ⇒ Hash
Assume new role
51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 |
# File 'lib/miasma-aws/api/sts.rb', line 51 def assume_role(role_arn, args = {}) req_params = Smash.new.tap do |params| params["Action"] = "AssumeRole" params["RoleArn"] = role_arn params["RoleSessionName"] = args[:session_name] || SecureRandom.uuid.tr("-", "") params["ExternalId"] = args[:external_id] if args[:external_id] end result = request( :path => "/", :params => req_params, ).get(:body, "AssumeRoleResponse", "AssumeRoleResult") Smash.new( :aws_sts_token => result.get("Credentials", "SessionToken"), :aws_sts_secret_access_key => result.get("Credentials", "SecretAccessKey"), :aws_sts_access_key_id => result.get("Credentials", "AccessKeyId"), :aws_sts_token_expires => Time.parse(result.get("Credentials", "Expiration")), :aws_sts_assumed_role_arn => result.get("AssumedRoleUser", "Arn"), :aws_sts_assumed_role_id => result.get("AssumedRoleUser", "AssumedRoleId"), ) end |
#default_mfa_serial ⇒ String
73 74 75 76 77 78 79 80 81 82 |
# File 'lib/miasma-aws/api/sts.rb', line 73 def default_mfa_serial user_data = Iam.new( Smash[ [:aws_access_key_id, :aws_secret_access_key, :aws_region].map do |key| [key, attributes[key]] end ] ).user_info "arn:aws:iam::#{user_data[:account_id]}:mfa/#{user_data[:username]}" end |
#mfa_session(token_code, args = {}) ⇒ Hash
Generate MFA session credentials
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# File 'lib/miasma-aws/api/sts.rb', line 25 def mfa_session(token_code, args = {}) req_params = Smash.new.tap do |params| params["Action"] = "GetSessionToken" params["TokenCode"] = token_code.respond_to?(:call) ? token_code.call : token_code params["DurationSeconds"] = args[:duration] if args[:duration] params["SerialNumber"] = args[:mfa_serial].to_s.empty? ? default_mfa_serial : args[:mfa_serial] end result = request( :path => "/", :params => req_params, ).get(:body, "GetSessionTokenResponse", "GetSessionTokenResult", "Credentials") Smash.new( :aws_sts_session_token => result["SessionToken"], :aws_sts_session_secret_access_key => result["SecretAccessKey"], :aws_sts_session_access_key_id => result["AccessKeyId"], :aws_sts_session_token_expires => Time.parse(result["Expiration"]), ) end |