aws-sdk-core 3.65.0 → 3.68.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/aws-sdk-core/credential_provider.rb +9 -12
- data/lib/aws-sdk-core/credential_provider_chain.rb +12 -18
- data/lib/aws-sdk-core/deprecations.rb +16 -10
- data/lib/aws-sdk-core/instance_profile_credentials.rb +3 -2
- data/lib/aws-sdk-core/log/param_filter.rb +1 -1
- data/lib/aws-sdk-core/param_validator.rb +4 -5
- data/lib/aws-sdk-core/plugins/retry_errors.rb +5 -4
- data/lib/aws-sdk-core/process_credentials.rb +3 -3
- data/lib/aws-sdk-core/shared_config.rb +15 -11
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +1 -1
- data/lib/seahorse/client/handler_list_entry.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4084b2ed016d57967df6507569a39def528f732f
|
4
|
+
data.tar.gz: 247a1e43c7306083f4b91093f57403211e5ac37d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6841d16d955cb43c9387539030c957acdc99ecc4251de2a2387e8adb99af4488c4e6837a0b2980aa3e5c75ea825cb4a461b4b101b65b1127d412f896756b530e
|
7
|
+
data.tar.gz: a39302708b5d1423b34a7ea641522560f5e61fa6f6443048c932f2b6fb91c7700e47597221a4a8cbc448e4ba56c139f64003b1bedf282c2101fa4f49b8b933a1
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.68.1
|
@@ -13,32 +13,29 @@ module Aws
|
|
13
13
|
!!credentials && credentials.set?
|
14
14
|
end
|
15
15
|
|
16
|
-
# @deprecated
|
17
|
-
#
|
18
|
-
# objects. Will be removed in 2.2.0.
|
16
|
+
# @deprecated This method is subject to errors from a race condition when
|
17
|
+
# called against refreshable credential objects. This will be removed.
|
19
18
|
# @see #credentials
|
20
19
|
def access_key_id
|
21
20
|
credentials ? credentials.access_key_id : nil
|
22
21
|
end
|
23
|
-
deprecated(:access_key_id, use: '#credentials')
|
22
|
+
deprecated(:access_key_id, use: '#credentials', version: '3.75')
|
24
23
|
|
25
|
-
# @deprecated
|
26
|
-
#
|
27
|
-
# objects. Will be removed in 2.2.0.
|
24
|
+
# @deprecated This method is subject to errors from a race condition when
|
25
|
+
# called against refreshable credential objects. This will be removed.
|
28
26
|
# @see #credentials
|
29
27
|
def secret_access_key
|
30
28
|
credentials ? credentials.secret_access_key : nil
|
31
29
|
end
|
32
|
-
deprecated(:secret_access_key, use: '#credentials')
|
30
|
+
deprecated(:secret_access_key, use: '#credentials', version: '3.75')
|
33
31
|
|
34
|
-
# @deprecated
|
35
|
-
#
|
36
|
-
# objects. Will be removed in 2.2.0.
|
32
|
+
# @deprecated This method is subject to errors from a race condition when
|
33
|
+
# called against refreshable credential objects. This will be removed.
|
37
34
|
# @see #credentials
|
38
35
|
def session_token
|
39
36
|
credentials ? credentials.session_token : nil
|
40
37
|
end
|
41
|
-
deprecated(:session_token, use: '#credentials')
|
38
|
+
deprecated(:session_token, use: '#credentials', version: '3.75')
|
42
39
|
|
43
40
|
end
|
44
41
|
end
|
@@ -60,22 +60,20 @@ module Aws
|
|
60
60
|
nil
|
61
61
|
end
|
62
62
|
|
63
|
+
def determine_profile_name(options)
|
64
|
+
(options[:config] && options[:config].profile) || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default'
|
65
|
+
end
|
66
|
+
|
63
67
|
def shared_credentials(options)
|
64
|
-
|
65
|
-
|
66
|
-
else
|
67
|
-
SharedCredentials.new(
|
68
|
-
profile_name: ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE'])
|
69
|
-
end
|
68
|
+
profile_name = determine_profile_name(options)
|
69
|
+
SharedCredentials.new(profile_name: profile_name)
|
70
70
|
rescue Errors::NoSuchProfileError
|
71
71
|
nil
|
72
72
|
end
|
73
73
|
|
74
74
|
def process_credentials(options)
|
75
|
-
profile_name = options[:config].profile if options[:config]
|
76
|
-
profile_name ||= ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE']
|
77
|
-
|
78
75
|
config = Aws.shared_config
|
76
|
+
profile_name = determine_profile_name(options)
|
79
77
|
if config.config_enabled? && process_provider = config.credentials_process(profile_name)
|
80
78
|
ProcessCredentials.new(process_provider)
|
81
79
|
else
|
@@ -87,13 +85,7 @@ module Aws
|
|
87
85
|
|
88
86
|
def assume_role_credentials(options)
|
89
87
|
if Aws.shared_config.config_enabled?
