aws-sdk-core 3.114.3 → 3.118.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a2a923ececa57310eb125e17602c198dd858b3960e1a337d330eb1227aff96d0
-  data.tar.gz: f3d256f8d55d40e00e1647946eae2df2d6380de20f874e219015ae47de6af456
+  metadata.gz: f880e91159fbbd13553271c925b06c11172de5ffda9f8931ae4ee66b09160100
+  data.tar.gz: 47f884e80449f6bffacc2babc3f96ba2248694aaab27da5bdbbaf895f29a0ec5
 SHA512:
-  metadata.gz: 8d1be434b0538cc3608d27bda7e1be4a5f4ae43dc12dc81c66edf577cd5221351b8053996008a413bef6f81cf1a6cf7f68f11292c2c5308addd6fb2c993b2d3a
-  data.tar.gz: 6acdb965572b57ca443761b9d23c34f662d7ad391345c65a534d3409f5caaa427b3dc929774e8c0393eb21ee0829d92b8d7adf039b8e928a069441e2ee7f1c3c
+  metadata.gz: d776a66ce68988249850ffb707f23cabc7097232042dcb4425bdb1dc027a445d6adeacfb496758340cf66865cf2e5597c6d3ae67b48d81814b24d1d40ecdc6d9
+  data.tar.gz: afe710d79ca075dfa33da32ef42356f0ccc60362bb6b66d0aa76f5171141df24418288b48e3c12bb0fd40c8a650cee273177756a7993b4b44099f83f2b7c8253

data/CHANGELOG.md

@@ -1,6 +1,29 @@
 Unreleased Changes
 ------------------
 
+3.118.0 (2021-07-28)
+------------------
+
+* Feature - Add support for Tagged Unions using a "sealed" classes like approach where each union member has a corresponding subclass.
+
+3.117.0 (2021-07-12)
+------------------
+
+* Feature - Support IPv6 endpoints for `Aws::InstanceProfileCredentials`. It supports two shared configuration options (`ec2_metadata_service_endpoint` & `ec2_metadata_service_endpoint_mode`), two ENV variables (`AWS_EC2_METADATA_SERVICE_ENDPOINT` & `AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE`), and two constructor options (`:endpoint` & `:endpoint_mode`).
+
+* Feature - Support IPv6 endpoint for `Aws::EC2Metadata` client. It can be configured with `:endpoint` or `:endpoint_mode`.
+
+3.116.0 (2021-07-07)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.115.0 (2021-06-23)
+------------------
+
+* Feature - Add support for Assume Role Chaining in profiles. (#2531)
+* Issue - Fixed an issue with `Seahorse::Client::H2::Connection` for non-https endpoints. (#2542)
+
 3.114.3 (2021-06-15)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.114.3
+3.118.0

data/lib/aws-sdk-core/credential_provider_chain.rb

@@ -160,10 +160,11 @@ module Aws
     end
 
     def instance_profile_credentials(options)
+      profile_name = determine_profile_name(options)
       if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
         ECSCredentials.new(options)
       else
-        InstanceProfileCredentials.new(options)
+        InstanceProfileCredentials.new(options.merge(profile: profile_name))
       end
     end
 

data/lib/aws-sdk-core/ec2_metadata.rb

@@ -39,7 +39,11 @@ module Aws
     #   defaulting to 6 hours.
     # @option options [Integer] :retries (3) The number of retries for failed
     #   requests.
-    # @option options [String] :endpoint (169.254.169.254) The IMDS endpoint.
+    # @option options [String] :endpoint ('http://169.254.169.254') The IMDS
+    #   endpoint. This option has precedence over the :endpoint_mode.
+    # @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
+    #   the instance metadata service. This is either 'IPv4'
+    #   ('http://169.254.169.254') or 'IPv6' ('http://[fd00:ec2::254]').
     # @option options [Integer] :port (80) The IMDS endpoint port.
     # @option options [Integer] :http_open_timeout (1) The number of seconds to
     #   wait for the connection to open.
@@ -55,7 +59,8 @@ module Aws
       @retries = options[:retries] || 3
       @backoff = backoff(options[:backoff])
 
-      @endpoint = options[:endpoint] || '169.254.169.254'
+      endpoint_mode = options[:endpoint_mode] || 'IPv4'
+      @endpoint = resolve_endpoint(options[:endpoint], endpoint_mode)
       @port = options[:port] || 80
 
