1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
# frozen_string_literal: true
require 'aws-sigv4'
module Aws
module STS
# Allows you to create presigned URLs for STS operations.
#
# @example
#
# signer = Aws::STS::Presigner.new
# url = signer.get_caller_identity_presigned_url(
# headers: {"X-K8s-Aws-Id" => 'my-eks-cluster'}
# )
class Presigner
# @option options [Client] :client Optionally provide an existing
# STS client
def initialize(options = {})
@client = options[:client] || Aws::STS::Client.new
end
# Returns a presigned url for get_caller_identity.
#
# @option options [Hash] :headers
# Headers that should be signed and sent along with the request. All
# x-amz-* headers must be present during signing. Other headers are
# optional.
#
# @return [String] A presigned url string.
#
# @example
#
# url = signer.get_caller_identity_presigned_url(
# headers: {"X-K8s-Aws-Id" => 'my-eks-cluster'},
# )
#
# This can be easily converted to a token used by the EKS service:
# {https://ruby-doc.org/stdlib-2.3.1/libdoc/base64/rdoc/Base64.html#method-i-encode64}
# "k8s-aws-v1." + Base64.urlsafe_encode64(url).chomp("==")
def get_caller_identity_presigned_url(options = {})
req = @client.build_request(:get_session_token, {})
param_list = Aws::Query::ParamList.new
param_list.set('Action', 'GetCallerIdentity')
param_list.set('Version', req.context.config.api.version)
Aws::Query::EC2ParamBuilder.new(param_list)
.apply(req.context.operation.input, {})
signer = Aws::Sigv4::Signer.new(
service: 'sts',
region: req.context.config.region,
credentials_provider: req.context.config.credentials
)
url = Aws::Partitions::EndpointProvider.resolve(
req.context.config.region, 'sts', 'regional'
)
url += "/?#{param_list}"
signer.presign_url(
http_method: 'GET',
url: url,
body: '',
headers: options[:headers]
).to_s
end
end
end
end
|
