class Aws::ProcessCredentials
@see docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes<br><br>provided in the credentials payload.
Automatically handles refreshing credentials if an Expiration time is
ec2 = Aws::EC2::Client.new(credentials: credentials)
credentials = Aws::ProcessCredentials.new(‘/usr/bin/credential_proc’)
to read its stdout to recieve a JSON payload containing the credentials.
A credential provider that executes a given process and attempts
def _parse_payload_format_v1(creds_json)
def _parse_payload_format_v1(creds_json) creds = Credentials.new( creds_json['AccessKeyId'], creds_json['SecretAccessKey'], creds_json['SessionToken'] ) @expiration = creds_json['Expiration'] ? Time.iso8601(creds_json['Expiration']) : nil return creds if creds.set? raise Errors::InvalidProcessCredentialsPayload.new("Invalid payload for JSON credentials version 1") end
def credentials_from_process(proc_invocation)
def credentials_from_process(proc_invocation) begin raw_out = `#{proc_invocation}` process_status = $? rescue Errno::ENOENT raise Errors::InvalidProcessCredentialsPayload.new("Could not find process #{proc_invocation}") end if process_status.success? begin creds_json = Aws::Json.load(raw_out) rescue Aws::Json::ParseError raise Errors::InvalidProcessCredentialsPayload.new("Invalid JSON response") end payload_version = creds_json['Version'] if payload_version == 1 _parse_payload_format_v1(creds_json) else raise Errors::InvalidProcessCredentialsPayload.new("Invalid version #{payload_version} for credentials payload") end else raise Errors::InvalidProcessCredentialsPayload.new('credential_process provider failure, the credential process had non zero exit status and failed to provide credentials') end end
def initialize(process)
-
process(String) -- Invocation string for process
def initialize(process) @process = process @credentials = credentials_from_process(@process) @async_refresh = false super end
def near_expiration?(expiration_length)
def near_expiration?(expiration_length) # are we within 5 minutes of expiration? @expiration && (Time.now.to_i + expiration_length) > @expiration.to_i end
def refresh
def refresh @credentials = credentials_from_process(@process) end