aws-sdk-core 3.89.1 → 3.90.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/aws-sdk-core/credential_provider_chain.rb +47 -31
- data/lib/aws-sdk-core/errors.rb +2 -2
- data/lib/aws-sdk-core/log/param_filter.rb +1 -1
- data/lib/aws-sdk-core/param_validator.rb +2 -3
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +1 -1
- data/lib/aws-sdk-core/plugins/transfer_encoding.rb +2 -4
- data/lib/aws-sdk-core/shared_config.rb +66 -201
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +1 -1
- data/lib/seahorse/client/net_http/connection_pool.rb +1 -4
- data/lib/seahorse/client/plugins/content_length.rb +2 -4
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 48e9cc30981ca093ed5e512279083c45f59f879a
|
4
|
+
data.tar.gz: 8dd4d2ca90e11bdc5df94f34091a03e6dd06bf00
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: aded2038fb2a36b8816f4f70d8342298a1dd1166272afe3c18f15cc8fd0e2f4368d6064f28f2009b401b0d9fbf9ecf827c77e87719839a538172613d422fab3d
|
7
|
+
data.tar.gz: fb9850aae375081eb31fddb3ea14df5c52d1cc73d2f86f2dd654fd1ff620f3e897bfe14e176afee48d13dfdae62d84e8fb968fa3fbe4d3b35849ee149908ed32
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.90.0
|
@@ -1,7 +1,6 @@
|
|
1
1
|
module Aws
|
2
2
|
# @api private
|
3
3
|
class CredentialProviderChain
|
4
|
-
|
5
4
|
def initialize(config = nil)
|
6
5
|
@config = config
|
7
6
|
end
|
@@ -20,16 +19,16 @@ module Aws
|
|
20
19
|
def providers
|
21
20
|
[
|
22
21
|
[:static_credentials, {}],
|
22
|
+
[:static_profile_assume_role_web_identity_credentials, {}],
|
23
|
+
[:static_profile_assume_role_credentials, {}],
|
24
|
+
[:static_profile_credentials, {}],
|
25
|
+
[:static_profile_process_credentials, {}],
|
23
26
|
[:env_credentials, {}],
|
24
27
|
[:assume_role_web_identity_credentials, {}],
|
25
28
|
[:assume_role_credentials, {}],
|
26
29
|
[:shared_credentials, {}],
|
27
30
|
[:process_credentials, {}],
|
28
|
-
[:instance_profile_credentials, {
|
29
|
-
retries: @config ? @config.instance_profile_credentials_retries : 0,
|
30
|
-
http_open_timeout: @config ? @config.instance_profile_credentials_timeout : 1,
|
31
|
-
http_read_timeout: @config ? @config.instance_profile_credentials_timeout : 1,
|
32
|
-
}],
|
31
|
+
[:instance_profile_credentials, {}]
|
33
32
|
]
|
34
33
|
end
|
35
34
|
|
@@ -38,24 +37,50 @@ module Aws
|
|
38
37
|
Credentials.new(
|
39
38
|
options[:config].access_key_id,
|
40
39
|
options[:config].secret_access_key,
|
41
|
-
options[:config].session_token
|
42
|
-
|
43
|
-
|
40
|
+
options[:config].session_token
|
41
|
+
)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
def static_profile_assume_role_web_identity_credentials(options)
|
46
|
+
if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
|
47
|
+
Aws.shared_config.assume_role_web_identity_credentials_from_config(options[:config].profile)
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
def static_profile_assume_role_credentials(options)
|
52
|
+
if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
|
53
|
+
assume_role_with_profile(options, options[:config].profile)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
def static_profile_credentials(options)
|
58
|
+
if options[:config] && options[:config].profile
|
59
|
+
SharedCredentials.new(profile_name: options[:config].profile)
|
44
60
|
end
|
61
|
+
rescue Errors::NoSuchProfileError
|
62
|
+
nil
|
63
|
+
end
|
64
|
+
|
65
|
+
def static_profile_process_credentials(options)
|
66
|
+
