aws-sdk-core 3.130.1 → 3.178.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dffefda7cd68861a99856de10c4774c57ffcdb1c3f22d16eacb0a2096a5e5c32
-  data.tar.gz: 60628acc0b4bb23629da2de4b5f821c91037e2e7c0b56b63dbdc4e7b771f2167
+  metadata.gz: 9b0103607b2d6036806605dea30ea78169454607d046e0d492141f78503f5bd0
+  data.tar.gz: 8886536501b3cf7aee0d37dc2b4cdefd24d8c7ecdbcae9dca1f03734e94296ed
 SHA512:
-  metadata.gz: 6b16327c66f2fb83c9dceeec13cb5d0f9cbb519b5f999c27aa3e9f0ee0824a0545bc8b5bcc48823242fadf07b03c83fc196207a1806c7f162736bd1073af37db
-  data.tar.gz: 0540f8d1095132e67d9d00841b2c6c594870e5addf3de30a228a0e091bcb83280aef8270a2fe3af31815ea3c354abeebe637fa4aa2d27917e51d201a9c397f2b
+  metadata.gz: 90e1f00ccb15c3e7777ab4cf3df3977dc0a99b0ca243482bab2953ec602dc18bcdb2a4fa69616a535ba68080821509721b5512fe2f4f05717d0f1aeb38c927ff
+  data.tar.gz: 305ea810a3456b951112fd30e749f8c2feca93c0975efa241fc202131b9e597c396ffcf956551dc27cd7a07d85d2b50b2fd8440047903583523f0211e3d4f60e

