aws-sdk-core 3.114.1 → 3.130.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +216 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +153 -0
- data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
- data/lib/aws-defaults.rb +3 -0
- data/lib/aws-sdk-core/assume_role_credentials.rb +19 -0
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +7 -1
- data/lib/aws-sdk-core/client_stubs.rb +5 -1
- data/lib/aws-sdk-core/credential_provider_chain.rb +2 -1
- data/lib/aws-sdk-core/ec2_metadata.rb +27 -7
- data/lib/aws-sdk-core/ecs_credentials.rb +5 -0
- data/lib/aws-sdk-core/errors.rb +5 -1
- data/lib/aws-sdk-core/instance_profile_credentials.rb +119 -18
- data/lib/aws-sdk-core/json/json_engine.rb +10 -8
- data/lib/aws-sdk-core/json/oj_engine.rb +33 -6
- data/lib/aws-sdk-core/json/parser.rb +8 -0
- data/lib/aws-sdk-core/json.rb +8 -26
- data/lib/aws-sdk-core/log/param_filter.rb +9 -1
- data/lib/aws-sdk-core/pageable_response.rb +72 -26
- data/lib/aws-sdk-core/pager.rb +3 -0
- data/lib/aws-sdk-core/param_validator.rb +29 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +3 -1
- data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
- data/lib/aws-sdk-core/plugins/http_checksum.rb +8 -1
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +17 -0
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +16 -1
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +27 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +47 -1
- data/lib/aws-sdk-core/plugins/response_paging.rb +1 -1
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +5 -3
- data/lib/aws-sdk-core/plugins/retry_errors.rb +21 -5
- data/lib/aws-sdk-core/plugins/signature_v4.rb +15 -24
- data/lib/aws-sdk-core/plugins/stub_responses.rb +5 -1
- data/lib/aws-sdk-core/process_credentials.rb +3 -2
- data/lib/aws-sdk-core/refreshing_credentials.rb +40 -11
- data/lib/aws-sdk-core/rest/request/body.rb +19 -1
- data/lib/aws-sdk-core/rest/request/headers.rb +18 -6
- data/lib/aws-sdk-core/rest/response/headers.rb +3 -1
- data/lib/aws-sdk-core/shared_config.rb +27 -8
- data/lib/aws-sdk-core/shared_credentials.rb +7 -1
- data/lib/aws-sdk-core/sso_credentials.rb +8 -3
- data/lib/aws-sdk-core/structure.rb +10 -1
- data/lib/aws-sdk-core/xml/parser/engines/ox.rb +1 -1
- data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +0 -8
- data/lib/aws-sdk-core/xml/parser/frame.rb +23 -0
- data/lib/aws-sdk-core.rb +6 -0
- data/lib/aws-sdk-sso/client.rb +27 -5
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +424 -415
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +5 -1
- data/lib/aws-sdk-sts/presigner.rb +7 -1
- data/lib/aws-sdk-sts/types.rb +199 -181
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/seahorse/client/configuration.rb +4 -0
- data/lib/seahorse/client/h2/connection.rb +14 -11
- data/lib/seahorse/client/h2/handler.rb +4 -5
- data/lib/seahorse/client/net_http/connection_pool.rb +7 -0
- data/lib/seahorse/client/net_http/handler.rb +15 -7
- data/lib/seahorse/client/net_http/patches.rb +13 -84
- data/lib/seahorse/client/plugins/content_length.rb +11 -5
- data/lib/seahorse/client/plugins/net_http.rb +33 -2
- data/lib/seahorse/model/operation.rb +3 -0
- data/lib/seahorse/model/shapes.rb +25 -0
- metadata +11 -6
- data/lib/aws-sdk-sso/plugins/content_type.rb +0 -25
@@ -12,32 +12,22 @@ module Aws
|
|
12
12
|
end
|
13
13
|
|
14
14
|
option(:sigv4_name) do |cfg|
|
15
|
-
|
15
|
+
signingName = if cfg.region
|
16
|
+
Aws::Partitions::EndpointProvider.signing_service(
|
17
|
+
cfg.region, cfg.api.metadata['endpointPrefix']
|
18
|
+
)
|
19
|
+
end
|
20
|
+
signingName || cfg.api.metadata['signingName'] || cfg.api.metadata['endpointPrefix']
|
16
21
|
end
|
17
22
|
|
18
23
|
option(:sigv4_region) do |cfg|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
