aws-sdk-core 3.126.1 → 3.128.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 46193e52f3ea24b17d0d2ff28e7abf1ef462586db550c10f0540810da7a45fed
4
- data.tar.gz: 3dc8f9629d7d7057632bd639c097747792dd40d6c6c81ca5f91e4366ca9dd6bb
3
+ metadata.gz: 1cf93a52549a583ebf666ac76c7c9243e3068ff7c3e2bd18051ed14d6b2dda36
4
+ data.tar.gz: c5dd331a95e8437164d33537b0e415de2d74dacc596f2e7675124bd1afded021
5
5
  SHA512:
6
- metadata.gz: 6f72443886e4e7077c1dc7d1f816b1774ceeae361f13e6f13a5ce532bc77a669e297e5fb3f3582eb772563e315dd0afcef9c5d9acd45d672fea79706537b8868
7
- data.tar.gz: 3ed264c5a2ed5cb2dcd3c050224785e62618ded48137d8dd217a75107865f58679a26e5ded1e8498971e8de862e8f91e684eb1a5c64fa9e3db3f53d186d8b351
6
+ metadata.gz: 4b35894b76ba7531148db72002bbad246a2617a8ec412426520002ef10f82e91b7b89d0cb99cea33b2123a9a7641c98cf4d97769cbccd8c6e6f7bbf5ae4fbb98
7
+ data.tar.gz: e0818ff963cf8f516a741348d625099c4f3a1d70ad5f30a8722a152f77e251d08a5411eae07a5840b718d636d0eb486a2ea59c6f968d0550bf4e230564baa763
data/CHANGELOG.md CHANGED
@@ -1,6 +1,26 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 3.128.0 (2022-03-04)
5
+ ------------------
6
+
7
+ * Feature - Updated Aws::STS::Client with the latest API changes.
8
+
9
+ 3.127.0 (2022-02-24)
10
+ ------------------
11
+
12
+ * Feature - Updated Aws::STS::Client with the latest API changes.
13
+
14
+ * Feature - Updated Aws::SSO::Client with the latest API changes.
15
+
16
+ * Feature - Support `HttpChecksum` trait for requests and responses.
17
+
18
+ 3.126.2 (2022-02-16)
19
+ ------------------
20
+
21
+ * Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
22
+ * Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist.
23
+
4
24
  3.126.1 (2022-02-14)
5
25
  ------------------
6
26
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.126.1
1
+ 3.128.0
@@ -17,6 +17,11 @@ module Aws
17
17
  #
18
18
  # If you omit `:client` option, a new {STS::Client} object will be
19
19
  # constructed.
20
+ #
21
+ # The AssumeRoleCredentials also provides a `before_refresh` callback
22
+ # that can be used to help manage refreshing tokens.
23
+ # `before_refresh` is called when AWS credentials are required and need
24
+ # to be refreshed and it is called with the AssumeRoleCredentials object.
20
25
  class AssumeRoleCredentials
21
26
 
22
27
  include CredentialProvider
@@ -28,6 +33,16 @@ module Aws
28
33
  # @option options [Integer] :duration_seconds
29
34
  # @option options [String] :external_id
30
35
  # @option options [STS::Client] :client
36
+ # @option options [Callable] before_refresh Proc called before
37
+ # credentials are refreshed. Useful for updating tokens.
38
+ # `before_refresh` is called when AWS credentials are
39
+ # required and need to be refreshed. Tokens can be refreshed using
40
+ # the following example:
41
+ #
42
+ # before_refresh = Proc.new do |assume_role_credentials| do
43
+ # assume_role_credentials.assume_role_params['token_code'] = update_token
44
+ # end
45
+ #
31
46
  def initialize(options = {})
32
47
  client_opts = {}
33
48
  @assume_role_params = {}
@@ -45,6 +60,9 @@ module Aws
45
60
  # @return [STS::Client]
46
61
  attr_reader :client
47
62
 
63
+ # @return [Hash]
64
+ attr_reader :assume_role_params
65
+
48
66
  private
49
67
 
50
68
  def refresh
@@ -39,6 +39,11 @@ module Aws
39
39
  # encoded UUID is generated as the session name
40
40
  #
41
41
  # @option options [STS::Client] :client
42
+ #
43
+ # @option options [Callable] before_refresh Proc called before
44
+ # credentials are refreshed. `before_refresh` is called
45
+ # with an instance of this object when
46
+ # AWS credentials are required and need to be refreshed.
42
47
  def initialize(options = {})
43
48
  client_opts = {}
44
49
  @assume_role_web_identity_params = {}
@@ -43,6 +43,10 @@ module Aws
43
43
  # @option options [IO] :http_debug_output (nil) HTTP wire
44
44
  # traces are sent to this object. You can specify something
45
45
  # like $stdout.
46
+ # @option options [Callable] before_refresh Proc called before
47
+ # credentials are refreshed. `before_refresh` is called
48
+ # with an instance of this object when
49
+ # AWS credentials are required and need to be refreshed.
46
50
  def initialize options = {}
47
51
  @retries = options[:retries] || 5
48
52
  @ip_address = options[:ip_address] || '169.254.170.2'
@@ -63,6 +63,10 @@ module Aws
63
63
  # @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
64
64
  # Metadata Token used for fetching Metadata Profile Credentials, defaults
65
65
  # to 21600 seconds
66
+ # @option options [Callable] before_refresh Proc called before
67
+ # credentials are refreshed. `before_refresh` is called
68
+ # with an instance of this object when
69
+ # AWS credentials are required and need to be refreshed.
66
70
  def initialize(options = {})
67
71
  @retries = options[:retries] || 1
68
72
  endpoint_mode = resolve_endpoint_mode(options)
@@ -0,0 +1,340 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ module Plugins
5
+ # @api private
6
+ class ChecksumAlgorithm < Seahorse::Client::Plugin
7
+ CHUNK_SIZE = 1 * 1024 * 1024 # one MB
8
+
9
+ # determine the set of supported client side checksum algorithms
10
+ # CRC32c requires aws-crt (optional sdk dependency) for support
11
+ CLIENT_ALGORITHMS = begin
12
+ supported = %w[SHA256 SHA1 CRC32]
13
+ begin
14
+ require 'aws-crt'
15
+ supported << 'CRC32C'
16
+ rescue LoadError
17
+ end
18
+ supported
19
+ end.freeze
20
+
21
+ # priority order of checksum algorithms to validate responses against
22
+ # Remove any algorithms not supported by client (ie, depending on CRT availability)
23
+ CHECKSUM_ALGORITHM_PRIORITIES = %w[CRC32C SHA1 CRC32 SHA256] & CLIENT_ALGORITHMS
24
+
25
+ # byte size of checksums, used in computing the trailer length
26
+ CHECKSUM_SIZE = {
27
+ 'CRC32' => 16,
28
+ 'CRC32C' => 16,
29
+ 'SHA1' => 36,
30
+ 'SHA256' => 52
31
+ }
32
+
33
+ # Interface for computing digests on request/response bodies
34
+ # which may be files, strings or IO like objects
35
+ # Applies only to digest functions that produce 32 bit integer checksums
36
+ # (eg CRC32)
37
+ class Digest32
38
+
39
+ attr_reader :value
40
+
41
+ # @param [Object] digest_fn
42
+ def initialize(digest_fn)
43
+ @digest_fn = digest_fn
44
+ @value = 0
45
+ end
46
+
47
+ def update(chunk)
48
+ @value = @digest_fn.call(chunk, @value)
49
+ end
50
+
51
+ def base64digest
52
+ Base64.encode64([@value].pack('N')).chomp
53
+ end
54
+ end
55
+
56
+ def add_handlers(handlers, _config)
57
+ handlers.add(OptionHandler, step: :initialize)
58
+ # priority set low to ensure checksum is computed AFTER the request is
59
+ # built but before it is signed
60
+ handlers.add(ChecksumHandler, priority: 15, step: :build)
61
+ end
62
+
63
+ private
64
+
65
+ def self.request_algorithm_selection(context)
66
+ return unless context.operation.http_checksum
67
+
68
+ input_member = context.operation.http_checksum['requestAlgorithmMember']
69
+ context.params[input_member.to_sym]&.upcase if input_member
70
+ end
71
+
72
+ def self.request_validation_mode(context)
73
+ return unless context.operation.http_checksum
74
+
75
+ input_member = context.operation.http_checksum['requestValidationModeMember']
76
+ context.params[input_member.to_sym] if input_member
77
+ end
78
+
79
+ def self.operation_response_algorithms(context)
80
+ return unless context.operation.http_checksum
81
+
82
+ context.operation.http_checksum['responseAlgorithms']
83
+ end
84
+
85
+
86
+ # @api private
87
+ class OptionHandler < Seahorse::Client::Handler
88
+ def call(context)
89
+ context[:http_checksum] ||= {}
90
+
91
+ # validate request configuration
92
+ if (request_input = ChecksumAlgorithm.request_algorithm_selection(context))
93
+ unless CLIENT_ALGORITHMS.include? request_input
94
+ if (request_input == 'CRC32C')
95
+ raise ArgumentError, "CRC32C requires crt support - install the aws-crt gem for support."
96
+ else
97
+ raise ArgumentError, "#{request_input} is not a supported checksum algorithm."
98
+ end
99
+ end
100
+ end
101
+
102
+ # validate response configuration
103
+ if (ChecksumAlgorithm.request_validation_mode(context))
104
+ # Compute an ordered list as the union between priority supported and the
105
+ # operation's modeled response algorithms.
106
+ validation_list = CHECKSUM_ALGORITHM_PRIORITIES &
107
+ ChecksumAlgorithm.operation_response_algorithms(context)
108
+ context[:http_checksum][:validation_list] = validation_list
109
+ end
110
+
111
+ @handler.call(context)
112
+ end
113
+ end
114
+
115
+ # @api private
116
+ class ChecksumHandler < Seahorse::Client::Handler
117
+
118
+ def call(context)
119
+ if should_calculate_request_checksum?(context)
120
+ request_algorithm_input = ChecksumAlgorithm.request_algorithm_selection(context)
121
+ context[:checksum_algorithms] = request_algorithm_input
122
+
123
+ request_checksum_property = {
124
+ 'algorithm' => request_algorithm_input,
125
+ 'in' => checksum_request_in(context),
126
+ 'name' => "x-amz-checksum-#{request_algorithm_input.downcase}"
127
+ }
128
+
129
+ calculate_request_checksum(context, request_checksum_property)
130
+ end
131
+
132
+ if should_verify_response_checksum?(context)
133
+ add_verify_response_checksum_handlers(context)
134
+ end
135
+
136
+ @handler.call(context)
137
+ end
138
+
139
+ private
140
+
141
+ def should_calculate_request_checksum?(context)
142
+ context.operation.http_checksum &&
143
+ ChecksumAlgorithm.request_algorithm_selection(context)
144
+ end
145
+
146
+ def should_verify_response_checksum?(context)
147
+ context[:http_checksum][:validation_list] && !context[:http_checksum][:validation_list].empty?
148
+ end
149
+
150
+ def calculate_request_checksum(context, checksum_properties)
151
+ case checksum_properties['in']
152
+ when 'header'
153
+ header_name = checksum_properties['name']
154
+ body = context.http_request.body_contents
155
+ if body
156
+ context.http_request.headers[header_name] ||=
157
+ ChecksumAlgorithm.calculate_checksum(checksum_properties['algorithm'], body)
158
+ end
159
+ when 'trailer'
160
+ apply_request_trailer_checksum(context, checksum_properties)
161
+ end
162
+ end
163
+
164
+ def apply_request_trailer_checksum(context, checksum_properties)
165
+ location_name = checksum_properties['name']
166
+
167
+ # set required headers
168
+ headers = context.http_request.headers
169
+ headers['Content-Encoding'] = 'aws-chunked'
170
+ headers['X-Amz-Content-Sha256'] = 'STREAMING-UNSIGNED-PAYLOAD-TRAILER'
171
+ headers['X-Amz-Trailer'] = location_name
172
+
173
+ # We currently always compute the size in the modified body wrapper - allowing us
174
+ # to set the Content-Length header (set by content_length plugin).
175
+ # This means we cannot use Transfer-Encoding=chunked
176
+
177
+ if !context.http_request.body.respond_to?(:size)
178
+ raise Aws::Errors::ChecksumError, 'Could not determine length of the body'
179
+ end
180
+ headers['X-Amz-Decoded-Content-Length'] = context.http_request.body.size
181
+
182
+ context.http_request.body = AwsChunkedTrailerDigestIO.new(
183
+ context.http_request.body,
184
+ checksum_properties['algorithm'],
185
+ location_name
186
+ )
187
+ end
188
+
189
+ # Add events to the http_response to verify the checksum as its read
190
+ # This prevents the body from being read multiple times
191
+ # verification is done only once a successful response has completed
192
+ def add_verify_response_checksum_handlers(context)
193
+ http_response = context.http_response
194
+ checksum_context = { }
195
+ http_response.on_headers do |_status, headers|
196
+ header_name, algorithm = response_header_to_verify(headers, context[:http_checksum][:validation_list])
197
+ if header_name
198
+ expected = headers[header_name]
199
+
200
+ unless context[:http_checksum][:skip_on_suffix] && /-[\d]+$/.match(expected)
201
+ checksum_context[:algorithm] = algorithm
202
+ checksum_context[:header_name] = header_name
203
+ checksum_context[:digest] = ChecksumAlgorithm.digest_for_algorithm(algorithm)
204
+ checksum_context[:expected] = expected
205
+ end
206
+ end
207
+ end
208
+
209
+ http_response.on_data do |chunk|
210
+ checksum_context[:digest].update(chunk) if checksum_context[:digest]
211
+ end
212
+
213
+ http_response.on_success do
214
+ if checksum_context[:digest] &&
215
+ (computed = checksum_context[:digest].base64digest)
216
+
217
+ if computed != checksum_context[:expected]
218
+ raise Aws::Errors::ChecksumError,
219
+ "Checksum validation failed on #{checksum_context[:header_name]} "\
220
+ "computed: #{computed}, expected: #{checksum_context[:expected]}"
221
+ end
222
+
223
+ context[:http_checksum][:validated] = checksum_context[:algorithm]
224
+ end
225
+ end
226
+ end
227
+
228
+ # returns nil if no headers to verify
229
+ def response_header_to_verify(headers, validation_list)
230
+ validation_list.each do |algorithm|
231
+ header_name = "x-amz-checksum-#{algorithm}"
232
+ return [header_name, algorithm] if headers[header_name]
233
+ end
234
+ nil
235
+ end
236
+
237
+ # determine where (header vs trailer) a request checksum should be added
238
+ def checksum_request_in(context)
239
+ if context.operation['authtype'].eql?('v4-unsigned-body')
240
+ 'trailer'
241
+ else
242
+ 'header'
243
+ end
244
+ end
245
+
246
+ end
247
+
248
+ def self.calculate_checksum(algorithm, body)
249
+ digest = ChecksumAlgorithm.digest_for_algorithm(algorithm)
250
+ if body.respond_to?(:read)
251
+ ChecksumAlgorithm.update_in_chunks(digest, body)
252
+ else
253
+ digest.update(body)
254
+ end
255
+ digest.base64digest
256
+ end
257
+
258
+ def self.digest_for_algorithm(algorithm)
259
+ case algorithm
260
+ when 'CRC32'
261
+ Digest32.new(Zlib.method(:crc32))
262
+ when 'CRC32C'
263
+ # this will only be used if input algorithm is CRC32C AND client supports it (crt available)
264
+ Digest32.new(Aws::Crt::Checksums.method(:crc32c))
265
+ when 'SHA1'
266
+ Digest::SHA1.new
267
+ when 'SHA256'
268
+ Digest::SHA256.new
269
+ end
270
+ end
271
+
272
+ # The trailer size (in bytes) is the overhead + the trailer name +
273
+ # the length of the base64 encoded checksum
274
+ def self.trailer_length(algorithm, location_name)
275
+ CHECKSUM_SIZE[algorithm] + location_name.size
276
+ end
277
+
278
+ def self.update_in_chunks(digest, io)
279
+ loop do
280
+ chunk = io.read(CHUNK_SIZE)
281
+ break unless chunk
282
+ digest.update(chunk)
283
+ end
284
+ io.rewind
285
+ end
286
+
287
+ # Wrapper for request body that implements application-layer
288
+ # chunking with Digest computed on chunks + added as a trailer
289
+ class AwsChunkedTrailerDigestIO
290
+ CHUNK_SIZE = 16384
291
+
292
+ def initialize(io, algorithm, location_name)
293
+ @io = io
294
+ @location_name = location_name
295
+ @algorithm = algorithm
296
+ @digest = ChecksumAlgorithm.digest_for_algorithm(algorithm)
297
+ @trailer_io = nil
298
+ end
299
+
300
+ # the size of the application layer aws-chunked + trailer body
301
+ def size
302
+ # compute the number of chunks
303
+ # a full chunk has 4 + 4 bytes overhead, a partial chunk is len.to_s(16).size + 4
304
+ orig_body_size = @io.size
305
+ n_full_chunks = orig_body_size / CHUNK_SIZE
306
+ partial_bytes = orig_body_size % CHUNK_SIZE
307
+ chunked_body_size = n_full_chunks * (CHUNK_SIZE + 8)
308
+ chunked_body_size += partial_bytes.to_s(16).size + partial_bytes + 4 unless partial_bytes.zero?
309
+ trailer_size = ChecksumAlgorithm.trailer_length(@algorithm, @location_name)
310
+ chunked_body_size + trailer_size
311
+ end
312
+
313
+ def rewind
314
+ @io.rewind
315
+ end
316
+
317
+ def read(length, buf)
318
+ # account for possible leftover bytes at the end, if we have trailer bytes, send them
319
+ if @trailer_io
320
+ return @trailer_io.read(length, buf)
321
+ end
322
+
323
+ chunk = @io.read(length)
324
+ if chunk
325
+ @digest.update(chunk)
326
+ application_chunked = "#{chunk.bytesize.to_s(16)}\r\n#{chunk}\r\n"
327
+ return StringIO.new(application_chunked).read(application_chunked.size, buf)
328
+ else
329
+ trailers = {}
330
+ trailers[@location_name] = @digest.base64digest
331
+ trailers = trailers.map { |k,v| "#{k}:#{v}"}.join("\r\n")
332
+ @trailer_io = StringIO.new("0\r\n#{trailers}\r\n\r\n")
333
+ chunk = @trailer_io.read(length, buf)
334
+ end
335
+ chunk
336
+ end
337
+ end
338
+ end
339
+ end
340
+ end
@@ -11,7 +11,8 @@ module Aws
11
11
  CHUNK_SIZE = 1 * 1024 * 1024 # one MB
12
12
 
