aws-sdk-core 3.124.0 → 3.186.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +552 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +153 -0
- data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
- data/lib/aws-defaults.rb +3 -0
- data/lib/aws-sdk-core/arn.rb +13 -0
- data/lib/aws-sdk-core/assume_role_credentials.rb +21 -7
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +14 -10
- data/lib/aws-sdk-core/binary/encode_handler.rb +12 -1
- data/lib/aws-sdk-core/client_stubs.rb +5 -1
- data/lib/aws-sdk-core/credential_provider.rb +3 -0
- data/lib/aws-sdk-core/credential_provider_chain.rb +8 -5
- data/lib/aws-sdk-core/ec2_metadata.rb +3 -2
- data/lib/aws-sdk-core/ecs_credentials.rb +121 -53
- data/lib/aws-sdk-core/endpoints/condition.rb +41 -0
- data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
- data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +75 -0
- data/lib/aws-sdk-core/endpoints/error_rule.rb +42 -0
- data/lib/aws-sdk-core/endpoints/function.rb +80 -0
- data/lib/aws-sdk-core/endpoints/matchers.rb +131 -0
- data/lib/aws-sdk-core/endpoints/reference.rb +31 -0
- data/lib/aws-sdk-core/endpoints/rule.rb +25 -0
- data/lib/aws-sdk-core/endpoints/rule_set.rb +52 -0
- data/lib/aws-sdk-core/endpoints/rules_provider.rb +37 -0
- data/lib/aws-sdk-core/endpoints/templater.rb +58 -0
- data/lib/aws-sdk-core/endpoints/tree_rule.rb +45 -0
- data/lib/aws-sdk-core/endpoints/url.rb +60 -0
- data/lib/aws-sdk-core/endpoints.rb +78 -0
- data/lib/aws-sdk-core/errors.rb +15 -2
- data/lib/aws-sdk-core/ini_parser.rb +7 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +124 -31
- data/lib/aws-sdk-core/json/error_handler.rb +20 -1
- data/lib/aws-sdk-core/json/parser.rb +1 -1
- data/lib/aws-sdk-core/log/formatter.rb +6 -0
- data/lib/aws-sdk-core/pageable_response.rb +81 -32
- data/lib/aws-sdk-core/param_validator.rb +2 -2
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +24 -0
- data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +6 -2
- data/lib/aws-sdk-core/plugins/http_checksum.rb +8 -1
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +38 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +111 -30
- data/lib/aws-sdk-core/plugins/request_compression.rb +217 -0
- data/lib/aws-sdk-core/plugins/response_paging.rb +1 -1
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +7 -4
- data/lib/aws-sdk-core/plugins/retry_errors.rb +21 -5
- data/lib/aws-sdk-core/plugins/sign.rb +201 -0
- data/lib/aws-sdk-core/plugins/signature_v2.rb +1 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +15 -8
- data/lib/aws-sdk-core/plugins/stub_responses.rb +5 -1
- data/lib/aws-sdk-core/plugins/user_agent.rb +117 -14
- data/lib/aws-sdk-core/process_credentials.rb +9 -11
- data/lib/aws-sdk-core/refreshing_credentials.rb +41 -16
- data/lib/aws-sdk-core/refreshing_token.rb +71 -0
- data/lib/aws-sdk-core/rest/handler.rb +1 -1
- data/lib/aws-sdk-core/rest/request/headers.rb +11 -8
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +43 -29
