aws-sdk-core 3.129.1 → 3.130.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/assume_role_credentials.rb +1 -0
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +2 -1
- data/lib/aws-sdk-core/ecs_credentials.rb +1 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +1 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +1 -0
- data/lib/aws-sdk-core/process_credentials.rb +3 -2
- data/lib/aws-sdk-core/refreshing_credentials.rb +29 -11
- data/lib/aws-sdk-core/sso_credentials.rb +1 -0
- data/lib/aws-sdk-sso/client.rb +1 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +1 -1
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d7804cbac83996a95b2cacbd808389798eb0b461229a9e8e2a966cd28d599aa6
|
|
4
|
+
data.tar.gz: ce3557bcbd4d6a5edaa1bc99fbd7e75f9b2e23eb6fadb8be06a69b91e2e8a4a7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d1d0b4ec0b478389290d84409869ed012e4a2ce6408d3dc5c46c618771cc970d9086eb4686dd64b740ebd5eeafe7cc0e8b6fa63d3f89202e8f2841d9a203bdbb
|
|
7
|
+
data.tar.gz: f4c41ffb85d712bcaf8701aa61a886837517df23e14a53c2b9201d86bfcc1fd41b5b8badded9f91aeb0ee77553c9e2af80b4c82d1e249486b5630afc1582939c
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
3.130.0 (2022-03-11)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - Asynchronously refresh AWS credentials (#2641).
|
|
8
|
+
|
|
9
|
+
* Issue - Add x-amz-region-set to list of headers deleted for re-sign.
|
|
10
|
+
|
|
4
11
|
3.129.1 (2022-03-10)
|
|
5
12
|
------------------
|
|
6
13
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.130.0
|
|
@@ -17,7 +17,7 @@ module Aws
|
|
|
17
17
|
# ...
|
|
18
18
|
# )
|
|
19
19
|
# For full list of parameters accepted
|
|
20
|
-
# @see Aws::STS::Client#assume_role_with_web_identity
|
|
20
|
+
# @see Aws::STS::Client#assume_role_with_web_identity
|
|
21
21
|
#
|
|
22
22
|
#
|
|
23
23
|
# If you omit `:client` option, a new {STS::Client} object will be
|
|
@@ -48,6 +48,7 @@ module Aws
|
|
|
48
48
|
client_opts = {}
|
|
49
49
|
@assume_role_web_identity_params = {}
|
|
50
50
|
@token_file = options.delete(:web_identity_token_file)
|
|
51
|
+
@async_refresh = true
|
|
51
52
|
options.each_pair do |key, value|
|
|
52
53
|
if self.class.assume_role_web_identity_options.include?(key)
|
|
53
54
|
@assume_role_web_identity_params[key] = value
|
|
@@ -98,6 +98,7 @@ module Aws
|
|
|
98
98
|
req.headers.delete('Authorization')
|
|
99
99
|
req.headers.delete('X-Amz-Security-Token')
|
|
100
100
|
req.headers.delete('X-Amz-Date')
|
|
101
|
+
req.headers.delete('x-Amz-Region-Set')
|
|
101
102
|
|
|
102
103
|
if context.config.respond_to?(:clock_skew) &&
|
|
103
104
|
context.config.clock_skew &&
|
|
@@ -27,6 +27,7 @@ module Aws
|
|
|
27
27
|
def initialize(process)
|
|
28
28
|
@process = process
|
|
29
29
|
@credentials = credentials_from_process(@process)
|
|
30
|
+
@async_refresh = false
|
|
30
31
|
|
|
31
32
|
super
|
|
32
33
|
end
|
|
@@ -73,9 +74,9 @@ module Aws
|
|
|
73
74
|
@credentials = credentials_from_process(@process)
|
|
74
75
|
end
|
|
75
76
|
|
|
76
|
-
def near_expiration?
