class OCI::Auth::Signers::InstancePrincipalsDelegationTokenSigner

InstancePrincipalsDelegationTokenSigner extends the functionality of InstancePrincipalsSecurityTokenSigner. A delegation token allows the instance to assume the privileges of the user for which the token was created.

Constants

HEADERS_TO_SIGN

Public Class Methods

new(delegation_token, federation_endpoint: nil, federation_client_cert_bundle: nil, signing_strategy: OCI::BaseSigner::STANDARD, body_headers_to_sign: OCI::BaseSigner::BODY_HEADERS, additional_auth_params: {}) click to toggle source

Creates a new InstancePrincipalsDelegationTokenSigner

@param [String] delegation_token This token allows an instance to assume the privileges of a specific user

and act on-behalf-of that user.

@param [String] federation_client_cert_bundle The full file path to a custom certificate bundle which can be

used for SSL verification against the federation_endpoint. If not provided (e.g. because a custom bundle is
not needed), defaults to nil

@param [String] signing_strategy Whether this signer is used for Object Storage requests or not. Acceptable

values are {OCI::BaseSigner::STANDARD} and {OCI::BaseSigner::OBJECT_STORAGE}. If not provided, defaults to
{OCI::BaseSigner::STANDARD}

@param [Array<String>] body_headers_to_sign An array of headers which should be signed on requests with

bodies. If not provided, defaults to {OCI::BaseSigner::BODY_HEADERS}

@param [Hash<String>] additional_auth_params Additional parameters for the federation client to pass as part

of the Auth Service request. If not provided, defaults to an empty hash
# File lib/oci/auth/signers/instance_principals_delegation_token_signer.rb, line 37
def initialize(delegation_token,
               federation_endpoint: nil,
               federation_client_cert_bundle: nil,
               signing_strategy: OCI::BaseSigner::STANDARD,
               body_headers_to_sign: OCI::BaseSigner::BODY_HEADERS,
               additional_auth_params: {})
  raise 'Delegation Token not exist' if delegation_token.nil?

  @delegation_token = delegation_token
  super(federation_endpoint: federation_endpoint,
        federation_client_cert_bundle: federation_client_cert_bundle,
        signing_strategy: signing_strategy,
        headers_to_sign_in_all_requests: HEADERS_TO_SIGN,
        body_headers_to_sign: body_headers_to_sign,
        additional_auth_params: additional_auth_params)
end

Public Instance Methods

sign(method, uri, headers, body, operation_signing_strategy = :standard) click to toggle source

Add opc-obo-token to request header

# File lib/oci/auth/signers/instance_principals_delegation_token_signer.rb, line 55
def sign(method, uri, headers, body, operation_signing_strategy = :standard)
  headers[:'opc-obo-token'] = @delegation_token
  super(method, uri, headers, body, operation_signing_strategy)
end