aws-sdk-core 3.185.2 → 3.186.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0117f7cb50c068598c310d1623a7d28eed6639c20d168ecd506fdf48040aafda
4
- data.tar.gz: 676254d312d5f27b19268fb05ec84e269b76488fe7f71c5244a38468a63bdad8
3
+ metadata.gz: 4b996ac6ca7e1d4d61926d24af262a70a2d2da40b09a8999165721b58c8995a1
4
+ data.tar.gz: a931f4b08ac8b2fd6342abbd4b799b649ee057c9e1bb9dc8cb9581ef30030f30
5
5
  SHA512:
6
- metadata.gz: '08840b98e2ab9cd7e182f0488055ae2f12d3665b08d54fe255c1b2dca17ea4923a4fd5833d8bdb4f71339e1aab015070c4b1ce14c3e7726d5a54a4f158d41e9d'
7
- data.tar.gz: 9e4a2c4e100b241728c930caabf7f1783cdf3d4f99465a0be6f917bcd3de1549ebaf46f023faa271ce892da4e54f2a1d2045b6120de2d4909e8d890c6fbd50a8
6
+ metadata.gz: b9655a1c8c71af67476d77e3248f8fd95e994aee2ac1a1c8960d9f12c4c7823ef624029661683b346653cd671c048ee00f01938fcfcade24b2a60ea344c886ec
7
+ data.tar.gz: 97cec2c4e76b50f1224f92111d47240ab8f9d318489ec30607a206b4c83623033972d4ed72a466d90eef2957eb9ae1cf2c416cc276f9a8d4bb2c057fe7f1e968
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 3.186.0 (2023-11-02)
5
+ ------------------
6
+
7
+ * Feature - Support disabling IMDSv1 in `InstanceProfileCredentials` using `ENV['AWS_EC2_METADATA_V1_DISABLED']`, `ec2_metadata_v1_disabled` shared config, or the `disable_imds_v1` credentials option.
8
+
4
9
  3.185.2 (2023-10-31)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.185.2
1
+ 3.186.0
@@ -53,6 +53,8 @@ module Aws
53
53
  # @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
54
54
  # the instance metadata service. This is either 'IPv4' ('169.254.169.254')
55
55
  # or 'IPv6' ('[fd00:ec2::254]').
56
+ # @option options [Boolean] :disable_imds_v1 (false) Disable the use of the
57
+ # legacy EC2 Metadata Service v1.
56
58
  # @option options [String] :ip_address ('169.254.169.254') Deprecated. Use
57
59
  # :endpoint instead. The IP address for the endpoint.
58
60
  # @option options [Integer] :port (80)
@@ -77,6 +79,9 @@ module Aws
77
79
  endpoint_mode = resolve_endpoint_mode(options)
78
80
  @endpoint = resolve_endpoint(options, endpoint_mode)
79
81
  @port = options[:port] || 80
82
+ @disable_imds_v1 = resolve_disable_v1(options)
83
+ # Flag for if v2 flow fails, skip future attempts
84
+ @imds_v1_fallback = false
80
85
  @http_open_timeout = options[:http_open_timeout] || 1
81
86
  @http_read_timeout = options[:http_read_timeout] || 1
82
87
  @http_debug_output = options[:http_debug_output]
@@ -123,6 +128,16 @@ module Aws
123
128
  end
124
129
  end
125
130
 
131
+ def resolve_disable_v1(options)
132
+ value = options[:disable_imds_v1]
133
+ value ||= ENV['AWS_EC2_METADATA_V1_DISABLED']
134
+ value ||= Aws.shared_config.ec2_metadata_v1_disabled(
135
+ profile: options[:profile]
136
+ )
137
+ value = value.to_s.downcase if value
138
+ Aws::Util.str_2_bool(value) || false
139
+ end
140
+
126
141
  def backoff(backoff)
127
142
  case backoff
128
143
  when Proc then backoff
@@ -141,7 +156,7 @@ module Aws
141
156
  # service is responding but is returning invalid JSON documents
142
157
  # in response to the GET profile credentials call.
143
158
  begin
144
- retry_errors([Aws::Json::ParseError, StandardError], max_retries: 3) do
159
+ retry_errors([Aws::Json::ParseError], max_retries: 3) do
145
160
  c = Aws::Json.load(get_credentials.to_s)
146
161
  if empty_credentials?(@credentials)
147
162
  @credentials = Credentials.new(
@@ -173,7 +188,6 @@ module Aws
173
188
  end
174
189
  end
175
190
  end
176
-
177
191
  end
178
192
  rescue Aws::Json::ParseError
179
193
  raise Aws::Errors::MetadataParserError
@@ -191,34 +205,14 @@ module Aws
191
205
  open_connection do |conn|
192
206
  # attempt to fetch token to start secure flow first
193
207
  # and rescue to failover
194
- begin
195
- retry_errors(NETWORK_ERRORS, max_retries: @retries) do
196
- unless token_set?
197
- created_time = Time.now
198
- token_value, ttl = http_put(
199
- conn, METADATA_TOKEN_PATH, @token_ttl
200
- )
201
- @token = Token.new(token_value, ttl, created_time) if token_value && ttl
202
- end
203
- end
204
- rescue *NETWORK_ERRORS
205
- # token attempt failed, reset token
206
- # fallback to non-token mode
207
- @token = nil
208
- end
209
-
208
+ fetch_token(conn) unless @imds_v1_fallback
210
209
  token = @token.value if token_set?
211
210
 
212
- begin
213
- metadata = http_get(conn, METADATA_PATH_BASE, token)
214
- profile_name = metadata.lines.first.strip
215
- http_get(conn, METADATA_PATH_BASE + profile_name, token)
216
- rescue TokenExpiredError
217
- # Token has expired, reset it
218
- # The next retry should fetch it
219
- @token = nil
220
- raise Non200Response
221
- end
211
+ # disable insecure flow if we couldn't get token
212
+ # and imds v1 is disabled
213
+ raise TokenRetrivalError if token.nil? && @disable_imds_v1
214
+
215
+ _get_credentials(conn, token)
222
216
  end
223
217
  end
224
218
  rescue
@@ -227,6 +221,36 @@ module Aws
227
221
  end
228
222
  end
229
223
 
224
+ def fetch_token(conn)
225
+ retry_errors(NETWORK_ERRORS, max_retries: @retries) do
226
+ unless token_set?
227
+ created_time = Time.now
228
+ token_value, ttl = http_put(
229
+ conn, METADATA_TOKEN_PATH, @token_ttl
230
+ )
231
+ @token = Token.new(token_value, ttl, created_time) if token_value && ttl
232
+ end
233
+ end
234
+ rescue *NETWORK_ERRORS
235
+ # token attempt failed, reset token
236
+ # fallback to non-token mode
237
+ @token = nil
238
+ @imds_v1_fallback = true
239
+ end
240
+
241
+ # token is optional - if nil, uses v1 (insecure) flow
242
+ def _get_credentials(conn, token)
243
+ metadata = http_get(conn, METADATA_PATH_BASE, token)
244
+ profile_name = metadata.lines.first.strip
245
+ http_get(conn, METADATA_PATH_BASE + profile_name, token)
246
+ rescue TokenExpiredError
247
+ # Token has expired, reset it
248
+ # The next retry should fetch it
249
+ @token = nil
250
+ @imds_v1_fallback = false
251
+ raise Non200Response
252
+ end
253
+
230
254
  def token_set?
231
255
  @token && !@token.expired?
232
256
  end
@@ -276,8 +300,6 @@ module Aws
276
300
  ]
277
301
  when 400
278
302
  raise TokenRetrivalError
279
- when 401
280
- raise TokenExpiredError
281
303
  else
282
304
  raise Non200Response
283
305
  end
@@ -205,6 +205,7 @@ module Aws
205
205
  :use_fips_endpoint,
206
206
  :ec2_metadata_service_endpoint,
207
207
  :ec2_metadata_service_endpoint_mode,
208
+ :ec2_metadata_v1_disabled,
208
209
  :max_attempts,
209
210
  :retry_mode,
210
211
  :adaptive_retry_wait_to_fill,
@@ -605,7 +605,7 @@ module Aws::SSO
605
605
  params: params,
606
606
  config: config)
607
607
  context[:gem_name] = 'aws-sdk-core'
608
- context[:gem_version] = '3.185.2'
608
+ context[:gem_version] = '3.186.0'
609
609
  Seahorse::Client::Request.new(handlers, context)
610
610
  end
611
611
 
data/lib/aws-sdk-sso.rb CHANGED
@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sso/customizations'
54
54
  # @!group service
55
55
  module Aws::SSO
56
56
 
57
- GEM_VERSION = '3.185.2'
57
+ GEM_VERSION = '3.186.0'
58
58
 
59
59
  end
@@ -601,7 +601,7 @@ module Aws::SSOOIDC
601
601
  params: params,
602
602
  config: config)
603
603
  context[:gem_name] = 'aws-sdk-core'
604
- context[:gem_version] = '3.185.2'
604
+ context[:gem_version] = '3.186.0'
605
605
  Seahorse::Client::Request.new(handlers, context)
606
606
  end
607
607
 
@@ -54,6 +54,6 @@ require_relative 'aws-sdk-ssooidc/customizations'
54
54
  # @!group service
55
55
  module Aws::SSOOIDC
56
56
 
57
- GEM_VERSION = '3.185.2'
57
+ GEM_VERSION = '3.186.0'
58
58
 
59
59
  end
@@ -2344,7 +2344,7 @@ module Aws::STS
2344
2344
  params: params,
2345
2345
  config: config)
2346
2346
  context[:gem_name] = 'aws-sdk-core'
2347
- context[:gem_version] = '3.185.2'
2347
+ context[:gem_version] = '3.186.0'
2348
2348
  Seahorse::Client::Request.new(handlers, context)
2349
2349
  end
2350
2350
 
data/lib/aws-sdk-sts.rb CHANGED
@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sts/customizations'
54
54
  # @!group service
55
55
  module Aws::STS
56
56
 
57
- GEM_VERSION = '3.185.2'
57
+ GEM_VERSION = '3.186.0'
58
58
 
59
59
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.185.2
4
+ version: 3.186.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-10-31 00:00:00.000000000 Z
11
+ date: 2023-11-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jmespath