Class: AwsAssumeRole::Store::SharedConfigWithKeyring

Inherits:
Vendored::Aws::SharedConfig show all
Includes:
Logging, AwsAssumeRole::Store
Defined in:
lib/aws_assume_role/store/shared_config_with_keyring.rb

Instance Attribute Summary collapse

Attributes inherited from Vendored::Aws::SharedConfig

#config_path, #credentials_path, #profile_name

Instance Method Summary collapse

Methods included from Logging

included

Methods inherited from Vendored::Aws::SharedConfig

#assume_role_credentials_from_config, #config_enabled?, #loadable?, #region

Constructor Details

#initialize(options = {}) ⇒ SharedConfigWithKeyring

Returns a new instance of SharedConfigWithKeyring.

Options Hash (options):

  • :credentials_path (String)

    Path to the shared credentials file. Defaults to “#Dir.home/.aws/credentials”.

  • :config_path (String)

    Path to the shared config file. Defaults to “#Dir.home/.aws/config”.

  • :profile_name (String)

    The credential/config profile name to use. If not specified, will check `ENV` before using the fixed default value of 'default'.

  • :config_enabled (Boolean)

    If true, loads the shared config file and enables new config values outside of the old shared credential spec.


24
25
26
27
28
29
30
31
32
33
34
# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 24

def initialize(options = {})
    @profile_name = determine_profile(options)
    @config_enabled = options[:config_enabled]
    @credentials_path = options[:credentials_path] ||
                        determine_credentials_path
    @parsed_credentials = {}
    load_credentials_file if loadable?(@credentials_path)
    return unless @config_enabled
    @config_path = options[:config_path] || determine_config_path
    load_config_file if loadable?(@config_path)
end

Instance Attribute Details

#parsed_configObject (readonly)

Returns the value of attribute parsed_config


11
12
13
# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 11

def parsed_config
  @parsed_config
end

Instance Method Details

#credentials(opts = {}) ⇒ Object


56
57
58
59
60
61
# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 56

def credentials(opts = {})
    logger.debug "SharedConfigWithKeyring asked for credentials with opts #{opts}"
    p = opts[:profile] || @profile_name
    validate_profile_exists(p) if credentials_present?
    credentials_from_keyring(p, opts) || credentials_from_shared(p, opts) || credentials_from_config(p, opts)
end

#delete_profile(profile_name) ⇒ Object


84
85
86
87
88
89
90
91
92
# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 84

def delete_profile(profile_name)
    # Keyring does not return errors for non-existent things, so always attempt.
    Keyring.delete_credentials(profile_name)
    semaphore.synchronize do
        raise KeyError if configuration["profile #{profile_name}"].blank?
        configuration.delete_section("profile #{profile_name}")
        save_configuration
    end
end

#fresh(options = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.


37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 37

def fresh(options = {})
    @configuration = nil
    @semaphore = nil
    @assume_role_shared_config = nil
    @profile_name = nil
    @credentials_path = nil
    @config_path = nil
    @parsed_credentials = {}
    @parsed_config = nil
    @config_enabled = options[:config_enabled] ? true : false
    @profile_name = determine_profile(options)
    @credentials_path = options[:credentials_path] ||
                        determine_credentials_path
    load_credentials_file if loadable?(@credentials_path)
    return unless @config_enabled
    @config_path = options[:config_path] || determine_config_path
    load_config_file if loadable?(@config_path)
end

#migrate_profile(profile_name) ⇒ Object


94
95
96
97
# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 94

def migrate_profile(profile_name)
    validate_profile_exists(profile_name)
    save_profile(profile_name, configuration["profile #{profile_name}"])
end

#profile_hash(profile_name) ⇒ Object


107
108
109
# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 107

def profile_hash(profile_name)
    {} || @parsed_config[profile_key(profile_name)]
end

#profile_region(profile_name) ⇒ Object


99
100
101
# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 99

def profile_region(profile_name)
    resolve_profile_parameter(profile_name, "region")
end

#profile_role(profile_name) ⇒ Object


103
104
105
# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 103

def profile_role(profile_name)
    resolve_profile_parameter(profile_name, "role_arn")
end

#profilesObject


80
81
82
# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 80

def profiles
    configuration.sections.map { |c| c.gsub("profile ", "") }
end

#save_profile(profile_name, hash) ⇒ Object


63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# File 'lib/aws_assume_role/store/shared_config_with_keyring.rb', line 63

def save_profile(profile_name, hash)
    ckey = "profile #{profile_name}"
    merged_config = configuration[ckey].deep_symbolize_keys.merge hash.to_h
    merged_config[:mfa_serial] = merged_config[:serial_number] if merged_config[:serial_number]
    credentials = Aws::Credentials.new(merged_config.delete(:aws_access_key_id),
                                       merged_config.delete(:aws_secret_access_key))
    semaphore.synchronize do
        Keyring.save_credentials profile_name, credentials if credentials.set?
        merged_config = merged_config.slice :region, :role_arn, :mfa_serial, :source_profile,
                                            :role_session_name, :external_id, :duration_seconds,
                                            :yubikey_oath_name
        configuration.delete_section ckey
        configuration[ckey] = merged_config.compact
        save_configuration
    end
end