aws-sdk-core 3.0.0 → 3.129.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +1287 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -1
- data/ca-bundle.crt +3615 -3541
- data/lib/aws-defaults/default_configuration.rb +153 -0
- data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
- data/lib/aws-defaults.rb +3 -0
- data/lib/aws-sdk-core/arn.rb +92 -0
- data/lib/aws-sdk-core/arn_parser.rb +40 -0
- data/lib/aws-sdk-core/assume_role_credentials.rb +20 -0
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +109 -0
- data/lib/aws-sdk-core/async_client_stubs.rb +82 -0
- data/lib/aws-sdk-core/binary/decode_handler.rb +58 -0
- data/lib/aws-sdk-core/binary/encode_handler.rb +34 -0
- data/lib/aws-sdk-core/binary/event_builder.rb +124 -0
- data/lib/aws-sdk-core/binary/event_parser.rb +136 -0
- data/lib/aws-sdk-core/binary/event_stream_decoder.rb +64 -0
- data/lib/aws-sdk-core/binary/event_stream_encoder.rb +55 -0
- data/lib/aws-sdk-core/binary.rb +8 -0
- data/lib/aws-sdk-core/client_side_monitoring/publisher.rb +51 -0
- data/lib/aws-sdk-core/client_side_monitoring/request_metrics.rb +199 -0
- data/lib/aws-sdk-core/client_stubs.rb +55 -10
- data/lib/aws-sdk-core/credential_provider.rb +1 -30
- data/lib/aws-sdk-core/credential_provider_chain.rb +111 -33
- data/lib/aws-sdk-core/credentials.rb +2 -0
- data/lib/aws-sdk-core/deprecations.rb +17 -11
- data/lib/aws-sdk-core/eager_loader.rb +2 -0
- data/lib/aws-sdk-core/ec2_metadata.rb +238 -0
- data/lib/aws-sdk-core/ecs_credentials.rb +20 -11
- data/lib/aws-sdk-core/endpoint_cache.rb +193 -0
- data/lib/aws-sdk-core/errors.rb +210 -12
- data/lib/aws-sdk-core/event_emitter.rb +64 -0
- data/lib/aws-sdk-core/ini_parser.rb +2 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +237 -45
- data/lib/aws-sdk-core/json/builder.rb +6 -2
- data/lib/aws-sdk-core/json/error_handler.rb +21 -2
- data/lib/aws-sdk-core/json/handler.rb +21 -1
- data/lib/aws-sdk-core/json/json_engine.rb +12 -8
- data/lib/aws-sdk-core/json/oj_engine.rb +35 -6
- data/lib/aws-sdk-core/json/parser.rb +10 -0
- data/lib/aws-sdk-core/json.rb +11 -28
- data/lib/aws-sdk-core/log/formatter.rb +16 -4
- data/lib/aws-sdk-core/log/handler.rb +2 -0
- data/lib/aws-sdk-core/log/param_filter.rb +38 -13
- data/lib/aws-sdk-core/log/param_formatter.rb +2 -0
- data/lib/aws-sdk-core/pageable_response.rb +111 -47
- data/lib/aws-sdk-core/pager.rb +5 -0
- data/lib/aws-sdk-core/param_converter.rb +2 -0
- data/lib/aws-sdk-core/param_validator.rb +99 -22
- data/lib/aws-sdk-core/plugins/api_key.rb +56 -0
- data/lib/aws-sdk-core/plugins/apig_authorizer_token.rb +32 -0
- data/lib/aws-sdk-core/plugins/apig_credentials_configuration.rb +36 -0
- data/lib/aws-sdk-core/plugins/apig_user_agent.rb +39 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
- data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +283 -0
- data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +86 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +26 -7
- data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +168 -0
- data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +65 -0
- data/lib/aws-sdk-core/plugins/event_stream_configuration.rb +32 -0
- data/lib/aws-sdk-core/plugins/global_configuration.rb +2 -0
- data/lib/aws-sdk-core/plugins/helpful_socket_errors.rb +2 -0
- data/lib/aws-sdk-core/plugins/http_checksum.rb +64 -0
- data/lib/aws-sdk-core/plugins/idempotency_token.rb +2 -0
- data/lib/aws-sdk-core/plugins/invocation_id.rb +35 -0
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +2 -0
- data/lib/aws-sdk-core/plugins/logging.rb +2 -0
- data/lib/aws-sdk-core/plugins/param_converter.rb +2 -0
- data/lib/aws-sdk-core/plugins/param_validator.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +29 -0
- data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/query.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +18 -1
