aws-sdk-core 3.78.0 → 3.79.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/aws-sdk-core/instance_profile_credentials.rb +90 -5
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 52713a4b23a1e90585c7a17f44213442b0a852cd
|
|
4
|
+
data.tar.gz: 42b9904fce3ff4291b28ef6e79a6d1a4ce6d2613
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b5592fd6f513ea32dcbb010b7d29dc77c86b5e19d41ceab2d4f71aa69caa72286d8532098171a9ecb0116c80b83b3e52dd9cc7c289b869f6ba6fac070b66e771
|
|
7
|
+
data.tar.gz: 426ac9ade0cc503594e893b044365abdf22263b86ad7cb890cd08183ffc49d77b357c00d86a99acf2c1d273aead62c461d183cf38812f606ec904235f2ddebe3
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.79.0
|
|
@@ -11,6 +11,12 @@ module Aws
|
|
|
11
11
|
# @api private
|
|
12
12
|
class Non200Response < RuntimeError; end
|
|
13
13
|
|
|
14
|
+
# @api private
|
|
15
|
+
class TokenRetrivalError < RuntimeError; end
|
|
16
|
+
|
|
17
|
+
# @api private
|
|
18
|
+
class TokenExpiredError < RuntimeError; end
|
|
19
|
+
|
|
14
20
|
# These are the errors we trap when attempting to talk to the
|
|
15
21
|
# instance metadata service. Any of these imply the service
|
|
16
22
|
# is not present, no responding or some other non-recoverable
|
|
@@ -26,6 +32,14 @@ module Aws
|
|
|
26
32
|
Non200Response,
|
|
27
33
|
]
|
|
28
34
|
|
|
35
|
+
# Path base for GET request for profile and credentials
|
|
36
|
+
# @api private
|
|
37
|
+
METADATA_PATH_BASE = '/latest/meta-data/iam/security-credentials/'
|
|
38
|
+
|
|
39
|
+
# Path for PUT request for token
|
|
40
|
+
# @api private
|
|
41
|
+
METADATA_TOKEN_PATH = '/latest/api/token'
|
|
42
|
+
|
|
29
43
|
# @param [Hash] options
|
|
30
44
|
# @option options [Integer] :retries (5) Number of times to retry
|
|
31
45
|
# when retrieving credentials.
|
|
@@ -40,6 +54,9 @@ module Aws
|
|
|
40
54
|
# @option options [IO] :http_debug_output (nil) HTTP wire
|
|
41
55
|
# traces are sent to this object. You can specify something
|
|
42
56
|
# like $stdout.
|
|
57
|
+
# @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
|
|
58
|
+
# Metadata Token used for fetching Metadata Profile Credentials, defaults
|
|
59
|
+
# to 21600 seconds
|
|
43
60
|
def initialize options = {}
|
|
44
61
|
@retries = options[:retries] || 5
|
|
45
62
|
@ip_address = options[:ip_address] || '169.254.169.254'
|
|
@@ -48,6 +65,7 @@ module Aws
|
|
|
48
65
|
@http_read_timeout = options[:http_read_timeout] || 5
|
|
49
66
|
@http_debug_output = options[:http_debug_output]
|
|
50
67
|
@backoff = backoff(options[:backoff])
|
|
68
|
+
@token_ttl = options[:token_ttl] || 21600
|
|
51
69
|
super
|
|
52
70
|
end
|
|
53
71
|
|
|
@@ -94,9 +112,28 @@ module Aws
|
|
|
94
112
|
begin
|
|
95
113
|
retry_errors(NETWORK_ERRORS, max_retries: @retries) do
|
|
96
114
|
open_connection do |conn|
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
115
|
+
# attempt to fetch token to start secure flow first
|
|
116
|
+
# and rescue to failover
|
|
117
|
+
begin
|
|
118
|
+
retry_errors(NETWORK_ERRORS, max_retries: @retries) do
|
|
119
|
+
unless token_set?
|
|
120
|
+
token_value, ttl = http_put(conn, METADATA_TOKEN_PATH, @token_ttl)
|
|
121
|
+
@token = Token.new(token_value, ttl) if token_value && ttl
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
rescue *NETWORK_ERRORS
|
|
125
|
+
# token attempt failed, reset token
|
|
126
|
+
# fallback to non-token mode
|
|
127
|
+
@token = nil
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
if token_set?