if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
|
67
|
+
process_provider = Aws.shared_config.credential_process(profile: options[:config].profile)
|
68
|
+
ProcessCredentials.new(process_provider) if process_provider
|
69
|
+
end
|
70
|
+
rescue Errors::NoSuchProfileError
|
71
|
+
nil
|
45
72
|
end
|
46
73
|
|
47
|
-
def env_credentials(
|
48
|
-
key = %w
|
49
|
-
secret = %w
|
50
|
-
token = %w
|
74
|
+
def env_credentials(_options)
|
75
|
+
key = %w[AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY]
|
76
|
+
secret = %w[AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY]
|
77
|
+
token = %w[AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN]
|
51
78
|
Credentials.new(envar(key), envar(secret), envar(token))
|
52
79
|
end
|
53
80
|
|
54
81
|
def envar(keys)
|
55
82
|
keys.each do |key|
|
56
|
-
if ENV.key?(key)
|
57
|
-
return ENV[key]
|
58
|
-
end
|
83
|
+
return ENV[key] if ENV.key?(key)
|
59
84
|
end
|
60
85
|
nil
|
61
86
|
end
|
@@ -72,12 +97,10 @@ module Aws
|
|
72
97
|
end
|
73
98
|
|
74
99
|
def process_credentials(options)
|
75
|
-
config = Aws.shared_config
|
76
100
|
profile_name = determine_profile_name(options)
|
77
|
-
if
|
101
|
+
if Aws.shared_config.config_enabled? &&
|
102
|
+
(process_provider = Aws.shared_config.credential_process(profile: profile_name))
|
78
103
|
ProcessCredentials.new(process_provider)
|
79
|
-
else
|
80
|
-
nil
|
81
104
|
end
|
82
105
|
rescue Errors::NoSuchProfileError
|
83
106
|
nil
|
@@ -85,15 +108,12 @@ module Aws
|
|
85
108
|
|
86
109
|
def assume_role_credentials(options)
|
87
110
|
if Aws.shared_config.config_enabled?
|
88
|
-
assume_role_with_profile(options)
|
89
|
-
else
|
90
|
-
nil
|
111
|
+
assume_role_with_profile(options, determine_profile_name(options))
|
91
112
|
end
|
92
113
|
end
|
93
114
|
|
94
115
|
def assume_role_web_identity_credentials(options)
|
95
|
-
if (role_arn = ENV['AWS_ROLE_ARN']) &&
|
96
|
-
(token_file = ENV['AWS_WEB_IDENTITY_TOKEN_FILE'])
|
116
|
+
if (role_arn = ENV['AWS_ROLE_ARN']) && (token_file = ENV['AWS_WEB_IDENTITY_TOKEN_FILE'])
|
97
117
|
AssumeRoleWebIdentityCredentials.new(
|
98
118
|
role_arn: role_arn,
|
99
119
|
web_identity_token_file: token_file,
|
@@ -102,21 +122,18 @@ module Aws
|
|
102
122
|
elsif Aws.shared_config.config_enabled?
|
103
123
|
profile = options[:config].profile if options[:config]
|
104
124
|
Aws.shared_config.assume_role_web_identity_credentials_from_config(profile)
|
105
|
-
else
|
106
|
-
nil
|
107
125
|
end
|
108
126
|
end
|
109
127
|
|
110
128
|
def instance_profile_credentials(options)
|
111
|
-
if ENV[
|
129
|
+
if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
|
112
130
|
ECSCredentials.new(options)
|
113
131
|
else
|
114
132
|
InstanceProfileCredentials.new(options)
|
115
133
|
end
|
116
134
|
end
|
117
135
|
|
118
|
-
def assume_role_with_profile(options)
|
119
|
-
profile_name = determine_profile_name(options)
|
136
|
+
def assume_role_with_profile(options, profile_name)
|
120
137
|
region = (options[:config] && options[:config].region)
|
121
138
|
Aws.shared_config.assume_role_credentials_from_config(
|
122
139
|
profile: profile_name,
|
@@ -124,6 +141,5 @@ module Aws
|
|
124
141
|
chain_config: @config
|
125
142
|
)
|
126
143
|
end
|
127
|
-
|
128
144
|
end
|
129
145
|
end
|
data/lib/aws-sdk-core/errors.rb
CHANGED
@@ -222,8 +222,8 @@ This is typically the result of an invalid `:region` option or a
|
|
222
222
|
poorly formatted `:endpoint` option.
|
223
223
|
|
224
224
|
* Avoid configuring the `:endpoint` option directly. Endpoints are constructed
|
225
|
-
from the `:region`. The `:endpoint` option is reserved for
|
226
|
-
non-standard test endpoints.
|
225
|
+
from the `:region`. The `:endpoint` option is reserved for certain services
|
226
|
+
or for connecting to non-standard test endpoints.
|
227
227
|
|
228
228
|
* Not every service is available in every region.
|
229
229
|
|
@@ -11,7 +11,7 @@ module Aws
|
|
11
11
|
#
|
12
12
|
# @api private
|
13
13
|
# begin
|
14
|
-
SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :alexa_for_business_room_arn, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :block_data, :blocks, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_request_token, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :destination_access_token, :digest_tip_address, :display_name, :domain_signing_private_key, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :external_model_endpoint_data_blobs, :external_user_id, :feedback_token, :file, :first_name, :full_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :join_token, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :meeting_host_id, :message, :metadata, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :private_key_plaintext, :proof, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :restore_metadata, :revision, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :session_token, :share_notes, :shared_secret, :slots, :sns_topic_arn, :source_access_token, :sqs_queue_arn, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :zip_file]
|
14
|
+
SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :alexa_for_business_room_arn, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :block_data, :blocks, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_request_token, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :destination_access_token, :digest_tip_address, :display_name, :domain_signing_private_key, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :external_model_endpoint_data_blobs, :external_user_id, :feedback_token, :file, :first_name, :full_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :join_token, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_name, :master_user_password, :meeting_host_id, :message, :metadata, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :private_key_plaintext, :proof, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :restore_metadata, :revision, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :session_token, :share_notes, :shared_secret, :slots, :sns_topic_arn, :source_access_token, :sqs_queue_arn, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :zip_file]
|
15
15
|
# end
|
16
16
|
|
17
17
|
def initialize(options = {})
|
@@ -142,7 +142,7 @@ module Aws
|
|
142
142
|
end
|
143
143
|
when BlobShape
|
144
144
|
unless value.is_a?(String) || io_like?(value)
|
145
|
-
errors << expected_got(context, "a String or
|
145
|
+
errors << expected_got(context, "a String or IO object", value)
|
146
146
|
end
|
147
147
|
else
|
148
148
|
raise "unhandled shape type: #{ref.shape.class.name}"
|
@@ -166,8 +166,7 @@ module Aws
|
|
166
166
|
end
|
167
167
|
|
168
168
|
def io_like?(value)
|
169
|
-
value.respond_to?(:read) && value.respond_to?(:rewind)
|
170
|
-
value.respond_to?(:size)
|
169
|
+
value.respond_to?(:read) && value.respond_to?(:rewind)
|
171
170
|
end
|
172
171
|
|
173
172
|
def error_messages(errors)
|
@@ -151,7 +151,7 @@ the background every 60 secs (default). Defaults to `false`.
|
|
151
151
|
|
152
152
|
def self.resolve_endpoint_discovery(cfg)
|
153
153
|
env = ENV['AWS_ENABLE_ENDPOINT_DISCOVERY']
|
154
|
-
shared_cfg = Aws.shared_config.
