aws-sdk-core 3.114.1 → 3.130.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +216 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +153 -0
- data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
- data/lib/aws-defaults.rb +3 -0
- data/lib/aws-sdk-core/assume_role_credentials.rb +19 -0
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +7 -1
- data/lib/aws-sdk-core/client_stubs.rb +5 -1
- data/lib/aws-sdk-core/credential_provider_chain.rb +2 -1
- data/lib/aws-sdk-core/ec2_metadata.rb +27 -7
- data/lib/aws-sdk-core/ecs_credentials.rb +5 -0
- data/lib/aws-sdk-core/errors.rb +5 -1
- data/lib/aws-sdk-core/instance_profile_credentials.rb +119 -18
- data/lib/aws-sdk-core/json/json_engine.rb +10 -8
- data/lib/aws-sdk-core/json/oj_engine.rb +33 -6
- data/lib/aws-sdk-core/json/parser.rb +8 -0
- data/lib/aws-sdk-core/json.rb +8 -26
- data/lib/aws-sdk-core/log/param_filter.rb +9 -1
- data/lib/aws-sdk-core/pageable_response.rb +72 -26
- data/lib/aws-sdk-core/pager.rb +3 -0
- data/lib/aws-sdk-core/param_validator.rb +29 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +3 -1
- data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
- data/lib/aws-sdk-core/plugins/http_checksum.rb +8 -1
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +17 -0
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +16 -1
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +27 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +47 -1
- data/lib/aws-sdk-core/plugins/response_paging.rb +1 -1
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +5 -3
- data/lib/aws-sdk-core/plugins/retry_errors.rb +21 -5
- data/lib/aws-sdk-core/plugins/signature_v4.rb +15 -24
- data/lib/aws-sdk-core/plugins/stub_responses.rb +5 -1
- data/lib/aws-sdk-core/process_credentials.rb +3 -2
- data/lib/aws-sdk-core/refreshing_credentials.rb +40 -11
- data/lib/aws-sdk-core/rest/request/body.rb +19 -1
- data/lib/aws-sdk-core/rest/request/headers.rb +18 -6
- data/lib/aws-sdk-core/rest/response/headers.rb +3 -1
- data/lib/aws-sdk-core/shared_config.rb +27 -8
- data/lib/aws-sdk-core/shared_credentials.rb +7 -1
- data/lib/aws-sdk-core/sso_credentials.rb +8 -3
- data/lib/aws-sdk-core/structure.rb +10 -1
- data/lib/aws-sdk-core/xml/parser/engines/ox.rb +1 -1
- data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +0 -8
- data/lib/aws-sdk-core/xml/parser/frame.rb +23 -0
- data/lib/aws-sdk-core.rb +6 -0
- data/lib/aws-sdk-sso/client.rb +27 -5
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +424 -415
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +5 -1
- data/lib/aws-sdk-sts/presigner.rb +7 -1
- data/lib/aws-sdk-sts/types.rb +199 -181
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/seahorse/client/configuration.rb +4 -0
- data/lib/seahorse/client/h2/connection.rb +14 -11
- data/lib/seahorse/client/h2/handler.rb +4 -5
- data/lib/seahorse/client/net_http/connection_pool.rb +7 -0
- data/lib/seahorse/client/net_http/handler.rb +15 -7
- data/lib/seahorse/client/net_http/patches.rb +13 -84
- data/lib/seahorse/client/plugins/content_length.rb +11 -5
- data/lib/seahorse/client/plugins/net_http.rb +33 -2
- data/lib/seahorse/model/operation.rb +3 -0
- data/lib/seahorse/model/shapes.rb +25 -0
- metadata +11 -6
- data/lib/aws-sdk-sso/plugins/content_type.rb +0 -25
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: dffefda7cd68861a99856de10c4774c57ffcdb1c3f22d16eacb0a2096a5e5c32
|
4
|
+
data.tar.gz: 60628acc0b4bb23629da2de4b5f821c91037e2e7c0b56b63dbdc4e7b771f2167
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6b16327c66f2fb83c9dceeec13cb5d0f9cbb519b5f999c27aa3e9f0ee0824a0545bc8b5bcc48823242fadf07b03c83fc196207a1806c7f162736bd1073af37db
|
7
|
+
data.tar.gz: 0540f8d1095132e67d9d00841b2c6c594870e5addf3de30a228a0e091bcb83280aef8270a2fe3af31815ea3c354abeebe637fa4aa2d27917e51d201a9c397f2b
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,222 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
3.130.1 (2022-04-12)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Issue - Don't call `refresh!` on non-refreshable `Credentials` when retrying errors (#2685).
