Class: Mongo::Crypt::KMS::AWS::Credentials Private

Inherits:
Object
  • Object
show all
Extended by:
Forwardable
Includes:
Validations
Defined in:
lib/mongo/crypt/kms/aws/credentials.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

AWS KMS Credentials object contains credentials for using AWS KMS provider.

Constant Summary collapse

FORMAT_HINT =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future. 

'AWS KMS provider options must be in the format: ' +
"{ access_key_id: 'YOUR-ACCESS-KEY-ID', secret_access_key: 'SECRET-ACCESS-KEY' }"

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Validations

#validate_param, validate_tls_options

Constructor Details

#initialize(opts) ⇒ Credentials

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Creates an AWS KMS credentials object form a parameters hash.

Parameters:

  • opts (Hash)

    A hash that contains credentials for AWS KMS provider

Options Hash (opts):

  • :access_key_id (String)

    AWS access key id.

  • :secret_access_key (String)

    AWS secret access key.

  • :session_token (String | nil)

    AWS session token, optional.

Raises:

  • (ArgumentError)

    If required options are missing or incorrectly formatted.



53
54
55
56
57
58
59
60
 
# File 'lib/mongo/crypt/kms/aws/credentials.rb', line 53

def initialize(opts)
  @opts = opts
  return if empty?

  @access_key_id = validate_param(:access_key_id, opts, FORMAT_HINT)
  @secret_access_key = validate_param(:secret_access_key, opts, FORMAT_HINT)
  @session_token = validate_param(:session_token, opts, FORMAT_HINT, required: false)
end

Instance Attribute Details

#access_key_idString (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns AWS access key.

Returns:

  • (String)

    AWS access key.



29
30
31
 
# File 'lib/mongo/crypt/kms/aws/credentials.rb', line 29

def access_key_id
  @access_key_id
end

#secret_access_keyString (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns AWS secret access key.

Returns:

  • (String)

    AWS secret access key.



32
33
34
 
# File 'lib/mongo/crypt/kms/aws/credentials.rb', line 32

def secret_access_key
  @secret_access_key
end

#session_tokenString | nil (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns AWS session token.

Returns:

  • (String | nil)

    AWS session token.



35
36
37
 
# File 'lib/mongo/crypt/kms/aws/credentials.rb', line 35

def session_token
  @session_token
end

Instance Method Details

#to_documentBSON::Document

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Convert credentials object to a BSON document in libmongocrypt format.

Returns:

  • (BSON::Document)

    AWS KMS credentials in libmongocrypt format.



65
66
67
68
69
70
71
72
73
74
 
# File 'lib/mongo/crypt/kms/aws/credentials.rb', line 65

def to_document
  return BSON::Document.new if empty?

  BSON::Document.new({
                       accessKeyId: access_key_id,
                       secretAccessKey: secret_access_key,
                     }).tap do |bson|
    bson.update({ sessionToken: session_token }) unless session_token.nil?
  end
end