# client for a region like "us-west-2", we will
|
27
|
-
# always use "route53.amazonaws.com". This endpoint
|
28
|
-
# is actually global to the entire partition,
|
29
|
-
# and must be signed as "us-east-1".
|
30
|
-
#
|
31
|
-
# * When the region is configured, but it is configured
|
32
|
-
# to a non region, such as "aws-global". This is similar
|
33
|
-
# to the previous case. We use the Aws::Partitions::EndpointProvider
|
34
|
-
# to resolve to the actual signing region.
|
35
|
-
#
|
36
|
-
prefix = cfg.api.metadata['endpointPrefix']
|
37
|
-
if prefix && cfg.endpoint.to_s.match(/#{prefix}\.amazonaws\.com/)
|
38
|
-
'us-east-1'
|
39
|
-
elsif cfg.region
|
40
|
-
Aws::Partitions::EndpointProvider.signing_region(cfg.region, cfg.sigv4_name)
|
24
|
+
if cfg.region
|
25
|
+
if cfg.respond_to?(:sts_regional_endpoints)
|
26
|
+
sts_regional = cfg.sts_regional_endpoints
|
27
|
+
end
|
28
|
+
Aws::Partitions::EndpointProvider.signing_region(
|
29
|
+
cfg.region, cfg.api.metadata['endpointPrefix'], sts_regional
|
30
|
+
)
|
41
31
|
end
|
42
32
|
end
|
43
33
|
|
@@ -108,6 +98,7 @@ module Aws
|
|
108
98
|
req.headers.delete('Authorization')
|
109
99
|
req.headers.delete('X-Amz-Security-Token')
|
110
100
|
req.headers.delete('X-Amz-Date')
|
101
|
+
req.headers.delete('x-Amz-Region-Set')
|
111
102
|
|
112
103
|
if context.config.respond_to?(:clock_skew) &&
|
113
104
|
context.config.clock_skew &&
|
@@ -144,7 +135,7 @@ module Aws
|
|
144
135
|
def apply_authtype(context)
|
145
136
|
if context.operation['authtype'].eql?('v4-unsigned-body') &&
|
146
137
|
context.http_request.endpoint.scheme.eql?('https')
|
147
|
-
context.http_request.headers['X-Amz-Content-Sha256']
|
138
|
+
context.http_request.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
|
148
139
|
end
|
149
140
|
context
|
150
141
|
end
|
@@ -51,7 +51,11 @@ requests are made, and retries are disabled.
|
|
51
51
|
stub = context.client.next_stub(context)
|
52
52
|
resp = Seahorse::Client::Response.new(context: context)
|
53
53
|
async_mode = context.client.is_a? Seahorse::Client::AsyncBase
|
54
|
-
|
54
|
+
if Hash === stub && stub[:mutex]
|
55
|
+
stub[:mutex].synchronize { apply_stub(stub, resp, async_mode) }
|
56
|
+
else
|
57
|
+
apply_stub(stub, resp, async_mode)
|
58
|
+
end
|
55
59
|
|
56
60
|
async_mode ? Seahorse::Client::AsyncResponse.new(
|
57
61
|
context: context, stream: context[:input_event_stream_handler].event_emitter.stream, sync_queue: Queue.new) : resp
|
@@ -27,6 +27,7 @@ module Aws
|
|
27
27
|
def initialize(process)
|
28
28
|
@process = process
|
29
29
|
@credentials = credentials_from_process(@process)
|
30
|
+
@async_refresh = false
|
30
31
|
|
31
32
|
super
|
32
33
|
end
|
@@ -73,9 +74,9 @@ module Aws
|
|
73
74
|
@credentials = credentials_from_process(@process)
|
74
75
|
end
|
75
76
|
|
76
|
-
def near_expiration?
|
77
|
+
def near_expiration?(expiration_length)
|
77
78
|
# are we within 5 minutes of expiration?
|
78
|
-
@expiration && (Time.now.to_i +
|
79
|
+
@expiration && (Time.now.to_i + expiration_length) > @expiration.to_i
|
79
80
|
end
|
80
81
|
end
|
81
82
|
end
|
@@ -17,45 +17,74 @@ module Aws
|
|
17
17
|
# @api private
|
18
18
|
module RefreshingCredentials
|
19
19
|
|
20
|
+
SYNC_EXPIRATION_LENGTH = 300 # 5 minutes
|
21
|
+
ASYNC_EXPIRATION_LENGTH = 600 # 10 minutes
|
22
|
+
|
20
23
|
def initialize(options = {})
|
21
24
|
@mutex = Mutex.new
|
25
|
+
@before_refresh = options.delete(:before_refresh) if Hash === options
|
26
|
+
|
27
|
+
@before_refresh.call(self) if @before_refresh
|
22
28
|
refresh
|
23
29
|
end
|
24
30
|
|
25
31
|
# @return [Credentials]
|
26
32
|
def credentials
|
27
|
-
refresh_if_near_expiration
|
33
|
+
refresh_if_near_expiration!
|
28
34
|
@credentials
|
29
35
|
end
|
30
36
|
|
31
37
|
# @return [Time,nil]
|
32
38
|
def expiration
|
33
|
-
refresh_if_near_expiration
|
39
|
+
refresh_if_near_expiration!
|
34
40
|
@expiration
|
35
41
|
end
|
36
42
|
|
37
43
|
# Refresh credentials.
|
38
44
|
# @return [void]
|
39
45
|
def refresh!
|
40
|
-
@mutex.synchronize
|
46
|
+
@mutex.synchronize do
|
47
|
+
@before_refresh.call(self) if @before_refresh
|
48
|
+
|
49
|
+
refresh
|
50
|
+
end
|
41
51
|
end
|
42
52
|
|
43
53
|
private
|
44
54
|
|
45
|
-
# Refreshes
|
46
|
-
#
|
47
|
-
|
48
|
-
|
55
|
+
# Refreshes credentials asynchronously and synchronously.
|
56
|
+
# If we are near to expiration, block while getting new credentials.
|
57
|
+
# Otherwise, if we're approaching expiration, use the existing credentials
|
58
|
+
# but attempt a refresh in the background.
|
59
|
+
def refresh_if_near_expiration!
|
60
|
+
# Note: This check is an optimization. Rather than acquire the mutex on every #refresh_if_near_expiration
|
61
|
+
# call, we check before doing so, and then we check within the mutex to avoid a race condition.
|
62
|
+
# See issue: https://github.com/aws/aws-sdk-ruby/issues/2641 for more info.
|
63
|
+
if near_expiration?(SYNC_EXPIRATION_LENGTH)
|
49
64
|
@mutex.synchronize do
|
50
|
-
|
65
|
+
if near_expiration?(SYNC_EXPIRATION_LENGTH)
|
66
|
+
@before_refresh.call(self) if @before_refresh
|
67
|
+
refresh
|
68
|
+
end
|
69
|
+
end
|
70
|
+
elsif @async_refresh && near_expiration?(ASYNC_EXPIRATION_LENGTH)
|
71
|
+
unless @mutex.locked?
|
72
|
+
Thread.new do
|
73
|
+
@mutex.synchronize do
|
74
|
+
if near_expiration?(ASYNC_EXPIRATION_LENGTH)
|
75
|
+
@before_refresh.call(self) if @before_refresh
|
76
|
+
refresh
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
51
80
|
end
|
52
81
|
end
|
53
82
|
end
|
54
83
|
|
55
|
-
def near_expiration?
|
84
|
+
def near_expiration?(expiration_length)
|
56
85
|
if @expiration
|
57
|
-
#
|
58
|
-
(Time.now.to_i +
|
86
|
+
# Are we within expiration?
|
87
|
+
(Time.now.to_i + expiration_length) > @expiration.to_i
|
59
88
|
else
|
60
89
|
true
|
61
90
|
end
|
@@ -17,11 +17,29 @@ module Aws
|
|
17
17
|
# @param [Seahorse::Client::Http::Request] http_req
|
18
18
|
# @param [Hash] params
|
19
19
|
def apply(http_req, params)
|
20
|
-
|
20
|
+
body = build_body(params)
|
21
|
+
# for rest-json, ensure we send at least an empty object
|
22
|
+
# don't send an empty object for streaming? case.
|
23
|
+
if body.nil? && @serializer_class == Json::Builder &&
|
24
|
+
modeled_body? && !streaming?
|
25
|
+
body = '{}'
|
26
|
+
end
|
27
|
+
http_req.body = body
|
21
28
|
end
|
22
29
|
|
23
30
|
private
|
24
31
|
|
32
|
+
# operation is modeled for body when it is modeled for a payload
|
33
|
+
# either with payload trait or normal members.
|
34
|
+
def modeled_body?
|
35
|
+
return true if @rules[:payload]
|
36
|
+
@rules.shape.members.each do |member|
|
37
|
+
_name, shape = member
|
38
|
+
return true if shape.location.nil?
|
39
|
+
end
|
40
|
+
false
|
41
|
+
end
|
42
|
+
|
25
43
|
def build_body(params)
|
26
44
|
if streaming?
|
27
45
|
params[@rules[:payload]]
|
@@ -32,11 +32,11 @@ module Aws
|
|
32
32
|
|
33
33
|
def apply_header_value(headers, ref, value)
|
34
34
|
value = apply_json_trait(value) if ref['jsonvalue']
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
35
|
+
case ref.shape
|
36
|
+
when TimestampShape then headers[ref.location_name] = timestamp(ref, value)
|
37
|
+
when ListShape then list(headers, ref, value)
|
38
|
+
else headers[ref.location_name] = value.to_s
|
39
|
+
end
|
40
40
|
end
|
41
41
|
|
42
42
|
def timestamp(ref, value)
|
@@ -49,6 +49,18 @@ module Aws
|
|
49
49
|
end
|
50
50
|
end
|
51
51
|
|
52
|
+
def list(headers, ref, value)
|
53
|
+
return if !value || value.empty?
|
54
|
+
headers[ref.location_name] = value
|
55
|
+
.compact
|
56
|
+
.map { |s| escape_header_list_string(s.to_s) }
|
57
|
+
.join(",")
|
58
|
+
end
|
59
|
+
|
60
|
+
def escape_header_list_string(s)
|
61
|
+
(s.include?('"') || s.include?(",")) ? "\"#{s.gsub('"', '\"')}\"" : s
|
62
|
+
end
|
63
|
+
|
52
64
|
def apply_header_map(headers, ref, values)
|
53
65
|
prefix = ref.location_name || ''
|
54
66
|
values.each_pair do |name, value|
|
@@ -57,7 +69,7 @@ module Aws
|
|
57
69
|
end
|
58
70
|
|
59
71
|
# With complex headers value in json syntax,
|
60
|
-
# base64 encodes value to
|
72
|
+
# base64 encodes value to avoid weird characters
|
61
73
|
# causing potential issues in headers
|
62
74
|
def apply_json_trait(value)
|
63
75
|
Base64.strict_encode64(value)
|
@@ -40,8 +40,10 @@ module Aws
|
|
40
40
|
when IntegerShape then value.to_i
|
41
41
|
when FloatShape then value.to_f
|
42
42
|
when BooleanShape then value == 'true'
|
43
|
+
when ListShape then
|
44
|
+
value.split(",").map { |v| cast_value(ref.shape.member, v) }
|
43
45
|
when TimestampShape
|
44
|
-
if value =~
|
46
|
+
if value =~ /^\d+(\.\d*)/
|
45
47
|
Time.at(value.to_f)
|
46
48
|
elsif value =~ /^\d+$/
|
47
49
|
Time.at(value.to_i)
|
@@ -100,7 +100,7 @@ module Aws
|
|
100
100
|
# or `nil` if no valid credentials were found.
|
101
101
|
def credentials(opts = {})
|
102
102
|
p = opts[:profile] || @profile_name
|
103
|
-
validate_profile_exists(p)
|
103
|
+
validate_profile_exists(p)
|
104
104
|
if (credentials = credentials_from_shared(p, opts))
|
105
105
|
credentials
|
106
106
|
elsif (credentials = credentials_from_config(p, opts))
|
@@ -163,6 +163,10 @@ module Aws
|
|
163
163
|
:ca_bundle,
|
164
164
|
:credential_process,
|
165
165
|
:endpoint_discovery_enabled,
|
166
|
+
:use_dualstack_endpoint,
|
167
|
+
:use_fips_endpoint,
|
168
|
+
:ec2_metadata_service_endpoint,
|
169
|
+
:ec2_metadata_service_endpoint_mode,
|
166
170
|
:max_attempts,
|
167
171
|
:retry_mode,
|
168
172
|
:adaptive_retry_wait_to_fill,
|
@@ -173,7 +177,9 @@ module Aws
|
|
173
177
|
:csm_port,
|
174
178
|
:sts_regional_endpoints,
|
175
179
|
:s3_use_arn_region,
|
176
|
-
:s3_us_east_1_regional_endpoint
|
180
|
+
:s3_us_east_1_regional_endpoint,
|
181
|
+
:s3_disable_multiregion_access_points,
|
182
|
+
:defaults_mode
|
177
183
|
)
|
178
184
|
|
179
185
|
private
|
@@ -189,11 +195,6 @@ module Aws
|
|
189
195
|
value
|
190
196
|
end
|
191
197
|
|
192
|
-
def credentials_present?
|
193
|
-
(@parsed_credentials && !@parsed_credentials.empty?) ||
|
194
|
-
(@parsed_config && !@parsed_config.empty?)
|
195
|
-
end
|
196
|
-
|
197
198
|
def assume_role_from_profile(cfg, profile, opts, chain_config)
|
198
199
|
if cfg && prof_cfg = cfg[profile]
|
199
200
|
opts[:source_profile] ||= prof_cfg['source_profile']
|
@@ -205,6 +206,7 @@ module Aws
|
|
205
206
|
'a credential_source. For assume role credentials, must '\
|
206
207
|
'provide only source_profile or credential_source, not both.'
|
207
208
|
elsif opts[:source_profile]
|
209
|
+
opts[:visited_profiles] ||= Set.new
|
208
210
|
opts[:credentials] = resolve_source_profile(opts[:source_profile], opts)
|
209
211
|
if opts[:credentials]
|
210
212
|
opts[:role_session_name] ||= prof_cfg['role_session_name']
|
@@ -214,6 +216,7 @@ module Aws
|
|
214
216
|
opts[:external_id] ||= prof_cfg['external_id']
|
215
217
|
opts[:serial_number] ||= prof_cfg['mfa_serial']
|
216
218
|
opts[:profile] = opts.delete(:source_profile)
|
219
|
+
opts.delete(:visited_profiles)
|
217
220
|
AssumeRoleCredentials.new(opts)
|
218
221
|
else
|
219
222
|
raise Errors::NoSourceProfileError,
|
@@ -246,8 +249,21 @@ module Aws
|
|
246
249
|
end
|
247
250
|
|
248
251
|
def resolve_source_profile(profile, opts = {})
|
252
|
+
if opts[:visited_profiles] && opts[:visited_profiles].include?(profile)
|
253
|
+
raise Errors::SourceProfileCircularReferenceError
|
254
|
+
end
|
255
|
+
opts[:visited_profiles].add(profile) if opts[:visited_profiles]
|
256
|
+
|
257
|
+
profile_config = @parsed_credentials[profile]
|
258
|
+
if @config_enabled
|
259
|
+
profile_config ||= @parsed_config[profile]
|
260
|
+
end
|
261
|
+
|
249
262
|
if (creds = credentials(profile: profile))
|
250
263
|
creds # static credentials
|
264
|
+
elsif profile_config && profile_config['source_profile']
|
265
|
+
opts.delete(:source_profile)
|
266
|
+
assume_role_credentials_from_config(opts.merge(profile: profile))
|
251
267
|
elsif (provider = assume_role_web_identity_credentials_from_config(opts.merge(profile: profile)))
|
252
268
|
provider.credentials if provider.credentials.set?
