2014-02-01 21:13:17 -05:00
|
|
|
require 'fog/aws/core'
|
2011-11-13 15:16:22 -05:00
|
|
|
|
|
|
|
module Fog
|
|
|
|
module AWS
|
|
|
|
class STS < Fog::Service
|
2013-07-16 09:23:38 -04:00
|
|
|
extend Fog::AWS::CredentialFetcher::ServiceMethods
|
2011-11-13 15:16:22 -05:00
|
|
|
|
|
|
|
class EntityAlreadyExists < Fog::AWS::STS::Error; end
|
|
|
|
class ValidationError < Fog::AWS::STS::Error; end
|
|
|
|
|
|
|
|
requires :aws_access_key_id, :aws_secret_access_key
|
2013-07-16 09:23:38 -04:00
|
|
|
recognizes :host, :path, :port, :scheme, :persistent, :aws_session_token, :use_iam_profile, :aws_credentials_expire_at
|
2011-11-13 15:16:22 -05:00
|
|
|
|
|
|
|
request_path 'fog/aws/requests/sts'
|
|
|
|
request :get_federation_token
|
|
|
|
request :get_session_token
|
2013-07-16 09:23:38 -04:00
|
|
|
request :assume_role
|
2011-11-13 15:16:22 -05:00
|
|
|
|
|
|
|
class Mock
|
|
|
|
def self.data
|
|
|
|
@data ||= Hash.new do |hash, key|
|
|
|
|
hash[key] = {
|
|
|
|
:owner_id => Fog::AWS::Mock.owner_id,
|
|
|
|
:server_certificates => {}
|
|
|
|
}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.reset
|
|
|
|
@data = nil
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.server_certificate_id
|
|
|
|
Fog::Mock.random_hex(16)
|
|
|
|
end
|
|
|
|
|
|
|
|
def initialize(options={})
|
2013-07-16 09:23:38 -04:00
|
|
|
@use_iam_profile = options[:use_iam_profile]
|
|
|
|
setup_credentials(options)
|
2011-11-13 15:16:22 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def data
|
|
|
|
self.class.data[@aws_access_key_id]
|
|
|
|
end
|
|
|
|
|
|
|
|
def reset_data
|
|
|
|
self.class.data.delete(@aws_access_key_id)
|
|
|
|
end
|
2013-07-16 09:23:38 -04:00
|
|
|
|
|
|
|
def setup_credentials(options)
|
|
|
|
@aws_access_key_id = options[:aws_access_key_id]
|
|
|
|
end
|
2011-11-13 15:16:22 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
class Real
|
2013-07-16 09:23:38 -04:00
|
|
|
include Fog::AWS::CredentialFetcher::ConnectionMethods
|
2011-11-13 15:16:22 -05:00
|
|
|
# Initialize connection to STS
|
|
|
|
#
|
|
|
|
# ==== Notes
|
|
|
|
# options parameter must include values for :aws_access_key_id and
|
|
|
|
# :aws_secret_access_key in order to create a connection
|
|
|
|
#
|
|
|
|
# ==== Examples
|
|
|
|
# iam = STS.new(
|
|
|
|
# :aws_access_key_id => your_aws_access_key_id,
|
|
|
|
# :aws_secret_access_key => your_aws_secret_access_key
|
|
|
|
# )
|
|
|
|
#
|
|
|
|
# ==== Parameters
|
|
|
|
# * options<~Hash> - config arguments for connection. Defaults to {}.
|
|
|
|
#
|
|
|
|
# ==== Returns
|
|
|
|
# * STS object with connection to AWS.
|
|
|
|
def initialize(options={})
|
|
|
|
require 'fog/core/parser'
|
|
|
|
|
2013-07-16 09:23:38 -04:00
|
|
|
@use_iam_profile = options[:use_iam_profile]
|
|
|
|
setup_credentials(options)
|
2011-11-13 15:16:22 -05:00
|
|
|
@connection_options = options[:connection_options] || {}
|
2013-07-16 09:23:38 -04:00
|
|
|
|
2011-11-13 15:16:22 -05:00
|
|
|
@host = options[:host] || 'sts.amazonaws.com'
|
|
|
|
@path = options[:path] || '/'
|
|
|
|
@persistent = options[:persistent] || false
|
|
|
|
@port = options[:port] || 443
|
|
|
|
@scheme = options[:scheme] || 'https'
|
2014-02-26 19:50:35 -05:00
|
|
|
@connection = Fog::XML::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options)
|
2011-11-13 15:16:22 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def reload
|
|
|
|
@connection.reset
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2013-07-16 09:23:38 -04:00
|
|
|
def setup_credentials(options)
|
|
|
|
@aws_access_key_id = options[:aws_access_key_id]
|
|
|
|
@aws_secret_access_key = options[:aws_secret_access_key]
|
|
|
|
@aws_session_token = options[:aws_session_token]
|
|
|
|
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
|
|
|
|
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
|
|
|
|
end
|
|
|
|
|
2011-11-13 15:16:22 -05:00
|
|
|
def request(params)
|
|
|
|
idempotent = params.delete(:idempotent)
|
|
|
|
parser = params.delete(:parser)
|
|
|
|
|
|
|
|
body = Fog::AWS.signed_params(
|
|
|
|
params,
|
|
|
|
{
|
|
|
|
:aws_access_key_id => @aws_access_key_id,
|
2013-07-16 09:23:38 -04:00
|
|
|
:aws_session_token => @aws_session_token,
|
2011-11-13 15:16:22 -05:00
|
|
|
:hmac => @hmac,
|
|
|
|
:host => @host,
|
|
|
|
:path => @path,
|
|
|
|
:port => @port,
|
|
|
|
:version => '2011-06-15'
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
begin
|
2013-07-02 22:39:23 -04:00
|
|
|
@connection.request({
|
2011-11-13 15:16:22 -05:00
|
|
|
:body => body,
|
|
|
|
:expects => 200,
|
|
|
|
:idempotent => idempotent,
|
|
|
|
:headers => { 'Content-Type' => 'application/x-www-form-urlencoded' },
|
|
|
|
:method => 'POST',
|
|
|
|
:parser => parser
|
|
|
|
})
|
|
|
|
rescue Excon::Errors::HTTPStatusError => error
|
2013-07-02 22:39:23 -04:00
|
|
|
match = Fog::AWS::Errors.match_error(error)
|
|
|
|
raise if match.empty?
|
|
|
|
raise case match[:code]
|
|
|
|
when 'EntityAlreadyExists', 'KeyPairMismatch', 'LimitExceeded', 'MalformedCertificate', 'ValidationError'
|
|
|
|
Fog::AWS::STS.const_get(match[:code]).slurp(error, match[:message])
|
|
|
|
else
|
|
|
|
Fog::AWS::STS::Error.slurp(error, "#{match[:code]} => #{match[:message]}")
|
|
|
|
end
|
2011-11-13 15:16:22 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|