aws-sdk-core 3.114.1 → 3.130.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +216 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +153 -0
- data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
- data/lib/aws-defaults.rb +3 -0
- data/lib/aws-sdk-core/assume_role_credentials.rb +19 -0
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +7 -1
- data/lib/aws-sdk-core/client_stubs.rb +5 -1
- data/lib/aws-sdk-core/credential_provider_chain.rb +2 -1
- data/lib/aws-sdk-core/ec2_metadata.rb +27 -7
- data/lib/aws-sdk-core/ecs_credentials.rb +5 -0
- data/lib/aws-sdk-core/errors.rb +5 -1
- data/lib/aws-sdk-core/instance_profile_credentials.rb +119 -18
- data/lib/aws-sdk-core/json/json_engine.rb +10 -8
- data/lib/aws-sdk-core/json/oj_engine.rb +33 -6
- data/lib/aws-sdk-core/json/parser.rb +8 -0
- data/lib/aws-sdk-core/json.rb +8 -26
- data/lib/aws-sdk-core/log/param_filter.rb +9 -1
- data/lib/aws-sdk-core/pageable_response.rb +72 -26
- data/lib/aws-sdk-core/pager.rb +3 -0
- data/lib/aws-sdk-core/param_validator.rb +29 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +3 -1
- data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
- data/lib/aws-sdk-core/plugins/http_checksum.rb +8 -1
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +17 -0
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +16 -1
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +27 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +47 -1
- data/lib/aws-sdk-core/plugins/response_paging.rb +1 -1
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +5 -3
- data/lib/aws-sdk-core/plugins/retry_errors.rb +21 -5
- data/lib/aws-sdk-core/plugins/signature_v4.rb +15 -24
- data/lib/aws-sdk-core/plugins/stub_responses.rb +5 -1
- data/lib/aws-sdk-core/process_credentials.rb +3 -2
- data/lib/aws-sdk-core/refreshing_credentials.rb +40 -11
- data/lib/aws-sdk-core/rest/request/body.rb +19 -1
- data/lib/aws-sdk-core/rest/request/headers.rb +18 -6
- data/lib/aws-sdk-core/rest/response/headers.rb +3 -1
- data/lib/aws-sdk-core/shared_config.rb +27 -8
- data/lib/aws-sdk-core/shared_credentials.rb +7 -1
- data/lib/aws-sdk-core/sso_credentials.rb +8 -3
- data/lib/aws-sdk-core/structure.rb +10 -1
- data/lib/aws-sdk-core/xml/parser/engines/ox.rb +1 -1
- data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +0 -8
- data/lib/aws-sdk-core/xml/parser/frame.rb +23 -0
- data/lib/aws-sdk-core.rb +6 -0
- data/lib/aws-sdk-sso/client.rb +27 -5
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +424 -415
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +5 -1
- data/lib/aws-sdk-sts/presigner.rb +7 -1
- data/lib/aws-sdk-sts/types.rb +199 -181
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/seahorse/client/configuration.rb +4 -0
- data/lib/seahorse/client/h2/connection.rb +14 -11
- data/lib/seahorse/client/h2/handler.rb +4 -5
- data/lib/seahorse/client/net_http/connection_pool.rb +7 -0
- data/lib/seahorse/client/net_http/handler.rb +15 -7
- data/lib/seahorse/client/net_http/patches.rb +13 -84
- data/lib/seahorse/client/plugins/content_length.rb +11 -5
- data/lib/seahorse/client/plugins/net_http.rb +33 -2
- data/lib/seahorse/model/operation.rb +3 -0
- data/lib/seahorse/model/shapes.rb +25 -0
- metadata +11 -6
- data/lib/aws-sdk-sso/plugins/content_type.rb +0 -25
@@ -12,32 +12,22 @@ module Aws
|
|
12
12
|
end
|
13
13
|
|
14
14
|
option(:sigv4_name) do |cfg|
|
15
|
-
|
15
|
+
signingName = if cfg.region
|
16
|
+
Aws::Partitions::EndpointProvider.signing_service(
|
17
|
+
cfg.region, cfg.api.metadata['endpointPrefix']
|
18
|
+
)
|
19
|
+
end
|
20
|
+
signingName || cfg.api.metadata['signingName'] || cfg.api.metadata['endpointPrefix']
|
16
21
|
end
|
17
22
|
|
18
23
|
option(:sigv4_region) do |cfg|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
# client for a region like "us-west-2", we will
|
27
|
-
# always use "route53.amazonaws.com". This endpoint
|
28
|
-
# is actually global to the entire partition,
|
29
|
-
# and must be signed as "us-east-1".
|
30
|
-
#
|
31
|
-
# * When the region is configured, but it is configured
|
32
|
-
# to a non region, such as "aws-global". This is similar
|
33
|
-
# to the previous case. We use the Aws::Partitions::EndpointProvider
|
34
|
-
# to resolve to the actual signing region.
|
35
|
-
#
|
36
|
-
prefix = cfg.api.metadata['endpointPrefix']
|
37
|
-
if prefix && cfg.endpoint.to_s.match(/#{prefix}\.amazonaws\.com/)
|
38
|
-
'us-east-1'
|
39
|
-
elsif cfg.region
|
40
|
-
Aws::Partitions::EndpointProvider.signing_region(cfg.region, cfg.sigv4_name)
|
24
|
+
if cfg.region
|
25
|
+
if cfg.respond_to?(:sts_regional_endpoints)
|
26
|
+
sts_regional = cfg.sts_regional_endpoints
|
27
|
+
end
|
28
|
+
Aws::Partitions::EndpointProvider.signing_region(
|
29
|
+
cfg.region, cfg.api.metadata['endpointPrefix'], sts_regional
|
30
|
+
)
|
41
31
|
end
|
42
32
|
end
|
43
33
|
|
@@ -108,6 +98,7 @@ module Aws
|
|
108
98
|
req.headers.delete('Authorization')
|
109
99
|
req.headers.delete('X-Amz-Security-Token')
|
110
100
|
req.headers.delete('X-Amz-Date')
|
101
|
+
req.headers.delete('x-Amz-Region-Set')
|
111
102
|
|
112
103
|
if context.config.respond_to?(:clock_skew) &&
|
113
104
|
context.config.clock_skew &&
|
@@ -144,7 +135,7 @@ module Aws
|
|
144
135
|
def apply_authtype(context)
|
145
136
|
if context.operation['authtype'].eql?('v4-unsigned-body') &&
|
146
137
|
context.http_request.endpoint.scheme.eql?('https')
|
147
|
-
context.http_request.headers['X-Amz-Content-Sha256']
|
138
|
+
context.http_request.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
|
148
139
|
end
|
149
140
|
context
|
150
141
|
end
|
@@ -51,7 +51,11 @@ requests are made, and retries are disabled.
|
|
51
51
|
stub = context.client.next_stub(context)
|
52
52
|
resp = Seahorse::Client::Response.new(context: context)
|
53
53
|
async_mode = context.client.is_a? Seahorse::Client::AsyncBase
|
54
|
-
|
54
|
+
if Hash === stub && stub[:mutex]
|
55
|
+
stub[:mutex].synchronize { apply_stub(stub, resp, async_mode) }
|
56
|
+
else
|
57
|
+
apply_stub(stub, resp, async_mode)
|
58
|
+
end
|
55
59
|
|
56
60
|
async_mode ? Seahorse::Client::AsyncResponse.new(
|
57
61
|
context: context, stream: context[:input_event_stream_handler].event_emitter.stream, sync_queue: Queue.new) : resp
|
@@ -27,6 +27,7 @@ module Aws
|
|
27
27
|
def initialize(process)
|
28
28
|
@process = process
|
29
29
|
@credentials = credentials_from_process(@process)
|
30
|
+
@async_refresh = false
|
30
31
|
|
31
32
|
super
|
32
33
|
end
|
@@ -73,9 +74,9 @@ module Aws
|
|
73
74
|
@credentials = credentials_from_process(@process)
|
74
75
|
end
|
75
76
|
|
76
|
-
def near_expiration?
|
77
|
+
def near_expiration?(expiration_length)
|
77
78
|
# are we within 5 minutes of expiration?
|
78
|
-
@expiration && (Time.now.to_i +
|
79
|
+
@expiration && (Time.now.to_i + expiration_length) > @expiration.to_i
|
79
80
|
end
|
80
81
|
end
|
81
82
|
end
|
@@ -17,45 +17,74 @@ module Aws
|
|
17
17
|
# @api private
|
18
18
|
module RefreshingCredentials
|
19
19
|
|
20
|
+
SYNC_EXPIRATION_LENGTH = 300 # 5 minutes
|
21
|
+
ASYNC_EXPIRATION_LENGTH = 600 # 10 minutes
|
22
|
+
|
20
23
|
def initialize(options = {})
|
21
24
|
@mutex = Mutex.new
|
25
|
+
@before_refresh = options.delete(:before_refresh) if Hash === options
|
26
|
+
|
27
|
+
@before_refresh.call(self) if @before_refresh
|
22
28
|
refresh
|
23
29
|
end
|
24
30
|
|
25
31
|
# @return [Credentials]
|
26
32
|
def credentials
|
27
|
-
refresh_if_near_expiration
|
33
|
+
refresh_if_near_expiration!
|
28
34
|
@credentials
|
29
35
|
end
|
30
36
|
|
31
37
|
# @return [Time,nil]
|
32
38
|
def expiration
|
33
|
-
refresh_if_near_expiration
|
39
|
+
refresh_if_near_expiration!
|
34
40
|
@expiration
|
35
41
|
end
|
36
42
|
|
37
43
|
# Refresh credentials.
|
38
44
|
# @return [void]
|
39
45
|
def refresh!
|
40
|
-
@mutex.synchronize
|
46
|
+
@mutex.synchronize do
|
47
|
+
@before_refresh.call(self) if @before_refresh
|
48
|
+
|
49
|
+
refresh
|
50
|
+
end
|
41
51
|
end
|
42
52
|
|
43
53
|
private
|
44
54
|
|
45
|
-
# Refreshes
|
46
|
-
#
|
47
|
-
|
48
|
-
|
55
|
+
# Refreshes credentials asynchronously and synchronously.
|
56
|
+
# If we are near to expiration, block while getting new credentials.
|
57
|
+
# Otherwise, if we're approaching expiration, use the existing credentials
|
58
|
+
# but attempt a refresh in the background.
|
59
|
+
def refresh_if_near_expiration!
|
60
|
+
# Note: This check is an optimization. Rather than acquire the mutex on every #refresh_if_near_expiration
|
61
|
+
# call, we check before doing so, and then we check within the mutex to avoid a race condition.
|
62
|
+
# See issue: https://github.com/aws/aws-sdk-ruby/issues/2641 for more info.
|
63
|
+
if near_expiration?(SYNC_EXPIRATION_LENGTH)
|
49
64
|
@mutex.synchronize do
|
50
|
-
|
65
|
+
if near_expiration?(SYNC_EXPIRATION_LENGTH)
|
66
|
+
@before_refresh.call(self) if @before_refresh
|
67
|
+
refresh
|
68
|
+
end
|
69
|
+
end
|
70
|
+
elsif @async_refresh && near_expiration?(ASYNC_EXPIRATION_LENGTH)
|
71
|
+
unless @mutex.locked?
|
72
|
+
Thread.new do
|
73
|
+
@mutex.synchronize do
|
74
|
+
if near_expiration?(ASYNC_EXPIRATION_LENGTH)
|
75
|
+
@before_refresh.call(self) if @before_refresh
|
76
|
+
refresh
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
51
80
|
end
|
52
81
|
end
|
53
82
|
end
|
54
83
|
|
55
|
-
def near_expiration?
|
84
|
+
def near_expiration?(expiration_length)
|
56
85
|
if @expiration
|
57
|
-
#
|
58
|
-
(Time.now.to_i +
|
86
|
+
# Are we within expiration?
|
87
|
+
(Time.now.to_i + expiration_length) > @expiration.to_i
|
59
88
|
else
|
60
89
|
true
|
61
90
|
end
|
@@ -17,11 +17,29 @@ module Aws
|
|
17
17
|
# @param [Seahorse::Client::Http::Request] http_req
|
18
18
|
# @param [Hash] params
|
19
19
|
def apply(http_req, params)
|
20
|
-
|
20
|
+
body = build_body(params)
|
21
|
+
# for rest-json, ensure we send at least an empty object
|
22
|
+
# don't send an empty object for streaming? case.
|
23
|
+
if body.nil? && @serializer_class == Json::Builder &&
|
24
|
+
modeled_body? && !streaming?
