aws-sdk-core 3.89.1 → 3.90.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/aws-sdk-core/credential_provider_chain.rb +47 -31
- data/lib/aws-sdk-core/errors.rb +2 -2
- data/lib/aws-sdk-core/log/param_filter.rb +1 -1
- data/lib/aws-sdk-core/param_validator.rb +2 -3
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +1 -1
- data/lib/aws-sdk-core/plugins/transfer_encoding.rb +2 -4
- data/lib/aws-sdk-core/shared_config.rb +66 -201
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +1 -1
- data/lib/seahorse/client/net_http/connection_pool.rb +1 -4
- data/lib/seahorse/client/plugins/content_length.rb +2 -4
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 48e9cc30981ca093ed5e512279083c45f59f879a
|
4
|
+
data.tar.gz: 8dd4d2ca90e11bdc5df94f34091a03e6dd06bf00
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: aded2038fb2a36b8816f4f70d8342298a1dd1166272afe3c18f15cc8fd0e2f4368d6064f28f2009b401b0d9fbf9ecf827c77e87719839a538172613d422fab3d
|
7
|
+
data.tar.gz: fb9850aae375081eb31fddb3ea14df5c52d1cc73d2f86f2dd654fd1ff620f3e897bfe14e176afee48d13dfdae62d84e8fb968fa3fbe4d3b35849ee149908ed32
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.90.0
|
@@ -1,7 +1,6 @@
|
|
1
1
|
module Aws
|
2
2
|
# @api private
|
3
3
|
class CredentialProviderChain
|
4
|
-
|
5
4
|
def initialize(config = nil)
|
6
5
|
@config = config
|
7
6
|
end
|
@@ -20,16 +19,16 @@ module Aws
|
|
20
19
|
def providers
|
21
20
|
[
|
22
21
|
[:static_credentials, {}],
|
22
|
+
[:static_profile_assume_role_web_identity_credentials, {}],
|
23
|
+
[:static_profile_assume_role_credentials, {}],
|
24
|
+
[:static_profile_credentials, {}],
|
25
|
+
[:static_profile_process_credentials, {}],
|
23
26
|
[:env_credentials, {}],
|
24
27
|
[:assume_role_web_identity_credentials, {}],
|
25
28
|
[:assume_role_credentials, {}],
|
26
29
|
[:shared_credentials, {}],
|
27
30
|
[:process_credentials, {}],
|
28
|
-
[:instance_profile_credentials, {
|
29
|
-
retries: @config ? @config.instance_profile_credentials_retries : 0,
|
30
|
-
http_open_timeout: @config ? @config.instance_profile_credentials_timeout : 1,
|
31
|
-
http_read_timeout: @config ? @config.instance_profile_credentials_timeout : 1,
|
32
|
-
}],
|
31
|
+
[:instance_profile_credentials, {}]
|
33
32
|
]
|
34
33
|
end
|
35
34
|
|
@@ -38,24 +37,50 @@ module Aws
|
|
38
37
|
Credentials.new(
|
39
38
|
options[:config].access_key_id,
|
40
39
|
options[:config].secret_access_key,
|
41
|
-
options[:config].session_token
|
42
|
-
|
43
|
-
|
40
|
+
options[:config].session_token
|
41
|
+
)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
def static_profile_assume_role_web_identity_credentials(options)
|
46
|
+
if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
|
47
|
+
Aws.shared_config.assume_role_web_identity_credentials_from_config(options[:config].profile)
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
def static_profile_assume_role_credentials(options)
|
52
|
+
if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
|
53
|
+
assume_role_with_profile(options, options[:config].profile)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
def static_profile_credentials(options)
|
58
|
+
if options[:config] && options[:config].profile
|
59
|
+
SharedCredentials.new(profile_name: options[:config].profile)
|
44
60
|
end
|
61
|
+
rescue Errors::NoSuchProfileError
|
62
|
+
nil
|
63
|
+
end
|
64
|
+
|
65
|
+
def static_profile_process_credentials(options)
|
66
|
+
