Class: Aws::S3::AccessGrantsCredentialsProvider

Inherits:

Object

• Object
• Aws::S3::AccessGrantsCredentialsProvider

Defined in:

lib/aws-sdk-s3/access_grants_credentials_provider.rb

Overview

Returns Credentials class for S3 Access Grants. Accepts GetDataAccess params and other configuration as options. See Aws::S3Control::Client#get_data_access for details.

Instance Attribute Summary

• #s3_client ⇒ Object

  Returns the value of attribute s3_client.

Instance Method Summary

• #access_grants_credentials_for(options = {}) ⇒ Object
• #initialize(options = {}) ⇒ AccessGrantsCredentialsProvider constructor

  A new instance of AccessGrantsCredentialsProvider.

Constructor Details

#initialize(options = {}) ⇒ AccessGrantsCredentialsProvider

Returns a new instance of AccessGrantsCredentialsProvider.

Parameters:

• options (Hash) (defaults to: {})

Options Hash (options):

• :s3_control_client_options (Hash) —

  The S3 Control client options used to create regional S3 Control clients to create the session. Region will be set to the region of the bucket.

• :sts_client (Aws::STS::Client) —

  The STS client used for fetching the Account ID for the credentials if credentials do not include an Account ID.

• :s3_client (Aws::S3::Client) —

  The S3 client used for fetching the location of the bucket so that a regional S3 Control client can be created. Defaults to the S3 client from the access grants plugin.

• :privilege (String) — default: 'Default' —

  The privilege to use when requesting credentials. (see: Aws::S3Control::Client#get_data_access)

• :fallback (Boolean) — default: false —

  When true, if access is denied, the provider will fall back to the configured credentials.

• :caching (Boolean) — default: true —

  When true, credentials and bucket account ids will be cached.

• :before_refresh (Callable) —

  Proc called before credentials are refreshed.

# File 'lib/aws-sdk-s3/access_grants_credentials_provider.rb', line 42

def initialize(options = {})
  @s3_control_options = options.delete(:s3_control_client_options) || {}
  @s3_client = options.delete(:s3_client)
  @sts_client = options.delete(:sts_client)
  @fallback = options.delete(:fallback) || false
  @caching = options.delete(:caching) != false
  @s3_control_clients = {}
  @bucket_region_cache = Aws::S3.bucket_region_cache
  @head_bucket_mutex = Mutex.new
  @head_bucket_call = false
  return unless @caching

  @credentials_cache = Aws::S3.access_grants_credentials_cache
  @account_id_cache = Aws::S3.access_grants_account_id_cache
end

Instance Attribute Details

#s3_client ⇒ Object

Returns the value of attribute s3_client.

# File 'lib/aws-sdk-s3/access_grants_credentials_provider.rb', line 79

def s3_client
  @s3_client
end

Instance Method Details

#access_grants_credentials_for(options = {}) ⇒ Object

# File 'lib/aws-sdk-s3/access_grants_credentials_provider.rb', line 58

def access_grants_credentials_for(options = {})
  target = target_prefix(
    options[:bucket],
    options[:key],
    options[:prefix]
  )
  credentials = s3_client.config.credentials.credentials # resolves

  if @caching
    cached_credentials_for(target, options[:permission], credentials)
  else
    new_credentials_for(target, options[:permission], credentials)
  end
rescue Aws::S3Control::Errors::AccessDenied
  raise unless @fallback

  warn 'Access denied for S3 Access Grants. Falling back to ' \
       'configured credentials.'
  s3_client.config.credentials
end