Class: Aws::SSOCredentials
- Inherits:
-
Object
- Object
- Aws::SSOCredentials
- Includes:
- CredentialProvider
- Defined in:
- gems/aws-sdk-core/lib/aws-sdk-core/sso_credentials.rb
Overview
An auto-refreshing credential provider that assumes a role via
Aws::SSO::Client#get_role_credentials using a cached access
token. When sso_session
is specified, token refresh logic from
SSOTokenProvider will be used to refresh the token if possible.
This class does NOT implement the SSO login token flow - tokens
must generated separately by running aws login
from the
AWS CLI with the correct profile. The SSOCredentials
will
auto-refresh the AWS credentials from SSO.
# You must first run aws sso login --profile your-sso-profile
sso_credentials = Aws::SSOCredentials.new(
sso_account_id: '123456789',
sso_role_name: "role_name",
sso_region: "us-east-1",
sso_session: 'my_sso_session'
)
ec2 = Aws::EC2::Client.new(credentials: sso_credentials)
If you omit :client
option, a new Aws::SSO::Client object will be
constructed with additional options that were provided.
Constant Summary collapse
- TOKEN_PROVIDER_REQUIRED_OPTS =
[:sso_session, :sso_account_id, :sso_region, :sso_role_name].freeze
Instance Attribute Summary collapse
-
#client ⇒ SSO::Client
readonly
Attributes included from CredentialProvider
Instance Method Summary collapse
-
#initialize(options = {}) ⇒ SSOCredentials
constructor
A new instance of SSOCredentials.
Methods included from CredentialProvider
Constructor Details
#initialize(options = {}) ⇒ SSOCredentials
Returns a new instance of SSOCredentials.
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 |
# File 'gems/aws-sdk-core/lib/aws-sdk-core/sso_credentials.rb', line 69 def initialize( = {}) = .select {|k, v| !v.nil? } if ([:sso_session]) missing_keys = TOKEN_PROVIDER_REQUIRED_OPTS.select { |k| [k].nil? } unless missing_keys.empty? raise ArgumentError, "Missing required keys: #{missing_keys}" end @legacy = false @sso_role_name = .delete(:sso_role_name) @sso_account_id = .delete(:sso_account_id) # if client has been passed, don't pass through to SSOTokenProvider @client = .delete(:client) .delete(:sso_start_url) @token_provider = Aws::SSOTokenProvider.new(.dup) @sso_session = .delete(:sso_session) @sso_region = .delete(:sso_region) unless @client client_opts = {} .each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) } client_opts[:region] = @sso_region client_opts[:credentials] = nil @client = Aws::SSO::Client.new(client_opts) end else # legacy behavior missing_keys = LEGACY_REQUIRED_OPTS.select { |k| [k].nil? } unless missing_keys.empty? raise ArgumentError, "Missing required keys: #{missing_keys}" end @legacy = true @sso_start_url = .delete(:sso_start_url) @sso_region = .delete(:sso_region) @sso_role_name = .delete(:sso_role_name) @sso_account_id = .delete(:sso_account_id) # validate we can read the token file read_cached_token client_opts = {} .each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) } client_opts[:region] = @sso_region client_opts[:credentials] = nil @client = [:client] || Aws::SSO::Client.new(client_opts) end @async_refresh = true super end |
Instance Attribute Details
#client ⇒ SSO::Client (readonly)
121 122 123 |
# File 'gems/aws-sdk-core/lib/aws-sdk-core/sso_credentials.rb', line 121 def client @client end |