RubyGems - aws-sdk-core - Versions diffs - 3.103.0 → 3.130.2 - Mend

aws-sdk-core 3.103.0 → 3.130.2

Files changed (93) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +1304 -0
data/LICENSE.txt +202 -0
data/VERSION +1 -1
data/lib/aws-defaults/default_configuration.rb +153 -0
data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
data/lib/aws-defaults.rb +3 -0
data/lib/aws-sdk-core/arn.rb +13 -0
data/lib/aws-sdk-core/assume_role_credentials.rb +20 -1
data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +9 -4
data/lib/aws-sdk-core/client_stubs.rb +5 -1
data/lib/aws-sdk-core/credential_provider_chain.rb +21 -1
data/lib/aws-sdk-core/ec2_metadata.rb +238 -0
data/lib/aws-sdk-core/ecs_credentials.rb +8 -4
data/lib/aws-sdk-core/errors.rb +9 -2
data/lib/aws-sdk-core/instance_profile_credentials.rb +122 -22
data/lib/aws-sdk-core/json/json_engine.rb +10 -8
data/lib/aws-sdk-core/json/oj_engine.rb +33 -6
data/lib/aws-sdk-core/json/parser.rb +8 -0
data/lib/aws-sdk-core/json.rb +8 -26
data/lib/aws-sdk-core/log/formatter.rb +1 -1
data/lib/aws-sdk-core/log/param_filter.rb +11 -3
data/lib/aws-sdk-core/pageable_response.rb +80 -32
data/lib/aws-sdk-core/pager.rb +3 -0
data/lib/aws-sdk-core/param_validator.rb +52 -4
data/lib/aws-sdk-core/plugins/api_key.rb +3 -1
data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
data/lib/aws-sdk-core/plugins/credentials_configuration.rb +24 -7
data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +6 -6
data/lib/aws-sdk-core/plugins/http_checksum.rb +8 -1
data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +17 -0
data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +16 -1
data/lib/aws-sdk-core/plugins/recursion_detection.rb +27 -0
data/lib/aws-sdk-core/plugins/regional_endpoint.rb +48 -2
data/lib/aws-sdk-core/plugins/response_paging.rb +1 -1
data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +5 -3
data/lib/aws-sdk-core/plugins/retry_errors.rb +25 -8
data/lib/aws-sdk-core/plugins/signature_v4.rb +15 -24
data/lib/aws-sdk-core/plugins/stub_responses.rb +7 -1
data/lib/aws-sdk-core/process_credentials.rb +5 -4
data/lib/aws-sdk-core/refreshing_credentials.rb +42 -11
data/lib/aws-sdk-core/rest/request/body.rb +19 -1
data/lib/aws-sdk-core/rest/request/headers.rb +18 -6
data/lib/aws-sdk-core/rest/response/headers.rb +4 -3
data/lib/aws-sdk-core/shared_config.rb +60 -8
data/lib/aws-sdk-core/shared_credentials.rb +7 -1
data/lib/aws-sdk-core/sso_credentials.rb +141 -0
data/lib/aws-sdk-core/structure.rb +10 -1
data/lib/aws-sdk-core/stubbing/protocols/json.rb +1 -1
data/lib/aws-sdk-core/stubbing/protocols/rest.rb +1 -1
data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +1 -1
data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +0 -2
data/lib/aws-sdk-core/xml/builder.rb +2 -2
data/lib/aws-sdk-core/xml/doc_builder.rb +6 -1
data/lib/aws-sdk-core/xml/parser/engines/ox.rb +1 -1
data/lib/aws-sdk-core/xml/parser/frame.rb +23 -0
data/lib/aws-sdk-core/xml/parser.rb +5 -0
data/lib/aws-sdk-core.rb +13 -3
data/lib/aws-sdk-sso/client.rb +570 -0
data/lib/aws-sdk-sso/client_api.rb +190 -0
data/lib/aws-sdk-sso/customizations.rb +1 -0
data/lib/aws-sdk-sso/errors.rb +102 -0
data/lib/aws-sdk-sso/resource.rb +26 -0
data/lib/aws-sdk-sso/types.rb +352 -0
data/lib/aws-sdk-sso.rb +55 -0
data/lib/aws-sdk-sts/client.rb +536 -435
data/lib/aws-sdk-sts/client_api.rb +7 -1
data/lib/aws-sdk-sts/errors.rb +1 -1
data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +5 -1
data/lib/aws-sdk-sts/presigner.rb +7 -1
data/lib/aws-sdk-sts/resource.rb +1 -1
data/lib/aws-sdk-sts/types.rb +332 -193
data/lib/aws-sdk-sts.rb +8 -3
data/lib/seahorse/client/base.rb +1 -0
data/lib/seahorse/client/block_io.rb +3 -2
data/lib/seahorse/client/configuration.rb +4 -0
data/lib/seahorse/client/h2/connection.rb +15 -13
data/lib/seahorse/client/h2/handler.rb +4 -5
data/lib/seahorse/client/http/response.rb +1 -1
data/lib/seahorse/client/net_http/connection_pool.rb +10 -4
data/lib/seahorse/client/net_http/handler.rb +17 -8
data/lib/seahorse/client/net_http/patches.rb +13 -84
data/lib/seahorse/client/plugins/content_length.rb +11 -5
data/lib/seahorse/client/plugins/h2.rb +4 -1
data/lib/seahorse/client/plugins/net_http.rb +37 -3
data/lib/seahorse/client/plugins/request_callback.rb +110 -0
data/lib/seahorse/client/plugins/response_target.rb +3 -4
data/lib/seahorse/model/operation.rb +3 -0
data/lib/seahorse/model/shapes.rb +25 -0
data/lib/seahorse/util.rb +6 -1
data/lib/seahorse.rb +1 -0
metadata +26 -9

data/lib/aws-sdk-core/sso_credentials.rb ADDED Viewed

@@ -0,0 +1,141 @@
+# frozen_string_literal: true
+module Aws
+  # An auto-refreshing credential provider that works by assuming a
+  # role via {Aws::SSO::Client#get_role_credentials} using a cached access
+  # token.  This class does NOT implement the SSO login token flow - tokens
+  # must generated and refreshed separately by running `aws login` from the
+  # AWS CLI with the correct profile.
+  #
+  # For more background on AWS SSO see the official
+  # {https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html what is SSO Userguide}
+  #
+  # ## Refreshing Credentials from SSO
+  #
+  # The `SSOCredentials` will auto-refresh the AWS credentials from SSO. In
+  # addition to AWS credentials expiring after a given amount of time, the
+  # access token generated and cached from `aws login` will also expire.
+  # Once this token expires, it will not be usable to refresh AWS credentials,
+  # and another token will be needed. The SDK does not manage refreshing of
+  # the token value, but this can be done by running `aws login` with the
+  # correct profile.
+  #
+  #
+  #     # You must first run aws sso login --profile your-sso-profile
+  #     sso_credentials = Aws::SSOCredentials.new(
+  #       sso_account_id: '123456789',
+  #       sso_role_name: "role_name",
+  #       sso_region: "us-east-1",
+  #       sso_start_url: 'https://your-start-url.awsapps.com/start'
+  #     )
+  #
+  #     ec2 = Aws::EC2::Client.new(credentials: sso_credentials)
+  #
+  # If you omit `:client` option, a new {SSO::Client} object will be
+  # constructed.
+  class SSOCredentials
+    include CredentialProvider
+    include RefreshingCredentials
+    # @api private
+    SSO_REQUIRED_OPTS = [:sso_account_id, :sso_region, :sso_role_name, :sso_start_url].freeze
+    # @api private
+    SSO_LOGIN_GUIDANCE = 'The SSO session associated with this profile has '\
+    'expired or is otherwise invalid. To refresh this SSO session run '\
+    'aws sso login with the corresponding profile.'.freeze
+    # @option options [required, String] :sso_account_id The AWS account ID
+    #   that temporary AWS credentials will be resolved for
+    #
+    # @option options [required, String] :sso_region The AWS region where the
+    #   SSO directory for the given sso_start_url is hosted.
+    #
+    # @option options [required, String] :sso_role_name The corresponding
+    #   IAM role in the AWS account that temporary AWS credentials
+    #   will be resolved for.
+    #
+    # @option options [required, String] :sso_start_url The start URL is
+    #   provided by the SSO service via the console and is the URL used to
+    #   login to the SSO directory. This is also sometimes referred to as
+    #   the "User Portal URL"
+    #
+    # @option options [SSO::Client] :client Optional `SSO::Client`.  If not
+    #   provided, a client will be constructed.
+    #
+    # @option options [Callable] before_refresh Proc called before
+    #   credentials are refreshed. `before_refresh` is called
+    #   with an instance of this object when
+    #   AWS credentials are required and need to be refreshed.
+    def initialize(options = {})
+      missing_keys = SSO_REQUIRED_OPTS.select { |k| options[k].nil? }
+      unless missing_keys.empty?
+        raise ArgumentError, "Missing required keys: #{missing_keys}"
+      end
+      @sso_start_url = options.delete(:sso_start_url)
+      @sso_region = options.delete(:sso_region)
+      @sso_role_name = options.delete(:sso_role_name)
+      @sso_account_id = options.delete(:sso_account_id)
+      # validate we can read the token file
+      read_cached_token
+      client_opts = {}
+      options.each_pair { |k,v| client_opts[k] = v unless CLIENT_EXCLUDE_OPTIONS.include?(k) }
+      client_opts[:region] = @sso_region
+      client_opts[:credentials] = nil
+      @client = options[:client] || Aws::SSO::Client.new(client_opts)
+      @async_refresh = true
+      super
+    end
+    # @return [SSO::Client]
+    attr_reader :client
+    private
+    def read_cached_token
+      cached_token = Json.load(File.read(sso_cache_file))
+      # validation
+      unless cached_token['accessToken'] && cached_token['expiresAt']
+        raise ArgumentError, 'Missing required field(s)'
+      end
+      expires_at = DateTime.parse(cached_token['expiresAt'])
+      if expires_at < DateTime.now
+        raise ArgumentError, 'Cached SSO Token is expired.'
+      end
+      cached_token
+    rescue Errno::ENOENT, Aws::Json::ParseError, ArgumentError
+      raise Errors::InvalidSSOCredentials, SSO_LOGIN_GUIDANCE
+    end
+    def refresh
+      cached_token = read_cached_token
+      c = @client.get_role_credentials(
+        account_id: @sso_account_id,
+        role_name: @sso_role_name,
+        access_token: cached_token['accessToken']
+      ).role_credentials
+      @credentials = Credentials.new(
+        c.access_key_id,
+        c.secret_access_key,
+        c.session_token
+      )
+      @expiration = c.expiration
+    end
+    def sso_cache_file
+      start_url_sha1 = OpenSSL::Digest::SHA1.hexdigest(@sso_start_url.encode('utf-8'))
+      File.join(Dir.home, '.aws', 'sso', 'cache', "#{start_url_sha1}.json")
+    rescue ArgumentError
+      # Dir.home raises ArgumentError when ENV['home'] is not set
+      raise ArgumentError, "Unable to load sso_cache_file: ENV['HOME'] is not set."
+    end
+  end
+end

data/lib/aws-sdk-core/structure.rb CHANGED Viewed

@@ -70,11 +70,20 @@ module Aws
       end
     end
+    module Union
+      def member
+        self.members.select { |k| self[k] != nil }.first
+      end
+      def value
+        self[member] if member
+      end
+    end
   end
   # @api private
   class EmptyStructure < Struct.new('AwsEmptyStructure')
     include(Aws::Structure)
   end
 end

data/lib/aws-sdk-core/stubbing/protocols/json.rb CHANGED Viewed

@@ -29,7 +29,7 @@ module Aws
         private
         def content_type(api)
-          "application/x-amz-json-#{api.metadata['jsonVerison']}"
+          "application/x-amz-json-#{api.metadata['jsonVersion']}"
         end
         def build_body(operation, data)

data/lib/aws-sdk-core/stubbing/protocols/rest.rb CHANGED Viewed

@@ -120,7 +120,7 @@ module Aws
         def encode_unknown_event(opts, event_type, event_data)
           # right now h2 events are only rest_json
-          opts[:payload] = StringIO.new(JSON.dump(event_data))
+          opts[:payload] = StringIO.new(Aws::Json.dump(event_data))
           opts[:headers][':event-type'] = Aws::EventStream::HeaderValue.new(
             value: event_type.to_s,
             type: 'string'

data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Aws
     module Protocols
       class RestJson < Rest
-        def body_for(_, _, rules, data)
+        def body_for(_a, _b, rules, data)
           if eventstream?(rules)
             encode_eventstream_response(rules, data, Aws::Json::Builder)
           else

data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb CHANGED Viewed

@@ -5,8 +5,6 @@ module Aws
     module Protocols
       class RestXml < Rest
-        include Seahorse::Model::Shapes
         def body_for(api, operation, rules, data)
           if eventstream?(rules)
             encode_eventstream_response(rules, data, Xml::Builder)

data/lib/aws-sdk-core/xml/builder.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Aws
       def initialize(rules, options = {})
         @rules = rules
         @xml = options[:target] || []
-        indent = options[:indent] || '  '
+        indent = options[:indent] || ''
         pad = options[:pad] || ''
         @builder = DocBuilder.new(target: @xml, indent: indent, pad: pad)
       end
@@ -48,7 +48,7 @@ module Aws
       end
       def list(name, ref, values)
-        if ref.shape.flattened
+        if ref[:flattened] || ref.shape.flattened
           values.each do |value|
             member(ref.shape.member.location_name || name, ref.shape.member, value)
           end

data/lib/aws-sdk-core/xml/doc_builder.rb CHANGED Viewed

@@ -67,7 +67,12 @@ module Aws
       end
       def escape(string, text_or_attr)
-        string.to_s.encode(:xml => text_or_attr)
+        string.to_s
+          .encode(:xml => text_or_attr)
+          .gsub("\u{000D}", '&#xD;') # Carriage Return
+          .gsub("\u{000A}", '&#xA;') # Line Feed
+          .gsub("\u{0085}", '&#x85;') # Next Line
+          .gsub("\u{2028}", '&#x2028;') # Line Separator
       end
       def attributes(attr)

data/lib/aws-sdk-core/xml/parser/engines/ox.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module Aws
           Ox.sax_parse(
             @stack, StringIO.new(xml),
             :convert_special => true,
-            :skip => :skip_white
+            :skip => :skip_return
           )
         end

data/lib/aws-sdk-core/xml/parser/frame.rb CHANGED Viewed

@@ -95,6 +95,8 @@ module Aws
         def child_frame(xml_name)
           if @member = @members[xml_name]
             Frame.new(xml_name, self, @member[:ref])
+          elsif @ref.shape.union
+            UnknownMemberFrame.new(xml_name, self, nil, @result)
           else
             NullFrame.new(xml_name, self)
           end
@@ -106,10 +108,24 @@ module Aws
             @result[@member[:name]][child.key.result] = child.value.result
           when FlatListFrame
             @result[@member[:name]] << child.result
+          when UnknownMemberFrame
+            @result[:unknown] = { 'name' => child.path.last, 'value' => child.result }
           when NullFrame
           else
             @result[@member[:name]] = child.result
           end
+          if @ref.shape.union
+            # a union may only have one member set
+            # convert to the union subclass
+            # The default Struct created will have defaults set for all values
+            # This also sets only one of the values leaving everything else nil
+            # as required for unions
+            set_member_name = @member ? @member[:name] : :unknown
+            member_subclass = @ref.shape.member_subclass(set_member_name).new # shape.member_subclass(target.member).new
+            member_subclass[set_member_name] = @result[set_member_name]
+            @result = member_subclass
+          end
         end
         private
@@ -242,6 +258,12 @@ module Aws
         end
       end
+      class UnknownMemberFrame < Frame
+        def result
+          @text.join
+        end
+      end
       class BlobFrame < Frame
         def result
           @text.empty? ? nil : Base64.decode64(@text.join)
@@ -302,6 +324,7 @@ module Aws
         MapShape => MapFrame,
         StringShape => StringFrame,
         StructureShape => StructureFrame,
+        UnionShape => StructureFrame,
         TimestampShape => TimestampFrame,
       }

data/lib/aws-sdk-core/xml/parser.rb CHANGED Viewed

@@ -70,6 +70,11 @@ module Aws
           [:ox, :oga, :libxml, :nokogiri, :rexml].each do |name|
             @engine ||= try_load_engine(name)
           end
+          unless @engine
+            raise 'Unable to find a compatible xml library. ' \
+            'Ensure that you have installed or added to your Gemfile one of ' \
+            'ox, oga, libxml, nokogiri or rexml'
+          end
         end
         private

data/lib/aws-sdk-core.rb CHANGED Viewed

@@ -18,6 +18,7 @@ require_relative 'aws-sdk-core/ecs_credentials'
 require_relative 'aws-sdk-core/instance_profile_credentials'
 require_relative 'aws-sdk-core/shared_credentials'
 require_relative 'aws-sdk-core/process_credentials'
+require_relative 'aws-sdk-core/sso_credentials'
 # client modules
@@ -81,14 +82,23 @@ require_relative 'aws-sdk-core/endpoint_cache'
 require_relative 'aws-sdk-core/client_side_monitoring/request_metrics'
 require_relative 'aws-sdk-core/client_side_monitoring/publisher'
-# arn
+# utilities
 require_relative 'aws-sdk-core/arn'
 require_relative 'aws-sdk-core/arn_parser'
+require_relative 'aws-sdk-core/ec2_metadata'
-# aws-sdk-sts is vendored to support Aws::AssumeRoleCredentials
+# defaults
+require_relative 'aws-defaults'
-require 'aws-sdk-sts'
+# plugins
+# loaded through building STS or SSO ..
+# aws-sdk-sts is included to support Aws::AssumeRoleCredentials
+require_relative 'aws-sdk-sts'
+# aws-sdk-sso is included to support Aws::SSOCredentials
+require_relative 'aws-sdk-sso'
 module Aws