|
154
|
+
shared_cfg = Aws.shared_config.endpoint_discovery_enabled(profile: cfg.profile)
|
155
155
|
Aws::Util.str_2_bool(env) || Aws::Util.str_2_bool(shared_cfg)
|
156
156
|
end
|
157
157
|
|
@@ -8,12 +8,10 @@ module Aws
|
|
8
8
|
|
9
9
|
# @api private
|
10
10
|
class Handler < Seahorse::Client::Handler
|
11
|
-
|
12
11
|
def call(context)
|
13
12
|
if streaming?(context.operation.input)
|
14
|
-
|
15
|
-
|
16
|
-
rescue
|
13
|
+
# If it's an IO object and not a File / String / String IO
|
14
|
+
unless context.http_request.body.respond_to?(:size)
|
17
15
|
if requires_length?(context.operation.input)
|
18
16
|
# if size of the IO is not available but required
|
19
17
|
raise Aws::Errors::MissingContentLength.new
|
@@ -1,8 +1,6 @@
|
|
1
1
|
module Aws
|
2
|
-
|
3
2
|
# @api private
|
4
3
|
class SharedConfig
|
5
|
-
|
6
4
|
# @return [String]
|
7
5
|
attr_reader :credentials_path
|
8
6
|
|
@@ -48,7 +46,7 @@ module Aws
|
|
48
46
|
@profile_name = determine_profile(options)
|
49
47
|
@config_enabled = options[:config_enabled]
|
50
48
|
@credentials_path = options[:credentials_path] ||
|
51
|
-
|
49
|
+
determine_credentials_path
|
52
50
|
@parsed_credentials = {}
|
53
51
|
load_credentials_file if loadable?(@credentials_path)
|
54
52
|
if @config_enabled
|
@@ -67,7 +65,7 @@ module Aws
|
|
67
65
|
@config_enabled = options[:config_enabled] ? true : false
|
68
66
|
@profile_name = determine_profile(options)
|
69
67
|
@credentials_path = options[:credentials_path] ||
|
70
|
-
|
68
|
+
determine_credentials_path
|
71
69
|
load_credentials_file if loadable?(@credentials_path)
|
72
70
|
if @config_enabled
|
73
71
|
@config_path = options[:config_path] || determine_config_path
|
@@ -123,155 +121,51 @@ module Aws
|
|
123
121
|
p = profile || @profile_name
|
124
122
|
if @config_enabled && @parsed_config
|
125
123
|
entry = @parsed_config.fetch(p, {})
|
126
|
-
if entry['web_identity_token_file'] &&
|
127
|
-
entry['role_arn']
|
124
|
+
if entry['web_identity_token_file'] && entry['role_arn']
|
128
125
|
AssumeRoleWebIdentityCredentials.new(
|
129
126
|
role_arn: entry['role_arn'],
|
130
127
|
web_identity_token_file: entry['web_identity_token_file'],
|
131
128
|
role_session_name: entry['role_session_name']
|
132
129
|
)
|
133
|
-
else
|
134
|
-
nil
|
135
|
-
end
|
136
|
-
else
|
137
|
-
nil
|
138
|
-
end
|
139
|
-
end
|
140
|
-
|
141
|
-
def region(opts = {})
|
142
|
-
p = opts[:profile] || @profile_name
|
143
|
-
if @config_enabled
|
144
|
-
if @parsed_credentials
|
145
|
-
region = @parsed_credentials.fetch(p, {})["region"]
|
146
|
-
end
|
147
|
-
if @parsed_config
|
148
|
-
region ||= @parsed_config.fetch(p, {})["region"]
|
149
|
-
end
|
150
|
-
region
|
151
|
-
else
|
152
|
-
nil
|
153
|
-
end
|
154
|
-
end
|
155
|
-
|
156
|
-
def sts_regional_endpoints(opts = {})
|
157
|
-
p = opts[:profile] || @profile_name
|
158
|
-
if @config_enabled
|
159
|
-
if @parsed_credentials
|
160
|
-
mode = @parsed_credentials.fetch(p, {})["sts_regional_endpoints"]
|
161
|
-
end
|
162
|
-
if @parsed_config
|
163
|
-
mode ||= @parsed_config.fetch(p, {})["sts_regional_endpoints"]
|
164
|
-
end
|
165
|
-
mode
|
166
|
-
else
|
167
|
-
nil
|
168
|
-
end
|
169
|
-
end
|
170
|
-
|
171
|
-
def s3_us_east_1_regional_endpoint(opts = {})
|
172
|
-
p = opts[:profile] || @profile_name
|
173
|
-
if @config_enabled
|
174
|
-
if @parsed_credentials
|
175
|
-
mode = @parsed_credentials.fetch(p, {})["s3_us_east_1_regional_endpoint"]
|
176
|
-
end
|
177
|
-
if @parsed_config
|
178
|
-
mode ||= @parsed_config.fetch(p, {})["s3_us_east_1_regional_endpoint"]
|
179
130
|
end
|
180
|
-
mode
|
181
|
-
else
|
182
|
-
nil
|
183
131
|
end
|
184
132
|
end
|
185
133
|
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
if @parsed_config
|
193
|
-
value ||= @parsed_config.fetch(p, {})["s3_use_arn_region"]
|
194
|
-
end
|
195
|
-
value
|
196
|
-
else
|
197
|
-
nil
|
134
|
+
# Add an accessor method (similar to attr_reader) to return a configuration value
|
135
|
+
# Uses the get_config_value below to control where
|
136
|
+
# values are loaded from
|
137
|
+
def self.config_reader(*attrs)
|
138
|
+
attrs.each do |attr|
|
139
|
+
define_method(attr) { |opts = {}| get_config_value(attr.to_s, opts) }
|
198
140
|
end
|
199
141
|
end
|
200
142
|
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
143
|
+
config_reader(
|
144
|
+
:credential_process,
|
145
|
+
:csm_client_id,
|
146
|
+
:csm_enabled,
|
147
|
+
:csm_host,
|
148
|
+
:csm_port,
|
149
|
+
:endpoint_discovery_enabled,
|
150
|
+
:region,
|
151
|
+
:s3_use_arn_region,
|
152
|
+
:s3_us_east_1_regional_endpoint,
|
153
|
+
:sts_regional_endpoints
|
154
|
+
)
|
212
155
|
|
213
|
-
|
214
|
-
p = opts[:profile] || @profile_name
|
215
|
-
if @config_enabled
|
216
|
-
if @parsed_credentials
|
217
|
-
value = @parsed_credentials.fetch(p, {})["csm_enabled"]
|
218
|
-
end
|
219
|
-
if @parsed_config
|
220
|
-
value ||= @parsed_config.fetch(p, {})["csm_enabled"]
|
221
|
-
end
|
222
|
-
value
|
223
|
-
else
|
224
|
-
nil
|
225
|
-
end
|
226
|
-
end
|
156
|
+
private
|
227
157
|
|
228
|
-
|
158
|
+
# Get a config value from from shared credential/config files.
|
159
|
+
# Only loads a value when config_enabled is true
|
160
|
+
# Return a value from credentials preferentially over config
|
161
|
+
def get_config_value(key, opts)
|
229
162
|
p = opts[:profile] || @profile_name
|
230
|
-
if @config_enabled
|
231
|
-
if @parsed_credentials
|
232
|
-
value = @parsed_credentials.fetch(p, {})["csm_client_id"]
|
233
|
-
end
|
234
|
-
if @parsed_config
|
235
|
-
value ||= @parsed_config.fetch(p, {})["csm_client_id"]
|
236
|
-
end
|
237
|
-
value
|
238
|
-
else
|
239
|
-
nil
|
240
|
-
end
|
241
|
-
end
|
242
163
|
|
243
|
-
|
244
|
-
p
|
245
|
-
|
246
|
-
if @parsed_credentials
|
247
|
-
value = @parsed_credentials.fetch(p, {})["csm_port"]
|
248
|
-
end
|
249
|
-
if @parsed_config
|
250
|
-
value ||= @parsed_config.fetch(p, {})["csm_port"]
|
251
|
-
end
|
252
|
-
value
|
253
|
-
else
|
254
|
-
nil
|
255
|
-
end
|
164
|
+
value = @parsed_credentials.fetch(p, {})[key] if @parsed_credentials
|
165
|
+
value ||= @parsed_config.fetch(p, {})[key] if @config_enabled && @parsed_config
|
166
|
+
value
|
256
167
|
end
|
257
168
|
|
258
|
-
def csm_host(opts = {})
|
259
|
-
p = opts[:profile] || @profile_name
|
260
|
-
if @config_enabled
|
261
|
-
if @parsed_credentials
|
262
|
-
value = @parsed_credentials.fetch(p, {})["csm_host"]
|
263
|
-
end
|
264
|
-
if @parsed_config
|
265
|
-
value ||= @parsed_config.fetch(p, {})["csm_host"]
|
266
|
-
end
|
267
|
-
value
|
268
|
-
else
|
269
|
-
nil
|
270
|
-
end
|
271
|
-
end
|
272
|
-
|
273
|
-
private
|
274
|
-
|
275
169
|
def credentials_present?
|
276
170
|
(@parsed_credentials && !@parsed_credentials.empty?) ||
|
277
171
|
(@parsed_config && !@parsed_config.empty?)
|
@@ -279,31 +173,28 @@ module Aws
|
|
279
173
|
|
280
174
|
def assume_role_from_profile(cfg, profile, opts, chain_config)
|
281
175
|
if cfg && prof_cfg = cfg[profile]
|
282
|
-
opts[:source_profile] ||= prof_cfg[
|
176
|
+
opts[:source_profile] ||= prof_cfg['source_profile']
|
283
177
|
credential_source = opts.delete(:credential_source)
|
284
|
-
credential_source ||= prof_cfg[
|
178
|
+
credential_source ||= prof_cfg['credential_source']
|
285
179
|
if opts[:source_profile] && credential_source
|
286
|
-
raise Errors::CredentialSourceConflictError
|
287
|
-
|
288
|
-
|
289
|
-
|
290
|
-
)
|
180
|
+
raise Errors::CredentialSourceConflictError,
|
181
|
+
"Profile #{profile} has a source_profile, and "\
|
182
|
+
'a credential_source. For assume role credentials, must '\
|
183
|
+
'provide only source_profile or credential_source, not both.'
|
291
184
|
elsif opts[:source_profile]
|
292
185
|
opts[:credentials] = resolve_source_profile(opts[:source_profile])
|
293
186
|
if opts[:credentials]
|
294
|
-
opts[:role_session_name] ||= prof_cfg[
|
295
|
-
opts[:role_session_name] ||=
|
296
|
-
opts[:role_arn] ||= prof_cfg[
|
297
|
-
opts[:duration_seconds] ||= prof_cfg[
|
298
|
-
opts[:external_id] ||= prof_cfg[
|
299
|
-
opts[:serial_number] ||= prof_cfg[
|
187
|
+
opts[:role_session_name] ||= prof_cfg['role_session_name']
|
188
|
+
opts[:role_session_name] ||= 'default_session'
|
189
|
+
opts[:role_arn] ||= prof_cfg['role_arn']
|
190
|
+
opts[:duration_seconds] ||= prof_cfg['duration_seconds']
|
191
|
+
opts[:external_id] ||= prof_cfg['external_id']
|
192
|
+
opts[:serial_number] ||= prof_cfg['mfa_serial']
|
300
193
|
opts[:profile] = opts.delete(:source_profile)
|
301
194
|
AssumeRoleCredentials.new(opts)
|
302
195
|
else
|
303
|
-
raise Errors::NoSourceProfileError
|
304
|
-
|
305
|
-
" source_profile does not have credentials."
|
306
|
-
)
|
196
|
+
raise Errors::NoSourceProfileError, "Profile #{profile} has a role_arn, and source_profile, but the"\
|
197
|
+
' source_profile does not have credentials.'
|
307
198
|
end
|
308
199
|
elsif credential_source
|
309
200
|
opts[:credentials] = credentials_from_source(
|
@@ -311,29 +202,21 @@ module Aws
|
|
311
202
|
chain_config
|
312
203
|
)
|
313
204
|
if opts[:credentials]
|
314
|
-
opts[:role_session_name] ||= prof_cfg[
|
315
|
-
opts[:role_session_name] ||=
|
316
|
-
opts[:role_arn] ||= prof_cfg[
|
317
|
-
opts[:duration_seconds] ||= prof_cfg[
|
318
|
-
opts[:external_id] ||= prof_cfg[
|
319
|
-
opts[:serial_number] ||= prof_cfg[
|
205
|
+
opts[:role_session_name] ||= prof_cfg['role_session_name']
|
206
|
+
opts[:role_session_name] ||= 'default_session'
|
207
|
+
opts[:role_arn] ||= prof_cfg['role_arn']
|
208
|
+
opts[:duration_seconds] ||= prof_cfg['duration_seconds']
|
209
|
+
opts[:external_id] ||= prof_cfg['external_id']
|
210
|
+
opts[:serial_number] ||= prof_cfg['mfa_serial']
|
320
211
|
opts.delete(:source_profile) # Cleanup
|
321
212
|
AssumeRoleCredentials.new(opts)
|
322
213
|
else
|
323
|
-
raise Errors::NoSourceCredentials
|
324
|
-
"Profile #{profile} could not get source credentials from"\
|
214
|
+
raise Errors::NoSourceCredentials, "Profile #{profile} could not get source credentials from"\
|
325
215
|
" provider #{credential_source}"
|
326
|
-
)
|
327
216
|
end
|
328
|
-
elsif prof_cfg[
|
329
|
-
raise Errors::NoSourceProfileError.
|
330
|
-
"Profile #{profile} has a role_arn, but no source_profile."
|
331
|
-
)
|
332
|
-
else
|
333
|
-
nil
|
217
|
+
elsif prof_cfg['role_arn']
|
218
|
+
raise Errors::NoSourceProfileError, "Profile #{profile} has a role_arn, but no source_profile."
|
334
219
|
end
|
335
|
-
else
|
336
|
-
nil
|
337
220
|
end
|
338
221
|
end
|
339
222
|
|
@@ -341,51 +224,42 @@ module Aws
|
|
341
224
|
if (creds = credentials(profile: profile))
|
342
225
|
creds # static credentials
|
343
226
|
elsif (provider = assume_role_web_identity_credentials_from_config(profile))
|
344
|
-
if provider.credentials.set?
|
345
|
-
provider.credentials
|
346
|
-
end
|
227
|
+
provider.credentials if provider.credentials.set?
|
347
228
|
elsif (provider = assume_role_process_credentials_from_config(profile))
|
348
|
-
if provider.credentials.set?
|
349
|
-
provider.credentials
|
350
|
-
end
|
229
|
+
provider.credentials if provider.credentials.set?
|
351
230
|
end
|
352
231
|
end
|
353
232
|
|
354
233
|
def credentials_from_source(credential_source, config)
|
355
234
|
case credential_source
|
356
|
-
when
|
235
|
+
when 'Ec2InstanceMetadata'
|
357
236
|
InstanceProfileCredentials.new(
|
358
237
|
retries: config ? config.instance_profile_credentials_retries : 0,
|
359
238
|
http_open_timeout: config ? config.instance_profile_credentials_timeout : 1,
|
360
239
|
http_read_timeout: config ? config.instance_profile_credentials_timeout : 1
|
361
240
|
)
|
362
|
-
when
|
241
|
+
when 'EcsContainer'
|
363
242
|
ECSCredentials.new
|
364
243
|
else
|
365
|
-
raise Errors::InvalidCredentialSourceError
|
366
|
-
"Unsupported credential_source: #{credential_source}"
|
367
|
-
)
|
244
|
+
raise Errors::InvalidCredentialSourceError, "Unsupported credential_source: #{credential_source}"
|
368
245
|
end
|
369
246
|
end
|
370
247
|
|
371
248
|
def assume_role_process_credentials_from_config(profile)
|
372
|
-
|
249
|
