aws-sdk-core 3.109.1 → 3.111.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dbf38b341cf731a1a9fae33006863d5bb82279c1df1ebe898bf610e6c0561eca
-  data.tar.gz: e7e782991bf3d640399a2654b0716496ccf6cbc5b4dd950772032e9999d2774d
+  metadata.gz: 6c6fb1296bf2644c63bfe07b03343b2a2cce7532d320af8e32362f72ee8a40cb
+  data.tar.gz: '084be36043cfa4deb41c34de6d614bbacdb83e37ee71c56ca1588a3b5ea361b3'
 SHA512:
-  metadata.gz: c99c441bbc19e1316a61cdfb1292441a195802986bab00a473e7637ea4d911574a68bee4589989ac84e6e6587467a39a8670d71f640eb90f06d496bb03253415
-  data.tar.gz: '029b522c5c13d47b5e7af30b9f81c80c5057aacf2dfacb89ddfd5e09d992a335806a106615c7b9794966b537d93823f70ba9f65b76f3682d0283fdf19c67a4d7'
+  metadata.gz: 4ca95c4611235ec3c649caa1a3104f129e4c8303b4ae7fb9061ad6e3a2a5df443549ba2bad0b8ccbcf35baaac3c8ecd1281600cac289d7c9855117a9c64d931d
+  data.tar.gz: 933b95974041c21f3278dad0da9cf56ba7a2df678565355024189cc2b2e9d1c12f525653b93727b30b098a35b4755af3ffd6827eb8cc1fbcdccba67287d52e91

data/VERSION

@@ -1 +1 @@
-3.109.1
+3.111.1

data/lib/aws-sdk-core.rb

@@ -21,6 +21,7 @@ require_relative 'aws-sdk-core/process_credentials'
 require_relative 'aws-sdk-core/sso_credentials'
 
 # client modules
+
 require_relative 'aws-sdk-core/client_stubs'
 require_relative 'aws-sdk-core/async_client_stubs'
 require_relative 'aws-sdk-core/eager_loader'
@@ -81,10 +82,11 @@ require_relative 'aws-sdk-core/endpoint_cache'
 require_relative 'aws-sdk-core/client_side_monitoring/request_metrics'
 require_relative 'aws-sdk-core/client_side_monitoring/publisher'
 
-# arn
+# utilities
 
 require_relative 'aws-sdk-core/arn'
 require_relative 'aws-sdk-core/arn_parser'
+require_relative 'aws-sdk-core/ec2_metadata'
 
 # aws-sdk-sts is included to support Aws::AssumeRoleCredentials
 require 'aws-sdk-sts'

data/lib/aws-sdk-core/ec2_metadata.rb

@@ -0,0 +1,218 @@
+# frozen_string_literal: true
+
+require 'time'
+require 'net/http'
+
+module Aws
+  # A client that can query version 2 of the EC2 Instance Metadata
+  class EC2Metadata
+    # Path for PUT request for token
+    # @api private
+    METADATA_TOKEN_PATH = '/latest/api/token'.freeze
+
+    # Raised when the PUT request is not valid. This would be thrown if
+    # `token_ttl` is not an Integer.
+    # @api private
+    class TokenRetrievalError < RuntimeError; end
+
+    # Token has expired, and the request can be retried with a new token.
+    # @api private
+    class TokenExpiredError < RuntimeError; end
+
+    # The requested metadata path does not exist.
+    # @api private
+    class MetadataNotFoundError < RuntimeError; end
+
+    # The request is not allowed or IMDS is turned off.
+    # @api private
+    class RequestForbiddenError < RuntimeError; end
+
+    # Creates a client that can query version 2 of the EC2 Instance Metadata
+    #   service (IMDS).
+    #
+    # @note Customers using containers may need to increase their hop limit
+    #   to access IMDSv2.
+    # @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html#instance-metadata-transition-to-version-2
+    #
+    # @param [Hash] options
+    # @option options [Integer] :token_ttl (21600) The session token's TTL,
+    #   defaulting to 6 hours.
+    # @option options [Integer] :retries (3) The number of retries for failed
+    #   requests.
+    # @option options [String] :endpoint (169.254.169.254) The IMDS endpoint.
+    # @option options [Integer] :port (80) The IMDS endpoint port.
+    # @option options [Integer] :http_open_timeout (1) The number of seconds to
+    #   wait for the connection to open.
+    # @option options [Integer] :http_read_timeout (1) The number of seconds for
+    #   one chunk of data to be read.
+    # @option options [IO] :http_debug_output An output stream for debugging. Do
+    #   not use this in production.
+    # @option options [Integer,Proc] :backoff A backoff used for retryable
+    #   requests. When given an Integer, it sleeps that amount. When given a
+    #   Proc, it is called with the current number of failed retries.
+    def initialize(options = {})
+      @token_ttl = options[:token_ttl] || 21_600
+      @retries = options[:retries] || 3
+      @backoff = backoff(options[:backoff])
+
+      @endpoint = options[:endpoint] || '169.254.169.254'
+      @port = options[:port] || 80
+
+      @http_open_timeout = options[:http_open_timeout] || 1
+      @http_read_timeout = options[:http_read_timeout] || 1
+      @http_debug_output = options[:http_debug_output]
+
+      @token = nil
+      @mutex = Mutex.new
+    end
+
+    # Fetches a given metadata category using a String path, and returns the
+    #   result as a String. A path starts with the API version (usually
+    #   "/latest/"). See the instance data categories for possible paths.
+    #
+    # @example Fetching the instance ID
+    #
+    #   ec2_metadata = Aws::EC2Metadata.new
+    #   ec2_metadata.get('/latest/meta-data/instance-id')
+    #   => "i-023a25f10a73a0f79"
+    #
+    # @Note This implementation always returns a String and will not parse any
+    #   responses. Parsable responses may include JSON objects or directory
+    #   listings, which are strings separated by line feeds (ASCII 10).
+    #
+    # @example Fetching and parsing JSON meta-data
+    #
+    #   require 'json'
+    #   data = ec2_metadata.get('/latest/dynamic/instance-identity/document')
+    #   JSON.parse(data)
+    #   => {"accountId"=>"012345678912", ... }
+    #
+    # @example Fetching and parsing directory listings
+    #
+    #   listing = ec2_metadata.get('/latest/meta-data')
+    #   listing.split(10.chr)
+    #   => ["ami-id", "ami-launch-index", ...]
+    #
+    # @Note Unlike other services, IMDS does not have a service API model. This
+    #   means that we cannot confidently generate code with methods and
+    #   response structures. This implementation ensures that new IMDS features
+    #   are always supported by being deployed to the instance and does not
+    #   require code changes.
+    #
+    # @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-categories.html
+    # @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html
+    # @param [String] path The full path to the metadata.
+    def get(path)
+      retry_errors(max_retries: @retries) do
+        @mutex.synchronize do
+          fetch_token unless @token && !@token.expired?
+        end
+
+        open_connection do |conn|
+          http_get(conn, path, @token.value)
+        end
+      end
+    end
+
+    private
+
+    def fetch_token
+      open_connection do |conn|
+        token_value, token_ttl = http_put(conn, @token_ttl)
+        @token = Token.new(value: token_value, ttl: token_ttl)
+      end
+    end
+
+    def http_get(connection, path, token)
+      headers = {
+        'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}",
+        'x-aws-ec2-metadata-token' => token
+      }
+      request = Net::HTTP::Get.new(path, headers)
+      response = connection.request(request)
+
+      case response.code.to_i
+      when 200
+        response.body
+      when 401
+        raise TokenExpiredError
+      when 404
+        raise MetadataNotFoundError
+      end
+    end
+
+    def http_put(connection, ttl)
+      headers = {
+        'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}",
+        'x-aws-ec2-metadata-token-ttl-seconds' => ttl.to_s
+      }
+      request = Net::HTTP::Put.new(METADATA_TOKEN_PATH, headers)
+      response = connection.request(request)
+
+      case response.code.to_i
+      when 200
+        [
+          response.body,
+          response.header['x-aws-ec2-metadata-token-ttl-seconds'].to_i
+        ]
+      when 400
+        raise TokenRetrievalError
+      when 403
+        raise RequestForbiddenError
+      end
+    end
+
+    def open_connection
+      http = Net::HTTP.new(@endpoint, @port, nil)
+      http.open_timeout = @http_open_timeout
+      http.read_timeout = @http_read_timeout
+      http.set_debug_output(@http_debug_output) if @http_debug_output
+      http.start
+      yield(http).tap { http.finish }
+    end
+
+    def retry_errors(options = {}, &_block)
+      max_retries = options[:max_retries]
+      retries = 0
+      begin
+        yield
+      # These errors should not be retried.
+      rescue TokenRetrievalError, MetadataNotFoundError, RequestForbiddenError
+        raise
+      # StandardError is not ideal but it covers Net::HTTP errors.
+      # https://gist.github.com/tenderlove/245188
+      rescue StandardError, TokenExpiredError
+        raise unless retries < max_retries
+
+        @backoff.call(retries)
+        retries += 1
+        retry
+      end
+    end
+
+    def backoff(backoff)
+      case backoff
+      when Proc then backoff
+      when Numeric then ->(_) { Kernel.sleep(backoff) }
+      else ->(num_failures) { Kernel.sleep(1.2**num_failures) }
+      end
+    end
+
+    # @api private
+    class Token
+      def initialize(options = {})
+        @ttl   = options[:ttl]
+        @value = options[:value]
+        @created_time = Time.now
+      end
+
+      # [String] Returns the token value.
+      attr_reader :value
+
+      # [Boolean] Returns true if the token expired.
+      def expired?
+        Time.now - @created_time > @ttl
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/json/json_engine.rb

@@ -2,14 +2,14 @@
 
 module Aws
   module Json
-    class OjEngine
+    class JSONEngine
 
       def self.load(json)
-        Oj.load(json)
+        JSON.load(json)
       end
 
       def self.dump(value)
-        Oj.dump(value)
+        JSON.dump(value)
       end
 
     end

data/lib/aws-sdk-core/json/oj_engine.rb

@@ -2,14 +2,14 @@
 
 module Aws
   module Json
-    class JSONEngine
+    class OjEngine
 
       def self.load(json)
-        JSON.load(json)
+        Oj.load(json)
       end
 
       def self.dump(value)
-        JSON.dump(value)
+        Oj.dump(value)
       end
 
     end

data/lib/aws-sdk-core/pageable_response.rb

@@ -49,8 +49,8 @@ module Aws
   module PageableResponse
 
     def self.extended(base)
-      base.send(:extend, Enumerable)
-      base.send(:extend, UnsafeEnumerableMethods)
+      base.extend Enumerable
+      base.extend UnsafeEnumerableMethods
       base.instance_variable_set("@last_page", nil)
       base.instance_variable_set("@more_results", nil)
     end

data/lib/aws-sdk-core/plugins/retry_errors.rb

@@ -176,11 +176,12 @@ a clock skew correction and retry requests with skewed client clocks.
       end
 
       def self.resolve_max_attempts(cfg)
-        value = (ENV['AWS_MAX_ATTEMPTS'] && ENV['AWS_MAX_ATTEMPTS'].to_i) ||
+        value = (ENV['AWS_MAX_ATTEMPTS']) ||
                 Aws.shared_config.max_attempts(profile: cfg.profile) ||
-                3
+                '3'
+        value = value.to_i
         # Raise if provided value is not a positive integer
-        if !value.is_a?(Integer) || value <= 0
+        if value <= 0
           raise ArgumentError,
             'Must provide a positive integer for max_attempts profile '\
             'option or for ENV[\'AWS_MAX_ATTEMPTS\']'

data/lib/aws-sdk-core/sso_credentials.rb

@@ -4,11 +4,11 @@ module Aws
   # An auto-refreshing credential provider that works by assuming a
   # role via {Aws::SSO::Client#get_role_credentials} using a cached access
   # token.  This class does NOT implement the SSO login token flow - tokens
-  # must generated and refreshed separately by running `aws login` with the
-  # correct profile.
+  # must generated and refreshed separately by running `aws login` from the
+  # AWS CLI with the correct profile.
   #
   # For more background on AWS SSO see the official
-  # [what is SSO](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html]
+  # {what is SSO}[https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html]
   # page.
   #
   # ## Refreshing Credentials from SSO
@@ -20,13 +20,29 @@ module Aws
   # and another token will be needed. The SDK does not manage refreshing of
   # the token value, but this can be done by running `aws login` with the
   # correct profile.
+  #
+  #
+  #     # You must first run aws sso login --profile your-sso-profile
+  #     sso_credentials = Aws::SSOCredentials.new(
+  #       sso_account_id: '123456789',
+  #       sso_role_name: "role_name",
+  #       sso_region: "us-east-1",
+  #       sso_start_url: 'https://your-start-url.awsapps.com/start'
+  #     )
+  #
+  #     ec2 = Aws::EC2::Client.new(credentials: sso_credentials)
+  #
+  # If you omit `:client` option, a new {SSO::Client} object will be
+  # constructed.
   class SSOCredentials
 
     include CredentialProvider
     include RefreshingCredentials
 
+    # @api private
     SSO_REQUIRED_OPTS = [:sso_account_id, :sso_region, :sso_role_name, :sso_start_url].freeze
 
+    # @api private
     SSO_LOGIN_GUIDANCE = 'The SSO session associated with this profile has '\
     'expired or is otherwise invalid. To refresh this SSO session run '\
     'aws sso login with the corresponding profile.'.freeze
@@ -45,7 +61,7 @@ module Aws
     #   provided by the SSO service via the console and is the URL used to
     #   login to the SSO directory. This is also sometimes referred to as
     #   the "User Portal URL"
-
+    #
     # @option options [SSO::Client] :client Optional `SSO::Client`.  If not
     #   provided, a client will be constructed.
     def initialize(options = {})
@@ -65,11 +81,11 @@ module Aws
 
       options[:region] = @sso_region
       options[:credentials] = nil
-      @client = options[:client] || SSO::Client.new(options)
+      @client = options[:client] || Aws::SSO::Client.new(options)
       super
     end
 
-    # @return [STS::Client]
+    # @return [SSO::Client]
     attr_reader :client
 
     private

data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb

@@ -5,7 +5,7 @@ module Aws
     module Protocols
       class RestJson < Rest
 
-        def body_for(_, _, rules, data)
+        def body_for(_a, _b, rules, data)
           if eventstream?(rules)
             encode_eventstream_response(rules, data, Aws::Json::Builder)
           else

data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb

@@ -5,8 +5,6 @@ module Aws
     module Protocols
       class RestXml < Rest
 
-        include Seahorse::Model::Shapes
-
         def body_for(api, operation, rules, data)
           if eventstream?(rules)
             encode_eventstream_response(rules, data, Xml::Builder)

data/lib/aws-sdk-core/xml/builder.rb

@@ -48,7 +48,7 @@ module Aws
       end
 
       def list(name, ref, values)
-        if ref.shape.flattened
+        if ref[:flattened] || ref.shape.flattened
           values.each do |value|
             member(ref.shape.member.location_name || name, ref.shape.member, value)
           end

