RubyGems - aws-sdk-core - Versions diffs - 3.100.0 → 3.191.0 - Mend

aws-sdk-core 3.100.0 → 3.191.0

Files changed (258) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +1815 -0
data/LICENSE.txt +202 -0
data/VERSION +1 -1
data/lib/aws-defaults/default_configuration.rb +153 -0
data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
data/lib/aws-defaults.rb +3 -0
data/lib/aws-sdk-core/arn.rb +28 -0
data/lib/aws-sdk-core/arn_parser.rb +2 -0
data/lib/aws-sdk-core/assume_role_credentials.rb +23 -7
data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +16 -10
data/lib/aws-sdk-core/async_client_stubs.rb +2 -0
data/lib/aws-sdk-core/binary/decode_handler.rb +2 -0
data/lib/aws-sdk-core/binary/encode_handler.rb +14 -1
data/lib/aws-sdk-core/binary/event_builder.rb +2 -0
data/lib/aws-sdk-core/binary/event_parser.rb +2 -0
data/lib/aws-sdk-core/binary/event_stream_decoder.rb +2 -0
data/lib/aws-sdk-core/binary/event_stream_encoder.rb +2 -0
data/lib/aws-sdk-core/binary.rb +2 -0
data/lib/aws-sdk-core/client_side_monitoring/publisher.rb +2 -0
data/lib/aws-sdk-core/client_side_monitoring/request_metrics.rb +2 -0
data/lib/aws-sdk-core/client_stubs.rb +22 -13
data/lib/aws-sdk-core/credential_provider.rb +5 -0
data/lib/aws-sdk-core/credential_provider_chain.rb +31 -6
data/lib/aws-sdk-core/credentials.rb +2 -0
data/lib/aws-sdk-core/deprecations.rb +2 -0
data/lib/aws-sdk-core/eager_loader.rb +2 -0
data/lib/aws-sdk-core/ec2_metadata.rb +238 -0
data/lib/aws-sdk-core/ecs_credentials.rb +188 -53
data/lib/aws-sdk-core/endpoint_cache.rb +2 -0
data/lib/aws-sdk-core/endpoints/condition.rb +41 -0
data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +75 -0
data/lib/aws-sdk-core/endpoints/error_rule.rb +42 -0
data/lib/aws-sdk-core/endpoints/function.rb +80 -0
data/lib/aws-sdk-core/endpoints/matchers.rb +131 -0
data/lib/aws-sdk-core/endpoints/reference.rb +31 -0
data/lib/aws-sdk-core/endpoints/rule.rb +25 -0
data/lib/aws-sdk-core/endpoints/rule_set.rb +52 -0
data/lib/aws-sdk-core/endpoints/rules_provider.rb +37 -0
data/lib/aws-sdk-core/endpoints/templater.rb +58 -0
data/lib/aws-sdk-core/endpoints/tree_rule.rb +45 -0
data/lib/aws-sdk-core/endpoints/url.rb +60 -0
data/lib/aws-sdk-core/endpoints.rb +78 -0
data/lib/aws-sdk-core/errors.rb +27 -5
data/lib/aws-sdk-core/event_emitter.rb +2 -0
data/lib/aws-sdk-core/ini_parser.rb +9 -0
data/lib/aws-sdk-core/instance_profile_credentials.rb +167 -38
data/lib/aws-sdk-core/json/builder.rb +2 -0
data/lib/aws-sdk-core/json/error_handler.rb +22 -1
data/lib/aws-sdk-core/json/handler.rb +10 -1
data/lib/aws-sdk-core/json/json_engine.rb +12 -8
data/lib/aws-sdk-core/json/oj_engine.rb +35 -6
data/lib/aws-sdk-core/json/parser.rb +36 -1
data/lib/aws-sdk-core/json.rb +10 -26
data/lib/aws-sdk-core/log/formatter.rb +15 -3
data/lib/aws-sdk-core/log/handler.rb +2 -0
data/lib/aws-sdk-core/log/param_filter.rb +37 -12
data/lib/aws-sdk-core/log/param_formatter.rb +2 -0
data/lib/aws-sdk-core/pageable_response.rb +91 -32
data/lib/aws-sdk-core/pager.rb +5 -0
data/lib/aws-sdk-core/param_converter.rb +2 -0
data/lib/aws-sdk-core/param_validator.rb +56 -6
data/lib/aws-sdk-core/plugins/api_key.rb +5 -1
data/lib/aws-sdk-core/plugins/apig_authorizer_token.rb +2 -0
data/lib/aws-sdk-core/plugins/apig_credentials_configuration.rb +2 -0
data/lib/aws-sdk-core/plugins/apig_user_agent.rb +2 -0
data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +342 -0
data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +3 -0
data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +2 -0
data/lib/aws-sdk-core/plugins/credentials_configuration.rb +52 -7
data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +8 -2
data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +8 -6
data/lib/aws-sdk-core/plugins/event_stream_configuration.rb +2 -0
data/lib/aws-sdk-core/plugins/global_configuration.rb +2 -0
data/lib/aws-sdk-core/plugins/helpful_socket_errors.rb +2 -0
data/lib/aws-sdk-core/plugins/http_checksum.rb +11 -1
data/lib/aws-sdk-core/plugins/idempotency_token.rb +2 -0
data/lib/aws-sdk-core/plugins/invocation_id.rb +2 -0
data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +36 -6
data/lib/aws-sdk-core/plugins/logging.rb +4 -0
data/lib/aws-sdk-core/plugins/param_converter.rb +2 -0
data/lib/aws-sdk-core/plugins/param_validator.rb +2 -0
data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +19 -0
data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -0
data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +2 -0
data/lib/aws-sdk-core/plugins/protocols/query.rb +2 -0
data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +18 -1
data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +2 -0
data/lib/aws-sdk-core/plugins/recursion_detection.rb +38 -0
data/lib/aws-sdk-core/plugins/regional_endpoint.rb +146 -17
data/lib/aws-sdk-core/plugins/request_compression.rb +217 -0
data/lib/aws-sdk-core/plugins/response_paging.rb +3 -1
data/lib/aws-sdk-core/plugins/retries/client_rate_limiter.rb +2 -0
data/lib/aws-sdk-core/plugins/retries/clock_skew.rb +2 -0
data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +9 -4
data/lib/aws-sdk-core/plugins/retries/retry_quota.rb +2 -0
data/lib/aws-sdk-core/plugins/retry_errors.rb +29 -8
data/lib/aws-sdk-core/plugins/sign.rb +206 -0
data/lib/aws-sdk-core/plugins/signature_v2.rb +3 -0
data/lib/aws-sdk-core/plugins/signature_v4.rb +30 -31
data/lib/aws-sdk-core/plugins/stub_responses.rb +10 -1
data/lib/aws-sdk-core/plugins/transfer_encoding.rb +2 -0
data/lib/aws-sdk-core/plugins/user_agent.rb +119 -14
data/lib/aws-sdk-core/process_credentials.rb +14 -15
data/lib/aws-sdk-core/query/ec2_param_builder.rb +2 -0
data/lib/aws-sdk-core/query/handler.rb +2 -0
data/lib/aws-sdk-core/query/param.rb +2 -0
data/lib/aws-sdk-core/query/param_builder.rb +2 -0
data/lib/aws-sdk-core/query/param_list.rb +2 -0
data/lib/aws-sdk-core/query.rb +2 -0
data/lib/aws-sdk-core/refreshing_credentials.rb +50 -17
data/lib/aws-sdk-core/refreshing_token.rb +71 -0
data/lib/aws-sdk-core/resources/collection.rb +2 -0
data/lib/aws-sdk-core/rest/handler.rb +3 -1
data/lib/aws-sdk-core/rest/request/body.rb +21 -1
data/lib/aws-sdk-core/rest/request/builder.rb +2 -0
data/lib/aws-sdk-core/rest/request/endpoint.rb +2 -0
data/lib/aws-sdk-core/rest/request/headers.rb +16 -6
data/lib/aws-sdk-core/rest/request/querystring_builder.rb +45 -29
data/lib/aws-sdk-core/rest/response/body.rb +2 -0
