aws-sdk-core 3.129.1 → 3.130.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/assume_role_credentials.rb +2 -1
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +4 -4
- data/lib/aws-sdk-core/ecs_credentials.rb +1 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +1 -0
- data/lib/aws-sdk-core/plugins/retry_errors.rb +12 -2
- data/lib/aws-sdk-core/plugins/signature_v4.rb +1 -0
- data/lib/aws-sdk-core/process_credentials.rb +3 -2
- data/lib/aws-sdk-core/refreshing_credentials.rb +31 -11
- data/lib/aws-sdk-core/sso_credentials.rb +8 -3
- data/lib/aws-sdk-sso/client.rb +1 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +1 -1
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ff22a0d39db864fb7a965fedeb1f45730a70840d8ae4475e2222529604e3a707
|
|
4
|
+
data.tar.gz: 90117e48ef4377412254102c08d95718c14b407c64be26b8bb0c62b4b349bfa2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dded90c284f709ca41f859ffb832c243728e2d19d630a84c6ba960052e8004af3e90c292f307c8ab76d2f0578ae2259402c4b96ad3a73c7a7e48e9b72c23a919
|
|
7
|
+
data.tar.gz: bf2b97dc6ce9aafca32582f0e06b0245bf0741f897cfe1ebadf7369f1e7344604247803b396aedc6da37415594baacdce933cd22afba09abc61684884dafe135
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,23 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
3.130.2 (2022-04-22)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Issue - Don't pass `:before_refresh` to Client constructors in RefreshingCredential implementations (#2690).
|
|
8
|
+
|
|
9
|
+
3.130.1 (2022-04-12)
|
|
10
|
+
------------------
|
|
11
|
+
|
|
12
|
+
* Issue - Don't call `refresh!` on non-refreshable `Credentials` when retrying errors (#2685).
|
|
13
|
+
|
|
14
|
+
3.130.0 (2022-03-11)
|
|
15
|
+
------------------
|
|
16
|
+
|
|
17
|
+
* Feature - Asynchronously refresh AWS credentials (#2641).
|
|
18
|
+
|
|
19
|
+
* Issue - Add x-amz-region-set to list of headers deleted for re-sign.
|
|
20
|
+
|
|
4
21
|
3.129.1 (2022-03-10)
|
|
5
22
|
------------------
|
|
6
23
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.130.2
|
|
@@ -49,11 +49,12 @@ module Aws
|
|
|
49
49
|
options.each_pair do |key, value|
|
|
50
50
|
if self.class.assume_role_options.include?(key)
|
|
51
51
|
@assume_role_params[key] = value
|
|
52
|
-
|
|
52
|
+
elsif !CLIENT_EXCLUDE_OPTIONS.include?(key)
|
|
53
53
|
client_opts[key] = value
|
|
54
54
|
end
|
|
55
55
|
end
|
|
56
56
|
@client = client_opts[:client] || STS::Client.new(client_opts)
|
|
57
|
+
@async_refresh = true
|
|
57
58
|
super
|
|
58
59
|
end
|
|
59
60
|
|
|
@@ -17,7 +17,7 @@ module Aws
|
|
|
17
17
|
# ...
|
|
18
18
|
# )
|
|
19
19
|
# For full list of parameters accepted
|
|
20
|
-
# @see Aws::STS::Client#assume_role_with_web_identity
|
|
20
|
+
# @see Aws::STS::Client#assume_role_with_web_identity
|
|
21
21
|
#
|
|
22
22
|
#
|
|
23
23
|
# If you omit `:client` option, a new {STS::Client} object will be
|
|
@@ -48,10 +48,11 @@ module Aws
|
|
|
48
48
|
client_opts = {}
|
|
49
49
|
@assume_role_web_identity_params = {}
|
|
50
50
|
@token_file = options.delete(:web_identity_token_file)
|
|
51
|
+
@async_refresh = true
|
|
51
52
|
options.each_pair do |key, value|
|
|
52
53
|
if self.class.assume_role_web_identity_options.include?(key)
|
|
53
54
|
@assume_role_web_identity_params[key] = value
|
|
54
|
-
|
|
55
|
+
elsif !CLIENT_EXCLUDE_OPTIONS.include?(key)
|
|
55
56
|
client_opts[key] = value
|
|
56
57
|
end
|
|
57
58
|
end
|
|
@@ -99,11 +100,10 @@ module Aws
|
|
|
99
100
|
# @api private
|
|
100
101
|
def assume_role_web_identity_options
|
|
101
102
|
@arwio ||= begin
|
|
102
|
-
input = STS::Client.api.operation(:assume_role_with_web_identity).input
|
|
103
|
+
input = Aws::STS::Client.api.operation(:assume_role_with_web_identity).input
|
|
103
104
|
Set.new(input.shape.member_names)
|
|
104
105
|
end
|
|
105
106
|
end
|
|
106
|
-
|
|
107
107
|
end
|
|
108
108
|
end
|
|
109
109
|
end
|
|
@@ -313,12 +313,17 @@ a clock skew correction and retry requests with skewed client clocks.
|
|
|
313
313
|
|
|
314
314
|
def retry_request(context, error)
|
|
315
315
|
context.retries += 1
|
|
316
|
-
context.config.credentials.refresh! if error
|
|
316
|
+
context.config.credentials.refresh! if refresh_credentials?(context, error)
|
|
317
317
|
context.http_request.body.rewind
|
|
318
318
|
context.http_response.reset
|
|
319
319
|
call(context)
|
|
320
320
|
end
|
|
321
321
|
|
|
322
|
+
def refresh_credentials?(context, error)
|
|
323
|
+
error.expired_credentials? &&
|
|
324
|
+
context.config.credentials.respond_to?(:refresh!)
|
|
325
|
+
end
|
|
326
|
+
|
|
322
327
|
def add_retry_headers(context)
|
|
323
328
|
request_pairs = {
|
|
324
329
|
'attempt' => context.retries,
|
|
@@ -383,7 +388,7 @@ a clock skew correction and retry requests with skewed client clocks.
|
|
|
383
388
|
def retry_request(context, error)
|
|
384
389
|
delay_retry(context)
|
|
385
390
|
context.retries += 1
|
|
386
|
-
context.config.credentials.refresh! if error
|
|
391
|
+
context.config.credentials.refresh! if refresh_credentials?(context, error)
|
|
387
392
|
context.http_request.body.rewind
|
|
388
393
|
context.http_response.reset
|
|
389
394
|
call(context)
|
|
@@ -399,6 +404,11 @@ a clock skew correction and retry requests with skewed client clocks.
|
|
|
399
404
|
response_truncatable?(context)
|
|
400
405
|
end
|
|
401
406
|
|
|
407
|
+
def refresh_credentials?(context, error)
|
|
408
|
+
error.expired_credentials? &&
|
|
409
|
+
context.config.credentials.respond_to?(:refresh!)
|
|
410
|
+
end
|
|
411
|
+
|
|
402
412
|
def retry_limit(context)
|
|
403
413
|
context.config.retry_limit
|
|
404
414
|
end
|
|
@@ -98,6 +98,7 @@ module Aws
|
|
|
98
98
|
req.headers.delete('Authorization')
|
|
99
99
|
req.headers.delete('X-Amz-Security-Token')
|
|
100
100
|
req.headers.delete('X-Amz-Date')
|
|
101
|
+
req.headers.delete('x-Amz-Region-Set')
|
|
101
102
|
|
|
102
103
|
if context.config.respond_to?(:clock_skew) &&
|
|
103
104
|
context.config.clock_skew &&
|
|
@@ -27,6 +27,7 @@ module Aws
|
|
|
27
27
|
def initialize(process)
|
|
28
28
|
@process = process
|
|
29
29
|
@credentials = credentials_from_process(@process)
|
|
30
|
+
@async_refresh = false
|
|
30
31
|
|
|
31
32
|
super
|
|
32
33
|
end
|
|
@@ -73,9 +74,9 @@ module Aws
|
|
|
73
74
|
@credentials = credentials_from_process(@process)
|
|
74
75
|
end
|
|
75
76
|
|
|
76
|
-
def near_expiration?
|
|
77
|
+
def near_expiration?(expiration_length)
|
|
77
78
|
# are we within 5 minutes of expiration?
|
|
78
|
-
@expiration && (Time.now.to_i +
|
|
79
|
+
@expiration && (Time.now.to_i + expiration_length) > @expiration.to_i
|
|
79
80
|
end
|
|
80
81
|
end
|
|
81
82
|
end
|
|
@@ -17,6 +17,11 @@ module Aws
|
|
|
17
17
|
# @api private
|
|
18
18
|
module RefreshingCredentials
|
|
19
19
|
|
|
20
|
+
SYNC_EXPIRATION_LENGTH = 300 # 5 minutes
|
|
21
|
+
ASYNC_EXPIRATION_LENGTH = 600 # 10 minutes
|
|
22
|
+
|
|
23
|
+
CLIENT_EXCLUDE_OPTIONS = Set.new([:before_refresh]).freeze
|
|
24
|
+
|
|
20
25
|
def initialize(options = {})
|
|
21
26
|
@mutex = Mutex.new
|
|
22
27
|
@before_refresh = options.delete(:before_refresh) if Hash === options
|
|
@@ -27,13 +32,13 @@ module Aws
|
|
|
27
32
|
|
|
28
33
|
# @return [Credentials]
|
|
29
34
|
def credentials
|
|
30
|
-
refresh_if_near_expiration
|
|
35
|
+
refresh_if_near_expiration!
|
|
31
36
|
@credentials
|
|
32
37
|
end
|
|
33
38
|
|
|
34
39
|
# @return [Time,nil]
|
|
35
40
|
def expiration
|
|
36
|
-
refresh_if_near_expiration
|
|
41
|
+
refresh_if_near_expiration!
|
|
37
42
|
@expiration
|
|
38
43
|
end
|
|
39
44
|
|
|
@@ -49,24 +54,39 @@ module Aws
|
|
|
49
54
|
|
|
50
55
|
private
|
|
51
56
|
|
|
52
|
-
# Refreshes
|
|
53
|
-
#
|
|
54
|
-
|
|
55
|
-
|
|
57
|
+
# Refreshes credentials asynchronously and synchronously.
|
|
58
|
+
# If we are near to expiration, block while getting new credentials.
|
|
59
|
+
# Otherwise, if we're approaching expiration, use the existing credentials
|
|
60
|
+
# but attempt a refresh in the background.
|
|
61
|
+
def refresh_if_near_expiration!
|
|
62
|
+
# Note: This check is an optimization. Rather than acquire the mutex on every #refresh_if_near_expiration
|
|
63
|
+
# call, we check before doing so, and then we check within the mutex to avoid a race condition.
|
|
64
|
+
# See issue: https://github.com/aws/aws-sdk-ruby/issues/2641 for more info.
|
|
65
|
+
if near_expiration?(SYNC_EXPIRATION_LENGTH)
|
|
56
66
|
@mutex.synchronize do
|
|
57
|
-
if near_expiration?
|
|
67
|
+
if near_expiration?(SYNC_EXPIRATION_LENGTH)
|
|
58
68
|
@before_refresh.call(self) if @before_refresh
|
|
59
|
-
|
|
60
69
|
refresh
|
|
61
70
|
end
|
|
62
71
|
end
|
|
72
|
+
elsif @async_refresh && near_expiration?(ASYNC_EXPIRATION_LENGTH)
|
|
73
|
+
unless @mutex.locked?
|
|
74
|
+
Thread.new do
|
|
75
|
+
@mutex.synchronize do
|
|
76
|
+
if near_expiration?(ASYNC_EXPIRATION_LENGTH)
|
|
77
|
+
@before_refresh.call(self) if @before_refresh
|
|
78
|
+
refresh
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
end
|
|
63
83
|
end
|
|
64
84
|
end
|
|
65
85
|
|
|
66
|
-
def near_expiration?
|
|
86
|
+
def near_expiration?(expiration_length)
|
|
67
87
|
if @expiration
|
|
68
|
-
#
|
|
69
|
-
(Time.now.to_i +
|
|
88
|
+
# Are we within expiration?
|
|
89
|
+
(Time.now.to_i + expiration_length) > @expiration.to_i
|
|
70
90
|
else
|
|
71
91
|
true
|
|
72
92
|
end
|
|
@@ -83,9 +83,14 @@ module Aws
|
|
|
83
83
|
# validate we can read the token file
|
|
84
84
|
read_cached_token
|
|
85
85
|
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
86
|
+
|
|
87
|
+
client_opts = {}
|
|
88
|
+
options.each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) }
|
|
89
|
+
client_opts[:region] = @sso_region
|
|
90
|
+
client_opts[:credentials] = nil
|
|
91
|
+
|
|
92
|
+
@client = options[:client] || Aws::SSO::Client.new(client_opts)
|
|
93
|
+
@async_refresh = true
|
|
89
94
|
super
|
|
90
95
|
end
|
|
91
96
|
|
data/lib/aws-sdk-sso/client.rb
CHANGED
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
|
@@ -2290,7 +2290,7 @@ module Aws::STS
|
|
|
2290
2290
|
params: params,
|
|
2291
2291
|
config: config)
|
|
2292
2292
|
context[:gem_name] = 'aws-sdk-core'
|
|
2293
|
-
context[:gem_version] = '3.
|
|
2293
|
+
context[:gem_version] = '3.130.2'
|
|
2294
2294
|
Seahorse::Client::Request.new(handlers, context)
|
|
2295
2295
|
end
|
|
2296
2296
|
|
data/lib/aws-sdk-sts.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.130.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-04-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jmespath
|