aws-sdk-core 3.11.0 → 3.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c824a5bc98f14b37660ff57fb2572657be420e34
-  data.tar.gz: 08bb3307bed0bc4badbe3851997da2c00eeb0729
+  metadata.gz: d21e2fa4df210cb1859bc936f7d7ee12d8d1d9e9
+  data.tar.gz: 59a105fc96518c7687e4ec3078c77314da2512c9
 SHA512:
-  metadata.gz: 5ed7f36c913474c7e9a6e2ceeabca40847283382b11474e1474a1ac6c6cea7c7d0c1fd0b98c0ea6aa4f45f8795a7dfdbf580114f291be00e8652b16c60d27edd
-  data.tar.gz: 8aacd21ea03e66638bfeda0a9577f97c5c2655e7c9469c5ad5c32c3218d8538500da939f677e76b4313c88c202a7335b3253bb72cf8ec8f53738b26ebad6dd79
+  metadata.gz: e43b65a43fe6a15b943d77e352af0bb185915b57b9268691747e972fca4f7aa8603bf72ba1a196fe6b6db2fc861e9a4c01985a6c96cd49d1971e8e19853460d8
+  data.tar.gz: c9786f52116c3c4f0b2c41a16945aaf7cf44e7a441066959235c326c72d129fcd819131506ecd1c4aacd34169760a75b3e922065efadd785bdaef4aae2df15a1

data/VERSION

@@ -1 +1 @@
-3.11.0
+3.12.0

data/lib/aws-sdk-core/credential_provider_chain.rb

@@ -94,7 +94,8 @@ module Aws
     def assume_role_with_profile(prof, region)
       Aws.shared_config.assume_role_credentials_from_config(
         profile: prof,
-        region: region
+        region: region,
+        chain_config: @config
       )
     end
 

data/lib/aws-sdk-core/errors.rb

@@ -46,6 +46,18 @@ module Aws
     # expected, and there is no source profile specified.
     class NoSourceProfileError < RuntimeError; end
 
+    # Raised when a client is constructed with Assume Role credentials using
+    # a credential_source, and that source type is unsupported.
+    class InvalidCredentialSourceError < RuntimeError; end
+
+    # Raised when a client is constructed with Assume Role credentials, but
+    # the profile has both source_profile and credential_source.
+    class CredentialSourceConflictError < RuntimeError; end
+
+    # Raised when a client is constructed with Assume Role credentials using
+    # a credential_source, and that source doesn't provide credentials.
+    class NoSourceCredentialsError < RuntimeError; end
+
     # Raised when a client is constructed and credentials are not
     # set, or the set credentials are empty.
     class MissingCredentialsError < RuntimeError

data/lib/aws-sdk-core/plugins/api_key.rb

@@ -20,9 +20,6 @@ When provided, `x-api-key` header will be injected with the value provided.
       # @api private
       class OptionHandler < Seahorse::Client::Handler
         def call(context)
-          # apply APIG user-agent by default
-          context.config.user_agent_suffix ||= 'aws-apig-ruby'
-
           if context.operation.require_apikey
             api_key = context.params.delete(:api_key)
             api_key = context.config.api_key if api_key.nil?

data/lib/aws-sdk-core/plugins/apig_user_agent.rb

@@ -0,0 +1,37 @@
+module Aws
+  module Plugins
+    # @api private
+    class APIGUserAgent < Seahorse::Client::Plugin
+
+      option(:user_agent_suffix)
+
+      # @api private
+      class Handler < Seahorse::Client::Handler
+
+        def call(context)
+          set_user_agent(context)
+          @handler.call(context)
+        end
+
+        def set_user_agent(context)
+          ua = "aws-apig-ruby/#{CORE_GEM_VERSION}"
+
+          begin
+            ua += " #{RUBY_ENGINE}/#{RUBY_VERSION}"
+          rescue
+            ua += " RUBY_ENGINE_NA/#{RUBY_VERSION}"
+          end
+
+          ua += " #{RUBY_PLATFORM}"
+          ua += " #{context.config.user_agent_suffix}" if context.config.user_agent_suffix
+
+          context.http_request.headers['User-Agent'] = ua.strip
+        end
+
+      end
+
+      handler(Handler)
+
+    end
+  end
+end

data/lib/aws-sdk-core/shared_config.rb

@@ -106,9 +106,10 @@ module Aws
     # file, if present.
     def assume_role_credentials_from_config(opts = {})
       p = opts.delete(:profile) || @profile_name
-      credentials = assume_role_from_profile(@parsed_credentials, p, opts)
+      chain_config = opts.delete(:chain_config)
+      credentials = assume_role_from_profile(@parsed_credentials, p, opts, chain_config)
       if @parsed_config
-        credentials ||= assume_role_from_profile(@parsed_config, p, opts)
+        credentials ||= assume_role_from_profile(@parsed_config, p, opts, chain_config)
       end
       credentials
     end
@@ -133,10 +134,19 @@ module Aws
       (@parsed_credentials && !@parsed_credentials.empty?) ||
         (@parsed_config && !@parsed_config.empty?)
     end
-    def assume_role_from_profile(cfg, profile, opts)
+
+    def assume_role_from_profile(cfg, profile, opts, chain_config)
       if cfg && prof_cfg = cfg[profile]
         opts[:source_profile] ||= prof_cfg["source_profile"]
-        if opts[:source_profile]
+        credential_source = opts.delete(:credential_source)
+        credential_source ||= prof_cfg["credential_source"]
+        if opts[:source_profile] && credential_source
+          raise Errors::CredentialSourceConflictError.new(
+            "Profile #{profile} has a source_profile, and "\
+              "a credential_source. For assume role credentials, must "\
+              "provide only source_profile or credential_source, not both."
+          )
+        elsif opts[:source_profile]
           opts[:credentials] = credentials(profile: opts[:source_profile])
           if opts[:credentials]
             opts[:role_session_name] ||= prof_cfg["role_session_name"]
@@ -152,6 +162,25 @@ module Aws
                 " source_profile does not have credentials."
             )
           end
+        elsif credential_source
+          opts[:credentials] = credentials_from_source(
+            credential_source,
+            chain_config
+          )
+          if opts[:credentials]
+            opts[:role_session_name] ||= prof_cfg["role_session_name"]
+            opts[:role_session_name] ||= "default_session"
+            opts[:role_arn] ||= prof_cfg["role_arn"]
+            opts[:external_id] ||= prof_cfg["external_id"]
+            opts[:serial_number] ||= prof_cfg["mfa_serial"]
+            opts.delete(:source_profile) # Cleanup
+            AssumeRoleCredentials.new(opts)
+          else
+            raise Errors::NoSourceCredentials.new(
+              "Profile #{profile} could not get source credentials from"\
+                " provider #{credential_source}"
+            )
+          end
         elsif prof_cfg["role_arn"]
           raise Errors::NoSourceProfileError.new(
             "Profile #{profile} has a role_arn, but no source_profile."
@@ -164,6 +193,23 @@ module Aws
       end
     end
 
+    def credentials_from_source(credential_source, config)
+      case credential_source
+      when "Ec2InstanceMetadata"
+        InstanceProfileCredentials.new(
+          retries: config ? config.instance_profile_credentials_retries : 0,
+          http_open_timeout: config ? config.instance_profile_credentials_timeout : 1,
+          http_read_timeout: config ? config.instance_profile_credentials_timeout : 1
+        )
+      when "EcsContainer"
+        ECSCredentials.new
+      else
+        raise Errors::InvalidCredentialSourceError.new(
+          "Unsupported credential_source: #{credential_source}"
+        )
+      end
+    end
+
     def credentials_from_shared(profile, opts)
       if @parsed_credentials && prof_config = @parsed_credentials[profile]
         credentials_from_profile(prof_config)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.11.0
+  version: 3.12.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-11-29 00:00:00.000000000 Z
+date: 2017-12-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath
@@ -91,6 +91,7 @@ files:
 - lib/aws-sdk-core/plugins/api_key.rb
 - lib/aws-sdk-core/plugins/apig_authorizer_token.rb
 - lib/aws-sdk-core/plugins/apig_credentials_configuration.rb
+- lib/aws-sdk-core/plugins/apig_user_agent.rb
 - lib/aws-sdk-core/plugins/credentials_configuration.rb
 - lib/aws-sdk-core/plugins/global_configuration.rb
 - lib/aws-sdk-core/plugins/helpful_socket_errors.rb