aws-sdk-core 3.131.1 → 3.168.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +244 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/arn.rb +13 -0
- data/lib/aws-sdk-core/binary/encode_handler.rb +12 -1
- data/lib/aws-sdk-core/endpoints/condition.rb +36 -0
- data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
- data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +71 -0
- data/lib/aws-sdk-core/endpoints/error_rule.rb +37 -0
- data/lib/aws-sdk-core/endpoints/function.rb +75 -0
- data/lib/aws-sdk-core/endpoints/matchers.rb +127 -0
- data/lib/aws-sdk-core/endpoints/reference.rb +26 -0
- data/lib/aws-sdk-core/endpoints/rule.rb +20 -0
- data/lib/aws-sdk-core/endpoints/rule_set.rb +47 -0
- data/lib/aws-sdk-core/endpoints/rules_provider.rb +32 -0
- data/lib/aws-sdk-core/endpoints/templater.rb +52 -0
- data/lib/aws-sdk-core/endpoints/tree_rule.rb +40 -0
- data/lib/aws-sdk-core/endpoints/url.rb +59 -0
- data/lib/aws-sdk-core/endpoints.rb +74 -0
- data/lib/aws-sdk-core/errors.rb +13 -0
- data/lib/aws-sdk-core/json/error_handler.rb +10 -1
- data/lib/aws-sdk-core/pageable_response.rb +7 -0
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +24 -0
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +6 -2
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +14 -3
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +5 -0
- data/lib/aws-sdk-core/plugins/sign.rb +190 -0
- data/lib/aws-sdk-core/plugins/signature_v2.rb +1 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +13 -7
- data/lib/aws-sdk-core/refreshing_token.rb +71 -0
- data/lib/aws-sdk-core/rest/handler.rb +1 -1
- data/lib/aws-sdk-core/rest/request/headers.rb +2 -6
- data/lib/aws-sdk-core/shared_config.rb +76 -5
- data/lib/aws-sdk-core/sso_credentials.rb +79 -44
- data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
- data/lib/aws-sdk-core/static_token_provider.rb +14 -0
- data/lib/aws-sdk-core/structure.rb +6 -4
- data/lib/aws-sdk-core/token.rb +31 -0
- data/lib/aws-sdk-core/token_provider.rb +15 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
- data/lib/aws-sdk-core/xml/error_handler.rb +7 -0
- data/lib/aws-sdk-core.rb +14 -0
- data/lib/aws-sdk-sso/client.rb +51 -11
- data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-sso/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-sso/endpoints.rb +71 -0
- data/lib/aws-sdk-sso/plugins/endpoints.rb +76 -0
- data/lib/aws-sdk-sso/types.rb +8 -8
- data/lib/aws-sdk-sso.rb +5 -1
- data/lib/aws-sdk-ssooidc/client.rb +606 -0
- data/lib/aws-sdk-ssooidc/client_api.rb +216 -0
- data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +111 -0
- data/lib/aws-sdk-ssooidc/endpoints.rb +57 -0
- data/lib/aws-sdk-ssooidc/errors.rb +290 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +74 -0
- data/lib/aws-sdk-ssooidc/resource.rb +26 -0
- data/lib/aws-sdk-ssooidc/types.rb +534 -0
- data/lib/aws-sdk-ssooidc.rb +59 -0
- data/lib/aws-sdk-sts/client.rb +141 -124
- data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
- data/lib/aws-sdk-sts/endpoint_provider.rb +229 -0
- data/lib/aws-sdk-sts/endpoints.rb +135 -0
- data/lib/aws-sdk-sts/plugins/endpoints.rb +84 -0
- data/lib/aws-sdk-sts/presigner.rb +13 -15
- data/lib/aws-sdk-sts/types.rb +79 -69
- data/lib/aws-sdk-sts.rb +5 -1
- data/lib/seahorse/client/async_base.rb +0 -1
- data/lib/seahorse/client/configuration.rb +2 -2
- data/lib/seahorse/client/h2/connection.rb +2 -5
- data/lib/seahorse/client/plugins/request_callback.rb +9 -9
- data/lib/seahorse/util.rb +4 -0
- metadata +47 -6
@@ -0,0 +1,135 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
class SSOTokenProvider
|
5
|
+
|
6
|
+
include TokenProvider
|
7
|
+
include RefreshingToken
|
8
|
+
|
9
|
+
# @api private
|
10
|
+
SSO_REQUIRED_OPTS = [:sso_region, :sso_session].freeze
|
11
|
+
|
12
|
+
# @api private
|
13
|
+
SSO_LOGIN_GUIDANCE = 'The SSO session associated with this profile has '\
|
14
|
+
'expired or is otherwise invalid. To refresh this SSO session run '\
|
15
|
+
'aws sso login with the corresponding profile.'.freeze
|
16
|
+
|
17
|
+
# @option options [required, String] :sso_region The AWS region where the
|
18
|
+
# SSO directory for the given sso_start_url is hosted.
|
19
|
+
#
|
20
|
+
# @option options [required, String] :sso_session The SSO Session used to
|
21
|
+
# for fetching this token.
|
22
|
+
#
|
23
|
+
# @option options [SSOOIDC::Client] :client Optional `SSOOIDC::Client`. If not
|
24
|
+
# provided, a client will be constructed.
|
25
|
+
#
|
26
|
+
# @option options [Callable] before_refresh Proc called before
|
27
|
+
# credentials are refreshed. `before_refresh` is called
|
28
|
+
# with an instance of this object when
|
29
|
+
# AWS credentials are required and need to be refreshed.
|
30
|
+
def initialize(options = {})
|
31
|
+
|
32
|
+
missing_keys = SSO_REQUIRED_OPTS.select { |k| options[k].nil? }
|
33
|
+
unless missing_keys.empty?
|
34
|
+
raise ArgumentError, "Missing required keys: #{missing_keys}"
|
35
|
+
end
|
36
|
+
|
37
|
+
@sso_session = options.delete(:sso_session)
|
38
|
+
@sso_region = options.delete(:sso_region)
|
39
|
+
|
40
|
+
options[:region] = @sso_region
|
41
|
+
options[:credentials] = nil
|
42
|
+
options[:token_provider] = nil
|
43
|
+
@client = options[:client] || Aws::SSOOIDC::Client.new(options)
|
44
|
+
|
45
|
+
super
|
46
|
+
end
|
47
|
+
|
48
|
+
# @return [SSOOIDC::Client]
|
49
|
+
attr_reader :client
|
50
|
+
|
51
|
+
private
|
52
|
+
|
53
|
+
def refresh
|
54
|
+
# token is valid and not in refresh window - do not refresh it.
|
55
|
+
return if @token && @token.expiration && !near_expiration?
|
56
|
+
|
57
|
+
# token may not exist or is out of the expiration window
|
58
|
+
# attempt to refresh from disk first (another process/application may have refreshed already)
|
59
|
+
token_json = read_cached_token
|
60
|
+
@token = Token.new(token_json['accessToken'], token_json['expiresAt'])
|
61
|
+
return if @token && @token.expiration && !near_expiration?
|
62
|
+
|
63
|
+
# The token is expired and needs to be refreshed
|
64
|
+
if can_refresh_token?(token_json)
|
65
|
+
begin
|
66
|
+
current_time = Time.now
|
67
|
+
resp = @client.create_token(
|
68
|
+
grant_type: 'refresh_token',
|
69
|
+
client_id: token_json['clientId'],
|
70
|
+
client_secret: token_json['clientSecret'],
|
71
|
+
refresh_token: token_json['refreshToken']
|
72
|
+
)
|
73
|
+
token_json['accessToken'] = resp.access_token
|
74
|
+
token_json['expiresAt'] = current_time + resp.expires_in
|
75
|
+
@token = Token.new(token_json['accessToken'], token_json['expiresAt'])
|
76
|
+
|
77
|
+
if resp.refresh_token
|
78
|
+
token_json['refreshToken'] = resp.refresh_token
|
79
|
+
else
|
80
|
+
token_json.delete('refreshToken')
|
81
|
+
end
|
82
|
+
|
83
|
+
update_token_cache(token_json)
|
84
|
+
rescue
|
85
|
+
# refresh has failed, continue attempting to use the token if its not hard expired
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
if !@token.expiration || @token.expiration < Time.now
|
90
|
+
# Token is hard expired, raise an exception
|
91
|
+
raise Errors::InvalidSSOToken, 'Token is invalid and failed to refresh.'
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
def read_cached_token
|
96
|
+
cached_token = Json.load(File.read(sso_cache_file))
|
97
|
+
# validation
|
98
|
+
unless cached_token['accessToken'] && cached_token['expiresAt']
|
99
|
+
raise ArgumentError, 'Missing required field(s)'
|
100
|
+
end
|
101
|
+
cached_token['expiresAt'] = Time.parse(cached_token['expiresAt'])
|
102
|
+
cached_token
|
103
|
+
rescue Errno::ENOENT, Aws::Json::ParseError, ArgumentError
|
104
|
+
raise Errors::InvalidSSOToken, SSO_LOGIN_GUIDANCE
|
105
|
+
end
|
106
|
+
|
107
|
+
def update_token_cache(token_json)
|
108
|
+
cached_token = token_json.dup
|
109
|
+
cached_token['expiresAt'] = cached_token['expiresAt'].iso8601
|
110
|
+
File.write(sso_cache_file, Json.dump(cached_token))
|
111
|
+
end
|
112
|
+
|
113
|
+
def sso_cache_file
|
114
|
+
sso_session_sha1 = OpenSSL::Digest::SHA1.hexdigest(@sso_session.encode('utf-8'))
|
115
|
+
File.join(Dir.home, '.aws', 'sso', 'cache', "#{sso_session_sha1}.json")
|
116
|
+
rescue ArgumentError
|
117
|
+
# Dir.home raises ArgumentError when ENV['home'] is not set
|
118
|
+
raise ArgumentError, "Unable to load sso_cache_file: ENV['HOME'] is not set."
|
119
|
+
end
|
120
|
+
|
121
|
+
# return true if all required fields are present
|
122
|
+
# return false if registrationExpiresAt exists and is later than now
|
123
|
+
def can_refresh_token?(token_json)
|
124
|
+
if token_json['clientId'] &&
|
125
|
+
token_json['clientSecret'] &&
|
126
|
+
token_json['refreshToken']
|
127
|
+
|
128
|
+
return !token_json['registrationExpiresAt'] ||
|
129
|
+
Time.parse(token_json['registrationExpiresAt']) > Time.now
|
130
|
+
else
|
131
|
+
false
|
132
|
+
end
|
133
|
+
end
|
134
|
+
end
|
135
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
class StaticTokenProvider
|
5
|
+
|
6
|
+
include TokenProvider
|
7
|
+
|
8
|
+
# @param [String] token
|
9
|
+
# @param [Time] expiration
|
10
|
+
def initialize(token, expiration=nil)
|
11
|
+
@token = Token.new(token, expiration)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
@@ -28,18 +28,20 @@ module Aws
|
|
28
28
|
# in stdlib Struct.
|
29
29
|
#
|
30
30
|
# @return [Hash]
|
31
|
-
def to_h(obj = self)
|
31
|
+
def to_h(obj = self, options = {})
|
32
32
|
case obj
|
33
33
|
when Struct
|
34
34
|
obj.each_pair.with_object({}) do |(member, value), hash|
|
35
|
-
|
35
|
+
member = member.to_s if options[:as_json]
|
36
|
+
hash[member] = to_hash(value, options) unless value.nil?
|
36
37
|
end
|
37
38
|
when Hash
|
38
39
|
obj.each.with_object({}) do |(key, value), hash|
|
39
|
-
|
40
|
+
key = key.to_s if options[:as_json]
|
41
|
+
hash[key] = to_hash(value, options)
|
40
42
|
end
|
41
43
|
when Array
|
42
|
-
obj.collect { |value| to_hash(value) }
|
44
|
+
obj.collect { |value| to_hash(value, options) }
|
43
45
|
else
|
44
46
|
obj
|
45
47
|
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
class Token
|
5
|
+
|
6
|
+
# @param [String] token
|
7
|
+
# @param [Time] expiration
|
8
|
+
def initialize(token, expiration=nil)
|
9
|
+
@token = token
|
10
|
+
@expiration = expiration
|
11
|
+
end
|
12
|
+
|
13
|
+
# @return [String, nil]
|
14
|
+
attr_reader :token
|
15
|
+
|
16
|
+
# @return [Time, nil]
|
17
|
+
attr_reader :expiration
|
18
|
+
|
19
|
+
# @return [Boolean] Returns `true` if token is set
|
20
|
+
def set?
|
21
|
+
!token.nil? && !token.empty?
|
22
|
+
end
|
23
|
+
|
24
|
+
# Removing the token from the default inspect string.
|
25
|
+
# @api private
|
26
|
+
def inspect
|
27
|
+
"#<#{self.class.name} token=[FILTERED]> expiration=#{expiration}>"
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
# @api private
|
5
|
+
class TokenProviderChain
|
6
|
+
def initialize(config = nil)
|
7
|
+
@config = config
|
8
|
+
end
|
9
|
+
|
10
|
+
# @return [TokenProvider, nil]
|
11
|
+
def resolve
|
12
|
+
providers.each do |method_name, options|
|
13
|
+
provider = send(method_name, options.merge(config: @config))
|
14
|
+
return provider if provider && provider.set?
|
15
|
+
end
|
16
|
+
nil
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
|
21
|
+
def providers
|
22
|
+
[
|
23
|
+
[:static_profile_sso_token, {}],
|
24
|
+
[:sso_token, {}]
|
25
|
+
]
|
26
|
+
end
|
27
|
+
|
28
|
+
def static_profile_sso_token(options)
|
29
|
+
if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
|
30
|
+
Aws.shared_config.sso_token_from_config(
|
31
|
+
profile: options[:config].profile
|
32
|
+
)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
|
37
|
+
def sso_token(options)
|
38
|
+
profile_name = determine_profile_name(options)
|
39
|
+
if Aws.shared_config.config_enabled?
|
40
|
+
Aws.shared_config.sso_token_from_config(profile: profile_name)
|
41
|
+
end
|
42
|
+
rescue Errors::NoSuchProfileError
|
43
|
+
nil
|
44
|
+
end
|
45
|
+
|
46
|
+
def determine_profile_name(options)
|
47
|
+
(options[:config] && options[:config].profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default'
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
end
|
@@ -24,6 +24,7 @@ module Aws
|
|
24
24
|
else
|
25
25
|
code, message, data = extract_error(body, context)
|
26
26
|
end
|
27
|
+
context[:request_id] = request_id(body)
|
27
28
|
errors_module = context.client.class.errors_module
|
28
29
|
error_class = errors_module.error_class(code).new(context, message, data)
|
29
30
|
error_class
|
@@ -94,6 +95,12 @@ module Aws
|
|
94
95
|
end
|
95
96
|
end
|
96
97
|
|
98
|
+
def request_id(body)
|
99
|
+
if matches = body.match(/<RequestId>(.+?)<\/RequestId>/m)
|
100
|
+
matches[1]
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
97
104
|
def unescape(str)
|
98
105
|
CGI.unescapeHTML(str)
|
99
106
|
end
|
data/lib/aws-sdk-core.rb
CHANGED
@@ -20,6 +20,15 @@ require_relative 'aws-sdk-core/shared_credentials'
|
|
20
20
|
require_relative 'aws-sdk-core/process_credentials'
|
21
21
|
require_relative 'aws-sdk-core/sso_credentials'
|
22
22
|
|
23
|
+
# tokens and token providers
|
24
|
+
require_relative 'aws-sdk-core/token'
|
25
|
+
require_relative 'aws-sdk-core/token_provider'
|
26
|
+
require_relative 'aws-sdk-core/static_token_provider'
|
27
|
+
require_relative 'aws-sdk-core/refreshing_token'
|
28
|
+
require_relative 'aws-sdk-core/sso_token_provider'
|
29
|
+
require_relative 'aws-sdk-core/token_provider_chain'
|
30
|
+
require_relative 'aws-sdk-core/plugins/bearer_authorization'
|
31
|
+
|
23
32
|
# client modules
|
24
33
|
|
25
34
|
require_relative 'aws-sdk-core/client_stubs'
|
@@ -88,6 +97,10 @@ require_relative 'aws-sdk-core/arn'
|
|
88
97
|
require_relative 'aws-sdk-core/arn_parser'
|
89
98
|
require_relative 'aws-sdk-core/ec2_metadata'
|
90
99
|
|
100
|
+
# dynamic endpoints
|
101
|
+
require_relative 'aws-sdk-core/endpoints'
|
102
|
+
require_relative 'aws-sdk-core/plugins/signature_v4'
|
103
|
+
|
91
104
|
# defaults
|
92
105
|
require_relative 'aws-defaults'
|
93
106
|
|
@@ -99,6 +112,7 @@ require_relative 'aws-sdk-sts'
|
|
99
112
|
|
100
113
|
# aws-sdk-sso is included to support Aws::SSOCredentials
|
101
114
|
require_relative 'aws-sdk-sso'
|
115
|
+
require_relative 'aws-sdk-ssooidc'
|
102
116
|
|
103
117
|
module Aws
|
104
118
|
|
data/lib/aws-sdk-sso/client.rb
CHANGED
@@ -30,7 +30,7 @@ require 'aws-sdk-core/plugins/http_checksum.rb'
|
|
30
30
|
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
31
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
32
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
33
|
-
require 'aws-sdk-core/plugins/
|
33
|
+
require 'aws-sdk-core/plugins/sign.rb'
|
34
34
|
require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
35
35
|
|
36
36
|
Aws::Plugins::GlobalConfiguration.add_identifier(:sso)
|
@@ -79,8 +79,9 @@ module Aws::SSO
|
|
79
79
|
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
80
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
81
81
|
add_plugin(Aws::Plugins::RecursionDetection)
|
82
|
-
add_plugin(Aws::Plugins::
|
82
|
+
add_plugin(Aws::Plugins::Sign)
|
83
83
|
add_plugin(Aws::Plugins::Protocols::RestJson)
|
84
|
+
add_plugin(Aws::SSO::Plugins::Endpoints)
|
84
85
|
|
85
86
|
# @overload initialize(options)
|
86
87
|
# @param [Hash] options
|
@@ -287,6 +288,19 @@ module Aws::SSO
|
|
287
288
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
288
289
|
# requests are made, and retries are disabled.
|
289
290
|
#
|
291
|
+
# @option options [Aws::TokenProvider] :token_provider
|
292
|
+
# A Bearer Token Provider. This can be an instance of any one of the
|
293
|
+
# following classes:
|
294
|
+
#
|
295
|
+
# * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
|
296
|
+
# tokens.
|
297
|
+
#
|
298
|
+
# * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
|
299
|
+
# access token generated from `aws login`.
|
300
|
+
#
|
301
|
+
# When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
|
302
|
+
# will be used to search for tokens configured for your profile in shared configuration files.
|
303
|
+
#
|
290
304
|
# @option options [Boolean] :use_dualstack_endpoint
|
291
305
|
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
292
306
|
# will be used if available.
|
@@ -300,6 +314,9 @@ module Aws::SSO
|
|
300
314
|
# When `true`, request parameters are validated before
|
301
315
|
# sending the request.
|
302
316
|
#
|
317
|
+
# @option options [Aws::SSO::EndpointProvider] :endpoint_provider
|
318
|
+
# The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::SSO::EndpointParameters`
|
319
|
+
#
|
303
320
|
# @option options [URI::HTTP,String] :http_proxy A proxy to send
|
304
321
|
# requests through. Formatted like 'http://proxy.com:123'.
|
305
322
|
#
|
@@ -362,7 +379,8 @@ module Aws::SSO
|
|
362
379
|
#
|
363
380
|
# @option params [required, String] :access_token
|
364
381
|
# The token issued by the `CreateToken` API call. For more information,
|
365
|
-
# see [CreateToken][1] in the *
|
382
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
383
|
+
# Guide*.
|
366
384
|
#
|
367
385
|
#
|
368
386
|
#
|
@@ -407,7 +425,8 @@ module Aws::SSO
|
|
407
425
|
#
|
408
426
|
# @option params [required, String] :access_token
|
409
427
|
# The token issued by the `CreateToken` API call. For more information,
|
410
|
-
# see [CreateToken][1] in the *
|
428
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
429
|
+
# Guide*.
|
411
430
|
#
|
412
431
|
#
|
413
432
|
#
|
@@ -450,8 +469,8 @@ module Aws::SSO
|
|
450
469
|
|
451
470
|
# Lists all AWS accounts assigned to the user. These AWS accounts are
|
452
471
|
# assigned by the administrator of the account. For more information,
|
453
|
-
# see [Assign User Access][1] in the *
|
454
|
-
# operation returns a paginated response.
|
472
|
+
# see [Assign User Access][1] in the *IAM Identity Center User Guide*.
|
473
|
+
# This operation returns a paginated response.
|
455
474
|
#
|
456
475
|
#
|
457
476
|
#
|
@@ -466,7 +485,8 @@ module Aws::SSO
|
|
466
485
|
#
|
467
486
|
# @option params [required, String] :access_token
|
468
487
|
# The token issued by the `CreateToken` API call. For more information,
|
469
|
-
# see [CreateToken][1] in the *
|
488
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
489
|
+
# Guide*.
|
470
490
|
#
|
471
491
|
#
|
472
492
|
#
|
@@ -504,12 +524,32 @@ module Aws::SSO
|
|
504
524
|
req.send_request(options)
|
505
525
|
end
|
506
526
|
|
507
|
-
# Removes the
|
508
|
-
# the
|
527
|
+
# Removes the locally stored SSO tokens from the client-side cache and
|
528
|
+
# sends an API call to the IAM Identity Center service to invalidate the
|
529
|
+
# corresponding server-side IAM Identity Center sign in session.
|
530
|
+
#
|
531
|
+
# <note markdown="1"> If a user uses IAM Identity Center to access the AWS CLI, the user’s
|
532
|
+
# IAM Identity Center sign in session is used to obtain an IAM session,
|
533
|
+
# as specified in the corresponding IAM Identity Center permission set.
|
534
|
+
# More specifically, IAM Identity Center assumes an IAM role in the
|
535
|
+
# target account on behalf of the user, and the corresponding temporary
|
536
|
+
# AWS credentials are returned to the client.
|
537
|
+
#
|
538
|
+
# After user logout, any existing IAM role sessions that were created by
|
539
|
+
# using IAM Identity Center permission sets continue based on the
|
540
|
+
# duration configured in the permission set. For more information, see
|
541
|
+
# [User authentications][1] in the *IAM Identity Center User Guide*.
|
542
|
+
#
|
543
|
+
# </note>
|
544
|
+
#
|
545
|
+
#
|
546
|
+
#
|
547
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html
|
509
548
|
#
|
510
549
|
# @option params [required, String] :access_token
|
511
550
|
# The token issued by the `CreateToken` API call. For more information,
|
512
|
-
# see [CreateToken][1] in the *
|
551
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
552
|
+
# Guide*.
|
513
553
|
#
|
514
554
|
#
|
515
555
|
#
|
@@ -545,7 +585,7 @@ module Aws::SSO
|
|
545
585
|
params: params,
|
546
586
|
config: config)
|
547
587
|
context[:gem_name] = 'aws-sdk-core'
|
548
|
-
context[:gem_version] = '3.
|
588
|
+
context[:gem_version] = '3.168.1'
|
549
589
|
Seahorse::Client::Request.new(handlers, context)
|
550
590
|
end
|
551
591
|
|
@@ -0,0 +1,66 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
module Aws::SSO
|
11
|
+
# Endpoint parameters used to influence endpoints per request.
|
12
|
+
#
|
13
|
+
# @!attribute region
|
14
|
+
# The AWS region used to dispatch the request.
|
15
|
+
#
|
16
|
+
# @return [String]
|
17
|
+
#
|
18
|
+
# @!attribute use_dual_stack
|
19
|
+
# When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.
|
20
|
+
#
|
21
|
+
# @return [Boolean]
|
22
|
+
#
|
23
|
+
# @!attribute use_fips
|
24
|
+
# When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.
|
25
|
+
#
|
26
|
+
# @return [Boolean]
|
27
|
+
#
|
28
|
+
# @!attribute endpoint
|
29
|
+
# Override the endpoint used to send this request
|
30
|
+
#
|
31
|
+
# @return [String]
|
32
|
+
#
|
33
|
+
EndpointParameters = Struct.new(
|
34
|
+
:region,
|
35
|
+
:use_dual_stack,
|
36
|
+
:use_fips,
|
37
|
+
:endpoint,
|
38
|
+
) do
|
39
|
+
include Aws::Structure
|
40
|
+
|
41
|
+
# @api private
|
42
|
+
class << self
|
43
|
+
PARAM_MAP = {
|
44
|
+
'Region' => :region,
|
45
|
+
'UseDualStack' => :use_dual_stack,
|
46
|
+
'UseFIPS' => :use_fips,
|
47
|
+
'Endpoint' => :endpoint,
|
48
|
+
}.freeze
|
49
|
+
end
|
50
|
+
|
51
|
+
def initialize(options = {})
|
52
|
+
self[:region] = options[:region]
|
53
|
+
self[:use_dual_stack] = options[:use_dual_stack]
|
54
|
+
self[:use_dual_stack] = false if self[:use_dual_stack].nil?
|
55
|
+
if self[:use_dual_stack].nil?
|
56
|
+
raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack"
|
57
|
+
end
|
58
|
+
self[:use_fips] = options[:use_fips]
|
59
|
+
self[:use_fips] = false if self[:use_fips].nil?
|
60
|
+
if self[:use_fips].nil?
|
61
|
+
raise ArgumentError, "Missing required EndpointParameter: :use_fips"
|
62
|
+
end
|
63
|
+
self[:endpoint] = options[:endpoint]
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
@@ -0,0 +1,112 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
module Aws::SSO
|
11
|
+
class EndpointProvider
|
12
|
+
def initialize(rule_set = nil)
|
13
|
+
@@rule_set ||= begin
|
14
|
+
endpoint_rules = Aws::Json.load(Base64.decode64(RULES))
|
15
|
+
Aws::Endpoints::RuleSet.new(
|
16
|
+
version: endpoint_rules['version'],
|
17
|
+
service_id: endpoint_rules['serviceId'],
|
18
|
+
parameters: endpoint_rules['parameters'],
|
19
|
+
rules: endpoint_rules['rules']
|
20
|
+
)
|
21
|
+
end
|
22
|
+
@provider = Aws::Endpoints::RulesProvider.new(rule_set || @@rule_set)
|
23
|
+
end
|
24
|
+
|
25
|
+
def resolve_endpoint(parameters)
|
26
|
+
@provider.resolve_endpoint(parameters)
|
27
|
+
end
|
28
|
+
|
29
|
+
# @api private
|
30
|
+
RULES = <<-JSON
|
31
|
+
eyJ2ZXJzaW9uIjoiMS4wIiwicGFyYW1ldGVycyI6eyJSZWdpb24iOnsiYnVp
|
32
|
+
bHRJbiI6IkFXUzo6UmVnaW9uIiwicmVxdWlyZWQiOmZhbHNlLCJkb2N1bWVu
|
33
|
+
dGF0aW9uIjoiVGhlIEFXUyByZWdpb24gdXNlZCB0byBkaXNwYXRjaCB0aGUg
|
34
|
+
cmVxdWVzdC4iLCJ0eXBlIjoiU3RyaW5nIn0sIlVzZUR1YWxTdGFjayI6eyJi
|
35
|
+
dWlsdEluIjoiQVdTOjpVc2VEdWFsU3RhY2siLCJyZXF1aXJlZCI6dHJ1ZSwi
|
36
|
+
ZGVmYXVsdCI6ZmFsc2UsImRvY3VtZW50YXRpb24iOiJXaGVuIHRydWUsIHVz
|
37
|
+
ZSB0aGUgZHVhbC1zdGFjayBlbmRwb2ludC4gSWYgdGhlIGNvbmZpZ3VyZWQg
|
38
|
+
ZW5kcG9pbnQgZG9lcyBub3Qgc3VwcG9ydCBkdWFsLXN0YWNrLCBkaXNwYXRj
|
39
|
+
aGluZyB0aGUgcmVxdWVzdCBNQVkgcmV0dXJuIGFuIGVycm9yLiIsInR5cGUi
|
40
|
+
OiJCb29sZWFuIn0sIlVzZUZJUFMiOnsiYnVpbHRJbiI6IkFXUzo6VXNlRklQ
|
41
|
+
UyIsInJlcXVpcmVkIjp0cnVlLCJkZWZhdWx0IjpmYWxzZSwiZG9jdW1lbnRh
|
42
|
+
dGlvbiI6IldoZW4gdHJ1ZSwgc2VuZCB0aGlzIHJlcXVlc3QgdG8gdGhlIEZJ
|
43
|
+
UFMtY29tcGxpYW50IHJlZ2lvbmFsIGVuZHBvaW50LiBJZiB0aGUgY29uZmln
|
44
|
+
dXJlZCBlbmRwb2ludCBkb2VzIG5vdCBoYXZlIGEgRklQUyBjb21wbGlhbnQg
|
45
|
+
ZW5kcG9pbnQsIGRpc3BhdGNoaW5nIHRoZSByZXF1ZXN0IHdpbGwgcmV0dXJu
|
46
|
+
IGFuIGVycm9yLiIsInR5cGUiOiJCb29sZWFuIn0sIkVuZHBvaW50Ijp7ImJ1
|
47
|
+
aWx0SW4iOiJTREs6OkVuZHBvaW50IiwicmVxdWlyZWQiOmZhbHNlLCJkb2N1
|
48
|
+
bWVudGF0aW9uIjoiT3ZlcnJpZGUgdGhlIGVuZHBvaW50IHVzZWQgdG8gc2Vu
|
49
|
+
ZCB0aGlzIHJlcXVlc3QiLCJ0eXBlIjoiU3RyaW5nIn19LCJydWxlcyI6W3si
|
50
|
+
Y29uZGl0aW9ucyI6W3siZm4iOiJhd3MucGFydGl0aW9uIiwiYXJndiI6W3si
|
51
|
+
cmVmIjoiUmVnaW9uIn1dLCJhc3NpZ24iOiJQYXJ0aXRpb25SZXN1bHQifV0s
|
52
|
+
InR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOlt7ImZuIjoi
|
53
|
+
aXNTZXQiLCJhcmd2IjpbeyJyZWYiOiJFbmRwb2ludCJ9XX0seyJmbiI6InBh
|
54
|
+
cnNlVVJMIiwiYXJndiI6W3sicmVmIjoiRW5kcG9pbnQifV0sImFzc2lnbiI6
|
55
|
+
InVybCJ9XSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0aW9ucyI6
|
56
|
+
W3siZm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRklQ
|
57
|
+
UyJ9LHRydWVdfV0sImVycm9yIjoiSW52YWxpZCBDb25maWd1cmF0aW9uOiBG
|
58
|
+
SVBTIGFuZCBjdXN0b20gZW5kcG9pbnQgYXJlIG5vdCBzdXBwb3J0ZWQiLCJ0
|
59
|
+
eXBlIjoiZXJyb3IifSx7ImNvbmRpdGlvbnMiOltdLCJ0eXBlIjoidHJlZSIs
|
60
|
+
InJ1bGVzIjpbeyJjb25kaXRpb25zIjpbeyJmbiI6ImJvb2xlYW5FcXVhbHMi
|
61
|
+
LCJhcmd2IjpbeyJyZWYiOiJVc2VEdWFsU3RhY2sifSx0cnVlXX1dLCJlcnJv
|
62
|
+
ciI6IkludmFsaWQgQ29uZmlndXJhdGlvbjogRHVhbHN0YWNrIGFuZCBjdXN0
|
63
|
+
b20gZW5kcG9pbnQgYXJlIG5vdCBzdXBwb3J0ZWQiLCJ0eXBlIjoiZXJyb3Ii
|
64
|
+
fSx7ImNvbmRpdGlvbnMiOltdLCJlbmRwb2ludCI6eyJ1cmwiOnsicmVmIjoi
|
65
|
+
RW5kcG9pbnQifSwicHJvcGVydGllcyI6e30sImhlYWRlcnMiOnt9fSwidHlw
|
66
|
+
ZSI6ImVuZHBvaW50In1dfV19LHsiY29uZGl0aW9ucyI6W3siZm4iOiJib29s
|
67
|
+
ZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRklQUyJ9LHRydWVdfSx7
|
68
|
+
ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt7InJlZiI6IlVzZUR1YWxT
|
69
|
+
dGFjayJ9LHRydWVdfV0sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRp
|
70
|
+
dGlvbnMiOlt7ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt0cnVlLHsi
|
71
|
+
Zm4iOiJnZXRBdHRyIiwiYXJndiI6W3sicmVmIjoiUGFydGl0aW9uUmVzdWx0
|
72
|
+
In0sInN1cHBvcnRzRklQUyJdfV19LHsiZm4iOiJib29sZWFuRXF1YWxzIiwi
|
73
|
+
YXJndiI6W3RydWUseyJmbiI6ImdldEF0dHIiLCJhcmd2IjpbeyJyZWYiOiJQ
|
74
|
+
YXJ0aXRpb25SZXN1bHQifSwic3VwcG9ydHNEdWFsU3RhY2siXX1dfV0sInR5
|
75
|
+
cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOltdLCJlbmRwb2lu
|
76
|
+
dCI6eyJ1cmwiOiJodHRwczovL3BvcnRhbC5zc28tZmlwcy57UmVnaW9ufS57
|
77
|
+
UGFydGl0aW9uUmVzdWx0I2R1YWxTdGFja0Ruc1N1ZmZpeH0iLCJwcm9wZXJ0
|
78
|
+
aWVzIjp7fSwiaGVhZGVycyI6e319LCJ0eXBlIjoiZW5kcG9pbnQifV19LHsi
|
79
|
+
Y29uZGl0aW9ucyI6W10sImVycm9yIjoiRklQUyBhbmQgRHVhbFN0YWNrIGFy
|
80
|
+
ZSBlbmFibGVkLCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBub3Qgc3VwcG9y
|
81
|
+
dCBvbmUgb3IgYm90aCIsInR5cGUiOiJlcnJvciJ9XX0seyJjb25kaXRpb25z
|
82
|
+
IjpbeyJmbiI6ImJvb2xlYW5FcXVhbHMiLCJhcmd2IjpbeyJyZWYiOiJVc2VG
|
83
|
+
SVBTIn0sdHJ1ZV19XSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0
|
84
|
+
aW9ucyI6W3siZm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3RydWUseyJm
|
85
|
+
biI6ImdldEF0dHIiLCJhcmd2IjpbeyJyZWYiOiJQYXJ0aXRpb25SZXN1bHQi
|
86
|
+
fSwic3VwcG9ydHNGSVBTIl19XX1dLCJ0eXBlIjoidHJlZSIsInJ1bGVzIjpb
|
87
|
+
eyJjb25kaXRpb25zIjpbXSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29u
|
88
|
+
ZGl0aW9ucyI6W10sImVuZHBvaW50Ijp7InVybCI6Imh0dHBzOi8vcG9ydGFs
|
89
|
+
LnNzby1maXBzLntSZWdpb259LntQYXJ0aXRpb25SZXN1bHQjZG5zU3VmZml4
|
90
|
+
fSIsInByb3BlcnRpZXMiOnt9LCJoZWFkZXJzIjp7fX0sInR5cGUiOiJlbmRw
|
91
|
+
b2ludCJ9XX1dfSx7ImNvbmRpdGlvbnMiOltdLCJlcnJvciI6IkZJUFMgaXMg
|
92
|
+
ZW5hYmxlZCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBub3Qgc3VwcG9ydCBG
|
93
|
+
SVBTIiwidHlwZSI6ImVycm9yIn1dfSx7ImNvbmRpdGlvbnMiOlt7ImZuIjoi
|
94
|
+
Ym9vbGVhbkVxdWFscyIsImFyZ3YiOlt7InJlZiI6IlVzZUR1YWxTdGFjayJ9
|
95
|
+
LHRydWVdfV0sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMi
|
96
|
+
Olt7ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt0cnVlLHsiZm4iOiJn
|
97
|
+
ZXRBdHRyIiwiYXJndiI6W3sicmVmIjoiUGFydGl0aW9uUmVzdWx0In0sInN1
|
98
|
+
cHBvcnRzRHVhbFN0YWNrIl19XX1dLCJ0eXBlIjoidHJlZSIsInJ1bGVzIjpb
|
99
|
+
eyJjb25kaXRpb25zIjpbXSwiZW5kcG9pbnQiOnsidXJsIjoiaHR0cHM6Ly9w
|
100
|
+
b3J0YWwuc3NvLntSZWdpb259LntQYXJ0aXRpb25SZXN1bHQjZHVhbFN0YWNr
|
101
|
+
RG5zU3VmZml4fSIsInByb3BlcnRpZXMiOnt9LCJoZWFkZXJzIjp7fX0sInR5
|
102
|
+
cGUiOiJlbmRwb2ludCJ9XX0seyJjb25kaXRpb25zIjpbXSwiZXJyb3IiOiJE
|
103
|
+
dWFsU3RhY2sgaXMgZW5hYmxlZCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBu
|
104
|
+
b3Qgc3VwcG9ydCBEdWFsU3RhY2siLCJ0eXBlIjoiZXJyb3IifV19LHsiY29u
|
105
|
+
ZGl0aW9ucyI6W10sImVuZHBvaW50Ijp7InVybCI6Imh0dHBzOi8vcG9ydGFs
|
106
|
+
LnNzby57UmVnaW9ufS57UGFydGl0aW9uUmVzdWx0I2Ruc1N1ZmZpeH0iLCJw
|
107
|
+
cm9wZXJ0aWVzIjp7fSwiaGVhZGVycyI6e319LCJ0eXBlIjoiZW5kcG9pbnQi
|
108
|
+
fV19XX0=
|
109
|
+
|
110
|
+
JSON
|
111
|
+
end
|
112
|
+
end
|