Class: Aws::S3::AccessGrantsCredentialsProvider

Inherits:
Object
  • Object
show all
Defined in:
gems/aws-sdk-s3/lib/aws-sdk-s3/access_grants_credentials_provider.rb

Overview

Returns Credentials class for S3 Access Grants. Accepts GetDataAccess params and other configuration as options. See Aws::S3Control::Client#get_data_access for details.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ AccessGrantsCredentialsProvider

Returns a new instance of AccessGrantsCredentialsProvider.

Parameters:

  • options (Hash) (defaults to: {})

Options Hash (options):

  • :s3_control_client_options (Hash)

    The S3 Control client options used to create regional S3 Control clients to create the session. Region will be set to the region of the bucket.

  • :sts_client (Aws::STS::Client)

    The STS client used for fetching the Account ID for the credentials if credentials do not include an Account ID.

  • :s3_client (Aws::S3::Client)

    The S3 client used for fetching the location of the bucket so that a regional S3 Control client can be created. Defaults to the S3 client from the access grants plugin.

  • :privilege (String) — default: 'Default'

    The privilege to use when requesting credentials. (see: Aws::S3Control::Client#get_data_access)

  • :fallback (Boolean) — default: false

    When true, if access is denied, the provider will fall back to the configured credentials.

  • :caching (Boolean) — default: true

    When true, credentials and bucket account ids will be cached.

  • :before_refresh (Callable)

    Proc called before credentials are refreshed.



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/access_grants_credentials_provider.rb', line 42

def initialize(options = {})
  @s3_control_options = options.delete(:s3_control_client_options) || {}
  @s3_client = options.delete(:s3_client)
  @sts_client = options.delete(:sts_client)
  @fallback = options.delete(:fallback) || false
  @caching = options.delete(:caching) != false
  @s3_control_clients = {}
  @bucket_region_cache = Aws::S3.bucket_region_cache
  @head_bucket_mutex = Mutex.new
  @head_bucket_call = false
  return unless @caching

  @credentials_cache = Aws::S3.access_grants_credentials_cache
  @account_id_cache = Aws::S3.
end

Instance Attribute Details

#s3_clientObject

Returns the value of attribute s3_client.



79
80
81
# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/access_grants_credentials_provider.rb', line 79

def s3_client
  @s3_client
end

Instance Method Details

#access_grants_credentials_for(options = {}) ⇒ Object



58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/access_grants_credentials_provider.rb', line 58

def access_grants_credentials_for(options = {})
  target = target_prefix(
    options[:bucket],
    options[:key],
    options[:prefix]
  )
  credentials = s3_client.config.credentials.credentials # resolves

  if @caching
    cached_credentials_for(target, options[:permission], credentials)
  else
    new_credentials_for(target, options[:permission], credentials)
  end
rescue Aws::S3Control::Errors::AccessDenied
  raise unless @fallback

  warn 'Access denied for S3 Access Grants. Falling back to ' \
       'configured credentials.'
  s3_client.config.credentials
end