Class: Sfn::Callback::AwsAssumeRole

Inherits:
Sfn::Callback show all
Defined in:
lib/sfn/callback/aws_assume_role.rb

Overview

Support for AWS STS role credential caching

Constant Summary collapse

STS_STORE_ITEMS =

Items to cache in local file

[
  :aws_sts_token,
  :aws_sts_access_key_id,
  :aws_sts_secret_access_key,
  :aws_sts_token_expires,
]

Instance Attribute Summary

Attributes inherited from Sfn::Callback

#api, #arguments, #config, #ui

Instance Method Summary collapse

Methods inherited from Sfn::Callback

#initialize, #run_action

Constructor Details

This class inherits a constructor from Sfn::Callback

Instance Method Details

#after(*_) ⇒ Object

Store session token if available for later use



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/sfn/callback/aws_assume_role.rb', line 31

def after(*_)
  if enabled?
    if api.connection.aws_sts_role_arn && api.connection.aws_sts_token
      path = config.fetch(:aws_assume_role, :cache_file, ".sfn-aws")
      FileUtils.touch(path)
      File.chmod(0600, path)
      values = load_stored_values(path)
      STS_STORE_ITEMS.map do |key|
        values[key] = api.connection.data[key]
      end
      File.open(path, "w") do |file|
        file.puts MultiJson.dump(values)
      end
    end
  end
end

#after_config(*_) ⇒ Object

Inject STS related configuration into API provider credentials



23
24
25
26
27
 
# File 'lib/sfn/callback/aws_assume_role.rb', line 23

def after_config(*_)
  if enabled? && config.fetch(:credentials, :aws_sts_role_arn)
    load_stored_session
  end
end

#enabled?TrueClass, FalseClass

Returns:

  • (TrueClass, FalseClass) 


49
50
51
 
# File 'lib/sfn/callback/aws_assume_role.rb', line 49

def enabled?
  config.fetch(:aws_assume_role, :status, "enabled").to_s == "enabled"
end

#load_stored_sessionTrueClass, FalseClass

Load stored configuration data into the api connection

Returns:

  • (TrueClass, FalseClass) 


56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'lib/sfn/callback/aws_assume_role.rb', line 56

def load_stored_session
  path = config.fetch(:aws_assume_role, :cache_file, ".sfn-aws")
  if File.exists?(path)
    values = load_stored_values(path)
    STS_STORE_ITEMS.each do |key|
      api.connection.data[key] = values[key]
    end
    if values[:aws_sts_token_expires]
      begin
        api.connection.data[:aws_sts_token_expires] = Time.parse(values[:aws_sts_token_expires])
      rescue
      end
    end
    true
  else
    false
  end
end

#load_stored_values(path) ⇒ Hash

Load stored values

Parameters:

  • path (String)

Returns:

  • (Hash) 


79
80
81
82
83
84
85
86
87
88
89
 
# File 'lib/sfn/callback/aws_assume_role.rb', line 79

def load_stored_values(path)
  begin
    if File.exists?(path)
      MultiJson.load(File.read(path)).to_smash
    else
      Smash.new
    end
  rescue MultiJson::ParseError
    Smash.new
  end
end

#quietObject

Prevent callback output to user



17
18
19
 
# File 'lib/sfn/callback/aws_assume_role.rb', line 17

def quiet
  true
end