aws-sdk-core 3.131.1 → 3.168.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +244 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/arn.rb +13 -0
- data/lib/aws-sdk-core/binary/encode_handler.rb +12 -1
- data/lib/aws-sdk-core/endpoints/condition.rb +36 -0
- data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
- data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +71 -0
- data/lib/aws-sdk-core/endpoints/error_rule.rb +37 -0
- data/lib/aws-sdk-core/endpoints/function.rb +75 -0
- data/lib/aws-sdk-core/endpoints/matchers.rb +127 -0
- data/lib/aws-sdk-core/endpoints/reference.rb +26 -0
- data/lib/aws-sdk-core/endpoints/rule.rb +20 -0
- data/lib/aws-sdk-core/endpoints/rule_set.rb +47 -0
- data/lib/aws-sdk-core/endpoints/rules_provider.rb +32 -0
- data/lib/aws-sdk-core/endpoints/templater.rb +52 -0
- data/lib/aws-sdk-core/endpoints/tree_rule.rb +40 -0
- data/lib/aws-sdk-core/endpoints/url.rb +59 -0
- data/lib/aws-sdk-core/endpoints.rb +74 -0
- data/lib/aws-sdk-core/errors.rb +13 -0
- data/lib/aws-sdk-core/json/error_handler.rb +10 -1
- data/lib/aws-sdk-core/pageable_response.rb +7 -0
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +24 -0
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +6 -2
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +14 -3
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +5 -0
- data/lib/aws-sdk-core/plugins/sign.rb +190 -0
- data/lib/aws-sdk-core/plugins/signature_v2.rb +1 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +13 -7
- data/lib/aws-sdk-core/refreshing_token.rb +71 -0
- data/lib/aws-sdk-core/rest/handler.rb +1 -1
- data/lib/aws-sdk-core/rest/request/headers.rb +2 -6
- data/lib/aws-sdk-core/shared_config.rb +76 -5
- data/lib/aws-sdk-core/sso_credentials.rb +79 -44
- data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
- data/lib/aws-sdk-core/static_token_provider.rb +14 -0
- data/lib/aws-sdk-core/structure.rb +6 -4
- data/lib/aws-sdk-core/token.rb +31 -0
- data/lib/aws-sdk-core/token_provider.rb +15 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
- data/lib/aws-sdk-core/xml/error_handler.rb +7 -0
- data/lib/aws-sdk-core.rb +14 -0
- data/lib/aws-sdk-sso/client.rb +51 -11
- data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-sso/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-sso/endpoints.rb +71 -0
- data/lib/aws-sdk-sso/plugins/endpoints.rb +76 -0
- data/lib/aws-sdk-sso/types.rb +8 -8
- data/lib/aws-sdk-sso.rb +5 -1
- data/lib/aws-sdk-ssooidc/client.rb +606 -0
- data/lib/aws-sdk-ssooidc/client_api.rb +216 -0
- data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +111 -0
- data/lib/aws-sdk-ssooidc/endpoints.rb +57 -0
- data/lib/aws-sdk-ssooidc/errors.rb +290 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +74 -0