- data/lib/aws-sdk-core/shared_config.rb +108 -12
- data/lib/aws-sdk-core/sso_credentials.rb +91 -50
- data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
- data/lib/aws-sdk-core/static_token_provider.rb +14 -0
- data/lib/aws-sdk-core/structure.rb +6 -4
- data/lib/aws-sdk-core/stubbing/stub_data.rb +11 -0
- data/lib/aws-sdk-core/token.rb +31 -0
- data/lib/aws-sdk-core/token_provider.rb +15 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
- data/lib/aws-sdk-core/waiters/poller.rb +3 -1
- data/lib/aws-sdk-core/xml/error_handler.rb +7 -0
- data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/ox.rb +1 -1
- data/lib/aws-sdk-core.rb +17 -0
- data/lib/aws-sdk-sso/client.rb +85 -12
- data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-sso/endpoint_provider.rb +57 -0
- data/lib/aws-sdk-sso/endpoints.rb +72 -0
- data/lib/aws-sdk-sso/plugins/endpoints.rb +76 -0
- data/lib/aws-sdk-sso/types.rb +8 -43
- data/lib/aws-sdk-sso.rb +5 -1
- data/lib/aws-sdk-ssooidc/client.rb +626 -0
- data/lib/aws-sdk-ssooidc/client_api.rb +216 -0
- data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +57 -0
- data/lib/aws-sdk-ssooidc/endpoints.rb +58 -0
- data/lib/aws-sdk-ssooidc/errors.rb +290 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +74 -0
- data/lib/aws-sdk-ssooidc/resource.rb +26 -0
- data/lib/aws-sdk-ssooidc/types.rb +502 -0
- data/lib/aws-sdk-ssooidc.rb +59 -0
- data/lib/aws-sdk-sts/client.rb +332 -263
- data/lib/aws-sdk-sts/client_api.rb +12 -1
- data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
- data/lib/aws-sdk-sts/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-sts/endpoints.rb +136 -0
- data/lib/aws-sdk-sts/plugins/endpoints.rb +84 -0
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +5 -1
- data/lib/aws-sdk-sts/presigner.rb +13 -15
- data/lib/aws-sdk-sts/types.rb +121 -204
- data/lib/aws-sdk-sts.rb +5 -1
- data/lib/seahorse/client/async_base.rb +0 -1
- data/lib/seahorse/client/configuration.rb +1 -5
- data/lib/seahorse/client/h2/connection.rb +12 -11
- data/lib/seahorse/client/net_http/connection_pool.rb +7 -0
- data/lib/seahorse/client/plugins/net_http.rb +33 -2
- data/lib/seahorse/client/plugins/request_callback.rb +40 -9
- data/lib/seahorse/client/response.rb +6 -0
- data/lib/seahorse/model/operation.rb +6 -0
- data/lib/seahorse/util.rb +4 -0
- metadata +62 -8
@@ -2,10 +2,15 @@
|
|
2
2
|
|
3
3
|
require 'time'
|
4
4
|
require 'net/http'
|
5
|
+
require 'resolv'
|
5
6
|
|
6
7
|
module Aws
|
8
|
+
# An auto-refreshing credential provider that loads credentials from
|
9
|
+
# instances running in ECS.
|
10
|
+
#
|
11
|
+
# ecs_credentials = Aws::ECSCredentials.new(retries: 3)
|
12
|
+
# ec2 = Aws::EC2::Client.new(credentials: ecs_credentials)
|
7
13
|
class ECSCredentials
|
8
|
-
|
9
14
|
include CredentialProvider
|
10
15
|
include RefreshingCredentials
|
11
16
|
|
@@ -24,16 +29,22 @@ module Aws
|
|
24
29
|
Errno::ENETUNREACH,
|
25
30
|
SocketError,
|
26
31
|
Timeout::Error,
|
27
|
-
Non200Response
|
28
|
-
]
