aws-sdk-core 3.117.0 → 3.197.2

data/VERSION

@@ -1 +1 @@
-3.117.0
+3.197.2

data/lib/aws-defaults/default_configuration.rb

@@ -0,0 +1,153 @@
+# frozen_string_literal: true
+
+require_relative 'defaults_mode_config_resolver'
+
+module Aws
+
+  # A defaults mode determines how certain default configuration options are resolved in the SDK.
+  #
+  # *Note*: For any mode other than `'legacy'` the vended default values might change as best practices may
+  # evolve. As a result, it is encouraged to perform testing when upgrading the SDK if you are using a mode other than
+  # `'legacy'`.  While the `'legacy'` defaults mode is specific to Ruby,
+  # other modes are standardized across all of the AWS SDKs.
+  #
+  #  The defaults mode can be configured:
+  #
+  #  * Directly on a client via `:defaults_mode`
+  #
+  #  * On a configuration profile via the "defaults_mode" profile file property.
+  #
+  #  * Globally via the "AWS_DEFAULTS_MODE" environment variable.
+  #
+  #
+  # #defaults START - documentation
+  # The following `:default_mode` values are supported:
+  #
+  # * `'standard'` -
+  #   The STANDARD mode provides the latest recommended default values
+  #   that should be safe to run in most scenarios
+  #
+  #   Note that the default values vended from this mode might change as
+  #   best practices may evolve. As a result, it is encouraged to perform
+  #   tests when upgrading the SDK
+  #
+  # * `'in-region'` -
+  #   The IN\_REGION mode builds on the standard mode and includes
+  #   optimization tailored for applications which call AWS services from
+  #   within the same AWS region
+  #
+  #   Note that the default values vended from this mode might change as
+  #   best practices may evolve. As a result, it is encouraged to perform
+  #   tests when upgrading the SDK
+  #
+  # * `'cross-region'` -
+  #   The CROSS\_REGION mode builds on the standard mode and includes
+  #   optimization tailored for applications which call AWS services in a
+  #   different region
+  #
+  #   Note that the default values vended from this mode might change as
+  #   best practices may evolve. As a result, it is encouraged to perform
+  #   tests when upgrading the SDK
+  #
+  # * `'mobile'` -
+  #   The MOBILE mode builds on the standard mode and includes
+  #   optimization tailored for mobile applications
+  #
+  #   Note that the default values vended from this mode might change as
+  #   best practices may evolve. As a result, it is encouraged to perform
+  #   tests when upgrading the SDK
+  #
+  # * `'auto'` -
+  #   The AUTO mode is an experimental mode that builds on the standard
+  #   mode. The SDK will attempt to discover the execution environment to
+  #   determine the appropriate settings automatically.
+  #
+  #   Note that the auto detection is heuristics-based and does not
+  #   guarantee 100% accuracy. STANDARD mode will be used if the execution
+  #   environment cannot be determined. The auto detection might query
+  #   [EC2 Instance Metadata service][1], which might introduce latency.
+  #   Therefore we recommend choosing an explicit defaults\_mode instead
+  #   if startup latency is critical to your application
+  #
+  # * `'legacy'` -
+  #   The LEGACY mode provides default settings that vary per SDK and were
+  #   used prior to establishment of defaults\_mode
+  #
+  # Based on the provided mode, the SDK will vend sensible default values
+  # tailored to the mode for the following settings:
+  #
+  # * `:retry_mode` -
+  #   A retry mode specifies how the SDK attempts retries. See [Retry
+  #   Mode][2]
+  #
+  # * `:sts_regional_endpoints` -
+  #   Specifies how the SDK determines the AWS service endpoint that it
+  #   uses to talk to the AWS Security Token Service (AWS STS). See
+  #   [Setting STS Regional endpoints][3]
+  #
+  # * `:s3_us_east_1_regional_endpoint` -
+  #   Specifies how the SDK determines the AWS service endpoint that it
+  #   uses to talk to the Amazon S3 for the us-east-1 region
+  #
+  # * `:http_open_timeout` -
+  #   The amount of time after making an initial connection attempt on a
+  #   socket, where if the client does not receive a completion of the
+  #   connect handshake, the client gives up and fails the operation
+  #
+  # * `:ssl_timeout` -
+  #   The maximum amount of time that a TLS handshake is allowed to take
+  #   from the time the CLIENT HELLO message is sent to ethe time the
+  #   client and server have fully negotiated ciphers and exchanged keys
+  #
+  #  All options above can be configured by users, and the overridden value will take precedence.
+  #
+  # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
+  # [2]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-retry_mode.html
+  # [3]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-sts_regional_endpoints.html
+  #
+  # #defaults END - documentation
+  module DefaultsModeConfiguration
+    # @api private
+    # #defaults START - configuration
+    SDK_DEFAULT_CONFIGURATION = 
+    {
+      "version" => 1,
+      "base" => {
+        "retryMode" => "standard",
+        "stsRegionalEndpoints" => "regional",
+        "s3UsEast1RegionalEndpoints" => "regional",
+        "connectTimeoutInMillis" => 1100,
+        "tlsNegotiationTimeoutInMillis" => 1100
+      },
+      "modes" => {
+        "standard" => {
+          "connectTimeoutInMillis" => {
+            "override" => 3100
+          },
+          "tlsNegotiationTimeoutInMillis" => {
+            "override" => 3100
+          }
+        },
+        "in-region" => {
+        },
+        "cross-region" => {
+          "connectTimeoutInMillis" => {
+            "override" => 3100
+          },
+          "tlsNegotiationTimeoutInMillis" => {
+            "override" => 3100
+          }
+        },
+        "mobile" => {
+          "connectTimeoutInMillis" => {
+            "override" => 30000
+          },
+          "tlsNegotiationTimeoutInMillis" => {
+            "override" => 30000
+          }
+        }
+      }
+    }
+    # #defaults END - configuration
+  end
+end

data/lib/aws-defaults/defaults_mode_config_resolver.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+module Aws
+  #@api private
+  class DefaultsModeConfigResolver
+
+    @@application_region = nil
+    @@application_region_mutex = Mutex.new
+    @@imds_client = EC2Metadata.new(retries: 0, http_open_timeout: 0.01)
+
+    # mappings from Ruby SDK configuration names to the
+    # sdk defaults option names and (optional) scale modifiers
+    CFG_OPTIONS = {
+      retry_mode: { name: "retryMode" },
+      sts_regional_endpoints: { name: "stsRegionalEndpoints" },
+      s3_us_east_1_regional_endpoint: { name: "s3UsEast1RegionalEndpoints" },
+      http_open_timeout: { name: "connectTimeoutInMillis", scale: 0.001 },
+      http_read_timeout: { name: "timeToFirstByteTimeoutInMillis", scale: 0.001 },
+      ssl_timeout: { name: "tlsNegotiationTimeoutInMillis", scale: 0.001 }
+    }.freeze
+
+    def initialize(sdk_defaults, cfg)
+      @sdk_defaults = sdk_defaults
+      @cfg = cfg
+      @resolved_mode = nil
+      @mutex = Mutex.new
+    end
+
+    # option_name should be the symbolized ruby name to resolve
+    # returns the ruby appropriate value or nil if none are resolved
+    def resolve(option_name)
+      return unless (std_option = CFG_OPTIONS[option_name])
+      mode = resolved_mode.downcase
+
+      return nil if mode == 'legacy'
+
+      value = resolve_for_mode(std_option[:name], mode)
+      value = value * std_option[:scale] if value && std_option[:scale]
+
+      value
+    end
+
+    private
+    def resolved_mode
+      @mutex.synchronize do
+        return @resolved_mode unless @resolved_mode.nil?
+
+        @resolved_mode = @cfg.defaults_mode == 'auto' ? resolve_auto_mode : @cfg.defaults_mode
+      end
+    end
+
+    def resolve_auto_mode
+      return "mobile" if env_mobile?
+
+      region = application_current_region
+
+      if region
+        @cfg.region == region ? "in-region": "cross-region"
+      else
+        # We don't seem to be mobile, and we couldn't determine whether we're running within an AWS region. Fall back to standard.
+        'standard'
+      end
+    end
+
+    def application_current_region
+      resolved_region = @@application_region_mutex.synchronize do
+        return @@application_region unless @@application_region.nil?
+
+        region = nil
+        if ENV['AWS_EXECUTION_ENV']
+          region = ENV['AWS_REGION'] || ENV['AWS_DEFAULT_REGION']
+        end
+
+        if region.nil? && ENV['AWS_EC2_METADATA_DISABLED']&.downcase != "true"
+          begin
+            region = @@imds_client.get('/latest/meta-data/placement/region')
+          rescue
+            # unable to get region, leave it unset
+          end
+        end
+
+        # required so that we cache the unknown/nil result
+        @@application_region = region || :unknown
+      end
+      resolved_region == :unknown ? nil : resolved_region
+    end
+
+    def resolve_for_mode(name, mode)
+      base_value = @sdk_defaults['base'][name]
+      mode_value = @sdk_defaults['modes'].fetch(mode, {})[name]
+
+      if mode_value.nil?
+        return base_value
+      end
+
+      return mode_value['override'] unless mode_value['override'].nil?
+      return base_value + mode_value['add'] unless mode_value['add'].nil?
+      return base_value * mode_value['multiply'] unless mode_value['multiply'].nil?
+      return base_value
+    end
+
+    def env_mobile?
+      false
+    end
+
+  end
+end

