aws-sdk-core 3.125.5 → 3.126.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +23 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/assume_role_credentials.rb +18 -0
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +5 -0
- data/lib/aws-sdk-core/ec2_metadata.rb +3 -2
- data/lib/aws-sdk-core/ecs_credentials.rb +4 -0
- data/lib/aws-sdk-core/errors.rb +1 -1
- data/lib/aws-sdk-core/instance_profile_credentials.rb +27 -8
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +27 -0
- data/lib/aws-sdk-core/refreshing_credentials.rb +13 -2
- data/lib/aws-sdk-core/shared_config.rb +1 -6
- data/lib/aws-sdk-core/sso_credentials.rb +5 -0
- data/lib/aws-sdk-sso/client.rb +3 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +3 -1
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 43456ebcfb658f355c30401c60fbc040821ad6e166a5341f6fe6c6ee13504fb2
|
4
|
+
data.tar.gz: e2b3ad8937b2abfd04fb996466dfcfaedd6f30fc2a01d3129568eb1c92410fb1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c2d1633574df08000c0d247dd044ab137481c616da29bca727c0f8e534655f4bf85ac7a10b3f2dab6fb3ec1bb5bfdb75053b2b124bcdead670dc080af98eb608
|
7
|
+
data.tar.gz: cc10baad99ea717024d2b841a529d5a89a4b10585cf38b008d51e5c36ab9981b330d3d2769b4e9a6e94b05cd66596cba9d0e5a687e8f90c89be214498680720b
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,29 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
3.126.2 (2022-02-16)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
|
8
|
+
* Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist.
|
9
|
+
|
10
|
+
3.126.1 (2022-02-14)
|
11
|
+
------------------
|
12
|
+
|
13
|
+
* Issue - Set `create_time` on IMDS tokens before fetch to reduce chance of using expired tokens and retry failures due to using expired tokens.
|
14
|
+
|
15
|
+
3.126.0 (2022-02-03)
|
16
|
+
------------------
|
17
|
+
|
18
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
19
|
+
|
20
|
+
* Feature - Add support for recursion detection.
|
21
|
+
|
22
|
+
3.125.6 (2022-02-02)
|
23
|
+
------------------
|
24
|
+
|
25
|
+
* Issue - Ensure default message for ServiceError is a string (#2643).
|
26
|
+
|
4
27
|
3.125.5 (2022-01-19)
|
5
28
|
------------------
|
6
29
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.126.2
|
@@ -17,6 +17,11 @@ module Aws
|
|
17
17
|
#
|
18
18
|
# If you omit `:client` option, a new {STS::Client} object will be
|
19
19
|
# constructed.
|
20
|
+
#
|
21
|
+
# The AssumeRoleCredentials also provides a `before_refresh` callback
|
22
|
+
# that can be used to help manage refreshing tokens.
|
23
|
+
# `before_refresh` is called when AWS credentials are required and need
|
24
|
+
# to be refreshed and it is called with the AssumeRoleCredentials object.
|
20
25
|
class AssumeRoleCredentials
|
21
26
|
|
22
27
|
include CredentialProvider
|
@@ -28,6 +33,16 @@ module Aws
|
|
28
33
|
# @option options [Integer] :duration_seconds
|
29
34
|
# @option options [String] :external_id
|
30
35
|
# @option options [STS::Client] :client
|
36
|
+
# @option options [Callable] before_refresh Proc called before
|
37
|
+
# credentials are refreshed. Useful for updating tokens.
|
38
|
+
# `before_refresh` is called when AWS credentials are
|
39
|
+
# required and need to be refreshed. Tokens can be refreshed using
|
40
|
+
# the following example:
|
41
|
+
#
|
42
|
+
# before_refresh = Proc.new do |assume_role_credentials| do
|
43
|
+
# assume_role_credentials.assume_role_params['token_code'] = update_token
|
44
|
+
# end
|
45
|
+
#
|
31
46
|
def initialize(options = {})
