aws-sdk-core 3.131.1 → 3.170.0

data/lib/aws-sdk-core/endpoints/matchers.rb

@@ -0,0 +1,127 @@
+# frozen_string_literal: true
+
+require 'cgi'
+
+module Aws
+  module Endpoints
+    # generic matcher functions for service endpoints
+    # @api private
+    module Matchers
+      # Regex that extracts anything in square brackets
+      BRACKET_REGEX = /\[(.*?)\]/.freeze
+
+      # CORE
+
+      # isSet(value: Option<T>) bool
+      def self.set?(value)
+        !value.nil?
+      end
+
+      # not(value: bool) bool
+      def self.not(bool)
+        !bool
+      end
+
+      # getAttr(value: Object | Array, path: string) Document
+      def self.attr(value, path)
+        parts = path.split('.')
+
+        val = if (index = parts.first[BRACKET_REGEX, 1])
+                # remove brackets and index from part before indexing
+                value[parts.first.gsub(BRACKET_REGEX, '')][index.to_i]
+              else
+                value[parts.first]
+              end
+
+        if parts.size == 1
+          val
+        else
+          attr(val, parts.slice(1..-1).join('.'))
+        end
+      end
+
+      def self.substring(input, start, stop, reverse)
+        return nil if start >= stop || input.size < stop
+
+        return nil if input.chars.any? { |c| c.ord > 127 }
+
+        return input[start...stop] unless reverse
+
+        r_start = input.size - stop
+        r_stop = input.size - start
+        input[r_start...r_stop]
+      end
+
+      # stringEquals(value1: string, value2: string) bool
+      def self.string_equals?(value1, value2)
+        value1 == value2
+      end
+
+      # booleanEquals(value1: bool, value2: bool) bool
+      def self.boolean_equals?(value1, value2)
+        value1 == value2
+      end
+
+      # uriEncode(value: string) string
+      def self.uri_encode(value)
+        CGI.escape(value.encode('UTF-8')).gsub('+', '%20').gsub('%7E', '~')
+      end
+
+      # parseUrl(value: string) Option<URL>
+      def self.parse_url(value)
+        URL.new(value).as_json
+      rescue ArgumentError, URI::InvalidURIError
+        nil
+      end
+
+      # isValidHostLabel(value: string, allowSubDomains: bool) bool
+      def self.valid_host_label?(value, allow_sub_domains = false)
+        return false if value.empty?
+
+        if allow_sub_domains
+          labels = value.split('.')
+          return labels.all? { |l| valid_host_label?(l) }
+        end
+
+        value =~ /\A(?!-)[a-zA-Z0-9-]{1,63}(?<!-)\z/
+      end
+
+      # AWS
+
+      # aws.partition(value: string) Option<Partition>
+      def self.aws_partition(value)
+        partition =
+          Aws::Partitions.find { |p| p.region?(value) } ||
+          Aws::Partitions.find { |p| value.match(p.region_regex) } ||
+          Aws::Partitions.find { |p| p.name == 'aws' }
+
+        return nil unless partition
+
+        partition.metadata
+      end
+
+      # aws.parseArn(value: string) Option<ARN>
+      def self.aws_parse_arn(value)
+        arn = Aws::ARNParser.parse(value)
+        json = arn.as_json
+        # HACK: because of poor naming and also requirement of splitting
+        resource = json.delete('resource')
+        json['resourceId'] = resource.split(%r{[:\/]}, -1)
+        json
+      rescue Aws::Errors::InvalidARNError
+        nil
+      end
+
+      # aws.isVirtualHostableS3Bucket(value: string, allowSubDomains: bool) bool
+      def self.aws_virtual_hostable_s3_bucket?(value, allow_sub_domains = false)
+        !!(value.size < 64 &&
+          # regular naming rules
+          value =~ /^[a-z0-9][a-z0-9\-#{'.' if allow_sub_domains}]+[a-z0-9]$/ &&
+          # not IP address
+          value !~ /(\d+\.){3}\d+/ &&
+          # no dash and hyphen together
+          value !~ /[.-]{2}/)
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/endpoints/reference.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Aws
+  module Endpoints
+    # This class is deprecated. It is used by the Runtime endpoint
+    # resolution approach. It has been replaced by a code generated
+    # approach in each service gem. It can be removed in a new
+    # major version. It has to exist because
+    # old service gems can use a new core version.
+    # @api private
+    class Reference
+      def initialize(ref:)
+        @ref = ref
+      end
+
+      attr_reader :ref
+
+      def resolve(parameters, assigns)
+        if parameters.class.singleton_class::PARAM_MAP.key?(@ref)
+          member_name = parameters.class.singleton_class::PARAM_MAP[@ref]
+          parameters[member_name]
+        elsif assigns.key?(@ref)
+          assigns[@ref]
+        else
+          raise ArgumentError,
+                "Reference #{@ref} is not a param or an assigned value."
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/endpoints/rule.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Aws
+  module Endpoints
+    # This class is deprecated. It is used by the Runtime endpoint
+    # resolution approach. It has been replaced by a code generated
+    # approach in each service gem. It can be removed in a new
+    # major version. It has to exist because
+    # old service gems can use a new core version.
+    # @api private
+    class Rule
+      # Resolves a value that is a function, reference, or template string.
+      def resolve_value(value, parameters, assigns)
+        if value.is_a?(Hash) && value['fn']
+          Function.new(fn: value['fn'], argv: value['argv'])
+                  .call(parameters, assigns)
+        elsif value.is_a?(Hash) && value['ref']
+          Reference.new(ref: value['ref']).resolve(parameters, assigns)
+        else
+          Templater.resolve(value, parameters, assigns)
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/endpoints/rule_set.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Aws
+  module Endpoints
+    # This class is deprecated. It is used by the Runtime endpoint
+    # resolution approach. It has been replaced by a code generated
+    # approach in each service gem. It can be removed in a new
+    # major version. It has to exist because
+    # old service gems can use a new core version.
+    # @api private
+    class RuleSet
+      def initialize(version:, service_id:, parameters:, rules:)
+        @version = version
+        @service_id = service_id
+        @parameters = parameters
+        @rules = RuleSet.rules_from_json(rules || [])
+      end
+
+      attr_reader :version
+      attr_reader :service_id
+      attr_reader :parameters
+      attr_reader :rules
+
+      def self.rules_from_json(rules_json)
+        rules_json.each.with_object([]) do |rule, rules|
+          if rule['type'] == 'endpoint'
+            rules << EndpointRule.new(
+              conditions: rule['conditions'],
+              endpoint: rule['endpoint'],
+              documentation: rule['documentation']
+            )
+          elsif rule['type'] == 'error'
+            rules << ErrorRule.new(
+              conditions: rule['conditions'],
+              error: rule['error'],
+              documentation: rule['documentation']
+            )
+          elsif rule['type'] == 'tree'
+            rules << TreeRule.new(
+              conditions: rule['conditions'],
+              rules: rule['rules'],
+              documentation: rule['documentation']
+            )
+          else
+            # should not happen
+            raise "Unknown endpoint rule type: #{rule}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/endpoints/rules_provider.rb

@@ -0,0 +1,37 @@
+module Aws
+  module Endpoints
+    # This class is deprecated. It is used by the Runtime endpoint
+    # resolution approach. It has been replaced by a code generated
+    # approach in each service gem. It can be removed in a new
+    # major version. It has to exist because
+    # old service gems can use a new core version.
+    # @api private
+    class RulesProvider
+      def initialize(rule_set)
+        @rule_set = rule_set
+      end
+
+      def resolve_endpoint(parameters)
+        obj = resolve_rules(parameters)
+        case obj
+        when Endpoint
+          obj
+        when ArgumentError
+          raise obj
+        else
+          raise ArgumentError, 'No endpoint could be resolved'
+        end
+      end
+
+      private
+
+      def resolve_rules(parameters)
+        @rule_set.rules.each do |rule|
+          output = rule.match(parameters)
+          return output if output
+        end
+        nil
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/endpoints/templater.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Aws
+  module Endpoints
+    # Does substitutions for templated endpoint strings
+
+    # This class is deprecated. It is used by the Runtime endpoint
+    # resolution approach. It has been replaced by a code generated
+    # approach in each service gem. It can be removed in a new
+    # major version. It has to exist because
+    # old service gems can use a new core version.
+    # @api private
+    module Templater
+      class << self
+        def resolve(string, parameters, assigns)
+          # scans for strings in curly brackets {}
+          string.scan(/\{.+?\}/).each do |capture|
+            value = capture[1..-2] # strips curly brackets
+            string = string.gsub(capture, replace(value, parameters, assigns))
+          end
+          string
+        end
+
+        private
+
+        # Replaces the captured value with values from parameters or assign
+        def replace(capture, parameters, assigns)
+          # Pound sigil is used for getAttr calls
+          indexes = capture.split('#')
+
+          # no sigil found, just do substitution
+          if indexes.size == 1
+            extract_value(capture, parameters, assigns)
+          # sigil was found, need to call getAttr
+          elsif indexes.size == 2
+            ref, property = indexes
+            param = extract_value(ref, parameters, assigns)
+            Matchers.attr(param, property)
+          else
+            raise "Invalid templatable value: #{capture}"
+          end
+        end
+
+        # Checks both parameters and assigns hash for the referenced value
+        def extract_value(key, parameters, assigns)
+          if assigns.key?(key)
+            assigns[key]
+          elsif parameters.class.singleton_class::PARAM_MAP.key?(key)
+            member_name = parameters.class.singleton_class::PARAM_MAP[key]
+            parameters[member_name]
+          else
+            raise "Templatable value not found: #{key}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/endpoints/tree_rule.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Aws
+  module Endpoints
+    # This class is deprecated. It is used by the Runtime endpoint
+    # resolution approach. It has been replaced by a code generated
+    # approach in each service gem. It can be removed in a new
+    # major version. It has to exist because
+    # old service gems can use a new core version.
+    # @api private
+    class TreeRule
+      def initialize(type: 'tree', conditions:, rules:, documentation: nil)
+        @type = type
+        @conditions = Condition.from_json(conditions)
+        @rules = RuleSet.rules_from_json(rules)
+        @documentation = documentation
+      end
+
+      attr_reader :type
+      attr_reader :conditions
+      attr_reader :error
+      attr_reader :documentation
+
+      def match(parameters, assigned = {})
+        assigns = assigned.dup
+        matched = conditions.all? do |condition|
+          output = condition.match?(parameters, assigns)
+          assigns = assigns.merge(condition.assigned) if condition.assign
+          output
+        end
+        resolve_rules(parameters, assigns) if matched
+      end
+
+      private
+
+      def resolve_rules(parameters, assigns)
+        @rules.each do |rule|
+          output = rule.match(parameters, assigns)
+          return output if output
+        end
+        nil
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/endpoints/url.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require 'ipaddr'
+
+module Aws
+  module Endpoints
+
+    # @api private
+    class URL
+      def initialize(url)
+        uri = URI(url)
+        @scheme = uri.scheme
+        # only support http and https schemes
+        raise ArgumentError unless %w[https http].include?(@scheme)
+
+        # do not support query
+        raise ArgumentError if uri.query
+
+        @authority = _authority(url, uri)
+        @path = uri.path
+        @normalized_path = uri.path + (uri.path[-1] == '/' ? '' : '/')
+        @is_ip = _is_ip(uri.host)
+      end
+
+      attr_reader :scheme
+      attr_reader :authority
+      attr_reader :path
+      attr_reader :normalized_path
+      attr_reader :is_ip
+
+      def as_json(_options = {})
+        {
+          'scheme' => scheme,
+          'authority' => authority,
+          'path' => path,
+          'normalizedPath' => normalized_path,
+          'isIp' => is_ip
+        }
+      end
+
+      private
+
+      def _authority(url, uri)
+        # don't include port if it's default and not parsed originally
+        if uri.default_port == uri.port && !url.include?(":#{uri.port}")
+          uri.host
+        else
+          "#{uri.host}:#{uri.port}"
+        end
+      end
+
+      def _is_ip(authority)
+        IPAddr.new(authority)
+        true
+      rescue IPAddr::InvalidAddressError
+        false
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/endpoints.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+require_relative 'endpoints/rule'
+require_relative 'endpoints/condition'
+require_relative 'endpoints/endpoint_rule'
+require_relative 'endpoints/endpoint'
+require_relative 'endpoints/error_rule'
+require_relative 'endpoints/function'
+require_relative 'endpoints/matchers'
+require_relative 'endpoints/reference'
+require_relative 'endpoints/rules_provider'
+require_relative 'endpoints/rule_set'
+require_relative 'endpoints/templater'
+require_relative 'endpoints/tree_rule'
+require_relative 'endpoints/url'
+
+module Aws
+  # @api private
+  module Endpoints
+    class << self
+      def resolve_auth_scheme(context, endpoint)
+        if endpoint && (auth_schemes = endpoint.properties['authSchemes'])
+          auth_scheme = auth_schemes.find do |scheme|
+            Aws::Plugins::Sign::SUPPORTED_AUTH_TYPES.include?(scheme['name'])
+          end
+          raise 'No supported auth scheme for this endpoint.' unless auth_scheme
+
+          merge_signing_defaults(auth_scheme, context.config)
+        else
+          default_auth_scheme(context)
+        end
+      end
+
+      private
+
+      def default_auth_scheme(context)
+        case default_api_authtype(context)
+        when 'v4', 'v4-unsigned-body'
+          auth_scheme = { 'name' => 'sigv4' }
+          merge_signing_defaults(auth_scheme, context.config)
+        when 's3', 's3v4'
+          auth_scheme = { 'name' => 'sigv4', 'disableDoubleEncoding' => true }
+          merge_signing_defaults(auth_scheme, context.config)
+        when 'bearer'
+          { 'name' => 'bearer' }
+        when 'none', nil
+          { 'name' => 'none' }
+        end
+      end
+
+      def merge_signing_defaults(auth_scheme, config)
+        if %w[sigv4 sigv4a].include?(auth_scheme['name'])
+          auth_scheme['signingName'] ||= sigv4_name(config)
+          if auth_scheme['name'] == 'sigv4a'
+            auth_scheme['signingRegionSet'] ||= ['*']
+          else
+            auth_scheme['signingRegion'] ||= config.region
+          end
+        end
+        auth_scheme
+      end
+
+      def default_api_authtype(context)
+        context.config.api.operation(context.operation_name)['authtype'] ||
+          context.config.api.metadata['signatureVersion']
+      end
+
+      def sigv4_name(config)
+        config.api.metadata['signingName'] ||
+          config.api.metadata['endpointPrefix']
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/errors.rb

@@ -210,6 +210,19 @@ module Aws
     # Raised when SSO Credentials are invalid
     class InvalidSSOCredentials < RuntimeError; end
 
+    # Raised when SSO Token is invalid
+    class InvalidSSOToken < RuntimeError; end
+
+    # Raised when a client is unable to sign a request because
+    # the bearer token is not configured or available
+    class MissingBearerTokenError < RuntimeError
+      def initialize(*args)
+        msg = 'unable to sign request without token set'
+        super(msg)
+      end
+    end
+
+
     # Raised when there is a circular reference in chained
     # source_profiles
     class SourceProfileCircularReferenceError < RuntimeError; end

data/lib/aws-sdk-core/json/error_handler.rb

@@ -26,7 +26,11 @@ module Aws
       end
 
       def error_code(json, context)
-        code = json['__type']
+        code = if aws_query_error?(context)
+          context.http_response.headers['x-amzn-query-error'].split(';')[0]
+        else
+          json['__type']
+        end
         code ||= json['code']
         code ||= context.http_response.headers['x-amzn-errortype']
         if code
@@ -36,6 +40,11 @@ module Aws
         end
       end
 
+      def aws_query_error?(context)
+        context.config.api.metadata['awsQueryCompatible'] &&
+          context.http_response.headers['x-amzn-query-error']
+      end
+
       def error_message(code, json)
         if code == 'RequestEntityTooLarge'
           'Request body must be less than 1 MB'

data/lib/aws-sdk-core/pageable_response.rb

@@ -146,6 +146,13 @@ module Aws
         data.to_h
       end
 
+      def as_json(_options = {})
+        data.to_h(data, as_json: true)
+      end
+
+      def to_json(options = {})
+        as_json.to_json(options)
+      end
     end
 
     # The actual decorator module implementation. It is in a distinct module

data/lib/aws-sdk-core/plugins/bearer_authorization.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Aws
+  # @api private
+  module Plugins
+    # @api private
+    class BearerAuthorization < Seahorse::Client::Plugin
+
+      option(:token_provider,
+             required: false,
+             doc_type: 'Aws::TokenProvider',
+             docstring: <<-DOCS
+A Bearer Token Provider. This can be an instance of any one of the
+following classes:
+
+* `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+  tokens.
+
+* `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+  access token generated from `aws login`.
+
+When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+will be used to search for tokens configured for your profile in shared configuration files.
+      DOCS
+      ) do |config|
+        if config.stub_responses
+          StaticTokenProvider.new('token')
+        else
+          TokenProviderChain.new(config).resolve
+        end
+      end
+
+
+      def add_handlers(handlers, cfg)
+        bearer_operations =
+          if cfg.api.metadata['signatureVersion'] == 'bearer'
+            # select operations where authtype is either not set or is bearer
+            cfg.api.operation_names.select do |o|
+              !cfg.api.operation(o)['authtype'] || cfg.api.operation(o)['authtype'] == 'bearer'
+            end
+          else # service is not bearer auth
+            # select only operations where authtype is explicitly bearer
+            cfg.api.operation_names.select do |o|
+              cfg.api.operation(o)['authtype'] == 'bearer'
+            end
+          end
+        handlers.add(Handler, step: :sign, operations: bearer_operations)
+      end
+
+      class Handler < Seahorse::Client::Handler
+        def call(context)
+          if context.http_request.endpoint.scheme != 'https'
+            raise ArgumentError, 'Unable to use bearer authorization on non https endpoint.'
+          end
+
+          token_provider = context.config.token_provider
+          if token_provider && token_provider.set?
+            context.http_request.headers['Authorization'] = "Bearer #{token_provider.token.token}"
+          else
+            raise Errors::MissingBearerTokenError
+          end
+          @handler.call(context)
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/credentials_configuration.rb

@@ -76,6 +76,30 @@ locations will be searched for credentials:
 
       option(:instance_profile_credentials_timeout, 1)
 
+      option(:token_provider,
+             required: false,
+             doc_type: 'Aws::TokenProvider',
+             docstring: <<-DOCS
+A Bearer Token Provider. This can be an instance of any one of the
+following classes:
+
+* `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+  tokens.
+
+* `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+  access token generated from `aws login`.
+
+When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+will be used to search for tokens configured for your profile in shared configuration files.
+      DOCS
+      ) do |config|
+        if config.stub_responses
+          StaticTokenProvider.new('token')
+        else
+          TokenProviderChain.new(config).resolve
+        end
+      end
+
     end
   end
 end