aws-sdk-core 3.130.2 → 3.131.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/assume_role_credentials.rb +5 -10
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +6 -7
- data/lib/aws-sdk-core/ecs_credentials.rb +5 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +5 -0
- data/lib/aws-sdk-core/process_credentials.rb +6 -9
- data/lib/aws-sdk-core/sso_credentials.rb +8 -12
- data/lib/aws-sdk-sso/client.rb +1 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +14 -5
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 323807bf1dabe23c4f52cd7358e91b4a66ed831b45b75ca04d4bac31083e6fbe
|
4
|
+
data.tar.gz: 66ed5dc3c5757ed294d4752c0e00ce6c634fb1ec1b7d7b9bc1e9cf3f11738581
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9ff2bcc885f1ff44ea1ce94e5c8bfbb14f15c1e8bd3e558d84e05651c0aa7b7643f5bc10e183650a8f39f51c4cbd2277ab76e96a4b29859893cc7cb3d23285b3
|
7
|
+
data.tar.gz: 6416bdfffb8d6279459d6824bb09a34c881f32cc07e092a15fd38a4c0244a98317758cda6e527cb71dd311bce1996a87a99535a6df7b3e798e215c0394c9e174
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.131.0
|
@@ -3,25 +3,20 @@
|
|
3
3
|
require 'set'
|
4
4
|
|
5
5
|
module Aws
|
6
|
-
|
7
|
-
#
|
8
|
-
# a role via {Aws::STS::Client#assume_role}.
|
6
|
+
# An auto-refreshing credential provider that assumes a role via
|
7
|
+
# {Aws::STS::Client#assume_role}.
|
9
8
|
#
|
10
9
|
# role_credentials = Aws::AssumeRoleCredentials.new(
|
11
10
|
# client: Aws::STS::Client.new(...),
|
12
11
|
# role_arn: "linked::account::arn",
|
13
12
|
# role_session_name: "session-name"
|
14
13
|
# )
|
15
|
-
#
|
16
14
|
# ec2 = Aws::EC2::Client.new(credentials: role_credentials)
|
17
15
|
#
|
18
|
-
# If you omit `:client` option, a new {STS::Client} object will be
|
19
|
-
# constructed.
|
16
|
+
# If you omit `:client` option, a new {Aws::STS::Client} object will be
|
17
|
+
# constructed with additional options that were provided.
|
20
18
|
#
|
21
|
-
#
|
22
|
-
# that can be used to help manage refreshing tokens.
|
23
|
-
# `before_refresh` is called when AWS credentials are required and need
|
24
|
-
# to be refreshed and it is called with the AssumeRoleCredentials object.
|
19
|
+
# @see Aws::STS::Client#assume_role
|
25
20
|
class AssumeRoleCredentials
|
26
21
|
|
27
22
|
include CredentialProvider
|
@@ -5,9 +5,8 @@ require 'securerandom'
|
|
5
5
|
require 'base64'
|
6
6
|
|
7
7
|
module Aws
|
8
|
-
|
9
|
-
#
|
10
|
-
# a role via {Aws::STS::Client#assume_role_with_web_identity}.
|
8
|
+
# An auto-refreshing credential provider that assumes a role via
|
9
|
+
# {Aws::STS::Client#assume_role_with_web_identity}.
|
11
10
|
#
|
12
11
|
# role_credentials = Aws::AssumeRoleWebIdentityCredentials.new(
|
13
12
|
# client: Aws::STS::Client.new(...),
|
@@ -16,12 +15,12 @@ module Aws
|
|
16
15
|
# role_session_name: "session-name"
|
17
16
|
# ...
|
18
17
|
# )
|
19
|
-
#
|
20
|
-
# @see Aws::STS::Client#assume_role_with_web_identity
|
18
|
+
# ec2 = Aws::EC2::Client.new(credentials: role_credentials)
|
21
19
|
#
|
20
|
+
# If you omit `:client` option, a new {Aws::STS::Client} object will be
|
21
|
+
# constructed with additional options that were provided.
|
22
22
|
#
|
23
|
-
#
|
24
|
-
# constructed.
|
23
|
+
# @see Aws::STS::Client#assume_role_with_web_identity
|
25
24
|
class AssumeRoleWebIdentityCredentials
|
26
25
|
|
27
26
|
include CredentialProvider
|
@@ -4,6 +4,11 @@ require 'time'
|
|
4
4
|
require 'net/http'
|
5
5
|
|
6
6
|
module Aws
|
7
|
+
# An auto-refreshing credential provider that loads credentials from
|
8
|
+
# instances running in ECS.
|
9
|
+
#
|
10
|
+
# ecs_credentials = Aws::ECSCredentials.new(retries: 3)
|
11
|
+
# ec2 = Aws::EC2::Client.new(credentials: ecs_credentials)
|
7
12
|
class ECSCredentials
|
8
13
|
|
9
14
|
include CredentialProvider
|
@@ -4,6 +4,11 @@ require 'time'
|
|
4
4
|
require 'net/http'
|
5
5
|
|
6
6
|
module Aws
|
7
|
+
# An auto-refreshing credential provider that loads credentials from
|
8
|
+
# EC2 instances.
|
9
|
+
#
|
10
|
+
# instance_credentials = Aws::InstanceProfileCredentials.new
|
11
|
+
# ec2 = Aws::EC2::Client.new(credentials: instance_credentials)
|
7
12
|
class InstanceProfileCredentials
|
8
13
|
include CredentialProvider
|
9
14
|
include RefreshingCredentials
|
@@ -1,19 +1,16 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Aws
|
4
|
-
|
5
4
|
# A credential provider that executes a given process and attempts
|
6
|
-
# to read its stdout to recieve a JSON payload containing the credentials
|
7
|
-
#
|
8
|
-
# Automatically handles refreshing credentials if an Expiration time is
|
9
|
-
# provided in the credentials payload
|
10
|
-
#
|
11
|
-
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc').credentials
|
5
|
+
# to read its stdout to recieve a JSON payload containing the credentials.
|
12
6
|
#
|
7
|
+
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc')
|
13
8
|
# ec2 = Aws::EC2::Client.new(credentials: credentials)
|
14
9
|
#
|
15
|
-
#
|
16
|
-
#
|
10
|
+
# Automatically handles refreshing credentials if an Expiration time is
|
11
|
+
# provided in the credentials payload.
|
12
|
+
#
|
13
|
+
# @see https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes
|
17
14
|
class ProcessCredentials
|
18
15
|
|
19
16
|
include CredentialProvider
|
@@ -1,17 +1,12 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Aws
|
4
|
-
# An auto-refreshing credential provider that
|
5
|
-
#
|
6
|
-
# token.
|
4
|
+
# An auto-refreshing credential provider that assumes a role via
|
5
|
+
# {Aws::SSO::Client#get_role_credentials} using a cached access
|
6
|
+
# token. This class does NOT implement the SSO login token flow - tokens
|
7
7
|
# must generated and refreshed separately by running `aws login` from the
|
8
8
|
# AWS CLI with the correct profile.
|
9
9
|
#
|
10
|
-
# For more background on AWS SSO see the official
|
11
|
-
# {https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html what is SSO Userguide}
|
12
|
-
#
|
13
|
-
# ## Refreshing Credentials from SSO
|
14
|
-
#
|
15
10
|
# The `SSOCredentials` will auto-refresh the AWS credentials from SSO. In
|
16
11
|
# addition to AWS credentials expiring after a given amount of time, the
|
17
12
|
# access token generated and cached from `aws login` will also expire.
|
@@ -20,7 +15,6 @@ module Aws
|
|
20
15
|
# the token value, but this can be done by running `aws login` with the
|
21
16
|
# correct profile.
|
22
17
|
#
|
23
|
-
#
|
24
18
|
# # You must first run aws sso login --profile your-sso-profile
|
25
19
|
# sso_credentials = Aws::SSOCredentials.new(
|
26
20
|
# sso_account_id: '123456789',
|
@@ -28,11 +22,13 @@ module Aws
|
|
28
22
|
# sso_region: "us-east-1",
|
29
23
|
# sso_start_url: 'https://your-start-url.awsapps.com/start'
|
30
24
|
# )
|
31
|
-
#
|
32
25
|
# ec2 = Aws::EC2::Client.new(credentials: sso_credentials)
|
33
26
|
#
|
34
|
-
# If you omit `:client` option, a new {SSO::Client} object will be
|
35
|
-
# constructed.
|
27
|
+
# If you omit `:client` option, a new {Aws::SSO::Client} object will be
|
28
|
+
# constructed with additional options that were provided.
|
29
|
+
#
|
30
|
+
# @see Aws::SSO::Client#get_role_credentials
|
31
|
+
# @see https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
|
36
32
|
class SSOCredentials
|
37
33
|
|
38
34
|
include CredentialProvider
|
data/lib/aws-sdk-sso/client.rb
CHANGED
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -2145,6 +2145,14 @@ module Aws::STS
|
|
2145
2145
|
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
2146
2146
|
# operations][2] in the *IAM User Guide*.
|
2147
2147
|
#
|
2148
|
+
# <note markdown="1"> No permissions are required for users to perform this operation. The
|
2149
|
+
# purpose of the `sts:GetSessionToken` operation is to authenticate the
|
2150
|
+
# user using MFA. You cannot use policies to control authentication
|
2151
|
+
# operations. For more information, see [Permissions for
|
2152
|
+
# GetSessionToken][3] in the *IAM User Guide*.
|
2153
|
+
#
|
2154
|
+
# </note>
|
2155
|
+
#
|
2148
2156
|
# **Session Duration**
|
2149
2157
|
#
|
2150
2158
|
# The `GetSessionToken` operation must be called by using the long-term
|
@@ -2170,7 +2178,7 @@ module Aws::STS
|
|
2170
2178
|
#
|
2171
2179
|
# <note markdown="1"> We recommend that you do not call `GetSessionToken` with Amazon Web
|
2172
2180
|
# Services account root user credentials. Instead, follow our [best
|
2173
|
-
# practices][
|
2181
|
+
# practices][4] by creating one or more IAM users, giving them the
|
2174
2182
|
# necessary permissions, and using IAM users for everyday interaction
|
2175
2183
|
# with Amazon Web Services.
|
2176
2184
|
#
|
@@ -2186,14 +2194,15 @@ module Aws::STS
|
|
2186
2194
|
#
|
2187
2195
|
# For more information about using `GetSessionToken` to create temporary
|
2188
2196
|
# credentials, go to [Temporary Credentials for Users in Untrusted
|
2189
|
-
# Environments][
|
2197
|
+
# Environments][5] in the *IAM User Guide*.
|
2190
2198
|
#
|
2191
2199
|
#
|
2192
2200
|
#
|
2193
2201
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
2194
2202
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
2195
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
2196
|
-
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
2203
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html
|
2204
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users
|
2205
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken
|
2197
2206
|
#
|
2198
2207
|
# @option params [Integer] :duration_seconds
|
2199
2208
|
# The duration, in seconds, that the credentials should remain valid.
|
@@ -2290,7 +2299,7 @@ module Aws::STS
|
|
2290
2299
|
params: params,
|
2291
2300
|
config: config)
|
2292
2301
|
context[:gem_name] = 'aws-sdk-core'
|
2293
|
-
context[:gem_version] = '3.
|
2302
|
+
context[:gem_version] = '3.131.0'
|
2294
2303
|
Seahorse::Client::Request.new(handlers, context)
|
2295
2304
|
end
|
2296
2305
|
|
data/lib/aws-sdk-sts.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.131.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-05-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jmespath
|