aws-sdk-core 3.114.1 → 3.130.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (67) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +216 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-defaults/default_configuration.rb +153 -0
  5. data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
  6. data/lib/aws-defaults.rb +3 -0
  7. data/lib/aws-sdk-core/assume_role_credentials.rb +19 -0
  8. data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +7 -1
  9. data/lib/aws-sdk-core/client_stubs.rb +5 -1
  10. data/lib/aws-sdk-core/credential_provider_chain.rb +2 -1
  11. data/lib/aws-sdk-core/ec2_metadata.rb +27 -7
  12. data/lib/aws-sdk-core/ecs_credentials.rb +5 -0
  13. data/lib/aws-sdk-core/errors.rb +5 -1
  14. data/lib/aws-sdk-core/instance_profile_credentials.rb +119 -18
  15. data/lib/aws-sdk-core/json/json_engine.rb +10 -8
  16. data/lib/aws-sdk-core/json/oj_engine.rb +33 -6
  17. data/lib/aws-sdk-core/json/parser.rb +8 -0
  18. data/lib/aws-sdk-core/json.rb +8 -26
  19. data/lib/aws-sdk-core/log/param_filter.rb +9 -1
  20. data/lib/aws-sdk-core/pageable_response.rb +72 -26
  21. data/lib/aws-sdk-core/pager.rb +3 -0
  22. data/lib/aws-sdk-core/param_validator.rb +29 -0
  23. data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
  24. data/lib/aws-sdk-core/plugins/credentials_configuration.rb +3 -1
  25. data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
  26. data/lib/aws-sdk-core/plugins/http_checksum.rb +8 -1
  27. data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +17 -0
  28. data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +16 -1
  29. data/lib/aws-sdk-core/plugins/recursion_detection.rb +27 -0
  30. data/lib/aws-sdk-core/plugins/regional_endpoint.rb +47 -1
  31. data/lib/aws-sdk-core/plugins/response_paging.rb +1 -1
  32. data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +5 -3
  33. data/lib/aws-sdk-core/plugins/retry_errors.rb +21 -5
  34. data/lib/aws-sdk-core/plugins/signature_v4.rb +15 -24
  35. data/lib/aws-sdk-core/plugins/stub_responses.rb +5 -1
  36. data/lib/aws-sdk-core/process_credentials.rb +3 -2
  37. data/lib/aws-sdk-core/refreshing_credentials.rb +40 -11
  38. data/lib/aws-sdk-core/rest/request/body.rb +19 -1
  39. data/lib/aws-sdk-core/rest/request/headers.rb +18 -6
  40. data/lib/aws-sdk-core/rest/response/headers.rb +3 -1
  41. data/lib/aws-sdk-core/shared_config.rb +27 -8
  42. data/lib/aws-sdk-core/shared_credentials.rb +7 -1
  43. data/lib/aws-sdk-core/sso_credentials.rb +8 -3
  44. data/lib/aws-sdk-core/structure.rb +10 -1
  45. data/lib/aws-sdk-core/xml/parser/engines/ox.rb +1 -1
  46. data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +0 -8
  47. data/lib/aws-sdk-core/xml/parser/frame.rb +23 -0
  48. data/lib/aws-sdk-core.rb +6 -0
  49. data/lib/aws-sdk-sso/client.rb +27 -5
  50. data/lib/aws-sdk-sso.rb +1 -1
  51. data/lib/aws-sdk-sts/client.rb +424 -415
  52. data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +5 -1
  53. data/lib/aws-sdk-sts/presigner.rb +7 -1
  54. data/lib/aws-sdk-sts/types.rb +199 -181
  55. data/lib/aws-sdk-sts.rb +1 -1
  56. data/lib/seahorse/client/configuration.rb +4 -0
  57. data/lib/seahorse/client/h2/connection.rb +14 -11
  58. data/lib/seahorse/client/h2/handler.rb +4 -5
  59. data/lib/seahorse/client/net_http/connection_pool.rb +7 -0
  60. data/lib/seahorse/client/net_http/handler.rb +15 -7
  61. data/lib/seahorse/client/net_http/patches.rb +13 -84
  62. data/lib/seahorse/client/plugins/content_length.rb +11 -5
  63. data/lib/seahorse/client/plugins/net_http.rb +33 -2
  64. data/lib/seahorse/model/operation.rb +3 -0
  65. data/lib/seahorse/model/shapes.rb +25 -0
  66. metadata +11 -6
  67. data/lib/aws-sdk-sso/plugins/content_type.rb +0 -25
@@ -0,0 +1,340 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ module Plugins
5
+ # @api private
6
+ class ChecksumAlgorithm < Seahorse::Client::Plugin
7
+ CHUNK_SIZE = 1 * 1024 * 1024 # one MB
8
+
9
+ # determine the set of supported client side checksum algorithms
10
+ # CRC32c requires aws-crt (optional sdk dependency) for support
11
+ CLIENT_ALGORITHMS = begin
12
+ supported = %w[SHA256 SHA1 CRC32]
13
+ begin
14
+ require 'aws-crt'
15