|
32
47
|
client_opts = {}
|
33
48
|
@assume_role_params = {}
|
@@ -45,6 +60,9 @@ module Aws
|
|
45
60
|
# @return [STS::Client]
|
46
61
|
attr_reader :client
|
47
62
|
|
63
|
+
# @return [Hash]
|
64
|
+
attr_reader :assume_role_params
|
65
|
+
|
48
66
|
private
|
49
67
|
|
50
68
|
def refresh
|
@@ -39,6 +39,11 @@ module Aws
|
|
39
39
|
# encoded UUID is generated as the session name
|
40
40
|
#
|
41
41
|
# @option options [STS::Client] :client
|
42
|
+
#
|
43
|
+
# @option options [Callable] before_refresh Proc called before
|
44
|
+
# credentials are refreshed. `before_refresh` is called
|
45
|
+
# with an instance of this object when
|
46
|
+
# AWS credentials are required and need to be refreshed.
|
42
47
|
def initialize(options = {})
|
43
48
|
client_opts = {}
|
44
49
|
@assume_role_web_identity_params = {}
|
@@ -136,8 +136,9 @@ module Aws
|
|
136
136
|
|
137
137
|
def fetch_token
|
138
138
|
open_connection do |conn|
|
139
|
+
created_time = Time.now
|
139
140
|
token_value, token_ttl = http_put(conn, @token_ttl)
|
140
|
-
@token = Token.new(value: token_value, ttl: token_ttl)
|
141
|
+
@token = Token.new(value: token_value, ttl: token_ttl, created_time: created_time)
|
141
142
|
end
|
142
143
|
end
|
143
144
|
|
@@ -222,7 +223,7 @@ module Aws
|
|
222
223
|
def initialize(options = {})
|
223
224
|
@ttl = options[:ttl]
|
224
225
|
@value = options[:value]
|
225
|
-
@created_time = Time.now
|
226
|
+
@created_time = options[:created_time] || Time.now
|
226
227
|
end
|
227
228
|
|
228
229
|
# [String] Returns the token value.
|
@@ -43,6 +43,10 @@ module Aws
|
|
43
43
|
# @option options [IO] :http_debug_output (nil) HTTP wire
|
44
44
|
# traces are sent to this object. You can specify something
|
45
45
|
# like $stdout.
|
46
|
+
# @option options [Callable] before_refresh Proc called before
|
47
|
+
# credentials are refreshed. `before_refresh` is called
|
48
|
+
# with an instance of this object when
|
49
|
+
# AWS credentials are required and need to be refreshed.
|
46
50
|
def initialize options = {}
|
47
51
|
@retries = options[:retries] || 5
|
48
52
|
@ip_address = options[:ip_address] || '169.254.170.2'
|
data/lib/aws-sdk-core/errors.rb
CHANGED
@@ -63,6 +63,10 @@ module Aws
|
|
63
63
|
# @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
|
64
64
|
# Metadata Token used for fetching Metadata Profile Credentials, defaults
|
65
65
|
# to 21600 seconds
|
66
|
+
# @option options [Callable] before_refresh Proc called before
|
67
|
+
# credentials are refreshed. `before_refresh` is called
|
68
|
+
# with an instance of this object when
|
69
|
+
# AWS credentials are required and need to be refreshed.
|
66
70
|
def initialize(options = {})
|
67
71
|
@retries = options[:retries] || 1
|
68
72
|
endpoint_mode = resolve_endpoint_mode(options)
|
@@ -153,10 +157,11 @@ module Aws
|
|
153
157
|
begin
|
154
158
|
retry_errors(NETWORK_ERRORS, max_retries: @retries) do
|
155
159
|
unless token_set?
|
160
|
+
created_time = Time.now
|
156
161
|
token_value, ttl = http_put(
|
157
162
|
conn, METADATA_TOKEN_PATH, @token_ttl
|
158
163
|
)
|
159
|
-
@token = Token.new(token_value, ttl) if token_value && ttl
|
164
|
+
@token = Token.new(token_value, ttl, created_time) if token_value && ttl
|
160
165
|
end
|
161
166
|
end
|
162
167
|
rescue *NETWORK_ERRORS
|
@@ -166,9 +171,17 @@ module Aws
|
|
166
171
|
end
|
167
172
|
|
168
173
|
token = @token.value if token_set?
|
169
|
-
|
170
|
-
|
171
|
-
|
174
|
+
|
175
|
+
begin
|
176
|
+
metadata = http_get(conn, METADATA_PATH_BASE, token)
|
177
|
+
profile_name = metadata.lines.first.strip
|
178
|
+
http_get(conn, METADATA_PATH_BASE + profile_name, token)
|
179
|
+
rescue TokenExpiredError
|
180
|
+
# Token has expired, reset it
|
181
|
+
# The next retry should fetch it
|
182
|
+
@token = nil
|
183
|
+
raise Non200Response
|
184
|
+
end
|
172
185
|
end
|
173
186
|
end
|
174
187
|
rescue
|
@@ -200,9 +213,15 @@ module Aws
|
|
200
213
|
headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}" }
|
201
214
|
headers['x-aws-ec2-metadata-token'] = token if token
|
202
215
|
response = connection.request(Net::HTTP::Get.new(path, headers))
|
203
|
-
raise Non200Response unless response.code.to_i == 200
|
204
216
|
|
205
|
-
response.
