Class: RrxConfig::DatabaseConfig::IamHashConfig
- Inherits:
-
ActiveRecord::DatabaseConfigurations::HashConfig
- Object
- ActiveRecord::DatabaseConfigurations::HashConfig
- RrxConfig::DatabaseConfig::IamHashConfig
- Defined in:
- lib/rrx_config/database_config/iam_hash_config.rb
Constant Summary collapse
- GLOBAL_PEM_URL =
'https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem'
- PASSWORD_EXPIRATION =
10.minutes
Instance Method Summary collapse
- #configuration_hash ⇒ Object
- #endpoint ⇒ Object
- #generate_password ⇒ Object
- #generator ⇒ Object
-
#initialize(env_name, name, configuration_hash) ⇒ IamHashConfig
constructor
A new instance of IamHashConfig.
- #password ⇒ Object
- #password_expired? ⇒ Boolean
- #raw_configuration_hash ⇒ Object
- #region ⇒ Object
- #sslca ⇒ Object
- #sslca_download ⇒ Object
- #sslca_path ⇒ Object
- #user_name ⇒ Object
Constructor Details
#initialize(env_name, name, configuration_hash) ⇒ IamHashConfig
Returns a new instance of IamHashConfig.
14 15 16 17 18 19 20 21 |
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 14 def initialize(env_name, name, configuration_hash) config = configuration_hash.except(:iam) case config[:adapter] when 'mysql2' config[:enable_cleartext_plugin] = true end super(env_name, name, config) end |
Instance Method Details
#configuration_hash ⇒ Object
23 24 25 26 27 28 29 30 31 |
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 23 def configuration_hash { password:, sslca:, ssl_mode: :required }.reverse_merge!(raw_configuration_hash).freeze.tap do |it| if RrxConfig.logger.respond_to?(:with_tags) RrxConfig.logger.(**it) { RrxConfig.debug 'Generated IAM DB config' } else RrxConfig.debug "Generated IAM DB config: #{JSON(it)}" end end end |
#endpoint ⇒ Object
45 46 47 |
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 45 def endpoint "#{raw_configuration_hash[:host]}:#{raw_configuration_hash[:port]}" end |
#generate_password ⇒ Object
57 58 59 |
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 57 def generate_password generator.auth_token(endpoint:, region:, user_name:) end |
#generator ⇒ Object
61 62 63 64 65 |
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 61 def generator require 'aws-sdk-rds' require_relative '../aws' @generator ||= ::Aws::RDS::AuthTokenGenerator.new(credentials: Aws.credentials) end |
#password ⇒ Object
33 34 35 36 37 38 39 |
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 33 def password if password_expired? @password = generate_password @password_expiration = PASSWORD_EXPIRATION.from_now end @password end |
#password_expired? ⇒ Boolean
41 42 43 |
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 41 def password_expired? !(@password && @password_expiration && (@password_expiration > Time.now)) end |
#raw_configuration_hash ⇒ Object
11 |
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 11 alias raw_configuration_hash configuration_hash |
#region ⇒ Object
49 50 51 |
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 49 def region raw_configuration_hash.fetch(:region, Aws.region) end |
#sslca ⇒ Object
67 68 69 70 |
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 67 def sslca sslca_download unless sslca_path.exist? sslca_path.to_s end |
#sslca_download ⇒ Object
76 77 78 79 80 81 82 83 |
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 76 def sslca_download require 'open-uri' download = URI.open(GLOBAL_PEM_URL) sslca_path.truncate(0) if sslca_path.exist? IO.copy_stream download, sslca_path RrxConfig.info "Downloaded AWS certs to #{sslca_path}" end |
#sslca_path ⇒ Object
72 73 74 |
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 72 def sslca_path @sslca_path ||= Rails.root.join('tmp/aws-rds-ca.pem') end |
#user_name ⇒ Object
53 54 55 |
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 53 def user_name raw_configuration_hash[:username] || raw_configuration_hash[:user] end |