aws-sdk-core 3.125.5 → 3.126.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6097fa7cc1661cdca09ad52fbf3f6ac5d0e2cb23f12c042afb83348fbb682167
-  data.tar.gz: 7674b35f80736d81b5f239bff160457ca5a377c576720f27aae4099298bb7dae
+  metadata.gz: 43456ebcfb658f355c30401c60fbc040821ad6e166a5341f6fe6c6ee13504fb2
+  data.tar.gz: e2b3ad8937b2abfd04fb996466dfcfaedd6f30fc2a01d3129568eb1c92410fb1
 SHA512:
-  metadata.gz: 8ec3ffb176c06f067369f3a58ce65fa3fe03fe017312d67a10bbeeae9dcaaaa95ddbbc295b0235fa7671037768ece22a0d6c5d2691fb93d11fd08235dcb80b15
-  data.tar.gz: 0da7d408ebe2173564167decedeb434dc941b786eca73e207c82d93663fc85d9dadaedca6e1a643cfa375332ebd40866f791fa815bb4356a4536c48604991235
+  metadata.gz: c2d1633574df08000c0d247dd044ab137481c616da29bca727c0f8e534655f4bf85ac7a10b3f2dab6fb3ec1bb5bfdb75053b2b124bcdead670dc080af98eb608
+  data.tar.gz: cc10baad99ea717024d2b841a529d5a89a4b10585cf38b008d51e5c36ab9981b330d3d2769b4e9a6e94b05cd66596cba9d0e5a687e8f90c89be214498680720b

data/CHANGELOG.md

@@ -1,6 +1,29 @@
 Unreleased Changes
 ------------------
 
+3.126.2 (2022-02-16)
+------------------
+
+* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529). 
+* Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist.
+
+3.126.1 (2022-02-14)
+------------------
+
+* Issue - Set `create_time` on IMDS tokens before fetch to reduce chance of using expired tokens and retry failures due to using expired tokens.
+
+3.126.0 (2022-02-03)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Add support for recursion detection.
+
+3.125.6 (2022-02-02)
+------------------
+
+* Issue - Ensure default message for ServiceError is a string (#2643).
+
 3.125.5 (2022-01-19)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.125.5
+3.126.2

data/lib/aws-sdk-core/assume_role_credentials.rb

@@ -17,6 +17,11 @@ module Aws
   #
   # If you omit `:client` option, a new {STS::Client} object will be
   # constructed.
+  #
+  # The AssumeRoleCredentials also provides a `before_refresh` callback
+  # that can be used to help manage refreshing tokens.
+  # `before_refresh` is called when AWS credentials are required and need
+  # to be refreshed and it is called with the AssumeRoleCredentials object.
   class AssumeRoleCredentials
 
     include CredentialProvider
@@ -28,6 +33,16 @@ module Aws
     # @option options [Integer] :duration_seconds
     # @option options [String] :external_id
     # @option options [STS::Client] :client
+    # @option options [Callable] before_refresh Proc called before
+    #   credentials are refreshed.  Useful for updating tokens.
+    #   `before_refresh` is called when AWS credentials are
+    #   required and need to be refreshed. Tokens can be refreshed using
+    #   the following example:
+    #
+    #      before_refresh = Proc.new do |assume_role_credentials| do
+    #        assume_role_credentials.assume_role_params['token_code'] = update_token
+    #      end
+    #
     def initialize(options = {})
       client_opts = {}
       @assume_role_params = {}
@@ -45,6 +60,9 @@ module Aws
     # @return [STS::Client]
     attr_reader :client
 
+    # @return [Hash]
+    attr_reader :assume_role_params
+
     private
 
     def refresh

data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb

@@ -39,6 +39,11 @@ module Aws
     #   encoded UUID is generated as the session name
     #
     # @option options [STS::Client] :client
+    #
+    # @option options [Callable] before_refresh Proc called before
+    #   credentials are refreshed. `before_refresh` is called
+    #   with an instance of this object when
+    #   AWS credentials are required and need to be refreshed.
     def initialize(options = {})
       client_opts = {}
       @assume_role_web_identity_params = {}

data/lib/aws-sdk-core/ec2_metadata.rb

@@ -136,8 +136,9 @@ module Aws
 
     def fetch_token
       open_connection do |conn|
+        created_time = Time.now
         token_value, token_ttl = http_put(conn, @token_ttl)
-        @token = Token.new(value: token_value, ttl: token_ttl)
+        @token = Token.new(value: token_value, ttl: token_ttl, created_time: created_time)
       end
     end
 
