Class: OCI::Auth::Signers::ResourcePrincipalsFederationSigner
- Inherits:
-
SecurityTokenSigner
- Object
- BaseSigner
- SecurityTokenSigner
- OCI::Auth::Signers::ResourcePrincipalsFederationSigner
- Defined in:
- lib/oci/auth/signers/resource_principals_federation_signer.rb
Overview
rp federation signer
Constant Summary
Constants inherited from BaseSigner
BaseSigner::BODY_HEADERS, BaseSigner::GENERIC_HEADERS, BaseSigner::SIGNATURE_VERSION, BaseSigner::SIGNING_STRATEGY_ENUM
Instance Attribute Summary collapse
-
#region ⇒ Object
readonly
Returns the value of attribute region.
Instance Method Summary collapse
-
#initialize(rp_token_endpoint: nil, rp_session_endpoint: nil, rp_token_path_provider: nil, retry_config: nil, log_requests: nil) ⇒ ResourcePrincipalsFederationSigner
constructor
Creates a new ResourcePrincipalSigner.
-
#make_call(method, resource_path, endpoint, header_params = nil, body = nil) ⇒ Object
rubocop:enable Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/ClassLength, Metrics/LineLength, Layout/EmptyLines.
- #refresh_security_token ⇒ Object
-
#resource_principal_session_token ⇒ Object
rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity, Layout/EmptyLines.
- #resource_principal_token_and_service_principal_session_token(rp_token_path_provider) ⇒ Object
-
#security_token ⇒ Object
rubocop:enable Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity, Layout/EmptyLines.
Methods inherited from BaseSigner
Constructor Details
#initialize(rp_token_endpoint: nil, rp_session_endpoint: nil, rp_token_path_provider: nil, retry_config: nil, log_requests: nil) ⇒ ResourcePrincipalsFederationSigner
Creates a new ResourcePrincipalSigner
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
# File 'lib/oci/auth/signers/resource_principals_federation_signer.rb', line 19 def initialize( rp_token_endpoint: nil, rp_session_endpoint: nil, rp_token_path_provider: nil, retry_config: nil, log_requests: nil ) @refresh_lock = Mutex.new raise 'Missing resource principals token endpoint when initializing resource principals signer' if rp_token_endpoint.nil? @rp_token_endpoint = rp_token_endpoint @instance_principal_signer = OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner.new @session_key_supplier = OCI::Auth::SessionKeySupplier.new @region = @instance_principal_signer.region = OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner::METADATA_URL_BASE @rp_token_path_provider = rp_token_path_provider || OCI::Auth::Signers::RptPathProvider::DefaultRptPathProvider.new(metadata_url: ) @rp_session_endpoint = rp_session_endpoint || OCI::Regions.get_service_endpoint(@region, :Auth) # set up retry policy @retry_config = if !retry_config.nil? retry_config else OCI::Retry::RetryConfig.new( base_sleep_time_millis: 500, exponential_growth_factor: 2, should_retry_exception_proc: OCI::Retry::Functions::ShouldRetryOnError.retry_on_network_error_throttle_and_internal_server_errors, sleep_calc_millis_proc: OCI::Retry::Functions::Sleep.exponential_backoff_with_equal_jitter, max_attempts: 5, max_elapsed_time_millis: 300_000, max_sleep_between_attempts_millis: 10_000 ) end @rpt = nil @spst = nil config = OCI::Config.new config.log_requests = log_requests if log_requests @api_client = OCI::ApiClient.new(config, @instance_principal_signer) # Get the Resource Principal Session Token and use it to set up the signer @rpst = security_token super(@rpst, @session_key_supplier.key_pair[:private_key]) end |
Instance Attribute Details
#region ⇒ Object (readonly)
Returns the value of attribute region.
16 17 18 |
# File 'lib/oci/auth/signers/resource_principals_federation_signer.rb', line 16 def region @region end |
Instance Method Details
#make_call(method, resource_path, endpoint, header_params = nil, body = nil) ⇒ Object
rubocop:enable Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/ClassLength, Metrics/LineLength, Layout/EmptyLines
122 123 124 125 126 127 128 129 130 131 132 133 134 |
# File 'lib/oci/auth/signers/resource_principals_federation_signer.rb', line 122 def make_call(method, resource_path, endpoint, header_params = nil, body = nil) OCI::Retry.(@retry_config) do @api_client.call_api( method, resource_path, endpoint, operation_signing_strategy: :standard, return_type: 'Stream', header_params: header_params, body: @api_client.object_to_http_body(body) ) end end |
#refresh_security_token ⇒ Object
73 74 75 76 77 78 79 80 81 82 83 |
# File 'lib/oci/auth/signers/resource_principals_federation_signer.rb', line 73 def refresh_security_token @refresh_lock.lock @session_key_supplier.refresh @instance_principal_signer.refresh_security_token # Get RPT blob, Service Principal Session Token from service, Steps A.1 and B.1 @rpt, @spst = resource_principal_token_and_service_principal_session_token(@rp_token_path_provider) # Get RPST token from itentity, steps A.2 and B.2 @security_token = OCI::Auth::SecurityTokenContainer.new(resource_principal_session_token) ensure @refresh_lock.unlock if @refresh_lock.locked? && @refresh_lock.owned? end |
#resource_principal_session_token ⇒ Object
rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity, Layout/EmptyLines
99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 |
# File 'lib/oci/auth/signers/resource_principals_federation_signer.rb', line 99 def resource_principal_session_token method = :POST resource_path = URI('/v1/resourcePrincipalSessionToken') public_key = @session_key_supplier.key_pair[:public_key] sanitized_public_key = OCI::Auth::Util.sanitize_certificate_string(public_key.to_pem) request_payload = { 'resourcePrincipalToken': @rpt, 'servicePrincipalSessionToken': @spst, 'sessionPublicKey': sanitized_public_key } header_params = {} header_params[:accept] = 'application/json' header_params[:'content-type'] = 'application/json' response = make_call(method, resource_path, @rp_session_endpoint, header_params, request_payload) parsed_response = JSON.parse(response.data) raise 'Failed to get Resource Principal Session Token' if parsed_response['token'].nil? parsed_response['token'] end |
#resource_principal_token_and_service_principal_session_token(rp_token_path_provider) ⇒ Object
85 86 87 88 89 90 91 92 93 94 95 |
# File 'lib/oci/auth/signers/resource_principals_federation_signer.rb', line 85 def resource_principal_token_and_service_principal_session_token(rp_token_path_provider) method = :GET resource_path = rp_token_path_provider.token_path response = make_call(method, resource_path, @rp_token_endpoint) parsed_response = JSON.parse(response.data) if parsed_response['resourcePrincipalToken'].nil? || parsed_response['servicePrincipalSessionToken'].nil? raise 'Failed to get Resource Principal Token or Service Principal Session Token' end [parsed_response['resourcePrincipalToken'], parsed_response['servicePrincipalSessionToken']] end |
#security_token ⇒ Object
rubocop:enable Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity, Layout/EmptyLines
65 66 67 68 69 70 71 |
# File 'lib/oci/auth/signers/resource_principals_federation_signer.rb', line 65 def security_token if defined? @security_token return @security_token.security_token if @security_token.token_valid? end refresh_security_token @security_token.security_token end |