aws-sdk-core 3.128.1 → 3.129.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 53aab290e862816944f62b219f9f5ed4695a3eaf875e80c734e4903e6fd7c667
-  data.tar.gz: 87ccab0dd866022fd07c8b142649b3ffbe63a62823b8730753552f07b470aa72
+  metadata.gz: ed3d2d582fb74767dc5f0d2211e65c95f0c6513ea3b251ac91fe9e4911ca10cb
+  data.tar.gz: c8b4261e45c2ec02e5c38ccc3f37cf7cce3de1ad47f5fe6a31b8e6cfe773d5f4
 SHA512:
-  metadata.gz: e38def3a74f0b22945249d2780e6f11a5b358189dcdcfab4f3e089054cf90accbdedf1f5987023524edba94e63dbabf4c601a9b49c577994935925cce95335e6
-  data.tar.gz: 62287dbd4a357de5216564b351938a1e266d0559f87746c288d36ade8715e01678040d47f24c680e1e9009997133201fb0af74e047b20fbf207fe054417cf6e8
+  metadata.gz: da350fda9592e059be2b4fd2d355e580f8e2cfa7c638bdf2524564073441b96543d0e00444a69209e6950a902ba98828aceee1740ccbb7a58d755638883fdc27
+  data.tar.gz: 4ec8d06a538e401bd9864564daa04cbad71c546872fe98b4b43c5796f69f00fa492f5be203f456e5db13231b7dfe3a2df26661cafc0a0d787c545cfcfccc7792

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+3.129.0 (2022-03-08)
+------------------
+
+* Feature - Add support for cases when `InstanceProfileCredentials` (IMDS) is unable to refresh credentials.
+
 3.128.1 (2022-03-07)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.128.1
+3.129.0

data/lib/aws-sdk-core/instance_profile_credentials.rb

@@ -78,6 +78,7 @@ module Aws
       @backoff = backoff(options[:backoff])
       @token_ttl = options[:token_ttl] || 21_600
       @token = nil
+      @no_refresh_until = nil
       super
     end
 
@@ -125,18 +126,48 @@ module Aws
     end
 
     def refresh
+      if @no_refresh_until && @no_refresh_until > Time.now
+        warn_expired_credentials
+        return
+      end
+
       # Retry loading credentials up to 3 times is the instance metadata
       # service is responding but is returning invalid JSON documents
       # in response to the GET profile credentials call.
       begin
         retry_errors([Aws::Json::ParseError, StandardError], max_retries: 3) do
           c = Aws::Json.load(get_credentials.to_s)
-          @credentials = Credentials.new(
-            c['AccessKeyId'],
-            c['SecretAccessKey'],
-            c['Token']
-          )
-          @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
+          if empty_credentials?(@credentials)
+            @credentials = Credentials.new(
+              c['AccessKeyId'],
+              c['SecretAccessKey'],
+              c['Token']
+            )
+            @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
+            if @expiration && @expiration < Time.now
+              @no_refresh_until = Time.now + refresh_offset
+              warn_expired_credentials
+            end
+          else
+            #  credentials are already set, update them only if the new ones are not empty
+            if !c['AccessKeyId'] || c['AccessKeyId'].empty?
+              # error getting new credentials
+              @no_refresh_until = Time.now + refresh_offset
+              warn_expired_credentials
+            else
+              @credentials = Credentials.new(
+                c['AccessKeyId'],
+                c['SecretAccessKey'],
+                c['Token']
+              )
+              @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
+              if @expiration && @expiration < Time.now
+                @no_refresh_until = Time.now + refresh_offset
+                warn_expired_credentials
+              end
+            end
+          end
+
         end
       rescue Aws::Json::ParseError
         raise Aws::Errors::MetadataParserError
@@ -260,6 +291,21 @@ module Aws
       end
     end
 
+    def warn_expired_credentials
+      warn("Attempting credential expiration extension due to a credential "\
+        "service availability issue. A refresh of these credentials "\
+        "will be attempted again in 5 minutes.")
+    end
+
+    def empty_credentials?(creds)
+      !creds || !creds.access_key_id || creds.access_key_id.empty?
+    end
+
+    # Compute an offset for refresh with jitter
+    def refresh_offset
+      300 + rand(0..60)
+    end
+
     # @api private
     # Token used to fetch IMDS profile and credentials
     class Token

data/lib/aws-sdk-sso/client.rb

@@ -545,7 +545,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.128.1'
+      context[:gem_version] = '3.129.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso.rb

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
 
-  GEM_VERSION = '3.128.1'
+  GEM_VERSION = '3.129.0'
 
 end

data/lib/aws-sdk-sts/client.rb

@@ -2290,7 +2290,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.128.1'
+      context[:gem_version] = '3.129.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts.rb

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @!group service
 module Aws::STS
 
-  GEM_VERSION = '3.128.1'
+  GEM_VERSION = '3.129.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.128.1
+  version: 3.129.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-03-07 00:00:00.000000000 Z
+date: 2022-03-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath