lib/awsecrets.rb in awsecrets-1.8.0 vs lib/awsecrets.rb in awsecrets-1.9.0
- old
+ new
@@ -65,11 +65,12 @@
@access_key_id ||= creds['aws_access_key_id']
@secret_access_key ||= creds['aws_secret_access_key']
@session_token ||= creds['aws_session_token'] if creds.include?('aws_session_token')
@role_arn ||= creds['role_arn'] if creds.include?('role_arn')
@role_session_name ||= creds['role_session_name'] if creds.include?('role_session_name')
- return unless @role_arn && @role_session_name
+ return unless @role_arn
+ @role_session_name ||= generate_session_name
@credentials ||= Aws::AssumeRoleCredentials.new(
client: Aws::STS::Client.new(
region: @region,
credentials: Aws::SharedCredentials.new(
region: @region,
@@ -98,11 +99,12 @@
end
def self.set_aws_config
Aws.config[:region] = @region
- if @role_arn && @role_session_name && @source_profile
+ if @role_arn && @source_profile
+ @role_session_name ||= generate_session_name
region = if AWSConfig[@source_profile.name] && AWSConfig[@source_profile.name]['region']
AWSConfig[@source_profile.name]['region']
else
AWSConfig['default']['region']
end
@@ -120,7 +122,11 @@
@credentials ||= Aws::SharedCredentials.new(profile_name: @profile) if @profile
@credentials ||= Aws::SharedCredentials.new(profile_name: 'default') unless @access_key_id
@credentials ||= Aws::Credentials.new(@access_key_id, @secret_access_key, @session_token)
Aws.config[:credentials] = @credentials
+ end
+
+ def self.generate_session_name
+ "awsecrets-session-#{Time.now.to_i}"
end
end