aws-sdk-core 3.197.0 → 3.197.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2126c3d8e997ce7f62c9c4d66f5eeef1b3ca33dbe07963cee7ab64af41e3bea3
-  data.tar.gz: c8e520892d84cfe2afb40aae3c2064c2f9aed5c291b4346d3a45a2f61df6175d
+  metadata.gz: f11249692fa65ae987ba92fad403281cc16a877ccfe8381afb6ae7806c3a50ae
+  data.tar.gz: 0f8b8f4a441fb62dc3b5c7f296e8e3c5fff877262414796b98fc20dbd4eb680c
 SHA512:
-  metadata.gz: 33e18c7d668078ac612c1c77324c86fc4a102e6d4f752211ca1b6ca9cec91ae098e1261c3ae1ec03dfe2c57d16925608feef5f89cb76a32203d04cb9d790b135
-  data.tar.gz: 459028118688f266b87f788388ffbb5a7cc6e32931b8bc6ffdbad86dfc00818adc7d394ffee4aa672cb5a4003bfdf2046bfbda5e729582a7022c2d0c835df634
+  metadata.gz: e7b0fbfd6d0062f19f0c9ec4f70b909123e98b570a83b156fcbb4bae0e58a685745f1bffdb55c2999d4fd0e8ad0a2927b685bd59373d9008c5f2a3e12a5878e2
+  data.tar.gz: 356fab036a80251e70ad0ecd0232db0df377a2bfffef5b2631f12fa3d3dd048166f10013105818dfd59ff4e66deef16dfaf2c03ceb889009b8b9d5beb89907f5

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+3.197.1 (2024-06-19)
+------------------
+
+* Issue - Support an array of string arguments for `Aws::ProcessCredentials` to be executed by `system`.
+
 3.197.0 (2024-06-05)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.197.0
+3.197.1

data/lib/aws-sdk-core/process_credentials.rb

@@ -2,9 +2,15 @@
 
 module Aws
   # A credential provider that executes a given process and attempts
-  # to read its stdout to recieve a JSON payload containing the credentials.
+  # to read its stdout to receive a JSON payload containing the credentials.
   #
-  #     credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc')
+  #     credentials = Aws::ProcessCredentials.new(['/usr/bin/credential_proc'])
+  #     ec2 = Aws::EC2::Client.new(credentials: credentials)
+  #
+  # Arguments should be provided as strings in the array, for example:
+  #
+  #     process = ['/usr/bin/credential_proc', 'arg1', 'arg2']
+  #     credentials = Aws::ProcessCredentials.new(process)
   #     ec2 = Aws::EC2::Client.new(credentials: credentials)
   #
   # Automatically handles refreshing credentials if an Expiration time is
@@ -19,40 +25,49 @@ module Aws
     # Creates a new ProcessCredentials object, which allows an
     # external process to be used as a credential provider.
     #
-    # @param [String] process Invocation string for process
-    # credentials provider.
+    # @param [Array<String>, String] process An array of strings including
+    #  the process name and its arguments to execute, or a single string to be
+    #  executed by the shell (deprecated and insecure).
     def initialize(process)
+      if process.is_a?(String)
+        warn('Passing a single string to Aws::ProcessCredentials.new '\
+             'is insecure, please use use an array of system arguments instead')
+      end
       @process = process
-      @credentials = credentials_from_process(@process)
+      @credentials = credentials_from_process
       @async_refresh = false
 
       super
     end
 
     private
-    def credentials_from_process(proc_invocation)
-      begin
-        raw_out = `#{proc_invocation}`
-        process_status = $?
-      rescue Errno::ENOENT
-        raise Errors::InvalidProcessCredentialsPayload.new("Could not find process #{proc_invocation}")
+
+    def credentials_from_process
+      r, w = IO.pipe
+      success = system(*@process, out: w)
+      w.close
+      raw_out = r.read
+      r.close
+
+      unless success
+        raise Errors::InvalidProcessCredentialsPayload.new(
+          'credential_process provider failure, the credential process had '\
+          'non zero exit status and failed to provide credentials'
+        )
       end
 
-      if process_status.success?
-        begin
-          creds_json = Aws::Json.load(raw_out)
-        rescue Aws::Json::ParseError
-          raise Errors::InvalidProcessCredentialsPayload.new("Invalid JSON response")
-        end
-        payload_version = creds_json['Version']
-        if payload_version == 1
-          _parse_payload_format_v1(creds_json)
-        else
-          raise Errors::InvalidProcessCredentialsPayload.new("Invalid version #{payload_version} for credentials payload")
-        end
-      else
-        raise Errors::InvalidProcessCredentialsPayload.new('credential_process provider failure, the credential process had non zero exit status and failed to provide credentials')
+      begin
+        creds_json = Aws::Json.load(raw_out)
+      rescue Aws::Json::ParseError
+        raise Errors::InvalidProcessCredentialsPayload.new('Invalid JSON response')
       end
+
+      payload_version = creds_json['Version']
+      return _parse_payload_format_v1(creds_json) if payload_version == 1
+
+      raise Errors::InvalidProcessCredentialsPayload.new(
+        "Invalid version #{payload_version} for credentials payload"
+      )
     end
 
     def _parse_payload_format_v1(creds_json)
@@ -64,11 +79,14 @@ module Aws
 
       @expiration = creds_json['Expiration'] ? Time.iso8601(creds_json['Expiration']) : nil
       return creds if creds.set?
-      raise Errors::InvalidProcessCredentialsPayload.new("Invalid payload for JSON credentials version 1")
+
+      raise Errors::InvalidProcessCredentialsPayload.new(
+        'Invalid payload for JSON credentials version 1'
+      )
     end
 
     def refresh
-      @credentials = credentials_from_process(@process)
+      @credentials = credentials_from_process
     end
 
     def near_expiration?(expiration_length)

data/lib/aws-sdk-sso/client.rb

@@ -630,7 +630,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.197.0'
+      context[:gem_version] = '3.197.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso.rb

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
 
-  GEM_VERSION = '3.197.0'
+  GEM_VERSION = '3.197.1'
 
 end

data/lib/aws-sdk-ssooidc/client.rb

@@ -983,7 +983,7 @@ module Aws::SSOOIDC
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.197.0'
+      context[:gem_version] = '3.197.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ssooidc.rb

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-ssooidc/customizations'
 # @!group service
 module Aws::SSOOIDC
 
-  GEM_VERSION = '3.197.0'
+  GEM_VERSION = '3.197.1'
 
 end

data/lib/aws-sdk-sts/client.rb

@@ -2377,7 +2377,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.197.0'
+      context[:gem_version] = '3.197.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts.rb

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @!group service
 module Aws::STS
 
-  GEM_VERSION = '3.197.0'
+  GEM_VERSION = '3.197.1'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.197.0
+  version: 3.197.1
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-05 00:00:00.000000000 Z
+date: 2024-06-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath