Class: Mongo::Crypt::KMS::AWS::Credentials Private

Inherits:

Object

• Object
• Mongo::Crypt::KMS::AWS::Credentials

Extended by:

Forwardable

Includes:

Validations

Defined in:

lib/mongo/crypt/kms/aws/credentials.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

AWS KMS Credentials object contains credentials for using AWS KMS provider.

Constant Summary

FORMAT_HINT =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

"AWS KMS provider options must be in the format: " +
"{ access_key_id: 'YOUR-ACCESS-KEY-ID', secret_access_key: 'SECRET-ACCESS-KEY' }"

Instance Attribute Summary

• #access_key_id ⇒ String readonly private

  AWS access key.

• #secret_access_key ⇒ String readonly private

  AWS secret access key.

• #session_token ⇒ String | nil readonly private

  AWS session token.

Instance Method Summary

• #initialize(opts) ⇒ Credentials constructor private

  Creates an AWS KMS credentials object form a parameters hash.

• #to_document ⇒ BSON::Document private

  Convert credentials object to a BSON document in libmongocrypt format.

Methods included from Validations

#validate_param, validate_tls_options

Constructor Details

#initialize(opts) ⇒ Credentials

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Creates an AWS KMS credentials object form a parameters hash.

Parameters:

• opts (Hash) —

  A hash that contains credentials for AWS KMS provider

Options Hash (opts):

• :access_key_id (String) —

  AWS access key id.

• :secret_access_key (String) —

  AWS secret access key.

• :session_token (String | nil) —

  AWS session token, optional.

Raises:

• (ArgumentError) —

  If required options are missing or incorrectly formatted.

# File 'lib/mongo/crypt/kms/aws/credentials.rb', line 55

def initialize(opts)
  @opts = opts
  unless empty?
    @access_key_id = validate_param(:access_key_id, opts, FORMAT_HINT)
    @secret_access_key = validate_param(:secret_access_key, opts, FORMAT_HINT)
    @session_token = validate_param(:session_token, opts, FORMAT_HINT, required: false)
  end
end

Instance Attribute Details

#access_key_id ⇒ String (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns AWS access key.

Returns:

• (String) —

  AWS access key.

# File 'lib/mongo/crypt/kms/aws/credentials.rb', line 31

def access_key_id
  @access_key_id
end

#secret_access_key ⇒ String (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns AWS secret access key.

Returns:

• (String) —

  AWS secret access key.

# File 'lib/mongo/crypt/kms/aws/credentials.rb', line 34

def secret_access_key
  @secret_access_key
end

#session_token ⇒ String | nil (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns AWS session token.

Returns:

• (String | nil) —

  AWS session token.

# File 'lib/mongo/crypt/kms/aws/credentials.rb', line 37

def session_token
  @session_token
end

Instance Method Details

#to_document ⇒ BSON::Document

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Convert credentials object to a BSON document in libmongocrypt format.

Returns:

• (BSON::Document) —

  AWS KMS credentials in libmongocrypt format.

# File 'lib/mongo/crypt/kms/aws/credentials.rb', line 67

def to_document
  return BSON::Document.new if empty?
  BSON::Document.new({
    accessKeyId: access_key_id,
    secretAccessKey: secret_access_key,
  }).tap do |bson|
    unless session_token.nil?
      bson.update({ sessionToken: session_token })
    end
  end
end