|
8
|
+
|
9
|
+
3.130.0 (2022-03-11)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Asynchronously refresh AWS credentials (#2641).
|
13
|
+
|
14
|
+
* Issue - Add x-amz-region-set to list of headers deleted for re-sign.
|
15
|
+
|
16
|
+
3.129.1 (2022-03-10)
|
17
|
+
------------------
|
18
|
+
|
19
|
+
* Issue - Make stubs thread safe by creating new responses for each operation call (#2675).
|
20
|
+
|
21
|
+
3.129.0 (2022-03-08)
|
22
|
+
------------------
|
23
|
+
|
24
|
+
* Feature - Add support for cases when `InstanceProfileCredentials` (IMDS) is unable to refresh credentials.
|
25
|
+
|
26
|
+
3.128.1 (2022-03-07)
|
27
|
+
------------------
|
28
|
+
|
29
|
+
* Issue - Fixed `Aws::PageableResponse` invalidating Ruby's global constant cache.
|
30
|
+
|
31
|
+
3.128.0 (2022-03-04)
|
32
|
+
------------------
|
33
|
+
|
34
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
35
|
+
|
36
|
+
3.127.0 (2022-02-24)
|
37
|
+
------------------
|
38
|
+
|
39
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
40
|
+
|
41
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
42
|
+
|
43
|
+
* Feature - Support `HttpChecksum` trait for requests and responses.
|
44
|
+
|
45
|
+
3.126.2 (2022-02-16)
|
46
|
+
------------------
|
47
|
+
|
48
|
+
* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
|
49
|
+
* Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist.
|
50
|
+
|
51
|
+
3.126.1 (2022-02-14)
|
52
|
+
------------------
|
53
|
+
|
54
|
+
* Issue - Set `create_time` on IMDS tokens before fetch to reduce chance of using expired tokens and retry failures due to using expired tokens.
|
55
|
+
|
56
|
+
3.126.0 (2022-02-03)
|
57
|
+
------------------
|
58
|
+
|
59
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
60
|
+
|
61
|
+
* Feature - Add support for recursion detection.
|
62
|
+
|
63
|
+
3.125.6 (2022-02-02)
|
64
|
+
------------------
|
65
|
+
|
66
|
+
* Issue - Ensure default message for ServiceError is a string (#2643).
|
67
|
+
|
68
|
+
3.125.5 (2022-01-19)
|
69
|
+
------------------
|
70
|
+
|
71
|
+
* Issue - Correctly serialize empty header lists.
|
72
|
+
|
73
|
+
3.125.4 (2022-01-18)
|
74
|
+
------------------
|
75
|
+
|
76
|
+
* Issue - Add `InternalError` to `ErrorInspector` for S3 errors.
|
77
|
+
|
78
|
+
|
79
|
+
3.125.3 (2022-01-12)
|
80
|
+
------------------
|
81
|
+
|
82
|
+
* Issue - Add `ExpiredTokenException` to `ErrorInspector` for Kinesis errors.
|
83
|
+
|
84
|
+
3.125.2 (2022-01-10)
|
85
|
+
------------------
|
86
|
+
|
87
|
+
* Issue - Correctly serialize lists of strings in headers with quotes and commas.
|
88
|
+
|
89
|
+
3.125.1 (2022-01-04)
|
90
|
+
------------------
|
91
|
+
|
92
|
+
* Issue - Parse a response with consecutive spaces correctly when ox is used as the XML parser.
|
93
|
+
|
94
|
+
3.125.0 (2021-12-21)
|
95
|
+
------------------
|
96
|
+
|
97
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
98
|
+
|
99
|
+
* Feature - Add `:defaults_mode` configuration - that determines how certain default configuration options are resolved in the SDK.
|
100
|
+
|
101
|
+
3.124.0 (2021-11-30)
|
102
|
+
------------------
|
103
|
+
|
104
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
105
|
+
|
106
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
107
|
+
|
108
|
+
3.123.0 (2021-11-23)
|
109
|
+
------------------
|
110
|
+
|
111
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
112
|
+
|
113
|
+
3.122.1 (2021-11-09)
|
114
|
+
------------------
|
115
|
+
|
116
|
+
* Issue - Correctly serialize/deserialize header lists.
|
117
|
+
|
118
|
+
3.122.0 (2021-11-04)
|
119
|
+
------------------
|
120
|
+
|
121
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
122
|
+
|
123
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
124
|
+
|
125
|
+
* Issue - Fix parsing of ISO8601 timestamps with millisecond precision in headers.
|
126
|
+
|
127
|
+
* Feature - Support modeled dualstack endpoints. It can be configured with shared configuration (`use_dualstack_endpoint`), an ENV variable (`AWS_USE_DUALSTACK_ENDPOINT`), and a constructor option (`:use_dualstack_endpoint`). Requests made to services without a dualstack endpoint will fail.
|
128
|
+
|
129
|
+
* Feature - Support modeled fips endpoints. It can be configured with shared configuration (`use_fips_endpoint`), an ENV variable (`AWS_USE_FIPS_ENDPOINT`), and a constructor option (`:use_fips_endpoint`). Requests made to services without a fips endpoint will fail.
|
130
|
+
|
131
|
+
3.121.6 (2021-11-02)
|
132
|
+
------------------
|
133
|
+
|
134
|
+
* Issue - Improve `SSOCredentials` error handling when profile file does not exist (#2605)
|
135
|
+
|
136
|
+
3.121.5 (2021-10-29)
|
137
|
+
------------------
|
138
|
+
|
139
|
+
* Issue - bump minimum version of `aws-partitions` (#2603).
|
140
|
+
|
141
|
+
3.121.4 (2021-10-28)
|
142
|
+
------------------
|
143
|
+
|
144
|
+
* Issue - This version has been yanked. (#2603).
|
145
|
+
|
146
|
+
* Issue - use the `EndpointProvider` to lookup signing region and name.
|
147
|
+
|
148
|
+
3.121.3 (2021-10-20)
|
149
|
+
------------------
|
150
|
+
|
151
|
+
* Issue - Use endpointPrefix when looking up the `signing_region` from the `EndpointProvider`.
|
152
|
+
|
153
|
+
3.121.2 (2021-10-18)
|
154
|
+
------------------
|
155
|
+
|
156
|
+
* Issue - Fix an issue where Rest JSON services do not have a `Content-Type` header.
|
157
|
+
|
158
|
+
* Issue - Remove blank `Content-Type` header from Net::HTTP handler, and prevent a default from being set.
|
159
|
+
|
160
|
+
* Issue - Set `Content-Length` only for HTTP methods that take a body.
|
161
|
+
|
162
|
+
3.121.1 (2021-09-24)
|
163
|
+
------------------
|
164
|
+
|
165
|
+
* Issue - Fix error in finding union member for boolean shapes with `false` values.
|
166
|
+
|
167
|
+
3.121.0 (2021-09-02)
|
168
|
+
------------------
|
169
|
+
|
170
|
+
* Feature - Add support for S3 Multi-region access point configuration.
|
171
|
+
|
172
|
+
3.120.0 (2021-09-01)
|
173
|
+
------------------
|
174
|
+
|
175
|
+
* Feature - AWS SDK for Ruby no longer supports Ruby runtime versions 1.9, 2.0, 2.1, and 2.2.
|
176
|
+
|
177
|
+
3.119.1 (2021-08-20)
|
178
|
+
------------------
|
179
|
+
|
180
|
+
* Issue - Refactored `Aws::Json::Engine` to remove dead code and replaced usage of `JSON.load` with `JSON.parse`.
|
181
|
+
|
182
|
+
3.119.0 (2021-07-30)
|
183
|
+
------------------
|
184
|
+
|
185
|
+
* Feature - Support Document Types. Document types are used to carry open content. A document type value is serialized using the same format as its surroundings and requires no additional encoding or escaping.(#2523)
|
186
|
+
|
187
|
+
3.118.0 (2021-07-28)
|
188
|
+
------------------
|
189
|
+
|
190
|
+
* Feature - Add support for Tagged Unions using a "sealed" classes like approach where each union member has a corresponding subclass.
|
191
|
+
|
192
|
+
3.117.0 (2021-07-12)
|
193
|
+
------------------
|
194
|
+
|
195
|
+
* Feature - Support IPv6 endpoints for `Aws::InstanceProfileCredentials`. It supports two shared configuration options (`ec2_metadata_service_endpoint` & `ec2_metadata_service_endpoint_mode`), two ENV variables (`AWS_EC2_METADATA_SERVICE_ENDPOINT` & `AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE`), and two constructor options (`:endpoint` & `:endpoint_mode`).
|
196
|
+
|
197
|
+
* Feature - Support IPv6 endpoint for `Aws::EC2Metadata` client. It can be configured with `:endpoint` or `:endpoint_mode`.
|
198
|
+
|
199
|
+
3.116.0 (2021-07-07)
|
200
|
+
------------------
|
201
|
+
|
202
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
203
|
+
|
204
|
+
3.115.0 (2021-06-23)
|
205
|
+
------------------
|
206
|
+
|
207
|
+
* Feature - Add support for Assume Role Chaining in profiles. (#2531)
|
208
|
+
* Issue - Fixed an issue with `Seahorse::Client::H2::Connection` for non-https endpoints. (#2542)
|
209
|
+
|
210
|
+
3.114.3 (2021-06-15)
|
211
|
+
------------------
|
212
|
+
|
213
|
+
* Issue - Fixed an issue with `Aws::PageableResponse` where it was modifying original params hash, causing frozen hashes to fail.
|
214
|
+
|
215
|
+
3.114.2 (2021-06-09)
|
216
|
+
------------------
|
217
|
+
|
218
|
+
* Issue - Fixed an issue with `Aws::PageableResponse` where intentionally nil tokens were not merged into the params for the next call.
|
219
|
+
|
4
220
|
3.114.1 (2021-06-02)
|
5
221
|
------------------
|
6
222
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.130.1
|
@@ -0,0 +1,153 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'defaults_mode_config_resolver'
|
4
|
+
|
5
|
+
module Aws
|
6
|
+
|
7
|
+
# A defaults mode determines how certain default configuration options are resolved in the SDK.
|
8
|
+
#
|
9
|
+
# *Note*: For any mode other than `'legacy'` the vended default values might change as best practices may
|
10
|
+
# evolve. As a result, it is encouraged to perform testing when upgrading the SDK if you are using a mode other than
|
11
|
+
# `'legacy'`. While the `'legacy'` defaults mode is specific to Ruby,
|
12
|
+
# other modes are standardized across all of the AWS SDKs.
|
13
|
+
#
|
14
|
+
# The defaults mode can be configured:
|
15
|
+
#
|
16
|
+
# * Directly on a client via `:defaults_mode`
|
17
|
+
#
|
18
|
+
# * On a configuration profile via the "defaults_mode" profile file property.
|
19
|
+
#
|
20
|
+
# * Globally via the "AWS_DEFAULTS_MODE" environment variable.
|
21
|
+
#
|
22
|
+
#
|
23
|
+
# @code_generation START - documentation
|
24
|
+
# The following `:default_mode` values are supported:
|
25
|
+
#
|
26
|
+
# * `'standard'` -
|
27
|
+
# The STANDARD mode provides the latest recommended default values
|
28
|
+
# that should be safe to run in most scenarios
|
29
|
+
#
|
30
|
+
# Note that the default values vended from this mode might change as
|
31
|
+
# best practices may evolve. As a result, it is encouraged to perform
|
32
|
+
# tests when upgrading the SDK
|
33
|
+
#
|
34
|
+
# * `'in-region'` -
|
35
|
+
# The IN\_REGION mode builds on the standard mode and includes
|
36
|
+
# optimization tailored for applications which call AWS services from
|
37
|
+
# within the same AWS region
|
38
|
+
#
|
39
|
+
# Note that the default values vended from this mode might change as
|
40
|
+
# best practices may evolve. As a result, it is encouraged to perform
|
41
|
+
# tests when upgrading the SDK
|
42
|
+
#
|
43
|
+
# * `'cross-region'` -
|
44
|
+
# The CROSS\_REGION mode builds on the standard mode and includes
|
45
|
+
# optimization tailored for applications which call AWS services in a
|
46
|
+
# different region
|
47
|
+
#
|
48
|
+
# Note that the default values vended from this mode might change as
|
49
|
+
# best practices may evolve. As a result, it is encouraged to perform
|
50
|
+
# tests when upgrading the SDK
|
51
|
+
#
|
52
|
+
# * `'mobile'` -
|
53
|
+
# The MOBILE mode builds on the standard mode and includes
|
54
|
+
# optimization tailored for mobile applications
|
55
|
+
#
|
56
|
+
# Note that the default values vended from this mode might change as
|
57
|
+
# best practices may evolve. As a result, it is encouraged to perform
|
58
|
+
# tests when upgrading the SDK
|
59
|
+
#
|
60
|
+
# * `'auto'` -
|
61
|
+
# The AUTO mode is an experimental mode that builds on the standard
|
62
|
+
# mode. The SDK will attempt to discover the execution environment to
|
63
|
+
# determine the appropriate settings automatically.
|
64
|
+
#
|
65
|
+
# Note that the auto detection is heuristics-based and does not
|
66
|
+
# guarantee 100% accuracy. STANDARD mode will be used if the execution
|
67
|
+
# environment cannot be determined. The auto detection might query
|
68
|
+
# [EC2 Instance Metadata service][1], which might introduce latency.
|
69
|
+
# Therefore we recommend choosing an explicit defaults\_mode instead
|
70
|
+
# if startup latency is critical to your application
|
71
|
+
#
|
72
|
+
# * `'legacy'` -
|
73
|
+
# The LEGACY mode provides default settings that vary per SDK and were
|
74
|
+
# used prior to establishment of defaults\_mode
|
75
|
+
#
|
76
|
+
# Based on the provided mode, the SDK will vend sensible default values
|
77
|
+
# tailored to the mode for the following settings:
|
78
|
+
#
|
79
|
+
# * `:retry_mode` -
|
80
|
+
# A retry mode specifies how the SDK attempts retries. See [Retry
|
81
|
+
# Mode][2]
|
82
|
+
#
|
83
|
+
# * `:sts_regional_endpoints` -
|
84
|
+
# Specifies how the SDK determines the AWS service endpoint that it
|
85
|
+
# uses to talk to the AWS Security Token Service (AWS STS). See
|
86
|
+
# [Setting STS Regional endpoints][3]
|
87
|
+
#
|
88
|
+
# * `:s3_us_east_1_regional_endpoint` -
|
89
|
+
# Specifies how the SDK determines the AWS service endpoint that it
|
90
|
+
# uses to talk to the Amazon S3 for the us-east-1 region
|
91
|
+
#
|
92
|
+
# * `:http_open_timeout` -
|
93
|
+
# The amount of time after making an initial connection attempt on a
|
94
|
+
# socket, where if the client does not receive a completion of the
|
95
|
+
# connect handshake, the client gives up and fails the operation
|
96
|
+
#
|
97
|
+
# * `:ssl_timeout` -
|
98
|
+
# The maximum amount of time that a TLS handshake is allowed to take
|
99
|
+
# from the time the CLIENT HELLO message is sent to ethe time the
|
100
|
+
# client and server have fully negotiated ciphers and exchanged keys
|
101
|
+
#
|
102
|
+
# All options above can be configured by users, and the overridden value will take precedence.
|
103
|
+
#
|
104
|
+
# [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
|
105
|
+
# [2]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-retry_mode.html
|
106
|
+
# [3]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-sts_regional_endpoints.html
|
107
|
+
#
|
108
|
+
# @code_generation END - documentation
|
109
|
+
module DefaultsModeConfiguration
|
110
|
+
# @api private
|
111
|
+
# @code_generation START - configuration
|
112
|
+
SDK_DEFAULT_CONFIGURATION =
|
113
|
+
{
|
114
|
+
"version" => 1,
|
115
|
+
"base" => {
|
116
|
+
"retryMode" => "standard",
|
117
|
+
"stsRegionalEndpoints" => "regional",
|
118
|
+
"s3UsEast1RegionalEndpoints" => "regional",
|
119
|
+
"connectTimeoutInMillis" => 1100,
|
120
|
+
"tlsNegotiationTimeoutInMillis" => 1100
|
121
|
+
},
|
122
|
+
"modes" => {
|
123
|
+
"standard" => {
|
124
|
+
"connectTimeoutInMillis" => {
|
125
|
+
"override" => 3100
|
126
|
+
},
|
127
|
+
"tlsNegotiationTimeoutInMillis" => {
|
128
|
+
"override" => 3100
|
129
|
+
}
|
130
|
+
},
|
131
|
+
"in-region" => {
|
132
|
+
},
|
133
|
+
"cross-region" => {
|
134
|
+
"connectTimeoutInMillis" => {
|
135
|
+
"override" => 3100
|
136
|
+
},
|
137
|
+
"tlsNegotiationTimeoutInMillis" => {
|
138
|
+
"override" => 3100
|
139
|
+
}
|
140
|
+
},
|
141
|
+
"mobile" => {
|
142
|
+
"connectTimeoutInMillis" => {
|
143
|
+
"override" => 30000
|
144
|
+
},
|
145
|
+
"tlsNegotiationTimeoutInMillis" => {
|
146
|
+
"override" => 30000
|
147
|
+
}
|
148
|
+
}
|
149
|
+
}
|
150
|
+
}
|
151
|
+
# @code_generation END - configuration
|
152
|
+
end
|
153
|
+
end
|
@@ -0,0 +1,107 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
#@api private
|
5
|
+
class DefaultsModeConfigResolver
|
6
|
+
|
7
|
+
@@application_region = nil
|
8
|
+
@@application_region_mutex = Mutex.new
|
9
|
+
@@imds_client = EC2Metadata.new(retries: 0, http_open_timeout: 0.01)
|
10
|
+
|
11
|
+
# mappings from Ruby SDK configuration names to the
|
12
|
+
# sdk defaults option names and (optional) scale modifiers
|
13
|
+
CFG_OPTIONS = {
|
14
|
+
retry_mode: { name: "retryMode" },
|
15
|
+
sts_regional_endpoints: { name: "stsRegionalEndpoints" },
|
16
|
+
s3_us_east_1_regional_endpoint: { name: "s3UsEast1RegionalEndpoints" },
|
17
|
+
http_open_timeout: { name: "connectTimeoutInMillis", scale: 0.001 },
|
18
|
+
http_read_timeout: { name: "timeToFirstByteTimeoutInMillis", scale: 0.001 },
|
19
|
+
ssl_timeout: { name: "tlsNegotiationTimeoutInMillis", scale: 0.001 }
|
20
|
+
}.freeze
|
21
|
+
|
22
|
+
def initialize(sdk_defaults, cfg)
|
23
|
+
@sdk_defaults = sdk_defaults
|
24
|
+
@cfg = cfg
|
25
|
+
@resolved_mode = nil
|
26
|
+
@mutex = Mutex.new
|
27
|
+
end
|
28
|
+
|
29
|
+
# option_name should be the symbolized ruby name to resolve
|
30
|
+
# returns the ruby appropriate value or nil if none are resolved
|
31
|
+
def resolve(option_name)
|
32
|
+
return unless (std_option = CFG_OPTIONS[option_name])
|
33
|
+
mode = resolved_mode.downcase
|
34
|
+
|
35
|
+
return nil if mode == 'legacy'
|
36
|
+
|
37
|
+
value = resolve_for_mode(std_option[:name], mode)
|
38
|
+
value = value * std_option[:scale] if value && std_option[:scale]
|
39
|
+
|
40
|
+
value
|
41
|
+
end
|
42
|
+
|
43
|
+
private
|
44
|
+
def resolved_mode
|
45
|
+
@mutex.synchronize do
|
46
|
+
return @resolved_mode unless @resolved_mode.nil?
|
47
|
+
|
48
|
+
@resolved_mode = @cfg.defaults_mode == 'auto' ? resolve_auto_mode : @cfg.defaults_mode
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def resolve_auto_mode
|
53
|
+
return "mobile" if env_mobile?
|
54
|
+
|
55
|
+
region = application_current_region
|
56
|
+
|
57
|
+
if region
|
58
|
+
@cfg.region == region ? "in-region": "cross-region"
|
59
|
+
else
|
60
|
+
# We don't seem to be mobile, and we couldn't determine whether we're running within an AWS region. Fall back to standard.
|
61
|
+
'standard'
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
def application_current_region
|
66
|
+
resolved_region = @@application_region_mutex.synchronize do
|
67
|
+
return @@application_region unless @@application_region.nil?
|
68
|
+
|
69
|
+
region = nil
|
70
|
+
if ENV['AWS_EXECUTION_ENV']
|
71
|
+
region = ENV['AWS_REGION'] || ENV['AWS_DEFAULT_REGION']
|
72
|
+
end
|
73
|
+
|
74
|
+
if region.nil? && ENV['AWS_EC2_METADATA_DISABLED']&.downcase != "true"
|
75
|
+
begin
|
76
|
+
region = @@imds_client.get('/latest/meta-data/placement/region')
|
77
|
+
rescue
|
78
|
+
# unable to get region, leave it unset
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
# required so that we cache the unknown/nil result
|
83
|
+
@@application_region = region || :unknown
|
84
|
+
end
|
85
|
+
resolved_region == :unknown ? nil : resolved_region
|
86
|
+
end
|
87
|
+
|
88
|
+
def resolve_for_mode(name, mode)
|
89
|
+
base_value = @sdk_defaults['base'][name]
|
90
|
+
mode_value = @sdk_defaults['modes'].fetch(mode, {})[name]
|
91
|
+
|
92
|
+
if mode_value.nil?
|
93
|
+
return base_value
|
94
|
+
end
|
95
|
+
|
96
|
+
return mode_value['override'] unless mode_value['override'].nil?
|
97
|
+
return base_value + mode_value['add'] unless mode_value['add'].nil?
|
98
|
+
return base_value * mode_value['multiply'] unless mode_value['multiply'].nil?
|
99
|
+
return base_value
|
100
|
+
end
|
101
|
+
|
102
|
+
def env_mobile?
|
103
|
+
false
|
104
|
+
end
|
105
|
+
|
106
|
+
end
|
107
|
+
end
|
data/lib/aws-defaults.rb
ADDED
@@ -17,6 +17,11 @@ module Aws
|
|
17
17
|
#
|
18
18
|
# If you omit `:client` option, a new {STS::Client} object will be
|
19
19
|
# constructed.
|
20
|
+
#
|
21
|
+
# The AssumeRoleCredentials also provides a `before_refresh` callback
|
22
|
+
# that can be used to help manage refreshing tokens.
|
23
|
+
# `before_refresh` is called when AWS credentials are required and need
|
24
|
+
# to be refreshed and it is called with the AssumeRoleCredentials object.
|
20
25
|
class AssumeRoleCredentials
|
21
26
|
|
22
27
|
include CredentialProvider
|
@@ -28,6 +33,16 @@ module Aws
|
|
28
33
|
# @option options [Integer] :duration_seconds
|
29
34
|
# @option options [String] :external_id
|
30
35
|
# @option options [STS::Client] :client
|
36
|
+
# @option options [Callable] before_refresh Proc called before
|
37
|
+
# credentials are refreshed. Useful for updating tokens.
|
38
|
+
# `before_refresh` is called when AWS credentials are
|
39
|
+
# required and need to be refreshed. Tokens can be refreshed using
|
40
|
+
# the following example:
|
41
|
+
#
|
42
|
+
# before_refresh = Proc.new do |assume_role_credentials| do
|
43
|
+
# assume_role_credentials.assume_role_params['token_code'] = update_token
|
44
|
+
# end
|
45
|
+
#
|
31
46
|
def initialize(options = {})
|
32
47
|
client_opts = {}
|
33
48
|
@assume_role_params = {}
|
@@ -39,12 +54,16 @@ module Aws
|
|
39
54
|
end
|
40
55
|
end
|
41
56
|
@client = client_opts[:client] || STS::Client.new(client_opts)
|
57
|
+
@async_refresh = true
|
42
58
|
super
|
43
59
|
end
|
44
60
|
|
45
61
|
# @return [STS::Client]
|
46
62
|
attr_reader :client
|
47
63
|
|
64
|
+
# @return [Hash]
|
65
|
+
attr_reader :assume_role_params
|
66
|
+
|
48
67
|
private
|
49
68
|
|
50
69
|
def refresh
|
@@ -17,7 +17,7 @@ module Aws
|
|
17
17
|
# ...
|
18
18
|
# )
|
19
19
|
# For full list of parameters accepted
|
20
|
-
# @see Aws::STS::Client#assume_role_with_web_identity
|
20
|
+
# @see Aws::STS::Client#assume_role_with_web_identity
|
21
21
|
#
|
22
22
|
#
|
23
23
|
# If you omit `:client` option, a new {STS::Client} object will be
|
@@ -39,10 +39,16 @@ module Aws
|
|
39
39
|
# encoded UUID is generated as the session name
|
40
40
|
#
|
41
41
|
# @option options [STS::Client] :client
|
42
|
+
#
|
43
|
+
# @option options [Callable] before_refresh Proc called before
|
44
|
+
# credentials are refreshed. `before_refresh` is called
|
45
|
+
# with an instance of this object when
|
46
|
+
# AWS credentials are required and need to be refreshed.
|
42
47
|
def initialize(options = {})
|
43
48
|
client_opts = {}
|
44
49
|
@assume_role_web_identity_params = {}
|
45
50
|
@token_file = options.delete(:web_identity_token_file)
|
51
|
+
@async_refresh = true
|
46
52
|
options.each_pair do |key, value|
|
47
53
|
if self.class.assume_role_web_identity_options.include?(key)
|
48
54
|
@assume_role_web_identity_params[key] = value
|
@@ -262,13 +262,17 @@ module Aws
|
|
262
262
|
end
|
263
263
|
|
264
264
|
def convert_stub(operation_name, stub)
|
265
|
-
case stub
|
265
|
+
stub = case stub
|
266
266
|
when Proc then stub
|
267
267
|
when Exception, Class then { error: stub }
|
268
268
|
when String then service_error_stub(stub)
|
269
269
|
when Hash then http_response_stub(operation_name, stub)
|
270
270
|
else { data: stub }
|
271
271
|
end
|
272
|
+
if Hash === stub
|
273
|
+
stub[:mutex] = Mutex.new
|
274
|
+
end
|
275
|
+
stub
|
272
276
|
end
|
273
277
|
|
274
278
|
def service_error_stub(error_code)
|
@@ -160,10 +160,11 @@ module Aws
|
|
160
160
|
end
|
161
161
|
|
162
162
|
def instance_profile_credentials(options)
|
163
|
+
profile_name = determine_profile_name(options)
|
163
164
|
if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
|
164
165
|
ECSCredentials.new(options)
|
165
166
|
else
|
166
|
-
InstanceProfileCredentials.new(options)
|
167
|
+
InstanceProfileCredentials.new(options.merge(profile: profile_name))
|
167
168
|
end
|
168
169
|
end
|
169
170
|
|
@@ -39,7 +39,11 @@ module Aws
|
|
39
39
|
# defaulting to 6 hours.
|
40
40
|
# @option options [Integer] :retries (3) The number of retries for failed
|
41
41
|
# requests.
|
42
|
-
# @option options [String] :endpoint (169.254.169.254) The IMDS
|
42
|
+
# @option options [String] :endpoint ('http://169.254.169.254') The IMDS
|
43
|
+
# endpoint. This option has precedence over the :endpoint_mode.
|
44
|
+
# @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
|
45
|
+
# the instance metadata service. This is either 'IPv4'
|
46
|
+
# ('http://169.254.169.254') or 'IPv6' ('http://[fd00:ec2::254]').
|
43
47
|
# @option options [Integer] :port (80) The IMDS endpoint port.
|
44
48
|
# @option options [Integer] :http_open_timeout (1) The number of seconds to
|
45
49
|
# wait for the connection to open.
|
@@ -55,7 +59,8 @@ module Aws
|
|
55
59
|
@retries = options[:retries] || 3
|
56
60
|
@backoff = backoff(options[:backoff])
|
57
61
|
|
58
|
-
|
62
|
+
endpoint_mode = options[:endpoint_mode] || 'IPv4'
|
63
|
+
@endpoint = resolve_endpoint(options[:endpoint], endpoint_mode)
|
59
64
|
@port = options[:port] || 80
|
60
65
|
|
61
66
|
@http_open_timeout = options[:http_open_timeout] || 1
|
@@ -76,7 +81,7 @@ module Aws
|
|
76
81
|
# ec2_metadata.get('/latest/meta-data/instance-id')
|
77
82
|
# => "i-023a25f10a73a0f79"
|
78
83
|
#
|
79
|
-
# @
|
84
|
+
# @note This implementation always returns a String and will not parse any
|
80
85
|
# responses. Parsable responses may include JSON objects or directory
|
81
86
|
# listings, which are strings separated by line feeds (ASCII 10).
|
82
87
|
#
|
@@ -93,7 +98,7 @@ module Aws
|
|
93
98
|
# listing.split(10.chr)
|
94
99
|
# => ["ami-id", "ami-launch-index", ...]
|
95
100
|
#
|
96
|
-
# @
|
101
|
+
# @note Unlike other services, IMDS does not have a service API model. This
|
97
102
|
# means that we cannot confidently generate code with methods and
|
98
103
|
# response structures. This implementation ensures that new IMDS features
|
99
104
|
# are always supported by being deployed to the instance and does not
|
@@ -116,10 +121,24 @@ module Aws
|
|
116
121
|
|
117
122
|
private
|
118
123
|
|
124
|
+
def resolve_endpoint(endpoint, endpoint_mode)
|
125
|
+
return endpoint if endpoint
|
126
|
+
|
127
|
+
case endpoint_mode.downcase
|
128
|
+
when 'ipv4' then 'http://169.254.169.254'
|
129
|
+
when 'ipv6' then 'http://[fd00:ec2::254]'
|
130
|
+
else
|
131
|
+
raise ArgumentError,
|
132
|
+
':endpoint_mode is not valid, expected IPv4 or IPv6, '\
|
133
|
+
"got: #{endpoint_mode}"
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
119
137
|
def fetch_token
|
120
138
|
open_connection do |conn|
|
139
|
+
created_time = Time.now
|
121
140
|
token_value, token_ttl = http_put(conn, @token_ttl)
|
122
|
-
@token = Token.new(value: token_value, ttl: token_ttl)
|
141
|
+
@token = Token.new(value: token_value, ttl: token_ttl, created_time: created_time)
|
123
142
|
end
|
124
143
|
end
|
125
144
|
|
@@ -163,7 +182,8 @@ module Aws
|
|
163
182
|
end
|
164
183
|
|
165
184
|
def open_connection
|
166
|
-
|
185
|
+
uri = URI.parse(@endpoint)
|
186
|
+
http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
|
167
187
|
http.open_timeout = @http_open_timeout
|
168
188
|
http.read_timeout = @http_read_timeout
|
169
189
|
http.set_debug_output(@http_debug_output) if @http_debug_output
|
@@ -203,7 +223,7 @@ module Aws
|
|
203
223
|
def initialize(options = {})
|
204
224
|
@ttl = options[:ttl]
|
205
225
|
@value = options[:value]
|
206
|
-
@created_time = Time.now
|
226
|
+
@created_time = options[:created_time] || Time.now
|
207
227
|
end
|
208
228
|
|
209
229
|
# [String] Returns the token value.
|