Class: OCI::Auth::Signers::X509FederationClientBasedSecurityTokenSigner

Inherits:

Object
BaseSigner
SecurityTokenSigner
OCI::Auth::Signers::X509FederationClientBasedSecurityTokenSigner

show all

Defined in:: lib/oci/auth/signers/x509_federation_client_based_security_token_signer.rb

Overview

A SecurityTokenSigner where the token and private key are sourced from a provided federation_client. The token is retrieved via the client's security_token method, and the private key is retrieved by reading it from the session_key_supplier in the client.

Direct Known Subclasses

InstancePrincipalsSecurityTokenSigner

Constant Summary

Constants inherited from BaseSigner

BaseSigner::BODY_HEADERS, BaseSigner::GENERIC_HEADERS, BaseSigner::SIGNATURE_VERSION, BaseSigner::SIGNING_STRATEGY_ENUM

Instance Method Summary collapse

#initialize(federation_client, signing_strategy: OCI::BaseSigner::STANDARD, headers_to_sign_in_all_requests: OCI::BaseSigner::GENERIC_HEADERS, body_headers_to_sign: OCI::BaseSigner::BODY_HEADERS) ⇒ X509FederationClientBasedSecurityTokenSigner constructor

Creates a new X509FederationClientBasedSecurityTokenSigner.
#refresh_security_token ⇒ String

Refreshes the security token in the federation_client used by this class.
#sign(method, uri, headers, body, operation_signing_strategy = :standard) ⇒ Object

Generates the correct signature and adds it to the headers that are passed in.

Constructor Details

#initialize(federation_client, signing_strategy: OCI::BaseSigner::STANDARD, headers_to_sign_in_all_requests: OCI::BaseSigner::GENERIC_HEADERS, body_headers_to_sign: OCI::BaseSigner::BODY_HEADERS) ⇒ `X509FederationClientBasedSecurityTokenSigner`

Creates a new X509FederationClientBasedSecurityTokenSigner

Parameters:

federation_client (<OCI::Auth::FederationClient>) —

The federation client to use to request a security token
signing_strategy (String) (defaults to: OCI::BaseSigner::STANDARD) —

Whether this signer is used for Object Storage requests or not. Acceptable values are BaseSigner::STANDARD and BaseSigner::OBJECT_STORAGE. If not provided, defaults to BaseSigner::STANDARD
headers_to_sign_in_all_requests (Array<String>) (defaults to: OCI::BaseSigner::GENERIC_HEADERS) —

An array of headers which will be signed in each request. If not provided, defaults to BaseSigner::GENERIC_HEADERS
body_headers_to_sign (Array<String>) (defaults to: OCI::BaseSigner::BODY_HEADERS) —

An array of headers which should be signed on requests with bodies. If not provided, defaults to BaseSigner::BODY_HEADERS

# File 'lib/oci/auth/signers/x509_federation_client_based_security_token_signer.rb', line 22

def initialize(
  federation_client,
  signing_strategy: OCI::BaseSigner::STANDARD,
  headers_to_sign_in_all_requests: OCI::BaseSigner::GENERIC_HEADERS,
  body_headers_to_sign: OCI::BaseSigner::BODY_HEADERS
)
  @federation_client = federation_client
  @refresh_lock = Mutex.new

  super(
    federation_client.security_token,
    federation_client.session_key_supplier.key_pair[:private_key],
    signing_strategy: signing_strategy,
    headers_to_sign_in_all_requests: headers_to_sign_in_all_requests,
    body_headers_to_sign: body_headers_to_sign
  )
end

Instance Method Details

#refresh_security_token ⇒ `String`

Refreshes the security token in the federation_client used by this class

Returns:

(String) —

The new security token



42
43
44

# File 'lib/oci/auth/signers/x509_federation_client_based_security_token_signer.rb', line 42

def refresh_security_token
  @federation_client.security_token!
end

#sign(method, uri, headers, body, operation_signing_strategy = :standard) ⇒ `Object`

Generates the correct signature and adds it to the headers that are passed in. Also injects any required headers that might be missing.