|
|
131
|
+
profile_name = http_get(conn, METADATA_PATH_BASE, @token.value).lines.first.strip
|
|
132
|
+
http_get(conn, METADATA_PATH_BASE + profile_name, @token.value)
|
|
133
|
+
else
|
|
134
|
+
profile_name = http_get(conn, METADATA_PATH_BASE).lines.first.strip
|
|
135
|
+
http_get(conn, METADATA_PATH_BASE + profile_name)
|
|
136
|
+
end
|
|
100
137
|
end
|
|
101
138
|
end
|
|
102
139
|
rescue
|
|
@@ -105,6 +142,10 @@ module Aws
|
|
|
105
142
|
end
|
|
106
143
|
end
|
|
107
144
|
|
|
145
|
+
def token_set?
|
|
146
|
+
@token && !@token.expired?
|
|
147
|
+
end
|
|
148
|
+
|
|
108
149
|
def _metadata_disabled?
|
|
109
150
|
flag = ENV["AWS_EC2_METADATA_DISABLED"]
|
|
110
151
|
!flag.nil? && flag.downcase == "true"
|
|
@@ -119,8 +160,11 @@ module Aws
|
|
|
119
160
|
yield(http).tap { http.finish }
|
|
120
161
|
end
|
|
121
162
|
|
|
122
|
-
|
|
123
|
-
|
|
163
|
+
# GET request fetch profile and credentials
|
|
164
|
+
def http_get(connection, path, token=nil)
|
|
165
|
+
headers = {"User-Agent" => "aws-sdk-ruby3/#{CORE_GEM_VERSION}"}
|
|
166
|
+
headers["x-aws-ec2-metadata-token"] = token if token
|
|
167
|
+
response = connection.request(Net::HTTP::Get.new(path, headers))
|
|
124
168
|
if response.code.to_i == 200
|
|
125
169
|
response.body
|
|
126
170
|
else
|
|
@@ -128,6 +172,28 @@ module Aws
|
|
|
128
172
|
end
|
|
129
173
|
end
|
|
130
174
|
|
|
175
|
+
# PUT request fetch token with ttl
|
|
176
|
+
def http_put(connection, path, ttl)
|
|
177
|
+
headers = {
|
|
178
|
+
"User-Agent" => "aws-sdk-ruby3/#{CORE_GEM_VERSION}",
|
|
179
|
+
"x-aws-ec2-metadata-token-ttl-seconds" => ttl.to_s
|
|
180
|
+
}
|
|
181
|
+
response = connection.request(Net::HTTP::Put.new(path, headers))
|
|
182
|
+
case response.code.to_i
|
|
183
|
+
when 200
|
|
184
|
+
[
|
|
185
|
+
response.body,
|
|
186
|
+
response.header["x-aws-ec2-metadata-token-ttl-seconds"].to_i
|
|
187
|
+
]
|
|
188
|
+
when 401
|
|
189
|
+
raise TokenExpiredError
|
|
190
|
+
when 400
|
|
191
|
+
raise TokenRetrivalError
|
|
192
|
+
else
|
|
193
|
+
raise Non200Response
|
|
194
|
+
end
|
|
195
|
+
end
|
|
196
|
+
|
|
131
197
|
def retry_errors(error_classes, options = {}, &block)
|
|
132
198
|
max_retries = options[:max_retries]
|
|
133
199
|
retries = 0
|
|
@@ -144,5 +210,24 @@ module Aws
|
|
|
144
210
|
end
|
|
145
211
|
end
|
|
146
212
|
|
|
213
|
+
# @api private
|
|
214
|
+
# Token used to fetch IMDS profile and credentials
|
|
215
|
+
class Token
|
|
216
|
+
|
|
217
|
+
def initialize(value, ttl)
|
|
218
|
+
@ttl = ttl
|
|
219
|
+
@value = value
|
|
220
|
+
@created_time = Time.now
|
|
221
|
+
end
|
|
222
|
+
|
|
223
|
+
# [String] token value
|
|
224
|
+
attr_reader :value
|
|
225
|
+
|
|
226
|
+
def expired?
|
|
227
|
+
Time.now - @created_time > @ttl
|
|
228
|
+
end
|
|
229
|
+
|
|
230
|
+
end
|
|
231
|
+
|
|
147
232
|
end
|
|
148
233
|
end
|
data/lib/aws-sdk-sts.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.79.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-11-
|
|
11
|
+
date: 2019-11-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jmespath
|