data/CHANGELOG.md

@@ -1,6 +1,382 @@
 Unreleased Changes
 ------------------
 
+3.178.0 (2023-07-11)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Add support for configuring the endpoint URL in the shared configuration file or via an environment variable for a specific AWS service or all AWS services.
+
+3.177.0 (2023-07-06)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Add support for Request Compression.
+
+3.176.1 (2023-06-29)
+------------------
+
+* Issue - Fix signing for S3/S3 Control and `aws-crt` gem for certain object keys (#2849).
+
+* Issue - Ensure `SSOCredentials` `#expiration` is a `Time` (#2874)
+
+3.176.0 (2023-06-28)
+------------------
+
+* Feature - Add :expiration accessor to `CredentialProvider` and do not refresh credentials when checking expiration (#2872).
+
+3.175.0 (2023-06-15)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.174.0 (2023-05-31)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Improve User-Agent metrics tracking.
+
+3.173.1 (2023-05-24)
+------------------
+
+* Issue - Updated `checksum_algorithm` plugin to use IO.copy_stream for JRuby.
+
+3.173.0 (2023-05-18)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.172.0 (2023-05-08)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Add :region option to `Aws::Log::Formatter`.
+
+3.171.1 (2023-05-04)
+------------------
+
+* Issue - Fix error code parsing in AWS query compatible JSON services.
+
+3.171.0 (2023-03-22)
+------------------
+
+* Feature - Add support for `AWS_CONTAINER_CREDENTIALS_FULL_URI` and `AWS_CONTAINER_AUTHORIZATION_TOKEN` environment variables to `ECSCredentials`.
+
+3.170.1 (2023-03-17)
+------------------
+
+* Issue - Reduce memory usage in H2::Connection when `http_wire_log` is not set.
+
+3.170.0 (2023-01-25)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.169.0 (2023-01-18)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Issue - Replace runtime endpoint resolution approach with generated ruby code for STS, SSO, and SSOOIDC.
+
+3.168.4 (2022-12-08)
+------------------
+
+* Issue - Fix Sign to not sign Sigv2 requests to S3.
+
+3.168.3 (2022-12-02)
+------------------
+
+* Issue - Retry S3's `BadDigest` error
+
+3.168.2 (2022-11-29)
+------------------
+
+* Issue - Allow region resolution in `AssumeRoleCredentials` from `CredentialProviderChain`.
+
+3.168.1 (2022-11-18)
+------------------
+
+* Issue - Fix initialization of SSOTokenProvider when `AWS_PROFILE` is specified.
+
+3.168.0 (2022-11-17)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.167.0 (2022-11-09)
+------------------
+
+* Issue - Ensure the stream_thread is not killed before H2 connection status is updated (#2779).
+
+* Feature - Add token refresh support to `SSOCredentialProvider`.
+
+3.166.0 (2022-10-26)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.165.1 (2022-10-25)
+------------------
+
+* Issue - Require the SignatureV4 plugin to fix compatability with older `aws-sdk-s3` versions (#2774).
+
+3.165.0 (2022-10-25)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Add support for service gems to dynamically determine their own endpoints via modeling. Service gems now generate a plugin called "Endpoints" that defines configuration for EndpointProvider, a new public type, and any client config related to endpoints. Endpoint providers will resolve values using another new public type, Endpoint Parameters, generated for each service. The plugin will use the endpoint provider to resolve an endpoint and then apply it to the request prior to serialization. Endpoint providers can be composed to change endpoint resolution logic, i.e. for testing. In addition to endpoints, the endpoint provider may also override the authentication scheme (auth scheme) which details how the request should be signed for the endpoint. A new "Sign" plugin in core replaces the SignatureV4 plugin that will generically sign any type of auth scheme that a service might have.
+
+3.164.0 (2022-10-21)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+3.163.0 (2022-10-20)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+3.162.0 (2022-10-19)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+3.161.0 (2022-10-18)
+------------------
+
+* Feature - Support AwsQueryCompatible trait to read error code from x-amzn-query-error header.
+
+3.160.0 (2022-10-13)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.159.0 (2022-10-07)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.158.1 (2022-10-06)
+------------------
+
+* Issue - Ensure that the ReadCallbackIO is always unwrapped (#2761).
+
+3.158.0 (2022-09-30)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.157.0 (2022-09-29)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.156.0 (2022-09-27)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.155.0 (2022-09-26)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.154.0 (2022-09-23)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.153.0 (2022-09-22)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.152.0 (2022-09-21)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.151.0 (2022-09-20)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.150.0 (2022-09-19)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.149.0 (2022-09-16)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.148.0 (2022-09-15)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.147.0 (2022-09-14)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.146.0 (2022-09-13)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.145.0 (2022-09-12)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.144.0 (2022-09-09)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.143.0 (2022-09-08)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.142.0 (2022-09-07)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.141.0 (2022-09-06)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.140.0 (2022-09-02)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.139.0 (2022-09-01)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.138.0 (2022-08-31)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.137.0 (2022-08-30)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Issue - Fix errors in recursion detection when `_X_AMZN_TRACE_ID` is unset (#2748).
+
+3.136.0 (2022-08-25)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+3.135.0 (2022-08-24)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.134.0 (2022-08-23)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Add support for Bearer Token Authentication and TokenProviders.
+
+* Issue - Validate that `_X_AMZN_TRACE_ID` ENV value contains only valid, non-control characters.
+
+3.133.0 (2022-08-22)
+------------------
+
+* Feature - Moved functionality from `aws-sdk-ssooidc` into core.
+
+3.132.0 (2022-08-08)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.131.6 (2022-08-03)
+------------------
+
+* Issue - Fix typo in `RecursionDetection`, change amz to amzn in header and env name.
+
+3.131.5 (2022-07-28)
+------------------
+
+* Issue - Fix `to_json` usage in nested hashes by defining `as_json` (#2733).
+
+3.131.4 (2022-07-27)
+------------------
+
+* Issue - Fix `to_json` usage on pageable responses when using Rails (#2733).
+* Issue - Use `expand_path` on credential/config paths in SharedConfig (#2735).
+
+3.131.3 (2022-07-18)
+------------------
+
+* Issue - Add support for serializing shapes on the body with `jsonvalue` members.
+
+3.131.2 (2022-06-20)
+------------------
+
+* Issue - Populate context :request_id for XML error responses.
+
+3.131.1 (2022-05-20)
+------------------
+
+* Issue - Bump the minimum version of `jmespath` dependency.
+
+3.131.0 (2022-05-16)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.130.2 (2022-04-22)
+------------------
+
+* Issue - Don't pass `:before_refresh` to Client constructors in RefreshingCredential implementations (#2690).
+
 3.130.1 (2022-04-12)
 ------------------
 
@@ -45,7 +421,7 @@ Unreleased Changes
 3.126.2 (2022-02-16)
 ------------------
 
-* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529). 
+* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
 * Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist.
 
 3.126.1 (2022-02-14)

data/VERSION

@@ -1 +1 @@
-3.130.1
+3.178.0

data/lib/aws-defaults/default_configuration.rb

@@ -20,7 +20,7 @@ module Aws
   #  * Globally via the "AWS_DEFAULTS_MODE" environment variable.
   #
   #
-  # @code_generation START - documentation
+  # #defaults START - documentation
   # The following `:default_mode` values are supported:
   #
   # * `'standard'` -
@@ -105,10 +105,10 @@ module Aws
   # [2]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-retry_mode.html
   # [3]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-sts_regional_endpoints.html
   #
-  # @code_generation END - documentation
+  # #defaults END - documentation
   module DefaultsModeConfiguration
     # @api private
-    # @code_generation START - configuration
+    # #defaults START - configuration
     SDK_DEFAULT_CONFIGURATION = 
     {
       "version" => 1,
@@ -148,6 +148,6 @@ module Aws
         }
       }
     }
-    # @code_generation END - configuration
+    # #defaults END - configuration
   end
 end

data/lib/aws-sdk-core/arn.rb

@@ -88,5 +88,18 @@ module Aws
         resource: @resource
       }
     end
+
+    # Return the ARN as JSON
+    #
+    # @return [Hash]
+    def as_json(_options = nil)
+      {
+        'partition' => @partition,
+        'service' => @service,
+        'region' => @region,
+        'accountId' => @account_id,
+        'resource' => @resource
+      }
+    end
   end
 end

data/lib/aws-sdk-core/assume_role_credentials.rb

@@ -3,25 +3,20 @@
 require 'set'
 
 module Aws
-
-  # An auto-refreshing credential provider that works by assuming
-  # a role via {Aws::STS::Client#assume_role}.
+  # An auto-refreshing credential provider that assumes a role via
+  # {Aws::STS::Client#assume_role}.
   #
   #     role_credentials = Aws::AssumeRoleCredentials.new(
   #       client: Aws::STS::Client.new(...),
   #       role_arn: "linked::account::arn",
   #       role_session_name: "session-name"
   #     )
-  #
   #     ec2 = Aws::EC2::Client.new(credentials: role_credentials)
   #
-  # If you omit `:client` option, a new {STS::Client} object will be
-  # constructed.
+  # If you omit `:client` option, a new {Aws::STS::Client} object will be
+  # constructed with additional options that were provided.
   #
-  # The AssumeRoleCredentials also provides a `before_refresh` callback
-  # that can be used to help manage refreshing tokens.
-  # `before_refresh` is called when AWS credentials are required and need
-  # to be refreshed and it is called with the AssumeRoleCredentials object.
+  # @see Aws::STS::Client#assume_role
   class AssumeRoleCredentials
 
     include CredentialProvider
@@ -49,7 +44,7 @@ module Aws
       options.each_pair do |key, value|
         if self.class.assume_role_options.include?(key)
           @assume_role_params[key] = value
-        else
+        elsif !CLIENT_EXCLUDE_OPTIONS.include?(key)
           client_opts[key] = value
         end
       end

data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb

@@ -5,9 +5,8 @@ require 'securerandom'
 require 'base64'
 
