aws-sdk-core 3.130.1 → 3.131.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -1
- data/VERSION +1 -1
- data/lib/aws-sdk-core/assume_role_credentials.rb +6 -11
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +8 -10
- data/lib/aws-sdk-core/ecs_credentials.rb +5 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +5 -0
- data/lib/aws-sdk-core/process_credentials.rb +6 -9
- data/lib/aws-sdk-core/refreshing_credentials.rb +2 -0
- data/lib/aws-sdk-core/sso_credentials.rb +15 -15
- data/lib/aws-sdk-sso/client.rb +1 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +14 -5
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +10 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d25aed21a4d1a4e440f095565b04567939d9f1762346a1402373e19c402ca8f0
|
|
4
|
+
data.tar.gz: 237863ff6fbc7e36e5787721ae68c50f04e4453265f14465c7c51ba168d59a05
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5864566f11163702d6a0d3e187ee827f47ebfd1c24030d8da65d4b4e234532338c532669e6fea385ef94b433e49a29ed84be5aa85740504cf86d2f764e779313
|
|
7
|
+
data.tar.gz: 1afd6c9611c06bda29cadf6fc0ffa29a1f3baec7d31a8365a0de91e6cf273bbd403a44f075da83dd22c61fc3f0f62ceb1ad59b78cc6df2f18ebd82774face1c7
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,21 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
3.131.1 (2022-05-20)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Issue - Bump the minimum version of `jmespath` dependency.
|
|
8
|
+
|
|
9
|
+
3.131.0 (2022-05-16)
|
|
10
|
+
------------------
|
|
11
|
+
|
|
12
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
|
13
|
+
|
|
14
|
+
3.130.2 (2022-04-22)
|
|
15
|
+
------------------
|
|
16
|
+
|
|
17
|
+
* Issue - Don't pass `:before_refresh` to Client constructors in RefreshingCredential implementations (#2690).
|
|
18
|
+
|
|
4
19
|
3.130.1 (2022-04-12)
|
|
5
20
|
------------------
|
|
6
21
|
|
|
@@ -45,7 +60,7 @@ Unreleased Changes
|
|
|
45
60
|
3.126.2 (2022-02-16)
|
|
46
61
|
------------------
|
|
47
62
|
|
|
48
|
-
* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
|
|
63
|
+
* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
|
|
49
64
|
* Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist.
|
|
50
65
|
|
|
51
66
|
3.126.1 (2022-02-14)
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.131.1
|
|
@@ -3,25 +3,20 @@
|
|
|
3
3
|
require 'set'
|
|
4
4
|
|
|
5
5
|
module Aws
|
|
6
|
-
|
|
7
|
-
#
|
|
8
|
-
# a role via {Aws::STS::Client#assume_role}.
|
|
6
|
+
# An auto-refreshing credential provider that assumes a role via
|
|
7
|
+
# {Aws::STS::Client#assume_role}.
|
|
9
8
|
#
|
|
10
9
|
# role_credentials = Aws::AssumeRoleCredentials.new(
|
|
11
10
|
# client: Aws::STS::Client.new(...),
|
|
12
11
|
# role_arn: "linked::account::arn",
|
|
13
12
|
# role_session_name: "session-name"
|
|
14
13
|
# )
|
|
15
|
-
#
|
|
16
14
|
# ec2 = Aws::EC2::Client.new(credentials: role_credentials)
|
|
17
15
|
#
|
|
18
|
-
# If you omit `:client` option, a new {STS::Client} object will be
|
|
19
|
-
# constructed.
|
|
16
|
+
# If you omit `:client` option, a new {Aws::STS::Client} object will be
|
|
17
|
+
# constructed with additional options that were provided.
|
|
20
18
|
#
|
|
21
|
-
#
|
|
22
|
-
# that can be used to help manage refreshing tokens.
|
|
23
|
-
# `before_refresh` is called when AWS credentials are required and need
|
|
24
|
-
# to be refreshed and it is called with the AssumeRoleCredentials object.
|
|
19
|
+
# @see Aws::STS::Client#assume_role
|
|
25
20
|
class AssumeRoleCredentials
|
|
26
21
|
|
|
27
22
|
include CredentialProvider
|
|
@@ -49,7 +44,7 @@ module Aws
|
|
|
49
44
|
options.each_pair do |key, value|
|
|
50
45
|
if self.class.assume_role_options.include?(key)
|
|
51
46
|
@assume_role_params[key] = value
|
|
52
|
-
|
|
47
|
+
elsif !CLIENT_EXCLUDE_OPTIONS.include?(key)
|
|
53
48
|
client_opts[key] = value
|
|
54
49
|
end
|
|
55
50
|
end
|
|
@@ -5,9 +5,8 @@ require 'securerandom'
|
|
|
5
5
|
require 'base64'
|
|
6
6
|
|
|
7
7
|
module Aws
|
|
8
|
-
|
|
9
|
-
#
|
|
10
|
-
# a role via {Aws::STS::Client#assume_role_with_web_identity}.
|
|
8
|
+
# An auto-refreshing credential provider that assumes a role via
|
|
9
|
+
# {Aws::STS::Client#assume_role_with_web_identity}.
|
|
11
10
|
#
|
|
12
11
|
# role_credentials = Aws::AssumeRoleWebIdentityCredentials.new(
|
|
13
12
|
# client: Aws::STS::Client.new(...),
|
|
@@ -16,12 +15,12 @@ module Aws
|
|
|
16
15
|
# role_session_name: "session-name"
|
|
17
16
|
# ...
|
|
18
17
|
# )
|
|
19
|
-
#
|
|
20
|
-
# @see Aws::STS::Client#assume_role_with_web_identity
|
|
18
|
+
# ec2 = Aws::EC2::Client.new(credentials: role_credentials)
|
|
21
19
|
#
|
|
20
|
+
# If you omit `:client` option, a new {Aws::STS::Client} object will be
|
|
21
|
+
# constructed with additional options that were provided.
|
|
22
22
|
#
|
|
23
|
-
#
|
|
24
|
-
# constructed.
|
|
23
|
+
# @see Aws::STS::Client#assume_role_with_web_identity
|
|
25
24
|
class AssumeRoleWebIdentityCredentials
|
|
26
25
|
|
|
27
26
|
include CredentialProvider
|
|
@@ -52,7 +51,7 @@ module Aws
|
|
|
52
51
|
options.each_pair do |key, value|
|
|
53
52
|
if self.class.assume_role_web_identity_options.include?(key)
|
|
54
53
|
@assume_role_web_identity_params[key] = value
|
|
55
|
-
|
|
54
|
+
elsif !CLIENT_EXCLUDE_OPTIONS.include?(key)
|
|
56
55
|
client_opts[key] = value
|
|
57
56
|
end
|
|
58
57
|
end
|
|
@@ -100,11 +99,10 @@ module Aws
|
|
|
100
99
|
# @api private
|
|
101
100
|
def assume_role_web_identity_options
|
|
102
101
|
@arwio ||= begin
|
|
103
|
-
input = STS::Client.api.operation(:assume_role_with_web_identity).input
|
|
102
|
+
input = Aws::STS::Client.api.operation(:assume_role_with_web_identity).input
|
|
104
103
|
Set.new(input.shape.member_names)
|
|
105
104
|
end
|
|
106
105
|
end
|
|
107
|
-
|
|
108
106
|
end
|
|
109
107
|
end
|
|
110
108
|
end
|
|
@@ -4,6 +4,11 @@ require 'time'
|
|
|
4
4
|
require 'net/http'
|
|
5
5
|
|
|
6
6
|
module Aws
|
|
7
|
+
# An auto-refreshing credential provider that loads credentials from
|
|
8
|
+
# instances running in ECS.
|
|
9
|
+
#
|
|
10
|
+
# ecs_credentials = Aws::ECSCredentials.new(retries: 3)
|
|
11
|
+
# ec2 = Aws::EC2::Client.new(credentials: ecs_credentials)
|
|
7
12
|
class ECSCredentials
|
|
8
13
|
|
|
9
14
|
include CredentialProvider
|
|
@@ -4,6 +4,11 @@ require 'time'
|
|
|
4
4
|
require 'net/http'
|
|
5
5
|
|
|
6
6
|
module Aws
|
|
7
|
+
# An auto-refreshing credential provider that loads credentials from
|
|
8
|
+
# EC2 instances.
|
|
9
|
+
#
|
|
10
|
+
# instance_credentials = Aws::InstanceProfileCredentials.new
|
|
11
|
+
# ec2 = Aws::EC2::Client.new(credentials: instance_credentials)
|
|
7
12
|
class InstanceProfileCredentials
|
|
8
13
|
include CredentialProvider
|
|
9
14
|
include RefreshingCredentials
|
|
@@ -1,19 +1,16 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module Aws
|
|
4
|
-
|
|
5
4
|
# A credential provider that executes a given process and attempts
|
|
6
|
-
# to read its stdout to recieve a JSON payload containing the credentials
|
|
7
|
-
#
|
|
8
|
-
# Automatically handles refreshing credentials if an Expiration time is
|
|
9
|
-
# provided in the credentials payload
|
|
10
|
-
#
|
|
11
|
-
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc').credentials
|
|
5
|
+
# to read its stdout to recieve a JSON payload containing the credentials.
|
|
12
6
|
#
|
|
7
|
+
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc')
|
|
13
8
|
# ec2 = Aws::EC2::Client.new(credentials: credentials)
|
|
14
9
|
#
|
|
15
|
-
#
|
|
16
|
-
#
|
|
10
|
+
# Automatically handles refreshing credentials if an Expiration time is
|
|
11
|
+
# provided in the credentials payload.
|
|
12
|
+
#
|
|
13
|
+
# @see https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes
|
|
17
14
|
class ProcessCredentials
|
|
18
15
|
|
|
19
16
|
include CredentialProvider
|
|
@@ -20,6 +20,8 @@ module Aws
|
|
|
20
20
|
SYNC_EXPIRATION_LENGTH = 300 # 5 minutes
|
|
21
21
|
ASYNC_EXPIRATION_LENGTH = 600 # 10 minutes
|
|
22
22
|
|
|
23
|
+
CLIENT_EXCLUDE_OPTIONS = Set.new([:before_refresh]).freeze
|
|
24
|
+
|
|
23
25
|
def initialize(options = {})
|
|
24
26
|
@mutex = Mutex.new
|
|
25
27
|
@before_refresh = options.delete(:before_refresh) if Hash === options
|
|
@@ -1,17 +1,12 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module Aws
|
|
4
|
-
# An auto-refreshing credential provider that
|
|
5
|
-
#
|
|
6
|
-
# token.
|
|
4
|
+
# An auto-refreshing credential provider that assumes a role via
|
|
5
|
+
# {Aws::SSO::Client#get_role_credentials} using a cached access
|
|
6
|
+
# token. This class does NOT implement the SSO login token flow - tokens
|
|
7
7
|
# must generated and refreshed separately by running `aws login` from the
|
|
8
8
|
# AWS CLI with the correct profile.
|
|
9
9
|
#
|
|
10
|
-
# For more background on AWS SSO see the official
|
|
11
|
-
# {https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html what is SSO Userguide}
|
|
12
|
-
#
|
|
13
|
-
# ## Refreshing Credentials from SSO
|
|
14
|
-
#
|
|
15
10
|
# The `SSOCredentials` will auto-refresh the AWS credentials from SSO. In
|
|
16
11
|
# addition to AWS credentials expiring after a given amount of time, the
|
|
17
12
|
# access token generated and cached from `aws login` will also expire.
|
|
@@ -20,7 +15,6 @@ module Aws
|
|
|
20
15
|
# the token value, but this can be done by running `aws login` with the
|
|
21
16
|
# correct profile.
|
|
22
17
|
#
|
|
23
|
-
#
|
|
24
18
|
# # You must first run aws sso login --profile your-sso-profile
|
|
25
19
|
# sso_credentials = Aws::SSOCredentials.new(
|
|
26
20
|
# sso_account_id: '123456789',
|
|
@@ -28,11 +22,13 @@ module Aws
|
|
|
28
22
|
# sso_region: "us-east-1",
|
|
29
23
|
# sso_start_url: 'https://your-start-url.awsapps.com/start'
|
|
30
24
|
# )
|
|
31
|
-
#
|
|
32
25
|
# ec2 = Aws::EC2::Client.new(credentials: sso_credentials)
|
|
33
26
|
#
|
|
34
|
-
# If you omit `:client` option, a new {SSO::Client} object will be
|
|
35
|
-
# constructed.
|
|
27
|
+
# If you omit `:client` option, a new {Aws::SSO::Client} object will be
|
|
28
|
+
# constructed with additional options that were provided.
|
|
29
|
+
#
|
|
30
|
+
# @see Aws::SSO::Client#get_role_credentials
|
|
31
|
+
# @see https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
|
|
36
32
|
class SSOCredentials
|
|
37
33
|
|
|
38
34
|
include CredentialProvider
|
|
@@ -83,9 +79,13 @@ module Aws
|
|
|
83
79
|
# validate we can read the token file
|
|
84
80
|
read_cached_token
|
|
85
81
|
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
82
|
+
|
|
83
|
+
client_opts = {}
|
|
84
|
+
options.each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) }
|
|
85
|
+
client_opts[:region] = @sso_region
|
|
86
|
+
client_opts[:credentials] = nil
|
|
87
|
+
|
|
88
|
+
@client = options[:client] || Aws::SSO::Client.new(client_opts)
|
|
89
89
|
@async_refresh = true
|
|
90
90
|
super
|
|
91
91
|
end
|
data/lib/aws-sdk-sso/client.rb
CHANGED
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
|
@@ -2145,6 +2145,14 @@ module Aws::STS
|
|
|
2145
2145
|
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
|
2146
2146
|
# operations][2] in the *IAM User Guide*.
|
|
2147
2147
|
#
|
|
2148
|
+
# <note markdown="1"> No permissions are required for users to perform this operation. The
|
|
2149
|
+
# purpose of the `sts:GetSessionToken` operation is to authenticate the
|
|
2150
|
+
# user using MFA. You cannot use policies to control authentication
|
|
2151
|
+
# operations. For more information, see [Permissions for
|
|
2152
|
+
# GetSessionToken][3] in the *IAM User Guide*.
|
|
2153
|
+
#
|
|
2154
|
+
# </note>
|
|
2155
|
+
#
|
|
2148
2156
|
# **Session Duration**
|
|
2149
2157
|
#
|
|
2150
2158
|
# The `GetSessionToken` operation must be called by using the long-term
|
|
@@ -2170,7 +2178,7 @@ module Aws::STS
|
|
|
2170
2178
|
#
|
|
2171
2179
|
# <note markdown="1"> We recommend that you do not call `GetSessionToken` with Amazon Web
|
|
2172
2180
|
# Services account root user credentials. Instead, follow our [best
|
|
2173
|
-
# practices][
|
|
2181
|
+
# practices][4] by creating one or more IAM users, giving them the
|
|
2174
2182
|
# necessary permissions, and using IAM users for everyday interaction
|
|
2175
2183
|
# with Amazon Web Services.
|
|
2176
2184
|
#
|
|
@@ -2186,14 +2194,15 @@ module Aws::STS
|
|
|
2186
2194
|
#
|
|
2187
2195
|
# For more information about using `GetSessionToken` to create temporary
|
|
2188
2196
|
# credentials, go to [Temporary Credentials for Users in Untrusted
|
|
2189
|
-
# Environments][
|
|
2197
|
+
# Environments][5] in the *IAM User Guide*.
|
|
2190
2198
|
#
|
|
2191
2199
|
#
|
|
2192
2200
|
#
|
|
2193
2201
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
|
2194
2202
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
|
2195
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
2196
|
-
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
2203
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html
|
|
2204
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users
|
|
2205
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken
|
|
2197
2206
|
#
|
|
2198
2207
|
# @option params [Integer] :duration_seconds
|
|
2199
2208
|
# The duration, in seconds, that the credentials should remain valid.
|
|
@@ -2290,7 +2299,7 @@ module Aws::STS
|
|
|
2290
2299
|
params: params,
|
|
2291
2300
|
config: config)
|
|
2292
2301
|
context[:gem_name] = 'aws-sdk-core'
|
|
2293
|
-
context[:gem_version] = '3.
|
|
2302
|
+
context[:gem_version] = '3.131.1'
|
|
2294
2303
|
Seahorse::Client::Request.new(handlers, context)
|
|
2295
2304
|
end
|
|
2296
2305
|
|
data/lib/aws-sdk-sts.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.131.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-05-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jmespath
|
|
@@ -16,14 +16,20 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '1
|
|
19
|
+
version: '1'
|
|
20
|
+
- - ">="
|
|
21
|
+
- !ruby/object:Gem::Version
|
|
22
|
+
version: 1.6.1
|
|
20
23
|
type: :runtime
|
|
21
24
|
prerelease: false
|
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
26
|
requirements:
|
|
24
27
|
- - "~>"
|
|
25
28
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '1
|
|
29
|
+
version: '1'
|
|
30
|
+
- - ">="
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: 1.6.1
|
|
27
33
|
- !ruby/object:Gem::Dependency
|
|
28
34
|
name: aws-partitions
|
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|