@@ -222,7 +223,7 @@ module Aws
       def initialize(options = {})
         @ttl   = options[:ttl]
         @value = options[:value]
-        @created_time = Time.now
+        @created_time = options[:created_time] || Time.now
       end
 
       # [String] Returns the token value.

data/lib/aws-sdk-core/ecs_credentials.rb

@@ -43,6 +43,10 @@ module Aws
     # @option options [IO] :http_debug_output (nil) HTTP wire
     #   traces are sent to this object.  You can specify something
     #   like $stdout.
+    # @option options [Callable] before_refresh Proc called before
+    #   credentials are refreshed. `before_refresh` is called
+    #   with an instance of this object when
+    #   AWS credentials are required and need to be refreshed.
     def initialize options = {}
       @retries = options[:retries] || 5
       @ip_address = options[:ip_address] || '169.254.170.2'

data/lib/aws-sdk-core/errors.rb

@@ -18,7 +18,7 @@ module Aws
         @code = self.class.code
         @context = context
         @data = data
-        @message = message && !message.empty? ? message : self.class
+        @message = message && !message.empty? ? message : self.class.to_s
         super(@message)
       end
 

data/lib/aws-sdk-core/instance_profile_credentials.rb

@@ -63,6 +63,10 @@ module Aws
     # @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
     #   Metadata Token used for fetching Metadata Profile Credentials, defaults
     #   to 21600 seconds
+    # @option options [Callable] before_refresh Proc called before
+    #   credentials are refreshed. `before_refresh` is called
+    #   with an instance of this object when
+    #   AWS credentials are required and need to be refreshed.
     def initialize(options = {})
       @retries = options[:retries] || 1
       endpoint_mode = resolve_endpoint_mode(options)
@@ -153,10 +157,11 @@ module Aws
               begin
                 retry_errors(NETWORK_ERRORS, max_retries: @retries) do
                   unless token_set?
+                    created_time = Time.now
                     token_value, ttl = http_put(
                       conn, METADATA_TOKEN_PATH, @token_ttl
                     )
-                    @token = Token.new(token_value, ttl) if token_value && ttl
+                    @token = Token.new(token_value, ttl, created_time) if token_value && ttl
                   end
                 end
               rescue *NETWORK_ERRORS
@@ -166,9 +171,17 @@ module Aws
               end
 
               token = @token.value if token_set?
-              metadata = http_get(conn, METADATA_PATH_BASE, token)
-              profile_name = metadata.lines.first.strip
-              http_get(conn, METADATA_PATH_BASE + profile_name, token)
+
+              begin
+                metadata = http_get(conn, METADATA_PATH_BASE, token)
+                profile_name = metadata.lines.first.strip
+                http_get(conn, METADATA_PATH_BASE + profile_name, token)
+              rescue TokenExpiredError
+                # Token has expired, reset it
+                # The next retry should fetch it
+                @token = nil
+                raise Non200Response
+              end
             end
           end
         rescue
@@ -200,9 +213,15 @@ module Aws
       headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}" }
       headers['x-aws-ec2-metadata-token'] = token if token
       response = connection.request(Net::HTTP::Get.new(path, headers))
-      raise Non200Response unless response.code.to_i == 200
 
-      response.body
+      case response.code.to_i
+      when 200
+        response.body
+      when 401
+        raise TokenExpiredError
+      else
+        raise Non200Response
+      end
     end
 
     # PUT request fetch token with ttl
@@ -244,10 +263,10 @@ module Aws
     # @api private
     # Token used to fetch IMDS profile and credentials
     class Token
-      def initialize(value, ttl)
+      def initialize(value, ttl, created_time = Time.now)
         @ttl = ttl
         @value = value
-        @created_time = Time.now
+        @created_time = created_time
       end
 
       # [String] token value

data/lib/aws-sdk-core/plugins/recursion_detection.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Aws
+  module Plugins
+    # @api private
+    class RecursionDetection < Seahorse::Client::Plugin
+
+      # @api private
+      class Handler < Seahorse::Client::Handler
+        def call(context)
+
+          unless context.http_request.headers.key?('x-amz-trace-id')
+            if ENV['AWS_LAMBDA_FUNCTION_NAME'] &&
+              (trace_id = ENV['_X_AMZ_TRACE_ID'])
+              context.http_request.headers['x-amz-trace-id'] = trace_id
+            end
+          end
+          @handler.call(context)
+        end
+      end
+
+      # should be at the end of build so that
+      # modeled traits / service customizations apply first
+      handler(Handler, step: :build, order: 99)
+    end
+  end
+end

data/lib/aws-sdk-core/refreshing_credentials.rb

@@ -19,6 +19,9 @@ module Aws
 
     def initialize(options = {})
       @mutex = Mutex.new
+      @before_refresh = options.delete(:before_refresh) if Hash === options
+
+      @before_refresh.call(self) if @before_refresh
       refresh
     end
 
@@ -37,7 +40,11 @@ module Aws
     # Refresh credentials.
     # @return [void]
     def refresh!
-      @mutex.synchronize { refresh }
+      @mutex.synchronize do
+        @before_refresh.call(self) if @before_refresh
+
+        refresh
+      end
     end
 
     private
@@ -47,7 +54,11 @@ module Aws
     def refresh_if_near_expiration
       if near_expiration?
         @mutex.synchronize do
-          refresh if near_expiration?
+          if near_expiration?
+            @before_refresh.call(self) if @before_refresh
+
+            refresh
+          end
         end
       end
     end

data/lib/aws-sdk-core/shared_config.rb

@@ -100,7 +100,7 @@ module Aws
     #   or `nil` if no valid credentials were found.
     def credentials(opts = {})
       p = opts[:profile] || @profile_name
-      validate_profile_exists(p) if credentials_present?
+      validate_profile_exists(p)
       if (credentials = credentials_from_shared(p, opts))
         credentials
       elsif (credentials = credentials_from_config(p, opts))
@@ -195,11 +195,6 @@ module Aws
       value
     end
 
-    def credentials_present?
-      (@parsed_credentials && !@parsed_credentials.empty?) ||
-        (@parsed_config && !@parsed_config.empty?)
-    end
-
     def assume_role_from_profile(cfg, profile, opts, chain_config)
       if cfg && prof_cfg = cfg[profile]
         opts[:source_profile] ||= prof_cfg['source_profile']

data/lib/aws-sdk-core/sso_credentials.rb

@@ -63,6 +63,11 @@ module Aws
     #
     # @option options [SSO::Client] :client Optional `SSO::Client`.  If not
     #   provided, a client will be constructed.
+    #
+    # @option options [Callable] before_refresh Proc called before
+    #   credentials are refreshed. `before_refresh` is called
+    #   with an instance of this object when
+    #   AWS credentials are required and need to be refreshed.
     def initialize(options = {})
 
       missing_keys = SSO_REQUIRED_OPTS.select { |k| options[k].nil? }

data/lib/aws-sdk-sso/client.rb

@@ -28,6 +28,7 @@ require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/http_checksum.rb'
 require 'aws-sdk-core/plugins/defaults_mode.rb'
+require 'aws-sdk-core/plugins/recursion_detection.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/rest_json.rb'
 
@@ -75,6 +76,7 @@ module Aws::SSO
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::HttpChecksum)
     add_plugin(Aws::Plugins::DefaultsMode)
+    add_plugin(Aws::Plugins::RecursionDetection)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::RestJson)
 
@@ -541,7 +543,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.125.5'
+      context[:gem_version] = '3.126.2'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso.rb

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
 
-  GEM_VERSION = '3.125.5'
+  GEM_VERSION = '3.126.2'
 
 end

data/lib/aws-sdk-sts/client.rb

@@ -28,6 +28,7 @@ require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/http_checksum.rb'
 require 'aws-sdk-core/plugins/defaults_mode.rb'
+require 'aws-sdk-core/plugins/recursion_detection.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/query.rb'
 require 'aws-sdk-sts/plugins/sts_regional_endpoints.rb'
@@ -76,6 +77,7 @@ module Aws::STS
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::HttpChecksum)
     add_plugin(Aws::Plugins::DefaultsMode)
+    add_plugin(Aws::Plugins::RecursionDetection)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::Query)
     add_plugin(Aws::STS::Plugins::STSRegionalEndpoints)
@@ -2284,7 +2286,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.125.5'
+      context[:gem_version] = '3.126.2'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts.rb

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @!group service
 module Aws::STS
 
-  GEM_VERSION = '3.125.5'
+  GEM_VERSION = '3.126.2'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.125.5
+  version: 3.126.2
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-01-19 00:00:00.000000000 Z
+date: 2022-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath
@@ -161,6 +161,7 @@ files:
 - lib/aws-sdk-core/plugins/protocols/query.rb
 - lib/aws-sdk-core/plugins/protocols/rest_json.rb
 - lib/aws-sdk-core/plugins/protocols/rest_xml.rb
+- lib/aws-sdk-core/plugins/recursion_detection.rb
 - lib/aws-sdk-core/plugins/regional_endpoint.rb
 - lib/aws-sdk-core/plugins/response_paging.rb
 - lib/aws-sdk-core/plugins/retries/client_rate_limiter.rb