fog-aws 3.13.0 → 3.21.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +123 -2
- data/README.md +57 -0
- data/lib/fog/aws/auto_scaling.rb +1 -1
- data/lib/fog/aws/beanstalk.rb +1 -1
- data/lib/fog/aws/cdn.rb +1 -1
- data/lib/fog/aws/cloud_formation.rb +1 -1
- data/lib/fog/aws/cloud_watch.rb +1 -1
- data/lib/fog/aws/compute.rb +1 -1
- data/lib/fog/aws/credential_fetcher.rb +9 -1
- data/lib/fog/aws/data_pipeline.rb +1 -1
- data/lib/fog/aws/dns.rb +1 -1
- data/lib/fog/aws/dynamodb.rb +1 -1
- data/lib/fog/aws/ecs.rb +1 -1
- data/lib/fog/aws/elasticache.rb +1 -1
- data/lib/fog/aws/elb.rb +1 -1
- data/lib/fog/aws/elbv2.rb +1 -1
- data/lib/fog/aws/emr.rb +1 -1
- data/lib/fog/aws/glacier.rb +1 -1
- data/lib/fog/aws/iam.rb +1 -1
- data/lib/fog/aws/kinesis.rb +1 -1
- data/lib/fog/aws/kms.rb +1 -1
- data/lib/fog/aws/lambda.rb +1 -1
- data/lib/fog/aws/models/compute/flavors.rb +2144 -754
- data/lib/fog/aws/models/storage/directories.rb +1 -0
- data/lib/fog/aws/models/storage/file.rb +24 -8
- data/lib/fog/aws/parsers/iam/get_group_policy.rb +1 -1
- data/lib/fog/aws/parsers/iam/get_role_policy.rb +1 -1
- data/lib/fog/aws/parsers/iam/get_user_policy.rb +1 -1
- data/lib/fog/aws/parsers/iam/policy_version.rb +1 -1
- data/lib/fog/aws/rds.rb +1 -1
- data/lib/fog/aws/redshift.rb +1 -1
- data/lib/fog/aws/requests/rds/add_tags_to_resource.rb +12 -10
- data/lib/fog/aws/requests/rds/list_tags_for_resource.rb +10 -7
- data/lib/fog/aws/requests/rds/remove_tags_from_resource.rb +9 -8
- data/lib/fog/aws/requests/storage/get_service.rb +1 -1
- data/lib/fog/aws/requests/storage/sync_clock.rb +9 -1
- data/lib/fog/aws/ses.rb +1 -1
- data/lib/fog/aws/simpledb.rb +1 -1
- data/lib/fog/aws/sns.rb +1 -1
- data/lib/fog/aws/sqs.rb +1 -1
- data/lib/fog/aws/storage.rb +20 -2
- data/lib/fog/aws/support.rb +1 -1
- data/lib/fog/aws/version.rb +1 -1
- data/lib/fog/aws.rb +3 -3
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a70dcf9f73be47287b3b3b0180e9b8b43fd1743e67a6b56d8c44cc17e5e7e1f2
|
4
|
+
data.tar.gz: 0aa01c7969f747964e13d3404c4d35b91e7b12c77a0071c70dd21b144508014c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 513c9d361abc77fba5540afccc11026788e6d1ee6df6f9134d8360d431db41dd50a395c476bdfba5c32d1ca2b35b4c81151aa1a82b0e8405976b49b7ac023582
|
7
|
+
data.tar.gz: 5cb4615882c96c20aeda02f9e68bbd10f2e1f9fc5fdfb9e3a916573f74cc45ca1df57fd9dc7c5b2231b2d258a4221ae5a75301341eb5013eb04f53936e6184fc
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,128 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
-
## [v3.
|
3
|
+
## [v3.21.0](https://github.com/fog/fog-aws/tree/v3.21.0) (2023-09-29)
|
4
|
+
|
5
|
+
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.20.0...v3.21.0)
|
6
|
+
|
7
|
+
**Closed issues:**
|
8
|
+
|
9
|
+
- Fog::AWS::Storage default retry behaviour guarantees 6s delay for 4xx class responses [\#690](https://github.com/fog/fog-aws/issues/690)
|
10
|
+
|
11
|
+
**Merged pull requests:**
|
12
|
+
|
13
|
+
- Fog::AWS::Storage don't retry client errors [\#691]((https://github.com/fog/fog-aws/pull/691) ([rahim](https://github.com/rahim))
|
14
|
+
|
15
|
+
## [v3.20.0](https://github.com/fog/fog-aws/tree/v3.20.0) (2023-09-27)
|
16
|
+
|
17
|
+
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.19.0...v3.20.0)
|
18
|
+
|
19
|
+
**Closed issues:**
|
20
|
+
|
21
|
+
- Fog::AWS::Storage::File x-amz-request-id and x-amz-id-2 header reflection [\#688](https://github.com/fog/fog-aws/issues/688)
|
22
|
+
- When using IRSA on `Fog::Storage`, output `Unrecognized arguments: sts_endpoint` warning [\#683](https://github.com/fog/fog-aws/issues/683)
|
23
|
+
- Is it possible to add `DurationSeconds` in CredentialFetcher ? [\#682](https://github.com/fog/fog-aws/issues/682)
|
24
|
+
|
25
|
+
**Merged pull requests:**
|
26
|
+
|
27
|
+
- Fog::AWS::Storage::File - fix request id header reflection [\#689](https://github.com/fog/fog-aws/pull/689) ([rahim](https://github.com/rahim))
|
28
|
+
- Bump actions/checkout from 3 to 4 [\#687](https://github.com/fog/fog-aws/pull/687) ([dependabot[bot]](https://github.com/apps/dependabot))
|
29
|
+
- add c6a, c6i, c6id, m6a,m6i, m6id, and r6a, r6i, r6id support [\#686](https://github.com/fog/fog-aws/pull/686) ([ashivadi](https://github.com/ashivadi))
|
30
|
+
- Align the parameters for `AssumeRoleWithWebIdentity` action [\#685](https://github.com/fog/fog-aws/pull/685) ([marshluca](https://github.com/marshluca))
|
31
|
+
- Prevent `Unrecognized arguments: sts_endpoint` warning [\#684](https://github.com/fog/fog-aws/pull/684) ([nekomaho](https://github.com/nekomaho))
|
32
|
+
- CI against Ruby 3.2 [\#681](https://github.com/fog/fog-aws/pull/681) ([y-yagi](https://github.com/y-yagi))
|
33
|
+
- Change method sync\_clock\_url to use localstack set a different port [\#680](https://github.com/fog/fog-aws/pull/680) ([fabiodallazen](https://github.com/fabiodallazen))
|
34
|
+
|
35
|
+
## [v3.19.0](https://github.com/fog/fog-aws/tree/v3.19.0) (2023-05-18)
|
36
|
+
|
37
|
+
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.18.0...v3.19.0)
|
38
|
+
|
39
|
+
**Merged pull requests:**
|
40
|
+
|
41
|
+
- gopalcoupa:add-me-central-1 [\#679](https://github.com/fog/fog-aws/pull/679)
|
42
|
+
- Fix S3 Transfer Acceleration [\#676](https://github.com/fog/fog-aws/pull/676)
|
43
|
+
- configure connection_options to improve s3 retry see https://github.com/fog/fog-aws/issues/674 [\#675](https://github.com/fog/fog-aws/pull/675)
|
44
|
+
- s3: remove hardcoded host [\#673](https://github.com/fog/fog-aws/pull/673)
|
45
|
+
- Bump actions/stale from 7 to 8 [\#671](https://github.com/fog/fog-aws/pull/671)
|
46
|
+
|
47
|
+
## [v3.18.0](https://github.com/fog/fog-aws/tree/v3.18.0) (2023-02-16)
|
48
|
+
|
49
|
+
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.17.0...v3.18.0)
|
50
|
+
|
51
|
+
**Merged pull requests:**
|
52
|
+
|
53
|
+
- Only compute SSE-C headers when needed in multipart upload [\#669](https://github.com/fog/fog-aws/pull/669) ([stanhu](https://github.com/stanhu))
|
54
|
+
|
55
|
+
## [v3.17.0](https://github.com/fog/fog-aws/tree/v3.17.0) (2023-02-09)
|
56
|
+
|
57
|
+
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.16.0...v3.17.0)
|
58
|
+
|
59
|
+
**Merged pull requests:**
|
60
|
+
|
61
|
+
- Support disabling of Content-MD5 for FIPS [\#668](https://github.com/fog/fog-aws/pull/668) ([stanhu](https://github.com/stanhu))
|
62
|
+
|
63
|
+
## [v3.16.0](https://github.com/fog/fog-aws/tree/v3.16.0) (2023-01-26)
|
64
|
+
|
65
|
+
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.15.0...v3.16.0)
|
66
|
+
|
67
|
+
**Closed issues:**
|
68
|
+
|
69
|
+
- README lists incorrect usage of IAM auth [\#663](https://github.com/fog/fog-aws/issues/663)
|
70
|
+
- How can i config to use s3 in localstack [\#657](https://github.com/fog/fog-aws/issues/657)
|
71
|
+
- Fog::Storage::AWS::Files#each always iterates over entire collection [\#232](https://github.com/fog/fog-aws/issues/232)
|
72
|
+
- superclass mismatch for class AWS [\#655](https://github.com/fog/fog-aws/issues/655)
|
73
|
+
- Lambda IAM Role Not Working [\#650](https://github.com/fog/fog-aws/issues/650)
|
74
|
+
|
75
|
+
**Merged pull requests:**
|
76
|
+
|
77
|
+
- adding missing region ap-southeast-4 [\#665](https://github.com/fog/fog-aws/pull/665) ([emptyhammond](https://github.com/emptyhammond))
|
78
|
+
o
|
79
|
+
- adding missing region eu-south-2 [\#662](https://github.com/fog/fog-aws/pull/662) ([ivangool](https://github.com/ivangool))
|
80
|
+
- Bump actions/dependency-review-action from 2 to 3 [\#659](https://github.com/fog/fog-aws/pull/659) ([dependabot[bot]](https://github.com/apps/dependabot))
|
81
|
+
- Update aws.rb [\#658](https://github.com/fog/fog-aws/pull/658) ([ivangool](https://github.com/ivangool))
|
82
|
+
- Bump actions/stale from 5 to 6 [\#656](https://github.com/fog/fog-aws/pull/656) ([dependabot[bot]](https://github.com/apps/dependabot))
|
83
|
+
|
84
|
+
## [v3.15.0](https://github.com/fog/fog-aws/tree/v3.15.0) (2022-09-12)
|
85
|
+
|
86
|
+
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.14.0...v3.15.0)
|
87
|
+
|
88
|
+
**Closed issues:**
|
89
|
+
|
90
|
+
- URI.decode is obsolete \(and not available in Ruby 3.0\) [\#653](https://github.com/fog/fog-aws/issues/653)
|
91
|
+
- S3: File copy not working outside us-east-1 region [\#645](https://github.com/fog/fog-aws/issues/645)
|
92
|
+
- Unable to list, update and remove RDS tags in AWS GovCloud Account regions. [\#644](https://github.com/fog/fog-aws/issues/644)
|
93
|
+
- Documentation links broken / 404 [\#642](https://github.com/fog/fog-aws/issues/642)
|
94
|
+
|
95
|
+
**Merged pull requests:**
|
96
|
+
|
97
|
+
- Replace URI.decode as obsolete, and removed in Ruby 3.0 [\#654](https://github.com/fog/fog-aws/pull/654) ([kuahyeow](https://github.com/kuahyeow))
|
98
|
+
- Fix typo in readme [\#652](https://github.com/fog/fog-aws/pull/652) ([geemus](https://github.com/geemus))
|
99
|
+
- change sync\_clock to plain GET [\#651](https://github.com/fog/fog-aws/pull/651) ([duckworth](https://github.com/duckworth))
|
100
|
+
- Update README file with download url example [\#649](https://github.com/fog/fog-aws/pull/649) ([lucasocon](https://github.com/lucasocon))
|
101
|
+
