class Sfn::Callback::AwsAssumeRole

Support for AWS STS role credential caching

Constants

STS_STORE_ITEMS

Items to cache in local file

Public Instance Methods

after(*_) click to toggle source

Store session token if available for later use

# File lib/sfn/callback/aws_assume_role.rb, line 31
def after(*_)
  if enabled?
    if api.connection.aws_sts_role_arn && api.connection.aws_sts_token
      path = config.fetch(:aws_assume_role, :cache_file, ".sfn-aws")
      FileUtils.touch(path)
      File.chmod(0600, path)
      values = load_stored_values(path)
      STS_STORE_ITEMS.map do |key|
        values[key] = api.connection.data[key]
      end
      File.open(path, "w") do |file|
        file.puts MultiJson.dump(values)
      end
    end
  end
end
after_config(*_) click to toggle source

Inject STS related configuration into API provider credentials

# File lib/sfn/callback/aws_assume_role.rb, line 23
def after_config(*_)
  if enabled? && config.fetch(:credentials, :aws_sts_role_arn)
    load_stored_session
  end
end
enabled?() click to toggle source

@return [TrueClass, FalseClass]

# File lib/sfn/callback/aws_assume_role.rb, line 49
def enabled?
  config.fetch(:aws_assume_role, :status, "enabled").to_s == "enabled"
end
load_stored_session() click to toggle source

Load stored configuration data into the api connection

@return [TrueClass, FalseClass]

# File lib/sfn/callback/aws_assume_role.rb, line 56
def load_stored_session
  path = config.fetch(:aws_assume_role, :cache_file, ".sfn-aws")
  if File.exists?(path)
    values = load_stored_values(path)
    STS_STORE_ITEMS.each do |key|
      api.connection.data[key] = values[key]
    end
    if values[:aws_sts_token_expires]
      begin
        api.connection.data[:aws_sts_token_expires] = Time.parse(values[:aws_sts_token_expires])
      rescue
      end
    end
    true
  else
    false
  end
end
load_stored_values(path) click to toggle source

Load stored values

@param path [String] @return [Hash]

# File lib/sfn/callback/aws_assume_role.rb, line 79
def load_stored_values(path)
  begin
    if File.exists?(path)
      MultiJson.load(File.read(path)).to_smash
    else
      Smash.new
    end
  rescue MultiJson::ParseError
    Smash.new
  end
end
quiet() click to toggle source

Prevent callback output to user

# File lib/sfn/callback/aws_assume_role.rb, line 17
def quiet
  true
end