pg-aws_rds_iam 0.6.1 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -1
- data/lib/pg/aws_rds_iam/auth_token.rb +39 -0
- data/lib/pg/aws_rds_iam/auth_token_generator.rb +24 -1
- data/lib/pg/aws_rds_iam/version.rb +1 -1
- data/lib/pg/aws_rds_iam.rb +1 -0
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: abc5ffd5784f5ad5c2fc33e510cd99d9f02ad9a0cf6a231427abf2b8593dbdf2
|
|
4
|
+
data.tar.gz: 6552886d708ea4a2e819d4cb6fa6db9d1c59eec9dffeb09b1a38d135bbde1da1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5d1c3a0f5d0e292ec0199ed8e420644cc1574ef80b2fbf2b71a0c9b8656e6f757aeb575cc0198c47dbdb92b1013e46c61ab5428d142cca650d35063ea2c2a7ad
|
|
7
|
+
data.tar.gz: 629e158616fc8319beb73ea54010bee5f6eb41adc30fecaf9ff0480aa693706b026572cb72597a62bd7b4fd765a83d831687f8ee9da7385b4c5e92bbd95b6295
|
data/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
|
8
8
|
|
|
9
9
|
No notable changes.
|
|
10
10
|
|
|
11
|
+
## [0.7.0] - 2024-12-04
|
|
12
|
+
|
|
13
|
+
### Changed
|
|
14
|
+
* Reuse tokens ([#690](https://github.com/haines/pg-aws_rds_iam/pull/690))
|
|
15
|
+
|
|
16
|
+
## [0.6.2] - 2024-11-12
|
|
17
|
+
|
|
18
|
+
### Changed
|
|
19
|
+
* Fix broken link in changelog ([#687](https://github.com/haines/pg-aws_rds_iam/pull/687))
|
|
20
|
+
|
|
11
21
|
## [0.6.1] - 2024-11-12
|
|
12
22
|
|
|
13
23
|
### Changed
|
|
@@ -91,7 +101,10 @@ No notable changes.
|
|
|
91
101
|
* A plugin for the [`pg` gem](https://rubygems.org/gems/pg) that adds support for [IAM authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) when connecting to PostgreSQL databases hosted in Amazon RDS. ([#1](https://github.com/haines/pg-aws_rds_iam/pull/1))
|
|
92
102
|
* ActiveRecord support. ([#3](https://github.com/haines/pg-aws_rds_iam/pull/3))
|
|
93
103
|
|
|
94
|
-
[Unreleased]: https://github.com/haines/pg-aws_rds_iam/compare/v0.
|
|
104
|
+
[Unreleased]: https://github.com/haines/pg-aws_rds_iam/compare/v0.7.0...HEAD
|
|
105
|
+
[0.7.0]: https://github.com/haines/pg-aws_rds_iam/compare/v0.6.2...v0.7.0
|
|
106
|
+
[0.6.2]: https://github.com/haines/pg-aws_rds_iam/compare/v0.6.1...v0.6.2
|
|
107
|
+
[0.6.1]: https://github.com/haines/pg-aws_rds_iam/compare/v0.6.0...v0.6.1
|
|
95
108
|
[0.6.0]: https://github.com/haines/pg-aws_rds_iam/compare/v0.5.0...v0.6.0
|
|
96
109
|
[0.5.0]: https://github.com/haines/pg-aws_rds_iam/compare/v0.4.2...v0.5.0
|
|
97
110
|
[0.4.2]: https://github.com/haines/pg-aws_rds_iam/compare/v0.4.1...v0.4.2
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PG
|
|
4
|
+
module AWS_RDS_IAM
|
|
5
|
+
class AuthToken
|
|
6
|
+
def initialize(token)
|
|
7
|
+
@token = token
|
|
8
|
+
@generated_at = now
|
|
9
|
+
@expiry = parse_expiry || 900
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def valid?