data/lib/aws-sdk-core/rest/response/headers.rb +6 -3
data/lib/aws-sdk-core/rest/response/parser.rb +2 -0
data/lib/aws-sdk-core/rest/response/status_code.rb +2 -0
data/lib/aws-sdk-core/rest.rb +2 -0
data/lib/aws-sdk-core/shared_config.rb +163 -8
data/lib/aws-sdk-core/shared_credentials.rb +9 -1
data/lib/aws-sdk-core/sso_credentials.rb +172 -0
data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
data/lib/aws-sdk-core/static_token_provider.rb +14 -0
data/lib/aws-sdk-core/structure.rb +19 -6
data/lib/aws-sdk-core/stubbing/data_applicator.rb +2 -0
data/lib/aws-sdk-core/stubbing/empty_stub.rb +2 -0
data/lib/aws-sdk-core/stubbing/protocols/api_gateway.rb +2 -0
data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +2 -0
data/lib/aws-sdk-core/stubbing/protocols/json.rb +3 -1
data/lib/aws-sdk-core/stubbing/protocols/query.rb +2 -0
data/lib/aws-sdk-core/stubbing/protocols/rest.rb +3 -1
data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +3 -1
data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +2 -2
data/lib/aws-sdk-core/stubbing/stub_data.rb +13 -0
data/lib/aws-sdk-core/stubbing/xml_error.rb +2 -0
data/lib/aws-sdk-core/token.rb +31 -0
data/lib/aws-sdk-core/token_provider.rb +15 -0
data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
data/lib/aws-sdk-core/type_builder.rb +2 -0
data/lib/aws-sdk-core/util.rb +2 -0
data/lib/aws-sdk-core/waiters/errors.rb +2 -0
data/lib/aws-sdk-core/waiters/poller.rb +6 -2
data/lib/aws-sdk-core/waiters/waiter.rb +2 -0
data/lib/aws-sdk-core/waiters.rb +2 -0
data/lib/aws-sdk-core/xml/builder.rb +4 -2
data/lib/aws-sdk-core/xml/default_list.rb +2 -0
data/lib/aws-sdk-core/xml/default_map.rb +2 -0
data/lib/aws-sdk-core/xml/doc_builder.rb +8 -1
data/lib/aws-sdk-core/xml/error_handler.rb +9 -0
data/lib/aws-sdk-core/xml/parser/engines/libxml.rb +2 -0
data/lib/aws-sdk-core/xml/parser/engines/nokogiri.rb +2 -0
data/lib/aws-sdk-core/xml/parser/engines/oga.rb +4 -0
data/lib/aws-sdk-core/xml/parser/engines/ox.rb +3 -1
data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +2 -0
data/lib/aws-sdk-core/xml/parser/frame.rb +25 -0
data/lib/aws-sdk-core/xml/parser/parsing_error.rb +2 -0
data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
data/lib/aws-sdk-core/xml/parser.rb +7 -0
data/lib/aws-sdk-core/xml.rb +2 -0
data/lib/aws-sdk-core.rb +29 -3
data/lib/aws-sdk-sso/client.rb +630 -0
data/lib/aws-sdk-sso/client_api.rb +190 -0
data/lib/aws-sdk-sso/customizations.rb +1 -0
data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
data/lib/aws-sdk-sso/endpoint_provider.rb +57 -0
data/lib/aws-sdk-sso/endpoints.rb +72 -0
data/lib/aws-sdk-sso/errors.rb +102 -0
data/lib/aws-sdk-sso/plugins/endpoints.rb +78 -0
data/lib/aws-sdk-sso/resource.rb +26 -0
data/lib/aws-sdk-sso/types.rb +317 -0
data/lib/aws-sdk-sso.rb +59 -0
data/lib/aws-sdk-ssooidc/client.rb +935 -0
data/lib/aws-sdk-ssooidc/client_api.rb +271 -0
data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
data/lib/aws-sdk-ssooidc/endpoint_provider.rb +57 -0
data/lib/aws-sdk-ssooidc/endpoints.rb +72 -0
data/lib/aws-sdk-ssooidc/errors.rb +321 -0
data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +78 -0
data/lib/aws-sdk-ssooidc/resource.rb +26 -0
data/lib/aws-sdk-ssooidc/types.rb +755 -0
data/lib/aws-sdk-ssooidc.rb +59 -0
data/lib/aws-sdk-sts/client.rb +655 -490
data/lib/aws-sdk-sts/client_api.rb +21 -2
data/lib/aws-sdk-sts/customizations.rb +2 -0
data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
data/lib/aws-sdk-sts/endpoint_provider.rb +112 -0
data/lib/aws-sdk-sts/endpoints.rb +136 -0
data/lib/aws-sdk-sts/errors.rb +3 -1
data/lib/aws-sdk-sts/plugins/endpoints.rb +86 -0
data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +7 -1
data/lib/aws-sdk-sts/presigner.rb +16 -10
data/lib/aws-sdk-sts/resource.rb +3 -1
data/lib/aws-sdk-sts/types.rb +416 -316
data/lib/aws-sdk-sts.rb +14 -3
data/lib/seahorse/client/async_base.rb +2 -1
data/lib/seahorse/client/async_response.rb +2 -0
data/lib/seahorse/client/base.rb +3 -0
data/lib/seahorse/client/block_io.rb +5 -2
data/lib/seahorse/client/configuration.rb +7 -5
data/lib/seahorse/client/events.rb +2 -0
data/lib/seahorse/client/h2/connection.rb +29 -24
data/lib/seahorse/client/h2/handler.rb +6 -5
data/lib/seahorse/client/handler.rb +2 -0
data/lib/seahorse/client/handler_builder.rb +2 -0
data/lib/seahorse/client/handler_list.rb +2 -0
data/lib/seahorse/client/handler_list_entry.rb +2 -0
data/lib/seahorse/client/http/async_response.rb +2 -0
data/lib/seahorse/client/http/headers.rb +2 -0
data/lib/seahorse/client/http/request.rb +2 -0
data/lib/seahorse/client/http/response.rb +3 -1
data/lib/seahorse/client/logging/formatter.rb +2 -0
data/lib/seahorse/client/logging/handler.rb +2 -0
data/lib/seahorse/client/managed_file.rb +2 -0
data/lib/seahorse/client/net_http/connection_pool.rb +12 -4
data/lib/seahorse/client/net_http/handler.rb +19 -8
data/lib/seahorse/client/net_http/patches.rb +14 -86
data/lib/seahorse/client/networking_error.rb +2 -0
data/lib/seahorse/client/plugin.rb +3 -0
data/lib/seahorse/client/plugin_list.rb +2 -0
data/lib/seahorse/client/plugins/content_length.rb +13 -5
data/lib/seahorse/client/plugins/endpoint.rb +2 -0
data/lib/seahorse/client/plugins/h2.rb +9 -4
data/lib/seahorse/client/plugins/logging.rb +2 -0
data/lib/seahorse/client/plugins/net_http.rb +39 -3
data/lib/seahorse/client/plugins/operation_methods.rb +2 -0
data/lib/seahorse/client/plugins/raise_response_errors.rb +2 -0
data/lib/seahorse/client/plugins/request_callback.rb +141 -0
data/lib/seahorse/client/plugins/response_target.rb +8 -8
data/lib/seahorse/client/request.rb +2 -0
data/lib/seahorse/client/request_context.rb +2 -0
data/lib/seahorse/client/response.rb +8 -0
data/lib/seahorse/model/api.rb +2 -0
data/lib/seahorse/model/authorizer.rb +2 -0
data/lib/seahorse/model/operation.rb +8 -0
data/lib/seahorse/model/shapes.rb +27 -0
data/lib/seahorse/util.rb +12 -1
data/lib/seahorse/version.rb +2 -0
data/lib/seahorse.rb +3 -0
data/sig/aws-sdk-core/client_stubs.rbs +10 -0
data/sig/aws-sdk-core/errors.rbs +22 -0
data/sig/aws-sdk-core/resources/collection.rbs +21 -0
data/sig/aws-sdk-core/structure.rbs +4 -0
data/sig/aws-sdk-core/waiters/errors.rbs +20 -0
data/sig/aws-sdk-core.rbs +7 -0
data/sig/seahorse/client/base.rbs +25 -0
data/sig/seahorse/client/handler_builder.rbs +16 -0
data/sig/seahorse/client/response.rbs +61 -0
metadata +93 -19

