Class: OCI::Auth::Signers::InstancePrincipalsDelegationTokenSigner

Inherits:

InstancePrincipalsSecurityTokenSigner

• Object
• BaseSigner
• SecurityTokenSigner
• X509FederationClientBasedSecurityTokenSigner
• InstancePrincipalsSecurityTokenSigner
• OCI::Auth::Signers::InstancePrincipalsDelegationTokenSigner

Defined in:

lib/oci/auth/signers/instance_principals_delegation_token_signer.rb

Overview

InstancePrincipalsDelegationTokenSigner extends the functionality of InstancePrincipalsSecurityTokenSigner. A delegation token allows the instance to assume the privileges of the user for which the token was created.

Constant Summary

HEADERS_TO_SIGN =

%i[date (request-target) host opc-obo-token].freeze

Constants inherited from InstancePrincipalsSecurityTokenSigner

OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner::GET_REGION_INFO_URL, OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner::GET_REGION_URL, OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner::INTERMEDIATE_CERTIFICATE_URL, OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner::LEAF_CERTIFICATE_PRIVATE_KEY_URL, OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner::LEAF_CERTIFICATE_URL, OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner::METADATA_URL_BASE

Constants inherited from BaseSigner

BaseSigner::BODY_HEADERS, BaseSigner::GENERIC_HEADERS, BaseSigner::SIGNATURE_VERSION, BaseSigner::SIGNING_STRATEGY_ENUM

Instance Attribute Summary

Attributes inherited from InstancePrincipalsSecurityTokenSigner

#region

Instance Method Summary

• #initialize(delegation_token, federation_endpoint: nil, federation_client_cert_bundle: nil, signing_strategy: OCI::BaseSigner::STANDARD, body_headers_to_sign: OCI::BaseSigner::BODY_HEADERS, additional_auth_params: {}) ⇒ InstancePrincipalsDelegationTokenSigner constructor

  Creates a new InstancePrincipalsDelegationTokenSigner.

• #sign(method, uri, headers, body, operation_signing_strategy = :standard) ⇒ Object

  Add opc-obo-token to request header.

Methods inherited from X509FederationClientBasedSecurityTokenSigner

#refresh_security_token

Constructor Details

#initialize(delegation_token, federation_endpoint: nil, federation_client_cert_bundle: nil, signing_strategy: OCI::BaseSigner::STANDARD, body_headers_to_sign: OCI::BaseSigner::BODY_HEADERS, additional_auth_params: {}) ⇒ InstancePrincipalsDelegationTokenSigner

Creates a new InstancePrincipalsDelegationTokenSigner

Parameters:

• delegation_token (String) —

  This token allows an instance to assume the privileges of a specific user and act on-behalf-of that user.

• federation_client_cert_bundle (String) (defaults to: nil) —

  The full file path to a custom certificate bundle which can be used for SSL verification against the federation_endpoint. If not provided (e.g. because a custom bundle is not needed), defaults to nil

• signing_strategy (String) (defaults to: OCI::BaseSigner::STANDARD) —

  Whether this signer is used for Object Storage requests or not. Acceptable values are BaseSigner::STANDARD and BaseSigner::OBJECT_STORAGE. If not provided, defaults to BaseSigner::STANDARD

• body_headers_to_sign (Array<String>) (defaults to: OCI::BaseSigner::BODY_HEADERS) —

  An array of headers which should be signed on requests with bodies. If not provided, defaults to BaseSigner::BODY_HEADERS

• additional_auth_params (Hash<String>) (defaults to: {}) —

  Additional parameters for the federation client to pass as part of the Auth Service request. If not provided, defaults to an empty hash

# File 'lib/oci/auth/signers/instance_principals_delegation_token_signer.rb', line 37

def initialize(delegation_token,
               federation_endpoint: nil,
               federation_client_cert_bundle: nil,
               signing_strategy: OCI::BaseSigner::STANDARD,
               body_headers_to_sign: OCI::BaseSigner::BODY_HEADERS,
               additional_auth_params: {})
  raise 'Delegation Token not exist' if delegation_token.nil?

  @delegation_token = delegation_token
  super(federation_endpoint: federation_endpoint,
        federation_client_cert_bundle: federation_client_cert_bundle,
        signing_strategy: signing_strategy,
        headers_to_sign_in_all_requests: HEADERS_TO_SIGN,
        body_headers_to_sign: body_headers_to_sign,
        additional_auth_params: additional_auth_params)
end

Instance Method Details

#sign(method, uri, headers, body, operation_signing_strategy = :standard) ⇒ Object

Add opc-obo-token to request header

# File 'lib/oci/auth/signers/instance_principals_delegation_token_signer.rb', line 55

def sign(method, uri, headers, body, operation_signing_strategy = :standard)
  headers[:'opc-obo-token'] = @delegation_token
  super(method, uri, headers, body, operation_signing_strategy)
end