+
validate_profile_exists(profile)
|
250
|
+
credential_process = @parsed_config[profile]['credential_process']
|
373
251
|
ProcessCredentials.new(credential_process) if credential_process
|
374
252
|
end
|
375
253
|
|
376
|
-
def credentials_from_shared(profile,
|
254
|
+
def credentials_from_shared(profile, _opts)
|
377
255
|
if @parsed_credentials && prof_config = @parsed_credentials[profile]
|
378
256
|
credentials_from_profile(prof_config)
|
379
|
-
else
|
380
|
-
nil
|
381
257
|
end
|
382
258
|
end
|
383
259
|
|
384
|
-
def credentials_from_config(profile,
|
260
|
+
def credentials_from_config(profile, _opts)
|
385
261
|
if @parsed_config && prof_config = @parsed_config[profile]
|
386
262
|
credentials_from_profile(prof_config)
|
387
|
-
else
|
388
|
-
nil
|
389
263
|
end
|
390
264
|
end
|
391
265
|
|
@@ -395,15 +269,7 @@ module Aws
|
|
395
269
|
prof_config['aws_secret_access_key'],
|
396
270
|
prof_config['aws_session_token']
|
397
271
|
)
|
398
|
-
if
|
399
|
-
creds
|
400
|
-
else
|
401
|
-
nil
|
402
|
-
end
|
403
|
-
end
|
404
|
-
|
405
|
-
def credentials_complete(creds)
|
406
|
-
creds.set?
|
272
|
+
creds if creds.set?
|
407
273
|
end
|
408
274
|
|
409
275
|
def load_credentials_file
|
@@ -433,19 +299,18 @@ module Aws
|
|
433
299
|
|
434
300
|
def validate_profile_exists(profile)
|
435
301
|
unless (@parsed_credentials && @parsed_credentials[profile]) ||
|
436
|
-
|
302
|
+
(@parsed_config && @parsed_config[profile])
|
437
303
|
msg = "Profile `#{profile}' not found in #{@credentials_path}"
|
438
304
|
msg << " or #{@config_path}" if @config_path
|
439
|
-
raise Errors::NoSuchProfileError
|
305
|
+
raise Errors::NoSuchProfileError, msg
|
440
306
|
end
|
441
307
|
end
|
442
308
|
|
443
309
|
def determine_profile(options)
|
444
310
|
ret = options[:profile_name]
|
445
|
-
ret ||= ENV[
|
446
|
-
ret ||=
|
311
|
+
ret ||= ENV['AWS_PROFILE']
|
312
|
+
ret ||= 'default'
|
447
313
|
ret
|
448
314
|
end
|
449
|
-
|
450
315
|
end
|
451
316
|
end
|
data/lib/aws-sdk-sts.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -306,10 +306,7 @@ module Seahorse
|
|
306
306
|
now = Aws::Util.monotonic_milliseconds
|
307
307
|
@pool.each_pair do |endpoint,sessions|
|
308
308
|
sessions.delete_if do |session|
|
309
|
-
if
|
310
|
-
session.last_used.nil? or
|
311
|
-
now - session.last_used > http_idle_timeout * 1000
|
312
|
-
then
|
309
|
+
if session.last_used.nil? or now - session.last_used > http_idle_timeout * 1000
|
313
310
|
session.finish
|
314
311
|
true
|
315
312
|
end
|
@@ -7,12 +7,10 @@ module Seahorse
|
|
7
7
|
class Handler < Client::Handler
|
8
8
|
|
9
9
|
def call(context)
|
10
|
-
|
10
|
+
# If it's an IO object and not a File / String / String IO
|
11
|
+
if context.http_request.body.respond_to?(:size)
|
11
12
|
length = context.http_request.body.size
|
12
13
|
context.http_request.headers['Content-Length'] = length
|
13
|
-
rescue
|
14
|
-
# allowing `Content-Length` failed to be set
|
15
|
-
# see Aws::Plugins::TransferEncoding
|
16
14
|
end
|
17
15
|
@handler.call(context)
|
18
16
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.90.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-02-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jmespath
|