|
25
|
+
body = '{}'
|
26
|
+
end
|
27
|
+
http_req.body = body
|
21
28
|
end
|
22
29
|
|
23
30
|
private
|
24
31
|
|
32
|
+
# operation is modeled for body when it is modeled for a payload
|
33
|
+
# either with payload trait or normal members.
|
34
|
+
def modeled_body?
|
35
|
+
return true if @rules[:payload]
|
36
|
+
@rules.shape.members.each do |member|
|
37
|
+
_name, shape = member
|
38
|
+
return true if shape.location.nil?
|
39
|
+
end
|
40
|
+
false
|
41
|
+
end
|
42
|
+
|
25
43
|
def build_body(params)
|
26
44
|
if streaming?
|
27
45
|
params[@rules[:payload]]
|
@@ -32,11 +32,11 @@ module Aws
|
|
32
32
|
|
33
33
|
def apply_header_value(headers, ref, value)
|
34
34
|
value = apply_json_trait(value) if ref['jsonvalue']
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
35
|
+
case ref.shape
|
36
|
+
when TimestampShape then headers[ref.location_name] = timestamp(ref, value)
|
37
|
+
when ListShape then list(headers, ref, value)
|
38
|
+
else headers[ref.location_name] = value.to_s
|
39
|
+
end
|
40
40
|
end
|
41
41
|
|
42
42
|
def timestamp(ref, value)
|
@@ -49,6 +49,18 @@ module Aws
|
|
49
49
|
end
|
50
50
|
end
|
51
51
|
|
52
|
+
def list(headers, ref, value)
|
53
|
+
return if !value || value.empty?
|
54
|
+
headers[ref.location_name] = value
|
55
|
+
.compact
|
56
|
+
.map { |s| escape_header_list_string(s.to_s) }
|
57
|
+
.join(",")
|
58
|
+
end
|
59
|
+
|
60
|
+
def escape_header_list_string(s)
|
61
|
+
(s.include?('"') || s.include?(",")) ? "\"#{s.gsub('"', '\"')}\"" : s
|
62
|
+
end
|
63
|
+
|
52
64
|
def apply_header_map(headers, ref, values)
|
53
65
|
prefix = ref.location_name || ''
|
54
66
|
values.each_pair do |name, value|
|
@@ -57,7 +69,7 @@ module Aws
|
|
57
69
|
end
|
58
70
|
|
59
71
|
# With complex headers value in json syntax,
|
60
|
-
# base64 encodes value to
|
72
|
+
# base64 encodes value to avoid weird characters
|
61
73
|
# causing potential issues in headers
|
62
74
|
def apply_json_trait(value)
|
63
75
|
Base64.strict_encode64(value)
|
@@ -40,8 +40,10 @@ module Aws
|
|
40
40
|
when IntegerShape then value.to_i
|
41
41
|
when FloatShape then value.to_f
|
42
42
|
when BooleanShape then value == 'true'
|
43
|
+
when ListShape then
|
44
|
+
value.split(",").map { |v| cast_value(ref.shape.member, v) }
|
43
45
|
when TimestampShape
|
44
|
-
if value =~
|
46
|
+
if value =~ /^\d+(\.\d*)/
|
45
47
|
Time.at(value.to_f)
|
46
48
|
elsif value =~ /^\d+$/
|
47
49
|
Time.at(value.to_i)
