aws-sdk-core 3.64.0 → 3.68.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/aws-sdk-core/credential_provider_chain.rb +12 -18
- data/lib/aws-sdk-core/instance_profile_credentials.rb +3 -2
- data/lib/aws-sdk-core/log/param_filter.rb +1 -1
- data/lib/aws-sdk-core/plugins/retry_errors.rb +5 -4
- data/lib/aws-sdk-core/process_credentials.rb +3 -3
- data/lib/aws-sdk-core/shared_config.rb +23 -5
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +1 -1
- data/lib/seahorse/client/handler_list_entry.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 18f71473382cc66ef7fd9cd1ed94577fa4dbe75f
|
4
|
+
data.tar.gz: f37cf085eee73f4f766a5c80492690bdae5e1f6e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 656dbc36316496f11445a6e5b6a47dcabbb20ea2604f9e9e9fb3ca379eaaba14eec5ef7ca90d5420533e2780282c9564e924abd3835dd099a779ed7a7f208ac9
|
7
|
+
data.tar.gz: 41a797745b6dd3b7fdbdf9a272b423a7361051d42470c9af93d7cc1dadb2d41d44f36fd2e6f09416a1710424c4a3065c15b766cbcbb7782d72cfd1c785463a4f
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.68.0
|
@@ -60,22 +60,20 @@ module Aws
|
|
60
60
|
nil
|
61
61
|
end
|
62
62
|
|
63
|
+
def determine_profile_name(options)
|
64
|
+
(options[:config] && options[:config].profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default'
|
65
|
+
end
|
66
|
+
|
63
67
|
def shared_credentials(options)
|
64
|
-
|
65
|
-
|
66
|
-
else
|
67
|
-
SharedCredentials.new(
|
68
|
-
profile_name: ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE'])
|
69
|
-
end
|
68
|
+
profile_name = determine_profile_name(options)
|
69
|
+
SharedCredentials.new(profile_name: profile_name)
|
70
70
|
rescue Errors::NoSuchProfileError
|
71
71
|
nil
|
72
72
|
end
|
73
73
|
|
74
74
|
def process_credentials(options)
|
75
|
-
profile_name = options[:config].profile if options[:config]
|
76
|
-
profile_name ||= ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE']
|
77
|
-
|
78
75
|
config = Aws.shared_config
|
76
|
+
profile_name = determine_profile_name(options)
|
79
77
|
if config.config_enabled? && process_provider = config.credentials_process(profile_name)
|
80
78
|
ProcessCredentials.new(process_provider)
|
81
79
|
else
|
@@ -87,13 +85,7 @@ module Aws
|
|
87
85
|
|
88
86
|
def assume_role_credentials(options)
|
89
87
|
if Aws.shared_config.config_enabled?
|
90
|
-
|
91
|
-
if options[:config]
|
92
|
-
profile = options[:config].profile
|
93
|
-
region = options[:config].region
|
94
|
-
assume_role_with_profile(options[:config].profile, options[:config].region)
|
95
|
-
end
|
96
|
-
assume_role_with_profile(profile, region)
|
88
|
+
assume_role_with_profile(options)
|
97
89
|
else
|
98
90
|
nil
|
99
91
|
end
|
@@ -123,9 +115,11 @@ module Aws
|
|
123
115
|
end
|
124
116
|
end
|
125
117
|
|
126
|
-
def assume_role_with_profile(
|
118
|
+
def assume_role_with_profile(options)
|
119
|
+
profile_name = determine_profile_name(options)
|
120
|
+
region = (options[:config] && options[:config].region)
|
127
121
|
Aws.shared_config.assume_role_credentials_from_config(
|
128
|
-
profile:
|
122
|
+
profile: profile_name,
|
129
123
|
region: region,
|
130
124
|
chain_config: @config
|
131
125
|
)
|
@@ -51,8 +51,9 @@ module Aws
|
|
51
51
|
super
|
52
52
|
end
|
53
53
|
|
54
|
-
# @return [Integer]
|
55
|
-
#
|
54
|
+
# @return [Integer] Number of times to retry when retrieving credentials
|
55
|
+
# from the instance metadata service. Defaults to 0 when resolving from
|
56
|
+
# the default credential chain ({Aws::CredentialProviderChain}).
|
56
57
|
attr_reader :retries
|
57
58
|
|
58
59
|
private
|
@@ -11,7 +11,7 @@ module Aws
|
|
11
11
|
#
|
12
12
|
# @api private
|
13
13
|
# begin
|
14
|
-
SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :body, :bot_configuration, :bot_email, :cause, :client_id, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :db_password, :default_phone_number, :definition, :description, :display_name, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :feedback_token, :file, :first_name, :host_key, :id, :id_token, :input, :input_text, :key_id, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :message, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :share_notes, :shared_secret, :slots, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :zip_file]
|
14
|
+
SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :body, :bot_configuration, :bot_email, :cause, :client_id, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :db_password, :default_phone_number, :definition, :description, :digest_tip_address, :display_name, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :feedback_token, :file, :first_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :key_id, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :message, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :proof, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :revision, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :share_notes, :shared_secret, :slots, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :zip_file]
|
15
15
|
# end
|
16
16
|
|
17
17
|
def initialize(options = {})
|
@@ -6,7 +6,7 @@ module Aws
|
|
6
6
|
class RetryErrors < Seahorse::Client::Plugin
|
7
7
|
|
8
8
|
EQUAL_JITTER = lambda { |delay| (delay / 2) + Kernel.rand(0..(delay/2))}
|
9
|
-
FULL_JITTER= lambda { |delay| Kernel.rand(0..delay) }
|
9
|
+
FULL_JITTER = lambda { |delay| Kernel.rand(0..delay) }
|
10
10
|
NO_JITTER = lambda { |delay| delay }
|
11
11
|
|
12
12
|
JITTERS = {
|
@@ -73,6 +73,7 @@ A delay randomiser function used by the default backoff function. Some predefine
|
|
73
73
|
'InvalidAccessKeyId', # s3
|
74
74
|
'AuthFailure', # ec2
|
75
75
|
'InvalidIdentityToken', # sts
|
76
|
+
'ExpiredToken', # route53
|
76
77
|
])
|
77
78
|
|
78
79
|
THROTTLING_ERRORS = Set.new([
|
@@ -94,8 +95,8 @@ A delay randomiser function used by the default backoff function. Some predefine
|
|
94
95
|
])
|
95
96
|
|
96
97
|
NETWORKING_ERRORS = Set.new([
|
97
|
-
'RequestTimeout',
|
98
|
-
'IDPCommunicationError',
|
98
|
+
'RequestTimeout', # s3
|
99
|
+
'IDPCommunicationError', # sts
|
99
100
|
])
|
100
101
|
|
101
102
|
def initialize(error, http_status_code)
|
@@ -144,7 +145,7 @@ A delay randomiser function used by the default backoff function. Some predefine
|
|
144
145
|
false
|
145
146
|
end
|
146
147
|
end
|
147
|
-
|
148
|
+
|
148
149
|
def retryable?(context)
|
149
150
|
(expired_credentials? and refreshable_credentials?(context)) or
|
150
151
|
throttling_error? or
|
@@ -5,7 +5,7 @@ module Aws
|
|
5
5
|
# A credential provider that executes a given process and attempts
|
6
6
|
# to read its stdout to recieve a JSON payload containing the credentials
|
7
7
|
#
|
8
|
-
# Automatically handles refreshing credentials if an Expiration time is
|
8
|
+
# Automatically handles refreshing credentials if an Expiration time is
|
9
9
|
# provided in the credentials payload
|
10
10
|
#
|
11
11
|
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc').credentials
|
@@ -23,11 +23,11 @@ module Aws
|
|
23
23
|
# external process to be used as a credential provider.
|
24
24
|
#
|
25
25
|
# @param [String] process Invocation string for process
|
26
|
-
# credentials provider.
|
26
|
+
# credentials provider.
|
27
27
|
def initialize(process)
|
28
28
|
@process = process
|
29
29
|
@credentials = credentials_from_process(@process)
|
30
|
-
|
30
|
+
|
31
31
|
super
|
32
32
|
end
|
33
33
|
|
@@ -99,12 +99,10 @@ module Aws
|
|
99
99
|
def credentials(opts = {})
|
100
100
|
p = opts[:profile] || @profile_name
|
101
101
|
validate_profile_exists(p) if credentials_present?
|
102
|
-
if credentials = credentials_from_shared(p, opts)
|
102
|
+
if (credentials = credentials_from_shared(p, opts))
|
103
103
|
credentials
|
104
|
-
elsif credentials = credentials_from_config(p, opts)
|
104
|
+
elsif (credentials = credentials_from_config(p, opts))
|
105
105
|
credentials
|
106
|
-
else
|
107
|
-
nil
|
108
106
|
end
|
109
107
|
end
|
110
108
|
|
@@ -228,6 +226,7 @@ module Aws
|
|
228
226
|
end
|
229
227
|
|
230
228
|
private
|
229
|
+
|
231
230
|
def credentials_present?
|
232
231
|
(@parsed_credentials && !@parsed_credentials.empty?) ||
|
233
232
|
(@parsed_config && !@parsed_config.empty?)
|
@@ -245,7 +244,7 @@ module Aws
|
|
245
244
|
"provide only source_profile or credential_source, not both."
|
246
245
|
)
|
247
246
|
elsif opts[:source_profile]
|
248
|
-
opts[:credentials] =
|
247
|
+
opts[:credentials] = resolve_source_profile(opts[:source_profile])
|
249
248
|
if opts[:credentials]
|
250
249
|
opts[:role_session_name] ||= prof_cfg["role_session_name"]
|
251
250
|
opts[:role_session_name] ||= "default_session"
|
@@ -293,6 +292,20 @@ module Aws
|
|
293
292
|
end
|
294
293
|
end
|
295
294
|
|
295
|
+
def resolve_source_profile(profile)
|
296
|
+
if (creds = credentials(profile: profile))
|
297
|
+
creds # static credentials
|
298
|
+
elsif (provider = assume_role_web_identity_credentials_from_config(profile))
|
299
|
+
if provider.credentials.set?
|
300
|
+
provider.credentials
|
301
|
+
end
|
302
|
+
elsif (provider = assume_role_process_credentials_from_config(profile))
|
303
|
+
if provider.credentials.set?
|
304
|
+
provider.credentials
|
305
|
+
end
|
306
|
+
end
|
307
|
+
end
|
308
|
+
|
296
309
|
def credentials_from_source(credential_source, config)
|
297
310
|
case credential_source
|
298
311
|
when "Ec2InstanceMetadata"
|
@@ -310,6 +323,11 @@ module Aws
|
|
310
323
|
end
|
311
324
|
end
|
312
325
|
|
326
|
+
def assume_role_process_credentials_from_config(profile)
|
327
|
+
credential_process = credentials_process(profile)
|
328
|
+
ProcessCredentials.new(credential_process) if credential_process
|
329
|
+
end
|
330
|
+
|
313
331
|
def credentials_from_shared(profile, opts)
|
314
332
|
if @parsed_credentials && prof_config = @parsed_credentials[profile]
|
315
333
|
credentials_from_profile(prof_config)
|
data/lib/aws-sdk-sts.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -77,8 +77,8 @@ module Seahorse
|
|
77
77
|
if options.key?(name)
|
78
78
|
options[name]
|
79
79
|
else
|
80
|
-
msg = "
|
81
|
-
raise ArgumentError, msg %
|
80
|
+
msg = "missing option: `%s'"
|
81
|
+
raise ArgumentError, msg % name.inspect
|
82
82
|
end
|
83
83
|
end
|
84
84
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.68.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-09-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jmespath
|