if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
|
67
|
+
process_provider = Aws.shared_config.credential_process(profile: options[:config].profile)
|
68
|
+
ProcessCredentials.new(process_provider) if process_provider
|
69
|
+
end
|
70
|
+
rescue Errors::NoSuchProfileError
|
71
|
+
nil
|
45
72
|
end
|
46
73
|
|
47
|
-
def env_credentials(
|
48
|
-
key = %w
|
49
|
-
secret = %w
|
50
|
-
token = %w
|
74
|
+
def env_credentials(_options)
|
75
|
+
key = %w[AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY]
|
76
|
+
secret = %w[AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY]
|
77
|
+
token = %w[AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN]
|
51
78
|
Credentials.new(envar(key), envar(secret), envar(token))
|
52
79
|
end
|
53
80
|
|
54
81
|
def envar(keys)
|
55
82
|
keys.each do |key|
|
56
|
-
if ENV.key?(key)
|
57
|
-
return ENV[key]
|
58
|
-
end
|
83
|
+
return ENV[key] if ENV.key?(key)
|
59
84
|
end
|
60
85
|
nil
|
61
86
|
end
|
@@ -72,12 +97,10 @@ module Aws
|
|
72
97
|
end
|
73
98
|
|
74
99
|
def process_credentials(options)
|
75
|
-
config = Aws.shared_config
|
76
100
|
profile_name = determine_profile_name(options)
|
77
|
-
if
|
101
|
+
if Aws.shared_config.config_enabled? &&
|
102
|
+
(process_provider = Aws.shared_config.credential_process(profile: profile_name))
|
78
103
|
ProcessCredentials.new(process_provider)
|
79
|
-
else
|
80
|
-
nil
|
81
104
|
end
|
82
105
|
rescue Errors::NoSuchProfileError
|
83
106
|
nil
|
@@ -85,15 +108,12 @@ module Aws
|
|
85
108
|
|
86
109
|
def assume_role_credentials(options)
|
87
110
|
if Aws.shared_config.config_enabled?
|
88
|
-
assume_role_with_profile(options)
|
89
|
-
else
|
90
|
-
nil
|
111
|
+
assume_role_with_profile(options, determine_profile_name(options))
|
91
112
|
end
|
92
113
|
end
|
93
114
|
|
94
115
|
def assume_role_web_identity_credentials(options)
|
95
|
-
if (role_arn = ENV['AWS_ROLE_ARN']) &&
|
96
|
-
(token_file = ENV['AWS_WEB_IDENTITY_TOKEN_FILE'])
|
116
|
+
if (role_arn = ENV['AWS_ROLE_ARN']) && (token_file = ENV['AWS_WEB_IDENTITY_TOKEN_FILE'])
|
97
117
|
AssumeRoleWebIdentityCredentials.new(
|
98
118
|
role_arn: role_arn,
|
99
119
|
web_identity_token_file: token_file,
|
@@ -102,21 +122,18 @@ module Aws
|
|
102
122
|
elsif Aws.shared_config.config_enabled?
|
103
123
|
profile = options[:config].profile if options[:config]
|
104
124
|
Aws.shared_config.assume_role_web_identity_credentials_from_config(profile)
|
105
|
-
else
|
106
|
-
nil
|
107
125
|
end
|
108
126
|
end
|
109
127
|
|
110
128
|
def instance_profile_credentials(options)
|
111
|
-
if ENV[
|
129
|
+
if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
|
112
130
|
ECSCredentials.new(options)
|
113
131
|
else
|
114
132
|
InstanceProfileCredentials.new(options)
|
115
133
|
end
|
116
134
|
end
|
117
135
|
|
118
|
-
def assume_role_with_profile(options)
|
119
|
-
profile_name = determine_profile_name(options)
|
136
|
+
def assume_role_with_profile(options, profile_name)
|
120
137
|
region = (options[:config] && options[:config].region)
|
121
138
|
Aws.shared_config.assume_role_credentials_from_config(
|
122
139
|
profile: profile_name,
|
@@ -124,6 +141,5 @@ module Aws
|
|
124
141
|
chain_config: @config
|
125
142
|
)
|
126
143
|
end
|
127
|
-
|
128
144
|
end
|
129
145
|
end
|
data/lib/aws-sdk-core/errors.rb
CHANGED
@@ -222,8 +222,8 @@ This is typically the result of an invalid `:region` option or a
|
|
222
222
|
poorly formatted `:endpoint` option.