|
@@ -100,7 +100,7 @@ module Aws
|
|
100
100
|
# or `nil` if no valid credentials were found.
|
101
101
|
def credentials(opts = {})
|
102
102
|
p = opts[:profile] || @profile_name
|
103
|
-
validate_profile_exists(p)
|
103
|
+
validate_profile_exists(p)
|
104
104
|
if (credentials = credentials_from_shared(p, opts))
|
105
105
|
credentials
|
106
106
|
elsif (credentials = credentials_from_config(p, opts))
|
@@ -163,6 +163,10 @@ module Aws
|
|
163
163
|
:ca_bundle,
|
164
164
|
:credential_process,
|
165
165
|
:endpoint_discovery_enabled,
|
166
|
+
:use_dualstack_endpoint,
|
167
|
+
:use_fips_endpoint,
|
168
|
+
:ec2_metadata_service_endpoint,
|
169
|
+
:ec2_metadata_service_endpoint_mode,
|
166
170
|
:max_attempts,
|
167
171
|
:retry_mode,
|
168
172
|
:adaptive_retry_wait_to_fill,
|
@@ -173,7 +177,9 @@ module Aws
|
|
173
177
|
:csm_port,
|
174
178
|
:sts_regional_endpoints,
|
175
179
|
:s3_use_arn_region,
|
176
|
-
:s3_us_east_1_regional_endpoint
|
180
|
+
:s3_us_east_1_regional_endpoint,
|
181
|
+
:s3_disable_multiregion_access_points,
|
182
|
+
:defaults_mode
|
177
183
|
)
|
178
184
|
|
179
185
|
private
|
@@ -189,11 +195,6 @@ module Aws
|
|
189
195
|
value
|
190
196
|
end
|
191
197
|
|
192
|
-
def credentials_present?
|
193
|
-
(@parsed_credentials && !@parsed_credentials.empty?) ||
|
194
|
-
(@parsed_config && !@parsed_config.empty?)
|
195
|
-
end
|
196
|
-
|
197
198
|
def assume_role_from_profile(cfg, profile, opts, chain_config)
|
198
199
|
if cfg && prof_cfg = cfg[profile]
|
199
200
|
opts[:source_profile] ||= prof_cfg['source_profile']
|
@@ -205,6 +206,7 @@ module Aws
|
|
205
206
|
'a credential_source. For assume role credentials, must '\
|
206
207
|
'provide only source_profile or credential_source, not both.'
|
207
208
|
elsif opts[:source_profile]
|
209
|
+
opts[:visited_profiles] ||= Set.new
|
208
210
|
opts[:credentials] = resolve_source_profile(opts[:source_profile], opts)
|
209
211
|
if opts[:credentials]
|
210
212
|
opts[:role_session_name] ||= prof_cfg['role_session_name']
|
@@ -214,6 +216,7 @@ module Aws
|
|
214
216
|
opts[:external_id] ||= prof_cfg['external_id']
|
215
217
|
opts[:serial_number] ||= prof_cfg['mfa_serial']
|
216
218
|
opts[:profile] = opts.delete(:source_profile)
|
219
|
+
opts.delete(:visited_profiles)
|
217
220
|
AssumeRoleCredentials.new(opts)
|
218
221
|
else
|
219
222
|
raise Errors::NoSourceProfileError,
|
@@ -246,8 +249,21 @@ module Aws
|
|
246
249
|
end
|
247
250
|
|
248
251
|
def resolve_source_profile(profile, opts = {})
|
252
|
+
if opts[:visited_profiles] && opts[:visited_profiles].include?(profile)
|
253
|
+
raise Errors::SourceProfileCircularReferenceError
|
254
|
+
end
|
255
|
+
opts[:visited_profiles].add(profile) if opts[:visited_profiles]
|
256
|
+
|
257
|
+
profile_config = @parsed_credentials[profile]
|
258
|
+
if @config_enabled
|
259
|
+
profile_config ||= @parsed_config[profile]
|
260
|
+
end
|
261
|
+
|
249
262
|
if (creds = credentials(profile: profile))
|
250
263
|
creds # static credentials
|
264
|
+
elsif profile_config && profile_config['source_profile']
|
265
|
+
opts.delete(:source_profile)
|
266
|
+
assume_role_credentials_from_config(opts.merge(profile: profile))
|
251
267
|
elsif (provider = assume_role_web_identity_credentials_from_config(opts.merge(profile: profile)))
|
252
268
|
provider.credentials if provider.credentials.set?
|
253
269
|
elsif (provider = assume_role_process_credentials_from_config(profile))
|
@@ -274,7 +290,10 @@ module Aws
|
|
274
290
|
|
275
291
|
def assume_role_process_credentials_from_config(profile)
|
276
292
|
validate_profile_exists(profile)
|
277
|
-
credential_process = @
|
293
|
+
credential_process = @parsed_credentials.fetch(profile, {})['credential_process']
|
294
|
+
if @parsed_config
|
295
|
+
credential_process ||= @parsed_config.fetch(profile, {})['credential_process']
|
296
|
+
end
|
278
297
|
ProcessCredentials.new(credential_process) if credential_process
|
279
298
|
end
|
280
299
|
|
@@ -14,11 +14,17 @@ module Aws
|
|
14
14
|
'aws_session_token' => 'session_token',
|
15
15
|
}
|
16
16
|
|
17
|
-
# Constructs a new SharedCredentials object. This will load
|
17
|
+
# Constructs a new SharedCredentials object. This will load static
|
18
|
+
# (access_key_id, secret_access_key and session_token) AWS access
|
18
19
|
# credentials from an ini file, which supports profiles. The default
|
19
20
|
# profile name is 'default'. You can specify the profile name with the
|
20
21
|
# `ENV['AWS_PROFILE']` or with the `:profile_name` option.
|
21
22
|
#
|
23
|
+
# To use credentials from the default credential resolution chain
|
24
|
+
# create a client without the credential option specified.
|
25
|
+
# You may access the resolved credentials through
|
26
|
+
# `client.config.credentials`.
|
27
|
+
#
|
22
28
|
# @option [String] :path Path to the shared file. Defaults
|
23
29
|
# to "#{Dir.home}/.aws/credentials".
|
24
30
|
#
|
@@ -8,8 +8,7 @@ module Aws
|
|
8
8
|
# AWS CLI with the correct profile.
|
9
9
|
#
|
10
10
|
# For more background on AWS SSO see the official
|
11
|
-
# {
|
12
|
-
# page.
|
11
|
+
# {https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html what is SSO Userguide}
|
13
12
|
#
|
14
13
|
# ## Refreshing Credentials from SSO
|
15
14
|
#
|
@@ -64,6 +63,11 @@ module Aws
|
|
64
63
|
#
|
65
64
|
# @option options [SSO::Client] :client Optional `SSO::Client`. If not
|
66
65
|
# provided, a client will be constructed.
|
66
|
+
#
|
67
|
+
# @option options [Callable] before_refresh Proc called before
|
68
|
+
# credentials are refreshed. `before_refresh` is called
|
69
|
+
# with an instance of this object when
|
70
|
+
# AWS credentials are required and need to be refreshed.
|
67
71
|
def initialize(options = {})
|
68
72
|
|
69
73
|
missing_keys = SSO_REQUIRED_OPTS.select { |k| options[k].nil? }
|
@@ -82,6 +86,7 @@ module Aws
|
|
82
86
|
options[:region] = @sso_region
|
83
87
|
options[:credentials] = nil
|
84
88
|
@client = options[:client] || Aws::SSO::Client.new(options)
|
89
|
+
@async_refresh = true
|
85
90
|
super
|
86
91
|
end
|
87
92
|
|
@@ -101,7 +106,7 @@ module Aws
|
|
101
106
|
raise ArgumentError, 'Cached SSO Token is expired.'
|
102
107
|
end
|
103
108
|
cached_token
|
104
|
-
rescue Aws::Json::ParseError, ArgumentError
|
109
|
+
rescue Errno::ENOENT, Aws::Json::ParseError, ArgumentError
|
105
110
|
raise Errors::InvalidSSOCredentials, SSO_LOGIN_GUIDANCE
|
106
111
|
end
|
107
112
|
|
@@ -70,11 +70,20 @@ module Aws
|
|
70
70
|
end
|
71
71
|
|
72