data/lib/aws-sdk-core/instance_profile_credentials.rb CHANGED Viewed

@@ -1,10 +1,15 @@
-require 'json'
+# frozen_string_literal: true
 require 'time'
 require 'net/http'
 module Aws
+  # An auto-refreshing credential provider that loads credentials from
+  # EC2 instances.
+  #
+  #     instance_credentials = Aws::InstanceProfileCredentials.new
+  #     ec2 = Aws::EC2::Client.new(credentials: instance_credentials)
   class InstanceProfileCredentials
     include CredentialProvider
     include RefreshingCredentials
@@ -43,7 +48,15 @@ module Aws
     # @param [Hash] options
     # @option options [Integer] :retries (1) Number of times to retry
     #   when retrieving credentials.
-    # @option options [String] :ip_address ('169.254.169.254')
+    # @option options [String] :endpoint ('http://169.254.169.254') The IMDS
+    #   endpoint. This option has precedence over the :endpoint_mode.
+    # @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
+    #   the instance metadata service. This is either 'IPv4' ('169.254.169.254')
+    #   or 'IPv6' ('[fd00:ec2::254]').
+    # @option options [Boolean] :disable_imds_v1 (false) Disable the use of the
+    #  legacy EC2 Metadata Service v1.
+    # @option options [String] :ip_address ('169.254.169.254') Deprecated. Use
+    #   :endpoint instead. The IP address for the endpoint.
     # @option options [Integer] :port (80)
     # @option options [Float] :http_open_timeout (1)
     # @option options [Float] :http_read_timeout (1)
@@ -57,16 +70,26 @@ module Aws
     # @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
     #   Metadata Token used for fetching Metadata Profile Credentials, defaults
     #   to 21600 seconds
+    # @option options [Callable] before_refresh Proc called before
+    #   credentials are refreshed. `before_refresh` is called
+    #   with an instance of this object when
+    #   AWS credentials are required and need to be refreshed.
     def initialize(options = {})
       @retries = options[:retries] || 1
-      @ip_address = options[:ip_address] || '169.254.169.254'
+      endpoint_mode = resolve_endpoint_mode(options)
+      @endpoint = resolve_endpoint(options, endpoint_mode)
       @port = options[:port] || 80
+      @disable_imds_v1 = resolve_disable_v1(options)
+      # Flag for if v2 flow fails, skip future attempts
+      @imds_v1_fallback = false
       @http_open_timeout = options[:http_open_timeout] || 1
       @http_read_timeout = options[:http_read_timeout] || 1
       @http_debug_output = options[:http_debug_output]
       @backoff = backoff(options[:backoff])
       @token_ttl = options[:token_ttl] || 21_600
       @token = nil
+      @no_refresh_until = nil
+      @async_refresh = false
       super
     end
@@ -77,6 +100,44 @@ module Aws
     private
+    def resolve_endpoint_mode(options)
+      value = options[:endpoint_mode]
+      value ||= ENV['AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE']
+      value ||= Aws.shared_config.ec2_metadata_service_endpoint_mode(
+        profile: options[:profile]
+      )
+      value || 'IPv4'
+    end
+    def resolve_endpoint(options, endpoint_mode)
+      value = options[:endpoint] || options[:ip_address]
+      value ||= ENV['AWS_EC2_METADATA_SERVICE_ENDPOINT']
+      value ||= Aws.shared_config.ec2_metadata_service_endpoint(
+        profile: options[:profile]
+      )
+      return value if value
+      case endpoint_mode.downcase
+      when 'ipv4' then 'http://169.254.169.254'
+      when 'ipv6' then 'http://[fd00:ec2::254]'
+      else
+        raise ArgumentError,
+              ':endpoint_mode is not valid, expected IPv4 or IPv6, '\
+              "got: #{endpoint_mode}"
+      end
+    end
+    def resolve_disable_v1(options)
+      value = options[:disable_imds_v1]
+      value ||= ENV['AWS_EC2_METADATA_V1_DISABLED']
+      value ||= Aws.shared_config.ec2_metadata_v1_disabled(
+        profile: options[:profile]
+      )
+      value = value.to_s.downcase if value
+      Aws::Util.str_2_bool(value) || false
+    end
     def backoff(backoff)
       case backoff
       when Proc then backoff
@@ -86,20 +147,49 @@ module Aws
     end
     def refresh
+      if @no_refresh_until && @no_refresh_until > Time.now
+        warn_expired_credentials
+        return
+      end
       # Retry loading credentials up to 3 times is the instance metadata
       # service is responding but is returning invalid JSON documents
       # in response to the GET profile credentials call.
       begin
-        retry_errors([JSON::ParserError, StandardError], max_retries: 3) do
-          c = JSON.parse(get_credentials.to_s)
-          @credentials = Credentials.new(
-            c['AccessKeyId'],
-            c['SecretAccessKey'],
-            c['Token']
-          )
-          @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
+        retry_errors([Aws::Json::ParseError], max_retries: 3) do
+          c = Aws::Json.load(get_credentials.to_s)
+          if empty_credentials?(@credentials)
+            @credentials = Credentials.new(
+              c['AccessKeyId'],
+              c['SecretAccessKey'],
+              c['Token']
+            )
+            @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
+            if @expiration && @expiration < Time.now
+              @no_refresh_until = Time.now + refresh_offset
+              warn_expired_credentials
