Class: Aws::S3::AccessGrantsCredentialsProvider

Inherits:

Object

Object
Aws::S3::AccessGrantsCredentialsProvider

show all

Defined in:: gems/aws-sdk-s3/lib/aws-sdk-s3/access_grants_credentials_provider.rb

Overview

Returns Credentials class for S3 Access Grants. Accepts GetDataAccess params and other configuration as options. See Aws::S3Control::Client#get_data_access for details.

Instance Attribute Summary collapse

#s3_client ⇒ Object
Returns the value of attribute s3_client.

Instance Method Summary collapse

#access_grants_credentials_for(options = {}) ⇒ Object
#initialize(options = {}) ⇒ AccessGrantsCredentialsProvider constructor
A new instance of AccessGrantsCredentialsProvider.

Constructor Details

#initialize(options = {}) ⇒ `AccessGrantsCredentialsProvider`

Returns a new instance of AccessGrantsCredentialsProvider.

Parameters:

options (Hash) (defaults to: {})

Options Hash (options):

:s3_control_client_options (Hash) —
The S3 Control client options used to create regional S3 Control clients to create the session. Region will be set to the region of the bucket.
:sts_client (Aws::STS::Client) —
The STS client used for fetching the Account ID for the credentials if credentials do not include an Account ID.
:s3_client (Aws::S3::Client) —
The S3 client used for fetching the location of the bucket so that a regional S3 Control client can be created. Defaults to the S3 client from the access grants plugin.
:privilege (String) — default: 'Default' —
The privilege to use when requesting credentials. (see: Aws::S3Control::Client#get_data_access)
:fallback (Boolean) — default: false —
When true, if access is denied, the provider will fall back to the configured credentials.
:caching (Boolean) — default: true —
When true, credentials and bucket account ids will be cached.
:before_refresh (Callable) —
Proc called before credentials are refreshed.

# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/access_grants_credentials_provider.rb', line 42

def initialize(options = {})
  @s3_control_options = options.delete(:s3_control_client_options) || {}
  @s3_client = options.delete(:s3_client)
  @sts_client = options.delete(:sts_client)
  @fallback = options.delete(:fallback) || false
  @caching = options.delete(:caching) != false
  @s3_control_clients = {}
  @bucket_region_cache = Aws::S3.bucket_region_cache
  return unless @caching

  @credentials_cache = Aws::S3.access_grants_credentials_cache
  @account_id_cache = Aws::S3.access_grants_account_id_cache
end

Instance Attribute Details

#s3_client ⇒ `Object`

Returns the value of attribute s3_client.



77
78
79

# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/access_grants_credentials_provider.rb', line 77

def s3_client
  @s3_client
end

Instance Method Details

#access_grants_credentials_for(options = {}) ⇒ `Object`

# File 'gems/aws-sdk-s3/lib/aws-sdk-s3/access_grants_credentials_provider.rb', line 56

def access_grants_credentials_for(options = {})
  target = target_prefix(
    options[:bucket],
    options[:key],
    options[:prefix]
  )
  credentials = s3_client.config.credentials.credentials # resolves

  if @caching
    cached_credentials_for(target, options[:permission], credentials)
  else
    new_credentials_for(target, options[:permission], credentials)
  end
rescue Aws::S3Control::Errors::AccessDenied
  raise unless @fallback

  warn 'Access denied for S3 Access Grants. Falling back to ' \
       'configured credentials.'
  s3_client.config.credentials
end