|
32
|
+
Non200Response
|
33
|
+
].freeze
|
29
34
|
|
30
35
|
# @param [Hash] options
|
31
36
|
# @option options [Integer] :retries (5) Number of times to retry
|
32
37
|
# when retrieving credentials.
|
33
|
-
# @option options [String] :ip_address ('169.254.170.2')
|
34
|
-
#
|
38
|
+
# @option options [String] :ip_address ('169.254.170.2') This value is
|
39
|
+
# ignored if `endpoint` is set and `credential_path` is not set.
|
40
|
+
# @option options [Integer] :port (80) This value is ignored if `endpoint`
|
41
|
+
# is set and `credential_path` is not set.
|
35
42
|
# @option options [String] :credential_path By default, the value of the
|
36
43
|
# AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable.
|
44
|
+
# @option options [String] :endpoint The ECS credential endpoint.
|
45
|
+
# By default, this is the value of the AWS_CONTAINER_CREDENTIALS_FULL_URI
|
46
|
+
# environment variable. This value is ignored if `credential_path` or
|
47
|
+
# ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] is set.
|
37
48
|
# @option options [Float] :http_open_timeout (5)
|
38
49
|
# @option options [Float] :http_read_timeout (5)
|
39
50
|
# @option options [Numeric, Proc] :delay By default, failures are retried
|
@@ -43,21 +54,24 @@ module Aws
|
|
43
54
|
# @option options [IO] :http_debug_output (nil) HTTP wire
|
44
55
|
# traces are sent to this object. You can specify something
|
45
56
|
# like $stdout.
|
46
|
-
|
57
|
+
# @option options [Callable] before_refresh Proc called before
|
58
|
+
# credentials are refreshed. `before_refresh` is called
|
59
|
+
# with an instance of this object when
|
60
|
+
# AWS credentials are required and need to be refreshed.
|
61
|
+
def initialize(options = {})
|
62
|
+
credential_path = options[:credential_path] ||
|
63
|
+
ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
|
64
|
+
endpoint = options[:endpoint] ||
|
65
|
+
ENV['AWS_CONTAINER_CREDENTIALS_FULL_URI']
|
66
|
+
initialize_uri(options, credential_path, endpoint)
|
67
|
+
@authorization_token = ENV['AWS_CONTAINER_AUTHORIZATION_TOKEN']
|
68
|
+
|
47
69
|
@retries = options[:retries] || 5
|
48
|
-
@ip_address = options[:ip_address] || '169.254.170.2'
|
49
|
-
@port = options[:port] || 80
|
50
|
-
@credential_path = options[:credential_path]
|
51
|
-
@credential_path ||= ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
|
52
|
-
unless @credential_path
|
53
|
-
raise ArgumentError.new(
|
54
|
-
"Cannot instantiate an ECS Credential Provider without a credential path."
|
55
|
-
)
|
56
|
-
end
|
57
70
|
@http_open_timeout = options[:http_open_timeout] || 5
|
58
71
|
@http_read_timeout = options[:http_read_timeout] || 5
|
59
72
|
@http_debug_output = options[:http_debug_output]
|
60
73
|
@backoff = backoff(options[:backoff])
|
74
|
+
@async_refresh = false
|
61
75
|
super
|
62
76
|
end
|
63
77
|
|
@@ -67,11 +81,69 @@ module Aws
|
|
67
81
|
|
68
82
|
private
|
69
83
|
|
84
|
+
def initialize_uri(options, credential_path, endpoint)
|
85
|
+
if credential_path
|
86
|
+
initialize_relative_uri(options, credential_path)
|
87
|
+
# Use FULL_URI/endpoint only if RELATIVE_URI/path is not set
|
88
|
+
elsif endpoint
|
89
|
+
initialize_full_uri(endpoint)
|
90
|
+
else
|
91
|
+
raise ArgumentError,
|
92
|
+
'Cannot instantiate an ECS Credential Provider '\
|
93
|
+
'without a credential path or endpoint.'
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
def initialize_relative_uri(options, path)
|
98
|
+
@host = options[:ip_address] || '169.254.170.2'
|
99
|
+
@port = options[:port] || 80
|
100
|
+
@scheme = 'http'
|
101
|
+
@credential_path = path
|
102
|
+
end
|
103
|
+
|
104
|
+
def initialize_full_uri(endpoint)
|
105
|
+
uri = URI.parse(endpoint)
|
106
|
+
validate_full_uri!(uri)
|
107
|
+
@host = uri.host
|
108
|
+
@port = uri.port
|
109
|
+
@scheme = uri.scheme
|
110
|
+
@credential_path = uri.path
|
111
|
+
end
|
112
|
+
|
113
|
+
# Validate that the full URI is using a loopback address if scheme is http.
|
114
|
+
def validate_full_uri!(full_uri)
|
115
|
+
return unless full_uri.scheme == 'http'
|
116
|
+
|
117
|
+
begin
|
118
|
+
return if ip_loopback?(IPAddr.new(full_uri.host))
|
119
|
+
rescue IPAddr::InvalidAddressError
|
120
|
+
addresses = Resolv.getaddresses(full_uri.host)
|
121
|
+
return if addresses.all? { |addr| ip_loopback?(IPAddr.new(addr)) }
|
122
|
+
end
|
123
|
+
|
124
|
+
raise ArgumentError,
|
125
|
+
'AWS_CONTAINER_CREDENTIALS_FULL_URI must use a loopback '\
|
126
|
+
'address when using the http scheme.'
