aws-sdk-core 3.130.1 → 3.178.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (94) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +377 -1
  3. data/VERSION +1 -1
  4. data/lib/aws-defaults/default_configuration.rb +4 -4
  5. data/lib/aws-sdk-core/arn.rb +13 -0
  6. data/lib/aws-sdk-core/assume_role_credentials.rb +6 -11
  7. data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +8 -10
  8. data/lib/aws-sdk-core/binary/encode_handler.rb +12 -1
  9. data/lib/aws-sdk-core/credential_provider.rb +3 -0
  10. data/lib/aws-sdk-core/credential_provider_chain.rb +8 -5
  11. data/lib/aws-sdk-core/ecs_credentials.rb +116 -53
  12. data/lib/aws-sdk-core/endpoints/condition.rb +41 -0
  13. data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
  14. data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +75 -0
  15. data/lib/aws-sdk-core/endpoints/error_rule.rb +42 -0
  16. data/lib/aws-sdk-core/endpoints/function.rb +80 -0
  17. data/lib/aws-sdk-core/endpoints/matchers.rb +127 -0
  18. data/lib/aws-sdk-core/endpoints/reference.rb +31 -0
  19. data/lib/aws-sdk-core/endpoints/rule.rb +25 -0
  20. data/lib/aws-sdk-core/endpoints/rule_set.rb +52 -0
  21. data/lib/aws-sdk-core/endpoints/rules_provider.rb +37 -0
  22. data/lib/aws-sdk-core/endpoints/templater.rb +58 -0
  23. data/lib/aws-sdk-core/endpoints/tree_rule.rb +45 -0
  24. data/lib/aws-sdk-core/endpoints/url.rb +60 -0
  25. data/lib/aws-sdk-core/endpoints.rb +78 -0
  26. data/lib/aws-sdk-core/errors.rb +13 -0
  27. data/lib/aws-sdk-core/ini_parser.rb +1 -1
  28. data/lib/aws-sdk-core/instance_profile_credentials.rb +5 -0
  29. data/lib/aws-sdk-core/json/error_handler.rb +20 -1
  30. data/lib/aws-sdk-core/log/formatter.rb +6 -0
  31. data/lib/aws-sdk-core/pageable_response.rb +10 -1
  32. data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
  33. data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +1 -1
  34. data/lib/aws-sdk-core/plugins/credentials_configuration.rb +24 -0
  35. data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +6 -2
  36. data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
  37. data/lib/aws-sdk-core/plugins/recursion_detection.rb +14 -3
  38. data/lib/aws-sdk-core/plugins/regional_endpoint.rb +111 -30
  39. data/lib/aws-sdk-core/plugins/request_compression.rb +217 -0
  40. data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +2 -1
  41. data/lib/aws-sdk-core/plugins/sign.rb +201 -0
  42. data/lib/aws-sdk-core/plugins/signature_v2.rb +1 -0
  43. data/lib/aws-sdk-core/plugins/signature_v4.rb +13 -7
  44. data/lib/aws-sdk-core/plugins/user_agent.rb +117 -14
  45. data/lib/aws-sdk-core/process_credentials.rb +6 -9
  46. data/lib/aws-sdk-core/refreshing_credentials.rb +2 -6
  47. data/lib/aws-sdk-core/refreshing_token.rb +71 -0
  48. data/lib/aws-sdk-core/rest/handler.rb +1 -1
  49. data/lib/aws-sdk-core/rest/request/headers.rb +2 -6
  50. data/lib/aws-sdk-core/shared_config.rb +101 -6
  51. data/lib/aws-sdk-core/sso_credentials.rb +85 -50
  52. data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
  53. data/lib/aws-sdk-core/static_token_provider.rb +14 -0
  54. data/lib/aws-sdk-core/structure.rb +6 -4
  55. data/lib/aws-sdk-core/token.rb +31 -0
  56. data/lib/aws-sdk-core/token_provider.rb +15 -0
  57. data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
  58. data/lib/aws-sdk-core/waiters/poller.rb +3 -1
  59. data/lib/aws-sdk-core/xml/error_handler.rb +7 -0
  60. data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
  61. data/lib/aws-sdk-core.rb +14 -0
  62. data/lib/aws-sdk-sso/client.rb +71 -11
  63. data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
  64. data/lib/aws-sdk-sso/endpoint_provider.rb +51 -0
  65. data/lib/aws-sdk-sso/endpoints.rb +72 -0
  66. data/lib/aws-sdk-sso/plugins/endpoints.rb +76 -0
  67. data/lib/aws-sdk-sso/types.rb +8 -43
  68. data/lib/aws-sdk-sso.rb +5 -1
  69. data/lib/aws-sdk-ssooidc/client.rb +626 -0
  70. data/lib/aws-sdk-ssooidc/client_api.rb +216 -0
  71. data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
  72. data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
  73. data/lib/aws-sdk-ssooidc/endpoint_provider.rb +51 -0
  74. data/lib/aws-sdk-ssooidc/endpoints.rb +58 -0
  75. data/lib/aws-sdk-ssooidc/errors.rb +290 -0
  76. data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +74 -0
  77. data/lib/aws-sdk-ssooidc/resource.rb +26 -0
  78. data/lib/aws-sdk-ssooidc/types.rb +502 -0
  79. data/lib/aws-sdk-ssooidc.rb +59 -0
  80. data/lib/aws-sdk-sts/client.rb +289 -245
  81. data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
  82. data/lib/aws-sdk-sts/endpoint_provider.rb +112 -0
  83. data/lib/aws-sdk-sts/endpoints.rb +136 -0
  84. data/lib/aws-sdk-sts/plugins/endpoints.rb +84 -0
  85. data/lib/aws-sdk-sts/presigner.rb +13 -15
  86. data/lib/aws-sdk-sts/types.rb +87 -195
  87. data/lib/aws-sdk-sts.rb +5 -1
  88. data/lib/seahorse/client/async_base.rb +0 -1
  89. data/lib/seahorse/client/configuration.rb +1 -5
  90. data/lib/seahorse/client/h2/connection.rb +12 -11
  91. data/lib/seahorse/client/plugins/request_callback.rb +9 -9
  92. data/lib/seahorse/model/operation.rb +3 -0
  93. data/lib/seahorse/util.rb +4 -0
  94. metadata +56 -8
@@ -0,0 +1,52 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ module Endpoints
5
+ # This class is deprecated. It is used by the Runtime endpoint
6
+ # resolution approach. It has been replaced by a code generated
7
+ # approach in each service gem. It can be removed in a new
8
+ # major version. It has to exist because
9
+ # old service gems can use a new core version.
10
+ # @api private
11
+ class RuleSet
12
+ def initialize(version:, service_id:, parameters:, rules:)
13
+ @version = version
14
+ @service_id = service_id
15
+ @parameters = parameters
16
+ @rules = RuleSet.rules_from_json(rules || [])
17
+ end
18
+
19
+ attr_reader :version
20
+ attr_reader :service_id
21
+ attr_reader :parameters
22
+ attr_reader :rules
23
+
24
+ def self.rules_from_json(rules_json)
25
+ rules_json.each.with_object([]) do |rule, rules|
26
+ if rule['type'] == 'endpoint'
27
+ rules << EndpointRule.new(
28
+ conditions: rule['conditions'],
29
+ endpoint: rule['endpoint'],
30
+ documentation: rule['documentation']
31
+ )
32
+ elsif rule['type'] == 'error'
33
+ rules << ErrorRule.new(
34
+ conditions: rule['conditions'],
35
+ error: rule['error'],
36
+ documentation: rule['documentation']
37
+ )
38
+ elsif rule['type'] == 'tree'
39
+ rules << TreeRule.new(
40
+ conditions: rule['conditions'],
41
+ rules: rule['rules'],
42
+ documentation: rule['documentation']
43
+ )
44
+ else
45
+ # should not happen
46
+ raise "Unknown endpoint rule type: #{rule}"
47
+ end
48
+ end
49
+ end
50
+ end
51
+ end
52
+ end
@@ -0,0 +1,37 @@
1
+ module Aws
2
+ module Endpoints
3
+ # This class is deprecated. It is used by the Runtime endpoint
4
+ # resolution approach. It has been replaced by a code generated
5
+ # approach in each service gem. It can be removed in a new
6
+ # major version. It has to exist because
7
+ # old service gems can use a new core version.
8
+ # @api private
9
+ class RulesProvider
10
+ def initialize(rule_set)
11
+ @rule_set = rule_set
12
+ end
13
+
14
+ def resolve_endpoint(parameters)
15
+ obj = resolve_rules(parameters)
16
+ case obj
17
+ when Endpoint
18
+ obj
19
+ when ArgumentError
20
+ raise obj
21
+ else
22
+ raise ArgumentError, 'No endpoint could be resolved'
23
+ end
24
+ end
25
+
26
+ private
27
+
28
+ def resolve_rules(parameters)
29
+ @rule_set.rules.each do |rule|
30
+ output = rule.match(parameters)
31
+ return output if output
32
+ end
33
+ nil
34
+ end
35
+ end
36
+ end
37
+ end
@@ -0,0 +1,58 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ module Endpoints
5
+ # Does substitutions for templated endpoint strings
6
+
7
+ # This class is deprecated. It is used by the Runtime endpoint
8
+ # resolution approach. It has been replaced by a code generated
9
+ # approach in each service gem. It can be removed in a new
10
+ # major version. It has to exist because
11
+ # old service gems can use a new core version.
12
+ # @api private
13
+ module Templater
14
+ class << self
15
+ def resolve(string, parameters, assigns)
16
+ # scans for strings in curly brackets {}
17
+ string.scan(/\{.+?\}/).each do |capture|
18
+ value = capture[1..-2] # strips curly brackets
19
+ string = string.gsub(capture, replace(value, parameters, assigns))
20
+ end
21
+ string
22
+ end
23
+
24
+ private
25
+
26
+ # Replaces the captured value with values from parameters or assign
27
+ def replace(capture, parameters, assigns)
28
+ # Pound sigil is used for getAttr calls
29
+ indexes = capture.split('#')
30
+
31
+ # no sigil found, just do substitution
32
+ if indexes.size == 1
33
+ extract_value(capture, parameters, assigns)
34
+ # sigil was found, need to call getAttr
35
+ elsif indexes.size == 2
36
+ ref, property = indexes
37
+ param = extract_value(ref, parameters, assigns)
38
+ Matchers.attr(param, property)
39
+ else
40
+ raise "Invalid templatable value: #{capture}"
41
+ end
42
+ end
43
+
44
+ # Checks both parameters and assigns hash for the referenced value
45
+ def extract_value(key, parameters, assigns)
46
+ if assigns.key?(key)
47
+ assigns[key]
48
+ elsif parameters.class.singleton_class::PARAM_MAP.key?(key)
49
+ member_name = parameters.class.singleton_class::PARAM_MAP[key]
50
+ parameters[member_name]
51
+ else
52
+ raise "Templatable value not found: #{key}"
53
+ end
54
+ end
55
+ end
56
+ end
57
+ end
58
+ end
@@ -0,0 +1,45 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ module Endpoints
5
+ # This class is deprecated. It is used by the Runtime endpoint
6
+ # resolution approach. It has been replaced by a code generated
7
+ # approach in each service gem. It can be removed in a new
8
+ # major version. It has to exist because
9
+ # old service gems can use a new core version.
10
+ # @api private
11
+ class TreeRule
12
+ def initialize(type: 'tree', conditions:, rules:, documentation: nil)
13
+ @type = type
14
+ @conditions = Condition.from_json(conditions)
15
+ @rules = RuleSet.rules_from_json(rules)
16
+ @documentation = documentation
17
+ end
18
+
19
+ attr_reader :type
20
+ attr_reader :conditions
21
+ attr_reader :error
22
+ attr_reader :documentation
23
+
24
+ def match(parameters, assigned = {})
25
+ assigns = assigned.dup
26
+ matched = conditions.all? do |condition|
27
+ output = condition.match?(parameters, assigns)
28
+ assigns = assigns.merge(condition.assigned) if condition.assign
29
+ output
30
+ end
31
+ resolve_rules(parameters, assigns) if matched
32
+ end
33
+
34
+ private
35
+
36
+ def resolve_rules(parameters, assigns)
37
+ @rules.each do |rule|
38
+ output = rule.match(parameters, assigns)
39
+ return output if output
40
+ end
41
+ nil
42
+ end
43
+ end
44
+ end
45
+ end
@@ -0,0 +1,60 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'ipaddr'
4
+
5
+ module Aws
6
+ module Endpoints
7
+
8
+ # @api private
9
+ class URL
10
+ def initialize(url)
11
+ uri = URI(url)
12
+ @scheme = uri.scheme
13
+ # only support http and https schemes
14
+ raise ArgumentError unless %w[https http].include?(@scheme)
15
+
16
+ # do not support query
17
+ raise ArgumentError if uri.query
18
+
19
+ @authority = _authority(url, uri)
20
+ @path = uri.path
21
+ @normalized_path = uri.path + (uri.path[-1] == '/' ? '' : '/')
22
+ @is_ip = _is_ip(uri.host)
23
+ end
24
+
25
+ attr_reader :scheme
26
+ attr_reader :authority
27
+ attr_reader :path
28
+ attr_reader :normalized_path
29
+ attr_reader :is_ip
30
+
31
+ def as_json(_options = {})
32
+ {
33
+ 'scheme' => scheme,
34
+ 'authority' => authority,
35
+ 'path' => path,
36
+ 'normalizedPath' => normalized_path,
37
+ 'isIp' => is_ip
38
+ }
39
+ end
40
+
41
+ private
42
+
43
+ def _authority(url, uri)
44
+ # don't include port if it's default and not parsed originally
45
+ if uri.default_port == uri.port && !url.include?(":#{uri.port}")
46
+ uri.host
47
+ else
48
+ "#{uri.host}:#{uri.port}"
49
+ end
50
+ end
51
+
52
+ def _is_ip(authority)
53
+ IPAddr.new(authority)
54
+ true
55
+ rescue IPAddr::InvalidAddressError
56
+ false
57
+ end
58
+ end
59
+ end
60
+ end
@@ -0,0 +1,78 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'endpoints/rule'
4
+ require_relative 'endpoints/condition'
5
+ require_relative 'endpoints/endpoint_rule'
6
+ require_relative 'endpoints/endpoint'
7
+ require_relative 'endpoints/error_rule'
8
+ require_relative 'endpoints/function'
9
+ require_relative 'endpoints/matchers'
10
+ require_relative 'endpoints/reference'
11
+ require_relative 'endpoints/rules_provider'
12
+ require_relative 'endpoints/rule_set'
13
+ require_relative 'endpoints/templater'
14
+ require_relative 'endpoints/tree_rule'
15
+ require_relative 'endpoints/url'
16
+
17
+ module Aws
18
+ # @api private
19
+ module Endpoints
20
+ class << self
21
+ def resolve_auth_scheme(context, endpoint)
22
+ if endpoint && (auth_schemes = endpoint.properties['authSchemes'])
23
+ auth_scheme = auth_schemes.find do |scheme|
24
+ Aws::Plugins::Sign::SUPPORTED_AUTH_TYPES.include?(scheme['name'])
25
+ end
26
+ raise 'No supported auth scheme for this endpoint.' unless auth_scheme
27
+
28
+ merge_signing_defaults(auth_scheme, context.config)
29
+ else
30
+ default_auth_scheme(context)
31
+ end
32
+ end
33
+
34
+ private
35
+
36
+ def default_auth_scheme(context)
37
+ case default_api_authtype(context)
38
+ when 'v4', 'v4-unsigned-body'
39
+ auth_scheme = { 'name' => 'sigv4' }
40
+ merge_signing_defaults(auth_scheme, context.config)
41
+ when 's3', 's3v4'
42
+ auth_scheme = {
43
+ 'name' => 'sigv4',
44
+ 'disableDoubleEncoding' => true,
45
+ 'disableNormalizePath' => true
46
+ }
47
+ merge_signing_defaults(auth_scheme, context.config)
48
+ when 'bearer'
49
+ { 'name' => 'bearer' }
50
+ when 'none', nil
51
+ { 'name' => 'none' }
52
+ end
53
+ end
54
+
55
+ def merge_signing_defaults(auth_scheme, config)
56
+ if %w[sigv4 sigv4a].include?(auth_scheme['name'])
57
+ auth_scheme['signingName'] ||= sigv4_name(config)
58
+ if auth_scheme['name'] == 'sigv4a'
59
+ auth_scheme['signingRegionSet'] ||= ['*']
60
+ else
61
+ auth_scheme['signingRegion'] ||= config.region
62
+ end
63
+ end
64
+ auth_scheme
65
+ end
66
+
67
+ def default_api_authtype(context)
68
+ context.config.api.operation(context.operation_name)['authtype'] ||
69
+ context.config.api.metadata['signatureVersion']
70
+ end
71
+
72
+ def sigv4_name(config)
73
+ config.api.metadata['signingName'] ||
74
+ config.api.metadata['endpointPrefix']
75
+ end
76
+ end
77
+ end
78
+ end
@@ -210,6 +210,19 @@ module Aws
210
210
  # Raised when SSO Credentials are invalid
211
211
  class InvalidSSOCredentials < RuntimeError; end
212
212
 
213
+ # Raised when SSO Token is invalid
214
+ class InvalidSSOToken < RuntimeError; end
215
+
216
+ # Raised when a client is unable to sign a request because
217
+ # the bearer token is not configured or available
218
+ class MissingBearerTokenError < RuntimeError
219
+ def initialize(*args)
220
+ msg = 'unable to sign request without token set'
221
+ super(msg)
222
+ end
223
+ end
224
+
225
+
213
226
  # Raised when there is a circular reference in chained
214
227
  # source_profiles
215
228
  class SourceProfileCircularReferenceError < RuntimeError; end
@@ -17,7 +17,7 @@ module Aws
17
17
  current_profile = named_profile[1] if named_profile
18
18
  elsif current_profile
19
19
  unless line.nil?
20
- item = line.match(/^(.+?)\s*=\s*(.+?)\s*$/)
20
+ item = line.match(/^(.+?)\s*=\s*([^\s].*?)\s*$/)
21
21
  prefix = line.match(/^(.+?)\s*=\s*$/)
22
22
  end
23
23
  if item && item[1].match(/^\s+/)
@@ -4,6 +4,11 @@ require 'time'
4
4
  require 'net/http'
5
5
 
6
6
  module Aws
7
+ # An auto-refreshing credential provider that loads credentials from
8
+ # EC2 instances.
9
+ #
10
+ # instance_credentials = Aws::InstanceProfileCredentials.new
11
+ # ec2 = Aws::EC2::Client.new(credentials: instance_credentials)
7
12
  class InstanceProfileCredentials
8
13
  include CredentialProvider
9
14
  include RefreshingCredentials
@@ -26,7 +26,13 @@ module Aws
26
26
  end
27
27
 
28
28
  def error_code(json, context)
29
- code = json['__type']
29
+ code =
30
+ if aws_query_error?(context)
31
+ error = context.http_response.headers['x-amzn-query-error'].split(';')[0]
32
+ remove_prefix(error, context)
33
+ else
34
+ json['__type']
35
+ end
30
36
  code ||= json['code']
31
37
  code ||= context.http_response.headers['x-amzn-errortype']
32
38
  if code
@@ -36,6 +42,19 @@ module Aws
36
42
  end
37
43
  end
38
44
 
45
+ def aws_query_error?(context)
46
+ context.config.api.metadata['awsQueryCompatible'] &&
47
+ context.http_response.headers['x-amzn-query-error']
48
+ end
49
+
50
+ def remove_prefix(error_code, context)
51
+ if prefix = context.config.api.metadata['errorPrefix']
52
+ error_code.sub(/^#{prefix}/, '')
53
+ else
54
+ error_code
55
+ end
56
+ end
57
+
39
58
  def error_message(code, json)
40
59
  if code == 'RequestEntityTooLarge'
41
60
  'Request body must be less than 1 MB'
@@ -26,6 +26,8 @@ module Aws
26
26
  #
27
27
  # You can put any of these placeholders into you pattern.
28
28
  #
29
+ # * `:region` - The region configured for the client.
30
+ #
29
31
  # * `:client_class` - The name of the client class.
30
32
  #
31
33
  # * `:operation` - The name of the client request method.
@@ -116,6 +118,10 @@ module Aws
116
118
 
117
119
  private
118
120
 
121
+ def _region(response)
122
+ response.context.config.region
123
+ end
124
+
119
125
  def _client_class(response)
120
126
  response.context.client.class.name
121
127
  end
@@ -146,6 +146,13 @@ module Aws
146
146
  data.to_h
147
147
  end
148
148
 
