aws-sdk-core 3.82.0 → 3.86.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/aws-sdk-core.rb +4 -0
- data/lib/aws-sdk-core/arn.rb +77 -0
- data/lib/aws-sdk-core/arn_parser.rb +38 -0
- data/lib/aws-sdk-core/errors.rb +23 -2
- data/lib/aws-sdk-core/instance_profile_credentials.rb +41 -49
- data/lib/aws-sdk-core/log/formatter.rb +7 -1
- data/lib/aws-sdk-core/log/param_filter.rb +1 -1
- data/lib/aws-sdk-core/shared_config.rb +15 -0
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +1 -1
- data/lib/aws-sdk-sts/customizations.rb +2 -0
- data/lib/aws-sdk-sts/presigner.rb +67 -0
- data/lib/seahorse/client/h2/connection.rb +2 -0
- data/lib/seahorse/client/logging/formatter.rb +4 -2
- data/lib/seahorse/client/plugin.rb +1 -0
- metadata +5 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e4f12e315118f644ba06ef0924852cf03db4ae32
|
4
|
+
data.tar.gz: 3f784b55c285f300d90a65d043d09ebfc4fbb537
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 746a4eb2d620470828b3e1d647c5db2669643d04a8348b5c6e1c23d9ccd332ba826af6d2905744f215ccbd1612ed9d1016504dbd2a1f7c566e608eafa8167d60
|
7
|
+
data.tar.gz: eb3c70f45e0d9d954ac9e711d6fffaa3358c366c153a020ed99e3eaeb8c941ef750e00e44a9db14f1404d6903afdded7d7227ea8cec05c8a202a69a23c0cc09b
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.86.0
|
data/lib/aws-sdk-core.rb
CHANGED
@@ -79,6 +79,10 @@ require_relative 'aws-sdk-core/endpoint_cache'
|
|
79
79
|
require_relative 'aws-sdk-core/client_side_monitoring/request_metrics'
|
80
80
|
require_relative 'aws-sdk-core/client_side_monitoring/publisher'
|
81
81
|
|
82
|
+
# arn
|
83
|
+
require_relative 'aws-sdk-core/arn'
|
84
|
+
require_relative 'aws-sdk-core/arn_parser'
|
85
|
+
|
82
86
|
# aws-sdk-sts is vendored to support Aws::AssumeRoleCredentials
|
83
87
|
|
84
88
|
require 'aws-sdk-sts'
|
@@ -0,0 +1,77 @@
|
|
1
|
+
module Aws
|
2
|
+
# Create and provide access to components of Amazon Resource Names (ARN).
|
3
|
+
#
|
4
|
+
# You can create an ARN and access it's components like the following:
|
5
|
+
#
|
6
|
+
# arn = Aws::ARN.new(
|
7
|
+
# partition: 'aws',
|
8
|
+
# service: 's3',
|
9
|
+
# region: 'us-west-2',
|
10
|
+
# account_id: '12345678910',
|
11
|
+
# resource: 'foo/bar'
|
12
|
+
# )
|
13
|
+
# # => #<Aws::ARN ...>
|
14
|
+
#
|
15
|
+
# arn.to_s
|
16
|
+
# # => "arn:aws:s3:us-west-2:12345678910:foo/bar"
|
17
|
+
#
|
18
|
+
# arn.partition
|
19
|
+
# # => 'aws'
|
20
|
+
# arn.service
|
21
|
+
# # => 's3'
|
22
|
+
# arn.resource
|
23
|
+
# # => foo/bar
|
24
|
+
#
|
25
|
+
# # Note: parser available for parsing resource details
|
26
|
+
# @see Aws::ARNParser#parse_resource
|
27
|
+
#
|
28
|
+
# @see https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns
|
29
|
+
class ARN
|
30
|
+
|
31
|
+
# @param [Hash] options
|
32
|
+
# @option options [String] :partition
|
33
|
+
# @option options [String] :service
|
34
|
+
# @option options [String] :region
|
35
|
+
# @option options [String] :account_id
|
36
|
+
# @option options [String] :resource
|
37
|
+
def initialize(options = {})
|
38
|
+
@partition = options[:partition]
|
39
|
+
@service = options[:service]
|
40
|
+
@region = options[:region]
|
41
|
+
@account_id = options[:account_id]
|
42
|
+
@resource = options[:resource]
|
43
|
+
end
|
44
|
+
|
45
|
+
# @return [String]
|
46
|
+
attr_reader :partition
|
47
|
+
|
48
|
+
# @return [String]
|
49
|
+
attr_reader :service
|
50
|
+
|
51
|
+
# @return [String]
|
52
|
+
attr_reader :region
|
53
|
+
|
54
|
+
# @return [String]
|
55
|
+
attr_reader :account_id
|
56
|
+
|
57
|
+
# @return [String]
|
58
|
+
attr_reader :resource
|
59
|
+
|
60
|
+
# Validates ARN contains non-empty required components.
|
61
|
+
# Region and account_id can be optional.
|
62
|
+
#
|
63
|
+
# @return [Boolean]
|
64
|
+
def valid?
|
65
|
+
!partition.nil? && !partition.empty? &&
|
66
|
+
!service.nil? && !service.empty? &&
|
67
|
+
!resource.nil? && !resource.empty?
|
68
|
+
end
|
69
|
+
|
70
|
+
# Return the ARN format in string
|
71
|
+
#
|
72
|
+
# @return [String]
|
73
|
+
def to_s
|
74
|
+
"arn:#{partition}:#{service}:#{region}:#{account_id}:#{resource}"
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
module Aws
|
2
|
+
module ARNParser
|
3
|
+
# Parse a string with an ARN format into an {Aws::ARN} object.
|
4
|
+
# `InvalidARNError` would be raised when encountering a parsing error or the
|
5
|
+
# ARN object contains invalid components (nil/empty).
|
6
|
+
#
|
7
|
+
# @param [String] arn_str
|
8
|
+
#
|
9
|
+
# @return [Aws::ARN]
|
10
|
+
# @see https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns
|
11
|
+
def self.parse(arn_str)
|
12
|
+
parts = arn_str.nil? ? [] : arn_str.split(':', 6)
|
13
|
+
raise Aws::Errors::InvalidARNError if parts.size < 6
|
14
|
+
|
15
|
+
# part[0] is "arn"
|
16
|
+
arn = ARN.new(
|
17
|
+
partition: parts[1],
|
18
|
+
service: parts[2],
|
19
|
+
region: parts[3],
|
20
|
+
account_id: parts[4],
|
21
|
+
resource: parts[5]
|
22
|
+
)
|
23
|
+
raise Aws::Errors::InvalidARNError unless arn.valid?
|
24
|
+
|
25
|
+
arn
|
26
|
+
end
|
27
|
+
|
28
|
+
# Checks whether a String could be a ARN or not. An ARN starts with 'arn:'
|
29
|
+
# and has at least 6 segments separated by a colon (:).
|
30
|
+
#
|
31
|
+
# @param [String] str
|
32
|
+
#
|
33
|
+
# @return [Boolean]
|
34
|
+
def self.arn?(str)
|
35
|
+
!str.nil? && str.start_with?('arn:') && str.scan(/:/).length >= 5
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
data/lib/aws-sdk-core/errors.rb
CHANGED
@@ -1,5 +1,3 @@
|
|
1
|
-
require 'thread'
|
2
|
-
|
3
1
|
module Aws
|
4
2
|
module Errors
|
5
3
|
|
@@ -125,6 +123,29 @@ module Aws
|
|
125
123
|
|
126
124
|
end
|
127
125
|
|
126
|
+
# Raised when ARN string input doesn't follow the standard:
|
127
|
+
# https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns
|
128
|
+
class InvalidARNError < RuntimeError; end
|
129
|
+
|
130
|
+
# Raised when the region from the ARN string is different from the :region
|
131
|
+
# configured on the service client.
|
132
|
+
class InvalidARNRegionError < RuntimeError
|
133
|
+
def initialize(*args)
|
134
|
+
msg = 'ARN region is different from the configured client region.'
|
135
|
+
super(msg)
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
# Raised when the partition of the ARN region is different than the
|
140
|
+
# partition of the :region configured on the service client.
|
141
|
+
class InvalidARNPartitionError < RuntimeError
|
142
|
+
def initialize(*args)
|
143
|
+
msg = 'ARN region partition is different from the configured '\
|
144
|
+
'client region partition.'
|
145
|
+
super(msg)
|
146
|
+
end
|
147
|
+
end
|
148
|
+
|
128
149
|
# Various plugins perform client-side checksums of responses.
|
129
150
|
# This error indicates a checksum failed.
|
130
151
|
class ChecksumError < RuntimeError; end
|
@@ -29,24 +29,24 @@ module Aws
|
|
29
29
|
Errno::ENETUNREACH,
|
30
30
|
SocketError,
|
31
31
|
Timeout::Error,
|
32
|
-
Non200Response
|
33
|
-
]
|
32
|
+
Non200Response
|
33
|
+
].freeze
|
34
34
|
|
35
35
|
# Path base for GET request for profile and credentials
|
36
36
|
# @api private
|
37
|
-
METADATA_PATH_BASE = '/latest/meta-data/iam/security-credentials/'
|
37
|
+
METADATA_PATH_BASE = '/latest/meta-data/iam/security-credentials/'.freeze
|
38
38
|
|
39
39
|
# Path for PUT request for token
|
40
40
|
# @api private
|
41
|
-
METADATA_TOKEN_PATH = '/latest/api/token'
|
41
|
+
METADATA_TOKEN_PATH = '/latest/api/token'.freeze
|
42
42
|
|
43
43
|
# @param [Hash] options
|
44
|
-
# @option options [Integer] :retries (
|
44
|
+
# @option options [Integer] :retries (1) Number of times to retry
|
45
45
|
# when retrieving credentials.
|
46
46
|
# @option options [String] :ip_address ('169.254.169.254')
|
47
47
|
# @option options [Integer] :port (80)
|
48
|
-
# @option options [Float] :http_open_timeout (
|
49
|
-
# @option options [Float] :http_read_timeout (
|
48
|
+
# @option options [Float] :http_open_timeout (1)
|
49
|
+
# @option options [Float] :http_read_timeout (1)
|
50
50
|
# @option options [Numeric, Proc] :delay By default, failures are retried
|
51
51
|
# with exponential back-off, i.e. `sleep(1.2 ** num_failures)`. You can
|
52
52
|
# pass a number of seconds to sleep between failed attempts, or
|
@@ -57,15 +57,16 @@ module Aws
|
|
57
57
|
# @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
|
58
58
|
# Metadata Token used for fetching Metadata Profile Credentials, defaults
|
59
59
|
# to 21600 seconds
|
60
|
-
def initialize
|
61
|
-
@retries = options[:retries] ||
|
60
|
+
def initialize(options = {})
|
61
|
+
@retries = options[:retries] || 1
|
62
62
|
@ip_address = options[:ip_address] || '169.254.169.254'
|
63
63
|
@port = options[:port] || 80
|
64
|
-
@http_open_timeout = options[:http_open_timeout] ||
|
65
|
-
@http_read_timeout = options[:http_read_timeout] ||
|
64
|
+
@http_open_timeout = options[:http_open_timeout] || 1
|
65
|
+
@http_read_timeout = options[:http_read_timeout] || 1
|
66
66
|
@http_debug_output = options[:http_debug_output]
|
67
67
|
@backoff = backoff(options[:backoff])
|
68
|
-
@token_ttl = options[:token_ttl] ||
|
68
|
+
@token_ttl = options[:token_ttl] || 21_600
|
69
|
+
@token = nil
|
69
70
|
super
|
70
71
|
end
|
71
72
|
|
@@ -79,8 +80,8 @@ module Aws
|
|
79
80
|
def backoff(backoff)
|
80
81
|
case backoff
|
81
82
|
when Proc then backoff
|
82
|
-
when Numeric then
|
83
|
-
else
|
83
|
+
when Numeric then ->(_) { sleep(backoff) }
|
84
|
+
else ->(num_failures) { Kernel.sleep(1.2**num_failures) }
|
84
85
|
end
|
85
86
|
end
|
86
87
|
|
@@ -99,7 +100,7 @@ module Aws
|
|
99
100
|
@expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
|
100
101
|
end
|
101
102
|
rescue JSON::ParserError
|
102
|
-
raise Aws::Errors::MetadataParserError
|
103
|
+
raise Aws::Errors::MetadataParserError
|
103
104
|
end
|
104
105
|
end
|
105
106
|
|
@@ -117,7 +118,9 @@ module Aws
|
|
117
118
|
begin
|
118
119
|
retry_errors(NETWORK_ERRORS, max_retries: @retries) do
|
119
120
|
unless token_set?
|
120
|
-
token_value, ttl = http_put(
|
121
|
+
token_value, ttl = http_put(
|
122
|
+
conn, METADATA_TOKEN_PATH, @token_ttl
|
123
|
+
)
|
121
124
|
@token = Token.new(token_value, ttl) if token_value && ttl
|
122
125
|
end
|
123
126
|
end
|
@@ -127,13 +130,10 @@ module Aws
|
|
127
130
|
@token = nil
|
128
131
|
end
|
129
132
|
|
130
|
-
if token_set?
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
profile_name = http_get(conn, METADATA_PATH_BASE).lines.first.strip
|
135
|
-
http_get(conn, METADATA_PATH_BASE + profile_name)
|
136
|
-
end
|
133
|
+
token = @token.value if token_set?
|
134
|
+
metadata = http_get(conn, METADATA_PATH_BASE, token)
|
135
|
+
profile_name = metadata.lines.first.strip
|
136
|
+
http_get(conn, METADATA_PATH_BASE + profile_name, token)
|
137
137
|
end
|
138
138
|
end
|
139
139
|
rescue
|
@@ -147,8 +147,7 @@ module Aws
|
|
147
147
|
end
|
148
148
|
|
149
149
|
def _metadata_disabled?
|
150
|
-
|
151
|
-
!flag.nil? && flag.downcase == "true"
|
150
|
+
ENV.fetch('AWS_EC2_METADATA_DISABLED', 'false').downcase == 'true'
|
152
151
|
end
|
153
152
|
|
154
153
|
def open_connection
|
@@ -161,59 +160,54 @@ module Aws
|
|
161
160
|
end
|
162
161
|
|
163
162
|
# GET request fetch profile and credentials
|
164
|
-
def http_get(connection, path, token=nil)
|
165
|
-
headers = {
|
166
|
-
headers[
|
163
|
+
def http_get(connection, path, token = nil)
|
164
|
+
headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}" }
|
165
|
+
headers['x-aws-ec2-metadata-token'] = token if token
|
167
166
|
response = connection.request(Net::HTTP::Get.new(path, headers))
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
raise Non200Response
|
172
|
-
end
|
167
|
+
raise Non200Response unless response.code.to_i == 200
|
168
|
+
|
169
|
+
response.body
|
173
170
|
end
|
174
171
|
|
175
172
|
# PUT request fetch token with ttl
|
176
173
|
def http_put(connection, path, ttl)
|
177
174
|
headers = {
|
178
|
-
|
179
|
-
|
175
|
+
'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}",
|
176
|
+
'x-aws-ec2-metadata-token-ttl-seconds' => ttl.to_s
|
180
177
|
}
|
181
178
|
response = connection.request(Net::HTTP::Put.new(path, headers))
|
182
179
|
case response.code.to_i
|
183
180
|
when 200
|
184
181
|
[
|
185
182
|
response.body,
|
186
|
-
response.header[
|
183
|
+
response.header['x-aws-ec2-metadata-token-ttl-seconds'].to_i
|
187
184
|
]
|
188
|
-
when 401
|
189
|
-
raise TokenExpiredError
|
190
185
|
when 400
|
191
186
|
raise TokenRetrivalError
|
187
|
+
when 401
|
188
|
+
raise TokenExpiredError
|
192
189
|
else
|
193
190
|
raise Non200Response
|
194
191
|
end
|
195
192
|
end
|
196
193
|
|
197
|
-
def retry_errors(error_classes, options = {}, &
|
194
|
+
def retry_errors(error_classes, options = {}, &_block)
|
198
195
|
max_retries = options[:max_retries]
|
199
196
|
retries = 0
|
200
197
|
begin
|
201
198
|
yield
|
202
199
|
rescue *error_classes
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
raise
|
209
|
-
end
|
200
|
+
raise unless retries < max_retries
|
201
|
+
|
202
|
+
@backoff.call(retries)
|
203
|
+
retries += 1
|
204
|
+
retry
|
210
205
|
end
|
211
206
|
end
|
212
207
|
|
213
208
|
# @api private
|
214
209
|
# Token used to fetch IMDS profile and credentials
|
215
210
|
class Token
|
216
|
-
|
217
211
|
def initialize(value, ttl)
|
218
212
|
@ttl = ttl
|
219
213
|
@value = value
|
@@ -226,8 +220,6 @@ module Aws
|
|
226
220
|
def expired?