|
|
13
|
+
(now - @generated_at) < (@expiry - 60)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def to_str
|
|
17
|
+
@token
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
private
|
|
21
|
+
|
|
22
|
+
def now
|
|
23
|
+
Process.clock_gettime(Process::CLOCK_MONOTONIC)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def parse_expiry
|
|
27
|
+
URI
|
|
28
|
+
.decode_www_form(URI.parse("https://#{@token}").query)
|
|
29
|
+
.lazy
|
|
30
|
+
.filter_map { |(key, value)| Integer(value, 10) if key.downcase == "x-amz-expires" }
|
|
31
|
+
.first
|
|
32
|
+
rescue StandardError
|
|
33
|
+
nil
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
private_constant :AuthToken
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -13,16 +13,39 @@ module PG
|
|
|
13
13
|
def initialize(credentials:, region:)
|
|
14
14
|
@generator = Aws::RDS::AuthTokenGenerator.new(credentials:)
|
|
15
15
|
@region = region
|
|
16
|
+
@mutex = Mutex.new
|
|
17
|
+
@cache = {}
|
|
16
18
|
end
|
|
17
19
|
|
|
18
20
|
# Generates an authentication token for connecting to an Amazon RDS instance.
|
|
21
|
+
# Generated tokens are cached and reused until 1 minute before they are due to expire.
|
|
19
22
|
#
|
|
20
23
|
# @param host [String] the host name of the RDS instance that you want to access
|
|
21
24
|
# @param port [String] the port number used for connecting to your RDS instance
|
|
22
25
|
# @param user [String] the database account that you want to access
|
|
23
26
|
# @return [String] the generated authentication token
|
|
24
27
|
def call(host:, port:, user:)
|
|
25
|
-
|
|
28
|
+
endpoint = "#{host}:#{port}"
|
|
29
|
+
key = "#{user}@#{endpoint}"
|
|
30
|
+
|
|
31
|
+
token = cached_token(key)
|
|
32
|
+
return token if token
|
|
33
|
+
|
|
34
|
+
@mutex.synchronize do
|
|
35
|
+
token = cached_token(key)
|
|
36
|
+
break token if token
|
|
37
|
+
|
|
38
|
+
@generator.auth_token(region: @region, endpoint:, user_name: user).tap do |new_token|
|
|
39
|
+
@cache[key] = AuthToken.new(new_token)
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
private
|
|
45
|
+
|
|
46
|
+
def cached_token(key)
|
|
47
|
+
token = @cache[key]
|
|
48
|
+
token.to_str if token&.valid?
|
|
26
49
|
end
|
|
27
50
|
end
|
|
28
51
|
end
|
data/lib/pg/aws_rds_iam.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pg-aws_rds_iam
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Haines
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-12-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-rds
|
|
@@ -55,6 +55,7 @@ files:
|
|
|
55
55
|
- lib/pg/aws_rds_iam/active_record_postgresql_database_tasks.rb
|
|
56
56
|
- lib/pg/aws_rds_iam/active_record_postgresql_database_tasks/psql_env.rb
|
|
57
57
|
- lib/pg/aws_rds_iam/active_record_postgresql_database_tasks/set_psql_env.rb
|
|
58
|
+
- lib/pg/aws_rds_iam/auth_token.rb
|
|
58
59
|
- lib/pg/aws_rds_iam/auth_token_generator.rb
|
|
59
60
|
- lib/pg/aws_rds_iam/auth_token_generator_registry.rb
|
|
60
61
|
- lib/pg/aws_rds_iam/auth_token_injector.rb
|
|
@@ -73,7 +74,7 @@ licenses:
|
|
|
73
74
|
metadata:
|
|
74
75
|
bug_tracker_uri: https://github.com/haines/pg-aws_rds_iam/issues
|
|
75
76
|
changelog_uri: https://github.com/haines/pg-aws_rds_iam/blob/main/CHANGELOG.md
|
|
76
|
-
documentation_uri: https://rubydoc.info/gems/pg-aws_rds_iam/0.
|
|
77
|
+
documentation_uri: https://rubydoc.info/gems/pg-aws_rds_iam/0.7.0
|
|
77
78
|
homepage_uri: https://github.com/haines/pg-aws_rds_iam
|
|
78
79
|
source_code_uri: https://github.com/haines/pg-aws_rds_iam
|
|
79
80
|
rubygems_mfa_required: 'true'
|