class Aws::ProcessCredentials
A credential provider that executes a given process and attempts to read its stdout to recieve a JSON payload containing the credentials
Automatically handles refreshing credentials if an Expiration time is provided in the credentials payload
credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc').credentials ec2 = Aws::EC2::Client.new(credentials: credentials)
More documentation on process based credentials can be found here: docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes
Public Class Methods
new(process)
click to toggle source
Creates a new ProcessCredentials
object, which allows an external process to be used as a credential provider.
@param [String] process Invocation string for process credentials provider.
Calls superclass method
Aws::RefreshingCredentials::new
# File lib/aws-sdk-core/process_credentials.rb, line 27 def initialize(process) @process = process @credentials = credentials_from_process(@process) @async_refresh = false super end
Private Instance Methods
_parse_payload_format_v1(creds_json)
click to toggle source
# File lib/aws-sdk-core/process_credentials.rb, line 61 def _parse_payload_format_v1(creds_json) creds = Credentials.new( creds_json['AccessKeyId'], creds_json['SecretAccessKey'], creds_json['SessionToken'] ) @expiration = creds_json['Expiration'] ? Time.iso8601(creds_json['Expiration']) : nil return creds if creds.set? raise Errors::InvalidProcessCredentialsPayload.new("Invalid payload for JSON credentials version 1") end
credentials_from_process(proc_invocation)
click to toggle source
# File lib/aws-sdk-core/process_credentials.rb, line 36 def credentials_from_process(proc_invocation) begin raw_out = `#{proc_invocation}` process_status = $? rescue Errno::ENOENT raise Errors::InvalidProcessCredentialsPayload.new("Could not find process #{proc_invocation}") end if process_status.success? begin creds_json = Aws::Json.load(raw_out) rescue Aws::Json::ParseError raise Errors::InvalidProcessCredentialsPayload.new("Invalid JSON response") end payload_version = creds_json['Version'] if payload_version == 1 _parse_payload_format_v1(creds_json) else raise Errors::InvalidProcessCredentialsPayload.new("Invalid version #{payload_version} for credentials payload") end else raise Errors::InvalidProcessCredentialsPayload.new('credential_process provider failure, the credential process had non zero exit status and failed to provide credentials') end end
near_expiration?(expiration_length)
click to toggle source
# File lib/aws-sdk-core/process_credentials.rb, line 77 def near_expiration?(expiration_length) # are we within 5 minutes of expiration? @expiration && (Time.now.to_i + expiration_length) > @expiration.to_i end
refresh()
click to toggle source
# File lib/aws-sdk-core/process_credentials.rb, line 73 def refresh @credentials = credentials_from_process(@process) end