aws-sdk-core 3.125.5 → 3.126.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6097fa7cc1661cdca09ad52fbf3f6ac5d0e2cb23f12c042afb83348fbb682167
4
- data.tar.gz: 7674b35f80736d81b5f239bff160457ca5a377c576720f27aae4099298bb7dae
3
+ metadata.gz: 43456ebcfb658f355c30401c60fbc040821ad6e166a5341f6fe6c6ee13504fb2
4
+ data.tar.gz: e2b3ad8937b2abfd04fb996466dfcfaedd6f30fc2a01d3129568eb1c92410fb1
5
5
  SHA512:
6
- metadata.gz: 8ec3ffb176c06f067369f3a58ce65fa3fe03fe017312d67a10bbeeae9dcaaaa95ddbbc295b0235fa7671037768ece22a0d6c5d2691fb93d11fd08235dcb80b15
7
- data.tar.gz: 0da7d408ebe2173564167decedeb434dc941b786eca73e207c82d93663fc85d9dadaedca6e1a643cfa375332ebd40866f791fa815bb4356a4536c48604991235
6
+ metadata.gz: c2d1633574df08000c0d247dd044ab137481c616da29bca727c0f8e534655f4bf85ac7a10b3f2dab6fb3ec1bb5bfdb75053b2b124bcdead670dc080af98eb608
7
+ data.tar.gz: cc10baad99ea717024d2b841a529d5a89a4b10585cf38b008d51e5c36ab9981b330d3d2769b4e9a6e94b05cd66596cba9d0e5a687e8f90c89be214498680720b
data/CHANGELOG.md CHANGED
@@ -1,6 +1,29 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 3.126.2 (2022-02-16)
5
+ ------------------
6
+
7
+ * Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
8
+ * Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist.
9
+
10
+ 3.126.1 (2022-02-14)
11
+ ------------------
12
+
13
+ * Issue - Set `create_time` on IMDS tokens before fetch to reduce chance of using expired tokens and retry failures due to using expired tokens.
14
+
15
+ 3.126.0 (2022-02-03)
16
+ ------------------
17
+
18
+ * Feature - Updated Aws::SSO::Client with the latest API changes.
19
+
20
+ * Feature - Add support for recursion detection.
21
+
22
+ 3.125.6 (2022-02-02)
23
+ ------------------
24
+
25
+ * Issue - Ensure default message for ServiceError is a string (#2643).
26
+
4
27
  3.125.5 (2022-01-19)
5
28
  ------------------
6
29
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.125.5
1
+ 3.126.2
@@ -17,6 +17,11 @@ module Aws
17
17
  #
18
18
  # If you omit `:client` option, a new {STS::Client} object will be
19
19
  # constructed.
20
+ #
21
+ # The AssumeRoleCredentials also provides a `before_refresh` callback
22
+ # that can be used to help manage refreshing tokens.
23
+ # `before_refresh` is called when AWS credentials are required and need
24
+ # to be refreshed and it is called with the AssumeRoleCredentials object.
20
25
  class AssumeRoleCredentials
21
26
 
22
27
  include CredentialProvider
@@ -28,6 +33,16 @@ module Aws
28
33
  # @option options [Integer] :duration_seconds
29
34
  # @option options [String] :external_id
30
35
  # @option options [STS::Client] :client
36
+ # @option options [Callable] before_refresh Proc called before
37
+ # credentials are refreshed. Useful for updating tokens.
38
+ # `before_refresh` is called when AWS credentials are
39
+ # required and need to be refreshed. Tokens can be refreshed using
40
+ # the following example:
41
+ #
42
+ # before_refresh = Proc.new do |assume_role_credentials| do
43
+ # assume_role_credentials.assume_role_params['token_code'] = update_token
44
+ # end
45
+ #
31
46
  def initialize(options = {})
32
47
  client_opts = {}
33
48
  @assume_role_params = {}
@@ -45,6 +60,9 @@ module Aws
45
60
  # @return [STS::Client]
46
61
  attr_reader :client
47
62
 
63
+ # @return [Hash]
64
+ attr_reader :assume_role_params
65
+
48
66
  private
49
67
 
50
68
  def refresh
@@ -39,6 +39,11 @@ module Aws
39
39
  # encoded UUID is generated as the session name
40
40
  #
41
41
  # @option options [STS::Client] :client
42
+ #
43
+ # @option options [Callable] before_refresh Proc called before
44
+ # credentials are refreshed. `before_refresh` is called
45
+ # with an instance of this object when
46
+ # AWS credentials are required and need to be refreshed.
42
47
  def initialize(options = {})
43
48
  client_opts = {}
44
49
  @assume_role_web_identity_params = {}
@@ -136,8 +136,9 @@ module Aws
136
136
 
137
137
  def fetch_token
138
138
  open_connection do |conn|
139
+ created_time = Time.now
139
140
  token_value, token_ttl = http_put(conn, @token_ttl)
140
- @token = Token.new(value: token_value, ttl: token_ttl)
141
+ @token = Token.new(value: token_value, ttl: token_ttl, created_time: created_time)
141
142
  end
142
143
  end
143
144
 
@@ -222,7 +223,7 @@ module Aws
222
223
  def initialize(options = {})
223
224
  @ttl = options[:ttl]
224
225
  @value = options[:value]
225
- @created_time = Time.now
226
+ @created_time = options[:created_time] || Time.now
226
227
  end
227
228
 
228
229
  # [String] Returns the token value.
@@ -43,6 +43,10 @@ module Aws
43
43
  # @option options [IO] :http_debug_output (nil) HTTP wire
44
44
  # traces are sent to this object. You can specify something
45
45
  # like $stdout.
46
+ # @option options [Callable] before_refresh Proc called before
47
+ # credentials are refreshed. `before_refresh` is called
48
+ # with an instance of this object when
49
+ # AWS credentials are required and need to be refreshed.
46
50
  def initialize options = {}
47
51
  @retries = options[:retries] || 5
48
52
  @ip_address = options[:ip_address] || '169.254.170.2'
@@ -18,7 +18,7 @@ module Aws
18
18
  @code = self.class.code
19
19
  @context = context
20
20
  @data = data
21
- @message = message && !message.empty? ? message : self.class
21
+ @message = message && !message.empty? ? message : self.class.to_s
22
22
  super(@message)
23
23
  end
24
24
 
@@ -63,6 +63,10 @@ module Aws
63
63
  # @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
64
64
  # Metadata Token used for fetching Metadata Profile Credentials, defaults
65
65
  # to 21600 seconds
66
+ # @option options [Callable] before_refresh Proc called before
67
+ # credentials are refreshed. `before_refresh` is called
68
+ # with an instance of this object when
69
+ # AWS credentials are required and need to be refreshed.
66
70
  def initialize(options = {})
67
71
  @retries = options[:retries] || 1
68
72
  endpoint_mode = resolve_endpoint_mode(options)
@@ -153,10 +157,11 @@ module Aws
153
157
  begin
154
158
  retry_errors(NETWORK_ERRORS, max_retries: @retries) do
155
159
  unless token_set?
160
+ created_time = Time.now
156
161
  token_value, ttl = http_put(
157
162
  conn, METADATA_TOKEN_PATH, @token_ttl
158
163
  )
159
- @token = Token.new(token_value, ttl) if token_value && ttl
164
+ @token = Token.new(token_value, ttl, created_time) if token_value && ttl
160
165
  end
161
166
  end
162
167
  rescue *NETWORK_ERRORS
@@ -166,9 +171,17 @@ module Aws
166
171
  end
167
172
 
168
173
  token = @token.value if token_set?
169
- metadata = http_get(conn, METADATA_PATH_BASE, token)
170
- profile_name = metadata.lines.first.strip
171
- http_get(conn, METADATA_PATH_BASE + profile_name, token)
174
+
175
+ begin
176
+ metadata = http_get(conn, METADATA_PATH_BASE, token)
177
+ profile_name = metadata.lines.first.strip
178
+ http_get(conn, METADATA_PATH_BASE + profile_name, token)
179
+ rescue TokenExpiredError
180
+ # Token has expired, reset it
181
+ # The next retry should fetch it
182
+ @token = nil
183
+ raise Non200Response
184
+ end
172
185
  end
173
186
  end
174
187
  rescue
@@ -200,9 +213,15 @@ module Aws
200
213
  headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}" }
201
214
  headers['x-aws-ec2-metadata-token'] = token if token
202
215
  response = connection.request(Net::HTTP::Get.new(path, headers))
203
- raise Non200Response unless response.code.to_i == 200
204
216
 
205
- response.body
217
+ case response.code.to_i
218
+ when 200
219
+ response.body
220
+ when 401
221
+ raise TokenExpiredError
222
+ else
223
+ raise Non200Response
224
+ end
206
225
  end
207
226
 
208
227
  # PUT request fetch token with ttl
@@ -244,10 +263,10 @@ module Aws
244
263
  # @api private
245
264
  # Token used to fetch IMDS profile and credentials
246
265
  class Token
247
- def initialize(value, ttl)
266
+ def initialize(value, ttl, created_time = Time.now)
248
267
  @ttl = ttl
249
268
  @value = value
250
- @created_time = Time.now
269
+ @created_time = created_time
251
270
  end
252
271
 
253
272
  # [String] token value
@@ -0,0 +1,27 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ module Plugins
5
+ # @api private
6
+ class RecursionDetection < Seahorse::Client::Plugin
7
+
8
+ # @api private
9
+ class Handler < Seahorse::Client::Handler
10
+ def call(context)
11
+
12
+ unless context.http_request.headers.key?('x-amz-trace-id')
13
+ if ENV['AWS_LAMBDA_FUNCTION_NAME'] &&
14
+ (trace_id = ENV['_X_AMZ_TRACE_ID'])
15
+ context.http_request.headers['x-amz-trace-id'] = trace_id
16
+ end
17
+ end
18
+ @handler.call(context)
19
+ end
20
+ end
21
+
22
+ # should be at the end of build so that
23
+ # modeled traits / service customizations apply first
24
+ handler(Handler, step: :build, order: 99)
25
+ end
26
+ end
27
+ end
@@ -19,6 +19,9 @@ module Aws
19
19
 
20
20
  def initialize(options = {})
21
21
  @mutex = Mutex.new
22
+ @before_refresh = options.delete(:before_refresh) if Hash === options
23
+
24
+ @before_refresh.call(self) if @before_refresh
22
25
  refresh
23
26
  end
24
27
 
@@ -37,7 +40,11 @@ module Aws
37
40
  # Refresh credentials.
38
41
  # @return [void]
39
42
  def refresh!
40
- @mutex.synchronize { refresh }
43
+ @mutex.synchronize do
44
+ @before_refresh.call(self) if @before_refresh
45
+
46
+ refresh
47
+ end
41
48
  end
42
49
 
43
50
  private
@@ -47,7 +54,11 @@ module Aws
47
54
  def refresh_if_near_expiration
48
55
  if near_expiration?
49
56
  @mutex.synchronize do
50
- refresh if near_expiration?
57
+ if near_expiration?
58
+ @before_refresh.call(self) if @before_refresh
59
+
60
+ refresh
61
+ end
51
62
  end
52
63
  end
53
64
  end
@@ -100,7 +100,7 @@ module Aws
100
100
  # or `nil` if no valid credentials were found.
101
101
  def credentials(opts = {})
102
102
  p = opts[:profile] || @profile_name
103
- validate_profile_exists(p) if credentials_present?
103
+ validate_profile_exists(p)
104
104
  if (credentials = credentials_from_shared(p, opts))
105
105
  credentials
106
106
  elsif (credentials = credentials_from_config(p, opts))
@@ -195,11 +195,6 @@ module Aws
195
195
  value
196
196
  end
197
197
 
198
- def credentials_present?
199
- (@parsed_credentials && !@parsed_credentials.empty?) ||
200
- (@parsed_config && !@parsed_config.empty?)
201
- end
202
-
203
198
  def assume_role_from_profile(cfg, profile, opts, chain_config)
204
199
  if cfg && prof_cfg = cfg[profile]
205
200
  opts[:source_profile] ||= prof_cfg['source_profile']
@@ -63,6 +63,11 @@ module Aws
63
63
  #
64
64
  # @option options [SSO::Client] :client Optional `SSO::Client`. If not
65
65
  # provided, a client will be constructed.
66
+ #
67
+ # @option options [Callable] before_refresh Proc called before
68
+ # credentials are refreshed. `before_refresh` is called
69
+ # with an instance of this object when
70
+ # AWS credentials are required and need to be refreshed.
66
71
  def initialize(options = {})
67
72
 
