aws-sdk-core 3.124.0 → 3.186.0

data/lib/aws-sdk-core/log/formatter.rb

@@ -26,6 +26,8 @@ module Aws
     #
     # You can put any of these placeholders into you pattern.
     #
+    #   * `:region` - The region configured for the client.
+    #
     #   * `:client_class` - The name of the client class.
     #
     #   * `:operation` - The name of the client request method.
@@ -116,6 +118,10 @@ module Aws
 
       private
 
+      def _region(response)
+        response.context.config.region
+      end
+
       def _client_class(response)
         response.context.client.class.name
       end

data/lib/aws-sdk-core/pageable_response.rb

@@ -48,11 +48,11 @@ module Aws
   #
   module PageableResponse
 
-    def self.extended(base)
-      base.extend Enumerable
-      base.extend UnsafeEnumerableMethods
-      base.instance_variable_set("@last_page", nil)
-      base.instance_variable_set("@more_results", nil)
+    def self.apply(base)
+      base.extend Extension
+      base.instance_variable_set(:@last_page, nil)
+      base.instance_variable_set(:@more_results, nil)
+      base
     end
 
     # @return [Paging::Pager]
@@ -62,39 +62,26 @@ module Aws
     # when this method returns `false` will raise an error.
     # @return [Boolean]
     def last_page?
-      if @last_page.nil?
-        @last_page = !@pager.truncated?(self)
-      end
-      @last_page
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # Returns `true` if there are more results.  Calling {#next_page} will
     # return the next response.
     # @return [Boolean]
     def next_page?
-      !last_page?
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # @return [Seahorse::Client::Response]
     def next_page(params = {})
-      if last_page?
-        raise LastPageError.new(self)
-      else
-        next_response(params)
-      end
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # Yields the current and each following response to the given block.
     # @yieldparam [Response] response
     # @return [Enumerable,nil] Returns a new Enumerable if no block is given.
     def each(&block)
-      return enum_for(:each_page) unless block_given?
-      response = self
-      yield(response)
-      until response.last_page?
-        response = response.next_page
-        yield(response)
-      end
+      # Actual implementation is in PageableResponse::Extension
     end
     alias each_page each
 
@@ -105,9 +92,7 @@ module Aws
     # @return [Seahorse::Client::Response] Returns the next page of
     #   results.
     def next_response(params)
-      params = next_page_params(params)
-      request = context.client.build_request(context.operation_name, params)
-      request.send_request
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # @param [Hash] params A hash of additional request params to
@@ -115,13 +100,7 @@ module Aws
     # @return [Hash] Returns the hash of request parameters for the
     #   next page, merging any given params.
     def next_page_params(params)
-      # Remove all previous tokens from original params
-      # Sometimes a token can be nil and merge would not include it.
-      tokens = @pager.tokens.values.map(&:to_sym)
-
-      params_without_tokens = context[:original_params].reject { |k, _v| tokens.include?(k) }
-      params_without_tokens.merge!(@pager.next_tokens(self).merge(params))
-      params_without_tokens
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # Raised when calling {PageableResponse#next_page} on a pager that
@@ -167,6 +146,76 @@ module Aws
         data.to_h
       end
 
+      def as_json(_options = {})
+        data.to_h(data, as_json: true)
+      end
+
+      def to_json(options = {})
+        as_json.to_json(options)
+      end
+    end
+
+    # The actual decorator module implementation. It is in a distinct module
+    # so that it can be used to extend objects without busting Ruby's constant cache.
+    # object.extend(mod) bust the constant cache only if `mod` contains constants of its own.
+    # @api private
+    module Extension
+
+      include Enumerable
+      include UnsafeEnumerableMethods
+
+      attr_accessor :pager
+
+      def last_page?
+        if @last_page.nil?
+          @last_page = !@pager.truncated?(self)
+        end
+        @last_page
+      end
+
+      def next_page?
+        !last_page?
+      end
+
+      def next_page(params = {})
+        if last_page?
+          raise LastPageError.new(self)
+        else
+          next_response(params)
+        end
+      end
+
+      def each(&block)
+        return enum_for(:each_page) unless block_given?
+        response = self
+        yield(response)
+        until response.last_page?
+          response = response.next_page
+          yield(response)
+        end
+      end
+      alias each_page each
+
+      private
+
+      def next_response(params)
+        params = next_page_params(params)
+        request = context.client.build_request(context.operation_name, params)
+        Aws::Plugins::UserAgent.feature('paginator') do
+          request.send_request
+        end
+      end
+
+      def next_page_params(params)
+        # Remove all previous tokens from original params
+        # Sometimes a token can be nil and merge would not include it.
+        tokens = @pager.tokens.values.map(&:to_sym)
+
+        params_without_tokens = context[:original_params].reject { |k, _v| tokens.include?(k) }
+        params_without_tokens.merge!(@pager.next_tokens(self).merge(params))
+        params_without_tokens
+      end
+
     end
   end
 end

data/lib/aws-sdk-core/param_validator.rb

@@ -6,7 +6,7 @@ module Aws
 
     include Seahorse::Model::Shapes
 
-    EXPECTED_GOT = "expected %s to be %s, got value %s (class: %s) instead."
+    EXPECTED_GOT = 'expected %s to be %s, got class %s instead.'
 
     # @param [Seahorse::Model::Shapes::ShapeRef] rules
     # @param [Hash] params
@@ -230,7 +230,7 @@ module Aws
     end
 
     def expected_got(context, expected, got)
-      EXPECTED_GOT % [context, expected, got.inspect, got.class.name]
+      EXPECTED_GOT % [context, expected, got.class.name]
     end
 
   end

data/lib/aws-sdk-core/plugins/bearer_authorization.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Aws
+  # @api private
+  module Plugins
+    # @api private
+    class BearerAuthorization < Seahorse::Client::Plugin
+
+      option(:token_provider,
+             required: false,
+             doc_type: 'Aws::TokenProvider',
+             docstring: <<-DOCS
+A Bearer Token Provider. This can be an instance of any one of the
+following classes:
+
+* `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+  tokens.
+
+* `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+  access token generated from `aws login`.
+
+When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+will be used to search for tokens configured for your profile in shared configuration files.
+      DOCS
+      ) do |config|
+        if config.stub_responses
+          StaticTokenProvider.new('token')
+        else
+          TokenProviderChain.new(config).resolve
+        end
+      end
+
+
+      def add_handlers(handlers, cfg)
+        bearer_operations =
+          if cfg.api.metadata['signatureVersion'] == 'bearer'
+            # select operations where authtype is either not set or is bearer
+            cfg.api.operation_names.select do |o|
+              !cfg.api.operation(o)['authtype'] || cfg.api.operation(o)['authtype'] == 'bearer'
+            end
+          else # service is not bearer auth
+            # select only operations where authtype is explicitly bearer
+            cfg.api.operation_names.select do |o|
+              cfg.api.operation(o)['authtype'] == 'bearer'
+            end
+          end
+        handlers.add(Handler, step: :sign, operations: bearer_operations)
+      end
+
+      class Handler < Seahorse::Client::Handler
+        def call(context)
+          if context.http_request.endpoint.scheme != 'https'
+            raise ArgumentError, 'Unable to use bearer authorization on non https endpoint.'
+          end
+
+          token_provider = context.config.token_provider
+          if token_provider && token_provider.set?
+            context.http_request.headers['Authorization'] = "Bearer #{token_provider.token.token}"
+          else
+            raise Errors::MissingBearerTokenError
+          end
+          @handler.call(context)
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/checksum_algorithm.rb

