Class: OCI::Auth::Signers::EphemeralResourcePrincipalsSigner
- Inherits:
-
SecurityTokenSigner
- Object
- BaseSigner
- SecurityTokenSigner
- OCI::Auth::Signers::EphemeralResourcePrincipalsSigner
- Defined in:
- lib/oci/auth/signers/ephemeral_resource_principals_signer.rb
Overview
This signer takes the following parameters: - session_token - private_key - private_key_passphrase These parameters may be used in one of two modes. In the first mode, they contain the actual contents of the Resource Pricipals Session Token, private key (in PEM format) and the passphrase.
In the second mode, if these parameters contain absolute paths, then those paths are taken as the
on-filesystem location of the values in question.
-
region: the canonical region name
This is utilised in locating the "local" endpoints of services.
Constant Summary
Constants inherited from BaseSigner
BaseSigner::BODY_HEADERS, BaseSigner::GENERIC_HEADERS, BaseSigner::SIGNATURE_VERSION, BaseSigner::SIGNING_STRATEGY_ENUM
Instance Attribute Summary collapse
-
#region ⇒ Object
readonly
Returns the value of attribute region.
Instance Method Summary collapse
- #claim(claim) ⇒ Object
-
#initialize(session_token: nil, private_key: nil, private_key_passphrase: nil, region: nil) ⇒ EphemeralResourcePrincipalsSigner
constructor
A new instance of EphemeralResourcePrincipalsSigner.
-
#initialize_and_return_region(region) ⇒ Object
The region should be something like “us-phoenix-1” but if we get “phx” then convert it.
- #refresh_security_token ⇒ Object
- #reset_claims ⇒ Object
- #reset_signer ⇒ Object
- #resource_principal_session_token ⇒ Object
- #security_token ⇒ Object
Methods inherited from BaseSigner
Constructor Details
#initialize(session_token: nil, private_key: nil, private_key_passphrase: nil, region: nil) ⇒ EphemeralResourcePrincipalsSigner
Returns a new instance of EphemeralResourcePrincipalsSigner.
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# File 'lib/oci/auth/signers/ephemeral_resource_principals_signer.rb', line 31 def initialize( session_token: nil, private_key: nil, private_key_passphrase: nil, region: nil ) @refresh_lock = Mutex.new @region = initialize_and_return_region(region) raise 'Missing Resource Principal Session Token when initializing resource principals signer' if session_token.nil? @rpst = session_token # Load the initial values @session_key_supplier = OCI::Auth::Signers::EphemeralRPSessionKeySupplier.new(private_key, private_key_passphrase) @security_token = OCI::Auth::SecurityTokenContainer.new(resource_principal_session_token, key_pair: @session_key_supplier.session_key) # After load, the RPST holds claims for tenancy and compartment. reset_claims # Get the Resource Principal Session Token and use it to set up the signer super(@security_token.security_token, @session_key_supplier.session_key) end |
Instance Attribute Details
#region ⇒ Object (readonly)
Returns the value of attribute region.
29 30 31 |
# File 'lib/oci/auth/signers/ephemeral_resource_principals_signer.rb', line 29 def region @region end |
Instance Method Details
#claim(claim) ⇒ Object
104 105 106 |
# File 'lib/oci/auth/signers/ephemeral_resource_principals_signer.rb', line 104 def claim(claim) @security_token.jwt[0][claim] end |
#initialize_and_return_region(region) ⇒ Object
The region should be something like “us-phoenix-1” but if we get “phx” then convert it.
55 56 57 58 59 60 61 |
# File 'lib/oci/auth/signers/ephemeral_resource_principals_signer.rb', line 55 def initialize_and_return_region(region) if OCI::Regions::REGION_SHORT_NAMES_TO_LONG_NAMES.include?(region) OCI::Regions::REGION_SHORT_NAMES_TO_LONG_NAMES[region] else region end end |
#refresh_security_token ⇒ Object
71 72 73 74 75 76 77 78 79 80 |
# File 'lib/oci/auth/signers/ephemeral_resource_principals_signer.rb', line 71 def refresh_security_token @refresh_lock.lock @session_key_supplier.refresh @security_token = OCI::Auth::SecurityTokenContainer.new(resource_principal_session_token, key_pair: @session_key_supplier.session_key) reset_signer # Resources may be moved between compartments. Update any coordinates on refresh. reset_claims ensure @refresh_lock.unlock if @refresh_lock.locked? && @refresh_lock.owned? end |
#reset_claims ⇒ Object
99 100 101 102 |
# File 'lib/oci/auth/signers/ephemeral_resource_principals_signer.rb', line 99 def reset_claims @tenancy_id = claim('res_tenant') @compartment_id = claim('res_compartment') end |
#reset_signer ⇒ Object
82 83 84 85 86 87 88 89 |
# File 'lib/oci/auth/signers/ephemeral_resource_principals_signer.rb', line 82 def reset_signer @key_id = "ST$#{@security_token.security_token}" @private_key_content = @session_key_supplier.session_key @private_key = OpenSSL::PKey::RSA.new( @private_key_content, @pass_phrase || SecureRandom.uuid ) end |
#resource_principal_session_token ⇒ Object
91 92 93 94 95 96 97 |
# File 'lib/oci/auth/signers/ephemeral_resource_principals_signer.rb', line 91 def resource_principal_session_token if File.exist?(File.(@rpst)) File.read(File.(@rpst)).to_s.strip else @rpst end end |
#security_token ⇒ Object
63 64 65 66 67 68 69 |
# File 'lib/oci/auth/signers/ephemeral_resource_principals_signer.rb', line 63 def security_token if defined? @security_token return @security_token.security_token if @security_token.token_valid? end refresh_security_token @security_token.security_token end |