aws-sdk-core 3.54.2 → 3.75.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +101 -0
- data/lib/aws-sdk-core/client_side_monitoring/publisher.rb +9 -1
- data/lib/aws-sdk-core/credential_provider.rb +0 -31
- data/lib/aws-sdk-core/credential_provider_chain.rb +29 -18
- data/lib/aws-sdk-core/deprecations.rb +16 -10
- data/lib/aws-sdk-core/endpoint_cache.rb +14 -11
- data/lib/aws-sdk-core/errors.rb +12 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +3 -2
- data/lib/aws-sdk-core/json.rb +5 -5
- data/lib/aws-sdk-core/log/param_filter.rb +1 -1
- data/lib/aws-sdk-core/param_validator.rb +4 -5
- data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +24 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +3 -1
- data/lib/aws-sdk-core/plugins/retry_errors.rb +7 -3
- data/lib/aws-sdk-core/process_credentials.rb +3 -3
- data/lib/aws-sdk-core/shared_config.rb +74 -5
- data/lib/aws-sdk-core.rb +1 -0
- data/lib/aws-sdk-sts/client.rb +102 -17
- data/lib/aws-sdk-sts/client_api.rb +16 -0
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +32 -0
- data/lib/aws-sdk-sts/types.rb +53 -18
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/seahorse/client/base.rb +3 -1
- data/lib/seahorse/client/handler_list_entry.rb +2 -2
- data/lib/seahorse/client/plugin.rb +1 -1
- metadata +12 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 194df940a18e57a3fbf75e09c42328b35988c17e
|
4
|
+
data.tar.gz: fa8cf2d891ba162504b4a7cee3708fcca2078691
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2000eaec703020824d47772c672bc3465cc0a41b060455b7bec2dcdee009f44568c60417a378d5fd3d5981cd84767a1a5c46af7d78f0b211f43335e0a9e3d5ee
|
7
|
+
data.tar.gz: a5162ca9178f3333608650761ffa90e5dadace299da423ecbc7ce63bd16c45f513c563a44fcdc73bd0ffbd34bc96905a1184c1ee6f9b0b7d582e25630a475bee
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.75.0
|
@@ -0,0 +1,101 @@
|
|
1
|
+
require 'set'
|
2
|
+
require 'securerandom'
|
3
|
+
require 'base64'
