Skip to content

Commit

Permalink
Merge pull request #630 from alauddinulaganathan/assume_role_support_…
Browse files Browse the repository at this point in the history 
…for_aws_eks_credentials

Assume role support for aws eks credentials
  • Loading branch information
@agrare
agrare committed Apr 2, 2024
2 parents bd763a7 + 9cea713 commit 9f95df3
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 5 deletions.
4 changes: 4 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -330,10 +330,14 @@ require 'aws-sdk-core'
credentials = Aws::Credentials.new(access_key, secret_key)
# Or a profile
credentials = Aws::SharedCredentials.new(profile_name: 'default').credentials
# Or for an STS Assumed Role Credentials or any other credential Provider other than Static Credentials
credentials = Aws::AssumeRoleCredentials.new({ client: sts_client, role_arn: role_arn, role_session_name: session_name })

# Kubeclient Auth Options
auth_options = {
bearer_token: Kubeclient::AmazonEksCredentials.token(credentials, eks_cluster_name)
}

client = Kubeclient::Client.new(
eks_cluster_https_endpoint, 'v1', auth_options: auth_options
)
Expand Down
20 changes: 15 additions & 5 deletions lib/kubeclient/aws_eks_credentials.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,21 @@ def token(credentials, eks_cluster, region: 'us-east-1')
end
# https://github.com/aws/aws-sdk-ruby/pull/1848
# Get a signer
signer = Aws::Sigv4::Signer.new(
service: 'sts',
region: region,
credentials: credentials
)
signer = if credentials.respond_to?(:credentials)
Aws::Sigv4::Signer.new(
service: 'sts',
region: region,
credentials_provider: credentials
)
else
Aws::Sigv4::Signer.new(
service: 'sts',
region: region,
credentials: credentials
)
end

credentials = credentials.credentials if credentials.respond_to?(:credentials)

# https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Sigv4/Signer.html#presign_url-instance_method
presigned_url_string = signer.presign_url(
Expand Down

0 comments on commit 9f95df3

Please sign in to comment.