aws-sdk-core 3.131.1 → 3.148.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +116 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/errors.rb +13 -0
- data/lib/aws-sdk-core/pageable_response.rb +7 -0
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +14 -3
- data/lib/aws-sdk-core/plugins/signature_v4.rb +12 -7
- data/lib/aws-sdk-core/refreshing_token.rb +71 -0
- data/lib/aws-sdk-core/rest/handler.rb +1 -1
- data/lib/aws-sdk-core/shared_config.rb +43 -0
- data/lib/aws-sdk-core/sso_token_provider.rb +134 -0
- data/lib/aws-sdk-core/static_token_provider.rb +14 -0
- data/lib/aws-sdk-core/structure.rb +6 -4
- data/lib/aws-sdk-core/token.rb +31 -0
- data/lib/aws-sdk-core/token_provider.rb +15 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
- data/lib/aws-sdk-core/xml/error_handler.rb +7 -0
- data/lib/aws-sdk-core.rb +10 -0
- data/lib/aws-sdk-sso/client.rb +32 -9
- data/lib/aws-sdk-sso/types.rb +8 -8
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-ssooidc/client.rb +574 -0
- data/lib/aws-sdk-ssooidc/client_api.rb +216 -0
- data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
- data/lib/aws-sdk-ssooidc/errors.rb +290 -0
- data/lib/aws-sdk-ssooidc/resource.rb +26 -0
- data/lib/aws-sdk-ssooidc/types.rb +498 -0
- data/lib/aws-sdk-ssooidc.rb +55 -0
- data/lib/aws-sdk-sts/client.rb +1 -1
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +16 -2
@@ -0,0 +1,31 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
class Token
|
5
|
+
|
6
|
+
# @param [String] token
|
7
|
+
# @param [Time] expiration
|
8
|
+
def initialize(token, expiration=nil)
|
9
|
+
@token = token
|
10
|
+
@expiration = expiration
|
11
|
+
end
|
12
|
+
|
13
|
+
# @return [String, nil]
|
14
|
+
attr_reader :token
|
15
|
+
|
16
|
+
# @return [Time, nil]
|
17
|
+
attr_reader :expiration
|
18
|
+
|
19
|
+
# @return [Boolean] Returns `true` if token is set
|
20
|
+
def set?
|
21
|
+
!token.nil? && !token.empty?
|
22
|
+
end
|
23
|
+
|
24
|
+
# Removing the token from the default inspect string.
|
25
|
+
# @api private
|
26
|
+
def inspect
|
27
|
+
"#<#{self.class.name} token=[FILTERED]> expiration=#{expiration}>"
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
# @api private
|
5
|
+
class TokenProviderChain
|
6
|
+
def initialize(config = nil)
|
7
|
+
@config = config
|
8
|
+
end
|
9
|
+
|
10
|
+
# @return [TokenProvider, nil]
|
11
|
+
def resolve
|
12
|
+
providers.each do |method_name, options|
|
13
|
+
provider = send(method_name, options.merge(config: @config))
|
14
|
+
return provider if provider && provider.set?
|
15
|
+
end
|
16
|
+
nil
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
|
21
|
+
def providers
|
22
|
+
[
|
23
|
+
[:static_profile_sso_token, {}],
|
24
|
+
[:sso_token, {}]
|
25
|
+
]
|
26
|
+
end
|
27
|
+
|
28
|
+
def static_profile_sso_token(options)
|
29
|
+
if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
|
30
|
+
Aws.shared_config.sso_token_from_config(
|
31
|
+
profile: options[:config].profile
|
32
|
+
)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
|
37
|
+
def sso_token(options)
|
38
|
+
profile_name = determine_profile_name(options)
|
39
|
+
if Aws.shared_config.config_enabled?
|
40
|
+
Aws.shared_config.sso_token_from_config(profile: profile_name)
|
41
|
+
end
|
42
|
+
rescue Errors::NoSuchProfileError
|
43
|
+
nil
|
44
|
+
end
|
45
|
+
|
46
|
+
def determine_profile_name(options)
|
47
|
+
(options[:config] && options[:config].profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default'
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
end
|
@@ -24,6 +24,7 @@ module Aws
|
|
24
24
|
else
|
25
25
|
code, message, data = extract_error(body, context)
|
26
26
|
end
|
27
|
+
context[:request_id] = request_id(body)
|
27
28
|
errors_module = context.client.class.errors_module
|
28
29
|
error_class = errors_module.error_class(code).new(context, message, data)
|
29
30
|
error_class
|
@@ -94,6 +95,12 @@ module Aws
|
|
94
95
|
end
|
95
96
|
end
|
96
97
|
|
98
|
+
def request_id(body)
|
99
|
+
if matches = body.match(/<RequestId>(.+?)<\/RequestId>/m)
|
100
|
+
matches[1]
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
97
104
|
def unescape(str)
|
98
105
|
CGI.unescapeHTML(str)
|
99
106
|
end
|
data/lib/aws-sdk-core.rb
CHANGED
@@ -20,6 +20,15 @@ require_relative 'aws-sdk-core/shared_credentials'
|
|
20
20
|
require_relative 'aws-sdk-core/process_credentials'
|
21
21
|
require_relative 'aws-sdk-core/sso_credentials'
|
22
22
|
|
23
|
+
# tokens and token providers
|
24
|
+
require_relative 'aws-sdk-core/token'
|
25
|
+
require_relative 'aws-sdk-core/token_provider'
|
26
|
+
require_relative 'aws-sdk-core/static_token_provider'
|
27
|
+
require_relative 'aws-sdk-core/refreshing_token'
|
28
|
+
require_relative 'aws-sdk-core/sso_token_provider'
|
29
|
+
require_relative 'aws-sdk-core/token_provider_chain'
|
30
|
+
require_relative 'aws-sdk-core/plugins/bearer_authorization'
|
31
|
+
|
23
32
|
# client modules
|
24
33
|
|
25
34
|
require_relative 'aws-sdk-core/client_stubs'
|
@@ -99,6 +108,7 @@ require_relative 'aws-sdk-sts'
|
|
99
108
|
|
100
109
|
# aws-sdk-sso is included to support Aws::SSOCredentials
|
101
110
|
require_relative 'aws-sdk-sso'
|
111
|
+
require_relative 'aws-sdk-ssooidc'
|
102
112
|
|
103
113
|
module Aws
|
104
114
|
|
data/lib/aws-sdk-sso/client.rb
CHANGED
@@ -362,7 +362,8 @@ module Aws::SSO
|
|
362
362
|
#
|
363
363
|
# @option params [required, String] :access_token
|
364
364
|
# The token issued by the `CreateToken` API call. For more information,
|
365
|
-
# see [CreateToken][1] in the *
|
365
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
366
|
+
# Guide*.
|
366
367
|
#
|
367
368
|
#
|
368
369
|
#
|
@@ -407,7 +408,8 @@ module Aws::SSO
|
|
407
408
|
#
|
408
409
|
# @option params [required, String] :access_token
|
409
410
|
# The token issued by the `CreateToken` API call. For more information,
|
410
|
-
# see [CreateToken][1] in the *
|
411
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
412
|
+
# Guide*.
|
411
413
|
#
|
412
414
|
#
|
413
415
|
#
|
@@ -450,8 +452,8 @@ module Aws::SSO
|
|
450
452
|
|
451
453
|
# Lists all AWS accounts assigned to the user. These AWS accounts are
|
452
454
|
# assigned by the administrator of the account. For more information,
|
453
|
-
# see [Assign User Access][1] in the *
|
454
|
-
# operation returns a paginated response.
|
455
|
+
# see [Assign User Access][1] in the *IAM Identity Center User Guide*.
|
456
|
+
# This operation returns a paginated response.
|
455
457
|
#
|
456
458
|
#
|
457
459
|
#
|
@@ -466,7 +468,8 @@ module Aws::SSO
|
|
466
468
|
#
|
467
469
|
# @option params [required, String] :access_token
|
468
470
|
# The token issued by the `CreateToken` API call. For more information,
|
469
|
-
# see [CreateToken][1] in the *
|
471
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
472
|
+
# Guide*.
|
470
473
|
#
|
471
474
|
#
|
472
475
|
#
|
@@ -504,12 +507,32 @@ module Aws::SSO
|
|
504
507
|
req.send_request(options)
|
505
508
|
end
|
506
509
|
|
507
|
-
# Removes the
|
508
|
-
# the
|
510
|
+
# Removes the locally stored SSO tokens from the client-side cache and
|
511
|
+
# sends an API call to the IAM Identity Center service to invalidate the
|
512
|
+
# corresponding server-side IAM Identity Center sign in session.
|
513
|
+
#
|
514
|
+
# <note markdown="1"> If a user uses IAM Identity Center to access the AWS CLI, the user’s
|
515
|
+
# IAM Identity Center sign in session is used to obtain an IAM session,
|
516
|
+
# as specified in the corresponding IAM Identity Center permission set.
|
517
|
+
# More specifically, IAM Identity Center assumes an IAM role in the
|
518
|
+
# target account on behalf of the user, and the corresponding temporary
|
519
|
+
# AWS credentials are returned to the client.
|
520
|
+
#
|
521
|
+
# After user logout, any existing IAM role sessions that were created by
|
522
|
+
# using IAM Identity Center permission sets continue based on the
|
523
|
+
# duration configured in the permission set. For more information, see
|
524
|
+
# [User authentications][1] in the *IAM Identity Center User Guide*.
|
525
|
+
#
|
526
|
+
# </note>
|
527
|
+
#
|
528
|
+
#
|
529
|
+
#
|
530
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html
|
509
531
|
#
|
510
532
|
# @option params [required, String] :access_token
|
511
533
|
# The token issued by the `CreateToken` API call. For more information,
|
512
|
-
# see [CreateToken][1] in the *
|
534
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
535
|
+
# Guide*.
|
513
536
|
#
|
514
537
|
#
|
515
538
|
#
|
@@ -545,7 +568,7 @@ module Aws::SSO
|
|
545
568
|
params: params,
|
546
569
|
config: config)
|
547
570
|
context[:gem_name] = 'aws-sdk-core'
|
548
|
-
context[:gem_version] = '3.
|
571
|
+
context[:gem_version] = '3.148.0'
|
549
572
|
Seahorse::Client::Request.new(handlers, context)
|
550
573
|
end
|
551
574
|
|
data/lib/aws-sdk-sso/types.rb
CHANGED
@@ -53,8 +53,8 @@ module Aws::SSO
|
|
53
53
|
#
|
54
54
|
# @!attribute [rw] access_token
|
55
55
|
# The token issued by the `CreateToken` API call. For more
|
56
|
-
# information, see [CreateToken][1] in the *
|
57
|
-
# Guide*.
|
56
|
+
# information, see [CreateToken][1] in the *IAM Identity Center OIDC
|
57
|
+
# API Reference Guide*.
|
58
58
|
#
|
59
59
|
#
|
60
60
|
#
|
@@ -118,8 +118,8 @@ module Aws::SSO
|
|
118
118
|
#
|
119
119
|
# @!attribute [rw] access_token
|
120
120
|
# The token issued by the `CreateToken` API call. For more
|
121
|
-
# information, see [CreateToken][1] in the *
|
122
|
-
# Guide*.
|
121
|
+
# information, see [CreateToken][1] in the *IAM Identity Center OIDC
|
122
|
+
# API Reference Guide*.
|
123
123
|
#
|
124
124
|
#
|
125
125
|
#
|
@@ -179,8 +179,8 @@ module Aws::SSO
|
|
179
179
|
#
|
180
180
|
# @!attribute [rw] access_token
|
181
181
|
# The token issued by the `CreateToken` API call. For more
|
182
|
-
# information, see [CreateToken][1] in the *
|
183
|
-
# Guide*.
|
182
|
+
# information, see [CreateToken][1] in the *IAM Identity Center OIDC
|
183
|
+
# API Reference Guide*.
|
184
184
|
#
|
185
185
|
#
|
186
186
|
#
|
@@ -224,8 +224,8 @@ module Aws::SSO
|
|
224
224
|
#
|
225
225
|
# @!attribute [rw] access_token
|
226
226
|
# The token issued by the `CreateToken` API call. For more
|
227
|
-
# information, see [CreateToken][1] in the *
|
228
|
-
# Guide*.
|
227
|
+
# information, see [CreateToken][1] in the *IAM Identity Center OIDC
|
228
|
+
# API Reference Guide*.
|
229
229
|
#
|
230
230
|
#
|
231
231
|
#
|