aws-sdk-core 3.126.1 → 3.128.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/assume_role_credentials.rb +18 -0
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +5 -0
- data/lib/aws-sdk-core/ecs_credentials.rb +4 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +4 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
- data/lib/aws-sdk-core/plugins/http_checksum.rb +8 -1
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +1 -1
- data/lib/aws-sdk-core/plugins/signature_v4.rb +1 -1
- data/lib/aws-sdk-core/refreshing_credentials.rb +13 -2
- data/lib/aws-sdk-core/shared_config.rb +1 -6
- data/lib/aws-sdk-core/sso_credentials.rb +5 -0
- data/lib/aws-sdk-sso/client.rb +3 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +55 -51
- data/lib/aws-sdk-sts/types.rb +7 -7
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/seahorse/model/operation.rb +3 -0
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1cf93a52549a583ebf666ac76c7c9243e3068ff7c3e2bd18051ed14d6b2dda36
|
4
|
+
data.tar.gz: c5dd331a95e8437164d33537b0e415de2d74dacc596f2e7675124bd1afded021
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4b35894b76ba7531148db72002bbad246a2617a8ec412426520002ef10f82e91b7b89d0cb99cea33b2123a9a7641c98cf4d97769cbccd8c6e6f7bbf5ae4fbb98
|
7
|
+
data.tar.gz: e0818ff963cf8f516a741348d625099c4f3a1d70ad5f30a8722a152f77e251d08a5411eae07a5840b718d636d0eb486a2ea59c6f968d0550bf4e230564baa763
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,26 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
3.128.0 (2022-03-04)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
8
|
+
|
9
|
+
3.127.0 (2022-02-24)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
13
|
+
|
14
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
15
|
+
|
16
|
+
* Feature - Support `HttpChecksum` trait for requests and responses.
|
17
|
+
|
18
|
+
3.126.2 (2022-02-16)
|
19
|
+
------------------
|
20
|
+
|
21
|
+
* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
|
22
|
+
* Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist.
|
23
|
+
|
4
24
|
3.126.1 (2022-02-14)
|
5
25
|
------------------
|
6
26
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.128.0
|
@@ -17,6 +17,11 @@ module Aws
|
|
17
17
|
#
|
18
18
|
# If you omit `:client` option, a new {STS::Client} object will be
|
19
19
|
# constructed.
|
20
|
+
#
|
21
|
+
# The AssumeRoleCredentials also provides a `before_refresh` callback
|
22
|
+
# that can be used to help manage refreshing tokens.
|
23
|
+
# `before_refresh` is called when AWS credentials are required and need
|
24
|
+
# to be refreshed and it is called with the AssumeRoleCredentials object.
|
20
25
|
class AssumeRoleCredentials
|
21
26
|
|
22
27
|
include CredentialProvider
|
@@ -28,6 +33,16 @@ module Aws
|
|
28
33
|
# @option options [Integer] :duration_seconds
|
29
34
|
# @option options [String] :external_id
|
30
35
|
# @option options [STS::Client] :client
|
36
|
+
# @option options [Callable] before_refresh Proc called before
|
37
|
+
# credentials are refreshed. Useful for updating tokens.
|
38
|
+
# `before_refresh` is called when AWS credentials are
|
39
|
+
# required and need to be refreshed. Tokens can be refreshed using
|
40
|
+
# the following example:
|
41
|
+
#
|
42
|
+
# before_refresh = Proc.new do |assume_role_credentials| do
|
43
|
+
# assume_role_credentials.assume_role_params['token_code'] = update_token
|
44
|
+
# end
|
45
|
+
#
|
31
46
|
def initialize(options = {})
|
32
47
|
client_opts = {}
|
33
48
|
@assume_role_params = {}
|
@@ -45,6 +60,9 @@ module Aws
|
|
45
60
|
# @return [STS::Client]
|
46
61
|
attr_reader :client
|
47
62
|
|
63
|
+
# @return [Hash]
|
64
|
+
attr_reader :assume_role_params
|
65
|
+
|
48
66
|
private
|
49
67
|
|
50
68
|
def refresh
|
@@ -39,6 +39,11 @@ module Aws
|
|
39
39
|
# encoded UUID is generated as the session name
|
40
40
|
#
|
41
41
|
# @option options [STS::Client] :client
|
42
|
+
#
|
43
|
+
# @option options [Callable] before_refresh Proc called before
|
44
|
+
# credentials are refreshed. `before_refresh` is called
|
45
|
+
# with an instance of this object when
|
46
|
+
# AWS credentials are required and need to be refreshed.
|
42
47
|
def initialize(options = {})
|
43
48
|
client_opts = {}
|
44
49
|
@assume_role_web_identity_params = {}
|
@@ -43,6 +43,10 @@ module Aws
|
|
43
43
|
# @option options [IO] :http_debug_output (nil) HTTP wire
|
44
44
|
# traces are sent to this object. You can specify something
|
45
45
|
# like $stdout.
|
46
|
+
# @option options [Callable] before_refresh Proc called before
|
47
|
+
# credentials are refreshed. `before_refresh` is called
|
48
|
+
# with an instance of this object when
|
49
|
+
# AWS credentials are required and need to be refreshed.
|
46
50
|
def initialize options = {}
|
47
51
|
@retries = options[:retries] || 5
|
48
52
|
@ip_address = options[:ip_address] || '169.254.170.2'
|
@@ -63,6 +63,10 @@ module Aws
|
|
63
63
|
# @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
|
64
64
|
# Metadata Token used for fetching Metadata Profile Credentials, defaults
|
65
65
|
# to 21600 seconds
|
66
|
+
# @option options [Callable] before_refresh Proc called before
|
67
|
+
# credentials are refreshed. `before_refresh` is called
|
68
|
+
# with an instance of this object when
|
69
|
+
# AWS credentials are required and need to be refreshed.
|
66
70
|
def initialize(options = {})
|
67
71
|
@retries = options[:retries] || 1
|
68
72
|
endpoint_mode = resolve_endpoint_mode(options)
|
@@ -0,0 +1,340 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module Plugins
|
5
|
+
# @api private
|
6
|
+
class ChecksumAlgorithm < Seahorse::Client::Plugin
|
7
|
+
CHUNK_SIZE = 1 * 1024 * 1024 # one MB
|
8
|
+
|
9
|
+
# determine the set of supported client side checksum algorithms
|
10
|
+
# CRC32c requires aws-crt (optional sdk dependency) for support
|
11
|
+
CLIENT_ALGORITHMS = begin
|
12
|
+
supported = %w[SHA256 SHA1 CRC32]
|
13
|
+
begin
|
14
|
+
require 'aws-crt'
|
15
|
+
supported << 'CRC32C'
|
16
|
+
rescue LoadError
|
17
|
+
end
|
18
|
+
supported
|
19
|
+
end.freeze
|
20
|
+
|
21
|
+
# priority order of checksum algorithms to validate responses against
|
22
|
+
# Remove any algorithms not supported by client (ie, depending on CRT availability)
|
23
|
+
CHECKSUM_ALGORITHM_PRIORITIES = %w[CRC32C SHA1 CRC32 SHA256] & CLIENT_ALGORITHMS
|
24
|
+
|
25
|
+
# byte size of checksums, used in computing the trailer length
|
26
|
+
CHECKSUM_SIZE = {
|
27
|
+
'CRC32' => 16,
|
28
|
+
'CRC32C' => 16,
|
29
|
+
'SHA1' => 36,
|
30
|
+
'SHA256' => 52
|
31
|
+
}
|
32
|
+
|
33
|
+
# Interface for computing digests on request/response bodies
|
34
|
+
# which may be files, strings or IO like objects
|
35
|
+
# Applies only to digest functions that produce 32 bit integer checksums
|
36
|
+
# (eg CRC32)
|
37
|
+
class Digest32
|
38
|
+
|
39
|
+
attr_reader :value
|
40
|
+
|
41
|
+
# @param [Object] digest_fn
|
42
|
+
def initialize(digest_fn)
|
43
|
+
@digest_fn = digest_fn
|
44
|
+
@value = 0
|
45
|
+
end
|
46
|
+
|
47
|
+
def update(chunk)
|
48
|
+
@value = @digest_fn.call(chunk, @value)
|
49
|
+
end
|
50
|
+
|
51
|
+
def base64digest
|
52
|
+
Base64.encode64([@value].pack('N')).chomp
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
def add_handlers(handlers, _config)
|
57
|
+
handlers.add(OptionHandler, step: :initialize)
|
58
|
+
# priority set low to ensure checksum is computed AFTER the request is
|
59
|
+
# built but before it is signed
|
60
|
+
handlers.add(ChecksumHandler, priority: 15, step: :build)
|
61
|
+
end
|
62
|
+
|
63
|
+
private
|
64
|
+
|
65
|
+
def self.request_algorithm_selection(context)
|
66
|
+
return unless context.operation.http_checksum
|
67
|
+
|
68
|
+
input_member = context.operation.http_checksum['requestAlgorithmMember']
|
69
|
+
context.params[input_member.to_sym]&.upcase if input_member
|
70
|
+
end
|
71
|
+
|
72
|
+
def self.request_validation_mode(context)
|
73
|
+
return unless context.operation.http_checksum
|
74
|
+
|
75
|
+
input_member = context.operation.http_checksum['requestValidationModeMember']
|
76
|
+
context.params[input_member.to_sym] if input_member
|
77
|
+
end
|
78
|
+
|
79
|
+
def self.operation_response_algorithms(context)
|
80
|
+
return unless context.operation.http_checksum
|
81
|
+
|
82
|
+
context.operation.http_checksum['responseAlgorithms']
|
83
|
+
end
|
84
|
+
|
85
|
+
|
86
|
+
# @api private
|
87
|
+
class OptionHandler < Seahorse::Client::Handler
|
88
|
+
def call(context)
|
89
|
+
context[:http_checksum] ||= {}
|
90
|
+
|
91
|
+
# validate request configuration
|
92
|
+
if (request_input = ChecksumAlgorithm.request_algorithm_selection(context))
|
93
|
+
unless CLIENT_ALGORITHMS.include? request_input
|
94
|
+
if (request_input == 'CRC32C')
|
95
|
+
raise ArgumentError, "CRC32C requires crt support - install the aws-crt gem for support."
|
96
|
+
else
|
97
|
+
raise ArgumentError, "#{request_input} is not a supported checksum algorithm."
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
# validate response configuration
|
103
|
+
if (ChecksumAlgorithm.request_validation_mode(context))
|
104
|
+
# Compute an ordered list as the union between priority supported and the
|
105
|
+
# operation's modeled response algorithms.
|
106
|
+
validation_list = CHECKSUM_ALGORITHM_PRIORITIES &
|
107
|
+
ChecksumAlgorithm.operation_response_algorithms(context)
|
108
|
+
context[:http_checksum][:validation_list] = validation_list
|
109
|
+
end
|
110
|
+
|
111
|
+
@handler.call(context)
|
112
|
+
end
|
113
|
+
end
|
114
|
+
|
115
|
+
# @api private
|
116
|
+
class ChecksumHandler < Seahorse::Client::Handler
|
117
|
+
|
118
|
+
def call(context)
|
119
|
+
if should_calculate_request_checksum?(context)
|
120
|
+
request_algorithm_input = ChecksumAlgorithm.request_algorithm_selection(context)
|
121
|
+
context[:checksum_algorithms] = request_algorithm_input
|
122
|
+
|
123
|
+
request_checksum_property = {
|
124
|
+
'algorithm' => request_algorithm_input,
|
125
|
+
'in' => checksum_request_in(context),
|
126
|
+
'name' => "x-amz-checksum-#{request_algorithm_input.downcase}"
|
127
|
+
}
|
128
|
+
|
129
|
+
calculate_request_checksum(context, request_checksum_property)
|
130
|
+
end
|
131
|
+
|
132
|
+
if should_verify_response_checksum?(context)
|
133
|
+
add_verify_response_checksum_handlers(context)
|
134
|
+
end
|
135
|
+
|
136
|
+
@handler.call(context)
|
137
|
+
end
|
138
|
+
|
139
|
+
private
|
140
|
+
|
141
|
+
def should_calculate_request_checksum?(context)
|
142
|
+
context.operation.http_checksum &&
|
143
|
+
ChecksumAlgorithm.request_algorithm_selection(context)
|
144
|
+
end
|
145
|
+
|
146
|
+
def should_verify_response_checksum?(context)
|
147
|
+
context[:http_checksum][:validation_list] && !context[:http_checksum][:validation_list].empty?
|
148
|
+
end
|
149
|
+
|
150
|
+
def calculate_request_checksum(context, checksum_properties)
|
151
|
+
case checksum_properties['in']
|
152
|
+
when 'header'
|
153
|
+
header_name = checksum_properties['name']
|
154
|
+
body = context.http_request.body_contents
|
155
|
+
if body
|
156
|
+
context.http_request.headers[header_name] ||=
|
157
|
+
ChecksumAlgorithm.calculate_checksum(checksum_properties['algorithm'], body)
|
158
|
+
end
|
159
|
+
when 'trailer'
|
160
|
+
apply_request_trailer_checksum(context, checksum_properties)
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
164
|
+
def apply_request_trailer_checksum(context, checksum_properties)
|
165
|
+
location_name = checksum_properties['name']
|
166
|
+
|
167
|
+
# set required headers
|
168
|
+
headers = context.http_request.headers
|
169
|
+
headers['Content-Encoding'] = 'aws-chunked'
|
170
|
+
headers['X-Amz-Content-Sha256'] = 'STREAMING-UNSIGNED-PAYLOAD-TRAILER'
|
171
|
+
headers['X-Amz-Trailer'] = location_name
|
172
|
+
|
173
|
+
# We currently always compute the size in the modified body wrapper - allowing us
|
174
|
+
# to set the Content-Length header (set by content_length plugin).
|
175
|
+
# This means we cannot use Transfer-Encoding=chunked
|
176
|
+
|
177
|
+
if !context.http_request.body.respond_to?(:size)
|
178
|
+
raise Aws::Errors::ChecksumError, 'Could not determine length of the body'
|
179
|
+
end
|
180
|
+
headers['X-Amz-Decoded-Content-Length'] = context.http_request.body.size
|
181
|
+
|
182
|
+
context.http_request.body = AwsChunkedTrailerDigestIO.new(
|
183
|
+
context.http_request.body,
|
184
|
+
checksum_properties['algorithm'],
|
185
|
+
location_name
|
186
|
+
)
|
187
|
+
end
|
188
|
+
|
189
|
+
# Add events to the http_response to verify the checksum as its read
|
190
|
+
# This prevents the body from being read multiple times
|
191
|
+
# verification is done only once a successful response has completed
|
192
|
+
def add_verify_response_checksum_handlers(context)
|
193
|
+
http_response = context.http_response
|
194
|
+
checksum_context = { }
|
195
|
+
http_response.on_headers do |_status, headers|
|
196
|
+
header_name, algorithm = response_header_to_verify(headers, context[:http_checksum][:validation_list])
|
197
|
+
if header_name
|
198
|
+
expected = headers[header_name]
|
199
|
+
|
200
|
+
unless context[:http_checksum][:skip_on_suffix] && /-[\d]+$/.match(expected)
|
201
|
+
checksum_context[:algorithm] = algorithm
|
202
|
+
checksum_context[:header_name] = header_name
|
203
|
+
checksum_context[:digest] = ChecksumAlgorithm.digest_for_algorithm(algorithm)
|
204
|
+
checksum_context[:expected] = expected
|
205
|
+
end
|
206
|
+
end
|
207
|
+
end
|
208
|
+
|
209
|
+
http_response.on_data do |chunk|
|
210
|
+
checksum_context[:digest].update(chunk) if checksum_context[:digest]
|
211
|
+
end
|
212
|
+
|
213
|
+
http_response.on_success do
|
214
|
+
if checksum_context[:digest] &&
|
215
|
+
(computed = checksum_context[:digest].base64digest)
|
216
|
+
|
217
|
+
if computed != checksum_context[:expected]
|
218
|
+
raise Aws::Errors::ChecksumError,
|
219
|
+
"Checksum validation failed on #{checksum_context[:header_name]} "\
|
220
|
+
"computed: #{computed}, expected: #{checksum_context[:expected]}"
|
221
|
+
end
|
222
|
+
|
223
|
+
context[:http_checksum][:validated] = checksum_context[:algorithm]
|
224
|
+
end
|
225
|
+
end
|
226
|
+
end
|
227
|
+
|
228
|
+
# returns nil if no headers to verify
|
229
|
+
def response_header_to_verify(headers, validation_list)
|
230
|
+
validation_list.each do |algorithm|
|
231
|
+
header_name = "x-amz-checksum-#{algorithm}"
|
232
|
+
return [header_name, algorithm] if headers[header_name]
|
233
|
+
end
|
234
|
+
nil
|
235
|
+
end
|
236
|
+
|
237
|
+
# determine where (header vs trailer) a request checksum should be added
|
238
|
+
def checksum_request_in(context)
|
239
|
+
if context.operation['authtype'].eql?('v4-unsigned-body')
|
240
|
+
'trailer'
|
241
|
+
else
|
242
|
+
'header'
|
243
|
+
end
|
244
|
+
end
|
245
|
+
|
246
|
+
end
|
247
|
+
|
248
|
+
def self.calculate_checksum(algorithm, body)
|
249
|
+
digest = ChecksumAlgorithm.digest_for_algorithm(algorithm)
|
250
|
+
if body.respond_to?(:read)
|
251
|
+
ChecksumAlgorithm.update_in_chunks(digest, body)
|
252
|
+
else
|
253
|
+
digest.update(body)
|
254
|
+
end
|
255
|
+
digest.base64digest
|
256
|
+
end
|
257
|
+
|
258
|
+
def self.digest_for_algorithm(algorithm)
|
259
|
+
case algorithm
|
260
|
+
when 'CRC32'
|
261
|
+
Digest32.new(Zlib.method(:crc32))
|
262
|
+
when 'CRC32C'
|
263
|
+
# this will only be used if input algorithm is CRC32C AND client supports it (crt available)
|
264
|
+
Digest32.new(Aws::Crt::Checksums.method(:crc32c))
|
265
|
+
when 'SHA1'
|
266
|
+
Digest::SHA1.new
|
267
|
+
when 'SHA256'
|
268
|
+
Digest::SHA256.new
|
269
|
+
end
|
270
|
+
end
|
271
|
+
|
272
|
+
# The trailer size (in bytes) is the overhead + the trailer name +
|
273
|
+
# the length of the base64 encoded checksum
|
274
|
+
def self.trailer_length(algorithm, location_name)
|
275
|
+
CHECKSUM_SIZE[algorithm] + location_name.size
|
276
|
+
end
|
277
|
+
|
278
|
+
def self.update_in_chunks(digest, io)
|
279
|
+
loop do
|
280
|
+
chunk = io.read(CHUNK_SIZE)
|
281
|
+
break unless chunk
|
282
|
+
digest.update(chunk)
|
283
|
+
end
|
284
|
+
io.rewind
|
285
|
+
end
|
286
|
+
|
287
|
+
# Wrapper for request body that implements application-layer
|
288
|
+
# chunking with Digest computed on chunks + added as a trailer
|
289
|
+
class AwsChunkedTrailerDigestIO
|
290
|
+
CHUNK_SIZE = 16384
|
291
|
+
|
292
|
+
def initialize(io, algorithm, location_name)
|
293
|
+
@io = io
|
294
|
+
@location_name = location_name
|
295
|
+
@algorithm = algorithm
|
296
|
+
@digest = ChecksumAlgorithm.digest_for_algorithm(algorithm)
|
297
|
+
@trailer_io = nil
|
298
|
+
end
|
299
|
+
|
300
|
+
# the size of the application layer aws-chunked + trailer body
|
301
|
+
def size
|
302
|
+
# compute the number of chunks
|
303
|
+
# a full chunk has 4 + 4 bytes overhead, a partial chunk is len.to_s(16).size + 4
|
304
|
+
orig_body_size = @io.size
|
305
|
+
n_full_chunks = orig_body_size / CHUNK_SIZE
|
306
|
+
partial_bytes = orig_body_size % CHUNK_SIZE
|
307
|
+
chunked_body_size = n_full_chunks * (CHUNK_SIZE + 8)
|
308
|
+
chunked_body_size += partial_bytes.to_s(16).size + partial_bytes + 4 unless partial_bytes.zero?
