aws-sdk-core 3.125.6 → 3.188.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +533 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +4 -4
- data/lib/aws-sdk-core/arn.rb +13 -0
- data/lib/aws-sdk-core/assume_role_credentials.rb +21 -7
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +14 -10
- data/lib/aws-sdk-core/binary/encode_handler.rb +12 -1
- data/lib/aws-sdk-core/client_stubs.rb +5 -1
- data/lib/aws-sdk-core/credential_provider.rb +3 -0
- data/lib/aws-sdk-core/credential_provider_chain.rb +8 -5
- data/lib/aws-sdk-core/ec2_metadata.rb +3 -2
- data/lib/aws-sdk-core/ecs_credentials.rb +186 -52
- data/lib/aws-sdk-core/endpoints/condition.rb +41 -0
- data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
- data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +75 -0
- data/lib/aws-sdk-core/endpoints/error_rule.rb +42 -0
- data/lib/aws-sdk-core/endpoints/function.rb +80 -0
- data/lib/aws-sdk-core/endpoints/matchers.rb +131 -0
- data/lib/aws-sdk-core/endpoints/reference.rb +31 -0
- data/lib/aws-sdk-core/endpoints/rule.rb +25 -0
- data/lib/aws-sdk-core/endpoints/rule_set.rb +52 -0
- data/lib/aws-sdk-core/endpoints/rules_provider.rb +37 -0
- data/lib/aws-sdk-core/endpoints/templater.rb +58 -0
- data/lib/aws-sdk-core/endpoints/tree_rule.rb +45 -0
- data/lib/aws-sdk-core/endpoints/url.rb +60 -0
- data/lib/aws-sdk-core/endpoints.rb +78 -0
- data/lib/aws-sdk-core/errors.rb +14 -1
- data/lib/aws-sdk-core/ini_parser.rb +7 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +124 -31
- data/lib/aws-sdk-core/json/error_handler.rb +20 -1
- data/lib/aws-sdk-core/json/handler.rb +8 -1
- data/lib/aws-sdk-core/json/parser.rb +27 -2
- data/lib/aws-sdk-core/log/formatter.rb +6 -0
- data/lib/aws-sdk-core/pageable_response.rb +81 -32
- data/lib/aws-sdk-core/param_validator.rb +2 -2
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +24 -0
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +6 -2
- data/lib/aws-sdk-core/plugins/http_checksum.rb +8 -1
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +38 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +111 -30
- data/lib/aws-sdk-core/plugins/request_compression.rb +217 -0
- data/lib/aws-sdk-core/plugins/response_paging.rb +1 -1
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +3 -2
- data/lib/aws-sdk-core/plugins/retry_errors.rb +12 -2
- data/lib/aws-sdk-core/plugins/sign.rb +201 -0
- data/lib/aws-sdk-core/plugins/signature_v2.rb +1 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +15 -8
- data/lib/aws-sdk-core/plugins/stub_responses.rb +5 -1
- data/lib/aws-sdk-core/plugins/user_agent.rb +117 -14
- data/lib/aws-sdk-core/process_credentials.rb +9 -11
- data/lib/aws-sdk-core/refreshing_credentials.rb +41 -16
- data/lib/aws-sdk-core/refreshing_token.rb +71 -0
- data/lib/aws-sdk-core/rest/handler.rb +1 -1
- data/lib/aws-sdk-core/rest/request/headers.rb +2 -6
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +43 -29
- data/lib/aws-sdk-core/shared_config.rb +107 -12
- data/lib/aws-sdk-core/sso_credentials.rb +91 -50
- data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
- data/lib/aws-sdk-core/static_token_provider.rb +14 -0
- data/lib/aws-sdk-core/structure.rb +6 -4
- data/lib/aws-sdk-core/stubbing/stub_data.rb +11 -0
- data/lib/aws-sdk-core/token.rb +31 -0
- data/lib/aws-sdk-core/token_provider.rb +15 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
- data/lib/aws-sdk-core/waiters/poller.rb +3 -1
- data/lib/aws-sdk-core/xml/error_handler.rb +7 -0
- data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
- data/lib/aws-sdk-core.rb +14 -0
- data/lib/aws-sdk-sso/client.rb +75 -11
- data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-sso/endpoint_provider.rb +57 -0
- data/lib/aws-sdk-sso/endpoints.rb +72 -0
- data/lib/aws-sdk-sso/plugins/endpoints.rb +76 -0
- data/lib/aws-sdk-sso/types.rb +8 -43
- data/lib/aws-sdk-sso.rb +5 -1
- data/lib/aws-sdk-ssooidc/client.rb +935 -0
- data/lib/aws-sdk-ssooidc/client_api.rb +271 -0
- data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +57 -0
- data/lib/aws-sdk-ssooidc/endpoints.rb +72 -0
- data/lib/aws-sdk-ssooidc/errors.rb +321 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +76 -0
- data/lib/aws-sdk-ssooidc/resource.rb +26 -0
- data/lib/aws-sdk-ssooidc/types.rb +755 -0
- data/lib/aws-sdk-ssooidc.rb +59 -0
- data/lib/aws-sdk-sts/client.rb +330 -262
- data/lib/aws-sdk-sts/client_api.rb +12 -1
- data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
- data/lib/aws-sdk-sts/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-sts/endpoints.rb +136 -0
- data/lib/aws-sdk-sts/plugins/endpoints.rb +84 -0
- data/lib/aws-sdk-sts/presigner.rb +14 -16
- data/lib/aws-sdk-sts/types.rb +135 -204
- data/lib/aws-sdk-sts.rb +5 -1
- data/lib/seahorse/client/async_base.rb +0 -1
- data/lib/seahorse/client/configuration.rb +1 -5
- data/lib/seahorse/client/h2/connection.rb +12 -11
- data/lib/seahorse/client/net_http/patches.rb +1 -4
- data/lib/seahorse/client/plugins/h2.rb +3 -3
- data/lib/seahorse/client/plugins/request_callback.rb +40 -9
- data/lib/seahorse/client/response.rb +6 -0
- data/lib/seahorse/model/operation.rb +6 -0
- data/lib/seahorse/util.rb +4 -0
- metadata +59 -9
@@ -4,6 +4,11 @@ require 'time'
|
|
4
4
|
require 'net/http'
|
5
5
|
|
6
6
|
module Aws
|
7
|
+
# An auto-refreshing credential provider that loads credentials from
|
8
|
+
# EC2 instances.
|
9
|
+
#
|
10
|
+
# instance_credentials = Aws::InstanceProfileCredentials.new
|
11
|
+
# ec2 = Aws::EC2::Client.new(credentials: instance_credentials)
|
7
12
|
class InstanceProfileCredentials
|
8
13
|
include CredentialProvider
|
9
14
|
include RefreshingCredentials
|
@@ -48,6 +53,8 @@ module Aws
|
|
48
53
|
# @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
|
49
54
|
# the instance metadata service. This is either 'IPv4' ('169.254.169.254')
|
50
55
|
# or 'IPv6' ('[fd00:ec2::254]').
|
56
|
+
# @option options [Boolean] :disable_imds_v1 (false) Disable the use of the
|
57
|
+
# legacy EC2 Metadata Service v1.
|
51
58
|
# @option options [String] :ip_address ('169.254.169.254') Deprecated. Use
|
52
59
|
# :endpoint instead. The IP address for the endpoint.
|
53
60
|
# @option options [Integer] :port (80)
|
@@ -63,17 +70,26 @@ module Aws
|
|
63
70
|
# @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
|
64
71
|
# Metadata Token used for fetching Metadata Profile Credentials, defaults
|
65
72
|
# to 21600 seconds
|
73
|
+
# @option options [Callable] before_refresh Proc called before
|
74
|
+
# credentials are refreshed. `before_refresh` is called
|
75
|
+
# with an instance of this object when
|
76
|
+
# AWS credentials are required and need to be refreshed.
|
66
77
|
def initialize(options = {})
|
67
78
|
@retries = options[:retries] || 1
|
68
79
|
endpoint_mode = resolve_endpoint_mode(options)
|
69
80
|
@endpoint = resolve_endpoint(options, endpoint_mode)
|
70
81
|
@port = options[:port] || 80
|
82
|
+
@disable_imds_v1 = resolve_disable_v1(options)
|
83
|
+
# Flag for if v2 flow fails, skip future attempts
|
84
|
+
@imds_v1_fallback = false
|
71
85
|
@http_open_timeout = options[:http_open_timeout] || 1
|
72
86
|
@http_read_timeout = options[:http_read_timeout] || 1
|
73
87
|
@http_debug_output = options[:http_debug_output]
|
74
88
|
@backoff = backoff(options[:backoff])
|
75
89
|
@token_ttl = options[:token_ttl] || 21_600
|
76
90
|
@token = nil
|
91
|
+
@no_refresh_until = nil
|
92
|
+
@async_refresh = false
|
77
93
|
super
|
78
94
|
end
|
79
95
|
|
@@ -112,6 +128,16 @@ module Aws
|
|
112
128
|
end
|
113
129
|
end
|
114
130
|
|
131
|
+
def resolve_disable_v1(options)
|
132
|
+
value = options[:disable_imds_v1]
|
133
|
+
value ||= ENV['AWS_EC2_METADATA_V1_DISABLED']
|
134
|
+
value ||= Aws.shared_config.ec2_metadata_v1_disabled(
|
135
|
+
profile: options[:profile]
|
136
|
+
)
|
137
|
+
value = value.to_s.downcase if value
|
138
|
+
Aws::Util.str_2_bool(value) || false
|
139
|
+
end
|
140
|
+
|
115
141
|
def backoff(backoff)
|
116
142
|
case backoff
|
117
143
|
when Proc then backoff
|
@@ -121,18 +147,47 @@ module Aws
|
|
121
147
|
end
|
122
148
|
|
123
149
|
def refresh
|
150
|
+
if @no_refresh_until && @no_refresh_until > Time.now
|
151
|
+
warn_expired_credentials
|
152
|
+
return
|
153
|
+
end
|
154
|
+
|
124
155
|
# Retry loading credentials up to 3 times is the instance metadata
|
125
156
|
# service is responding but is returning invalid JSON documents
|
126
157
|
# in response to the GET profile credentials call.
|
127
158
|
begin
|
128
|
-
retry_errors([Aws::Json::ParseError
|
159
|
+
retry_errors([Aws::Json::ParseError], max_retries: 3) do
|
129
160
|
c = Aws::Json.load(get_credentials.to_s)
|
130
|
-
@credentials
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
161
|
+
if empty_credentials?(@credentials)
|
162
|
+
@credentials = Credentials.new(
|
163
|
+
c['AccessKeyId'],
|
164
|
+
c['SecretAccessKey'],
|
165
|
+
c['Token']
|
166
|
+
)
|
167
|
+
@expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
|
168
|
+
if @expiration && @expiration < Time.now
|
169
|
+
@no_refresh_until = Time.now + refresh_offset
|
170
|
+
warn_expired_credentials
|
171
|
+
end
|
172
|
+
else
|
173
|
+
# credentials are already set, update them only if the new ones are not empty
|
174
|
+
if !c['AccessKeyId'] || c['AccessKeyId'].empty?
|
175
|
+
# error getting new credentials
|
176
|
+
@no_refresh_until = Time.now + refresh_offset
|
177
|
+
warn_expired_credentials
|
178
|
+
else
|
179
|
+
@credentials = Credentials.new(
|
180
|
+
c['AccessKeyId'],
|
181
|
+
c['SecretAccessKey'],
|
182
|
+
c['Token']
|
183
|
+
)
|
184
|
+
@expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
|
185
|
+
if @expiration && @expiration < Time.now
|
186
|
+
@no_refresh_until = Time.now + refresh_offset
|
187
|
+
warn_expired_credentials
|
188
|
+
end
|
189
|
+
end
|
190
|
+
end
|
136
191
|
end
|
137
192
|
rescue Aws::Json::ParseError
|
138
193
|
raise Aws::Errors::MetadataParserError
|
@@ -150,25 +205,14 @@ module Aws
|
|
150
205
|
open_connection do |conn|
|
151
206
|
# attempt to fetch token to start secure flow first
|
152
207
|
# and rescue to failover
|
153
|
-
|
154
|
-
retry_errors(NETWORK_ERRORS, max_retries: @retries) do
|
155
|
-
unless token_set?
|
156
|
-
token_value, ttl = http_put(
|
157
|
-
conn, METADATA_TOKEN_PATH, @token_ttl
|
158
|
-
)
|
159
|
-
@token = Token.new(token_value, ttl) if token_value && ttl
|
160
|
-
end
|
161
|
-
end
|
162
|
-
rescue *NETWORK_ERRORS
|
163
|
-
# token attempt failed, reset token
|
164
|
-
# fallback to non-token mode
|
165
|
-
@token = nil
|
166
|
-
end
|
167
|
-
|
208
|
+
fetch_token(conn) unless @imds_v1_fallback
|
168
209
|
token = @token.value if token_set?
|
169
|
-
|
170
|
-
|
171
|
-
|
210
|
+
|
211
|
+
# disable insecure flow if we couldn't get token
|
212
|
+
# and imds v1 is disabled
|
213
|
+
raise TokenRetrivalError if token.nil? && @disable_imds_v1
|
214
|
+
|
215
|
+
_get_credentials(conn, token)
|
172
216
|
end
|
173
217
|
end
|
174
218
|
rescue
|
@@ -177,6 +221,36 @@ module Aws
|
|
177
221
|
end
|
178
222
|
end
|
179
223
|
|
224
|
+
def fetch_token(conn)
|
225
|
+
retry_errors(NETWORK_ERRORS, max_retries: @retries) do
|
226
|
+
unless token_set?
|
227
|
+
created_time = Time.now
|
228
|
+
token_value, ttl = http_put(
|
229
|
+
conn, METADATA_TOKEN_PATH, @token_ttl
|
230
|
+
)
|
231
|
+
@token = Token.new(token_value, ttl, created_time) if token_value && ttl
|
232
|
+
end
|
233
|
+
end
|
234
|
+
rescue *NETWORK_ERRORS
|
235
|
+
# token attempt failed, reset token
|
236
|
+
# fallback to non-token mode
|
237
|
+
@token = nil
|
238
|
+
@imds_v1_fallback = true
|
239
|
+
end
|
240
|
+
|
241
|
+
# token is optional - if nil, uses v1 (insecure) flow
|
242
|
+
def _get_credentials(conn, token)
|
243
|
+
metadata = http_get(conn, METADATA_PATH_BASE, token)
|
244
|
+
profile_name = metadata.lines.first.strip
|
245
|
+
http_get(conn, METADATA_PATH_BASE + profile_name, token)
|
246
|
+
rescue TokenExpiredError
|
247
|
+
# Token has expired, reset it
|
248
|
+
# The next retry should fetch it
|
249
|
+
@token = nil
|
250
|
+
@imds_v1_fallback = false
|
251
|
+
raise Non200Response
|
252
|
+
end
|
253
|
+
|
180
254
|
def token_set?
|
181
255
|
@token && !@token.expired?
|
182
256
|
end
|
@@ -200,9 +274,15 @@ module Aws
|
|
200
274
|
headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}" }
|
201
275
|
headers['x-aws-ec2-metadata-token'] = token if token
|
202
276
|
response = connection.request(Net::HTTP::Get.new(path, headers))
|
203
|
-
raise Non200Response unless response.code.to_i == 200
|
204
277
|
|
205
|
-
response.
|
278
|
+
case response.code.to_i
|
279
|
+
when 200
|
280
|
+
response.body
|
281
|
+
when 401
|
282
|
+
raise TokenExpiredError
|
283
|
+
else
|
284
|
+
raise Non200Response
|
285
|
+
end
|
206
286
|
end
|
207
287
|
|
208
288
|
# PUT request fetch token with ttl
|
@@ -220,8 +300,6 @@ module Aws
|
|
220
300
|
]
|
221
301
|
when 400
|
222
302
|
raise TokenRetrivalError
|
223
|
-
when 401
|
224
|
-
raise TokenExpiredError
|
225
303
|
else
|
226
304
|
raise Non200Response
|
227
305
|
end
|
@@ -241,13 +319,28 @@ module Aws
|
|
241
319
|
end
|
242
320
|
end
|
243
321
|
|
322
|
+
def warn_expired_credentials
|
323
|
+
warn("Attempting credential expiration extension due to a credential "\
|
324
|
+
"service availability issue. A refresh of these credentials "\
|
325
|
+
"will be attempted again in 5 minutes.")