       @http_open_timeout = options[:http_open_timeout] || 1
@@ -76,7 +81,7 @@ module Aws
     #   ec2_metadata.get('/latest/meta-data/instance-id')
     #   => "i-023a25f10a73a0f79"
     #
-    # @Note This implementation always returns a String and will not parse any
+    # @note This implementation always returns a String and will not parse any
     #   responses. Parsable responses may include JSON objects or directory
     #   listings, which are strings separated by line feeds (ASCII 10).
     #
@@ -93,7 +98,7 @@ module Aws
     #   listing.split(10.chr)
     #   => ["ami-id", "ami-launch-index", ...]
     #
-    # @Note Unlike other services, IMDS does not have a service API model. This
+    # @note Unlike other services, IMDS does not have a service API model. This
     #   means that we cannot confidently generate code with methods and
     #   response structures. This implementation ensures that new IMDS features
     #   are always supported by being deployed to the instance and does not
@@ -116,6 +121,19 @@ module Aws
 
     private
 
+    def resolve_endpoint(endpoint, endpoint_mode)
+      return endpoint if endpoint
+
+      case endpoint_mode.downcase
+      when 'ipv4' then 'http://169.254.169.254'
+      when 'ipv6' then 'http://[fd00:ec2::254]'
+      else
+        raise ArgumentError,
+              ':endpoint_mode is not valid, expected IPv4 or IPv6, '\
+              "got: #{endpoint_mode}"
+      end
+    end
+
     def fetch_token
       open_connection do |conn|
         token_value, token_ttl = http_put(conn, @token_ttl)
@@ -163,7 +181,8 @@ module Aws
     end
 
     def open_connection
-      http = Net::HTTP.new(@endpoint, @port, nil)
+      uri = URI.parse(@endpoint)
+      http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
       http.open_timeout = @http_open_timeout
       http.read_timeout = @http_read_timeout
       http.set_debug_output(@http_debug_output) if @http_debug_output

data/lib/aws-sdk-core/errors.rb

@@ -210,6 +210,10 @@ module Aws
     # Raised when SSO Credentials are invalid
     class InvalidSSOCredentials < RuntimeError; end
 
+    # Raised when there is a circular reference in chained
+    # source_profiles
+    class SourceProfileCircularReferenceError < RuntimeError; end
+
     # Raised when a client is constructed and region is not specified.
     class MissingRegionError < ArgumentError
       def initialize(*args)

data/lib/aws-sdk-core/instance_profile_credentials.rb

@@ -5,7 +5,6 @@ require 'net/http'
 
 module Aws
   class InstanceProfileCredentials
-
     include CredentialProvider
     include RefreshingCredentials
 
@@ -44,7 +43,13 @@ module Aws
     # @param [Hash] options
     # @option options [Integer] :retries (1) Number of times to retry
     #   when retrieving credentials.
-    # @option options [String] :ip_address ('169.254.169.254')
+    # @option options [String] :endpoint ('http://169.254.169.254') The IMDS
+    #   endpoint. This option has precedence over the :endpoint_mode.
+    # @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
+    #   the instance metadata service. This is either 'IPv4' ('169.254.169.254')
+    #   or 'IPv6' ('[fd00:ec2::254]').
+    # @option options [String] :ip_address ('169.254.169.254') Deprecated. Use
+    #   :endpoint instead. The IP address for the endpoint.
     # @option options [Integer] :port (80)
     # @option options [Float] :http_open_timeout (1)
     # @option options [Float] :http_read_timeout (1)
@@ -60,7 +65,8 @@ module Aws
     #   to 21600 seconds
     def initialize(options = {})
       @retries = options[:retries] || 1
-      @ip_address = options[:ip_address] || '169.254.169.254'
+      endpoint_mode = resolve_endpoint_mode(options)
+      @endpoint = resolve_endpoint(options, endpoint_mode)
       @port = options[:port] || 80
       @http_open_timeout = options[:http_open_timeout] || 1
       @http_read_timeout = options[:http_read_timeout] || 1
@@ -78,6 +84,34 @@ module Aws
 
