aws-sdk-core 3.54.2 → 3.75.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +101 -0
- data/lib/aws-sdk-core/client_side_monitoring/publisher.rb +9 -1
- data/lib/aws-sdk-core/credential_provider.rb +0 -31
- data/lib/aws-sdk-core/credential_provider_chain.rb +29 -18
- data/lib/aws-sdk-core/deprecations.rb +16 -10
- data/lib/aws-sdk-core/endpoint_cache.rb +14 -11
- data/lib/aws-sdk-core/errors.rb +12 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +3 -2
- data/lib/aws-sdk-core/json.rb +5 -5
- data/lib/aws-sdk-core/log/param_filter.rb +1 -1
- data/lib/aws-sdk-core/param_validator.rb +4 -5
- data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +24 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +3 -1
- data/lib/aws-sdk-core/plugins/retry_errors.rb +7 -3
- data/lib/aws-sdk-core/process_credentials.rb +3 -3
- data/lib/aws-sdk-core/shared_config.rb +74 -5
- data/lib/aws-sdk-core.rb +1 -0
- data/lib/aws-sdk-sts/client.rb +102 -17
- data/lib/aws-sdk-sts/client_api.rb +16 -0
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +32 -0
- data/lib/aws-sdk-sts/types.rb +53 -18
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/seahorse/client/base.rb +3 -1
- data/lib/seahorse/client/handler_list_entry.rb +2 -2
- data/lib/seahorse/client/plugin.rb +1 -1
- metadata +12 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 194df940a18e57a3fbf75e09c42328b35988c17e
|
|
4
|
+
data.tar.gz: fa8cf2d891ba162504b4a7cee3708fcca2078691
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2000eaec703020824d47772c672bc3465cc0a41b060455b7bec2dcdee009f44568c60417a378d5fd3d5981cd84767a1a5c46af7d78f0b211f43335e0a9e3d5ee
|
|
7
|
+
data.tar.gz: a5162ca9178f3333608650761ffa90e5dadace299da423ecbc7ce63bd16c45f513c563a44fcdc73bd0ffbd34bc96905a1184c1ee6f9b0b7d582e25630a475bee
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.75.0
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
require 'set'
|
|
2
|
+
require 'securerandom'
|
|
3
|
+
require 'base64'
|
|
4
|
+
|
|
5
|
+
module Aws
|
|
6
|
+
|
|
7
|
+
# An auto-refreshing credential provider that works by assuming
|
|
8
|
+
# a role via {Aws::STS::Client#assume_role_with_web_identity}.
|
|
9
|
+
#
|
|
10
|
+
# role_credentials = Aws::AssumeRoleWebIdentityCredentials.new(
|
|
11
|
+
# client: Aws::STS::Client.new(...),
|
|
12
|
+
# role_arn: "linked::account::arn",
|
|
13
|
+
# web_identity_token_file: "/path/to/token/file",
|
|
14
|
+
# role_session_name: "session-name"
|
|
15
|
+
# ...
|
|
16
|
+
# )
|
|
17
|
+
# For full list of parameters accepted
|
|
18
|
+
# @see Aws::STS::Client#assume_role_with_web_identity
|
|
19
|
+
#
|
|
20
|
+
#
|
|
21
|
+
# If you omit `:client` option, a new {STS::Client} object will be
|
|
22
|
+
# constructed.
|
|
23
|
+
class AssumeRoleWebIdentityCredentials
|
|
24
|
+
|
|
25
|
+
include CredentialProvider
|
|
26
|
+
include RefreshingCredentials
|
|
27
|
+
|
|
28
|
+
# @option options [required, String] :role_arn the IAM role
|
|
29
|
+
# to be assumed
|
|
30
|
+
#
|
|
31
|
+
# @option options [required, String] :web_identity_token_file
|
|
32
|
+
# absolute path to the file on disk containing OIDC token
|
|
33
|
+
#
|
|
34
|
+
# @option options [String] :role_session_name the IAM session
|
|
35
|
+
# name used to distinguish session, when not provided, base64
|
|
36
|
+
# encoded UUID is generated as the session name
|
|
37
|
+
#
|
|
38
|
+
# @option options [STS::Client] :client
|
|
39
|
+
def initialize(options = {})
|
|
40
|
+
client_opts = {}
|
|
41
|
+
@assume_role_web_identity_params = {}
|
|
42
|
+
@token_file = options.delete(:web_identity_token_file)
|
|
43
|
+
options.each_pair do |key, value|
|
|
44
|
+
if self.class.assume_role_web_identity_options.include?(key)
|
|
45
|
+
@assume_role_web_identity_params[key] = value
|
|
46
|
+
else
|
|
47
|
+
client_opts[key] = value
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
unless @assume_role_web_identity_params[:role_session_name]
|
|
52
|
+
# not provided, generate encoded UUID as session name
|
|
53
|
+
@assume_role_web_identity_params[:role_session_name] = _session_name
|
|
54
|
+
end
|
|
55
|
+
@client = client_opts[:client] || STS::Client.new(client_opts.merge(credentials: false))
|
|
56
|
+
super
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
# @return [STS::Client]
|
|
60
|
+
attr_reader :client
|
|
61
|
+
|
|
62
|
+
private
|
|
63
|
+
|
|
64
|
+
def refresh
|
|
65
|
+
# read from token file everytime it refreshes
|
|
66
|
+
@assume_role_web_identity_params[:web_identity_token] = _token_from_file(@token_file)
|
|
67
|
+
|
|
68
|
+
c = @client.assume_role_with_web_identity(
|
|
69
|
+
@assume_role_web_identity_params).credentials
|
|
70
|
+
@credentials = Credentials.new(
|
|
71
|
+
c.access_key_id,
|
|
72
|
+
c.secret_access_key,
|
|
73
|
+
c.session_token
|
|
74
|
+
)
|
|
75
|
+
@expiration = c.expiration
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
def _token_from_file(path)
|
|
79
|
+
unless path && File.exist?(path)
|
|
80
|
+
raise Aws::Errors::MissingWebIdentityTokenFile.new
|
|
81
|
+
end
|
|
82
|
+
File.read(path)
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def _session_name
|
|
86
|
+
Base64.strict_encode64(SecureRandom.uuid)
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
class << self
|
|
90
|
+
|
|
91
|
+
# @api private
|
|
92
|
+
def assume_role_web_identity_options
|
|
93
|
+
@arwio ||= begin
|
|
94
|
+
input = STS::Client.api.operation(:assume_role_with_web_identity).input
|
|
95
|
+
Set.new(input.shape.member_names)
|
|
96
|
+
end
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
end
|
|
@@ -6,8 +6,10 @@ module Aws
|
|
|
6
6
|
# @api private
|
|
7
7
|
class Publisher
|
|
8
8
|
attr_reader :agent_port
|
|
9
|
+
attr_reader :agent_host
|
|
9
10
|
|
|
10
11
|
def initialize(opts = {})
|
|
12
|
+
@agent_host = opts[:agent_host] || "127.0.0.1"
|
|
11
13
|
@agent_port = opts[:agent_port]
|
|
12
14
|
@mutex = Mutex.new
|
|
13
15
|
end
|
|
@@ -18,6 +20,12 @@ module Aws
|
|
|
18
20
|
end
|
|
19
21
|
end
|
|
20
22
|
|
|
23
|
+
def agent_host=(value)
|
|
24
|
+
@mutex.synchronize do
|
|
25
|
+
@agent_host = value
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
21
29
|
def publish(request_metrics)
|
|
22
30
|
send_datagram(request_metrics.api_call.to_json)
|
|
23
31
|
request_metrics.api_call_attempts.each do |attempt|
|
|
@@ -29,7 +37,7 @@ module Aws
|
|
|
29
37
|
if @agent_port
|
|
30
38
|
socket = UDPSocket.new
|
|
31
39
|
begin
|
|
32
|
-
socket.connect(
|
|
40
|
+
socket.connect(@agent_host, @agent_port)
|
|
33
41
|
socket.send(msg, 0)
|
|
34
42
|
rescue Errno::ECONNREFUSED
|
|
35
43
|
# Drop on the floor
|
|
@@ -1,10 +1,6 @@
|
|
|
1
|
-
require_relative 'deprecations'
|
|
2
|
-
|
|
3
1
|
module Aws
|
|
4
2
|
module CredentialProvider
|
|
5
3
|
|
|
6
|
-
extend Deprecations
|
|
7
|
-
|
|
8
4
|
# @return [Credentials]
|
|
9
5
|
attr_reader :credentials
|
|
10
6
|
|
|
@@ -13,32 +9,5 @@ module Aws
|
|
|
13
9
|
!!credentials && credentials.set?