|
326
|
+
end
|
327
|
+
|
328
|
+
def empty_credentials?(creds)
|
329
|
+
!creds || !creds.access_key_id || creds.access_key_id.empty?
|
330
|
+
end
|
331
|
+
|
332
|
+
# Compute an offset for refresh with jitter
|
333
|
+
def refresh_offset
|
334
|
+
300 + rand(0..60)
|
335
|
+
end
|
336
|
+
|
244
337
|
# @api private
|
245
338
|
# Token used to fetch IMDS profile and credentials
|
246
339
|
class Token
|
247
|
-
def initialize(value, ttl)
|
340
|
+
def initialize(value, ttl, created_time = Time.now)
|
248
341
|
@ttl = ttl
|
249
342
|
@value = value
|
250
|
-
@created_time =
|
343
|
+
@created_time = created_time
|
251
344
|
end
|
252
345
|
|
253
346
|
# [String] token value
|
@@ -26,7 +26,13 @@ module Aws
|
|
26
26
|
end
|
27
27
|
|
28
28
|
def error_code(json, context)
|
29
|
-
code =
|
29
|
+
code =
|
30
|
+
if aws_query_error?(context)
|
31
|
+
error = context.http_response.headers['x-amzn-query-error'].split(';')[0]
|
32
|
+
remove_prefix(error, context)
|
33
|
+
else
|
34
|
+
json['__type']
|
35
|
+
end
|
30
36
|
code ||= json['code']
|
31
37
|
code ||= context.http_response.headers['x-amzn-errortype']
|
32
38
|
if code
|
@@ -36,6 +42,19 @@ module Aws
|
|
36
42
|
end
|
37
43
|
end
|
38
44
|
|
45
|
+
def aws_query_error?(context)
|
46
|
+
context.config.api.metadata['awsQueryCompatible'] &&
|
47
|
+
context.http_response.headers['x-amzn-query-error']
|
48
|
+
end
|
49
|
+
|
50
|
+
def remove_prefix(error_code, context)
|
51
|
+
if prefix = context.config.api.metadata['errorPrefix']
|
52
|
+
error_code.sub(/^#{prefix}/, '')
|
53
|
+
else
|
54
|
+
error_code
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
39
58
|
def error_message(code, json)
|
40
59
|
if code == 'RequestEntityTooLarge'
|
41
60
|
'Request body must be less than 1 MB'
|
@@ -59,7 +59,10 @@ module Aws
|
|
59
59
|
end
|
60
60
|
resp_struct
|
61
61
|
else
|
62
|
-
Parser.new(
|
62
|
+
Parser.new(
|
63
|
+
rules,
|
64
|
+
query_compatible: query_compatible?(context)
|
65
|
+
).parse(json == '' ? '{}' : json)
|
63
66
|
end
|
64
67
|
else
|
65
68
|
EmptyStructure.new
|
@@ -83,6 +86,10 @@ module Aws
|
|
83
86
|
context.config.simple_json
|
84
87
|
end
|
85
88
|
|
89
|
+
def query_compatible?(context)
|
90
|
+
context.config.api.metadata.key?('awsQueryCompatible')
|
91
|
+
end
|
92
|
+
|
86
93
|
end
|
87
94
|
end
|
88
95
|
end
|
@@ -10,8 +10,9 @@ module Aws
|
|
10
10
|
include Seahorse::Model::Shapes
|
11
11
|
|
12
12
|
# @param [Seahorse::Model::ShapeRef] rules
|
13
|
-
def initialize(rules)
|
13
|
+
def initialize(rules, query_compatible: false)
|
14
14
|
@rules = rules
|
15
|
+
@query_compatible = query_compatible
|
15
16
|
end
|
16
17
|
|
17
18
|
# @param [String<JSON>] json
|
@@ -28,10 +29,26 @@ module Aws
|
|
28
29
|
member_name, member_ref = shape.member_by_location_name(key)
|
29
30
|
if member_ref
|
30
31
|
target[member_name] = parse_ref(member_ref, value)
|
31
|
-
elsif shape.union
|
32
|
+
elsif shape.union && key != '__type'
|
32
33
|
target[:unknown] = { 'name' => key, 'value' => value }
|
33
34
|
end
|
34
35
|
end
|
36
|
+
# In services that were previously Query/XML, members that were
|
37
|
+
# "flattened" defaulted to empty lists. In JSON, these values are nil,
|
38
|
+
# which is backwards incompatible. To preserve backwards compatibility,
|
39
|
+
# we set a default value of [] for these members.
|
40
|
+
if @query_compatible
|
41
|
+
ref.shape.members.each do |member_name, member_target|
|
42
|
+
next unless target[member_name].nil?
