class Aws::CredentialProviderChain

@api private

Public Class Methods

new(config = nil) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 6
def initialize(config = nil)
  @config = config
end

Public Instance Methods

resolve() click to toggle source

@return [CredentialProvider, nil]

# File lib/aws-sdk-core/credential_provider_chain.rb, line 11
def resolve
  providers.each do |method_name, options|
    provider = send(method_name, options.merge(config: @config))
    return provider if provider && provider.set?
  end
  nil
end

Private Instance Methods

assume_role_credentials(options) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 144
def assume_role_credentials(options)
  if Aws.shared_config.config_enabled?
    assume_role_with_profile(options, determine_profile_name(options))
  end
end
assume_role_web_identity_credentials(options) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 150
def assume_role_web_identity_credentials(options)
  region = options[:config].region if options[:config]
  if (role_arn = ENV['AWS_ROLE_ARN']) && (token_file = ENV['AWS_WEB_IDENTITY_TOKEN_FILE'])
    cfg = {
      role_arn: role_arn,
      web_identity_token_file: token_file,
      role_session_name: ENV['AWS_ROLE_SESSION_NAME']
    }
    cfg[:region] = region if region
    AssumeRoleWebIdentityCredentials.new(cfg)
  elsif Aws.shared_config.config_enabled?
    profile = options[:config].profile if options[:config]
    Aws.shared_config.assume_role_web_identity_credentials_from_config(
      profile: profile,
      region: region
    )
  end
end
assume_role_with_profile(options, profile_name) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 179
def assume_role_with_profile(options, profile_name)
  assume_opts = {
    profile: profile_name,
    chain_config: @config
  }
  if options[:config] && options[:config].region
    assume_opts[:region] = options[:config].region
  end
  Aws.shared_config.assume_role_credentials_from_config(assume_opts)
end
determine_profile_name(options) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 114
def determine_profile_name(options)
  (options[:config] && options[:config].profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default'
end
env_credentials(_options) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 94
def env_credentials(_options)
  key =    %w[AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY]
  secret = %w[AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY]
  token =  %w[AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN]
  account_id = %w[AWS_ACCOUNT_ID]
  Credentials.new(
    envar(key),
    envar(secret),
    envar(token),
    account_id: envar(account_id)
  )
end
envar(keys) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 107
def envar(keys)
  keys.each do |key|
    return ENV[key] if ENV.key?(key)
  end
  nil
end
instance_profile_credentials(options) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 169
def instance_profile_credentials(options)
  profile_name = determine_profile_name(options)
  if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] ||
     ENV['AWS_CONTAINER_CREDENTIALS_FULL_URI']
    ECSCredentials.new(options)
  else
    InstanceProfileCredentials.new(options.merge(profile: profile_name))
  end
end
process_credentials(options) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 125
def process_credentials(options)
  profile_name = determine_profile_name(options)
  if Aws.shared_config.config_enabled?
    process_provider = Aws.shared_config.credential_process(profile: profile_name)
    ProcessCredentials.new([process_provider]) if process_provider
  end
rescue Errors::NoSuchProfileError
  nil
end
providers() click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 21
def providers
  [
    [:static_credentials, {}],
    [:static_profile_assume_role_web_identity_credentials, {}],
    [:static_profile_sso_credentials, {}],
    [:static_profile_assume_role_credentials, {}],
    [:static_profile_credentials, {}],
    [:static_profile_process_credentials, {}],
    [:env_credentials, {}],
    [:assume_role_web_identity_credentials, {}],
    [:sso_credentials, {}],
    [:assume_role_credentials, {}],
    [:shared_credentials, {}],
    [:process_credentials, {}],
    [:instance_profile_credentials, {
      retries: @config ? @config.instance_profile_credentials_retries : 0,
      http_open_timeout: @config ? @config.instance_profile_credentials_timeout : 1,
      http_read_timeout: @config ? @config.instance_profile_credentials_timeout : 1
    }]
  ]
end
shared_credentials(options) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 118
def shared_credentials(options)
  profile_name = determine_profile_name(options)
  SharedCredentials.new(profile_name: profile_name)
rescue Errors::NoSuchProfileError
  nil
end
sso_credentials(options) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 135
def sso_credentials(options)
  profile_name = determine_profile_name(options)
  if Aws.shared_config.config_enabled?
    Aws.shared_config.sso_credentials_from_config(profile: profile_name)
  end
rescue Errors::NoSuchProfileError
  nil
end
static_credentials(options) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 43
def static_credentials(options)
  if options[:config]
    Credentials.new(
      options[:config].access_key_id,
      options[:config].secret_access_key,
      options[:config].session_token,
      account_id: options[:config].account_id
    )
  end
end
static_profile_assume_role_credentials(options) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 71
def static_profile_assume_role_credentials(options)
  if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
    assume_role_with_profile(options, options[:config].profile)
  end
end
static_profile_assume_role_web_identity_credentials(options) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 54
def static_profile_assume_role_web_identity_credentials(options)
  if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
    Aws.shared_config.assume_role_web_identity_credentials_from_config(
      profile: options[:config].profile,
      region: options[:config].region
    )
  end
end
static_profile_credentials(options) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 77
def static_profile_credentials(options)
  if options[:config] && options[:config].profile
    SharedCredentials.new(profile_name: options[:config].profile)
  end
rescue Errors::NoSuchProfileError
  nil
end
static_profile_process_credentials(options) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 85
def static_profile_process_credentials(options)
  if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
    process_provider = Aws.shared_config.credential_process(profile: options[:config].profile)
    ProcessCredentials.new([process_provider]) if process_provider
  end
rescue Errors::NoSuchProfileError
  nil
end
static_profile_sso_credentials(options) click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 63
def static_profile_sso_credentials(options)
  if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
    Aws.shared_config.sso_credentials_from_config(
      profile: options[:config].profile
    )
  end
end