|
127
|
+
end
|
128
|
+
|
129
|
+
# loopback? method is available in Ruby 2.5+
|
130
|
+
# Replicate the logic here.
|
131
|
+
def ip_loopback?(ip_address)
|
132
|
+
case ip_address.family
|
133
|
+
when Socket::AF_INET
|
134
|
+
ip_address & 0xff000000 == 0x7f000000
|
135
|
+
when Socket::AF_INET6
|
136
|
+
ip_address == 1
|
137
|
+
else
|
138
|
+
false
|
139
|
+
end
|
140
|
+
end
|
141
|
+
|
70
142
|
def backoff(backoff)
|
71
143
|
case backoff
|
72
144
|
when Proc then backoff
|
73
|
-
when Numeric then
|
74
|
-
else
|
145
|
+
when Numeric then ->(_) { sleep(backoff) }
|
146
|
+
else ->(num_failures) { Kernel.sleep(1.2**num_failures) }
|
75
147
|
end
|
76
148
|
end
|
77
149
|
|
@@ -79,68 +151,64 @@ module Aws
|
|
79
151
|
# Retry loading credentials up to 3 times is the instance metadata
|
80
152
|
# service is responding but is returning invalid JSON documents
|
81
153
|
# in response to the GET profile credentials call.
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
end
|
92
|
-
rescue Aws::Json::ParseError
|
93
|
-
raise Aws::Errors::MetadataParserError.new
|
154
|
+
|
155
|
+
retry_errors([Aws::Json::ParseError, StandardError], max_retries: 3) do
|
156
|
+
c = Aws::Json.load(get_credentials.to_s)
|
157
|
+
@credentials = Credentials.new(
|
158
|
+
c['AccessKeyId'],
|
159
|
+
c['SecretAccessKey'],
|
160
|
+
c['Token']
|
161
|
+
)
|
162
|
+
@expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
|
94
163
|
end
|
164
|
+
rescue Aws::Json::ParseError
|
165
|
+
raise Aws::Errors::MetadataParserError
|
95
166
|
end
|
96
167
|
|
97
168
|
def get_credentials
|
98
169
|
# Retry loading credentials a configurable number of times if
|
99
170
|
# the instance metadata service is not responding.
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
end
|
171
|
+
|
172
|
+
retry_errors(NETWORK_ERRORS, max_retries: @retries) do
|
173
|
+
open_connection do |conn|
|
174
|
+
http_get(conn, @credential_path)
|
105
175
|
end
|
106
|
-
rescue
|
107
|
-
'{}'
|
108
176
|
end
|
177
|
+
rescue StandardError
|
178
|
+
'{}'
|
109
179
|
end
|
110
180
|
|
111
181
|
def open_connection
|
112
|
-
http = Net::HTTP.new(@
|
182
|
+
http = Net::HTTP.new(@host, @port, nil)
|
113
183
|
http.open_timeout = @http_open_timeout
|
114
184
|
http.read_timeout = @http_read_timeout
|
115
185
|
http.set_debug_output(@http_debug_output) if @http_debug_output
|
186
|
+
http.use_ssl = @scheme == 'https'
|
116
187
|
http.start
|
117
188
|
yield(http).tap { http.finish }
|
118
189
|
end
|
119
190
|
|
120
191
|
def http_get(connection, path)
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
192
|
+
request = Net::HTTP::Get.new(path)
|
193
|
+
request['Authorization'] = @authorization_token if @authorization_token
|
194
|
+
response = connection.request(request)
|
195
|
+
raise Non200Response unless response.code.to_i == 200
|
196
|
+
|
197
|
+
response.body
|
127
198
|
end
|
128
199
|
|
129
|
-
def retry_errors(error_classes, options = {}
|
200
|
+
def retry_errors(error_classes, options = {})
|
130
201
|
max_retries = options[:max_retries]
|
131
202
|
retries = 0
|
132
203
|
begin
|
133
204
|
yield
|
134
|
-
rescue *error_classes =>
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
raise
|
141
|
-
end
|
205
|
+
rescue *error_classes => _e
|
206
|
+
raise unless retries < max_retries
|
207
|
+
|
208
|
+
@backoff.call(retries)
|
209
|
+
retries += 1
|
210
|
+
retry
|
142
211
|
end
|
143
212
|
end
|
144
|
-
|
145
213
|
end
|
146
214
|
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module Endpoints
|
5
|
+
# This class is deprecated. It is used by the Runtime endpoint
|
6
|
+
# resolution approach. It has been replaced by a code generated
|
7
|
+
# approach in each service gem. It can be removed in a new
|
8
|
+
# major version. It has to exist because
|
9
|
+
# old service gems can use a new core version.
|
10
|
+
# @api private
|
11
|
+
class Condition
|
12
|
+
def initialize(fn:, argv:, assign: nil)
|
13
|
+
@fn = Function.new(fn: fn, argv: argv)
|
14
|
+
@assign = assign
|
15
|
+
@assigned = {}
|
16
|
+
end
|
17
|
+
|
18
|
+
attr_reader :fn
|
19
|
+
attr_reader :argv
|
20
|
+
attr_reader :assign
|
21
|
+
|
22
|
+
attr_reader :assigned
|
23
|
+
|
24
|
+
def match?(parameters, assigns)
|
25
|
+
output = @fn.call(parameters, assigns)
|
26
|
+
@assigned = @assigned.merge({ @assign => output }) if @assign
|
27
|
+
output
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.from_json(conditions_json)
|
31
|
+
conditions_json.each.with_object([]) do |condition, conditions|
|
32
|
+
conditions << new(
|
33
|
+
fn: condition['fn'],
|
34
|
+
argv: condition['argv'],
|
35
|
+
assign: condition['assign']
|
36
|
+
)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module Endpoints
|
5
|
+
class Endpoint
|
6
|
+
def initialize(url:, properties: {}, headers: {})
|
7
|
+
@url = url
|
8
|
+
@properties = properties
|
9
|
+
@headers = headers
|
10
|
+
end
|
11
|
+
|
12
|
+
attr_reader :url
|
13
|
+
attr_reader :properties
|
14
|
+
attr_reader :headers
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module Endpoints
|
5
|
+
# This class is deprecated. It is used by the Runtime endpoint
|
6
|
+
# resolution approach. It has been replaced by a code generated
|
7
|
+
# approach in each service gem. It can be removed in a new
|
8
|
+
# major version. It has to exist because
|
9
|
+
# old service gems can use a new core version. # @api private
|
10
|
+
class EndpointRule < Rule
|
11
|
+
def initialize(type: 'endpoint', conditions:, endpoint:,
|
12
|
+
documentation: nil)
|
13
|
+
@type = type
|
14
|
+
@conditions = Condition.from_json(conditions)
|
15
|
+
@endpoint = endpoint
|
16
|
+
@documentation = documentation
|
17
|
+
end
|
18
|
+
|
19
|
+
attr_reader :type
|
20
|
+
attr_reader :conditions
|
21
|
+
attr_reader :endpoint
|
22
|
+
attr_reader :documentation
|
23
|
+
|
24
|
+
def match(parameters, assigned = {})
|
25
|
+
assigns = assigned.dup
|
26
|
+
matched = conditions.all? do |condition|
|
27
|
+
output = condition.match?(parameters, assigns)
|
28
|
+
assigns = assigns.merge(condition.assigned) if condition.assign
|
29
|
+
output
|
30
|
+
end
|
31
|
+
resolved_endpoint(parameters, assigns) if matched
|
32
|
+
end
|
33
|
+
|
34
|
+
def resolved_endpoint(parameters, assigns)
|
35
|
+
Endpoint.new(
|
36
|
+
url: resolve_value(@endpoint['url'], parameters, assigns),
|
37
|
+
properties: resolve_properties(
|
38
|
+
@endpoint['properties'] || {},
|
39
|
+
parameters,
|
40
|
+
assigns
|
41
|
+
),
|
42
|
+
headers: resolve_headers(parameters, assigns)
|
43
|
+
)
|
44
|
+
end
|
45
|
+
|
46
|
+
private
|
47
|
+
|
48
|
+
def resolve_headers(parameters, assigns)
|
49
|
+
(@endpoint['headers'] || {}).each.with_object({}) do |(key, arr), headers|
|
50
|
+
headers[key] = []
|
51
|
+
arr.each do |value|
|
52
|
+
headers[key] << resolve_value(value, parameters, assigns)
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
def resolve_properties(obj, parameters, assigns)
|
58
|
+
case obj
|
59
|
+
when Hash
|
60
|
+
obj.each.with_object({}) do |(key, value), hash|
|
61
|
+
hash[key] = resolve_properties(value, parameters, assigns)
|
62
|
+
end
|
63
|
+
when Array
|
64
|
+
obj.collect { |value| resolve_properties(value, parameters, assigns) }
|
65
|
+
else
|
66
|
+
if obj.is_a?(String)
|
67
|
+
Templater.resolve(obj, parameters, assigns)
|
68
|
+
else
|
69
|
+
obj
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module Endpoints
|
5
|
+
# This class is deprecated. It is used by the Runtime endpoint
|
6
|
+
# resolution approach. It has been replaced by a code generated
|
7
|
+
# approach in each service gem. It can be removed in a new
|
8
|
+
# major version. It has to exist because
|
9
|
+
# old service gems can use a new core version.
|
10
|
+
# @api private
|
11
|
+
class ErrorRule < Rule
|
12
|
+
def initialize(type: 'error', conditions:, error: nil, documentation: nil)
|
13
|
+
@type = type
|
14
|
+
@conditions = Condition.from_json(conditions)
|
15
|
+
@error = error
|
16
|
+
@documentation = documentation
|
17
|
+
end
|
18
|
+
|
19
|
+
attr_reader :type
|
20
|
+
attr_reader :conditions
|
21
|
+
attr_reader :error
|
22
|
+
attr_reader :documentation
|
23
|
+
|
24
|
+
def match(parameters, assigned = {})
|
25
|
+
assigns = assigned.dup
|
26
|
+
matched = conditions.all? do |condition|
|
27
|
+
output = condition.match?(parameters, assigns)
|
28
|
+
assigns = assigns.merge(condition.assigned) if condition.assign
|
29
|
+
output
|
30
|
+
end
|
31
|
+
resolved_error(parameters, assigns) if matched
|
32
|
+
end
|
33
|
+
|
34
|
+
private
|
35
|
+
|
36
|
+
def resolved_error(parameters, assigns)
|
37
|
+
error = resolve_value(@error, parameters, assigns)
|
38
|
+
ArgumentError.new(error)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module Endpoints
|
5
|
+
# This class is deprecated. It is used by the Runtime endpoint
|
6
|
+
# resolution approach. It has been replaced by a code generated
|
7
|
+
# approach in each service gem. It can be removed in a new
|
8
|
+
# major version. It has to exist because
|
9
|
+
# old service gems can use a new core version.
|
10
|
+
# @api private
|
11
|
+
class Function
|
12
|
+
def initialize(fn:, argv:)
|
13
|
+
@fn = fn
|
14
|
+
@argv = build_argv(argv)
|
15
|
+
end
|
16
|
+
|
17
|
+
attr_reader :fn
|
18
|
+
attr_reader :argv
|
19
|
+
|
20
|
+
def call(parameters, assigns)
|
21
|
+
args = []
|
22
|
+
@argv.each do |arg|
|
23
|
+
if arg.is_a?(Reference)
|
24
|
+
args << arg.resolve(parameters, assigns)
|
25
|
+
elsif arg.is_a?(Function)
|
26
|
+
args << arg.call(parameters, assigns)
|
27
|
+
else
|
28
|
+
if arg.is_a?(String)
|
29
|
+
arg = Templater.resolve(arg, parameters, assigns)
|
30
|
+
end
|
31
|
+
args << arg
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
case @fn
|
36
|
+
when 'isSet'
|
37
|
+
Matchers.set?(*args)
|
38
|
+
when 'not'
|
39
|
+
Matchers.not(*args)
|
40
|
+
when 'getAttr'
|
41
|
+
Matchers.attr(*args)
|
42
|
+
when 'substring'
|
43
|
+
Matchers.substring(*args)
|
44
|
+
when 'stringEquals'
|
45
|
+
Matchers.string_equals?(*args)
|
46
|
+
when 'booleanEquals'
|
47
|
+
Matchers.boolean_equals?(*args)
|
48
|
+
when 'uriEncode'
|
49
|
+
Matchers.uri_encode(*args)
|
50
|
+
when 'parseURL'
|
51
|
+
Matchers.parse_url(*args)
|
52
|
+
when 'isValidHostLabel'
|
53
|
+
Matchers.valid_host_label?(*args)
|
54
|
+
when 'aws.partition'
|
55
|
+
Matchers.aws_partition(*args)
|
56
|
+
when 'aws.parseArn'
|
57
|
+
Matchers.aws_parse_arn(*args)
|
58
|
+
when 'aws.isVirtualHostableS3Bucket'
|
59
|
+
Matchers.aws_virtual_hostable_s3_bucket?(*args)
|
60
|
+
else
|
61
|
+
raise "Function not found: #{@fn}"
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
private
|
66
|
+
|
67
|
+
def build_argv(argv_json)
|
68
|
+
argv_json.each.with_object([]) do |arg, argv|
|
69
|
+
argv << if arg.is_a?(Hash) && arg['ref']
|
70
|
+
Reference.new(ref: arg['ref'])
|
71
|
+
elsif arg.is_a?(Hash) && arg['fn']
|
72
|
+
Function.new(fn: arg['fn'], argv: arg['argv'])
|
73
|
+
else
|
74
|
+
arg
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
@@ -0,0 +1,131 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'cgi'
|
4
|
+
|
5
|
+
module Aws
|
6
|
+
module Endpoints
|
7
|
+
# generic matcher functions for service endpoints
|
8
|
+
# @api private
|
9
|
+
module Matchers
|
10
|
+
# Regex that extracts anything in square brackets
|
11
|
+
BRACKET_REGEX = /\[(.*?)\]/.freeze
|
12
|
+
|
13
|
+
# CORE
|
14
|
+
|
15
|
+
# isSet(value: Option<T>) bool
|
16
|
+
def self.set?(value)
|
17
|
+
!value.nil?
|
18
|
+
end
|
19
|
+
|
20
|
+
# not(value: bool) bool
|
21
|
+
def self.not(bool)
|
22
|
+
!bool
|
23
|
+
end
|
24
|
+
|
25
|
+
# getAttr(value: Object | Array, path: string) Document
|
26
|
+
def self.attr(value, path)
|
27
|
+
parts = path.split('.')
|
28
|
+
|
29
|
+
val = if (index = parts.first[BRACKET_REGEX, 1])
|
30
|
+
# remove brackets and index from part before indexing
|
31
|
+
value[parts.first.gsub(BRACKET_REGEX, '')][index.to_i]
|
32
|
+
else
|
33
|
+
value[parts.first]
|
34
|
+
end
|
35
|
+
|
36
|
+
if parts.size == 1
|
37
|
+
val
|
38
|
+
else
|
39
|
+
attr(val, parts.slice(1..-1).join('.'))
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
def self.substring(input, start, stop, reverse)
|
44
|
+
return nil if start >= stop || input.size < stop
|
45
|
+
|
46
|
+
return nil if input.chars.any? { |c| c.ord > 127 }
|
47
|
+
|
48
|
+
return input[start...stop] unless reverse
|
49
|
+
|
50
|
+
r_start = input.size - stop
|
51
|
+
r_stop = input.size - start
|
52
|
+
input[r_start...r_stop]
|
53
|
+
end
|
54
|
+
|
55
|
+
# stringEquals(value1: string, value2: string) bool
|
56
|
+
def self.string_equals?(value1, value2)
|
57
|
+
value1 == value2
|
58
|
+
end
|
59
|
+
|
60
|
+
# booleanEquals(value1: bool, value2: bool) bool
|
61
|
+
def self.boolean_equals?(value1, value2)
|
62
|
+
value1 == value2
|
63
|
+
end
|
64
|
+
|
65
|
+
# uriEncode(value: string) string
|
66
|
+
def self.uri_encode(value)
|
67
|
+
CGI.escape(value.encode('UTF-8')).gsub('+', '%20').gsub('%7E', '~')
|
68
|
+
end
|
69
|
+
|
70
|
+
# parseUrl(value: string) Option<URL>
|
71
|
+
def self.parse_url(value)
|
72
|
+
URL.new(value).as_json
|
73
|
+
rescue ArgumentError, URI::InvalidURIError
|
74
|
+
nil
|
75
|
+
end
|
76
|
+
|
77
|
+
# isValidHostLabel(value: string, allowSubDomains: bool) bool
|
78
|
+
def self.valid_host_label?(value, allow_sub_domains = false)
|
79
|
+
return false if value.empty?