     private
 
+    def resolve_endpoint_mode(options)
+      value = options[:endpoint_mode]
+      value ||= ENV['AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE']
+      value ||= Aws.shared_config.ec2_metadata_service_endpoint_mode(
+        profile: options[:profile]
+      )
+      value || 'IPv4'
+    end
+
+    def resolve_endpoint(options, endpoint_mode)
+      value = options[:endpoint] || options[:ip_address]
+      value ||= ENV['AWS_EC2_METADATA_SERVICE_ENDPOINT']
+      value ||= Aws.shared_config.ec2_metadata_service_endpoint(
+        profile: options[:profile]
+      )
+
+      return value if value
+
+      case endpoint_mode.downcase
+      when 'ipv4' then 'http://169.254.169.254'
+      when 'ipv6' then 'http://[fd00:ec2::254]'
+      else
+        raise ArgumentError,
+              ':endpoint_mode is not valid, expected IPv4 or IPv6, '\
+              "got: #{endpoint_mode}"
+      end
+    end
+
     def backoff(backoff)
       case backoff
       when Proc then backoff
@@ -152,7 +186,8 @@ module Aws
     end
 
     def open_connection
-      http = Net::HTTP.new(@ip_address, @port, nil)
+      uri = URI.parse(@endpoint)
+      http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
       http.open_timeout = @http_open_timeout
       http.read_timeout = @http_read_timeout
       http.set_debug_output(@http_debug_output) if @http_debug_output

data/lib/aws-sdk-core/json/parser.rb

@@ -28,8 +28,16 @@ module Aws
           member_name, member_ref = shape.member_by_location_name(key)
           if member_ref
             target[member_name] = parse_ref(member_ref, value)
+          elsif shape.union
+            target[:unknown] = { 'name' => key, 'value' => value }
           end
         end
+        if shape.union
+          # convert to subclass
+          member_subclass = shape.member_subclass(target.member).new
+          member_subclass[target.member] = target.value
+          target = member_subclass
+        end
         target
       end
 

data/lib/aws-sdk-core/log/param_filter.rb

@@ -26,7 +26,8 @@ module Aws
 
       def filter(values, type)
         case values
-        when Struct, Hash then filter_hash(values, type)
+        when Struct then filter_struct(values, type)
+        when Hash then filter_hash(values, type)
         when Array then filter_array(values, type)
         else values
         end
@@ -34,6 +35,13 @@ module Aws
 
       private
 
+      def filter_struct(values, type)
+        if values.class.include? Aws::Structure::Union
+          values = { values.member => values.value }
+        end
+        filter_hash(values, type)
+      end
+
       def filter_hash(values, type)
         if type.const_defined?('SENSITIVE')
           filters = type::SENSITIVE + @additional_filters

data/lib/aws-sdk-core/param_validator.rb

@@ -70,6 +70,14 @@ module Aws
           end
         end
 
+        if @validate_required && shape.union
+          if values.length > 1
+            errors << "multiple values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}"
+          elsif values.length == 0
+            errors << "No values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}"
+          end
+        end
+
         # validate non-nil members
         values.each_pair do |name, value|
           unless value.nil?

data/lib/aws-sdk-core/shared_config.rb

@@ -163,6 +163,8 @@ module Aws
       :ca_bundle,
       :credential_process,
       :endpoint_discovery_enabled,
+      :ec2_metadata_service_endpoint,
+      :ec2_metadata_service_endpoint_mode,
       :max_attempts,
       :retry_mode,
       :adaptive_retry_wait_to_fill,
@@ -205,6 +207,7 @@ module Aws
             'a credential_source. For assume role credentials, must '\
             'provide only source_profile or credential_source, not both.'
         elsif opts[:source_profile]
+          opts[:visited_profiles] ||= Set.new
           opts[:credentials] = resolve_source_profile(opts[:source_profile], opts)
           if opts[:credentials]
             opts[:role_session_name] ||= prof_cfg['role_session_name']
@@ -214,6 +217,7 @@ module Aws
             opts[:external_id] ||= prof_cfg['external_id']
             opts[:serial_number] ||= prof_cfg['mfa_serial']
             opts[:profile] = opts.delete(:source_profile)
+            opts.delete(:visited_profiles)
             AssumeRoleCredentials.new(opts)
           else
             raise Errors::NoSourceProfileError,
@@ -246,8 +250,21 @@ module Aws
     end
 
     def resolve_source_profile(profile, opts = {})
+      if opts[:visited_profiles] && opts[:visited_profiles].include?(profile)
+        raise Errors::SourceProfileCircularReferenceError
+      end
+      opts[:visited_profiles].add(profile) if opts[:visited_profiles]
+
+      profile_config = @parsed_credentials[profile]
+      if @config_enabled
+        profile_config ||= @parsed_config[profile]
+      end
+
       if (creds = credentials(profile: profile))
         creds # static credentials
+      elsif profile_config && profile_config['source_profile']
+        opts.delete(:source_profile)
+        assume_role_credentials_from_config(opts.merge(profile: profile))
       elsif (provider = assume_role_web_identity_credentials_from_config(opts.merge(profile: profile)))
         provider.credentials if provider.credentials.set?
       elsif (provider = assume_role_process_credentials_from_config(profile))
@@ -274,7 +291,10 @@ module Aws
 
     def assume_role_process_credentials_from_config(profile)
       validate_profile_exists(profile)
-      credential_process = @parsed_config[profile]['credential_process']
+      credential_process = @parsed_credentials.fetch(profile, {})['credential_process']
+      if @parsed_config
+        credential_process ||= @parsed_config.fetch(profile, {})['credential_process']
+      end
       ProcessCredentials.new(credential_process) if credential_process
     end
 

data/lib/aws-sdk-core/shared_credentials.rb

@@ -14,11 +14,17 @@ module Aws
       'aws_session_token' => 'session_token',
     }
 
-    # Constructs a new SharedCredentials object. This will load AWS access
+    # Constructs a new SharedCredentials object. This will load static
+    # (access_key_id, secret_access_key and session_token) AWS access
     # credentials from an ini file, which supports profiles. The default
     # profile name is 'default'. You can specify the profile name with the
     # `ENV['AWS_PROFILE']` or with the `:profile_name` option.
     #
+    # To use credentials from the default credential resolution chain
+    # create a client without the credential option specified.
+    # You may access the resolved credentials through
+    # `client.config.credentials`.
+    #
     # @option [String] :path Path to the shared file.  Defaults
     #   to "#{Dir.home}/.aws/credentials".
     #

data/lib/aws-sdk-core/structure.rb

@@ -70,11 +70,20 @@ module Aws
       end
 
     end
+
+    module Union
+      def member
+        self.members.select { |k| self[k] }.first
+      end
+
+      def value
+        self[member] if member
+      end
+    end
   end
 
   # @api private
   class EmptyStructure < Struct.new('AwsEmptyStructure')
     include(Aws::Structure)
   end
-
 end

data/lib/aws-sdk-core/xml/parser/frame.rb

@@ -95,6 +95,8 @@ module Aws
         def child_frame(xml_name)
           if @member = @members[xml_name]
             Frame.new(xml_name, self, @member[:ref])
+          elsif @ref.shape.union
+            UnknownMemberFrame.new(xml_name, self, nil, @result)
           else
             NullFrame.new(xml_name, self)
           end
@@ -106,10 +108,24 @@ module Aws
             @result[@member[:name]][child.key.result] = child.value.result
           when FlatListFrame
             @result[@member[:name]] << child.result
+          when UnknownMemberFrame
+            @result[:unknown] = { 'name' => child.path.last, 'value' => child.result }
           when NullFrame
           else
             @result[@member[:name]] = child.result
           end
+
+          if @ref.shape.union
+            # a union may only have one member set
+            # convert to the union subclass
+            # The default Struct created will have defaults set for all values
+            # This also sets only one of the values leaving everything else nil
+            # as required for unions
+            set_member_name = @member ? @member[:name] : :unknown
+            member_subclass = @ref.shape.member_subclass(set_member_name).new # shape.member_subclass(target.member).new
+            member_subclass[set_member_name] = @result[set_member_name]
+            @result = member_subclass
+          end
         end
 
         private
@@ -242,6 +258,12 @@ module Aws
         end
       end
 
+      class UnknownMemberFrame < Frame
+        def result
+          @text.join
+        end
+      end
+
       class BlobFrame < Frame
         def result
           @text.empty? ? nil : Base64.decode64(@text.join)
@@ -302,6 +324,7 @@ module Aws
         MapShape => MapFrame,
         StringShape => StringFrame,
         StructureShape => StructureFrame,
+        UnionShape => StructureFrame,
         TimestampShape => TimestampFrame,
       }
 

data/lib/aws-sdk-sso.rb

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
 
-  GEM_VERSION = '3.114.3'
+  GEM_VERSION = '3.118.0'
 
 end

data/lib/aws-sdk-sso/client.rb

@@ -523,7 +523,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.114.3'
+      context[:gem_version] = '3.118.0'
       Seahorse::Client::Request.new(handlers, context)
     end