aws-sdk-core 3.121.0 → 3.126.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +122 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +153 -0
- data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
- data/lib/aws-defaults.rb +3 -0
- data/lib/aws-sdk-core/assume_role_credentials.rb +18 -0
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +5 -0
- data/lib/aws-sdk-core/ec2_metadata.rb +3 -2
- data/lib/aws-sdk-core/ecs_credentials.rb +4 -0
- data/lib/aws-sdk-core/errors.rb +1 -1
- data/lib/aws-sdk-core/instance_profile_credentials.rb +27 -8
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +3 -1
- data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +17 -0
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +16 -1
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +27 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +47 -1
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +4 -2
- data/lib/aws-sdk-core/plugins/retry_errors.rb +9 -3
- data/lib/aws-sdk-core/plugins/signature_v4.rb +13 -23
- data/lib/aws-sdk-core/refreshing_credentials.rb +13 -2
- data/lib/aws-sdk-core/rest/request/body.rb +19 -1
- data/lib/aws-sdk-core/rest/request/headers.rb +18 -6
- data/lib/aws-sdk-core/rest/response/headers.rb +3 -1
- data/lib/aws-sdk-core/shared_config.rb +5 -7
- data/lib/aws-sdk-core/sso_credentials.rb +6 -1
- data/lib/aws-sdk-core/structure.rb +1 -1
- data/lib/aws-sdk-core/xml/parser/engines/ox.rb +1 -1
- data/lib/aws-sdk-core.rb +6 -0
- data/lib/aws-sdk-sso/client.rb +25 -5
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +95 -112
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +5 -1
- data/lib/aws-sdk-sts/presigner.rb +7 -1
- data/lib/aws-sdk-sts/types.rb +33 -23
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/seahorse/client/configuration.rb +4 -0
- data/lib/seahorse/client/net_http/connection_pool.rb +7 -0
- data/lib/seahorse/client/net_http/handler.rb +15 -7
- data/lib/seahorse/client/net_http/patches.rb +16 -0
- data/lib/seahorse/client/plugins/content_length.rb +11 -5
- data/lib/seahorse/client/plugins/net_http.rb +33 -2
- metadata +9 -5
- data/lib/aws-sdk-sso/plugins/content_type.rb +0 -25
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 43456ebcfb658f355c30401c60fbc040821ad6e166a5341f6fe6c6ee13504fb2
|
4
|
+
data.tar.gz: e2b3ad8937b2abfd04fb996466dfcfaedd6f30fc2a01d3129568eb1c92410fb1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c2d1633574df08000c0d247dd044ab137481c616da29bca727c0f8e534655f4bf85ac7a10b3f2dab6fb3ec1bb5bfdb75053b2b124bcdead670dc080af98eb608
|
7
|
+
data.tar.gz: cc10baad99ea717024d2b841a529d5a89a4b10585cf38b008d51e5c36ab9981b330d3d2769b4e9a6e94b05cd66596cba9d0e5a687e8f90c89be214498680720b
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,128 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
3.126.2 (2022-02-16)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
|
8
|
+
* Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist.
|
9
|
+
|
10
|
+
3.126.1 (2022-02-14)
|
11
|
+
------------------
|
12
|
+
|
13
|
+
* Issue - Set `create_time` on IMDS tokens before fetch to reduce chance of using expired tokens and retry failures due to using expired tokens.
|
14
|
+
|
15
|
+
3.126.0 (2022-02-03)
|
16
|
+
------------------
|
17
|
+
|
18
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
19
|
+
|
20
|
+
* Feature - Add support for recursion detection.
|
21
|
+
|
22
|
+
3.125.6 (2022-02-02)
|
23
|
+
------------------
|
24
|
+
|
25
|
+
* Issue - Ensure default message for ServiceError is a string (#2643).
|
26
|
+
|
27
|
+
3.125.5 (2022-01-19)
|
28
|
+
------------------
|
29
|
+
|
30
|
+
* Issue - Correctly serialize empty header lists.
|
31
|
+
|
32
|
+
3.125.4 (2022-01-18)
|
33
|
+
------------------
|
34
|
+
|
35
|
+
* Issue - Add `InternalError` to `ErrorInspector` for S3 errors.
