aws-sdk-core 3.130.1 → 3.131.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -1
- data/VERSION +1 -1
- data/lib/aws-sdk-core/assume_role_credentials.rb +6 -11
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +8 -10
- data/lib/aws-sdk-core/ecs_credentials.rb +5 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +5 -0
- data/lib/aws-sdk-core/process_credentials.rb +6 -9
- data/lib/aws-sdk-core/refreshing_credentials.rb +2 -0
- data/lib/aws-sdk-core/sso_credentials.rb +15 -15
- data/lib/aws-sdk-sso/client.rb +1 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +14 -5
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +10 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d25aed21a4d1a4e440f095565b04567939d9f1762346a1402373e19c402ca8f0
|
4
|
+
data.tar.gz: 237863ff6fbc7e36e5787721ae68c50f04e4453265f14465c7c51ba168d59a05
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5864566f11163702d6a0d3e187ee827f47ebfd1c24030d8da65d4b4e234532338c532669e6fea385ef94b433e49a29ed84be5aa85740504cf86d2f764e779313
|
7
|
+
data.tar.gz: 1afd6c9611c06bda29cadf6fc0ffa29a1f3baec7d31a8365a0de91e6cf273bbd403a44f075da83dd22c61fc3f0f62ceb1ad59b78cc6df2f18ebd82774face1c7
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,21 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
3.131.1 (2022-05-20)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Issue - Bump the minimum version of `jmespath` dependency.
|
8
|
+
|
9
|
+
3.131.0 (2022-05-16)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
13
|
+
|
14
|
+
3.130.2 (2022-04-22)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Issue - Don't pass `:before_refresh` to Client constructors in RefreshingCredential implementations (#2690).
|
18
|
+
|
4
19
|
3.130.1 (2022-04-12)
|
5
20
|
------------------
|
6
21
|
|
@@ -45,7 +60,7 @@ Unreleased Changes
|
|
45
60
|
3.126.2 (2022-02-16)
|
46
61
|
------------------
|
47
62
|
|
48
|
-
* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
|
63
|
+
* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
|
49
64
|
* Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist.
|
50
65
|
|
51
66
|
3.126.1 (2022-02-14)
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.131.1
|
@@ -3,25 +3,20 @@
|
|
3
3
|
require 'set'