+ supported << 'CRC32C'
16
+ rescue LoadError
17
+ end
18
+ supported
19
+ end.freeze
20
+
21
+ # priority order of checksum algorithms to validate responses against
22
+ # Remove any algorithms not supported by client (ie, depending on CRT availability)
23
+ CHECKSUM_ALGORITHM_PRIORITIES = %w[CRC32C SHA1 CRC32 SHA256] & CLIENT_ALGORITHMS
24
+
25
+ # byte size of checksums, used in computing the trailer length
26
+ CHECKSUM_SIZE = {
27
+ 'CRC32' => 16,
28
+ 'CRC32C' => 16,
29
+ 'SHA1' => 36,
30
+ 'SHA256' => 52
31
+ }
32
+
33
+ # Interface for computing digests on request/response bodies
34
+ # which may be files, strings or IO like objects
35
+ # Applies only to digest functions that produce 32 bit integer checksums
36
+ # (eg CRC32)
37
+ class Digest32
38
+
39
+ attr_reader :value
40
+
41
+ # @param [Object] digest_fn
42
+ def initialize(digest_fn)
43
+ @digest_fn = digest_fn
44
+ @value = 0
45
+ end
46
+
47
+ def update(chunk)
48
+ @value = @digest_fn.call(chunk, @value)
49
+ end
50
+
51
+ def base64digest
52
+ Base64.encode64([@value].pack('N')).chomp
53
+ end
54
+ end
55
+
56
+ def add_handlers(handlers, _config)
57
+ handlers.add(OptionHandler, step: :initialize)
58
+ # priority set low to ensure checksum is computed AFTER the request is
59
+ # built but before it is signed
60
+ handlers.add(ChecksumHandler, priority: 15, step: :build)
61
+ end
62
+
63
+ private
64
+
65
+ def self.request_algorithm_selection(context)
66
+ return unless context.operation.http_checksum
67
+
68
+ input_member = context.operation.http_checksum['requestAlgorithmMember']
69
+ context.params[input_member.to_sym]&.upcase if input_member
70
+ end
71
+
72
+ def self.request_validation_mode(context)
73
+ return unless context.operation.http_checksum
74
+
75
+ input_member = context.operation.http_checksum['requestValidationModeMember']
76
+ context.params[input_member.to_sym] if input_member
77
+ end
78
+
79
+ def self.operation_response_algorithms(context)
80
+ return unless context.operation.http_checksum
81
+
82
+ context.operation.http_checksum['responseAlgorithms']
83
+ end
84
+
85
+
86
+ # @api private
87
+ class OptionHandler < Seahorse::Client::Handler
88
+ def call(context)
89
+ context[:http_checksum] ||= {}
90
+
91
+ # validate request configuration
92
+ if (request_input = ChecksumAlgorithm.request_algorithm_selection(context))
93
+ unless CLIENT_ALGORITHMS.include? request_input
94
+ if (request_input == 'CRC32C')
95
+ raise ArgumentError, "CRC32C requires crt support - install the aws-crt gem for support."
96
+ else
97
+ raise ArgumentError, "#{request_input} is not a supported checksum algorithm."
98
+ end
99
+ end
100
+ end
101
+
102
+ # validate response configuration
103
+ if (ChecksumAlgorithm.request_validation_mode(context))
104
+ # Compute an ordered list as the union between priority supported and the
105
+ # operation's modeled response algorithms.
106
+ validation_list = CHECKSUM_ALGORITHM_PRIORITIES &
107
+ ChecksumAlgorithm.operation_response_algorithms(context)
108
+ context[:http_checksum][:validation_list] = validation_list
109
+ end
110
+
111
+ @handler.call(context)
112
+ end
113
+ end
114
+
115
+ # @api private
116
+ class ChecksumHandler < Seahorse::Client::Handler
117
+
118
+ def call(context)
119
+ if should_calculate_request_checksum?(context)
120
+ request_algorithm_input = ChecksumAlgorithm.request_algorithm_selection(context)
121
+ context[:checksum_algorithms] = request_algorithm_input
122
+
123
+ request_checksum_property = {
124
+ 'algorithm' => request_algorithm_input,
125
+ 'in' => checksum_request_in(context),
126
+ 'name' => "x-amz-checksum-#{request_algorithm_input.downcase}"
127
+ }
128
+
129
+ calculate_request_checksum(context, request_checksum_property)
130
+ end
131
+
132
+ if should_verify_response_checksum?(context)
133
+ add_verify_response_checksum_handlers(context)
134
+ end
135
+
136
+ @handler.call(context)
137
+ end
138
+
139
+ private
140
+
141
+ def should_calculate_request_checksum?(context)
142
+ context.operation.http_checksum &&
143
+ ChecksumAlgorithm.request_algorithm_selection(context)
144
+ end
145
+
146
+ def should_verify_response_checksum?(context)
147
+ context[:http_checksum][:validation_list] && !context[:http_checksum][:validation_list].empty?
148
+ end
149
+
150
+ def calculate_request_checksum(context, checksum_properties)
151
+ case checksum_properties['in']
152
+ when 'header'
153
+ header_name = checksum_properties['name']
154
+ body = context.http_request.body_contents
155
+ if body
156
+ context.http_request.headers[header_name] ||=
157
+ ChecksumAlgorithm.calculate_checksum(checksum_properties['algorithm'], body)
158
+ end
159
+ when 'trailer'
160
+ apply_request_trailer_checksum(context, checksum_properties)
161
+ end
162
+ end
163
+
164
+ def apply_request_trailer_checksum(context, checksum_properties)
165
+ location_name = checksum_properties['name']
166
+
167
+ # set required headers
168
+ headers = context.http_request.headers
169
+ headers['Content-Encoding'] = 'aws-chunked'
170
+ headers['X-Amz-Content-Sha256'] = 'STREAMING-UNSIGNED-PAYLOAD-TRAILER'
171
+ headers['X-Amz-Trailer'] = location_name
172
+
173
+ # We currently always compute the size in the modified body wrapper - allowing us
174
+ # to set the Content-Length header (set by content_length plugin).
175
+ # This means we cannot use Transfer-Encoding=chunked
176
+
177
+ if !context.http_request.body.respond_to?(:size)
178
+ raise Aws::Errors::ChecksumError, 'Could not determine length of the body'
179
+ end
180
+ headers['X-Amz-Decoded-Content-Length'] = context.http_request.body.size
181
+
182
+ context.http_request.body = AwsChunkedTrailerDigestIO.new(
183
+ context.http_request.body,
184
+ checksum_properties['algorithm'],
185
+ location_name
186
+ )
187
+ end
188
+
189
+ # Add events to the http_response to verify the checksum as its read
190
+ # This prevents the body from being read multiple times
191
+ # verification is done only once a successful response has completed
192
+ def add_verify_response_checksum_handlers(context)
193
+ http_response = context.http_response
194
+ checksum_context = { }
195
+ http_response.on_headers do |_status, headers|
196
+ header_name, algorithm = response_header_to_verify(headers, context[:http_checksum][:validation_list])
197
+ if header_name
198
+ expected = headers[header_name]
199
+
200
+ unless context[:http_checksum][:skip_on_suffix] && /-[\d]+$/.match(expected)
201
+ checksum_context[:algorithm] = algorithm
202
+ checksum_context[:header_name] = header_name
203
+ checksum_context[:digest] = ChecksumAlgorithm.digest_for_algorithm(algorithm)
204
+ checksum_context[:expected] = expected
205
+ end
206
+ end
207
+ end
208
+
209
+ http_response.on_data do |chunk|
210
+ checksum_context[:digest].update(chunk) if checksum_context[:digest]
211
+ end
212
+
213
+ http_response.on_success do
214
+ if checksum_context[:digest] &&
215
+ (computed = checksum_context[:digest].base64digest)
216
+
217
+ if computed != checksum_context[:expected]
218
+ raise Aws::Errors::ChecksumError,
219
+ "Checksum validation failed on #{checksum_context[:header_name]} "\
220
+ "computed: #{computed}, expected: #{checksum_context[:expected]}"
221
+ end
222
+
223
+ context[:http_checksum][:validated] = checksum_context[:algorithm]
224
+ end
225
+ end
226
+ end
227
+
228
+ # returns nil if no headers to verify
229
+ def response_header_to_verify(headers, validation_list)
230
+ validation_list.each do |algorithm|
231
+ header_name = "x-amz-checksum-#{algorithm}"
232
+ return [header_name, algorithm] if headers[header_name]
233
+ end
234
+ nil
235
+ end
236
+
237
+ # determine where (header vs trailer) a request checksum should be added
238
+ def checksum_request_in(context)
239
+ if context.operation['authtype'].eql?('v4-unsigned-body')
240
+ 'trailer'
241
+ else
242
+ 'header'
243
+ end
244
+ end
245
+
246
+ end
247
+
248
+ def self.calculate_checksum(algorithm, body)
249
+ digest = ChecksumAlgorithm.digest_for_algorithm(algorithm)
250
+ if body.respond_to?(:read)
251
+ ChecksumAlgorithm.update_in_chunks(digest, body)
252
+ else
253
+ digest.update(body)
254
+ end
255
+ digest.base64digest
256
+ end
257
+
258
+ def self.digest_for_algorithm(algorithm)
259
+ case algorithm
260
+ when 'CRC32'
261
+ Digest32.new(Zlib.method(:crc32))
262
+ when 'CRC32C'
263