 module Aws
-
-  # An auto-refreshing credential provider that works by assuming
-  # a role via {Aws::STS::Client#assume_role_with_web_identity}.
+  # An auto-refreshing credential provider that assumes a role via
+  # {Aws::STS::Client#assume_role_with_web_identity}.
   #
   #     role_credentials = Aws::AssumeRoleWebIdentityCredentials.new(
   #       client: Aws::STS::Client.new(...),
@@ -16,12 +15,12 @@ module Aws
   #       role_session_name: "session-name"
   #       ...
   #     )
-  #     For full list of parameters accepted
-  #     @see Aws::STS::Client#assume_role_with_web_identity
+  #     ec2 = Aws::EC2::Client.new(credentials: role_credentials)
   #
+  # If you omit `:client` option, a new {Aws::STS::Client} object will be
+  # constructed with additional options that were provided.
   #
-  # If you omit `:client` option, a new {STS::Client} object will be
-  # constructed.
+  # @see Aws::STS::Client#assume_role_with_web_identity
   class AssumeRoleWebIdentityCredentials
 
     include CredentialProvider
@@ -52,7 +51,7 @@ module Aws
       options.each_pair do |key, value|
         if self.class.assume_role_web_identity_options.include?(key)
           @assume_role_web_identity_params[key] = value
-        else
+        elsif !CLIENT_EXCLUDE_OPTIONS.include?(key)
           client_opts[key] = value
         end
       end
@@ -100,11 +99,10 @@ module Aws
       # @api private
       def assume_role_web_identity_options
         @arwio ||= begin
-          input = STS::Client.api.operation(:assume_role_with_web_identity).input
+          input = Aws::STS::Client.api.operation(:assume_role_with_web_identity).input
           Set.new(input.shape.member_names)
         end
       end
-
     end
   end
 end

data/lib/aws-sdk-core/binary/encode_handler.rb

@@ -13,7 +13,7 @@ module Aws
             context.config.api.metadata['protocol'],
             eventstream_member,
             context.operation.input,
-            context.config.sigv4_signer
+            signer_for(context)
           )
           context[:input_event_emitter] = input_es_handler.event_emitter
         end
@@ -22,6 +22,17 @@ module Aws
 
       private
 
+      def signer_for(context)
+        # New endpoint/signing logic, use the auth scheme to make a signer
+        if context[:auth_scheme]
+          Aws::Plugins::Sign.signer_for(context[:auth_scheme], context.config)
+        else
+          # Previous implementation always assumed sigv4_signer from config.
+          # Relies only on sigv4 signing (and plugin) for event stream services
+          context.config.sigv4_signer
+        end
+      end
+
       def eventstream_input?(ctx)
         ctx.operation.input.shape.members.each do |_, ref|
           return ref if ref.eventstream

data/lib/aws-sdk-core/credential_provider.rb

@@ -6,6 +6,9 @@ module Aws
     # @return [Credentials]
     attr_reader :credentials
 
+    # @return [Time]
+    attr_reader :expiration
+
     # @return [Boolean]
     def set?
       !!credentials && credentials.set?

data/lib/aws-sdk-core/credential_provider_chain.rb

@@ -161,7 +161,8 @@ module Aws
 
     def instance_profile_credentials(options)
       profile_name = determine_profile_name(options)
-      if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
+      if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] ||
+         ENV['AWS_CONTAINER_CREDENTIALS_FULL_URI']
         ECSCredentials.new(options)
       else
         InstanceProfileCredentials.new(options.merge(profile: profile_name))
@@ -169,12 +170,14 @@ module Aws
     end
 
     def assume_role_with_profile(options, profile_name)
-      region = (options[:config] && options[:config].region)
-      Aws.shared_config.assume_role_credentials_from_config(
+      assume_opts = {
         profile: profile_name,
-        region: region,
         chain_config: @config
-      )
+      }
+      if options[:config] && options[:config].region
+        assume_opts[:region] = options[:config].region
+      end
+      Aws.shared_config.assume_role_credentials_from_config(assume_opts)
     end
   end
 end