data/lib/aws-defaults.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require_relative 'aws-defaults/default_configuration'

data/lib/aws-sdk-core/arn.rb

@@ -88,5 +88,18 @@ module Aws
         resource: @resource
       }
     end
+
+    # Return the ARN as JSON
+    #
+    # @return [Hash]
+    def as_json(_options = nil)
+      {
+        'partition' => @partition,
+        'service' => @service,
+        'region' => @region,
+        'accountId' => @account_id,
+        'resource' => @resource
+      }
+    end
   end
 end

data/lib/aws-sdk-core/assume_role_credentials.rb

@@ -3,20 +3,20 @@
 require 'set'
 
 module Aws
-
-  # An auto-refreshing credential provider that works by assuming
-  # a role via {Aws::STS::Client#assume_role}.
+  # An auto-refreshing credential provider that assumes a role via
+  # {Aws::STS::Client#assume_role}.
   #
   #     role_credentials = Aws::AssumeRoleCredentials.new(
   #       client: Aws::STS::Client.new(...),
   #       role_arn: "linked::account::arn",
   #       role_session_name: "session-name"
   #     )
-  #
   #     ec2 = Aws::EC2::Client.new(credentials: role_credentials)
   #
-  # If you omit `:client` option, a new {STS::Client} object will be
-  # constructed.
+  # If you omit `:client` option, a new {Aws::STS::Client} object will be
+  # constructed with additional options that were provided.
+  #
+  # @see Aws::STS::Client#assume_role
   class AssumeRoleCredentials
 
     include CredentialProvider
@@ -28,23 +28,37 @@ module Aws
     # @option options [Integer] :duration_seconds
     # @option options [String] :external_id
     # @option options [STS::Client] :client
+    # @option options [Callable] before_refresh Proc called before
+    #   credentials are refreshed.  Useful for updating tokens.
+    #   `before_refresh` is called when AWS credentials are
+    #   required and need to be refreshed. Tokens can be refreshed using
+    #   the following example:
+    #
+    #      before_refresh = Proc.new do |assume_role_credentials| do
+    #        assume_role_credentials.assume_role_params['token_code'] = update_token
+    #      end
+    #
     def initialize(options = {})
       client_opts = {}
       @assume_role_params = {}
       options.each_pair do |key, value|
         if self.class.assume_role_options.include?(key)
           @assume_role_params[key] = value
-        else
+        elsif !CLIENT_EXCLUDE_OPTIONS.include?(key)
           client_opts[key] = value
         end
       end
       @client = client_opts[:client] || STS::Client.new(client_opts)
+      @async_refresh = true
       super
     end
 
     # @return [STS::Client]
     attr_reader :client
 
+    # @return [Hash]
+    attr_reader :assume_role_params
+
     private
 
     def refresh

data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb

@@ -5,9 +5,8 @@ require 'securerandom'
 require 'base64'
 
 module Aws
-
-  # An auto-refreshing credential provider that works by assuming
-  # a role via {Aws::STS::Client#assume_role_with_web_identity}.
+  # An auto-refreshing credential provider that assumes a role via
+  # {Aws::STS::Client#assume_role_with_web_identity}.
   #
   #     role_credentials = Aws::AssumeRoleWebIdentityCredentials.new(
   #       client: Aws::STS::Client.new(...),
@@ -16,12 +15,12 @@ module Aws
   #       role_session_name: "session-name"
   #       ...
   #     )
-  #     For full list of parameters accepted
-  #     @see Aws::STS::Client#assume_role_with_web_identity 
+  #     ec2 = Aws::EC2::Client.new(credentials: role_credentials)
   #
+  # If you omit `:client` option, a new {Aws::STS::Client} object will be
+  # constructed with additional options that were provided.
   #
-  # If you omit `:client` option, a new {STS::Client} object will be
-  # constructed.
+  # @see Aws::STS::Client#assume_role_with_web_identity
   class AssumeRoleWebIdentityCredentials
 
