class Google::Auth::ExternalAccount::AwsCredentials

def imdsv2_session_token

Raises:

(Google::Auth::CredentialsError) - If the token URL is missing or there's an error retrieving the token

Returns:

(String) - The IMDSv2 session token

def imdsv2_session_token
  return @imdsv2_session_token unless imdsv2_session_token_invalid?
  if @imdsv2_session_token_url.nil?
    raise CredentialsError.with_details(
      "IMDSV2 token url must be provided",
      credential_type_name: self.class.name,
      principal: principal
    )
  end
  begin
    response = connection.put @imdsv2_session_token_url do |req|
      req.headers["x-aws-ec2-metadata-token-ttl-seconds"] = IMDSV2_TOKEN_EXPIRATION_IN_SECONDS.to_s
    end
    raise Faraday::Error unless response.success?
  rescue Faraday::Error => e
    raise CredentialsError.with_details(
      "Fetching AWS IMDSV2 token error: #{e}",
      credential_type_name: self.class.name,
      principal: principal
    )
  end
  @imdsv2_session_token = response.body
  @imdsv2_session_token_expiry = Time.now + IMDSV2_TOKEN_EXPIRATION_IN_SECONDS
  @imdsv2_session_token
end

Included Modules

Extended Modules

Google::Auth::CredentialsLoader

Modules

Classes

class Google::Auth::ExternalAccount::AwsCredentials

def imdsv2_session_token

Included Modules

Extended Modules

Instance Methods