aws-sdk-core 3.164.0 → 3.165.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/arn.rb +13 -0
- data/lib/aws-sdk-core/binary/encode_handler.rb +12 -1
- data/lib/aws-sdk-core/endpoints/condition.rb +36 -0
- data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
- data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +71 -0
- data/lib/aws-sdk-core/endpoints/error_rule.rb +37 -0
- data/lib/aws-sdk-core/endpoints/function.rb +75 -0
- data/lib/aws-sdk-core/endpoints/matchers.rb +127 -0
- data/lib/aws-sdk-core/endpoints/reference.rb +26 -0
- data/lib/aws-sdk-core/endpoints/rule.rb +20 -0
- data/lib/aws-sdk-core/endpoints/rule_set.rb +47 -0
- data/lib/aws-sdk-core/endpoints/rules_provider.rb +32 -0
- data/lib/aws-sdk-core/endpoints/templater.rb +52 -0
- data/lib/aws-sdk-core/endpoints/tree_rule.rb +40 -0
- data/lib/aws-sdk-core/endpoints/url.rb +59 -0
- data/lib/aws-sdk-core/endpoints.rb +74 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +24 -0
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +6 -2
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +5 -0
- data/lib/aws-sdk-core/plugins/sign.rb +190 -0
- data/lib/aws-sdk-core/plugins/signature_v2.rb +1 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +1 -0
- data/lib/aws-sdk-core/rest/request/headers.rb +2 -6
- data/lib/aws-sdk-core.rb +3 -0
- data/lib/aws-sdk-sso/client.rb +20 -3
- data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-sso/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-sso/endpoints.rb +71 -0
- data/lib/aws-sdk-sso/plugins/endpoints.rb +76 -0
- data/lib/aws-sdk-sso.rb +5 -1
- data/lib/aws-sdk-ssooidc/client.rb +20 -3
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +111 -0
- data/lib/aws-sdk-ssooidc/endpoints.rb +57 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +74 -0
- data/lib/aws-sdk-ssooidc.rb +5 -1
- data/lib/aws-sdk-sts/client.rb +20 -3
- data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
- data/lib/aws-sdk-sts/endpoint_provider.rb +229 -0
- data/lib/aws-sdk-sts/endpoints.rb +135 -0
- data/lib/aws-sdk-sts/plugins/endpoints.rb +84 -0
- data/lib/aws-sdk-sts/presigner.rb +13 -15
- data/lib/aws-sdk-sts.rb +5 -1
- data/lib/seahorse/client/async_base.rb +0 -1
- data/lib/seahorse/client/configuration.rb +2 -2
- data/lib/seahorse/util.rb +4 -0
- metadata +31 -4
@@ -0,0 +1,59 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'ipaddr'
|
4
|
+
|
5
|
+
module Aws
|
6
|
+
module Endpoints
|
7
|
+
# @api private
|
8
|
+
class URL
|
9
|
+
def initialize(url)
|
10
|
+
uri = URI(url)
|
11
|
+
@scheme = uri.scheme
|
12
|
+
# only support http and https schemes
|
13
|
+
raise ArgumentError unless %w[https http].include?(@scheme)
|
14
|
+
|
15
|
+
# do not support query
|
16
|
+
raise ArgumentError if uri.query
|
17
|
+
|
18
|
+
@authority = _authority(url, uri)
|
19
|
+
@path = uri.path
|
20
|
+
@normalized_path = uri.path + (uri.path[-1] == '/' ? '' : '/')
|
21
|
+
@is_ip = _is_ip(uri.host)
|
22
|
+
end
|
23
|
+
|
24
|
+
attr_reader :scheme
|
25
|
+
attr_reader :authority
|
26
|
+
attr_reader :path
|
27
|
+
attr_reader :normalized_path
|
28
|
+
attr_reader :is_ip
|
29
|
+
|
30
|
+
def as_json(_options = {})
|
31
|
+
{
|
32
|
+
'scheme' => scheme,
|
33
|
+
'authority' => authority,
|
34
|
+
'path' => path,
|
35
|
+
'normalizedPath' => normalized_path,
|
36
|
+
'isIp' => is_ip
|
37
|
+
}
|
38
|
+
end
|
39
|
+
|
40
|
+
private
|
41
|
+
|
42
|
+
def _authority(url, uri)
|
43
|
+
# don't include port if it's default and not parsed originally
|
44
|
+
if uri.default_port == uri.port && !url.include?(":#{uri.port}")
|
45
|
+
uri.host
|
46
|
+
else
|
47
|
+
"#{uri.host}:#{uri.port}"
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
def _is_ip(authority)
|
52
|
+
IPAddr.new(authority)
|
53
|
+
true
|
54
|
+
rescue IPAddr::InvalidAddressError
|
55
|
+
