aws-sdk-core 3.122.1 → 3.125.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 537c37ff87364e7db7df2b499b7e82544a3912b817b32d4b43ae81a32c511f7b
4
- data.tar.gz: 7deac3f2493760b46f54ae0f54022878641023f54566af10d56e270ea7590935
3
+ metadata.gz: def152a91149637981ad2822c07522bf7362d6ac6a654c8debbcd218e40dad54
4
+ data.tar.gz: 79c65b3a466afca388f13f70ad0f4d2b9d6bba431cc5bd62b631d1c0ca538189
5
5
  SHA512:
6
- metadata.gz: 63aa35b1adf4d9f660f35af4f174922fe417b9f1124602d493d4fcc90c256e8ffb472489c606746f8c06f72f71c9faa33a8a1746d7496e1fc76a2a8d138a5b7e
7
- data.tar.gz: 113f6de79f057dd502327550b44566f52f291f1358817778dc915849c4838b29f9724f1cd4ad5f75b2df153675e058982b26a47ffbc585d008b280fb87744417
6
+ metadata.gz: f93f49d7f0dbc42c84db54f5b586cc95867cfe9f69769e0b8b766ddfe26c4a6854b53e34a9ff51b4ffc28190a4629e4473893d43406eaf29c251c5dfb346b3c9
7
+ data.tar.gz: b4c3131c2940c25ac868df96d1aa0bcce525aa26b2ee1a233113628533a51f47d39d49cc40878c14c0368399dbc9f51d7ccaec524f53e56a24d909fd20ac1017
data/CHANGELOG.md CHANGED
@@ -1,6 +1,25 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 3.125.0 (2021-12-21)
5
+ ------------------
6
+
7
+ * Feature - Updated Aws::SSO::Client with the latest API changes.
8
+
9
+ * Feature - Add `:defaults_mode` configuration - that determines how certain default configuration options are resolved in the SDK.
10
+
11
+ 3.124.0 (2021-11-30)
12
+ ------------------
13
+
14
+ * Feature - Updated Aws::STS::Client with the latest API changes.
15
+
16
+ * Feature - Updated Aws::SSO::Client with the latest API changes.
17
+
18
+ 3.123.0 (2021-11-23)
19
+ ------------------
20
+
21
+ * Feature - Updated Aws::STS::Client with the latest API changes.
22
+
4
23
  3.122.1 (2021-11-09)
5
24
  ------------------
6
25
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.122.1
1
+ 3.125.0
@@ -0,0 +1,153 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'defaults_mode_config_resolver'
4
+
5
+ module Aws
6
+
7
+ # A defaults mode determines how certain default configuration options are resolved in the SDK.
8
+ #
9
+ # *Note*: For any mode other than `'legacy'` the vended default values might change as best practices may
10
+ # evolve. As a result, it is encouraged to perform testing when upgrading the SDK if you are using a mode other than
11
+ # `'legacy'`. While the `'legacy'` defaults mode is specific to Ruby,
12
+ # other modes are standardized across all of the AWS SDKs.
13
+ #
14
+ # The defaults mode can be configured:
15
+ #
16
+ # * Directly on a client via `:defaults_mode`
17
+ #
18
+ # * On a configuration profile via the "defaults_mode" profile file property.
19
+ #
20
+ # * Globally via the "AWS_DEFAULTS_MODE" environment variable.
21
+ #
22
+ #
23
+ # @code_generation START - documentation
24
+ # The following `:default_mode` values are supported:
25
+ #
26
+ # * `'standard'` -
27
+ # The STANDARD mode provides the latest recommended default values
28
+ # that should be safe to run in most scenarios
29
+ #
30
+ # Note that the default values vended from this mode might change as
31
+ # best practices may evolve. As a result, it is encouraged to perform
32
+ # tests when upgrading the SDK
33
+ #
34
+ # * `'in-region'` -
35
+ # The IN\_REGION mode builds on the standard mode and includes
36
+ # optimization tailored for applications which call AWS services from
37
+ # within the same AWS region
38
+ #
39
+ # Note that the default values vended from this mode might change as
40
+ # best practices may evolve. As a result, it is encouraged to perform
41
+ # tests when upgrading the SDK
42
+ #
43
+ # * `'cross-region'` -
44
+ # The CROSS\_REGION mode builds on the standard mode and includes
45
+ # optimization tailored for applications which call AWS services in a
46
+ # different region
47
+ #
48
+ # Note that the default values vended from this mode might change as
49
+ # best practices may evolve. As a result, it is encouraged to perform
50
+ # tests when upgrading the SDK
51
+ #
52
+ # * `'mobile'` -
53
+ # The MOBILE mode builds on the standard mode and includes
54
+ # optimization tailored for mobile applications
55
+ #
56
+ # Note that the default values vended from this mode might change as
57
+ # best practices may evolve. As a result, it is encouraged to perform
58
+ # tests when upgrading the SDK
59
+ #
60
+ # * `'auto'` -
61
+ # The AUTO mode is an experimental mode that builds on the standard
62
+ # mode. The SDK will attempt to discover the execution environment to
63
+ # determine the appropriate settings automatically.
64
+ #
65
+ # Note that the auto detection is heuristics-based and does not
66
+ # guarantee 100% accuracy. STANDARD mode will be used if the execution
67
+ # environment cannot be determined. The auto detection might query
68
+ # [EC2 Instance Metadata service][1], which might introduce latency.
69
+ # Therefore we recommend choosing an explicit defaults\_mode instead
70
+ # if startup latency is critical to your application
71
+ #
72
+ # * `'legacy'` -
73
+ # The LEGACY mode provides default settings that vary per SDK and were
74
+ # used prior to establishment of defaults\_mode
75
+ #
76
+ # Based on the provided mode, the SDK will vend sensible default values
77
+ # tailored to the mode for the following settings:
78
+ #
79
+ # * `:retry_mode` -
80
+ # A retry mode specifies how the SDK attempts retries. See [Retry
81
+ # Mode][2]
82
+ #
83
+ # * `:sts_regional_endpoints` -
84
+ # Specifies how the SDK determines the AWS service endpoint that it
85
+ # uses to talk to the AWS Security Token Service (AWS STS). See
86
+ # [Setting STS Regional endpoints][3]
87
+ #
88
+ # * `:s3_us_east_1_regional_endpoint` -
89
+ # Specifies how the SDK determines the AWS service endpoint that it
90
+ # uses to talk to the Amazon S3 for the us-east-1 region
91
+ #
92
+ # * `:http_open_timeout` -
93
+ # The amount of time after making an initial connection attempt on a
94
+ # socket, where if the client does not receive a completion of the
95
+ # connect handshake, the client gives up and fails the operation
96
+ #
97
+ # * `:ssl_timeout` -
98
+ # The maximum amount of time that a TLS handshake is allowed to take
99
+ # from the time the CLIENT HELLO message is sent to ethe time the
100
+ # client and server have fully negotiated ciphers and exchanged keys
101
+ #
102
+ # All options above can be configured by users, and the overridden value will take precedence.
103
+ #
104
+ # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
105
+ # [2]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-retry_mode.html
106
+ # [3]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-sts_regional_endpoints.html
107
+ #
108
+ # @code_generation END - documentation
109
+ module DefaultsModeConfiguration
110
+ # @api private
111
+ # @code_generation START - configuration
112
+ SDK_DEFAULT_CONFIGURATION =
113
+ {
114
+ "version" => 1,
115
+ "base" => {
116
+ "retryMode" => "standard",
117
+ "stsRegionalEndpoints" => "regional",
118
+ "s3UsEast1RegionalEndpoints" => "regional",
119
+ "connectTimeoutInMillis" => 1100,
120
+ "tlsNegotiationTimeoutInMillis" => 1100
121
+ },
122
+ "modes" => {
123
+ "standard" => {
124
+ "connectTimeoutInMillis" => {
125
+ "override" => 3100
126
+ },
127
+ "tlsNegotiationTimeoutInMillis" => {
128
+ "override" => 3100
129
+ }
130
+ },
131
+ "in-region" => {
132
+ },
133
+ "cross-region" => {
134
+ "connectTimeoutInMillis" => {
135
+ "override" => 3100
136
+ },
137
+ "tlsNegotiationTimeoutInMillis" => {
138
+ "override" => 3100
139
+ }
140
+ },
141
+ "mobile" => {
142
+ "connectTimeoutInMillis" => {
143
+ "override" => 30000
144
+ },
145
+ "tlsNegotiationTimeoutInMillis" => {
146
+ "override" => 30000
147
+ }
148
+ }
149
+ }
150
+ }
151
+ # @code_generation END - configuration
152
+ end
153
+ end
@@ -0,0 +1,107 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ #@api private
5
+ class DefaultsModeConfigResolver
6
+
7
+ @@application_region = nil
8
+ @@application_region_mutex = Mutex.new
9
+ @@imds_client = EC2Metadata.new(retries: 0, http_open_timeout: 0.01)
10
+
11
+ # mappings from Ruby SDK configuration names to the
12
+ # sdk defaults option names and (optional) scale modifiers
13
+ CFG_OPTIONS = {
14
+ retry_mode: { name: "retryMode" },
15
+ sts_regional_endpoints: { name: "stsRegionalEndpoints" },
16
+ s3_us_east_1_regional_endpoint: { name: "s3UsEast1RegionalEndpoints" },
17
+ http_open_timeout: { name: "connectTimeoutInMillis", scale: 0.001 },
18
+ http_read_timeout: { name: "timeToFirstByteTimeoutInMillis", scale: 0.001 },
19
+ ssl_timeout: { name: "tlsNegotiationTimeoutInMillis", scale: 0.001 }
20
+ }.freeze
21
+
22
+ def initialize(sdk_defaults, cfg)
23
+ @sdk_defaults = sdk_defaults
24
+ @cfg = cfg
25
+ @resolved_mode = nil
26
+ @mutex = Mutex.new
27
+ end
28
+
29
+ # option_name should be the symbolized ruby name to resolve
30
+ # returns the ruby appropriate value or nil if none are resolved
31
+ def resolve(option_name)
32
+ return unless (std_option = CFG_OPTIONS[option_name])
33
+ mode = resolved_mode.downcase
34
+
35
+ return nil if mode == 'legacy'
36
+
37
+ value = resolve_for_mode(std_option[:name], mode)
38
+ value = value * std_option[:scale] if value && std_option[:scale]
39
+
40
+ value
41
+ end
42
+
43
+ private
44
+ def resolved_mode
45
+ @mutex.synchronize do
46
+ return @resolved_mode unless @resolved_mode.nil?
47
+
48
+ @resolved_mode = @cfg.defaults_mode == 'auto' ? resolve_auto_mode : @cfg.defaults_mode
49
+ end
50
+ end
51
+
52
+ def resolve_auto_mode
53
+ return "mobile" if env_mobile?
54
+
55
+ region = application_current_region
56
+
57
+ if region
58
+ @cfg.region == region ? "in-region": "cross-region"
59
+ else
60
+ # We don't seem to be mobile, and we couldn't determine whether we're running within an AWS region. Fall back to standard.
61
+ 'standard'
62
+ end
63
+ end
64
+
65
+ def application_current_region
66
+ resolved_region = @@application_region_mutex.synchronize do
67
+ return @@application_region unless @@application_region.nil?
68
+
69
+ region = nil
70
+ if ENV['AWS_EXECUTION_ENV']
71
+ region = ENV['AWS_REGION'] || ENV['AWS_DEFAULT_REGION']
72
+ end
73
+
74
+ if region.nil? && ENV['AWS_EC2_METADATA_DISABLED']&.downcase != "true"
75
+ begin
76
+ region = @@imds_client.get('/latest/meta-data/placement/region')
77
+ rescue
78
+ # unable to get region, leave it unset
79
+ end
80
+ end
81
+
82
+ # required so that we cache the unknown/nil result
83
+ @@application_region = region || :unknown
84
+ end
85
+ resolved_region == :unknown ? nil : resolved_region
86
+ end
87
+
88
+ def resolve_for_mode(name, mode)
89
+ base_value = @sdk_defaults['base'][name]
90
+ mode_value = @sdk_defaults['modes'].fetch(mode, {})[name]
91
+
92
+ if mode_value.nil?
93
+ return base_value
94
+ end
95
+
96
+ return mode_value['override'] unless mode_value['override'].nil?
97
+ return base_value + mode_value['add'] unless mode_value['add'].nil?
98
+ return base_value * mode_value['multiply'] unless mode_value['multiply'].nil?
99
+ return base_value
100
+ end
101
+
102
+ def env_mobile?
103
+ false
104
+ end
105
+
106
+ end
107
+ end
@@ -0,0 +1,3 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'aws-defaults/default_configuration'
@@ -64,7 +64,9 @@ locations will be searched for credentials:
64
64
  * EC2/ECS IMDS instance profile - When used by default, the timeouts
65
65
  are very aggressive. Construct and pass an instance of
66
66
  `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
67
- enable retries and extended timeouts.
67
+ enable retries and extended timeouts. Instance profile credential
68
+ fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
69
+ to true.
68
70
  DOCS
69
71
  ) do |config|
70
72
  CredentialProviderChain.new(config).resolve
@@ -0,0 +1,40 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ # @api private
5
+ module Plugins
6
+ # @api private
7
+ class DefaultsMode < Seahorse::Client::Plugin
8
+
9
+ option(:defaults_mode,
10
+ default: 'legacy',
11
+ doc_type: String,
12
+ docstring: <<-DOCS
13
+ See {Aws::DefaultsModeConfiguration} for a list of the
14
+ accepted modes and the configuration defaults that are included.
15
+ DOCS
16
+ ) do |cfg|
17
+ resolve_defaults_mode(cfg)
18
+ end
19
+
20
+ option(:defaults_mode_config_resolver,
21
+ doc_type: 'Aws::DefaultsModeConfigResolver') do |cfg|
22
+ Aws::DefaultsModeConfigResolver.new(
23
+ Aws::DefaultsModeConfiguration::SDK_DEFAULT_CONFIGURATION, cfg)
24
+ end
25
+
26
+ class << self
27
+ private
28
+
29
+ def resolve_defaults_mode(cfg)
30
+ value = ENV['AWS_DEFAULTS_MODE']
31
+ value ||= Aws.shared_config.defaults_mode(
32
+ profile: cfg.profile
33
+ )
34
+ value&.downcase || "legacy"
35
+ end
36
+ end
37
+
38
+ end
39
+ end
40
+ end
@@ -163,9 +163,15 @@ a clock skew correction and retry requests with skewed client clocks.
163
163
  option(:clock_skew) { Retries::ClockSkew.new }
164
164
 
165
165
  def self.resolve_retry_mode(cfg)
166
- value = ENV['AWS_RETRY_MODE'] ||
167
- Aws.shared_config.retry_mode(profile: cfg.profile) ||
168
- 'legacy'
166
+ default_mode_value =
167
+ if cfg.respond_to?(:defaults_mode_config_resolver)
168
+ cfg.defaults_mode_config_resolver.resolve(:retry_mode)
169
+ end
170
+
171
+ value = ENV['AWS_RETRY_MODE'] ||
172
+ Aws.shared_config.retry_mode(profile: cfg.profile) ||
173
+ default_mode_value ||
174
+ 'legacy'
169
175
  # Raise if provided value is not one of the retry modes
170
176
  if value != 'legacy' && value != 'standard' && value != 'adaptive'
171
177
  raise ArgumentError,
@@ -178,7 +178,8 @@ module Aws
178
178
  :sts_regional_endpoints,
179
179
  :s3_use_arn_region,
180
180
  :s3_us_east_1_regional_endpoint,
181
- :s3_disable_multiregion_access_points
181
+ :s3_disable_multiregion_access_points,
182
+ :defaults_mode
182
183
  )
183
184
 
184
185
  private
data/lib/aws-sdk-core.rb CHANGED
@@ -88,6 +88,9 @@ require_relative 'aws-sdk-core/arn'
88
88
  require_relative 'aws-sdk-core/arn_parser'
89
89
  require_relative 'aws-sdk-core/ec2_metadata'
90
90
 
91
+ # defaults
92
+ require_relative 'aws-defaults'
93
+
91
94
  # plugins
92
95
  # loaded through building STS or SSO ..
93
96
 
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
27
27
  require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
28
28
  require 'aws-sdk-core/plugins/transfer_encoding.rb'
29
29
  require 'aws-sdk-core/plugins/http_checksum.rb'
30
+ require 'aws-sdk-core/plugins/defaults_mode.rb'
30
31
  require 'aws-sdk-core/plugins/signature_v4.rb'
31
32
  require 'aws-sdk-core/plugins/protocols/rest_json.rb'
32
33
 
@@ -73,6 +74,7 @@ module Aws::SSO
73
74
  add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
74
75
  add_plugin(Aws::Plugins::TransferEncoding)
75
76
  add_plugin(Aws::Plugins::HttpChecksum)
77
+ add_plugin(Aws::Plugins::DefaultsMode)
76
78
  add_plugin(Aws::Plugins::SignatureV4)
77
79
  add_plugin(Aws::Plugins::Protocols::RestJson)
78
80
 
@@ -119,7 +121,9 @@ module Aws::SSO
119
121
  # * EC2/ECS IMDS instance profile - When used by default, the timeouts
120
122
  # are very aggressive. Construct and pass an instance of
121
123
  # `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
122
- # enable retries and extended timeouts.
124
+ # enable retries and extended timeouts. Instance profile credential
125
+ # fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
126
+ # to true.
123
127
  #
124
128
  # @option options [required, String] :region
125
129
  # The AWS region to connect to. The configured `:region` is
@@ -173,6 +177,10 @@ module Aws::SSO
173
177
  # Used only in `standard` and adaptive retry modes. Specifies whether to apply
174
178
  # a clock skew correction and retry requests with skewed client clocks.
175
179
  #
180
+ # @option options [String] :defaults_mode ("legacy")
181
+ # See {Aws::DefaultsModeConfiguration} for a list of the
182
+ # accepted modes and the configuration defaults that are included.
183
+ #
176
184
  # @option options [Boolean] :disable_host_prefix_injection (false)
177
185
  # Set to true to disable SDK automatically adding host prefix
178
186
  # to default service endpoint when available.
@@ -295,7 +303,7 @@ module Aws::SSO
295
303
  # seconds to wait when opening a HTTP session before raising a
296
304
  # `Timeout::Error`.
297
305
  #
298
- # @option options [Integer] :http_read_timeout (60) The default
306
+ # @option options [Float] :http_read_timeout (60) The default
299
307
  # number of seconds to wait for response data. This value can
300
308
  # safely be set per-request on the session.
301
309
  #
@@ -311,6 +319,9 @@ module Aws::SSO
311
319
  # disables this behaviour. This value can safely be set per
312
320
  # request on the session.
313
321
  #
322
+ # @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
323
+ # in seconds.
324
+ #
314
325
  # @option options [Boolean] :http_wire_trace (false) When `true`,
315
326
  # HTTP debug output will be sent to the `:logger`.
316
327
  #
@@ -530,7 +541,7 @@ module Aws::SSO
530
541
  params: params,
531
542
  config: config)
532
543
  context[:gem_name] = 'aws-sdk-core'
533
- context[:gem_version] = '3.122.1'
544
+ context[:gem_version] = '3.125.0'
534
545
  Seahorse::Client::Request.new(handlers, context)
535
546
  end
536
547
 
data/lib/aws-sdk-sso.rb CHANGED
@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sso/customizations'
50
50
  # @!group service
51
51
  module Aws::SSO
52
52
 
53
- GEM_VERSION = '3.122.1'
53
+ GEM_VERSION = '3.125.0'
54
54
 
55
55
  end
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
27
27
  require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
28
28
  require 'aws-sdk-core/plugins/transfer_encoding.rb'
29
29
  require 'aws-sdk-core/plugins/http_checksum.rb'
30
+ require 'aws-sdk-core/plugins/defaults_mode.rb'
30
31
  require 'aws-sdk-core/plugins/signature_v4.rb'
31
32
  require 'aws-sdk-core/plugins/protocols/query.rb'
32
33
  require 'aws-sdk-sts/plugins/sts_regional_endpoints.rb'
@@ -74,6 +75,7 @@ module Aws::STS
74
75
  add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
75
76
  add_plugin(Aws::Plugins::TransferEncoding)
76
77
  add_plugin(Aws::Plugins::HttpChecksum)
78
+ add_plugin(Aws::Plugins::DefaultsMode)
77
79
  add_plugin(Aws::Plugins::SignatureV4)
78
80
  add_plugin(Aws::Plugins::Protocols::Query)
79
81
  add_plugin(Aws::STS::Plugins::STSRegionalEndpoints)
@@ -121,7 +123,9 @@ module Aws::STS
121
123
  # * EC2/ECS IMDS instance profile - When used by default, the timeouts
122
124
  # are very aggressive. Construct and pass an instance of
123
125
  # `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
124
- # enable retries and extended timeouts.
126
+ # enable retries and extended timeouts. Instance profile credential
127
+ # fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
128
+ # to true.
125
129
  #
126
130
  # @option options [required, String] :region
127
131
  # The AWS region to connect to. The configured `:region` is
@@ -175,6 +179,10 @@ module Aws::STS
175
179
  # Used only in `standard` and adaptive retry modes. Specifies whether to apply
176
180
  # a clock skew correction and retry requests with skewed client clocks.
177
181
  #
182
+ # @option options [String] :defaults_mode ("legacy")
183
+ # See {Aws::DefaultsModeConfiguration} for a list of the
184
+ # accepted modes and the configuration defaults that are included.
185
+ #
178
186
  # @option options [Boolean] :disable_host_prefix_injection (false)
179
187
  # Set to true to disable SDK automatically adding host prefix
180
188
  # to default service endpoint when available.
@@ -302,7 +310,7 @@ module Aws::STS
302
310
  # seconds to wait when opening a HTTP session before raising a
303
311
  # `Timeout::Error`.
304
312
  #
305
- # @option options [Integer] :http_read_timeout (60) The default
313
+ # @option options [Float] :http_read_timeout (60) The default
306
314
  # number of seconds to wait for response data. This value can
307
315
  # safely be set per-request on the session.
308
316
  #
@@ -318,6 +326,9 @@ module Aws::STS
318
326
  # disables this behaviour. This value can safely be set per
319
327
  # request on the session.
320
328
  #
329
+ # @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
330
+ # in seconds.
331
+ #
321
332
  # @option options [Boolean] :http_wire_trace (false) When `true`,
322
333
  # HTTP debug output will be sent to the `:logger`.
323
334
  #
@@ -350,15 +361,15 @@ module Aws::STS
350
361
  # `AssumeRole` within your account or for cross-account access. For a
351
362
  # comparison of `AssumeRole` with other API operations that produce
352
363
  # temporary credentials, see [Requesting Temporary Security
353
- # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
354
- # User Guide*.
364
+ # Credentials][1] and [Comparing the Amazon Web Services STS API
365
+ # operations][2] in the *IAM User Guide*.
355
366
  #
356
367
  # **Permissions**
357
368
  #
358
369
  # The temporary security credentials created by `AssumeRole` can be used
359
370
  # to make API calls to any Amazon Web Services service with the
360
- # following exception: You cannot call the STS `GetFederationToken` or
361
- # `GetSessionToken` API operations.
371
+ # following exception: You cannot call the Amazon Web Services STS
372
+ # `GetFederationToken` or `GetSessionToken` API operations.
362
373
  #
363
374
  # (Optional) You can pass inline or managed [session policies][3] to
364
375
  # this operation. You can pass a single JSON policy document to use as
@@ -375,28 +386,37 @@ module Aws::STS
375
386
  # assumed. For more information, see [Session Policies][3] in the *IAM
376
387
  # User Guide*.
377
388
  #
378
- # To assume a role from a different account, your account must be
379
- # trusted by the role. The trust relationship is defined in the role's
380
- # trust policy when the role is created. That trust policy states which
381
- # accounts are allowed to delegate that access to users in the account.
389
+ # When you create a role, you create two policies: A role trust policy
390
+ # that specifies *who* can assume the role and a permissions policy that
391
+ # specifies *what* can be done with the role. You specify the trusted
392
+ # principal who is allowed to assume the role in the role trust policy.
393
+ #
394
+ # To assume a role from a different account, your Amazon Web Services
395
+ # account must be trusted by the role. The trust relationship is defined
396
+ # in the role's trust policy when the role is created. That trust
397
+ # policy states which accounts are allowed to delegate that access to
398
+ # users in the account.
382
399
  #
383
400
  # A user who wants to access a role in a different account must also
384
401
  # have permissions that are delegated from the user account
385
402
  # administrator. The administrator must attach a policy that allows the
386
403
  # user to call `AssumeRole` for the ARN of the role in the other
387
- # account. If the user is in the same account as the role, then you can
388
- # do either of the following:
404
+ # account.
389
405
  #
390
- # * Attach a policy to the user (identical to the previous user in a
391
- # different account).
406
+ # To allow a user to assume a role in the same account, you can do
407
+ # either of the following:
408
+ #
409
+ # * Attach a policy to the user that allows the user to call
410
+ # `AssumeRole` (as long as the role's trust policy trusts the
411
+ # account).
392
412
  #
393
413
  # * Add the user as a principal directly in the role's trust policy.
394
414
  #
395
- # In this case, the trust policy acts as an IAM resource-based policy.
396
- # Users in the same account as the role do not need explicit permission
397
- # to assume the role. For more information about trust policies and
398
- # resource-based policies, see [IAM Policies][4] in the *IAM User
399
- # Guide*.
415
+ # You can do either because the role’s trust policy acts as an IAM
416
+ # resource-based policy. When a resource-based policy grants access to a
417
+ # principal in the same account, no additional identity-based policy is
418
+ # required. For more information about trust policies and resource-based
419
+ # policies, see [IAM Policies][4] in the *IAM User Guide*.
400
420
  #
401
421
  # **Tags**
402
422
  #
@@ -538,15 +558,25 @@ module Aws::STS
538
558
  #
539
559
  # @option params [Integer] :duration_seconds
540
560
  # The duration, in seconds, of the role session. The value specified can
541
- # can range from 900 seconds (15 minutes) up to the maximum session
542
- # duration that is set for the role. The maximum session duration
543
- # setting can have a value from 1 hour to 12 hours. If you specify a
544
- # value higher than this setting or the administrator setting (whichever
545
- # is lower), the operation fails. For example, if you specify a session
546
- # duration of 12 hours, but your administrator set the maximum session
547
- # duration to 6 hours, your operation fails. To learn how to view the
548
- # maximum value for your role, see [View the Maximum Session Duration
549
- # Setting for a Role][1] in the *IAM User Guide*.
561
+ # range from 900 seconds (15 minutes) up to the maximum session duration
562
+ # set for the role. The maximum session duration setting can have a
563
+ # value from 1 hour to 12 hours. If you specify a value higher than this
564
+ # setting or the administrator setting (whichever is lower), the
565
+ # operation fails. For example, if you specify a session duration of 12
566
+ # hours, but your administrator set the maximum session duration to 6
567
+ # hours, your operation fails.
568
+ #
569
+ # Role chaining limits your Amazon Web Services CLI or Amazon Web
570
+ # Services API role session to a maximum of one hour. When you use the
571
+ # `AssumeRole` API operation to assume a role, you can specify the
572
+ # duration of your role session with the `DurationSeconds` parameter.
573
+ # You can specify a parameter value of up to 43200 seconds (12 hours),
574
+ # depending on the maximum session duration setting for your role.
575
+ # However, if you assume a role using role chaining and provide a
576
+ # `DurationSeconds` parameter value greater than one hour, the operation
577
+ # fails. To learn how to view the maximum value for your role, see [View
578
+ # the Maximum Session Duration Setting for a Role][1] in the *IAM User
579
+ # Guide*.
550
580
  #
551
581
  # By default, the value is set to `3600` seconds.
552
582
  #
@@ -555,8 +585,8 @@ module Aws::STS
555
585
  # The request to the federation endpoint for a console sign-in token
556
586
  # takes a `SessionDuration` parameter that specifies the maximum length
557
587
  # of the console session. For more information, see [Creating a URL that
558
- # Enables Federated Users to Access the Management Console][2] in the
559
- # *IAM User Guide*.
588
+ # Enables Federated Users to Access the Amazon Web Services Management
589
+ # Console][2] in the *IAM User Guide*.
560
590
  #
561
591
  # </note>
562
592
  #
@@ -568,8 +598,8 @@ module Aws::STS
568
598
  # @option params [Array<Types::Tag>] :tags
569
599
  # A list of session tags that you want to pass. Each session tag
570
600
  # consists of a key name and an associated value. For more information
571
- # about session tags, see [Tagging STS Sessions][1] in the *IAM User
572
- # Guide*.
601
+ # about session tags, see [Tagging Amazon Web Services STS Sessions][1]
602
+ # in the *IAM User Guide*.
573
603
  #
574
604
  # This parameter is optional. You can pass up to 50 session tags. The
575
605
  # plaintext session tag keys can’t exceed 128 characters, and the values
@@ -798,8 +828,8 @@ module Aws::STS
798
828
  # user-specific credentials or configuration. For a comparison of
799
829
  # `AssumeRoleWithSAML` with the other API operations that produce
800
830
  # temporary credentials, see [Requesting Temporary Security
801
- # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
802
- # User Guide*.
831
+ # Credentials][1] and [Comparing the Amazon Web Services STS API
832
+ # operations][2] in the *IAM User Guide*.
803
833
  #
804
834
  # The temporary security credentials returned by this operation consist
805
835
  # of an access key ID, a secret access key, and a security token.
@@ -1051,8 +1081,8 @@ module Aws::STS
1051
1081
  # The request to the federation endpoint for a console sign-in token
1052
1082
  # takes a `SessionDuration` parameter that specifies the maximum length
1053
1083
  # of the console session. For more information, see [Creating a URL that
1054
- # Enables Federated Users to Access the Management Console][2] in the
1055
- # *IAM User Guide*.
1084
+ # Enables Federated Users to Access the Amazon Web Services Management
1085
+ # Console][2] in the *IAM User Guide*.
1056
1086
  #
1057
1087
  # </note>
1058
1088
  #
@@ -1172,8 +1202,8 @@ module Aws::STS
1172
1202
  # a token from the web identity provider. For a comparison of
1173
1203
  # `AssumeRoleWithWebIdentity` with the other API operations that produce
1174
1204
  # temporary credentials, see [Requesting Temporary Security
1175
- # Credentials][5] and [Comparing the STS API operations][6] in the *IAM
1176
- # User Guide*.
1205
+ # Credentials][5] and [Comparing the Amazon Web Services STS API
1206
+ # operations][6] in the *IAM User Guide*.
1177
1207
  #
1178
1208
  # The temporary security credentials returned by this API consist of an
1179
1209
  # access key ID, a secret access key, and a security token. Applications
@@ -1433,8 +1463,8 @@ module Aws::STS
1433
1463
  # The request to the federation endpoint for a console sign-in token
1434
1464
  # takes a `SessionDuration` parameter that specifies the maximum length
1435
1465
  # of the console session. For more information, see [Creating a URL that
1436
- # Enables Federated Users to Access the Management Console][2] in the
1437
- # *IAM User Guide*.
1466
+ # Enables Federated Users to Access the Amazon Web Services Management
1467
+ # Console][2] in the *IAM User Guide*.
1438
1468
  #
1439
1469
  # </note>
1440
1470
  #
@@ -1540,17 +1570,17 @@ module Aws::STS
1540
1570
  # </note>
1541
1571
  #
1542
1572
  # The message is encoded because the details of the authorization status
1543
- # can constitute privileged information that the user who requested the
1573
+ # can contain privileged information that the user who requested the
1544
1574
  # operation should not see. To decode an authorization status message, a
1545
- # user must be granted permissions via an IAM policy to request the
1546
- # `DecodeAuthorizationMessage` (`sts:DecodeAuthorizationMessage`)
1575
+ # user must be granted permissions through an IAM [policy][1] to request
1576
+ # the `DecodeAuthorizationMessage` (`sts:DecodeAuthorizationMessage`)
1547
1577
  # action.
1548
1578
  #
1549
1579
  # The decoded message includes the following type of information:
1550
1580
  #
1551
1581
  # * Whether the request was denied due to an explicit deny or due to the
1552
1582
  # absence of an explicit allow. For more information, see [Determining
1553
- # Whether a Request is Allowed or Denied][1] in the *IAM User Guide*.
1583
+ # Whether a Request is Allowed or Denied][2] in the *IAM User Guide*.
1554
1584
  #
1555
1585
  # * The principal who made the request.
1556
1586
  #
@@ -1562,7 +1592,8 @@ module Aws::STS
1562
1592
  #
1563
1593
  #
1564
1594
  #
1565
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow
1595
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
1596
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow
1566
1597
  #
1567
1598
  # @option params [required, String] :encoded_message
1568
1599
  # The encoded message that was returned with the response.
@@ -1757,8 +1788,8 @@ module Aws::STS
1757
1788
  # can be safely stored, usually in a server-based application. For a
1758
1789
  # comparison of `GetFederationToken` with the other API operations that
1759
1790
  # produce temporary credentials, see [Requesting Temporary Security
1760
- # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
1761
- # User Guide*.
1791
+ # Credentials][1] and [Comparing the Amazon Web Services STS API
1792
+ # operations][2] in the *IAM User Guide*.
1762
1793
  #
1763
1794
  # <note markdown="1"> You can create a mobile-based or browser-based app that can
1764
1795
  # authenticate users using a web identity provider like Login with
@@ -1782,7 +1813,7 @@ module Aws::STS
1782
1813
  # The temporary credentials are valid for the specified duration, from
1783
1814
  # 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
1784
1815
  # hours). The default session duration is 43,200 seconds (12 hours).
1785
- # Temporary credentials that are obtained by using Amazon Web Services
1816
+ # Temporary credentials obtained by using the Amazon Web Services
1786
1817
  # account root user credentials have a maximum duration of 3,600 seconds
1787
1818
  # (1 hour).
1788
1819
  #
@@ -1837,65 +1868,6 @@ module Aws::STS
1837
1868
  #
1838
1869
  # </note>
1839
1870
  #
1840
- # You can also call `GetFederationToken` using the security credentials
1841
- # of an Amazon Web Services account root user, but we do not recommend
1842
- # it. Instead, we recommend that you create an IAM user for the purpose
1843
- # of the proxy application. Then attach a policy to the IAM user that
1844
- # limits federated users to only the actions and resources that they
1845
- # need to access. For more information, see [IAM Best Practices][5] in
1846
- # the *IAM User Guide*.
1847
- #
1848
- # **Session duration**
1849
- #
1850
- # The temporary credentials are valid for the specified duration, from
1851
- # 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
1852
- # hours). The default session duration is 43,200 seconds (12 hours).
1853
- # Temporary credentials that are obtained by using Amazon Web Services
1854
- # account root user credentials have a maximum duration of 3,600 seconds
1855
- # (1 hour).
1856
- #
1857
- # **Permissions**
1858
- #
1859
- # You can use the temporary credentials created by `GetFederationToken`
1860
- # in any Amazon Web Services service except the following:
1861
- #
1862
- # * You cannot call any IAM operations using the CLI or the Amazon Web
1863
- # Services API.
1864
- #
1865
- # * You cannot call any STS operations except `GetCallerIdentity`.
1866
- #
1867
- # You must pass an inline or managed [session policy][6] to this
1868
- # operation. You can pass a single JSON policy document to use as an
1869
- # inline session policy. You can also specify up to 10 managed policies
1870
- # to use as managed session policies. The plain text that you use for
1871
- # both inline and managed session policies can't exceed 2,048
1872
- # characters.
1873
- #
1874
- # Though the session policy parameters are optional, if you do not pass
1875
- # a policy, then the resulting federated user session has no
1876
- # permissions. When you pass session policies, the session permissions
1877
- # are the intersection of the IAM user policies and the session policies
1878
- # that you pass. This gives you a way to further restrict the
1879
- # permissions for a federated user. You cannot use session policies to
1880
- # grant more permissions than those that are defined in the permissions
1881
- # policy of the IAM user. For more information, see [Session
1882
- # Policies][6] in the *IAM User Guide*. For information about using
1883
- # `GetFederationToken` to create temporary security credentials, see
1884
- # [GetFederationToken—Federation Through a Custom Identity Broker][7].
1885
- #
1886
- # You can use the credentials to access a resource that has a
1887
- # resource-based policy. If that policy specifically references the
1888
- # federated user session in the `Principal` element of the policy, the
1889
- # session has the permissions allowed by the policy. These permissions
1890
- # are granted in addition to the permissions granted by the session
1891
- # policies.
1892
- #
1893
- # **Tags**
1894
- #
1895
- # (Optional) You can pass tag key-value pairs to your session. These are
1896
- # called session tags. For more information about session tags, see
1897
- # [Passing Session Tags in STS][8] in the *IAM User Guide*.
1898
- #
1899
1871
  # An administrator must grant you the permissions necessary to pass
1900
1872
  # session tags. The administrator can also create granular permissions
1901
1873
  # to allow you to pass only specific session tags. For more information,
@@ -2164,8 +2136,8 @@ module Aws::STS
2164
2136
  # correct MFA code, then the API returns an access denied error. For a
2165
2137
  # comparison of `GetSessionToken` with the other API operations that
2166
2138
  # produce temporary credentials, see [Requesting Temporary Security
2167
- # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
2168
- # User Guide*.
2139
+ # Credentials][1] and [Comparing the Amazon Web Services STS API
2140
+ # operations][2] in the *IAM User Guide*.
2169
2141
  #
2170
2142
  # **Session Duration**
2171
2143
  #
@@ -2233,8 +2205,8 @@ module Aws::STS
2233
2205
  # The value is either the serial number for a hardware device (such as
2234
2206
  # `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual device
2235
2207
  # (such as `arn:aws:iam::123456789012:mfa/user`). You can find the
2236
- # device for an IAM user by going to the Management Console and viewing
2237
- # the user's security credentials.
2208
+ # device for an IAM user by going to the Amazon Web Services Management
2209
+ # Console and viewing the user's security credentials.
2238
2210
  #
2239
2211
  # The regex used to validate this parameter is a string of characters
2240
2212
  # consisting of upper- and lower-case alphanumeric characters with no
@@ -2312,7 +2284,7 @@ module Aws::STS
2312
2284
  params: params,
2313
2285
  config: config)
2314
2286
  context[:gem_name] = 'aws-sdk-core'
2315
- context[:gem_version] = '3.122.1'
2287
+ context[:gem_version] = '3.125.0'
2316
2288
  Seahorse::Client::Request.new(handlers, context)
2317
2289
  end
2318
2290
 
@@ -24,7 +24,11 @@ regions to resolve to the STS global endpoint.
24
24
  env_mode = nil if env_mode == ''
25
25
  cfg_mode = Aws.shared_config.sts_regional_endpoints(
26
26
  profile: cfg.profile)
27
- env_mode || cfg_mode || 'regional'
27
+ default_mode_value =
28
+ if cfg.respond_to?(:defaults_mode_config_resolver)
29
+ cfg.defaults_mode_config_resolver.resolve(:sts_regional_endpoints)
30
+ end
31
+ env_mode || cfg_mode || default_mode_value || 'regional'
28
32
  end
29
33
 
30
34
  end
@@ -132,16 +132,25 @@ module Aws::STS
132
132
  #
133
133
  # @!attribute [rw] duration_seconds
134
134
  # The duration, in seconds, of the role session. The value specified
135
- # can can range from 900 seconds (15 minutes) up to the maximum
136
- # session duration that is set for the role. The maximum session
137
- # duration setting can have a value from 1 hour to 12 hours. If you
138
- # specify a value higher than this setting or the administrator
139
- # setting (whichever is lower), the operation fails. For example, if
140
- # you specify a session duration of 12 hours, but your administrator
141
- # set the maximum session duration to 6 hours, your operation fails.
142
- # To learn how to view the maximum value for your role, see [View the
143
- # Maximum Session Duration Setting for a Role][1] in the *IAM User
144
- # Guide*.
135
+ # can range from 900 seconds (15 minutes) up to the maximum session
136
+ # duration set for the role. The maximum session duration setting can
137
+ # have a value from 1 hour to 12 hours. If you specify a value higher
138
+ # than this setting or the administrator setting (whichever is lower),
139
+ # the operation fails. For example, if you specify a session duration
140
+ # of 12 hours, but your administrator set the maximum session duration
141
+ # to 6 hours, your operation fails.
142
+ #
143
+ # Role chaining limits your Amazon Web Services CLI or Amazon Web
144
+ # Services API role session to a maximum of one hour. When you use the
145
+ # `AssumeRole` API operation to assume a role, you can specify the
146
+ # duration of your role session with the `DurationSeconds` parameter.
147
+ # You can specify a parameter value of up to 43200 seconds (12 hours),
148
+ # depending on the maximum session duration setting for your role.
149
+ # However, if you assume a role using role chaining and provide a
150
+ # `DurationSeconds` parameter value greater than one hour, the
151
+ # operation fails. To learn how to view the maximum value for your
152
+ # role, see [View the Maximum Session Duration Setting for a Role][1]
153
+ # in the *IAM User Guide*.
145
154
  #
146
155
  # By default, the value is set to `3600` seconds.
147
156
  #
@@ -150,8 +159,8 @@ module Aws::STS
150
159
  # credentials. The request to the federation endpoint for a console
151
160
  # sign-in token takes a `SessionDuration` parameter that specifies the
152
161
  # maximum length of the console session. For more information, see
153
- # [Creating a URL that Enables Federated Users to Access the
154
- # Management Console][2] in the *IAM User Guide*.
162
+ # [Creating a URL that Enables Federated Users to Access the Amazon
163
+ # Web Services Management Console][2] in the *IAM User Guide*.
155
164
  #
156
165
  # </note>
157
166
  #
@@ -164,8 +173,8 @@ module Aws::STS
164
173
  # @!attribute [rw] tags
165
174
  # A list of session tags that you want to pass. Each session tag
166
175
  # consists of a key name and an associated value. For more information
167
- # about session tags, see [Tagging STS Sessions][1] in the *IAM User
168
- # Guide*.
176
+ # about session tags, see [Tagging Amazon Web Services STS
177
+ # Sessions][1] in the *IAM User Guide*.
169
178
  #
170
179
  # This parameter is optional. You can pass up to 50 session tags. The
171
180
  # plaintext session tag keys can’t exceed 128 characters, and the
@@ -516,8 +525,8 @@ module Aws::STS
516
525
  # credentials. The request to the federation endpoint for a console
517
526
  # sign-in token takes a `SessionDuration` parameter that specifies the
518
527
  # maximum length of the console session. For more information, see
519
- # [Creating a URL that Enables Federated Users to Access the
520
- # Management Console][2] in the *IAM User Guide*.
528
+ # [Creating a URL that Enables Federated Users to Access the Amazon
529
+ # Web Services Management Console][2] in the *IAM User Guide*.
521
530
  #
522
531
  # </note>
523
532
  #
@@ -802,8 +811,8 @@ module Aws::STS
802
811
  # credentials. The request to the federation endpoint for a console
803
812
  # sign-in token takes a `SessionDuration` parameter that specifies the
804
813
  # maximum length of the console session. For more information, see
805
- # [Creating a URL that Enables Federated Users to Access the
806
- # Management Console][2] in the *IAM User Guide*.
814
+ # [Creating a URL that Enables Federated Users to Access the Amazon
815
+ # Web Services Management Console][2] in the *IAM User Guide*.
807
816
  #
808
817
  # </note>
809
818
  #
@@ -1012,7 +1021,7 @@ module Aws::STS
1012
1021
  # returned in response to an Amazon Web Services request.
1013
1022
  #
1014
1023
  # @!attribute [rw] decoded_message
1015
- # An XML document that contains the decoded message.
1024
+ # The API returns a response with the decoded message.
1016
1025
  # @return [String]
1017
1026
  #
1018
1027
  # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageResponse AWS API Documentation
@@ -1396,8 +1405,8 @@ module Aws::STS
1396
1405
  # The value is either the serial number for a hardware device (such as
1397
1406
  # `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual
1398
1407
  # device (such as `arn:aws:iam::123456789012:mfa/user`). You can find
1399
- # the device for an IAM user by going to the Management Console and
1400
- # viewing the user's security credentials.
1408
+ # the device for an IAM user by going to the Amazon Web Services
1409
+ # Management Console and viewing the user's security credentials.
1401
1410
  #
1402
1411
  # The regex used to validate this parameter is a string of characters
1403
1412
  # consisting of upper- and lower-case alphanumeric characters with no
@@ -1546,7 +1555,7 @@ module Aws::STS
1546
1555
  #
1547
1556
  #
1548
1557
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
1549
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
1558
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length
1550
1559
  #
1551
1560
  # @!attribute [rw] message
1552
1561
  # @return [String]
@@ -1612,7 +1621,8 @@ module Aws::STS
1612
1621
  # You can pass custom key-value pair attributes when you assume a role
1613
1622
  # or federate a user. These are called session tags. You can then use
1614
1623
  # the session tags to control access to resources. For more information,
1615
- # see [Tagging STS Sessions][1] in the *IAM User Guide*.
1624
+ # see [Tagging Amazon Web Services STS Sessions][1] in the *IAM User
1625
+ # Guide*.
1616
1626
  #
1617
1627
  #
1618
1628
  #
data/lib/aws-sdk-sts.rb CHANGED
@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sts/customizations'
50
50
  # @!group service
51
51
  module Aws::STS
52
52
 