|
36
|
+
|
37
|
+
|
38
|
+
3.125.3 (2022-01-12)
|
39
|
+
------------------
|
40
|
+
|
41
|
+
* Issue - Add `ExpiredTokenException` to `ErrorInspector` for Kinesis errors.
|
42
|
+
|
43
|
+
3.125.2 (2022-01-10)
|
44
|
+
------------------
|
45
|
+
|
46
|
+
* Issue - Correctly serialize lists of strings in headers with quotes and commas.
|
47
|
+
|
48
|
+
3.125.1 (2022-01-04)
|
49
|
+
------------------
|
50
|
+
|
51
|
+
* Issue - Parse a response with consecutive spaces correctly when ox is used as the XML parser.
|
52
|
+
|
53
|
+
3.125.0 (2021-12-21)
|
54
|
+
------------------
|
55
|
+
|
56
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
57
|
+
|
58
|
+
* Feature - Add `:defaults_mode` configuration - that determines how certain default configuration options are resolved in the SDK.
|
59
|
+
|
60
|
+
3.124.0 (2021-11-30)
|
61
|
+
------------------
|
62
|
+
|
63
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
64
|
+
|
65
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
66
|
+
|
67
|
+
3.123.0 (2021-11-23)
|
68
|
+
------------------
|
69
|
+
|
70
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
71
|
+
|
72
|
+
3.122.1 (2021-11-09)
|
73
|
+
------------------
|
74
|
+
|
75
|
+
* Issue - Correctly serialize/deserialize header lists.
|
76
|
+
|
77
|
+
3.122.0 (2021-11-04)
|
78
|
+
------------------
|
79
|
+
|
80
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
81
|
+
|
82
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
83
|
+
|
84
|
+
* Issue - Fix parsing of ISO8601 timestamps with millisecond precision in headers.
|
85
|
+
|
86
|
+
* Feature - Support modeled dualstack endpoints. It can be configured with shared configuration (`use_dualstack_endpoint`), an ENV variable (`AWS_USE_DUALSTACK_ENDPOINT`), and a constructor option (`:use_dualstack_endpoint`). Requests made to services without a dualstack endpoint will fail.
|
87
|
+
|
88
|
+
* Feature - Support modeled fips endpoints. It can be configured with shared configuration (`use_fips_endpoint`), an ENV variable (`AWS_USE_FIPS_ENDPOINT`), and a constructor option (`:use_fips_endpoint`). Requests made to services without a fips endpoint will fail.
|
89
|
+
|
90
|
+
3.121.6 (2021-11-02)
|
91
|
+
------------------
|
92
|
+
|
93
|
+
* Issue - Improve `SSOCredentials` error handling when profile file does not exist (#2605)
|
94
|
+
|
95
|
+
3.121.5 (2021-10-29)
|
96
|
+
------------------
|
97
|
+
|
98
|
+
* Issue - bump minimum version of `aws-partitions` (#2603).
|
99
|
+
|
100
|
+
3.121.4 (2021-10-28)
|
101
|
+
------------------
|
102
|
+
|
103
|
+
* Issue - This version has been yanked. (#2603).
|
104
|
+
|
105
|
+
* Issue - use the `EndpointProvider` to lookup signing region and name.
|
106
|
+
|
107
|
+
3.121.3 (2021-10-20)
|
108
|
+
------------------
|
109
|
+
|
110
|
+
* Issue - Use endpointPrefix when looking up the `signing_region` from the `EndpointProvider`.
|
111
|
+
|
112
|
+
3.121.2 (2021-10-18)
|
113
|
+
------------------
|
114
|
+
|
115
|
+
* Issue - Fix an issue where Rest JSON services do not have a `Content-Type` header.
|
116
|
+
|
117
|
+
* Issue - Remove blank `Content-Type` header from Net::HTTP handler, and prevent a default from being set.
|
118
|
+
|
119
|
+
* Issue - Set `Content-Length` only for HTTP methods that take a body.
|
120
|
+
|
121
|
+
3.121.1 (2021-09-24)
|
122
|
+
------------------
|
123
|
+
|
124
|
+
* Issue - Fix error in finding union member for boolean shapes with `false` values.
