aws-sdk-core 3.152.0 → 3.234.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +942 -1
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +5 -6
- data/lib/aws-defaults.rb +4 -1
- data/lib/aws-sdk-core/arn.rb +14 -3
- data/lib/aws-sdk-core/assume_role_credentials.rb +21 -13
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +16 -9
- data/lib/aws-sdk-core/binary/decode_handler.rb +3 -9
- data/lib/aws-sdk-core/binary/encode_handler.rb +13 -2
- data/lib/aws-sdk-core/binary/event_builder.rb +34 -37
- data/lib/aws-sdk-core/binary/event_stream_decoder.rb +1 -0
- data/lib/aws-sdk-core/binary/event_stream_encoder.rb +4 -3
- data/lib/aws-sdk-core/cbor/decoder.rb +308 -0
- data/lib/aws-sdk-core/cbor/encoder.rb +243 -0
- data/lib/aws-sdk-core/cbor.rb +53 -0
- data/lib/aws-sdk-core/client_side_monitoring.rb +9 -0
- data/lib/aws-sdk-core/client_stubs.rb +33 -55
- data/lib/aws-sdk-core/credential_provider.rb +8 -1
- data/lib/aws-sdk-core/credential_provider_chain.rb +81 -29
- data/lib/aws-sdk-core/credentials.rb +19 -6
- data/lib/aws-sdk-core/ec2_metadata.rb +1 -1
- data/lib/aws-sdk-core/ecs_credentials.rb +186 -60
- data/lib/aws-sdk-core/endpoints/condition.rb +41 -0
- data/lib/aws-sdk-core/endpoints/endpoint.rb +19 -0
- data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +75 -0
- data/lib/aws-sdk-core/endpoints/error_rule.rb +42 -0
- data/lib/aws-sdk-core/endpoints/function.rb +80 -0
- data/lib/aws-sdk-core/endpoints/matchers.rb +129 -0
- data/lib/aws-sdk-core/endpoints/reference.rb +31 -0
- data/lib/aws-sdk-core/endpoints/rule.rb +25 -0
- data/lib/aws-sdk-core/endpoints/rule_set.rb +52 -0
- data/lib/aws-sdk-core/endpoints/rules_provider.rb +37 -0
- data/lib/aws-sdk-core/endpoints/templater.rb +58 -0
- data/lib/aws-sdk-core/endpoints/tree_rule.rb +45 -0
- data/lib/aws-sdk-core/endpoints/url.rb +60 -0
- data/lib/aws-sdk-core/endpoints.rb +158 -0
- data/lib/aws-sdk-core/error_handler.rb +46 -0
- data/lib/aws-sdk-core/errors.rb +14 -5
- data/lib/aws-sdk-core/event_emitter.rb +1 -17
- data/lib/aws-sdk-core/ini_parser.rb +7 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +168 -155
- data/lib/aws-sdk-core/json/builder.rb +8 -1
- data/lib/aws-sdk-core/json/error_handler.rb +46 -11
- data/lib/aws-sdk-core/json/handler.rb +13 -6
- data/lib/aws-sdk-core/json/json_engine.rb +3 -1
- data/lib/aws-sdk-core/json/oj_engine.rb +7 -1
- data/lib/aws-sdk-core/json/parser.rb +33 -3
- data/lib/aws-sdk-core/json.rb +43 -14
- data/lib/aws-sdk-core/log/formatter.rb +6 -0
- data/lib/aws-sdk-core/log/param_filter.rb +2 -2
- data/lib/aws-sdk-core/log/param_formatter.rb +7 -3
- data/lib/aws-sdk-core/log.rb +10 -0
- data/lib/aws-sdk-core/lru_cache.rb +75 -0
- data/lib/aws-sdk-core/pageable_response.rb +3 -1
- data/lib/aws-sdk-core/param_validator.rb +9 -4
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +2 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +348 -169
- data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +1 -1
- data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +14 -2
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +84 -38
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +6 -2
- data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +40 -32
- data/lib/aws-sdk-core/plugins/global_configuration.rb +8 -9
- data/lib/aws-sdk-core/plugins/http_checksum.rb +3 -8
- data/lib/aws-sdk-core/plugins/invocation_id.rb +1 -11
- data/lib/aws-sdk-core/plugins/logging.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +3 -1
- data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -24
- data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +6 -8
- data/lib/aws-sdk-core/plugins/protocols/query.rb +4 -2
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +3 -15
- data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +3 -0
- data/lib/aws-sdk-core/plugins/protocols/rpc_v2.rb +17 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +164 -34
- data/lib/aws-sdk-core/plugins/request_compression.rb +226 -0
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +2 -1
- data/lib/aws-sdk-core/plugins/retry_errors.rb +12 -3
- data/lib/aws-sdk-core/plugins/sign.rb +222 -0
- data/lib/aws-sdk-core/plugins/signature_v2.rb +2 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +2 -0
- data/lib/aws-sdk-core/plugins/stub_responses.rb +59 -9
- data/lib/aws-sdk-core/plugins/telemetry.rb +75 -0
- data/lib/aws-sdk-core/plugins/transfer_encoding.rb +16 -9
- data/lib/aws-sdk-core/plugins/user_agent.rb +192 -14
- data/lib/aws-sdk-core/plugins.rb +39 -0
- data/lib/aws-sdk-core/process_credentials.rb +48 -29
- data/lib/aws-sdk-core/query/ec2_handler.rb +27 -0
- data/lib/aws-sdk-core/query/ec2_param_builder.rb +5 -7
- data/lib/aws-sdk-core/query/handler.rb +4 -4
- data/lib/aws-sdk-core/query/param_builder.rb +2 -2
- data/lib/aws-sdk-core/query.rb +2 -1
- data/lib/aws-sdk-core/refreshing_credentials.rb +20 -23
- data/lib/aws-sdk-core/resources.rb +8 -0
- data/lib/aws-sdk-core/rest/content_type_handler.rb +60 -0
- data/lib/aws-sdk-core/rest/handler.rb +3 -4
- data/lib/aws-sdk-core/rest/request/body.rb +32 -5
- data/lib/aws-sdk-core/rest/request/endpoint.rb +24 -4
- data/lib/aws-sdk-core/rest/request/headers.rb +14 -10
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +62 -36
- data/lib/aws-sdk-core/rest/response/body.rb +15 -1
- data/lib/aws-sdk-core/rest/response/header_list_parser.rb +79 -0
- data/lib/aws-sdk-core/rest/response/headers.rb +8 -3
- data/lib/aws-sdk-core/rest.rb +1 -0
- data/lib/aws-sdk-core/rpc_v2/builder.rb +62 -0
- data/lib/aws-sdk-core/rpc_v2/cbor_engine.rb +18 -0
- data/lib/aws-sdk-core/rpc_v2/content_type_handler.rb +47 -0
- data/lib/aws-sdk-core/rpc_v2/error_handler.rb +95 -0
- data/lib/aws-sdk-core/rpc_v2/handler.rb +79 -0
- data/lib/aws-sdk-core/rpc_v2/parser.rb +98 -0
- data/lib/aws-sdk-core/rpc_v2.rb +69 -0
- data/lib/aws-sdk-core/shared_config.rb +160 -36
- data/lib/aws-sdk-core/shared_credentials.rb +1 -7
- data/lib/aws-sdk-core/sso_credentials.rb +84 -46
- data/lib/aws-sdk-core/sso_token_provider.rb +3 -2
- data/lib/aws-sdk-core/static_token_provider.rb +1 -2
- data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +12 -11
- data/lib/aws-sdk-core/stubbing/protocols/json.rb +11 -10
- data/lib/aws-sdk-core/stubbing/protocols/query.rb +7 -6
- data/lib/aws-sdk-core/stubbing/protocols/rest.rb +2 -1
- data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +9 -8
- data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +6 -5