13
13
  def call(context)
14
- if context.operation.http_checksum_required
14
+ if checksum_required?(context) &&
15
+ !context[:checksum_algorithms] # skip in favor of flexible checksum
15
16
  body = context.http_request.body
16
17
  context.http_request.headers['Content-Md5'] ||= md5(body)
17
18
  end
@@ -20,6 +21,12 @@ module Aws
20
21
 
21
22
  private
22
23
 
24
+ def checksum_required?(context)
25
+ context.operation.http_checksum_required ||
26
+ (context.operation.http_checksum &&
27
+ context.operation.http_checksum['requestChecksumRequired'])
28
+ end
29
+
23
30
  # @param [File, Tempfile, IO#read, String] value
24
31
  # @return [String<MD5>]
25
32
  def md5(value)
@@ -82,7 +82,7 @@ module Aws
82
82
  end
83
83
 
84
84
  def checksum?
85
- CHECKSUM_ERRORS.include?(@name) || @error.is_a?(Errors::ChecksumError)
85
+ CHECKSUM_ERRORS.include?(@name)
86
86
  end
87
87
 
88
88
  def networking?
@@ -134,7 +134,7 @@ module Aws
134
134
  def apply_authtype(context)
135
135
  if context.operation['authtype'].eql?('v4-unsigned-body') &&
136
136
  context.http_request.endpoint.scheme.eql?('https')
137
- context.http_request.headers['X-Amz-Content-Sha256'] = 'UNSIGNED-PAYLOAD'
137
+ context.http_request.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
138
138
  end
139
139
  context
140
140
  end
@@ -19,6 +19,9 @@ module Aws
19
19
 
20
20
  def initialize(options = {})
21
21
  @mutex = Mutex.new
22
+ @before_refresh = options.delete(:before_refresh) if Hash === options
23
+
24
+ @before_refresh.call(self) if @before_refresh
22
25
  refresh
23
26
  end
24
27
 
@@ -37,7 +40,11 @@ module Aws
37
40
  # Refresh credentials.
38
41
  # @return [void]
39
42
  def refresh!
40
- @mutex.synchronize { refresh }
43
+ @mutex.synchronize do
44
+ @before_refresh.call(self) if @before_refresh
45
+
46
+ refresh
47
+ end
41
48
  end
42
49
 
43
50
  private
@@ -47,7 +54,11 @@ module Aws
47
54
  def refresh_if_near_expiration
48
55
  if near_expiration?
49
56
  @mutex.synchronize do
50
- refresh if near_expiration?
57
+ if near_expiration?
58
+ @before_refresh.call(self) if @before_refresh
59
+
60
+ refresh
61
+ end
51
62
  end
52
63
  end
53
64
  end
@@ -100,7 +100,7 @@ module Aws
100
100
  # or `nil` if no valid credentials were found.
101
101
  def credentials(opts = {})
102
102
  p = opts[:profile] || @profile_name
103
- validate_profile_exists(p) if credentials_present?
103
+ validate_profile_exists(p)
104
104
  if (credentials = credentials_from_shared(p, opts))
105
105
  credentials
106
106
  elsif (credentials = credentials_from_config(p, opts))
@@ -195,11 +195,6 @@ module Aws
195
195
  value
196
196
  end
197
197
 
198
- def credentials_present?
199
- (@parsed_credentials && !@parsed_credentials.empty?) ||
200
- (@parsed_config && !@parsed_config.empty?)
201
- end
202
-
203
198
  def assume_role_from_profile(cfg, profile, opts, chain_config)
204
199
  if cfg && prof_cfg = cfg[profile]
205
200
  opts[:source_profile] ||= prof_cfg['source_profile']
@@ -63,6 +63,11 @@ module Aws
63
63
  #
64
64
  # @option options [SSO::Client] :client Optional `SSO::Client`. If not
65
65
  # provided, a client will be constructed.
66
+ #
67
+ # @option options [Callable] before_refresh Proc called before
68
+ # credentials are refreshed. `before_refresh` is called
69
+ # with an instance of this object when
70
+ # AWS credentials are required and need to be refreshed.
66
71
  def initialize(options = {})
67
72
 
68
73
  missing_keys = SSO_REQUIRED_OPTS.select { |k| options[k].nil? }
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
27
27
  require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
28
28
  require 'aws-sdk-core/plugins/transfer_encoding.rb'
29
29
  require 'aws-sdk-core/plugins/http_checksum.rb'
30
+ require 'aws-sdk-core/plugins/checksum_algorithm.rb'
30
31
  require 'aws-sdk-core/plugins/defaults_mode.rb'
31
32
  require 'aws-sdk-core/plugins/recursion_detection.rb'
32
33
  require 'aws-sdk-core/plugins/signature_v4.rb'
@@ -75,6 +76,7 @@ module Aws::SSO
75
76
  add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
76
77
  add_plugin(Aws::Plugins::TransferEncoding)
77
78
  add_plugin(Aws::Plugins::HttpChecksum)
79
+ add_plugin(Aws::Plugins::ChecksumAlgorithm)
78
80
  add_plugin(Aws::Plugins::DefaultsMode)
79
81
  add_plugin(Aws::Plugins::RecursionDetection)
80
82
  add_plugin(Aws::Plugins::SignatureV4)
@@ -543,7 +545,7 @@ module Aws::SSO
543
545
  params: params,
544
546
  config: config)
545
547
  context[:gem_name] = 'aws-sdk-core'
546
- context[:gem_version] = '3.126.1'
548
+ context[:gem_version] = '3.128.0'
547
549
  Seahorse::Client::Request.new(handlers, context)
548
550
  end
549
551
 
data/lib/aws-sdk-sso.rb CHANGED
@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sso/customizations'
50
50
  # @!group service
51
51
  module Aws::SSO
52
52
 
53
- GEM_VERSION = '3.126.1'
53
+ GEM_VERSION = '3.128.0'
54
54
 
55
55
  end
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
27
27
  require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
28
28
  require 'aws-sdk-core/plugins/transfer_encoding.rb'
29
29
  require 'aws-sdk-core/plugins/http_checksum.rb'
30
+ require 'aws-sdk-core/plugins/checksum_algorithm.rb'
30
31
  require 'aws-sdk-core/plugins/defaults_mode.rb'
31
32
  require 'aws-sdk-core/plugins/recursion_detection.rb'
32
33
  require 'aws-sdk-core/plugins/signature_v4.rb'
@@ -76,6 +77,7 @@ module Aws::STS
76
77
  add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
77
78
  add_plugin(Aws::Plugins::TransferEncoding)
78
79
  add_plugin(Aws::Plugins::HttpChecksum)
80
+ add_plugin(Aws::Plugins::ChecksumAlgorithm)
79
81
  add_plugin(Aws::Plugins::DefaultsMode)
80
82
  add_plugin(Aws::Plugins::RecursionDetection)
81
83
  add_plugin(Aws::Plugins::SignatureV4)
@@ -639,7 +641,7 @@ module Aws::STS
639
641
  #
640
642
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
641
643
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
642
- # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs
644
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs
643
645
  #
644
646
  # @option params [Array<String>] :transitive_tag_keys
645
647
  # A list of keys for session tags that you want to set as transitive. If
@@ -1177,19 +1179,20 @@ module Aws::STS
1177
1179
 
1178
1180
  # Returns a set of temporary security credentials for users who have
1179
1181
  # been authenticated in a mobile or web application with a web identity
1180
- # provider. Example providers include Amazon Cognito, Login with Amazon,
1181
- # Facebook, Google, or any OpenID Connect-compatible identity provider.
1182
+ # provider. Example providers include the OAuth 2.0 providers Login with
1183
+ # Amazon and Facebook, or any OpenID Connect-compatible identity
1184
+ # provider such as Google or [Amazon Cognito federated identities][1].
1182
1185
  #
1183
1186
  # <note markdown="1"> For mobile applications, we recommend that you use Amazon Cognito. You
1184
1187
  # can use Amazon Cognito with the [Amazon Web Services SDK for iOS
1185
- # Developer Guide][1] and the [Amazon Web Services SDK for Android
1186
- # Developer Guide][2] to uniquely identify a user. You can also supply
1188
+ # Developer Guide][2] and the [Amazon Web Services SDK for Android
1189
+ # Developer Guide][3] to uniquely identify a user. You can also supply
1187
1190
  # the user with a consistent identity throughout the lifetime of an
1188
1191
  # application.
1189
1192
  #
1190
- # To learn more about Amazon Cognito, see [Amazon Cognito Overview][3]
1193
+ # To learn more about Amazon Cognito, see [Amazon Cognito Overview][4]
1191
1194
  # in *Amazon Web Services SDK for Android Developer Guide* and [Amazon
1192
- # Cognito Overview][4] in the *Amazon Web Services SDK for iOS Developer
1195
+ # Cognito Overview][5] in the *Amazon Web Services SDK for iOS Developer
1193
1196
  # Guide*.
1194
1197
  #
1195
1198
  # </note>
@@ -1204,8 +1207,8 @@ module Aws::STS
1204
1207
  # a token from the web identity provider. For a comparison of
1205
1208
  # `AssumeRoleWithWebIdentity` with the other API operations that produce
1206
1209
  # temporary credentials, see [Requesting Temporary Security
1207
- # Credentials][5] and [Comparing the Amazon Web Services STS API
1208
- # operations][6] in the *IAM User Guide*.
1210
+ # Credentials][6] and [Comparing the Amazon Web Services STS API
1211
+ # operations][7] in the *IAM User Guide*.
1209
1212
  #
1210
1213
  # The temporary security credentials returned by this API consist of an
1211
1214
  # access key ID, a secret access key, and a security token. Applications
@@ -1221,11 +1224,11 @@ module Aws::STS
1221
1224
  # to the maximum session duration setting for the role. This setting can
1222
1225
  # have a value from 1 hour to 12 hours. To learn how to view the maximum
1223
1226
  # value for your role, see [View the Maximum Session Duration Setting
1224
- # for a Role][7] in the *IAM User Guide*. The maximum session duration
1227
+ # for a Role][8] in the *IAM User Guide*. The maximum session duration
1225
1228
  # limit applies when you use the `AssumeRole*` API operations or the
1226
1229
  # `assume-role*` CLI commands. However the limit does not apply when you
1227
1230
  # use those operations to create a console URL. For more information,
1228
- # see [Using IAM Roles][8] in the *IAM User Guide*.
1231
+ # see [Using IAM Roles][9] in the *IAM User Guide*.
1229
1232
  #
1230
1233
  # **Permissions**
1231
1234
  #
@@ -1234,7 +1237,7 @@ module Aws::STS
1234
1237
  # Amazon Web Services service with the following exception: you cannot
1235
1238
  # call the STS `GetFederationToken` or `GetSessionToken` API operations.
1236
1239
  #
1237
- # (Optional) You can pass inline or managed [session policies][9] to
1240
+ # (Optional) You can pass inline or managed [session policies][10] to
1238
1241
  # this operation. You can pass a single JSON policy document to use as
1239
1242
  # an inline session policy. You can also specify up to 10 managed
1240
1243
  # policies to use as managed session policies. The plaintext that you
@@ -1246,7 +1249,7 @@ module Aws::STS
1246
1249
  # Services API calls to access resources in the account that owns the
1247
1250
  # role. You cannot use session policies to grant more permissions than
1248
1251
  # those allowed by the identity-based policy of the role that is being
1249
- # assumed. For more information, see [Session Policies][9] in the *IAM
1252
+ # assumed. For more information, see [Session Policies][10] in the *IAM
1250
1253
  # User Guide*.
1251
1254
  #
1252
1255
  # **Tags**
@@ -1254,12 +1257,12 @@ module Aws::STS
1254
1257
  # (Optional) You can configure your IdP to pass attributes into your web
1255
1258
  # identity token as session tags. Each session tag consists of a key
1256
1259
  # name and an associated value. For more information about session tags,
1257
- # see [Passing Session Tags in STS][10] in the *IAM User Guide*.
1260
+ # see [Passing Session Tags in STS][11] in the *IAM User Guide*.
1258
1261
  #
1259
1262
  # You can pass up to 50 session tags. The plaintext session tag keys
1260
1263
  # can’t exceed 128 characters and the values can’t exceed 256
1261
1264
  # characters. For these and additional limits, see [IAM and STS
1262
- # Character Limits][11] in the *IAM User Guide*.
1265
+ # Character Limits][12] in the *IAM User Guide*.
1263
1266
  #
1264
1267
  # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
1265
1268
  # policies and session tags into a packed binary format that has a
@@ -1277,12 +1280,12 @@ module Aws::STS
1277
1280
  # An administrator must grant you the permissions necessary to pass
1278
1281
  # session tags. The administrator can also create granular permissions
1279
1282
  # to allow you to pass only specific session tags. For more information,
1280
- # see [Tutorial: Using Tags for Attribute-Based Access Control][12] in
1283
+ # see [Tutorial: Using Tags for Attribute-Based Access Control][13] in
1281
1284
  # the *IAM User Guide*.
1282
1285
  #
1283
1286
  # You can set the session tags as transitive. Transitive tags persist
1284
1287
  # during role chaining. For more information, see [Chaining Roles with
1285
- # Session Tags][13] in the *IAM User Guide*.
1288
+ # Session Tags][14] in the *IAM User Guide*.
1286
1289
  #
1287
1290
  # **Identities**
1288
1291
  #
@@ -1294,54 +1297,55 @@ module Aws::STS
1294
1297
  # specified in the role's trust policy.
1295
1298
  #
1296
1299
  # Calling `AssumeRoleWithWebIdentity` can result in an entry in your
1297