|
4
|
+
|
5
|
+
module Aws
|
6
|
+
|
7
|
+
# An auto-refreshing credential provider that works by assuming
|
8
|
+
# a role via {Aws::STS::Client#assume_role_with_web_identity}.
|
9
|
+
#
|
10
|
+
# role_credentials = Aws::AssumeRoleWebIdentityCredentials.new(
|
11
|
+
# client: Aws::STS::Client.new(...),
|
12
|
+
# role_arn: "linked::account::arn",
|
13
|
+
# web_identity_token_file: "/path/to/token/file",
|
14
|
+
# role_session_name: "session-name"
|
15
|
+
# ...
|
16
|
+
# )
|
17
|
+
# For full list of parameters accepted
|
18
|
+
# @see Aws::STS::Client#assume_role_with_web_identity
|
19
|
+
#
|
20
|
+
#
|
21
|
+
# If you omit `:client` option, a new {STS::Client} object will be
|
22
|
+
# constructed.
|
23
|
+
class AssumeRoleWebIdentityCredentials
|
24
|
+
|
25
|
+
include CredentialProvider
|
26
|
+
include RefreshingCredentials
|
27
|
+
|
28
|
+
# @option options [required, String] :role_arn the IAM role
|
29
|
+
# to be assumed
|
30
|
+
#
|
31
|
+
# @option options [required, String] :web_identity_token_file
|
32
|
+
# absolute path to the file on disk containing OIDC token
|
33
|
+
#
|
34
|
+
# @option options [String] :role_session_name the IAM session
|
35
|
+
# name used to distinguish session, when not provided, base64
|
36
|
+
# encoded UUID is generated as the session name
|
37
|
+
#
|
38
|
+
# @option options [STS::Client] :client
|
39
|
+
def initialize(options = {})
|
40
|
+
client_opts = {}
|
41
|
+
@assume_role_web_identity_params = {}
|
42
|
+
@token_file = options.delete(:web_identity_token_file)
|
43
|
+
options.each_pair do |key, value|
|
44
|
+
if self.class.assume_role_web_identity_options.include?(key)
|
45
|
+
@assume_role_web_identity_params[key] = value
|
46
|
+
else
|
47
|
+
client_opts[key] = value
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
unless @assume_role_web_identity_params[:role_session_name]
|
52
|
+
# not provided, generate encoded UUID as session name
|
53
|
+
@assume_role_web_identity_params[:role_session_name] = _session_name
|
54
|
+
end
|
55
|
+
@client = client_opts[:client] || STS::Client.new(client_opts.merge(credentials: false))
|
56
|
+
super
|
57
|
+
end
|
58
|
+
|
59
|
+
# @return [STS::Client]
|
60
|
+
attr_reader :client
|
61
|
+
|
62
|
+
private
|
63
|
+
|
64
|
+
def refresh
|
65
|
+
# read from token file everytime it refreshes
|
66
|
+
@assume_role_web_identity_params[:web_identity_token] = _token_from_file(@token_file)
|
67
|
+
|
68
|
+
c = @client.assume_role_with_web_identity(
|
69
|
+
@assume_role_web_identity_params).credentials
|
70
|
+
@credentials = Credentials.new(
|
71
|
+
c.access_key_id,
|
72
|
+
c.secret_access_key,
|
73
|
+
c.session_token
|
74
|
+
)
|
75
|
+
@expiration = c.expiration
|
76
|
+
end
|
77
|
+
|
78
|
+
def _token_from_file(path)
|
79
|
+
unless path && File.exist?(path)
|
80
|
+
raise Aws::Errors::MissingWebIdentityTokenFile.new
|
81
|
+
end
|
82
|
+
File.read(path)
|
83
|
+
end
|
84
|
+
|
85
|
+
def _session_name
|
86
|
+
Base64.strict_encode64(SecureRandom.uuid)
|
87
|
+
end
|
88
|
+
|
89
|
+
class << self
|
90
|
+
|
91
|
+
# @api private
|
92
|
+
def assume_role_web_identity_options
|
93
|
+
@arwio ||= begin
|
94
|
+
input = STS::Client.api.operation(:assume_role_with_web_identity).input
|
95
|
+
Set.new(input.shape.member_names)
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
@@ -6,8 +6,10 @@ module Aws
|
|
6
6
|
# @api private
|
7
7
|
class Publisher
|
8
8
|
attr_reader :agent_port
|
9
|
+
attr_reader :agent_host
|
9
10
|
|
10
11
|
def initialize(opts = {})
|
12
|
+
@agent_host = opts[:agent_host] || "127.0.0.1"
|
11
13
|
@agent_port = opts[:agent_port]
|
12
14
|
@mutex = Mutex.new
|
13
15
|
end
|
@@ -18,6 +20,12 @@ module Aws
|
|
18
20
|
end
|
19
21
|
end
|
20
22
|
|
23
|
+
def agent_host=(value)
|
24
|
+
@mutex.synchronize do
|
25
|
+
@agent_host = value
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
21
29
|
def publish(request_metrics)
|
22
30
|
send_datagram(request_metrics.api_call.to_json)
|
23
31
|
request_metrics.api_call_attempts.each do |attempt|
|
@@ -29,7 +37,7 @@ module Aws
|
|
29
37
|
if @agent_port
|
30
38
|
socket = UDPSocket.new
|
31
39
|
begin
|
32
|
-
socket.connect(
|
40
|
+
socket.connect(@agent_host, @agent_port)
|
33
41
|
socket.send(msg, 0)
|
34
42
|
rescue Errno::ECONNREFUSED
|
35
43
|
# Drop on the floor
|
@@ -1,10 +1,6 @@
|
|
1
|
-
require_relative 'deprecations'
|
2
|
-
|
3
1
|
module Aws
|
4
2
|
module CredentialProvider
|
5
3
|
|
6
|
-
extend Deprecations
|
7
|
-
|
8
4
|
# @return [Credentials]
|
9
5
|
attr_reader :credentials
|
10
6
|
|
@@ -13,32 +9,5 @@ module Aws
|
|
13
9
|
!!credentials && credentials.set?