|
223
223
|
|
224
224
|
* Avoid configuring the `:endpoint` option directly. Endpoints are constructed
|
225
|
-
from the `:region`. The `:endpoint` option is reserved for
|
226
|
-
non-standard test endpoints.
|
225
|
+
from the `:region`. The `:endpoint` option is reserved for certain services
|
226
|
+
or for connecting to non-standard test endpoints.
|
227
227
|
|
228
228
|
* Not every service is available in every region.
|
229
229
|
|
@@ -11,7 +11,7 @@ module Aws
|
|
11
11
|
#
|
12
12
|
# @api private
|
13
13
|
# begin
|
14
|
-
SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :alexa_for_business_room_arn, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :block_data, :blocks, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_request_token, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :destination_access_token, :digest_tip_address, :display_name, :domain_signing_private_key, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :external_model_endpoint_data_blobs, :external_user_id, :feedback_token, :file, :first_name, :full_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :join_token, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :meeting_host_id, :message, :metadata, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :private_key_plaintext, :proof, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :restore_metadata, :revision, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :session_token, :share_notes, :shared_secret, :slots, :sns_topic_arn, :source_access_token, :sqs_queue_arn, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :zip_file]
|
14
|
+
SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :alexa_for_business_room_arn, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :block_data, :blocks, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_request_token, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :destination_access_token, :digest_tip_address, :display_name, :domain_signing_private_key, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :external_model_endpoint_data_blobs, :external_user_id, :feedback_token, :file, :first_name, :full_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :join_token, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_name, :master_user_password, :meeting_host_id, :message, :metadata, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :private_key_plaintext, :proof, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :restore_metadata, :revision, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :session_token, :share_notes, :shared_secret, :slots, :sns_topic_arn, :source_access_token, :sqs_queue_arn, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :zip_file]
|
15
15
|
# end
|
16
16
|
|
17
17
|
def initialize(options = {})
|
@@ -142,7 +142,7 @@ module Aws
|
|
142
142
|
end
|
143
143
|
when BlobShape
|
144
144
|
unless value.is_a?(String) || io_like?(value)
|
145
|
-
errors << expected_got(context, "a String or
|
145
|
+
errors << expected_got(context, "a String or IO object", value)
|
146
146
|
end
|
147
147
|
else
|
148
148
|
raise "unhandled shape type: #{ref.shape.class.name}"
|
@@ -166,8 +166,7 @@ module Aws
|
|
166
166
|
end
|
167
167
|
|
168
168
|
def io_like?(value)
|
169
|
-
value.respond_to?(:read) && value.respond_to?(:rewind)
|
170
|
-
value.respond_to?(:size)
|
169
|
+
value.respond_to?(:read) && value.respond_to?(:rewind)
|
171
170
|
end
|
172
171
|
|
173
172
|
def error_messages(errors)
|
@@ -151,7 +151,7 @@ the background every 60 secs (default). Defaults to `false`.
|
|
151
151
|
|
152
152
|
def self.resolve_endpoint_discovery(cfg)
|
153
153
|
env = ENV['AWS_ENABLE_ENDPOINT_DISCOVERY']
|
154
|
-
shared_cfg = Aws.shared_config.
|
154
|
+
shared_cfg = Aws.shared_config.endpoint_discovery_enabled(profile: cfg.profile)
|
155
155
|
Aws::Util.str_2_bool(env) || Aws::Util.str_2_bool(shared_cfg)
|
156
156
|
end
|
157
157
|
|
@@ -8,12 +8,10 @@ module Aws
|
|
8
8
|
|
9
9
|
# @api private
|
10
10
|
class Handler < Seahorse::Client::Handler
|
11
|
-
|
12
11
|
def call(context)
|
13
12
|
if streaming?(context.operation.input)
|
14
|
-
|
15
|
-
|
16
|
-
rescue
|
13
|
+
# If it's an IO object and not a File / String / String IO
|
14
|
+
unless context.http_request.body.respond_to?(:size)
|
17
15
|
if requires_length?(context.operation.input)
|
18
16
|
# if size of the IO is not available but required
|
19
17
|
raise Aws::Errors::MissingContentLength.new
|
@@ -1,8 +1,6 @@
|
|
1
1
|
module Aws
|
2
|
-
|
3
2
|
# @api private
|
4
3
|
class SharedConfig
|
5
|
-
|
6
4
|
# @return [String]
|
7
5
|
attr_reader :credentials_path
|
8
6
|
|
@@ -48,7 +46,7 @@ module Aws
|
|
48
46
|
@profile_name = determine_profile(options)
|
49
47
|
@config_enabled = options[:config_enabled]
|
50
48
|
@credentials_path = options[:credentials_path] ||
|
51
|
-
|
49
|
+
determine_credentials_path
|
52
50
|
@parsed_credentials = {}
|
53
51
|
load_credentials_file if loadable?(@credentials_path)
|
54
52
|
if @config_enabled
|
@@ -67,7 +65,7 @@ module Aws
|
|
67
65
|
@config_enabled = options[:config_enabled] ? true : false
|
68
66
|
@profile_name = determine_profile(options)
|
69
67
|
@credentials_path = options[:credentials_path] ||
|
70
|
-
|
68
|
+
determine_credentials_path
|
71
69
|
load_credentials_file if loadable?(@credentials_path)
|
72
70
|
if @config_enabled
|
73
71
|
@config_path = options[:config_path] || determine_config_path
|
@@ -123,155 +121,51 @@ module Aws
|
|
123
121
|
p = profile || @profile_name
|
124
122
|
if @config_enabled && @parsed_config
|
125
123
|
entry = @parsed_config.fetch(p, {})
|
126
|
-
if entry['web_identity_token_file'] &&
|
127
|
-
entry['role_arn']
|
124
|
+
if entry['web_identity_token_file'] && entry['role_arn']
|
128
125
|
AssumeRoleWebIdentityCredentials.new(
|
129
126
|
role_arn: entry['role_arn'],
|
130
127
|
web_identity_token_file: entry['web_identity_token_file'],
|
131
128
|
role_session_name: entry['role_session_name']
|
132
129
|
)
|
133
|
-
else
|
134
|
-
nil
|
135
|
-
end
|
136
|
-
else
|
137
|
-
nil
|
138
|
-
end
|
139
|
-
end
|
140
|
-
|
141
|
-
def region(opts = {})
|
142
|
-
p = opts[:profile] || @profile_name
|
143
|
-
if @config_enabled
|
144
|
-
if @parsed_credentials
|
145
|
-
region = @parsed_credentials.fetch(p, {})["region"]
|
146
|
-
end
|
147
|
-
if @parsed_config
|
148
|
-
region ||= @parsed_config.fetch(p, {})["region"]
|
149
|
-
end
|
150
|
-
region
|
151
|
-
else
|
152
|
-
nil
|
153
|
-
end
|
154
|
-
end
|
155
|
-
|
156
|
-
def sts_regional_endpoints(opts = {})
|
157
|
-
p = opts[:profile] || @profile_name
|
158
|
-
if @config_enabled
|
159
|
-
if @parsed_credentials
|
160
|
-
mode = @parsed_credentials.fetch(p, {})["sts_regional_endpoints"]
|
161
|
-
end
|
162
|
-
if @parsed_config
|
163
|
-
mode ||= @parsed_config.fetch(p, {})["sts_regional_endpoints"]
|
164
|
-
end
|
165
|
-
mode
|
166
|
-
else
|
167
|
-
nil
|
168
|
-
end
|
169
|
-
end
|
170
|
-
|
171
|
-
def s3_us_east_1_regional_endpoint(opts = {})
|
172
|
-
p = opts[:profile] || @profile_name
|
173
|
-
if @config_enabled
|
174
|
-
if @parsed_credentials
|
175
|
-
mode = @parsed_credentials.fetch(p, {})["s3_us_east_1_regional_endpoint"]
|
176
|
-
end
|
177
|
-
if @parsed_config
|
178
|
-
mode ||= @parsed_config.fetch(p, {})["s3_us_east_1_regional_endpoint"]
|
179
130
|
end
|
180
|
-
mode
|
181
|
-
else
|
182
|
-
nil
|
183
131
|
end
|
184
132
|
end
|
185
133
|
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
if @parsed_config
|
193
|
-
value ||= @parsed_config.fetch(p, {})["s3_use_arn_region"]
|
194
|
-
end
|
195
|
-
value
|
196
|
-
else
|
197
|
-
nil
|
134
|
+
# Add an accessor method (similar to attr_reader) to return a configuration value
|
135
|
+
# Uses the get_config_value below to control where
|
136
|
+
# values are loaded from
|
137
|
+
def self.config_reader(*attrs)
|
138
|
+
attrs.each do |attr|
|
139
|
+
define_method(attr) { |opts = {}| get_config_value(attr.to_s, opts) }
|
198
140
|
end
|
199
141
|
end
|
200
142
|
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
143
|
+
config_reader(
|
144
|
+
:credential_process,
|
145
|
+
:csm_client_id,
|
146
|
+
:csm_enabled,
|
147
|
+
:csm_host,
|
148
|
+
:csm_port,
|
149
|
+
:endpoint_discovery_enabled,
|
150
|
+
:region,
|
151
|
+
:s3_use_arn_region,
|
152
|
+
:s3_us_east_1_regional_endpoint,
|
153
|
+
:sts_regional_endpoints
|
154
|
+
)
|
212
155
|
|
213
|
-
|
214
|
-
p = opts[:profile] || @profile_name
|
215
|
-
if @config_enabled
|
216
|
-
if @parsed_credentials
|
217
|
-
value = @parsed_credentials.fetch(p, {})["csm_enabled"]
|
218
|
-
end
|
219
|
-
if @parsed_config
|
220
|
-
value ||= @parsed_config.fetch(p, {})["csm_enabled"]
|
221
|
-
end
|
222
|
-
value
|
223
|
-
else
|
224
|
-
nil
|
225
|
-
end
|
226
|
-
end
|
156
|
+
private
|
227
157
|
|
228
|
-
|
158
|
+
# Get a config value from from shared credential/config files.
|
159
|
+
# Only loads a value when config_enabled is true
|
160
|
+
# Return a value from credentials preferentially over config
|
161
|
+
def get_config_value(key, opts)
|
229
162
|
p = opts[:profile] || @profile_name
|
230
|
-
if @config_enabled
|
231
|
-
if @parsed_credentials
|
232
|
-
value = @parsed_credentials.fetch(p, {})["csm_client_id"]
|
233
|
-
end
|
234
|
-
if @parsed_config
|
235
|
-
value ||= @parsed_config.fetch(p, {})["csm_client_id"]
|
236
|
-
end
|
237
|
-
value
|
238
|
-
else
|
239
|
-
nil
|
240
|
-
end
|
241
|
-
end
|
242
163
|
|
243
|
-
|
244
|
-
p
|
245
|
-
|
246
|
-
if @parsed_credentials
|
247
|
-
value = @parsed_credentials.fetch(p, {})["csm_port"]
|
248
|
-
end
|
249
|
-
if @parsed_config
|
250
|
-
value ||= @parsed_config.fetch(p, {})["csm_port"]
|
251
|
-
end
|
252
|
-
value
|
253
|
-
else
|
254
|
-
nil
|
255
|
-
end
|
164
|
+
value = @parsed_credentials.fetch(p, {})[key] if @parsed_credentials
|
165
|
+
value ||= @parsed_config.fetch(p, {})[key] if @config_enabled && @parsed_config
|
166
|
+
value
|
256
167
|
end
|
257
168
|
|
258
|
-
def csm_host(opts = {})
|
259
|
-
p = opts[:profile] || @profile_name
|
260
|
-
if @config_enabled
|
261
|
-
if @parsed_credentials
|
262
|
-
value = @parsed_credentials.fetch(p, {})["csm_host"]
|
263
|
-
end
|
264
|
-
if @parsed_config
|
265
|
-
value ||= @parsed_config.fetch(p, {})["csm_host"]
|
266
|
-
end
|
267
|
-
value
|
268
|
-
else
|
269
|
-
nil
|
270
|
-
end
|
271
|
-
end
|
272
|
-
|
273
|
-
private
|
274
|
-
|
275
169
|
def credentials_present?
|
276
170
|
(@parsed_credentials && !@parsed_credentials.empty?) ||
|
277
171
|
(@parsed_config && !@parsed_config.empty?)
|
@@ -279,31 +173,28 @@ module Aws
|
|
279
173
|
|
280
174
|
def assume_role_from_profile(cfg, profile, opts, chain_config)
|
281
175
|
if cfg && prof_cfg = cfg[profile]
|
282
|
-
opts[:source_profile] ||= prof_cfg[
|
176
|
+
opts[:source_profile] ||= prof_cfg['source_profile']
|
283
177
|
credential_source = opts.delete(:credential_source)
|
284
|
-
credential_source ||= prof_cfg[
|
178
|
+
credential_source ||= prof_cfg['credential_source']
|
285
179
|
if opts[:source_profile] && credential_source
|
286
|
-
raise Errors::CredentialSourceConflictError
|
287
|
-
|
288
|
-
|
289
|
-
|
290
|
-
)
|
180
|
+
raise Errors::CredentialSourceConflictError,
|
181
|
+
"Profile #{profile} has a source_profile, and "\
|
182
|
+
'a credential_source. For assume role credentials, must '\
|
183
|
+
'provide only source_profile or credential_source, not both.'
|
291
184
|
elsif opts[:source_profile]
|
292
185
|
opts[:credentials] = resolve_source_profile(opts[:source_profile])
|
293
186
|
if opts[:credentials]
|
294
|
-
opts[:role_session_name] ||= prof_cfg[
|
295
|
-
opts[:role_session_name] ||=
|
296
|
-
opts[:role_arn] ||= prof_cfg[
|
297
|
-
opts[:duration_seconds] ||= prof_cfg[
|
298
|
-
opts[:external_id] ||= prof_cfg[
|
299
|
-
opts[:serial_number] ||= prof_cfg[
|
187
|
+
opts[:role_session_name] ||= prof_cfg['role_session_name']
|
188
|
+
opts[:role_session_name] ||= 'default_session'
|
189
|
+
opts[:role_arn] ||= prof_cfg['role_arn']
|
190
|
+
opts[:duration_seconds] ||= prof_cfg['duration_seconds']
|
191
|
+
opts[:external_id] ||= prof_cfg['external_id']
|
192
|
+
opts[:serial_number] ||= prof_cfg['mfa_serial']
|
300
193
|
opts[:profile] = opts.delete(:source_profile)
|
301
194
|
AssumeRoleCredentials.new(opts)
|
302
195
|
else
|
303
|
-
raise Errors::NoSourceProfileError
|
304
|
-
|
305
|
-
" source_profile does not have credentials."
|
306
|
-
)
|
196
|
+
raise Errors::NoSourceProfileError, "Profile #{profile} has a role_arn, and source_profile, but the"\
|
197
|
+
' source_profile does not have credentials.'
