class AwsAssumeRole::Credentials::Providers::MfaSessionCredentials
Public Class Methods
new(options)
click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 42 def initialize(options) options.each { |key, value| instance_variable_set("@#{key}", value) } @permanent_credentials ||= @credentials @credentials = nil @serial_number = resolve_serial_number(@serial_number) AwsAssumeRole::Vendored::Aws::RefreshingCredentials.instance_method(:initialize).bind(self).call(options) end
Private Instance Methods
credentials_from_keyring()
click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 96 def credentials_from_keyring @credentials_from_keyring ||= AwsAssumeRole::Store::Keyring.fetch keyring_username rescue Aws::Errors::NoSuchProfileError logger.debug "Key not found" @credentials_from_keyring = nil return nil end
identity()
click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 120 def identity @identity ||= sts_client.get_caller_identity end
initialized()
click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 65 def initialized @first_time = false end
instance_credentials(credentials)
click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 108 def instance_credentials(credentials) return unless credentials @credentials = AwsAssumeRole::Store::Serialization.credentials_from_hash(credentials) @expiration = credentials.respond_to?(:expiration) ? credentials.expiration : Time.parse(credentials[:expiration]) end
keyring_username()
click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 52 def keyring_username @keyring_username ||= "#{@identity.to_json}|#{@serial_number}" end
persist_credentials()
click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 104 def persist_credentials AwsAssumeRole::Store::Keyring.save_credentials keyring_username, @credentials, expiration: @expiration end
prompt_for_token()
click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 60 def prompt_for_token text = @first_time ? t("options.mfa_token.first_time") : t("options.mfa_token.other_times") Ui.input.ask text end
refresh()
click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 69 def refresh return set_credentials_from_keyring if @persist_session && @first_time refresh_using_mfa if near_expiration? broadcast(:mfa_completed) end
refresh_using_mfa()
click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 84 def refresh_using_mfa token_code = @yubikey_oath_name ? retrieve_yubikey_token : prompt_for_token token = sts_client.get_session_token( duration_seconds: @duration_seconds, serial_number: @serial_number, token_code: token_code, ) initialized instance_credentials token.credentials persist_credentials if @persist_session end
resolve_serial_number(serial_number)
click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 124 def resolve_serial_number(serial_number) return serial_number unless serial_number.nil? || serial_number == "automatic" user_name = identity.arn.split("/")[1] "arn:aws:iam::#{identity.account}:mfa/#{user_name}" end
retrieve_yubikey_token()
click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 75 def retrieve_yubikey_token raise t("options.mfa_token.smartcard_not_supported") unless SMARTCARD_SUPPORT context = Smartcard::PCSC::Context.new raise "Yubikey not found" unless context.readers.length == 1 reader_name = context.readers.first card = Smartcard::PCSC::Card.new(context, reader_name, :shared) YubiOATH.new(card).calculate(name: @yubikey_oath_name, timestamp: Time.now) end
set_credentials_from_keyring()
click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 114 def set_credentials_from_keyring instance_credentials credentials_from_keyring if credentials_from_keyring initialized refresh_using_mfa unless @credentials && !near_expiration? end
sts_client()
click to toggle source
# File lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb, line 56 def sts_client @sts_client ||= Aws::STS::Client.new(region: @region, credentials: @permanent_credentials) end