aws-msk-iam-sasl-signer
Advanced tools
This is an Amazon MSK Library in Ruby. This library provides a function to generates a base 64 encoded signed url to enable authentication/authorization with an MSK Cluster. The signed url is generated by using your IAM credentials.
To install aws-msk-iam-sasl-signer-ruby, run this command in your terminal. This is the preferred method to install aws-msk-iam-sasl-signer-ruby, as it will always install the most recent stable release.
gem install aws-msk-iam-sasl-signer
In order to use a named profile to generate the token, replace the generate_auth_token function with code below:
signer = AwsMskIamSaslSigner::MSKTokenProvider.new(region: 'us-east-1')
auth_token = signer.generate_auth_token_from_profile(
aws_profile: 'my-profile'
)
In order to use a role arn to generate the token, replace the generate_auth_token function with code below:
signer = AwsMskIamSaslSigner::MSKTokenProvider.new(region: 'us-east-1')
auth_token = signer.generate_auth_token_from_role_arn(
role_arn: 'arn:aws:iam::1234567890:role/my-role'
)
In order to use a custom credentials provider, replace the generate_auth_token function with code below :
signer = AwsMskIamSaslSigner::MSKTokenProvider.new(region: 'us-east-1')
auth_token = signer.generate_auth_token_from_credentials_provider(
'your-credentials-provider'
)
You can run tests in the currently configured Ruby version using rake.
By default, it will run all the unit tests.
bundle exec rake test
To fix lint issues, run rubocop.
bundle exec rubocop -x
This project uses code climate to maintain code quality. Code Climate will be run on every pull request and will fail if the code quality is not maintained. Code climate can be run locally using the command below.
bundle exec rake codeclimate
You can generate a signed url using the CLI.
bundle exec signer --help
Commands:
signer generate # Generate a token using credential provider chain
signer generate-from-profile --aws-profile=AWS_PROFILE # Generate a token using aws profile
signer generate-from-role-arn --role-arn=ROLE_ARN # Generate a token using role arn
signer help [COMMAND] # Describe available commands or one specific command
When using the token to authenticate against an MSK cluster, you may receive an Access denied error.
There may be some doubt as to which credential is being exactly used.
The credential may be sourced from a role ARN, EC2 instance profile, credential profile etc.
When calling generate_auth_token, you can set aws_debug argument to true.
MSKAuthTokenProvider.generate_auth_token(aws_debug: true)
generate_auth_token will return a third value, the caller identity:
auth_token = MSKAuthTokenProvider.generate_auth_token(aws_debug: true)
puts "Caller identity: #{auth_token.caller_identity}"
If you want to report a bug, or have ideas, feedback or questions about the gem, let me know via GitHub issues and I will do my best to provide a helpful answer. Happy hacking!
The gem is available as open source under the terms of the MIT License.
Everyone interacting in this project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.
Pull requests are welcome!
lib/aws-msk-iam-sasl-signer/version.rbgit checkout main
git pull origin main
VERSION="v$(grep -o 'VERSION = "[^"]*' lib/aws-msk-iam-sasl-signer/version.rb | grep -o '[^"]*$')"
git tag -a ${VERSION} -m "${VERSION}"
git push origin ${VERSION}
FAQs
Unknown package
We found that aws-msk-iam-sasl-signer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.