|
307
198
|
end
|
308
199
|
elsif credential_source
|
309
200
|
opts[:credentials] = credentials_from_source(
|
@@ -311,29 +202,21 @@ module Aws
|
|
311
202
|
chain_config
|
312
203
|
)
|
313
204
|
if opts[:credentials]
|
314
|
-
opts[:role_session_name] ||= prof_cfg[
|
315
|
-
opts[:role_session_name] ||=
|
316
|
-
opts[:role_arn] ||= prof_cfg[
|
317
|
-
opts[:duration_seconds] ||= prof_cfg[
|
318
|
-
opts[:external_id] ||= prof_cfg[
|
319
|
-
opts[:serial_number] ||= prof_cfg[
|
205
|
+
opts[:role_session_name] ||= prof_cfg['role_session_name']
|
206
|
+
opts[:role_session_name] ||= 'default_session'
|
207
|
+
opts[:role_arn] ||= prof_cfg['role_arn']
|
208
|
+
opts[:duration_seconds] ||= prof_cfg['duration_seconds']
|
209
|
+
opts[:external_id] ||= prof_cfg['external_id']
|
210
|
+
opts[:serial_number] ||= prof_cfg['mfa_serial']
|
320
211
|
opts.delete(:source_profile) # Cleanup
|
321
212
|
AssumeRoleCredentials.new(opts)
|
322
213
|
else
|
323
|
-
raise Errors::NoSourceCredentials
|
324
|
-
"Profile #{profile} could not get source credentials from"\
|
214
|
+
raise Errors::NoSourceCredentials, "Profile #{profile} could not get source credentials from"\
|
325
215
|
" provider #{credential_source}"
|
326
|
-
)
|
327
216
|
end
|
328
|
-
elsif prof_cfg[
|
329
|
-
raise Errors::NoSourceProfileError.
|
330
|
-
"Profile #{profile} has a role_arn, but no source_profile."
|
331
|
-
)
|
332
|
-
else
|
333
|
-
nil
|
217
|
+
elsif prof_cfg['role_arn']
|
218
|
+
raise Errors::NoSourceProfileError, "Profile #{profile} has a role_arn, but no source_profile."
|
334
219
|
end
|
335
|
-
else
|
336
|
-
nil
|
337
220
|
end
|
338
221
|
end
|
339
222
|
|
@@ -341,51 +224,42 @@ module Aws
|
|
341
224
|
if (creds = credentials(profile: profile))
|
342
225
|
creds # static credentials
|
343
226
|
elsif (provider = assume_role_web_identity_credentials_from_config(profile))
|
344
|
-
if provider.credentials.set?
|
345
|
-
provider.credentials
|
346
|
-
end
|
227
|
+
provider.credentials if provider.credentials.set?
|
347
228
|
elsif (provider = assume_role_process_credentials_from_config(profile))
|
348
|
-
if provider.credentials.set?
|
349
|
-
provider.credentials
|
350
|
-
end
|
229
|
+
provider.credentials if provider.credentials.set?
|
351
230
|
end
|
352
231
|
end
|
353
232
|
|
354
233
|
def credentials_from_source(credential_source, config)
|
355
234
|
case credential_source
|
356
|
-
when
|
235
|
+
when 'Ec2InstanceMetadata'
|
357
236
|
InstanceProfileCredentials.new(
|
358
237
|
retries: config ? config.instance_profile_credentials_retries : 0,
|
359
238
|
http_open_timeout: config ? config.instance_profile_credentials_timeout : 1,
|
360
239
|
http_read_timeout: config ? config.instance_profile_credentials_timeout : 1
|
361
240
|
)
|
362
|
-
when
|
241
|
+
when 'EcsContainer'
|
363
242
|
ECSCredentials.new
|
364
243
|
else
|
365
|
-
raise Errors::InvalidCredentialSourceError
|
366
|
-
"Unsupported credential_source: #{credential_source}"
|
367
|
-
)
|
244
|
+
raise Errors::InvalidCredentialSourceError, "Unsupported credential_source: #{credential_source}"
|
368
245
|
end
|
369
246
|
end
|
370
247
|
|
371
248
|
def assume_role_process_credentials_from_config(profile)
|
372
|
-
|
249
|