|
217
|
+
case response.code.to_i
|
218
|
+
when 200
|
219
|
+
response.body
|
220
|
+
when 401
|
221
|
+
raise TokenExpiredError
|
222
|
+
else
|
223
|
+
raise Non200Response
|
224
|
+
end
|
206
225
|
end
|
207
226
|
|
208
227
|
# PUT request fetch token with ttl
|
@@ -244,10 +263,10 @@ module Aws
|
|
244
263
|
# @api private
|
245
264
|
# Token used to fetch IMDS profile and credentials
|
246
265
|
class Token
|
247
|
-
def initialize(value, ttl)
|
266
|
+
def initialize(value, ttl, created_time = Time.now)
|
248
267
|
@ttl = ttl
|
249
268
|
@value = value
|
250
|
-
@created_time =
|
269
|
+
@created_time = created_time
|
251
270
|
end
|
252
271
|
|
253
272
|
# [String] token value
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module Plugins
|
5
|
+
# @api private
|
6
|
+
class RecursionDetection < Seahorse::Client::Plugin
|
7
|
+
|
8
|
+
# @api private
|
9
|
+
class Handler < Seahorse::Client::Handler
|
10
|
+
def call(context)
|
11
|
+
|
12
|
+
unless context.http_request.headers.key?('x-amz-trace-id')
|
13
|
+
if ENV['AWS_LAMBDA_FUNCTION_NAME'] &&
|
14
|
+
(trace_id = ENV['_X_AMZ_TRACE_ID'])
|
15
|
+
context.http_request.headers['x-amz-trace-id'] = trace_id
|
16
|
+
end
|
17
|
+
end
|
18
|
+
@handler.call(context)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
# should be at the end of build so that
|
23
|
+
# modeled traits / service customizations apply first
|
24
|
+
handler(Handler, step: :build, order: 99)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -19,6 +19,9 @@ module Aws
|
|
19
19
|
|
20
20
|
def initialize(options = {})
|
21
21
|
@mutex = Mutex.new
|
22
|
+
@before_refresh = options.delete(:before_refresh) if Hash === options
|
23
|
+
|
24
|
+
@before_refresh.call(self) if @before_refresh
|
22
25
|
refresh
|
23
26
|
end
|
24
27
|
|
@@ -37,7 +40,11 @@ module Aws
|
|
37
40
|
# Refresh credentials.
|
38
41
|
# @return [void]
|
39
42
|
def refresh!
|
40
|
-
@mutex.synchronize
|
43
|
+
@mutex.synchronize do
|
44
|
+
@before_refresh.call(self) if @before_refresh
|
45
|
+
|
46
|
+
refresh
|
47
|
+
end
|
41
48
|
end
|
42
49
|
|
43
50
|
private
|
@@ -47,7 +54,11 @@ module Aws
|
|
47
54
|
def refresh_if_near_expiration
|
48
55
|
if near_expiration?
|
49
56
|
@mutex.synchronize do
|
50
|
-
|
57
|
+
if near_expiration?
|
58
|
+
@before_refresh.call(self) if @before_refresh
|
59
|
+
|
60
|
+
refresh
|
61
|
+
end
|
51
62
|
end
|
52
63
|
end
|
53
64
|
end
|
@@ -100,7 +100,7 @@ module Aws
|
|
100
100
|
# or `nil` if no valid credentials were found.
|
101
101
|
def credentials(opts = {})
|
102
102
|
p = opts[:profile] || @profile_name
|
103
|
-
validate_profile_exists(p)
|
103
|
+
validate_profile_exists(p)
|
104
104
|
if (credentials = credentials_from_shared(p, opts))
|
105
105
|
credentials
|
106
106
|
elsif (credentials = credentials_from_config(p, opts))
|
@@ -195,11 +195,6 @@ module Aws
|
|
195
195
|
value
|
196
196
|
end
|
197
197
|
|
198
|
-
def credentials_present?
|
199
|
-
(@parsed_credentials && !@parsed_credentials.empty?) ||
|
200
|
-
(@parsed_config && !@parsed_config.empty?)