+            end
+          else
+            #  credentials are already set, update them only if the new ones are not empty
+            if !c['AccessKeyId'] || c['AccessKeyId'].empty?
+              # error getting new credentials
+              @no_refresh_until = Time.now + refresh_offset
+              warn_expired_credentials
+            else
+              @credentials = Credentials.new(
+                c['AccessKeyId'],
+                c['SecretAccessKey'],
+                c['Token']
+              )
+              @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
+              if @expiration && @expiration < Time.now
+                @no_refresh_until = Time.now + refresh_offset
+                warn_expired_credentials
+              end
+            end
+          end
         end
-      rescue JSON::ParserError
+      rescue Aws::Json::ParseError
         raise Aws::Errors::MetadataParserError
       end
     end
@@ -115,25 +205,14 @@ module Aws
             open_connection do |conn|
               # attempt to fetch token to start secure flow first
               # and rescue to failover
-              begin
-                retry_errors(NETWORK_ERRORS, max_retries: @retries) do
-                  unless token_set?
-                    token_value, ttl = http_put(
-                      conn, METADATA_TOKEN_PATH, @token_ttl
-                    )
-                    @token = Token.new(token_value, ttl) if token_value && ttl
-                  end
-                end
-              rescue *NETWORK_ERRORS
-                # token attempt failed, reset token
-                # fallback to non-token mode
-                @token = nil
-              end
+              fetch_token(conn) unless @imds_v1_fallback
               token = @token.value if token_set?
-              metadata = http_get(conn, METADATA_PATH_BASE, token)
-              profile_name = metadata.lines.first.strip
-              http_get(conn, METADATA_PATH_BASE + profile_name, token)
+              # disable insecure flow if we couldn't get token
+              # and imds v1 is disabled
+              raise TokenRetrivalError if token.nil? && @disable_imds_v1
+              _get_credentials(conn, token)
             end
           end
         rescue
@@ -142,6 +221,36 @@ module Aws
       end
     end
+    def fetch_token(conn)
+      retry_errors(NETWORK_ERRORS, max_retries: @retries) do
+        unless token_set?
+          created_time = Time.now
+          token_value, ttl = http_put(
+            conn, METADATA_TOKEN_PATH, @token_ttl
+          )
+          @token = Token.new(token_value, ttl, created_time) if token_value && ttl
+        end
+      end
+    rescue *NETWORK_ERRORS
+      # token attempt failed, reset token
+      # fallback to non-token mode
+      @token = nil
+      @imds_v1_fallback = true
+    end
+    # token is optional - if nil, uses v1 (insecure) flow
+    def _get_credentials(conn, token)
+      metadata = http_get(conn, METADATA_PATH_BASE, token)
+      profile_name = metadata.lines.first.strip
+      http_get(conn, METADATA_PATH_BASE + profile_name, token)
+    rescue TokenExpiredError
+      # Token has expired, reset it
+      # The next retry should fetch it
+      @token = nil
+      @imds_v1_fallback = false
+      raise Non200Response
+    end
     def token_set?
       @token && !@token.expired?
     end
@@ -151,7 +260,8 @@ module Aws
     end
     def open_connection
-      http = Net::HTTP.new(@ip_address, @port, nil)
+      uri = URI.parse(@endpoint)
+      http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
       http.open_timeout = @http_open_timeout
       http.read_timeout = @http_read_timeout
       http.set_debug_output(@http_debug_output) if @http_debug_output
@@ -164,9 +274,15 @@ module Aws
       headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}" }
       headers['x-aws-ec2-metadata-token'] = token if token
       response = connection.request(Net::HTTP::Get.new(path, headers))
-      raise Non200Response unless response.code.to_i == 200
-      response.body
+      case response.code.to_i
+      when 200
+        response.body
+      when 401
+        raise TokenExpiredError
+      else
+        raise Non200Response
+      end
     end
     # PUT request fetch token with ttl
@@ -184,8 +300,6 @@ module Aws
         ]
       when 400
         raise TokenRetrivalError
-      when 401
-        raise TokenExpiredError
       else
         raise Non200Response
       end
@@ -205,13 +319,28 @@ module Aws
       end
     end
+    def warn_expired_credentials
+      warn("Attempting credential expiration extension due to a credential "\
+        "service availability issue. A refresh of these credentials "\
+        "will be attempted again in 5 minutes.")
+    end
+    def empty_credentials?(creds)
+      !creds || !creds.access_key_id || creds.access_key_id.empty?
+    end
+    # Compute an offset for refresh with jitter
+    def refresh_offset
+      300 + rand(0..60)
+    end
     # @api private
     # Token used to fetch IMDS profile and credentials
     class Token
-      def initialize(value, ttl)
+      def initialize(value, ttl, created_time = Time.now)
         @ttl = ttl
         @value = value
-        @created_time = Time.now
+        @created_time = created_time
       end
       # [String] token value

