Class: OCI::Auth::Signers::EphemeralResourcePrincipalV21Signer

Inherits:
SecurityTokenSigner show all
Defined in:
lib/oci/auth/signers/ephemeral_resource_principal_v21_signer.rb

Overview

rubocop:disable Metrics/ClassLength, Metrics/AbcSize, Metrics/LineLength, Metrics/CyclomaticComplexity, Metrics/ParameterLists Implementation of Resource Principal v2.1.1/v2.1.2 authentication

Constant Summary

Constants inherited from BaseSigner

BaseSigner::BODY_HEADERS, BaseSigner::GENERIC_HEADERS, BaseSigner::SIGNATURE_VERSION, BaseSigner::SIGNING_STRATEGY_ENUM

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from BaseSigner

#sign

Constructor Details

#initialize(resource_principal_token_endpoint: nil, resource_principal_session_token_endpoint: nil, resource_id: nil, tenancy_id: nil, rp_version: nil, region: nil, security_context: nil, private_key: nil, private_key_passphrase: nil, resource_principal_token_path: nil) ⇒ EphemeralResourcePrincipalV21Signer

Returns a new instance of EphemeralResourcePrincipalV21Signer.



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# File 'lib/oci/auth/signers/ephemeral_resource_principal_v21_signer.rb', line 24

def initialize(resource_principal_token_endpoint: nil,
               resource_principal_session_token_endpoint: nil,
               resource_id: nil,
               tenancy_id: nil,
               rp_version: nil,
               region: nil,
               security_context: nil,
               private_key: nil,
               private_key_passphrase: nil,
               resource_principal_token_path: nil)

  validate_required_params!(
    resource_principal_token_endpoint,
    resource_principal_session_token_endpoint,
    resource_id,
    tenancy_id,
    rp_version,
    private_key
  )

  @rp_version = rp_version

  @rpt_endpoint = resource_principal_token_endpoint

  @rpst_endpoint = resource_principal_session_token_endpoint

  @resource_id = resource_id

  @region = initialize_and_return_region(region)

  @retry_strategy = OCI::Auth::Util.default_imds_retry_policy
  @tenancy_id = tenancy_id

  @security_context = security_context
  @reset_signers_lock = Mutex.new

  @resource_principal_token_path = if @rp_version == '2.1.2'
                                     build_rpt_path_for_rpv212(resource_principal_token_path, resource_id)
                                   else
                                     "/20180711/resourcePrincipalTokenV2/#{resource_id}"
                                   end

  # Set up session key supplier
  @session_key_supplier = construct_session_key_supplier(private_key,
                                                         private_key_passphrase)
  @api_client = OCI::ApiClient.new(OCI::Config.new, OCI::Auth::Signers::KeyPairSigner.new(rp_version, resource_id, tenancy_id, @session_key_supplier.key_pair[:private_key]))

  # Get initial tokens
  refresh_security_token

  super(
    @security_token.security_token,
    @session_key_supplier.key_pair[:private_key]
  )
end

Instance Attribute Details

#regionObject (readonly)

Returns the value of attribute region.



23
24
25
# File 'lib/oci/auth/signers/ephemeral_resource_principal_v21_signer.rb', line 23

def region
  @region
end

Instance Method Details

#refresh_security_tokenObject



86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# File 'lib/oci/auth/signers/ephemeral_resource_principal_v21_signer.rb', line 86

def refresh_security_token
  @reset_signers_lock.synchronize do
    begin
      # Refresh Session Keys
      @session_key_supplier.refresh

      # Get RPT and SPST
      @rpt, @spst = resource_principal_token_and_service_principal_session_token

      # Get RPST
      @security_token = OCI::Auth::SecurityTokenContainer.new(resource_principal_session_token)

      # Reset Signers
      reset_signers
      @security_token.security_token
    rescue StandardError => e
      raise "Failed to refresh security token: #{e}"
    end
  end
end

#security_tokenObject



80
81
82
83
84
# File 'lib/oci/auth/signers/ephemeral_resource_principal_v21_signer.rb', line 80

def security_token
  return @security_token.security_token if @security_token && @security_token.token_valid?

  refresh_security_token
end