aws-sdk-core 3.23.0 → 3.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/aws-sdk-core.rb +1 -0
- data/lib/aws-sdk-core/credential_provider_chain.rb +15 -0
- data/lib/aws-sdk-core/errors.rb +4 -0
- data/lib/aws-sdk-core/process_credentials.rb +74 -0
- data/lib/aws-sdk-core/shared_config.rb +5 -0
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: aad412b598b70e2373c73086f4ed949ac84152fb
|
|
4
|
+
data.tar.gz: cfebe3b9d5e15b9b7d323059f80816d992eb6d0a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e7591377e89f307f65a8261632906c36f755275449c861a447f24d72b47f3f2abf4d33d4e6b9ed114ca47d5a7a0108649070ec5da57a69483dbdb1475ecdf4f2
|
|
7
|
+
data.tar.gz: 595e31b23d517448b5d3cf1d82b4b42c5c47618a564a38d0432d5320b9c7bfe4d39c79ebd838b295bc9e7622dd06fc1a1d49fd0294576204a3b79723100e7932
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.24.0
|
data/lib/aws-sdk-core.rb
CHANGED
|
@@ -14,6 +14,7 @@ require_relative 'aws-sdk-core/credential_provider_chain'
|
|
|
14
14
|
require_relative 'aws-sdk-core/ecs_credentials'
|
|
15
15
|
require_relative 'aws-sdk-core/instance_profile_credentials'
|
|
16
16
|
require_relative 'aws-sdk-core/shared_credentials'
|
|
17
|
+
require_relative 'aws-sdk-core/process_credentials'
|
|
17
18
|
|
|
18
19
|
# client modules
|
|
19
20
|
|
|
@@ -23,6 +23,7 @@ module Aws
|
|
|
23
23
|
[:env_credentials, {}],
|
|
24
24
|
[:assume_role_credentials, {}],
|
|
25
25
|
[:shared_credentials, {}],
|
|
26
|
+
[:process_credentials, {}],
|
|
26
27
|
[:instance_profile_credentials, {
|
|
27
28
|
retries: @config ? @config.instance_profile_credentials_retries : 0,
|
|
28
29
|
http_open_timeout: @config ? @config.instance_profile_credentials_timeout : 1,
|
|
@@ -69,6 +70,20 @@ module Aws
|
|
|
69
70
|
nil
|
|
70
71
|
end
|
|
71
72
|
|
|
73
|
+
def process_credentials(options)
|
|
74
|
+
profile_name = options[:config].profile if options[:config]
|
|
75
|
+
profile_name ||= ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE']
|
|
76
|
+
|
|
77
|
+
config = Aws.shared_config
|
|
78
|
+
if config.config_enabled? && process_provider = config.credentials_process(profile_name)
|
|
79
|
+
ProcessCredentials.new(process_provider)
|
|
80
|
+
else
|
|
81
|
+
nil
|
|
82
|
+
end
|
|
83
|
+
rescue Errors::NoSuchProfileError
|
|
84
|
+
nil
|
|
85
|
+
end
|
|
86
|
+
|
|
72
87
|
def assume_role_credentials(options)
|
|
73
88
|
if Aws.shared_config.config_enabled?
|
|
74
89
|
profile, region = nil, nil
|
data/lib/aws-sdk-core/errors.rb
CHANGED
|
@@ -102,6 +102,10 @@ module Aws
|
|
|
102
102
|
end
|
|
103
103
|
end
|
|
104
104
|
|
|
105
|
+
# Raised when a credentials provider process returns a JSON
|
|
106
|
+
# payload with either invalid version number or malformed contents
|
|
107
|
+
class InvalidProcessCredentialsPayload < RuntimeError; end
|
|
108
|
+
|
|
105
109
|
# Raised when a client is constructed and region is not specified.
|
|
106
110
|
class MissingRegionError < ArgumentError
|
|
107
111
|
def initialize(*args)
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
require 'open3'
|
|
2
|
+
|
|
3
|
+
module Aws
|
|
4
|
+
|
|
5
|
+
# A credential provider that executes a given process and attempts
|
|
6
|
+
# to read its stdout to recieve a JSON payload containing the credentials
|
|
7
|
+
#
|
|
8
|
+
# Automatically handles refreshing credentials if an Expiration time is
|
|
9
|
+
# provided in the credentials payload
|
|
10
|
+
#
|
|
11
|
+
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc').credentials
|
|
12
|
+
#
|
|
13
|
+
# ec2 = Aws::EC2::Client.new(credentials: credentials)
|
|
14
|
+
#
|
|
15
|
+
# More documentation on process based credentials can be found here:
|
|
16
|
+
# https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes
|
|
17
|
+
class ProcessCredentials
|
|
18
|
+
|
|
19
|
+
include CredentialProvider
|
|
20
|
+
include RefreshingCredentials
|
|
21
|
+
|
|
22
|
+
# Creates a new ProcessCredentials object, which allows an
|
|
23
|
+
# external process to be used as a credential provider.
|
|
24
|
+
#
|
|
25
|
+
# @param [String] process Invocation string for process
|
|
26
|
+
# credentials provider.
|
|
27
|
+
def initialize(process)
|
|
28
|
+
@process = process
|
|
29
|
+
@credentials = credentials_from_process(@process)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
private
|
|
33
|
+
def credentials_from_process(proc_invocation)
|
|
34
|
+
begin
|
|
35
|
+
raw_out, process_status = Open3.capture2(proc_invocation)
|
|
36
|
+
rescue Errno::ENOENT
|
|
37
|
+
raise Errors::InvalidProcessCredentialsPayload.new("Could not find process #{proc_invocation}")
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
if process_status.success?
|
|
41
|
+
creds_json = JSON.parse(raw_out)
|
|
42
|
+
payload_version = creds_json['Version']
|
|
43
|
+
if payload_version == 1
|
|
44
|
+
_parse_payload_format_v1(creds_json)
|
|
45
|
+
else
|
|
46
|
+
raise Errors::InvalidProcessCredentialsPayload.new("Invalid version #{payload_version} for credentials payload")
|
|
47
|
+
end
|
|
48
|
+
else
|
|
49
|
+
raise Errors::InvalidProcessCredentialsPayload.new('credential_process provider failure, the credential process had non zero exit status and failed to provide credentials')
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def _parse_payload_format_v1(creds_json)
|
|
54
|
+
creds = Credentials.new(
|
|
55
|
+
creds_json['AccessKeyId'],
|
|
56
|
+
creds_json['SecretAccessKey'],
|
|
57
|
+
creds_json['SessionToken']
|
|
58
|
+
)
|
|
59
|
+
|
|
60
|
+
@expiration = creds_json['Expiration'] ? Time.iso8601(creds_json['Expiration']) : nil
|
|
61
|
+
return creds if creds.set?
|
|
62
|
+
raise Errors::InvalidProcessCredentialsPayload.new("Invalid payload for JSON credentials version 1")
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def refresh
|
|
66
|
+
@credentials = credentials_from_process(@process)
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def near_expiration?
|
|
70
|
+
# are we within 5 minutes of expiration?
|
|
71
|
+
@expiration && (Time.now.to_i + 5 * 60) > @expiration.to_i
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
@@ -135,6 +135,11 @@ module Aws
|
|
|
135
135
|
end
|
|
136
136
|
end
|
|
137
137
|
|
|
138
|
+
def credentials_process(profile)
|
|
139
|
+
validate_profile_exists(profile)
|
|
140
|
+
@parsed_config[profile]['credential_process']
|
|
141
|
+
end
|
|
142
|
+
|
|
138
143
|
private
|
|
139
144
|
def credentials_present?
|
|
140
145
|
(@parsed_credentials && !@parsed_credentials.empty?) ||
|
data/lib/aws-sdk-sts.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.24.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-08-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jmespath
|
|
@@ -133,6 +133,7 @@ files:
|
|
|
133
133
|
- lib/aws-sdk-core/plugins/signature_v4.rb
|
|
134
134
|
- lib/aws-sdk-core/plugins/stub_responses.rb
|
|
135
135
|
- lib/aws-sdk-core/plugins/user_agent.rb
|
|
136
|
+
- lib/aws-sdk-core/process_credentials.rb
|
|
136
137
|
- lib/aws-sdk-core/query.rb
|
|
137
138
|
- lib/aws-sdk-core/query/ec2_param_builder.rb
|
|
138
139
|
- lib/aws-sdk-core/query/handler.rb
|