53
- GEM_VERSION = '3.122.1'
53
+ GEM_VERSION = '3.125.0'
54
54
 
55
55
  end
@@ -34,6 +34,7 @@ module Seahorse
34
34
  ssl_ca_bundle: nil,
35
35
  ssl_ca_directory: nil,
36
36
  ssl_ca_store: nil,
37
+ ssl_timeout: nil
37
38
  }
38
39
 
39
40
  # @api private
@@ -187,6 +188,9 @@ module Seahorse
187
188
  # disables this behaviour. This value can safely be set per
188
189
  # request on the session yielded by {#session_for}.
189
190
  #
191
+ # @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
192
+ # in seconds.
193
+ #
190
194
  # @option options [Boolean] :http_wire_trace (false) When `true`,
191
195
  # HTTP debug output will be sent to the `:logger`.
192
196
  #
@@ -248,6 +252,7 @@ module Seahorse
248
252
  :ssl_ca_bundle => options[:ssl_ca_bundle],
249
253
  :ssl_ca_directory => options[:ssl_ca_directory],
250
254
  :ssl_ca_store => options[:ssl_ca_store],
255
+ :ssl_timeout => options[:ssl_timeout]
251
256
  }
252
257
  end
253
258
 
@@ -285,6 +290,8 @@ module Seahorse
285
290
 
286
291
  if endpoint.scheme == 'https'
287
292
  http.use_ssl = true
293
+ http.ssl_timeout = ssl_timeout
294
+
288
295
  if ssl_verify_peer?
289
296
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
290
297
  http.ca_file = ssl_ca_bundle if ssl_ca_bundle
@@ -9,9 +9,13 @@ module Seahorse
9
9
 
10
10
  option(:http_proxy, default: nil, doc_type: String, docstring: '')
11
11
 
12
- option(:http_open_timeout, default: 15, doc_type: Integer, docstring: '')
12
+ option(:http_open_timeout, default: 15, doc_type: Integer, docstring: '') do |cfg|
13
+ resolve_http_open_timeout(cfg)
14
+ end
13
15
 
14
- option(:http_read_timeout, default: 60, doc_type: Integer, docstring: '')
16
+ option(:http_read_timeout, default: 60, doc_type: Integer, docstring: '') do |cfg|
17
+ resolve_http_read_timeout(cfg)
18
+ end
15
19
 
16
20
  option(:http_idle_timeout, default: 5, doc_type: Integer, docstring: '')
17
21
 
@@ -30,10 +34,37 @@ module Seahorse
30
34
 
31
35
  option(:ssl_ca_store, default: nil, doc_type: String, docstring: '')
32
36
 
37
+ option(:ssl_timeout, default: nil, doc_type: Float, docstring: '') do |cfg|
38
+ resolve_ssl_timeout(cfg)
39
+ end
40
+
33
41
  option(:logger) # for backwards compat
34
42
 
35
43
  handler(Client::NetHttp::Handler, step: :send)
36
44
 
45
+ def self.resolve_http_open_timeout(cfg)
46
+ default_mode_value =
47
+ if cfg.respond_to?(:defaults_mode_config_resolver)
48
+ cfg.defaults_mode_config_resolver.resolve(:http_open_timeout)
49
+ end
50
+ default_mode_value || 15
51
+ end
52
+
53
+ def self.resolve_http_read_timeout(cfg)
54
+ default_mode_value =
55
+ if cfg.respond_to?(:defaults_mode_config_resolver)
56
+ cfg.defaults_mode_config_resolver.resolve(:http_read_timeout)
57
+ end
58
+ default_mode_value || 60
59
+ end
60
+
61
+ def self.resolve_ssl_timeout(cfg)
62
+ default_mode_value =
63
+ if cfg.respond_to?(:defaults_mode_config_resolver)
64
+ cfg.defaults_mode_config_resolver.resolve(:ssl_timeout)
65
+ end
66
+ default_mode_value || nil
67
+ end
37
68
  end
38
69
  end
39
70
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.122.1
4
+ version: 3.125.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-09 00:00:00.000000000 Z
11
+ date: 2021-12-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jmespath
@@ -89,6 +89,9 @@ files:
89
89
  - LICENSE.txt
90
90
  - VERSION
91
91
  - ca-bundle.crt
92
+ - lib/aws-defaults.rb
93
+ - lib/aws-defaults/default_configuration.rb
94
+ - lib/aws-defaults/defaults_mode_config_resolver.rb
92
95
  - lib/aws-sdk-core.rb
93
96
  - lib/aws-sdk-core/arn.rb
94
97
  - lib/aws-sdk-core/arn_parser.rb
@@ -139,6 +142,7 @@ files:
139
142
  - lib/aws-sdk-core/plugins/client_metrics_plugin.rb
140
143
  - lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb
141
144
  - lib/aws-sdk-core/plugins/credentials_configuration.rb
145
+ - lib/aws-sdk-core/plugins/defaults_mode.rb
142
146
  - lib/aws-sdk-core/plugins/endpoint_discovery.rb
143
147
  - lib/aws-sdk-core/plugins/endpoint_pattern.rb
144
148
  - lib/aws-sdk-core/plugins/event_stream_configuration.rb