aws-sdk-core 3.129.0 → 3.130.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ed3d2d582fb74767dc5f0d2211e65c95f0c6513ea3b251ac91fe9e4911ca10cb
-  data.tar.gz: c8b4261e45c2ec02e5c38ccc3f37cf7cce3de1ad47f5fe6a31b8e6cfe773d5f4
+  metadata.gz: dffefda7cd68861a99856de10c4774c57ffcdb1c3f22d16eacb0a2096a5e5c32
+  data.tar.gz: 60628acc0b4bb23629da2de4b5f821c91037e2e7c0b56b63dbdc4e7b771f2167
 SHA512:
-  metadata.gz: da350fda9592e059be2b4fd2d355e580f8e2cfa7c638bdf2524564073441b96543d0e00444a69209e6950a902ba98828aceee1740ccbb7a58d755638883fdc27
-  data.tar.gz: 4ec8d06a538e401bd9864564daa04cbad71c546872fe98b4b43c5796f69f00fa492f5be203f456e5db13231b7dfe3a2df26661cafc0a0d787c545cfcfccc7792
+  metadata.gz: 6b16327c66f2fb83c9dceeec13cb5d0f9cbb519b5f999c27aa3e9f0ee0824a0545bc8b5bcc48823242fadf07b03c83fc196207a1806c7f162736bd1073af37db
+  data.tar.gz: 0540f8d1095132e67d9d00841b2c6c594870e5addf3de30a228a0e091bcb83280aef8270a2fe3af31815ea3c354abeebe637fa4aa2d27917e51d201a9c397f2b

data/CHANGELOG.md

@@ -1,6 +1,23 @@
 Unreleased Changes
 ------------------
 
+3.130.1 (2022-04-12)
+------------------
+
+* Issue - Don't call `refresh!` on non-refreshable `Credentials` when retrying errors (#2685).
+
+3.130.0 (2022-03-11)
+------------------
+
+* Feature - Asynchronously refresh AWS credentials (#2641).
+
+* Issue - Add x-amz-region-set to list of headers deleted for re-sign.
+
+3.129.1 (2022-03-10)
+------------------
+
+* Issue - Make stubs thread safe by creating new responses for each operation call (#2675).
+
 3.129.0 (2022-03-08)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.129.0
+3.130.1

data/lib/aws-sdk-core/assume_role_credentials.rb

@@ -54,6 +54,7 @@ module Aws
         end
       end
       @client = client_opts[:client] || STS::Client.new(client_opts)
+      @async_refresh = true
       super
     end
 

data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb

@@ -17,7 +17,7 @@ module Aws
   #       ...
   #     )
   #     For full list of parameters accepted
-  #     @see Aws::STS::Client#assume_role_with_web_identity 
+  #     @see Aws::STS::Client#assume_role_with_web_identity
   #
   #
   # If you omit `:client` option, a new {STS::Client} object will be
@@ -48,6 +48,7 @@ module Aws
       client_opts = {}
       @assume_role_web_identity_params = {}
       @token_file = options.delete(:web_identity_token_file)
+      @async_refresh = true
       options.each_pair do |key, value|
         if self.class.assume_role_web_identity_options.include?(key)
           @assume_role_web_identity_params[key] = value

data/lib/aws-sdk-core/client_stubs.rb

@@ -262,13 +262,17 @@ module Aws
     end
 
     def convert_stub(operation_name, stub)
-      case stub
+      stub = case stub
       when Proc then stub
       when Exception, Class then { error: stub }
       when String then service_error_stub(stub)
       when Hash then http_response_stub(operation_name, stub)
       else { data: stub }
       end
+      if Hash === stub
+        stub[:mutex] = Mutex.new
+      end
+      stub
     end
 
     def service_error_stub(error_code)

data/lib/aws-sdk-core/ecs_credentials.rb

@@ -62,6 +62,7 @@ module Aws
       @http_read_timeout = options[:http_read_timeout] || 5
       @http_debug_output = options[:http_debug_output]
       @backoff = backoff(options[:backoff])
+      @async_refresh = false
       super
     end
 

data/lib/aws-sdk-core/instance_profile_credentials.rb

@@ -79,6 +79,7 @@ module Aws
       @token_ttl = options[:token_ttl] || 21_600
       @token = nil
       @no_refresh_until = nil
+      @async_refresh = false
       super
     end
 

data/lib/aws-sdk-core/plugins/retry_errors.rb

@@ -313,12 +313,17 @@ a clock skew correction and retry requests with skewed client clocks.
 
         def retry_request(context, error)
           context.retries += 1
-          context.config.credentials.refresh! if error.expired_credentials?
+          context.config.credentials.refresh! if refresh_credentials?(context, error)
           context.http_request.body.rewind
           context.http_response.reset
           call(context)
         end
 
+        def refresh_credentials?(context, error)
+          error.expired_credentials? &&
+            context.config.credentials.respond_to?(:refresh!)
+        end
+
         def add_retry_headers(context)
           request_pairs = {
             'attempt' => context.retries,
@@ -383,7 +388,7 @@ a clock skew correction and retry requests with skewed client clocks.
         def retry_request(context, error)
           delay_retry(context)
           context.retries += 1
-          context.config.credentials.refresh! if error.expired_credentials?
+          context.config.credentials.refresh! if refresh_credentials?(context, error)
           context.http_request.body.rewind
           context.http_response.reset
           call(context)
@@ -399,6 +404,11 @@ a clock skew correction and retry requests with skewed client clocks.
             response_truncatable?(context)
         end
 