|
43
|
+
|
44
|
+
if flattened_list?(member_target.shape)
|
45
|
+
target[member_name] = []
|
46
|
+
elsif flattened_map?(member_target.shape)
|
47
|
+
target[member_name] = {}
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
35
52
|
if shape.union
|
36
53
|
# convert to subclass
|
37
54
|
member_subclass = shape.member_subclass(target.member).new
|
@@ -79,6 +96,14 @@ module Aws
|
|
79
96
|
value.is_a?(Numeric) ? Time.at(value) : Time.parse(value)
|
80
97
|
end
|
81
98
|
|
99
|
+
def flattened_list?(shape)
|
100
|
+
shape.is_a?(ListShape) && shape.flattened
|
101
|
+
end
|
102
|
+
|
103
|
+
def flattened_map?(shape)
|
104
|
+
shape.is_a?(MapShape) && shape.flattened
|
105
|
+
end
|
106
|
+
|
82
107
|
end
|
83
108
|
end
|
84
109
|
end
|
@@ -26,6 +26,8 @@ module Aws
|
|
26
26
|
#
|
27
27
|
# You can put any of these placeholders into you pattern.
|
28
28
|
#
|
29
|
+
# * `:region` - The region configured for the client.
|
30
|
+
#
|
29
31
|
# * `:client_class` - The name of the client class.
|
30
32
|
#
|
31
33
|
# * `:operation` - The name of the client request method.
|
@@ -116,6 +118,10 @@ module Aws
|
|
116
118
|
|
117
119
|
private
|
118
120
|
|
121
|
+
def _region(response)
|
122
|
+
response.context.config.region
|
123
|
+
end
|
124
|
+
|
119
125
|
def _client_class(response)
|
120
126
|
response.context.client.class.name
|
121
127
|
end
|
@@ -48,11 +48,11 @@ module Aws
|
|
48
48
|
#
|
49
49
|
module PageableResponse
|
50
50
|
|
51
|
-
def self.
|
52
|
-
base.extend
|
53
|
-
base.
|
54
|
-
base.instance_variable_set(
|
55
|
-
base
|
51
|
+
def self.apply(base)
|
52
|
+
base.extend Extension
|
53
|
+
base.instance_variable_set(:@last_page, nil)
|
54
|
+
base.instance_variable_set(:@more_results, nil)
|
55
|
+
base
|
56
56
|
end
|
57
57
|
|
58
58
|
# @return [Paging::Pager]
|
@@ -62,39 +62,26 @@ module Aws
|
|
62
62
|
# when this method returns `false` will raise an error.
|
63
63
|
# @return [Boolean]
|
64
64
|
def last_page?
|
65
|
-
|
66
|
-
@last_page = !@pager.truncated?(self)
|
67
|
-
end
|
68
|
-
@last_page
|
65
|
+
# Actual implementation is in PageableResponse::Extension
|
69
66
|
end
|
70
67
|
|
71
68
|
# Returns `true` if there are more results. Calling {#next_page} will
|
72
69
|
# return the next response.
|
73
70
|
# @return [Boolean]
|
74
71
|
def next_page?
|
75
|
-
|
72
|
+
# Actual implementation is in PageableResponse::Extension
|
76
73
|
end
|
77
74
|
|
78
75
|
# @return [Seahorse::Client::Response]
|
79
76
|
def next_page(params = {})
|
80
|
-
|
81
|
-
raise LastPageError.new(self)
|
82
|
-
else
|
83
|
-
next_response(params)
|
84
|
-
end
|
77
|
+
# Actual implementation is in PageableResponse::Extension
|
85
78
|
end
|
86
79
|
|
87
80
|
# Yields the current and each following response to the given block.
|
88
81
|
# @yieldparam [Response] response
|
89
82
|
# @return [Enumerable,nil] Returns a new Enumerable if no block is given.
|
90
83
|
def each(&block)
|
91
|
-
|
92
|
-
response = self
|
93
|
-
yield(response)
|
94
|
-
until response.last_page?
