aws-sdk-core 3.100.0 → 3.191.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +1815 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +153 -0
- data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
- data/lib/aws-defaults.rb +3 -0
- data/lib/aws-sdk-core/arn.rb +28 -0
- data/lib/aws-sdk-core/arn_parser.rb +2 -0
- data/lib/aws-sdk-core/assume_role_credentials.rb +23 -7
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +16 -10
- data/lib/aws-sdk-core/async_client_stubs.rb +2 -0
- data/lib/aws-sdk-core/binary/decode_handler.rb +2 -0
- data/lib/aws-sdk-core/binary/encode_handler.rb +14 -1
- data/lib/aws-sdk-core/binary/event_builder.rb +2 -0
- data/lib/aws-sdk-core/binary/event_parser.rb +2 -0
- data/lib/aws-sdk-core/binary/event_stream_decoder.rb +2 -0
- data/lib/aws-sdk-core/binary/event_stream_encoder.rb +2 -0
- data/lib/aws-sdk-core/binary.rb +2 -0
- data/lib/aws-sdk-core/client_side_monitoring/publisher.rb +2 -0
- data/lib/aws-sdk-core/client_side_monitoring/request_metrics.rb +2 -0
- data/lib/aws-sdk-core/client_stubs.rb +22 -13
- data/lib/aws-sdk-core/credential_provider.rb +5 -0
- data/lib/aws-sdk-core/credential_provider_chain.rb +31 -6
- data/lib/aws-sdk-core/credentials.rb +2 -0
- data/lib/aws-sdk-core/deprecations.rb +2 -0
- data/lib/aws-sdk-core/eager_loader.rb +2 -0
- data/lib/aws-sdk-core/ec2_metadata.rb +238 -0
- data/lib/aws-sdk-core/ecs_credentials.rb +188 -53
- data/lib/aws-sdk-core/endpoint_cache.rb +2 -0
- data/lib/aws-sdk-core/endpoints/condition.rb +41 -0
- data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
- data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +75 -0
- data/lib/aws-sdk-core/endpoints/error_rule.rb +42 -0
- data/lib/aws-sdk-core/endpoints/function.rb +80 -0
- data/lib/aws-sdk-core/endpoints/matchers.rb +131 -0
- data/lib/aws-sdk-core/endpoints/reference.rb +31 -0
- data/lib/aws-sdk-core/endpoints/rule.rb +25 -0
- data/lib/aws-sdk-core/endpoints/rule_set.rb +52 -0
- data/lib/aws-sdk-core/endpoints/rules_provider.rb +37 -0
- data/lib/aws-sdk-core/endpoints/templater.rb +58 -0
- data/lib/aws-sdk-core/endpoints/tree_rule.rb +45 -0
- data/lib/aws-sdk-core/endpoints/url.rb +60 -0
- data/lib/aws-sdk-core/endpoints.rb +78 -0
- data/lib/aws-sdk-core/errors.rb +27 -5
- data/lib/aws-sdk-core/event_emitter.rb +2 -0
- data/lib/aws-sdk-core/ini_parser.rb +9 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +167 -38
- data/lib/aws-sdk-core/json/builder.rb +2 -0
- data/lib/aws-sdk-core/json/error_handler.rb +22 -1
- data/lib/aws-sdk-core/json/handler.rb +10 -1
- data/lib/aws-sdk-core/json/json_engine.rb +12 -8
- data/lib/aws-sdk-core/json/oj_engine.rb +35 -6
- data/lib/aws-sdk-core/json/parser.rb +36 -1
- data/lib/aws-sdk-core/json.rb +10 -26
- data/lib/aws-sdk-core/log/formatter.rb +15 -3
- data/lib/aws-sdk-core/log/handler.rb +2 -0
- data/lib/aws-sdk-core/log/param_filter.rb +37 -12
- data/lib/aws-sdk-core/log/param_formatter.rb +2 -0
- data/lib/aws-sdk-core/pageable_response.rb +91 -32
- data/lib/aws-sdk-core/pager.rb +5 -0
- data/lib/aws-sdk-core/param_converter.rb +2 -0
- data/lib/aws-sdk-core/param_validator.rb +56 -6
- data/lib/aws-sdk-core/plugins/api_key.rb +5 -1
- data/lib/aws-sdk-core/plugins/apig_authorizer_token.rb +2 -0
- data/lib/aws-sdk-core/plugins/apig_credentials_configuration.rb +2 -0
- data/lib/aws-sdk-core/plugins/apig_user_agent.rb +2 -0
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +342 -0
- data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +3 -0
- data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +2 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +52 -7
- data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +8 -2
- data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +8 -6
- data/lib/aws-sdk-core/plugins/event_stream_configuration.rb +2 -0
- data/lib/aws-sdk-core/plugins/global_configuration.rb +2 -0
- data/lib/aws-sdk-core/plugins/helpful_socket_errors.rb +2 -0
- data/lib/aws-sdk-core/plugins/http_checksum.rb +11 -1
- data/lib/aws-sdk-core/plugins/idempotency_token.rb +2 -0
- data/lib/aws-sdk-core/plugins/invocation_id.rb +2 -0
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +36 -6
- data/lib/aws-sdk-core/plugins/logging.rb +4 -0
- data/lib/aws-sdk-core/plugins/param_converter.rb +2 -0
- data/lib/aws-sdk-core/plugins/param_validator.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +19 -0
- data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/query.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +18 -1
- data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +2 -0
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +38 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +146 -17
- data/lib/aws-sdk-core/plugins/request_compression.rb +217 -0
- data/lib/aws-sdk-core/plugins/response_paging.rb +3 -1
- data/lib/aws-sdk-core/plugins/retries/client_rate_limiter.rb +2 -0
- data/lib/aws-sdk-core/plugins/retries/clock_skew.rb +2 -0
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +9 -4
- data/lib/aws-sdk-core/plugins/retries/retry_quota.rb +2 -0
- data/lib/aws-sdk-core/plugins/retry_errors.rb +29 -8
- data/lib/aws-sdk-core/plugins/sign.rb +206 -0
- data/lib/aws-sdk-core/plugins/signature_v2.rb +3 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +30 -31
- data/lib/aws-sdk-core/plugins/stub_responses.rb +10 -1
- data/lib/aws-sdk-core/plugins/transfer_encoding.rb +2 -0
- data/lib/aws-sdk-core/plugins/user_agent.rb +119 -14
- data/lib/aws-sdk-core/process_credentials.rb +14 -15
- data/lib/aws-sdk-core/query/ec2_param_builder.rb +2 -0
- data/lib/aws-sdk-core/query/handler.rb +2 -0
- data/lib/aws-sdk-core/query/param.rb +2 -0
- data/lib/aws-sdk-core/query/param_builder.rb +2 -0
- data/lib/aws-sdk-core/query/param_list.rb +2 -0
- data/lib/aws-sdk-core/query.rb +2 -0
- data/lib/aws-sdk-core/refreshing_credentials.rb +50 -17
- data/lib/aws-sdk-core/refreshing_token.rb +71 -0
- data/lib/aws-sdk-core/resources/collection.rb +2 -0
- data/lib/aws-sdk-core/rest/handler.rb +3 -1
- data/lib/aws-sdk-core/rest/request/body.rb +21 -1
- data/lib/aws-sdk-core/rest/request/builder.rb +2 -0
- data/lib/aws-sdk-core/rest/request/endpoint.rb +2 -0
- data/lib/aws-sdk-core/rest/request/headers.rb +16 -6
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +45 -29
- data/lib/aws-sdk-core/rest/response/body.rb +2 -0
- data/lib/aws-sdk-core/rest/response/headers.rb +6 -3
- data/lib/aws-sdk-core/rest/response/parser.rb +2 -0
- data/lib/aws-sdk-core/rest/response/status_code.rb +2 -0
- data/lib/aws-sdk-core/rest.rb +2 -0
- data/lib/aws-sdk-core/shared_config.rb +163 -8
- data/lib/aws-sdk-core/shared_credentials.rb +9 -1
- data/lib/aws-sdk-core/sso_credentials.rb +172 -0
- data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
- data/lib/aws-sdk-core/static_token_provider.rb +14 -0
- data/lib/aws-sdk-core/structure.rb +19 -6
- data/lib/aws-sdk-core/stubbing/data_applicator.rb +2 -0
- data/lib/aws-sdk-core/stubbing/empty_stub.rb +2 -0
- data/lib/aws-sdk-core/stubbing/protocols/api_gateway.rb +2 -0
- data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +2 -0
- data/lib/aws-sdk-core/stubbing/protocols/json.rb +3 -1
- data/lib/aws-sdk-core/stubbing/protocols/query.rb +2 -0
- data/lib/aws-sdk-core/stubbing/protocols/rest.rb +3 -1
- data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +3 -1
- data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +2 -2
- data/lib/aws-sdk-core/stubbing/stub_data.rb +13 -0
- data/lib/aws-sdk-core/stubbing/xml_error.rb +2 -0
- data/lib/aws-sdk-core/token.rb +31 -0
- data/lib/aws-sdk-core/token_provider.rb +15 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
- data/lib/aws-sdk-core/type_builder.rb +2 -0
- data/lib/aws-sdk-core/util.rb +2 -0
- data/lib/aws-sdk-core/waiters/errors.rb +2 -0
- data/lib/aws-sdk-core/waiters/poller.rb +6 -2
- data/lib/aws-sdk-core/waiters/waiter.rb +2 -0
- data/lib/aws-sdk-core/waiters.rb +2 -0
- data/lib/aws-sdk-core/xml/builder.rb +4 -2
- data/lib/aws-sdk-core/xml/default_list.rb +2 -0
- data/lib/aws-sdk-core/xml/default_map.rb +2 -0
- data/lib/aws-sdk-core/xml/doc_builder.rb +8 -1
- data/lib/aws-sdk-core/xml/error_handler.rb +9 -0
- data/lib/aws-sdk-core/xml/parser/engines/libxml.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/nokogiri.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/oga.rb +4 -0
- data/lib/aws-sdk-core/xml/parser/engines/ox.rb +3 -1
- data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/frame.rb +25 -0
- data/lib/aws-sdk-core/xml/parser/parsing_error.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
- data/lib/aws-sdk-core/xml/parser.rb +7 -0
- data/lib/aws-sdk-core/xml.rb +2 -0
- data/lib/aws-sdk-core.rb +29 -3
- data/lib/aws-sdk-sso/client.rb +630 -0
- data/lib/aws-sdk-sso/client_api.rb +190 -0
- data/lib/aws-sdk-sso/customizations.rb +1 -0
- data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-sso/endpoint_provider.rb +57 -0
- data/lib/aws-sdk-sso/endpoints.rb +72 -0
- data/lib/aws-sdk-sso/errors.rb +102 -0
- data/lib/aws-sdk-sso/plugins/endpoints.rb +78 -0
- data/lib/aws-sdk-sso/resource.rb +26 -0
- data/lib/aws-sdk-sso/types.rb +317 -0
- data/lib/aws-sdk-sso.rb +59 -0
- data/lib/aws-sdk-ssooidc/client.rb +935 -0
- data/lib/aws-sdk-ssooidc/client_api.rb +271 -0
- data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +57 -0
- data/lib/aws-sdk-ssooidc/endpoints.rb +72 -0
- data/lib/aws-sdk-ssooidc/errors.rb +321 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +78 -0
- data/lib/aws-sdk-ssooidc/resource.rb +26 -0
- data/lib/aws-sdk-ssooidc/types.rb +755 -0
- data/lib/aws-sdk-ssooidc.rb +59 -0
- data/lib/aws-sdk-sts/client.rb +655 -490
- data/lib/aws-sdk-sts/client_api.rb +21 -2
- data/lib/aws-sdk-sts/customizations.rb +2 -0
- data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
- data/lib/aws-sdk-sts/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-sts/endpoints.rb +136 -0
- data/lib/aws-sdk-sts/errors.rb +3 -1
- data/lib/aws-sdk-sts/plugins/endpoints.rb +86 -0
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +7 -1
- data/lib/aws-sdk-sts/presigner.rb +16 -10
- data/lib/aws-sdk-sts/resource.rb +3 -1
- data/lib/aws-sdk-sts/types.rb +416 -316
- data/lib/aws-sdk-sts.rb +14 -3
- data/lib/seahorse/client/async_base.rb +2 -1
- data/lib/seahorse/client/async_response.rb +2 -0
- data/lib/seahorse/client/base.rb +3 -0
- data/lib/seahorse/client/block_io.rb +5 -2
- data/lib/seahorse/client/configuration.rb +7 -5
- data/lib/seahorse/client/events.rb +2 -0
- data/lib/seahorse/client/h2/connection.rb +29 -24
- data/lib/seahorse/client/h2/handler.rb +6 -5
- data/lib/seahorse/client/handler.rb +2 -0
- data/lib/seahorse/client/handler_builder.rb +2 -0
- data/lib/seahorse/client/handler_list.rb +2 -0
- data/lib/seahorse/client/handler_list_entry.rb +2 -0
- data/lib/seahorse/client/http/async_response.rb +2 -0
- data/lib/seahorse/client/http/headers.rb +2 -0
- data/lib/seahorse/client/http/request.rb +2 -0
- data/lib/seahorse/client/http/response.rb +3 -1
- data/lib/seahorse/client/logging/formatter.rb +2 -0
- data/lib/seahorse/client/logging/handler.rb +2 -0
- data/lib/seahorse/client/managed_file.rb +2 -0
- data/lib/seahorse/client/net_http/connection_pool.rb +12 -4
- data/lib/seahorse/client/net_http/handler.rb +19 -8
- data/lib/seahorse/client/net_http/patches.rb +14 -86
- data/lib/seahorse/client/networking_error.rb +2 -0
- data/lib/seahorse/client/plugin.rb +3 -0
- data/lib/seahorse/client/plugin_list.rb +2 -0
- data/lib/seahorse/client/plugins/content_length.rb +13 -5
- data/lib/seahorse/client/plugins/endpoint.rb +2 -0
- data/lib/seahorse/client/plugins/h2.rb +9 -4
- data/lib/seahorse/client/plugins/logging.rb +2 -0
- data/lib/seahorse/client/plugins/net_http.rb +39 -3
- data/lib/seahorse/client/plugins/operation_methods.rb +2 -0
- data/lib/seahorse/client/plugins/raise_response_errors.rb +2 -0
- data/lib/seahorse/client/plugins/request_callback.rb +141 -0
- data/lib/seahorse/client/plugins/response_target.rb +8 -8
- data/lib/seahorse/client/request.rb +2 -0
- data/lib/seahorse/client/request_context.rb +2 -0
- data/lib/seahorse/client/response.rb +8 -0
- data/lib/seahorse/model/api.rb +2 -0
- data/lib/seahorse/model/authorizer.rb +2 -0
- data/lib/seahorse/model/operation.rb +8 -0
- data/lib/seahorse/model/shapes.rb +27 -0
- data/lib/seahorse/util.rb +12 -1
- data/lib/seahorse/version.rb +2 -0
- data/lib/seahorse.rb +3 -0
- data/sig/aws-sdk-core/client_stubs.rbs +10 -0
- data/sig/aws-sdk-core/errors.rbs +22 -0
- data/sig/aws-sdk-core/resources/collection.rbs +21 -0
- data/sig/aws-sdk-core/structure.rbs +4 -0
- data/sig/aws-sdk-core/waiters/errors.rbs +20 -0
- data/sig/aws-sdk-core.rbs +7 -0
- data/sig/seahorse/client/base.rbs +25 -0
- data/sig/seahorse/client/handler_builder.rbs +16 -0
- data/sig/seahorse/client/response.rbs +61 -0
- metadata +93 -19
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'set'
|
|
2
4
|
require_relative 'retries/error_inspector'
|
|
3
5
|
require_relative 'retries/retry_quota'
|
|
@@ -71,6 +73,7 @@ is only used in the `legacy` retry mode.
|
|
|
71
73
|
:retry_jitter,
|
|
72
74
|
default: :none,
|
|
73
75
|
doc_type: Symbol,
|
|
76
|
+
rbs_type: '(:none | :equal | :full | ^(Integer) -> Integer)',
|
|
74
77
|
docstring: <<-DOCS)
|
|
75
78
|
A delay randomiser function used by the default backoff function.
|
|
76
79
|
Some predefined functions can be referenced by name - :none, :equal, :full,
|
|
@@ -95,6 +98,7 @@ This option is only used in the `legacy` retry mode.
|
|
|
95
98
|
:retry_mode,
|
|
96
99
|
default: 'legacy',
|
|
97
100
|
doc_type: String,
|
|
101
|
+
rbs_type: '("legacy" | "standard" | "adaptive")',
|
|
98
102
|
docstring: <<-DOCS) do |cfg|
|
|
99
103
|
Specifies which retry algorithm to use. Values are:
|
|
100
104
|
|
|
@@ -161,9 +165,15 @@ a clock skew correction and retry requests with skewed client clocks.
|
|
|
161
165
|
option(:clock_skew) { Retries::ClockSkew.new }
|
|
162
166
|
|
|
163
167
|
def self.resolve_retry_mode(cfg)
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
168
|
+
default_mode_value =
|
|
169
|
+
if cfg.respond_to?(:defaults_mode_config_resolver)
|
|
170
|
+
cfg.defaults_mode_config_resolver.resolve(:retry_mode)
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
value = ENV['AWS_RETRY_MODE'] ||
|
|
174
|
+
Aws.shared_config.retry_mode(profile: cfg.profile) ||
|
|
175
|
+
default_mode_value ||
|
|
176
|
+
'legacy'
|
|
167
177
|
# Raise if provided value is not one of the retry modes
|
|
168
178
|
if value != 'legacy' && value != 'standard' && value != 'adaptive'
|
|
169
179
|
raise ArgumentError,
|
|
@@ -174,11 +184,12 @@ a clock skew correction and retry requests with skewed client clocks.
|
|
|
174
184
|
end
|
|
175
185
|
|
|
176
186
|
def self.resolve_max_attempts(cfg)
|
|
177
|
-
value = (ENV['AWS_MAX_ATTEMPTS']
|
|
187
|
+
value = (ENV['AWS_MAX_ATTEMPTS']) ||
|
|
178
188
|
Aws.shared_config.max_attempts(profile: cfg.profile) ||
|
|
179
|
-
3
|
|
189
|
+
'3'
|
|
190
|
+
value = value.to_i
|
|
180
191
|
# Raise if provided value is not a positive integer
|
|
181
|
-
if
|
|
192
|
+
if value <= 0
|
|
182
193
|
raise ArgumentError,
|
|
183
194
|
'Must provide a positive integer for max_attempts profile '\
|
|
184
195
|
'option or for ENV[\'AWS_MAX_ATTEMPTS\']'
|
|
@@ -304,12 +315,17 @@ a clock skew correction and retry requests with skewed client clocks.
|
|
|
304
315
|
|
|
305
316
|
def retry_request(context, error)
|
|
306
317
|
context.retries += 1
|
|
307
|
-
context.config.credentials.refresh! if error
|
|
318
|
+
context.config.credentials.refresh! if refresh_credentials?(context, error)
|
|
308
319
|
context.http_request.body.rewind
|
|
309
320
|
context.http_response.reset
|
|
310
321
|
call(context)
|
|
311
322
|
end
|
|
312
323
|
|
|
324
|
+
def refresh_credentials?(context, error)
|
|
325
|
+
error.expired_credentials? &&
|
|
326
|
+
context.config.credentials.respond_to?(:refresh!)
|
|
327
|
+
end
|
|
328
|
+
|
|
313
329
|
def add_retry_headers(context)
|
|
314
330
|
request_pairs = {
|
|
315
331
|
'attempt' => context.retries,
|
|
@@ -374,7 +390,7 @@ a clock skew correction and retry requests with skewed client clocks.
|
|
|
374
390
|
def retry_request(context, error)
|
|
375
391
|
delay_retry(context)
|
|
376
392
|
context.retries += 1
|
|
377
|
-
context.config.credentials.refresh! if error
|
|
393
|
+
context.config.credentials.refresh! if refresh_credentials?(context, error)
|
|
378
394
|
context.http_request.body.rewind
|
|
379
395
|
context.http_response.reset
|
|
380
396
|
call(context)
|
|
@@ -390,6 +406,11 @@ a clock skew correction and retry requests with skewed client clocks.
|
|
|
390
406
|
response_truncatable?(context)
|
|
391
407
|
end
|
|
392
408
|
|
|
409
|
+
def refresh_credentials?(context, error)
|
|
410
|
+
error.expired_credentials? &&
|
|
411
|
+
context.config.credentials.respond_to?(:refresh!)
|
|
412
|
+
end
|
|
413
|
+
|
|
393
414
|
def retry_limit(context)
|
|
394
415
|
context.config.retry_limit
|
|
395
416
|
end
|
|
@@ -0,0 +1,206 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'aws-sigv4'
|
|
4
|
+
|
|
5
|
+
module Aws
|
|
6
|
+
module Plugins
|
|
7
|
+
# @api private
|
|
8
|
+
class Sign < Seahorse::Client::Plugin
|
|
9
|
+
# These once had defaults. But now they are used as overrides to
|
|
10
|
+
# new endpoint and auth resolution.
|
|
11
|
+
option(:sigv4_signer)
|
|
12
|
+
option(:sigv4_name)
|
|
13
|
+
option(:sigv4_region)
|
|
14
|
+
option(:unsigned_operations, default: [])
|
|
15
|
+
|
|
16
|
+
supported_auth_types = %w[sigv4 bearer sigv4-s3express none]
|
|
17
|
+
supported_auth_types += ['sigv4a'] if Aws::Sigv4::Signer.use_crt?
|
|
18
|
+
SUPPORTED_AUTH_TYPES = supported_auth_types.freeze
|
|
19
|
+
|
|
20
|
+
def add_handlers(handlers, cfg)
|
|
21
|
+
operations = cfg.api.operation_names - cfg.unsigned_operations
|
|
22
|
+
handlers.add(Handler, step: :sign, operations: operations)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# @api private
|
|
26
|
+
# Return a signer with the `sign(context)` method
|
|
27
|
+
def self.signer_for(auth_scheme, config, sigv4_region_override = nil, sigv4_credentials_override = nil)
|
|
28
|
+
case auth_scheme['name']
|
|
29
|
+
when 'sigv4', 'sigv4a', 'sigv4-s3express'
|
|
30
|
+
sigv4_overrides = {
|
|
31
|
+
region: sigv4_region_override,
|
|
32
|
+
credentials: sigv4_credentials_override
|
|
33
|
+
}
|
|
34
|
+
SignatureV4.new(auth_scheme, config, sigv4_overrides)
|
|
35
|
+
when 'bearer'
|
|
36
|
+
Bearer.new
|
|
37
|
+
else
|
|
38
|
+
NullSigner.new
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
class Handler < Seahorse::Client::Handler
|
|
43
|
+
def call(context)
|
|
44
|
+
# Skip signing if using sigv2 signing from s3_signer in S3
|
|
45
|
+
unless v2_signing?(context.config)
|
|
46
|
+
signer = Sign.signer_for(
|
|
47
|
+
context[:auth_scheme],
|
|
48
|
+
context.config,
|
|
49
|
+
context[:sigv4_region],
|
|
50
|
+
context[:sigv4_credentials]
|
|
51
|
+
)
|
|
52
|
+
signer.sign(context)
|
|
53
|
+
end
|
|
54
|
+
@handler.call(context)
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
private
|
|
58
|
+
|
|
59
|
+
def v2_signing?(config)
|
|
60
|
+
# 's3' is legacy signing, 'v4' is default
|
|
61
|
+
config.respond_to?(:signature_version) &&
|
|
62
|
+
config.signature_version == 's3'
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
# @api private
|
|
67
|
+
class Bearer
|
|
68
|
+
def initialize
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def sign(context)
|
|
72
|
+
if context.http_request.endpoint.scheme != 'https'
|
|
73
|
+
raise ArgumentError,
|
|
74
|
+
'Unable to use bearer authorization on non https endpoint.'
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
token_provider = context.config.token_provider
|
|
78
|
+
|
|
79
|
+
raise Errors::MissingBearerTokenError unless token_provider&.set?
|
|
80
|
+
|
|
81
|
+
context.http_request.headers['Authorization'] =
|
|
82
|
+
"Bearer #{token_provider.token.token}"
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def presign_url(*args)
|
|
86
|
+
raise ArgumentError, 'Bearer auth does not support presigned urls'
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
def sign_event(*args)
|
|
90
|
+
raise ArgumentError, 'Bearer auth does not support event signing'
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
# @api private
|
|
95
|
+
class SignatureV4
|
|
96
|
+
def initialize(auth_scheme, config, sigv4_overrides = {})
|
|
97
|
+
scheme_name = auth_scheme['name']
|
|
98
|
+
|
|
99
|
+
unless %w[sigv4 sigv4a sigv4-s3express].include?(scheme_name)
|
|
100
|
+
raise ArgumentError,
|
|
101
|
+
"Expected sigv4, sigv4a, or sigv4-s3express auth scheme, got #{scheme_name}"
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
region = if scheme_name == 'sigv4a'
|
|
105
|
+
auth_scheme['signingRegionSet'].first
|
|
106
|
+
else
|
|
107
|
+
auth_scheme['signingRegion']
|
|
108
|
+
end
|
|
109
|
+
begin
|
|
110
|
+
@signer = Aws::Sigv4::Signer.new(
|
|
111
|
+
service: config.sigv4_name || auth_scheme['signingName'],
|
|
112
|
+
region: sigv4_overrides[:region] || config.sigv4_region || region,
|
|
113
|
+
credentials_provider: sigv4_overrides[:credentials] || config.credentials,
|
|
114
|
+
signing_algorithm: scheme_name.to_sym,
|
|
115
|
+
uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
|
|
116
|
+
normalize_path: !!!auth_scheme['disableNormalizePath'],
|
|
117
|
+
unsigned_headers: %w[content-length user-agent x-amzn-trace-id]
|
|
118
|
+
)
|
|
119
|
+
rescue Aws::Sigv4::Errors::MissingCredentialsError
|
|
120
|
+
raise Aws::Errors::MissingCredentialsError
|
|
121
|
+
end
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
def sign(context)
|
|
125
|
+
req = context.http_request
|
|
126
|
+
|
|
127
|
+
apply_authtype(context, req)
|
|
128
|
+
reset_signature(req)
|
|
129
|
+
apply_clock_skew(context, req)
|
|
130
|
+
|
|
131
|
+
# compute the signature
|
|
132
|
+
begin
|
|
133
|
+
signature = @signer.sign_request(
|
|
134
|
+
http_method: req.http_method,
|
|
135
|
+
url: req.endpoint,
|
|
136
|
+
headers: req.headers,
|
|
137
|
+
body: req.body
|
|
138
|
+
)
|
|
139
|
+
rescue Aws::Sigv4::Errors::MissingCredentialsError
|
|
140
|
+
# Necessary for when credentials is explicitly set to nil
|
|
141
|
+
raise Aws::Errors::MissingCredentialsError
|
|
142
|
+
end
|
|
143
|
+
# apply signature headers
|
|
144
|
+
req.headers.update(signature.headers)
|
|
145
|
+
|
|
146
|
+
# add request metadata with signature components for debugging
|
|
147
|
+
context[:canonical_request] = signature.canonical_request
|
|
148
|
+
context[:string_to_sign] = signature.string_to_sign
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
def presign_url(*args)
|
|
152
|
+
@signer.presign_url(*args)
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
def sign_event(*args)
|
|
156
|
+
@signer.sign_event(*args)
|
|
157
|
+
end
|
|
158
|
+
|
|
159
|
+
private
|
|
160
|
+
|
|
161
|
+
def apply_authtype(context, req)
|
|
162
|
+
if context.operation['authtype'].eql?('v4-unsigned-body') &&
|
|
163
|
+
req.endpoint.scheme.eql?('https')
|
|
164
|
+
req.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
|
|
165
|
+
end
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
def reset_signature(req)
|
|
169
|
+
# in case this request is being re-signed
|
|
170
|
+
req.headers.delete('Authorization')
|
|
171
|
+
req.headers.delete('X-Amz-Security-Token')
|
|
172
|
+
req.headers.delete('X-Amz-Date')
|
|
173
|
+
req.headers.delete('x-Amz-Region-Set')
|
|
174
|
+
end
|
|
175
|
+
|
|
176
|
+
def apply_clock_skew(context, req)
|
|
177
|
+
if context.config.respond_to?(:clock_skew) &&
|
|
178
|
+
context.config.clock_skew &&
|
|
179
|
+
context.config.correct_clock_skew
|
|
180
|
+
|
|
181
|
+
endpoint = context.http_request.endpoint
|
|
182
|
+
skew = context.config.clock_skew.clock_correction(endpoint)
|
|
183
|
+
if skew.abs.positive?
