class Aws::CredentialProviderChain
@api private
Public Class Methods
new(config = nil)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 6 def initialize(config = nil) @config = config end
Public Instance Methods
resolve()
click to toggle source
@return [CredentialProvider, nil]
# File lib/aws-sdk-core/credential_provider_chain.rb, line 11 def resolve providers.each do |method_name, options| provider = send(method_name, options.merge(config: @config)) return provider if provider && provider.set? end nil end
Private Instance Methods
assume_role_credentials(options)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 137 def assume_role_credentials(options) if Aws.shared_config.config_enabled? assume_role_with_profile(options, determine_profile_name(options)) end end
assume_role_web_identity_credentials(options)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 143 def assume_role_web_identity_credentials(options) region = options[:config].region if options[:config] if (role_arn = ENV['AWS_ROLE_ARN']) && (token_file = ENV['AWS_WEB_IDENTITY_TOKEN_FILE']) cfg = { role_arn: role_arn, web_identity_token_file: token_file, role_session_name: ENV['AWS_ROLE_SESSION_NAME'] } cfg[:region] = region if region AssumeRoleWebIdentityCredentials.new(cfg) elsif Aws.shared_config.config_enabled? profile = options[:config].profile if options[:config] Aws.shared_config.assume_role_web_identity_credentials_from_config( profile: profile, region: region ) end end
assume_role_with_profile(options, profile_name)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 171 def assume_role_with_profile(options, profile_name) region = (options[:config] && options[:config].region) Aws.shared_config.assume_role_credentials_from_config( profile: profile_name, region: region, chain_config: @config ) end
determine_profile_name(options)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 107 def determine_profile_name(options) (options[:config] && options[:config].profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default' end
env_credentials(_options)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 93 def env_credentials(_options) key = %w[AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY] secret = %w[AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY] token = %w[AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN] Credentials.new(envar(key), envar(secret), envar(token)) end
envar(keys)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 100 def envar(keys) keys.each do |key| return ENV[key] if ENV.key?(key) end nil end
instance_profile_credentials(options)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 162 def instance_profile_credentials(options) profile_name = determine_profile_name(options) if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] ECSCredentials.new(options) else InstanceProfileCredentials.new(options.merge(profile: profile_name)) end end
process_credentials(options)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 118 def process_credentials(options) profile_name = determine_profile_name(options) if Aws.shared_config.config_enabled? && (process_provider = Aws.shared_config.credential_process(profile: profile_name)) ProcessCredentials.new(process_provider) end rescue Errors::NoSuchProfileError nil end
providers()
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 21 def providers [ [:static_credentials, {}], [:static_profile_assume_role_web_identity_credentials, {}], [:static_profile_sso_credentials, {}], [:static_profile_assume_role_credentials, {}], [:static_profile_credentials, {}], [:static_profile_process_credentials, {}], [:env_credentials, {}], [:assume_role_web_identity_credentials, {}], [:sso_credentials, {}], [:assume_role_credentials, {}], [:shared_credentials, {}], [:process_credentials, {}], [:instance_profile_credentials, { retries: @config ? @config.instance_profile_credentials_retries : 0, http_open_timeout: @config ? @config.instance_profile_credentials_timeout : 1, http_read_timeout: @config ? @config.instance_profile_credentials_timeout : 1 }] ] end
sso_credentials(options)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 128 def sso_credentials(options) profile_name = determine_profile_name(options) if Aws.shared_config.config_enabled? Aws.shared_config.sso_credentials_from_config(profile: profile_name) end rescue Errors::NoSuchProfileError nil end
static_credentials(options)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 43 def static_credentials(options) if options[:config] Credentials.new( options[:config].access_key_id, options[:config].secret_access_key, options[:config].session_token ) end end
static_profile_assume_role_credentials(options)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 70 def static_profile_assume_role_credentials(options) if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile assume_role_with_profile(options, options[:config].profile) end end
static_profile_assume_role_web_identity_credentials(options)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 53 def static_profile_assume_role_web_identity_credentials(options) if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile Aws.shared_config.assume_role_web_identity_credentials_from_config( profile: options[:config].profile, region: options[:config].region ) end end
static_profile_credentials(options)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 76 def static_profile_credentials(options) if options[:config] && options[:config].profile SharedCredentials.new(profile_name: options[:config].profile) end rescue Errors::NoSuchProfileError nil end
static_profile_process_credentials(options)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 84 def static_profile_process_credentials(options) if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile process_provider = Aws.shared_config.credential_process(profile: options[:config].profile) ProcessCredentials.new(process_provider) if process_provider end rescue Errors::NoSuchProfileError nil end
static_profile_sso_credentials(options)
click to toggle source
# File lib/aws-sdk-core/credential_provider_chain.rb, line 62 def static_profile_sso_credentials(options) if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile Aws.shared_config.sso_credentials_from_config( profile: options[:config].profile ) end end