- data/lib/aws-sdk-ssooidc/resource.rb +26 -0
- data/lib/aws-sdk-ssooidc/types.rb +534 -0
- data/lib/aws-sdk-ssooidc.rb +59 -0
- data/lib/aws-sdk-sts/client.rb +141 -124
- data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
- data/lib/aws-sdk-sts/endpoint_provider.rb +229 -0
- data/lib/aws-sdk-sts/endpoints.rb +135 -0
- data/lib/aws-sdk-sts/plugins/endpoints.rb +84 -0
- data/lib/aws-sdk-sts/presigner.rb +13 -15
- data/lib/aws-sdk-sts/types.rb +79 -69
- data/lib/aws-sdk-sts.rb +5 -1
- data/lib/seahorse/client/async_base.rb +0 -1
- data/lib/seahorse/client/configuration.rb +2 -2
- data/lib/seahorse/client/h2/connection.rb +2 -5
- data/lib/seahorse/client/plugins/request_callback.rb +9 -9
- data/lib/seahorse/util.rb +4 -0
- metadata +47 -6
@@ -0,0 +1,135 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
class SSOTokenProvider
|
5
|
+
|
6
|
+
include TokenProvider
|
7
|
+
include RefreshingToken
|
8
|
+
|
9
|
+
# @api private
|
10
|
+
SSO_REQUIRED_OPTS = [:sso_region, :sso_session].freeze
|
11
|
+
|
12
|
+
# @api private
|
13
|
+
SSO_LOGIN_GUIDANCE = 'The SSO session associated with this profile has '\
|
14
|
+
'expired or is otherwise invalid. To refresh this SSO session run '\
|
15
|
+
'aws sso login with the corresponding profile.'.freeze
|
16
|
+
|
17
|
+
# @option options [required, String] :sso_region The AWS region where the
|
18
|
+
# SSO directory for the given sso_start_url is hosted.
|
19
|
+
#
|
20
|
+
# @option options [required, String] :sso_session The SSO Session used to
|
21
|
+
# for fetching this token.
|
22
|
+
#
|
23
|
+
# @option options [SSOOIDC::Client] :client Optional `SSOOIDC::Client`. If not
|
24
|
+
# provided, a client will be constructed.
|
25
|
+
#
|
26
|
+
# @option options [Callable] before_refresh Proc called before
|
27
|
+
# credentials are refreshed. `before_refresh` is called
|
28
|
+
# with an instance of this object when
|
29
|
+
# AWS credentials are required and need to be refreshed.
|
30
|
+
def initialize(options = {})
|
31
|
+
|
32
|
+
missing_keys = SSO_REQUIRED_OPTS.select { |k| options[k].nil? }
|
33
|
+
unless missing_keys.empty?
|
34
|
+
raise ArgumentError, "Missing required keys: #{missing_keys}"
|
35
|
+
end
|
36
|
+
|
37
|
+
@sso_session = options.delete(:sso_session)
|
38
|
+
@sso_region = options.delete(:sso_region)
|
39
|
+
|
40
|
+
options[:region] = @sso_region
|
41
|
+
options[:credentials] = nil
|
42
|
+
options[:token_provider] = nil
|
43
|
+
@client = options[:client] || Aws::SSOOIDC::Client.new(options)
|
44
|
+
|
45
|
+
super
|
46
|
+
end
|
47
|
+
|
48
|
+
# @return [SSOOIDC::Client]
|
49
|
+
attr_reader :client
|
50
|
+
|
51
|
+
private
|
52
|
+
|
53
|
+
def refresh
|
54
|
+
# token is valid and not in refresh window - do not refresh it.
|
55
|
+
return if @token && @token.expiration && !near_expiration?
|
56
|
+
|
57
|
+
# token may not exist or is out of the expiration window
|
58
|
+
# attempt to refresh from disk first (another process/application may have refreshed already)
|
59
|
+
token_json = read_cached_token
|
60
|
+
@token = Token.new(token_json['accessToken'], token_json['expiresAt'])
|
61
|
+
return if @token && @token.expiration && !near_expiration?
|
62
|
+
|
63
|
+
# The token is expired and needs to be refreshed
|
64
|
+
if can_refresh_token?(token_json)
|
65
|
+
begin
|
66
|
+
current_time = Time.now
|
67
|
+
resp = @client.create_token(
|
68
|
+
grant_type: 'refresh_token',
|
69
|
+
client_id: token_json['clientId'],
|
70
|
+
client_secret: token_json['clientSecret'],
|
71
|
+
refresh_token: token_json['refreshToken']
|
72
|
+
)
|
73
|
+
token_json['accessToken'] = resp.access_token
|
74
|
+
token_json['expiresAt'] = current_time + resp.expires_in
|
75
|
+
@token = Token.new(token_json['accessToken'], token_json['expiresAt'])
|
76
|
+
|
77
|
+
if resp.refresh_token
|
78
|
+
token_json['refreshToken'] = resp.refresh_token
|
79
|
+
else
|
80
|
+
token_json.delete('refreshToken')
|
81
|
+
end
|
82
|
+
|
83
|
+
update_token_cache(token_json)
|
84
|
+
rescue
|
85
|
+
# refresh has failed, continue attempting to use the token if its not hard expired
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
if !@token.expiration || @token.expiration < Time.now
|
90
|
+
# Token is hard expired, raise an exception
|
91
|
+
raise Errors::InvalidSSOToken, 'Token is invalid and failed to refresh.'
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
def read_cached_token
|
96
|
+
cached_token = Json.load(File.read(sso_cache_file))
|
97
|
+
# validation
|
98
|
+
unless cached_token['accessToken'] && cached_token['expiresAt']
|
99
|
+
raise ArgumentError, 'Missing required field(s)'
|
100
|
+
end
|
101
|
+
cached_token['expiresAt'] = Time.parse(cached_token['expiresAt'])
|
102
|
+
cached_token
|
103
|
+
rescue Errno::ENOENT, Aws::Json::ParseError, ArgumentError
|
104
|
+
raise Errors::InvalidSSOToken, SSO_LOGIN_GUIDANCE
|
105
|
+
end
|
106
|
+
|
107
|
+
def update_token_cache(token_json)
|
108
|
+
cached_token = token_json.dup
|
109
|
+
cached_token['expiresAt'] = cached_token['expiresAt'].iso8601
|
110
|
+
File.write(sso_cache_file, Json.dump(cached_token))
|
111
|
+
end
|
112
|
+
|
113
|
+
def sso_cache_file
|
114
|
+
sso_session_sha1 = OpenSSL::Digest::SHA1.hexdigest(@sso_session.encode('utf-8'))
|
115
|
+
File.join(Dir.home, '.aws', 'sso', 'cache', "#{sso_session_sha1}.json")
|
116
|
+
rescue ArgumentError
|
117
|
+
# Dir.home raises ArgumentError when ENV['home'] is not set
|
118
|
+
raise ArgumentError, "Unable to load sso_cache_file: ENV['HOME'] is not set."