68
73
  missing_keys = SSO_REQUIRED_OPTS.select { |k| options[k].nil? }
@@ -28,6 +28,7 @@ require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
28
28
  require 'aws-sdk-core/plugins/transfer_encoding.rb'
29
29
  require 'aws-sdk-core/plugins/http_checksum.rb'
30
30
  require 'aws-sdk-core/plugins/defaults_mode.rb'
31
+ require 'aws-sdk-core/plugins/recursion_detection.rb'
31
32
  require 'aws-sdk-core/plugins/signature_v4.rb'
32
33
  require 'aws-sdk-core/plugins/protocols/rest_json.rb'
33
34
 
@@ -75,6 +76,7 @@ module Aws::SSO
75
76
  add_plugin(Aws::Plugins::TransferEncoding)
76
77
  add_plugin(Aws::Plugins::HttpChecksum)
77
78
  add_plugin(Aws::Plugins::DefaultsMode)
79
+ add_plugin(Aws::Plugins::RecursionDetection)
78
80
  add_plugin(Aws::Plugins::SignatureV4)
79
81
  add_plugin(Aws::Plugins::Protocols::RestJson)
80
82
 
@@ -541,7 +543,7 @@ module Aws::SSO
541
543
  params: params,
542
544
  config: config)
543
545
  context[:gem_name] = 'aws-sdk-core'
544
- context[:gem_version] = '3.125.5'
546
+ context[:gem_version] = '3.126.2'
545
547
  Seahorse::Client::Request.new(handlers, context)
546
548
  end
547
549
 
data/lib/aws-sdk-sso.rb CHANGED
@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sso/customizations'
50
50
  # @!group service
51
51
  module Aws::SSO
52
52
 
53
- GEM_VERSION = '3.125.5'
53
+ GEM_VERSION = '3.126.2'
54
54
 
55
55
  end
@@ -28,6 +28,7 @@ require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
28
28
  require 'aws-sdk-core/plugins/transfer_encoding.rb'
29
29
  require 'aws-sdk-core/plugins/http_checksum.rb'
30
30
  require 'aws-sdk-core/plugins/defaults_mode.rb'
31
+ require 'aws-sdk-core/plugins/recursion_detection.rb'
31
32
  require 'aws-sdk-core/plugins/signature_v4.rb'
32
33
  require 'aws-sdk-core/plugins/protocols/query.rb'
33
34
  require 'aws-sdk-sts/plugins/sts_regional_endpoints.rb'
@@ -76,6 +77,7 @@ module Aws::STS
76
77
  add_plugin(Aws::Plugins::TransferEncoding)
77
78
  add_plugin(Aws::Plugins::HttpChecksum)
78
79
  add_plugin(Aws::Plugins::DefaultsMode)
80
+ add_plugin(Aws::Plugins::RecursionDetection)
79
81
  add_plugin(Aws::Plugins::SignatureV4)
80
82
  add_plugin(Aws::Plugins::Protocols::Query)
81
83
  add_plugin(Aws::STS::Plugins::STSRegionalEndpoints)
@@ -2284,7 +2286,7 @@ module Aws::STS
2284
2286
  params: params,
2285
2287
  config: config)
2286
2288
  context[:gem_name] = 'aws-sdk-core'
2287
- context[:gem_version] = '3.125.5'
2289
+ context[:gem_version] = '3.126.2'
2288
2290
  Seahorse::Client::Request.new(handlers, context)
2289
2291
  end
2290
2292
 
data/lib/aws-sdk-sts.rb CHANGED
@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sts/customizations'
50
50
  # @!group service
51
51
  module Aws::STS
52
52
 
53
- GEM_VERSION = '3.125.5'
53
+ GEM_VERSION = '3.126.2'
54
54
 
55
55
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.125.5
4
+ version: 3.126.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-01-19 00:00:00.000000000 Z
11
+ date: 2022-02-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jmespath
@@ -161,6 +161,7 @@ files:
161
161
  - lib/aws-sdk-core/plugins/protocols/query.rb
162
162
  - lib/aws-sdk-core/plugins/protocols/rest_json.rb
163
163
  - lib/aws-sdk-core/plugins/protocols/rest_xml.rb
164
+ - lib/aws-sdk-core/plugins/recursion_detection.rb
164
165
  - lib/aws-sdk-core/plugins/regional_endpoint.rb
165
166
  - lib/aws-sdk-core/plugins/response_paging.rb
166
167
  - lib/aws-sdk-core/plugins/retries/client_rate_limiter.rb