aws-sdk-core 3.104.4 → 3.105.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/aws-sdk-core.rb +5 -3
- data/lib/aws-sdk-core/credential_provider_chain.rb +19 -0
- data/lib/aws-sdk-core/errors.rb +3 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +22 -7
- data/lib/aws-sdk-core/shared_config.rb +32 -0
- data/lib/aws-sdk-core/sso_credentials.rb +116 -0
- data/lib/aws-sdk-sso.rb +52 -0
- data/lib/aws-sdk-sso/client.rb +548 -0
- data/lib/aws-sdk-sso/client_api.rb +190 -0
- data/lib/aws-sdk-sso/customizations.rb +1 -0
- data/lib/aws-sdk-sso/errors.rb +102 -0
- data/lib/aws-sdk-sso/plugins/content_type.rb +25 -0
- data/lib/aws-sdk-sso/resource.rb +26 -0
- data/lib/aws-sdk-sso/types.rb +352 -0
- data/lib/aws-sdk-sts.rb +2 -2
- data/lib/aws-sdk-sts/client.rb +23 -8
- metadata +11 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b8c1b16aa96c3d7072aebb8d050d1ef7ebd252f8830b6113f86787e5db08ad65
|
4
|
+
data.tar.gz: 7044562082f62c1a3c635a358f920ed120353fbd0625e7377e2dd0c16538a248
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1c1d2546c9d2cb8ec8d6545339d5a6ce25afff4dfde771ab9c211e9e11a52d0f5badce17d495ab15211d0a8d39fa8cfd5f9de89b76240d149b2b7da6b307fb1c
|
7
|
+
data.tar.gz: 90522abd2e2839712d101baaccdcf42017063b6d7b8412eb2625b1e751faa8fa0b3c1fc06a547fd92b798fe55f85d5135b24900136fcc8d64fce42ad8bb3c79c
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.105.0
|
data/lib/aws-sdk-core.rb
CHANGED
@@ -18,9 +18,9 @@ require_relative 'aws-sdk-core/ecs_credentials'
|
|
18
18
|
require_relative 'aws-sdk-core/instance_profile_credentials'
|
19
19
|
require_relative 'aws-sdk-core/shared_credentials'
|
20
20
|
require_relative 'aws-sdk-core/process_credentials'
|
21
|
+
require_relative 'aws-sdk-core/sso_credentials'
|
21
22
|
|
22
23
|
# client modules
|
23
|
-
|
24
24
|
require_relative 'aws-sdk-core/client_stubs'
|
25
25
|
require_relative 'aws-sdk-core/async_client_stubs'
|
26
26
|
require_relative 'aws-sdk-core/eager_loader'
|
@@ -86,10 +86,12 @@ require_relative 'aws-sdk-core/client_side_monitoring/publisher'
|
|
86
86
|
require_relative 'aws-sdk-core/arn'
|
87
87
|
require_relative 'aws-sdk-core/arn_parser'
|
88
88
|
|
89
|
-
# aws-sdk-sts is
|
90
|
-
|
89
|
+
# aws-sdk-sts is included to support Aws::AssumeRoleCredentials
|
91
90
|
require 'aws-sdk-sts'
|
92
91
|
|
92
|
+
# aws-sdk-sso is included to support Aws::SSOCredentials
|
93
|
+
require 'aws-sdk-sso'
|
94
|
+
|
93
95
|
module Aws
|
94
96
|
|
95
97
|
CORE_GEM_VERSION = File.read(File.expand_path('../../VERSION', __FILE__)).strip
|
@@ -22,11 +22,13 @@ module Aws
|
|
22
22
|
[
|
23
23
|
[:static_credentials, {}],
|
24
24
|
[:static_profile_assume_role_web_identity_credentials, {}],
|
25
|
+
[:static_profile_sso_credentials, {}],
|
25
26
|
[:static_profile_assume_role_credentials, {}],
|
26
27
|
[:static_profile_credentials, {}],
|
27
28
|
[:static_profile_process_credentials, {}],
|
28
29
|
[:env_credentials, {}],
|
29
30
|
[:assume_role_web_identity_credentials, {}],
|
31
|
+
[:sso_credentials, {}],
|
30
32
|
[:assume_role_credentials, {}],
|
31
33
|
[:shared_credentials, {}],
|
32
34
|
[:process_credentials, {}],
|
@@ -57,6 +59,14 @@ module Aws
|
|
57
59
|
end
|
58
60
|
end
|
59
61
|
|
62
|
+
def static_profile_sso_credentials(options)
|
63
|
+
if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
|
64
|
+
Aws.shared_config.sso_credentials_from_config(
|
65
|
+
profile: options[:config].profile
|
66
|
+
)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
60
70
|
def static_profile_assume_role_credentials(options)
|
61
71
|
if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
|
62
72
|
assume_role_with_profile(options, options[:config].profile)
|
@@ -115,6 +125,15 @@ module Aws
|
|
115
125
|
nil
|
116
126
|
end
|
117
127
|
|
128
|
+
def sso_credentials(options)
|
129
|
+
profile_name = determine_profile_name(options)
|
130
|
+
if Aws.shared_config.config_enabled?
|
131
|
+
Aws.shared_config.sso_credentials_from_config(profile: profile_name)
|
132
|
+
end
|
133
|
+
rescue Errors::NoSuchProfileError
|
134
|
+
nil
|
135
|
+
end
|
136
|
+
|
118
137
|
def assume_role_credentials(options)
|
119
138
|
if Aws.shared_config.config_enabled?
|
120
139
|
assume_role_with_profile(options, determine_profile_name(options))
|
data/lib/aws-sdk-core/errors.rb
CHANGED
@@ -207,6 +207,9 @@ module Aws
|
|
207
207
|
# payload with either invalid version number or malformed contents
|
208
208
|
class InvalidProcessCredentialsPayload < RuntimeError; end
|
209
209
|
|
210
|
+
# Raised when SSO Credentials are invalid
|
211
|
+
class InvalidSSOCredentials < RuntimeError; end
|
212
|
+
|
210
213
|
# Raised when a client is constructed and region is not specified.
|
211
214
|
class MissingRegionError < ArgumentError
|
212
215
|
def initialize(*args)
|
@@ -30,13 +30,28 @@ following classes:
|
|
30
30
|
* `Aws::Credentials` - Used for configuring static, non-refreshing
|
31
31
|
credentials.
|
32
32
|
|
33
|
+
* `Aws::SharedCredentials` - Used for loading static credentials from a
|
34
|
+
shared file, such as `~/.aws/config`.
|
35
|
+
|
36
|
+
* `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
|
37
|
+
|
38
|
+
* `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
|
39
|
+
assume a role after providing credentials via the web.
|
40
|
+
|
41
|
+
* `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
|
42
|
+
access token generated from `aws login`.
|
43
|
+
|
44
|
+
* `Aws::ProcessCredentials` - Used for loading credentials from a
|
45
|
+
process that outputs to stdout.
|
46
|
+
|
33
47
|
* `Aws::InstanceProfileCredentials` - Used for loading credentials
|
34
48
|
from an EC2 IMDS on an EC2 instance.
|
35
49
|
|
36
|
-
* `Aws::
|
37
|
-
|
50
|
+
* `Aws::ECSCredentials` - Used for loading credentials from
|
51
|
+
instances running in ECS.
|
38
52
|
|
39
|
-
* `Aws::
|
53
|
+
* `Aws::CognitoIdentityCredentials` - Used for loading credentials
|
54
|
+
from the Cognito Identity service.
|
40
55
|
|
41
56
|
When `:credentials` are not configured directly, the following
|
42
57
|
locations will be searched for credentials:
|
@@ -46,10 +61,10 @@ locations will be searched for credentials:
|
|
46
61
|
* ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
|
47
62
|
* `~/.aws/credentials`
|
48
63
|
* `~/.aws/config`
|
49
|
-
* EC2 IMDS instance profile - When used by default, the timeouts
|
50
|
-
very aggressive. Construct and pass an instance of
|
51
|
-
`Aws::InstanceProfileCredentails`
|
52
|
-
timeouts.
|
64
|
+
* EC2/ECS IMDS instance profile - When used by default, the timeouts
|
65
|
+
are very aggressive. Construct and pass an instance of
|
66
|
+
`Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
67
|
+
enable retries and extended timeouts.
|
53
68
|
DOCS
|
54
69
|
) do |config|
|
55
70
|
CredentialProviderChain.new(config).resolve
|
@@ -3,6 +3,8 @@
|
|
3
3
|
module Aws
|
4
4
|
# @api private
|
5
5
|
class SharedConfig
|
6
|
+
SSO_PROFILE_KEYS = %w[sso_start_url sso_region sso_account_id sso_role_name].freeze
|
7
|
+
|
6
8
|
# @return [String]
|
7
9
|
attr_reader :credentials_path
|
8
10
|
|
@@ -135,6 +137,18 @@ module Aws
|
|
135
137
|
end
|
136
138
|
end
|
137
139
|
|
140
|
+
# Attempts to load from shared config or shared credentials file.
|
141
|
+
# Will always attempt first to load from the shared credentials
|
142
|
+
# file, if present.
|
143
|
+
def sso_credentials_from_config(opts = {})
|
144
|
+
p = opts[:profile] || @profile_name
|
145
|
+
credentials = sso_credentials_from_profile(@parsed_credentials, p)
|
146
|
+
if @parsed_config
|
147
|
+
credentials ||= sso_credentials_from_profile(@parsed_config, p)
|
148
|
+
end
|
149
|
+
credentials
|
150
|
+
end
|
151
|
+
|
138
152
|
# Add an accessor method (similar to attr_reader) to return a configuration value
|
139
153
|
# Uses the get_config_value below to control where
|
140
154
|
# values are loaded from
|
@@ -237,6 +251,8 @@ module Aws
|
|
237
251
|
provider.credentials if provider.credentials.set?
|
238
252
|
elsif (provider = assume_role_process_credentials_from_config(profile))
|
239
253
|
provider.credentials if provider.credentials.set?
|
254
|
+
elsif (provider = sso_credentials_from_config(profile: profile))
|
255
|
+
provider.credentials if provider.credentials.set?
|
240
256
|
end
|
241
257
|
end
|
242
258
|
|
@@ -273,6 +289,22 @@ module Aws
|
|
273
289
|
end
|
274
290
|
end
|
275
291
|
|
292
|
+
# If any of the sso_ profile values are present, attempt to construct
|
293
|
+
# SSOCredentials
|
294
|
+
def sso_credentials_from_profile(cfg, profile)
|
295
|
+
if @parsed_config &&
|
296
|
+
(prof_config = cfg[profile]) &&
|
297
|
+
!(prof_config.keys & SSO_PROFILE_KEYS).empty?
|
298
|
+
|
299
|
+
SSOCredentials.new(
|
300
|
+
sso_start_url: prof_config['sso_start_url'],
|
301
|
+
sso_region: prof_config['sso_region'],
|
302
|
+
sso_account_id: prof_config['sso_account_id'],
|
303
|
+
sso_role_name: prof_config['sso_role_name']
|
304
|
+
)
|
305
|
+
end
|
306
|
+
end
|
307
|
+
|
276
308
|
def credentials_from_profile(prof_config)
