aws-sdk-core 3.166.0 → 3.167.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a81b60918988fd7ee9366d79ced7e41bae6f7f2e55cffe4a0e5eb1cc1cd9c9c3
4
- data.tar.gz: 5facaa68ef59e079763525a392996dfdce6495e0c187a5b001df78be71648abb
3
+ metadata.gz: f1aac37b880dbc6ede841754c8d4ce29957b9e0e6a9acf2c09233f2476f7816b
4
+ data.tar.gz: e481e937efc7f63e4ab27c8674a604364c7a702855dd1f8a1e7947bafeff69ec
5
5
  SHA512:
6
- metadata.gz: b3ee6e89b330461fd71923488bbc657a4f359d2e082e7ea9d5300279234843ce20a59b2a22620f282e252dc89c8d9c3b18fcfe7206898fe8f8ed6af2ce5fff81
7
- data.tar.gz: 5ffab77f4bf826684b99ffda8dd6877be3382bcfe70816147f25fb1d13349c14c66b923dd45bf5510e81c569ce46f0f3967f478a061df802332c5b3f2a5059e9
6
+ metadata.gz: 9299bc7558feb4213b3829a0e2151f47863961f5a957c361f6079abb0fa32c60f35f3bfb4c1febeacac66640dbe5373df46c7f53c378397f954a727edeb5870b
7
+ data.tar.gz: '0018d080dff65a600be4ebf1990dde19ef27ace79ebde11b68fac65e126ee6c332c7ad8affb5b4f9db13c67bf61483688294537c62a0bfb2774d354b8d373579'
data/CHANGELOG.md CHANGED
@@ -1,6 +1,13 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 3.167.0 (2022-11-09)
5
+ ------------------
6
+
7
+ * Issue - Ensure the stream_thread is not killed before H2 connection status is updated (#2779).
8
+
9
+ * Feature - Add token refresh support to `SSOCredentialProvider`.
10
+
4
11
  3.166.0 (2022-10-26)
5
12
  ------------------
6
13
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.166.0
1
+ 3.167.0
@@ -3,9 +3,10 @@
3
3
  module Aws
4
4
  # @api private
5
5
  class SharedConfig
6
- SSO_PROFILE_KEYS = %w[sso_start_url sso_region sso_account_id sso_role_name].freeze
6
+ SSO_CREDENTIAL_PROFILE_KEYS = %w[sso_account_id sso_role_name].freeze
7
+ SSO_PROFILE_KEYS = %w[sso_session sso_start_url sso_region sso_account_id sso_role_name].freeze
7
8
  SSO_TOKEN_PROFILE_KEYS = %w[sso_session].freeze
8
- SSO_SESSION_KEYS = %w[sso_region]
9
+ SSO_SESSION_KEYS = %w[sso_region sso_start_url].freeze
9
10
 
10
11
 
11
12
  # @return [String]
@@ -331,14 +332,41 @@ module Aws
331
332
  def sso_credentials_from_profile(cfg, profile)
332
333
  if @parsed_config &&
333
334
  (prof_config = cfg[profile]) &&
334
- !(prof_config.keys & SSO_PROFILE_KEYS).empty?
335
+ !(prof_config.keys & SSO_CREDENTIAL_PROFILE_KEYS).empty?
336
+
337
+ if sso_session_name = prof_config['sso_session']
338
+ sso_session = cfg["sso-session #{sso_session_name}"]
339
+ unless sso_session
340
+ raise ArgumentError,
341
+ "sso-session #{sso_session_name} must be defined in the config file. " \
342
+ "Referenced by profile #{profile}"
343
+ end
344
+ sso_region = sso_session['sso_region']
345
+ sso_start_url = sso_session['sso_start_url']
346
+
347
+ # validate sso_region and sso_start_url don't conflict if set on profile and session
348
+ if prof_config['sso_region'] && prof_config['sso_region'] != sso_region
349
+ raise ArgumentError,
350
+ "sso-session #{sso_session_name}'s sso_region (#{sso_region}) " \
351
+ "does not match the profile #{profile}'s sso_region (#{prof_config['sso_region']}'"
352
+ end
353
+ if prof_config['sso_start_url'] && prof_config['sso_start_url'] != sso_start_url
354
+ raise ArgumentError,
355
+ "sso-session #{sso_session_name}'s sso_start_url (#{sso_start_url}) " \
356
+ "does not match the profile #{profile}'s sso_start_url (#{prof_config['sso_start_url']}'"
357
+ end
358
+ else
359
+ sso_region = prof_config['sso_region']
360
+ sso_start_url = prof_config['sso_start_url']
361
+ end
335
362
 
336
363
  SSOCredentials.new(
337
- sso_start_url: prof_config['sso_start_url'],
338
- sso_region: prof_config['sso_region'],
339
364
  sso_account_id: prof_config['sso_account_id'],
340
- sso_role_name: prof_config['sso_role_name']
341
- )
365
+ sso_role_name: prof_config['sso_role_name'],
366
+ sso_session: prof_config['sso_session'],
367
+ sso_region: sso_region,
368
+ sso_start_url: prof_config['sso_start_url']
369
+ )
342
370
  end
343
371
  end
344
372
 
@@ -353,7 +381,7 @@ module Aws
353
381
  sso_session = cfg["sso-session #{sso_session_name}"]
354
382
  unless sso_session
355
383
  raise ArgumentError,
356
- "sso-session #{sso_session_name} must be defined in the config file." /
384
+ "sso-session #{sso_session_name} must be defined in the config file." \
357
385
  "Referenced by profile #{profile}"
358
386
  end
359
387
 
@@ -3,24 +3,19 @@
3
3
  module Aws
4
4
  # An auto-refreshing credential provider that assumes a role via
5
5
  # {Aws::SSO::Client#get_role_credentials} using a cached access
6
- # token. This class does NOT implement the SSO login token flow - tokens
7
- # must generated and refreshed separately by running `aws login` from the
8
- # AWS CLI with the correct profile.
9
- #
10
- # The `SSOCredentials` will auto-refresh the AWS credentials from SSO. In
11
- # addition to AWS credentials expiring after a given amount of time, the
12
- # access token generated and cached from `aws login` will also expire.
13
- # Once this token expires, it will not be usable to refresh AWS credentials,
14
- # and another token will be needed. The SDK does not manage refreshing of
15
- # the token value, but this can be done by running `aws login` with the
16
- # correct profile.
6
+ # token. When `sso_session` is specified, token refresh logic from
7
+ # {Aws::SSOTokenProvider} will be used to refresh the token if possible.
8
+ # This class does NOT implement the SSO login token flow - tokens
9
+ # must generated separately by running `aws login` from the
10
+ # AWS CLI with the correct profile. The `SSOCredentials` will
11
+ # auto-refresh the AWS credentials from SSO.
17
12
  #
18
13
  # # You must first run aws sso login --profile your-sso-profile
19
14
  # sso_credentials = Aws::SSOCredentials.new(
20
15
  # sso_account_id: '123456789',
21
16
  # sso_role_name: "role_name",
22
17
  # sso_region: "us-east-1",
23
- # sso_start_url: 'https://your-start-url.awsapps.com/start'
18
+ # sso_session: 'my_sso_session'
24
19
  # )
25
20
  # ec2 = Aws::EC2::Client.new(credentials: sso_credentials)
26
21
  #
@@ -35,7 +30,8 @@ module Aws
35
30
  include RefreshingCredentials
36
31
 
37
32
  # @api private
38
- SSO_REQUIRED_OPTS = [:sso_account_id, :sso_region, :sso_role_name, :sso_start_url].freeze
33
+ LEGACY_REQUIRED_OPTS = [:sso_start_url, :sso_account_id, :sso_region, :sso_role_name].freeze
34
+ TOKEN_PROVIDER_REQUIRED_OPTS = [:sso_session, :sso_account_id, :sso_region, :sso_role_name].freeze
39
35
 