- data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +2 -0
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +27 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +76 -16
- data/lib/aws-sdk-core/plugins/response_paging.rb +3 -1
- data/lib/aws-sdk-core/plugins/retries/client_rate_limiter.rb +139 -0
- data/lib/aws-sdk-core/plugins/retries/clock_skew.rb +100 -0
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +146 -0
- data/lib/aws-sdk-core/plugins/retries/retry_quota.rb +59 -0
- data/lib/aws-sdk-core/plugins/retry_errors.rb +334 -78
- data/lib/aws-sdk-core/plugins/signature_v2.rb +2 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +33 -28
- data/lib/aws-sdk-core/plugins/stub_responses.rb +31 -7
- data/lib/aws-sdk-core/plugins/transfer_encoding.rb +53 -0
- data/lib/aws-sdk-core/plugins/user_agent.rb +9 -5
- data/lib/aws-sdk-core/process_credentials.rb +81 -0
- data/lib/aws-sdk-core/query/ec2_param_builder.rb +11 -3
- data/lib/aws-sdk-core/query/handler.rb +8 -1
- data/lib/aws-sdk-core/query/param.rb +2 -0
- data/lib/aws-sdk-core/query/param_builder.rb +11 -3
- data/lib/aws-sdk-core/query/param_list.rb +2 -0
- data/lib/aws-sdk-core/query.rb +2 -0
- data/lib/aws-sdk-core/refreshing_credentials.rb +16 -3
- data/lib/aws-sdk-core/resources/collection.rb +7 -5
- data/lib/aws-sdk-core/rest/handler.rb +2 -0
- data/lib/aws-sdk-core/rest/request/body.rb +21 -1
- data/lib/aws-sdk-core/rest/request/builder.rb +4 -1
- data/lib/aws-sdk-core/rest/request/endpoint.rb +13 -6
- data/lib/aws-sdk-core/rest/request/headers.rb +30 -6
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +17 -2
- data/lib/aws-sdk-core/rest/response/body.rb +16 -1
- data/lib/aws-sdk-core/rest/response/headers.rb +8 -3
- data/lib/aws-sdk-core/rest/response/parser.rb +7 -1
- data/lib/aws-sdk-core/rest/response/status_code.rb +2 -0
- data/lib/aws-sdk-core/rest.rb +2 -0
- data/lib/aws-sdk-core/shared_config.rb +204 -68
- data/lib/aws-sdk-core/shared_credentials.rb +9 -1
- data/lib/aws-sdk-core/sso_credentials.rb +136 -0
- data/lib/aws-sdk-core/structure.rb +18 -3
- data/lib/aws-sdk-core/stubbing/data_applicator.rb +2 -0
- data/lib/aws-sdk-core/stubbing/empty_stub.rb +6 -1
- data/lib/aws-sdk-core/stubbing/protocols/api_gateway.rb +10 -0
- data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +2 -0
- data/lib/aws-sdk-core/stubbing/protocols/json.rb +3 -1
- data/lib/aws-sdk-core/stubbing/protocols/query.rb +4 -2
- data/lib/aws-sdk-core/stubbing/protocols/rest.rb +120 -2
- data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +8 -2
- data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +11 -7
- data/lib/aws-sdk-core/stubbing/stub_data.rb +15 -4
- data/lib/aws-sdk-core/stubbing/xml_error.rb +2 -0
- data/lib/aws-sdk-core/type_builder.rb +2 -0
- data/lib/aws-sdk-core/util.rb +34 -1
- data/lib/aws-sdk-core/waiters/errors.rb +2 -0
- data/lib/aws-sdk-core/waiters/poller.rb +2 -0
- data/lib/aws-sdk-core/waiters/waiter.rb +4 -2
- data/lib/aws-sdk-core/waiters.rb +2 -0
- data/lib/aws-sdk-core/xml/builder.rb +14 -6
- data/lib/aws-sdk-core/xml/default_list.rb +2 -0
- data/lib/aws-sdk-core/xml/default_map.rb +2 -0
- data/lib/aws-sdk-core/xml/doc_builder.rb +15 -4
- data/lib/aws-sdk-core/xml/error_handler.rb +29 -4
- data/lib/aws-sdk-core/xml/parser/engines/libxml.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/nokogiri.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/ox.rb +3 -1
- data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +4 -1
- data/lib/aws-sdk-core/xml/parser/frame.rb +30 -5
- data/lib/aws-sdk-core/xml/parser/parsing_error.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
- data/lib/aws-sdk-core/xml/parser.rb +7 -0
- data/lib/aws-sdk-core/xml.rb +2 -0
- data/lib/aws-sdk-core.rb +39 -5
- data/lib/aws-sdk-sso/client.rb +570 -0
