aws-sdk-core 3.100.0 → 3.191.0

data/lib/aws-sdk-core/log/param_filter.rb

@@ -1,43 +1,68 @@
+# frozen_string_literal: true
+
 require 'pathname'
 require 'set'
 
 module Aws
   module Log
     class ParamFilter
-
+      # DEPRECATED - This must exist for backwards compatibility. Sensitive
+      # members are now computed for each request/response type. This can be
+      # removed in a new major version. This list is no longer updated.
+      #
       # A managed list of sensitive parameters that should be filtered from
       # logs. This is updated automatically as part of each release. See the
       # `tasks/update-sensitive-params.rake` for more information.
       #
       # @api private
       # begin
-      SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :alexa_for_business_room_arn, :artifact_credentials, :auth_code, :auth_parameters, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :block_data, :blocks, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_request_token, :client_secret, :comment, :configuration, :content, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :destination_access_token, :digest_tip_address, :display_name, :domain_signing_private_key, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :external_meeting_id, :external_model_endpoint_data_blobs, :external_user_id, :fall_back_phone_number, :feedback_token, :file, :filter_expression, :first_name, :full_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :join_token, :key, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_name, :master_user_password, :meeting_host_id, :message, :metadata, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :private_key_plaintext, :proof, :proposed_password, :proxy_phone_number, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :resource_arn, :restore_metadata, :revision, :saml_assertion, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :session_token, :share_notes, :shared_secret, :slots, :sns_topic_arn, :source_access_token, :sqs_queue_arn, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :web_identity_token, :zip_file]
+      SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :alexa_for_business_room_arn, :artifact_credentials, :auth_code, :auth_parameters, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :basic_auth_credentials, :block, :block_address, :block_data, :blocks, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_request_token, :client_secret, :comment, :configuration, :content, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :destination_access_token, :digest_tip_address, :display_name, :domain_signing_private_key, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :emergency_phone_number, :error, :external_meeting_id, :external_model_endpoint_data_blobs, :external_user_id, :fall_back_phone_number, :feedback_token, :file, :filter_expression, :first_name, :full_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :join_token, :key, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_name, :master_user_password, :meeting_host_id, :message, :metadata, :name, :new_password, :next_password, :notes, :number, :oauth_token, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :private_key_plaintext, :proof, :proposed_password, :proxy_phone_number, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :resource_arn, :restore_metadata, :revision, :saml_assertion, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :session_token, :share_notes, :shared_secret, :slots, :sns_topic_arn, :source_access_token, :sqs_queue_arn, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :test_phone_number, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :web_identity_token, :zip_file]
       # end
 
       def initialize(options = {})
-        @filters = Set.new(SENSITIVE + Array(options[:filter]))
+        @enabled = options[:filter_sensitive_params] != false
+        @additional_filters = options[:filter] || []
       end
 
-      def filter(value)
-        case value
-        when Struct, Hash then filter_hash(value)
-        when Array then filter_array(value)
-        else value
+      def filter(values, type)
+        case values
+        when Struct then filter_struct(values, type)
+        when Hash then filter_hash(values, type)
+        when Array then filter_array(values, type)
+        else values
         end
       end
 
       private
 
-      def filter_hash(values)
+      def filter_struct(values, type)
+        if values.class.include? Aws::Structure::Union
+          values = { values.member => values.value }
+        end
+        filter_hash(values, type)
+      end
+
+      def filter_hash(values, type)
+        if type.const_defined?('SENSITIVE')
+          filters = type::SENSITIVE + @additional_filters
+        else
+          # Support backwards compatibility (new core + old service)
+          filters = SENSITIVE + @additional_filters
+        end
+
         filtered = {}
         values.each_pair do |key, value|
-          filtered[key] = @filters.any? { |f| f.to_s.casecmp(key.to_s).zero? } ? '[FILTERED]' : filter(value)
+          filtered[key] = if @enabled && filters.include?(key)
+            '[FILTERED]'
+          else
+            filter(value, type)
+          end
         end
         filtered
       end
 