     include CredentialProvider
@@ -39,14 +38,20 @@ module Aws
     #   encoded UUID is generated as the session name
     #
     # @option options [STS::Client] :client
+    #
+    # @option options [Callable] before_refresh Proc called before
+    #   credentials are refreshed. `before_refresh` is called
+    #   with an instance of this object when
+    #   AWS credentials are required and need to be refreshed.
     def initialize(options = {})
       client_opts = {}
       @assume_role_web_identity_params = {}
       @token_file = options.delete(:web_identity_token_file)
+      @async_refresh = true
       options.each_pair do |key, value|
         if self.class.assume_role_web_identity_options.include?(key)
           @assume_role_web_identity_params[key] = value
-        else
+        elsif !CLIENT_EXCLUDE_OPTIONS.include?(key)
           client_opts[key] = value
         end
       end
@@ -94,11 +99,10 @@ module Aws
       # @api private
       def assume_role_web_identity_options
         @arwio ||= begin
-          input = STS::Client.api.operation(:assume_role_with_web_identity).input
+          input = Aws::STS::Client.api.operation(:assume_role_with_web_identity).input
           Set.new(input.shape.member_names)
         end
       end
-
     end
   end
 end

data/lib/aws-sdk-core/binary/decode_handler.rb

@@ -33,11 +33,6 @@ module Aws
             context.operation.errors,
             context.http_response.body,
             output_handler)
-          if input_emitter = context[:input_event_emitter]
-            # #emit will be blocked until 200 success
-            # see Aws::EventEmitter#emit
-            input_emitter.signal_queue << "ready"
-          end
         end
 
         context.http_response.on_success(200) do

data/lib/aws-sdk-core/binary/encode_handler.rb

@@ -13,7 +13,7 @@ module Aws
             context.config.api.metadata['protocol'],
             eventstream_member,
             context.operation.input,
-            context.config.sigv4_signer
+            signer_for(context)
           )
           context[:input_event_emitter] = input_es_handler.event_emitter
         end
@@ -22,6 +22,17 @@ module Aws
 
       private
 
+      def signer_for(context)
+        # New endpoint/signing logic, use the auth scheme to make a signer
+        if context[:auth_scheme]
+          Aws::Plugins::Sign.signer_for(context[:auth_scheme], context.config)
+        else
+          # Previous implementation always assumed sigv4_signer from config.
+          # Relies only on sigv4 signing (and plugin) for event stream services
+          context.config.sigv4_signer
+        end
+      end
+
       def eventstream_input?(ctx)
         ctx.operation.input.shape.members.each do |_, ref|
           return ref if ref.eventstream

data/lib/aws-sdk-core/binary/event_builder.rb

@@ -42,41 +42,39 @@ module Aws
           end
         end
 
-        # implict payload
-        if !explicit_payload && !implicit_payload_members.empty?
-          if implicit_payload_members.size > 1
-            payload_shape = Shapes::StructureShape.new
-            implicit_payload_members.each do |m_name, m_ref|
-              payload_shape.add_member(m_name, m_ref)
-            end
-            payload_ref = Shapes::ShapeRef.new(shape: payload_shape)
-
-            payload = build_payload_members(payload_ref, params)
-          else
-            m_name, m_ref = implicit_payload_members.first
-            streaming, content_type = _content_type(m_ref.shape)
-
-            es_headers[":content-type"] = Aws::EventStream::HeaderValue.new(
-              type: "string", value: content_type)
-            payload = _build_payload(streaming, m_ref, params[m_name])
-          end
-        end
-
-
+        # handle header members for all cases
         event_ref.shape.members.each do |member_name, member_ref|
           if member_ref.eventheader && params[member_name]
             header_value = params[member_name]
             es_headers[member_ref.shape.name] = Aws::EventStream::HeaderValue.new(
-              type: _header_value_type(member_ref.shape, header_value),
+              type: header_value_type(member_ref.shape, header_value),
               value: header_value
             )
-          elsif member_ref.eventpayload && params[member_name]
-            # explicit payload
-            streaming, content_type = _content_type(member_ref.shape)
+          end
+        end
+
+        # implict payload
+        if !explicit_payload && !implicit_payload_members.empty?
+          payload_shape = StructureShape.new
+          implicit_payload_members.each do |m_name, m_ref|
+            payload_shape.add_member(m_name, m_ref)
+          end
+          payload_ref = ShapeRef.new(shape: payload_shape)
 
-            es_headers[":content-type"] = Aws::EventStream::HeaderValue.new(
-              type: "string", value: content_type)
-            payload = _build_payload(streaming, member_ref, params[member_name])
+          payload = build_payload_members(payload_ref, params)
+                      .force_encoding(Encoding::BINARY)
+
+
+          es_headers[":content-type"] = Aws::EventStream::HeaderValue.new(
+            type: "string", value: content_type(payload_ref.shape))
+        else
+          # explicit payload, serialize just the payload member
+          event_ref.shape.members.each do |member_name, member_ref|
+            if member_ref.eventpayload && params[member_name]
+              es_headers[":content-type"] = Aws::EventStream::HeaderValue.new(
+                type: "string", value: content_type(member_ref.shape))
+              payload = params[member_name]
+            end
           end
         end
 