data/lib/aws-sdk-core/json/builder.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'base64'
 module Aws

data/lib/aws-sdk-core/json/error_handler.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Aws
   module Json
     class ErrorHandler < Xml::ErrorHandler
@@ -24,7 +26,13 @@ module Aws
       end
       def error_code(json, context)
-        code = json['__type']
+        code =
+          if aws_query_error?(context)
+            error = context.http_response.headers['x-amzn-query-error'].split(';')[0]
+            remove_prefix(error, context)
+          else
+            json['__type']
+          end
         code ||= json['code']
         code ||= context.http_response.headers['x-amzn-errortype']
         if code
@@ -34,6 +42,19 @@ module Aws
         end
       end
+      def aws_query_error?(context)
+        context.config.api.metadata['awsQueryCompatible'] &&
+          context.http_response.headers['x-amzn-query-error']
+      end
+      def remove_prefix(error_code, context)
+        if prefix = context.config.api.metadata['errorPrefix']
+          error_code.sub(/^#{prefix}/, '')
+        else
+          error_code
+        end
+      end
       def error_message(code, json)
         if code == 'RequestEntityTooLarge'
           'Request body must be less than 1 MB'

data/lib/aws-sdk-core/json/handler.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Aws
   module Json
     class Handler < Seahorse::Client::Handler
@@ -57,7 +59,10 @@ module Aws
             end
             resp_struct
           else
-            Parser.new(rules).parse(json == '' ? '{}' : json)
+            Parser.new(
+              rules,
+              query_compatible: query_compatible?(context)
+            ).parse(json == '' ? '{}' : json)
           end
         else
           EmptyStructure.new
@@ -81,6 +86,10 @@ module Aws
         context.config.simple_json
       end
+      def query_compatible?(context)
+        context.config.api.metadata.key?('awsQueryCompatible')
+      end
     end
   end
 end

data/lib/aws-sdk-core/json/json_engine.rb CHANGED Viewed

@@ -1,15 +1,19 @@
+# frozen_string_literal: true
 module Aws
   module Json
-    class OjEngine
-      def self.load(json)
-        Oj.load(json)
-      end
+    module JSONEngine
+      class << self
+        def load(json)
+          JSON.parse(json)
+        rescue JSON::ParserError => e
+          raise ParseError.new(e)
+        end
-      def self.dump(value)
-        Oj.dump(value)
+        def dump(value)
+          JSON.dump(value)
+        end
       end
     end
   end
 end

data/lib/aws-sdk-core/json/oj_engine.rb CHANGED Viewed

@@ -1,15 +1,44 @@
+# frozen_string_literal: true
 module Aws
   module Json
-    class JSONEngine
+    module OjEngine
+      # @api private
+      LOAD_OPTIONS = { mode: :compat, symbol_keys: false, empty_string: false }.freeze
-      def self.load(json)
-        JSON.load(json)
-      end
+      # @api private
+      DUMP_OPTIONS = { mode: :compat }.freeze
+      class << self
+        def load(json)
+          Oj.load(json, LOAD_OPTIONS)
+        rescue *PARSE_ERRORS => e
+          raise ParseError.new(e)
+        end
+        def dump(value)
+          Oj.dump(value, DUMP_OPTIONS)
+        end
+        private
+        # Oj before 1.4.0 does not define Oj::ParseError and instead raises
+        # SyntaxError on failure
+        def detect_oj_parse_errors
+          require 'oj'
-      def self.dump(value)
-        JSON.dump(value)
+          if Oj.const_defined?(:ParseError)
+            [Oj::ParseError, EncodingError, JSON::ParserError]
+          else
+            [SyntaxError]
+          end
+        rescue LoadError
+          nil
+        end
       end
+      # @api private
+      PARSE_ERRORS = detect_oj_parse_errors
     end
   end
 end

data/lib/aws-sdk-core/json/parser.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'base64'
 require 'time'
@@ -8,8 +10,9 @@ module Aws
       include Seahorse::Model::Shapes
       # @param [Seahorse::Model::ShapeRef] rules
-      def initialize(rules)
+      def initialize(rules, query_compatible: false)
         @rules = rules
+        @query_compatible = query_compatible
       end
       # @param [String<JSON>] json
@@ -26,8 +29,32 @@ module Aws
           member_name, member_ref = shape.member_by_location_name(key)
           if member_ref
             target[member_name] = parse_ref(member_ref, value)
+          elsif shape.union && key != '__type'
+            target[:unknown] = { 'name' => key, 'value' => value }
           end
         end
+        # In services that were previously Query/XML, members that were
+        # "flattened" defaulted to empty lists. In JSON, these values are nil,
+        # which is backwards incompatible. To preserve backwards compatibility,
+        # we set a default value of [] for these members.
+        if @query_compatible
+          ref.shape.members.each do |member_name, member_target|
+            next unless target[member_name].nil?
+            if flattened_list?(member_target.shape)
+              target[member_name] = []
+            elsif flattened_map?(member_target.shape)
+              target[member_name] = {}
+            end
+          end
+        end
+        if shape.union
+          # convert to subclass
+          member_subclass = shape.member_subclass(target.member).new
+          member_subclass[target.member] = target.value
+          target = member_subclass
+        end
         target
       end
@@ -69,6 +96,14 @@ module Aws
         value.is_a?(Numeric) ? Time.at(value) : Time.parse(value)
       end
+      def flattened_list?(shape)
+        shape.is_a?(ListShape) && shape.flattened
+      end
+      def flattened_map?(shape)
+        shape.is_a?(MapShape) && shape.flattened
+      end
     end
   end
 end