|
4
4
|
|
5
5
|
module Aws
|
6
|
-
|
7
|
-
#
|
8
|
-
# a role via {Aws::STS::Client#assume_role}.
|
6
|
+
# An auto-refreshing credential provider that assumes a role via
|
7
|
+
# {Aws::STS::Client#assume_role}.
|
9
8
|
#
|
10
9
|
# role_credentials = Aws::AssumeRoleCredentials.new(
|
11
10
|
# client: Aws::STS::Client.new(...),
|
12
11
|
# role_arn: "linked::account::arn",
|
13
12
|
# role_session_name: "session-name"
|
14
13
|
# )
|
15
|
-
#
|
16
14
|
# ec2 = Aws::EC2::Client.new(credentials: role_credentials)
|
17
15
|
#
|
18
|
-
# If you omit `:client` option, a new {STS::Client} object will be
|
19
|
-
# constructed.
|
16
|
+
# If you omit `:client` option, a new {Aws::STS::Client} object will be
|
17
|
+
# constructed with additional options that were provided.
|
20
18
|
#
|
21
|
-
#
|
22
|
-
# that can be used to help manage refreshing tokens.
|
23
|
-
# `before_refresh` is called when AWS credentials are required and need
|
24
|
-
# to be refreshed and it is called with the AssumeRoleCredentials object.
|
19
|
+
# @see Aws::STS::Client#assume_role
|
25
20
|
class AssumeRoleCredentials
|
26
21
|
|
27
22
|
include CredentialProvider
|
@@ -49,7 +44,7 @@ module Aws
|
|
49
44
|
options.each_pair do |key, value|
|
50
45
|
if self.class.assume_role_options.include?(key)
|
51
46
|
@assume_role_params[key] = value
|
52
|
-
|
47
|
+
elsif !CLIENT_EXCLUDE_OPTIONS.include?(key)
|
53
48
|
client_opts[key] = value
|
54
49
|
end
|
55
50
|
end
|
@@ -5,9 +5,8 @@ require 'securerandom'
|
|
5
5
|
require 'base64'
|
6
6
|
|
7
7
|
module Aws
|
8
|
-
|
9
|
-
#
|
10
|
-
# a role via {Aws::STS::Client#assume_role_with_web_identity}.
|
8
|
+
# An auto-refreshing credential provider that assumes a role via
|
9
|
+
# {Aws::STS::Client#assume_role_with_web_identity}.
|
11
10
|
#
|
12
11
|
# role_credentials = Aws::AssumeRoleWebIdentityCredentials.new(
|
13
12
|
# client: Aws::STS::Client.new(...),
|
@@ -16,12 +15,12 @@ module Aws
|
|
16
15
|
# role_session_name: "session-name"
|
17
16
|
# ...
|
18
17
|
# )
|
19
|
-
#
|
20
|
-
# @see Aws::STS::Client#assume_role_with_web_identity
|
18
|
+
# ec2 = Aws::EC2::Client.new(credentials: role_credentials)
|
21
19
|
#
|
20
|
+
# If you omit `:client` option, a new {Aws::STS::Client} object will be
|
21
|
+
# constructed with additional options that were provided.
|
22
22
|
#
|
23
|
-
#
|
24
|
-
# constructed.
|
23
|
+
# @see Aws::STS::Client#assume_role_with_web_identity
|
25
24
|
class AssumeRoleWebIdentityCredentials
|
26
25
|
|
27
26
|
include CredentialProvider
|
@@ -52,7 +51,7 @@ module Aws
|
|
52
51
|
options.each_pair do |key, value|
|
53
52
|
if self.class.assume_role_web_identity_options.include?(key)
|
54
53
|
@assume_role_web_identity_params[key] = value
|
55
|
-
|
54
|
+
elsif !CLIENT_EXCLUDE_OPTIONS.include?(key)
|
56
55
|
client_opts[key] = value
|
57
56
|
end
|
58
57
|
end
|
@@ -100,11 +99,10 @@ module Aws
|
|
100
99
|
# @api private
|
101
100
|
def assume_role_web_identity_options
|
102
101
|
@arwio ||= begin
|
103
|
-
input = STS::Client.api.operation(:assume_role_with_web_identity).input
|
102
|
+
input = Aws::STS::Client.api.operation(:assume_role_with_web_identity).input
|
104
103
|
Set.new(input.shape.member_names)
|
105
104
|
end
|
106
105
|
end
|
107
|
-
|
108
106
|
end
|
109
107
|
end
|
110
108
|
end
|
@@ -4,6 +4,11 @@ require 'time'
|
|
4
4
|
require 'net/http'
|
5
5
|
|
6
6
|
module Aws
|
7
|
+
# An auto-refreshing credential provider that loads credentials from
|
8
|
+
# instances running in ECS.
|
9
|
+
#
|
10
|
+
# ecs_credentials = Aws::ECSCredentials.new(retries: 3)
|
11
|
+
# ec2 = Aws::EC2::Client.new(credentials: ecs_credentials)
|
7
12
|
class ECSCredentials
|
8
13
|
|
9
14
|
include CredentialProvider
|
@@ -4,6 +4,11 @@ require 'time'
|
|
4
4
|
require 'net/http'
|
5
5
|
|
6
6
|
module Aws
|
7
|
+
# An auto-refreshing credential provider that loads credentials from
|
8
|
+
# EC2 instances.
|
9
|
+
#
|
10
|
+
# instance_credentials = Aws::InstanceProfileCredentials.new
|
11
|
+
# ec2 = Aws::EC2::Client.new(credentials: instance_credentials)
|
7
12
|
class InstanceProfileCredentials
|
8
13
|
include CredentialProvider
|
9
14
|
include RefreshingCredentials
|
@@ -1,19 +1,16 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Aws
|
4
|
-
|
5
4
|
# A credential provider that executes a given process and attempts
|
6
|
-
# to read its stdout to recieve a JSON payload containing the credentials
|
7
|
-
#
|
8
|
-
# Automatically handles refreshing credentials if an Expiration time is
|
9
|
-
# provided in the credentials payload
|
10
|
-
#
|
11
|
-
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc').credentials
|
5
|
+
# to read its stdout to recieve a JSON payload containing the credentials.
|
12
6
|
#
|
7
|
+
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc')
|
13
8
|
# ec2 = Aws::EC2::Client.new(credentials: credentials)
|
14
9
|
#
|
15
|
-
#
|
16
|
-
#
|
10
|
+
# Automatically handles refreshing credentials if an Expiration time is
|
11
|
+
# provided in the credentials payload.
|
12
|
+
#
|
13
|
+
# @see https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes
|
17
14
|
class ProcessCredentials
|
18
15
|
|
19
16
|
include CredentialProvider
|
@@ -20,6 +20,8 @@ module Aws
|
|
20
20
|
SYNC_EXPIRATION_LENGTH = 300 # 5 minutes
|
21
21
|
ASYNC_EXPIRATION_LENGTH = 600 # 10 minutes
|
22
22
|
|
23
|
+
CLIENT_EXCLUDE_OPTIONS = Set.new([:before_refresh]).freeze
|
24
|
+
|
23
25
|
def initialize(options = {})
|
24
26
|
@mutex = Mutex.new
|
25
27
|
@before_refresh = options.delete(:before_refresh) if Hash === options
|
@@ -1,17 +1,12 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Aws
|
4
|
-
# An auto-refreshing credential provider that
|
5
|
-
#
|
6
|
-
# token.
|
4
|
+
# An auto-refreshing credential provider that assumes a role via
|
5
|
+
# {Aws::SSO::Client#get_role_credentials} using a cached access
|
6
|
+
# token. This class does NOT implement the SSO login token flow - tokens
|
7
7
|
# must generated and refreshed separately by running `aws login` from the
|
8
8
|
# AWS CLI with the correct profile.
|
9
9
|
#
|
10
|
-
# For more background on AWS SSO see the official
|
11
|
-
# {https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html what is SSO Userguide}
|
12
|
-
#
|
13
|
-
# ## Refreshing Credentials from SSO
|
14
|
-
#
|
15
10
|
# The `SSOCredentials` will auto-refresh the AWS credentials from SSO. In
|
16
11
|
# addition to AWS credentials expiring after a given amount of time, the
|
17
12
|
# access token generated and cached from `aws login` will also expire.
|
@@ -20,7 +15,6 @@ module Aws
|
|
20
15
|
# the token value, but this can be done by running `aws login` with the
|
21
16
|
# correct profile.
|
22
17
|
#
|
23
|
-
#
|
24
18
|
# # You must first run aws sso login --profile your-sso-profile
|
25
19
|
# sso_credentials = Aws::SSOCredentials.new(
|
26
20
|
# sso_account_id: '123456789',
|
@@ -28,11 +22,13 @@ module Aws
|
|
28
22
|
# sso_region: "us-east-1",
|
29
23
|
# sso_start_url: 'https://your-start-url.awsapps.com/start'
|
30
24
|
# )
|
31
|
-
#
|
32
25
|
# ec2 = Aws::EC2::Client.new(credentials: sso_credentials)
|
33
26
|
#
|
34
|
-
# If you omit `:client` option, a new {SSO::Client} object will be
|
35
|
-
# constructed.
|
27
|
+
# If you omit `:client` option, a new {Aws::SSO::Client} object will be
|
28
|
+
# constructed with additional options that were provided.
|
29
|
+
#
|
30
|
+
# @see Aws::SSO::Client#get_role_credentials
|
31
|
+
# @see https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
|
36
32
|
class SSOCredentials
|
37
33
|
|
38
34
|
include CredentialProvider
|
@@ -83,9 +79,13 @@ module Aws
|
|
83
79
|
# validate we can read the token file
|
84
80
|
read_cached_token
|
85
81
|
|
86
|
-
|
87
|
-
|
88
|
-
|
82
|
+
|
83
|
+
client_opts = {}
|
84
|
+
options.each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) }
|
85
|
+
client_opts[:region] = @sso_region
|
86
|
+
client_opts[:credentials] = nil
|
87
|
+
|
88
|
+
@client = options[:client] || Aws::SSO::Client.new(client_opts)
|
89
89
|
@async_refresh = true
|
90
90
|
super
|
91
91
|
end
|
data/lib/aws-sdk-sso/client.rb
CHANGED
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -2145,6 +2145,14 @@ module Aws::STS
|
|
2145
2145
|
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
2146
2146
|
# operations][2] in the *IAM User Guide*.
|
2147
2147
|
#
|
2148
|
+
# <note markdown="1"> No permissions are required for users to perform this operation. The
|
2149
|
+
# purpose of the `sts:GetSessionToken` operation is to authenticate the
|
2150
|
+
# user using MFA. You cannot use policies to control authentication
|
2151
|
+
# operations. For more information, see [Permissions for
|
2152
|
+
# GetSessionToken][3] in the *IAM User Guide*.
|
2153
|
+
#
|
2154
|
+
# </note>
|
2155
|
+
#
|
2148
2156
|
# **Session Duration**
|
2149
2157
|
#
|
2150
2158
|
# The `GetSessionToken` operation must be called by using the long-term
|
@@ -2170,7 +2178,7 @@ module Aws::STS
|
|
2170
2178
|
#
|
2171
2179
|
# <note markdown="1"> We recommend that you do not call `GetSessionToken` with Amazon Web
|
2172
2180
|
# Services account root user credentials. Instead, follow our [best
|
2173
|
-
# practices][
|
2181
|
+
# practices][4] by creating one or more IAM users, giving them the
|
2174
2182
|
# necessary permissions, and using IAM users for everyday interaction
|
2175
2183
|
# with Amazon Web Services.
|
2176
2184
|
#
|
@@ -2186,14 +2194,15 @@ module Aws::STS
|
|
2186
2194
|
#
|
2187
2195
|
# For more information about using `GetSessionToken` to create temporary
|
2188
2196
|
# credentials, go to [Temporary Credentials for Users in Untrusted
|
2189
|
-
# Environments][
|
2197
|
+
# Environments][5] in the *IAM User Guide*.
|
2190
2198
|
#
|
2191
2199
|
#
|
2192
2200
|
#
|
2193
2201
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
2194
2202
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
2195
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
2196
|
-
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
2203
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html
|
2204
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users
|
2205
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken
|
2197
2206
|
#
|
2198
2207
|
# @option params [Integer] :duration_seconds
|
2199
2208
|
# The duration, in seconds, that the credentials should remain valid.
|
@@ -2290,7 +2299,7 @@ module Aws::STS
|
|
2290
2299
|
params: params,
|
2291
2300
|
config: config)
|
2292
2301
|
context[:gem_name] = 'aws-sdk-core'
|
2293
|
-
context[:gem_version] = '3.
|
2302
|
+
context[:gem_version] = '3.131.1'
|
2294
2303
|
Seahorse::Client::Request.new(handlers, context)
|
2295
2304
|
end
|
2296
2305
|
|
data/lib/aws-sdk-sts.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.131.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-05-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jmespath
|
@@ -16,14 +16,20 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '1
|
19
|
+
version: '1'
|
20
|
+
- - ">="
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 1.6.1
|
20
23
|
type: :runtime
|
21
24
|
prerelease: false
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
23
26
|
requirements:
|
24
27
|
- - "~>"
|
25
28
|
- !ruby/object:Gem::Version
|
26
|
-
version: '1
|
29
|
+
version: '1'
|
30
|
+
- - ">="
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 1.6.1
|
27
33
|
- !ruby/object:Gem::Dependency
|
28
34
|
name: aws-partitions
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|