|
125
|
+
|
4
126
|
3.121.0 (2021-09-02)
|
5
127
|
------------------
|
6
128
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.126.2
|
@@ -0,0 +1,153 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'defaults_mode_config_resolver'
|
4
|
+
|
5
|
+
module Aws
|
6
|
+
|
7
|
+
# A defaults mode determines how certain default configuration options are resolved in the SDK.
|
8
|
+
#
|
9
|
+
# *Note*: For any mode other than `'legacy'` the vended default values might change as best practices may
|
10
|
+
# evolve. As a result, it is encouraged to perform testing when upgrading the SDK if you are using a mode other than
|
11
|
+
# `'legacy'`. While the `'legacy'` defaults mode is specific to Ruby,
|
12
|
+
# other modes are standardized across all of the AWS SDKs.
|
13
|
+
#
|
14
|
+
# The defaults mode can be configured:
|
15
|
+
#
|
16
|
+
# * Directly on a client via `:defaults_mode`
|
17
|
+
#
|
18
|
+
# * On a configuration profile via the "defaults_mode" profile file property.
|
19
|
+
#
|
20
|
+
# * Globally via the "AWS_DEFAULTS_MODE" environment variable.
|
21
|
+
#
|
22
|
+
#
|
23
|
+
# @code_generation START - documentation
|
24
|
+
# The following `:default_mode` values are supported:
|
25
|
+
#
|
26
|
+
# * `'standard'` -
|
27
|
+
# The STANDARD mode provides the latest recommended default values
|
28
|
+
# that should be safe to run in most scenarios
|
29
|
+
#
|
30
|
+
# Note that the default values vended from this mode might change as
|
31
|
+
# best practices may evolve. As a result, it is encouraged to perform
|
32
|
+
# tests when upgrading the SDK
|
33
|
+
#
|
34
|
+
# * `'in-region'` -
|
35
|
+
# The IN\_REGION mode builds on the standard mode and includes
|
36
|
+
# optimization tailored for applications which call AWS services from
|
37
|
+
# within the same AWS region
|
38
|
+
#
|
39
|
+
# Note that the default values vended from this mode might change as
|
40
|
+
# best practices may evolve. As a result, it is encouraged to perform
|
41
|
+
# tests when upgrading the SDK
|
42
|
+
#
|
43
|
+
# * `'cross-region'` -
|
44
|
+
# The CROSS\_REGION mode builds on the standard mode and includes
|
45
|
+
# optimization tailored for applications which call AWS services in a
|
46
|
+
# different region
|
47
|
+
#
|
48
|
+
# Note that the default values vended from this mode might change as
|
49
|
+
# best practices may evolve. As a result, it is encouraged to perform
|
50
|
+
# tests when upgrading the SDK
|
51
|
+
#
|
52
|
+
# * `'mobile'` -
|
53
|
+
# The MOBILE mode builds on the standard mode and includes
|
54
|
+
# optimization tailored for mobile applications
|
55
|
+
#
|
56
|
+
# Note that the default values vended from this mode might change as
|
57
|
+
# best practices may evolve. As a result, it is encouraged to perform
|
58
|
+
# tests when upgrading the SDK
|
59
|
+
#
|
60
|
+
# * `'auto'` -
|
61
|
+
# The AUTO mode is an experimental mode that builds on the standard
|
62
|
+
# mode. The SDK will attempt to discover the execution environment to
|
63
|
+
# determine the appropriate settings automatically.
|
64
|
+
#
|
65
|
+
# Note that the auto detection is heuristics-based and does not
|
66
|
+
# guarantee 100% accuracy. STANDARD mode will be used if the execution
|
67
|
+
# environment cannot be determined. The auto detection might query
|
68
|
+
# [EC2 Instance Metadata service][1], which might introduce latency.
|
69
|