|
253
269
|
elsif (provider = assume_role_process_credentials_from_config(profile))
|
@@ -274,7 +290,10 @@ module Aws
|
|
274
290
|
|
275
291
|
def assume_role_process_credentials_from_config(profile)
|
276
292
|
validate_profile_exists(profile)
|
277
|
-
credential_process = @
|
293
|
+
credential_process = @parsed_credentials.fetch(profile, {})['credential_process']
|
294
|
+
if @parsed_config
|
295
|
+
credential_process ||= @parsed_config.fetch(profile, {})['credential_process']
|
296
|
+
end
|
278
297
|
ProcessCredentials.new(credential_process) if credential_process
|
279
298
|
end
|
280
299
|
|
@@ -14,11 +14,17 @@ module Aws
|
|
14
14
|
'aws_session_token' => 'session_token',
|
15
15
|
}
|
16
16
|
|
17
|
-
# Constructs a new SharedCredentials object. This will load
|
17
|
+
# Constructs a new SharedCredentials object. This will load static
|
18
|
+
# (access_key_id, secret_access_key and session_token) AWS access
|
18
19
|
# credentials from an ini file, which supports profiles. The default
|
19
20
|
# profile name is 'default'. You can specify the profile name with the
|
20
21
|
# `ENV['AWS_PROFILE']` or with the `:profile_name` option.
|
21
22
|
#
|
23
|
+
# To use credentials from the default credential resolution chain
|
24
|
+
# create a client without the credential option specified.
|
25
|
+
# You may access the resolved credentials through
|
26
|
+
# `client.config.credentials`.
|
27
|
+
#
|
22
28
|
# @option [String] :path Path to the shared file. Defaults
|
23
29
|
# to "#{Dir.home}/.aws/credentials".
|
24
30
|
#
|
@@ -8,8 +8,7 @@ module Aws
|
|
8
8
|
# AWS CLI with the correct profile.
|
9
9
|
#
|
10
10
|
# For more background on AWS SSO see the official
|
11
|
-
# {
|
12
|
-
# page.
|
11
|
+
# {https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html what is SSO Userguide}
|
13
12
|
#
|
14
13
|
# ## Refreshing Credentials from SSO
|
15
14
|
#
|
@@ -64,6 +63,11 @@ module Aws
|
|
64
63
|
#
|
65
64
|
# @option options [SSO::Client] :client Optional `SSO::Client`. If not
|
66
65
|
# provided, a client will be constructed.
|
66
|
+
#
|
67
|
+
# @option options [Callable] before_refresh Proc called before
|
68
|
+
# credentials are refreshed. `before_refresh` is called
|
69
|
+
# with an instance of this object when
|
70
|
+
# AWS credentials are required and need to be refreshed.
|
67
71
|
def initialize(options = {})
|
68
72
|
|
69
73
|
missing_keys = SSO_REQUIRED_OPTS.select { |k| options[k].nil? }
|
@@ -82,6 +86,7 @@ module Aws
|
|
82
86
|
options[:region] = @sso_region
|
83
87
|
options[:credentials] = nil
|
84
88
|
@client = options[:client] || Aws::SSO::Client.new(options)
|
89
|
+
@async_refresh = true
|
85
90
|
super
|
86
91
|
end
|
87
92
|
|
@@ -101,7 +106,7 @@ module Aws
|
|
101
106
|
raise ArgumentError, 'Cached SSO Token is expired.'
|
102
107
|
end
|
103
108
|
cached_token
|
104
|
-
rescue Aws::Json::ParseError, ArgumentError
|
109
|
+
rescue Errno::ENOENT, Aws::Json::ParseError, ArgumentError
|
105
110
|
raise Errors::InvalidSSOCredentials, SSO_LOGIN_GUIDANCE
|
106
111
|
end
|
107
112
|
|
@@ -70,11 +70,20 @@ module Aws
|
|
70
70
|
end
|
71
71
|
|
72