|
277
309
|
creds = Credentials.new(
|
278
310
|
prof_config['aws_access_key_id'],
|
@@ -0,0 +1,116 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
# An auto-refreshing credential provider that works by assuming a
|
5
|
+
# role via {Aws::SSO::Client#get_role_credentials} using a cached access
|
6
|
+
# token. This class does NOT implement the SSO login token flow - tokens
|
7
|
+
# must generated and refreshed separately by running `aws login` with the
|
8
|
+
# correct profile.
|
9
|
+
#
|
10
|
+
# For more background on AWS SSO see the official
|
11
|
+
# [what is SSO](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html]
|
12
|
+
# page.
|
13
|
+
#
|
14
|
+
# ## Refreshing Credentials from SSO
|
15
|
+
#
|
16
|
+
# The `SSOCredentials` will auto-refresh the AWS credentials from SSO. In
|
17
|
+
# addition to AWS credentials expiring after a given amount of time, the
|
18
|
+
# access token generated and cached from `aws login` will also expire.
|
19
|
+
# Once this token expires, it will not be usable to refresh AWS credentials,
|
20
|
+
# and another token will be needed. The SDK does not manage refreshing of
|
21
|
+
# the token value, but this can be done by running `aws login` with the
|
22
|
+
# correct profile.
|
23
|
+
class SSOCredentials
|
24
|
+
|
25
|
+
include CredentialProvider
|
26
|
+
include RefreshingCredentials
|
27
|
+
|
28
|
+
SSO_REQUIRED_OPTS = [:sso_account_id, :sso_region, :sso_role_name, :sso_start_url].freeze
|
29
|
+
|
30
|
+
SSO_LOGIN_GUIDANCE = 'The SSO session associated with this profile has '\
|
31
|
+
'expired or is otherwise invalid. To refresh this SSO session run '\
|
32
|
+
'aws sso login with the corresponding profile.'.freeze
|
33
|
+
|
34
|
+
# @option options [required, String] :sso_account_id The AWS account ID
|
35
|
+
# that temporary AWS credentials will be resolved for
|
36
|
+
#
|
37
|
+
# @option options [required, String] :sso_region The AWS region where the
|
38
|
+
# SSO directory for the given sso_start_url is hosted.
|
39
|
+
#
|
40
|
+
# @option options [required, String] :sso_role_name The corresponding
|
41
|
+
# IAM role in the AWS account that temporary AWS credentials
|
42
|
+
# will be resolved for.
|
43
|
+
#
|
44
|
+
# @option options [required, String] :sso_start_url The start URL is
|
45
|
+
# provided by the SSO service via the console and is the URL used to
|
46
|
+
# login to the SSO directory. This is also sometimes referred to as
|
47
|
+
# the "User Portal URL"
|
48
|
+
|
49
|
+
# @option options [SSO::Client] :client Optional `SSO::Client`. If not
|
50
|
+
# provided, a client will be constructed.
|
51
|
+
def initialize(options = {})
|
52
|
+
|
53
|
+
missing_keys = SSO_REQUIRED_OPTS.select { |k| options[k].nil? }
|
54
|
+
unless missing_keys.empty?
|
55
|
+
raise ArgumentError, "Missing required keys: #{missing_keys}"
|
56
|
+
end
|
57
|
+
|
58
|
+
@sso_start_url = options.delete(:sso_start_url)
|
59
|
+
@sso_region = options.delete(:sso_region)
|
60
|
+
@sso_role_name = options.delete(:sso_role_name)
|
61
|
+
@sso_account_id = options.delete(:sso_account_id)
|
62
|
+
|
63
|
+
# validate we can read the token file
|
64
|
+
read_cached_token
|
65
|
+
|
66
|
+
options[:region] = @sso_region
|
67
|
+
options[:credentials] = nil
|
68
|
+
@client = options[:client] || SSO::Client.new(options)
|
69
|
+
super
|
70
|
+
end
|
71
|
+
|
72
|
+
# @return [STS::Client]
|
73
|
+
attr_reader :client
|
74
|
+
|
75
|
+
private
|
76
|
+
|
77
|
+
def read_cached_token
|
78
|
+
cached_token = Json.load(File.read(sso_cache_file))
|
79
|
+
# validation
|
80
|
+
unless cached_token['accessToken'] && cached_token['expiresAt']
|
81
|
+
raise ArgumentError, 'Missing required field(s)'
|
82
|
+
end
|
83
|
+
expires_at = DateTime.parse(cached_token['expiresAt'])
|
84
|
+
if expires_at < DateTime.now
|
85
|
+
raise ArgumentError, 'Cached SSO Token is expired.'
|
86
|
+
end
|
87
|
+
cached_token
|
88
|
+
rescue Aws::Json::ParseError, ArgumentError
|
89
|
+
raise Errors::InvalidSSOCredentials, SSO_LOGIN_GUIDANCE
|
90
|
+
end
|
91
|
+
|
92
|
+
def refresh
|
93
|
+
cached_token = read_cached_token
|
94
|
+
c = @client.get_role_credentials(
|
95
|
+
account_id: @sso_account_id,
|
96
|
+
role_name: @sso_role_name,
|
97
|
+
access_token: cached_token['accessToken']
|
98
|
+
).role_credentials
|
99
|
+
|
100
|
+
@credentials = Credentials.new(
|
101
|
+
c.access_key_id,
|
102
|
+
c.secret_access_key,
|
103
|
+
c.session_token
|
104
|
+
)
|
105
|
+
@expiration = c.expiration
|
106
|
+
end
|
107
|
+
|
108
|
+
def sso_cache_file
|
109
|
+
start_url_sha1 = OpenSSL::Digest::SHA1.hexdigest(@sso_start_url.encode('utf-8'))
|
110
|
+
File.join(Dir.home, '.aws', 'sso', 'cache', "#{start_url_sha1}.json")
|
111
|
+
rescue ArgumentError
|
112
|
+
# Dir.home raises ArgumentError when ENV['home'] is not set
|
113
|
+
raise ArgumentError, "Unable to load sso_cache_file: ENV['HOME'] is not set."
|
114
|
+
end
|
115
|
+
end
|
116
|
+
end
|
data/lib/aws-sdk-sso.rb
ADDED
@@ -0,0 +1,52 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
require 'aws-sdk-core'
|
11
|
+
require 'aws-sigv4'
|
12
|
+
|
13
|
+
require_relative 'aws-sdk-sso/types'
|
14
|
+
require_relative 'aws-sdk-sso/client_api'
|
15
|
+
require_relative 'aws-sdk-sso/client'
|
16
|
+
require_relative 'aws-sdk-sso/errors'
|
17
|
+
require_relative 'aws-sdk-sso/resource'
|
18
|
+
require_relative 'aws-sdk-sso/customizations'
|
19
|
+
|
20
|
+
# This module provides support for AWS Single Sign-On. This module is available in the
|
21
|
+
# `aws-sdk-core` gem.
|
22
|
+
#
|
23
|
+
# # Client
|
24
|
+
#
|
25
|
+
# The {Client} class provides one method for each API operation. Operation
|
26
|
+
# methods each accept a hash of request parameters and return a response
|
27
|
+
# structure.
|
28
|
+
#
|
29
|
+
# sso = Aws::SSO::Client.new
|
30
|
+
# resp = sso.get_role_credentials(params)
|
31
|
+
#
|
32
|
+
# See {Client} for more information.
|
33
|
+
#
|
34
|
+
# # Errors
|
35
|
+
#
|
36
|
+
# Errors returned from AWS Single Sign-On are defined in the
|
37
|
+
# {Errors} module and all extend {Errors::ServiceError}.
|
38
|
+
#
|
39
|
+
# begin
|
40
|
+
# # do stuff
|
41
|
+
# rescue Aws::SSO::Errors::ServiceError
|
42
|
+
# # rescues all AWS Single Sign-On API errors
|
43
|
+
# end
|
44
|
+
#
|
45
|
+
# See {Errors} for more information.
|
46
|
+
#
|
47
|
+
# @!group service
|
48
|
+
module Aws::SSO
|
49
|
+
|
50
|
+
GEM_VERSION = '3.105.0'
|
51
|
+
|
52
|
+
end
|
@@ -0,0 +1,548 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
require 'seahorse/client/plugins/content_length.rb'
|
11
|
+
require 'aws-sdk-core/plugins/credentials_configuration.rb'
|
12
|
+
require 'aws-sdk-core/plugins/logging.rb'
|
13
|
+
require 'aws-sdk-core/plugins/param_converter.rb'
|
14
|
+
require 'aws-sdk-core/plugins/param_validator.rb'
|
15
|
+
require 'aws-sdk-core/plugins/user_agent.rb'
|
16
|
+
require 'aws-sdk-core/plugins/helpful_socket_errors.rb'
|
17
|
+
require 'aws-sdk-core/plugins/retry_errors.rb'
|
18
|
+
require 'aws-sdk-core/plugins/global_configuration.rb'
|
19
|
+
require 'aws-sdk-core/plugins/regional_endpoint.rb'
|
20
|
+
require 'aws-sdk-core/plugins/endpoint_discovery.rb'
|
21
|
+
require 'aws-sdk-core/plugins/endpoint_pattern.rb'
|
22
|
+
require 'aws-sdk-core/plugins/response_paging.rb'
|
23
|
+
require 'aws-sdk-core/plugins/stub_responses.rb'
|
24
|
+
require 'aws-sdk-core/plugins/idempotency_token.rb'
|
25
|
+
require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
|
26
|
+
require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
27
|
+
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
|
+
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
|
+
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/signature_v4.rb'
|
31
|
+
require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
32
|
+
require 'aws-sdk-sso/plugins/content_type.rb'
|
33
|
+
|
34
|
+
Aws::Plugins::GlobalConfiguration.add_identifier(:sso)
|
35
|
+
|
36
|
+
module Aws::SSO
|
37
|
+
# An API client for SSO. To construct a client, you need to configure a `:region` and `:credentials`.
|
38
|
+
#
|
39
|
+
# client = Aws::SSO::Client.new(
|
40
|
+
# region: region_name,
|
41
|
+
# credentials: credentials,
|
42
|
+
# # ...
|
43
|
+
# )
|
44
|
+
#
|
45
|
+
# For details on configuring region and credentials see
|
46
|
+
# the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
|
47
|
+
#
|
48
|
+
# See {#initialize} for a full list of supported configuration options.
|
49
|
+
class Client < Seahorse::Client::Base
|
50
|
+
|
51
|
+
include Aws::ClientStubs
|
52
|
+
|
53
|
+
@identifier = :sso
|
54
|
+
|
55
|
+
set_api(ClientApi::API)
|
56
|
+
|
57
|
+
add_plugin(Seahorse::Client::Plugins::ContentLength)
|
58
|
+
add_plugin(Aws::Plugins::CredentialsConfiguration)
|
59
|
+
add_plugin(Aws::Plugins::Logging)
|
60
|
+
add_plugin(Aws::Plugins::ParamConverter)
|
61
|
+
add_plugin(Aws::Plugins::ParamValidator)
|
62
|
+
add_plugin(Aws::Plugins::UserAgent)
|
63
|
+
add_plugin(Aws::Plugins::HelpfulSocketErrors)
|
64
|
+
add_plugin(Aws::Plugins::RetryErrors)
|
65
|
+
add_plugin(Aws::Plugins::GlobalConfiguration)
|
66
|
+
add_plugin(Aws::Plugins::RegionalEndpoint)
|
67
|
+
add_plugin(Aws::Plugins::EndpointDiscovery)
|
68
|
+
add_plugin(Aws::Plugins::EndpointPattern)
|
69
|
+
add_plugin(Aws::Plugins::ResponsePaging)
|
70
|
+
add_plugin(Aws::Plugins::StubResponses)
|
71
|
+
add_plugin(Aws::Plugins::IdempotencyToken)
|
72
|
+
add_plugin(Aws::Plugins::JsonvalueConverter)
|
73
|
+
add_plugin(Aws::Plugins::ClientMetricsPlugin)
|
74
|
+
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
75
|
+
add_plugin(Aws::Plugins::TransferEncoding)
|
76
|
+
add_plugin(Aws::Plugins::HttpChecksum)
|
77
|
+
add_plugin(Aws::Plugins::SignatureV4)
|
78
|
+
add_plugin(Aws::Plugins::Protocols::RestJson)
|
79
|
+
add_plugin(Aws::SSO::Plugins::ContentType)
|
80
|
+
|
81
|
+
# @overload initialize(options)
|
82
|
+
# @param [Hash] options
|
83
|
+
# @option options [required, Aws::CredentialProvider] :credentials
|
84
|
+
# Your AWS credentials. This can be an instance of any one of the
|
85
|
+
# following classes:
|
86
|
+
#
|
87
|
+
# * `Aws::Credentials` - Used for configuring static, non-refreshing
|
88
|
+
# credentials.
|
89
|
+
#
|
90
|
+
# * `Aws::SharedCredentials` - Used for loading static credentials from a
|
91
|
+
# shared file, such as `~/.aws/config`.
|
92
|
+
#
|
93
|
+
# * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
|
94
|
+
#
|
95
|
+
# * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
|
96
|
+
# assume a role after providing credentials via the web.
|
97
|
+
#
|
98
|
+
# * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
|
99
|
+
# access token generated from `aws login`.
|
100
|
+
#
|
101
|
+
# * `Aws::ProcessCredentials` - Used for loading credentials from a
|
102
|
+
# process that outputs to stdout.
|
103
|
+
#
|
104
|
+
# * `Aws::InstanceProfileCredentials` - Used for loading credentials
|
105
|
+
# from an EC2 IMDS on an EC2 instance.
|
106
|
+
#
|
107
|
+
# * `Aws::ECSCredentials` - Used for loading credentials from
|
108
|
+
# instances running in ECS.
|
109
|
+
#
|
110
|
+
# * `Aws::CognitoIdentityCredentials` - Used for loading credentials
|
111
|
+
# from the Cognito Identity service.
|
112
|
+
#
|
113
|
+
# When `:credentials` are not configured directly, the following
|
114
|
+
# locations will be searched for credentials:
|
115
|
+
#
|
116
|
+
# * `Aws.config[:credentials]`
|
117
|
+
# * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
|
118
|
+
# * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
|
119
|
+
# * `~/.aws/credentials`
|
120
|
+
# * `~/.aws/config`
|
121
|
+
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
122
|
+
# are very aggressive. Construct and pass an instance of
|
123
|
+
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
124
|
+
# enable retries and extended timeouts.
|
125
|
+
#
|
126
|
+
# @option options [required, String] :region
|
127
|
+
# The AWS region to connect to. The configured `:region` is
|
128
|
+
# used to determine the service `:endpoint`. When not passed,
|
129
|
+
# a default `:region` is searched for in the following locations:
|
130
|
+
#
|
131
|
+
# * `Aws.config[:region]`
|
132
|
+
# * `ENV['AWS_REGION']`
|
133
|
+
# * `ENV['AMAZON_REGION']`
|
134
|
+
# * `ENV['AWS_DEFAULT_REGION']`
|
135
|
+
# * `~/.aws/credentials`
|
136
|
+
# * `~/.aws/config`
|
137
|
+
#
|
138
|
+
# @option options [String] :access_key_id
|
139
|
+
#
|
140
|
+
# @option options [Boolean] :active_endpoint_cache (false)
|
141
|
+
# When set to `true`, a thread polling for endpoints will be running in
|
142
|
+
# the background every 60 secs (default). Defaults to `false`.
|
143
|
+
#
|
144
|
+
# @option options [Boolean] :adaptive_retry_wait_to_fill (true)
|
145
|
+
# Used only in `adaptive` retry mode. When true, the request will sleep
|
146
|
+
# until there is sufficent client side capacity to retry the request.
|
147
|
+
# When false, the request will raise a `RetryCapacityNotAvailableError` and will
|
148
|
+
# not retry instead of sleeping.
|
149
|
+
#
|
150
|
+
# @option options [Boolean] :client_side_monitoring (false)
|
151
|
+
# When `true`, client-side metrics will be collected for all API requests from
|
152
|
+
# this client.
|
153
|
+
#
|
154
|
+
# @option options [String] :client_side_monitoring_client_id ("")
|
155
|
+
# Allows you to provide an identifier for this client which will be attached to
|
156
|
+
# all generated client side metrics. Defaults to an empty string.
|
157
|
+
#
|
158
|
+
# @option options [String] :client_side_monitoring_host ("127.0.0.1")
|
159
|
+
# Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client
|
160
|
+
# side monitoring agent is running on, where client metrics will be published via UDP.
|
161
|
+
#
|
162
|
+
# @option options [Integer] :client_side_monitoring_port (31000)
|
163
|
+
# Required for publishing client metrics. The port that the client side monitoring
|
164
|
+
# agent is running on, where client metrics will be published via UDP.
|
165
|
+
#
|
166
|
+
# @option options [Aws::ClientSideMonitoring::Publisher] :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher)
|
167
|
+
# Allows you to provide a custom client-side monitoring publisher class. By default,
|
168
|
+
# will use the Client Side Monitoring Agent Publisher.
|
169
|
+
#
|
170
|
+
# @option options [Boolean] :convert_params (true)
|
171
|
+
# When `true`, an attempt is made to coerce request parameters into
|
172
|
+
# the required types.
|
173
|
+
#
|
174
|
+
# @option options [Boolean] :correct_clock_skew (true)
|
175
|
+
# Used only in `standard` and adaptive retry modes. Specifies whether to apply
|
176
|
+
# a clock skew correction and retry requests with skewed client clocks.
|
177
|
+
#
|
178
|
+
# @option options [Boolean] :disable_host_prefix_injection (false)
|
179
|
+
# Set to true to disable SDK automatically adding host prefix
|
180
|
+
# to default service endpoint when available.
|
181
|
+
#
|
182
|
+
# @option options [String] :endpoint
|
183
|
+
# The client endpoint is normally constructed from the `:region`
|
184
|
+
# option. You should only configure an `:endpoint` when connecting
|
185
|
+
# to test or custom endpoints. This should be a valid HTTP(S) URI.
|
186
|
+
#
|
187
|
+
# @option options [Integer] :endpoint_cache_max_entries (1000)
|
188
|
+
# Used for the maximum size limit of the LRU cache storing endpoints data
|
189
|
+
# for endpoint discovery enabled operations. Defaults to 1000.
|
190
|
+
#
|
191
|
+
# @option options [Integer] :endpoint_cache_max_threads (10)
|
192
|
+
# Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.
|
193
|
+
#
|
194
|
+
# @option options [Integer] :endpoint_cache_poll_interval (60)
|
195
|
+
# When :endpoint_discovery and :active_endpoint_cache is enabled,
|
196
|
+
# Use this option to config the time interval in seconds for making
|
197
|
+
# requests fetching endpoints information. Defaults to 60 sec.
|
198
|
+
#
|
199
|
+
# @option options [Boolean] :endpoint_discovery (false)
|
200
|
+
# When set to `true`, endpoint discovery will be enabled for operations when available.
|
201
|
+
#
|
202
|
+
# @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
|
203
|
+
# The log formatter.
|
204
|
+
#
|
205
|
+
# @option options [Symbol] :log_level (:info)
|
206
|
+
# The log level to send messages to the `:logger` at.
|
207
|
+
#
|
208
|
+
# @option options [Logger] :logger
|
209
|
+
# The Logger instance to send log messages to. If this option
|
210
|
+
# is not set, logging will be disabled.
|
211
|
+
#
|
212
|
+
# @option options [Integer] :max_attempts (3)
|
213
|
+
# An integer representing the maximum number attempts that will be made for
|
214
|
+
# a single request, including the initial attempt. For example,
|
215
|
+
# setting this value to 5 will result in a request being retried up to
|
216
|
+
# 4 times. Used in `standard` and `adaptive` retry modes.
|
217
|
+
#
|
218
|
+
# @option options [String] :profile ("default")
|
219
|
+
# Used when loading credentials from the shared credentials file
|
220
|
+
# at HOME/.aws/credentials. When not specified, 'default' is used.
|
221
|
+
#
|
222
|
+
# @option options [Proc] :retry_backoff
|
223
|
+
# A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
|
224
|
+
# This option is only used in the `legacy` retry mode.
|
225
|
+
#
|
226
|
+
# @option options [Float] :retry_base_delay (0.3)
|
227
|
+
# The base delay in seconds used by the default backoff function. This option
|
228
|
+
# is only used in the `legacy` retry mode.
|
229
|
+
#
|
230
|
+
# @option options [Symbol] :retry_jitter (:none)
|
231
|
+
# A delay randomiser function used by the default backoff function.
|
232
|
+
# Some predefined functions can be referenced by name - :none, :equal, :full,
|
233
|
+
# otherwise a Proc that takes and returns a number. This option is only used
|
234
|
+
# in the `legacy` retry mode.
|
235
|
+
#
|
236
|
+
# @see https://www.awsarchitectureblog.com/2015/03/backoff.html
|
237
|
+
#
|
238
|
+
# @option options [Integer] :retry_limit (3)
|
239
|
+
# The maximum number of times to retry failed requests. Only
|
240
|
+
# ~ 500 level server errors and certain ~ 400 level client errors
|
241
|
+
# are retried. Generally, these are throttling errors, data
|
242
|
+
# checksum errors, networking errors, timeout errors, auth errors,
|
243
|
+
# endpoint discovery, and errors from expired credentials.
|
244
|
+
# This option is only used in the `legacy` retry mode.
|
245
|
+
#
|
246
|
+
# @option options [Integer] :retry_max_delay (0)
|
247
|
+
# The maximum number of seconds to delay between retries (0 for no limit)
|
248
|
+
# used by the default backoff function. This option is only used in the
|
249
|
+
# `legacy` retry mode.
|
250
|
+
#
|
251
|
+
# @option options [String] :retry_mode ("legacy")
|
252
|
+
# Specifies which retry algorithm to use. Values are:
|
253
|
+
#
|
254
|
+
# * `legacy` - The pre-existing retry behavior. This is default value if
|
255
|
+
# no retry mode is provided.
|
256
|
+
#
|
257
|
+
# * `standard` - A standardized set of retry rules across the AWS SDKs.
|
258
|
+
# This includes support for retry quotas, which limit the number of
|
259
|
+
# unsuccessful retries a client can make.
|
260
|
+
#
|
261
|
+
# * `adaptive` - An experimental retry mode that includes all the
|
262
|
+
# functionality of `standard` mode along with automatic client side
|
263
|
+
# throttling. This is a provisional mode that may change behavior
|
264
|
+
# in the future.
|
265
|
+
#
|
266
|
+
#
|
267
|
+
# @option options [String] :secret_access_key
|
268
|
+
#
|
269
|
+
# @option options [String] :session_token
|
270
|
+
#
|
271
|
+
# @option options [Boolean] :stub_responses (false)
|
272
|
+
# Causes the client to return stubbed responses. By default
|
273
|
+
# fake responses are generated and returned. You can specify
|
274
|
+
# the response data to return or errors to raise by calling
|
275
|
+
# {ClientStubs#stub_responses}. See {ClientStubs} for more information.
|
276
|
+
#
|
277
|
+
# ** Please note ** When response stubbing is enabled, no HTTP
|
278
|
+
# requests are made, and retries are disabled.
|
279
|
+
#
|
280
|
+
# @option options [Boolean] :validate_params (true)
|
281
|
+
# When `true`, request parameters are validated before
|
282
|
+
# sending the request.
|
283
|
+
#
|
284
|
+
# @option options [URI::HTTP,String] :http_proxy A proxy to send
|
285
|
+
# requests through. Formatted like 'http://proxy.com:123'.
|
286
|
+
#
|
287
|
+
# @option options [Float] :http_open_timeout (15) The number of
|
288
|
+
# seconds to wait when opening a HTTP session before raising a
|
289
|
+
# `Timeout::Error`.
|
290
|
+
#
|
291
|
+
# @option options [Integer] :http_read_timeout (60) The default
|
292
|
+
# number of seconds to wait for response data. This value can
|
293
|
+
# safely be set per-request on the session.
|
294
|
+
#
|
295
|
+
# @option options [Float] :http_idle_timeout (5) The number of
|
296
|
+
# seconds a connection is allowed to sit idle before it is
|
297
|
+
# considered stale. Stale connections are closed and removed
|
298
|
+
# from the pool before making a request.
|
299
|
+
#
|
300
|
+
# @option options [Float] :http_continue_timeout (1) The number of
|
301
|
+
# seconds to wait for a 100-continue response before sending the
|
302
|
+
# request body. This option has no effect unless the request has
|
303
|
+
# "Expect" header set to "100-continue". Defaults to `nil` which
|
304
|
+
# disables this behaviour. This value can safely be set per
|
305
|
+
# request on the session.
|
306
|
+
#
|
307
|
+
# @option options [Boolean] :http_wire_trace (false) When `true`,
|
308
|
+
# HTTP debug output will be sent to the `:logger`.
|
309
|
+
#
|
310
|
+
# @option options [Boolean] :ssl_verify_peer (true) When `true`,
|
311
|
+
# SSL peer certificates are verified when establishing a
|
312
|
+
# connection.
|
313
|
+
#
|
314
|
+
# @option options [String] :ssl_ca_bundle Full path to the SSL
|
315
|
+
# certificate authority bundle file that should be used when
|
316
|
+
# verifying peer certificates. If you do not pass
|
317
|
+
# `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default
|
318
|
+
# will be used if available.
|
319
|
+
#
|
320
|
+
# @option options [String] :ssl_ca_directory Full path of the
|
321
|
+
# directory that contains the unbundled SSL certificate
|
322
|
+
# authority files for verifying peer certificates. If you do
|
323
|
+
# not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the
|
324
|
+
# system default will be used if available.
|
325
|
+
#
|
326
|
+
def initialize(*args)
|
327
|
+
super
|
328
|
+
end
|
329
|
+
|
330
|
+
# @!group API Operations
|
331
|
+
|
332
|
+
# Returns the STS short-term credentials for a given role name that is
|
333
|
+
# assigned to the user.
|
334
|
+
#
|
335
|
+
# @option params [required, String] :role_name
|
336
|
+
# The friendly name of the role that is assigned to the user.
|
337
|
+
#
|
338
|
+
# @option params [required, String] :account_id
|
339
|
+
# The identifier for the AWS account that is assigned to the user.
|
340
|
+
#
|
341
|
+
# @option params [required, String] :access_token
|
342
|
+
# The token issued by the `CreateToken` API call. For more information,
|
343
|
+
# see [CreateToken][1] in the *AWS SSO OIDC API Reference Guide*.
|
344
|
+
#
|
345
|
+
#
|
346
|
+
#
|
347
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
|
348
|
+
#
|
349
|
+
# @return [Types::GetRoleCredentialsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
350
|
+
#
|
351
|
+
# * {Types::GetRoleCredentialsResponse#role_credentials #role_credentials} => Types::RoleCredentials
|
352
|
+
#
|
353
|
+
# @example Request syntax with placeholder values
|
354
|
+
#
|
355
|
+
# resp = client.get_role_credentials({
|
356
|
+
# role_name: "RoleNameType", # required
|
357
|
+
# account_id: "AccountIdType", # required
|
358
|
+
# access_token: "AccessTokenType", # required
|
359
|
+
# })
|
360
|
+
#
|
361
|
+
# @example Response structure
|
362
|
+
#
|
363
|
+
# resp.role_credentials.access_key_id #=> String
|
364
|
+
# resp.role_credentials.secret_access_key #=> String
|
365
|
+
# resp.role_credentials.session_token #=> String
|
366
|
+
# resp.role_credentials.expiration #=> Integer
|
367
|
+
#
|
368
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials AWS API Documentation
|
369
|
+
#
|
370
|
+
# @overload get_role_credentials(params = {})
|
371
|
+
# @param [Hash] params ({})
|
372
|
+
def get_role_credentials(params = {}, options = {})
|
373
|
+
req = build_request(:get_role_credentials, params)
|
374
|
+
req.send_request(options)
|
375
|
+
end
|
376
|
+
|
377
|
+
# Lists all roles that are assigned to the user for a given AWS account.
|
378
|
+
#
|
379
|
+
# @option params [String] :next_token
|
380
|
+
# The page token from the previous response output when you request
|
381
|
+
# subsequent pages.
|
382
|
+
#
|
383
|
+
# @option params [Integer] :max_results
|
384
|
+
# The number of items that clients can request per page.
|
385
|
+
#
|
386
|
+
# @option params [required, String] :access_token
|
387
|
+
# The token issued by the `CreateToken` API call. For more information,
|
388
|
+
# see [CreateToken][1] in the *AWS SSO OIDC API Reference Guide*.
|
389
|
+
#
|
390
|
+
#
|
391
|
+
#
|
392
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
|
393
|
+
#
|
394
|
+
# @option params [required, String] :account_id
|
395
|
+
# The identifier for the AWS account that is assigned to the user.
|
396
|
+
#
|
397
|
+
# @return [Types::ListAccountRolesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
398
|
+
#
|
399
|
+
# * {Types::ListAccountRolesResponse#next_token #next_token} => String
|
400
|
+
# * {Types::ListAccountRolesResponse#role_list #role_list} => Array<Types::RoleInfo>
|
401
|
+
#
|
402
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
403
|
+
#
|
404
|
+
# @example Request syntax with placeholder values
|
405
|
+
#
|
406
|
+
# resp = client.list_account_roles({
|
407
|
+
# next_token: "NextTokenType",
|
408
|
+
# max_results: 1,
|
409
|
+
# access_token: "AccessTokenType", # required
|
410
|
+
# account_id: "AccountIdType", # required
|
411
|
+
# })
|
412
|
+
#
|
413
|
+
# @example Response structure
|
414
|
+
#
|
415
|
+
# resp.next_token #=> String
|
416
|
+
# resp.role_list #=> Array
|
417
|
+
# resp.role_list[0].role_name #=> String
|
418
|
+
# resp.role_list[0].account_id #=> String
|
419
|
+
#
|
420
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles AWS API Documentation
|
421
|
+
#
|
422
|
+
# @overload list_account_roles(params = {})
|
423
|
+
# @param [Hash] params ({})
|
424
|
+
def list_account_roles(params = {}, options = {})
|
425
|
+
req = build_request(:list_account_roles, params)
|
426
|
+
req.send_request(options)
|
427
|
+
end
|
428
|
+
|
429
|
+
# Lists all AWS accounts assigned to the user. These AWS accounts are
|
430
|
+
# assigned by the administrator of the account. For more information,
|
431
|
+
# see [Assign User Access][1] in the *AWS SSO User Guide*. This
|
432
|
+
# operation returns a paginated response.
|
433
|
+
#
|
434
|
+
#
|
435
|
+
#
|
436
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers
|
437
|
+
#
|
438
|
+
# @option params [String] :next_token
|
439
|
+
# (Optional) When requesting subsequent pages, this is the page token
|
440
|
+
# from the previous response output.
|
441
|
+
#
|
442
|
+
# @option params [Integer] :max_results
|
443
|
+
# This is the number of items clients can request per page.
|
444
|
+
#
|
445
|
+
# @option params [required, String] :access_token
|
446
|
+
# The token issued by the `CreateToken` API call. For more information,
|
447
|
+
# see [CreateToken][1] in the *AWS SSO OIDC API Reference Guide*.
|
448
|
+
#
|
449
|
+
#
|
450
|
+
#
|
451
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
|
452
|
+
#
|
453
|
+
# @return [Types::ListAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
454
|
+
#
|
455
|
+
# * {Types::ListAccountsResponse#next_token #next_token} => String
|
456
|
+
# * {Types::ListAccountsResponse#account_list #account_list} => Array<Types::AccountInfo>
|
457
|
+
#
|
458
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
459
|
+
#
|
460
|
+
# @example Request syntax with placeholder values
|
461
|
+
#
|
462
|
+
# resp = client.list_accounts({
|
463
|
+
# next_token: "NextTokenType",
|
464
|
+
# max_results: 1,
|
465
|
+
# access_token: "AccessTokenType", # required
|
466
|
+
# })
|
467
|
+
#
|
468
|
+
# @example Response structure
|
469
|
+
#
|
470
|
+
# resp.next_token #=> String
|
471
|
+
# resp.account_list #=> Array
|
472
|
+
# resp.account_list[0].account_id #=> String
|
473
|
+
# resp.account_list[0].account_name #=> String
|
474
|
+
# resp.account_list[0].email_address #=> String
|
475
|
+
#
|
476
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts AWS API Documentation
|
477
|
+
#
|
478
|
+
# @overload list_accounts(params = {})
|
479
|
+
# @param [Hash] params ({})
|
480
|
+
def list_accounts(params = {}, options = {})
|
481
|
+
req = build_request(:list_accounts, params)
|
482
|
+
req.send_request(options)
|
483
|
+
end
|
484
|
+
|
485
|
+
# Removes the client- and server-side session that is associated with
|
486
|
+
# the user.
|
487
|
+
#
|
488
|
+
# @option params [required, String] :access_token
|
489
|
+
# The token issued by the `CreateToken` API call. For more information,
|
490
|
+
# see [CreateToken][1] in the *AWS SSO OIDC API Reference Guide*.
|
491
|
+
#
|
492
|
+
#
|
493
|
+
#
|
494
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
|
495
|
+
#
|
496
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
497
|
+
#
|
498
|
+
# @example Request syntax with placeholder values
|
499
|
+
#
|
500
|
+
# resp = client.logout({
|
501
|
+
# access_token: "AccessTokenType", # required
|
502
|
+
# })
|
503
|
+
#
|
504
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout AWS API Documentation
|
505
|
+
#
|
506
|
+
# @overload logout(params = {})
|
507
|
+
# @param [Hash] params ({})
|
508
|
+
def logout(params = {}, options = {})
|
509
|
+
req = build_request(:logout, params)
|
510
|
+
req.send_request(options)
|
511
|
+
end
|
512
|
+
|
513
|
+
# @!endgroup
|
514
|
+
|
515
|
+
# @param params ({})
|
516
|
+
# @api private
|
517
|
+
def build_request(operation_name, params = {})
|
518
|
+
handlers = @handlers.for(operation_name)
|
519
|
+
context = Seahorse::Client::RequestContext.new(
|
520
|
+
operation_name: operation_name,
|
521
|
+
operation: config.api.operation(operation_name),
|
522
|
+
client: self,
|
523
|
+
params: params,
|
524
|
+
config: config)
|
525
|
+
context[:gem_name] = 'aws-sdk-core'
|
526
|
+
context[:gem_version] = '3.105.0'
|
527
|
+
Seahorse::Client::Request.new(handlers, context)
|
528
|
+
end
|
529
|
+
|
530
|
+
# @api private
|
531
|
+
# @deprecated
|
532
|
+
def waiter_names
|
533
|
+
[]
|
534
|
+
end
|
535
|
+
|
536
|
+
class << self
|
537
|
+
|
538
|
+
# @api private
|
539
|
+
attr_reader :identifier
|
540
|
+
|
541
|
+
# @api private
|
542
|
+
def errors_module
|
543
|
+
Errors
|
544
|
+
end
|
545
|
+
|
546
|
+
end
|
547
|
+
end
|
548
|
+
end
|