data/lib/aws-sdk-core/json.rb CHANGED Viewed

@@ -1,8 +1,12 @@
+# frozen_string_literal: true
 require 'json'
 require_relative 'json/builder'
 require_relative 'json/error_handler'
 require_relative 'json/handler'
 require_relative 'json/parser'
+require_relative 'json/json_engine'
+require_relative 'json/oj_engine'
 module Aws
   # @api private
@@ -18,9 +22,7 @@ module Aws
     class << self
       def load(json)
-        ENGINE.load(json, *ENGINE_LOAD_OPTIONS)
-      rescue *ENGINE_ERRORS => e
-        raise ParseError, e
+        ENGINE.load(json)
       end
       def load_file(path)
@@ -28,38 +30,20 @@ module Aws
       end
       def dump(value)
-        ENGINE.dump(value, *ENGINE_DUMP_OPTIONS)
+        ENGINE.dump(value)
       end
       private
-      def oj_engine
+      def select_engine
         require 'oj'
-        [
-          Oj,
-          [{ mode: :compat, symbol_keys: false }],
-          [{ mode: :compat }],
-          oj_parse_error
-        ]
+        OjEngine
       rescue LoadError
-        false
-      end
-      def json_engine
-        [JSON, [], [], [JSON::ParserError]]
-      end
-      def oj_parse_error
-        if Oj.const_defined?('ParseError')
-          [Oj::ParseError, EncodingError, JSON::ParserError]
-        else
-          [SyntaxError]
-        end
+        JSONEngine
       end
     end
     # @api private
-    ENGINE, ENGINE_LOAD_OPTIONS, ENGINE_DUMP_OPTIONS, ENGINE_ERRORS =
-      oj_engine || json_engine
+    ENGINE = select_engine
   end
 end

data/lib/aws-sdk-core/log/formatter.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'pathname'
 module Aws
@@ -24,6 +26,8 @@ module Aws
     #
     # You can put any of these placeholders into you pattern.
     #
+    #   * `:region` - The region configured for the client.
+    #
     #   * `:client_class` - The name of the client class.
     #
     #   * `:operation` - The name of the client request method.
@@ -83,6 +87,9 @@ module Aws
       #   The default list of filtered parameters is documented on the
       #   {ParamFilter} class.
       #
+      # @option options [Boolean] :filter_sensitive_params (true) Set to false
+      #   to disable the sensitive parameter filtering when logging
+      #   `:request_params`.
       def initialize(pattern, options = {})
         @pattern = pattern
         @param_formatter = ParamFormatter.new(options)
@@ -92,12 +99,12 @@ module Aws
       # @return [String]
       attr_reader :pattern
-      # Given a resopnse, this will format a log message and return it as a
+      # Given a response, this will format a log message and return it as a
       #   string according to {#pattern}.
       # @param [Seahorse::Client::Response] response
       # @return [String]
       def format(response)
-        pattern.gsub(/:(\w+)/) {|sym| send("_#{sym[1..-1]}", response) }
+        pattern.gsub(/:(\w+)/) { |sym| send("_#{sym[1..-1]}", response) }
       end
       # @api private
@@ -111,6 +118,10 @@ module Aws
       private
+      def _region(response)
+        response.context.config.region
+      end
       def _client_class(response)
         response.context.client.class.name
       end
@@ -121,7 +132,8 @@ module Aws
       def _request_params(response)
         params = response.context.params
-        @param_formatter.summarize(@param_filter.filter(params))
+        type = response.context.operation.input.shape.struct_class
+        @param_formatter.summarize(@param_filter.filter(params, type))
       end
       def _time(response)

data/lib/aws-sdk-core/log/handler.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Seahorse
   module Client
     module Logging