class CFnDK::CredentialProviderChain
Public Class Methods
new(profile = nil)
click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 3 def initialize(profile = nil) @profile = profile end
Public Instance Methods
resolve()
click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 7 def resolve providers.each do |method_name, options| CFnDK.logger.debug "resolving: #{method_name}" provider = send(method_name, options) CFnDK.logger.debug "resolved: #{method_name}" if provider && provider.set? return provider if provider && provider.set? end nil end
Private Instance Methods
assume_role_credentials(options)
click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 57 def assume_role_credentials(options) if ::Aws.shared_config.config_enabled? profile = nil region = nil assume_role_with_profile(profile, region) else nil end end
assume_role_with_profile(prof, region)
click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 75 def assume_role_with_profile(prof, region) ::Aws.shared_config.assume_role_credentials_from_config( profile: prof, region: region, chain_config: nil ) end
env_credentials(options)
click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 32 def env_credentials(options) key = %w(AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY) secret = %w(AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY) token = %w(AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN) ::Aws::Credentials.new(envar(key), envar(secret), envar(token)) end
envar(keys)
click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 39 def envar(keys) keys.each do |key| return ENV[key] if ENV.key?(key) end nil end
instance_profile_credentials(options)
click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 67 def instance_profile_credentials(options) if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] ::Aws::ECSCredentials.new(options) else ::Aws::InstanceProfileCredentials.new(options) end end
providers()
click to toggle source
# File lib/cfndk/credential_provider_chain.rb, line 19 def providers [ [:env_credentials, {}], [:assume_role_credentials, {}], [:shared_credentials, {profile: @profile}], [:instance_profile_credentials, { retries: 0, http_open_timeout: 1, http_read_timeout: 1, }], ] end