- Bump actions/dependency-review-action from 1 to 2 [\#648](https://github.com/fog/fog-aws/pull/648) ([dependabot[bot]](https://github.com/apps/dependabot))
|
102
|
+
- add x2gd and t4g instance flavours [\#647](https://github.com/fog/fog-aws/pull/647) ([mushyy](https://github.com/mushyy))
|
103
|
+
- Fix a typo in CHANGELOG [\#646](https://github.com/fog/fog-aws/pull/646) ([y-yagi](https://github.com/y-yagi))
|
104
|
+
|
105
|
+
## [v3.14.0](https://github.com/fog/fog-aws/tree/v3.14.0) (2022-05-09)
|
106
|
+
|
107
|
+
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.13.0...v3.14.0)
|
108
|
+
|
109
|
+
**Closed issues:**
|
110
|
+
|
111
|
+
- Add a special note to the documentation around the danger of using directory.get [\#633](https://github.com/fog/fog-aws/issues/633)
|
112
|
+
|
113
|
+
**Merged pull requests:**
|
114
|
+
|
115
|
+
- RDS tags issue in AWS GovCloud Account regions. [\#643](https://github.com/fog/fog-aws/pull/643) ([svavhal](https://github.com/svavhal))
|
116
|
+
- Create codeql.yml [\#641](https://github.com/fog/fog-aws/pull/641) ([naveensrinivasan](https://github.com/naveensrinivasan))
|
117
|
+
- chore\(deps\): Included dependency review [\#640](https://github.com/fog/fog-aws/pull/640) ([naveensrinivasan](https://github.com/naveensrinivasan))
|
118
|
+
- Bump actions/stale from 4 to 5 [\#639](https://github.com/fog/fog-aws/pull/639) ([dependabot[bot]](https://github.com/apps/dependabot))
|
119
|
+
- Set permissions for GitHub actions [\#638](https://github.com/fog/fog-aws/pull/638) ([naveensrinivasan](https://github.com/naveensrinivasan))
|
120
|
+
- Add option to control IAM credential refresh [\#637](https://github.com/fog/fog-aws/pull/637) ([gl-gh-hchouraria](https://github.com/gl-gh-hchouraria))
|
121
|
+
- Add warning messages around directories.get [\#636](https://github.com/fog/fog-aws/pull/636) ([orrin-naylor-instacart](https://github.com/orrin-naylor-instacart))
|
122
|
+
- Bump actions/checkout from 2.4.0 to 3 [\#632](https://github.com/fog/fog-aws/pull/632) ([dependabot[bot]](https://github.com/apps/dependabot))
|
123
|
+
- Add Ruby 3.1 to the CI matrix [\#631](https://github.com/fog/fog-aws/pull/631) ([petergoldstein](https://github.com/petergoldstein))
|
124
|
+
|
125
|
+
## [v3.13.0](https://github.com/fog/fog-aws/tree/v3.13.0) (2022-02-13)
|
4
126
|
|
5
127
|
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.12.0...v3.13.0)
|
6
128
|
|
@@ -692,7 +814,6 @@
|
|
692
814
|
|
693
815
|
- How to setup private files with CloudFront? [\#275](https://github.com/fog/fog-aws/issues/275)
|
694
816
|
- Feature: Custom Managed Policies [\#272](https://github.com/fog/fog-aws/issues/272)
|
695
|
-
- Question: which aws-sdk version is used [\#270](https://github.com/fog/fog-aws/issues/270)
|
696
817
|
- Support an IAM list\_attached\_role\_policies method [\#191](https://github.com/fog/fog-aws/issues/191)
|
697
818
|
|
698
819
|
**Merged pull requests:**
|
data/README.md
CHANGED
@@ -98,6 +98,7 @@ file = directory.files.create(key: 'user/1/Gemfile', body: File.open('Gemfile'),
|
|
98
98
|
directory = s3.directories.get('gaudi-portal-dev', prefix: 'user/1/')
|
99
99
|
directory.files
|
100
100
|
```
|
101
|
+
**Warning!** `s3.directories.get` retrieves and caches meta data for the first 10,000 objects in the bucket, which can be very expensive. When possible use `s3.directories.new`.
|
101
102
|
|
102
103
|
#### Generating a URL for a file:
|
103
104
|
|
@@ -105,6 +106,62 @@ directory.files
|
|
105
106
|
directory.files.new(key: 'user/1/Gemfile').url(Time.now + 60)
|
106
107
|
```
|
107
108
|
|
109
|
+
##### Generate download URL
|
110
|
+
You should pass an option argument that contains the `query` key with `response-content-disposition` inside indicating that is an attachment and the filename to be used when downloaded.
|
111
|
+
|
112
|
+
```ruby
|
113
|
+
options = {
|
114
|
+
query: {
|
115
|
+
'response-content-disposition' => "attachment; filename=#{key}"
|
116
|
+
}
|
117
|
+
}
|
118
|
+
|
119
|
+
directory.files.new(key: 'user/1/Gemfile').url(Time.now + 60, options)
|
120
|
+
```
|
121
|
+
|
122
|
+
|
123
|
+
##### Controlling credential refresh time with IAM authentication
|
124
|
+
|
125
|
+
When using IAM authentication with
|
126
|
+
[temporary security credentials](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html),
|
127
|
+
generated S3 pre-signed URLs
|
128
|
+
[only last as long as the temporary credential](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html).
|
129
|
+
|
130
|
+
Generating the URLs in the following manner will return a URL
|
131
|
+
that will not last as long as its requested expiration time if
|
132
|
+
the remainder of the authentication token lifetime was shorter.
|
133
|
+
|
134
|
+
```ruby
|
135
|
+
s3 = Fog::Storage.new(provider: 'AWS', use_iam_profile: true)
|
136
|
+
directory = s3.directories.get('gaudi-portal-dev', prefix: 'user/1/')
|
137
|
+
|
138
|
+
directory.files.new(key: 'user/1/Gemfile').url(Time.now + 60)
|
139
|
+
```
|
140
|
+
|
141
|
+
By default the temporary credentials in use are refreshed only within the last
|
142
|
+
15 seconds of its expiration time. The URL requested with 60 seconds lifetime
|
143
|
+
using the above example will only remain valid for 15 seconds in the worst case.
|
144
|
+
|
145
|
+
The problem can be avoided by refreshing the token early and often,
|
146
|
+
by setting configuration `aws_credentials_refresh_threshold_seconds` (default: 15)
|
147
|
+
which controls the time when the refresh must occur. It is expressed in seconds
|
148
|
+
before the temporary credential's expiration time.
|
149
|
+
|
150
|
+
The following example can ensure pre-signed URLs last as long as 60 seconds
|
151
|
+
by automatically refreshing the credentials when its remainder lifetime
|
152
|
+
is lower than 60 seconds:
|
153
|
+
|
154
|
+
```ruby
|
155
|
+
s3 = Fog::Storage.new(
|
156
|
+
provider: 'AWS',
|
157
|
+
use_iam_profile: true,
|
158
|
+
aws_credentials_refresh_threshold_seconds: 60
|
159
|
+
)
|
160
|
+
directory = s3.directories.get('gaudi-portal-dev', prefix: 'user/1/')
|
161
|
+
|
162
|
+
directory.files.new(key: 'user/1/Gemfile').url(Time.now + 60)
|
163
|
+
```
|
164
|
+
|
108
165
|
#### Copying a file
|
109
166
|
|
110
167
|
```ruby
|
data/lib/fog/aws/auto_scaling.rb
CHANGED
@@ -8,7 +8,7 @@ module Fog
|
|
8
8
|
class ValidationError < Fog::Errors::Error; end
|
9
9
|
|
10
10
|
requires :aws_access_key_id, :aws_secret_access_key
|
11
|
-
recognizes :host, :path, :port, :scheme, :persistent, :region, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name
|
11
|
+
recognizes :host, :path, :port, :scheme, :persistent, :region, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name, :sts_endpoint
|
12
12
|
|
13
13
|
request_path 'fog/aws/requests/auto_scaling'
|
14
14
|
request :attach_load_balancers
|
data/lib/fog/aws/beanstalk.rb
CHANGED
@@ -6,7 +6,7 @@ module Fog
|
