class Fog::AWS::KMS::Real

Constants

DEFAULT_KEY_POLICY

Public Class Methods

new(options={}) click to toggle source

Initialize connection to KMS

Notes

options parameter must include values for :aws_access_key_id and :aws_secret_access_key in order to create a connection

Examples

kms = KMS.new(
 :aws_access_key_id     => your_aws_access_key_id,
 :aws_secret_access_key => your_aws_secret_access_key
)

Parameters

  • options<~Hash> - config arguments for connection. Defaults to {}.

    • region<~String> - optional region to use. For instance, 'eu-west-1', 'us-east-1', etc.

Returns

  • KMS object with connection to AWS.

# File lib/fog/aws/kms.rb, line 91
def initialize(options={})

  @use_iam_profile    = options[:use_iam_profile]
  @connection_options = options[:connection_options] || {}
  @instrumentor       = options[:instrumentor]
  @instrumentor_name  = options[:instrumentor_name] || 'fog.aws.kms'

  options[:region] ||= 'us-east-1'

  @region     = options[:region]
  @host       = options[:host]       || "kms.#{@region}.amazonaws.com"
  @path       = options[:path]       || '/'
  @persistent = options[:persistent] || false
  @port       = options[:port]       || 443
  @scheme     = options[:scheme]     || 'https'

  @connection = Fog::XML::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options)

  setup_credentials(options)
end

Public Instance Methods

create_key(policy = nil, description = nil, usage = "ENCRYPT_DECRYPT") click to toggle source
# File lib/fog/aws/requests/kms/create_key.rb, line 25
def create_key(policy = nil, description = nil, usage = "ENCRYPT_DECRYPT")
  request(
    'Action'      => 'CreateKey',
    'Description' => description,
    'KeyUsage'    => usage,
    'Policy'      => policy,
    :parser       => Fog::Parsers::AWS::KMS::DescribeKey.new
  )
end
describe_key(identifier) click to toggle source
# File lib/fog/aws/requests/kms/describe_key.rb, line 7
def describe_key(identifier)
  request(
    'Action' => 'DescribeKey',
    'KeyId'  => identifier,
    :parser  => Fog::Parsers::AWS::KMS::DescribeKey.new
  )
end
list_keys(options={}) click to toggle source
# File lib/fog/aws/requests/kms/list_keys.rb, line 8
def list_keys(options={})
  params = {}

  if options[:marker]
    params['Marker'] = options[:marker]
  end

  if options[:limit]
    params['Limit'] = options[:limit]
  end

  request({
    'Action' => 'ListKeys',
    :parser  => Fog::Parsers::AWS::KMS::ListKeys.new
  }.merge(params))
end
reload() click to toggle source
# File lib/fog/aws/kms.rb, line 112
def reload
  @connection.reset
end

Private Instance Methods

_request(body, headers, idempotent, parser) click to toggle source
# File lib/fog/aws/kms.rb, line 155
def _request(body, headers, idempotent, parser)
  @connection.request({
    :body       => body,
    :expects    => 200,
    :headers    => headers,
    :idempotent => idempotent,
    :method     => 'POST',
    :parser     => parser
  })
rescue Excon::Errors::HTTPStatusError => error
  match = Fog::AWS::Errors.match_error(error)

  if match.empty?
    raise
  elsif Fog::AWS::KMS.const_defined?(match[:code])
    raise Fog::AWS::KMS.const_get(match[:code]).slurp(error, match[:message])
  else
    raise Fog::AWS::KMS::Error.slurp(error, "#{match[:code]} => #{match[:message]}")
  end
end
request(params) click to toggle source
# File lib/fog/aws/kms.rb, line 126
def request(params)
  refresh_credentials_if_expired

  idempotent  = params.delete(:idempotent)
  parser      = params.delete(:parser)

  body, headers = Fog::AWS.signed_params_v4(
    params,
    { 'Content-Type' => 'application/x-www-form-urlencoded' },
    {
      :aws_session_token  => @aws_session_token,
      :signer             => @signer,
      :host               => @host,
      :path               => @path,
      :port               => @port,
      :version            => '2014-11-01',
      :method             => 'POST'
    }
  )

  if @instrumentor
    @instrumentor.instrument("#{@instrumentor_name}.request", params) do
      _request(body, headers, idempotent, parser)
    end
  else
    _request(body, headers, idempotent, parser)
  end
end
setup_credentials(options={}) click to toggle source
# File lib/fog/aws/kms.rb, line 118
def setup_credentials(options={})
  @aws_access_key_id         = options[:aws_access_key_id]
  @aws_secret_access_key     = options[:aws_secret_access_key]
  @aws_session_token         = options[:aws_session_token]

  @signer = Fog::AWS::SignatureV4.new(@aws_access_key_id, @aws_secret_access_key, @region, 'kms')
end