aws-sdk-core 3.23.0 → 3.24.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/aws-sdk-core.rb +1 -0
- data/lib/aws-sdk-core/credential_provider_chain.rb +15 -0
- data/lib/aws-sdk-core/errors.rb +4 -0
- data/lib/aws-sdk-core/process_credentials.rb +74 -0
- data/lib/aws-sdk-core/shared_config.rb +5 -0
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: aad412b598b70e2373c73086f4ed949ac84152fb
|
|
4
|
+
data.tar.gz: cfebe3b9d5e15b9b7d323059f80816d992eb6d0a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e7591377e89f307f65a8261632906c36f755275449c861a447f24d72b47f3f2abf4d33d4e6b9ed114ca47d5a7a0108649070ec5da57a69483dbdb1475ecdf4f2
|
|
7
|
+
data.tar.gz: 595e31b23d517448b5d3cf1d82b4b42c5c47618a564a38d0432d5320b9c7bfe4d39c79ebd838b295bc9e7622dd06fc1a1d49fd0294576204a3b79723100e7932
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.24.0
|
data/lib/aws-sdk-core.rb
CHANGED
|
@@ -14,6 +14,7 @@ require_relative 'aws-sdk-core/credential_provider_chain'
|
|
|
14
14
|
require_relative 'aws-sdk-core/ecs_credentials'
|
|
15
15
|
require_relative 'aws-sdk-core/instance_profile_credentials'
|
|
16
16
|
require_relative 'aws-sdk-core/shared_credentials'
|
|
17
|
+
require_relative 'aws-sdk-core/process_credentials'
|
|
17
18
|
|
|
18
19
|
# client modules
|
|
19
20
|
|
|
@@ -23,6 +23,7 @@ module Aws
|
|
|
23
23
|
[:env_credentials, {}],
|
|
24
24
|
[:assume_role_credentials, {}],
|
|
25
25
|
[:shared_credentials, {}],
|
|
26
|
+
[:process_credentials, {}],
|
|
26
27
|
[:instance_profile_credentials, {
|
|
27
28
|
retries: @config ? @config.instance_profile_credentials_retries : 0,
|
|
28
29
|
http_open_timeout: @config ? @config.instance_profile_credentials_timeout : 1,
|
|
@@ -69,6 +70,20 @@ module Aws
|
|
|
69
70
|
nil
|
|
70
71
|
end
|
|
71
72
|
|
|
73
|
+
def process_credentials(options)
|
|
74
|
+
profile_name = options[:config].profile if options[:config]
|
|
75
|
+
profile_name ||= ENV['AWS_PROFILE'].nil? ? 'default' : ENV['AWS_PROFILE']
|
|
76
|
+
|
|
77
|
+
config = Aws.shared_config
|
|
78
|
+
if config.config_enabled? && process_provider = config.credentials_process(profile_name)
|
|
79
|
+
ProcessCredentials.new(process_provider)
|
|
80
|
+
else
|
|
81
|
+
nil
|
|
82
|
+
end
|
|
83
|
+
rescue Errors::NoSuchProfileError
|
|
84
|
+
nil
|
|
85
|
+
end
|
|
86
|
+
|
|
72
87
|
def assume_role_credentials(options)
|
|
73
88
|
if Aws.shared_config.config_enabled?