@@ -0,0 +1,340 @@
+# frozen_string_literal: true
+
+module Aws
+  module Plugins
+    # @api private
+    class ChecksumAlgorithm < Seahorse::Client::Plugin
+      CHUNK_SIZE = 1 * 1024 * 1024 # one MB
+
+      # determine the set of supported client side checksum algorithms
+      # CRC32c requires aws-crt (optional sdk dependency) for support
+      CLIENT_ALGORITHMS = begin
+        supported = %w[SHA256 SHA1 CRC32]
+        begin
+          require 'aws-crt'
+          supported << 'CRC32C'
+        rescue LoadError
+        end
+        supported
+      end.freeze
+
+      # priority order of checksum algorithms to validate responses against
+      # Remove any algorithms not supported by client (ie, depending on CRT availability)
+      CHECKSUM_ALGORITHM_PRIORITIES = %w[CRC32C SHA1 CRC32 SHA256] & CLIENT_ALGORITHMS
+
+      # byte size of checksums, used in computing the trailer length
+      CHECKSUM_SIZE = {
+        'CRC32' => 16,
+        'CRC32C' => 16,
+        'SHA1' => 36,
+        'SHA256' => 52
+      }
+
+      # Interface for computing digests on request/response bodies
+      # which may be files, strings or IO like objects
+      # Applies only to digest functions that produce 32 bit integer checksums
+      # (eg CRC32)
+      class Digest32
+
+        attr_reader :value
+
+        # @param [Object] digest_fn
+        def initialize(digest_fn)
+          @digest_fn = digest_fn
+          @value = 0
+        end
+
+        def update(chunk)
+          @value = @digest_fn.call(chunk, @value)
+        end
+
+        def base64digest
+          Base64.encode64([@value].pack('N')).chomp
+        end
+      end
+
+      def add_handlers(handlers, _config)
+        handlers.add(OptionHandler, step: :initialize)
+        # priority set low to ensure checksum is computed AFTER the request is
+        # built but before it is signed
+        handlers.add(ChecksumHandler, priority: 15, step: :build)
+      end
+
+      private
+
+      def self.request_algorithm_selection(context)
+        return unless context.operation.http_checksum
+
+        input_member = context.operation.http_checksum['requestAlgorithmMember']
+        context.params[input_member.to_sym]&.upcase if input_member
+      end
+
+      def self.request_validation_mode(context)
+        return unless context.operation.http_checksum
+
+        input_member = context.operation.http_checksum['requestValidationModeMember']
+        context.params[input_member.to_sym] if input_member
+      end
+
+      def self.operation_response_algorithms(context)
+        return unless context.operation.http_checksum
+
+        context.operation.http_checksum['responseAlgorithms']
+      end
+
+
+      # @api private
+      class OptionHandler < Seahorse::Client::Handler
+        def call(context)
+          context[:http_checksum] ||= {}
+
+          # validate request configuration
+          if (request_input = ChecksumAlgorithm.request_algorithm_selection(context))
+            unless CLIENT_ALGORITHMS.include? request_input
+              if (request_input == 'CRC32C')
+                raise ArgumentError, "CRC32C requires crt support - install the aws-crt gem for support."
+              else
+                raise ArgumentError, "#{request_input} is not a supported checksum algorithm."
+              end
+            end
+          end
+
+        # validate response configuration
+          if (ChecksumAlgorithm.request_validation_mode(context))
+            # Compute an ordered list as the union between priority supported and the
+            # operation's modeled response algorithms.
+            validation_list = CHECKSUM_ALGORITHM_PRIORITIES &
+              ChecksumAlgorithm.operation_response_algorithms(context)
+            context[:http_checksum][:validation_list] = validation_list
+          end
+
+          @handler.call(context)
+        end
+      end
+
+      # @api private
+      class ChecksumHandler < Seahorse::Client::Handler
+
+        def call(context)
+          if should_calculate_request_checksum?(context)
+            request_algorithm_input = ChecksumAlgorithm.request_algorithm_selection(context)
+            context[:checksum_algorithms] = request_algorithm_input
+
+            request_checksum_property = {
+              'algorithm' => request_algorithm_input,
+              'in' => checksum_request_in(context),
+              'name' => "x-amz-checksum-#{request_algorithm_input.downcase}"
+            }
+
+            calculate_request_checksum(context, request_checksum_property)
+          end
+
+          if should_verify_response_checksum?(context)
+            add_verify_response_checksum_handlers(context)
+          end
+
+          @handler.call(context)
+        end
+
+        private
+
+        def should_calculate_request_checksum?(context)
+          context.operation.http_checksum &&
+            ChecksumAlgorithm.request_algorithm_selection(context)
+        end
+
+        def should_verify_response_checksum?(context)
+          context[:http_checksum][:validation_list] && !context[:http_checksum][:validation_list].empty?
+        end
+
+        def calculate_request_checksum(context, checksum_properties)
+          case checksum_properties['in']
+          when 'header'
+            header_name = checksum_properties['name']
+            body = context.http_request.body_contents
+            if body
+              context.http_request.headers[header_name] ||=
+                ChecksumAlgorithm.calculate_checksum(checksum_properties['algorithm'], body)
+            end
+          when 'trailer'
+            apply_request_trailer_checksum(context, checksum_properties)
+          end
+        end
+
+        def apply_request_trailer_checksum(context, checksum_properties)
+          location_name = checksum_properties['name']
+
+          # set required headers
+          headers = context.http_request.headers
+          headers['Content-Encoding'] = 'aws-chunked'
+          headers['X-Amz-Content-Sha256'] = 'STREAMING-UNSIGNED-PAYLOAD-TRAILER'
+          headers['X-Amz-Trailer'] = location_name
+
+          # We currently always compute the size in the modified body wrapper - allowing us
+          # to set the Content-Length header (set by content_length plugin).
