class CFnDK::CredentialProviderChain

Public Class Methods

new(profile = nil) click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 3
def initialize(profile = nil)
  @profile = profile
end

Public Instance Methods

resolve() click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 7
def resolve
  providers.each do |method_name, options|
    CFnDK.logger.debug "resolving: #{method_name}"
    provider = send(method_name, options)
    CFnDK.logger.debug "resolved: #{method_name}" if provider && provider.set?
    return provider if provider && provider.set?
  end
  nil
end

Private Instance Methods

assume_role_credentials(options) click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 57
def assume_role_credentials(options)
  if ::Aws.shared_config.config_enabled?
    profile = nil
    region = nil
    assume_role_with_profile(profile, region)
  else
    nil
  end
end
assume_role_with_profile(prof, region) click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 75
def assume_role_with_profile(prof, region)
  ::Aws.shared_config.assume_role_credentials_from_config(
    profile: prof,
    region: region,
    chain_config: nil
  )
end
env_credentials(options) click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 32
def env_credentials(options)
  key =    %w(AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY)
  secret = %w(AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY)
  token =  %w(AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN)
  ::Aws::Credentials.new(envar(key), envar(secret), envar(token))
end
envar(keys) click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 39
def envar(keys)
  keys.each do |key|
    return ENV[key] if ENV.key?(key)
  end
  nil
end
instance_profile_credentials(options) click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 67
def instance_profile_credentials(options)
  if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
    ::Aws::ECSCredentials.new(options)
  else
    ::Aws::InstanceProfileCredentials.new(options)
  end
end
providers() click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 19
def providers
  [
    [:env_credentials, {}],
    [:assume_role_credentials, {}],
    [:shared_credentials, {profile: @profile}],
    [:instance_profile_credentials, {
      retries: 0,
      http_open_timeout: 1,
      http_read_timeout: 1,
    }],
  ]
end
shared_credentials(options) click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 46
def shared_credentials(options)
  if options[:profile]
    ::Aws::SharedCredentials.new(profile_name: options[:profile])
  else
    ::Aws::SharedCredentials.new(
      profile_name: ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE'])
  end
rescue ::Aws::Errors::NoSuchProfileError
  nil
end