false
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
@@ -0,0 +1,74 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'endpoints/rule'
|
4
|
+
require_relative 'endpoints/condition'
|
5
|
+
require_relative 'endpoints/endpoint_rule'
|
6
|
+
require_relative 'endpoints/endpoint'
|
7
|
+
require_relative 'endpoints/error_rule'
|
8
|
+
require_relative 'endpoints/function'
|
9
|
+
require_relative 'endpoints/matchers'
|
10
|
+
require_relative 'endpoints/reference'
|
11
|
+
require_relative 'endpoints/rules_provider'
|
12
|
+
require_relative 'endpoints/rule_set'
|
13
|
+
require_relative 'endpoints/templater'
|
14
|
+
require_relative 'endpoints/tree_rule'
|
15
|
+
require_relative 'endpoints/url'
|
16
|
+
|
17
|
+
module Aws
|
18
|
+
# @api private
|
19
|
+
module Endpoints
|
20
|
+
class << self
|
21
|
+
def resolve_auth_scheme(context, endpoint)
|
22
|
+
if endpoint && (auth_schemes = endpoint.properties['authSchemes'])
|
23
|
+
auth_scheme = auth_schemes.find do |scheme|
|
24
|
+
Aws::Plugins::Sign::SUPPORTED_AUTH_TYPES.include?(scheme['name'])
|
25
|
+
end
|
26
|
+
raise 'No supported auth scheme for this endpoint.' unless auth_scheme
|
27
|
+
|
28
|
+
merge_signing_defaults(auth_scheme, context.config)
|
29
|
+
else
|
30
|
+
default_auth_scheme(context)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
private
|
35
|
+
|
36
|
+
def default_auth_scheme(context)
|
37
|
+
case default_api_authtype(context)
|
38
|
+
when 'v4', 'v4-unsigned-body'
|
39
|
+
auth_scheme = { 'name' => 'sigv4' }
|
40
|
+
merge_signing_defaults(auth_scheme, context.config)
|
41
|
+
when 's3', 's3v4'
|
42
|
+
auth_scheme = { 'name' => 'sigv4', 'disableDoubleEncoding' => true }
|
43
|
+
merge_signing_defaults(auth_scheme, context.config)
|
44
|
+
when 'bearer'
|
45
|
+
{ 'name' => 'bearer' }
|
46
|
+
when 'none', nil
|
47
|
+
{ 'name' => 'none' }
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
def merge_signing_defaults(auth_scheme, config)
|
52
|
+
if %w[sigv4 sigv4a].include?(auth_scheme['name'])
|
53
|
+
auth_scheme['signingName'] ||= sigv4_name(config)
|
54
|
+
if auth_scheme['name'] == 'sigv4a'
|
55
|
+
auth_scheme['signingRegionSet'] ||= ['*']
|
56
|
+
else
|
57
|
+
auth_scheme['signingRegion'] ||= config.region
|
58
|
+
end
|
59
|
+
end
|
60
|
+
auth_scheme
|
61
|
+
end
|
62
|
+
|
63
|
+
def default_api_authtype(context)
|
64
|
+
context.config.api.operation(context.operation_name)['authtype'] ||
|
65
|
+
context.config.api.metadata['signatureVersion']
|
66
|
+
end
|
67
|
+
|
68
|
+
def sigv4_name(config)
|
69
|
+
config.api.metadata['signingName'] ||
|
70
|
+
config.api.metadata['endpointPrefix']
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
@@ -76,6 +76,30 @@ locations will be searched for credentials:
|
|
76
76
|
|
77
77
|
option(:instance_profile_credentials_timeout, 1)
|
78
78
|
|
79
|
+
option(:token_provider,
|
80
|
+
required: false,
|
81
|
+
doc_type: 'Aws::TokenProvider',
|
82
|
+
docstring: <<-DOCS
|
83
|
+
A Bearer Token Provider. This can be an instance of any one of the
|
84
|
+
following classes:
|
85
|
+
|
86
|
+
* `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
|
87
|
+
tokens.
|
88
|
+
|
89
|
+
* `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
|
90
|
+
access token generated from `aws login`.
|
91
|
+
|
92
|
+
When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
|
93
|
+
will be used to search for tokens configured for your profile in shared configuration files.
|
94
|
+
DOCS
|
95
|
+
) do |config|
|
96
|
+
if config.stub_responses
|
97
|
+
StaticTokenProvider.new('token')
|
98
|
+
else
|
99
|
+
TokenProviderChain.new(config).resolve
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
79
103
|
end
|
80
104
|
end
|
81
105
|
end
|
@@ -72,7 +72,11 @@ the background every 60 secs (default). Defaults to `false`.
|
|
72
72
|
context,
|
73
73
|
Aws::Util.str_2_bool(discovery_cfg["required"])
|
74
74
|
)
|
75
|
-
|
75
|
+
if endpoint
|
76
|
+
context.http_request.endpoint = _valid_uri(endpoint.address)
|
77
|
+
# Skips dynamic endpoint usage, use this endpoint instead
|
78
|
+
context[:discovered_endpoint] = true
|
79
|
+
end
|
76
80
|
if endpoint || context.config.endpoint_discovery
|
77
81
|
_apply_endpoint_discovery_user_agent(context)
|
78
82
|
end
|
@@ -100,7 +104,7 @@ the background every 60 secs (default). Defaults to `false`.
|
|
100
104
|
end
|
101
105
|
|
102
106
|
def _discover_endpoint(ctx, required)
|
103
|
-
cache = ctx.config.endpoint_cache
|
107
|
+
cache = ctx.config.endpoint_cache
|
104
108
|
key = cache.extract_key(ctx)
|
105
109
|
|
106
110
|
if required
|
@@ -43,8 +43,13 @@ is set to `true`.
|
|
43
43
|
resolve_use_fips_endpoint(cfg)
|
44
44
|
end
|
45
45
|
|
46
|
+
# This option signals whether :endpoint was provided or not.
|
47
|
+
# Legacy endpoints must continue to be generated at client time.
|
46
48
|
option(:regional_endpoint, false)
|
47
49
|
|
50
|
+
# NOTE: All of the defaults block code is effectively deprecated.
|
51
|
+
# Because old services can depend on this new core version, we must
|
52
|
+
# retain it.
|
48
53
|
option(:endpoint, doc_type: String, docstring: <<-DOCS) do |cfg|
|
49
54
|
The client endpoint is normally constructed from the `:region`
|
50
55
|
option. You should only configure an `:endpoint` when connecting
|
@@ -0,0 +1,190 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'aws-sigv4'
|
4
|
+
|
5
|
+
module Aws
|
6
|
+
module Plugins
|
7
|
+
# @api private
|
8
|
+
class Sign < Seahorse::Client::Plugin
|
9
|
+
# These once had defaults. But now they are used as overrides to
|
10
|
+
# new endpoint and auth resolution.
|
11
|
+
option(:sigv4_signer)
|
12
|
+
option(:sigv4_name)
|
13
|
+
option(:sigv4_region)
|
14
|
+
option(:unsigned_operations, default: [])
|
15
|
+
|
16
|
+
supported_auth_types = %w[sigv4 bearer none]
|
17
|
+
supported_auth_types += ['sigv4a'] if Aws::Sigv4::Signer.use_crt?
|
18
|
+
SUPPORTED_AUTH_TYPES = supported_auth_types.freeze
|
19
|
+
|
20
|
+
def add_handlers(handlers, cfg)
|
21
|
+
operations = cfg.api.operation_names - cfg.unsigned_operations
|
22
|
+
handlers.add(Handler, step: :sign, operations: operations)
|
23
|
+
end
|
24
|
+
|
25
|
+
# @api private
|
26
|
+
# Return a signer with the `sign(context)` method
|
27
|
+
def self.signer_for(auth_scheme, config, region_override = nil)
|
28
|
+
case auth_scheme['name']
|
29
|
+
when 'sigv4', 'sigv4a'
|
30
|
+
SignatureV4.new(auth_scheme, config, region_override)
|
31
|
+
when 'bearer'
|
32
|
+
Bearer.new
|
33
|
+
else
|
34
|
+
NullSigner.new
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
class Handler < Seahorse::Client::Handler
|
39
|
+
def call(context)
|
40
|
+
signer = Sign.signer_for(
|
41
|
+
context[:auth_scheme],
|
42
|
+
context.config,
|
43
|
+
context[:sigv4_region]
|
44
|
+
)
|
45
|
+
|
46
|
+
signer.sign(context)
|
47
|
+
@handler.call(context)
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
# @api private
|
52
|
+
class Bearer
|
53
|
+
def initialize
|
54
|
+
end
|
55
|
+
|
56
|
+
def sign(context)
|
57
|
+
if context.http_request.endpoint.scheme != 'https'
|
58
|
+
raise ArgumentError,
|
59
|
+
'Unable to use bearer authorization on non https endpoint.'
|
60
|
+
end
|
61
|
+
|
62
|
+
token_provider = context.config.token_provider
|
63
|
+
|
64
|
+
raise Errors::MissingBearerTokenError unless token_provider&.set?
|
65
|
+
|
66
|
+
context.http_request.headers['Authorization'] =
|
67
|
+
"Bearer #{token_provider.token.token}"
|
68
|
+
end
|
69
|
+
|
70
|
+
def presign_url(*args)
|
71
|
+
raise ArgumentError, 'Bearer auth does not support presigned urls'
|
72
|
+
end
|
73
|
+
|
74
|
+
def sign_event(*args)
|
75
|
+
raise ArgumentError, 'Bearer auth does not support event signing'
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
# @api private
|
80
|
+
class SignatureV4
|
81
|
+
def initialize(auth_scheme, config, region_override = nil)
|
82
|
+
scheme_name = auth_scheme['name']
|
83
|
+
|
84
|
+
unless %w[sigv4 sigv4a].include?(scheme_name)
|
85
|
+
raise ArgumentError,
|
86
|
+
"Expected sigv4 or sigv4a auth scheme, got #{scheme_name}"
|
87
|
+
end
|
88
|
+
|
89
|
+
region = if scheme_name == 'sigv4a'
|
90
|
+
auth_scheme['signingRegionSet'].first
|
91
|
+
else
|
92
|
+
auth_scheme['signingRegion']
|
93
|
+
end
|
94
|
+
begin
|
95
|
+
@signer = Aws::Sigv4::Signer.new(
|
96
|
+
service: config.sigv4_name || auth_scheme['signingName'],
|
97
|
+
region: region_override || config.sigv4_region || region,
|
98
|
+
credentials_provider: config.credentials,
|
99
|
+
signing_algorithm: scheme_name.to_sym,
|
100
|
+
uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
|
101
|
+
unsigned_headers: %w[content-length user-agent x-amzn-trace-id]
|
102
|
+
)
|
103
|
+
rescue Aws::Sigv4::Errors::MissingCredentialsError
|
104
|
+
raise Aws::Errors::MissingCredentialsError
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
def sign(context)
|
109
|
+
req = context.http_request
|
110
|
+
|
111
|
+
apply_authtype(context, req)
|
112
|
+
reset_signature(req)
|
113
|
+
apply_clock_skew(context, req)
|
114
|
+
|
115
|
+
# compute the signature
|
116
|
+
begin
|
117
|
+
signature = @signer.sign_request(
|
118
|
+
http_method: req.http_method,
|
119
|
+
url: req.endpoint,
|
120
|
+
headers: req.headers,
|
121
|
+
body: req.body
|
122
|
+
)
|
123
|
+
rescue Aws::Sigv4::Errors::MissingCredentialsError
|
124
|
+
# Necessary for when credentials is explicitly set to nil
|
125
|
+
raise Aws::Errors::MissingCredentialsError
|
126
|
+
end
|
127
|
+
# apply signature headers
|
128
|
+
req.headers.update(signature.headers)
|
129
|
+
|
130
|
+
# add request metadata with signature components for debugging
|
131
|
+
context[:canonical_request] = signature.canonical_request
|
132
|
+
context[:string_to_sign] = signature.string_to_sign
|
133
|
+
end
|
134
|
+
|
135
|
+
def presign_url(*args)
|
136
|
+
@signer.presign_url(*args)
|
137
|
+
end
|
138
|
+
|
139
|
+
def sign_event(*args)
|
140
|
+
@signer.sign_event(*args)
|
141
|
+
end
|
142
|
+
|
143
|
+
private
|
144
|
+
|
145
|
+
def apply_authtype(context, req)
|
146
|
+
if context.operation['authtype'].eql?('v4-unsigned-body') &&
|
147
|
+
req.endpoint.scheme.eql?('https')
|
148
|
+
req.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
|
149
|
+
end
|
150
|
+
end
|
151
|
+
|
152
|
+
def reset_signature(req)
|
153
|
+
# in case this request is being re-signed
|
154
|
+
req.headers.delete('Authorization')
|
155
|
+
req.headers.delete('X-Amz-Security-Token')
|
156
|
+
req.headers.delete('X-Amz-Date')
|
157
|
+
req.headers.delete('x-Amz-Region-Set')
|
158
|
+
end
|
159
|
+
|
160
|
+
def apply_clock_skew(context, req)
|
161
|
+
if context.config.respond_to?(:clock_skew) &&
|
162
|
+
context.config.clock_skew &&
|
163
|
+
context.config.correct_clock_skew
|
164
|
+
|
165
|
+
endpoint = context.http_request.endpoint
|
166
|
+
skew = context.config.clock_skew.clock_correction(endpoint)
|
167
|
+
if skew.abs.positive?
|
168
|
+
req.headers['X-Amz-Date'] =
|
169
|
+
(Time.now.utc + skew).strftime('%Y%m%dT%H%M%SZ')
|
170
|
+
end
|
171
|
+
end
|
172
|
+
end
|
173
|
+
|
174
|
+
end
|
175
|
+
|
176
|
+
# @api private
|
177
|
+
class NullSigner
|
178
|
+
|
179
|
+
def sign(context)
|
180
|
+
end
|
181
|
+
|
182
|
+
def presign_url(*args)
|
183
|
+
end
|
184
|
+
|
185
|
+
def sign_event(*args)
|
186
|
+
end
|
187
|
+
end
|
188
|
+
end
|
189
|
+
end
|
190
|
+
end
|
@@ -53,12 +53,8 @@ module Aws
|
|
53
53
|
return if !value || value.empty?
|
54
54
|
headers[ref.location_name] = value
|
55
55
|
.compact
|
56
|
-
.map { |s| escape_header_list_string(s.to_s) }
|
57
|
-
.join(
|
58
|
-
end
|
59
|
-
|
60
|
-
def escape_header_list_string(s)
|
61
|
-
(s.include?('"') || s.include?(",")) ? "\"#{s.gsub('"', '\"')}\"" : s
|
56
|
+
.map { |s| Seahorse::Util.escape_header_list_string(s.to_s) }
|
57
|
+
.join(',')
|
62
58
|
end
|
63
59
|
|
64
60
|
def apply_header_map(headers, ref, values)
|
data/lib/aws-sdk-core.rb
CHANGED
@@ -97,6 +97,9 @@ require_relative 'aws-sdk-core/arn'
|
|
97
97
|
require_relative 'aws-sdk-core/arn_parser'
|
98
98
|
require_relative 'aws-sdk-core/ec2_metadata'
|
99
99
|
|
100
|
+
# dynamic endpoints
|
101
|
+
require_relative 'aws-sdk-core/endpoints'
|
102
|
+
|
100
103
|
# defaults
|
101
104
|
require_relative 'aws-defaults'
|
102
105
|
|
data/lib/aws-sdk-sso/client.rb
CHANGED
@@ -30,7 +30,7 @@ require 'aws-sdk-core/plugins/http_checksum.rb'
|
|
30
30
|
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
31
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
32
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
33
|
-
require 'aws-sdk-core/plugins/
|
33
|
+
require 'aws-sdk-core/plugins/sign.rb'
|
34
34
|
require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
35
35
|
|
36
36
|
Aws::Plugins::GlobalConfiguration.add_identifier(:sso)
|
@@ -79,8 +79,9 @@ module Aws::SSO
|
|
79
79
|
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
80
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
81
81
|
add_plugin(Aws::Plugins::RecursionDetection)
|
82
|
-
add_plugin(Aws::Plugins::
|
82
|
+
add_plugin(Aws::Plugins::Sign)
|
83
83
|
add_plugin(Aws::Plugins::Protocols::RestJson)
|
84
|
+
add_plugin(Aws::SSO::Plugins::Endpoints)
|
84
85
|
|
85
86
|
# @overload initialize(options)
|
86
87
|
# @param [Hash] options
|
@@ -287,6 +288,19 @@ module Aws::SSO
|
|
287
288
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
288
289
|
# requests are made, and retries are disabled.
|
289
290
|
#
|
291
|
+
# @option options [Aws::TokenProvider] :token_provider
|
292
|
+
# A Bearer Token Provider. This can be an instance of any one of the
|
293
|
+
# following classes:
|
294
|
+
#
|
295
|
+
# * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
|
296
|
+
# tokens.
|
297
|
+
#
|
298
|
+
# * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
|
299
|
+
# access token generated from `aws login`.
|
300
|
+
#
|
301
|
+
# When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
|
302
|
+
# will be used to search for tokens configured for your profile in shared configuration files.
|
303
|
+
#
|
290
304
|
# @option options [Boolean] :use_dualstack_endpoint
|
291
305
|
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
292
306
|
# will be used if available.
|
@@ -300,6 +314,9 @@ module Aws::SSO
|
|
300
314
|
# When `true`, request parameters are validated before
|
301
315
|
# sending the request.
|
302
316
|
#
|
317
|
+
# @option options [Aws::SSO::EndpointProvider] :endpoint_provider
|
318
|
+
# The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::SSO::EndpointParameters`
|
319
|
+
#
|
303
320
|
# @option options [URI::HTTP,String] :http_proxy A proxy to send
|
304
321
|
# requests through. Formatted like 'http://proxy.com:123'.
|
305
322
|
#
|
@@ -568,7 +585,7 @@ module Aws::SSO
|
|
568
585
|
params: params,
|
569
586
|
config: config)
|
570
587
|
context[:gem_name] = 'aws-sdk-core'
|
571
|
-
context[:gem_version] = '3.
|
588
|
+
context[:gem_version] = '3.165.0'
|
572
589
|
Seahorse::Client::Request.new(handlers, context)
|
573
590
|
end
|
574
591
|
|
@@ -0,0 +1,66 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
module Aws::SSO
|
11
|
+
# Endpoint parameters used to influence endpoints per request.
|
12
|
+
#
|
13
|
+
# @!attribute region
|
14
|
+
# The AWS region used to dispatch the request.
|
15
|
+
#
|
16
|
+
# @return [String]
|
17
|
+
#
|
18
|
+
# @!attribute use_dual_stack
|
19
|
+
# When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.
|
20
|
+
#
|
21
|
+
# @return [Boolean]
|
22
|
+
#
|
23
|
+
# @!attribute use_fips
|
24
|
+
# When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.
|
25
|
+
#
|
26
|
+
# @return [Boolean]
|
27
|
+
#
|
28
|
+
# @!attribute endpoint
|
29
|
+
# Override the endpoint used to send this request
|
30
|
+
#
|
31
|
+
# @return [String]
|
32
|
+
#
|
33
|
+
EndpointParameters = Struct.new(
|
34
|
+
:region,
|
35
|
+
:use_dual_stack,
|
36
|
+
:use_fips,
|
37
|
+
:endpoint,
|
38
|
+
) do
|
39
|
+
include Aws::Structure
|
40
|
+
|
41
|
+
# @api private
|
42
|
+
class << self
|
43
|
+
PARAM_MAP = {
|
44
|
+
'Region' => :region,
|
45
|
+
'UseDualStack' => :use_dual_stack,
|
46
|
+
'UseFIPS' => :use_fips,
|
47
|
+
'Endpoint' => :endpoint,
|
48
|
+
}.freeze
|
49
|
+
end
|
50
|
+
|
51
|
+
def initialize(options = {})
|
52
|
+
self[:region] = options[:region]
|
53
|
+
self[:use_dual_stack] = options[:use_dual_stack]
|
54
|
+
self[:use_dual_stack] = false if self[:use_dual_stack].nil?
|
55
|
+
if self[:use_dual_stack].nil?
|
56
|
+
raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack"
|
57
|
+
end
|
58
|
+
self[:use_fips] = options[:use_fips]
|
59
|
+
self[:use_fips] = false if self[:use_fips].nil?
|
60
|
+
if self[:use_fips].nil?
|
61
|
+
raise ArgumentError, "Missing required EndpointParameter: :use_fips"
|
62
|
+
end
|
63
|
+
self[:endpoint] = options[:endpoint]
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
@@ -0,0 +1,112 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
module Aws::SSO
|
11
|
+
class EndpointProvider
|
12
|
+
def initialize(rule_set = nil)
|
13
|
+
@@rule_set ||= begin
|
14
|
+
endpoint_rules = Aws::Json.load(Base64.decode64(RULES))
|
15
|
+
Aws::Endpoints::RuleSet.new(
|
16
|
+
version: endpoint_rules['version'],
|
17
|
+
service_id: endpoint_rules['serviceId'],
|
18
|
+
parameters: endpoint_rules['parameters'],
|
19
|
+
rules: endpoint_rules['rules']
|
20
|
+
)
|
21
|
+
end
|
22
|
+
@provider = Aws::Endpoints::RulesProvider.new(rule_set || @@rule_set)
|
23
|
+
end
|
24
|
+
|
25
|
+
def resolve_endpoint(parameters)
|
26
|
+
@provider.resolve_endpoint(parameters)
|
27
|
+
end
|
28
|
+
|
29
|
+
# @api private
|
30
|
+
RULES = <<-JSON
|
31
|
+
eyJ2ZXJzaW9uIjoiMS4wIiwicGFyYW1ldGVycyI6eyJSZWdpb24iOnsiYnVp
|
32
|
+
bHRJbiI6IkFXUzo6UmVnaW9uIiwicmVxdWlyZWQiOmZhbHNlLCJkb2N1bWVu
|
33
|
+
dGF0aW9uIjoiVGhlIEFXUyByZWdpb24gdXNlZCB0byBkaXNwYXRjaCB0aGUg
|
34
|
+
cmVxdWVzdC4iLCJ0eXBlIjoiU3RyaW5nIn0sIlVzZUR1YWxTdGFjayI6eyJi
|
35
|
+
dWlsdEluIjoiQVdTOjpVc2VEdWFsU3RhY2siLCJyZXF1aXJlZCI6dHJ1ZSwi
|
36
|
+
ZGVmYXVsdCI6ZmFsc2UsImRvY3VtZW50YXRpb24iOiJXaGVuIHRydWUsIHVz
|
37
|
+
ZSB0aGUgZHVhbC1zdGFjayBlbmRwb2ludC4gSWYgdGhlIGNvbmZpZ3VyZWQg
|
38
|
+
ZW5kcG9pbnQgZG9lcyBub3Qgc3VwcG9ydCBkdWFsLXN0YWNrLCBkaXNwYXRj
|
39
|
+
aGluZyB0aGUgcmVxdWVzdCBNQVkgcmV0dXJuIGFuIGVycm9yLiIsInR5cGUi
|
40
|
+
OiJCb29sZWFuIn0sIlVzZUZJUFMiOnsiYnVpbHRJbiI6IkFXUzo6VXNlRklQ
|
41
|
+
UyIsInJlcXVpcmVkIjp0cnVlLCJkZWZhdWx0IjpmYWxzZSwiZG9jdW1lbnRh
|
42
|
+
dGlvbiI6IldoZW4gdHJ1ZSwgc2VuZCB0aGlzIHJlcXVlc3QgdG8gdGhlIEZJ
|
43
|
+
UFMtY29tcGxpYW50IHJlZ2lvbmFsIGVuZHBvaW50LiBJZiB0aGUgY29uZmln
|
44
|
+
dXJlZCBlbmRwb2ludCBkb2VzIG5vdCBoYXZlIGEgRklQUyBjb21wbGlhbnQg
|
45
|
+
ZW5kcG9pbnQsIGRpc3BhdGNoaW5nIHRoZSByZXF1ZXN0IHdpbGwgcmV0dXJu
|
46
|
+
IGFuIGVycm9yLiIsInR5cGUiOiJCb29sZWFuIn0sIkVuZHBvaW50Ijp7ImJ1
|
47
|
+
aWx0SW4iOiJTREs6OkVuZHBvaW50IiwicmVxdWlyZWQiOmZhbHNlLCJkb2N1
|
48
|
+
bWVudGF0aW9uIjoiT3ZlcnJpZGUgdGhlIGVuZHBvaW50IHVzZWQgdG8gc2Vu
|
49
|
+
ZCB0aGlzIHJlcXVlc3QiLCJ0eXBlIjoiU3RyaW5nIn19LCJydWxlcyI6W3si
|
50
|
+
Y29uZGl0aW9ucyI6W3siZm4iOiJhd3MucGFydGl0aW9uIiwiYXJndiI6W3si
|
51
|
+
cmVmIjoiUmVnaW9uIn1dLCJhc3NpZ24iOiJQYXJ0aXRpb25SZXN1bHQifV0s
|
52
|
+
InR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOlt7ImZuIjoi
|
53
|
+
aXNTZXQiLCJhcmd2IjpbeyJyZWYiOiJFbmRwb2ludCJ9XX0seyJmbiI6InBh
|
54
|
+
cnNlVVJMIiwiYXJndiI6W3sicmVmIjoiRW5kcG9pbnQifV0sImFzc2lnbiI6
|
55
|
+
InVybCJ9XSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0aW9ucyI6
|
56
|
+
W3siZm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRklQ
|
57
|
+
UyJ9LHRydWVdfV0sImVycm9yIjoiSW52YWxpZCBDb25maWd1cmF0aW9uOiBG
|
58
|
+
SVBTIGFuZCBjdXN0b20gZW5kcG9pbnQgYXJlIG5vdCBzdXBwb3J0ZWQiLCJ0
|
59
|
+
eXBlIjoiZXJyb3IifSx7ImNvbmRpdGlvbnMiOltdLCJ0eXBlIjoidHJlZSIs
|
60
|
+
InJ1bGVzIjpbeyJjb25kaXRpb25zIjpbeyJmbiI6ImJvb2xlYW5FcXVhbHMi
|
61
|
+
LCJhcmd2IjpbeyJyZWYiOiJVc2VEdWFsU3RhY2sifSx0cnVlXX1dLCJlcnJv
|
62
|
+
ciI6IkludmFsaWQgQ29uZmlndXJhdGlvbjogRHVhbHN0YWNrIGFuZCBjdXN0
|
63
|
+
b20gZW5kcG9pbnQgYXJlIG5vdCBzdXBwb3J0ZWQiLCJ0eXBlIjoiZXJyb3Ii
|
64
|
+
fSx7ImNvbmRpdGlvbnMiOltdLCJlbmRwb2ludCI6eyJ1cmwiOnsicmVmIjoi
|
65
|
+
RW5kcG9pbnQifSwicHJvcGVydGllcyI6e30sImhlYWRlcnMiOnt9fSwidHlw
|
66
|
+
ZSI6ImVuZHBvaW50In1dfV19LHsiY29uZGl0aW9ucyI6W3siZm4iOiJib29s
|
67
|
+
ZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRklQUyJ9LHRydWVdfSx7
|
68
|
+
ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt7InJlZiI6IlVzZUR1YWxT
|
69
|
+
dGFjayJ9LHRydWVdfV0sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRp
|
70
|
+
dGlvbnMiOlt7ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt0cnVlLHsi
|
71
|
+
Zm4iOiJnZXRBdHRyIiwiYXJndiI6W3sicmVmIjoiUGFydGl0aW9uUmVzdWx0
|
72
|
+
In0sInN1cHBvcnRzRklQUyJdfV19LHsiZm4iOiJib29sZWFuRXF1YWxzIiwi
|
73
|
+
YXJndiI6W3RydWUseyJmbiI6ImdldEF0dHIiLCJhcmd2IjpbeyJyZWYiOiJQ
|
74
|
+
YXJ0aXRpb25SZXN1bHQifSwic3VwcG9ydHNEdWFsU3RhY2siXX1dfV0sInR5
|
75
|
+
cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOltdLCJlbmRwb2lu
|
76
|
+
dCI6eyJ1cmwiOiJodHRwczovL3BvcnRhbC5zc28tZmlwcy57UmVnaW9ufS57
|
77
|
+
UGFydGl0aW9uUmVzdWx0I2R1YWxTdGFja0Ruc1N1ZmZpeH0iLCJwcm9wZXJ0
|
78
|
+
aWVzIjp7fSwiaGVhZGVycyI6e319LCJ0eXBlIjoiZW5kcG9pbnQifV19LHsi
|
79
|
+
Y29uZGl0aW9ucyI6W10sImVycm9yIjoiRklQUyBhbmQgRHVhbFN0YWNrIGFy
|
80
|
+
ZSBlbmFibGVkLCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBub3Qgc3VwcG9y
|
81
|
+
dCBvbmUgb3IgYm90aCIsInR5cGUiOiJlcnJvciJ9XX0seyJjb25kaXRpb25z
|
82
|
+
IjpbeyJmbiI6ImJvb2xlYW5FcXVhbHMiLCJhcmd2IjpbeyJyZWYiOiJVc2VG
|
83
|
+
SVBTIn0sdHJ1ZV19XSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0
|
84
|
+
aW9ucyI6W3siZm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3RydWUseyJm
|
85
|
+
biI6ImdldEF0dHIiLCJhcmd2IjpbeyJyZWYiOiJQYXJ0aXRpb25SZXN1bHQi
|
86
|
+
fSwic3VwcG9ydHNGSVBTIl19XX1dLCJ0eXBlIjoidHJlZSIsInJ1bGVzIjpb
|
87
|
+
eyJjb25kaXRpb25zIjpbXSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29u
|
88
|
+
ZGl0aW9ucyI6W10sImVuZHBvaW50Ijp7InVybCI6Imh0dHBzOi8vcG9ydGFs
|
89
|
+
LnNzby1maXBzLntSZWdpb259LntQYXJ0aXRpb25SZXN1bHQjZG5zU3VmZml4
|
90
|
+
fSIsInByb3BlcnRpZXMiOnt9LCJoZWFkZXJzIjp7fX0sInR5cGUiOiJlbmRw
|
91
|
+
b2ludCJ9XX1dfSx7ImNvbmRpdGlvbnMiOltdLCJlcnJvciI6IkZJUFMgaXMg
|
92
|
+
ZW5hYmxlZCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBub3Qgc3VwcG9ydCBG
|
93
|
+
SVBTIiwidHlwZSI6ImVycm9yIn1dfSx7ImNvbmRpdGlvbnMiOlt7ImZuIjoi
|
94
|
+
Ym9vbGVhbkVxdWFscyIsImFyZ3YiOlt7InJlZiI6IlVzZUR1YWxTdGFjayJ9
|
95
|
+
LHRydWVdfV0sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMi
|
96
|
+
Olt7ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt0cnVlLHsiZm4iOiJn
|
97
|
+
ZXRBdHRyIiwiYXJndiI6W3sicmVmIjoiUGFydGl0aW9uUmVzdWx0In0sInN1
|
98
|
+
cHBvcnRzRHVhbFN0YWNrIl19XX1dLCJ0eXBlIjoidHJlZSIsInJ1bGVzIjpb
|
99
|
+
eyJjb25kaXRpb25zIjpbXSwiZW5kcG9pbnQiOnsidXJsIjoiaHR0cHM6Ly9w
|
100
|
+
b3J0YWwuc3NvLntSZWdpb259LntQYXJ0aXRpb25SZXN1bHQjZHVhbFN0YWNr
|
101
|
+
RG5zU3VmZml4fSIsInByb3BlcnRpZXMiOnt9LCJoZWFkZXJzIjp7fX0sInR5
|
102
|
+
cGUiOiJlbmRwb2ludCJ9XX0seyJjb25kaXRpb25zIjpbXSwiZXJyb3IiOiJE
|
103
|
+
dWFsU3RhY2sgaXMgZW5hYmxlZCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBu
|
104
|
+
b3Qgc3VwcG9ydCBEdWFsU3RhY2siLCJ0eXBlIjoiZXJyb3IifV19LHsiY29u
|
105
|
+
ZGl0aW9ucyI6W10sImVuZHBvaW50Ijp7InVybCI6Imh0dHBzOi8vcG9ydGFs
|
106
|
+
LnNzby57UmVnaW9ufS57UGFydGl0aW9uUmVzdWx0I2Ruc1N1ZmZpeH0iLCJw
|
107
|
+
cm9wZXJ0aWVzIjp7fSwiaGVhZGVycyI6e319LCJ0eXBlIjoiZW5kcG9pbnQi
|
108
|
+
fV19XX0=
|
109
|
+
|
110
|
+
JSON
|
111
|
+
end
|
112
|
+
end
|