aws-sdk-core 3.126.1 → 3.128.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/assume_role_credentials.rb +18 -0
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +5 -0
- data/lib/aws-sdk-core/ecs_credentials.rb +4 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +4 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
- data/lib/aws-sdk-core/plugins/http_checksum.rb +8 -1
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +1 -1
- data/lib/aws-sdk-core/plugins/signature_v4.rb +1 -1
- data/lib/aws-sdk-core/refreshing_credentials.rb +13 -2
- data/lib/aws-sdk-core/shared_config.rb +1 -6
- data/lib/aws-sdk-core/sso_credentials.rb +5 -0
- data/lib/aws-sdk-sso/client.rb +3 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +55 -51
- data/lib/aws-sdk-sts/types.rb +7 -7
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/seahorse/model/operation.rb +3 -0
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1cf93a52549a583ebf666ac76c7c9243e3068ff7c3e2bd18051ed14d6b2dda36
|
4
|
+
data.tar.gz: c5dd331a95e8437164d33537b0e415de2d74dacc596f2e7675124bd1afded021
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4b35894b76ba7531148db72002bbad246a2617a8ec412426520002ef10f82e91b7b89d0cb99cea33b2123a9a7641c98cf4d97769cbccd8c6e6f7bbf5ae4fbb98
|
7
|
+
data.tar.gz: e0818ff963cf8f516a741348d625099c4f3a1d70ad5f30a8722a152f77e251d08a5411eae07a5840b718d636d0eb486a2ea59c6f968d0550bf4e230564baa763
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,26 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
3.128.0 (2022-03-04)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
8
|
+
|
9
|
+
3.127.0 (2022-02-24)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
13
|
+
|
14
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
15
|
+
|
16
|
+
* Feature - Support `HttpChecksum` trait for requests and responses.
|
17
|
+
|
18
|
+
3.126.2 (2022-02-16)
|
19
|
+
------------------
|
20
|
+
|
21
|
+
* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
|
22
|
+
* Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist.
|
23
|
+
|
4
24
|
3.126.1 (2022-02-14)
|
5
25
|
------------------
|
6
26
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.128.0
|
@@ -17,6 +17,11 @@ module Aws
|
|
17
17
|
#
|
18
18
|
# If you omit `:client` option, a new {STS::Client} object will be
|
19
19
|
# constructed.
|
20
|
+
#
|
21
|
+
# The AssumeRoleCredentials also provides a `before_refresh` callback
|
22
|
+
# that can be used to help manage refreshing tokens.
|
23
|
+
# `before_refresh` is called when AWS credentials are required and need
|
24
|
+
# to be refreshed and it is called with the AssumeRoleCredentials object.
|
20
25
|
class AssumeRoleCredentials
|
21
26
|
|
22
27
|
include CredentialProvider
|
@@ -28,6 +33,16 @@ module Aws
|
|
28
33
|
# @option options [Integer] :duration_seconds
|
29
34
|
# @option options [String] :external_id
|
30
35
|
# @option options [STS::Client] :client
|
36
|
+
# @option options [Callable] before_refresh Proc called before
|
37
|
+
# credentials are refreshed. Useful for updating tokens.
|
38
|
+
# `before_refresh` is called when AWS credentials are
|
39
|
+
# required and need to be refreshed. Tokens can be refreshed using
|
40
|
+
# the following example:
|
41
|
+
#
|
42
|
+
# before_refresh = Proc.new do |assume_role_credentials| do
|
43
|
+
# assume_role_credentials.assume_role_params['token_code'] = update_token
|
44
|
+
# end
|
45
|
+
#
|
31
46
|
def initialize(options = {})
|
32
47
|
client_opts = {}
|
33
48
|
@assume_role_params = {}
|
@@ -45,6 +60,9 @@ module Aws
|
|
45
60
|
# @return [STS::Client]
|
46
61
|
attr_reader :client
|
47
62
|
|
63
|
+
# @return [Hash]
|
64
|
+
attr_reader :assume_role_params
|
65
|
+
|
48
66
|
private
|
49
67
|
|
50
68
|
def refresh
|
@@ -39,6 +39,11 @@ module Aws
|
|
39
39
|
# encoded UUID is generated as the session name
|
40
40
|
#
|
41
41
|
# @option options [STS::Client] :client
|
42
|
+
#
|
43
|
+
# @option options [Callable] before_refresh Proc called before
|
44
|
+
# credentials are refreshed. `before_refresh` is called
|
45
|
+
# with an instance of this object when
|
46
|
+
# AWS credentials are required and need to be refreshed.
|
42
47
|
def initialize(options = {})
|
43
48
|
client_opts = {}
|
44
49
|
@assume_role_web_identity_params = {}
|
@@ -43,6 +43,10 @@ module Aws
|
|
43
43
|
# @option options [IO] :http_debug_output (nil) HTTP wire
|
44
44
|
# traces are sent to this object. You can specify something
|
45
45
|
# like $stdout.
|
46
|
+
# @option options [Callable] before_refresh Proc called before
|
47
|
+
# credentials are refreshed. `before_refresh` is called
|
48
|
+
# with an instance of this object when
|
49
|
+
# AWS credentials are required and need to be refreshed.
|
46
50
|
def initialize options = {}
|
47
51
|
@retries = options[:retries] || 5
|
48
52
|
@ip_address = options[:ip_address] || '169.254.170.2'
|
@@ -63,6 +63,10 @@ module Aws
|
|
63
63
|
# @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
|
64
64
|
# Metadata Token used for fetching Metadata Profile Credentials, defaults
|
65
65
|
# to 21600 seconds
|
66
|
+
# @option options [Callable] before_refresh Proc called before
|
67
|
+
# credentials are refreshed. `before_refresh` is called
|
68
|
+
# with an instance of this object when
|
69
|
+
# AWS credentials are required and need to be refreshed.
|
66
70
|
def initialize(options = {})
|
67
71
|
@retries = options[:retries] || 1
|
68
72
|
endpoint_mode = resolve_endpoint_mode(options)
|
@@ -0,0 +1,340 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module Plugins
|
5
|
+
# @api private
|
6
|
+
class ChecksumAlgorithm < Seahorse::Client::Plugin
|
7
|
+
CHUNK_SIZE = 1 * 1024 * 1024 # one MB
|
8
|
+
|
9
|
+
# determine the set of supported client side checksum algorithms
|
10
|
+
# CRC32c requires aws-crt (optional sdk dependency) for support
|
11
|
+
CLIENT_ALGORITHMS = begin
|
12
|
+
supported = %w[SHA256 SHA1 CRC32]
|
13
|
+
begin
|
14
|
+
require 'aws-crt'
|
15
|
+
supported << 'CRC32C'
|
16
|
+
rescue LoadError
|
17
|
+
end
|
18
|
+
supported
|
19
|
+
end.freeze
|
20
|
+
|
21
|
+
# priority order of checksum algorithms to validate responses against
|
22
|
+
# Remove any algorithms not supported by client (ie, depending on CRT availability)
|
23
|
+
CHECKSUM_ALGORITHM_PRIORITIES = %w[CRC32C SHA1 CRC32 SHA256] & CLIENT_ALGORITHMS
|
24
|
+
|
25
|
+
# byte size of checksums, used in computing the trailer length
|
26
|
+
CHECKSUM_SIZE = {
|
27
|
+
'CRC32' => 16,
|
28
|
+
'CRC32C' => 16,
|
29
|
+
'SHA1' => 36,
|
30
|
+
'SHA256' => 52
|
31
|
+
}
|
32
|
+
|
33
|
+
# Interface for computing digests on request/response bodies
|
34
|
+
# which may be files, strings or IO like objects
|
35
|
+
# Applies only to digest functions that produce 32 bit integer checksums
|
36
|
+
# (eg CRC32)
|
37
|
+
class Digest32
|
38
|
+
|
39
|
+
attr_reader :value
|
40
|
+
|
41
|
+
# @param [Object] digest_fn
|
42
|
+
def initialize(digest_fn)
|
43
|
+
@digest_fn = digest_fn
|
44
|
+
@value = 0
|
45
|
+
end
|
46
|
+
|
47
|
+
def update(chunk)
|
48
|
+
@value = @digest_fn.call(chunk, @value)
|
49
|
+
end
|
50
|
+
|
51
|
+
def base64digest
|
52
|
+
Base64.encode64([@value].pack('N')).chomp
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
def add_handlers(handlers, _config)
|
57
|
+
handlers.add(OptionHandler, step: :initialize)
|
58
|
+
# priority set low to ensure checksum is computed AFTER the request is
|
59
|
+
# built but before it is signed
|
60
|
+
handlers.add(ChecksumHandler, priority: 15, step: :build)
|
61
|
+
end
|
62
|
+
|
63
|
+
private
|
64
|
+
|
65
|
+
def self.request_algorithm_selection(context)
|
66
|
+
return unless context.operation.http_checksum
|
67
|
+
|
68
|
+
input_member = context.operation.http_checksum['requestAlgorithmMember']
|
69
|
+
context.params[input_member.to_sym]&.upcase if input_member
|
70
|
+
end
|
71
|
+
|
72
|
+
def self.request_validation_mode(context)
|
73
|
+
return unless context.operation.http_checksum
|
74
|
+
|
75
|
+
input_member = context.operation.http_checksum['requestValidationModeMember']
|
76
|
+
context.params[input_member.to_sym] if input_member
|
77
|
+
end
|
78
|
+
|
79
|
+
def self.operation_response_algorithms(context)
|
80
|
+
return unless context.operation.http_checksum
|
81
|
+
|
82
|
+
context.operation.http_checksum['responseAlgorithms']
|
83
|
+
end
|
84
|
+
|
85
|
+
|
86
|
+
# @api private
|
87
|
+
class OptionHandler < Seahorse::Client::Handler
|
88
|
+
def call(context)
|
89
|
+
context[:http_checksum] ||= {}
|
90
|
+
|
91
|
+
# validate request configuration
|
92
|
+
if (request_input = ChecksumAlgorithm.request_algorithm_selection(context))
|
93
|
+
unless CLIENT_ALGORITHMS.include? request_input
|
94
|
+
if (request_input == 'CRC32C')
|
95
|
+
raise ArgumentError, "CRC32C requires crt support - install the aws-crt gem for support."
|
96
|
+
else
|
97
|
+
raise ArgumentError, "#{request_input} is not a supported checksum algorithm."
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
# validate response configuration
|
103
|
+
if (ChecksumAlgorithm.request_validation_mode(context))
|
104
|
+
# Compute an ordered list as the union between priority supported and the
|
105
|
+
# operation's modeled response algorithms.
|
106
|
+
validation_list = CHECKSUM_ALGORITHM_PRIORITIES &
|
107
|
+
ChecksumAlgorithm.operation_response_algorithms(context)
|
108
|
+
context[:http_checksum][:validation_list] = validation_list
|
109
|
+
end
|
110
|
+
|
111
|
+
@handler.call(context)
|
112
|
+
end
|
113
|
+
end
|
114
|
+
|
115
|
+
# @api private
|
116
|
+
class ChecksumHandler < Seahorse::Client::Handler
|
117
|
+
|
118
|
+
def call(context)
|
119
|
+
if should_calculate_request_checksum?(context)
|
120
|
+
request_algorithm_input = ChecksumAlgorithm.request_algorithm_selection(context)
|
121
|
+
context[:checksum_algorithms] = request_algorithm_input
|
122
|
+
|
123
|
+
request_checksum_property = {
|
124
|
+
'algorithm' => request_algorithm_input,
|
125
|
+
'in' => checksum_request_in(context),
|
126
|
+
'name' => "x-amz-checksum-#{request_algorithm_input.downcase}"
|
127
|
+
}
|
128
|
+
|
129
|
+
calculate_request_checksum(context, request_checksum_property)
|
130
|
+
end
|
131
|
+
|
132
|
+
if should_verify_response_checksum?(context)
|
133
|
+
add_verify_response_checksum_handlers(context)
|
134
|
+
end
|
135
|
+
|
136
|
+
@handler.call(context)
|
137
|
+
end
|
138
|
+
|
139
|
+
private
|
140
|
+
|
141
|
+
def should_calculate_request_checksum?(context)
|
142
|
+
context.operation.http_checksum &&
|
143
|
+
ChecksumAlgorithm.request_algorithm_selection(context)
|
144
|
+
end
|
145
|
+
|
146
|
+
def should_verify_response_checksum?(context)
|
147
|
+
context[:http_checksum][:validation_list] && !context[:http_checksum][:validation_list].empty?
|
148
|
+
end
|
149
|
+
|
150
|
+
def calculate_request_checksum(context, checksum_properties)
|
151
|
+
case checksum_properties['in']
|
152
|
+
when 'header'
|
153
|
+
header_name = checksum_properties['name']
|
154
|
+
body = context.http_request.body_contents
|
155
|
+
if body
|
156
|
+
context.http_request.headers[header_name] ||=
|
157
|
+
ChecksumAlgorithm.calculate_checksum(checksum_properties['algorithm'], body)
|
158
|
+
end
|
159
|
+
when 'trailer'
|
160
|
+
apply_request_trailer_checksum(context, checksum_properties)
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
164
|
+
def apply_request_trailer_checksum(context, checksum_properties)
|
165
|
+
location_name = checksum_properties['name']
|
166
|
+
|
167
|
+
# set required headers
|
168
|
+
headers = context.http_request.headers
|
169
|
+
headers['Content-Encoding'] = 'aws-chunked'
|
170
|
+
headers['X-Amz-Content-Sha256'] = 'STREAMING-UNSIGNED-PAYLOAD-TRAILER'
|
171
|
+
headers['X-Amz-Trailer'] = location_name
|
172
|
+
|
173
|
+
# We currently always compute the size in the modified body wrapper - allowing us
|
174
|
+
# to set the Content-Length header (set by content_length plugin).
|
175
|
+
# This means we cannot use Transfer-Encoding=chunked
|
176
|
+
|
177
|
+
if !context.http_request.body.respond_to?(:size)
|
178
|
+
raise Aws::Errors::ChecksumError, 'Could not determine length of the body'
|
179
|
+
end
|
180
|
+
headers['X-Amz-Decoded-Content-Length'] = context.http_request.body.size
|
181
|
+
|
182
|
+
context.http_request.body = AwsChunkedTrailerDigestIO.new(
|
183
|
+
context.http_request.body,
|
184
|
+
checksum_properties['algorithm'],
|
185
|
+
location_name
|
186
|
+
)
|
187
|
+
end
|
188
|
+
|
189
|
+
# Add events to the http_response to verify the checksum as its read
|
190
|
+
# This prevents the body from being read multiple times
|
191
|
+
# verification is done only once a successful response has completed
|
192
|
+
def add_verify_response_checksum_handlers(context)
|
193
|
+
http_response = context.http_response
|
194
|
+
checksum_context = { }
|
195
|
+
http_response.on_headers do |_status, headers|
|
196
|
+
header_name, algorithm = response_header_to_verify(headers, context[:http_checksum][:validation_list])
|
197
|
+
if header_name
|
198
|
+
expected = headers[header_name]
|
199
|
+
|
200
|
+
unless context[:http_checksum][:skip_on_suffix] && /-[\d]+$/.match(expected)
|
201
|
+
checksum_context[:algorithm] = algorithm
|
202
|
+
checksum_context[:header_name] = header_name
|
203
|
+
checksum_context[:digest] = ChecksumAlgorithm.digest_for_algorithm(algorithm)
|
204
|
+
checksum_context[:expected] = expected
|
205
|
+
end
|
206
|
+
end
|
207
|
+
end
|
208
|
+
|
209
|
+
http_response.on_data do |chunk|
|
210
|
+
checksum_context[:digest].update(chunk) if checksum_context[:digest]
|
211
|
+
end
|
212
|
+
|
213
|
+
http_response.on_success do
|
214
|
+
if checksum_context[:digest] &&
|
215
|
+
(computed = checksum_context[:digest].base64digest)
|
216
|
+
|
217
|
+
if computed != checksum_context[:expected]
|
218
|
+
raise Aws::Errors::ChecksumError,
|
219
|
+
"Checksum validation failed on #{checksum_context[:header_name]} "\
|
220
|
+
"computed: #{computed}, expected: #{checksum_context[:expected]}"
|
221
|
+
end
|
222
|
+
|
223
|
+
context[:http_checksum][:validated] = checksum_context[:algorithm]
|
224
|
+
end
|
225
|
+
end
|
226
|
+
end
|
227
|
+
|
228
|
+
# returns nil if no headers to verify
|
229
|
+
def response_header_to_verify(headers, validation_list)
|
230
|
+
validation_list.each do |algorithm|
|
231
|
+
header_name = "x-amz-checksum-#{algorithm}"
|
232
|
+
return [header_name, algorithm] if headers[header_name]
|
233
|
+
end
|
234
|
+
nil
|
235
|
+
end
|
236
|
+
|
237
|
+
# determine where (header vs trailer) a request checksum should be added
|
238
|
+
def checksum_request_in(context)
|
239
|
+
if context.operation['authtype'].eql?('v4-unsigned-body')
|
240
|
+
'trailer'
|
241
|
+
else
|
242
|
+
'header'
|
243
|
+
end
|
244
|
+
end
|
245
|
+
|
246
|
+
end
|
247
|
+
|
248
|
+
def self.calculate_checksum(algorithm, body)
|
249
|
+
digest = ChecksumAlgorithm.digest_for_algorithm(algorithm)
|
250
|
+
if body.respond_to?(:read)
|
251
|
+
ChecksumAlgorithm.update_in_chunks(digest, body)
|
252
|
+
else
|
253
|
+
digest.update(body)
|
254
|
+
end
|
255
|
+
digest.base64digest
|
256
|
+
end
|
257
|
+
|
258
|
+
def self.digest_for_algorithm(algorithm)
|
259
|
+
case algorithm
|
260
|
+
when 'CRC32'
|
261
|
+
Digest32.new(Zlib.method(:crc32))
|
262
|
+
when 'CRC32C'
|
263
|
+
# this will only be used if input algorithm is CRC32C AND client supports it (crt available)
|
264
|
+
Digest32.new(Aws::Crt::Checksums.method(:crc32c))
|
265
|
+
when 'SHA1'
|
266
|
+
Digest::SHA1.new
|
267
|
+
when 'SHA256'
|
268
|
+
Digest::SHA256.new
|
269
|
+
end
|
270
|
+
end
|
271
|
+
|
272
|
+
# The trailer size (in bytes) is the overhead + the trailer name +
|
273
|
+
# the length of the base64 encoded checksum
|
274
|
+
def self.trailer_length(algorithm, location_name)
|
275
|
+
CHECKSUM_SIZE[algorithm] + location_name.size
|
276
|
+
end
|
277
|
+
|
278
|
+
def self.update_in_chunks(digest, io)
|
279
|
+
loop do
|
280
|
+
chunk = io.read(CHUNK_SIZE)
|
281
|
+
break unless chunk
|
282
|
+
digest.update(chunk)
|
283
|
+
end
|
284
|
+
io.rewind
|
285
|
+
end
|
286
|
+
|
287
|
+
# Wrapper for request body that implements application-layer
|
288
|
+
# chunking with Digest computed on chunks + added as a trailer
|
289
|
+
class AwsChunkedTrailerDigestIO
|
290
|
+
CHUNK_SIZE = 16384
|
291
|
+
|
292
|
+
def initialize(io, algorithm, location_name)
|
293
|
+
@io = io
|
294
|
+
@location_name = location_name
|
295
|
+
@algorithm = algorithm
|
296
|
+
@digest = ChecksumAlgorithm.digest_for_algorithm(algorithm)
|
297
|
+
@trailer_io = nil
|
298
|
+
end
|
299
|
+
|
300
|
+
# the size of the application layer aws-chunked + trailer body
|
301
|
+
def size
|
302
|
+
# compute the number of chunks
|
303
|
+
# a full chunk has 4 + 4 bytes overhead, a partial chunk is len.to_s(16).size + 4
|
304
|
+
orig_body_size = @io.size
|
305
|
+
n_full_chunks = orig_body_size / CHUNK_SIZE
|
306
|
+
partial_bytes = orig_body_size % CHUNK_SIZE
|
307
|
+
chunked_body_size = n_full_chunks * (CHUNK_SIZE + 8)
|
308
|
+
chunked_body_size += partial_bytes.to_s(16).size + partial_bytes + 4 unless partial_bytes.zero?
|
309
|
+
trailer_size = ChecksumAlgorithm.trailer_length(@algorithm, @location_name)
|
310
|
+
chunked_body_size + trailer_size
|
311
|
+
end
|
312
|
+
|
313
|
+
def rewind
|
314
|
+
@io.rewind
|
315
|
+
end
|
316
|
+
|
317
|
+
def read(length, buf)
|
318
|
+
# account for possible leftover bytes at the end, if we have trailer bytes, send them
|
319
|
+
if @trailer_io
|
320
|
+
return @trailer_io.read(length, buf)
|
321
|
+
end
|
322
|
+
|
323
|
+
chunk = @io.read(length)
|
324
|
+
if chunk
|
325
|
+
@digest.update(chunk)
|
326
|
+
application_chunked = "#{chunk.bytesize.to_s(16)}\r\n#{chunk}\r\n"
|
327
|
+
return StringIO.new(application_chunked).read(application_chunked.size, buf)
|
328
|
+
else
|
329
|
+
trailers = {}
|
330
|
+
trailers[@location_name] = @digest.base64digest
|
331
|
+
trailers = trailers.map { |k,v| "#{k}:#{v}"}.join("\r\n")
|
332
|
+
@trailer_io = StringIO.new("0\r\n#{trailers}\r\n\r\n")
|
333
|
+
chunk = @trailer_io.read(length, buf)
|
334
|
+
end
|
335
|
+
chunk
|
336
|
+
end
|
337
|
+
end
|
338
|
+
end
|
339
|
+
end
|
340
|
+
end
|
@@ -11,7 +11,8 @@ module Aws
|
|
11
11
|
CHUNK_SIZE = 1 * 1024 * 1024 # one MB
|
12
12
|
|
13
13
|
def call(context)
|
14
|
-
if context
|
14
|
+
if checksum_required?(context) &&
|
15
|
+
!context[:checksum_algorithms] # skip in favor of flexible checksum
|
15
16
|
body = context.http_request.body
|
16
17
|
context.http_request.headers['Content-Md5'] ||= md5(body)
|
17
18
|
end
|
@@ -20,6 +21,12 @@ module Aws
|
|
20
21
|
|
21
22
|
private
|
22
23
|
|
24
|
+
def checksum_required?(context)
|
25
|
+
context.operation.http_checksum_required ||
|
26
|
+
(context.operation.http_checksum &&
|
27
|
+
context.operation.http_checksum['requestChecksumRequired'])
|
28
|
+
end
|
29
|
+
|
23
30
|
# @param [File, Tempfile, IO#read, String] value
|
24
31
|
# @return [String<MD5>]
|
25
32
|
def md5(value)
|
@@ -134,7 +134,7 @@ module Aws
|
|
134
134
|
def apply_authtype(context)
|
135
135
|
if context.operation['authtype'].eql?('v4-unsigned-body') &&
|
136
136
|
context.http_request.endpoint.scheme.eql?('https')
|
137
|
-
context.http_request.headers['X-Amz-Content-Sha256']
|
137
|
+
context.http_request.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
|
138
138
|
end
|
139
139
|
context
|
140
140
|
end
|
@@ -19,6 +19,9 @@ module Aws
|
|
19
19
|
|
20
20
|
def initialize(options = {})
|
21
21
|
@mutex = Mutex.new
|
22
|
+
@before_refresh = options.delete(:before_refresh) if Hash === options
|
23
|
+
|
24
|
+
@before_refresh.call(self) if @before_refresh
|
22
25
|
refresh
|
23
26
|
end
|
24
27
|
|
@@ -37,7 +40,11 @@ module Aws
|
|
37
40
|
# Refresh credentials.
|
38
41
|
# @return [void]
|
39
42
|
def refresh!
|
40
|
-
@mutex.synchronize
|
43
|
+
@mutex.synchronize do
|
44
|
+
@before_refresh.call(self) if @before_refresh
|
45
|
+
|
46
|
+
refresh
|
47
|
+
end
|
41
48
|
end
|
42
49
|
|
43
50
|
private
|
@@ -47,7 +54,11 @@ module Aws
|
|
47
54
|
def refresh_if_near_expiration
|
48
55
|
if near_expiration?
|
49
56
|
@mutex.synchronize do
|
50
|
-
|
57
|
+
if near_expiration?
|
58
|
+
@before_refresh.call(self) if @before_refresh
|
59
|
+
|
60
|
+
refresh
|
61
|
+
end
|
51
62
|
end
|
52
63
|
end
|
53
64
|
end
|
@@ -100,7 +100,7 @@ module Aws
|
|
100
100
|
# or `nil` if no valid credentials were found.
|
101
101
|
def credentials(opts = {})
|
102
102
|
p = opts[:profile] || @profile_name
|
103
|
-
validate_profile_exists(p)
|
103
|
+
validate_profile_exists(p)
|
104
104
|
if (credentials = credentials_from_shared(p, opts))
|
105
105
|
credentials
|
106
106
|
elsif (credentials = credentials_from_config(p, opts))
|
@@ -195,11 +195,6 @@ module Aws
|
|
195
195
|
value
|
196
196
|
end
|
197
197
|
|
198
|
-
def credentials_present?
|
199
|
-
(@parsed_credentials && !@parsed_credentials.empty?) ||
|
200
|
-
(@parsed_config && !@parsed_config.empty?)
|
201
|
-
end
|
202
|
-
|
203
198
|
def assume_role_from_profile(cfg, profile, opts, chain_config)
|
204
199
|
if cfg && prof_cfg = cfg[profile]
|
205
200
|
opts[:source_profile] ||= prof_cfg['source_profile']
|
@@ -63,6 +63,11 @@ module Aws
|
|
63
63
|
#
|
64
64
|
# @option options [SSO::Client] :client Optional `SSO::Client`. If not
|
65
65
|
# provided, a client will be constructed.
|
66
|
+
#
|
67
|
+
# @option options [Callable] before_refresh Proc called before
|
68
|
+
# credentials are refreshed. `before_refresh` is called
|
69
|
+
# with an instance of this object when
|
70
|
+
# AWS credentials are required and need to be refreshed.
|
66
71
|
def initialize(options = {})
|
67
72
|
|
68
73
|
missing_keys = SSO_REQUIRED_OPTS.select { |k| options[k].nil? }
|
data/lib/aws-sdk-sso/client.rb
CHANGED
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
30
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
31
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
32
33
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
@@ -75,6 +76,7 @@ module Aws::SSO
|
|
75
76
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
76
77
|
add_plugin(Aws::Plugins::TransferEncoding)
|
77
78
|
add_plugin(Aws::Plugins::HttpChecksum)
|
79
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
78
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
79
81
|
add_plugin(Aws::Plugins::RecursionDetection)
|
80
82
|
add_plugin(Aws::Plugins::SignatureV4)
|
@@ -543,7 +545,7 @@ module Aws::SSO
|
|
543
545
|
params: params,
|
544
546
|
config: config)
|
545
547
|
context[:gem_name] = 'aws-sdk-core'
|
546
|
-
context[:gem_version] = '3.