- data/lib/aws-sdk-sso/client_api.rb +190 -0
- data/lib/aws-sdk-sso/customizations.rb +1 -0
- data/lib/aws-sdk-sso/errors.rb +102 -0
- data/lib/aws-sdk-sso/resource.rb +26 -0
- data/lib/aws-sdk-sso/types.rb +352 -0
- data/lib/aws-sdk-sso.rb +55 -0
- data/lib/aws-sdk-sts/client.rb +1474 -598
- data/lib/aws-sdk-sts/client_api.rb +81 -1
- data/lib/aws-sdk-sts/customizations.rb +4 -0
- data/lib/aws-sdk-sts/errors.rb +153 -1
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +38 -0
- data/lib/aws-sdk-sts/presigner.rb +75 -0
- data/lib/aws-sdk-sts/resource.rb +4 -1
- data/lib/aws-sdk-sts/types.rb +1005 -251
- data/lib/aws-sdk-sts.rb +16 -6
- data/lib/seahorse/client/async_base.rb +52 -0
- data/lib/seahorse/client/async_response.rb +64 -0
- data/lib/seahorse/client/base.rb +7 -2
- data/lib/seahorse/client/block_io.rb +6 -2
- data/lib/seahorse/client/configuration.rb +16 -2
- data/lib/seahorse/client/events.rb +3 -1
- data/lib/seahorse/client/h2/connection.rb +250 -0
- data/lib/seahorse/client/h2/handler.rb +152 -0
- data/lib/seahorse/client/handler.rb +2 -0
- data/lib/seahorse/client/handler_builder.rb +2 -0
- data/lib/seahorse/client/handler_list.rb +2 -0
- data/lib/seahorse/client/handler_list_entry.rb +6 -4
- data/lib/seahorse/client/http/async_response.rb +44 -0
- data/lib/seahorse/client/http/headers.rb +2 -0
- data/lib/seahorse/client/http/request.rb +5 -3
- data/lib/seahorse/client/http/response.rb +18 -11
- data/lib/seahorse/client/logging/formatter.rb +6 -2
- data/lib/seahorse/client/logging/handler.rb +2 -0
- data/lib/seahorse/client/managed_file.rb +2 -0
- data/lib/seahorse/client/net_http/connection_pool.rb +43 -27
- data/lib/seahorse/client/net_http/handler.rb +27 -7
- data/lib/seahorse/client/net_http/patches.rb +17 -79
- data/lib/seahorse/client/networking_error.rb +30 -0
- data/lib/seahorse/client/plugin.rb +10 -7
- data/lib/seahorse/client/plugin_list.rb +2 -0
- data/lib/seahorse/client/plugins/content_length.rb +14 -3
- data/lib/seahorse/client/plugins/endpoint.rb +4 -2
- data/lib/seahorse/client/plugins/h2.rb +69 -0
- data/lib/seahorse/client/plugins/logging.rb +2 -0
- data/lib/seahorse/client/plugins/net_http.rb +39 -3
- data/lib/seahorse/client/plugins/operation_methods.rb +2 -0
- data/lib/seahorse/client/plugins/raise_response_errors.rb +2 -0
- data/lib/seahorse/client/plugins/request_callback.rb +110 -0
- data/lib/seahorse/client/plugins/response_target.rb +26 -10
- data/lib/seahorse/client/request.rb +2 -0
- data/lib/seahorse/client/request_context.rb +7 -0
- data/lib/seahorse/client/response.rb +5 -5
- data/lib/seahorse/model/api.rb +39 -0
- data/lib/seahorse/model/authorizer.rb +23 -0
- data/lib/seahorse/model/operation.rb +28 -0
- data/lib/seahorse/model/shapes.rb +53 -0
- data/lib/seahorse/util.rb +9 -2
- data/lib/seahorse/version.rb +2 -0
- data/lib/seahorse.rb +13 -0
- metadata +99 -12
- data/lib/aws-sdk-core/version.rb +0 -3
|
@@ -1,16 +1,22 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
2
3
|
require 'time'
|
|
3
4
|
require 'net/http'
|
|
4
5
|
|
|
5
6
|
module Aws
|
|
6
7
|
class InstanceProfileCredentials
|
|
7
|
-
|
|
8
8
|
include CredentialProvider
|
|
9
9
|
include RefreshingCredentials
|
|
10
10
|
|
|
11
11
|
# @api private
|
|
12
12
|
class Non200Response < RuntimeError; end
|
|
13
13
|
|
|
14
|
+
# @api private
|
|
15
|
+
class TokenRetrivalError < RuntimeError; end
|
|
16
|
+
|
|
17
|
+
# @api private
|
|
18
|
+
class TokenExpiredError < RuntimeError; end
|
|
19
|
+
|
|
14
20
|
# These are the errors we trap when attempting to talk to the
|
|
15
21
|
# instance metadata service. Any of these imply the service
|
|
16
22
|
# is not present, no responding or some other non-recoverable
|
|
@@ -23,16 +29,30 @@ module Aws
|
|
|
23
29
|
Errno::ENETUNREACH,
|
|
24
30
|
SocketError,
|
|
25
31
|
Timeout::Error,
|
|
26
|
-
Non200Response
|
|
27
|
-
]
|
|
32
|
+
Non200Response
|
|
33
|
+
].freeze
|
|
34
|
+
|
|
35
|
+
# Path base for GET request for profile and credentials
|
|
36
|
+
# @api private
|
|
37
|
+
METADATA_PATH_BASE = '/latest/meta-data/iam/security-credentials/'.freeze
|
|
38
|
+
|
|
39
|
+
# Path for PUT request for token
|
|
40
|
+
# @api private
|
|
41
|
+
METADATA_TOKEN_PATH = '/latest/api/token'.freeze
|
|
28
42
|
|
|
29
43
|
# @param [Hash] options
|
|
30
|
-
# @option options [Integer] :retries (
|
|
44
|
+
# @option options [Integer] :retries (1) Number of times to retry
|
|
31
45
|
# when retrieving credentials.
|
|
32
|
-
# @option options [String] :
|
|
46
|
+
# @option options [String] :endpoint ('http://169.254.169.254') The IMDS
|
|
47
|
+
# endpoint. This option has precedence over the :endpoint_mode.
|
|
48
|
+
# @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
|
|
49
|
+
# the instance metadata service. This is either 'IPv4' ('169.254.169.254')
|
|
50
|
+
# or 'IPv6' ('[fd00:ec2::254]').
|
|
51
|
+
# @option options [String] :ip_address ('169.254.169.254') Deprecated. Use
|
|
52
|
+
# :endpoint instead. The IP address for the endpoint.
|
|
33
53
|
# @option options [Integer] :port (80)
|
|
34
|
-
# @option options [Float] :http_open_timeout (
|
|
35
|
-
# @option options [Float] :http_read_timeout (
|
|
54
|
+
# @option options [Float] :http_open_timeout (1)
|
|
55
|
+
# @option options [Float] :http_read_timeout (1)
|
|
36
56
|
# @option options [Numeric, Proc] :delay By default, failures are retried
|
|
37
57
|
# with exponential back-off, i.e. `sleep(1.2 ** num_failures)`. You can
|
|
38
58
|
# pass a number of seconds to sleep between failed attempts, or
|
|
@@ -40,64 +60,178 @@ module Aws
|
|
|
40
60
|
# @option options [IO] :http_debug_output (nil) HTTP wire
|
|
41
61
|
# traces are sent to this object. You can specify something
|
|
42
62
|
# like $stdout.
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
63
|
+
# @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
|
|
64
|
+
# Metadata Token used for fetching Metadata Profile Credentials, defaults
|
|
65
|
+
# to 21600 seconds
|
|
66
|
+
# @option options [Callable] before_refresh Proc called before
|
|
67
|
+
# credentials are refreshed. `before_refresh` is called
|
|
68
|
+
# with an instance of this object when
|
|
69
|
+
# AWS credentials are required and need to be refreshed.
|
|
70
|
+
def initialize(options = {})
|
|
71
|
+
@retries = options[:retries] || 1
|
|
72
|
+
endpoint_mode = resolve_endpoint_mode(options)
|
|
73
|
+
@endpoint = resolve_endpoint(options, endpoint_mode)
|
|
46
74
|
@port = options[:port] || 80
|
|
47
|
-
@http_open_timeout = options[:http_open_timeout] ||
|
|
48
|
-
@http_read_timeout = options[:http_read_timeout] ||
|
|
75
|
+
@http_open_timeout = options[:http_open_timeout] || 1
|
|
76
|
+
@http_read_timeout = options[:http_read_timeout] || 1
|
|
49
77
|
@http_debug_output = options[:http_debug_output]
|
|
50
78
|
@backoff = backoff(options[:backoff])
|
|
79
|
+
@token_ttl = options[:token_ttl] || 21_600
|
|
80
|
+
@token = nil
|
|
81
|
+
@no_refresh_until = nil
|
|
51
82
|
super
|
|
52
83
|
end
|
|
53
84
|
|
|
54
|
-
# @return [Integer]
|
|
55
|
-
#
|
|
85
|
+
# @return [Integer] Number of times to retry when retrieving credentials
|
|
86
|
+
# from the instance metadata service. Defaults to 0 when resolving from
|
|
87
|
+
# the default credential chain ({Aws::CredentialProviderChain}).
|
|
56
88
|
attr_reader :retries
|
|
57
89
|
|
|
58
90
|
private
|
|
59
91
|
|
|
92
|
+
def resolve_endpoint_mode(options)
|
|
93
|
+
value = options[:endpoint_mode]
|
|
94
|
+
value ||= ENV['AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE']
|
|
95
|
+
value ||= Aws.shared_config.ec2_metadata_service_endpoint_mode(
|
|
96
|
+
profile: options[:profile]
|
|
97
|
+
)
|
|
98
|
+
value || 'IPv4'
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
def resolve_endpoint(options, endpoint_mode)
|
|
102
|
+
value = options[:endpoint] || options[:ip_address]
|
|
103
|
+
value ||= ENV['AWS_EC2_METADATA_SERVICE_ENDPOINT']
|
|
104
|
+
value ||= Aws.shared_config.ec2_metadata_service_endpoint(
|
|
105
|
+
profile: options[:profile]
|
|
106
|
+
)
|
|
107
|
+
|
|
108
|
+
return value if value
|
|
109
|
+
|
|
110
|
+
case endpoint_mode.downcase
|
|
111
|
+
when 'ipv4' then 'http://169.254.169.254'
|
|
112
|
+
when 'ipv6' then 'http://[fd00:ec2::254]'
|
|
113
|
+
else
|
|
114
|
+
raise ArgumentError,
|
|
115
|
+
':endpoint_mode is not valid, expected IPv4 or IPv6, '\
|
|
116
|
+
"got: #{endpoint_mode}"
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
|
|
60
120
|
def backoff(backoff)
|
|
61
121
|
case backoff
|
|
62
122
|
when Proc then backoff
|
|
63
|
-
when Numeric then
|
|
64
|
-
else
|
|
123
|
+
when Numeric then ->(_) { sleep(backoff) }
|
|
124
|
+
else ->(num_failures) { Kernel.sleep(1.2**num_failures) }
|
|
65
125
|
end
|
|
66
126
|
end
|
|
67
127
|
|
|
68
128
|
def refresh
|
|
129
|
+
if @no_refresh_until && @no_refresh_until > Time.now
|
|
130
|
+
warn_expired_credentials
|
|
131
|
+
return
|
|
132
|
+
end
|
|
133
|
+
|
|
69
134
|
# Retry loading credentials up to 3 times is the instance metadata
|
|
70
135
|
# service is responding but is returning invalid JSON documents
|
|
71
136
|
# in response to the GET profile credentials call.
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
137
|
+
begin
|
|
138
|
+
retry_errors([Aws::Json::ParseError, StandardError], max_retries: 3) do
|
|
139
|
+
c = Aws::Json.load(get_credentials.to_s)
|
|
140
|
+
if empty_credentials?(@credentials)
|
|
141
|
+
@credentials = Credentials.new(
|
|
142
|
+
c['AccessKeyId'],
|
|
143
|
+
c['SecretAccessKey'],
|
|
144
|
+
c['Token']
|
|
145
|
+
)
|
|
146
|
+
@expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
|
|
147
|
+
if @expiration && @expiration < Time.now
|
|
148
|
+
@no_refresh_until = Time.now + refresh_offset
|
|
149
|
+
warn_expired_credentials
|
|
150
|
+
end
|
|
151
|
+
else
|
|
152
|
+
# credentials are already set, update them only if the new ones are not empty
|
|
153
|
+
if !c['AccessKeyId'] || c['AccessKeyId'].empty?
|
|
154
|
+
# error getting new credentials
|
|
155
|
+
@no_refresh_until = Time.now + refresh_offset
|
|
156
|
+
warn_expired_credentials
|
|
157
|
+
else
|
|
158
|
+
@credentials = Credentials.new(
|
|
159
|
+
c['AccessKeyId'],
|
|
160
|
+
c['SecretAccessKey'],
|
|
161
|
+
c['Token']
|
|
162
|
+
)
|
|
163
|
+
@expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
|
|
164
|
+
if @expiration && @expiration < Time.now
|
|
165
|
+
@no_refresh_until = Time.now + refresh_offset
|
|
166
|
+
warn_expired_credentials
|
|
167
|
+
end
|
|
168
|
+
end
|
|
169
|
+
end
|
|
170
|
+
|
|
171
|
+
end
|
|
172
|
+
rescue Aws::Json::ParseError
|
|
173
|
+
raise Aws::Errors::MetadataParserError
|
|
80
174
|
end
|
|
81
175
|
end
|
|
82
176
|
|
|
83
177
|
def get_credentials
|
|
84
178
|
# Retry loading credentials a configurable number of times if
|
|
85
179
|
# the instance metadata service is not responding.
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
180
|
+
if _metadata_disabled?
|
|
181
|
+
'{}'
|
|
182
|
+
else
|
|
183
|
+
begin
|
|
184
|
+
retry_errors(NETWORK_ERRORS, max_retries: @retries) do
|
|
185
|
+
open_connection do |conn|
|
|
186
|
+
# attempt to fetch token to start secure flow first
|
|
187
|
+
# and rescue to failover
|
|
188
|
+
begin
|
|
189
|
+
retry_errors(NETWORK_ERRORS, max_retries: @retries) do
|
|
190
|
+
unless token_set?
|
|
191
|
+
created_time = Time.now
|
|
192
|
+
token_value, ttl = http_put(
|
|
193
|
+
conn, METADATA_TOKEN_PATH, @token_ttl
|
|
194
|
+
)
|
|
195
|
+
@token = Token.new(token_value, ttl, created_time) if token_value && ttl
|
|
196
|
+
end
|
|
197
|
+
end
|
|
198
|
+
rescue *NETWORK_ERRORS
|
|
199
|
+
# token attempt failed, reset token
|
|
200
|
+
# fallback to non-token mode
|
|
201
|
+
@token = nil
|
|
202
|
+
end
|
|
203
|
+
|
|
204
|
+
token = @token.value if token_set?
|
|
205
|
+
|
|
206
|
+
begin
|
|
207
|
+
metadata = http_get(conn, METADATA_PATH_BASE, token)
|
|
208
|
+
profile_name = metadata.lines.first.strip
|
|
209
|
+
http_get(conn, METADATA_PATH_BASE + profile_name, token)
|
|
210
|
+
rescue TokenExpiredError
|
|
211
|
+
# Token has expired, reset it
|
|
212
|
+
# The next retry should fetch it
|
|
213
|
+
@token = nil
|
|
214
|
+
raise Non200Response
|
|
215
|
+
end
|
|
216
|
+
end
|
|
92
217
|
end
|
|
218
|
+
rescue
|
|
219
|
+
'{}'
|
|
93
220
|
end
|
|
94
|
-
rescue
|
|
95
|
-
'{}'
|
|
96
221
|
end
|
|
97
222
|
end
|
|
98
223
|
|
|
224
|
+
def token_set?
|
|
225
|
+
@token && !@token.expired?
|
|
226
|
+
end
|
|
227
|
+
|
|
228
|
+
def _metadata_disabled?
|
|
229
|
+
ENV.fetch('AWS_EC2_METADATA_DISABLED', 'false').downcase == 'true'
|
|
230
|
+
end
|
|
231
|
+
|
|
99
232
|
def open_connection
|
|
100
|
-
|
|
233
|
+
uri = URI.parse(@endpoint)
|
|
234
|
+
http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
|
|
101
235
|
http.open_timeout = @http_open_timeout
|
|
102
236
|
http.read_timeout = @http_read_timeout
|
|
103
237
|
http.set_debug_output(@http_debug_output) if @http_debug_output
|
|
@@ -105,30 +239,88 @@ module Aws
|
|
|
105
239
|
yield(http).tap { http.finish }
|
|
106
240
|
end
|
|
107
241
|
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
242
|
+
# GET request fetch profile and credentials
|
|
243
|
+
def http_get(connection, path, token = nil)
|
|
244
|
+
headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}" }
|
|
245
|
+
headers['x-aws-ec2-metadata-token'] = token if token
|
|
246
|
+
response = connection.request(Net::HTTP::Get.new(path, headers))
|
|
247
|
+
|
|
248
|
+
case response.code.to_i
|
|
249
|
+
when 200
|
|
111
250
|
response.body
|
|
251
|
+
when 401
|
|
252
|
+
raise TokenExpiredError
|
|
112
253
|
else
|
|
113
254
|
raise Non200Response
|
|
114
255
|
end
|
|
115
256
|
end
|
|
116
257
|
|
|
117
|
-
|
|
258
|
+
# PUT request fetch token with ttl
|
|
259
|
+
def http_put(connection, path, ttl)
|
|
260
|
+
headers = {
|
|
261
|
+
'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}",
|
|
262
|
+
'x-aws-ec2-metadata-token-ttl-seconds' => ttl.to_s
|
|
263
|
+
}
|
|
264
|
+
response = connection.request(Net::HTTP::Put.new(path, headers))
|
|
265
|
+
case response.code.to_i
|
|
266
|
+
when 200
|
|
267
|
+
[
|
|
268
|
+
response.body,
|
|
269
|
+
response.header['x-aws-ec2-metadata-token-ttl-seconds'].to_i
|
|
270
|
+
]
|
|
271
|
+
when 400
|
|
272
|
+
raise TokenRetrivalError
|
|
273
|
+
when 401
|
|
274
|
+
raise TokenExpiredError
|
|
275
|
+
else
|
|
276
|
+
raise Non200Response
|
|
277
|
+
end
|
|
278
|
+
end
|
|
279
|
+
|
|
280
|
+
def retry_errors(error_classes, options = {}, &_block)
|
|
118
281
|
max_retries = options[:max_retries]
|
|
119
282
|
retries = 0
|
|
120
283
|
begin
|
|
121
284
|
yield
|
|
122
285
|
rescue *error_classes
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
raise
|
|
129
|
-
end
|
|
286
|
+
raise unless retries < max_retries
|
|
287
|
+
|
|
288
|
+
@backoff.call(retries)
|
|
289
|
+
retries += 1
|
|
290
|
+
retry
|
|
130
291
|
end
|
|
131
292
|
end
|
|
132
293
|
|
|
294
|
+
def warn_expired_credentials
|
|
295
|
+
warn("Attempting credential expiration extension due to a credential "\
|
|
296
|
+
"service availability issue. A refresh of these credentials "\
|
|
297
|
+
"will be attempted again in 5 minutes.")
|
|
298
|
+
end
|
|
299
|
+
|
|
300
|
+
def empty_credentials?(creds)
|
|
301
|
+
!creds || !creds.access_key_id || creds.access_key_id.empty?
|
|
302
|
+
end
|
|
303
|
+
|
|
304
|
+
# Compute an offset for refresh with jitter
|
|
305
|
+
def refresh_offset
|
|
306
|
+
300 + rand(0..60)
|
|
307
|
+
end
|
|
308
|
+
|
|
309
|
+
# @api private
|
|
310
|
+
# Token used to fetch IMDS profile and credentials
|
|
311
|
+
class Token
|
|
312
|
+
def initialize(value, ttl, created_time = Time.now)
|
|
313
|
+
@ttl = ttl
|
|
314
|
+
@value = value
|
|
315
|
+
@created_time = created_time
|
|
316
|
+
end
|
|
317
|
+
|
|
318
|
+
# [String] token value
|
|
319
|
+
attr_reader :value
|
|
320
|
+
|
|
321
|
+
def expired?
|
|
322
|
+
Time.now - @created_time > @ttl
|
|
323
|
+
end
|
|
324
|
+
end
|
|
133
325
|
end
|
|
134
326
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'base64'
|
|
2
4
|
|
|
3
5
|
module Aws
|
|
@@ -56,9 +58,11 @@ module Aws
|
|
|
56
58
|
end
|
|
57
59
|
|
|
58
60
|
def timestamp(ref, value)
|
|
59
|
-
|
|
60
|
-
|
|
61
|
+
case ref['timestampFormat'] || ref.shape['timestampFormat']
|
|
62
|
+
when 'iso8601' then value.utc.iso8601
|
|
63
|
+
when 'rfc822' then value.utc.httpdate
|
|
61
64
|
else
|
|
65
|
+
# rest-json and jsonrpc default to unixTimestamp
|
|
62
66
|
value.to_i
|
|
63
67
|
end
|
|
64
68
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Aws
|
|
2
4
|
module Json
|
|
3
5
|
class ErrorHandler < Xml::ErrorHandler
|
|
@@ -17,9 +19,10 @@ module Aws
|
|
|
17
19
|
json = Json.load(body)
|
|
18
20
|
code = error_code(json, context)
|
|
19
21
|
message = error_message(code, json)
|
|
20
|
-
|
|
22
|
+
data = parse_error_data(context, code)
|
|
23
|
+
[code, message, data]
|
|
21
24
|
rescue Json::ParseError
|
|
22
|
-
[http_status_error_code(context), '']
|
|
25
|
+
[http_status_error_code(context), '', EmptyStructure.new]
|
|
23
26
|
end
|
|
24
27
|
|
|
25
28
|
def error_code(json, context)
|
|
@@ -41,6 +44,22 @@ module Aws
|
|
|
41
44
|
end
|
|
42
45
|
end
|
|
43
46
|
|
|
47
|
+
def parse_error_data(context, code)
|
|
48
|
+
data = EmptyStructure.new
|
|
49
|
+
if error_rules = context.operation.errors
|
|
50
|
+
error_rules.each do |rule|
|
|
51
|
+
# match modeled shape name with the type(code) only
|
|
52
|
+
# some type(code) might contains invalid characters
|
|
53
|
+
# such as ':' (efs) etc
|
|
54
|
+
match = rule.shape.name == code.gsub(/[^^a-zA-Z0-9]/, '')
|
|
55
|
+
if match && rule.shape.members.any?
|
|
56
|
+
data = Parser.new(rule).parse(context.http_response.body_contents)
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
data
|
|
61
|
+
end
|
|
62
|
+
|
|
44
63
|
end
|
|
45
64
|
end
|
|
46
65
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Aws
|
|
2
4
|
module Json
|
|
3
5
|
class Handler < Seahorse::Client::Handler
|
|
@@ -40,7 +42,25 @@ module Aws
|
|
|
40
42
|
Json.load(context.http_response.body_contents)
|
|
41
43
|
elsif rules = context.operation.output
|
|
42
44
|
json = context.http_response.body_contents
|
|
43
|
-
|
|
45
|
+
if json.is_a?(Array)
|
|
46
|
+
# an array of emitted events
|
|
47
|
+
if json[0].respond_to?(:response)
|
|
48
|
+
# initial response exists
|
|
49
|
+
# it must be the first event arrived
|
|
50
|
+
resp_struct = json.shift.response
|
|
51
|
+
else
|
|
52
|
+
resp_struct = context.operation.output.shape.struct_class.new
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
rules.shape.members.each do |name, ref|
|
|
56
|
+
if ref.eventstream
|
|
57
|
+
resp_struct.send("#{name}=", json.to_enum)
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
resp_struct
|
|
61
|
+
else
|
|
62
|
+
Parser.new(rules).parse(json == '' ? '{}' : json)
|
|
63
|
+
end
|
|
44
64
|
else
|
|
45
65
|
EmptyStructure.new
|
|
46
66
|
end
|
|
@@ -1,15 +1,19 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Aws
|
|
2
4
|
module Json
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
5
|
+
module JSONEngine
|
|
6
|
+
class << self
|
|
7
|
+
def load(json)
|
|
8
|
+
JSON.parse(json)
|
|
9
|
+
rescue JSON::ParserError => e
|
|
10
|
+
raise ParseError.new(e)
|
|
11
|
+
end
|
|
8
12
|
|
|
9
|
-
|
|
10
|
-
|
|
13
|
+
def dump(value)
|
|
14
|
+
JSON.dump(value)
|
|
15
|
+
end
|
|
11
16
|
end
|
|
12
|
-
|
|
13
17
|
end
|
|
14
18
|
end
|
|
15
19
|
end
|
|
@@ -1,15 +1,44 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Aws
|
|
2
4
|
module Json
|
|
3
|
-
|
|
5
|
+
module OjEngine
|
|
6
|
+
# @api private
|
|
7
|
+
LOAD_OPTIONS = { mode: :compat, symbol_keys: false, empty_string: false }.freeze
|
|
4
8
|
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
9
|
+
# @api private
|
|
10
|
+
DUMP_OPTIONS = { mode: :compat }.freeze
|
|
11
|
+
|
|
12
|
+
class << self
|
|
13
|
+
def load(json)
|
|
14
|
+
Oj.load(json, LOAD_OPTIONS)
|
|
15
|
+
rescue *PARSE_ERRORS => e
|
|
16
|
+
raise ParseError.new(e)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def dump(value)
|
|
20
|
+
Oj.dump(value, DUMP_OPTIONS)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
private
|
|
24
|
+
|
|
25
|
+
# Oj before 1.4.0 does not define Oj::ParseError and instead raises
|
|
26
|
+
# SyntaxError on failure
|
|
27
|
+
def detect_oj_parse_errors
|
|
28
|
+
require 'oj'
|
|
8
29
|
|
|
9
|
-
|
|
10
|
-
|
|
30
|
+
if Oj.const_defined?(:ParseError)
|
|
31
|
+
[Oj::ParseError, EncodingError, JSON::ParserError]
|
|
32
|
+
else
|
|
33
|
+
[SyntaxError]
|
|
34
|
+
end
|
|
35
|
+
rescue LoadError
|
|
36
|
+
nil
|
|
37
|
+
end
|
|
11
38
|
end
|
|
12
39
|
|
|
40
|
+
# @api private
|
|
41
|
+
PARSE_ERRORS = detect_oj_parse_errors
|
|
13
42
|
end
|
|
14
43
|
end
|
|
15
44
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'base64'
|
|
2
4
|
require 'time'
|
|
3
5
|
|
|
@@ -26,8 +28,16 @@ module Aws
|
|
|
26
28
|
member_name, member_ref = shape.member_by_location_name(key)
|
|
27
29
|
if member_ref
|
|
28
30
|
target[member_name] = parse_ref(member_ref, value)
|
|
31
|
+
elsif shape.union
|
|
32
|
+
target[:unknown] = { 'name' => key, 'value' => value }
|
|
29
33
|
end
|
|
30
34
|
end
|
|
35
|
+
if shape.union
|
|
36
|
+
# convert to subclass
|
|
37
|
+
member_subclass = shape.member_subclass(target.member).new
|
|
38
|
+
member_subclass[target.member] = target.value
|
|
39
|
+
target = member_subclass
|
|
40
|
+
end
|
|
31
41
|
target
|
|
32
42
|
end
|
|
33
43
|
|
data/lib/aws-sdk-core/json.rb
CHANGED
|
@@ -1,66 +1,49 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'json'
|
|
2
4
|
require_relative 'json/builder'
|
|
3
5
|
require_relative 'json/error_handler'
|
|
4
6
|
require_relative 'json/handler'
|
|
5
7
|
require_relative 'json/parser'
|
|
8
|
+
require_relative 'json/json_engine'
|
|
9
|
+
require_relative 'json/oj_engine'
|
|
6
10
|
|
|
7
11
|
module Aws
|
|
8
12
|
# @api private
|
|
9
13
|
module Json
|
|
10
|
-
|
|
11
14
|
class ParseError < StandardError
|
|
12
|
-
|
|
13
15
|
def initialize(error)
|
|
14
16
|
@error = error
|
|
15
17
|
super(error.message)
|
|
16
18
|
end
|
|
17
19
|
|
|
18
20
|
attr_reader :error
|
|
19
|
-
|
|
20
21
|
end
|
|
21
22
|
|
|
22
23
|
class << self
|
|
23
|
-
|
|
24
24
|
def load(json)
|
|
25
|
-
ENGINE.load(json
|
|
26
|
-
rescue ENGINE_ERROR => e
|
|
27
|
-
raise ParseError.new(e)
|
|
25
|
+
ENGINE.load(json)
|
|
28
26
|
end
|
|
29
27
|
|
|
30
28
|
def load_file(path)
|
|
31
|
-
|
|
29
|
+
load(File.open(path, 'r', encoding: 'UTF-8', &:read))
|
|
32
30
|
end
|
|
33
31
|
|
|
34
32
|
def dump(value)
|
|
35
|
-
ENGINE.dump(value
|
|
33
|
+
ENGINE.dump(value)
|
|
36
34
|
end
|
|
37
35
|
|
|
38
36
|
private
|
|
39
37
|
|
|
40
|
-
def
|
|
38
|
+
def select_engine
|
|
41
39
|
require 'oj'
|
|
42
|
-
|
|
40
|
+
OjEngine
|
|
43
41
|
rescue LoadError
|
|
44
|
-
|
|
42
|
+
JSONEngine
|
|
45
43
|
end
|
|
46
|
-
|
|
47
|
-
def json_engine
|
|
48
|
-
[JSON, [], [], JSON::ParserError]
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
def oj_parse_error
|
|
52
|
-
if Oj.const_defined?('ParseError')
|
|
53
|
-
Oj::ParseError
|
|
54
|
-
else
|
|
55
|
-
SyntaxError
|
|
56
|
-
end
|
|
57
|
-
end
|
|
58
|
-
|
|
59
44
|
end
|
|
60
45
|
|
|
61
46
|
# @api private
|
|
62
|
-
ENGINE
|
|
63
|
-
oj_engine || json_engine
|
|
64
|
-
|
|
47
|
+
ENGINE = select_engine
|
|
65
48
|
end
|
|
66
49
|
end
|