fog--fog/lib/fog/aws/sts.rb

require 'fog/aws/core'

module Fog
  module AWS
    class STS < Fog::Service
      extend Fog::AWS::CredentialFetcher::ServiceMethods

      class EntityAlreadyExists < Fog::AWS::STS::Error; end
      class ValidationError < Fog::AWS::STS::Error; end

      requires :aws_access_key_id, :aws_secret_access_key
      recognizes :host, :path, :port, :scheme, :persistent, :aws_session_token, :use_iam_profile, :aws_credentials_expire_at

      request_path 'fog/aws/requests/sts'
      request :get_federation_token
      request :get_session_token
      request :assume_role

      class Mock
        def self.data
          @data ||= Hash.new do |hash, key|
            hash[key] = {
              :owner_id => Fog::AWS::Mock.owner_id,
              :server_certificates => {}
            }
          end
        end

        def self.reset
          @data = nil
        end

        def self.server_certificate_id
          Fog::Mock.random_hex(16)
        end

        def initialize(options={})
          @use_iam_profile = options[:use_iam_profile]
          setup_credentials(options)
        end

        def data
          self.class.data[@aws_access_key_id]
        end

        def reset_data
          self.class.data.delete(@aws_access_key_id)
        end

        def setup_credentials(options)
          @aws_access_key_id = options[:aws_access_key_id]
        end
      end

      class Real
        include Fog::AWS::CredentialFetcher::ConnectionMethods
        # Initialize connection to STS
        #
        # ==== Notes
        # options parameter must include values for :aws_access_key_id and
        # :aws_secret_access_key in order to create a connection
        #
        # ==== Examples
        #   iam = STS.new(
        #    :aws_access_key_id => your_aws_access_key_id,
        #    :aws_secret_access_key => your_aws_secret_access_key
        #   )
        #
        # ==== Parameters
        # * options<~Hash> - config arguments for connection.  Defaults to {}.
        #
        # ==== Returns
        # * STS object with connection to AWS.
        def initialize(options={})
          require 'fog/core/parser'

          @use_iam_profile = options[:use_iam_profile]
          setup_credentials(options)
          @connection_options     = options[:connection_options] || {}

          @host       = options[:host]        || 'sts.amazonaws.com'
          @path       = options[:path]        || '/'
          @persistent = options[:persistent]  || false
          @port       = options[:port]        || 443
          @scheme     = options[:scheme]      || 'https'
          @connection = Fog::XML::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options)
        end

        def reload
          @connection.reset
        end

        private

        def setup_credentials(options)
          @aws_access_key_id      = options[:aws_access_key_id]
          @aws_secret_access_key  = options[:aws_secret_access_key]
          @aws_session_token      = options[:aws_session_token]
          @aws_credentials_expire_at = options[:aws_credentials_expire_at]
          @hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
        end

        def request(params)
          idempotent  = params.delete(:idempotent)
          parser      = params.delete(:parser)

          body = Fog::AWS.signed_params(
            params,
            {
              :aws_access_key_id  => @aws_access_key_id,
              :aws_session_token  => @aws_session_token,
              :hmac               => @hmac,
              :host               => @host,
              :path               => @path,
              :port               => @port,
              :version            => '2011-06-15'
            }
          )

          begin
            @connection.request({
              :body       => body,
              :expects    => 200,
              :idempotent => idempotent,
              :headers    => { 'Content-Type' => 'application/x-www-form-urlencoded' },
              :method     => 'POST',
              :parser     => parser
            })
          rescue Excon::Errors::HTTPStatusError => error
            match = Fog::AWS::Errors.match_error(error)
            raise if match.empty?
            raise case match[:code]
                  when 'EntityAlreadyExists', 'KeyPairMismatch', 'LimitExceeded', 'MalformedCertificate', 'ValidationError'
                    Fog::AWS::STS.const_get(match[:code]).slurp(error, match[:message])
                  else
                    Fog::AWS::STS::Error.slurp(error, "#{match[:code]} => #{match[:message]}")
                  end
          end
        end
      end
    end
  end
end
create core for each provider. keep load hook for provider. 2014-02-01 21:13:17 -05:00			`require 'fog/aws/core'`
implement STS support add support for Federated IAM and session tokens. 2011-11-13 15:16:22 -05:00
			`module Fog`
			`module AWS`
			`class STS < Fog::Service`
[aws\|sts] Add support for the AssumeRole STS method. Also enable the ability for the STS service to use IAM profiles to grab credentials off the EC2 instance, as is in place for the other AWS services. 2013-07-16 09:23:38 -04:00			`extend Fog::AWS::CredentialFetcher::ServiceMethods`
implement STS support add support for Federated IAM and session tokens. 2011-11-13 15:16:22 -05:00
			`class EntityAlreadyExists < Fog::AWS::STS::Error; end`
			`class ValidationError < Fog::AWS::STS::Error; end`

			`requires :aws_access_key_id, :aws_secret_access_key`
[aws\|sts] Add support for the AssumeRole STS method. Also enable the ability for the STS service to use IAM profiles to grab credentials off the EC2 instance, as is in place for the other AWS services. 2013-07-16 09:23:38 -04:00			`recognizes :host, :path, :port, :scheme, :persistent, :aws_session_token, :use_iam_profile, :aws_credentials_expire_at`
implement STS support add support for Federated IAM and session tokens. 2011-11-13 15:16:22 -05:00
			`request_path 'fog/aws/requests/sts'`
			`request :get_federation_token`
			`request :get_session_token`
[aws\|sts] Add support for the AssumeRole STS method. Also enable the ability for the STS service to use IAM profiles to grab credentials off the EC2 instance, as is in place for the other AWS services. 2013-07-16 09:23:38 -04:00			`request :assume_role`
implement STS support add support for Federated IAM and session tokens. 2011-11-13 15:16:22 -05:00
			`class Mock`
			`def self.data`
			`@data \|\|= Hash.new do \|hash, key\|`
			`hash[key] = {`
			`:owner_id => Fog::AWS::Mock.owner_id,`
			`:server_certificates => {}`
			`}`
			`end`
			`end`

			`def self.reset`
			`@data = nil`
			`end`

			`def self.server_certificate_id`
			`Fog::Mock.random_hex(16)`
			`end`

			`def initialize(options={})`
[aws\|sts] Add support for the AssumeRole STS method. Also enable the ability for the STS service to use IAM profiles to grab credentials off the EC2 instance, as is in place for the other AWS services. 2013-07-16 09:23:38 -04:00			`@use_iam_profile = options[:use_iam_profile]`
			`setup_credentials(options)`
implement STS support add support for Federated IAM and session tokens. 2011-11-13 15:16:22 -05:00			`end`

			`def data`
			`self.class.data[@aws_access_key_id]`
			`end`

			`def reset_data`
			`self.class.data.delete(@aws_access_key_id)`
			`end`
[aws\|sts] Add support for the AssumeRole STS method. Also enable the ability for the STS service to use IAM profiles to grab credentials off the EC2 instance, as is in place for the other AWS services. 2013-07-16 09:23:38 -04:00
			`def setup_credentials(options)`
			`@aws_access_key_id = options[:aws_access_key_id]`
			`end`
implement STS support add support for Federated IAM and session tokens. 2011-11-13 15:16:22 -05:00			`end`

			`class Real`
[aws\|sts] Add support for the AssumeRole STS method. Also enable the ability for the STS service to use IAM profiles to grab credentials off the EC2 instance, as is in place for the other AWS services. 2013-07-16 09:23:38 -04:00			`include Fog::AWS::CredentialFetcher::ConnectionMethods`
implement STS support add support for Federated IAM and session tokens. 2011-11-13 15:16:22 -05:00			`# Initialize connection to STS`
			`#`
			`# ==== Notes`
			`# options parameter must include values for :aws_access_key_id and`
			`# :aws_secret_access_key in order to create a connection`
			`#`
			`# ==== Examples`
			`# iam = STS.new(`
			`# :aws_access_key_id => your_aws_access_key_id,`
			`# :aws_secret_access_key => your_aws_secret_access_key`
			`# )`
			`#`
			`# ==== Parameters`
			`# * options<~Hash> - config arguments for connection. Defaults to {}.`
			`#`
			`# ==== Returns`
			`# * STS object with connection to AWS.`
			`def initialize(options={})`
			`require 'fog/core/parser'`

[aws\|sts] Add support for the AssumeRole STS method. Also enable the ability for the STS service to use IAM profiles to grab credentials off the EC2 instance, as is in place for the other AWS services. 2013-07-16 09:23:38 -04:00			`@use_iam_profile = options[:use_iam_profile]`
			`setup_credentials(options)`
implement STS support add support for Federated IAM and session tokens. 2011-11-13 15:16:22 -05:00			`@connection_options = options[:connection_options] \|\| {}`
[aws\|sts] Add support for the AssumeRole STS method. Also enable the ability for the STS service to use IAM profiles to grab credentials off the EC2 instance, as is in place for the other AWS services. 2013-07-16 09:23:38 -04:00
implement STS support add support for Federated IAM and session tokens. 2011-11-13 15:16:22 -05:00			`@host = options[:host] \|\| 'sts.amazonaws.com'`
			`@path = options[:path] \|\| '/'`
			`@persistent = options[:persistent] \|\| false`
			`@port = options[:port] \|\| 443`
			`@scheme = options[:scheme] \|\| 'https'`
[GH-2711] Replace Fog::Connection with XML shim Unlike last attempt this replaces Fog::Connection with Fog::XML::Connection which should be directly compatible. Fog::Connection is there for old PRs but should be removed real soon. Providers using JSON should be able to replace "XML" with "Core" within their code to cut down on the dependency. If I get the time I may attempt to clean up some but testing with Mock will mean that is mostly educated guesswork. 2014-02-26 19:50:35 -05:00			`@connection = Fog::XML::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options)`
implement STS support add support for Federated IAM and session tokens. 2011-11-13 15:16:22 -05:00			`end`

			`def reload`
			`@connection.reset`
			`end`

			`private`

[aws\|sts] Add support for the AssumeRole STS method. Also enable the ability for the STS service to use IAM profiles to grab credentials off the EC2 instance, as is in place for the other AWS services. 2013-07-16 09:23:38 -04:00			`def setup_credentials(options)`
			`@aws_access_key_id = options[:aws_access_key_id]`
			`@aws_secret_access_key = options[:aws_secret_access_key]`
			`@aws_session_token = options[:aws_session_token]`
			`@aws_credentials_expire_at = options[:aws_credentials_expire_at]`
			`@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)`
			`end`

implement STS support add support for Federated IAM and session tokens. 2011-11-13 15:16:22 -05:00			`def request(params)`
			`idempotent = params.delete(:idempotent)`
			`parser = params.delete(:parser)`

			`body = Fog::AWS.signed_params(`
			`params,`
			`{`
			`:aws_access_key_id => @aws_access_key_id,`
[aws\|sts] Add support for the AssumeRole STS method. Also enable the ability for the STS service to use IAM profiles to grab credentials off the EC2 instance, as is in place for the other AWS services. 2013-07-16 09:23:38 -04:00			`:aws_session_token => @aws_session_token,`
implement STS support add support for Federated IAM and session tokens. 2011-11-13 15:16:22 -05:00			`:hmac => @hmac,`
			`:host => @host,`
			`:path => @path,`
			`:port => @port,`
			`:version => '2011-06-15'`
			`}`
			`)`

			`begin`
Refactor error handling Match against the error object in both the old (against error.message) and the new (against error.response.body); return a hash from this method. In the rescue block, try hard to raise an exception that includes the code and message extracted from the error. 2013-07-02 22:39:23 -04:00			`@connection.request({`
implement STS support add support for Federated IAM and session tokens. 2011-11-13 15:16:22 -05:00			`:body => body,`
			`:expects => 200,`
			`:idempotent => idempotent,`
			`:headers => { 'Content-Type' => 'application/x-www-form-urlencoded' },`
			`:method => 'POST',`
			`:parser => parser`
			`})`
			`rescue Excon::Errors::HTTPStatusError => error`
Refactor error handling Match against the error object in both the old (against error.message) and the new (against error.response.body); return a hash from this method. In the rescue block, try hard to raise an exception that includes the code and message extracted from the error. 2013-07-02 22:39:23 -04:00			`match = Fog::AWS::Errors.match_error(error)`
			`raise if match.empty?`
			`raise case match[:code]`
			`when 'EntityAlreadyExists', 'KeyPairMismatch', 'LimitExceeded', 'MalformedCertificate', 'ValidationError'`
			`Fog::AWS::STS.const_get(match[:code]).slurp(error, match[:message])`
			`else`
			`Fog::AWS::STS::Error.slurp(error, "#{match[:code]} => #{match[:message]}")`
			`end`
implement STS support add support for Federated IAM and session tokens. 2011-11-13 15:16:22 -05:00			`end`
			`end`
			`end`
			`end`
			`end`
			`end`