Class: Aws::Google

Inherits:
Object
  • Object
show all
Includes:
CredentialProvider, CachedCredentials
Defined in:
lib/aws/google.rb,
lib/aws/google/version.rb,
lib/aws/google/cached_credentials.rb,
lib/aws/google/credential_provider.rb

Overview

An auto-refreshing credential provider that works by assuming a role via STS::Client#assume_role_with_web_identity, using an ID token derived from a Google refresh token.

role_credentials = Aws::Google.new(
  role_arn: aws_role,
  google_client_id: client_id,
  google_client_secret: client_secret
)

ec2 = Aws::EC2::Client.new(credentials: role_credentials)

If you omit ‘:client` option, a new STS::Client object will be constructed.

Defined Under Namespace

Modules: CachedCredentials, CredentialProvider, GoogleSharedCredentials

Constant Summary collapse

VERSION =
'0.2.3'.freeze

Class Attribute Summary collapse

Instance Method Summary collapse

Methods included from CachedCredentials

#refresh_if_near_expiration, #write_credentials

Constructor Details

#initialize(options = {}) ⇒ Google

Returns a new instance of Google.

Options Hash (options):

  • :role_arn (required, String)
  • :policy (String)
  • :duration_seconds (Integer)
  • :external_id (String)
  • :client (STS::Client)

    STS::Client to use (default: create new client)

  • :domain (String)

    G Suite domain for account-selection hint

  • :online (String)

    if ‘true` only a temporary access token will be provided, a long-lived refresh token will not be created and stored on the filesystem.

  • :port (String)

    port for local server to listen on to capture oauth browser redirect. Defaults to 1234. Set to nil or 0 to use an out-of-band authentication process.

  • :client_id (String)

    Google client ID

  • :client_secret (String)

    Google client secret



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# File 'lib/aws/google.rb', line 47

def initialize(options = {})
  options = options.merge(self.class.config)
  @oauth_attempted = false
  @assume_role_params = options.slice(
    *Aws::STS::Client.api.operation(:assume_role_with_web_identity).
      input.shape.member_names
  )

  @google_id = ::Google::Auth::ClientId.new(
    options[:client_id],
    options[:client_secret]
  )
  @client = options[:client] || Aws::STS::Client.new(credentials: nil)
  @domain = options[:domain]
  @online = options[:online]
  @port = options[:port] || 1234
  super
end

Class Attribute Details

.configObject

Use ‘Aws::Google.config` to set default options for any instance of this provider.



31
32
33
# File 'lib/aws/google.rb', line 31

def config
  @config
end