+ # this will only be used if input algorithm is CRC32C AND client supports it (crt available)
264
+ Digest32.new(Aws::Crt::Checksums.method(:crc32c))
265
+ when 'SHA1'
266
+ Digest::SHA1.new
267
+ when 'SHA256'
268
+ Digest::SHA256.new
269
+ end
270
+ end
271
+
272
+ # The trailer size (in bytes) is the overhead + the trailer name +
273
+ # the length of the base64 encoded checksum
274
+ def self.trailer_length(algorithm, location_name)
275
+ CHECKSUM_SIZE[algorithm] + location_name.size
276
+ end
277
+
278
+ def self.update_in_chunks(digest, io)
279
+ loop do
280
+ chunk = io.read(CHUNK_SIZE)
281
+ break unless chunk
282
+ digest.update(chunk)
283
+ end
284
+ io.rewind
285
+ end
286
+
287
+ # Wrapper for request body that implements application-layer
288
+ # chunking with Digest computed on chunks + added as a trailer
289
+ class AwsChunkedTrailerDigestIO
290
+ CHUNK_SIZE = 16384
291
+
292
+ def initialize(io, algorithm, location_name)
293
+ @io = io
294
+ @location_name = location_name
295
+ @algorithm = algorithm
296
+ @digest = ChecksumAlgorithm.digest_for_algorithm(algorithm)
297
+ @trailer_io = nil
298
+ end
299
+
300
+ # the size of the application layer aws-chunked + trailer body
301
+ def size
302
+ # compute the number of chunks
303
+ # a full chunk has 4 + 4 bytes overhead, a partial chunk is len.to_s(16).size + 4
304
+ orig_body_size = @io.size
305
+ n_full_chunks = orig_body_size / CHUNK_SIZE
306
+ partial_bytes = orig_body_size % CHUNK_SIZE
307
+ chunked_body_size = n_full_chunks * (CHUNK_SIZE + 8)
308
+ chunked_body_size += partial_bytes.to_s(16).size + partial_bytes + 4 unless partial_bytes.zero?
309
+ trailer_size = ChecksumAlgorithm.trailer_length(@algorithm, @location_name)
310
+ chunked_body_size + trailer_size
311
+ end
312
+
313
+ def rewind
314
+ @io.rewind
315
+ end
316
+
317
+ def read(length, buf)
318
+ # account for possible leftover bytes at the end, if we have trailer bytes, send them
319
+ if @trailer_io
320
+ return @trailer_io.read(length, buf)
321
+ end
322
+
323
+ chunk = @io.read(length)
324
+ if chunk
325
+ @digest.update(chunk)
326
+ application_chunked = "#{chunk.bytesize.to_s(16)}\r\n#{chunk}\r\n"
327
+ return StringIO.new(application_chunked).read(application_chunked.size, buf)
328
+ else
329
+ trailers = {}
330
+ trailers[@location_name] = @digest.base64digest
331
+ trailers = trailers.map { |k,v| "#{k}:#{v}"}.join("\r\n")
332
+ @trailer_io = StringIO.new("0\r\n#{trailers}\r\n\r\n")
333
+ chunk = @trailer_io.read(length, buf)
334
+ end
335
+ chunk
336
+ end
337
+ end
338
+ end
339
+ end
340
+ end
@@ -64,7 +64,9 @@ locations will be searched for credentials:
64
64
  * EC2/ECS IMDS instance profile - When used by default, the timeouts
65
65
  are very aggressive. Construct and pass an instance of
66
66
  `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
67
- enable retries and extended timeouts.
67
+ enable retries and extended timeouts. Instance profile credential
68
+ fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
69
+ to true.
68
70
  DOCS
69
71
  ) do |config|
70
72
  CredentialProviderChain.new(config).resolve
@@ -0,0 +1,40 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ # @api private
5
+ module Plugins
6
+ # @api private
7
+ class DefaultsMode < Seahorse::Client::Plugin
8
+
9
+ option(:defaults_mode,
10
+ default: 'legacy',
11
+ doc_type: String,
12
+ docstring: <<-DOCS
13
+ See {Aws::DefaultsModeConfiguration} for a list of the
14
+ accepted modes and the configuration defaults that are included.
15
+ DOCS
16
+ ) do |cfg|
17
+ resolve_defaults_mode(cfg)
18
+ end
19
+
20
+ option(:defaults_mode_config_resolver,
21
+ doc_type: 'Aws::DefaultsModeConfigResolver') do |cfg|
22
+ Aws::DefaultsModeConfigResolver.new(
23
+ Aws::DefaultsModeConfiguration::SDK_DEFAULT_CONFIGURATION, cfg)
24
+ end
25
+
26
+ class << self
27
+ private
28
+
29
+ def resolve_defaults_mode(cfg)
30
+ value = ENV['AWS_DEFAULTS_MODE']
31
+ value ||= Aws.shared_config.defaults_mode(
32
+ profile: cfg.profile
33
+ )
34
+ value&.downcase || "legacy"
35
+ end
36
+ end
37
+
38
+ end
39
+ end
40
+ end
@@ -11,7 +11,8 @@ module Aws
11
11
  CHUNK_SIZE = 1 * 1024 * 1024 # one MB
12
12
 
13
13
  def call(context)
14
- if context.operation.http_checksum_required
14
+ if checksum_required?(context) &&
15
+ !context[:checksum_algorithms] # skip in favor of flexible checksum
15
16
  body = context.http_request.body
16
17
  context.http_request.headers['Content-Md5'] ||= md5(body)
17
18
  end
@@ -20,6 +21,12 @@ module Aws
20
21
 
21
22
  private
22
23
 
24
+ def checksum_required?(context)
25
+ context.operation.http_checksum_required ||
26
+ (context.operation.http_checksum &&
27
+ context.operation.http_checksum['requestChecksumRequired'])
28
+ end
29
+
23
30
  # @param [File, Tempfile, IO#read, String] value
24
31
  # @return [String<MD5>]
25
32
  def md5(value)
@@ -4,9 +4,26 @@ module Aws
4
4
  module Plugins
5
5
  module Protocols
6
6
  class ApiGateway < Seahorse::Client::Plugin
7
+
8
+ class ContentTypeHandler < Seahorse::Client::Handler
9
+ def call(context)
10
+ body = context.http_request.body
11
+ # Rest::Handler will set a default JSON body, so size can be checked
12
+ # if this handler is run after serialization.
13
+ if !body.respond_to?(:size) ||
14
+ (body.respond_to?(:size) && body.size > 0)
15
+ context.http_request.headers['Content-Type'] ||=
16
+ 'application/json'
17
+ end
18
+ @handler.call(context)
19
+ end
20
+ end
21
+
7
22
  handler(Rest::Handler)
23
+ handler(ContentTypeHandler, priority: 30)
8
24
  handler(Json::ErrorHandler, step: :sign)
9
25
  end
26
+
10
27
  end
11
28
  end
12
29
  end
@@ -5,10 +5,25 @@ module Aws
5
5
  module Protocols
6
6
  class RestJson < Seahorse::Client::Plugin
7
7
 
