aws-sdk-core 3.181.0 → 3.190.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +84 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/ecs_credentials.rb +76 -10
- data/lib/aws-sdk-core/endpoints/matchers.rb +13 -9
- data/lib/aws-sdk-core/endpoints.rb +1 -1
- data/lib/aws-sdk-core/errors.rb +1 -1
- data/lib/aws-sdk-core/instance_profile_credentials.rb +52 -30
- data/lib/aws-sdk-core/json/handler.rb +8 -1
- data/lib/aws-sdk-core/json/parser.rb +27 -2
- data/lib/aws-sdk-core/param_validator.rb +2 -2
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +4 -2
- data/lib/aws-sdk-core/plugins/http_checksum.rb +2 -1
- data/lib/aws-sdk-core/plugins/sign.rb +15 -10
- data/lib/aws-sdk-core/refreshing_credentials.rb +12 -6
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +43 -29
- data/lib/aws-sdk-core/shared_config.rb +2 -0
- data/lib/aws-sdk-sso/client.rb +1 -1
- data/lib/aws-sdk-sso/endpoint_provider.rb +30 -24
- data/lib/aws-sdk-sso/plugins/endpoints.rb +3 -2
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-ssooidc/client.rb +338 -29
- data/lib/aws-sdk-ssooidc/client_api.rb +56 -1
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +30 -24
- data/lib/aws-sdk-ssooidc/endpoints.rb +14 -0
- data/lib/aws-sdk-ssooidc/errors.rb +31 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +5 -2
- data/lib/aws-sdk-ssooidc/types.rb +302 -49
- data/lib/aws-sdk-ssooidc.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +11 -3
- data/lib/aws-sdk-sts/client_api.rb +2 -1
- data/lib/aws-sdk-sts/endpoint_provider.rb +2 -2
- data/lib/aws-sdk-sts/plugins/endpoints.rb +3 -2
- data/lib/aws-sdk-sts/presigner.rb +1 -1
- data/lib/aws-sdk-sts/types.rb +18 -4
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/seahorse/client/net_http/patches.rb +1 -4
- data/lib/seahorse/client/plugins/h2.rb +3 -3
- metadata +7 -7
@@ -1,7 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require 'thread'
|
4
|
-
|
5
3
|
module Aws
|
6
4
|
|
7
5
|
# Base class used credential classes that can be refreshed. This
|
@@ -48,6 +46,14 @@ module Aws
|
|
48
46
|
|
49
47
|
private
|
50
48
|
|
49
|
+
def sync_expiration_length
|
50
|
+
self.class::SYNC_EXPIRATION_LENGTH
|
51
|
+
end
|
52
|
+
|
53
|
+
def async_expiration_length
|
54
|
+
self.class::ASYNC_EXPIRATION_LENGTH
|
55
|
+
end
|
56
|
+
|
51
57
|
# Refreshes credentials asynchronously and synchronously.
|
52
58
|
# If we are near to expiration, block while getting new credentials.
|
53
59
|
# Otherwise, if we're approaching expiration, use the existing credentials
|
@@ -56,18 +62,18 @@ module Aws
|
|
56
62
|
# Note: This check is an optimization. Rather than acquire the mutex on every #refresh_if_near_expiration
|
57
63
|
# call, we check before doing so, and then we check within the mutex to avoid a race condition.
|
58
64
|
# See issue: https://github.com/aws/aws-sdk-ruby/issues/2641 for more info.
|
59
|
-
if near_expiration?(
|
65
|
+
if near_expiration?(sync_expiration_length)
|
60
66
|
@mutex.synchronize do
|
61
|
-
if near_expiration?(
|
67
|
+
if near_expiration?(sync_expiration_length)
|
62
68
|
@before_refresh.call(self) if @before_refresh
|
63
69
|
refresh
|
64
70
|
end
|
65
71
|
end
|
66
|
-
elsif @async_refresh && near_expiration?(
|
72
|
+
elsif @async_refresh && near_expiration?(async_expiration_length)
|
67
73
|
unless @mutex.locked?
|
68
74
|
Thread.new do
|
69
75
|
@mutex.synchronize do
|
70
|
-
if near_expiration?(
|
76
|
+
if near_expiration?(async_expiration_length)
|
71
77
|
@before_refresh.call(self) if @before_refresh
|
72
78
|
refresh
|
73
79
|
end
|
@@ -4,9 +4,16 @@ module Aws
|
|
4
4
|
module Rest
|
5
5
|
module Request
|
6
6
|
class QuerystringBuilder
|
7
|
-
|
8
7
|
include Seahorse::Model::Shapes
|
9
8
|
|
9
|
+
SUPPORTED_TYPES = [
|
10
|
+
BooleanShape,
|
11
|
+
FloatShape,
|
12
|
+
IntegerShape,
|
13
|
+
StringShape,
|
14
|
+
TimestampShape
|
15
|
+
].freeze
|
16
|
+
|
10
17
|
# Provide shape references and param values:
|
11
18
|
#
|
12
19
|
# [
|
@@ -33,29 +40,12 @@ module Aws
|
|
33
40
|
def build_part(shape_ref, param_value)
|
34
41
|
case shape_ref.shape
|
35
42
|
# supported scalar types
|
36
|
-
when
|
37
|
-
|
38
|
-
"#{param_name}=#{escape(param_value.to_s)}"
|
39
|
-
when TimestampShape
|
40
|
-
param_name = shape_ref.location_name
|
41
|
-
"#{param_name}=#{escape(timestamp(shape_ref, param_value))}"
|
43
|
+
when *SUPPORTED_TYPES
|
44
|
+
"#{shape_ref.location_name}=#{query_value(shape_ref, param_value)}"
|
42
45
|
when MapShape
|
43
|
-
|
44
|
-
query_map_of_string(param_value)
|
45
|
-
elsif ListShape === shape_ref.shape.value.shape
|
46
|
-
query_map_of_string_list(param_value)
|
47
|
-
else
|
48
|
-
msg = "only map of string and string list supported"
|
49
|
-
raise NotImplementedError, msg
|
50
|
-
end
|
46
|
+
generate_query_map(shape_ref, param_value)
|
51
47
|
when ListShape
|
52
|
-
|
53
|
-
list_of_strings(shape_ref.location_name, param_value)
|
54
|
-
else
|
55
|
-
msg = "Only list of strings supported, got "\
|
56
|
-
"#{shape_ref.shape.member.shape.class.name}"
|
57
|
-
raise NotImplementedError, msg
|
58
|
-
end
|
48
|
+
generate_query_list(shape_ref, param_value)
|
59
49
|
else
|
60
50
|
raise NotImplementedError
|
61
51
|
end
|
@@ -71,6 +61,37 @@ module Aws
|
|
71
61
|
end
|
72
62
|
end
|
73
63
|
|
64
|
+
def query_value(ref, value)
|
65
|
+
case ref.shape
|
66
|
+
when TimestampShape
|
67
|
+
escape(timestamp(ref, value))
|
68
|
+
when *SUPPORTED_TYPES
|
69
|
+
escape(value.to_s)
|
70
|
+
else
|
71
|
+
raise NotImplementedError
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
def generate_query_list(ref, values)
|
76
|
+
member_ref = ref.shape.member
|
77
|
+
values.map do |value|
|
78
|
+
value = query_value(member_ref, value)
|
79
|
+
"#{ref.location_name}=#{value}"
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
def generate_query_map(ref, value)
|
84
|
+
case ref.shape.value.shape
|
85
|
+
when StringShape
|
86
|
+
query_map_of_string(value)
|
87
|
+
when ListShape
|
88
|
+
query_map_of_string_list(value)
|
89
|
+
else
|
90
|
+
msg = 'Only map of string and string list supported'
|
91
|
+
raise NotImplementedError, msg
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
74
95
|
def query_map_of_string(hash)
|
75
96
|
list = []
|
76
97
|
hash.each_pair do |key, value|
|
@@ -89,16 +110,9 @@ module Aws
|
|
89
110
|
list
|
90
111
|
end
|
91
112
|
|
92
|
-
def list_of_strings(name, values)
|
93
|
-
values.map do |value|
|
94
|
-
"#{name}=#{escape(value)}"
|
95
|
-
end
|
96
|
-
end
|
97
|
-
|
98
113
|
def escape(string)
|
99
114
|
Seahorse::Util.uri_escape(string)
|
100
115
|
end
|
101
|
-
|
102
116
|
end
|
103
117
|
end
|
104
118
|
end
|
@@ -205,6 +205,7 @@ module Aws
|
|
205
205
|
:use_fips_endpoint,
|
206
206
|
:ec2_metadata_service_endpoint,
|
207
207
|
:ec2_metadata_service_endpoint_mode,
|
208
|
+
:ec2_metadata_v1_disabled,
|
208
209
|
:max_attempts,
|
209
210
|
:retry_mode,
|
210
211
|
:adaptive_retry_wait_to_fill,
|
@@ -217,6 +218,7 @@ module Aws
|
|
217
218
|
:s3_use_arn_region,
|
218
219
|
:s3_us_east_1_regional_endpoint,
|
219
220
|
:s3_disable_multiregion_access_points,
|
221
|
+
:s3_disable_express_session_auth,
|
220
222
|
:defaults_mode,
|
221
223
|
:sdk_ua_app_id,
|
222
224
|
:disable_request_compression,
|
data/lib/aws-sdk-sso/client.rb
CHANGED
@@ -14,36 +14,42 @@ module Aws::SSO
|
|
14
14
|
use_dual_stack = parameters.use_dual_stack
|
15
15
|
use_fips = parameters.use_fips
|
16
16
|
endpoint = parameters.endpoint
|
17
|
-
if
|
18
|
-
if Aws::Endpoints::Matchers.set?(endpoint) && (url = Aws::Endpoints::Matchers.parse_url(endpoint))
|
19
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
20
|
-
raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
|
21
|
-
end
|
22
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
23
|
-
raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
|
24
|
-
end
|
25
|
-
return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
|
26
|
-
end
|
27
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
28
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
29
|
-
return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
|
30
|
-
end
|
31
|
-
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
32
|
-
end
|
17
|
+
if Aws::Endpoints::Matchers.set?(endpoint)
|
33
18
|
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
34
|
-
|
35
|
-
return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
36
|
-
end
|
37
|
-
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
19
|
+
raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
|
38
20
|
end
|
39
21
|
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
40
|
-
|
41
|
-
|
22
|
+
raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
|
23
|
+
end
|
24
|
+
return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
|
25
|
+
end
|
26
|
+
if Aws::Endpoints::Matchers.set?(region)
|
27
|
+
if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
|
28
|
+
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
29
|
+
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
30
|
+
return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
|
31
|
+
end
|
32
|
+
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
33
|
+
end
|
34
|
+
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
35
|
+
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
|
36
|
+
if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
|
37
|
+
return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.amazonaws.com", headers: {}, properties: {})
|
38
|
+
end
|
39
|
+
return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
40
|
+
end
|
41
|
+
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
42
|
+
end
|
43
|
+
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
44
|
+
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
45
|
+
return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
|
46
|
+
end
|
47
|
+
raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
|
42
48
|
end
|
43
|
-
|
49
|
+
return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
44
50
|
end
|
45
|
-
return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
46
51
|
end
|
52
|
+
raise ArgumentError, "Invalid Configuration: Missing Region"
|
47
53
|
raise ArgumentError, 'No endpoint could be resolved'
|
48
54
|
|
49
55
|
end
|
@@ -25,16 +25,17 @@ module Aws::SSO
|
|
25
25
|
# @api private
|
26
26
|
class Handler < Seahorse::Client::Handler
|
27
27
|
def call(context)
|
28
|
-
# If endpoint was discovered, do not resolve or apply the endpoint.
|
29
28
|
unless context[:discovered_endpoint]
|
30
29
|
params = parameters_for_operation(context)
|
31
30
|
endpoint = context.config.endpoint_provider.resolve_endpoint(params)
|
32
31
|
|
33
32
|
context.http_request.endpoint = endpoint.url
|
34
33
|
apply_endpoint_headers(context, endpoint.headers)
|
34
|
+
|
35
|
+
context[:endpoint_params] = params
|
36
|
+
context[:endpoint_properties] = endpoint.properties
|
35
37
|
end
|
36
38
|
|
37
|
-
context[:endpoint_params] = params
|
38
39
|
context[:auth_scheme] =
|
39
40
|
Aws::Endpoints.resolve_auth_scheme(context, endpoint)
|
40
41
|
|