|
95
|
-
response = response.next_page
|
96
|
-
yield(response)
|
97
|
-
end
|
84
|
+
# Actual implementation is in PageableResponse::Extension
|
98
85
|
end
|
99
86
|
alias each_page each
|
100
87
|
|
@@ -105,9 +92,7 @@ module Aws
|
|
105
92
|
# @return [Seahorse::Client::Response] Returns the next page of
|
106
93
|
# results.
|
107
94
|
def next_response(params)
|
108
|
-
|
109
|
-
request = context.client.build_request(context.operation_name, params)
|
110
|
-
request.send_request
|
95
|
+
# Actual implementation is in PageableResponse::Extension
|
111
96
|
end
|
112
97
|
|
113
98
|
# @param [Hash] params A hash of additional request params to
|
@@ -115,13 +100,7 @@ module Aws
|
|
115
100
|
# @return [Hash] Returns the hash of request parameters for the
|
116
101
|
# next page, merging any given params.
|
117
102
|
def next_page_params(params)
|
118
|
-
#
|
119
|
-
# Sometimes a token can be nil and merge would not include it.
|
120
|
-
tokens = @pager.tokens.values.map(&:to_sym)
|
121
|
-
|
122
|
-
params_without_tokens = context[:original_params].reject { |k, _v| tokens.include?(k) }
|
123
|
-
params_without_tokens.merge!(@pager.next_tokens(self).merge(params))
|
124
|
-
params_without_tokens
|
103
|
+
# Actual implementation is in PageableResponse::Extension
|
125
104
|
end
|
126
105
|
|
127
106
|
# Raised when calling {PageableResponse#next_page} on a pager that
|
@@ -167,6 +146,76 @@ module Aws
|
|
167
146
|
data.to_h
|
168
147
|
end
|
169
148
|
|
149
|
+
def as_json(_options = {})
|
150
|
+
data.to_h(data, as_json: true)
|
151
|
+
end
|
152
|
+
|
153
|
+
def to_json(options = {})
|
154
|
+
as_json.to_json(options)
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
# The actual decorator module implementation. It is in a distinct module
|
159
|
+
# so that it can be used to extend objects without busting Ruby's constant cache.
|
160
|
+
# object.extend(mod) bust the constant cache only if `mod` contains constants of its own.
|
161
|
+
# @api private
|
162
|
+
module Extension
|
163
|
+
|
164
|
+
include Enumerable
|
165
|
+
include UnsafeEnumerableMethods
|
166
|
+
|
167
|
+
attr_accessor :pager
|
168
|
+
|
169
|
+
def last_page?
|
170
|
+
if @last_page.nil?
|
171
|
+
@last_page = !@pager.truncated?(self)
|
172
|
+
end
|
173
|
+
@last_page
|
174
|
+
end
|
175
|
+
|
176
|
+
def next_page?
|
177
|
+
!last_page?
|
178
|
+
end
|
179
|
+
|
180
|
+
def next_page(params = {})
|
181
|
+
if last_page?
|
182
|
+
raise LastPageError.new(self)
|
183
|
+
else
|
184
|
+
next_response(params)
|
185
|
+
end
|
186
|
+
end
|
187
|
+
|
188
|
+
def each(&block)
|
189
|
+
return enum_for(:each_page) unless block_given?
|
190
|
+
response = self
|
191
|
+
yield(response)
|
192
|
+
until response.last_page?
