aws-sdk-core 3.122.0 → 3.125.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +24 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +153 -0
- data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
- data/lib/aws-defaults.rb +3 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +3 -1
- data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
- data/lib/aws-sdk-core/plugins/retry_errors.rb +9 -3
- data/lib/aws-sdk-core/rest/request/headers.rb +6 -1
- data/lib/aws-sdk-core/rest/response/headers.rb +2 -0
- data/lib/aws-sdk-core/shared_config.rb +2 -1
- data/lib/aws-sdk-core.rb +3 -0
- data/lib/aws-sdk-sso/client.rb +14 -3
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +84 -112
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +5 -1
- data/lib/aws-sdk-sts/types.rb +33 -23
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/seahorse/client/net_http/connection_pool.rb +7 -0
- data/lib/seahorse/client/plugins/net_http.rb +33 -2
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: def152a91149637981ad2822c07522bf7362d6ac6a654c8debbcd218e40dad54
|
4
|
+
data.tar.gz: 79c65b3a466afca388f13f70ad0f4d2b9d6bba431cc5bd62b631d1c0ca538189
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f93f49d7f0dbc42c84db54f5b586cc95867cfe9f69769e0b8b766ddfe26c4a6854b53e34a9ff51b4ffc28190a4629e4473893d43406eaf29c251c5dfb346b3c9
|
7
|
+
data.tar.gz: b4c3131c2940c25ac868df96d1aa0bcce525aa26b2ee1a233113628533a51f47d39d49cc40878c14c0368399dbc9f51d7ccaec524f53e56a24d909fd20ac1017
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,30 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
3.125.0 (2021-12-21)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
8
|
+
|
9
|
+
* Feature - Add `:defaults_mode` configuration - that determines how certain default configuration options are resolved in the SDK.
|
10
|
+
|
11
|
+
3.124.0 (2021-11-30)
|
12
|
+
------------------
|
13
|
+
|
14
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
15
|
+
|
16
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
17
|
+
|
18
|
+
3.123.0 (2021-11-23)
|
19
|
+
------------------
|
20
|
+
|
21
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
22
|
+
|
23
|
+
3.122.1 (2021-11-09)
|
24
|
+
------------------
|
25
|
+
|
26
|
+
* Issue - Correctly serialize/deserialize header lists.
|
27
|
+
|
4
28
|
3.122.0 (2021-11-04)
|
5
29
|
------------------
|
6
30
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.125.0
|
@@ -0,0 +1,153 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'defaults_mode_config_resolver'
|
4
|
+
|
5
|
+
module Aws
|
6
|
+
|
7
|
+
# A defaults mode determines how certain default configuration options are resolved in the SDK.
|
8
|
+
#
|
9
|
+
# *Note*: For any mode other than `'legacy'` the vended default values might change as best practices may
|
10
|
+
# evolve. As a result, it is encouraged to perform testing when upgrading the SDK if you are using a mode other than
|
11
|
+
# `'legacy'`. While the `'legacy'` defaults mode is specific to Ruby,
|
12
|
+
# other modes are standardized across all of the AWS SDKs.
|
13
|
+
#
|
14
|
+
# The defaults mode can be configured:
|
15
|
+
#
|
16
|
+
# * Directly on a client via `:defaults_mode`
|
17
|
+
#
|
18
|
+
# * On a configuration profile via the "defaults_mode" profile file property.
|
19
|
+
#
|
20
|
+
# * Globally via the "AWS_DEFAULTS_MODE" environment variable.
|
21
|
+
#
|
22
|
+
#
|
23
|
+
# @code_generation START - documentation
|
24
|
+
# The following `:default_mode` values are supported:
|
25
|
+
#
|
26
|
+
# * `'standard'` -
|
27
|
+
# The STANDARD mode provides the latest recommended default values
|
28
|
+
# that should be safe to run in most scenarios
|
29
|
+
#
|
30
|
+
# Note that the default values vended from this mode might change as
|
31
|
+
# best practices may evolve. As a result, it is encouraged to perform
|
32
|
+
# tests when upgrading the SDK
|
33
|
+
#
|
34
|
+
# * `'in-region'` -
|
35
|
+
# The IN\_REGION mode builds on the standard mode and includes
|
36
|
+
# optimization tailored for applications which call AWS services from
|
37
|
+
# within the same AWS region
|
38
|
+
#
|
39
|
+
# Note that the default values vended from this mode might change as
|
40
|
+
# best practices may evolve. As a result, it is encouraged to perform
|
41
|
+
# tests when upgrading the SDK
|
42
|
+
#
|
43
|
+
# * `'cross-region'` -
|
44
|
+
# The CROSS\_REGION mode builds on the standard mode and includes
|
45
|
+
# optimization tailored for applications which call AWS services in a
|
46
|
+
# different region
|
47
|
+
#
|
48
|
+
# Note that the default values vended from this mode might change as
|
49
|
+
# best practices may evolve. As a result, it is encouraged to perform
|
50
|
+
# tests when upgrading the SDK
|
51
|
+
#
|
52
|
+
# * `'mobile'` -
|
53
|
+
# The MOBILE mode builds on the standard mode and includes
|
54
|
+
# optimization tailored for mobile applications
|
55
|
+
#
|
56
|
+
# Note that the default values vended from this mode might change as
|
57
|
+
# best practices may evolve. As a result, it is encouraged to perform
|
58
|
+
# tests when upgrading the SDK
|
59
|
+
#
|
60
|
+
# * `'auto'` -
|
61
|
+
# The AUTO mode is an experimental mode that builds on the standard
|
62
|
+
# mode. The SDK will attempt to discover the execution environment to
|
63
|
+
# determine the appropriate settings automatically.
|
64
|
+
#
|
65
|
+
# Note that the auto detection is heuristics-based and does not
|
66
|
+
# guarantee 100% accuracy. STANDARD mode will be used if the execution
|
67
|
+
# environment cannot be determined. The auto detection might query
|
68
|
+
# [EC2 Instance Metadata service][1], which might introduce latency.
|
69
|
+
# Therefore we recommend choosing an explicit defaults\_mode instead
|
70
|
+
# if startup latency is critical to your application
|
71
|
+
#
|
72
|
+
# * `'legacy'` -
|
73
|
+
# The LEGACY mode provides default settings that vary per SDK and were
|
74
|
+
# used prior to establishment of defaults\_mode
|
75
|
+
#
|
76
|
+
# Based on the provided mode, the SDK will vend sensible default values
|
77
|
+
# tailored to the mode for the following settings:
|
78
|
+
#
|
79
|
+
# * `:retry_mode` -
|
80
|
+
# A retry mode specifies how the SDK attempts retries. See [Retry
|
81
|
+
# Mode][2]
|
82
|
+
#
|
83
|
+
# * `:sts_regional_endpoints` -
|
84
|
+
# Specifies how the SDK determines the AWS service endpoint that it
|
85
|
+
# uses to talk to the AWS Security Token Service (AWS STS). See
|
86
|
+
# [Setting STS Regional endpoints][3]
|
87
|
+
#
|
88
|
+
# * `:s3_us_east_1_regional_endpoint` -
|
89
|
+
# Specifies how the SDK determines the AWS service endpoint that it
|
90
|
+
# uses to talk to the Amazon S3 for the us-east-1 region
|
91
|
+
#
|
92
|
+
# * `:http_open_timeout` -
|
93
|
+
# The amount of time after making an initial connection attempt on a
|
94
|
+
# socket, where if the client does not receive a completion of the
|
95
|
+
# connect handshake, the client gives up and fails the operation
|
96
|
+
#
|
97
|
+
# * `:ssl_timeout` -
|
98
|
+
# The maximum amount of time that a TLS handshake is allowed to take
|
99
|
+
# from the time the CLIENT HELLO message is sent to ethe time the
|
100
|
+
# client and server have fully negotiated ciphers and exchanged keys
|
101
|
+
#
|
102
|
+
# All options above can be configured by users, and the overridden value will take precedence.
|
103
|
+
#
|
104
|
+
# [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
|
105
|
+
# [2]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-retry_mode.html
|
106
|
+
# [3]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-sts_regional_endpoints.html
|
107
|
+
#
|
108
|
+
# @code_generation END - documentation
|
109
|
+
module DefaultsModeConfiguration
|
110
|
+
# @api private
|
111
|
+
# @code_generation START - configuration
|
112
|
+
SDK_DEFAULT_CONFIGURATION =
|
113
|
+
{
|
114
|
+
"version" => 1,
|
115
|
+
"base" => {
|
116
|
+
"retryMode" => "standard",
|
117
|
+
"stsRegionalEndpoints" => "regional",
|
118
|
+
"s3UsEast1RegionalEndpoints" => "regional",
|
119
|
+
"connectTimeoutInMillis" => 1100,
|
120
|
+
"tlsNegotiationTimeoutInMillis" => 1100
|
121
|
+
},
|
122
|
+
"modes" => {
|
123
|
+
"standard" => {
|
124
|
+
"connectTimeoutInMillis" => {
|
125
|
+
"override" => 3100
|
126
|
+
},
|
127
|
+
"tlsNegotiationTimeoutInMillis" => {
|
128
|
+
"override" => 3100
|
129
|
+
}
|
130
|
+
},
|
131
|
+
"in-region" => {
|
132
|
+
},
|
133
|
+
"cross-region" => {
|
134
|
+
"connectTimeoutInMillis" => {
|
135
|
+
"override" => 3100
|
136
|
+
},
|
137
|
+
"tlsNegotiationTimeoutInMillis" => {
|
138
|
+
"override" => 3100
|
139
|
+
}
|
140
|
+
},
|
141
|
+
"mobile" => {
|
142
|
+
"connectTimeoutInMillis" => {
|
143
|
+
"override" => 30000
|
144
|
+
},
|
145
|
+
"tlsNegotiationTimeoutInMillis" => {
|
146
|
+
"override" => 30000
|
147
|
+
}
|
148
|
+
}
|
149
|
+
}
|
150
|
+
}
|
151
|
+
# @code_generation END - configuration
|
152
|
+
end
|
153
|
+
end
|
@@ -0,0 +1,107 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
#@api private
|
5
|
+
class DefaultsModeConfigResolver
|
6
|
+
|
7
|
+
@@application_region = nil
|
8
|
+
@@application_region_mutex = Mutex.new
|
9
|
+
@@imds_client = EC2Metadata.new(retries: 0, http_open_timeout: 0.01)
|
10
|
+
|
11
|
+
# mappings from Ruby SDK configuration names to the
|
12
|
+
# sdk defaults option names and (optional) scale modifiers
|
13
|
+
CFG_OPTIONS = {
|
14
|
+
retry_mode: { name: "retryMode" },
|
15
|
+
sts_regional_endpoints: { name: "stsRegionalEndpoints" },
|
16
|
+
s3_us_east_1_regional_endpoint: { name: "s3UsEast1RegionalEndpoints" },
|
17
|
+
http_open_timeout: { name: "connectTimeoutInMillis", scale: 0.001 },
|
18
|
+
http_read_timeout: { name: "timeToFirstByteTimeoutInMillis", scale: 0.001 },
|
19
|
+
ssl_timeout: { name: "tlsNegotiationTimeoutInMillis", scale: 0.001 }
|
20
|
+
}.freeze
|
21
|
+
|
22
|
+
def initialize(sdk_defaults, cfg)
|
23
|
+
@sdk_defaults = sdk_defaults
|
24
|
+
@cfg = cfg
|
25
|
+
@resolved_mode = nil
|
26
|
+
@mutex = Mutex.new
|
27
|
+
end
|
28
|
+
|
29
|
+
# option_name should be the symbolized ruby name to resolve
|
30
|
+
# returns the ruby appropriate value or nil if none are resolved
|
31
|
+
def resolve(option_name)
|
32
|
+
return unless (std_option = CFG_OPTIONS[option_name])
|
33
|
+
mode = resolved_mode.downcase
|
34
|
+
|
35
|
+
return nil if mode == 'legacy'
|
36
|
+
|
37
|
+
value = resolve_for_mode(std_option[:name], mode)
|
38
|
+
value = value * std_option[:scale] if value && std_option[:scale]
|
39
|
+
|
40
|
+
value
|
41
|
+
end
|
42
|
+
|
43
|
+
private
|
44
|
+
def resolved_mode
|
45
|
+
@mutex.synchronize do
|
46
|
+
return @resolved_mode unless @resolved_mode.nil?
|
47
|
+
|
48
|
+
@resolved_mode = @cfg.defaults_mode == 'auto' ? resolve_auto_mode : @cfg.defaults_mode
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def resolve_auto_mode
|
53
|
+
return "mobile" if env_mobile?
|
54
|
+
|
55
|
+
region = application_current_region
|
56
|
+
|
57
|
+
if region
|
58
|
+
@cfg.region == region ? "in-region": "cross-region"
|
59
|
+
else
|
60
|
+
# We don't seem to be mobile, and we couldn't determine whether we're running within an AWS region. Fall back to standard.
|
61
|
+
'standard'
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
def application_current_region
|
66
|
+
resolved_region = @@application_region_mutex.synchronize do
|
67
|
+
return @@application_region unless @@application_region.nil?
|
68
|
+
|
69
|
+
region = nil
|
70
|
+
if ENV['AWS_EXECUTION_ENV']
|
71
|
+
region = ENV['AWS_REGION'] || ENV['AWS_DEFAULT_REGION']
|
72
|
+
end
|
73
|
+
|
74
|
+
if region.nil? && ENV['AWS_EC2_METADATA_DISABLED']&.downcase != "true"
|
75
|
+
begin
|
76
|
+
region = @@imds_client.get('/latest/meta-data/placement/region')
|
77
|
+
rescue
|
78
|
+
# unable to get region, leave it unset
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
# required so that we cache the unknown/nil result
|
83
|
+
@@application_region = region || :unknown
|
84
|
+
end
|
85
|
+
resolved_region == :unknown ? nil : resolved_region
|
86
|
+
end
|
87
|
+
|
88
|
+
def resolve_for_mode(name, mode)
|
89
|
+
base_value = @sdk_defaults['base'][name]
|
90
|
+
mode_value = @sdk_defaults['modes'].fetch(mode, {})[name]
|
91
|
+
|
92
|
+
if mode_value.nil?
|
93
|
+
return base_value
|
94
|
+
end
|
95
|
+
|
96
|
+
return mode_value['override'] unless mode_value['override'].nil?
|
97
|
+
return base_value + mode_value['add'] unless mode_value['add'].nil?
|
98
|
+
return base_value * mode_value['multiply'] unless mode_value['multiply'].nil?
|
99
|
+
return base_value
|
100
|
+
end
|
101
|
+
|
102
|
+
def env_mobile?
|
103
|
+
false
|
104
|
+
end
|
105
|
+
|
106
|
+
end
|
107
|
+
end
|
data/lib/aws-defaults.rb
ADDED
@@ -64,7 +64,9 @@ locations will be searched for credentials:
|
|
64
64
|
* EC2/ECS IMDS instance profile - When used by default, the timeouts
|
65
65
|
are very aggressive. Construct and pass an instance of
|
66
66
|
`Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
67
|
-
enable retries and extended timeouts.
|
67
|
+
enable retries and extended timeouts. Instance profile credential
|
68
|
+
fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
69
|
+
to true.
|
68
70
|
DOCS
|
69
71
|
) do |config|
|
70
72
|
CredentialProviderChain.new(config).resolve
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
# @api private
|
5
|
+
module Plugins
|
6
|
+
# @api private
|
7
|
+
class DefaultsMode < Seahorse::Client::Plugin
|
8
|
+
|
9
|
+
option(:defaults_mode,
|
10
|
+
default: 'legacy',
|
11
|
+
doc_type: String,
|
12
|
+
docstring: <<-DOCS
|
13
|
+
See {Aws::DefaultsModeConfiguration} for a list of the
|
14
|
+
accepted modes and the configuration defaults that are included.
|
15
|
+
DOCS
|
16
|
+
) do |cfg|
|
17
|
+
resolve_defaults_mode(cfg)
|
18
|
+
end
|
19
|
+
|
20
|
+
option(:defaults_mode_config_resolver,
|
21
|
+
doc_type: 'Aws::DefaultsModeConfigResolver') do |cfg|
|
22
|
+
Aws::DefaultsModeConfigResolver.new(
|
23
|
+
Aws::DefaultsModeConfiguration::SDK_DEFAULT_CONFIGURATION, cfg)
|
24
|
+
end
|
25
|
+
|
26
|
+
class << self
|
27
|
+
private
|
28
|
+
|
29
|
+
def resolve_defaults_mode(cfg)
|
30
|
+
value = ENV['AWS_DEFAULTS_MODE']
|
31
|
+
value ||= Aws.shared_config.defaults_mode(
|
32
|
+
profile: cfg.profile
|
33
|
+
)
|
34
|
+
value&.downcase || "legacy"
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
@@ -163,9 +163,15 @@ a clock skew correction and retry requests with skewed client clocks.
|
|
163
163
|
option(:clock_skew) { Retries::ClockSkew.new }
|
164
164
|
|
165
165
|
def self.resolve_retry_mode(cfg)
|
166
|
-
|
167
|
-
|
168
|
-
|
166
|
+
default_mode_value =
|
167
|
+
if cfg.respond_to?(:defaults_mode_config_resolver)
|
168
|
+
cfg.defaults_mode_config_resolver.resolve(:retry_mode)
|
169
|
+
end
|
170
|
+
|
171
|
+
value = ENV['AWS_RETRY_MODE'] ||
|
172
|
+
Aws.shared_config.retry_mode(profile: cfg.profile) ||
|
173
|
+
default_mode_value ||
|
174
|
+
'legacy'
|
169
175
|
# Raise if provided value is not one of the retry modes
|
170
176
|
if value != 'legacy' && value != 'standard' && value != 'adaptive'
|
171
177
|
raise ArgumentError,
|
@@ -35,6 +35,7 @@ module Aws
|
|
35
35
|
headers[ref.location_name] =
|
36
36
|
case ref.shape
|
37
37
|
when TimestampShape then timestamp(ref, value)
|
38
|
+
when ListShape then list(ref, value)
|
38
39
|
else value.to_s
|
39
40
|
end
|
40
41
|
end
|
@@ -49,6 +50,10 @@ module Aws
|
|
49
50
|
end
|
50
51
|
end
|
51
52
|
|
53
|
+
def list(_ref, value)
|
54
|
+
value.compact.join(",")
|
55
|
+
end
|
56
|
+
|
52
57
|
def apply_header_map(headers, ref, values)
|
53
58
|
prefix = ref.location_name || ''
|
54
59
|
values.each_pair do |name, value|
|
@@ -57,7 +62,7 @@ module Aws
|
|
57
62
|
end
|
58
63
|
|
59
64
|
# With complex headers value in json syntax,
|
60
|
-
# base64 encodes value to
|
65
|
+
# base64 encodes value to avoid weird characters
|
61
66
|
# causing potential issues in headers
|
62
67
|
def apply_json_trait(value)
|
63
68
|
Base64.strict_encode64(value)
|
@@ -40,6 +40,8 @@ module Aws
|
|
40
40
|
when IntegerShape then value.to_i
|
41
41
|
when FloatShape then value.to_f
|
42
42
|
when BooleanShape then value == 'true'
|
43
|
+
when ListShape then
|
44
|
+
value.split(",").map { |v| cast_value(ref.shape.member, v) }
|
43
45
|
when TimestampShape
|
44
46
|
if value =~ /^\d+(\.\d*)/
|
45
47
|
Time.at(value.to_f)
|
data/lib/aws-sdk-core.rb
CHANGED
data/lib/aws-sdk-sso/client.rb
CHANGED
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
30
31
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
31
32
|
require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
32
33
|
|
@@ -73,6 +74,7 @@ module Aws::SSO
|
|
73
74
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
74
75
|
add_plugin(Aws::Plugins::TransferEncoding)
|
75
76
|
add_plugin(Aws::Plugins::HttpChecksum)
|
77
|
+
add_plugin(Aws::Plugins::DefaultsMode)
|
76
78
|
add_plugin(Aws::Plugins::SignatureV4)
|
77
79
|
add_plugin(Aws::Plugins::Protocols::RestJson)
|
78
80
|
|
@@ -119,7 +121,9 @@ module Aws::SSO
|
|
119
121
|
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
120
122
|
# are very aggressive. Construct and pass an instance of
|
121
123
|
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
122
|
-
# enable retries and extended timeouts.
|
124
|
+
# enable retries and extended timeouts. Instance profile credential
|
125
|
+
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
126
|
+
# to true.
|
123
127
|
#
|
124
128
|
# @option options [required, String] :region
|
125
129
|
# The AWS region to connect to. The configured `:region` is
|
@@ -173,6 +177,10 @@ module Aws::SSO
|
|
173
177
|
# Used only in `standard` and adaptive retry modes. Specifies whether to apply
|
174
178
|
# a clock skew correction and retry requests with skewed client clocks.
|
175
179
|
#
|
180
|
+
# @option options [String] :defaults_mode ("legacy")
|
181
|
+
# See {Aws::DefaultsModeConfiguration} for a list of the
|
182
|
+
# accepted modes and the configuration defaults that are included.
|
183
|
+
#
|
176
184
|
# @option options [Boolean] :disable_host_prefix_injection (false)
|
177
185
|
# Set to true to disable SDK automatically adding host prefix
|
178
186
|
# to default service endpoint when available.
|
@@ -295,7 +303,7 @@ module Aws::SSO
|
|
295
303
|
# seconds to wait when opening a HTTP session before raising a
|
296
304
|
# `Timeout::Error`.
|
297
305
|
#
|
298
|
-
# @option options [
|
306
|
+
# @option options [Float] :http_read_timeout (60) The default
|
299
307
|
# number of seconds to wait for response data. This value can
|
300
308
|
# safely be set per-request on the session.
|
301
309
|
#
|
@@ -311,6 +319,9 @@ module Aws::SSO
|
|
311
319
|
# disables this behaviour. This value can safely be set per
|
312
320
|
# request on the session.
|
313
321
|
#
|
322
|
+
# @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
|
323
|
+
# in seconds.
|
324
|
+
#
|
314
325
|
# @option options [Boolean] :http_wire_trace (false) When `true`,
|
315
326
|
# HTTP debug output will be sent to the `:logger`.
|
316
327
|
#
|
@@ -530,7 +541,7 @@ module Aws::SSO
|
|
530
541
|
params: params,
|
531
542
|
config: config)
|
532
543
|
context[:gem_name] = 'aws-sdk-core'
|
533
|
-
context[:gem_version] = '3.
|
544
|
+
context[:gem_version] = '3.125.0'
|
534
545
|
Seahorse::Client::Request.new(handlers, context)
|
535
546
|
end
|
536
547
|
|
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
30
31
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
31
32
|
require 'aws-sdk-core/plugins/protocols/query.rb'
|
32
33
|
require 'aws-sdk-sts/plugins/sts_regional_endpoints.rb'
|
@@ -74,6 +75,7 @@ module Aws::STS
|
|
74
75
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
75
76
|
add_plugin(Aws::Plugins::TransferEncoding)
|
76
77
|
add_plugin(Aws::Plugins::HttpChecksum)
|
78
|
+
add_plugin(Aws::Plugins::DefaultsMode)
|
77
79
|
add_plugin(Aws::Plugins::SignatureV4)
|
78
80
|
add_plugin(Aws::Plugins::Protocols::Query)
|
79
81
|
add_plugin(Aws::STS::Plugins::STSRegionalEndpoints)
|
@@ -121,7 +123,9 @@ module Aws::STS
|
|
121
123
|
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
122
124
|
# are very aggressive. Construct and pass an instance of
|
123
125
|
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
124
|
-
# enable retries and extended timeouts.
|
126
|
+
# enable retries and extended timeouts. Instance profile credential
|
127
|
+
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
128
|
+
# to true.
|
125
129
|
#
|
126
130
|
# @option options [required, String] :region
|
127
131
|
# The AWS region to connect to. The configured `:region` is
|
@@ -175,6 +179,10 @@ module Aws::STS
|
|
175
179
|
# Used only in `standard` and adaptive retry modes. Specifies whether to apply
|
176
180
|
# a clock skew correction and retry requests with skewed client clocks.
|
177
181
|
#
|
182
|
+
# @option options [String] :defaults_mode ("legacy")
|
183
|
+
# See {Aws::DefaultsModeConfiguration} for a list of the
|
184
|
+
# accepted modes and the configuration defaults that are included.
|
185
|
+
#
|
178
186
|
# @option options [Boolean] :disable_host_prefix_injection (false)
|
179
187
|
# Set to true to disable SDK automatically adding host prefix
|
180
188
|
# to default service endpoint when available.
|
@@ -302,7 +310,7 @@ module Aws::STS
|
|
302
310
|
# seconds to wait when opening a HTTP session before raising a
|
303
311
|
# `Timeout::Error`.
|
304
312
|
#
|
305
|
-
# @option options [
|
313
|
+
# @option options [Float] :http_read_timeout (60) The default
|
306
314
|
# number of seconds to wait for response data. This value can
|
307
315
|
# safely be set per-request on the session.
|
308
316
|
#
|
@@ -318,6 +326,9 @@ module Aws::STS
|
|
318
326
|
# disables this behaviour. This value can safely be set per
|
319
327
|
# request on the session.
|
320
328
|
#
|
329
|
+
# @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
|
330
|
+
# in seconds.
|
331
|
+
#
|
321
332
|
# @option options [Boolean] :http_wire_trace (false) When `true`,
|
322
333
|
# HTTP debug output will be sent to the `:logger`.
|
323
334
|
#
|
@@ -350,15 +361,15 @@ module Aws::STS
|
|
350
361
|
# `AssumeRole` within your account or for cross-account access. For a
|
351
362
|
# comparison of `AssumeRole` with other API operations that produce
|
352
363
|
# temporary credentials, see [Requesting Temporary Security
|
353
|
-
# Credentials][1] and [Comparing the
|
354
|
-
# User Guide*.
|
364
|
+
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
365
|
+
# operations][2] in the *IAM User Guide*.
|
355
366
|
#
|
356
367
|
# **Permissions**
|
357
368
|
#
|
358
369
|
# The temporary security credentials created by `AssumeRole` can be used
|
359
370
|
# to make API calls to any Amazon Web Services service with the
|
360
|
-
# following exception: You cannot call the
|
361
|
-
# `GetSessionToken` API operations.
|
371
|
+
# following exception: You cannot call the Amazon Web Services STS
|
372
|
+
# `GetFederationToken` or `GetSessionToken` API operations.
|
362
373
|
#
|
363
374
|
# (Optional) You can pass inline or managed [session policies][3] to
|
364
375
|
# this operation. You can pass a single JSON policy document to use as
|
@@ -375,28 +386,37 @@ module Aws::STS
|
|
375
386
|
# assumed. For more information, see [Session Policies][3] in the *IAM
|
376
387
|
# User Guide*.
|
377
388
|
#
|
378
|
-
#
|
379
|
-
#
|
380
|
-
#
|
381
|
-
#
|
389
|
+
# When you create a role, you create two policies: A role trust policy
|
390
|
+
# that specifies *who* can assume the role and a permissions policy that
|
391
|
+
# specifies *what* can be done with the role. You specify the trusted
|
392
|
+
# principal who is allowed to assume the role in the role trust policy.
|
393
|
+
#
|
394
|
+
# To assume a role from a different account, your Amazon Web Services
|
395
|
+
# account must be trusted by the role. The trust relationship is defined
|
396
|
+
# in the role's trust policy when the role is created. That trust
|
397
|
+
# policy states which accounts are allowed to delegate that access to
|
398
|
+
# users in the account.
|
382
399
|
#
|
383
400
|
# A user who wants to access a role in a different account must also
|
384
401
|
# have permissions that are delegated from the user account
|
385
402
|
# administrator. The administrator must attach a policy that allows the
|
386
403
|
# user to call `AssumeRole` for the ARN of the role in the other
|
387
|
-
# account.
|
388
|
-
# do either of the following:
|
404
|
+
# account.
|
389
405
|
#
|
390
|
-
#
|
391
|
-
#
|
406
|
+
# To allow a user to assume a role in the same account, you can do
|
407
|
+
# either of the following:
|
408
|
+
#
|
409
|
+
# * Attach a policy to the user that allows the user to call
|
410
|
+
# `AssumeRole` (as long as the role's trust policy trusts the
|
411
|
+
# account).
|
392
412
|
#
|
393
413
|
# * Add the user as a principal directly in the role's trust policy.
|
394
414
|
#
|
395
|
-
#
|
396
|
-
#
|
397
|
-
#
|
398
|
-
#
|
399
|
-
# Guide*.
|
415
|
+
# You can do either because the role’s trust policy acts as an IAM
|
416
|
+
# resource-based policy. When a resource-based policy grants access to a
|
417
|
+
# principal in the same account, no additional identity-based policy is
|
418
|
+
# required. For more information about trust policies and resource-based
|
419
|
+
# policies, see [IAM Policies][4] in the *IAM User Guide*.
|
400
420
|
#
|
401
421
|
# **Tags**
|
402
422
|
#
|
@@ -538,15 +558,25 @@ module Aws::STS
|
|
538
558
|
#
|
539
559
|
# @option params [Integer] :duration_seconds
|
540
560
|
# The duration, in seconds, of the role session. The value specified can
|
541
|
-
#
|
542
|
-
#
|
543
|
-
#
|
544
|
-
#
|
545
|
-
#
|
546
|
-
#
|
547
|
-
#
|
548
|
-
#
|
549
|
-
#
|
561
|
+
# range from 900 seconds (15 minutes) up to the maximum session duration
|
562
|
+
# set for the role. The maximum session duration setting can have a
|
563
|
+
# value from 1 hour to 12 hours. If you specify a value higher than this
|
564
|
+
# setting or the administrator setting (whichever is lower), the
|
565
|
+
# operation fails. For example, if you specify a session duration of 12
|
566
|
+
# hours, but your administrator set the maximum session duration to 6
|
567
|
+
# hours, your operation fails.
|
568
|
+
#
|
569
|
+
# Role chaining limits your Amazon Web Services CLI or Amazon Web
|
570
|
+
# Services API role session to a maximum of one hour. When you use the
|
571
|
+
# `AssumeRole` API operation to assume a role, you can specify the
|
572
|
+
# duration of your role session with the `DurationSeconds` parameter.
|
573
|
+
# You can specify a parameter value of up to 43200 seconds (12 hours),
|
574
|
+
# depending on the maximum session duration setting for your role.
|
575
|
+
# However, if you assume a role using role chaining and provide a
|
576
|
+
# `DurationSeconds` parameter value greater than one hour, the operation
|
577
|
+
# fails. To learn how to view the maximum value for your role, see [View
|
578
|
+
# the Maximum Session Duration Setting for a Role][1] in the *IAM User
|
579
|
+
# Guide*.
|
550
580
|
#
|
551
581
|
# By default, the value is set to `3600` seconds.
|
552
582
|
#
|
@@ -555,8 +585,8 @@ module Aws::STS
|
|
555
585
|
# The request to the federation endpoint for a console sign-in token
|
556
586
|
# takes a `SessionDuration` parameter that specifies the maximum length
|
557
587
|
# of the console session. For more information, see [Creating a URL that
|
558
|
-
# Enables Federated Users to Access the
|
559
|
-
# *IAM User Guide*.
|
588
|
+
# Enables Federated Users to Access the Amazon Web Services Management
|
589
|
+
# Console][2] in the *IAM User Guide*.
|
560
590
|
#
|
561
591
|
# </note>
|
562
592
|
#
|
@@ -568,8 +598,8 @@ module Aws::STS
|
|
568
598
|
# @option params [Array<Types::Tag>] :tags
|
569
599
|
# A list of session tags that you want to pass. Each session tag
|
570
600
|
# consists of a key name and an associated value. For more information
|
571
|
-
# about session tags, see [Tagging STS Sessions][1]
|
572
|
-
# Guide*.
|
601
|
+
# about session tags, see [Tagging Amazon Web Services STS Sessions][1]
|
602
|
+
# in the *IAM User Guide*.
|
573
603
|
#
|
574
604
|
# This parameter is optional. You can pass up to 50 session tags. The
|
575
605
|
# plaintext session tag keys can’t exceed 128 characters, and the values
|
@@ -798,8 +828,8 @@ module Aws::STS
|
|
798
828
|
# user-specific credentials or configuration. For a comparison of
|
799
829
|
# `AssumeRoleWithSAML` with the other API operations that produce
|
800
830
|
# temporary credentials, see [Requesting Temporary Security
|
801
|
-
# Credentials][1] and [Comparing the
|
802
|
-
# User Guide*.
|
831
|
+
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
832
|
+
# operations][2] in the *IAM User Guide*.
|
803
833
|
#
|
804
834
|
# The temporary security credentials returned by this operation consist
|
805
835
|
# of an access key ID, a secret access key, and a security token.
|
@@ -1051,8 +1081,8 @@ module Aws::STS
|
|
1051
1081
|
# The request to the federation endpoint for a console sign-in token
|
1052
1082
|
# takes a `SessionDuration` parameter that specifies the maximum length
|
1053
1083
|
# of the console session. For more information, see [Creating a URL that
|
1054
|
-
# Enables Federated Users to Access the
|
1055
|
-
# *IAM User Guide*.
|
1084
|
+
# Enables Federated Users to Access the Amazon Web Services Management
|
1085
|
+
# Console][2] in the *IAM User Guide*.
|
1056
1086
|
#
|
1057
1087
|
# </note>
|
1058
1088
|
#
|
@@ -1172,8 +1202,8 @@ module Aws::STS
|
|
1172
1202
|
# a token from the web identity provider. For a comparison of
|
1173
1203
|
# `AssumeRoleWithWebIdentity` with the other API operations that produce
|
1174
1204
|
# temporary credentials, see [Requesting Temporary Security
|
1175
|
-
# Credentials][5] and [Comparing the
|
1176
|
-
# User Guide*.
|
1205
|
+
# Credentials][5] and [Comparing the Amazon Web Services STS API
|
1206
|
+
# operations][6] in the *IAM User Guide*.
|
1177
1207
|
#
|
1178
1208
|
# The temporary security credentials returned by this API consist of an
|
1179
1209
|
# access key ID, a secret access key, and a security token. Applications
|
@@ -1433,8 +1463,8 @@ module Aws::STS
|
|
1433
1463
|
# The request to the federation endpoint for a console sign-in token
|
1434
1464
|
# takes a `SessionDuration` parameter that specifies the maximum length
|
1435
1465
|
# of the console session. For more information, see [Creating a URL that
|
1436
|
-
# Enables Federated Users to Access the
|
1437
|
-
# *IAM User Guide*.
|
1466
|
+
# Enables Federated Users to Access the Amazon Web Services Management
|
1467
|
+
# Console][2] in the *IAM User Guide*.
|
1438
1468
|
#
|
1439
1469
|
# </note>
|
1440
1470
|
#
|
@@ -1540,17 +1570,17 @@ module Aws::STS
|
|
1540
1570
|
# </note>
|
1541
1571
|
#
|
1542
1572
|
# The message is encoded because the details of the authorization status
|
1543
|
-
# can
|
1573
|
+
# can contain privileged information that the user who requested the
|
1544
1574
|
# operation should not see. To decode an authorization status message, a
|
1545
|
-
# user must be granted permissions
|
1546
|
-
# `DecodeAuthorizationMessage` (`sts:DecodeAuthorizationMessage`)
|
1575
|
+
# user must be granted permissions through an IAM [policy][1] to request
|
1576
|
+
# the `DecodeAuthorizationMessage` (`sts:DecodeAuthorizationMessage`)
|
1547
1577
|
# action.
|
1548
1578
|
#
|
1549
1579
|
# The decoded message includes the following type of information:
|
1550
1580
|
#
|
1551
1581
|
# * Whether the request was denied due to an explicit deny or due to the
|
1552
1582
|
# absence of an explicit allow. For more information, see [Determining
|
1553
|
-
# Whether a Request is Allowed or Denied][
|
1583
|
+
# Whether a Request is Allowed or Denied][2] in the *IAM User Guide*.
|
1554
1584
|
#
|
1555
1585
|
# * The principal who made the request.
|
1556
1586
|
#
|
@@ -1562,7 +1592,8 @@ module Aws::STS
|
|
1562
1592
|
#
|
1563
1593
|
#
|
1564
1594
|
#
|
1565
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1595
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
|
1596
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow
|
1566
1597
|
#
|
1567
1598
|
# @option params [required, String] :encoded_message
|
1568
1599
|
# The encoded message that was returned with the response.
|
@@ -1757,8 +1788,8 @@ module Aws::STS
|
|
1757
1788
|
# can be safely stored, usually in a server-based application. For a
|
1758
1789
|
# comparison of `GetFederationToken` with the other API operations that
|
1759
1790
|
# produce temporary credentials, see [Requesting Temporary Security
|
1760
|
-
# Credentials][1] and [Comparing the
|
1761
|
-
# User Guide*.
|
1791
|
+
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
1792
|
+
# operations][2] in the *IAM User Guide*.
|
1762
1793
|
#
|
1763
1794
|
# <note markdown="1"> You can create a mobile-based or browser-based app that can
|
1764
1795
|
# authenticate users using a web identity provider like Login with
|
@@ -1782,7 +1813,7 @@ module Aws::STS
|
|
1782
1813
|
# The temporary credentials are valid for the specified duration, from
|
1783
1814
|
# 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
|
1784
1815
|
# hours). The default session duration is 43,200 seconds (12 hours).
|
1785
|
-
# Temporary credentials
|
1816
|
+
# Temporary credentials obtained by using the Amazon Web Services
|
1786
1817
|
# account root user credentials have a maximum duration of 3,600 seconds
|
1787
1818
|
# (1 hour).
|
1788
1819
|
#
|
@@ -1837,65 +1868,6 @@ module Aws::STS
|
|
1837
1868
|
#
|
1838
1869
|
# </note>
|
1839
1870
|
#
|
1840
|
-
# You can also call `GetFederationToken` using the security credentials
|
1841
|
-
# of an Amazon Web Services account root user, but we do not recommend
|
1842
|
-
# it. Instead, we recommend that you create an IAM user for the purpose
|
1843
|
-
# of the proxy application. Then attach a policy to the IAM user that
|
1844
|
-
# limits federated users to only the actions and resources that they
|
1845
|
-
# need to access. For more information, see [IAM Best Practices][5] in
|
1846
|
-
# the *IAM User Guide*.
|
1847
|
-
#
|
1848
|
-
# **Session duration**
|
1849
|
-
#
|
1850
|
-
# The temporary credentials are valid for the specified duration, from
|
1851
|
-
# 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
|
1852
|
-
# hours). The default session duration is 43,200 seconds (12 hours).
|
1853
|
-
# Temporary credentials that are obtained by using Amazon Web Services
|
1854
|
-
# account root user credentials have a maximum duration of 3,600 seconds
|
1855
|
-
# (1 hour).
|
1856
|
-
#
|
1857
|
-
# **Permissions**
|
1858
|
-
#
|
1859
|
-
# You can use the temporary credentials created by `GetFederationToken`
|
1860
|
-
# in any Amazon Web Services service except the following:
|
1861
|
-
#
|
1862
|
-
# * You cannot call any IAM operations using the CLI or the Amazon Web
|
1863
|
-
# Services API.
|
1864
|
-
#
|
1865
|
-
# * You cannot call any STS operations except `GetCallerIdentity`.
|
1866
|
-
#
|
1867
|
-
# You must pass an inline or managed [session policy][6] to this
|
1868
|
-
# operation. You can pass a single JSON policy document to use as an
|
1869
|
-
# inline session policy. You can also specify up to 10 managed policies
|
1870
|
-
# to use as managed session policies. The plain text that you use for
|
1871
|
-
# both inline and managed session policies can't exceed 2,048
|
1872
|
-
# characters.
|
1873
|
-
#
|
1874
|
-
# Though the session policy parameters are optional, if you do not pass
|
1875
|
-
# a policy, then the resulting federated user session has no
|
1876
|
-
# permissions. When you pass session policies, the session permissions
|
1877
|
-
# are the intersection of the IAM user policies and the session policies
|
1878
|
-
# that you pass. This gives you a way to further restrict the
|
1879
|
-
# permissions for a federated user. You cannot use session policies to
|
1880
|
-
# grant more permissions than those that are defined in the permissions
|
1881
|
-
# policy of the IAM user. For more information, see [Session
|
1882
|
-
# Policies][6] in the *IAM User Guide*. For information about using
|
1883
|
-
# `GetFederationToken` to create temporary security credentials, see
|
1884
|
-
# [GetFederationToken—Federation Through a Custom Identity Broker][7].
|
1885
|
-
#
|
1886
|
-
# You can use the credentials to access a resource that has a
|
1887
|
-
# resource-based policy. If that policy specifically references the
|
1888
|
-
# federated user session in the `Principal` element of the policy, the
|
1889
|
-
# session has the permissions allowed by the policy. These permissions
|
1890
|
-
# are granted in addition to the permissions granted by the session
|
1891
|
-
# policies.
|
1892
|
-
#
|
1893
|
-
# **Tags**
|
1894
|
-
#
|
1895
|
-
# (Optional) You can pass tag key-value pairs to your session. These are
|
1896
|
-
# called session tags. For more information about session tags, see
|
1897
|
-
# [Passing Session Tags in STS][8] in the *IAM User Guide*.
|
1898
|
-
#
|
1899
1871
|
# An administrator must grant you the permissions necessary to pass
|
1900
1872
|
# session tags. The administrator can also create granular permissions
|
1901
1873
|
# to allow you to pass only specific session tags. For more information,
|
@@ -2164,8 +2136,8 @@ module Aws::STS
|
|
2164
2136
|
# correct MFA code, then the API returns an access denied error. For a
|
2165
2137
|
# comparison of `GetSessionToken` with the other API operations that
|
2166
2138
|
# produce temporary credentials, see [Requesting Temporary Security
|
2167
|
-
# Credentials][1] and [Comparing the
|
2168
|
-
# User Guide*.
|
2139
|
+
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
2140
|
+
# operations][2] in the *IAM User Guide*.
|
2169
2141
|
#
|
2170
2142
|
# **Session Duration**
|
2171
2143
|
#
|
@@ -2233,8 +2205,8 @@ module Aws::STS
|
|
2233
2205
|
# The value is either the serial number for a hardware device (such as
|
2234
2206
|
# `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual device
|
2235
2207
|
# (such as `arn:aws:iam::123456789012:mfa/user`). You can find the
|
2236
|
-
# device for an IAM user by going to the
|
2237
|
-
# the user's security credentials.
|
2208
|
+
# device for an IAM user by going to the Amazon Web Services Management
|
2209
|
+
# Console and viewing the user's security credentials.
|
2238
2210
|
#
|
2239
2211
|
# The regex used to validate this parameter is a string of characters
|
2240
2212
|
# consisting of upper- and lower-case alphanumeric characters with no
|
@@ -2312,7 +2284,7 @@ module Aws::STS
|
|
2312
2284
|
params: params,
|
2313
2285
|
config: config)
|
2314
2286
|
context[:gem_name] = 'aws-sdk-core'
|
2315
|
-
context[:gem_version] = '3.
|
2287
|
+
context[:gem_version] = '3.125.0'
|
2316
2288
|
Seahorse::Client::Request.new(handlers, context)
|
2317
2289
|
end
|
2318
2290
|
|
@@ -24,7 +24,11 @@ regions to resolve to the STS global endpoint.
|
|
24
24
|
env_mode = nil if env_mode == ''
|
25
25
|
cfg_mode = Aws.shared_config.sts_regional_endpoints(
|
26
26
|
profile: cfg.profile)
|
27
|
-
|
27
|
+
default_mode_value =
|
28
|
+
if cfg.respond_to?(:defaults_mode_config_resolver)
|
29
|
+
cfg.defaults_mode_config_resolver.resolve(:sts_regional_endpoints)
|
30
|
+
end
|
31
|
+
env_mode || cfg_mode || default_mode_value || 'regional'
|
28
32
|
end
|
29
33
|
|
30
34
|
end
|
data/lib/aws-sdk-sts/types.rb
CHANGED
@@ -132,16 +132,25 @@ module Aws::STS
|
|
132
132
|
#
|
133
133
|
# @!attribute [rw] duration_seconds
|
134
134
|
# The duration, in seconds, of the role session. The value specified
|
135
|
-
# can
|
136
|
-
#
|
137
|
-
#
|
138
|
-
#
|
139
|
-
#
|
140
|
-
#
|
141
|
-
#
|
142
|
-
#
|
143
|
-
#
|
144
|
-
#
|
135
|
+
# can range from 900 seconds (15 minutes) up to the maximum session
|
136
|
+
# duration set for the role. The maximum session duration setting can
|
137
|
+
# have a value from 1 hour to 12 hours. If you specify a value higher
|
138
|
+
# than this setting or the administrator setting (whichever is lower),
|
139
|
+
# the operation fails. For example, if you specify a session duration
|
140
|
+
# of 12 hours, but your administrator set the maximum session duration
|
141
|
+
# to 6 hours, your operation fails.
|
142
|
+
#
|
143
|
+
# Role chaining limits your Amazon Web Services CLI or Amazon Web
|
144
|
+
# Services API role session to a maximum of one hour. When you use the
|
145
|
+
# `AssumeRole` API operation to assume a role, you can specify the
|
146
|
+
# duration of your role session with the `DurationSeconds` parameter.
|
147
|
+
# You can specify a parameter value of up to 43200 seconds (12 hours),
|
148
|
+
# depending on the maximum session duration setting for your role.
|
149
|
+
# However, if you assume a role using role chaining and provide a
|
150
|
+
# `DurationSeconds` parameter value greater than one hour, the
|
151
|
+
# operation fails. To learn how to view the maximum value for your
|
152
|
+
# role, see [View the Maximum Session Duration Setting for a Role][1]
|
153
|
+
# in the *IAM User Guide*.
|
145
154
|
#
|
146
155
|
# By default, the value is set to `3600` seconds.
|
147
156
|
#
|
@@ -150,8 +159,8 @@ module Aws::STS
|
|
150
159
|
# credentials. The request to the federation endpoint for a console
|
151
160
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
152
161
|
# maximum length of the console session. For more information, see
|
153
|
-
# [Creating a URL that Enables Federated Users to Access the
|
154
|
-
# Management Console][2] in the *IAM User Guide*.
|
162
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
163
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
155
164
|
#
|
156
165
|
# </note>
|
157
166
|
#
|
@@ -164,8 +173,8 @@ module Aws::STS
|
|
164
173
|
# @!attribute [rw] tags
|
165
174
|
# A list of session tags that you want to pass. Each session tag
|
166
175
|
# consists of a key name and an associated value. For more information
|
167
|
-
# about session tags, see [Tagging
|
168
|
-
# Guide*.
|
176
|
+
# about session tags, see [Tagging Amazon Web Services STS
|
177
|
+
# Sessions][1] in the *IAM User Guide*.
|
169
178
|
#
|
170
179
|
# This parameter is optional. You can pass up to 50 session tags. The
|
171
180
|
# plaintext session tag keys can’t exceed 128 characters, and the
|
@@ -516,8 +525,8 @@ module Aws::STS
|
|
516
525
|
# credentials. The request to the federation endpoint for a console
|
517
526
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
518
527
|
# maximum length of the console session. For more information, see
|
519
|
-
# [Creating a URL that Enables Federated Users to Access the
|
520
|
-
# Management Console][2] in the *IAM User Guide*.
|
528
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
529
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
521
530
|
#
|
522
531
|
# </note>
|
523
532
|
#
|
@@ -802,8 +811,8 @@ module Aws::STS
|
|
802
811
|
# credentials. The request to the federation endpoint for a console
|
803
812
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
804
813
|
# maximum length of the console session. For more information, see
|
805
|
-
# [Creating a URL that Enables Federated Users to Access the
|
806
|
-
# Management Console][2] in the *IAM User Guide*.
|
814
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
815
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
807
816
|
#
|
808
817
|
# </note>
|
809
818
|
#
|
@@ -1012,7 +1021,7 @@ module Aws::STS
|
|
1012
1021
|
# returned in response to an Amazon Web Services request.
|
1013
1022
|
#
|
1014
1023
|
# @!attribute [rw] decoded_message
|
1015
|
-
#
|
1024
|
+
# The API returns a response with the decoded message.
|
1016
1025
|
# @return [String]
|
1017
1026
|
#
|
1018
1027
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageResponse AWS API Documentation
|
@@ -1396,8 +1405,8 @@ module Aws::STS
|
|
1396
1405
|
# The value is either the serial number for a hardware device (such as
|
1397
1406
|
# `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual
|
1398
1407
|
# device (such as `arn:aws:iam::123456789012:mfa/user`). You can find
|
1399
|
-
# the device for an IAM user by going to the
|
1400
|
-
# viewing the user's security credentials.
|
1408
|
+
# the device for an IAM user by going to the Amazon Web Services
|
1409
|
+
# Management Console and viewing the user's security credentials.
|
1401
1410
|
#
|
1402
1411
|
# The regex used to validate this parameter is a string of characters
|
1403
1412
|
# consisting of upper- and lower-case alphanumeric characters with no
|
@@ -1546,7 +1555,7 @@ module Aws::STS
|
|
1546
1555
|
#
|
1547
1556
|
#
|
1548
1557
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1549
|
-
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1558
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length
|
1550
1559
|
#
|
1551
1560
|
# @!attribute [rw] message
|
1552
1561
|
# @return [String]
|
@@ -1612,7 +1621,8 @@ module Aws::STS
|
|
1612
1621
|
# You can pass custom key-value pair attributes when you assume a role
|
1613
1622
|
# or federate a user. These are called session tags. You can then use
|
1614
1623
|
# the session tags to control access to resources. For more information,
|
1615
|
-
# see [Tagging STS Sessions][1] in the *IAM User
|
1624
|
+
# see [Tagging Amazon Web Services STS Sessions][1] in the *IAM User
|
1625
|
+
# Guide*.
|
1616
1626
|
#
|
1617
1627
|
#
|
1618
1628
|
#
|
data/lib/aws-sdk-sts.rb
CHANGED
@@ -34,6 +34,7 @@ module Seahorse
|
|
34
34
|
ssl_ca_bundle: nil,
|
35
35
|
ssl_ca_directory: nil,
|
36
36
|
ssl_ca_store: nil,
|
37
|
+
ssl_timeout: nil
|
37
38
|
}
|
38
39
|
|
39
40
|
# @api private
|
@@ -187,6 +188,9 @@ module Seahorse
|
|
187
188
|
# disables this behaviour. This value can safely be set per
|
188
189
|
# request on the session yielded by {#session_for}.
|
189
190
|
#
|
191
|
+
# @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
|
192
|
+
# in seconds.
|
193
|
+
#
|
190
194
|
# @option options [Boolean] :http_wire_trace (false) When `true`,
|
191
195
|
# HTTP debug output will be sent to the `:logger`.
|
192
196
|
#
|
@@ -248,6 +252,7 @@ module Seahorse
|
|
248
252
|
:ssl_ca_bundle => options[:ssl_ca_bundle],
|
249
253
|
:ssl_ca_directory => options[:ssl_ca_directory],
|
250
254
|
:ssl_ca_store => options[:ssl_ca_store],
|
255
|
+
:ssl_timeout => options[:ssl_timeout]
|
251
256
|
}
|
252
257
|
end
|
253
258
|
|
@@ -285,6 +290,8 @@ module Seahorse
|
|
285
290
|
|
286
291
|
if endpoint.scheme == 'https'
|
287
292
|
http.use_ssl = true
|
293
|
+
http.ssl_timeout = ssl_timeout
|
294
|
+
|
288
295
|
if ssl_verify_peer?
|
289
296
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
290
297
|
http.ca_file = ssl_ca_bundle if ssl_ca_bundle
|
@@ -9,9 +9,13 @@ module Seahorse
|
|
9
9
|
|
10
10
|
option(:http_proxy, default: nil, doc_type: String, docstring: '')
|
11
11
|
|
12
|
-
option(:http_open_timeout, default: 15, doc_type: Integer, docstring: '')
|
12
|
+
option(:http_open_timeout, default: 15, doc_type: Integer, docstring: '') do |cfg|
|
13
|
+
resolve_http_open_timeout(cfg)
|
14
|
+
end
|
13
15
|
|
14
|
-
option(:http_read_timeout, default: 60, doc_type: Integer, docstring: '')
|
16
|
+
option(:http_read_timeout, default: 60, doc_type: Integer, docstring: '') do |cfg|
|
17
|
+
resolve_http_read_timeout(cfg)
|
18
|
+
end
|
15
19
|
|
16
20
|
option(:http_idle_timeout, default: 5, doc_type: Integer, docstring: '')
|
17
21
|
|
@@ -30,10 +34,37 @@ module Seahorse
|
|
30
34
|
|
31
35
|
option(:ssl_ca_store, default: nil, doc_type: String, docstring: '')
|
32
36
|
|
37
|
+
option(:ssl_timeout, default: nil, doc_type: Float, docstring: '') do |cfg|
|
38
|
+
resolve_ssl_timeout(cfg)
|
39
|
+
end
|
40
|
+
|
33
41
|
option(:logger) # for backwards compat
|
34
42
|
|
35
43
|
handler(Client::NetHttp::Handler, step: :send)
|
36
44
|
|
45
|
+
def self.resolve_http_open_timeout(cfg)
|
46
|
+
default_mode_value =
|
47
|
+
if cfg.respond_to?(:defaults_mode_config_resolver)
|
48
|
+
cfg.defaults_mode_config_resolver.resolve(:http_open_timeout)
|
49
|
+
end
|
50
|
+
default_mode_value || 15
|
51
|
+
end
|
52
|
+
|
53
|
+
def self.resolve_http_read_timeout(cfg)
|
54
|
+
default_mode_value =
|
55
|
+
if cfg.respond_to?(:defaults_mode_config_resolver)
|
56
|
+
cfg.defaults_mode_config_resolver.resolve(:http_read_timeout)
|
57
|
+
end
|
58
|
+
default_mode_value || 60
|
59
|
+
end
|
60
|
+
|
61
|
+
def self.resolve_ssl_timeout(cfg)
|
62
|
+
default_mode_value =
|
63
|
+
if cfg.respond_to?(:defaults_mode_config_resolver)
|
64
|
+
cfg.defaults_mode_config_resolver.resolve(:ssl_timeout)
|
65
|
+
end
|
66
|
+
default_mode_value || nil
|
67
|
+
end
|
37
68
|
end
|
38
69
|
end
|
39
70
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.125.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-12-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jmespath
|
@@ -89,6 +89,9 @@ files:
|
|
89
89
|
- LICENSE.txt
|
90
90
|
- VERSION
|
91
91
|
- ca-bundle.crt
|
92
|
+
- lib/aws-defaults.rb
|
93
|
+
- lib/aws-defaults/default_configuration.rb
|
94
|
+
- lib/aws-defaults/defaults_mode_config_resolver.rb
|
92
95
|
- lib/aws-sdk-core.rb
|
93
96
|
- lib/aws-sdk-core/arn.rb
|
94
97
|
- lib/aws-sdk-core/arn_parser.rb
|
@@ -139,6 +142,7 @@ files:
|
|
139
142
|
- lib/aws-sdk-core/plugins/client_metrics_plugin.rb
|
140
143
|
- lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb
|
141
144
|
- lib/aws-sdk-core/plugins/credentials_configuration.rb
|
145
|
+
- lib/aws-sdk-core/plugins/defaults_mode.rb
|
142
146
|
- lib/aws-sdk-core/plugins/endpoint_discovery.rb
|
143
147
|
- lib/aws-sdk-core/plugins/endpoint_pattern.rb
|
144
148
|
- lib/aws-sdk-core/plugins/event_stream_configuration.rb
|