@@ -86,15 +84,15 @@ module Aws
         )
       end
 
-      def _content_type(shape)
+      def content_type(shape)
         case shape
-        when BlobShape then [true, "application/octet-stream"]
-        when StringShape then [true, "text/plain"]
+        when BlobShape then "application/octet-stream"
+        when StringShape then "text/plain"
         when StructureShape then
           if @serializer_class.name.include?('Xml')
-            [false, "text/xml"]
+            "text/xml"
           elsif @serializer_class.name.include?('Json')
-            [false, "application/json"]
+            "application/json"
           end
         else
           raise Aws::Errors::EventStreamBuilderError.new(
@@ -102,7 +100,7 @@ module Aws
         end
       end
 
-      def _header_value_type(shape, value)
+      def header_value_type(shape, value)
         case shape
         when StringShape then "string"
         when IntegerShape then "integer"
@@ -115,10 +113,9 @@ module Aws
         end
       end
 
-      def _build_payload(streaming, ref, value)
-        streaming ? value : @serializer_class.new(ref).serialize(value)
+      def build_payload_members(payload_ref, params)
+        @serializer_class.new(payload_ref).serialize(params)
       end
-
     end
   end
 end

data/lib/aws-sdk-core/client_stubs.rb

@@ -24,15 +24,16 @@ module Aws
       end
 
       # When a client is stubbed allow the user to access the requests made
-      @api_requests = []
-
-      requests = @api_requests
+      requests = @api_requests = []
+      requests_mutex = @requests_mutex = Mutex.new
       self.handle do |context|
-        requests << {
-          operation_name: context.operation_name,
-          params: context.params,
-          context: context
-        }
+        requests_mutex.synchronize do
+          requests << {
+            operation_name: context.operation_name,
+            params: context.params,
+            context: context
+          }
+        end
         @handler.call(context)
       end
     end
@@ -194,10 +195,12 @@ module Aws
     #   is not stubbed.
     def api_requests(options = {})
       if config.stub_responses
-        if options[:exclude_presign]
-          @api_requests.reject {|req| req[:context][:presigned_url] }
-        else
-          @api_requests
+        @requests_mutex.synchronize do
+          if options[:exclude_presign]
+            @api_requests.reject {|req| req[:context][:presigned_url] }
+          else
+            @api_requests
+          end
         end
       else
         msg = 'This method is only implemented for stubbed clients, and is '\
@@ -262,13 +265,17 @@ module Aws
     end
 
     def convert_stub(operation_name, stub)
-      case stub
+      stub = case stub
       when Proc then stub
       when Exception, Class then { error: stub }
       when String then service_error_stub(stub)
       when Hash then http_response_stub(operation_name, stub)
       else { data: stub }
       end
+      if Hash === stub
+        stub[:mutex] = Mutex.new
+      end
+      stub
     end
 
     def service_error_stub(error_code)

data/lib/aws-sdk-core/credential_provider.rb

@@ -6,9 +6,12 @@ module Aws
     # @return [Credentials]
     attr_reader :credentials
 
+    # @return [Time]
+    attr_reader :expiration
+
     # @return [Boolean]
     def set?
-      !!credentials && credentials.set?
+      !!@credentials && @credentials.set?
     end
 
   end

data/lib/aws-sdk-core/credential_provider_chain.rb

@@ -161,7 +161,8 @@ module Aws
 
     def instance_profile_credentials(options)
       profile_name = determine_profile_name(options)
-      if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
+      if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] ||
+         ENV['AWS_CONTAINER_CREDENTIALS_FULL_URI']
         ECSCredentials.new(options)
       else
         InstanceProfileCredentials.new(options.merge(profile: profile_name))
@@ -169,12 +170,14 @@ module Aws
     end
 
     def assume_role_with_profile(options, profile_name)
-      region = (options[:config] && options[:config].region)
-      Aws.shared_config.assume_role_credentials_from_config(
+      assume_opts = {
         profile: profile_name,
-        region: region,
         chain_config: @config
-      )
+      }
+      if options[:config] && options[:config].region
+        assume_opts[:region] = options[:config].region
+      end
+      Aws.shared_config.assume_role_credentials_from_config(assume_opts)
     end
   end
 end