class OCI::Auth::Signers::EphemeralResourcePrincipalsSigner
This signer takes the following parameters:
-
session_token
-
private_key
-
private_key_passphrase
These parameters may be used in one of two modes. In the first mode, they contain the actual contents of the Resource Pricipals Session Token, private key (in PEM format) and the passphrase. In the second mode, if these parameters contain absolute paths, then those paths are taken as the on-filesystem location of the values in question.
-
region: the canonical region name
This is utilised in locating the "local" endpoints of services.
Attributes
region[R]
Public Class Methods
new( session_token: nil, private_key: nil, private_key_passphrase: nil, region: nil )
click to toggle source
Calls superclass method
OCI::Auth::Signers::SecurityTokenSigner::new
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 31 def initialize( session_token: nil, private_key: nil, private_key_passphrase: nil, region: nil ) @refresh_lock = Mutex.new @region = initialize_and_return_region(region) raise 'Missing Resource Principal Session Token when initializing resource principals signer' if session_token.nil? @rpst = session_token # Load the initial values @session_key_supplier = OCI::Auth::Signers::EphemeralRPSessionKeySupplier.new(private_key, private_key_passphrase) @security_token = OCI::Auth::SecurityTokenContainer.new(resource_principal_session_token, key_pair: @session_key_supplier.session_key) # After load, the RPST holds claims for tenancy and compartment. reset_claims # Get the Resource Principal Session Token and use it to set up the signer super(@security_token.security_token, @session_key_supplier.session_key) end
Public Instance Methods
claim(claim)
click to toggle source
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 104 def claim(claim) @security_token.jwt[0][claim] end
initialize_and_return_region(region)
click to toggle source
The region should be something like “us-phoenix-1” but if we get “phx” then convert it.
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 55 def initialize_and_return_region(region) if OCI::Regions::REGION_SHORT_NAMES_TO_LONG_NAMES.include?(region) OCI::Regions::REGION_SHORT_NAMES_TO_LONG_NAMES[region] else region end end
refresh_security_token()
click to toggle source
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 71 def refresh_security_token @refresh_lock.lock @session_key_supplier.refresh @security_token = OCI::Auth::SecurityTokenContainer.new(resource_principal_session_token, key_pair: @session_key_supplier.session_key) reset_signer # Resources may be moved between compartments. Update any coordinates on refresh. reset_claims ensure @refresh_lock.unlock if @refresh_lock.locked? && @refresh_lock.owned? end
reset_claims()
click to toggle source
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 99 def reset_claims @tenancy_id = claim('res_tenant') @compartment_id = claim('res_compartment') end
reset_signer()
click to toggle source
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 82 def reset_signer @key_id = "ST$#{@security_token.security_token}" @private_key_content = @session_key_supplier.session_key @private_key = OpenSSL::PKey::RSA.new( @private_key_content, @pass_phrase || SecureRandom.uuid ) end
resource_principal_session_token()
click to toggle source
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 91 def resource_principal_session_token if File.exist?(File.expand_path(@rpst)) File.read(File.expand_path(@rpst)).to_s.strip else @rpst end end
security_token()
click to toggle source
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 63 def security_token if defined? @security_token return @security_token.security_token if @security_token.token_valid? end refresh_security_token @security_token.security_token end