72
|
end
|
73
|
+
|
74
|
+
module Union
|
75
|
+
def member
|
76
|
+
self.members.select { |k| self[k] != nil }.first
|
77
|
+
end
|
78
|
+
|
79
|
+
def value
|
80
|
+
self[member] if member
|
81
|
+
end
|
82
|
+
end
|
73
83
|
end
|
74
84
|
|
75
85
|
# @api private
|
76
86
|
class EmptyStructure < Struct.new('AwsEmptyStructure')
|
77
87
|
include(Aws::Structure)
|
78
88
|
end
|
79
|
-
|
80
89
|
end
|
@@ -1,16 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
use_system_rexml = ((RUBY_VERSION <=> "2.0.0") < 0)
|
4
|
-
if use_system_rexml
|
5
|
-
require "rbconfig"
|
6
|
-
$LOAD_PATH.unshift(RbConfig::CONFIG["rubylibdir"])
|
7
|
-
end
|
8
|
-
|
9
3
|
require 'rexml/document'
|
10
4
|
require 'rexml/streamlistener'
|
11
5
|
|
12
|
-
$LOAD_PATH.shift if use_system_rexml
|
13
|
-
|
14
6
|
module Aws
|
15
7
|
module Xml
|
16
8
|
class Parser
|
@@ -95,6 +95,8 @@ module Aws
|
|
95
95
|
def child_frame(xml_name)
|
96
96
|
if @member = @members[xml_name]
|
97
97
|
Frame.new(xml_name, self, @member[:ref])
|
98
|
+
elsif @ref.shape.union
|
99
|
+
UnknownMemberFrame.new(xml_name, self, nil, @result)
|
98
100
|
else
|
99
101
|
NullFrame.new(xml_name, self)
|
100
102
|
end
|
@@ -106,10 +108,24 @@ module Aws
|
|
106
108
|
@result[@member[:name]][child.key.result] = child.value.result
|
107
109
|
when FlatListFrame
|
108
110
|
@result[@member[:name]] << child.result
|
111
|
+
when UnknownMemberFrame
|
112
|
+
@result[:unknown] = { 'name' => child.path.last, 'value' => child.result }
|
109
113
|
when NullFrame
|
110
114
|
else
|
111
115
|
@result[@member[:name]] = child.result
|
112
116
|
end
|
117
|
+
|
118
|
+
if @ref.shape.union
|
119
|
+
# a union may only have one member set
|
120
|
+
# convert to the union subclass
|
121
|
+
# The default Struct created will have defaults set for all values
|
122
|
+
# This also sets only one of the values leaving everything else nil
|
123
|
+
# as required for unions
|
124
|
+
set_member_name = @member ? @member[:name] : :unknown
|
125
|
+
member_subclass = @ref.shape.member_subclass(set_member_name).new # shape.member_subclass(target.member).new
|
126
|
+
member_subclass[set_member_name] = @result[set_member_name]
|
127
|
+
@result = member_subclass
|
128
|
+
end
|
113
129
|
end
|
114
130
|
|
115
131
|
private
|
@@ -242,6 +258,12 @@ module Aws
|
|
242
258
|
end
|
243
259
|
end
|
244
260
|
|
261
|
+
class UnknownMemberFrame < Frame
|
262
|
+
def result
|
263
|
+
@text.join
|
264
|
+
end
|
265
|
+
end
|
266
|
+
|
245
267
|
class BlobFrame < Frame
|
246
268
|
def result
|
247
269
|
@text.empty? ? nil : Base64.decode64(@text.join)
|
@@ -302,6 +324,7 @@ module Aws
|
|
302
324
|
MapShape => MapFrame,
|
303
325
|
StringShape => StringFrame,
|
304
326
|
StructureShape => StructureFrame,
|
327
|
+
UnionShape => StructureFrame,
|
305
328
|
TimestampShape => TimestampFrame,
|
306
329
|
}
|
307
330
|
|
data/lib/aws-sdk-core.rb
CHANGED
@@ -88,6 +88,12 @@ require_relative 'aws-sdk-core/arn'
|
|
88
88
|
require_relative 'aws-sdk-core/arn_parser'
|
89
89
|
require_relative 'aws-sdk-core/ec2_metadata'
|
90
90
|
|
91
|
+
# defaults
|
92
|
+
require_relative 'aws-defaults'
|
93
|
+
|
94
|
+
# plugins
|
95
|
+
# loaded through building STS or SSO ..
|
96
|
+
|
91
97
|
# aws-sdk-sts is included to support Aws::AssumeRoleCredentials
|
92
98
|
require_relative 'aws-sdk-sts'
|
93
99
|
|
data/lib/aws-sdk-sso/client.rb
CHANGED
@@ -27,9 +27,11 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
31
|
+
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
32
|
+
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
30
33
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
31
34
|
require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
32
|
-
require 'aws-sdk-sso/plugins/content_type.rb'
|
33
35
|
|
34
36
|
Aws::Plugins::GlobalConfiguration.add_identifier(:sso)
|
35
37
|
|
@@ -74,9 +76,11 @@ module Aws::SSO
|
|
74
76
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
75
77
|
add_plugin(Aws::Plugins::TransferEncoding)
|
76
78
|
add_plugin(Aws::Plugins::HttpChecksum)
|
79
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
80
|
+
add_plugin(Aws::Plugins::DefaultsMode)
|
81
|
+
add_plugin(Aws::Plugins::RecursionDetection)
|
77
82
|
add_plugin(Aws::Plugins::SignatureV4)
|
78
83
|
add_plugin(Aws::Plugins::Protocols::RestJson)
|
79
|
-
add_plugin(Aws::SSO::Plugins::ContentType)
|
80
84
|
|
81
85
|
# @overload initialize(options)
|
82
86
|
# @param [Hash] options
|
@@ -121,7 +125,9 @@ module Aws::SSO
|
|
121
125
|
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
122
126
|
# are very aggressive. Construct and pass an instance of
|
123
127
|
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
124
|
-
# enable retries and extended timeouts.
|
128
|
+
# enable retries and extended timeouts. Instance profile credential
|
129
|
+
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
130
|
+
# to true.
|
125
131
|
#
|
126
132
|
# @option options [required, String] :region
|
127
133
|
# The AWS region to connect to. The configured `:region` is
|
@@ -175,6 +181,10 @@ module Aws::SSO
|
|
175
181
|
# Used only in `standard` and adaptive retry modes. Specifies whether to apply
|
176
182
|
# a clock skew correction and retry requests with skewed client clocks.
|
177
183
|
#
|
184
|
+
# @option options [String] :defaults_mode ("legacy")
|
185
|
+
# See {Aws::DefaultsModeConfiguration} for a list of the
|
186
|
+
# accepted modes and the configuration defaults that are included.
|
187
|
+
#
|
178
188
|
# @option options [Boolean] :disable_host_prefix_injection (false)
|
179
189
|
# Set to true to disable SDK automatically adding host prefix
|
180
190
|
# to default service endpoint when available.
|
@@ -277,6 +287,15 @@ module Aws::SSO
|
|
277
287
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
278
288
|
# requests are made, and retries are disabled.
|
279
289
|
#
|
290
|
+
# @option options [Boolean] :use_dualstack_endpoint
|
291
|
+
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
292
|
+
# will be used if available.
|
293
|
+
#
|
294
|
+
# @option options [Boolean] :use_fips_endpoint
|
295
|
+
# When set to `true`, fips compatible endpoints will be used if available.
|
296
|
+
# When a `fips` region is used, the region is normalized and this config
|
297
|
+
# is set to `true`.
|
298
|
+
#
|
280
299
|
# @option options [Boolean] :validate_params (true)
|
281
300
|
# When `true`, request parameters are validated before
|
282
301
|
# sending the request.
|
@@ -288,7 +307,7 @@ module Aws::SSO
|
|
288
307
|
# seconds to wait when opening a HTTP session before raising a
|
289
308
|
# `Timeout::Error`.
|
290
309
|
#
|
291
|
-
# @option options [
|
310
|
+
# @option options [Float] :http_read_timeout (60) The default
|
292
311
|
# number of seconds to wait for response data. This value can
|
293
312
|
# safely be set per-request on the session.
|
294
313
|
#
|
@@ -304,6 +323,9 @@ module Aws::SSO
|
|
304
323
|
# disables this behaviour. This value can safely be set per
|
305
324
|
# request on the session.
|
306
325
|
#
|
326
|
+
# @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
|
327
|
+
# in seconds.
|
328
|
+
#
|
307
329
|
# @option options [Boolean] :http_wire_trace (false) When `true`,
|
308
330
|
# HTTP debug output will be sent to the `:logger`.
|
309
331
|
#
|
@@ -523,7 +545,7 @@ module Aws::SSO
|
|
523
545
|
params: params,
|
524
546
|
config: config)
|
525
547
|
context[:gem_name] = 'aws-sdk-core'
|
526
|
-
context[:gem_version] = '3.
|
548
|
+
context[:gem_version] = '3.130.1'
|
527
549
|
Seahorse::Client::Request.new(handlers, context)
|
528
550
|
end
|
529
551
|
|