class AWS::Core::CredentialProviders::EC2Provider
This credential provider tries to get credentials from the EC2
metadata service.
Constants
- FAILURES
These are the errors we trap when attempting to talk to the instance metadata service. Any of these imply the service is not present, no responding or some other non-recoverable error. @api private
Attributes
@return [Time,nil]
@return [Object,nil]
@return [Float]
@return [Float]
@return [String] Defaults to '169.254.169.254'.
@return [Integer] Defaults to port 80.
@return [Integer] Defaults to 0
Public Class Methods
@param [Hash] options @option options [String] :ip_address ('169.254.169.254') @option options [Integer] :port (80) @option options [Integer] :retries (0) Number of times to
retry retrieving credentials.
@option options [Float] :http_open_timeout (1) @option options [Float] :http_read_timeout (1) @option options [Object] :http_debug_output (nil) HTTP wire
traces are sent to this object. You can specify something like $stdout.
# File lib/aws/core/credential_providers.rb, line 364 def initialize options = {} @ip_address = options[:ip_address] || '169.254.169.254' @port = options[:port] || 80 @retries = options[:retries] || 0 @http_open_timeout = options[:http_open_timeout] || 1 @http_read_timeout = options[:http_read_timeout] || 1 @http_debug_output = options[:http_debug_output] end
Public Instance Methods
Refresh provider if existing credentials will be expired in 15 min @return [Hash] Returns a hash of credentials containg at least
the `:access_key_id` and `:secret_access_key`. The hash may also contain a `:session_token`.
@raise [Errors::MissingCredentialsError] Raised when the
`:access_key_id` or the `:secret_access_key` can not be found.
AWS::Core::CredentialProviders::Provider#credentials
# File lib/aws/core/credential_providers.rb, line 402 def credentials if @credentials_expiration && @credentials_expiration.utc <= (Time.now.utc + (15 * 60)) refresh end super end
Protected Instance Methods
Makes an HTTP Get request with the given path. If a non-200 response is received, then a FailedRequestError
is raised. a {FailedRequestError} is raised. @param [Net::HTTPSession] session @param [String] path @raise [FailedRequestError] @return [String] Returns the http response body.
# File lib/aws/core/credential_providers.rb, line 462 def get session, path response = session.request(Net::HTTP::Get.new(path)) if response.code.to_i == 200 response.body else raise FailedRequestError end end
(see Provider#get_credentials
)
# File lib/aws/core/credential_providers.rb, line 412 def get_credentials retries_left = retries begin http = Net::HTTP.new(ip_address, port, nil) http.open_timeout = http_open_timeout http.read_timeout = http_read_timeout http.set_debug_output(http_debug_output) if http_debug_output http.start # get the first/default instance profile name path = '/latest/meta-data/iam/security-credentials/' profile_name = get(http, path).lines.map(&:strip).first # get the session details from the instance profile name path << profile_name session = JSON.parse(get(http, path)) http.finish credentials = {} credentials[:access_key_id] = session['AccessKeyId'] credentials[:secret_access_key] = session['SecretAccessKey'] credentials[:session_token] = session['Token'] @credentials_expiration = Time.parse(session['Expiration']) credentials rescue *FAILURES => e if retries_left > 0 sleep_time = 2 ** (retries - retries_left) Kernel.sleep(sleep_time) retries_left -= 1 retry else {} end end end