+          # This means we cannot use Transfer-Encoding=chunked
+
+          if !context.http_request.body.respond_to?(:size)
+            raise Aws::Errors::ChecksumError, 'Could not determine length of the body'
+          end
+          headers['X-Amz-Decoded-Content-Length'] = context.http_request.body.size
+
+          context.http_request.body = AwsChunkedTrailerDigestIO.new(
+            context.http_request.body,
+            checksum_properties['algorithm'],
+            location_name
+          )
+        end
+
+        # Add events to the http_response to verify the checksum as its read
+        # This prevents the body from being read multiple times
+        # verification is done only once a successful response has completed
+        def add_verify_response_checksum_handlers(context)
+          http_response = context.http_response
+          checksum_context = { }
+          http_response.on_headers do |_status, headers|
+            header_name, algorithm = response_header_to_verify(headers, context[:http_checksum][:validation_list])
+            if header_name
+              expected = headers[header_name]
+
+              unless context[:http_checksum][:skip_on_suffix] && /-[\d]+$/.match(expected)
+                checksum_context[:algorithm] = algorithm
+                checksum_context[:header_name] = header_name
+                checksum_context[:digest] = ChecksumAlgorithm.digest_for_algorithm(algorithm)
+                checksum_context[:expected] = expected
+              end
+            end
+          end
+
+          http_response.on_data do |chunk|
+            checksum_context[:digest].update(chunk) if checksum_context[:digest]
+          end
+
+          http_response.on_success do
+            if checksum_context[:digest] &&
+              (computed = checksum_context[:digest].base64digest)
+
+              if computed != checksum_context[:expected]
+                raise Aws::Errors::ChecksumError,
+                      "Checksum validation failed on #{checksum_context[:header_name]} "\
+                      "computed: #{computed}, expected: #{checksum_context[:expected]}"
+              end
+
+              context[:http_checksum][:validated] = checksum_context[:algorithm]
+            end
+          end
+        end
+
+        # returns nil if no headers to verify
+        def response_header_to_verify(headers, validation_list)
+          validation_list.each do |algorithm|
+            header_name = "x-amz-checksum-#{algorithm}"
+            return [header_name, algorithm] if headers[header_name]
+          end
+          nil
+        end
+
+        # determine where (header vs trailer) a request checksum should be added
+        def checksum_request_in(context)
+          if context.operation['authtype'].eql?('v4-unsigned-body')
+            'trailer'
+          else
+            'header'
+          end
+        end
+
+      end
+
+      def self.calculate_checksum(algorithm, body)
+        digest = ChecksumAlgorithm.digest_for_algorithm(algorithm)
+        if body.respond_to?(:read)
+          ChecksumAlgorithm.update_in_chunks(digest, body)
+        else
+          digest.update(body)
+        end
+        digest.base64digest
+      end
+
+      def self.digest_for_algorithm(algorithm)
+        case algorithm
+        when 'CRC32'
+          Digest32.new(Zlib.method(:crc32))
+        when 'CRC32C'
+          # this will only be used if input algorithm is CRC32C AND client supports it (crt available)
+          Digest32.new(Aws::Crt::Checksums.method(:crc32c))
+        when 'SHA1'
+          Digest::SHA1.new
+        when 'SHA256'
+          Digest::SHA256.new
+        end
+      end
+
+      # The trailer size (in bytes) is the overhead + the trailer name +
+      # the length of the base64 encoded checksum
+      def self.trailer_length(algorithm, location_name)
+        CHECKSUM_SIZE[algorithm] + location_name.size
+      end
+
+      def self.update_in_chunks(digest, io)
+        loop do
+          chunk = io.read(CHUNK_SIZE)
+          break unless chunk
+          digest.update(chunk)
+        end
+        io.rewind
+      end
+
+      # Wrapper for request body that implements application-layer
+      # chunking with Digest computed on chunks + added as a trailer
+      class AwsChunkedTrailerDigestIO
+        CHUNK_SIZE = 16384
+
+        def initialize(io, algorithm, location_name)
+          @io = io
+          @location_name = location_name
+          @algorithm = algorithm
+          @digest = ChecksumAlgorithm.digest_for_algorithm(algorithm)
+          @trailer_io = nil
+        end
+
+        # the size of the application layer aws-chunked + trailer body
+        def size
+          # compute the number of chunks
+          # a full chunk has 4 + 4 bytes overhead, a partial chunk is len.to_s(16).size + 4
+          orig_body_size = @io.size
+          n_full_chunks = orig_body_size / CHUNK_SIZE
+          partial_bytes = orig_body_size % CHUNK_SIZE
+          chunked_body_size = n_full_chunks * (CHUNK_SIZE + 8)
+          chunked_body_size += partial_bytes.to_s(16).size + partial_bytes + 4 unless  partial_bytes.zero?
+          trailer_size = ChecksumAlgorithm.trailer_length(@algorithm, @location_name)
+          chunked_body_size + trailer_size
+        end
+
+        def rewind
+          @io.rewind
+        end
+
+        def read(length, buf = nil)
+          # account for possible leftover bytes at the end, if we have trailer bytes, send them
+          if @trailer_io
+            return @trailer_io.read(length, buf)
+          end
+
+          chunk = @io.read(length)
+          if chunk
+            @digest.update(chunk)
+            application_chunked = "#{chunk.bytesize.to_s(16)}\r\n#{chunk}\r\n"
+            return StringIO.new(application_chunked).read(application_chunked.size, buf)
+          else
+            trailers = {}
+            trailers[@location_name] = @digest.base64digest
+            trailers = trailers.map { |k,v| "#{k}:#{v}"}.join("\r\n")
+            @trailer_io = StringIO.new("0\r\n#{trailers}\r\n\r\n")
+            chunk = @trailer_io.read(length, buf)
+          end
+          chunk
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/credentials_configuration.rb

