WIP update aws sdk

Author: cat5inthecradle

.ruby-version

@@ -0,0 +1 @@
+3.0.5

README.md

@@ -24,9 +24,14 @@ Or install it yourself as:
 Visit the [Google API Console](https://console.developers.google.com/) to create/obtain [OAuth 2.0 Client ID credentials](https://support.google.com/cloud/answer/6158849) (client ID and client secret) for an application in your Google account.
 
 ### Create an AWS IAM Role
-Create an AWS IAM Role with the desired IAM policies attached, and a ['trust policy'](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#term_trust-policy) ([`AssumeRolePolicyDocument`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html)) allowing the [`sts:AssumeRoleWithWebIdentity`](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html) action with [Web Identity Federation condition keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif) authorizing
+Create an AWS IAM Role with the desired IAM policies attached, and a ['trust policy'][1] ([`AssumeRolePolicyDocument`][2]) allowing the [`sts:AssumeRoleWithWebIdentity`][3] action with [Web Identity Federation condition keys][4] authorizing
 your Google Client ID (`accounts.google.com:aud`) and a specific set of Google Account IDs (`accounts.google.com:sub`):
 
+[1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#term_trust-policy "IAM Trust Policy"
+[2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html "Create Role API"
+[3]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html "Assume Role With Identity API"
+[4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif "IAM Condition Keys"
+
 ```json
 {
   "Version": "2012-10-17",
@@ -53,6 +58,7 @@ your Google Client ID (`accounts.google.com:aud`) and a specific set of Google A
 
 ### Method 1: `Aws::Google`
 In your Ruby code, construct an `Aws::Google` object by passing the AWS `role_arn`, Google `client_id` and `client_secret`, either as constructor arguments or via the `Aws::Google.config` global defaults:
+
 ```ruby
 require 'aws/google'
 

aws-google.gemspec

@@ -1,8 +1,9 @@
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'aws/google/version'
 
 Gem::Specification.new do |spec|
+  spec.required_ruby_version = '>= 3.0.5'
   spec.name          = 'aws-google'
   spec.version       = Aws::Google::VERSION
   spec.authors       = ['Will Jordan']
@@ -21,14 +22,14 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'aws-sdk-core', '~> 3.130'
+  spec.add_dependency 'aws-sdk-core', '~> 3.201'
   spec.add_dependency 'google-apis-core'
   spec.add_dependency 'launchy', '~> 2'
 
-  spec.add_development_dependency 'activesupport', '~> 5'
-  spec.add_development_dependency 'minitest', '~> 5.14.2'
-  spec.add_development_dependency 'mocha', '~> 1.5'
-  spec.add_development_dependency 'rake', '~> 12'
+  spec.add_development_dependency 'activesupport', '~> 6.1.7.8'
+  spec.add_development_dependency 'minitest', '~> 5.25.1'
+  spec.add_development_dependency 'mocha', '~> 2.4'
+  spec.add_development_dependency 'rake', '~> 13'
   spec.add_development_dependency 'timecop', '~> 0.8'
-  spec.add_development_dependency 'webmock', '~> 3.3'
+  spec.add_development_dependency 'webmock', '~> 3'
 end

lib/aws/google/cached_credentials.rb

@@ -35,10 +35,18 @@ def refresh_if_near_expiration
 
       # Write credentials and expiration to AWS credentials file.
       def write_credentials
-        # AWS CLI is needed because writing AWS credentials is not supported by the AWS Ruby SDK.
+        # Ensure the AWS CLI is available before attempting to write credentials.
         return unless system('which aws >/dev/null 2>&1')
-        Aws::SharedCredentials::KEY_MAP.transform_values(&@credentials.method(:send)).
-          merge(expiration: @expiration).each do |key, value|
+
+        # Manually map the credentials to the keys used by AWS CLI
+        credentials_map = {
+          'aws_access_key_id' => @credentials.access_key_id,
+          'aws_secret_access_key' => @credentials.secret_access_key,
+          'aws_session_token' => @credentials.session_token
+        }
+
+        # Use the AWS CLI to set the credentials in the session profile
+        credentials_map.each do |key, value|
           system("aws configure set #{key} #{value} --profile #{@session_profile}")
         end
       end

test/aws/google_test.rb

@@ -72,7 +72,7 @@
 
     it 'creates credentials from a Google auth token' do
       @oauth_default.once
-      system.times(5)
+      system.times(4)
 
       c = Aws::Google.new(config).credentials
       _(c.credentials.access_key_id).must_equal credentials[:access_key_id]
@@ -83,12 +83,12 @@
     it 'refreshes expired Google auth token credentials' do
       m = mock
       m.stubs(:refresh!)
-      m.stubs(:id_token).
-        returns(JWT.encode({ email: 'email', exp: Time.now.to_i - 1 }, '')).
-        then.returns(JWT.encode({ email: 'email' }, ''))
+      m.stubs(:id_token)
+       .returns(JWT.encode({ email: 'email', exp: Time.now.to_i - 1 }, ''))
+       .then.returns(JWT.encode({ email: 'email' }, ''))
       Google::Auth.stubs(:get_application_default).returns(m)
 
-      system.times(5)
+      system.times(4)
 
       c = Aws::Google.new(config).credentials
       _(c.credentials.access_key_id).must_equal credentials[:access_key_id]
@@ -115,7 +115,7 @@
     it 'refreshes saved expired credentials' do
       config[:profile] = 'cdo-expired'
       @oauth_default.once
-      system.times(5)
+      system.times(4)
       Aws::Google.new(config).credentials
     end
 
@@ -124,11 +124,11 @@
       Aws::Google.any_instance.expects(:refresh).never
       Aws::Google.new(config).credentials
     end
-    
+
     it 'uses config defaults for new AWS clients' do
       Aws::Google.stubs(:config).returns(config)
       @oauth_default.once
-      system.times(5)
+      system.times(4)
       c = Aws::STS::Client.new.config.credentials
       _(c.credentials.access_key_id).must_equal credentials[:access_key_id]
       _(c.credentials.secret_access_key).must_equal credentials[:secret_access_key]
@@ -147,7 +147,7 @@
       end
 
       it 'retries Google auth when invalid credentials are provided' do
-        system.times(5)
+        system.times(4)
         @oauth_default.once
         Aws::Google.any_instance.expects(:google_oauth).returns(oauth)
         Aws::Google.new(config).credentials
@@ -198,13 +198,13 @@
       end
 
       it 'refreshes Google auth token when expired' do
-        system.times(5)
+        system.times(4)
         @oauth_default.once
         Aws::Google.any_instance.expects(:google_oauth).returns(oauth).once
         Aws::Google.new(config).credentials
       end
     end
-    
+
     describe 'no shared config' do
       before do
         Aws.shared_config.fresh(
@@ -218,7 +218,7 @@
         Aws::Google.stubs(:config).returns(config)
 
         @oauth_default.once
-        system.times(5)
+        system.times(4)
 
         c = Aws::STS::Client.new(region: 'us-east-1').config.credentials
         _(c.credentials.access_key_id).must_equal credentials[:access_key_id]