|
|
184
|
+
req.headers['X-Amz-Date'] =
|
|
185
|
+
(Time.now.utc + skew).strftime('%Y%m%dT%H%M%SZ')
|
|
186
|
+
end
|
|
187
|
+
end
|
|
188
|
+
end
|
|
189
|
+
|
|
190
|
+
end
|
|
191
|
+
|
|
192
|
+
# @api private
|
|
193
|
+
class NullSigner
|
|
194
|
+
|
|
195
|
+
def sign(context)
|
|
196
|
+
end
|
|
197
|
+
|
|
198
|
+
def presign_url(*args)
|
|
199
|
+
end
|
|
200
|
+
|
|
201
|
+
def sign_event(*args)
|
|
202
|
+
end
|
|
203
|
+
end
|
|
204
|
+
end
|
|
205
|
+
end
|
|
206
|
+
end
|
|
@@ -1,52 +1,50 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'aws-sigv4'
|
|
2
4
|
|
|
3
5
|
module Aws
|
|
4
6
|
module Plugins
|
|
5
7
|
# @api private
|
|
8
|
+
# Necessary to exist after endpoints 2.0
|
|
6
9
|
class SignatureV4 < Seahorse::Client::Plugin
|
|
7
10
|
|
|
11
|
+
V4_AUTH = %w[v4 v4-unsigned-payload v4-unsigned-body]
|
|
12
|
+
|
|
8
13
|
option(:sigv4_signer) do |cfg|
|
|
9
14
|
SignatureV4.build_signer(cfg)
|
|
10
15
|
end
|
|
11
16
|
|
|
12
17
|
option(:sigv4_name) do |cfg|
|
|
13
|
-
|
|
18
|
+
signingName = if cfg.region
|
|
19
|
+
Aws::Partitions::EndpointProvider.signing_service(
|
|
20
|
+
cfg.region, cfg.api.metadata['endpointPrefix']
|
|
21
|
+
)
|
|
22
|
+
end
|
|
23
|
+
signingName || cfg.api.metadata['signingName'] || cfg.api.metadata['endpointPrefix']
|
|
14
24
|
end
|
|
15
25
|
|
|
16
26
|
option(:sigv4_region) do |cfg|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
# client for a region like "us-west-2", we will
|
|
25
|
-
# always use "route53.amazonaws.com". This endpoint
|
|
26
|
-
# is actually global to the entire partition,
|
|
27
|
-
# and must be signed as "us-east-1".
|
|
28
|
-
#
|
|
29
|
-
# * When the region is configured, but it is configured
|
|
30
|
-
# to a non region, such as "aws-global". This is similar
|
|
31
|
-
# to the previous case. We use the Aws::Partitions::EndpointProvider
|
|
32
|
-
# to resolve to the actual signing region.
|
|
33
|
-
#
|
|
34
|
-
prefix = cfg.api.metadata['endpointPrefix']
|
|
35
|
-
if prefix && cfg.endpoint.to_s.match(/#{prefix}\.amazonaws\.com/)
|
|
36
|
-
'us-east-1'
|
|
37
|
-
elsif cfg.region
|
|
38
|
-
Aws::Partitions::EndpointProvider.signing_region(cfg.region, cfg.sigv4_name)
|
|
27
|
+
if cfg.region
|
|
28
|
+
if cfg.respond_to?(:sts_regional_endpoints)
|
|
29
|
+
sts_regional = cfg.sts_regional_endpoints
|
|
30
|
+
end
|
|
31
|
+
Aws::Partitions::EndpointProvider.signing_region(
|
|
32
|
+
cfg.region, cfg.api.metadata['endpointPrefix'], sts_regional
|
|
33
|
+
)
|
|
39
34
|
end
|
|
40
35
|
end
|
|
41
36
|
|
|
42
37
|
option(:unsigned_operations) do |cfg|
|
|
43
|
-
cfg.api.
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
38
|
+
if cfg.api.metadata['signatureVersion'] == 'v4'
|
|
39
|
+
# select operations where authtype is set and is not v4
|
|
40
|
+
cfg.api.operation_names.select do |o|
|
|
41
|
+
cfg.api.operation(o)['authtype'] && !V4_AUTH.include?(cfg.api.operation(o)['authtype'])
|
|
42
|
+
end
|
|
43
|
+
else # service is not v4 auth
|
|
44
|
+
# select all operations where authtype is not v4
|
|
45
|
+
# (includes operations with no explicit authtype)
|
|
46
|
+
cfg.api.operation_names.select do |o|
|
|
47
|
+
!V4_AUTH.include?(cfg.api.operation(o)['authtype'])
|
|
50
48
|
end
|
|
51
49
|
end
|
|
52
50
|
end
|
|
@@ -106,6 +104,7 @@ module Aws
|
|
|
106
104
|
req.headers.delete('Authorization')
|
|
107
105
|
req.headers.delete('X-Amz-Security-Token')
|
|
108
106
|
req.headers.delete('X-Amz-Date')
|
|
107
|
+
req.headers.delete('x-Amz-Region-Set')
|
|
109
108
|
|
|
110
109
|
if context.config.respond_to?(:clock_skew) &&
|
|
111
110
|
context.config.clock_skew &&
|
|
@@ -142,7 +141,7 @@ module Aws
|
|
|
142
141
|
def apply_authtype(context)
|
|
143
142
|
if context.operation['authtype'].eql?('v4-unsigned-body') &&
|
|
144
143
|
context.http_request.endpoint.scheme.eql?('https')
|
|
145
|
-
context.http_request.headers['X-Amz-Content-Sha256']
|
|
144
|
+
context.http_request.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
|
|
146
145
|
end
|
|
147
146
|
context
|
|
148
147
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Aws
|
|
2
4
|
module Plugins
|
|
3
5
|
# @api private
|
|
@@ -6,6 +8,7 @@ module Aws
|
|
|
6
8
|
option(:stub_responses,
|
|
7
9
|
default: false,
|
|
8
10
|
doc_type: 'Boolean',
|
|
11
|
+
rbs_type: 'untyped',
|
|
9
12
|
docstring: <<-DOCS)
|
|
10
13
|
Causes the client to return stubbed responses. By default
|
|
11
14
|
fake responses are generated and returned. You can specify
|
|
@@ -38,6 +41,8 @@ requests are made, and retries are disabled.