|
14
10
|
end
|
15
11
|
|
16
|
-
# @deprecated Deprecated in 2.1.0. This method is subject to errors
|
17
|
-
# from a race condition when called against refreshable credential
|
18
|
-
# objects. Will be removed in 2.2.0.
|
19
|
-
# @see #credentials
|
20
|
-
def access_key_id
|
21
|
-
credentials ? credentials.access_key_id : nil
|
22
|
-
end
|
23
|
-
deprecated(:access_key_id, use: '#credentials')
|
24
|
-
|
25
|
-
# @deprecated Deprecated in 2.1.0. This method is subject to errors
|
26
|
-
# from a race condition when called against refreshable credential
|
27
|
-
# objects. Will be removed in 2.2.0.
|
28
|
-
# @see #credentials
|
29
|
-
def secret_access_key
|
30
|
-
credentials ? credentials.secret_access_key : nil
|
31
|
-
end
|
32
|
-
deprecated(:secret_access_key, use: '#credentials')
|
33
|
-
|
34
|
-
# @deprecated Deprecated in 2.1.0. This method is subject to errors
|
35
|
-
# from a race condition when called against refreshable credential
|
36
|
-
# objects. Will be removed in 2.2.0.
|
37
|
-
# @see #credentials
|
38
|
-
def session_token
|
39
|
-
credentials ? credentials.session_token : nil
|
40
|
-
end
|
41
|
-
deprecated(:session_token, use: '#credentials')
|
42
|
-
|
43
12
|
end
|
44
13
|
end
|
@@ -21,6 +21,7 @@ module Aws
|
|
21
21
|
[
|
22
22
|
[:static_credentials, {}],
|
23
23
|
[:env_credentials, {}],
|
24
|
+
[:assume_role_web_identity_credentials, {}],
|
24
25
|
[:assume_role_credentials, {}],
|
25
26
|
[:shared_credentials, {}],
|
26
27
|
[:process_credentials, {}],
|
@@ -59,22 +60,20 @@ module Aws
|
|
59
60
|
nil
|
60
61
|
end
|
61
62
|
|
63
|
+
def determine_profile_name(options)
|
64
|
+
(options[:config] && options[:config].profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default'
|
65
|
+
end
|
66
|
+
|
62
67
|
def shared_credentials(options)
|
63
|
-
|
64
|
-
|
65
|
-
else
|
66
|
-
SharedCredentials.new(
|
67
|
-
profile_name: ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE'])
|
68
|
-
end
|
68
|
+
profile_name = determine_profile_name(options)
|
69
|
+
SharedCredentials.new(profile_name: profile_name)
|
69
70
|
rescue Errors::NoSuchProfileError
|
70
71
|
nil
|
71
72
|
end
|
72
73
|
|
73
74
|
def process_credentials(options)
|
74
|
-
profile_name = options[:config].profile if options[:config]
|
75
|
-
profile_name ||= ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE']
|
76
|
-
|
77
75
|
config = Aws.shared_config
|
76
|
+
profile_name = determine_profile_name(options)
|
78
77
|
if config.config_enabled? && process_provider = config.credentials_process(profile_name)
|
79
78
|
ProcessCredentials.new(process_provider)
|
80
79
|
else
|
@@ -86,13 +85,23 @@ module Aws
|
|
86
85
|
|
87
86
|
def assume_role_credentials(options)
|
88
87
|
if Aws.shared_config.config_enabled?