72
|
end
|
73
|
+
|
74
|
+
module Union
|
75
|
+
def member
|
76
|
+
self.members.select { |k| self[k] != nil }.first
|
77
|
+
end
|
78
|
+
|
79
|
+
def value
|
80
|
+
self[member] if member
|
81
|
+
end
|
82
|
+
end
|
73
83
|
end
|
74
84
|
|
75
85
|
# @api private
|
76
86
|
class EmptyStructure < Struct.new('AwsEmptyStructure')
|
77
87
|
include(Aws::Structure)
|
78
88
|
end
|
79
|
-
|
80
89
|
end
|
@@ -1,16 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
use_system_rexml = ((RUBY_VERSION <=> "2.0.0") < 0)
|
4
|
-
if use_system_rexml
|
5
|
-
require "rbconfig"
|
6
|
-
$LOAD_PATH.unshift(RbConfig::CONFIG["rubylibdir"])
|
7
|
-
end
|
8
|
-
|
9
3
|
require 'rexml/document'
|
10
4
|
require 'rexml/streamlistener'
|
11
5
|
|
12
|
-
$LOAD_PATH.shift if use_system_rexml
|
13
|
-
|
14
6
|
module Aws
|
15
7
|
module Xml
|
16
8
|
class Parser
|
@@ -95,6 +95,8 @@ module Aws
|
|
95
95
|
def child_frame(xml_name)
|
96
96
|
if @member = @members[xml_name]
|
97
97
|
Frame.new(xml_name, self, @member[:ref])
|
98
|
+
elsif @ref.shape.union
|
99
|
+
UnknownMemberFrame.new(xml_name, self, nil, @result)
|
98
100
|
else
|
99
101
|
NullFrame.new(xml_name, self)
|
100
102
|
end
|
@@ -106,10 +108,24 @@ module Aws
|
|
106
108
|
@result[@member[:name]][child.key.result] = child.value.result
|
107
109
|
when FlatListFrame
|
108
110
|
@result[@member[:name]] << child.result
|
111
|
+
when UnknownMemberFrame
|
112
|
+
@result[:unknown] = { 'name' => child.path.last, 'value' => child.result }
|
109
113
|
when NullFrame
|
110
114
|
else
|
111
115
|
@result[@member[:name]] = child.result
|
112
116
|
end
|
117
|
+
|
118
|
+
if @ref.shape.union
|
119
|
+
# a union may only have one member set
|
120
|
+
# convert to the union subclass
|
121
|
+
# The default Struct created will have defaults set for all values
|
122
|
+
# This also sets only one of the values leaving everything else nil
|
123
|
+
# as required for unions
|
124
|
+
set_member_name = @member ? @member[:name] : :unknown
|
125
|
+
member_subclass = @ref.shape.member_subclass(set_member_name).new # shape.member_subclass(target.member).new
|
126
|
+
member_subclass[set_member_name] = @result[set_member_name]
|
127
|
+
@result = member_subclass
|
128
|
+
end
|
113
129
|
end
|
114
130
|
|
115
131
|
private
|
@@ -242,6 +258,12 @@ module Aws
|
|
242
258
|
end
|
243
259
|
end
|
244
260
|
|
261
|
+
class UnknownMemberFrame < Frame
|
262
|
+
def result
|
263
|
+
@text.join
|
264
|
+
end
|
265
|
+
end
|
266
|
+
|
245
267
|
class BlobFrame < Frame
|
246
268
|
def result
|
247
269
|
@text.empty? ? nil : Base64.decode64(@text.join)
|
@@ -302,6 +324,7 @@ module Aws
|
|
302
324
|
MapShape => MapFrame,
|
303
325
|
StringShape => StringFrame,
|
304
326
|
StructureShape => StructureFrame,
|
327
|
+
UnionShape => StructureFrame,
|
305
328
|
TimestampShape => TimestampFrame,
|
306
329
|
}
|
307
330
|
|
data/lib/aws-sdk-core.rb
CHANGED
@@ -88,6 +88,12 @@ require_relative 'aws-sdk-core/arn'
|
|
88
88
|
require_relative 'aws-sdk-core/arn_parser'
|
89
89
|
require_relative 'aws-sdk-core/ec2_metadata'
|
90
90
|
|
91
|
+
# defaults
|
92
|
+
require_relative 'aws-defaults'
|
93
|
+
|
94
|
+
# plugins
|
95
|
+
# loaded through building STS or SSO ..
|
96
|
+
|
91
97
|
# aws-sdk-sts is included to support Aws::AssumeRoleCredentials
|
92
98
|
require_relative 'aws-sdk-sts'
|
93
99
|
|
data/lib/aws-sdk-sso/client.rb
CHANGED
@@ -27,9 +27,11 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
31
|
+
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
32
|
+
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
30
33
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
31
34
|
require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
32
|
-
require 'aws-sdk-sso/plugins/content_type.rb'
|
33
35
|
|
34
36
|
Aws::Plugins::GlobalConfiguration.add_identifier(:sso)
|
35
37
|
|
@@ -74,9 +76,11 @@ module Aws::SSO
|
|
74
76
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
75
77
|
add_plugin(Aws::Plugins::TransferEncoding)
|
76
78
|
add_plugin(Aws::Plugins::HttpChecksum)
|
79
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
80
|
+
add_plugin(Aws::Plugins::DefaultsMode)
|
81
|
+
add_plugin(Aws::Plugins::RecursionDetection)
|
77
82
|
add_plugin(Aws::Plugins::SignatureV4)
|
78
83
|
add_plugin(Aws::Plugins::Protocols::RestJson)
|
79
|
-
add_plugin(Aws::SSO::Plugins::ContentType)
|
80
84
|
|
81
85
|
# @overload initialize(options)
|
82
86
|
# @param [Hash] options
|
@@ -121,7 +125,9 @@ module Aws::SSO
|
|
121
125
|
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
122
126
|
# are very aggressive. Construct and pass an instance of
|
123
127
|
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
124
|
-
# enable retries and extended timeouts.
|
128
|
+
# enable retries and extended timeouts. Instance profile credential
|
129
|
+
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
130
|
+
# to true.
|
125
131
|
#
|
126
132
|
# @option options [required, String] :region
|
127
133
|
# The AWS region to connect to. The configured `:region` is
|
@@ -175,6 +181,10 @@ module Aws::SSO
|
|
175
181
|
# Used only in `standard` and adaptive retry modes. Specifies whether to apply
|
176
182
|
# a clock skew correction and retry requests with skewed client clocks.
|
177
183
|
#
|
184
|
+
# @option options [String] :defaults_mode ("legacy")
|
185
|
+
# See {Aws::DefaultsModeConfiguration} for a list of the
|
186
|
+
# accepted modes and the configuration defaults that are included.
|
187
|
+
#
|
178
188
|
# @option options [Boolean] :disable_host_prefix_injection (false)
|
179
189
|
# Set to true to disable SDK automatically adding host prefix
|
180
190
|
# to default service endpoint when available.
|
@@ -277,6 +287,15 @@ module Aws::SSO
|
|
277
287
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
278
288
|
# requests are made, and retries are disabled.
|
279
289
|
#
|
290
|
+
# @option options [Boolean] :use_dualstack_endpoint
|
291
|
+
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
292
|
+
# will be used if available.
|
293
|
+
#
|
294
|
+
# @option options [Boolean] :use_fips_endpoint
|
295
|
+
# When set to `true`, fips compatible endpoints will be used if available.
|
296
|
+
# When a `fips` region is used, the region is normalized and this config
|
297
|
+
# is set to `true`.
|
298
|
+
#
|
280
299
|
# @option options [Boolean] :validate_params (true)
|
281
300
|
# When `true`, request parameters are validated before
|
282
301
|
# sending the request.
|
@@ -288,7 +307,7 @@ module Aws::SSO
|
|
288
307
|
# seconds to wait when opening a HTTP session before raising a
|
289
308
|
# `Timeout::Error`.
|
290
309
|
#
|
291
|
-
# @option options [
|
310
|
+
# @option options [Float] :http_read_timeout (60) The default
|
292
311
|
# number of seconds to wait for response data. This value can
|
293
312
|
# safely be set per-request on the session.
|
294
313
|
#
|
@@ -304,6 +323,9 @@ module Aws::SSO
|
|
304
323
|
# disables this behaviour. This value can safely be set per
|
305
324
|
# request on the session.
|
306
325
|
#
|
326
|
+
# @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
|
327
|
+
# in seconds.
|
328
|
+
#
|
307
329
|
# @option options [Boolean] :http_wire_trace (false) When `true`,
|
308
330
|
# HTTP debug output will be sent to the `:logger`.
|
309
331
|
#
|
@@ -523,7 +545,7 @@ module Aws::SSO
|
|
523
545
|
params: params,
|
524
546
|
config: config)
|
525
547
|
context[:gem_name] = 'aws-sdk-core'
|
526
|
-
context[:gem_version] = '3.
|
548
|
+
context[:gem_version] = '3.130.1'
|
527
549
|
Seahorse::Client::Request.new(handlers, context)
|
528
550
|
end
|
529
551
|
|