class Aws::CredentialProviderChain

@api private

def assume_role_credentials(options) 

def assume_role_credentials(options)
  if Aws.shared_config.config_enabled?
    assume_role_with_profile(options, determine_profile_name(options))
  end
end

def assume_role_web_identity_credentials(options) 

def assume_role_web_identity_credentials(options)
  region = options[:config].region if options[:config]
  if (role_arn = ENV['AWS_ROLE_ARN']) && (token_file = ENV['AWS_WEB_IDENTITY_TOKEN_FILE'])
    cfg = {
      role_arn: role_arn,
      web_identity_token_file: token_file,
      role_session_name: ENV['AWS_ROLE_SESSION_NAME']
    }
    cfg[:region] = region if region
    AssumeRoleWebIdentityCredentials.new(cfg)
  elsif Aws.shared_config.config_enabled?
    profile = options[:config].profile if options[:config]
    Aws.shared_config.assume_role_web_identity_credentials_from_config(
      profile: profile,
      region: region
    )
  end
end

def assume_role_with_profile(options, profile_name) 

def assume_role_with_profile(options, profile_name)
  region = (options[:config] && options[:config].region)
  Aws.shared_config.assume_role_credentials_from_config(
    profile: profile_name,
    region: region,
    chain_config: @config
  )
end

def determine_profile_name(options) 

def determine_profile_name(options)
  (options[:config] && options[:config].profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default'
end

def env_credentials(_options) 

def env_credentials(_options)
  key =    %w[AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY]
  secret = %w[AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY]
  token =  %w[AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN]
  Credentials.new(envar(key), envar(secret), envar(token))
end

def envar(keys) 

def envar(keys)
  keys.each do |key|
    return ENV[key] if ENV.key?(key)
  end
  nil
end

def initialize(config = nil) 

def initialize(config = nil)
  @config = config
end

def instance_profile_credentials(options) 

def instance_profile_credentials(options)
  if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
    ECSCredentials.new(options)
  else
    InstanceProfileCredentials.new(options)
  end
end

def process_credentials(options) 

def process_credentials(options)
  profile_name = determine_profile_name(options)
  if Aws.shared_config.config_enabled? &&
     (process_provider = Aws.shared_config.credential_process(profile: profile_name))
    ProcessCredentials.new(process_provider)
  end
rescue Errors::NoSuchProfileError
  nil
end

def providers 

def providers
  [
    [:static_credentials, {}],
    [:static_profile_assume_role_web_identity_credentials, {}],
    [:static_profile_assume_role_credentials, {}],
    [:static_profile_credentials, {}],
    [:static_profile_process_credentials, {}],
    [:env_credentials, {}],
    [:assume_role_web_identity_credentials, {}],
    [:assume_role_credentials, {}],
    [:shared_credentials, {}],
    [:process_credentials, {}],
    [:instance_profile_credentials, {
      retries: @config ? @config.instance_profile_credentials_retries : 0,
      http_open_timeout: @config ? @config.instance_profile_credentials_timeout : 1,
      http_read_timeout: @config ? @config.instance_profile_credentials_timeout : 1
    }]
  ]
end

def resolve

Returns:
  • (CredentialProvider, nil) - 
def resolve
  providers.each do |method_name, options|
    provider = send(method_name, options.merge(config: @config))
    return provider if provider && provider.set?
  end
  nil
end

def shared_credentials(options) 

def shared_credentials(options)
  profile_name = determine_profile_name(options)
  SharedCredentials.new(profile_name: profile_name)
rescue Errors::NoSuchProfileError
  nil
end

def static_credentials(options) 

def static_credentials(options)
  if options[:config]
    Credentials.new(
      options[:config].access_key_id,
      options[:config].secret_access_key,
      options[:config].session_token
    )
  end
end

def static_profile_assume_role_credentials(options) 

def static_profile_assume_role_credentials(options)
  if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
    assume_role_with_profile(options, options[:config].profile)
  end
end

def static_profile_assume_role_web_identity_credentials(options) 

def static_profile_assume_role_web_identity_credentials(options)
  if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
    Aws.shared_config.assume_role_web_identity_credentials_from_config(
      profile: options[:config].profile,
      region: options[:config].region
    )
  end
end

def static_profile_credentials(options) 

def static_profile_credentials(options)
  if options[:config] && options[:config].profile
    SharedCredentials.new(profile_name: options[:config].profile)
  end
rescue Errors::NoSuchProfileError
  nil
end

def static_profile_process_credentials(options) 

def static_profile_process_credentials(options)
  if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
    process_provider = Aws.shared_config.credential_process(profile: options[:config].profile)
    ProcessCredentials.new(process_provider) if process_provider
  end
rescue Errors::NoSuchProfileError
  nil
end