-      def filter_array(values)
-        values.map { |value| filter(value) }
+      def filter_array(values, type)
+        values.map { |value| filter(value, type) }
       end
 
     end

data/lib/aws-sdk-core/log/param_formatter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'pathname'
 
 module Aws

data/lib/aws-sdk-core/pageable_response.rb

@@ -1,12 +1,16 @@
-module Aws
+# frozen_string_literal: true
 
+module Aws
   # Decorates a {Seahorse::Client::Response} with paging convenience methods.
   # Some AWS calls provide paged responses to limit the amount of data returned
-  # with each response.  To optimize for latency, some APIs may return an
-  # inconsistent number of responses per page.  You should rely on the values of
-  # the `next_page?` method or using enumerable methods such as `each`
-  # rather than the number of items returned to iterate through results.
-  # See below for examples.
+  # with each response. To optimize for latency, some APIs may return an
+  # inconsistent number of responses per page. You should rely on the values of
+  # the `next_page?` method or using enumerable methods such as `each` rather
+  # than the number of items returned to iterate through results. See below for
+  # examples.
+  #
+  # @note Methods such as `to_json` will enumerate all of the responses before
+  #   returning the full response as JSON.
   #
   # # Paged Responses Are Enumerable
   # The simplest way to handle paged response data is to use the built-in
@@ -44,11 +48,11 @@ module Aws
   #
   module PageableResponse
 
-    def self.extended(base)
-      base.send(:extend, Enumerable)
-      base.send(:extend, UnsafeEnumerableMethods)
-      base.instance_variable_set("@last_page", nil)
-      base.instance_variable_set("@more_results", nil)
+    def self.apply(base)
+      base.extend Extension
+      base.instance_variable_set(:@last_page, nil)
+      base.instance_variable_set(:@more_results, nil)
+      base
     end
 
     # @return [Paging::Pager]
@@ -58,39 +62,26 @@ module Aws
     # when this method returns `false` will raise an error.
     # @return [Boolean]
     def last_page?
-      if @last_page.nil?
-        @last_page = !@pager.truncated?(self)
-      end
-      @last_page
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # Returns `true` if there are more results.  Calling {#next_page} will
     # return the next response.
     # @return [Boolean]
     def next_page?
-      !last_page?
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # @return [Seahorse::Client::Response]
     def next_page(params = {})
-      if last_page?
-        raise LastPageError.new(self)
-      else
-        next_response(params)
-      end
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # Yields the current and each following response to the given block.
     # @yieldparam [Response] response
     # @return [Enumerable,nil] Returns a new Enumerable if no block is given.
     def each(&block)
-      return enum_for(:each_page) unless block_given?
-      response = self
-      yield(response)
-      until response.last_page?
-        response = response.next_page
-        yield(response)
-      end
+      # Actual implementation is in PageableResponse::Extension
     end
     alias each_page each
 
@@ -101,9 +92,7 @@ module Aws
     # @return [Seahorse::Client::Response] Returns the next page of
     #   results.
     def next_response(params)
-      params = next_page_params(params)
-      request = context.client.build_request(context.operation_name, params)
-      request.send_request
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # @param [Hash] params A hash of additional request params to
@@ -111,7 +100,7 @@ module Aws
     # @return [Hash] Returns the hash of request parameters for the
     #   next page, merging any given params.
     def next_page_params(params)
-      context[:original_params].merge(@pager.next_tokens(self).merge(params))
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # Raised when calling {PageableResponse#next_page} on a pager that
@@ -157,6 +146,76 @@ module Aws
         data.to_h
       end
 
+      def as_json(_options = {})
+        data.to_h(data, as_json: true)
+      end
+
+      def to_json(options = {})
+        as_json.to_json(options)
+      end
+    end
+
+    # The actual decorator module implementation. It is in a distinct module
+    # so that it can be used to extend objects without busting Ruby's constant cache.
+    # object.extend(mod) bust the constant cache only if `mod` contains constants of its own.
+    # @api private
+    module Extension
+
+      include Enumerable
+      include UnsafeEnumerableMethods
+
+      attr_accessor :pager
+
+      def last_page?
+        if @last_page.nil?
+          @last_page = !@pager.truncated?(self)
+        end
+        @last_page
+      end
+
+      def next_page?
+        !last_page?
+      end
+
+      def next_page(params = {})
+        if last_page?
+          raise LastPageError.new(self)
+        else
+          next_response(params)
+        end
+      end
+
+      def each(&block)
+        return enum_for(:each_page) unless block_given?
+        response = self
+        yield(response)
+        until response.last_page?
+          response = response.next_page
+          yield(response)
+        end
+      end
+      alias each_page each
+
+      private
+
+      def next_response(params)
+        params = next_page_params(params)
+        request = context.client.build_request(context.operation_name, params)
+        Aws::Plugins::UserAgent.feature('paginator') do
+          request.send_request
+        end
+      end
+
+      def next_page_params(params)
+        # Remove all previous tokens from original params
+        # Sometimes a token can be nil and merge would not include it.
+        tokens = @pager.tokens.values.map(&:to_sym)
+
+        params_without_tokens = context[:original_params].reject { |k, _v| tokens.include?(k) }
+        params_without_tokens.merge!(@pager.next_tokens(self).merge(params))
+        params_without_tokens
+      end
+
     end
   end
 end

data/lib/aws-sdk-core/pager.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'jmespath'
 
 module Aws
@@ -16,6 +18,9 @@ module Aws
     # @return [Symbol, nil]
     attr_reader :limit_key
 
+    # @return [Hash, nil]
+    attr_reader :tokens
+
     # @param [Seahorse::Client::Response] response
     # @return [Hash]
     def next_tokens(response)

data/lib/aws-sdk-core/param_converter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'stringio'
 require 'date'
 require 'time'

data/lib/aws-sdk-core/param_validator.rb

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 module Aws
   # @api private
   class ParamValidator
 
     include Seahorse::Model::Shapes
 
-    EXPECTED_GOT = "expected %s to be %s, got value %s (class: %s) instead."
+    EXPECTED_GOT = 'expected %s to be %s, got class %s instead.'
 
     # @param [Seahorse::Model::Shapes::ShapeRef] rules
     # @param [Hash] params
@@ -68,6 +70,14 @@ module Aws
           end
         end
 
+        if @validate_required && shape.union
+          if values.length > 1
+            errors << "multiple values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}"
+          elsif values.length == 0
+            errors << "No values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}"
+          end
+        end
+
         # validate non-nil members
         values.each_pair do |name, value|
           unless value.nil?
@@ -115,11 +125,32 @@ module Aws
       end
     end
 
+    def document(ref, value, errors, context)
+      document_types = [Hash, Array, Numeric, String, TrueClass, FalseClass, NilClass]
+      unless document_types.any? { |t| value.is_a?(t) }
+        errors << expected_got(context, "one of #{document_types.join(', ')}", value)
+      end
+
+      # recursively validate types for aggregated types
+      case value
+      when Hash
+        value.each do |k, v|
+          document(ref, v, errors, context + "[#{k}]")
+        end
+      when Array
+        value.each do |v|
+          document(ref, v, errors, context)
+        end
+      end
+
+    end
+
     def shape(ref, value, errors, context)
       case ref.shape
       when StructureShape then structure(ref, value, errors, context)
       when ListShape then list(ref, value, errors, context)
       when MapShape then map(ref, value, errors, context)
+      when DocumentShape then document(ref, value, errors, context)
       when StringShape
         unless value.is_a?(String)
           errors << expected_got(context, "a String", value)
@@ -141,8 +172,22 @@ module Aws
           errors << expected_got(context, "true or false", value)
         end
       when BlobShape
-        unless value.is_a?(String) || io_like?(value)
-          errors << expected_got(context, "a String or IO object", value)
+        unless value.is_a?(String)
+          if streaming_input?(ref)
+            unless io_like?(value, _require_size = false)
+              errors << expected_got(
+                context,
+                "a String or IO like object that supports read and rewind",
+                value
+              )
+            end
+          elsif !io_like?(value, _require_size = true)
+            errors << expected_got(
+              context,
+              "a String or IO like object that supports read, rewind, and size",
+              value
+            )
+          end
         end
       else
         raise "unhandled shape type: #{ref.shape.class.name}"
@@ -165,8 +210,13 @@ module Aws
       end
     end
 
-    def io_like?(value)
-      value.respond_to?(:read) && value.respond_to?(:rewind)
+    def io_like?(value, require_size = true)
+      value.respond_to?(:read) && value.respond_to?(:rewind) &&
+        (!require_size || value.respond_to?(:size))
+    end
+
+    def streaming_input?(ref)
+      (ref["streaming"] || ref.shape["streaming"])
     end
 
     def error_messages(errors)
@@ -180,7 +230,7 @@ module Aws
     end
 
     def expected_got(context, expected, got)
-      EXPECTED_GOT % [context, expected, got.inspect, got.class.name]
+      EXPECTED_GOT % [context, expected, got.class.name]
     end
 
   end

data/lib/aws-sdk-core/plugins/api_key.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
 
@@ -21,7 +23,9 @@ When provided, `x-api-key` header will be injected with the value provided.
       class OptionHandler < Seahorse::Client::Handler
         def call(context)
           if context.operation.require_apikey
-            api_key = context.params.delete(:api_key)
+            if context.params.is_a?(Hash) && context.params[:api_key]
+              api_key = context.params.delete(:api_key)
+            end
             api_key = context.config.api_key if api_key.nil?
             context[:api_key] = api_key
           end

data/lib/aws-sdk-core/plugins/apig_authorizer_token.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
 

data/lib/aws-sdk-core/plugins/apig_credentials_configuration.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   # @api private
   module Plugins

data/lib/aws-sdk-core/plugins/apig_user_agent.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
     # @api private

data/lib/aws-sdk-core/plugins/bearer_authorization.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Aws
+  # @api private
+  module Plugins
+    # @api private
+    class BearerAuthorization < Seahorse::Client::Plugin
+
+      option(:token_provider,
+             required: false,
+             doc_type: 'Aws::TokenProvider',
+             docstring: <<-DOCS
+A Bearer Token Provider. This can be an instance of any one of the
+following classes:
+
+* `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+  tokens.
+
+* `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+  access token generated from `aws login`.
+
+When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+will be used to search for tokens configured for your profile in shared configuration files.
+      DOCS
+      ) do |config|
+        if config.stub_responses
+          StaticTokenProvider.new('token')
+        else
+          TokenProviderChain.new(config).resolve
+        end
+      end
+
+
+      def add_handlers(handlers, cfg)
+        bearer_operations =
+          if cfg.api.metadata['signatureVersion'] == 'bearer'
+            # select operations where authtype is either not set or is bearer
+            cfg.api.operation_names.select do |o|
+              !cfg.api.operation(o)['authtype'] || cfg.api.operation(o)['authtype'] == 'bearer'
+            end
+          else # service is not bearer auth
+            # select only operations where authtype is explicitly bearer
+            cfg.api.operation_names.select do |o|
+              cfg.api.operation(o)['authtype'] == 'bearer'
+            end
+          end
+        handlers.add(Handler, step: :sign, operations: bearer_operations)
+      end
+
+      class Handler < Seahorse::Client::Handler
+        def call(context)
+          if context.http_request.endpoint.scheme != 'https'
+            raise ArgumentError, 'Unable to use bearer authorization on non https endpoint.'
+          end
+
+          token_provider = context.config.token_provider
+          if token_provider && token_provider.set?
+            context.http_request.headers['Authorization'] = "Bearer #{token_provider.token.token}"
+          else
+            raise Errors::MissingBearerTokenError
+          end
+          @handler.call(context)
+        end
+      end
+    end
+  end
+end