class OCI::Auth::Signers::EphemeralResourcePrincipalsSigner

This signer takes the following parameters:

Attributes

region[R]

Public Class Methods

new( session_token: nil, private_key: nil, private_key_passphrase: nil, region: nil ) click to toggle source
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 31
def initialize(
  session_token: nil,
  private_key: nil,
  private_key_passphrase: nil,
  region: nil
)
  @refresh_lock = Mutex.new
  @region = initialize_and_return_region(region)
  raise 'Missing Resource Principal Session Token when initializing resource principals signer' if session_token.nil?

  @rpst = session_token

  # Load the initial values
  @session_key_supplier = OCI::Auth::Signers::EphemeralRPSessionKeySupplier.new(private_key, private_key_passphrase)
  @security_token = OCI::Auth::SecurityTokenContainer.new(resource_principal_session_token, key_pair: @session_key_supplier.session_key)

  # After load, the RPST holds claims for tenancy and compartment.
  reset_claims

  # Get the Resource Principal Session Token and use it to set up the signer
  super(@security_token.security_token, @session_key_supplier.session_key)
end

Public Instance Methods

claim(claim) click to toggle source
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 104
def claim(claim)
  @security_token.jwt[0][claim]
end
initialize_and_return_region(region) click to toggle source

The region should be something like “us-phoenix-1” but if we get “phx” then convert it.

# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 55
def initialize_and_return_region(region)
  if OCI::Regions::REGION_SHORT_NAMES_TO_LONG_NAMES.include?(region)
    OCI::Regions::REGION_SHORT_NAMES_TO_LONG_NAMES[region]
  else
    region
  end
end
refresh_security_token() click to toggle source
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 71
def refresh_security_token
  @refresh_lock.lock
  @session_key_supplier.refresh
  @security_token = OCI::Auth::SecurityTokenContainer.new(resource_principal_session_token, key_pair: @session_key_supplier.session_key)
  reset_signer
  # Resources may be moved between compartments. Update any coordinates on refresh.
  reset_claims
ensure
  @refresh_lock.unlock if @refresh_lock.locked? && @refresh_lock.owned?
end
reset_claims() click to toggle source
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 99
def reset_claims
  @tenancy_id = claim('res_tenant')
  @compartment_id = claim('res_compartment')
end
reset_signer() click to toggle source
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 82
def reset_signer
  @key_id = "ST$#{@security_token.security_token}"
  @private_key_content = @session_key_supplier.session_key
  @private_key = OpenSSL::PKey::RSA.new(
    @private_key_content,
    @pass_phrase || SecureRandom.uuid
  )
end
resource_principal_session_token() click to toggle source
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 91
def resource_principal_session_token
  if File.exist?(File.expand_path(@rpst))
    File.read(File.expand_path(@rpst)).to_s.strip
  else
    @rpst
  end
end
security_token() click to toggle source
# File lib/oci/auth/signers/ephemeral_resource_principals_signer.rb, line 63
def security_token
  if defined? @security_token
    return @security_token.security_token if @security_token.token_valid?
  end
  refresh_security_token
  @security_token.security_token
end