File: presigner.rb

package info (click to toggle)
ruby-aws-sdk-core 3.212.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,232 kB
  • sloc: ruby: 17,533; makefile: 4
file content (73 lines) | stat: -rw-r--r-- 2,489 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# frozen_string_literal: true

require 'aws-sigv4'

module Aws
  module STS
    # Allows you to create presigned URLs for STS operations.
    #
    # @example
    #
    #   signer = Aws::STS::Presigner.new
    #   url = signer.get_caller_identity_presigned_url(
    #     headers: {"X-K8s-Aws-Id" => 'my-eks-cluster'}
    #   )
    class Presigner
      # @option options [Client] :client Optionally provide an existing
      #   STS client
      def initialize(options = {})
        @client = options[:client] || Aws::STS::Client.new
      end

      # Returns a presigned url for get_caller_identity.
      #
      # @option options [Hash] :headers
      #   Headers that should be signed and sent along with the request. All
      #   x-amz-* headers must be present during signing. Other headers are
      #   optional.
      #
      # @return [String] A presigned url string.
      #
      # @example
      #
      #   url = signer.get_caller_identity_presigned_url(
      #     headers: {"X-K8s-Aws-Id" => 'my-eks-cluster'},
      #   )
      #
      # This can be easily converted to a token used by the EKS service:
      # {https://docs.ruby-lang.org/en/3.2/Base64.html#method-i-encode64}
      # "k8s-aws-v1." + Base64.urlsafe_encode64(url).chomp("==")
      def get_caller_identity_presigned_url(options = {})
        req = @client.build_request(:get_caller_identity, {})
        context = req.context

        param_list = Aws::Query::ParamList.new
        param_list.set('Action', 'GetCallerIdentity')
        param_list.set('Version', req.context.config.api.version)
        Aws::Query::EC2ParamBuilder.new(param_list)
          .apply(req.context.operation.input, {})

        endpoint_params = Aws::STS::EndpointParameters.new(
          region: context.config.region,
          use_dual_stack: context.config.use_dualstack_endpoint,
          use_fips: context.config.use_fips_endpoint,
          use_global_endpoint: context.config.sts_regional_endpoints == 'legacy'
        )
        endpoint = context.config.endpoint_provider
                          .resolve_endpoint(endpoint_params)
        auth_scheme = Aws::Endpoints.resolve_auth_scheme(context, endpoint)

        signer = Aws::Plugins::Sign.signer_for(
          auth_scheme, context.config
        )

        signer.presign_url(
          http_method: 'GET',
          url: "#{endpoint.url}/?#{param_list}",
          body: '',
          headers: options[:headers]
        ).to_s
      end
    end
  end
end