8
+ class ContentTypeHandler < Seahorse::Client::Handler
9
+ def call(context)
10
+ body = context.http_request.body
11
+ # Rest::Handler will set a default JSON body, so size can be checked
12
+ # if this handler is run after serialization.
13
+ if !body.respond_to?(:size) ||
14
+ (body.respond_to?(:size) && body.size > 0)
15
+ context.http_request.headers['Content-Type'] ||=
16
+ 'application/json'
17
+ end
18
+ @handler.call(context)
19
+ end
20
+ end
21
+
8
22
  handler(Rest::Handler)
23
+ handler(ContentTypeHandler, priority: 30)
9
24
  handler(Json::ErrorHandler, step: :sign)
10
-
11
25
  end
26
+
12
27
  end
13
28
  end
14
29
  end
@@ -0,0 +1,27 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ module Plugins
5
+ # @api private
6
+ class RecursionDetection < Seahorse::Client::Plugin
7
+
8
+ # @api private
9
+ class Handler < Seahorse::Client::Handler
10
+ def call(context)
11
+
12
+ unless context.http_request.headers.key?('x-amz-trace-id')
13
+ if ENV['AWS_LAMBDA_FUNCTION_NAME'] &&
14
+ (trace_id = ENV['_X_AMZ_TRACE_ID'])
15
+ context.http_request.headers['x-amz-trace-id'] = trace_id
16
+ end
17
+ end
18
+ @handler.call(context)
19
+ end
20
+ end
21
+
22
+ # should be at the end of build so that
23
+ # modeled traits / service customizations apply first
24
+ handler(Handler, step: :build, order: 99)
25
+ end
26
+ end
27
+ end
@@ -24,6 +24,25 @@ a default `:region` is searched for in the following locations:
24
24
  resolve_region(cfg)
25
25
  end
26
26
 
27
+ option(:use_dualstack_endpoint,
28
+ doc_type: 'Boolean',
29
+ docstring: <<-DOCS) do |cfg|
30
+ When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
31
+ will be used if available.
32
+ DOCS
33
+ resolve_use_dualstack_endpoint(cfg)
34
+ end
35
+
36
+ option(:use_fips_endpoint,
37
+ doc_type: 'Boolean',
38
+ docstring: <<-DOCS) do |cfg|
39
+ When set to `true`, fips compatible endpoints will be used if available.
40
+ When a `fips` region is used, the region is normalized and this config
41
+ is set to `true`.
42
+ DOCS
43
+ resolve_use_fips_endpoint(cfg)
44
+ end
45
+
27
46
  option(:regional_endpoint, false)
28
47
 
29
48
  option(:endpoint, doc_type: String, docstring: <<-DOCS) do |cfg|
@@ -42,10 +61,23 @@ to test or custom endpoints. This should be a valid HTTP(S) URI.
42
61
  raise Errors::InvalidRegionError
43
62
  end
44
63
 
64
+ region = cfg.region
65
+ new_region = region.gsub('fips-', '').gsub('-fips', '')
66
+ if region != new_region
67
+ warn("Legacy region #{region} was transformed to #{new_region}."\
68
+ '`use_fips_endpoint` config was set to true.')
69
+ cfg.override_config(:use_fips_endpoint, true)
70
+ cfg.override_config(:region, new_region)
71
+ end
72
+
45
73
  Aws::Partitions::EndpointProvider.resolve(
46
74
  cfg.region,
47
75
  endpoint_prefix,
48
- sts_regional
76
+ sts_regional,
77
+ {
78
+ dualstack: cfg.use_dualstack_endpoint,
79
+ fips: cfg.use_fips_endpoint
80
+ }
49
81
  )
50
82
  end
51
83
  end
@@ -66,6 +98,20 @@ to test or custom endpoints. This should be a valid HTTP(S) URI.
66
98
  cfg_region = Aws.shared_config.region(profile: cfg.profile)
67
99
  env_region || cfg_region
68
100
  end
101
+
102
+ def resolve_use_dualstack_endpoint(cfg)
103
+ value = ENV['AWS_USE_DUALSTACK_ENDPOINT']
104
+ value ||= Aws.shared_config.use_dualstack_endpoint(
105
+ profile: cfg.profile
106
+ )
107
+ Aws::Util.str_2_bool(value) || false
108
+ end
109
+
110
+ def resolve_use_fips_endpoint(cfg)
111
+ value = ENV['AWS_USE_FIPS_ENDPOINT']
112
+ value ||= Aws.shared_config.use_fips_endpoint(profile: cfg.profile)
113
+ Aws::Util.str_2_bool(value) || false
114
+ end
69
115
  end
70
116
  end
71
117
  end
@@ -10,7 +10,7 @@ module Aws
10
10
  def call(context)
11
11
  context[:original_params] = context.params
12
12
  resp = @handler.call(context)
13
- resp.extend(PageableResponse)
13
+ PageableResponse.apply(resp)
14
14
  resp.pager = context.operation[:pager] || Aws::Pager::NullPager.new
15
15
  resp
16
16
  end
@@ -13,7 +13,8 @@ module Aws
13
13
  'InvalidAccessKeyId', # s3
14
14
  'AuthFailure', # ec2
15
15
  'InvalidIdentityToken', # sts
16
- 'ExpiredToken' # route53
16
+ 'ExpiredToken', # route53
17
+ 'ExpiredTokenException' # kinesis
17
18
  ]
18
19
  )
19
20
 
@@ -45,6 +46,7 @@ module Aws
45
46
  NETWORKING_ERRORS = Set.new(
46
47
  [
47
48
  'RequestTimeout', # s3
49
+ 'InternalError', # s3
48
50
  'RequestTimeoutException', # glacier
49
51
  'IDPCommunicationError' # sts
50
52
  ]
@@ -80,7 +82,7 @@ module Aws
80
82
  end
81
83
 
82
84
  def checksum?
83
- CHECKSUM_ERRORS.include?(@name) || @error.is_a?(Errors::ChecksumError)
85
+ CHECKSUM_ERRORS.include?(@name)
84
86
  end
85
87
 
86
88
  def networking?
@@ -141,4 +143,4 @@ module Aws
141
143
  end
142
144
  end
143
145
  end
144
- end
146
+ end
@@ -163,9 +163,15 @@ a clock skew correction and retry requests with skewed client clocks.
163
163
  option(:clock_skew) { Retries::ClockSkew.new }
164
164
 
165
165
  def self.resolve_retry_mode(cfg)
166
- value = ENV['AWS_RETRY_MODE'] ||
167
- Aws.shared_config.retry_mode(profile: cfg.profile) ||
168
- 'legacy'
166
+ default_mode_value =
167
+ if cfg.respond_to?(:defaults_mode_config_resolver)
168
+ cfg.defaults_mode_config_resolver.resolve(:retry_mode)
169
+ end
170
+
171
+ value = ENV['AWS_RETRY_MODE'] ||
172
+ Aws.shared_config.retry_mode(profile: cfg.profile) ||
173
+ default_mode_value ||
174
+ 'legacy'
169
175
  # Raise if provided value is not one of the retry modes
170
176
  if value != 'legacy' && value != 'standard' && value != 'adaptive'
171
177
  raise ArgumentError,
@@ -307,12 +313,17 @@ a clock skew correction and retry requests with skewed client clocks.
307
313
 
308
314
  def retry_request(context, error)
309
315
  context.retries += 1
310
- context.config.credentials.refresh! if error.expired_credentials?
316
+ context.config.credentials.refresh! if refresh_credentials?(context, error)
311
317
  context.http_request.body.rewind
312
318
  context.http_response.reset
313
319
  call(context)
314
320
  end
315
321
 
322
+ def refresh_credentials?(context, error)
323
+ error.expired_credentials? &&
324
+ context.config.credentials.respond_to?(:refresh!)
325
+ end
326
+
316
327
  def add_retry_headers(context)
317
328
  request_pairs = {
318
329
  'attempt' => context.retries,
@@ -377,7 +388,7 @@ a clock skew correction and retry requests with skewed client clocks.
377
388
  def retry_request(context, error)
378
389
  delay_retry(context)
379
390
  context.retries += 1
380
- context.config.credentials.refresh! if error.expired_credentials?
391
+ context.config.credentials.refresh! if refresh_credentials?(context, error)
381
392
  context.http_request.body.rewind
382
393
  context.http_response.reset
383
394
  call(context)
@@ -393,6 +404,11 @@ a clock skew correction and retry requests with skewed client clocks.
393
404
  response_truncatable?(context)
394
405
  end
395
406
 
407
+ def refresh_credentials?(context, error)
408
+ error.expired_credentials? &&
409
+ context.config.credentials.respond_to?(:refresh!)
410
+ end
411
+
396
412
  def retry_limit(context)
397
413
  context.config.retry_limit
398
414
  end