|
227
221
|
Time.now - @created_time > @ttl
|
228
222
|
end
|
229
|
-
|
230
223
|
end
|
231
|
-
|
232
224
|
end
|
233
225
|
end
|
@@ -171,7 +171,13 @@ module Aws
|
|
171
171
|
end
|
172
172
|
|
173
173
|
def _http_response_body(response)
|
174
|
-
|
174
|
+
if response.context.http_response.body.respond_to?(:rewind)
|
175
|
+
@param_formatter.summarize(
|
176
|
+
response.context.http_response.body_contents
|
177
|
+
)
|
178
|
+
else
|
179
|
+
''
|
180
|
+
end
|
175
181
|
end
|
176
182
|
|
177
183
|
def _error_class(response)
|
@@ -11,7 +11,7 @@ module Aws
|
|
11
11
|
#
|
12
12
|
# @api private
|
13
13
|
# begin
|
14
|
-
SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_request_token, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :destination_access_token, :digest_tip_address, :display_name, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :external_user_id, :feedback_token, :file, :first_name, :full_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :join_token, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :meeting_host_id, :message, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :private_key_plaintext, :proof, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :revision, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :session_token, :share_notes, :shared_secret, :slots, :sns_topic_arn, :source_access_token, :sqs_queue_arn, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :zip_file]
|
14
|
+
SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :block_data, :blocks, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_request_token, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :destination_access_token, :digest_tip_address, :display_name, :domain_signing_private_key, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :external_model_endpoint_data_blobs, :external_user_id, :feedback_token, :file, :first_name, :full_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :join_token, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :meeting_host_id, :message, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :private_key_plaintext, :proof, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :revision, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :session_token, :share_notes, :shared_secret, :slots, :sns_topic_arn, :source_access_token, :sqs_queue_arn, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :zip_file]
|
15
15
|
# end
|
16
16
|
|
17
17
|
def initialize(options = {})
|
@@ -183,6 +183,21 @@ module Aws
|
|
183
183
|
end
|
184
184
|
end
|
185
185
|
|
186
|
+
def s3_use_arn_region(opts = {})
|
187
|
+
p = opts[:profile] || @profile_name
|
188
|
+
if @config_enabled
|
189
|
+
if @parsed_credentials
|
190
|
+
value = @parsed_credentials.fetch(p, {})["s3_use_arn_region"]
|
191
|
+
end
|
192
|
+
if @parsed_config
|
193
|
+
value ||= @parsed_config.fetch(p, {})["s3_use_arn_region"]
|
194
|
+
end
|
195
|
+
value
|
196
|
+
else
|
197
|
+
nil
|
198
|
+
end
|
199
|
+
end
|
200
|
+
|
186
201
|
def endpoint_discovery(opts = {})
|
187
202
|
p = opts[:profile] || @profile_name
|
188
203
|
if @config_enabled && @parsed_config
|
data/lib/aws-sdk-sts.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -0,0 +1,67 @@
|
|
1
|
+
require 'aws-sigv4'
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module STS
|
5
|
+
# Allows you to create presigned URLs for STS operations.
|
6
|
+
#
|
7
|
+
# @example
|
8
|
+
#
|
9
|
+
# signer = Aws::STS::Presigner.new
|
10
|
+
# url = signer.get_caller_identity_presigned_url(
|
11
|
+
# headers: {"X-K8s-Aws-Id" => 'my-eks-cluster'}
|
12
|
+
# )
|
13
|
+
class Presigner
|
14
|
+
# @option options [Client] :client Optionally provide an existing
|
15
|
+
# STS client
|
16
|
+
def initialize(options = {})
