Class: RrxConfig::DatabaseConfig::IamHashConfig

Inherits:
ActiveRecord::DatabaseConfigurations::HashConfig
  • Object
show all
Defined in:
lib/rrx_config/database_config/iam_hash_config.rb

Constant Summary collapse

GLOBAL_PEM_URL =
'https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem'
PASSWORD_EXPIRATION =
10.minutes

Instance Method Summary collapse

Constructor Details

#initialize(env_name, name, configuration_hash) ⇒ IamHashConfig

Returns a new instance of IamHashConfig.

Parameters:

  • configuration_hash (Hash)


14
15
16
17
18
19
20
21
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 14

def initialize(env_name, name, configuration_hash)
  config = configuration_hash.except(:iam)
  case config[:adapter]
  when 'mysql2'
    config[:enable_cleartext_plugin] = true
  end
  super(env_name, name, config)
end

Instance Method Details

#configuration_hashObject



23
24
25
26
27
28
29
30
31
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 23

def configuration_hash
  { password:, sslca:, ssl_mode: :required }.reverse_merge!(raw_configuration_hash).freeze.tap do |it|
    if RrxConfig.logger.respond_to?(:with_tags)
      RrxConfig.logger.with_tags(**it) { RrxConfig.debug 'Generated IAM DB config' }
    else
      RrxConfig.debug "Generated IAM DB config: #{JSON(it)}"
    end
  end
end

#endpointObject



45
46
47
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 45

def endpoint
  "#{raw_configuration_hash[:host]}:#{raw_configuration_hash[:port]}"
end

#generate_passwordObject



57
58
59
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 57

def generate_password
  generator.auth_token(endpoint:, region:, user_name:)
end

#generatorObject



61
62
63
64
65
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 61

def generator
  require 'aws-sdk-rds'
  require_relative '../aws'
  @generator ||= ::Aws::RDS::AuthTokenGenerator.new(credentials: Aws.credentials)
end

#passwordObject



33
34
35
36
37
38
39
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 33

def password
  if password_expired?
    @password            = generate_password
    @password_expiration = PASSWORD_EXPIRATION.from_now
  end
  @password
end

#password_expired?Boolean

Returns:

  • (Boolean)


41
42
43
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 41

def password_expired?
  !(@password && @password_expiration && (@password_expiration > Time.now))
end

#raw_configuration_hashObject



11
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 11

alias raw_configuration_hash configuration_hash

#regionObject



49
50
51
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 49

def region
  raw_configuration_hash.fetch(:region, Aws.region)
end

#sslcaObject



67
68
69
70
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 67

def sslca
  sslca_download unless sslca_path.exist?
  sslca_path.to_s
end

#sslca_downloadObject



76
77
78
79
80
81
82
83
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 76

def sslca_download
  require 'open-uri'
  download = URI.open(GLOBAL_PEM_URL)
  sslca_path.truncate(0) if sslca_path.exist?
  IO.copy_stream download, sslca_path

  RrxConfig.info "Downloaded AWS certs to #{sslca_path}"
end

#sslca_pathObject



72
73
74
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 72

def sslca_path
  @sslca_path ||= Rails.root.join('tmp/aws-rds-ca.pem')
end

#user_nameObject



53
54
55
# File 'lib/rrx_config/database_config/iam_hash_config.rb', line 53

def user_name
  raw_configuration_hash[:username] || raw_configuration_hash[:user]
end