@@ -76,6 +76,30 @@ locations will be searched for credentials:
 
       option(:instance_profile_credentials_timeout, 1)
 
+      option(:token_provider,
+             required: false,
+             doc_type: 'Aws::TokenProvider',
+             docstring: <<-DOCS
+A Bearer Token Provider. This can be an instance of any one of the
+following classes:
+
+* `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+  tokens.
+
+* `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+  access token generated from `aws login`.
+
+When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+will be used to search for tokens configured for your profile in shared configuration files.
+      DOCS
+      ) do |config|
+        if config.stub_responses
+          StaticTokenProvider.new('token')
+        else
+          TokenProviderChain.new(config).resolve
+        end
+      end
+
     end
   end
 end

data/lib/aws-sdk-core/plugins/defaults_mode.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Aws
+  # @api private
+  module Plugins
+    # @api private
+    class DefaultsMode < Seahorse::Client::Plugin
+
+      option(:defaults_mode,
+             default: 'legacy',
+             doc_type: String,
+             docstring: <<-DOCS
+See {Aws::DefaultsModeConfiguration} for a list of the 
+accepted modes and the configuration defaults that are included.
+      DOCS
+      ) do |cfg|
+        resolve_defaults_mode(cfg)
+      end
+
+      option(:defaults_mode_config_resolver,
+             doc_type: 'Aws::DefaultsModeConfigResolver') do |cfg|
+        Aws::DefaultsModeConfigResolver.new(
+          Aws::DefaultsModeConfiguration::SDK_DEFAULT_CONFIGURATION, cfg)
+      end
+
+      class << self
+        private
+
+        def resolve_defaults_mode(cfg)
+          value = ENV['AWS_DEFAULTS_MODE']
+          value ||= Aws.shared_config.defaults_mode(
+            profile: cfg.profile
+          )
+          value&.downcase || "legacy"
+        end
+      end
+
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/endpoint_discovery.rb

@@ -72,7 +72,11 @@ the background every 60 secs (default). Defaults to `false`.
               context,
               Aws::Util.str_2_bool(discovery_cfg["required"])
             )
-            context.http_request.endpoint = _valid_uri(endpoint.address) if endpoint
+            if endpoint
+              context.http_request.endpoint = _valid_uri(endpoint.address)
+              # Skips dynamic endpoint usage, use this endpoint instead
+              context[:discovered_endpoint] = true
+            end
             if endpoint || context.config.endpoint_discovery
               _apply_endpoint_discovery_user_agent(context)
             end
@@ -100,7 +104,7 @@ the background every 60 secs (default). Defaults to `false`.
         end
 
         def _discover_endpoint(ctx, required)
-          cache = ctx.config.endpoint_cache 
+          cache = ctx.config.endpoint_cache
           key = cache.extract_key(ctx)
 
           if required