12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
# File 'lib/fog/aws/credential_fetcher.rb', line 12
def fetch_credentials(options)
if options[:use_iam_profile] && Fog.mocking?
Fog::Compute::AWS::Mock.data[:iam_role_based_creds]
end
if options[:use_iam_profile]
begin
role_data = nil
region = options[:region]
if ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
connection = options[:connection] || Excon.new(CONTAINER_CREDENTIALS_HOST)
credential_path = options[:credential_path] || ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
role_data = connection.get(:path => credential_path, :idempotent => true, :expects => 200).body
connection = options[:metadata_connection] || Excon.new(INSTANCE_METADATA_HOST)
region ||= connection.get(:path => INSTANCE_METADATA_AZ, :idempotent => true, :expects => 200).body[0..-2]
else
connection = options[:connection] || Excon.new(INSTANCE_METADATA_HOST)
role_name = connection.get(:path => INSTANCE_METADATA_PATH, :idempotent => true, :expects => 200).body
role_data = connection.get(:path => INSTANCE_METADATA_PATH+role_name, :idempotent => true, :expects => 200).body
region ||= connection.get(:path => INSTANCE_METADATA_AZ, :idempotent => true, :expects => 200).body[0..-2]
end
session = Fog::JSON.decode(role_data)
credentials = {}
credentials[:aws_access_key_id] = session['AccessKeyId']
credentials[:aws_secret_access_key] = session['SecretAccessKey']
credentials[:aws_session_token] = session['Token']
credentials[:aws_credentials_expire_at] = Time.xmlschema session['Expiration']
credentials[:region] = region
credentials
rescue Excon::Error => e
Fog::Logger.warning("Unable to fetch credentials: #{e.message}")
super
end
else
super
end
end
|