|
201
|
-
end
|
202
|
-
|
203
198
|
def assume_role_from_profile(cfg, profile, opts, chain_config)
|
204
199
|
if cfg && prof_cfg = cfg[profile]
|
205
200
|
opts[:source_profile] ||= prof_cfg['source_profile']
|
@@ -63,6 +63,11 @@ module Aws
|
|
63
63
|
#
|
64
64
|
# @option options [SSO::Client] :client Optional `SSO::Client`. If not
|
65
65
|
# provided, a client will be constructed.
|
66
|
+
#
|
67
|
+
# @option options [Callable] before_refresh Proc called before
|
68
|
+
# credentials are refreshed. `before_refresh` is called
|
69
|
+
# with an instance of this object when
|
70
|
+
# AWS credentials are required and need to be refreshed.
|
66
71
|
def initialize(options = {})
|
67
72
|
|
68
73
|
missing_keys = SSO_REQUIRED_OPTS.select { |k| options[k].nil? }
|
data/lib/aws-sdk-sso/client.rb
CHANGED
@@ -28,6 +28,7 @@ require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
30
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
31
|
+
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
31
32
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
32
33
|
require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
33
34
|
|
@@ -75,6 +76,7 @@ module Aws::SSO
|
|
75
76
|
add_plugin(Aws::Plugins::TransferEncoding)
|
76
77
|
add_plugin(Aws::Plugins::HttpChecksum)
|
77
78
|
add_plugin(Aws::Plugins::DefaultsMode)
|
79
|
+
add_plugin(Aws::Plugins::RecursionDetection)
|
78
80
|
add_plugin(Aws::Plugins::SignatureV4)
|
79
81
|
add_plugin(Aws::Plugins::Protocols::RestJson)
|
80
82
|
|
@@ -541,7 +543,7 @@ module Aws::SSO
|
|
541
543
|
params: params,
|
542
544
|
config: config)
|
543
545
|
context[:gem_name] = 'aws-sdk-core'
|
544
|
-
context[:gem_version] = '3.
|
546
|
+
context[:gem_version] = '3.126.2'
|
545
547
|
Seahorse::Client::Request.new(handlers, context)
|
546
548
|
end
|
547
549
|
|
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -28,6 +28,7 @@ require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
30
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
31
|
+
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
31
32
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
32
33
|
require 'aws-sdk-core/plugins/protocols/query.rb'
|
33
34
|
require 'aws-sdk-sts/plugins/sts_regional_endpoints.rb'
|
@@ -76,6 +77,7 @@ module Aws::STS
|
|
76
77
|
add_plugin(Aws::Plugins::TransferEncoding)
|
77
78
|
add_plugin(Aws::Plugins::HttpChecksum)
|
78
79
|
add_plugin(Aws::Plugins::DefaultsMode)
|
80
|
+
add_plugin(Aws::Plugins::RecursionDetection)
|
79
81
|
add_plugin(Aws::Plugins::SignatureV4)
|
80
82
|
add_plugin(Aws::Plugins::Protocols::Query)
|
81
83
|
add_plugin(Aws::STS::Plugins::STSRegionalEndpoints)
|
@@ -2284,7 +2286,7 @@ module Aws::STS
|
|
2284
2286
|
params: params,
|
2285
2287
|
config: config)
|
2286
2288
|
context[:gem_name] = 'aws-sdk-core'
|
2287
|
-
context[:gem_version] = '3.
|
2289
|
+
context[:gem_version] = '3.126.2'
|
2288
2290
|
Seahorse::Client::Request.new(handlers, context)
|
2289
2291
|
end
|
2290
2292
|
|
data/lib/aws-sdk-sts.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.126.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-02-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jmespath
|
@@ -161,6 +161,7 @@ files:
|
|
161
161
|
- lib/aws-sdk-core/plugins/protocols/query.rb
|
162
162
|
- lib/aws-sdk-core/plugins/protocols/rest_json.rb
|
163
163
|
- lib/aws-sdk-core/plugins/protocols/rest_xml.rb
|
164
|
+
- lib/aws-sdk-core/plugins/recursion_detection.rb
|
164
165
|
- lib/aws-sdk-core/plugins/regional_endpoint.rb
|
165
166
|
- lib/aws-sdk-core/plugins/response_paging.rb
|
166
167
|
- lib/aws-sdk-core/plugins/retries/client_rate_limiter.rb
|