149
+ def as_json(_options = {})
150
+ data.to_h(data, as_json: true)
151
+ end
152
+
153
+ def to_json(options = {})
154
+ as_json.to_json(options)
155
+ end
149
156
  end
150
157
 
151
158
  # The actual decorator module implementation. It is in a distinct module
@@ -194,7 +201,9 @@ module Aws
194
201
  def next_response(params)
195
202
  params = next_page_params(params)
196
203
  request = context.client.build_request(context.operation_name, params)
197
- request.send_request
204
+ Aws::Plugins::UserAgent.feature('paginator') do
205
+ request.send_request
206
+ end
198
207
  end
199
208
 
200
209
  def next_page_params(params)
@@ -0,0 +1,67 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ # @api private
5
+ module Plugins
6
+ # @api private
7
+ class BearerAuthorization < Seahorse::Client::Plugin
8
+
9
+ option(:token_provider,
10
+ required: false,
11
+ doc_type: 'Aws::TokenProvider',
12
+ docstring: <<-DOCS
13
+ A Bearer Token Provider. This can be an instance of any one of the
14
+ following classes:
15
+
16
+ * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
17
+ tokens.
18
+
19
+ * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
20
+ access token generated from `aws login`.
21
+
22
+ When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
23
+ will be used to search for tokens configured for your profile in shared configuration files.
24
+ DOCS
25
+ ) do |config|
26
+ if config.stub_responses
27
+ StaticTokenProvider.new('token')
28
+ else
29
+ TokenProviderChain.new(config).resolve
30
+ end
31
+ end
32
+
33
+
34
+ def add_handlers(handlers, cfg)
35
+ bearer_operations =
36
+ if cfg.api.metadata['signatureVersion'] == 'bearer'
37
+ # select operations where authtype is either not set or is bearer
38
+ cfg.api.operation_names.select do |o|
39
+ !cfg.api.operation(o)['authtype'] || cfg.api.operation(o)['authtype'] == 'bearer'
40
+ end
41
+ else # service is not bearer auth
42
+ # select only operations where authtype is explicitly bearer
43
+ cfg.api.operation_names.select do |o|
44
+ cfg.api.operation(o)['authtype'] == 'bearer'
45
+ end
46
+ end
47
+ handlers.add(Handler, step: :sign, operations: bearer_operations)
48
+ end
49
+
50
+ class Handler < Seahorse::Client::Handler
51
+ def call(context)
52
+ if context.http_request.endpoint.scheme != 'https'
53
+ raise ArgumentError, 'Unable to use bearer authorization on non https endpoint.'
54
+ end
55
+
56
+ token_provider = context.config.token_provider
57
+ if token_provider && token_provider.set?
58
+ context.http_request.headers['Authorization'] = "Bearer #{token_provider.token.token}"
59
+ else
60
+ raise Errors::MissingBearerTokenError
61
+ end
62
+ @handler.call(context)
63
+ end
64
+ end
65
+ end
66
+ end
67
+ end
@@ -314,7 +314,7 @@ module Aws
314
314
  @io.rewind
315
315
  end
316
316
 
317
- def read(length, buf)
317
+ def read(length, buf = nil)
318
318
  # account for possible leftover bytes at the end, if we have trailer bytes, send them
319
319
  if @trailer_io
320
320
  return @trailer_io.read(length, buf)
@@ -76,6 +76,30 @@ locations will be searched for credentials:
76
76
 
77
77
  option(:instance_profile_credentials_timeout, 1)
78
78
 
79
+ option(:token_provider,
80
+ required: false,
81
+ doc_type: 'Aws::TokenProvider',
82
+ docstring: <<-DOCS
83
+ A Bearer Token Provider. This can be an instance of any one of the
84
+ following classes:
85
+
86
+ * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
87
+ tokens.
88
+
89
+ * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
90
+ access token generated from `aws login`.
91
+
92
+ When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
93
+ will be used to search for tokens configured for your profile in shared configuration files.
94
+ DOCS
95
+ ) do |config|
96
+ if config.stub_responses
97
+ StaticTokenProvider.new('token')
98
+ else
99
+ TokenProviderChain.new(config).resolve
100
+ end
101
+ end
102
+
79
103
  end
80
104
  end
81
105
  end
@@ -72,7 +72,11 @@ the background every 60 secs (default). Defaults to `false`.
72
72
  context,
73
73
  Aws::Util.str_2_bool(discovery_cfg["required"])
74
74
  )
75
- context.http_request.endpoint = _valid_uri(endpoint.address) if endpoint
75
+ if endpoint
76
+ context.http_request.endpoint = _valid_uri(endpoint.address)
77
+ # Skips dynamic endpoint usage, use this endpoint instead
78
+ context[:discovered_endpoint] = true
79
+ end
76
80
  if endpoint || context.config.endpoint_discovery
77
81
  _apply_endpoint_discovery_user_agent(context)
78
82
  end
@@ -100,7 +104,7 @@ the background every 60 secs (default). Defaults to `false`.
100
104
  end
101
105
 
102
106
  def _discover_endpoint(ctx, required)
103
- cache = ctx.config.endpoint_cache
107
+ cache = ctx.config.endpoint_cache
104
108
  key = cache.extract_key(ctx)
105
109
 
106
110
  if required
@@ -11,15 +11,43 @@ module Aws
11
11
 
12
12
  def call(context)
13
13
  context.operation.input.shape.members.each do |m, ref|
14
- if ref['jsonvalue']
15
- param_value = context.params[m]
16
- unless param_value.respond_to?(:to_json)
17
- raise ArgumentError, "The value of params[#{m}] is not JSON serializable."
14
+ convert_jsonvalue(m, ref, context.params, 'params')
15
+ end
16
+ @handler.call(context)
17
+ end
18
+
19
+ def convert_jsonvalue(m, ref, params, context)
20
+ return if params.nil? || !params.key?(m)
21
+
22
+ if ref['jsonvalue']
23
+ params[m] = serialize_jsonvalue(params[m], "#{context}[#{m}]")
24
+ else
25
+ case ref.shape
26
+ when Seahorse::Model::Shapes::StructureShape
27
+ ref.shape.members.each do |member_m, ref|
28
+ convert_jsonvalue(member_m, ref, params[m], "#{context}[#{m}]")
29
+ end
30
+ when Seahorse::Model::Shapes::ListShape
31
+ if ref.shape.member['jsonvalue']
32
+ params[m] = params[m].each_with_index.map do |v, i|
33
+ serialize_jsonvalue(v, "#{context}[#{m}][#{i}]")
34
+ end
35
+ end
36
+ when Seahorse::Model::Shapes::MapShape
37
+ if ref.shape.value['jsonvalue']
38
+ params[m].each do |k, v|
39
+ params[m][k] = serialize_jsonvalue(v, "#{context}[#{m}][#{k}]")
40
+ end
18
41
  end
19
- context.params[m] = param_value.to_json
20
42
  end
21
43
  end
22
- @handler.call(context)
44
+ end
45
+
46
+ def serialize_jsonvalue(v, context)
47
+ unless v.respond_to?(:to_json)
48
+ raise ArgumentError, "The value of #{context} is not JSON serializable."
49
+ end
50
+ v.to_json
23
51
  end
24
52
 
25
53
  end
@@ -9,14 +9,25 @@ module Aws
9
9
  class Handler < Seahorse::Client::Handler
10
10
  def call(context)
11
11
 
12
- unless context.http_request.headers.key?('x-amz-trace-id')
12
+ unless context.http_request.headers.key?('x-amzn-trace-id')
13
13
  if ENV['AWS_LAMBDA_FUNCTION_NAME'] &&
14
- (trace_id = ENV['_X_AMZ_TRACE_ID'])
15
- context.http_request.headers['x-amz-trace-id'] = trace_id
14
+ (trace_id = validate_header(ENV['_X_AMZN_TRACE_ID']))
15
+ context.http_request.headers['x-amzn-trace-id'] = trace_id
16
16
  end
17
17
  end
18
18
  @handler.call(context)
19
19
  end
20
+
21
+ private
22
+ def validate_header(header_value)
23
+ return unless header_value
24
+
25
+ if (header_value.chars & (0..31).map(&:chr)).any?
26
+ raise ArgumentError, 'Invalid _X_AMZN_TRACE_ID value: '\
27
+ 'contains ASCII control characters'
28
+ end
29
+ header_value
30
+ end
20
31
  end
21
32
 
22
33
  # should be at the end of build so that