|
309
|
+
trailer_size = ChecksumAlgorithm.trailer_length(@algorithm, @location_name)
|
310
|
+
chunked_body_size + trailer_size
|
311
|
+
end
|
312
|
+
|
313
|
+
def rewind
|
314
|
+
@io.rewind
|
315
|
+
end
|
316
|
+
|
317
|
+
def read(length, buf)
|
318
|
+
# account for possible leftover bytes at the end, if we have trailer bytes, send them
|
319
|
+
if @trailer_io
|
320
|
+
return @trailer_io.read(length, buf)
|
321
|
+
end
|
322
|
+
|
323
|
+
chunk = @io.read(length)
|
324
|
+
if chunk
|
325
|
+
@digest.update(chunk)
|
326
|
+
application_chunked = "#{chunk.bytesize.to_s(16)}\r\n#{chunk}\r\n"
|
327
|
+
return StringIO.new(application_chunked).read(application_chunked.size, buf)
|
328
|
+
else
|
329
|
+
trailers = {}
|
330
|
+
trailers[@location_name] = @digest.base64digest
|
331
|
+
trailers = trailers.map { |k,v| "#{k}:#{v}"}.join("\r\n")
|
332
|
+
@trailer_io = StringIO.new("0\r\n#{trailers}\r\n\r\n")
|
333
|
+
chunk = @trailer_io.read(length, buf)
|
334
|
+
end
|
335
|
+
chunk
|
336
|
+
end
|
337
|
+
end
|
338
|
+
end
|
339
|
+
end
|
340
|
+
end
|
@@ -11,7 +11,8 @@ module Aws
|
|
11
11
|
CHUNK_SIZE = 1 * 1024 * 1024 # one MB
|
12
12
|
|
13
13
|
def call(context)
|
14
|
-
if context
|
14
|
+
if checksum_required?(context) &&
|
15
|
+
!context[:checksum_algorithms] # skip in favor of flexible checksum
|
15
16
|
body = context.http_request.body
|
16
17
|
context.http_request.headers['Content-Md5'] ||= md5(body)
|
17
18
|
end
|
@@ -20,6 +21,12 @@ module Aws
|
|
20
21
|
|
21
22
|
private
|
22
23
|
|
24
|
+
def checksum_required?(context)
|
25
|
+
context.operation.http_checksum_required ||
|
26
|
+
(context.operation.http_checksum &&
|
27
|
+
context.operation.http_checksum['requestChecksumRequired'])
|
28
|
+
end
|
29
|
+
|
23
30
|
# @param [File, Tempfile, IO#read, String] value
|
24
31
|
# @return [String<MD5>]
|
25
32
|
def md5(value)
|
@@ -134,7 +134,7 @@ module Aws
|
|
134
134
|
def apply_authtype(context)
|
135
135
|
if context.operation['authtype'].eql?('v4-unsigned-body') &&
|
136
136
|
context.http_request.endpoint.scheme.eql?('https')
|
137
|
-
context.http_request.headers['X-Amz-Content-Sha256']
|
137
|
+
context.http_request.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
|
138
138
|
end
|
139
139
|
context
|
140
140
|
end
|
@@ -19,6 +19,9 @@ module Aws
|
|
19
19
|
|
20
20
|
def initialize(options = {})
|
21
21
|
@mutex = Mutex.new
|
22
|
+
@before_refresh = options.delete(:before_refresh) if Hash === options
|
23
|
+
|
24
|
+
@before_refresh.call(self) if @before_refresh
|
22
25
|
refresh
|
23
26
|
end
|
24
27
|
|
@@ -37,7 +40,11 @@ module Aws
|
|
37
40
|
# Refresh credentials.
|
38
41
|
# @return [void]
|
39
42
|
def refresh!
|
40
|
-
@mutex.synchronize
|
43
|
+
@mutex.synchronize do
|
44
|
+
@before_refresh.call(self) if @before_refresh
|
45
|
+
|
46
|
+
refresh
|
47
|
+
end
|
41
48
|
end
|
42
49
|
|
43
50
|
private
|
@@ -47,7 +54,11 @@ module Aws
|
|
47
54
|
def refresh_if_near_expiration
|
48
55
|
if near_expiration?
|
49
56
|
@mutex.synchronize do
|
50
|
-
|
57
|
+
if near_expiration?
|
58
|
+
@before_refresh.call(self) if @before_refresh
|
59
|
+
|
60
|
+
refresh
|
61
|
+
end
|
51
62
|
end
|
52
63
|
end
|
53
64
|
end
|
@@ -100,7 +100,7 @@ module Aws
|
|
100
100
|
# or `nil` if no valid credentials were found.
|
101
101
|
def credentials(opts = {})
|
102
102
|
p = opts[:profile] || @profile_name
|
103
|
-
validate_profile_exists(p)
|
103
|
+
validate_profile_exists(p)
|
104
104
|
if (credentials = credentials_from_shared(p, opts))
|
105
105
|
credentials
|
106
106
|
elsif (credentials = credentials_from_config(p, opts))
|
@@ -195,11 +195,6 @@ module Aws
|
|
195
195
|
value
|
196
196
|
end
|
197
197
|
|
198
|
-
def credentials_present?
|
199
|
-
(@parsed_credentials && !@parsed_credentials.empty?) ||
|
200
|
-
(@parsed_config && !@parsed_config.empty?)
|
201
|
-
end
|
202
|
-
|
203
198
|
def assume_role_from_profile(cfg, profile, opts, chain_config)
|
204
199
|
if cfg && prof_cfg = cfg[profile]
|
205
200
|
opts[:source_profile] ||= prof_cfg['source_profile']
|
@@ -63,6 +63,11 @@ module Aws
|
|
63
63
|
#
|
64
64
|
# @option options [SSO::Client] :client Optional `SSO::Client`. If not
|
65
65
|
# provided, a client will be constructed.
|
66
|
+
#
|
67
|
+
# @option options [Callable] before_refresh Proc called before
|
68
|
+
# credentials are refreshed. `before_refresh` is called
|
69
|
+
# with an instance of this object when
|
70
|
+
# AWS credentials are required and need to be refreshed.
|
66
71
|
def initialize(options = {})
|
67
72
|
|
68
73
|
missing_keys = SSO_REQUIRED_OPTS.select { |k| options[k].nil? }
|
data/lib/aws-sdk-sso/client.rb
CHANGED
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
30
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
31
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
32
33
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
@@ -75,6 +76,7 @@ module Aws::SSO
|
|
75
76
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
76
77
|
add_plugin(Aws::Plugins::TransferEncoding)
|
77
78
|
add_plugin(Aws::Plugins::HttpChecksum)
|
79
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
78
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
79
81
|
add_plugin(Aws::Plugins::RecursionDetection)
|
80
82
|
add_plugin(Aws::Plugins::SignatureV4)
|
@@ -543,7 +545,7 @@ module Aws::SSO
|
|
543
545
|
params: params,
|
544
546
|
config: config)
|
545
547
|
context[:gem_name] = 'aws-sdk-core'
|
546
|
-
context[:gem_version] = '3.
|
548
|
+
context[:gem_version] = '3.128.0'
|
547
549
|
Seahorse::Client::Request.new(handlers, context)
|
548
550
|
end
|
549
551
|
|
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
30
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
31
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
32
33
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
@@ -76,6 +77,7 @@ module Aws::STS
|
|
76
77
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
77
78
|
add_plugin(Aws::Plugins::TransferEncoding)
|
78
79
|
add_plugin(Aws::Plugins::HttpChecksum)
|
80
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
79
81
|
add_plugin(Aws::Plugins::DefaultsMode)
|
80
82
|
add_plugin(Aws::Plugins::RecursionDetection)
|
81
83
|
add_plugin(Aws::Plugins::SignatureV4)
|
@@ -639,7 +641,7 @@ module Aws::STS
|
|
639
641
|
#
|
640
642
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
641
643
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
642
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
644
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs
|
643
645
|
#
|
644
646
|
# @option params [Array<String>] :transitive_tag_keys
|
645
647
|
# A list of keys for session tags that you want to set as transitive. If
|
@@ -1177,19 +1179,20 @@ module Aws::STS
|
|
1177
1179
|
|
1178
1180
|
# Returns a set of temporary security credentials for users who have
|
1179
1181
|
# been authenticated in a mobile or web application with a web identity
|
1180
|
-
# provider. Example providers include
|
1181
|
-
# Facebook,
|
1182
|
+
# provider. Example providers include the OAuth 2.0 providers Login with
|
1183
|
+
# Amazon and Facebook, or any OpenID Connect-compatible identity
|
1184
|
+
# provider such as Google or [Amazon Cognito federated identities][1].
|
1182
1185
|
#
|
1183
1186
|
# <note markdown="1"> For mobile applications, we recommend that you use Amazon Cognito. You
|
1184
1187
|
# can use Amazon Cognito with the [Amazon Web Services SDK for iOS
|
1185
|
-
# Developer Guide][
|
1186
|
-
# Developer Guide][
|
1188
|
+
# Developer Guide][2] and the [Amazon Web Services SDK for Android
|
1189
|
+
# Developer Guide][3] to uniquely identify a user. You can also supply
|
1187
1190
|
# the user with a consistent identity throughout the lifetime of an
|
1188
1191
|
# application.
|
1189
1192
|
#
|
1190
|
-
# To learn more about Amazon Cognito, see [Amazon Cognito Overview][
|
1193
|
+
# To learn more about Amazon Cognito, see [Amazon Cognito Overview][4]
|
1191
1194
|
# in *Amazon Web Services SDK for Android Developer Guide* and [Amazon
|
1192
|
-
# Cognito Overview][
|
1195
|
+
# Cognito Overview][5] in the *Amazon Web Services SDK for iOS Developer
|
1193
1196
|
# Guide*.
|
1194
1197
|
#
|
1195
1198
|
# </note>
|
@@ -1204,8 +1207,8 @@ module Aws::STS
|
|
1204
1207
|
# a token from the web identity provider. For a comparison of
|
1205
1208
|
# `AssumeRoleWithWebIdentity` with the other API operations that produce
|
1206
1209
|
# temporary credentials, see [Requesting Temporary Security
|
1207
|
-
# Credentials][
|
1208
|
-
# operations][
|
1210
|
+
# Credentials][6] and [Comparing the Amazon Web Services STS API
|
1211
|
+
# operations][7] in the *IAM User Guide*.
|
1209
1212
|
#
|
1210
1213
|
# The temporary security credentials returned by this API consist of an
|
1211
1214
|
# access key ID, a secret access key, and a security token. Applications
|
@@ -1221,11 +1224,11 @@ module Aws::STS
|
|
1221
1224
|
# to the maximum session duration setting for the role. This setting can
|
1222
1225
|
# have a value from 1 hour to 12 hours. To learn how to view the maximum
|
1223
1226
|
# value for your role, see [View the Maximum Session Duration Setting
|
1224
|
-
# for a Role][
|
1227
|
+
# for a Role][8] in the *IAM User Guide*. The maximum session duration
|
1225
1228
|
# limit applies when you use the `AssumeRole*` API operations or the
|
1226
1229
|
# `assume-role*` CLI commands. However the limit does not apply when you
|
1227
1230
|
# use those operations to create a console URL. For more information,
|
1228
|
-
# see [Using IAM Roles][
|
1231
|
+
# see [Using IAM Roles][9] in the *IAM User Guide*.
|
1229
1232
|
#
|
1230
1233
|
# **Permissions**
|
1231
1234
|
#
|
@@ -1234,7 +1237,7 @@ module Aws::STS
|
|
1234
1237
|
# Amazon Web Services service with the following exception: you cannot
|
1235
1238
|
# call the STS `GetFederationToken` or `GetSessionToken` API operations.
|
1236
1239
|
#
|
1237
|
-
# (Optional) You can pass inline or managed [session policies][
|
1240
|
+
# (Optional) You can pass inline or managed [session policies][10] to
|
1238
1241
|
# this operation. You can pass a single JSON policy document to use as
|
1239
1242
|
# an inline session policy. You can also specify up to 10 managed
|
1240
1243
|
# policies to use as managed session policies. The plaintext that you
|
@@ -1246,7 +1249,7 @@ module Aws::STS
|
|
1246
1249
|
# Services API calls to access resources in the account that owns the
|
1247
1250
|
# role. You cannot use session policies to grant more permissions than
|
1248
1251
|
# those allowed by the identity-based policy of the role that is being
|
1249
|
-
# assumed. For more information, see [Session Policies][
|
1252
|
+
# assumed. For more information, see [Session Policies][10] in the *IAM
|
1250
1253
|
# User Guide*.
|
1251
1254
|
#
|
1252
1255
|
# **Tags**
|
@@ -1254,12 +1257,12 @@ module Aws::STS
|
|
1254
1257
|
# (Optional) You can configure your IdP to pass attributes into your web
|
1255
1258
|
# identity token as session tags. Each session tag consists of a key
|
1256
1259
|
# name and an associated value. For more information about session tags,
|
1257
|
-
# see [Passing Session Tags in STS][
|
1260
|
+
# see [Passing Session Tags in STS][11] in the *IAM User Guide*.
|
1258
1261
|
#
|
1259
1262
|
# You can pass up to 50 session tags. The plaintext session tag keys
|
1260
1263
|
# can’t exceed 128 characters and the values can’t exceed 256
|
1261
1264
|
# characters. For these and additional limits, see [IAM and STS
|
1262
|
-
# Character Limits][
|
1265
|
+
# Character Limits][12] in the *IAM User Guide*.
|
1263
1266
|
#
|
1264
1267
|
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1265
1268
|
# policies and session tags into a packed binary format that has a
|
@@ -1277,12 +1280,12 @@ module Aws::STS
|
|
1277
1280
|
# An administrator must grant you the permissions necessary to pass
|
1278
1281
|
# session tags. The administrator can also create granular permissions
|
1279
1282
|
# to allow you to pass only specific session tags. For more information,
|
1280
|
-
# see [Tutorial: Using Tags for Attribute-Based Access Control][
|
1283
|
+
# see [Tutorial: Using Tags for Attribute-Based Access Control][13] in
|
1281
1284
|
# the *IAM User Guide*.
|
1282
1285
|
#
|
1283
1286
|
# You can set the session tags as transitive. Transitive tags persist
|
1284
1287
|
# during role chaining. For more information, see [Chaining Roles with
|
1285
|
-
# Session Tags][
|
1288
|
+
# Session Tags][14] in the *IAM User Guide*.
|
1286
1289
|
#
|
1287
1290
|
# **Identities**
|
1288
1291
|
#
|
@@ -1294,54 +1297,55 @@ module Aws::STS
|
|
1294
1297
|
# specified in the role's trust policy.
|
1295
1298
|
#
|
1296
1299
|
# Calling `AssumeRoleWithWebIdentity` can result in an entry in your
|
1297
|
-
# CloudTrail logs. The entry includes the [Subject][
|
1300
|
+
# CloudTrail logs. The entry includes the [Subject][15] of the provided
|
1298
1301
|
# web identity token. We recommend that you avoid using any personally
|
1299
1302
|
# identifiable information (PII) in this field. For example, you could
|
1300
1303
|
# instead use a GUID or a pairwise identifier, as [suggested in the OIDC
|
1301
|
-
# specification][
|
1304
|
+
# specification][16].
|
1302
1305
|
#
|
1303
1306
|
# For more information about how to use web identity federation and the
|
1304
1307
|
# `AssumeRoleWithWebIdentity` API, see the following resources:
|
1305
1308
|
#
|
1306
|
-
# * [Using Web Identity Federation API Operations for Mobile Apps][
|
1307
|
-
# and [Federation Through a Web-based Identity Provider][
|
1309
|
+
# * [Using Web Identity Federation API Operations for Mobile Apps][17]
|
1310
|
+
# and [Federation Through a Web-based Identity Provider][18].
|
1308
1311
|
#
|
1309
|
-
# * [ Web Identity Federation Playground][
|
1312
|
+
# * [ Web Identity Federation Playground][19]. Walk through the process
|
1310
1313
|
# of authenticating through Login with Amazon, Facebook, or Google,
|
1311
1314
|
# getting temporary security credentials, and then using those
|
1312
1315
|
# credentials to make a request to Amazon Web Services.
|
1313
1316
|
#
|
1314
|
-
# * [Amazon Web Services SDK for iOS Developer Guide][
|
1315
|
-
# Services SDK for Android Developer Guide][
|
1317
|
+
# * [Amazon Web Services SDK for iOS Developer Guide][2] and [Amazon Web
|
1318
|
+
# Services SDK for Android Developer Guide][3]. These toolkits contain
|
1316
1319
|
# sample apps that show how to invoke the identity providers. The
|
1317
1320
|
# toolkits then show how to use the information from these providers
|
1318
1321
|
# to get and use temporary security credentials.
|
1319
1322
|
#
|
1320
|
-
# * [Web Identity Federation with Mobile Applications][
|
1323
|
+
# * [Web Identity Federation with Mobile Applications][20]. This article
|
1321
1324
|
# discusses web identity federation and shows an example of how to use
|
1322
1325
|
# web identity federation to get access to content in Amazon S3.
|
1323
1326
|
#
|
1324
1327
|
#
|
1325
1328
|
#
|
1326
|
-
# [1]:
|
1327
|
-
# [2]: http://aws.amazon.com/
|
1328
|
-
# [3]:
|
1329
|
-
# [4]: https://docs.aws.amazon.com/mobile/
|
1330
|
-
# [5]: https://docs.aws.amazon.com/
|
1331
|
-
# [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
1332
|
-
# [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1333
|
-
# [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
|
1334
|
-
# [9]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1335
|
-
# [10]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1336
|
-
# [11]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1337
|
-
# [12]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1338
|
-
# [13]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1339
|
-
# [14]:
|
1340
|
-
# [15]: http://openid.net/specs/openid-connect-core-1_0.html#
|
1341
|
-
# [16]:
|
1342
|
-
# [17]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1343
|
-
# [18]: https://aws.amazon.com/
|
1344
|
-
# [19]:
|
1329
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html
|
1330
|
+
# [2]: http://aws.amazon.com/sdkforios/
|
1331
|
+
# [3]: http://aws.amazon.com/sdkforandroid/
|
1332
|
+
# [4]: https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840
|
1333
|
+
# [5]: https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664
|
1334
|
+
# [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
1335
|
+
# [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
1336
|
+
# [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
1337
|
+
# [9]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
|
1338
|
+
# [10]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
1339
|
+
# [11]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1340
|
+
# [12]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
1341
|
+
# [13]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
|
1342
|
+
# [14]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
|
1343
|
+
# [15]: http://openid.net/specs/openid-connect-core-1_0.html#Claims
|
1344
|
+
# [16]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
|
1345
|
+
# [17]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html
|
1346
|
+
# [18]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
|
1347
|
+
# [19]: https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/
|
1348
|
+
# [20]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications
|
1345
1349
|
#
|
1346
1350
|
# @option params [required, String] :role_arn
|
1347
1351
|
# The Amazon Resource Name (ARN) of the role that the caller is
|
@@ -1368,13 +1372,13 @@ module Aws::STS
|
|
1368
1372
|
# `AssumeRoleWithWebIdentity` call.
|
1369
1373
|
#
|
1370
1374
|
# @option params [String] :provider_id
|
1371
|
-
# The fully qualified host component of the domain name of the
|
1372
|
-
# provider.
|
1375
|
+
# The fully qualified host component of the domain name of the OAuth 2.0
|
1376
|
+
# identity provider. Do not specify this value for an OpenID Connect
|
1377
|
+
# identity provider.
|
1373
1378
|
#
|
1374
|
-
#
|
1375
|
-
#
|
1376
|
-
#
|
1377
|
-
# schemes and port numbers.
|
1379
|
+
# Currently `www.amazon.com` and `graph.facebook.com` are the only
|
1380
|
+
# supported identity providers for OAuth 2.0 access tokens. Do not
|
1381
|
+
# include URL schemes and port numbers.
|
1378
1382
|
#
|
1379
1383
|
# Do not specify this value for OpenID Connect ID tokens.
|
1380
1384
|
#
|
@@ -2286,7 +2290,7 @@ module Aws::STS
|
|
2286
2290
|
params: params,
|
2287
2291
|
config: config)
|
2288
2292
|
context[:gem_name] = 'aws-sdk-core'
|
2289
|
-
context[:gem_version] = '3.
|
2293
|
+
context[:gem_version] = '3.128.0'
|
2290
2294
|
Seahorse::Client::Request.new(handlers, context)
|
2291
2295
|
end
|
2292
2296
|
|
data/lib/aws-sdk-sts/types.rb
CHANGED
@@ -213,7 +213,7 @@ module Aws::STS
|
|
213
213
|
#
|
214
214
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
215
215
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
216
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
216
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs
|
217
217
|
# @return [Array<Types::Tag>]
|
218
218
|
#
|
219
219
|
# @!attribute [rw] transitive_tag_keys
|
@@ -710,13 +710,13 @@ module Aws::STS
|
|
710
710
|
# @return [String]
|
711
711
|
#
|
712
712
|
# @!attribute [rw] provider_id
|
713
|
-
# The fully qualified host component of the domain name of the
|
714
|
-
# identity provider.
|
713
|
+
# The fully qualified host component of the domain name of the OAuth
|
714
|
+
# 2.0 identity provider. Do not specify this value for an OpenID
|
715
|
+
# Connect identity provider.
|
715
716
|
#
|
716
|
-
#
|
717
|
-
#
|
718
|
-
#
|
719
|
-
# schemes and port numbers.
|
717
|
+
# Currently `www.amazon.com` and `graph.facebook.com` are the only
|
718
|
+
# supported identity providers for OAuth 2.0 access tokens. Do not
|
719
|
+
# include URL schemes and port numbers.
|
720
720
|
#
|
721
721
|
# Do not specify this value for OpenID Connect ID tokens.
|
722
722
|
# @return [String]
|
data/lib/aws-sdk-sts.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.128.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-03-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jmespath
|
@@ -139,6 +139,7 @@ files:
|
|
139
139
|
- lib/aws-sdk-core/plugins/apig_authorizer_token.rb
|
140
140
|
- lib/aws-sdk-core/plugins/apig_credentials_configuration.rb
|
141
141
|
- lib/aws-sdk-core/plugins/apig_user_agent.rb
|
142
|
+
- lib/aws-sdk-core/plugins/checksum_algorithm.rb
|
142
143
|
- lib/aws-sdk-core/plugins/client_metrics_plugin.rb
|
143
144
|
- lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb
|
144
145
|
- lib/aws-sdk-core/plugins/credentials_configuration.rb
|