|
|
77
|
+
def near_expiration?(expiration_length)
|
|
77
78
|
# are we within 5 minutes of expiration?
|
|
78
|
-
@expiration && (Time.now.to_i +
|
|
79
|
+
@expiration && (Time.now.to_i + expiration_length) > @expiration.to_i
|
|
79
80
|
end
|
|
80
81
|
end
|
|
81
82
|
end
|
|
@@ -17,6 +17,9 @@ module Aws
|
|
|
17
17
|
# @api private
|
|
18
18
|
module RefreshingCredentials
|
|
19
19
|
|
|
20
|
+
SYNC_EXPIRATION_LENGTH = 300 # 5 minutes
|
|
21
|
+
ASYNC_EXPIRATION_LENGTH = 600 # 10 minutes
|
|
22
|
+
|
|
20
23
|
def initialize(options = {})
|
|
21
24
|
@mutex = Mutex.new
|
|
22
25
|
@before_refresh = options.delete(:before_refresh) if Hash === options
|
|
@@ -27,13 +30,13 @@ module Aws
|
|
|
27
30
|
|
|
28
31
|
# @return [Credentials]
|
|
29
32
|
def credentials
|
|
30
|
-
refresh_if_near_expiration
|
|
33
|
+
refresh_if_near_expiration!
|
|
31
34
|
@credentials
|
|
32
35
|
end
|
|
33
36
|
|
|
34
37
|
# @return [Time,nil]
|
|
35
38
|
def expiration
|
|
36
|
-
refresh_if_near_expiration
|
|
39
|
+
refresh_if_near_expiration!
|
|
37
40
|
@expiration
|
|
38
41
|
end
|
|
39
42
|
|
|
@@ -49,24 +52,39 @@ module Aws
|
|
|
49
52
|
|
|
50
53
|
private
|
|
51
54
|
|
|
52
|
-
# Refreshes
|
|
53
|
-
#
|
|
54
|
-
|
|
55
|
-
|
|
55
|
+
# Refreshes credentials asynchronously and synchronously.
|
|
56
|
+
# If we are near to expiration, block while getting new credentials.
|
|
57
|
+
# Otherwise, if we're approaching expiration, use the existing credentials
|
|
58
|
+
# but attempt a refresh in the background.
|
|
59
|
+
def refresh_if_near_expiration!
|
|
60
|
+
# Note: This check is an optimization. Rather than acquire the mutex on every #refresh_if_near_expiration
|
|
61
|
+
# call, we check before doing so, and then we check within the mutex to avoid a race condition.
|
|
62
|
+
# See issue: https://github.com/aws/aws-sdk-ruby/issues/2641 for more info.
|
|
63
|
+
if near_expiration?(SYNC_EXPIRATION_LENGTH)
|
|
56
64
|
@mutex.synchronize do
|
|
57
|
-
if near_expiration?
|
|
65
|
+
if near_expiration?(SYNC_EXPIRATION_LENGTH)
|
|
58
66
|
@before_refresh.call(self) if @before_refresh
|
|
59
|
-
|
|
60
67
|
refresh
|
|
61
68
|
end
|
|
62
69
|
end
|
|
70
|
+
elsif @async_refresh && near_expiration?(ASYNC_EXPIRATION_LENGTH)
|
|
71
|
+
unless @mutex.locked?
|
|
72
|
+
Thread.new do
|
|
73
|
+
@mutex.synchronize do
|
|
74
|
+
if near_expiration?(ASYNC_EXPIRATION_LENGTH)
|
|
75
|
+
@before_refresh.call(self) if @before_refresh
|
|
76
|
+
refresh
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
end
|
|
63
81
|
end
|
|
64
82
|
end
|
|
65
83
|
|
|
66
|
-
def near_expiration?
|
|
84
|
+
def near_expiration?(expiration_length)
|
|
67
85
|
if @expiration
|
|
68
|
-
#
|
|
69
|
-
(Time.now.to_i +
|
|
86
|
+
# Are we within expiration?
|
|
87
|
+
(Time.now.to_i + expiration_length) > @expiration.to_i
|
|
70
88
|
else
|
|
71
89
|
true
|
|
72
90
|
end
|
data/lib/aws-sdk-sso/client.rb
CHANGED
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
|
@@ -2290,7 +2290,7 @@ module Aws::STS
|
|
|
2290
2290
|
params: params,
|
|
2291
2291
|
config: config)
|
|
2292
2292
|
context[:gem_name] = 'aws-sdk-core'
|
|
2293
|
-
context[:gem_version] = '3.
|
|
2293
|
+
context[:gem_version] = '3.130.0'
|
|
2294
2294
|
Seahorse::Client::Request.new(handlers, context)
|
|
2295
2295
|
end
|
|
2296
2296
|
|
data/lib/aws-sdk-sts.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.130.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-03-
|
|
11
|
+
date: 2022-03-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jmespath
|