22
33module Mysql2
44 # Generates and caches AWS IAM Authentication tokens to use in place of MySQL user passwords
5- class AwsTokenAuth
5+ class AwsIamAuth
66 include Singleton
7+ attr_reader :mutex
8+ attr_accessor :passwords
79
810 # Tokens are valid for up to 15 minutes.
911 # We will assume ours expire in 14 minutes to be safe.
@@ -23,23 +25,24 @@ def initialize
2325 # :password is the token value
2426 # :expires_at is (just before) the token was generated plus 14 minutes
2527 @passwords = { }
26- @generator = Aws ::RDS ::AuthTokenGenerator . new
28+ instance_credentials = Aws ::InstanceProfileCredentials . new
29+ @generator = Aws ::RDS ::AuthTokenGenerator . new ( :credentials => instance_credentials )
2730 end
2831
2932 def password ( user , host , port , opts )
3033 params = to_params ( user , host , port , opts )
3134 key = key_from_params ( params )
3235 passwd = nil
33- AwsTokenAuth . instance . mutex . synchronize do
36+ AwsIamAuth . instance . mutex . synchronize do
3437 begin
35- passwd = @passwords [ key ] [ :password ] if @passwords [ key ] [ :password ] && Time . now . utc < @passwords [ key ] [ :expires_at ]
38+ passwd = @passwords [ key ] [ :password ] if @passwords . dig ( key , :password ) && Time . now . utc < @passwords . dig ( key , :expires_at )
3639 rescue KeyError
3740 passwd = nil
3841 end
3942 end
4043 return passwd unless passwd . nil?
4144
42- AwsTokenAuth . instance . mutex . synchronize do
45+ AwsIamAuth . instance . mutex . synchronize do
4346 @passwords [ key ] = { }
4447 @passwords [ key ] [ :expires_at ] = Time . now . utc + TOKEN_EXPIRES_IN
4548 @passwords [ key ] [ :password ] = password_from_iam ( params )
0 commit comments