+
validate_profile_exists(profile)
|
250
|
+
credential_process = @parsed_config[profile]['credential_process']
|
373
251
|
ProcessCredentials.new(credential_process) if credential_process
|
374
252
|
end
|
375
253
|
|
376
|
-
def credentials_from_shared(profile,
|
254
|
+
def credentials_from_shared(profile, _opts)
|
377
255
|
if @parsed_credentials && prof_config = @parsed_credentials[profile]
|
378
256
|
credentials_from_profile(prof_config)
|
379
|
-
else
|
380
|
-
nil
|
381
257
|
end
|
382
258
|
end
|
383
259
|
|
384
|
-
def credentials_from_config(profile,
|
260
|
+
def credentials_from_config(profile, _opts)
|
385
261
|
if @parsed_config && prof_config = @parsed_config[profile]
|
386
262
|
credentials_from_profile(prof_config)
|
387
|
-
else
|
388
|
-
nil
|
389
263
|
end
|
390
264
|
end
|
391
265
|
|
@@ -395,15 +269,7 @@ module Aws
|
|
395
269
|
prof_config['aws_secret_access_key'],
|
396
270
|
prof_config['aws_session_token']
|
397
271
|
)
|
398
|
-
if
|
399
|
-
creds
|
400
|
-
else
|
401
|
-
nil
|
402
|
-
end
|
403
|
-
end
|
404
|
-
|
405
|
-
def credentials_complete(creds)
|
406
|
-
creds.set?
|
272
|
+
creds if creds.set?
|
407
273
|
end
|
408
274
|
|
409
275
|
def load_credentials_file
|
@@ -433,19 +299,18 @@ module Aws
|
|
433
299
|
|
434
300
|
def validate_profile_exists(profile)
|
435
301
|
unless (@parsed_credentials && @parsed_credentials[profile]) ||
|
436
|
-
|
302
|
+
(@parsed_config && @parsed_config[profile])
|
437
303
|
msg = "Profile `#{profile}' not found in #{@credentials_path}"
|
438
304
|
msg << " or #{@config_path}" if @config_path
|
439
|
-
raise Errors::NoSuchProfileError
|
305
|
+
raise Errors::NoSuchProfileError, msg
|
440
306
|
end
|
441
307
|
end
|
442
308
|
|
443
309
|
def determine_profile(options)
|
444
310
|
ret = options[:profile_name]
|
445
|
-
ret ||= ENV[
|
446
|
-
ret ||=
|
311
|
+
ret ||= ENV['AWS_PROFILE']
|
312
|
+
ret ||= 'default'
|
447
313
|
ret
|
448
314
|
end
|
449
|
-
|
450
315
|
end
|
451
316
|
end
|
data/lib/aws-sdk-sts.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -306,10 +306,7 @@ module Seahorse
|
|
306
306
|
now = Aws::Util.monotonic_milliseconds
|
307
307
|
@pool.each_pair do |endpoint,sessions|
|
308
308
|
sessions.delete_if do |session|
|
309
|
-
if
|
310
|
-
session.last_used.nil? or
|
311
|
-
now - session.last_used > http_idle_timeout * 1000
|
312
|
-
then
|
309
|
+
if session.last_used.nil? or now - session.last_used > http_idle_timeout * 1000
|
313
310
|
session.finish
|
314
311
|
true
|
315
312
|
end
|
@@ -7,12 +7,10 @@ module Seahorse
|
|
7
7
|
class Handler < Client::Handler
|
8
8
|
|
9
9
|
def call(context)
|
10
|
-
|
10
|
+
# If it's an IO object and not a File / String / String IO
|
11
|
+
if context.http_request.body.respond_to?(:size)
|
11
12
|
length = context.http_request.body.size
|
12
13
|
context.http_request.headers['Content-Length'] = length
|
13
|
-
rescue
|
14
|
-
# allowing `Content-Length` failed to be set
|
15
|
-
# see Aws::Plugins::TransferEncoding
|
16
14
|
end
|
17
15
|
@handler.call(context)
|
18
16
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.90.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-02-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jmespath
|