- data/lib/aws-sdk-core/stubbing/protocols/rpc_v2.rb +39 -0
- data/lib/aws-sdk-core/stubbing/stub_data.rb +11 -0
- data/lib/aws-sdk-core/stubbing.rb +22 -0
- data/lib/aws-sdk-core/telemetry/base.rb +177 -0
- data/lib/aws-sdk-core/telemetry/no_op.rb +70 -0
- data/lib/aws-sdk-core/telemetry/otel.rb +235 -0
- data/lib/aws-sdk-core/telemetry/span_kind.rb +22 -0
- data/lib/aws-sdk-core/telemetry/span_status.rb +59 -0
- data/lib/aws-sdk-core/telemetry.rb +78 -0
- data/lib/aws-sdk-core/token.rb +3 -3
- data/lib/aws-sdk-core/token_provider.rb +4 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +2 -6
- data/lib/aws-sdk-core/util.rb +41 -1
- data/lib/aws-sdk-core/waiters/poller.rb +12 -5
- data/lib/aws-sdk-core/xml/builder.rb +17 -9
- data/lib/aws-sdk-core/xml/error_handler.rb +35 -43
- data/lib/aws-sdk-core/xml/parser/frame.rb +4 -20
- data/lib/aws-sdk-core/xml/parser/{engines/oga.rb → oga_engine.rb} +2 -0
- data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
- data/lib/aws-sdk-core/xml/parser.rb +2 -6
- data/lib/aws-sdk-core.rb +82 -103
- data/lib/aws-sdk-sso/client.rb +219 -89
- data/lib/aws-sdk-sso/client_api.rb +7 -0
- data/lib/aws-sdk-sso/endpoint_parameters.rb +69 -0
- data/lib/aws-sdk-sso/endpoint_provider.rb +53 -0
- data/lib/aws-sdk-sso/endpoints.rb +20 -0
- data/lib/aws-sdk-sso/plugins/endpoints.rb +77 -0
- data/lib/aws-sdk-sso/types.rb +1 -35
- data/lib/aws-sdk-sso.rb +15 -7
- data/lib/aws-sdk-ssooidc/client.rb +650 -118
- data/lib/aws-sdk-ssooidc/client_api.rb +94 -1
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +69 -0
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +53 -0
- data/lib/aws-sdk-ssooidc/endpoints.rb +20 -0
- data/lib/aws-sdk-ssooidc/errors.rb +62 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +77 -0
- data/lib/aws-sdk-ssooidc/types.rb +437 -67
- data/lib/aws-sdk-ssooidc.rb +15 -7
- data/lib/aws-sdk-sts/client.rb +670 -368
- data/lib/aws-sdk-sts/client_api.rb +48 -9
- data/lib/aws-sdk-sts/customizations.rb +5 -2
- data/lib/aws-sdk-sts/endpoint_parameters.rb +79 -0
- data/lib/aws-sdk-sts/endpoint_provider.rb +107 -0
- data/lib/aws-sdk-sts/endpoints.rb +20 -0
- data/lib/aws-sdk-sts/errors.rb +15 -0
- data/lib/aws-sdk-sts/plugins/endpoints.rb +77 -0
- data/lib/aws-sdk-sts/presigner.rb +12 -18
- data/lib/aws-sdk-sts/types.rb +296 -222
- data/lib/aws-sdk-sts.rb +15 -7
- data/lib/seahorse/client/async_base.rb +4 -6
- data/lib/seahorse/client/async_response.rb +19 -0
- data/lib/seahorse/client/base.rb +18 -21
- data/lib/seahorse/client/configuration.rb +1 -5
- data/lib/seahorse/client/h2/connection.rb +27 -36
- data/lib/seahorse/client/h2/handler.rb +14 -3
- data/lib/seahorse/client/handler.rb +1 -1
- data/lib/seahorse/client/http/response.rb +1 -1
- data/lib/seahorse/client/net_http/connection_pool.rb +15 -12
- data/lib/seahorse/client/net_http/handler.rb +21 -9
- data/lib/seahorse/client/net_http/patches.rb +1 -4
- data/lib/seahorse/client/networking_error.rb +1 -1
- data/lib/seahorse/client/plugin.rb +9 -0
- data/lib/seahorse/client/plugins/endpoint.rb +0 -1
- data/lib/seahorse/client/plugins/h2.rb +4 -4
- data/lib/seahorse/client/plugins/net_http.rb +57 -16
- data/lib/seahorse/client/plugins/request_callback.rb +40 -9
- data/lib/seahorse/client/request_context.rb +9 -2