data/lib/aws-sdk-core/xml/parser.rb

@@ -70,6 +70,11 @@ module Aws
           [:ox, :oga, :libxml, :nokogiri, :rexml].each do |name|
             @engine ||= try_load_engine(name)
           end
+          unless @engine
+            raise 'Unable to find a compatible xml library. ' \
+            'Ensure that you have installed or added to your Gemfile one of ' \
+            'ox, oga, libxml, nokogiri or rexml'
+          end
         end
 
         private

data/lib/aws-sdk-core/xml/parser/engines/rexml.rb

@@ -1,8 +1,16 @@
 # frozen_string_literal: true
 
+use_system_rexml = ((RUBY_VERSION <=> "2.0.0") < 0)
+if use_system_rexml
+  require "rbconfig"
+  $LOAD_PATH.unshift(RbConfig::CONFIG["rubylibdir"])
+end
+
 require 'rexml/document'
 require 'rexml/streamlistener'
 
+$LOAD_PATH.shift if use_system_rexml
+
 module Aws
   module Xml
     class Parser

data/lib/aws-sdk-sso.rb

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
 
-  GEM_VERSION = '3.109.1'
+  GEM_VERSION = '3.111.1'
 
 end

data/lib/aws-sdk-sso/client.rb

@@ -523,7 +523,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.109.1'
+      context[:gem_version] = '3.111.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts.rb

@@ -8,6 +8,10 @@
 # WARNING ABOUT GENERATED CODE
 
 
+unless Module.const_defined?(:Aws)
+  require 'aws-sdk-core'
+  require 'aws-sigv4'
+end
 
 require_relative 'aws-sdk-sts/types'
 require_relative 'aws-sdk-sts/client_api'
@@ -46,6 +50,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @!group service
 module Aws::STS
 
-  GEM_VERSION = '3.109.1'
+  GEM_VERSION = '3.111.1'
 
 end

data/lib/aws-sdk-sts/client.rb

@@ -2204,7 +2204,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.109.1'
+      context[:gem_version] = '3.111.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/seahorse/client/h2/connection.rb

@@ -75,7 +75,7 @@ module Seahorse
         def connect(endpoint)
           @mutex.synchronize {
             if @status == :ready
-              tcp, addr = _tcp_socket(endpoint) 
+              tcp, addr = _tcp_socket(endpoint)
               debug_output("opening connection to #{endpoint.host}:#{endpoint.port} ...")
               _nonblocking_connect(tcp, addr)
               debug_output('opened')
@@ -245,4 +245,3 @@ module Seahorse
     end
   end
 end
-

data/lib/seahorse/client/net_http/handler.rb

@@ -25,7 +25,8 @@ module Seahorse
           SocketError, EOFError, IOError, Timeout::Error,
           Errno::ECONNABORTED, Errno::ECONNRESET, Errno::EPIPE,
           Errno::EINVAL, Errno::ETIMEDOUT, OpenSSL::SSL::SSLError,
-          Errno::EHOSTUNREACH, Errno::ECONNREFUSED
+          Errno::EHOSTUNREACH, Errno::ECONNREFUSED,
+          Net::HTTPFatalError # for proxy connection failures
         ]
 
         # does not exist in Ruby 1.9.3

data/lib/seahorse/client/plugins/response_target.rb

@@ -27,7 +27,6 @@ module Seahorse
           private
 
           def add_event_listeners(context, target)
-            handler = self
             context.http_response.on_headers(200..299) do
               # In a fresh response body will be a StringIO
               # However, when a request is retried we may have

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.109.1
+  version: 3.111.1
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-05 00:00:00.000000000 Z
+date: 2021-01-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath
@@ -108,6 +108,7 @@ files:
 - lib/aws-sdk-core/credentials.rb
 - lib/aws-sdk-core/deprecations.rb
 - lib/aws-sdk-core/eager_loader.rb
+- lib/aws-sdk-core/ec2_metadata.rb
 - lib/aws-sdk-core/ecs_credentials.rb
 - lib/aws-sdk-core/endpoint_cache.rb
 - lib/aws-sdk-core/errors.rb