|
548
|
+
context[:gem_version] = '3.128.0'
|
547
549
|
Seahorse::Client::Request.new(handlers, context)
|
548
550
|
end
|
549
551
|
|
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
30
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
31
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
32
33
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
@@ -76,6 +77,7 @@ module Aws::STS
|
|
76
77
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
77
78
|
add_plugin(Aws::Plugins::TransferEncoding)
|
78
79
|
add_plugin(Aws::Plugins::HttpChecksum)
|
80
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
79
81
|
add_plugin(Aws::Plugins::DefaultsMode)
|
80
82
|
add_plugin(Aws::Plugins::RecursionDetection)
|
81
83
|
add_plugin(Aws::Plugins::SignatureV4)
|
@@ -639,7 +641,7 @@ module Aws::STS
|
|
639
641
|
#
|
640
642
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
641
643
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
642
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
644
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs
|
643
645
|
#
|
644
646
|
# @option params [Array<String>] :transitive_tag_keys
|
645
647
|
# A list of keys for session tags that you want to set as transitive. If
|
@@ -1177,19 +1179,20 @@ module Aws::STS
|
|
1177
1179
|
|
1178
1180
|
# Returns a set of temporary security credentials for users who have
|
1179
1181
|
# been authenticated in a mobile or web application with a web identity
|
1180
|
-
# provider. Example providers include
|
1181
|
-
# Facebook,
|
1182
|
+
# provider. Example providers include the OAuth 2.0 providers Login with
|
1183
|
+
# Amazon and Facebook, or any OpenID Connect-compatible identity
|
1184
|
+
# provider such as Google or [Amazon Cognito federated identities][1].
|
1182
1185
|
#
|
1183
1186
|
# <note markdown="1"> For mobile applications, we recommend that you use Amazon Cognito. You
|
1184
1187
|
# can use Amazon Cognito with the [Amazon Web Services SDK for iOS
|
1185
|
-
# Developer Guide][
|
1186
|
-
# Developer Guide][
|
1188
|
+
# Developer Guide][2] and the [Amazon Web Services SDK for Android
|
1189
|
+
# Developer Guide][3] to uniquely identify a user. You can also supply
|
1187
1190
|
# the user with a consistent identity throughout the lifetime of an
|
1188
1191
|
# application.
|
1189
1192
|
#
|
1190
|
-
# To learn more about Amazon Cognito, see [Amazon Cognito Overview][
|
1193
|
+
# To learn more about Amazon Cognito, see [Amazon Cognito Overview][4]
|
1191
1194
|
# in *Amazon Web Services SDK for Android Developer Guide* and [Amazon
|
1192
|
-
# Cognito Overview][
|
1195
|
+
# Cognito Overview][5] in the *Amazon Web Services SDK for iOS Developer
|
1193
1196
|
# Guide*.
|
1194
1197
|
#
|
1195
1198
|
# </note>
|
@@ -1204,8 +1207,8 @@ module Aws::STS
|
|
1204
1207
|
# a token from the web identity provider. For a comparison of
|
1205
1208
|
# `AssumeRoleWithWebIdentity` with the other API operations that produce
|
1206
1209
|
# temporary credentials, see [Requesting Temporary Security
|
1207
|
-
# Credentials][
|
1208
|
-
# operations][
|
1210
|
+
# Credentials][6] and [Comparing the Amazon Web Services STS API
|
1211
|
+
# operations][7] in the *IAM User Guide*.
|
1209
1212
|
#
|
1210
1213
|
# The temporary security credentials returned by this API consist of an
|
1211
1214
|
# access key ID, a secret access key, and a security token. Applications
|
@@ -1221,11 +1224,11 @@ module Aws::STS
|
|
1221
1224
|
# to the maximum session duration setting for the role. This setting can
|
1222
1225
|
# have a value from 1 hour to 12 hours. To learn how to view the maximum
|
1223
1226
|
# value for your role, see [View the Maximum Session Duration Setting
|
1224
|
-
# for a Role][
|
1227
|
+
# for a Role][8] in the *IAM User Guide*. The maximum session duration
|
1225
1228
|
# limit applies when you use the `AssumeRole*` API operations or the
|
1226
1229
|
# `assume-role*` CLI commands. However the limit does not apply when you
|
1227
1230
|
# use those operations to create a console URL. For more information,
|
1228
|
-
# see [Using IAM Roles][
|
1231
|
+
# see [Using IAM Roles][9] in the *IAM User Guide*.
|
1229
1232
|
#
|
1230
1233
|
# **Permissions**
|
1231
1234
|
#
|
@@ -1234,7 +1237,7 @@ module Aws::STS
|
|
1234
1237
|
# Amazon Web Services service with the following exception: you cannot
|
1235
1238
|
# call the STS `GetFederationToken` or `GetSessionToken` API operations.
|
1236
1239
|
#
|
1237
|
-
# (Optional) You can pass inline or managed [session policies][
|
1240
|
+
# (Optional) You can pass inline or managed [session policies][10] to
|
1238
1241
|
# this operation. You can pass a single JSON policy document to use as
|
1239
1242
|
# an inline session policy. You can also specify up to 10 managed
|
1240
1243
|
# policies to use as managed session policies. The plaintext that you
|
@@ -1246,7 +1249,7 @@ module Aws::STS
|
|
1246
1249
|
# Services API calls to access resources in the account that owns the
|
1247
1250
|
# role. You cannot use session policies to grant more permissions than
|
1248
1251
|
# those allowed by the identity-based policy of the role that is being
|
1249
|
-
# assumed. For more information, see [Session Policies][
|
1252
|
+
# assumed. For more information, see [Session Policies][10] in the *IAM
|
1250
1253
|
# User Guide*.
|
1251
1254
|
#
|
1252
1255
|
# **Tags**
|
@@ -1254,12 +1257,12 @@ module Aws::STS
|
|
1254
1257
|
# (Optional) You can configure your IdP to pass attributes into your web
|
1255
1258
|
# identity token as session tags. Each session tag consists of a key
|
1256
1259
|
# name and an associated value. For more information about session tags,
|
1257
|
-
# see [Passing Session Tags in STS][
|
1260
|
+
# see [Passing Session Tags in STS][11] in the *IAM User Guide*.
|
1258
1261
|
#
|
1259
1262
|
# You can pass up to 50 session tags. The plaintext session tag keys
|
1260
1263
|
# can’t exceed 128 characters and the values can’t exceed 256
|
1261
1264
|
# characters. For these and additional limits, see [IAM and STS
|
1262
|
-
# Character Limits][
|
1265
|
+
# Character Limits][12] in the *IAM User Guide*.
|
1263
1266
|
#
|
1264
1267
|
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1265
1268
|
# policies and session tags into a packed binary format that has a
|
@@ -1277,12 +1280,12 @@ module Aws::STS
|
|
1277
1280
|
# An administrator must grant you the permissions necessary to pass
|
1278
1281
|
# session tags. The administrator can also create granular permissions
|
1279
1282
|
# to allow you to pass only specific session tags. For more information,
|
1280
|
-
# see [Tutorial: Using Tags for Attribute-Based Access Control][
|
1283
|
+
# see [Tutorial: Using Tags for Attribute-Based Access Control][13] in
|
1281
1284
|
# the *IAM User Guide*.
|
1282
1285
|
#
|
1283
1286
|
# You can set the session tags as transitive. Transitive tags persist
|
1284
1287
|
# during role chaining. For more information, see [Chaining Roles with
|
1285
|
-
# Session Tags][
|
1288
|
+
# Session Tags][14] in the *IAM User Guide*.
|
1286
1289
|
#
|
1287
1290
|
# **Identities**
|
1288
1291
|
#
|
@@ -1294,54 +1297,55 @@ module Aws::STS
|
|
1294
1297
|
# specified in the role's trust policy.
|
1295
1298
|
#
|
1296
1299
|
# Calling `AssumeRoleWithWebIdentity` can result in an entry in your
|
1297
|
-
# CloudTrail logs. The entry includes the [Subject][
|
1300
|
+
# CloudTrail logs. The entry includes the [Subject][15] of the provided
|
1298
1301
|
# web identity token. We recommend that you avoid using any personally
|
1299
1302
|
# identifiable information (PII) in this field. For example, you could
|
1300
1303
|
# instead use a GUID or a pairwise identifier, as [suggested in the OIDC
|
1301
|
-
# specification][
|
1304
|
+
# specification][16].
|
1302
1305
|
#
|
1303
1306
|
# For more information about how to use web identity federation and the
|
1304
1307
|
# `AssumeRoleWithWebIdentity` API, see the following resources:
|
1305
1308
|
#
|
1306
|
-
# * [Using Web Identity Federation API Operations for Mobile Apps][
|
1307
|
-
# and [Federation Through a Web-based Identity Provider][
|
1309
|
+
# * [Using Web Identity Federation API Operations for Mobile Apps][17]
|
1310
|
+
# and [Federation Through a Web-based Identity Provider][18].
|
1308
1311
|
#
|
1309
|
-
# * [ Web Identity Federation Playground][
|
1312
|
+
# * [ Web Identity Federation Playground][19]. Walk through the process
|
1310
1313
|
# of authenticating through Login with Amazon, Facebook, or Google,
|
1311
1314
|
# getting temporary security credentials, and then using those
|
1312
1315
|
# credentials to make a request to Amazon Web Services.
|
1313
1316
|
#
|
1314
|
-
# * [Amazon Web Services SDK for iOS Developer Guide][
|
1315
|
-
# Services SDK for Android Developer Guide][
|
1317
|
+
# * [Amazon Web Services SDK for iOS Developer Guide][2] and [Amazon Web
|
1318
|
+
# Services SDK for Android Developer Guide][3]. These toolkits contain
|
1316
1319
|
# sample apps that show how to invoke the identity providers. The
|
1317
1320
|
# toolkits then show how to use the information from these providers
|
1318
1321
|
# to get and use temporary security credentials.
|
1319
1322
|
#
|
1320
|
-
# * [Web Identity Federation with Mobile Applications][
|
1323
|
+
# * [Web Identity Federation with Mobile Applications][20]. This article
|
1321
1324
|
# discusses web identity federation and shows an example of how to use
|
1322
1325
|
# web identity federation to get access to content in Amazon S3.
|
1323
1326
|
#
|
1324
1327
|
#
|
1325
1328
|
#
|
1326
|
-
# [1]:
|
1327
|
-
# [2]: http://aws.amazon.com/
|
1328
|
-
# [3]:
|
1329
|
-
# [4]: https://docs.aws.amazon.com/mobile/
|
1330
|
-
# [5]: https://docs.aws.amazon.com/
|
1331
|
-
# [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
1332
|
-
# [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1333
|
-
# [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
|
1334
|
-
# [9]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1335
|
-
# [10]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1336
|
-
# [11]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1337
|
-
# [12]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1338
|
-
# [13]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1339
|
-
# [14]:
|
1340
|
-
# [15]: http://openid.net/specs/openid-connect-core-1_0.html#
|
1341
|
-
# [16]:
|
1342
|
-
# [17]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1343
|
-
# [18]: https://aws.amazon.com/
|
1344
|
-
# [19]:
|
1329
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html
|
1330
|
+
# [2]: http://aws.amazon.com/sdkforios/
|
1331
|
+
# [3]: http://aws.amazon.com/sdkforandroid/
|
1332
|
+
# [4]: https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840
|
1333
|
+
# [5]: https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664
|
1334
|
+
# [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
1335
|
+
# [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
1336
|
+
# [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
1337
|
+
# [9]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
|
1338
|
+
# [10]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
1339
|
+
# [11]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1340
|
+
# [12]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
1341
|
+
# [13]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
|
1342
|
+
# [14]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
|
1343
|
+
# [15]: http://openid.net/specs/openid-connect-core-1_0.html#Claims
|
1344
|
+
# [16]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
|
1345
|
+
# [17]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html
|
1346
|
+
# [18]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
|
1347
|
+
# [19]: https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/
|
1348
|
+
# [20]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications
|
1345
1349
|
#
|
1346
1350
|
# @option params [required, String] :role_arn
|
1347
1351
|
# The Amazon Resource Name (ARN) of the role that the caller is
|
@@ -1368,13 +1372,13 @@ module Aws::STS
|
|
1368
1372
|
# `AssumeRoleWithWebIdentity` call.
|
1369
1373
|
#
|
1370
1374
|
# @option params [String] :provider_id
|
1371
|
-
# The fully qualified host component of the domain name of the
|
1372
|
-
# provider.
|
1375
|
+
# The fully qualified host component of the domain name of the OAuth 2.0
|
1376
|
+
# identity provider. Do not specify this value for an OpenID Connect
|
1377
|
+
# identity provider.
|
1373
1378
|
#
|
1374
|
-
#
|
1375
|
-
#
|
1376
|
-
#
|
1377
|
-
# schemes and port numbers.
|
1379
|
+
# Currently `www.amazon.com` and `graph.facebook.com` are the only
|
1380
|
+
# supported identity providers for OAuth 2.0 access tokens. Do not
|
1381
|
+
# include URL schemes and port numbers.
|
1378
1382
|
#
|
1379
1383
|
# Do not specify this value for OpenID Connect ID tokens.
|
1380
1384
|
#
|
@@ -2286,7 +2290,7 @@ module Aws::STS
|
|
2286
2290
|
params: params,
|
2287
2291
|
config: config)
|
2288
2292
|
context[:gem_name] = 'aws-sdk-core'
|
2289
|
-
context[:gem_version] = '3.
|
2293
|
+
context[:gem_version] = '3.128.0'
|
2290
2294
|
Seahorse::Client::Request.new(handlers, context)
|
2291
2295
|
end
|
2292
2296
|
|
data/lib/aws-sdk-sts/types.rb
CHANGED
@@ -213,7 +213,7 @@ module Aws::STS
|
|
213
213
|
#
|
214
214
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
215
215
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
216
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
216
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs
|
217
217
|
# @return [Array<Types::Tag>]
|
218
218
|
#
|
219
219
|
# @!attribute [rw] transitive_tag_keys
|
@@ -710,13 +710,13 @@ module Aws::STS
|
|
710
710
|
# @return [String]
|
711
711
|
#
|
712
712
|
# @!attribute [rw] provider_id
|
713
|
-
# The fully qualified host component of the domain name of the
|
714
|
-
# identity provider.
|
713
|
+
# The fully qualified host component of the domain name of the OAuth
|
714
|
+
# 2.0 identity provider. Do not specify this value for an OpenID
|
715
|
+
# Connect identity provider.
|
715
716
|
#
|
716
|
-
#
|
717
|
-
#
|
718
|
-
#
|
719
|
-
# schemes and port numbers.
|
717
|
+
# Currently `www.amazon.com` and `graph.facebook.com` are the only
|
718
|
+
# supported identity providers for OAuth 2.0 access tokens. Do not
|
719
|
+
# include URL schemes and port numbers.
|
720
720
|
#
|
721
721
|
# Do not specify this value for OpenID Connect ID tokens.
|
722
722
|
# @return [String]
|
data/lib/aws-sdk-sts.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.128.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-03-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jmespath
|
@@ -139,6 +139,7 @@ files:
|
|
139
139
|
- lib/aws-sdk-core/plugins/apig_authorizer_token.rb
|
140
140
|
- lib/aws-sdk-core/plugins/apig_credentials_configuration.rb
|
141
141
|
- lib/aws-sdk-core/plugins/apig_user_agent.rb
|
142
|
+
- lib/aws-sdk-core/plugins/checksum_algorithm.rb
|
142
143
|
- lib/aws-sdk-core/plugins/client_metrics_plugin.rb
|
143
144
|
- lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb
|
144
145
|
- lib/aws-sdk-core/plugins/credentials_configuration.rb
|