|
119
|
+
end
|
120
|
+
|
121
|
+
# return true if all required fields are present
|
122
|
+
# return false if registrationExpiresAt exists and is later than now
|
123
|
+
def can_refresh_token?(token_json)
|
124
|
+
if token_json['clientId'] &&
|
125
|
+
token_json['clientSecret'] &&
|
126
|
+
token_json['refreshToken']
|
127
|
+
|
128
|
+
return !token_json['registrationExpiresAt'] ||
|
129
|
+
Time.parse(token_json['registrationExpiresAt']) > Time.now
|
130
|
+
else
|
131
|
+
false
|
132
|
+
end
|
133
|
+
end
|
134
|
+
end
|
135
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
class StaticTokenProvider
|
5
|
+
|
6
|
+
include TokenProvider
|
7
|
+
|
8
|
+
# @param [String] token
|
9
|
+
# @param [Time] expiration
|
10
|
+
def initialize(token, expiration=nil)
|
11
|
+
@token = Token.new(token, expiration)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
@@ -28,18 +28,20 @@ module Aws
|
|
28
28
|
# in stdlib Struct.
|
29
29
|
#
|
30
30
|
# @return [Hash]
|
31
|
-
def to_h(obj = self)
|
31
|
+
def to_h(obj = self, options = {})
|
32
32
|
case obj
|
33
33
|
when Struct
|
34
34
|
obj.each_pair.with_object({}) do |(member, value), hash|
|
35
|
-
|
35
|
+
member = member.to_s if options[:as_json]
|
36
|
+
hash[member] = to_hash(value, options) unless value.nil?
|
36
37
|
end
|
37
38
|
when Hash
|
38
39
|
obj.each.with_object({}) do |(key, value), hash|
|
39
|
-
|
40
|
+
key = key.to_s if options[:as_json]
|
41
|
+
hash[key] = to_hash(value, options)
|
40
42
|
end
|
41
43
|
when Array
|
42
|
-
obj.collect { |value| to_hash(value) }
|
44
|
+
obj.collect { |value| to_hash(value, options) }
|
43
45
|
else
|
44
46
|
obj
|
45
47
|
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
class Token
|
5
|
+
|
6
|
+
# @param [String] token
|
7
|
+
# @param [Time] expiration
|
8
|
+
def initialize(token, expiration=nil)
|
9
|
+
@token = token
|
10
|
+
@expiration = expiration
|
11
|
+
end
|
12
|
+
|
13
|
+
# @return [String, nil]
|
14
|
+
attr_reader :token
|
15
|
+
|
16
|
+
# @return [Time, nil]
|
17
|
+
attr_reader :expiration
|
18
|
+
|
19
|
+
# @return [Boolean] Returns `true` if token is set
|
20
|
+
def set?
|
21
|
+
!token.nil? && !token.empty?
|
22
|
+
end
|
23
|
+
|
24
|
+
# Removing the token from the default inspect string.
|
25
|
+
# @api private
|
26
|
+
def inspect
|
27
|
+
"#<#{self.class.name} token=[FILTERED]> expiration=#{expiration}>"
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
# @api private
|
5
|
+
class TokenProviderChain
|
6
|
+
def initialize(config = nil)
|
7
|
+
@config = config
|
8
|
+
end
|
9
|
+
|
10
|
+
# @return [TokenProvider, nil]
|
11
|
+
def resolve
|
12
|
+
providers.each do |method_name, options|
|
13
|
+
provider = send(method_name, options.merge(config: @config))
|
14
|
+
return provider if provider && provider.set?
|
15
|
+
end
|
16
|
+
nil
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
|
21
|
+
def providers
|
22
|
+
[
|
23
|
+
[:static_profile_sso_token, {}],
|
24
|
+
[:sso_token, {}]
|
25
|
+
]
|
26
|
+
end
|
27
|
+
|
28
|
+
def static_profile_sso_token(options)
|
29
|
+
if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
|
30
|
+
Aws.shared_config.sso_token_from_config(
|
31
|
+
profile: options[:config].profile
|
32
|
+
)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
|
37
|
+
def sso_token(options)
|
38
|
+
profile_name = determine_profile_name(options)
|
39
|
+
if Aws.shared_config.config_enabled?
|
40
|
+
Aws.shared_config.sso_token_from_config(profile: profile_name)
|
41
|
+
end
|
42
|
+
rescue Errors::NoSuchProfileError
|
43
|
+
nil
|
44
|
+
end
|
45
|
+
|
46
|
+
def determine_profile_name(options)
|
47
|
+
(options[:config] && options[:config].profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default'
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
end
|
@@ -24,6 +24,7 @@ module Aws
|
|
24
24
|
else
|
25
25
|
code, message, data = extract_error(body, context)
|
26
26
|
end
|
27
|
+
context[:request_id] = request_id(body)
|
27
28
|
errors_module = context.client.class.errors_module
|
28
29
|
error_class = errors_module.error_class(code).new(context, message, data)
|
29
30
|
error_class
|
@@ -94,6 +95,12 @@ module Aws
|
|
94
95
|
end
|
95
96
|
end
|
96
97
|
|
98
|
+
def request_id(body)
|
99
|
+
if matches = body.match(/<RequestId>(.+?)<\/RequestId>/m)
|
100
|
+
matches[1]
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
97
104
|
def unescape(str)
|
98
105
|
CGI.unescapeHTML(str)
|
99
106
|
end
|
data/lib/aws-sdk-core.rb
CHANGED
@@ -20,6 +20,15 @@ require_relative 'aws-sdk-core/shared_credentials'
|
|
20
20
|
require_relative 'aws-sdk-core/process_credentials'
|
21
21
|
require_relative 'aws-sdk-core/sso_credentials'
|
22
22
|
|
23
|
+
# tokens and token providers
|
24
|
+
require_relative 'aws-sdk-core/token'
|
25
|
+
require_relative 'aws-sdk-core/token_provider'
|
26
|
+
require_relative 'aws-sdk-core/static_token_provider'
|
27
|
+
require_relative 'aws-sdk-core/refreshing_token'
|
28
|
+
require_relative 'aws-sdk-core/sso_token_provider'
|
29
|
+
require_relative 'aws-sdk-core/token_provider_chain'
|
30
|
+
require_relative 'aws-sdk-core/plugins/bearer_authorization'
|
31
|
+
|
23
32
|
# client modules
|
24
33
|
|
25
34
|
require_relative 'aws-sdk-core/client_stubs'
|
@@ -88,6 +97,10 @@ require_relative 'aws-sdk-core/arn'
|
|
88
97
|
require_relative 'aws-sdk-core/arn_parser'
|
89
98
|
require_relative 'aws-sdk-core/ec2_metadata'
|
90
99
|
|
100
|
+
# dynamic endpoints
|
101
|
+
require_relative 'aws-sdk-core/endpoints'
|
102
|
+
require_relative 'aws-sdk-core/plugins/signature_v4'
|
103
|
+
|
91
104
|
# defaults
|
92
105
|
require_relative 'aws-defaults'
|
93
106
|
|
@@ -99,6 +112,7 @@ require_relative 'aws-sdk-sts'
|
|
99
112
|
|
100
113
|
# aws-sdk-sso is included to support Aws::SSOCredentials
|
101
114
|
require_relative 'aws-sdk-sso'
|
115
|
+
require_relative 'aws-sdk-ssooidc'
|
102
116
|
|
103
117
|
module Aws
|
104
118
|
|
data/lib/aws-sdk-sso/client.rb
CHANGED
@@ -30,7 +30,7 @@ require 'aws-sdk-core/plugins/http_checksum.rb'
|
|
30
30
|
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
31
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
32
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
33
|
-
require 'aws-sdk-core/plugins/
|
33
|
+
require 'aws-sdk-core/plugins/sign.rb'
|
34
34
|
require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
35
35
|
|
36
36
|
Aws::Plugins::GlobalConfiguration.add_identifier(:sso)
|
@@ -79,8 +79,9 @@ module Aws::SSO
|
|
79
79
|
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
80
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
81
81
|
add_plugin(Aws::Plugins::RecursionDetection)
|
82
|
-
add_plugin(Aws::Plugins::
|
82
|
+
add_plugin(Aws::Plugins::Sign)
|
83
83
|
add_plugin(Aws::Plugins::Protocols::RestJson)
|
84
|
+
add_plugin(Aws::SSO::Plugins::Endpoints)
|
84
85
|
|
85
86
|
# @overload initialize(options)
|
86
87
|
# @param [Hash] options
|
@@ -287,6 +288,19 @@ module Aws::SSO
|
|
287
288
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
288
289
|
# requests are made, and retries are disabled.
|
289
290
|
#
|
291
|
+
# @option options [Aws::TokenProvider] :token_provider
|
292
|
+
# A Bearer Token Provider. This can be an instance of any one of the
|
293
|
+
# following classes:
|
294
|
+
#
|
295
|
+
# * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
|
296
|
+
# tokens.
|
297
|
+
#
|
298
|
+
# * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
|
299
|
+
# access token generated from `aws login`.
|
300
|
+
#
|
301
|
+
# When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
|
302
|
+
# will be used to search for tokens configured for your profile in shared configuration files.
|
303
|
+
#
|
290
304
|
# @option options [Boolean] :use_dualstack_endpoint
|
291
305
|
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
292
306
|
# will be used if available.
|
@@ -300,6 +314,9 @@ module Aws::SSO
|
|
300
314
|
# When `true`, request parameters are validated before
|
301
315
|
# sending the request.
|
302
316
|
#
|
317
|
+
# @option options [Aws::SSO::EndpointProvider] :endpoint_provider
|
318
|
+
# The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::SSO::EndpointParameters`
|
319
|
+
#
|
303
320
|
# @option options [URI::HTTP,String] :http_proxy A proxy to send
|
304
321
|
# requests through. Formatted like 'http://proxy.com:123'.
|
305
322
|
#
|
@@ -362,7 +379,8 @@ module Aws::SSO
|
|
362
379
|
#
|
363
380
|
# @option params [required, String] :access_token
|
364
381
|
# The token issued by the `CreateToken` API call. For more information,
|
365
|
-
# see [CreateToken][1] in the *
|
382
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
383
|
+
# Guide*.
|
366
384
|
#
|
367
385
|
#
|
368
386
|
#
|
@@ -407,7 +425,8 @@ module Aws::SSO
|
|
407
425
|
#
|
408
426
|
# @option params [required, String] :access_token
|
409
427
|
# The token issued by the `CreateToken` API call. For more information,
|
410
|
-
# see [CreateToken][1] in the *
|
428
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
429
|
+
# Guide*.
|
411
430
|
#
|
412
431
|
#
|
413
432
|
#
|
@@ -450,8 +469,8 @@ module Aws::SSO
|
|
450
469
|
|
451
470
|
# Lists all AWS accounts assigned to the user. These AWS accounts are
|
452
471
|
# assigned by the administrator of the account. For more information,
|
453
|
-
# see [Assign User Access][1] in the *
|
454
|
-
# operation returns a paginated response.
|
472
|
+
# see [Assign User Access][1] in the *IAM Identity Center User Guide*.
|
473
|
+
# This operation returns a paginated response.
|
455
474
|
#
|
456
475
|
#
|
457
476
|
#
|
@@ -466,7 +485,8 @@ module Aws::SSO
|
|
466
485
|
#
|
467
486
|
# @option params [required, String] :access_token
|
468
487
|
# The token issued by the `CreateToken` API call. For more information,
|
469
|
-
# see [CreateToken][1] in the *
|
488
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
489
|
+
# Guide*.
|
470
490
|
#
|
471
491
|
#
|
472
492
|
#
|
@@ -504,12 +524,32 @@ module Aws::SSO
|
|
504
524
|
req.send_request(options)
|
505
525
|
end
|
506
526
|
|
507
|
-
# Removes the
|
508
|
-
# the
|
527
|
+
# Removes the locally stored SSO tokens from the client-side cache and
|
528
|
+
# sends an API call to the IAM Identity Center service to invalidate the
|
529
|
+
# corresponding server-side IAM Identity Center sign in session.
|
530
|
+
#
|
531
|
+
# <note markdown="1"> If a user uses IAM Identity Center to access the AWS CLI, the user’s
|
532
|
+
# IAM Identity Center sign in session is used to obtain an IAM session,
|
533
|
+
# as specified in the corresponding IAM Identity Center permission set.
|
534
|
+
# More specifically, IAM Identity Center assumes an IAM role in the
|
535
|
+
# target account on behalf of the user, and the corresponding temporary
|
536
|
+
# AWS credentials are returned to the client.
|
537
|
+
#
|
538
|
+
# After user logout, any existing IAM role sessions that were created by
|
539
|
+
# using IAM Identity Center permission sets continue based on the
|
540
|
+
# duration configured in the permission set. For more information, see
|
541
|
+
# [User authentications][1] in the *IAM Identity Center User Guide*.
|
542
|
+
#
|
543
|
+
# </note>
|
544
|
+
#
|
545
|
+
#
|
546
|
+
#
|
547
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html
|
509
548
|
#
|
510
549
|
# @option params [required, String] :access_token
|
511
550
|
# The token issued by the `CreateToken` API call. For more information,
|
512
|
-
# see [CreateToken][1] in the *
|
551
|
+
# see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
|
552
|
+
# Guide*.
|
513
553
|
#
|
514
554
|
#
|
515
555
|
#
|
@@ -545,7 +585,7 @@ module Aws::SSO
|
|
545
585
|
params: params,
|
546
586
|
config: config)
|
547
587
|
context[:gem_name] = 'aws-sdk-core'
|
548
|
-
context[:gem_version] = '3.
|
588
|
+
context[:gem_version] = '3.168.1'
|
549
589
|
Seahorse::Client::Request.new(handlers, context)
|
550
590
|
end
|
551
591
|
|
@@ -0,0 +1,66 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
module Aws::SSO
|
11
|
+
# Endpoint parameters used to influence endpoints per request.
|
12
|
+
#
|
13
|
+
# @!attribute region
|
14
|
+
# The AWS region used to dispatch the request.
|
15
|
+
#
|
16
|
+
# @return [String]
|
17
|
+
#
|
18
|
+
# @!attribute use_dual_stack
|
19
|
+
# When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.
|
20
|
+
#
|
21
|
+
# @return [Boolean]
|
22
|
+
#
|
23
|
+
# @!attribute use_fips
|
24
|
+
# When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.
|
25
|
+
#
|
26
|
+
# @return [Boolean]
|
27
|
+
#
|
28
|
+
# @!attribute endpoint
|
29
|
+
# Override the endpoint used to send this request
|
30
|
+
#
|
31
|
+
# @return [String]
|
32
|
+
#
|
33
|
+
EndpointParameters = Struct.new(
|
34
|
+
:region,
|
35
|
+
:use_dual_stack,
|
36
|
+
:use_fips,
|
37
|
+
:endpoint,
|
38
|
+
) do
|
39
|
+
include Aws::Structure
|
40
|
+
|
41
|
+
# @api private
|
42
|
+
class << self
|
43
|
+
PARAM_MAP = {
|
44
|
+
'Region' => :region,
|
45
|
+
'UseDualStack' => :use_dual_stack,
|
46
|
+
'UseFIPS' => :use_fips,
|
47
|
+
'Endpoint' => :endpoint,
|
48
|
+
}.freeze
|
49
|
+
end
|
50
|
+
|
51
|
+
def initialize(options = {})
|
52
|
+
self[:region] = options[:region]
|
53
|
+
self[:use_dual_stack] = options[:use_dual_stack]
|
54
|
+
self[:use_dual_stack] = false if self[:use_dual_stack].nil?
|
55
|
+
if self[:use_dual_stack].nil?
|
56
|
+
raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack"
|
57
|
+
end
|
58
|
+
self[:use_fips] = options[:use_fips]
|
59
|
+
self[:use_fips] = false if self[:use_fips].nil?
|
60
|
+
if self[:use_fips].nil?
|
61
|
+
raise ArgumentError, "Missing required EndpointParameter: :use_fips"
|
62
|
+
end
|
63
|
+
self[:endpoint] = options[:endpoint]
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
@@ -0,0 +1,112 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
module Aws::SSO
|
11
|
+
class EndpointProvider
|
12
|
+
def initialize(rule_set = nil)
|
13
|
+
@@rule_set ||= begin
|
14
|
+
endpoint_rules = Aws::Json.load(Base64.decode64(RULES))
|
15
|
+
Aws::Endpoints::RuleSet.new(
|
16
|
+
version: endpoint_rules['version'],
|
17
|
+
service_id: endpoint_rules['serviceId'],
|
18
|
+
parameters: endpoint_rules['parameters'],
|
19
|
+
rules: endpoint_rules['rules']
|
20
|
+
)
|
21
|
+
end
|
22
|
+
@provider = Aws::Endpoints::RulesProvider.new(rule_set || @@rule_set)
|
23
|
+
end
|
24
|
+
|
25
|
+
def resolve_endpoint(parameters)
|
26
|
+
@provider.resolve_endpoint(parameters)
|
27
|
+
end
|
28
|
+
|
29
|
+
# @api private
|
30
|
+
RULES = <<-JSON
|
31
|
+
eyJ2ZXJzaW9uIjoiMS4wIiwicGFyYW1ldGVycyI6eyJSZWdpb24iOnsiYnVp
|
32
|
+
bHRJbiI6IkFXUzo6UmVnaW9uIiwicmVxdWlyZWQiOmZhbHNlLCJkb2N1bWVu
|
33
|
+
dGF0aW9uIjoiVGhlIEFXUyByZWdpb24gdXNlZCB0byBkaXNwYXRjaCB0aGUg
|
34
|
+
cmVxdWVzdC4iLCJ0eXBlIjoiU3RyaW5nIn0sIlVzZUR1YWxTdGFjayI6eyJi
|
35
|
+
dWlsdEluIjoiQVdTOjpVc2VEdWFsU3RhY2siLCJyZXF1aXJlZCI6dHJ1ZSwi
|
36
|
+
ZGVmYXVsdCI6ZmFsc2UsImRvY3VtZW50YXRpb24iOiJXaGVuIHRydWUsIHVz
|
37
|
+
ZSB0aGUgZHVhbC1zdGFjayBlbmRwb2ludC4gSWYgdGhlIGNvbmZpZ3VyZWQg
|
38
|
+
ZW5kcG9pbnQgZG9lcyBub3Qgc3VwcG9ydCBkdWFsLXN0YWNrLCBkaXNwYXRj
|
39
|
+
aGluZyB0aGUgcmVxdWVzdCBNQVkgcmV0dXJuIGFuIGVycm9yLiIsInR5cGUi
|
40
|
+
OiJCb29sZWFuIn0sIlVzZUZJUFMiOnsiYnVpbHRJbiI6IkFXUzo6VXNlRklQ
|
41
|
+
UyIsInJlcXVpcmVkIjp0cnVlLCJkZWZhdWx0IjpmYWxzZSwiZG9jdW1lbnRh
|
42
|
+
dGlvbiI6IldoZW4gdHJ1ZSwgc2VuZCB0aGlzIHJlcXVlc3QgdG8gdGhlIEZJ
|
43
|
+
UFMtY29tcGxpYW50IHJlZ2lvbmFsIGVuZHBvaW50LiBJZiB0aGUgY29uZmln
|
44
|
+
dXJlZCBlbmRwb2ludCBkb2VzIG5vdCBoYXZlIGEgRklQUyBjb21wbGlhbnQg
|
45
|
+
ZW5kcG9pbnQsIGRpc3BhdGNoaW5nIHRoZSByZXF1ZXN0IHdpbGwgcmV0dXJu
|
46
|
+
IGFuIGVycm9yLiIsInR5cGUiOiJCb29sZWFuIn0sIkVuZHBvaW50Ijp7ImJ1
|
47
|
+
aWx0SW4iOiJTREs6OkVuZHBvaW50IiwicmVxdWlyZWQiOmZhbHNlLCJkb2N1
|
48
|
+
bWVudGF0aW9uIjoiT3ZlcnJpZGUgdGhlIGVuZHBvaW50IHVzZWQgdG8gc2Vu
|
49
|
+
ZCB0aGlzIHJlcXVlc3QiLCJ0eXBlIjoiU3RyaW5nIn19LCJydWxlcyI6W3si
|
50
|
+
Y29uZGl0aW9ucyI6W3siZm4iOiJhd3MucGFydGl0aW9uIiwiYXJndiI6W3si
|
51
|
+
cmVmIjoiUmVnaW9uIn1dLCJhc3NpZ24iOiJQYXJ0aXRpb25SZXN1bHQifV0s
|
52
|
+
InR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOlt7ImZuIjoi
|
53
|
+
aXNTZXQiLCJhcmd2IjpbeyJyZWYiOiJFbmRwb2ludCJ9XX0seyJmbiI6InBh
|
54
|
+
cnNlVVJMIiwiYXJndiI6W3sicmVmIjoiRW5kcG9pbnQifV0sImFzc2lnbiI6
|
55
|
+
InVybCJ9XSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0aW9ucyI6
|
56
|
+
W3siZm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRklQ
|
57
|
+
UyJ9LHRydWVdfV0sImVycm9yIjoiSW52YWxpZCBDb25maWd1cmF0aW9uOiBG
|
58
|
+
SVBTIGFuZCBjdXN0b20gZW5kcG9pbnQgYXJlIG5vdCBzdXBwb3J0ZWQiLCJ0
|
59
|
+
eXBlIjoiZXJyb3IifSx7ImNvbmRpdGlvbnMiOltdLCJ0eXBlIjoidHJlZSIs
|
60
|
+
InJ1bGVzIjpbeyJjb25kaXRpb25zIjpbeyJmbiI6ImJvb2xlYW5FcXVhbHMi
|
61
|
+
LCJhcmd2IjpbeyJyZWYiOiJVc2VEdWFsU3RhY2sifSx0cnVlXX1dLCJlcnJv
|
62
|
+
ciI6IkludmFsaWQgQ29uZmlndXJhdGlvbjogRHVhbHN0YWNrIGFuZCBjdXN0
|
63
|
+
b20gZW5kcG9pbnQgYXJlIG5vdCBzdXBwb3J0ZWQiLCJ0eXBlIjoiZXJyb3Ii
|
64
|
+
fSx7ImNvbmRpdGlvbnMiOltdLCJlbmRwb2ludCI6eyJ1cmwiOnsicmVmIjoi
|
65
|
+
RW5kcG9pbnQifSwicHJvcGVydGllcyI6e30sImhlYWRlcnMiOnt9fSwidHlw
|
66
|
+
ZSI6ImVuZHBvaW50In1dfV19LHsiY29uZGl0aW9ucyI6W3siZm4iOiJib29s
|
67
|
+
ZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRklQUyJ9LHRydWVdfSx7
|
68
|
+
ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt7InJlZiI6IlVzZUR1YWxT
|
69
|
+
dGFjayJ9LHRydWVdfV0sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRp
|
70
|
+
dGlvbnMiOlt7ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt0cnVlLHsi
|
71
|
+
Zm4iOiJnZXRBdHRyIiwiYXJndiI6W3sicmVmIjoiUGFydGl0aW9uUmVzdWx0
|
72
|
+
In0sInN1cHBvcnRzRklQUyJdfV19LHsiZm4iOiJib29sZWFuRXF1YWxzIiwi
|
73
|
+
YXJndiI6W3RydWUseyJmbiI6ImdldEF0dHIiLCJhcmd2IjpbeyJyZWYiOiJQ
|
74
|
+
YXJ0aXRpb25SZXN1bHQifSwic3VwcG9ydHNEdWFsU3RhY2siXX1dfV0sInR5
|
75
|
+
cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOltdLCJlbmRwb2lu
|
76
|
+
dCI6eyJ1cmwiOiJodHRwczovL3BvcnRhbC5zc28tZmlwcy57UmVnaW9ufS57
|
77
|
+
UGFydGl0aW9uUmVzdWx0I2R1YWxTdGFja0Ruc1N1ZmZpeH0iLCJwcm9wZXJ0
|
78
|
+
aWVzIjp7fSwiaGVhZGVycyI6e319LCJ0eXBlIjoiZW5kcG9pbnQifV19LHsi
|
79
|
+
Y29uZGl0aW9ucyI6W10sImVycm9yIjoiRklQUyBhbmQgRHVhbFN0YWNrIGFy
|
80
|
+
ZSBlbmFibGVkLCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBub3Qgc3VwcG9y
|
81
|
+
dCBvbmUgb3IgYm90aCIsInR5cGUiOiJlcnJvciJ9XX0seyJjb25kaXRpb25z
|
82
|
+
IjpbeyJmbiI6ImJvb2xlYW5FcXVhbHMiLCJhcmd2IjpbeyJyZWYiOiJVc2VG
|
83
|
+
SVBTIn0sdHJ1ZV19XSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0
|
84
|
+
aW9ucyI6W3siZm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3RydWUseyJm
|
85
|
+
biI6ImdldEF0dHIiLCJhcmd2IjpbeyJyZWYiOiJQYXJ0aXRpb25SZXN1bHQi
|
86
|
+
fSwic3VwcG9ydHNGSVBTIl19XX1dLCJ0eXBlIjoidHJlZSIsInJ1bGVzIjpb
|
87
|
+
eyJjb25kaXRpb25zIjpbXSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29u
|
88
|
+
ZGl0aW9ucyI6W10sImVuZHBvaW50Ijp7InVybCI6Imh0dHBzOi8vcG9ydGFs
|
89
|
+
LnNzby1maXBzLntSZWdpb259LntQYXJ0aXRpb25SZXN1bHQjZG5zU3VmZml4
|
90
|
+
fSIsInByb3BlcnRpZXMiOnt9LCJoZWFkZXJzIjp7fX0sInR5cGUiOiJlbmRw
|
91
|
+
b2ludCJ9XX1dfSx7ImNvbmRpdGlvbnMiOltdLCJlcnJvciI6IkZJUFMgaXMg
|
92
|
+
ZW5hYmxlZCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBub3Qgc3VwcG9ydCBG
|
93
|
+
SVBTIiwidHlwZSI6ImVycm9yIn1dfSx7ImNvbmRpdGlvbnMiOlt7ImZuIjoi
|
94
|
+
Ym9vbGVhbkVxdWFscyIsImFyZ3YiOlt7InJlZiI6IlVzZUR1YWxTdGFjayJ9
|
95
|
+
LHRydWVdfV0sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMi
|
96
|
+
Olt7ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt0cnVlLHsiZm4iOiJn
|
97
|
+
ZXRBdHRyIiwiYXJndiI6W3sicmVmIjoiUGFydGl0aW9uUmVzdWx0In0sInN1
|
98
|
+
cHBvcnRzRHVhbFN0YWNrIl19XX1dLCJ0eXBlIjoidHJlZSIsInJ1bGVzIjpb
|
99
|
+
eyJjb25kaXRpb25zIjpbXSwiZW5kcG9pbnQiOnsidXJsIjoiaHR0cHM6Ly9w
|
100
|
+
b3J0YWwuc3NvLntSZWdpb259LntQYXJ0aXRpb25SZXN1bHQjZHVhbFN0YWNr
|
101
|
+
RG5zU3VmZml4fSIsInByb3BlcnRpZXMiOnt9LCJoZWFkZXJzIjp7fX0sInR5
|
102
|
+
cGUiOiJlbmRwb2ludCJ9XX0seyJjb25kaXRpb25zIjpbXSwiZXJyb3IiOiJE
|
103
|
+
dWFsU3RhY2sgaXMgZW5hYmxlZCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBu
|
104
|
+
b3Qgc3VwcG9ydCBEdWFsU3RhY2siLCJ0eXBlIjoiZXJyb3IifV19LHsiY29u
|
105
|
+
ZGl0aW9ucyI6W10sImVuZHBvaW50Ijp7InVybCI6Imh0dHBzOi8vcG9ydGFs
|
106
|
+
LnNzby57UmVnaW9ufS57UGFydGl0aW9uUmVzdWx0I2Ruc1N1ZmZpeH0iLCJw
|
107
|
+
cm9wZXJ0aWVzIjp7fSwiaGVhZGVycyI6e319LCJ0eXBlIjoiZW5kcG9pbnQi
|
108
|
+
fV19XX0=
|
109
|
+
|
110
|
+
JSON
|
111
|
+
end
|
112
|
+
end
|