File Coverage

blib/lib/Paws/Credential/InstanceProfile.pm

Criterion	Covered	Total	%
statement	38	38	100.0
branch	8	10	80.0
condition			n/a
subroutine	9	9	100.0
pod	0	3	0.0
total	55	60	91.6

line	stmt	bran	sub	pod	time	code
1						package Paws::Credential::InstanceProfile;
2	1		1		58075	use JSON::MaybeXS;
	1				40
	1				76
3	1		1		6	use Moose;
	1				2
	1				9
4	1		1		133866	use DateTime::Format::ISO8601;
	1				854634
	1				106
5						with 'Paws::Credential';
6
7						has metadata_url => (
8						is => 'ro',
9						isa => 'Str',
10						default => 'http://169.254.169.254/latest/meta-data/iam/security-credentials/'
11						);
12
13						has timeout => (is => 'ro', isa => 'Int', default => 1);
14
15						has ua => (
16						is => 'ro',
17						lazy => 1,
18						default => sub {
19						my $self = shift;
20	1		1		704	use HTTP::Tiny;
	1				30214
	1				256
21						HTTP::Tiny->new(
22						agent => 'AWS Perl SDK',
23						timeout => $self->timeout,
24						);
25						}
26						);
27
28						has expiration => (
29						is => 'rw',
30						isa => 'Int',
31						default => sub { 0 }
32						);
33
34						has actual_creds => (is => 'rw', default => sub { {} });
35
36						sub access_key {
37	4		4	0	874	my $self = shift;
38	4				50	$self->_refresh;
39	3				312	$self->actual_creds->{AccessKeyId};
40						}
41
42						sub secret_key {
43	2		2	0	5	my $self = shift;
44	2				7	$self->_refresh;
45	2				49	$self->actual_creds->{SecretAccessKey};
46						}
47
48						sub session_token {
49	2		2	0	6	my $self = shift;
50	2				8	$self->_refresh;
51	2				50	$self->actual_creds->{Token};
52						}
53
54						#TODO: Raise exceptions if HTTP get didn't return success
55						sub _refresh {
56	8		8		24	my $self = shift;
57
58	8	100			373	return if $self->expiration >= time;
59
60	4				167	my $ua = $self->ua;
61	4				181	my $r = $ua->get($self->metadata_url);
62	4	50			96	return unless $r->{success};
63	4	100			21	return unless $r->{content};
64
65	3				125	$r = $ua->get($self->metadata_url . $r->{content});
66	3	50			3560	return unless $r->{success};
67
68	3				11	my $json = eval { decode_json($r->{content}) };
	3				63
69	3	100			169	if ($@) { die "Error in JSON from metadata URL" }
	1				18
70
71	2				72	$self->actual_creds($json);
72	2				23	$self->expiration(DateTime::Format::ISO8601->parse_datetime($json->{Expiration})->epoch);
73						}
74
75	1		1		9	no Moose;
	1				2
	1				8
76						1;
77						### main pod documentation begin ###
78
79						=encoding UTF-8
80
81						=head1 NAME
82
83						Paws::Credential::InstanceProfile
84
85						=head1 SYNOPSIS
86
87						use Paws::Credential::InstanceProfile;
88
89						my $paws = Paws->new(config => {
90						credentials => Paws::Credential::InstanceProfile->new(
91						metadata_url => 'http://localhost:8000/security-credentials',
92						timeout => 5,
93						)
94						});
95
96						=head1 DESCRIPTION
97
98						The InstanceProfile credential provider is used to call retrieve AWS credentials from instances running on AWS
99
100						When running on an instance in AWS, if said instance has a Role attached to it (also named InstanceProfile), Paws
101						can retrieve short-term credentials (and refresh them when needed) from the AWS provided "metadata service".
102
103						=head2 metadata_url: Str
104
105						The section in the ini file where credentials will be looked up:
106
107						=head2 timetout: Int
108
109						Number of seconds to wait before timinig out a connection to the metadata service. It defaults to 1 second, as
110						the metadata service is almost local, and very fast responding. Note that if set too high, and the metadata
111						service is not present (not running on an AWS instance), the connection has to time out
112
113						=head2 ua
114
115						A user agent that has a C<get> method. Defaults to HTTP::Tiny
116
117						=cut