|
90
|
-
|
91
|
-
if options[:config]
|
92
|
-
profile = options[:config].profile
|
93
|
-
region = options[:config].region
|
94
|
-
assume_role_with_profile(options[:config].profile, options[:config].region)
|
95
|
-
end
|
96
|
-
assume_role_with_profile(profile, region)
|
88
|
+
assume_role_with_profile(options)
|
97
89
|
else
|
98
90
|
nil
|
99
91
|
end
|
@@ -123,9 +115,11 @@ module Aws
|
|
123
115
|
end
|
124
116
|
end
|
125
117
|
|
126
|
-
def assume_role_with_profile(
|
118
|
+
def assume_role_with_profile(options)
|
119
|
+
profile_name = determine_profile_name(options)
|
120
|
+
region = (options[:config] && options[:config].region)
|
127
121
|
Aws.shared_config.assume_role_credentials_from_config(
|
128
|
-
profile:
|
122
|
+
profile: profile_name,
|
129
123
|
region: region,
|
130
124
|
chain_config: @config
|
131
125
|
)
|
@@ -35,33 +35,39 @@ module Aws
|
|
35
35
|
# @api private
|
36
36
|
module Deprecations
|
37
37
|
|
38
|
-
# @param [Symbol]
|
38
|
+
# @param [Symbol] method The name of the deprecated method.
|
39
39
|
#
|
40
40
|
# @option options [String] :message The warning message to issue
|
41
41
|
# when the deprecated method is called.
|
42
42
|
#
|
43
|
-
# @option options [
|
44
|
-
# method that should be used.
|
43
|
+
# @option options [String] :use The name of a method that should be used.
|
45
44
|
#
|
46
|
-
|
45
|
+
# @option options [String] :version The version that will remove the
|
46
|
+
# deprecated method.
|
47
|
+
#
|
48
|
+
def deprecated(method, options = {})
|
47
49
|
|
48
50
|
deprecation_msg = options[:message] || begin
|
49
|
-
msg = "DEPRECATION WARNING
|
50
|
-
msg << "of
|
51
|
-
msg << "
|
51
|
+
msg = "#################### DEPRECATION WARNING ####################\n"
|
52
|
+
msg << "Called deprecated method `#{method}` of #{self}."
|
53
|
+
msg << " Use `#{options[:use]}` instead.\n" if options[:use]
|
54
|
+
if options[:version]
|
55
|
+
msg << "Method `#{method}` will be removed in #{options[:version]}."
|
56
|
+
end
|
57
|
+
msg << "\n#############################################################"
|
52
58
|
msg
|
53
59
|
end
|
54
60
|
|
55
|
-
alias_method(:"deprecated_#{
|
61
|
+
alias_method(:"deprecated_#{method}", method)
|
56
62
|
|
57
63
|
warned = false # we only want to issue this warning once
|
58
64
|
|
59
|
-
define_method(
|
65
|
+
define_method(method) do |*args, &block|
|
60
66
|
unless warned
|
61
67
|
warned = true
|
62
68
|
warn(deprecation_msg + "\n" + caller.join("\n"))
|
63
69
|
end
|
64
|
-
send("deprecated_#{
|
70
|
+
send("deprecated_#{method}", *args, &block)
|
65
71
|
end
|
66
72
|
end
|
67
73
|
|
@@ -51,8 +51,9 @@ module Aws
|
|
51
51
|
super
|
52
52
|
end
|
53
53
|
|
54
|
-
# @return [Integer]
|
55
|
-
#
|
54
|
+
# @return [Integer] Number of times to retry when retrieving credentials
|
55
|
+
# from the instance metadata service. Defaults to 0 when resolving from
|
56
|
+
# the default credential chain ({Aws::CredentialProviderChain}).
|
56
57
|
attr_reader :retries
|
57
58
|
|
58
59
|
private
|
@@ -11,7 +11,7 @@ module Aws
|
|
11
11
|
#
|
12
12
|
# @api private
|
13
13
|
# begin
|
14
|
-
SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :body, :bot_configuration, :bot_email, :cause, :client_id, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :db_password, :default_phone_number, :definition, :description, :display_name, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :feedback_token, :file, :first_name, :host_key, :id, :id_token, :input, :input_text, :key_id, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :message, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :share_notes, :shared_secret, :slots, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :zip_file]
|
14
|
+
SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :body, :bot_configuration, :bot_email, :cause, :client_id, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :db_password, :default_phone_number, :definition, :description, :digest_tip_address, :display_name, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :feedback_token, :file, :first_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :key_id, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :message, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :proof, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :revision, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :share_notes, :shared_secret, :slots, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :zip_file]
|
15
15
|
# end
|
16
16
|
|
17
17
|
def initialize(options = {})
|
@@ -141,8 +141,8 @@ module Aws
|
|
141
141
|
errors << expected_got(context, "true or false", value)
|
142
142
|
end
|
143
143
|
when BlobShape
|
144
|
-
unless
|
145
|
-
errors << expected_got(context, "a String or
|
144
|
+
unless value.is_a?(String) || io_like?(value)
|
145
|
+
errors << expected_got(context, "a String or File object", value)
|
146
146
|
end
|
147
147
|
else
|
148
148
|
raise "unhandled shape type: #{ref.shape.class.name}"
|
@@ -166,9 +166,8 @@ module Aws
|
|
166
166
|
end
|
167
167
|
|
168
168
|
def io_like?(value)
|
169
|
-
value.respond_to?(:read) &&
|
170
|
-
|
171
|
-
value.respond_to?(:size)
|
169
|
+
value.respond_to?(:read) && value.respond_to?(:rewind) &&
|
170
|
+
value.respond_to?(:size)
|
172
171
|
end
|
173
172
|
|
174
173
|
def error_messages(errors)
|
@@ -6,7 +6,7 @@ module Aws
|
|
6
6
|
class RetryErrors < Seahorse::Client::Plugin
|
7
7
|
|
8
8
|
EQUAL_JITTER = lambda { |delay| (delay / 2) + Kernel.rand(0..(delay/2))}
|
9
|
-
FULL_JITTER= lambda { |delay| Kernel.rand(0..delay) }
|
9
|
+
FULL_JITTER = lambda { |delay| Kernel.rand(0..delay) }
|
10
10
|
NO_JITTER = lambda { |delay| delay }
|
11
11
|
|
12
12
|
JITTERS = {
|
@@ -73,6 +73,7 @@ A delay randomiser function used by the default backoff function. Some predefine
|
|
73
73
|
'InvalidAccessKeyId', # s3
|
74
74
|
'AuthFailure', # ec2
|
75
75
|
'InvalidIdentityToken', # sts
|
76
|
+
'ExpiredToken', # route53
|
76
77
|
])
|
77
78
|
|
78
79
|
THROTTLING_ERRORS = Set.new([
|
@@ -94,8 +95,8 @@ A delay randomiser function used by the default backoff function. Some predefine
|
|
94
95
|
])
|
95
96
|
|
96
97
|
NETWORKING_ERRORS = Set.new([
|
97
|
-
'RequestTimeout',
|
98
|
-
'IDPCommunicationError',
|
98
|
+
'RequestTimeout', # s3
|
99
|
+
'IDPCommunicationError', # sts
|
99
100
|
])
|
100
101
|
|
101
102
|
def initialize(error, http_status_code)
|
@@ -144,7 +145,7 @@ A delay randomiser function used by the default backoff function. Some predefine
|
|
144
145
|
false
|
145
146
|
end
|
146
147
|
end
|
147
|
-
|
148
|
+
|
148
149
|
def retryable?(context)
|
149
150
|
(expired_credentials? and refreshable_credentials?(context)) or
|
150
151
|
throttling_error? or
|
@@ -5,7 +5,7 @@ module Aws
|
|
5
5
|
# A credential provider that executes a given process and attempts
|
6
6
|
# to read its stdout to recieve a JSON payload containing the credentials
|
7
7
|
#
|
8
|
-
# Automatically handles refreshing credentials if an Expiration time is
|
8
|
+
# Automatically handles refreshing credentials if an Expiration time is
|
9
9
|
# provided in the credentials payload
|
10
10
|
#
|
11
11
|
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc').credentials
|
@@ -23,11 +23,11 @@ module Aws
|
|
23
23
|
# external process to be used as a credential provider.
|
24
24
|
#
|
25
25
|
# @param [String] process Invocation string for process
|
26
|
-
# credentials provider.
|
26
|
+
# credentials provider.
|
27
27
|
def initialize(process)
|
28
28
|
@process = process
|
29
29
|
@credentials = credentials_from_process(@process)
|
30
|
-
|
30
|
+
|
31
31
|
super
|
32
32
|
end
|
33
33
|
|
@@ -99,12 +99,10 @@ module Aws
|
|
99
99
|
def credentials(opts = {})
|
100
100
|
p = opts[:profile] || @profile_name
|
101
101
|
validate_profile_exists(p) if credentials_present?
|
102
|
-
if credentials = credentials_from_shared(p, opts)
|
102
|
+
if (credentials = credentials_from_shared(p, opts))
|
103
103
|
credentials
|
104
|
-
elsif credentials = credentials_from_config(p, opts)
|
104
|
+
elsif (credentials = credentials_from_config(p, opts))
|
105
105
|
credentials
|
106
|
-
else
|
107
|
-
nil
|
108
106
|
end
|
109
107
|
end
|
110
108
|
|
@@ -228,6 +226,7 @@ module Aws
|
|
228
226
|
end
|
229
227
|
|
230
228
|
private
|
229
|
+
|
231
230
|
def credentials_present?
|
232
231
|
(@parsed_credentials && !@parsed_credentials.empty?) ||
|
233
232
|
(@parsed_config && !@parsed_config.empty?)
|
@@ -293,17 +292,17 @@ module Aws
|
|
293
292
|
end
|
294
293
|
end
|
295
294
|
|
296
|
-
def resolve_source_profile(
|
297
|
-
if (creds = credentials(profile:
|
295
|
+
def resolve_source_profile(profile)
|
296
|
+
if (creds = credentials(profile: profile))
|
298
297
|
creds # static credentials
|
299
|
-
elsif (provider = assume_role_web_identity_credentials_from_config(
|
298
|
+
elsif (provider = assume_role_web_identity_credentials_from_config(profile))
|
299
|
+
if provider.credentials.set?
|
300
|
+
provider.credentials
|
301
|
+
end
|
302
|
+
elsif (provider = assume_role_process_credentials_from_config(profile))
|
300
303
|
if provider.credentials.set?
|
301
304
|
provider.credentials
|
302
|
-
else
|
303
|
-
nil
|
304
305
|
end
|
305
|
-
else
|
306
|
-
nil
|
307
306
|
end
|
308
307
|
end
|
309
308
|
|
@@ -324,6 +323,11 @@ module Aws
|
|
324
323
|
end
|
325
324
|
end
|
326
325
|
|
326
|
+
def assume_role_process_credentials_from_config(profile)
|
327
|
+
credential_process = credentials_process(profile)
|
328
|
+
ProcessCredentials.new(credential_process) if credential_process
|
329
|
+
end
|
330
|
+
|
327
331
|
def credentials_from_shared(profile, opts)
|
328
332
|
if @parsed_credentials && prof_config = @parsed_credentials[profile]
|
329
333
|
credentials_from_profile(prof_config)
|
data/lib/aws-sdk-sts.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -77,8 +77,8 @@ module Seahorse
|
|
77
77
|
if options.key?(name)
|
78
78
|
options[name]
|
79
79
|
else
|
80
|
-
msg = "
|
81
|
-
raise ArgumentError, msg %
|
80
|
+
msg = "missing option: `%s'"
|
81
|
+
raise ArgumentError, msg % name.inspect
|
82
82
|
end
|
83
83
|
end
|
84
84
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.68.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-10-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jmespath
|