+
# Therefore we recommend choosing an explicit defaults\_mode instead
|
70
|
+
# if startup latency is critical to your application
|
71
|
+
#
|
72
|
+
# * `'legacy'` -
|
73
|
+
# The LEGACY mode provides default settings that vary per SDK and were
|
74
|
+
# used prior to establishment of defaults\_mode
|
75
|
+
#
|
76
|
+
# Based on the provided mode, the SDK will vend sensible default values
|
77
|
+
# tailored to the mode for the following settings:
|
78
|
+
#
|
79
|
+
# * `:retry_mode` -
|
80
|
+
# A retry mode specifies how the SDK attempts retries. See [Retry
|
81
|
+
# Mode][2]
|
82
|
+
#
|
83
|
+
# * `:sts_regional_endpoints` -
|
84
|
+
# Specifies how the SDK determines the AWS service endpoint that it
|
85
|
+
# uses to talk to the AWS Security Token Service (AWS STS). See
|
86
|
+
# [Setting STS Regional endpoints][3]
|
87
|
+
#
|
88
|
+
# * `:s3_us_east_1_regional_endpoint` -
|
89
|
+
# Specifies how the SDK determines the AWS service endpoint that it
|
90
|
+
# uses to talk to the Amazon S3 for the us-east-1 region
|
91
|
+
#
|
92
|
+
# * `:http_open_timeout` -
|
93
|
+
# The amount of time after making an initial connection attempt on a
|
94
|
+
# socket, where if the client does not receive a completion of the
|
95
|
+
# connect handshake, the client gives up and fails the operation
|
96
|
+
#
|
97
|
+
# * `:ssl_timeout` -
|
98
|
+
# The maximum amount of time that a TLS handshake is allowed to take
|
99
|
+
# from the time the CLIENT HELLO message is sent to ethe time the
|
100
|
+
# client and server have fully negotiated ciphers and exchanged keys
|
101
|
+
#
|
102
|
+
# All options above can be configured by users, and the overridden value will take precedence.
|
103
|
+
#
|
104
|
+
# [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
|
105
|
+
# [2]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-retry_mode.html
|
106
|
+
# [3]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-sts_regional_endpoints.html
|
107
|
+
#
|
108
|
+
# @code_generation END - documentation
|
109
|
+
module DefaultsModeConfiguration
|
110
|
+
# @api private
|
111
|
+
# @code_generation START - configuration
|
112
|
+
SDK_DEFAULT_CONFIGURATION =
|
113
|
+
{
|
114
|
+
"version" => 1,
|
115
|
+
"base" => {
|
116
|
+
"retryMode" => "standard",
|
117
|
+
"stsRegionalEndpoints" => "regional",
|
118
|
+
"s3UsEast1RegionalEndpoints" => "regional",
|
119
|
+
"connectTimeoutInMillis" => 1100,
|
120
|
+
"tlsNegotiationTimeoutInMillis" => 1100
|
121
|
+
},
|
122
|
+
"modes" => {
|
123
|
+
"standard" => {
|
124
|
+
"connectTimeoutInMillis" => {
|
125
|
+
"override" => 3100
|
126
|
+
},
|
127
|
+
"tlsNegotiationTimeoutInMillis" => {
|
128
|
+
"override" => 3100
|
129
|
+
}
|
130
|
+
},
|
131
|
+
"in-region" => {
|
132
|
+
},
|
133
|
+
"cross-region" => {
|
134
|
+
"connectTimeoutInMillis" => {
|
135
|
+
"override" => 3100
|
136
|
+
},
|
137
|
+
"tlsNegotiationTimeoutInMillis" => {
|
138
|
+
"override" => 3100
|
139
|
+
}
|
140
|
+
},
|
141
|
+
"mobile" => {
|
142
|
+
"connectTimeoutInMillis" => {
|
143
|
+
"override" => 30000
|
144
|
+
},
|
145
|
+
"tlsNegotiationTimeoutInMillis" => {
|
146
|
+
"override" => 30000
|
147
|
+
}
|
148
|
+
}
|
149
|
+
}
|
150
|
+
}
|
151
|
+
# @code_generation END - configuration
|
152
|
+
end
|
153
|
+
end
|
@@ -0,0 +1,107 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
#@api private
|
5
|
+
class DefaultsModeConfigResolver