|
|
14
10
|
end
|
|
15
11
|
|
|
16
|
-
# @deprecated Deprecated in 2.1.0. This method is subject to errors
|
|
17
|
-
# from a race condition when called against refreshable credential
|
|
18
|
-
# objects. Will be removed in 2.2.0.
|
|
19
|
-
# @see #credentials
|
|
20
|
-
def access_key_id
|
|
21
|
-
credentials ? credentials.access_key_id : nil
|
|
22
|
-
end
|
|
23
|
-
deprecated(:access_key_id, use: '#credentials')
|
|
24
|
-
|
|
25
|
-
# @deprecated Deprecated in 2.1.0. This method is subject to errors
|
|
26
|
-
# from a race condition when called against refreshable credential
|
|
27
|
-
# objects. Will be removed in 2.2.0.
|
|
28
|
-
# @see #credentials
|
|
29
|
-
def secret_access_key
|
|
30
|
-
credentials ? credentials.secret_access_key : nil
|
|
31
|
-
end
|
|
32
|
-
deprecated(:secret_access_key, use: '#credentials')
|
|
33
|
-
|
|
34
|
-
# @deprecated Deprecated in 2.1.0. This method is subject to errors
|
|
35
|
-
# from a race condition when called against refreshable credential
|
|
36
|
-
# objects. Will be removed in 2.2.0.
|
|
37
|
-
# @see #credentials
|
|
38
|
-
def session_token
|
|
39
|
-
credentials ? credentials.session_token : nil
|
|
40
|
-
end
|
|
41
|
-
deprecated(:session_token, use: '#credentials')
|
|
42
|
-
|
|
43
12
|
end
|
|
44
13
|
end
|
|
@@ -21,6 +21,7 @@ module Aws
|
|
|
21
21
|
[
|
|
22
22
|
[:static_credentials, {}],
|
|
23
23
|
[:env_credentials, {}],
|
|
24
|
+
[:assume_role_web_identity_credentials, {}],
|
|
24
25
|
[:assume_role_credentials, {}],
|
|
25
26
|
[:shared_credentials, {}],
|
|
26
27
|
[:process_credentials, {}],
|
|
@@ -59,22 +60,20 @@ module Aws
|
|
|
59
60
|
nil
|
|
60
61
|
end
|
|
61
62
|
|
|
63
|
+
def determine_profile_name(options)
|
|
64
|
+
(options[:config] && options[:config].profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default'
|
|
65
|
+
end
|
|
66
|
+
|
|
62
67
|
def shared_credentials(options)
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
else
|
|
66
|
-
SharedCredentials.new(
|
|
67
|
-
profile_name: ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE'])
|
|
68
|
-
end
|
|
68
|
+
profile_name = determine_profile_name(options)
|
|
69
|
+
SharedCredentials.new(profile_name: profile_name)
|
|
69
70
|
rescue Errors::NoSuchProfileError
|
|
70
71
|
nil
|
|
71
72
|
end
|
|
72
73
|
|
|
73
74
|
def process_credentials(options)
|
|
74
|
-
profile_name = options[:config].profile if options[:config]
|
|
75
|
-
profile_name ||= ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE']
|
|
76
|
-
|
|
77
75
|
config = Aws.shared_config
|
|
76
|
+
profile_name = determine_profile_name(options)
|
|
78
77
|
if config.config_enabled? && process_provider = config.credentials_process(profile_name)
|
|
79
78
|
ProcessCredentials.new(process_provider)
|
|
80
79
|
else
|
|
@@ -86,13 +85,23 @@ module Aws
|
|
|
86
85
|
|
|
87
86
|
def assume_role_credentials(options)
|
|
88
87
|
if Aws.shared_config.config_enabled?
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
88
|
+
assume_role_with_profile(options)
|
|
89
|
+
else
|
|
90
|
+
nil
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
def assume_role_web_identity_credentials(options)
|
|
95
|
+
if (role_arn = ENV['AWS_ROLE_ARN']) &&
|
|
96
|
+
(token_file = ENV['AWS_WEB_IDENTITY_TOKEN_FILE'])
|
|
97
|
+
AssumeRoleWebIdentityCredentials.new(
|
|
98
|
+
role_arn: role_arn,
|
|
99
|
+
web_identity_token_file: token_file,
|
|
100
|
+
role_session_name: ENV['AWS_ROLE_SESSION_NAME']
|
|
101
|
+
)
|
|
102
|
+
elsif Aws.shared_config.config_enabled?
|
|
103
|
+
profile = options[:config].profile if options[:config]
|
|
104
|
+
Aws.shared_config.assume_role_web_identity_credentials_from_config(profile)
|
|
96
105
|
else
|
|
97
106
|
nil
|
|
98
107
|
end
|
|
@@ -106,9 +115,11 @@ module Aws
|
|
|
106
115
|
end
|
|
107
116
|
end
|
|
108
117
|
|
|
109
|
-
def assume_role_with_profile(
|
|
118
|
+
def assume_role_with_profile(options)
|
|
119
|
+
profile_name = determine_profile_name(options)
|
|
120
|
+
region = (options[:config] && options[:config].region)
|
|
110
121
|
Aws.shared_config.assume_role_credentials_from_config(
|
|
111
|
-
profile:
|
|
122
|
+
profile: profile_name,
|
|
112
123
|
region: region,
|
|
113
124
|
chain_config: @config
|
|
114
125
|
)
|
|
@@ -35,33 +35,39 @@ module Aws
|
|
|
35
35
|
# @api private
|
|
36
36
|
module Deprecations
|
|
37
37
|
|
|
38
|
-
# @param [Symbol]
|
|
38
|
+
# @param [Symbol] method The name of the deprecated method.
|
|
39
39
|
#
|
|
40
40
|
# @option options [String] :message The warning message to issue
|
|
41
41
|
# when the deprecated method is called.
|
|
42
42
|
#
|
|
43
|
-
# @option options [
|
|
44
|
-
# method that should be used.
|
|
43
|
+
# @option options [String] :use The name of a method that should be used.
|
|
45
44
|
#
|
|
46
|
-
|
|
45
|
+
# @option options [String] :version The version that will remove the
|
|
46
|
+
# deprecated method.
|
|
47
|
+
#
|
|
48
|
+
def deprecated(method, options = {})
|
|
47
49
|
|
|
48
50
|
deprecation_msg = options[:message] || begin
|
|
49
|
-
msg = "DEPRECATION WARNING
|
|
50
|
-
msg << "of
|
|
51
|
-
msg << "
|
|
51
|
+
msg = "#################### DEPRECATION WARNING ####################\n"
|
|
52
|
+
msg << "Called deprecated method `#{method}` of #{self}."
|
|
53
|
+
msg << " Use `#{options[:use]}` instead.\n" if options[:use]
|
|
54
|
+
if options[:version]
|
|
55
|
+
msg << "Method `#{method}` will be removed in #{options[:version]}."
|
|
56
|
+
end
|
|
57
|
+
msg << "\n#############################################################"
|
|
52
58
|
msg
|
|
53
59
|
end
|
|
54
60
|
|
|
55
|
-
alias_method(:"deprecated_#{
|
|
61
|
+
alias_method(:"deprecated_#{method}", method)
|
|
56
62
|
|
|
57
63
|
warned = false # we only want to issue this warning once
|
|
58
64
|
|
|
59
|
-
define_method(
|
|
65
|
+
define_method(method) do |*args, &block|
|
|
60
66
|
unless warned
|
|
61
67
|
warned = true
|
|
62
68
|
warn(deprecation_msg + "\n" + caller.join("\n"))
|
|
63
69
|
end
|
|
64
|
-
send("deprecated_#{
|
|
70
|
+
send("deprecated_#{method}", *args, &block)
|
|
65
71
|
end
|
|
66
72
|
end
|
|
67
73
|
|
|
@@ -47,8 +47,8 @@ module Aws
|
|
|
47
47
|
@mutex.synchronize do
|
|
48
48
|
# delete the least recent used endpoint when cache is full
|
|
49
49
|
unless @entries.size < @max_entries
|
|
50
|
-
old_key,
|
|
51
|
-
|
|
50
|
+
old_key, = @entries.shift
|
|
51
|
+
delete_polling_thread(old_key)
|
|
52
52
|
end
|
|
53
53
|
# delete old value if exists
|
|
54
54
|
@entries.delete(key)
|
|
@@ -60,10 +60,12 @@ module Aws
|
|
|
60
60
|
# @param [String] key
|
|
61
61
|
# @return [Boolean]
|
|
62
62
|
def key?(key)
|
|
63
|
-
|
|
64
|
-
|
|
63
|
+
@mutex.synchronize do
|
|
64
|
+
if @entries.key?(key) && (@entries[key].nil? || @entries[key].expired?)
