class Cipherpipe::Vault::EC2Token

Constants

ConnectionError
NONCE_FILE
URL

Attributes

external_source[R]

Public Class Methods

call(external_source) click to toggle source
# File lib/cipherpipe/vault/ec2_token.rb, line 16
def self.call(external_source)
  new(external_source).call
end
new(external_source) click to toggle source
# File lib/cipherpipe/vault/ec2_token.rb, line 20
def initialize(external_source)
  @external_source = external_source
end

Public Instance Methods

call() click to toggle source
# File lib/cipherpipe/vault/ec2_token.rb, line 24
def call
  response = ::Vault.auth.aws_ec2 external_source.ec2_role, signature, nonce

  if response.auth.metadata[:nonce]
    File.write NONCE_FILE, response.auth.metadata[:nonce]
  end

  response.auth.client_token
end

Private Instance Methods

nonce() click to toggle source
# File lib/cipherpipe/vault/ec2_token.rb, line 38
def nonce
  return nil unless File.exist?(NONCE_FILE)

  File.read(NONCE_FILE).strip
end
signature() click to toggle source
# File lib/cipherpipe/vault/ec2_token.rb, line 44
def signature
  http = Net::HTTP.new URL.host, URL.port
  http.open_timeout = 1 # second
  http.request_get(URL.path).body.gsub("\n", "")
rescue Net::OpenTimeout => error
  raise ConnectionError, "Unable to read the local EC2 information endpoint"
end