Class: Aws::Google

Inherits:

Object

Object
Aws::Google

show all

Includes:: CredentialProvider, CachedCredentials

Defined in:: lib/aws/google.rb,
lib/aws/google/version.rb,
lib/aws/google/cached_credentials.rb,
lib/aws/google/credential_provider.rb

Overview

An auto-refreshing credential provider that works by assuming a role via STS::Client#assume_role_with_web_identity, using an ID token derived from a Google refresh token.

role_credentials = Aws::Google.new(
  role_arn: aws_role,
  google_client_id: client_id,
  google_client_secret: client_secret
)

ec2 = Aws::EC2::Client.new(credentials: role_credentials)

If you omit ‘:client` option, a new STS::Client object will be constructed.

Defined Under Namespace

Modules: CachedCredentials, CredentialProvider, GoogleSharedCredentials

Constant Summary collapse

VERSION =

'0.2.3'.freeze

Class Attribute Summary collapse

.config ⇒ Object

Use ‘Aws::Google.config` to set default options for any instance of this provider.

Instance Method Summary collapse

#initialize(options = {}) ⇒ Google constructor

A new instance of Google.

Methods included from CachedCredentials

#refresh_if_near_expiration, #write_credentials

Constructor Details

#initialize(options = {}) ⇒ `Google`

Returns a new instance of Google.

Options Hash (options):

:role_arn (required, String)
:policy (String)
:duration_seconds (Integer)
:external_id (String)
:client (STS::Client) —

STS::Client to use (default: create new client)
:domain (String) —

G Suite domain for account-selection hint
:online (String) —

if ‘true` only a temporary access token will be provided, a long-lived refresh token will not be created and stored on the filesystem.
:port (String) —

port for local server to listen on to capture oauth browser redirect. Defaults to 1234. Set to nil or 0 to use an out-of-band authentication process.
:client_id (String) —

Google client ID
:client_secret (String) —

Google client secret

# File 'lib/aws/google.rb', line 47

def initialize(options = {})
  options = options.merge(self.class.config)
  @oauth_attempted = false
  @assume_role_params = options.slice(
    *Aws::STS::Client.api.operation(:assume_role_with_web_identity).
      input.shape.member_names
  )

  @google_id = ::Google::Auth::ClientId.new(
    options[:client_id],
    options[:client_secret]
  )
  @client = options[:client] || Aws::STS::Client.new(credentials: nil)
  @domain = options[:domain]
  @online = options[:online]
  @port = options[:port] || 1234
  super
end

Class Attribute Details

.config ⇒ `Object`

Use ‘Aws::Google.config` to set default options for any instance of this provider.



31
32
33

# File 'lib/aws/google.rb', line 31

def config
  @config
end