|
80
|
+
|
81
|
+
if allow_sub_domains
|
82
|
+
labels = value.split('.', -1)
|
83
|
+
return labels.all? { |l| valid_host_label?(l) }
|
84
|
+
end
|
85
|
+
|
86
|
+
!!(value =~ /\A(?!-)[a-zA-Z0-9-]{1,63}(?<!-)\z/)
|
87
|
+
end
|
88
|
+
|
89
|
+
# AWS
|
90
|
+
|
91
|
+
# aws.partition(value: string) Option<Partition>
|
92
|
+
def self.aws_partition(value)
|
93
|
+
partition =
|
94
|
+
Aws::Partitions.find { |p| p.region?(value) } ||
|
95
|
+
Aws::Partitions.find { |p| value.match(p.region_regex) } ||
|
96
|
+
Aws::Partitions.find { |p| p.name == 'aws' }
|
97
|
+
|
98
|
+
return nil unless partition
|
99
|
+
|
100
|
+
partition.metadata
|
101
|
+
end
|
102
|
+
|
103
|
+
# aws.parseArn(value: string) Option<ARN>
|
104
|
+
def self.aws_parse_arn(value)
|
105
|
+
arn = Aws::ARNParser.parse(value)
|
106
|
+
json = arn.as_json
|
107
|
+
# HACK: because of poor naming and also requirement of splitting
|
108
|
+
resource = json.delete('resource')
|
109
|
+
json['resourceId'] = resource.split(%r{[:\/]}, -1)
|
110
|
+
json
|
111
|
+
rescue Aws::Errors::InvalidARNError
|
112
|
+
nil
|
113
|
+
end
|
114
|
+
|
115
|
+
# aws.isVirtualHostableS3Bucket(value: string, allowSubDomains: bool) bool
|
116
|
+
def self.aws_virtual_hostable_s3_bucket?(value, allow_sub_domains = false)
|
117
|
+
return false if value.empty?
|
118
|
+
|
119
|
+
if allow_sub_domains
|
120
|
+
labels = value.split('.', -1)
|
121
|
+
return labels.all? { |l| aws_virtual_hostable_s3_bucket?(l) }
|
122
|
+
end
|
123
|
+
|
124
|
+
# must be between 3 and 63 characters long, no uppercase
|
125
|
+
value =~ /\A(?!-)[a-z0-9-]{3,63}(?<!-)\z/ &&
|
126
|
+
# not an IP address
|
127
|
+
value !~ /(\d+\.){3}\d+/
|
128
|
+
end
|
129
|
+
end
|
130
|
+
end
|
131
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module Endpoints
|
5
|
+
# This class is deprecated. It is used by the Runtime endpoint
|
6
|
+
# resolution approach. It has been replaced by a code generated
|
7
|
+
# approach in each service gem. It can be removed in a new
|
8
|
+
# major version. It has to exist because
|
9
|
+
# old service gems can use a new core version.
|
10
|
+
# @api private
|
11
|
+
class Reference
|
12
|
+
def initialize(ref:)
|
13
|
+
@ref = ref
|
14
|
+
end
|
15
|
+
|
16
|
+
attr_reader :ref
|
17
|
+
|
18
|
+
def resolve(parameters, assigns)
|
19
|
+
if parameters.class.singleton_class::PARAM_MAP.key?(@ref)
|
20
|
+
member_name = parameters.class.singleton_class::PARAM_MAP[@ref]
|
21
|
+
parameters[member_name]
|
22
|
+
elsif assigns.key?(@ref)
|
23
|
+
assigns[@ref]
|
24
|
+
else
|
25
|
+
raise ArgumentError,
|
26
|
+
"Reference #{@ref} is not a param or an assigned value."
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module Endpoints
|
5
|
+
# This class is deprecated. It is used by the Runtime endpoint
|
6
|
+
# resolution approach. It has been replaced by a code generated
|
7
|
+
# approach in each service gem. It can be removed in a new
|
8
|
+
# major version. It has to exist because
|
9
|
+
# old service gems can use a new core version.
|
10
|
+
# @api private
|
11
|
+
class Rule
|
12
|
+
# Resolves a value that is a function, reference, or template string.
|
13
|
+
def resolve_value(value, parameters, assigns)
|
14
|
+
if value.is_a?(Hash) && value['fn']
|
15
|
+
Function.new(fn: value['fn'], argv: value['argv'])
|
16
|
+
.call(parameters, assigns)
|
17
|
+
elsif value.is_a?(Hash) && value['ref']
|
18
|
+
Reference.new(ref: value['ref']).resolve(parameters, assigns)
|
19
|
+
else
|
20
|
+
Templater.resolve(value, parameters, assigns)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|