lib/awsecrets.rb in awsecrets-1.11.0 vs lib/awsecrets.rb in awsecrets-1.12.0
- old
+ new
@@ -1,9 +1,10 @@
require 'awsecrets/version'
require 'optparse'
require 'aws-sdk'
require 'aws_config'
+require 'net/http'
require 'yaml'
module Awsecrets
def self.load(profile: nil, region: nil, secrets_path: nil)
@profile = profile
@@ -83,20 +84,21 @@
end
def self.load_config
@region ||= if AWSConfig[@profile] && AWSConfig[@profile]['region']
AWSConfig[@profile]['region']
- else
+ elsif AWSConfig['default']
AWSConfig['default']['region']
end
@role_arn ||= AWSConfig[@profile]['role_arn'] if AWSConfig[@profile]
@role_session_name ||= AWSConfig[@profile]['role_session_name'] if AWSConfig[@profile]
@source_profile ||= AWSConfig[@profile]['source_profile'] if AWSConfig[@profile]
end
def self.set_aws_config
+ @region ||= self.current_region
Aws.config[:region] = @region
if @role_arn && @source_profile
@role_session_name ||= generate_session_name
region = if AWSConfig[@source_profile.name] && AWSConfig[@source_profile.name]['region']
@@ -114,15 +116,22 @@
role_session_name: @role_session_name
)
end
@credentials ||= Aws::SharedCredentials.new(profile_name: @profile) if @profile
- @credentials ||= Aws::SharedCredentials.new(profile_name: 'default') unless @access_key_id
- @credentials ||= Aws::Credentials.new(@access_key_id, @secret_access_key, @session_token)
+ @credentials ||= Aws::SharedCredentials.new(profile_name: 'default') if AWSConfig['default'] && !@access_key_id
+ @credentials ||= Aws::Credentials.new(@access_key_id, @secret_access_key, @session_token) if @access_key_id
+ @credentials ||= Aws::InstanceProfileCredentials.new
Aws.config[:credentials] = @credentials
end
def self.generate_session_name
"awsecrets-session-#{Time.now.to_i}"
+ end
+
+ def self.current_region
+ metadata_endpoint = 'http://169.254.169.254/latest/meta-data/'
+ az = Net::HTTP.get(URI.parse(metadata_endpoint + 'placement/availability-zone'))
+ az[0...-1]
end
end