|
|
74
89
|
profile, region = nil, nil
|
data/lib/aws-sdk-core/errors.rb
CHANGED
|
@@ -102,6 +102,10 @@ module Aws
|
|
|
102
102
|
end
|
|
103
103
|
end
|
|
104
104
|
|
|
105
|
+
# Raised when a credentials provider process returns a JSON
|
|
106
|
+
# payload with either invalid version number or malformed contents
|
|
107
|
+
class InvalidProcessCredentialsPayload < RuntimeError; end
|
|
108
|
+
|
|
105
109
|
# Raised when a client is constructed and region is not specified.
|
|
106
110
|
class MissingRegionError < ArgumentError
|
|
107
111
|
def initialize(*args)
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
require 'open3'
|
|
2
|
+
|
|
3
|
+
module Aws
|
|
4
|
+
|
|
5
|
+
# A credential provider that executes a given process and attempts
|
|
6
|
+
# to read its stdout to recieve a JSON payload containing the credentials
|
|
7
|
+
#
|
|
8
|
+
# Automatically handles refreshing credentials if an Expiration time is
|
|
9
|
+
# provided in the credentials payload
|
|
10
|
+
#
|
|
11
|
+
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc').credentials
|
|
12
|
+
#
|
|
13
|
+
# ec2 = Aws::EC2::Client.new(credentials: credentials)
|
|
14
|
+
#
|
|
15
|
+
# More documentation on process based credentials can be found here:
|
|
16
|
+
# https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes
|
|
17
|
+
class ProcessCredentials
|
|
18
|
+
|
|
19
|
+
include CredentialProvider
|
|
20
|
+
include RefreshingCredentials
|
|
21
|
+
|
|
22
|
+
# Creates a new ProcessCredentials object, which allows an
|
|
23
|
+
# external process to be used as a credential provider.
|
|
24
|
+
#
|
|
25
|
+
# @param [String] process Invocation string for process
|
|
26
|
+
# credentials provider.
|
|
27
|
+
def initialize(process)
|
|
28
|
+
@process = process
|
|
29
|
+
@credentials = credentials_from_process(@process)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
private
|
|
33
|
+
def credentials_from_process(proc_invocation)
|
|
34
|
+
begin
|
|
35
|
+
raw_out, process_status = Open3.capture2(proc_invocation)
|
|
36
|
+
rescue Errno::ENOENT
|
|
37
|
+
raise Errors::InvalidProcessCredentialsPayload.new("Could not find process #{proc_invocation}")
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
if process_status.success?
|
|
41
|
+
creds_json = JSON.parse(raw_out)
|
|
42
|
+
payload_version = creds_json['Version']
|
|
43
|
+
if payload_version == 1
|
|
44
|
+
_parse_payload_format_v1(creds_json)
|
|
45
|
+
else
|
|
46
|
+
raise Errors::InvalidProcessCredentialsPayload.new("Invalid version #{payload_version} for credentials payload")
|
|
47
|
+
end
|
|
48
|
+
else
|
|
49
|
+
raise Errors::InvalidProcessCredentialsPayload.new('credential_process provider failure, the credential process had non zero exit status and failed to provide credentials')
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def _parse_payload_format_v1(creds_json)
|
|
54
|
+
creds = Credentials.new(
|
|
55
|
+
creds_json['AccessKeyId'],
|
|
56
|
+
creds_json['SecretAccessKey'],
|
|
57
|
+
creds_json['SessionToken']
|
|
58
|
+
)
|
|
59
|
+
|
|
60
|
+
@expiration = creds_json['Expiration'] ? Time.iso8601(creds_json['Expiration']) : nil
|
|
61
|
+
return creds if creds.set?
|
|
62
|
+
raise Errors::InvalidProcessCredentialsPayload.new("Invalid payload for JSON credentials version 1")
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def refresh
|
|
66
|
+
@credentials = credentials_from_process(@process)
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def near_expiration?
|
|
70
|
+
# are we within 5 minutes of expiration?
|
|
71
|
+
@expiration && (Time.now.to_i + 5 * 60) > @expiration.to_i
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
@@ -135,6 +135,11 @@ module Aws
|
|
|
135
135
|
end
|
|
136
136
|
end
|
|
137
137
|
|
|
138
|
+
def credentials_process(profile)
|
|
139
|
+
validate_profile_exists(profile)
|
|
140
|
+
@parsed_config[profile]['credential_process']
|
|
141
|
+
end
|
|
142
|
+
|
|
138
143
|
private
|
|
139
144
|
def credentials_present?
|
|
140
145
|
(@parsed_credentials && !@parsed_credentials.empty?) ||
|
data/lib/aws-sdk-sts.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.24.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-08-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jmespath
|
|
@@ -133,6 +133,7 @@ files:
|
|
|
133
133
|
- lib/aws-sdk-core/plugins/signature_v4.rb
|
|
134
134
|
- lib/aws-sdk-core/plugins/stub_responses.rb
|
|
135
135
|
- lib/aws-sdk-core/plugins/user_agent.rb
|
|
136
|
+
- lib/aws-sdk-core/process_credentials.rb
|
|
136
137
|
- lib/aws-sdk-core/query.rb
|
|
137
138
|
- lib/aws-sdk-core/query/ec2_param_builder.rb
|
|
138
139
|
- lib/aws-sdk-core/query/handler.rb
|