module Aws::Google::CachedCredentials

Mixin module extending `RefreshingCredentials` that caches temporary credentials in the credentials file, so a single session can be reused across multiple processes. The temporary credentials are saved to a separate profile with a '_session' suffix.

Public Class Methods

new(options = {}) click to toggle source

@option options [String] :profile AWS Profile to store temporary credentials (default `default`)

# File lib/aws/google/cached_credentials.rb, line 12
def initialize(options = {})
  # Use existing AWS credentials stored in the shared session config if available.
  # If this is `nil` or expired, #refresh will be called on the first AWS API service call
  # to generate AWS credentials derived from Google authentication.
  @mutex = Mutex.new

  @profile = options[:profile] || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default'
  @session_profile = @profile + '_session'
  @expiration = Aws.shared_config.expiration(profile: @session_profile) rescue nil
  @credentials = Aws.shared_config.credentials(profile: @session_profile) rescue nil
  refresh_if_near_expiration
end

Public Instance Methods

refresh_if_near_expiration() click to toggle source
# File lib/aws/google/cached_credentials.rb, line 25
def refresh_if_near_expiration
  if near_expiration?
    @mutex.synchronize do
      if near_expiration?
        refresh
        write_credentials
      end
    end
  end
end
write_credentials() click to toggle source

Write credentials and expiration to AWS credentials file.

# File lib/aws/google/cached_credentials.rb, line 37
def write_credentials
  # AWS CLI is needed because writing AWS credentials is not supported by the AWS Ruby SDK.
  return unless system('which aws >/dev/null 2>&1')
  Aws::SharedCredentials::KEY_MAP.transform_values(&@credentials.method(:send)).
    merge(expiration: @expiration).each do |key, value|
    system("aws configure set #{key} #{value} --profile #{@session_profile}")
  end
end