- # CloudTrail logs. The entry includes the [Subject][14] of the provided
1300
+ # CloudTrail logs. The entry includes the [Subject][15] of the provided
1298
1301
  # web identity token. We recommend that you avoid using any personally
1299
1302
  # identifiable information (PII) in this field. For example, you could
1300
1303
  # instead use a GUID or a pairwise identifier, as [suggested in the OIDC
1301
- # specification][15].
1304
+ # specification][16].
1302
1305
  #
1303
1306
  # For more information about how to use web identity federation and the
1304
1307
  # `AssumeRoleWithWebIdentity` API, see the following resources:
1305
1308
  #
1306
- # * [Using Web Identity Federation API Operations for Mobile Apps][16]
1307
- # and [Federation Through a Web-based Identity Provider][17].
1309
+ # * [Using Web Identity Federation API Operations for Mobile Apps][17]
1310
+ # and [Federation Through a Web-based Identity Provider][18].
1308
1311
  #
1309
- # * [ Web Identity Federation Playground][18]. Walk through the process
1312
+ # * [ Web Identity Federation Playground][19]. Walk through the process
1310
1313
  # of authenticating through Login with Amazon, Facebook, or Google,
1311
1314
  # getting temporary security credentials, and then using those
1312
1315
  # credentials to make a request to Amazon Web Services.
1313
1316
  #
1314
- # * [Amazon Web Services SDK for iOS Developer Guide][1] and [Amazon Web
1315
- # Services SDK for Android Developer Guide][2]. These toolkits contain
1317
+ # * [Amazon Web Services SDK for iOS Developer Guide][2] and [Amazon Web
1318
+ # Services SDK for Android Developer Guide][3]. These toolkits contain
1316
1319
  # sample apps that show how to invoke the identity providers. The
1317
1320
  # toolkits then show how to use the information from these providers
1318
1321
  # to get and use temporary security credentials.
1319
1322
  #
1320
- # * [Web Identity Federation with Mobile Applications][19]. This article
1323
+ # * [Web Identity Federation with Mobile Applications][20]. This article
1321
1324
  # discusses web identity federation and shows an example of how to use
1322
1325
  # web identity federation to get access to content in Amazon S3.
1323
1326
  #
1324
1327
  #
1325
1328
  #
1326
- # [1]: http://aws.amazon.com/sdkforios/
1327
- # [2]: http://aws.amazon.com/sdkforandroid/
1328
- # [3]: https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840
1329
- # [4]: https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664
1330
- # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
1331
- # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
1332
- # [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
1333
- # [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
1334
- # [9]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
1335
- # [10]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
1336
- # [11]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
1337
- # [12]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
1338
- # [13]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
1339
- # [14]: http://openid.net/specs/openid-connect-core-1_0.html#Claims
1340
- # [15]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
1341
- # [16]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html
1342
- # [17]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
1343
- # [18]: https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/
1344
- # [19]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications
1329
+ # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html
1330
+ # [2]: http://aws.amazon.com/sdkforios/
1331
+ # [3]: http://aws.amazon.com/sdkforandroid/
1332
+ # [4]: https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840
1333
+ # [5]: https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664
1334
+ # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
1335
+ # [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
1336
+ # [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
1337
+ # [9]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
1338
+ # [10]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
1339
+ # [11]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
1340
+ # [12]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
1341
+ # [13]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
1342
+ # [14]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
1343
+ # [15]: http://openid.net/specs/openid-connect-core-1_0.html#Claims
1344
+ # [16]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
1345
+ # [17]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html
1346
+ # [18]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
1347
+ # [19]: https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/
1348
+ # [20]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications
1345
1349
  #
1346
1350
  # @option params [required, String] :role_arn
1347
1351
  # The Amazon Resource Name (ARN) of the role that the caller is
@@ -1368,13 +1372,13 @@ module Aws::STS
1368
1372
  # `AssumeRoleWithWebIdentity` call.
1369
1373
  #
1370
1374
  # @option params [String] :provider_id
1371
- # The fully qualified host component of the domain name of the identity
1372
- # provider.
1375
+ # The fully qualified host component of the domain name of the OAuth 2.0
1376
+ # identity provider. Do not specify this value for an OpenID Connect
1377
+ # identity provider.
1373
1378
  #
1374
- # Specify this value only for OAuth 2.0 access tokens. Currently
1375
- # `www.amazon.com` and `graph.facebook.com` are the only supported
1376
- # identity providers for OAuth 2.0 access tokens. Do not include URL
1377
- # schemes and port numbers.
1379
+ # Currently `www.amazon.com` and `graph.facebook.com` are the only
1380
+ # supported identity providers for OAuth 2.0 access tokens. Do not
1381
+ # include URL schemes and port numbers.
1378
1382
  #
1379
1383
  # Do not specify this value for OpenID Connect ID tokens.
1380
1384
  #
@@ -2286,7 +2290,7 @@ module Aws::STS
2286
2290
  params: params,
2287
2291
  config: config)
2288
2292
  context[:gem_name] = 'aws-sdk-core'
2289
- context[:gem_version] = '3.126.1'
2293
+ context[:gem_version] = '3.128.0'
2290
2294
  Seahorse::Client::Request.new(handlers, context)
2291
2295
  end
2292
2296
 
@@ -213,7 +213,7 @@ module Aws::STS
213
213
  #
214
214
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
215
215
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
216
- # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs
216
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs
217
217
  # @return [Array<Types::Tag>]
218
218
  #
219
219
  # @!attribute [rw] transitive_tag_keys
@@ -710,13 +710,13 @@ module Aws::STS
710
710
  # @return [String]
711
711
  #
712
712
  # @!attribute [rw] provider_id
713
- # The fully qualified host component of the domain name of the
714
- # identity provider.
713
+ # The fully qualified host component of the domain name of the OAuth
714
+ # 2.0 identity provider. Do not specify this value for an OpenID
715
+ # Connect identity provider.
715
716
  #
716
- # Specify this value only for OAuth 2.0 access tokens. Currently
717
- # `www.amazon.com` and `graph.facebook.com` are the only supported
718
- # identity providers for OAuth 2.0 access tokens. Do not include URL
719
- # schemes and port numbers.
717
+ # Currently `www.amazon.com` and `graph.facebook.com` are the only
718
+ # supported identity providers for OAuth 2.0 access tokens. Do not
719
+ # include URL schemes and port numbers.
720
720
  #
721
721
  # Do not specify this value for OpenID Connect ID tokens.
722
722
  # @return [String]
data/lib/aws-sdk-sts.rb CHANGED
@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sts/customizations'
50
50
  # @!group service
51
51
  module Aws::STS
52
52
 
53
- GEM_VERSION = '3.126.1'
53
+ GEM_VERSION = '3.128.0'
54
54
 
55
55
  end
@@ -25,6 +25,9 @@ module Seahorse
25
25
  # @return [Boolean]
26
26
  attr_accessor :http_checksum_required
27
27
 
28
+ # @return [Hash]
29
+ attr_accessor :http_checksum
30
+
28
31
  # @return [Boolean]
29
32
  attr_accessor :deprecated
30
33
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.126.1
4
+ version: 3.128.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-02-14 00:00:00.000000000 Z
11
+ date: 2022-03-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jmespath
@@ -139,6 +139,7 @@ files:
139
139
  - lib/aws-sdk-core/plugins/apig_authorizer_token.rb
140
140
  - lib/aws-sdk-core/plugins/apig_credentials_configuration.rb
141
141
  - lib/aws-sdk-core/plugins/apig_user_agent.rb
142
+ - lib/aws-sdk-core/plugins/checksum_algorithm.rb
142
143
  - lib/aws-sdk-core/plugins/client_metrics_plugin.rb
143
144
  - lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb
144
145
  - lib/aws-sdk-core/plugins/credentials_configuration.rb