|
|
|
38
41
|
client.handlers.remove(ClientMetricsPlugin::Handler)
|
|
39
42
|
client.handlers.remove(ClientMetricsSendPlugin::LatencyHandler)
|
|
40
43
|
client.handlers.remove(ClientMetricsSendPlugin::AttemptHandler)
|
|
44
|
+
client.handlers.remove(Seahorse::Client::Plugins::RequestCallback::OptionHandler)
|
|
45
|
+
client.handlers.remove(Seahorse::Client::Plugins::RequestCallback::ReadCallbackHandler)
|
|
41
46
|
end
|
|
42
47
|
end
|
|
43
48
|
|
|
@@ -47,7 +52,11 @@ requests are made, and retries are disabled.
|
|
|
47
52
|
stub = context.client.next_stub(context)
|
|
48
53
|
resp = Seahorse::Client::Response.new(context: context)
|
|
49
54
|
async_mode = context.client.is_a? Seahorse::Client::AsyncBase
|
|
50
|
-
|
|
55
|
+
if Hash === stub && stub[:mutex]
|
|
56
|
+
stub[:mutex].synchronize { apply_stub(stub, resp, async_mode) }
|
|
57
|
+
else
|
|
58
|
+
apply_stub(stub, resp, async_mode)
|
|
59
|
+
end
|
|
51
60
|
|
|
52
61
|
async_mode ? Seahorse::Client::AsyncResponse.new(
|
|
53
62
|
context: context, stream: context[:input_event_stream_handler].event_emitter.stream, sync_queue: Queue.new) : resp
|
|
@@ -1,8 +1,34 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Aws
|
|
2
4
|
module Plugins
|
|
3
5
|
# @api private
|
|
4
6
|
class UserAgent < Seahorse::Client::Plugin
|
|
7
|
+
# @api private
|
|
5
8
|
option(:user_agent_suffix)
|
|
9
|
+
# @api private
|
|
10
|
+
option(:user_agent_frameworks, default: [])
|
|
11
|
+
|
|
12
|
+
option(
|
|
13
|
+
:sdk_ua_app_id,
|
|
14
|
+
doc_type: 'String',
|
|
15
|
+
docstring: <<-DOCS) do |cfg|
|
|
16
|
+
A unique and opaque application ID that is appended to the
|
|
17
|
+
User-Agent header as app/<sdk_ua_app_id>. It should have a
|
|
18
|
+
maximum length of 50.
|
|
19
|
+
DOCS
|
|
20
|
+
app_id = ENV['AWS_SDK_UA_APP_ID']
|
|
21
|
+
app_id ||= Aws.shared_config.sdk_ua_app_id(profile: cfg.profile)
|
|
22
|
+
app_id
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def self.feature(feature, &block)
|
|
26
|
+
Thread.current[:aws_sdk_core_user_agent_feature] ||= []
|
|
27
|
+
Thread.current[:aws_sdk_core_user_agent_feature] << "ft/#{feature}"
|
|
28
|
+
block.call
|
|
29
|
+
ensure
|
|
30
|
+
Thread.current[:aws_sdk_core_user_agent_feature].pop
|
|
31
|
+
end
|
|
6
32
|
|
|
7
33
|
# @api private
|
|
8
34
|
class Handler < Seahorse::Client::Handler
|
|
@@ -12,33 +38,112 @@ module Aws
|
|
|
12
38
|
end
|
|
13
39
|
|
|
14
40
|
def set_user_agent(context)
|
|
15
|
-
|
|
41
|
+
context.http_request.headers['User-Agent'] = UserAgent.new(context).to_s
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
class UserAgent
|
|
45
|
+
def initialize(context)
|
|
46
|
+
@context = context
|
|
47
|
+
end
|
|
16
48
|
|
|
17
|
-
|
|
18
|
-
ua
|
|
19
|
-
|
|
20
|
-
ua += "
|
|
49
|
+
def to_s
|
|
50
|
+
ua = "aws-sdk-ruby3/#{CORE_GEM_VERSION}"
|
|
51
|
+
ua += ' ua/2.0'
|
|
52
|
+
ua += " #{api_metadata}" if api_metadata
|
|
53
|
+
ua += " #{os_metadata}"
|
|
54
|
+
ua += " #{language_metadata}"
|
|
55
|
+
ua += " #{env_metadata}" if env_metadata
|
|
56
|
+
ua += " #{config_metadata}" if config_metadata
|
|
57
|
+
ua += " #{app_id}" if app_id
|
|
58
|
+
ua += " #{feature_metadata}" if feature_metadata
|
|
59
|
+
ua += " #{framework_metadata}" if framework_metadata
|
|
60
|
+
if @context.config.user_agent_suffix
|
|
61
|
+
ua += " #{@context.config.user_agent_suffix}"
|
|
62
|
+
end
|
|
63
|
+
ua.strip
|
|
21
64
|
end
|
|
22
65
|
|
|
23
|
-
|
|
66
|
+
private
|
|
24
67
|
|
|
25
|
-
|
|
26
|
-
|
|
68
|
+
# Used to be gem_name/gem_version
|
|
69
|
+
def api_metadata
|
|
70
|
+
service_id = @context.config.api.metadata['serviceId']
|
|
71
|
+
return unless service_id
|
|
72
|
+
|
|
73
|
+
service_id = service_id.gsub(' ', '_').downcase
|
|
74
|
+
gem_version = @context[:gem_version]
|
|
75
|
+
"api/#{service_id}##{gem_version}"
|
|
27
76
|
end
|
|
28
77
|
|
|
29
|
-
|
|
30
|
-
|
|
78
|
+
# Used to be RUBY_PLATFORM
|
|
79
|
+
def os_metadata
|
|
80
|
+
os =
|
|
81
|
+
case RbConfig::CONFIG['host_os']
|
|
82
|
+
when /mac|darwin/
|
|
83
|
+
'macos'
|
|
84
|
+
when /linux|cygwin/
|
|
85
|
+
'linux'
|
|
86
|
+
when /mingw|mswin/
|
|
87
|
+
'windows'
|
|
88
|
+
else
|
|
89
|
+
'other'
|
|
90
|
+
end
|
|
91
|
+
metadata = "os/#{os}"
|
|
92
|
+
local_version = Gem::Platform.local.version
|
|
93
|
+
metadata += "##{local_version}" if local_version
|
|
94
|
+
metadata += " md/#{RbConfig::CONFIG['host_cpu']}"
|
|
95
|
+
metadata
|
|
31
96
|
end
|
|
32
97
|
|
|
33
|
-
|
|
34
|
-
|
|
98
|
+
# Used to be RUBY_ENGINE/RUBY_VERSION
|
|
99
|
+
def language_metadata
|
|
100
|
+
"lang/#{RUBY_ENGINE}##{RUBY_ENGINE_VERSION} md/#{RUBY_VERSION}"
|
|
35
101
|
end
|
|
36
102
|
|
|
37
|
-
|
|
103
|
+
def env_metadata
|
|
104
|
+
return unless (execution_env = ENV['AWS_EXECUTION_ENV'])
|
|
105
|
+
|
|
106
|
+
"exec-env/#{execution_env}"
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
def config_metadata
|
|
110
|
+
"cfg/retry-mode##{@context.config.retry_mode}"
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
def app_id
|
|
114
|
+
return unless (app_id = @context.config.sdk_ua_app_id)
|
|
115
|
+
|
|
116
|
+
# Sanitize and only allow these characters
|
|
117
|
+
app_id = app_id.gsub(/[^!#$%&'*+\-.^_`|~0-9A-Za-z]/, '-')
|
|
118
|
+
"app/#{app_id}"
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
def feature_metadata
|
|
122
|
+
return unless Thread.current[:aws_sdk_core_user_agent_feature]
|
|
123
|
+
|
|
124
|
+
Thread.current[:aws_sdk_core_user_agent_feature].join(' ')
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
def framework_metadata
|
|
128
|
+
if (frameworks_cfg = @context.config.user_agent_frameworks).empty?
|
|
129
|
+
return
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
# Frameworks may be aws-record, aws-sdk-rails, etc.
|
|
133
|
+
regex = /gems\/(?<name>#{frameworks_cfg.join('|')})-(?<version>\d+\.\d+\.\d+)/.freeze
|
|
134
|
+
frameworks = {}
|
|
135
|
+
Kernel.caller.each do |line|
|
|
136
|
+
match = line.match(regex)
|
|
137
|
+
next unless match
|
|
138
|
+
|
|
139
|
+
frameworks[match[:name]] = match[:version]
|
|
140
|
+
end
|
|
141
|
+
frameworks.map { |n, v| "lib/#{n}##{v}" }.join(' ')
|
|
142
|
+
end
|
|
38
143
|
end
|
|
39
144
|
end
|
|
40
145
|
|
|
41
|
-
handler(Handler)
|
|
146
|
+
handler(Handler, priority: 1)
|
|
42
147
|
end
|
|
43
148
|
end
|
|
44
149
|
end
|
|
@@ -1,19 +1,16 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module Aws
|
|
4
|
-
|
|
5
4
|
# A credential provider that executes a given process and attempts
|
|
6
|
-
# to read its stdout to recieve a JSON payload containing the credentials
|
|
7
|
-
#
|
|
8
|
-
# Automatically handles refreshing credentials if an Expiration time is
|
|
9
|
-
# provided in the credentials payload
|
|
10
|
-
#
|
|
11
|
-
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc').credentials
|
|
5
|
+
# to read its stdout to recieve a JSON payload containing the credentials.
|
|
12
6
|
#
|
|
7
|
+
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc')
|
|
13
8
|
# ec2 = Aws::EC2::Client.new(credentials: credentials)
|
|
14
9
|
#
|
|
15
|
-
#
|
|
16
|
-
#
|
|
10
|
+
# Automatically handles refreshing credentials if an Expiration time is
|
|
11
|
+
# provided in the credentials payload.
|
|
12
|
+
#
|
|
13
|
+
# @see https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes
|
|
17
14
|
class ProcessCredentials
|
|
18
15
|
|
|
19
16
|
include CredentialProvider
|
|
@@ -27,6 +24,7 @@ module Aws
|
|
|
27
24
|
def initialize(process)
|
|
28
25
|
@process = process
|
|
29
26
|
@credentials = credentials_from_process(@process)
|
|
27
|
+
@async_refresh = false
|
|
30
28
|
|
|
31
29
|
super
|
|
32
30
|
end
|
|
@@ -34,15 +32,16 @@ module Aws
|
|
|
34
32
|
private
|
|
35
33
|
def credentials_from_process(proc_invocation)
|
|
36
34
|
begin
|
|
37
|
-
raw_out
|
|
35
|
+
raw_out = `#{proc_invocation}`
|
|
36
|
+
process_status = $?
|
|
38
37
|
rescue Errno::ENOENT
|
|
39
38
|
raise Errors::InvalidProcessCredentialsPayload.new("Could not find process #{proc_invocation}")
|
|
40
39
|
end
|
|
41
40
|
|
|
42
41
|
if process_status.success?
|
|
43
42
|
begin
|
|
44
|
-
creds_json =
|
|
45
|
-
rescue
|
|
43
|
+
creds_json = Aws::Json.load(raw_out)
|
|
44
|
+
rescue Aws::Json::ParseError
|
|
46
45
|
raise Errors::InvalidProcessCredentialsPayload.new("Invalid JSON response")
|
|
47
46
|
end
|
|
48
47
|
payload_version = creds_json['Version']
|
|
@@ -72,9 +71,9 @@ module Aws
|
|
|
72
71
|
@credentials = credentials_from_process(@process)
|
|
73
72
|
end
|
|
74
73
|
|
|
75
|
-
def near_expiration?
|
|
74
|
+
def near_expiration?(expiration_length)
|
|
76
75
|
# are we within 5 minutes of expiration?
|
|
77
|
-
@expiration && (Time.now.to_i +
|
|
76
|
+
@expiration && (Time.now.to_i + expiration_length) > @expiration.to_i
|
|
78
77
|
end
|
|
79
78
|
end
|
|
80
79
|
end
|