|
193
|
+
response = response.next_page
|
194
|
+
yield(response)
|
195
|
+
end
|
196
|
+
end
|
197
|
+
alias each_page each
|
198
|
+
|
199
|
+
private
|
200
|
+
|
201
|
+
def next_response(params)
|
202
|
+
params = next_page_params(params)
|
203
|
+
request = context.client.build_request(context.operation_name, params)
|
204
|
+
Aws::Plugins::UserAgent.feature('paginator') do
|
205
|
+
request.send_request
|
206
|
+
end
|
207
|
+
end
|
208
|
+
|
209
|
+
def next_page_params(params)
|
210
|
+
# Remove all previous tokens from original params
|
211
|
+
# Sometimes a token can be nil and merge would not include it.
|
212
|
+
tokens = @pager.tokens.values.map(&:to_sym)
|
213
|
+
|
214
|
+
params_without_tokens = context[:original_params].reject { |k, _v| tokens.include?(k) }
|
215
|
+
params_without_tokens.merge!(@pager.next_tokens(self).merge(params))
|
216
|
+
params_without_tokens
|
217
|
+
end
|
218
|
+
|
170
219
|
end
|
171
220
|
end
|
172
221
|
end
|
@@ -6,7 +6,7 @@ module Aws
|
|
6
6
|
|
7
7
|
include Seahorse::Model::Shapes
|
8
8
|
|
9
|
-
EXPECTED_GOT =
|
9
|
+
EXPECTED_GOT = 'expected %s to be %s, got class %s instead.'
|
10
10
|
|
11
11
|
# @param [Seahorse::Model::Shapes::ShapeRef] rules
|
12
12
|
# @param [Hash] params
|
@@ -230,7 +230,7 @@ module Aws
|
|
230
230
|
end
|
231
231
|
|
232
232
|
def expected_got(context, expected, got)
|
233
|
-
EXPECTED_GOT % [context, expected, got.
|
233
|
+
EXPECTED_GOT % [context, expected, got.class.name]
|
234
234
|
end
|
235
235
|
|
236
236
|
end
|
@@ -0,0 +1,67 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
# @api private
|
5
|
+
module Plugins
|
6
|
+
# @api private
|
7
|
+
class BearerAuthorization < Seahorse::Client::Plugin
|
8
|
+
|
9
|
+
option(:token_provider,
|
10
|
+
required: false,
|
11
|
+
doc_type: 'Aws::TokenProvider',
|
12
|
+
docstring: <<-DOCS
|
13
|
+
A Bearer Token Provider. This can be an instance of any one of the
|
14
|
+
following classes:
|
15
|
+
|
16
|
+
* `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
|
17
|
+
tokens.
|
18
|
+
|
19
|
+
* `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
|
20
|
+
access token generated from `aws login`.
|
21
|
+
|
22
|
+
When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
|
23
|
+
will be used to search for tokens configured for your profile in shared configuration files.
|
24
|
+
DOCS
|
25
|
+
) do |config|
|
26
|
+
if config.stub_responses
|
27
|
+
StaticTokenProvider.new('token')
|
28
|
+
else
|
29
|
+
TokenProviderChain.new(config).resolve
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
|
34
|
+
def add_handlers(handlers, cfg)
|
35
|
+
bearer_operations =
|
36
|
+
if cfg.api.metadata['signatureVersion'] == 'bearer'
|
37
|
+
# select operations where authtype is either not set or is bearer
|
38
|
+
cfg.api.operation_names.select do |o|
|
39
|
+
!cfg.api.operation(o)['authtype'] || cfg.api.operation(o)['authtype'] == 'bearer'
|
40
|
+
end
|
41
|
+
else # service is not bearer auth
|
42
|
+
# select only operations where authtype is explicitly bearer
|
43
|
+
cfg.api.operation_names.select do |o|
|
44
|
+
cfg.api.operation(o)['authtype'] == 'bearer'
|
45
|
+
end
|
46
|
+
end
|
47
|
+
handlers.add(Handler, step: :sign, operations: bearer_operations)
|
48
|
+
end
|
49
|
+
|
50
|
+
class Handler < Seahorse::Client::Handler
|
51
|
+
def call(context)
|
52
|
+
if context.http_request.endpoint.scheme != 'https'
|
53
|
+
raise ArgumentError, 'Unable to use bearer authorization on non https endpoint.'
|
54
|
+
end
|
55
|
+
|
56
|
+
token_provider = context.config.token_provider
|
57
|
+
if token_provider && token_provider.set?
|
58
|
+
context.http_request.headers['Authorization'] = "Bearer #{token_provider.token.token}"
|
59
|
+
else
|
60
|
+
raise Errors::MissingBearerTokenError
|
61
|
+
end
|
62
|
+
@handler.call(context)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|