RubyGems - aws-sdk-core - Versions diffs - 3.197.0 → 3.197.1 - Mend

aws-sdk-core 3.197.0 → 3.197.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/VERSION +1 -1
data/lib/aws-sdk-core/process_credentials.rb +45 -27
data/lib/aws-sdk-sso/client.rb +1 -1
data/lib/aws-sdk-sso.rb +1 -1
data/lib/aws-sdk-ssooidc/client.rb +1 -1
data/lib/aws-sdk-ssooidc.rb +1 -1
data/lib/aws-sdk-sts/client.rb +1 -1
data/lib/aws-sdk-sts.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2126c3d8e997ce7f62c9c4d66f5eeef1b3ca33dbe07963cee7ab64af41e3bea3
-  data.tar.gz: c8e520892d84cfe2afb40aae3c2064c2f9aed5c291b4346d3a45a2f61df6175d
+  metadata.gz: f11249692fa65ae987ba92fad403281cc16a877ccfe8381afb6ae7806c3a50ae
+  data.tar.gz: 0f8b8f4a441fb62dc3b5c7f296e8e3c5fff877262414796b98fc20dbd4eb680c
 SHA512:
-  metadata.gz: 33e18c7d668078ac612c1c77324c86fc4a102e6d4f752211ca1b6ca9cec91ae098e1261c3ae1ec03dfe2c57d16925608feef5f89cb76a32203d04cb9d790b135
-  data.tar.gz: 459028118688f266b87f788388ffbb5a7cc6e32931b8bc6ffdbad86dfc00818adc7d394ffee4aa672cb5a4003bfdf2046bfbda5e729582a7022c2d0c835df634
+  metadata.gz: e7b0fbfd6d0062f19f0c9ec4f70b909123e98b570a83b156fcbb4bae0e58a685745f1bffdb55c2999d4fd0e8ad0a2927b685bd59373d9008c5f2a3e12a5878e2
+  data.tar.gz: 356fab036a80251e70ad0ecd0232db0df377a2bfffef5b2631f12fa3d3dd048166f10013105818dfd59ff4e66deef16dfaf2c03ceb889009b8b9d5beb89907f5

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
+3.197.1 (2024-06-19)
+------------------
+* Issue - Support an array of string arguments for `Aws::ProcessCredentials` to be executed by `system`.
 3.197.0 (2024-06-05)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 3.197.0
1	+ 3.197.1

data/lib/aws-sdk-core/process_credentials.rb CHANGED Viewed

@@ -2,9 +2,15 @@
 module Aws
   # A credential provider that executes a given process and attempts
-  # to read its stdout to recieve a JSON payload containing the credentials.
+  # to read its stdout to receive a JSON payload containing the credentials.
   #
-  #     credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc')
+  #     credentials = Aws::ProcessCredentials.new(['/usr/bin/credential_proc'])
+  #     ec2 = Aws::EC2::Client.new(credentials: credentials)
+  #
+  # Arguments should be provided as strings in the array, for example:
+  #
+  #     process = ['/usr/bin/credential_proc', 'arg1', 'arg2']
+  #     credentials = Aws::ProcessCredentials.new(process)
   #     ec2 = Aws::EC2::Client.new(credentials: credentials)
   #
   # Automatically handles refreshing credentials if an Expiration time is
@@ -19,40 +25,49 @@ module Aws
     # Creates a new ProcessCredentials object, which allows an
     # external process to be used as a credential provider.
     #
-    # @param [String] process Invocation string for process
-    # credentials provider.
+    # @param [Array<String>, String] process An array of strings including
+    #  the process name and its arguments to execute, or a single string to be
+    #  executed by the shell (deprecated and insecure).
     def initialize(process)
+      if process.is_a?(String)
+        warn('Passing a single string to Aws::ProcessCredentials.new '\
+             'is insecure, please use use an array of system arguments instead')
+      end
       @process = process
-      @credentials = credentials_from_process(@process)
+      @credentials = credentials_from_process
       @async_refresh = false
       super
     end
     private
-    def credentials_from_process(proc_invocation)
-      begin
-        raw_out = `#{proc_invocation}`
-        process_status = $?
-      rescue Errno::ENOENT
-        raise Errors::InvalidProcessCredentialsPayload.new("Could not find process #{proc_invocation}")
+    def credentials_from_process
+      r, w = IO.pipe
+      success = system(*@process, out: w)
+      w.close
+      raw_out = r.read
+      r.close
+      unless success
+        raise Errors::InvalidProcessCredentialsPayload.new(
+          'credential_process provider failure, the credential process had '\
+          'non zero exit status and failed to provide credentials'
+        )
       end
-      if process_status.success?
-        begin
-          creds_json = Aws::Json.load(raw_out)
-        rescue Aws::Json::ParseError
-          raise Errors::InvalidProcessCredentialsPayload.new("Invalid JSON response")
-        end
-        payload_version = creds_json['Version']
-        if payload_version == 1
-          _parse_payload_format_v1(creds_json)
-        else
-          raise Errors::InvalidProcessCredentialsPayload.new("Invalid version #{payload_version} for credentials payload")
-        end
-      else
-        raise Errors::InvalidProcessCredentialsPayload.new('credential_process provider failure, the credential process had non zero exit status and failed to provide credentials')
+      begin
+        creds_json = Aws::Json.load(raw_out)
+      rescue Aws::Json::ParseError
+        raise Errors::InvalidProcessCredentialsPayload.new('Invalid JSON response')
       end
+      payload_version = creds_json['Version']
+      return _parse_payload_format_v1(creds_json) if payload_version == 1
+      raise Errors::InvalidProcessCredentialsPayload.new(
+        "Invalid version #{payload_version} for credentials payload"
+      )
     end
     def _parse_payload_format_v1(creds_json)
@@ -64,11 +79,14 @@ module Aws
       @expiration = creds_json['Expiration'] ? Time.iso8601(creds_json['Expiration']) : nil
       return creds if creds.set?
-      raise Errors::InvalidProcessCredentialsPayload.new("Invalid payload for JSON credentials version 1")
+      raise Errors::InvalidProcessCredentialsPayload.new(
+        'Invalid payload for JSON credentials version 1'
+      )
     end
     def refresh
-      @credentials = credentials_from_process(@process)
+      @credentials = credentials_from_process
     end
     def near_expiration?(expiration_length)

data/lib/aws-sdk-sso/client.rb CHANGED Viewed

@@ -630,7 +630,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.197.0'
+      context[:gem_version] = '3.197.1'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-sso.rb CHANGED Viewed

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
-  GEM_VERSION = '3.197.0'
+  GEM_VERSION = '3.197.1'
 end

data/lib/aws-sdk-ssooidc/client.rb CHANGED Viewed

@@ -983,7 +983,7 @@ module Aws::SSOOIDC
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.197.0'
+      context[:gem_version] = '3.197.1'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-ssooidc.rb CHANGED Viewed

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-ssooidc/customizations'
 # @!group service
 module Aws::SSOOIDC
-  GEM_VERSION = '3.197.0'
+  GEM_VERSION = '3.197.1'
 end

data/lib/aws-sdk-sts/client.rb CHANGED Viewed

@@ -2377,7 +2377,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.197.0'
+      context[:gem_version] = '3.197.1'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-sts.rb CHANGED Viewed

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @!group service
 module Aws::STS
-  GEM_VERSION = '3.197.0'
+  GEM_VERSION = '3.197.1'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.197.0
+  version: 3.197.1
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-05 00:00:00.000000000 Z
+date: 2024-06-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath