class AwsAssumeRole::Credentials::Providers::MfaSessionCredentials

Public Class Methods

new(options) click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 42
def initialize(options)
    options.each { |key, value| instance_variable_set("@#{key}", value) }
    @permanent_credentials ||= @credentials
    @credentials = nil
    @serial_number = resolve_serial_number(@serial_number)
    AwsAssumeRole::Vendored::Aws::RefreshingCredentials.instance_method(:initialize).bind(self).call(options)
end

Private Instance Methods

credentials_from_keyring() click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 96
def credentials_from_keyring
    @credentials_from_keyring ||= AwsAssumeRole::Store::Keyring.fetch keyring_username
rescue Aws::Errors::NoSuchProfileError
    logger.debug "Key not found"
    @credentials_from_keyring = nil
    return nil
end
identity() click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 120
def identity
    @identity ||= sts_client.get_caller_identity
end
initialized() click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 65
def initialized
    @first_time = false
end
instance_credentials(credentials) click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 108
def instance_credentials(credentials)
    return unless credentials
    @credentials = AwsAssumeRole::Store::Serialization.credentials_from_hash(credentials)
    @expiration = credentials.respond_to?(:expiration) ? credentials.expiration : Time.parse(credentials[:expiration])
end
keyring_username() click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 52
def keyring_username
    @keyring_username ||= "#{@identity.to_json}|#{@serial_number}"
end
persist_credentials() click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 104
def persist_credentials
    AwsAssumeRole::Store::Keyring.save_credentials keyring_username, @credentials, expiration: @expiration
end
prompt_for_token() click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 60
def prompt_for_token
    text = @first_time ? t("options.mfa_token.first_time") : t("options.mfa_token.other_times")
    Ui.input.ask text
end
refresh() click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 69
def refresh
    return set_credentials_from_keyring if @persist_session && @first_time
    refresh_using_mfa if near_expiration?
    broadcast(:mfa_completed)
end
refresh_using_mfa() click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 84
def refresh_using_mfa
    token_code = @yubikey_oath_name ? retrieve_yubikey_token : prompt_for_token
    token = sts_client.get_session_token(
        duration_seconds: @duration_seconds,
        serial_number: @serial_number,
        token_code: token_code,
    )
    initialized
    instance_credentials token.credentials
    persist_credentials if @persist_session
end
resolve_serial_number(serial_number) click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 124
def resolve_serial_number(serial_number)
    return serial_number unless serial_number.nil? || serial_number == "automatic"
    user_name = identity.arn.split("/")[1]
    "arn:aws:iam::#{identity.account}:mfa/#{user_name}"
end
retrieve_yubikey_token() click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 75
def retrieve_yubikey_token
    raise t("options.mfa_token.smartcard_not_supported") unless SMARTCARD_SUPPORT
    context = Smartcard::PCSC::Context.new
    raise "Yubikey not found" unless context.readers.length == 1
    reader_name = context.readers.first
    card = Smartcard::PCSC::Card.new(context, reader_name, :shared)
    YubiOATH.new(card).calculate(name: @yubikey_oath_name, timestamp: Time.now)
end
set_credentials_from_keyring() click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 114
def set_credentials_from_keyring
    instance_credentials credentials_from_keyring if credentials_from_keyring
    initialized
    refresh_using_mfa unless @credentials && !near_expiration?
end
sts_client() click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 56
def sts_client
    @sts_client ||= Aws::STS::Client.new(region: @region, credentials: @permanent_credentials)
end