+        def refresh_credentials?(context, error)
+          error.expired_credentials? &&
+            context.config.credentials.respond_to?(:refresh!)
+        end
+
         def retry_limit(context)
           context.config.retry_limit
         end

data/lib/aws-sdk-core/plugins/signature_v4.rb

@@ -98,6 +98,7 @@ module Aws
           req.headers.delete('Authorization')
           req.headers.delete('X-Amz-Security-Token')
           req.headers.delete('X-Amz-Date')
+          req.headers.delete('x-Amz-Region-Set')
 
           if context.config.respond_to?(:clock_skew) &&
              context.config.clock_skew &&

data/lib/aws-sdk-core/plugins/stub_responses.rb

@@ -51,7 +51,11 @@ requests are made, and retries are disabled.
           stub = context.client.next_stub(context)
           resp = Seahorse::Client::Response.new(context: context)
           async_mode = context.client.is_a? Seahorse::Client::AsyncBase
-          apply_stub(stub, resp, async_mode)
+          if Hash === stub && stub[:mutex]
+            stub[:mutex].synchronize { apply_stub(stub, resp, async_mode) }
+          else
+            apply_stub(stub, resp, async_mode)
+          end
 
           async_mode ? Seahorse::Client::AsyncResponse.new(
             context: context, stream: context[:input_event_stream_handler].event_emitter.stream, sync_queue: Queue.new) : resp

data/lib/aws-sdk-core/process_credentials.rb

@@ -27,6 +27,7 @@ module Aws
     def initialize(process)
       @process = process
       @credentials = credentials_from_process(@process)
+      @async_refresh = false
 
       super
     end
@@ -73,9 +74,9 @@ module Aws
       @credentials = credentials_from_process(@process)
     end
 
-    def near_expiration?
+    def near_expiration?(expiration_length)
       # are we within 5 minutes of expiration?
-      @expiration && (Time.now.to_i + 5 * 60) > @expiration.to_i
+      @expiration && (Time.now.to_i + expiration_length) > @expiration.to_i
     end
   end
 end

data/lib/aws-sdk-core/refreshing_credentials.rb

@@ -17,6 +17,9 @@ module Aws
   # @api private
   module RefreshingCredentials
 
+    SYNC_EXPIRATION_LENGTH = 300 # 5 minutes
+    ASYNC_EXPIRATION_LENGTH = 600 # 10 minutes
+
     def initialize(options = {})
       @mutex = Mutex.new
       @before_refresh = options.delete(:before_refresh) if Hash === options
@@ -27,13 +30,13 @@ module Aws
 
     # @return [Credentials]
     def credentials
-      refresh_if_near_expiration
+      refresh_if_near_expiration!
       @credentials
     end
 
     # @return [Time,nil]
     def expiration
-      refresh_if_near_expiration
+      refresh_if_near_expiration!
       @expiration
     end
 
@@ -49,24 +52,39 @@ module Aws
 
     private
 
-    # Refreshes instance metadata credentials if they are within
-    # 5 minutes of expiration.
-    def refresh_if_near_expiration
-      if near_expiration?
+    # Refreshes credentials asynchronously and synchronously.
+    # If we are near to expiration, block while getting new credentials.
+    # Otherwise, if we're approaching expiration, use the existing credentials
+    # but attempt a refresh in the background.
+    def refresh_if_near_expiration!
+      # Note: This check is an optimization. Rather than acquire the mutex on every #refresh_if_near_expiration
+      # call, we check before doing so, and then we check within the mutex to avoid a race condition.
+      # See issue: https://github.com/aws/aws-sdk-ruby/issues/2641 for more info.
+      if near_expiration?(SYNC_EXPIRATION_LENGTH)
         @mutex.synchronize do
-          if near_expiration?
+          if near_expiration?(SYNC_EXPIRATION_LENGTH)
             @before_refresh.call(self) if @before_refresh
-
             refresh
           end
         end
+      elsif @async_refresh && near_expiration?(ASYNC_EXPIRATION_LENGTH)
+        unless @mutex.locked?
+          Thread.new do
+            @mutex.synchronize do
+              if near_expiration?(ASYNC_EXPIRATION_LENGTH)
+                @before_refresh.call(self) if @before_refresh
+                refresh
+              end
+            end
+          end
+        end
       end
     end
 
-    def near_expiration?
+    def near_expiration?(expiration_length)
       if @expiration
-        # are we within 5 minutes of expiration?
-        (Time.now.to_i + 5 * 60) > @expiration.to_i
+        # Are we within expiration?
+        (Time.now.to_i + expiration_length) > @expiration.to_i
       else
         true
       end

data/lib/aws-sdk-core/sso_credentials.rb

@@ -86,6 +86,7 @@ module Aws
       options[:region] = @sso_region
       options[:credentials] = nil
       @client = options[:client] || Aws::SSO::Client.new(options)
+      @async_refresh = true
       super
     end
 

data/lib/aws-sdk-sso/client.rb

@@ -545,7 +545,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.129.0'
+      context[:gem_version] = '3.130.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso.rb

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
 
-  GEM_VERSION = '3.129.0'
+  GEM_VERSION = '3.130.1'
 
 end

data/lib/aws-sdk-sts/client.rb

@@ -2290,7 +2290,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.129.0'
+      context[:gem_version] = '3.130.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts.rb

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @!group service
 module Aws::STS
 
-  GEM_VERSION = '3.129.0'
+  GEM_VERSION = '3.130.1'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.129.0
+  version: 3.130.1
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-03-08 00:00:00.000000000 Z
+date: 2022-04-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath