pg-aws_rds_iam 0.6.2 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -1
- data/lib/pg/aws_rds_iam/auth_token.rb +39 -0
- data/lib/pg/aws_rds_iam/auth_token_generator.rb +24 -1
- data/lib/pg/aws_rds_iam/version.rb +1 -1
- data/lib/pg/aws_rds_iam.rb +1 -0
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: abc5ffd5784f5ad5c2fc33e510cd99d9f02ad9a0cf6a231427abf2b8593dbdf2
|
|
4
|
+
data.tar.gz: 6552886d708ea4a2e819d4cb6fa6db9d1c59eec9dffeb09b1a38d135bbde1da1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5d1c3a0f5d0e292ec0199ed8e420644cc1574ef80b2fbf2b71a0c9b8656e6f757aeb575cc0198c47dbdb92b1013e46c61ab5428d142cca650d35063ea2c2a7ad
|
|
7
|
+
data.tar.gz: 629e158616fc8319beb73ea54010bee5f6eb41adc30fecaf9ff0480aa693706b026572cb72597a62bd7b4fd765a83d831687f8ee9da7385b4c5e92bbd95b6295
|
data/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
|
8
8
|
|
|
9
9
|
No notable changes.
|
|
10
10
|
|
|
11
|
+
## [0.7.0] - 2024-12-04
|
|
12
|
+
|
|
13
|
+
### Changed
|
|
14
|
+
* Reuse tokens ([#690](https://github.com/haines/pg-aws_rds_iam/pull/690))
|
|
15
|
+
|
|
11
16
|
## [0.6.2] - 2024-11-12
|
|
12
17
|
|
|
13
18
|
### Changed
|
|
@@ -96,7 +101,8 @@ No notable changes.
|
|
|
96
101
|
* A plugin for the [`pg` gem](https://rubygems.org/gems/pg) that adds support for [IAM authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) when connecting to PostgreSQL databases hosted in Amazon RDS. ([#1](https://github.com/haines/pg-aws_rds_iam/pull/1))
|
|
97
102
|
* ActiveRecord support. ([#3](https://github.com/haines/pg-aws_rds_iam/pull/3))
|
|
98
103
|
|
|
99
|
-
[Unreleased]: https://github.com/haines/pg-aws_rds_iam/compare/v0.
|
|
104
|
+
[Unreleased]: https://github.com/haines/pg-aws_rds_iam/compare/v0.7.0...HEAD
|
|
105
|
+
[0.7.0]: https://github.com/haines/pg-aws_rds_iam/compare/v0.6.2...v0.7.0
|
|
100
106
|
[0.6.2]: https://github.com/haines/pg-aws_rds_iam/compare/v0.6.1...v0.6.2
|
|
101
107
|
[0.6.1]: https://github.com/haines/pg-aws_rds_iam/compare/v0.6.0...v0.6.1
|
|
102
108
|
[0.6.0]: https://github.com/haines/pg-aws_rds_iam/compare/v0.5.0...v0.6.0
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PG
|
|
4
|
+
module AWS_RDS_IAM
|
|
5
|
+
class AuthToken
|
|
6
|
+
def initialize(token)
|
|
7
|
+
@token = token
|
|
8
|
+
@generated_at = now
|
|
9
|
+
@expiry = parse_expiry || 900
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def valid?
|
|
13
|
+
(now - @generated_at) < (@expiry - 60)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def to_str
|
|
17
|
+
@token
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
private
|
|
21
|
+
|
|
22
|
+
def now
|
|
23
|
+
Process.clock_gettime(Process::CLOCK_MONOTONIC)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def parse_expiry
|
|
27
|
+
URI
|
|
28
|
+
.decode_www_form(URI.parse("https://#{@token}").query)
|
|
29
|
+
.lazy
|
|
30
|
+
.filter_map { |(key, value)| Integer(value, 10) if key.downcase == "x-amz-expires" }
|
|
31
|
+
.first
|
|
32
|
+
rescue StandardError
|
|
33
|
+
nil
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
private_constant :AuthToken
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -13,16 +13,39 @@ module PG
|
|
|
13
13
|
def initialize(credentials:, region:)
|
|
14
14
|
@generator = Aws::RDS::AuthTokenGenerator.new(credentials:)
|
|
15
15
|
@region = region
|
|
16
|
+
@mutex = Mutex.new
|
|
17
|
+
@cache = {}
|
|
16
18
|
end
|
|
17
19
|
|
|
18
20
|
# Generates an authentication token for connecting to an Amazon RDS instance.
|
|
21
|
+
# Generated tokens are cached and reused until 1 minute before they are due to expire.
|
|
19
22
|
#
|
|
20
23
|
# @param host [String] the host name of the RDS instance that you want to access
|
|
21
24
|
# @param port [String] the port number used for connecting to your RDS instance
|
|
22
25
|
# @param user [String] the database account that you want to access
|
|
23
26
|
# @return [String] the generated authentication token
|
|
24
27
|
def call(host:, port:, user:)
|
|
25
|
-
|
|
28
|
+
endpoint = "#{host}:#{port}"
|
|
29
|
+
key = "#{user}@#{endpoint}"
|
|
30
|
+
|
|
31
|
+
token = cached_token(key)
|
|
32
|
+
return token if token
|
|
33
|
+
|
|
34
|
+
@mutex.synchronize do
|
|
35
|
+
token = cached_token(key)
|
|
36
|
+
break token if token
|
|
37
|
+
|
|
38
|
+
@generator.auth_token(region: @region, endpoint:, user_name: user).tap do |new_token|
|
|
39
|
+
@cache[key] = AuthToken.new(new_token)
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
private
|
|
45
|
+
|
|
46
|
+
def cached_token(key)
|
|
47
|
+
token = @cache[key]
|
|
48
|
+
token.to_str if token&.valid?
|
|
26
49
|
end
|
|
27
50
|
end
|
|
28
51
|
end
|
data/lib/pg/aws_rds_iam.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pg-aws_rds_iam
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Haines
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-12-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-rds
|
|
@@ -55,6 +55,7 @@ files:
|
|
|
55
55
|
- lib/pg/aws_rds_iam/active_record_postgresql_database_tasks.rb
|
|
56
56
|
- lib/pg/aws_rds_iam/active_record_postgresql_database_tasks/psql_env.rb
|
|
57
57
|
- lib/pg/aws_rds_iam/active_record_postgresql_database_tasks/set_psql_env.rb
|
|
58
|
+
- lib/pg/aws_rds_iam/auth_token.rb
|
|
58
59
|
- lib/pg/aws_rds_iam/auth_token_generator.rb
|
|
59
60
|
- lib/pg/aws_rds_iam/auth_token_generator_registry.rb
|
|
60
61
|
- lib/pg/aws_rds_iam/auth_token_injector.rb
|
|
@@ -73,7 +74,7 @@ licenses:
|
|
|
73
74
|
metadata:
|
|
74
75
|
bug_tracker_uri: https://github.com/haines/pg-aws_rds_iam/issues
|
|
75
76
|
changelog_uri: https://github.com/haines/pg-aws_rds_iam/blob/main/CHANGELOG.md
|
|
76
|
-
documentation_uri: https://rubydoc.info/gems/pg-aws_rds_iam/0.
|
|
77
|
+
documentation_uri: https://rubydoc.info/gems/pg-aws_rds_iam/0.7.0
|
|
77
78
|
homepage_uri: https://github.com/haines/pg-aws_rds_iam
|
|
78
79
|
source_code_uri: https://github.com/haines/pg-aws_rds_iam
|
|
79
80
|
rubygems_mfa_required: 'true'
|