aws-sdk-core 3.131.1 → 3.148.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +116 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/errors.rb +13 -0
- data/lib/aws-sdk-core/pageable_response.rb +7 -0
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +14 -3
- data/lib/aws-sdk-core/plugins/signature_v4.rb +12 -7
- data/lib/aws-sdk-core/refreshing_token.rb +71 -0
- data/lib/aws-sdk-core/rest/handler.rb +1 -1
- data/lib/aws-sdk-core/shared_config.rb +43 -0
- data/lib/aws-sdk-core/sso_token_provider.rb +134 -0
- data/lib/aws-sdk-core/static_token_provider.rb +14 -0
- data/lib/aws-sdk-core/structure.rb +6 -4
- data/lib/aws-sdk-core/token.rb +31 -0
- data/lib/aws-sdk-core/token_provider.rb +15 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
- data/lib/aws-sdk-core/xml/error_handler.rb +7 -0
- data/lib/aws-sdk-core.rb +10 -0
- data/lib/aws-sdk-sso/client.rb +32 -9
- data/lib/aws-sdk-sso/types.rb +8 -8
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-ssooidc/client.rb +574 -0
- data/lib/aws-sdk-ssooidc/client_api.rb +216 -0
- data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
- data/lib/aws-sdk-ssooidc/errors.rb +290 -0
- data/lib/aws-sdk-ssooidc/resource.rb +26 -0
- data/lib/aws-sdk-ssooidc/types.rb +498 -0
- data/lib/aws-sdk-ssooidc.rb +55 -0
- data/lib/aws-sdk-sts/client.rb +1 -1
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +16 -2
@@ -0,0 +1,31 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
class Token
|
5
|
+
|
6
|
+
# @param [String] token
|
7
|
+
# @param [Time] expiration
|
8
|
+
def initialize(token, expiration=nil)
|
9
|
+
@token = token
|
10
|
+
@expiration = expiration
|
11
|
+
end
|
12
|
+
|
13
|
+
# @return [String, nil]
|
14
|
+
attr_reader :token
|
15
|
+
|
16
|
+
# @return [Time, nil]
|
17
|
+
attr_reader :expiration
|
18
|
+
|
19
|
+
# @return [Boolean] Returns `true` if token is set
|
20
|
+
def set?
|
21
|
+
!token.nil? && !token.empty?
|
22
|
+
end
|
23
|
+
|
24
|
+
# Removing the token from the default inspect string.
|
25
|
+
# @api private
|
26
|
+
def inspect
|
27
|
+
"#<#{self.class.name} token=[FILTERED]> expiration=#{expiration}>"
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
# @api private
|
5
|
+
class TokenProviderChain
|
6
|
+
def initialize(config = nil)
|
7
|
+
@config = config
|
8
|
+
end
|
9
|
+
|
10
|
+
# @return [TokenProvider, nil]
|
11
|
+
def resolve
|
12
|
+
providers.each do |method_name, options|
|
13
|
+
provider = send(method_name, options.merge(config: @config))
|
14
|
+
return provider if provider && provider.set?
|
15
|
+
end
|
16
|
+
nil
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
|
21
|
+
def providers
|
22
|
+
[
|
23
|
+
[:static_profile_sso_token, {}],
|
24
|
+
[:sso_token, {}]
|
25
|
+
]
|
26
|
+
end
|
27
|
+
|
28
|
+
def static_profile_sso_token(options)
|
29
|
+
if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
|
30
|
+
Aws.shared_config.sso_token_from_config(
|
31
|
+
profile: options[:config].profile
|
32
|
+
)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
|
37
|
+
def sso_token(options)
|
38
|
+
profile_name = determine_profile_name(options)
|
39
|
+
if Aws.shared_config.config_enabled?
|
40
|
+
Aws.shared_config.sso_token_from_config(profile: profile_name)
|
41
|
+
end
|
42
|
+
rescue Errors::NoSuchProfileError
|
43
|
+
nil
|
44
|
+
end
|
45
|
+
|
46
|
+
def determine_profile_name(options)
|
47
|
+
(options[:config] && options[:config].profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default'
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
end
|
@@ -24,6 +24,7 @@ module Aws
|
|
24
24
|
else
|
25
25
|
code, message, data = extract_error(body, context)
|
26
26
|
end
|
27
|
+
context[:request_id] = request_id(body)
|
27
28
|
errors_module = context.client.class.errors_module
|
28
29
|
error_class = errors_module.error_class(code).new(context, message, data)
|
29
30
|
error_class
|
@@ -94,6 +95,12 @@ module Aws
|
|
94
95
|
end
|
95
96
|
end
|
96
97
|
|
98
|
+
def request_id(body)
|
99
|
+
if matches = body.match(/<RequestId>(.+?)<\/RequestId>/m)
|
100
|
+
matches[1]
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
97
104
|
def unescape(str)
|
98
105
|
CGI.unescapeHTML(str)
|
99
106
|
end
|
data/lib/aws-sdk-core.rb
CHANGED
@@ -20,6 +20,15 @@ require_relative 'aws-sdk-core/shared_credentials'
|
|
20
20
|
require_relative 'aws-sdk-core/process_credentials'
|
21
21
|
require_relative 'aws-sdk-core/sso_credentials'
|
22
22
|
|
23
|
+
# tokens and token providers
|
24
|
+
require_relative 'aws-sdk-core/token'
|
25
|
+
require_relative 'aws-sdk-core/token_provider'
|
26
|
+
require_relative 'aws-sdk-core/static_token_provider'
|
27
|
+
require_relative 'aws-sdk-core/refreshing_token'
|
28
|
+
require_relative 'aws-sdk-core/sso_token_provider'
|
29
|
+
require_relative 'aws-sdk-core/token_provider_chain'
|
30
|
+
require_relative 'aws-sdk-core/plugins/bearer_authorization'
|
31
|
+
|
23
32
|
# client modules
|
24
33
|
|
25
34
|
require_relative 'aws-sdk-core/client_stubs'
|
@@ -99,6 +108,7 @@ require_relative 'aws-sdk-sts'
|
|
99
108
|
|
100
109
|
# aws-sdk-sso is included to support Aws::SSOCredentials
|
101
110
|
require_relative 'aws-sdk-sso'
|
111
|
+
require_relative 'aws-sdk-ssooidc'
|
102
112
|
|
103
113
|
module Aws
|
104
114
|
|
data/lib/aws-sdk-sso/client.rb
CHANGED
@@ -362,7 +362,8 @@ module Aws::SSO
|
|
362
362
|
#
|
363
363
|
# @option params [required, String] :access_token
|
364
364
|
# The token issued by the `CreateToken` API call. For more information,
|
365
|
-
# see [CreateToken][1] in the *
|
365
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
366
|
+
# Guide*.
|
366
367
|
#
|
367
368
|
#
|
368
369
|
#
|
@@ -407,7 +408,8 @@ module Aws::SSO
|
|
407
408
|
#
|
408
409
|
# @option params [required, String] :access_token
|
409
410
|
# The token issued by the `CreateToken` API call. For more information,
|
410
|
-
# see [CreateToken][1] in the *
|
411
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
412
|
+
# Guide*.
|
411
413
|
#
|
412
414
|
#
|
413
415
|
#
|
@@ -450,8 +452,8 @@ module Aws::SSO
|
|
450
452
|
|
451
453
|
# Lists all AWS accounts assigned to the user. These AWS accounts are
|
452
454
|
# assigned by the administrator of the account. For more information,
|
453
|
-
# see [Assign User Access][1] in the *
|
454
|
-
# operation returns a paginated response.
|
455
|
+
# see [Assign User Access][1] in the *IAM Identity Center User Guide*.
|
456
|
+
# This operation returns a paginated response.
|
455
457
|
#
|
456
458
|
#
|
457
459
|
#
|
@@ -466,7 +468,8 @@ module Aws::SSO
|
|
466
468
|
#
|
467
469
|
# @option params [required, String] :access_token
|
468
470
|
# The token issued by the `CreateToken` API call. For more information,
|
469
|
-
# see [CreateToken][1] in the *
|
471
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
472
|
+
# Guide*.
|
470
473
|
#
|
471
474
|
#
|
472
475
|
#
|
@@ -504,12 +507,32 @@ module Aws::SSO
|
|
504
507
|
req.send_request(options)
|
505
508
|
end
|
506
509
|
|
507
|
-
# Removes the
|
508
|
-
# the
|
510
|
+
# Removes the locally stored SSO tokens from the client-side cache and
|
511
|
+
# sends an API call to the IAM Identity Center service to invalidate the
|
512
|
+
# corresponding server-side IAM Identity Center sign in session.
|
513
|
+
#
|
514
|
+
# <note markdown="1"> If a user uses IAM Identity Center to access the AWS CLI, the user’s
|
515
|
+
# IAM Identity Center sign in session is used to obtain an IAM session,
|
516
|
+
# as specified in the corresponding IAM Identity Center permission set.
|
517
|
+
# More specifically, IAM Identity Center assumes an IAM role in the
|
518
|
+
# target account on behalf of the user, and the corresponding temporary
|
519
|
+
# AWS credentials are returned to the client.
|
520
|
+
#
|
521
|
+
# After user logout, any existing IAM role sessions that were created by
|
522
|
+
# using IAM Identity Center permission sets continue based on the
|
523
|
+
# duration configured in the permission set. For more information, see
|
524
|
+
# [User authentications][1] in the *IAM Identity Center User Guide*.
|
525
|
+
#
|
526
|
+
# </note>
|
527
|
+
#
|
528
|
+
#
|
529
|
+
#
|
530
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html
|
509
531
|
#
|
510
532
|
# @option params [required, String] :access_token
|
511
533
|
# The token issued by the `CreateToken` API call. For more information,
|
512
|
-
# see [CreateToken][1] in the *
|
534
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
535
|
+
# Guide*.
|
513
536
|
#
|
514
537
|
#
|
515
538
|
#
|
@@ -545,7 +568,7 @@ module Aws::SSO
|
|
545
568
|
params: params,
|
546
569
|
config: config)
|
547
570
|
context[:gem_name] = 'aws-sdk-core'
|
548
|
-
context[:gem_version] = '3.
|
571
|
+
context[:gem_version] = '3.148.0'
|
549
572
|
Seahorse::Client::Request.new(handlers, context)
|
550
573
|
end
|
551
574
|
|
data/lib/aws-sdk-sso/types.rb
CHANGED
@@ -53,8 +53,8 @@ module Aws::SSO
|
|
53
53
|
#
|
54
54
|
# @!attribute [rw] access_token
|
55
55
|
# The token issued by the `CreateToken` API call. For more
|
56
|
-
# information, see [CreateToken][1] in the *
|
57
|
-
# Guide*.
|
56
|
+
# information, see [CreateToken][1] in the *IAM Identity Center OIDC
|
57
|
+
# API Reference Guide*.
|
58
58
|
#
|
59
59
|
#
|
60
60
|
#
|
@@ -118,8 +118,8 @@ module Aws::SSO
|
|
118
118
|
#
|
119
119
|
# @!attribute [rw] access_token
|
120
120
|
# The token issued by the `CreateToken` API call. For more
|
121
|
-
# information, see [CreateToken][1] in the *
|
122
|
-
# Guide*.
|
121
|
+
# information, see [CreateToken][1] in the *IAM Identity Center OIDC
|
122
|
+
# API Reference Guide*.
|
123
123
|
#
|
124
124
|
#
|
125
125
|
#
|
@@ -179,8 +179,8 @@ module Aws::SSO
|
|
179
179
|
#
|
180
180
|
# @!attribute [rw] access_token
|
181
181
|
# The token issued by the `CreateToken` API call. For more
|
182
|
-
# information, see [CreateToken][1] in the *
|
183
|
-
# Guide*.
|
182
|
+
# information, see [CreateToken][1] in the *IAM Identity Center OIDC
|
183
|
+
# API Reference Guide*.
|
184
184
|
#
|
185
185
|
#
|
186
186
|
#
|
@@ -224,8 +224,8 @@ module Aws::SSO
|
|
224
224
|
#
|
225
225
|
# @!attribute [rw] access_token
|
226
226
|
# The token issued by the `CreateToken` API call. For more
|
227
|
-
# information, see [CreateToken][1] in the *
|
228
|
-
# Guide*.
|
227
|
+
# information, see [CreateToken][1] in the *IAM Identity Center OIDC
|
228
|
+
# API Reference Guide*.
|
229
229
|
#
|
230
230
|
#
|
231
231
|
#
|