|
6
6
|
class InvalidParameterError < Fog::Errors::Error; end
|
7
7
|
|
8
8
|
requires :aws_access_key_id, :aws_secret_access_key
|
9
|
-
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name
|
9
|
+
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name, :sts_endpoint
|
10
10
|
|
11
11
|
request_path 'fog/aws/requests/beanstalk'
|
12
12
|
|
data/lib/fog/aws/cdn.rb
CHANGED
@@ -4,7 +4,7 @@ module Fog
|
|
4
4
|
extend Fog::AWS::CredentialFetcher::ServiceMethods
|
5
5
|
|
6
6
|
requires :aws_access_key_id, :aws_secret_access_key
|
7
|
-
recognizes :host, :path, :port, :scheme, :version, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name
|
7
|
+
recognizes :host, :path, :port, :scheme, :version, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name, :region, :sts_endpoint
|
8
8
|
|
9
9
|
model_path 'fog/aws/models/cdn'
|
10
10
|
model :distribution
|
@@ -4,7 +4,7 @@ module Fog
|
|
4
4
|
extend Fog::AWS::CredentialFetcher::ServiceMethods
|
5
5
|
|
6
6
|
requires :aws_access_key_id, :aws_secret_access_key
|
7
|
-
recognizes :host, :path, :port, :scheme, :persistent, :region, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name
|
7
|
+
recognizes :host, :path, :port, :scheme, :persistent, :region, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name, :sts_endpoint
|
8
8
|
|
9
9
|
request_path 'fog/aws/requests/cloud_formation'
|
10
10
|
request :cancel_update_stack
|
data/lib/fog/aws/cloud_watch.rb
CHANGED
@@ -4,7 +4,7 @@ module Fog
|
|
4
4
|
extend Fog::AWS::CredentialFetcher::ServiceMethods
|
5
5
|
|
6
6
|
requires :aws_access_key_id, :aws_secret_access_key
|
7
|
-
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name
|
7
|
+
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name, :sts_endpoint
|
8
8
|
|
9
9
|
request_path 'fog/aws/requests/cloud_watch'
|
10
10
|
|
data/lib/fog/aws/compute.rb
CHANGED
@@ -6,7 +6,7 @@ module Fog
|
|
6
6
|
class RequestLimitExceeded < Fog::Errors::Error; end
|
7
7
|
|
8
8
|
requires :aws_access_key_id, :aws_secret_access_key
|
9
|
-
recognizes :endpoint, :region, :host, :path, :port, :scheme, :persistent, :aws_session_token, :use_iam_profile, :aws_credentials_expire_at, :instrumentor, :instrumentor_name, :version, :retry_request_limit_exceeded, :retry_jitter_magnitude
|
9
|
+
recognizes :endpoint, :region, :host, :path, :port, :scheme, :persistent, :aws_session_token, :use_iam_profile, :aws_credentials_expire_at, :instrumentor, :instrumentor_name, :version, :retry_request_limit_exceeded, :retry_jitter_magnitude, :sts_endpoint
|
10
10
|
|
11
11
|
secrets :aws_secret_access_key, :hmac, :aws_session_token
|
12
12
|
|
@@ -40,6 +40,7 @@ module Fog
|
|
40
40
|
:RoleArn => options[:role_arn] || ENV.fetch("AWS_ROLE_ARN"),
|
41
41
|
:RoleSessionName => options[:role_session_name] || ENV["AWS_ROLE_SESSION_NAME"] || "fog-aws-#{SecureRandom.hex}",
|
42
42
|
:WebIdentityToken => File.read(options[:aws_web_identity_token_file] || ENV.fetch("AWS_WEB_IDENTITY_TOKEN_FILE")),
|
43
|
+
:DurationSeconds => options[:duration] || 3600,
|
43
44
|
:Version => "2011-06-15",
|
44
45
|
}
|
45
46
|
|
@@ -123,10 +124,17 @@ module Fog
|
|
123
124
|
|
124
125
|
private
|
125
126
|
|
127
|
+
# When defined, 'aws_credentials_refresh_threshold_seconds' controls
|
128
|
+
# when the credential needs to be refreshed, expressed in seconds before
|
129
|
+
# the current credential's expiration time
|
130
|
+
def credentials_refresh_threshold
|
131
|
+
@aws_credentials_refresh_threshold_seconds || 15
|
132
|
+
end
|
133
|
+
|
126
134
|
def credentials_expired?
|
127
135
|
@use_iam_profile &&
|
128
136
|
(!@aws_credentials_expire_at ||
|
129
|
-
(@aws_credentials_expire_at && Fog::Time.now > @aws_credentials_expire_at -
|
137
|
+
(@aws_credentials_expire_at && Fog::Time.now > @aws_credentials_expire_at - credentials_refresh_threshold)) #new credentials become available from around 5 minutes before expiration time
|
130
138
|
end
|
131
139
|
|
132
140
|
def refresh_credentials
|
@@ -4,7 +4,7 @@ module Fog
|
|
4
4
|
extend Fog::AWS::CredentialFetcher::ServiceMethods
|
5
5
|
|
6
6
|
requires :aws_access_key_id, :aws_secret_access_key
|
7
|
-
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name
|
7
|
+
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name, :sts_endpoint
|
8
8
|
|
9
9
|
request_path 'fog/aws/requests/data_pipeline'
|
10
10
|
request :activate_pipeline
|
data/lib/fog/aws/dns.rb
CHANGED
@@ -4,7 +4,7 @@ module Fog
|
|
4
4
|
extend Fog::AWS::CredentialFetcher::ServiceMethods
|
5
5
|
|
6
6
|
requires :aws_access_key_id, :aws_secret_access_key
|
7
|
-
recognizes :host, :path, :port, :scheme, :version, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name
|
7
|
+
recognizes :host, :path, :port, :scheme, :version, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name, :region, :sts_endpoint
|
8
8
|
|
9
9
|
model_path 'fog/aws/models/dns'
|
10
10
|
model :record
|
data/lib/fog/aws/dynamodb.rb
CHANGED
@@ -4,7 +4,7 @@ module Fog
|
|
4
4
|
extend Fog::AWS::CredentialFetcher::ServiceMethods
|
5
5
|
|
6
6
|
requires :aws_access_key_id, :aws_secret_access_key
|
7
|
-
recognizes :aws_session_token, :host, :path, :port, :scheme, :persistent, :region, :use_iam_profile, :aws_credentials_expire_at, :instrumentor, :instrumentor_name
|
7
|
+
recognizes :aws_session_token, :host, :path, :port, :scheme, :persistent, :region, :use_iam_profile, :aws_credentials_expire_at, :instrumentor, :instrumentor_name, :sts_endpoint
|
8
8
|
|
9
9
|
request_path 'fog/aws/requests/dynamodb'
|
10
10
|
request :batch_get_item
|
data/lib/fog/aws/ecs.rb
CHANGED
@@ -3,7 +3,7 @@ module Fog
|
|
3
3
|
class ECS < Fog::Service
|
4
4
|
|
5
5
|
requires :aws_access_key_id, :aws_secret_access_key
|
6
|
-
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :version, :instrumentor, :instrumentor_name
|
6
|
+
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :version, :instrumentor, :instrumentor_name,:sts_endpoint
|
7
7
|
|
8
8
|
request_path 'fog/aws/requests/ecs'
|
9
9
|
request :list_clusters
|
data/lib/fog/aws/elasticache.rb
CHANGED
@@ -8,7 +8,7 @@ module Fog
|
|
8
8
|
class AuthorizationAlreadyExists < Fog::Errors::Error; end
|
9
9
|
|
10
10
|
requires :aws_access_key_id, :aws_secret_access_key
|
11
|
-
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name
|
11
|
+
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name, :sts_endpoint
|
12
12
|
|
13
13
|
request_path 'fog/aws/requests/elasticache'
|
14
14
|
|
data/lib/fog/aws/elb.rb
CHANGED
@@ -14,7 +14,7 @@ module Fog
|
|
14
14
|
class ValidationError < Fog::Errors::Error; end
|
15
15
|
|
16
16
|
requires :aws_access_key_id, :aws_secret_access_key
|
17
|
-
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :version, :instrumentor, :instrumentor_name
|
17
|
+
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :version, :instrumentor, :instrumentor_name,:sts_endpoint
|
18
18
|
|
19
19
|
request_path 'fog/aws/requests/elb'
|
20
20
|
request :configure_health_check
|
data/lib/fog/aws/elbv2.rb
CHANGED
@@ -2,7 +2,7 @@ module Fog
|
|
2
2
|
module AWS
|
3
3
|
class ELBV2 < ELB
|
4
4
|
requires :aws_access_key_id, :aws_secret_access_key
|
5
|
-
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :version, :instrumentor, :instrumentor_name
|
5
|
+
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :version, :instrumentor, :instrumentor_name,:sts_endpoint
|
6
6
|
|
7
7
|
request_path 'fog/aws/requests/elbv2'
|
8
8
|
request :add_tags
|
data/lib/fog/aws/emr.rb
CHANGED
@@ -6,7 +6,7 @@ module Fog
|
|
6
6
|
class IdentifierTaken < Fog::Errors::Error; end
|
7
7
|
|
8
8
|
requires :aws_access_key_id, :aws_secret_access_key
|
9
|
-
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name
|
9
|
+
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name, :sts_endpoint
|
10
10
|
|
11
11
|
request_path 'fog/aws/requests/emr'
|
12
12
|
|
data/lib/fog/aws/glacier.rb
CHANGED
@@ -4,7 +4,7 @@ module Fog
|
|
4
4
|
extend Fog::AWS::CredentialFetcher::ServiceMethods
|
5
5
|
|
6
6
|
requires :aws_access_key_id, :aws_secret_access_key
|
7
|
-
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name
|
7
|
+
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name, :sts_endpoint
|
8
8
|
|
9
9
|
request_path 'fog/aws/requests/glacier'
|
10
10
|
|
data/lib/fog/aws/iam.rb
CHANGED
@@ -10,7 +10,7 @@ module Fog
|
|
10
10
|
class ValidationError < Fog::AWS::IAM::Error; end
|
11
11
|
|
12
12
|
requires :aws_access_key_id, :aws_secret_access_key
|
13
|
-
recognizes :host, :path, :port, :scheme, :persistent, :instrumentor, :instrumentor_name, :aws_session_token, :use_iam_profile, :aws_credentials_expire_at, :region
|
13
|
+
recognizes :host, :path, :port, :scheme, :persistent, :instrumentor, :instrumentor_name, :aws_session_token, :use_iam_profile, :aws_credentials_expire_at, :region, :sts_endpoint
|
14
14
|
|
15
15
|
request_path 'fog/aws/requests/iam'
|
16
16
|
request :add_user_to_group
|
data/lib/fog/aws/kinesis.rb
CHANGED
@@ -12,7 +12,7 @@ module Fog
|
|
12
12
|
class ProvisionedThroughputExceeded < Fog::Errors::Error; end
|
13
13
|
|
14
14
|
requires :aws_access_key_id, :aws_secret_access_key
|
15
|
-
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name
|
15
|
+
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :instrumentor, :instrumentor_name, :sts_endpoint
|
16
16
|
|
17
17
|
request_path 'fog/aws/requests/kinesis'
|
18
18
|
|
data/lib/fog/aws/kms.rb
CHANGED
@@ -14,7 +14,7 @@ module Fog
|
|
14
14
|
NotFoundException = Class.new(Fog::Errors::Error)
|
15
15
|
|
16
16
|
requires :aws_access_key_id, :aws_secret_access_key
|
17
|
-
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :instrumentor, :instrumentor_name
|
17
|
+
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :instrumentor, :instrumentor_name, :aws_credentials_expire_at, :sts_endpoint
|
18
18
|
|
19
19
|
request_path 'fog/aws/requests/kms'
|
20
20
|
request :list_keys
|
data/lib/fog/aws/lambda.rb
CHANGED
@@ -4,7 +4,7 @@ module Fog
|
|
4
4
|
extend Fog::AWS::CredentialFetcher::ServiceMethods
|
5
5
|
|
6
6
|
requires :aws_access_key_id, :aws_secret_access_key
|
7
|
-
recognizes :host, :path, :port, :scheme, :persistent, :region, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :version, :instrumentor, :instrumentor_name
|
7
|
+
recognizes :host, :path, :port, :scheme, :persistent, :region, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :version, :instrumentor, :instrumentor_name, :sts_endpoint
|
8
8
|
|
9
9
|
request_path 'fog/aws/requests/lambda'
|
10
10
|
request :create_function
|