|
17
|
+
@client = options[:client] || Aws::STS::Client.new
|
18
|
+
end
|
19
|
+
|
20
|
+
# Returns a presigned url for get_caller_identity.
|
21
|
+
#
|
22
|
+
# @option options [Hash] :headers
|
23
|
+
# Headers that should be signed and sent along with the request. All
|
24
|
+
# x-amz-* headers must be present during signing. Other headers are
|
25
|
+
# optional.
|
26
|
+
#
|
27
|
+
# @return [String] A presigned url string.
|
28
|
+
#
|
29
|
+
# @example
|
30
|
+
#
|
31
|
+
# url = signer.get_caller_identity_presigned_url(
|
32
|
+
# headers: {"X-K8s-Aws-Id" => 'my-eks-cluster'},
|
33
|
+
# )
|
34
|
+
#
|
35
|
+
# This can be easily converted to a token used by the EKS service:
|
36
|
+
# {https://ruby-doc.org/stdlib-2.3.1/libdoc/base64/rdoc/Base64.html#method-i-encode64}
|
37
|
+
# "k8s-aws-v1." + Base64.urlsafe_encode64(url).chomp("==")
|
38
|
+
def get_caller_identity_presigned_url(options = {})
|
39
|
+
req = @client.build_request(:get_session_token, {})
|
40
|
+
|
41
|
+
param_list = Aws::Query::ParamList.new
|
42
|
+
param_list.set('Action', 'GetCallerIdentity')
|
43
|
+
param_list.set('Version', req.context.config.api.version)
|
44
|
+
Aws::Query::EC2ParamBuilder.new(param_list)
|
45
|
+
.apply(req.context.operation.input, {})
|
46
|
+
|
47
|
+
signer = Aws::Sigv4::Signer.new(
|
48
|
+
service: 'sts',
|
49
|
+
region: req.context.config.region,
|
50
|
+
credentials_provider: req.context.config.credentials
|
51
|
+
)
|
52
|
+
|
53
|
+
url = Aws::Partitions::EndpointProvider.resolve(
|
54
|
+
req.context.config.region, 'sts', 'regional'
|
55
|
+
)
|
56
|
+
url += "/?#{param_list}"
|
57
|
+
|
58
|
+
signer.presign_url(
|
59
|
+
http_method: 'GET',
|
60
|
+
url: url,
|
61
|
+
body: '',
|
62
|
+
headers: options[:headers]
|
63
|
+
).to_s
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
@@ -173,9 +173,11 @@ module Seahorse
|
|
173
173
|
end
|
174
174
|
|
175
175
|
def _http_response_body(response)
|
176
|
-
response.context.http_response.body.respond_to?(:rewind)
|
177
|
-
summarize_value(response.context.http_response.body_contents)
|
176
|
+
if response.context.http_response.body.respond_to?(:rewind)
|
177
|
+
summarize_value(response.context.http_response.body_contents)
|
178
|
+
else
|
178
179
|
''
|
180
|
+
end
|
179
181
|
end
|
180
182
|
|
181
183
|
def _error_class(response)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.86.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-12-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jmespath
|
@@ -88,6 +88,8 @@ files:
|
|
88
88
|
- VERSION
|
89
89
|
- ca-bundle.crt
|
90
90
|
- lib/aws-sdk-core.rb
|
91
|
+
- lib/aws-sdk-core/arn.rb
|
92
|
+
- lib/aws-sdk-core/arn_parser.rb
|
91
93
|
- lib/aws-sdk-core/assume_role_credentials.rb
|
92
94
|
- lib/aws-sdk-core/assume_role_web_identity_credentials.rb
|
93
95
|
- lib/aws-sdk-core/async_client_stubs.rb
|
@@ -220,6 +222,7 @@ files:
|
|
220
222
|
- lib/aws-sdk-sts/customizations.rb
|
221
223
|
- lib/aws-sdk-sts/errors.rb
|
222
224
|
- lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb
|
225
|
+
- lib/aws-sdk-sts/presigner.rb
|
223
226
|
- lib/aws-sdk-sts/resource.rb
|
224
227
|
- lib/aws-sdk-sts/types.rb
|
225
228
|
- lib/seahorse.rb
|