aws-sdk-core 3.78.0 → 3.79.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 90c773fc0577d5607211e10f3d18d9cf3786d430
4
- data.tar.gz: 1ac8f99565e2437ebb25f545a31fc13b252e619f
3
+ metadata.gz: 52713a4b23a1e90585c7a17f44213442b0a852cd
4
+ data.tar.gz: 42b9904fce3ff4291b28ef6e79a6d1a4ce6d2613
5
5
  SHA512:
6
- metadata.gz: 5113990f262a560e7aabb293b4b08a4435d9fa0a0437ef4e7469aa922c8814dcb04a033e771345c396df2150a759a6e9ffc4cf36747f828d0e2669e3afa00c43
7
- data.tar.gz: 0506d13ebca4fd603a3c78ba4f0e77a6e8d3e1b8ea0e2bf4d694efb7041bfb5c60d1ff36945fdd8da386b7d0dd2f486ddd49e2bfed1981e4a05600cd33db0ed1
6
+ metadata.gz: b5592fd6f513ea32dcbb010b7d29dc77c86b5e19d41ceab2d4f71aa69caa72286d8532098171a9ecb0116c80b83b3e52dd9cc7c289b869f6ba6fac070b66e771
7
+ data.tar.gz: 426ac9ade0cc503594e893b044365abdf22263b86ad7cb890cd08183ffc49d77b357c00d86a99acf2c1d273aead62c461d183cf38812f606ec904235f2ddebe3
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.78.0
1
+ 3.79.0
@@ -11,6 +11,12 @@ module Aws
11
11
  # @api private
12
12
  class Non200Response < RuntimeError; end
13
13
 
14
+ # @api private
15
+ class TokenRetrivalError < RuntimeError; end
16
+
17
+ # @api private
18
+ class TokenExpiredError < RuntimeError; end
19
+
14
20
  # These are the errors we trap when attempting to talk to the
15
21
  # instance metadata service. Any of these imply the service
16
22
  # is not present, no responding or some other non-recoverable
@@ -26,6 +32,14 @@ module Aws
26
32
  Non200Response,
27
33
  ]
28
34
 
35
+ # Path base for GET request for profile and credentials
36
+ # @api private
37
+ METADATA_PATH_BASE = '/latest/meta-data/iam/security-credentials/'
38
+
39
+ # Path for PUT request for token
40
+ # @api private
41
+ METADATA_TOKEN_PATH = '/latest/api/token'
42
+
29
43
  # @param [Hash] options
30
44
  # @option options [Integer] :retries (5) Number of times to retry
31
45
  # when retrieving credentials.
@@ -40,6 +54,9 @@ module Aws
40
54
  # @option options [IO] :http_debug_output (nil) HTTP wire
41
55
  # traces are sent to this object. You can specify something
42
56
  # like $stdout.
57
+ # @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
58
+ # Metadata Token used for fetching Metadata Profile Credentials, defaults
59
+ # to 21600 seconds
43
60
  def initialize options = {}
44
61
  @retries = options[:retries] || 5
45
62
  @ip_address = options[:ip_address] || '169.254.169.254'
@@ -48,6 +65,7 @@ module Aws
48
65
  @http_read_timeout = options[:http_read_timeout] || 5
49
66
  @http_debug_output = options[:http_debug_output]
50
67
  @backoff = backoff(options[:backoff])
68
+ @token_ttl = options[:token_ttl] || 21600
51
69
  super
52
70
  end
53
71
 
@@ -94,9 +112,28 @@ module Aws
94
112
  begin
95
113
  retry_errors(NETWORK_ERRORS, max_retries: @retries) do
96
114
  open_connection do |conn|
97
- path = '/latest/meta-data/iam/security-credentials/'
98
- profile_name = http_get(conn, path).lines.first.strip
99
- http_get(conn, path + profile_name)
115
+ # attempt to fetch token to start secure flow first
116
+ # and rescue to failover
117
+ begin
118
+ retry_errors(NETWORK_ERRORS, max_retries: @retries) do
119
+ unless token_set?
120
+ token_value, ttl = http_put(conn, METADATA_TOKEN_PATH, @token_ttl)
121
+ @token = Token.new(token_value, ttl) if token_value && ttl
122
+ end
123
+ end
124
+ rescue *NETWORK_ERRORS
125
+ # token attempt failed, reset token
126
+ # fallback to non-token mode
127
+ @token = nil
128
+ end
129
+
130
+ if token_set?
131
+ profile_name = http_get(conn, METADATA_PATH_BASE, @token.value).lines.first.strip
132
+ http_get(conn, METADATA_PATH_BASE + profile_name, @token.value)
133
+ else
134
+ profile_name = http_get(conn, METADATA_PATH_BASE).lines.first.strip
135
+ http_get(conn, METADATA_PATH_BASE + profile_name)
136
+ end
100
137
  end
101
138
  end
102
139
  rescue
@@ -105,6 +142,10 @@ module Aws
105
142
  end
106
143
  end
107
144
 
145
+ def token_set?
146
+ @token && !@token.expired?
147
+ end
148
+
108
149
  def _metadata_disabled?
109
150
  flag = ENV["AWS_EC2_METADATA_DISABLED"]
110
151
  !flag.nil? && flag.downcase == "true"
@@ -119,8 +160,11 @@ module Aws
119
160
  yield(http).tap { http.finish }
120
161
  end
121
162
 
122
- def http_get(connection, path)
123
- response = connection.request(Net::HTTP::Get.new(path, {"User-Agent" => "aws-sdk-ruby3/#{CORE_GEM_VERSION}"}))
163
+ # GET request fetch profile and credentials
164
+ def http_get(connection, path, token=nil)
165
+ headers = {"User-Agent" => "aws-sdk-ruby3/#{CORE_GEM_VERSION}"}
166
+ headers["x-aws-ec2-metadata-token"] = token if token
167
+ response = connection.request(Net::HTTP::Get.new(path, headers))
124
168
  if response.code.to_i == 200
125
169
  response.body
126
170
  else
@@ -128,6 +172,28 @@ module Aws
128
172
  end
129
173
  end
130
174
 
175
+ # PUT request fetch token with ttl
176
+ def http_put(connection, path, ttl)
177
+ headers = {
178
+ "User-Agent" => "aws-sdk-ruby3/#{CORE_GEM_VERSION}",
179
+ "x-aws-ec2-metadata-token-ttl-seconds" => ttl.to_s
180
+ }
181
+ response = connection.request(Net::HTTP::Put.new(path, headers))
182
+ case response.code.to_i
183
+ when 200
184
+ [
185
+ response.body,
186
+ response.header["x-aws-ec2-metadata-token-ttl-seconds"].to_i
187
+ ]
188
+ when 401
189
+ raise TokenExpiredError
190
+ when 400
191
+ raise TokenRetrivalError
192
+ else
193
+ raise Non200Response
194
+ end
195
+ end
196
+
131
197
  def retry_errors(error_classes, options = {}, &block)
132
198
  max_retries = options[:max_retries]
133
199
  retries = 0
@@ -144,5 +210,24 @@ module Aws
144
210
  end
145
211
  end
146
212
 
213
+ # @api private
214
+ # Token used to fetch IMDS profile and credentials
215
+ class Token
216
+
217
+ def initialize(value, ttl)
218
+ @ttl = ttl
219
+ @value = value
220
+ @created_time = Time.now
221
+ end
222
+
223
+ # [String] token value
224
+ attr_reader :value
225
+
226
+ def expired?
227
+ Time.now - @created_time > @ttl
228
+ end
229
+
230
+ end
231
+
147
232
  end
148
233
  end
@@ -40,6 +40,6 @@ require_relative 'aws-sdk-sts/customizations'
40
40
  # @service
41
41
  module Aws::STS
42
42
 
43
- GEM_VERSION = '3.78.0'
43
+ GEM_VERSION = '3.79.0'
44
44
 
45
45
  end
@@ -1815,7 +1815,7 @@ module Aws::STS
1815
1815
  params: params,
1816
1816
  config: config)
1817
1817
  context[:gem_name] = 'aws-sdk-core'
1818
- context[:gem_version] = '3.78.0'
1818
+ context[:gem_version] = '3.79.0'
1819
1819
  Seahorse::Client::Request.new(handlers, context)
1820
1820
  end
1821
1821
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.78.0
4
+ version: 3.79.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-15 00:00:00.000000000 Z
11
+ date: 2019-11-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jmespath