40
36
  # @api private
41
37
  SSO_LOGIN_GUIDANCE = 'The SSO session associated with this profile has '\
@@ -45,17 +41,23 @@ module Aws
45
41
  # @option options [required, String] :sso_account_id The AWS account ID
46
42
  # that temporary AWS credentials will be resolved for
47
43
  #
48
- # @option options [required, String] :sso_region The AWS region where the
49
- # SSO directory for the given sso_start_url is hosted.
50
- #
51
44
  # @option options [required, String] :sso_role_name The corresponding
52
45
  # IAM role in the AWS account that temporary AWS credentials
53
46
  # will be resolved for.
54
47
  #
55
- # @option options [required, String] :sso_start_url The start URL is
56
- # provided by the SSO service via the console and is the URL used to
48
+ # @option options [required, String] :sso_region The AWS region where the
49
+ # SSO directory for the given sso_start_url is hosted.
50
+ #
51
+ # @option options [String] :sso_session The SSO Token used for fetching
52
+ # the token. If provided, refresh logic from the {Aws::SSOTokenProvider}
53
+ # will be used.
54
+ #
55
+ # @option options [String] :sso_start_url (legacy profiles) If provided,
56
+ # legacy token fetch behavior will be used, which does not support
57
+ # token refreshing. The start URL is provided by the SSO
58
+ # service via the console and is the URL used to
57
59
  # login to the SSO directory. This is also sometimes referred to as
58
- # the "User Portal URL"
60
+ # the "User Portal URL".
59
61
  #
60
62
  # @option options [SSO::Client] :client Optional `SSO::Client`. If not
61
63
  # provided, a client will be constructed.
@@ -65,27 +67,52 @@ module Aws
65
67
  # with an instance of this object when
66
68
  # AWS credentials are required and need to be refreshed.
67
69
  def initialize(options = {})
68
-
69
- missing_keys = SSO_REQUIRED_OPTS.select { |k| options[k].nil? }
70
- unless missing_keys.empty?
71
- raise ArgumentError, "Missing required keys: #{missing_keys}"
70
+ options = options.select {|k, v| !v.nil? }
71
+ if (options[:sso_session])
72
+ missing_keys = TOKEN_PROVIDER_REQUIRED_OPTS.select { |k| options[k].nil? }
73
+ unless missing_keys.empty?
74
+ raise ArgumentError, "Missing required keys: #{missing_keys}"
75
+ end
76
+ @legacy = false
77
+ @sso_role_name = options.delete(:sso_role_name)
78
+ @sso_account_id = options.delete(:sso_account_id)
79
+
80
+ # if client has been passed, don't pass through to SSOTokenProvider
81
+ @client = options.delete(:client)
82
+ options.delete(:sso_start_url)
83
+ @token_provider = Aws::SSOTokenProvider.new(options.dup)
84
+ @sso_session = options.delete(:sso_session)
85
+ @sso_region = options.delete(:sso_region)
86
+
87
+ unless @client
88
+ client_opts = {}
89
+ options.each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) }
90
+ client_opts[:region] = @sso_region
91
+ client_opts[:credentials] = nil
92
+ @client = Aws::SSO::Client.new(client_opts)
93
+ end
94
+ else # legacy behavior
95
+ missing_keys = LEGACY_REQUIRED_OPTS.select { |k| options[k].nil? }
96
+ unless missing_keys.empty?
97
+ raise ArgumentError, "Missing required keys: #{missing_keys}"
98
+ end
99
+ @legacy = true
100
+ @sso_start_url = options.delete(:sso_start_url)
101
+ @sso_region = options.delete(:sso_region)
102
+ @sso_role_name = options.delete(:sso_role_name)
103
+ @sso_account_id = options.delete(:sso_account_id)
104
+
105
+ # validate we can read the token file
106
+ read_cached_token
107
+
108
+ client_opts = {}
109
+ options.each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) }
110
+ client_opts[:region] = @sso_region
111
+ client_opts[:credentials] = nil
112
+
113
+ @client = options[:client] || Aws::SSO::Client.new(client_opts)
72
114
  end
73
115
 
74
- @sso_start_url = options.delete(:sso_start_url)
75
- @sso_region = options.delete(:sso_region)
76
- @sso_role_name = options.delete(:sso_role_name)
77
- @sso_account_id = options.delete(:sso_account_id)
78
-
79
- # validate we can read the token file
80
- read_cached_token
81
-
82
-
83
- client_opts = {}
84
- options.each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) }
85
- client_opts[:region] = @sso_region
86
- client_opts[:credentials] = nil
87
-
88
- @client = options[:client] || Aws::SSO::Client.new(client_opts)
89
116
  @async_refresh = true
90
117
  super
91
118
  end
@@ -111,12 +138,20 @@ module Aws
111
138
  end
112
139
 
113
140
  def refresh
114
- cached_token = read_cached_token
115
- c = @client.get_role_credentials(
116
- account_id: @sso_account_id,
117
- role_name: @sso_role_name,
118
- access_token: cached_token['accessToken']
119
- ).role_credentials
141
+ c = if @legacy
142
+ cached_token = read_cached_token
143
+ @client.get_role_credentials(
144
+ account_id: @sso_account_id,
145
+ role_name: @sso_role_name,
146
+ access_token: cached_token['accessToken']
147
+ ).role_credentials
148
+ else
149
+ @client.get_role_credentials(
150
+ account_id: @sso_account_id,
151
+ role_name: @sso_role_name,
152
+ access_token: @token_provider.token.token
153
+ ).role_credentials
154
+ end
120
155
 
121
156
  @credentials = Credentials.new(
122
157
  c.access_key_id,
@@ -44,7 +44,7 @@ module Aws
44
44
  super
45
45
  end
46
46
 
47
- # @return [SSO::Client]
47
+ # @return [SSOOIDC::Client]
48
48
  attr_reader :client
49
49
 
50
50
  private
@@ -66,7 +66,7 @@ module Aws
66
66
  resp = @client.create_token(
67
67
  grant_type: 'refresh_token',
68
68
  client_id: token_json['clientId'],
69
- client_secret: token_json['client_secret'],
69
+ client_secret: token_json['clientSecret'],
70
70
  refresh_token: token_json['refreshToken']
71
71
  )
72
72
  token_json['accessToken'] = resp.access_token
@@ -585,7 +585,7 @@ module Aws::SSO
585
585
  params: params,
586
586
  config: config)
587
587
  context[:gem_name] = 'aws-sdk-core'
588
- context[:gem_version] = '3.166.0'
588
+ context[:gem_version] = '3.167.0'
589
589
  Seahorse::Client::Request.new(handlers, context)
590
590
  end
591
591
 
data/lib/aws-sdk-sso.rb CHANGED
@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sso/customizations'
54
54
  # @!group service
55
55
  module Aws::SSO
56
56
 
57
- GEM_VERSION = '3.166.0'
57
+ GEM_VERSION = '3.167.0'
58
58
 
59
59
  end
@@ -581,7 +581,7 @@ module Aws::SSOOIDC
581
581
  params: params,
582
582
  config: config)
583
583
  context[:gem_name] = 'aws-sdk-core'
584
- context[:gem_version] = '3.166.0'
584
+ context[:gem_version] = '3.167.0'
585
585
  Seahorse::Client::Request.new(handlers, context)
586
586
  end
587
587
 
@@ -54,6 +54,6 @@ require_relative 'aws-sdk-ssooidc/customizations'
54
54
  # @!group service
55
55
  module Aws::SSOOIDC
56
56
 
57
- GEM_VERSION = '3.166.0'
57
+ GEM_VERSION = '3.167.0'
58
58
 
59
59
  end
@@ -2316,7 +2316,7 @@ module Aws::STS
2316
2316
  params: params,
2317
2317
  config: config)
2318
2318
  context[:gem_name] = 'aws-sdk-core'
2319
- context[:gem_version] = '3.166.0'
2319
+ context[:gem_version] = '3.167.0'
2320
2320
  Seahorse::Client::Request.new(handlers, context)
2321
2321
  end
2322
2322
 
data/lib/aws-sdk-sts.rb CHANGED
@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sts/customizations'
54
54
  # @!group service
55
55
  module Aws::STS
56
56
 
57
- GEM_VERSION = '3.166.0'
57
+ GEM_VERSION = '3.167.0'
58
58
 
59
59
  end
@@ -104,7 +104,7 @@ module Seahorse
104
104
  @mutex.synchronize {
105
105
  return if @socket_thread
106
106
  @socket_thread = Thread.new do
107
- while !@socket.closed?
107
+ while @socket && !@socket.closed?
108
108
  begin
109
109
  data = @socket.read_nonblock(@chunk_size)
110
110
  @h2_client << data
@@ -130,6 +130,7 @@ module Seahorse
130
130
  self.close!
131
131
  end
132
132
  end
133
+ @socket_thread = nil
133
134
  end
134
135
  @socket_thread.abort_on_exception = true
135
136
  }
@@ -142,10 +143,6 @@ module Seahorse
142
143
  @socket.close
143
144
  @socket = nil
144
145
  end
145
- if @socket_thread
146
- Thread.kill(@socket_thread)
147
- @socket_thread = nil
148
- end
149
146
  @status = :closed
150
147
  }
151
148
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.166.0
4
+ version: 3.167.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-10-26 00:00:00.000000000 Z
11
+ date: 2022-11-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jmespath