aws-sdk-core 3.129.1 → 3.130.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/assume_role_credentials.rb +1 -0
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +2 -1
- data/lib/aws-sdk-core/ecs_credentials.rb +1 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +1 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +1 -0
- data/lib/aws-sdk-core/process_credentials.rb +3 -2
- data/lib/aws-sdk-core/refreshing_credentials.rb +29 -11
- data/lib/aws-sdk-core/sso_credentials.rb +1 -0
- data/lib/aws-sdk-sso/client.rb +1 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +1 -1
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d7804cbac83996a95b2cacbd808389798eb0b461229a9e8e2a966cd28d599aa6
|
|
4
|
+
data.tar.gz: ce3557bcbd4d6a5edaa1bc99fbd7e75f9b2e23eb6fadb8be06a69b91e2e8a4a7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d1d0b4ec0b478389290d84409869ed012e4a2ce6408d3dc5c46c618771cc970d9086eb4686dd64b740ebd5eeafe7cc0e8b6fa63d3f89202e8f2841d9a203bdbb
|
|
7
|
+
data.tar.gz: f4c41ffb85d712bcaf8701aa61a886837517df23e14a53c2b9201d86bfcc1fd41b5b8badded9f91aeb0ee77553c9e2af80b4c82d1e249486b5630afc1582939c
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
3.130.0 (2022-03-11)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - Asynchronously refresh AWS credentials (#2641).
|
|
8
|
+
|
|
9
|
+
* Issue - Add x-amz-region-set to list of headers deleted for re-sign.
|
|
10
|
+
|
|
4
11
|
3.129.1 (2022-03-10)
|
|
5
12
|
------------------
|
|
6
13
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.130.0
|
|
@@ -17,7 +17,7 @@ module Aws
|
|
|
17
17
|
# ...
|
|
18
18
|
# )
|
|
19
19
|
# For full list of parameters accepted
|
|
20
|
-
# @see Aws::STS::Client#assume_role_with_web_identity
|
|
20
|
+
# @see Aws::STS::Client#assume_role_with_web_identity
|
|
21
21
|
#
|
|
22
22
|
#
|
|
23
23
|
# If you omit `:client` option, a new {STS::Client} object will be
|
|
@@ -48,6 +48,7 @@ module Aws
|
|
|
48
48
|
client_opts = {}
|
|
49
49
|
@assume_role_web_identity_params = {}
|
|
50
50
|
@token_file = options.delete(:web_identity_token_file)
|
|
51
|
+
@async_refresh = true
|
|
51
52
|
options.each_pair do |key, value|
|
|
52
53
|
if self.class.assume_role_web_identity_options.include?(key)
|
|
53
54
|
@assume_role_web_identity_params[key] = value
|
|
@@ -98,6 +98,7 @@ module Aws
|
|
|
98
98
|
req.headers.delete('Authorization')
|
|
99
99
|
req.headers.delete('X-Amz-Security-Token')
|
|
100
100
|
req.headers.delete('X-Amz-Date')
|
|
101
|
+
req.headers.delete('x-Amz-Region-Set')
|
|
101
102
|
|
|
102
103
|
if context.config.respond_to?(:clock_skew) &&
|
|
103
104
|
context.config.clock_skew &&
|
|
@@ -27,6 +27,7 @@ module Aws
|
|
|
27
27
|
def initialize(process)
|
|
28
28
|
@process = process
|
|
29
29
|
@credentials = credentials_from_process(@process)
|
|
30
|
+
@async_refresh = false
|
|
30
31
|
|
|
31
32
|
super
|
|
32
33
|
end
|
|
@@ -73,9 +74,9 @@ module Aws
|
|
|
73
74
|
@credentials = credentials_from_process(@process)
|
|
74
75
|
end
|
|
75
76
|
|
|
76
|
-
def near_expiration?
|
|
77
|
+
def near_expiration?(expiration_length)
|
|
77
78
|
# are we within 5 minutes of expiration?
|
|
78
|
-
@expiration && (Time.now.to_i +
|
|
79
|
+
@expiration && (Time.now.to_i + expiration_length) > @expiration.to_i
|
|
79
80
|
end
|
|
80
81
|
end
|
|
81
82
|
end
|
|
@@ -17,6 +17,9 @@ module Aws
|
|
|
17
17
|
# @api private
|
|
18
18
|
module RefreshingCredentials
|
|
19
19
|
|
|
20
|
+
SYNC_EXPIRATION_LENGTH = 300 # 5 minutes
|
|
21
|
+
ASYNC_EXPIRATION_LENGTH = 600 # 10 minutes
|
|
22
|
+
|
|
20
23
|
def initialize(options = {})
|
|
21
24
|
@mutex = Mutex.new
|
|
22
25
|
@before_refresh = options.delete(:before_refresh) if Hash === options
|
|
@@ -27,13 +30,13 @@ module Aws
|
|
|
27
30
|
|
|
28
31
|
# @return [Credentials]
|
|
29
32
|
def credentials
|
|
30
|
-
refresh_if_near_expiration
|
|
33
|
+
refresh_if_near_expiration!
|
|
31
34
|
@credentials
|
|
32
35
|
end
|
|
33
36
|
|
|
34
37
|
# @return [Time,nil]
|
|
35
38
|
def expiration
|
|
36
|
-
refresh_if_near_expiration
|
|
39
|
+
refresh_if_near_expiration!
|
|
37
40
|
@expiration
|
|
38
41
|
end
|
|
39
42
|
|
|
@@ -49,24 +52,39 @@ module Aws
|
|
|
49
52
|
|
|
50
53
|
private
|
|
51
54
|
|
|
52
|
-
# Refreshes
|
|
53
|
-
#
|
|
54
|
-
|
|
55
|
-
|
|
55
|
+
# Refreshes credentials asynchronously and synchronously.
|
|
56
|
+
# If we are near to expiration, block while getting new credentials.
|
|
57
|
+
# Otherwise, if we're approaching expiration, use the existing credentials
|
|
58
|
+
# but attempt a refresh in the background.
|
|
59
|
+
def refresh_if_near_expiration!
|
|
60
|
+
# Note: This check is an optimization. Rather than acquire the mutex on every #refresh_if_near_expiration
|
|
61
|
+
# call, we check before doing so, and then we check within the mutex to avoid a race condition.
|
|
62
|
+
# See issue: https://github.com/aws/aws-sdk-ruby/issues/2641 for more info.
|
|
63
|
+
if near_expiration?(SYNC_EXPIRATION_LENGTH)
|
|
56
64
|
@mutex.synchronize do
|
|
57
|
-
if near_expiration?
|
|
65
|
+
if near_expiration?(SYNC_EXPIRATION_LENGTH)
|
|
58
66
|
@before_refresh.call(self) if @before_refresh
|
|
59
|
-
|
|
60
67
|
refresh
|
|
61
68
|
end
|
|
62
69
|
end
|
|
70
|
+
elsif @async_refresh && near_expiration?(ASYNC_EXPIRATION_LENGTH)
|
|
71
|
+
unless @mutex.locked?
|
|
72
|
+
Thread.new do
|
|
73
|
+
@mutex.synchronize do
|
|
74
|
+
if near_expiration?(ASYNC_EXPIRATION_LENGTH)
|
|
75
|
+
@before_refresh.call(self) if @before_refresh
|
|
76
|
+
refresh
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
end
|
|
63
81
|
end
|
|
64
82
|
end
|
|
65
83
|
|
|
66
|
-
def near_expiration?
|
|
84
|
+
def near_expiration?(expiration_length)
|
|
67
85
|
if @expiration
|
|
68
|
-
#
|
|
69
|
-
(Time.now.to_i +
|
|
86
|
+
# Are we within expiration?
|
|
87
|
+
(Time.now.to_i + expiration_length) > @expiration.to_i
|
|
70
88
|
else
|
|
71
89
|
true
|
|
72
90
|
end
|
data/lib/aws-sdk-sso/client.rb
CHANGED
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
|
@@ -2290,7 +2290,7 @@ module Aws::STS
|
|
|
2290
2290
|
params: params,
|
|
2291
2291
|
config: config)
|
|
2292
2292
|
context[:gem_name] = 'aws-sdk-core'
|
|
2293
|
-
context[:gem_version] = '3.
|
|
2293
|
+
context[:gem_version] = '3.130.0'
|
|
2294
2294
|
Seahorse::Client::Request.new(handlers, context)
|
|
2295
2295
|
end
|
|
2296
2296
|
|
data/lib/aws-sdk-sts.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.130.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-03-
|
|
11
|
+
date: 2022-03-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jmespath
|