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
88
|
+
assume_role_with_profile(options)
|
89
|
+
else
|
90
|
+
nil
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
def assume_role_web_identity_credentials(options)
|
95
|
+
if (role_arn = ENV['AWS_ROLE_ARN']) &&
|
96
|
+
(token_file = ENV['AWS_WEB_IDENTITY_TOKEN_FILE'])
|
97
|
+
AssumeRoleWebIdentityCredentials.new(
|
98
|
+
role_arn: role_arn,
|
99
|
+
web_identity_token_file: token_file,
|
100
|
+
role_session_name: ENV['AWS_ROLE_SESSION_NAME']
|
101
|
+
)
|
102
|
+
elsif Aws.shared_config.config_enabled?
|
103
|
+
profile = options[:config].profile if options[:config]
|
104
|
+
Aws.shared_config.assume_role_web_identity_credentials_from_config(profile)
|
96
105
|
else
|
97
106
|
nil
|
98
107
|
end
|
@@ -106,9 +115,11 @@ module Aws
|
|
106
115
|
end
|
107
116
|
end
|
108
117
|
|
109
|
-
def assume_role_with_profile(
|
118
|
+
def assume_role_with_profile(options)
|
119
|
+
profile_name = determine_profile_name(options)
|
120
|
+
region = (options[:config] && options[:config].region)
|
110
121
|
Aws.shared_config.assume_role_credentials_from_config(
|
111
|
-
profile:
|
122
|
+
profile: profile_name,
|
112
123
|
region: region,
|
113
124
|
chain_config: @config
|
114
125
|
)
|
@@ -35,33 +35,39 @@ module Aws
|
|
35
35
|
# @api private
|
36
36
|
module Deprecations
|
37
37
|
|
38
|
-
# @param [Symbol]
|
38
|
+
# @param [Symbol] method The name of the deprecated method.
|
39
39
|
#
|
40
40
|
# @option options [String] :message The warning message to issue
|
41
41
|
# when the deprecated method is called.
|
42
42
|
#
|
43
|
-
# @option options [
|
44
|
-
# method that should be used.
|
43
|
+
# @option options [String] :use The name of a method that should be used.
|
45
44
|
#
|
46
|
-
|
45
|
+
# @option options [String] :version The version that will remove the
|
46
|
+
# deprecated method.
|
47
|
+
#
|
48
|
+
def deprecated(method, options = {})
|
47
49
|
|
48
50
|
deprecation_msg = options[:message] || begin
|
49
|
-
msg = "DEPRECATION WARNING
|
50
|
-
msg << "of
|
51
|
-
msg << "
|
51
|
+
msg = "#################### DEPRECATION WARNING ####################\n"
|
52
|
+
msg << "Called deprecated method `#{method}` of #{self}."
|
53
|
+
msg << " Use `#{options[:use]}` instead.\n" if options[:use]
|
54
|
+
if options[:version]
|
55
|
+
msg << "Method `#{method}` will be removed in #{options[:version]}."
|
56
|
+
end
|
57
|
+
msg << "\n#############################################################"
|
52
58
|
msg
|
53
59
|
end
|
54
60
|
|
55
|
-
alias_method(:"deprecated_#{
|
61
|
+
alias_method(:"deprecated_#{method}", method)
|
56
62
|
|
57
63
|
warned = false # we only want to issue this warning once
|
58
64
|
|
59
|
-
define_method(
|
65
|
+
define_method(method) do |*args, &block|
|
60
66
|
unless warned
|
61
67
|
warned = true
|
62
68
|
warn(deprecation_msg + "\n" + caller.join("\n"))
|
63
69
|
end
|
64
|
-
send("deprecated_#{
|
70
|
+
send("deprecated_#{method}", *args, &block)
|
65
71
|
end
|
66
72
|
end
|
67
73
|
|
@@ -47,8 +47,8 @@ module Aws
|
|
47
47
|
@mutex.synchronize do
|
48
48
|
# delete the least recent used endpoint when cache is full
|
49
49
|
unless @entries.size < @max_entries
|
50
|
-
old_key,
|
51
|
-
|
50
|
+
old_key, = @entries.shift
|
51
|
+
delete_polling_thread(old_key)
|
52
52
|
end
|
53
53
|
# delete old value if exists
|
54
54
|
@entries.delete(key)
|
@@ -60,10 +60,12 @@ module Aws
|
|
60
60
|
# @param [String] key
|
61
61
|
# @return [Boolean]
|
62
62
|
def key?(key)
|
63
|
-
|
64
|
-
|
63
|
+
@mutex.synchronize do
|
64
|
+
if @entries.key?(key) && (@entries[key].nil? || @entries[key].expired?)
|
65
|
+
@entries.delete(key)
|
66
|
+
end
|
67
|
+
@entries.key?(key)
|
65
68
|
end
|
66
|
-
@entries.key?(key)
|
67
69
|
end
|
68
70
|
|
69
71
|
# checking whether an polling thread exist for the key
|
@@ -84,7 +86,7 @@ module Aws
|
|
84
86
|
# kill the old polling thread and remove it from pool
|
85
87
|
# @param [String] key
|
86
88
|
def delete_polling_thread(key)
|
87
|
-
Thread.kill(@pool[key]) if
|
89
|
+
Thread.kill(@pool[key]) if threads_key?(key)
|
88
90
|
@pool.delete(key)
|
89
91
|
end
|
90
92
|
|
@@ -109,7 +111,7 @@ module Aws
|
|
109
111
|
if _endpoint_operation_identifier(ctx)
|
110
112
|
parts << ctx.operation_name
|
111
113
|
ctx.operation.input.shape.members.inject(parts) do |p, (name, ref)|
|
112
|
-
p << ctx.params[name] if ref[
|
114
|
+
p << ctx.params[name] if ref['endpointdiscoveryid']
|
113
115
|
p
|
114
116
|
end
|
115
117
|
end
|
@@ -141,7 +143,7 @@ module Aws
|
|
141
143
|
# build identifier params when available
|
142
144
|
params[:operation] = ctx.operation.name
|
143
145
|
ctx.operation.input.shape.members.inject(params) do |p, (name, ref)|
|
144
|
-
if ref[
|
146
|
+
if ref['endpointdiscoveryid']
|
145
147
|
p[:identifiers] ||= {}
|
146
148
|
p[:identifiers][ref.location_name] = ctx.params[name]
|
147
149
|
end
|
@@ -153,19 +155,20 @@ module Aws
|
|
153
155
|
endpoint_operation_name = ctx.config.api.endpoint_operation
|
154
156
|
ctx.client.send(endpoint_operation_name, params)
|
155
157
|
rescue Aws::Errors::ServiceError
|
156
|
-
nil
|
158
|
+
nil
|
157
159
|
end
|
158
160
|
end
|
159
161
|
|
160
162
|
def _endpoint_operation_identifier(ctx)
|
161
163
|
return @require_identifier unless @require_identifier.nil?
|
164
|
+
|
162
165
|
operation_name = ctx.config.api.endpoint_operation
|
163
166
|
operation = ctx.config.api.operation(operation_name)
|
164
167
|
@require_identifier = operation.input.shape.members.any?
|
165
168
|
end
|
166
169
|
|
167
170
|
class Endpoint
|
168
|
-
|
171
|
+
|
169
172
|
# default endpoint cache time, 1 minute
|
170
173
|
CACHE_PERIOD = 1
|
171
174
|
|
@@ -175,7 +178,7 @@ module Aws
|
|
175
178
|
@created_time = Time.now
|
176
179
|
end
|
177
180
|
|
178
|
-
# [String] valid URI address (with path)
|
181
|
+
# [String] valid URI address (with path)
|
179
182
|
attr_reader :address
|
180
183
|
|
181
184
|
def expired?
|
data/lib/aws-sdk-core/errors.rb
CHANGED
@@ -158,6 +158,18 @@ module Aws
|
|
158
158
|
end
|
159
159
|
end
|
160
160
|
|
161
|
+
# Raised when :web_identity_token_file parameter is not
|
162
|
+
# provided or the file doesn't exist when initializing
|
163
|
+
# AssumeRoleWebIdentityCredentials credential provider
|
164
|
+
class MissingWebIdentityTokenFile < RuntimeError
|
165
|
+
def initialize(*args)
|
166
|
+
msg = 'Missing :web_identity_token_file parameter or'\
|
167
|
+
' invalid file path provided for'\
|
168
|
+
' Aws::AssumeRoleWebIdentityCredentials provider'
|
169
|
+
super(msg)
|
170
|
+
end
|
171
|
+
end
|
172
|
+
|
161
173
|
# Raised when a credentials provider process returns a JSON
|
162
174
|
# payload with either invalid version number or malformed contents
|
163
175
|
class InvalidProcessCredentialsPayload < RuntimeError; end
|
@@ -51,8 +51,9 @@ module Aws
|
|
51
51
|
super
|
52
52
|
end
|
53
53
|
|
54
|
-
# @return [Integer]
|
55
|
-
#
|
54
|
+
# @return [Integer] Number of times to retry when retrieving credentials
|
55
|
+
# from the instance metadata service. Defaults to 0 when resolving from
|
56
|
+
# the default credential chain ({Aws::CredentialProviderChain}).
|
56
57
|
attr_reader :retries
|
57
58
|
|
58
59
|
private
|
data/lib/aws-sdk-core/json.rb
CHANGED
@@ -23,7 +23,7 @@ module Aws
|
|
23
23
|
|
24
24
|
def load(json)
|
25
25
|
ENGINE.load(json, *ENGINE_LOAD_OPTIONS)
|
26
|
-
rescue
|
26
|
+
rescue *ENGINE_ERRORS => e
|
27
27
|
raise ParseError.new(e)
|
28
28
|
end
|
29
29
|
|
@@ -45,21 +45,21 @@ module Aws
|
|
45
45
|
end
|
46
46
|
|
47
47
|
def json_engine
|
48
|
-
[JSON, [], [], JSON::ParserError]
|
48
|
+
[JSON, [], [], [JSON::ParserError]]
|
49
49
|
end
|
50
50
|
|
51
51
|
def oj_parse_error
|
52
52
|
if Oj.const_defined?('ParseError')
|
53
|
-
Oj::ParseError
|
53
|
+
[Oj::ParseError, EncodingError]
|
54
54
|
else
|
55
|
-
SyntaxError
|
55
|
+
[SyntaxError]
|
56
56
|
end
|
57
57
|
end
|
58
58
|
|
59
59
|
end
|
60
60
|
|
61
61
|
# @api private
|
62
|
-
ENGINE, ENGINE_LOAD_OPTIONS, ENGINE_DUMP_OPTIONS,
|
62
|
+
ENGINE, ENGINE_LOAD_OPTIONS, ENGINE_DUMP_OPTIONS, ENGINE_ERRORS =
|
63
63
|
oj_engine || json_engine
|
64
64
|
|
65
65
|
end
|
@@ -11,7 +11,7 @@ module Aws
|
|
11
11
|
#
|
12
12
|
# @api private
|
13
13
|
# begin
|
14
|
-
SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :body, :bot_configuration, :bot_email, :cause, :client_id, :client_secret, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :db_password, :default_phone_number, :definition, :description, :display_name, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :feedback_token, :file, :first_name, :id, :id_token, :input, :input_text, :key_id, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :message, :name, :new_password, :next_password, :notes, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :proposed_password, :public_key, :qr_code_png, :query, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :share_notes, :shared_secret, :slots, :sse_customer_key, :ssekms_key_id, :status_message, :tag_key_list, :tags, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :upload_credentials, :upload_url, :user_email, :user_name, :username, :value, :values, :variables, :zip_file]
|
14
|
+
SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :digest_tip_address, :display_name, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :feedback_token, :file, :first_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :message, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :proof, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :revision, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :share_notes, :shared_secret, :slots, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :zip_file]
|
15
15
|
# end
|
16
16
|
|
17
17
|
def initialize(options = {})
|
@@ -141,8 +141,8 @@ module Aws
|
|
141
141
|
errors << expected_got(context, "true or false", value)
|
142
142
|
end
|
143
143
|
when BlobShape
|
144
|
-
unless
|
145
|
-
errors << expected_got(context, "a String or
|
144
|
+
unless value.is_a?(String) || io_like?(value)
|
145
|
+
errors << expected_got(context, "a String or File object", value)
|
146
146
|
end
|
147
147
|
else
|
148
148
|
raise "unhandled shape type: #{ref.shape.class.name}"
|
@@ -166,9 +166,8 @@ module Aws
|
|
166
166
|
end
|
167
167
|
|
168
168
|
def io_like?(value)
|
169
|
-
value.respond_to?(:read) &&
|
170
|
-
|
171
|
-
value.respond_to?(:size)
|
169
|
+
value.respond_to?(:read) && value.respond_to?(:rewind) &&
|
170
|
+
value.respond_to?(:size)
|
172
171
|
end
|
173
172
|
|
174
173
|
def error_messages(errors)
|
@@ -24,6 +24,16 @@ agent is running on, where client metrics will be published via UDP.
|
|
24
24
|
resolve_client_side_monitoring_port(cfg)
|
25
25
|
end
|
26
26
|
|
27
|
+
option(:client_side_monitoring_host,
|
28
|
+
default: "127.0.0.1",
|
29
|
+
doc_type: String,
|
30
|
+
docstring: <<-DOCS) do |cfg|
|
31
|
+
Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client
|
32
|
+
side monitoring agent is running on, where client metrics will be published via UDP.
|
33
|
+
DOCS
|
34
|
+
resolve_client_side_monitoring_host(cfg)
|
35
|
+
end
|
36
|
+
|
27
37
|
option(:client_side_monitoring_publisher,
|
28
38
|
default: ClientSideMonitoring::Publisher,
|
29
39
|
doc_type: Aws::ClientSideMonitoring::Publisher,
|
@@ -49,6 +59,7 @@ all generated client side metrics. Defaults to an empty string.
|
|
49
59
|
handlers.add(Handler, step: :initialize)
|
50
60
|
publisher = config.client_side_monitoring_publisher
|
51
61
|
publisher.agent_port = config.client_side_monitoring_port
|
62
|
+
publisher.agent_host = config.client_side_monitoring_host
|
52
63
|
end
|
53
64
|
end
|
54
65
|
|
@@ -70,6 +81,19 @@ all generated client side metrics. Defaults to an empty string.
|
|
70
81
|
end
|
71
82
|
end
|
72
83
|
|
84
|
+
def self.resolve_client_side_monitoring_host(cfg)
|
85
|
+
env_source = ENV["AWS_CSM_HOST"]
|
86
|
+
env_source = nil if env_source == ""
|
87
|
+
cfg_source = Aws.shared_config.csm_host(profile: cfg.profile)
|
88
|
+
if env_source
|
89
|
+
env_source
|
90
|
+
elsif cfg_source
|
91
|
+
cfg_source
|
92
|
+
else
|
93
|
+
"127.0.0.1"
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
73
97
|
def self.resolve_client_side_monitoring(cfg)
|
74
98
|
env_source = ENV["AWS_CSM_ENABLED"]
|
75
99
|
env_source = nil if env_source == ""
|
@@ -35,7 +35,9 @@ to test endpoints. This should be avalid HTTP(S) URI.
|
|
35
35
|
DOCS
|
36
36
|
endpoint_prefix = cfg.api.metadata['endpointPrefix']
|
37
37
|
if cfg.region && endpoint_prefix
|
38
|
-
|
38
|
+
sts_regional = cfg.respond_to?(:sts_regional_endpoints) ? cfg.sts_regional_endpoints : nil
|
39
|
+
Aws::Partitions::EndpointProvider.resolve(
|
40
|
+
cfg.region, endpoint_prefix, sts_regional)
|
39
41
|
end
|
40
42
|
end
|
41
43
|
|
@@ -6,7 +6,7 @@ module Aws
|
|
6
6
|
class RetryErrors < Seahorse::Client::Plugin
|
7
7
|
|
8
8
|
EQUAL_JITTER = lambda { |delay| (delay / 2) + Kernel.rand(0..(delay/2))}
|
9
|
-
FULL_JITTER= lambda { |delay| Kernel.rand(0..delay) }
|
9
|
+
FULL_JITTER = lambda { |delay| Kernel.rand(0..delay) }
|
10
10
|
NO_JITTER = lambda { |delay| delay }
|
11
11
|
|
12
12
|
JITTERS = {
|
@@ -72,6 +72,8 @@ A delay randomiser function used by the default backoff function. Some predefine
|
|
72
72
|
'UnrecognizedClientException', # json services
|
73
73
|
'InvalidAccessKeyId', # s3
|
74
74
|
'AuthFailure', # ec2
|
75
|
+
'InvalidIdentityToken', # sts
|
76
|
+
'ExpiredToken', # route53
|
75
77
|
])
|
76
78
|
|
77
79
|
THROTTLING_ERRORS = Set.new([
|
@@ -93,7 +95,8 @@ A delay randomiser function used by the default backoff function. Some predefine
|
|
93
95
|
])
|
94
96
|
|
95
97
|
NETWORKING_ERRORS = Set.new([
|
96
|
-
'RequestTimeout',
|
98
|
+
'RequestTimeout', # s3
|
99
|
+
'IDPCommunicationError', # sts
|
97
100
|
])
|
98
101
|
|
99
102
|
def initialize(error, http_status_code)
|
@@ -116,6 +119,7 @@ A delay randomiser function used by the default backoff function. Some predefine
|
|
116
119
|
|
117
120
|
def networking?
|
118
121
|
@error.is_a?(Seahorse::Client::NetworkingError) ||
|
122
|
+
@error.is_a?(Errors::NoSuchEndpointError) ||
|
119
123
|
NETWORKING_ERRORS.include?(@name)
|
120
124
|
end
|
121
125
|
|
@@ -141,7 +145,7 @@ A delay randomiser function used by the default backoff function. Some predefine
|
|
141
145
|
false
|
142
146
|
end
|
143
147
|
end
|
144
|
-
|
148
|
+
|
145
149
|
def retryable?(context)
|
146
150
|
(expired_credentials? and refreshable_credentials?(context)) or
|
147
151
|
throttling_error? or
|
@@ -5,7 +5,7 @@ module Aws
|
|
5
5
|
# A credential provider that executes a given process and attempts
|
6
6
|
# to read its stdout to recieve a JSON payload containing the credentials
|
7
7
|
#
|
8
|
-
# Automatically handles refreshing credentials if an Expiration time is
|
8
|
+
# Automatically handles refreshing credentials if an Expiration time is
|
9
9
|
# provided in the credentials payload
|
10
10
|
#
|
11
11
|
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc').credentials
|
@@ -23,11 +23,11 @@ module Aws
|
|
23
23
|
# external process to be used as a credential provider.
|
24
24
|
#
|
25
25
|
# @param [String] process Invocation string for process
|
26
|
-
# credentials provider.
|
26
|
+
# credentials provider.
|
27
27
|
def initialize(process)
|
28
28
|
@process = process
|
29
29
|
@credentials = credentials_from_process(@process)
|
30
|
-
|
30
|
+
|
31
31
|
super
|
32
32
|
end
|
33
33
|
|