|
|
65
|
+
@entries.delete(key)
|
|
66
|
+
end
|
|
67
|
+
@entries.key?(key)
|
|
65
68
|
end
|
|
66
|
-
@entries.key?(key)
|
|
67
69
|
end
|
|
68
70
|
|
|
69
71
|
# checking whether an polling thread exist for the key
|
|
@@ -84,7 +86,7 @@ module Aws
|
|
|
84
86
|
# kill the old polling thread and remove it from pool
|
|
85
87
|
# @param [String] key
|
|
86
88
|
def delete_polling_thread(key)
|
|
87
|
-
Thread.kill(@pool[key]) if
|
|
89
|
+
Thread.kill(@pool[key]) if threads_key?(key)
|
|
88
90
|
@pool.delete(key)
|
|
89
91
|
end
|
|
90
92
|
|
|
@@ -109,7 +111,7 @@ module Aws
|
|
|
109
111
|
if _endpoint_operation_identifier(ctx)
|
|
110
112
|
parts << ctx.operation_name
|
|
111
113
|
ctx.operation.input.shape.members.inject(parts) do |p, (name, ref)|
|
|
112
|
-
p << ctx.params[name] if ref[
|
|
114
|
+
p << ctx.params[name] if ref['endpointdiscoveryid']
|
|
113
115
|
p
|
|
114
116
|
end
|
|
115
117
|
end
|
|
@@ -141,7 +143,7 @@ module Aws
|
|
|
141
143
|
# build identifier params when available
|
|
142
144
|
params[:operation] = ctx.operation.name
|
|
143
145
|
ctx.operation.input.shape.members.inject(params) do |p, (name, ref)|
|
|
144
|
-
if ref[
|
|
146
|
+
if ref['endpointdiscoveryid']
|
|
145
147
|
p[:identifiers] ||= {}
|
|
146
148
|
p[:identifiers][ref.location_name] = ctx.params[name]
|
|
147
149
|
end
|
|
@@ -153,19 +155,20 @@ module Aws
|
|
|
153
155
|
endpoint_operation_name = ctx.config.api.endpoint_operation
|
|
154
156
|
ctx.client.send(endpoint_operation_name, params)
|
|
155
157
|
rescue Aws::Errors::ServiceError
|
|
156
|
-
nil
|
|
158
|
+
nil
|
|
157
159
|
end
|
|
158
160
|
end
|
|
159
161
|
|
|
160
162
|
def _endpoint_operation_identifier(ctx)
|
|
161
163
|
return @require_identifier unless @require_identifier.nil?
|
|
164
|
+
|
|
162
165
|
operation_name = ctx.config.api.endpoint_operation
|
|
163
166
|
operation = ctx.config.api.operation(operation_name)
|
|
164
167
|
@require_identifier = operation.input.shape.members.any?
|
|
165
168
|
end
|
|
166
169
|
|
|
167
170
|
class Endpoint
|
|
168
|
-
|
|
171
|
+
|
|
169
172
|
# default endpoint cache time, 1 minute
|
|
170
173
|
CACHE_PERIOD = 1
|
|
171
174
|
|
|
@@ -175,7 +178,7 @@ module Aws
|
|
|
175
178
|
@created_time = Time.now
|
|
176
179
|
end
|
|
177
180
|
|
|
178
|
-
# [String] valid URI address (with path)
|
|
181
|
+
# [String] valid URI address (with path)
|
|
179
182
|
attr_reader :address
|
|
180
183
|
|
|
181
184
|
def expired?
|
data/lib/aws-sdk-core/errors.rb
CHANGED
|
@@ -158,6 +158,18 @@ module Aws
|
|
|
158
158
|
end
|
|
159
159
|
end
|
|
160
160
|
|
|
161
|
+
# Raised when :web_identity_token_file parameter is not
|
|
162
|
+
# provided or the file doesn't exist when initializing
|
|
163
|
+
# AssumeRoleWebIdentityCredentials credential provider
|
|
164
|
+
class MissingWebIdentityTokenFile < RuntimeError
|
|
165
|
+
def initialize(*args)
|
|
166
|
+
msg = 'Missing :web_identity_token_file parameter or'\
|
|
167
|
+
' invalid file path provided for'\
|
|
168
|
+
' Aws::AssumeRoleWebIdentityCredentials provider'
|
|
169
|
+
super(msg)
|
|
170
|
+
end
|
|
171
|
+
end
|
|
172
|
+
|
|
161
173
|
# Raised when a credentials provider process returns a JSON
|
|
162
174
|
# payload with either invalid version number or malformed contents
|
|
163
175
|
class InvalidProcessCredentialsPayload < RuntimeError; end
|
|
@@ -51,8 +51,9 @@ module Aws
|
|
|
51
51
|
super
|
|
52
52
|
end
|
|
53
53
|
|
|
54
|
-
# @return [Integer]
|
|
55
|
-
#
|
|
54
|
+
# @return [Integer] Number of times to retry when retrieving credentials
|
|
55
|
+
# from the instance metadata service. Defaults to 0 when resolving from
|
|
56
|
+
# the default credential chain ({Aws::CredentialProviderChain}).
|
|
56
57
|
attr_reader :retries
|
|
57
58
|
|
|
58
59
|
private
|
data/lib/aws-sdk-core/json.rb
CHANGED
|
@@ -23,7 +23,7 @@ module Aws
|
|
|
23
23
|
|
|
24
24
|
def load(json)
|
|
25
25
|
ENGINE.load(json, *ENGINE_LOAD_OPTIONS)
|
|
26
|
-
rescue
|
|
26
|
+
rescue *ENGINE_ERRORS => e
|
|
27
27
|
raise ParseError.new(e)
|
|
28
28
|
end
|
|
29
29
|
|
|
@@ -45,21 +45,21 @@ module Aws
|
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
def json_engine
|
|
48
|
-
[JSON, [], [], JSON::ParserError]
|
|
48
|
+
[JSON, [], [], [JSON::ParserError]]
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
def oj_parse_error
|
|
52
52
|
if Oj.const_defined?('ParseError')
|
|
53
|
-
Oj::ParseError
|
|
53
|
+
[Oj::ParseError, EncodingError]
|
|
54
54
|
else
|
|
55
|
-
SyntaxError
|
|
55
|
+
[SyntaxError]
|
|
56
56
|
end
|
|
57
57
|
end
|
|
58
58
|
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
# @api private
|
|
62
|
-
ENGINE, ENGINE_LOAD_OPTIONS, ENGINE_DUMP_OPTIONS,
|
|
62
|
+
ENGINE, ENGINE_LOAD_OPTIONS, ENGINE_DUMP_OPTIONS, ENGINE_ERRORS =
|
|
63
63
|
oj_engine || json_engine
|
|
64
64
|
|
|
65
65
|
end
|
|
@@ -11,7 +11,7 @@ module Aws
|
|
|
11
11
|
#
|
|
12
12
|
# @api private
|
|
13
13
|
# begin
|
|
14
|
-
SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :body, :bot_configuration, :bot_email, :cause, :client_id, :client_secret, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :db_password, :default_phone_number, :definition, :description, :display_name, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :feedback_token, :file, :first_name, :id, :id_token, :input, :input_text, :key_id, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :message, :name, :new_password, :next_password, :notes, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :proposed_password, :public_key, :qr_code_png, :query, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :share_notes, :shared_secret, :slots, :sse_customer_key, :ssekms_key_id, :status_message, :tag_key_list, :tags, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :upload_credentials, :upload_url, :user_email, :user_name, :username, :value, :values, :variables, :zip_file]
|
|
14
|
+
SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :digest_tip_address, :display_name, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :feedback_token, :file, :first_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :message, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :proof, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :revision, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :share_notes, :shared_secret, :slots, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :zip_file]
|
|
15
15
|
# end
|
|
16
16
|
|
|
17
17
|
def initialize(options = {})
|
|
@@ -141,8 +141,8 @@ module Aws
|
|
|
141
141
|
errors << expected_got(context, "true or false", value)
|
|
142
142
|
end
|
|
143
143
|
when BlobShape
|
|
144
|
-
unless
|
|
145
|
-
errors << expected_got(context, "a String or
|
|
144
|
+
unless value.is_a?(String) || io_like?(value)
|
|
145
|
+
errors << expected_got(context, "a String or File object", value)
|
|
146
146
|
end
|
|
147
147
|
else
|
|
148
148
|
raise "unhandled shape type: #{ref.shape.class.name}"
|
|
@@ -166,9 +166,8 @@ module Aws
|
|
|
166
166
|
end
|
|
167
167
|
|
|
168
168
|
def io_like?(value)
|
|
169
|
-
value.respond_to?(:read) &&
|
|
170
|
-
|
|
171
|
-
value.respond_to?(:size)
|
|
169
|
+
value.respond_to?(:read) && value.respond_to?(:rewind) &&
|
|
170
|
+
value.respond_to?(:size)
|
|
172
171
|
end
|
|
173
172
|
|
|
174
173
|
def error_messages(errors)
|
|
@@ -24,6 +24,16 @@ agent is running on, where client metrics will be published via UDP.
|
|
|
24
24
|
resolve_client_side_monitoring_port(cfg)
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
+
option(:client_side_monitoring_host,
|
|
28
|
+
default: "127.0.0.1",
|
|
29
|
+
doc_type: String,
|
|
30
|
+
docstring: <<-DOCS) do |cfg|
|
|
31
|
+
Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client
|
|
32
|
+
side monitoring agent is running on, where client metrics will be published via UDP.
|
|
33
|
+
DOCS
|
|
34
|
+
resolve_client_side_monitoring_host(cfg)
|
|
35
|
+
end
|
|
36
|
+
|
|
27
37
|
option(:client_side_monitoring_publisher,
|
|
28
38
|
default: ClientSideMonitoring::Publisher,
|
|
29
39
|
doc_type: Aws::ClientSideMonitoring::Publisher,
|
|
@@ -49,6 +59,7 @@ all generated client side metrics. Defaults to an empty string.
|
|
|
49
59
|
handlers.add(Handler, step: :initialize)
|
|
50
60
|
publisher = config.client_side_monitoring_publisher
|
|
51
61
|
publisher.agent_port = config.client_side_monitoring_port
|
|
62
|
+
publisher.agent_host = config.client_side_monitoring_host
|
|
52
63
|
end
|
|
53
64
|
end
|
|
54
65
|
|
|
@@ -70,6 +81,19 @@ all generated client side metrics. Defaults to an empty string.
|
|
|
70
81
|
end
|
|
71
82
|
end
|
|
72
83
|
|
|
84
|
+
def self.resolve_client_side_monitoring_host(cfg)
|
|
85
|
+
env_source = ENV["AWS_CSM_HOST"]
|
|
86
|
+
env_source = nil if env_source == ""
|
|
87
|
+
cfg_source = Aws.shared_config.csm_host(profile: cfg.profile)
|
|
88
|
+
if env_source
|
|
89
|
+
env_source
|
|
90
|
+
elsif cfg_source
|
|
91
|
+
cfg_source
|
|
92
|
+
else
|
|
93
|
+
"127.0.0.1"
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
|
|
73
97
|
def self.resolve_client_side_monitoring(cfg)
|
|
74
98
|
env_source = ENV["AWS_CSM_ENABLED"]
|
|
75
99
|
env_source = nil if env_source == ""
|
|
@@ -35,7 +35,9 @@ to test endpoints. This should be avalid HTTP(S) URI.
|
|
|
35
35
|
DOCS
|
|
36
36
|
endpoint_prefix = cfg.api.metadata['endpointPrefix']
|
|
37
37
|
if cfg.region && endpoint_prefix
|
|
38
|
-
|
|
38
|
+
sts_regional = cfg.respond_to?(:sts_regional_endpoints) ? cfg.sts_regional_endpoints : nil
|
|
39
|
+
Aws::Partitions::EndpointProvider.resolve(
|
|
40
|
+
cfg.region, endpoint_prefix, sts_regional)
|
|
39
41
|
end
|
|
40
42
|
end
|
|
41
43
|
|
|
@@ -6,7 +6,7 @@ module Aws
|
|
|
6
6
|
class RetryErrors < Seahorse::Client::Plugin
|
|
7
7
|
|
|
8
8
|
EQUAL_JITTER = lambda { |delay| (delay / 2) + Kernel.rand(0..(delay/2))}
|
|
9
|
-
FULL_JITTER= lambda { |delay| Kernel.rand(0..delay) }
|
|
9
|
+
FULL_JITTER = lambda { |delay| Kernel.rand(0..delay) }
|
|
10
10
|
NO_JITTER = lambda { |delay| delay }
|
|
11
11
|
|
|
12
12
|
JITTERS = {
|
|
@@ -72,6 +72,8 @@ A delay randomiser function used by the default backoff function. Some predefine
|
|
|
72
72
|
'UnrecognizedClientException', # json services
|
|
73
73
|
'InvalidAccessKeyId', # s3
|
|
74
74
|
'AuthFailure', # ec2
|
|
75
|
+
'InvalidIdentityToken', # sts
|
|
76
|
+
'ExpiredToken', # route53
|
|
75
77
|
])
|
|
76
78
|
|
|
77
79
|
THROTTLING_ERRORS = Set.new([
|
|
@@ -93,7 +95,8 @@ A delay randomiser function used by the default backoff function. Some predefine
|
|
|
93
95
|
])
|
|
94
96
|
|
|
95
97
|
NETWORKING_ERRORS = Set.new([
|
|
96
|
-
'RequestTimeout',
|
|
98
|
+
'RequestTimeout', # s3
|
|
99
|
+
'IDPCommunicationError', # sts
|
|
97
100
|
])
|
|
98
101
|
|
|
99
102
|
def initialize(error, http_status_code)
|
|
@@ -116,6 +119,7 @@ A delay randomiser function used by the default backoff function. Some predefine
|
|
|
116
119
|
|
|
117
120
|
def networking?
|
|
118
121
|
@error.is_a?(Seahorse::Client::NetworkingError) ||
|
|
122
|
+
@error.is_a?(Errors::NoSuchEndpointError) ||
|
|
119
123
|
NETWORKING_ERRORS.include?(@name)
|
|
120
124
|
end
|
|
121
125
|
|
|
@@ -141,7 +145,7 @@ A delay randomiser function used by the default backoff function. Some predefine
|
|
|
141
145
|
false
|
|
142
146
|
end
|
|
143
147
|
end
|
|
144
|
-
|
|
148
|
+
|
|
145
149
|
def retryable?(context)
|
|
146
150
|
(expired_credentials? and refreshable_credentials?(context)) or
|
|
147
151
|
throttling_error? or
|
|
@@ -5,7 +5,7 @@ module Aws
|
|
|
5
5
|
# A credential provider that executes a given process and attempts
|
|
6
6
|
# to read its stdout to recieve a JSON payload containing the credentials
|
|
7
7
|
#
|
|
8
|
-
# Automatically handles refreshing credentials if an Expiration time is
|
|
8
|
+
# Automatically handles refreshing credentials if an Expiration time is
|
|
9
9
|
# provided in the credentials payload
|
|
10
10
|
#
|
|
11
11
|
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc').credentials
|
|
@@ -23,11 +23,11 @@ module Aws
|
|
|
23
23
|
# external process to be used as a credential provider.
|
|
24
24
|
#
|
|
25
25
|
# @param [String] process Invocation string for process
|
|
26
|
-
# credentials provider.
|
|
26
|
+
# credentials provider.
|
|
27
27
|
def initialize(process)
|
|
28
28
|
@process = process
|
|
29
29
|
@credentials = credentials_from_process(@process)
|
|
30
|
-
|
|
30
|
+
|
|
31
31
|
super
|
|
32
32
|
end
|
|
33
33
|
|