|
6
|
+
|
7
|
+
@@application_region = nil
|
8
|
+
@@application_region_mutex = Mutex.new
|
9
|
+
@@imds_client = EC2Metadata.new(retries: 0, http_open_timeout: 0.01)
|
10
|
+
|
11
|
+
# mappings from Ruby SDK configuration names to the
|
12
|
+
# sdk defaults option names and (optional) scale modifiers
|
13
|
+
CFG_OPTIONS = {
|
14
|
+
retry_mode: { name: "retryMode" },
|
15
|
+
sts_regional_endpoints: { name: "stsRegionalEndpoints" },
|
16
|
+
s3_us_east_1_regional_endpoint: { name: "s3UsEast1RegionalEndpoints" },
|
17
|
+
http_open_timeout: { name: "connectTimeoutInMillis", scale: 0.001 },
|
18
|
+
http_read_timeout: { name: "timeToFirstByteTimeoutInMillis", scale: 0.001 },
|
19
|
+
ssl_timeout: { name: "tlsNegotiationTimeoutInMillis", scale: 0.001 }
|
20
|
+
}.freeze
|
21
|
+
|
22
|
+
def initialize(sdk_defaults, cfg)
|
23
|
+
@sdk_defaults = sdk_defaults
|
24
|
+
@cfg = cfg
|
25
|
+
@resolved_mode = nil
|
26
|
+
@mutex = Mutex.new
|
27
|
+
end
|
28
|
+
|
29
|
+
# option_name should be the symbolized ruby name to resolve
|
30
|
+
# returns the ruby appropriate value or nil if none are resolved
|
31
|
+
def resolve(option_name)
|
32
|
+
return unless (std_option = CFG_OPTIONS[option_name])
|
33
|
+
mode = resolved_mode.downcase
|
34
|
+
|
35
|
+
return nil if mode == 'legacy'
|
36
|
+
|
37
|
+
value = resolve_for_mode(std_option[:name], mode)
|
38
|
+
value = value * std_option[:scale] if value && std_option[:scale]
|
39
|
+
|
40
|
+
value
|
41
|
+
end
|
42
|
+
|
43
|
+
private
|
44
|
+
def resolved_mode
|
45
|
+
@mutex.synchronize do
|
46
|
+
return @resolved_mode unless @resolved_mode.nil?
|
47
|
+
|
48
|
+
@resolved_mode = @cfg.defaults_mode == 'auto' ? resolve_auto_mode : @cfg.defaults_mode
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def resolve_auto_mode
|
53
|
+
return "mobile" if env_mobile?
|
54
|
+
|
55
|
+
region = application_current_region
|
56
|
+
|
57
|
+
if region
|
58
|
+
@cfg.region == region ? "in-region": "cross-region"
|
59
|
+
else
|
60
|
+
# We don't seem to be mobile, and we couldn't determine whether we're running within an AWS region. Fall back to standard.
|
61
|
+
'standard'
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
def application_current_region
|
66
|
+
resolved_region = @@application_region_mutex.synchronize do
|
67
|
+
return @@application_region unless @@application_region.nil?
|
68
|
+
|
69
|
+
region = nil
|
70
|
+
if ENV['AWS_EXECUTION_ENV']
|
71
|
+
region = ENV['AWS_REGION'] || ENV['AWS_DEFAULT_REGION']
|
72
|
+
end
|
73
|
+
|
74
|
+
if region.nil? && ENV['AWS_EC2_METADATA_DISABLED']&.downcase != "true"
|
75
|
+
begin
|
76
|
+
region = @@imds_client.get('/latest/meta-data/placement/region')
|
77
|
+
rescue
|
78
|
+
# unable to get region, leave it unset
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
# required so that we cache the unknown/nil result
|
83
|
+
@@application_region = region || :unknown
|
84
|
+
end
|
85
|
+
resolved_region == :unknown ? nil : resolved_region
|
86
|
+
end
|
87
|
+
|
88
|
+
def resolve_for_mode(name, mode)
|
89
|
+
base_value = @sdk_defaults['base'][name]
|
90
|
+
mode_value = @sdk_defaults['modes'].fetch(mode, {})[name]
|
91
|
+
|
92
|
+
if mode_value.nil?
|
93
|
+
return base_value
|
94
|
+
end
|
95
|
+
|
96
|
+
return mode_value['override'] unless mode_value['override'].nil?
|
97
|
+
return base_value + mode_value['add'] unless mode_value['add'].nil?
|
98
|
+
return base_value * mode_value['multiply'] unless mode_value['multiply'].nil?
|
99
|
+
return base_value
|
100
|
+
end
|
101
|
+
|
102
|
+
def env_mobile?
|
103
|
+
false
|
104
|
+
end
|
105
|
+
|
106
|
+
end
|
107
|
+
end
|
data/lib/aws-defaults.rb
ADDED
@@ -17,6 +17,11 @@ module Aws
|
|
17
17
|
#
|
18
18
|
# If you omit `:client` option, a new {STS::Client} object will be
|
19
19
|
# constructed.
|
20
|
+
#
|
21
|
+
# The AssumeRoleCredentials also provides a `before_refresh` callback
|
22
|
+
# that can be used to help manage refreshing tokens.
|
23
|
+
# `before_refresh` is called when AWS credentials are required and need
|
24
|
+
# to be refreshed and it is called with the AssumeRoleCredentials object.
|
20
25
|
class AssumeRoleCredentials
|
21
26
|
|
22
27
|
include CredentialProvider
|
@@ -28,6 +33,16 @@ module Aws
|
|
28
33
|
# @option options [Integer] :duration_seconds
|
29
34
|
# @option options [String] :external_id
|
30
35
|
# @option options [STS::Client] :client
|
36
|
+
# @option options [Callable] before_refresh Proc called before
|
37
|
+
# credentials are refreshed. Useful for updating tokens.
|
38
|
+
# `before_refresh` is called when AWS credentials are
|
39
|
+
# required and need to be refreshed. Tokens can be refreshed using
|
40
|
+
# the following example:
|
41
|
+
#
|
42
|
+
# before_refresh = Proc.new do |assume_role_credentials| do
|
43
|
+
# assume_role_credentials.assume_role_params['token_code'] = update_token
|
44
|
+
# end
|
45
|
+
#
|
31
46
|
def initialize(options = {})
|
32
47
|
client_opts = {}
|
33
48
|
@assume_role_params = {}
|
@@ -45,6 +60,9 @@ module Aws
|
|
45
60
|
# @return [STS::Client]
|
46
61
|
attr_reader :client
|
47
62
|
|
63
|
+
# @return [Hash]
|
64
|
+
attr_reader :assume_role_params
|
65
|
+
|
48
66
|
private
|
49
67
|
|
50
68
|
def refresh
|
@@ -39,6 +39,11 @@ module Aws
|
|
39
39
|
# encoded UUID is generated as the session name
|
40
40
|
#
|
41
41
|
# @option options [STS::Client] :client
|
42
|
+
#
|
43
|
+
# @option options [Callable] before_refresh Proc called before
|
44
|
+
# credentials are refreshed. `before_refresh` is called
|
45
|
+
# with an instance of this object when
|
46
|
+
# AWS credentials are required and need to be refreshed.
|
42
47
|
def initialize(options = {})
|
43
48
|
client_opts = {}
|
44
49
|
@assume_role_web_identity_params = {}
|
@@ -136,8 +136,9 @@ module Aws
|
|
136
136
|
|
137
137
|
def fetch_token
|
138
138
|
open_connection do |conn|
|
139
|
+
created_time = Time.now
|
139
140
|
token_value, token_ttl = http_put(conn, @token_ttl)
|
140
|
-
@token = Token.new(value: token_value, ttl: token_ttl)
|
141
|
+
@token = Token.new(value: token_value, ttl: token_ttl, created_time: created_time)
|
141
142
|
end
|
142
143
|
end
|
143
144
|
|
@@ -222,7 +223,7 @@ module Aws
|
|
222
223
|
def initialize(options = {})
|
223
224
|
@ttl = options[:ttl]
|
224
225
|
@value = options[:value]
|
225
|
-
@created_time = Time.now
|
226
|
+
@created_time = options[:created_time] || Time.now
|
226
227
|
end
|
227
228
|
|
228
229
|
# [String] Returns the token value.
|
@@ -43,6 +43,10 @@ module Aws
|
|
43
43
|
# @option options [IO] :http_debug_output (nil) HTTP wire
|
44
44
|
# traces are sent to this object. You can specify something
|
45
45
|
# like $stdout.
|
46
|
+
# @option options [Callable] before_refresh Proc called before
|
47
|
+
# credentials are refreshed. `before_refresh` is called
|
48
|
+
# with an instance of this object when
|
49
|
+
# AWS credentials are required and need to be refreshed.
|
46
50
|
def initialize options = {}
|
47
51
|
@retries = options[:retries] || 5
|
48
52
|
@ip_address = options[:ip_address] || '169.254.170.2'
|
data/lib/aws-sdk-core/errors.rb
CHANGED
@@ -63,6 +63,10 @@ module Aws
|
|
63
63
|
# @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
|
64
64
|
# Metadata Token used for fetching Metadata Profile Credentials, defaults
|
65
65
|
# to 21600 seconds
|
66
|
+
# @option options [Callable] before_refresh Proc called before
|
67
|
+
# credentials are refreshed. `before_refresh` is called
|
68
|
+
# with an instance of this object when
|
69
|
+
# AWS credentials are required and need to be refreshed.
|
66
70
|
def initialize(options = {})
|
67
71
|
@retries = options[:retries] || 1
|
68
72
|
endpoint_mode = resolve_endpoint_mode(options)
|
@@ -153,10 +157,11 @@ module Aws
|
|
153
157
|
begin
|
154
158
|
retry_errors(NETWORK_ERRORS, max_retries: @retries) do
|
155
159
|
unless token_set?
|
160
|
+
created_time = Time.now
|
156
161
|
token_value, ttl = http_put(
|
157
162
|
conn, METADATA_TOKEN_PATH, @token_ttl
|
158
163
|
)
|
159
|
-
@token = Token.new(token_value, ttl) if token_value && ttl
|
164
|
+
@token = Token.new(token_value, ttl, created_time) if token_value && ttl
|
160
165
|
end
|
161
166
|
end
|
162
167
|
rescue *NETWORK_ERRORS
|
@@ -166,9 +171,17 @@ module Aws
|
|
166
171
|
end
|
167
172
|
|
168
173
|
token = @token.value if token_set?
|
169
|
-
|
170
|
-
|
171
|
-
|
174
|
+
|
175
|
+
begin
|
176
|
+
metadata = http_get(conn, METADATA_PATH_BASE, token)
|
177
|
+
profile_name = metadata.lines.first.strip
|
178
|
+
http_get(conn, METADATA_PATH_BASE + profile_name, token)
|
179
|
+
rescue TokenExpiredError
|
180
|
+
# Token has expired, reset it
|
181
|
+
# The next retry should fetch it
|
182
|
+
@token = nil
|
183
|
+
raise Non200Response
|
184
|
+
end
|
172
185
|
end
|
173
186
|
end
|
174
187
|
rescue
|
@@ -200,9 +213,15 @@ module Aws
|
|
200
213
|
headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}" }
|
201
214
|
headers['x-aws-ec2-metadata-token'] = token if token
|
202
215
|
response = connection.request(Net::HTTP::Get.new(path, headers))
|
203
|
-
raise Non200Response unless response.code.to_i == 200
|
204
216
|
|
205
|
-
response.
|
217
|
+
case response.code.to_i
|
218
|
+
when 200
|
219
|
+
response.body
|
220
|
+
when 401
|
221
|
+
raise TokenExpiredError
|
222
|
+
else
|
223
|
+
raise Non200Response
|
224
|
+
end
|
206
225
|
end
|
207
226
|
|
208
227
|
# PUT request fetch token with ttl
|
@@ -244,10 +263,10 @@ module Aws
|
|
244
263
|
# @api private
|
245
264
|
# Token used to fetch IMDS profile and credentials
|
246
265
|
class Token
|
247
|
-
def initialize(value, ttl)
|
266
|
+
def initialize(value, ttl, created_time = Time.now)
|
248
267
|
@ttl = ttl
|
249
268
|
@value = value
|
250
|
-
@created_time =
|
269
|
+
@created_time = created_time
|
251
270
|
end
|
252
271
|
|
253
272
|
# [String] token value
|
@@ -64,7 +64,9 @@ locations will be searched for credentials:
|
|
64
64
|
* EC2/ECS IMDS instance profile - When used by default, the timeouts
|
65
65
|
are very aggressive. Construct and pass an instance of
|
66
66
|
`Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
67
|
-
enable retries and extended timeouts.
|
67
|
+
enable retries and extended timeouts. Instance profile credential
|
68
|
+
fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
69
|
+
to true.
|
68
70
|
DOCS
|
69
71
|
) do |config|
|
70
72
|
CredentialProviderChain.new(config).resolve
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
# @api private
|
5
|
+
module Plugins
|
6
|
+
# @api private
|
7
|
+
class DefaultsMode < Seahorse::Client::Plugin
|
8
|
+
|
9
|
+
option(:defaults_mode,
|
10
|
+
default: 'legacy',
|
11
|
+
doc_type: String,
|
12
|
+
docstring: <<-DOCS
|
13
|
+
See {Aws::DefaultsModeConfiguration} for a list of the
|
14
|
+
accepted modes and the configuration defaults that are included.
|
15
|
+
DOCS
|
16
|
+
) do |cfg|
|
17
|
+
resolve_defaults_mode(cfg)
|
18
|
+
end
|
19
|
+
|
20
|
+
option(:defaults_mode_config_resolver,
|
21
|
+
doc_type: 'Aws::DefaultsModeConfigResolver') do |cfg|
|
22
|
+
Aws::DefaultsModeConfigResolver.new(
|
23
|
+
Aws::DefaultsModeConfiguration::SDK_DEFAULT_CONFIGURATION, cfg)
|
24
|
+
end
|
25
|
+
|
26
|
+
class << self
|
27
|
+
private
|
28
|
+
|
29
|
+
def resolve_defaults_mode(cfg)
|
30
|
+
value = ENV['AWS_DEFAULTS_MODE']
|
31
|
+
value ||= Aws.shared_config.defaults_mode(
|
32
|
+
profile: cfg.profile
|
33
|
+
)
|
34
|
+
value&.downcase || "legacy"
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
@@ -4,9 +4,26 @@ module Aws
|
|
4
4
|
module Plugins
|
5
5
|
module Protocols
|
6
6
|
class ApiGateway < Seahorse::Client::Plugin
|
7
|
+
|
8
|
+
class ContentTypeHandler < Seahorse::Client::Handler
|
9
|
+
def call(context)
|
10
|
+
body = context.http_request.body
|
11
|
+
# Rest::Handler will set a default JSON body, so size can be checked
|
12
|
+
# if this handler is run after serialization.
|
13
|
+
if !body.respond_to?(:size) ||
|
14
|
+
(body.respond_to?(:size) && body.size > 0)
|
15
|
+
context.http_request.headers['Content-Type'] ||=
|
16
|
+
'application/json'
|
17
|
+
end
|
18
|
+
@handler.call(context)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
7
22
|
handler(Rest::Handler)
|
23
|
+
handler(ContentTypeHandler, priority: 30)
|
8
24
|
handler(Json::ErrorHandler, step: :sign)
|
9
25
|
end
|
26
|
+
|
10
27
|
end
|
11
28
|
end
|
12
29
|
end
|
@@ -5,10 +5,25 @@ module Aws
|
|
5
5
|
module Protocols
|
6
6
|
class RestJson < Seahorse::Client::Plugin
|
7
7
|
|
8
|
+
class ContentTypeHandler < Seahorse::Client::Handler
|
9
|
+
def call(context)
|
10
|
+
body = context.http_request.body
|
11
|
+
# Rest::Handler will set a default JSON body, so size can be checked
|
12
|
+
# if this handler is run after serialization.
|
13
|
+
if !body.respond_to?(:size) ||
|
14
|
+
(body.respond_to?(:size) && body.size > 0)
|
15
|
+
context.http_request.headers['Content-Type'] ||=
|
16
|
+
'application/json'
|
17
|
+
end
|
18
|
+
@handler.call(context)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
8
22
|
handler(Rest::Handler)
|
23
|
+
handler(ContentTypeHandler, priority: 30)
|
9
24
|
handler(Json::ErrorHandler, step: :sign)
|
10
|
-
|
11
25
|
end
|
26
|
+
|
12
27
|
end
|
13
28
|
end
|
14
29
|
end
|