- data/lib/seahorse/client/response.rb +8 -0
- data/lib/seahorse/model/operation.rb +3 -0
- data/lib/seahorse/model/shapes.rb +2 -2
- data/lib/seahorse/util.rb +6 -1
- data/sig/aws-sdk-core/async_client_stubs.rbs +21 -0
- data/sig/aws-sdk-core/client_stubs.rbs +10 -0
- data/sig/aws-sdk-core/errors.rbs +22 -0
- data/sig/aws-sdk-core/resources/collection.rbs +21 -0
- data/sig/aws-sdk-core/structure.rbs +4 -0
- data/sig/aws-sdk-core/telemetry/base.rbs +46 -0
- data/sig/aws-sdk-core/telemetry/otel.rbs +22 -0
- data/sig/aws-sdk-core/telemetry/span_kind.rbs +15 -0
- data/sig/aws-sdk-core/telemetry/span_status.rbs +24 -0
- data/sig/aws-sdk-core/waiters/errors.rbs +20 -0
- data/sig/aws-sdk-core.rbs +7 -0
- data/sig/seahorse/client/async_base.rbs +18 -0
- data/sig/seahorse/client/base.rbs +25 -0
- data/sig/seahorse/client/handler_builder.rbs +16 -0
- data/sig/seahorse/client/response.rbs +61 -0
- metadata +133 -23
- /data/lib/aws-sdk-core/xml/parser/{engines/libxml.rb → libxml_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/nokogiri.rb → nokogiri_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/ox.rb → ox_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/rexml.rb → rexml_engine.rb} +0 -0
|
@@ -0,0 +1,222 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'aws-sigv4'
|
|
4
|
+
|
|
5
|
+
module Aws
|
|
6
|
+
module Plugins
|
|
7
|
+
# @api private
|
|
8
|
+
class Sign < Seahorse::Client::Plugin
|
|
9
|
+
# These once had defaults. But now they are used as overrides to
|
|
10
|
+
# new endpoint and auth resolution.
|
|
11
|
+
option(:sigv4_signer)
|
|
12
|
+
option(:sigv4_name)
|
|
13
|
+
option(:sigv4_region)
|
|
14
|
+
option(:unsigned_operations, default: [])
|
|
15
|
+
|
|
16
|
+
def add_handlers(handlers, cfg)
|
|
17
|
+
operations = cfg.api.operation_names - cfg.unsigned_operations
|
|
18
|
+
handlers.add(Handler, step: :sign, operations: operations)
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
# @api private
|
|
22
|
+
# Return a signer with the `sign(context)` method
|
|
23
|
+
def self.signer_for(auth_scheme, config, sigv4_region_override = nil, sigv4_credentials_override = nil)
|
|
24
|
+
case auth_scheme['name']
|
|
25
|
+
when 'sigv4', 'sigv4a', 'sigv4-s3express'
|
|
26
|
+
sigv4_overrides = {
|
|
27
|
+
region: sigv4_region_override,
|
|
28
|
+
credentials: sigv4_credentials_override
|
|
29
|
+
}
|
|
30
|
+
SignatureV4.new(auth_scheme, config, sigv4_overrides)
|
|
31
|
+
when 'bearer'
|
|
32
|
+
Bearer.new(config)
|
|
33
|
+
else
|
|
34
|
+
NullSigner.new
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
class Handler < Seahorse::Client::Handler
|
|
39
|
+
def call(context)
|
|
40
|
+
# Skip signing if using sigv2 signing from s3_signer in S3
|
|
41
|
+
unless v2_signing?(context.config)
|
|
42
|
+
signer = Sign.signer_for(
|
|
43
|
+
context[:auth_scheme],
|
|
44
|
+
context.config,
|
|
45
|
+
context[:sigv4_region],
|
|
46
|
+
context[:sigv4_credentials]
|
|
47
|
+
)
|
|
48
|
+
signer.sign(context)
|
|
49
|
+
end
|
|
50
|
+
with_metrics(signer) { @handler.call(context) }
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
private
|
|
54
|
+
|
|
55
|
+
def with_metrics(signer, &block)
|
|
56
|
+
case signer
|
|
57
|
+
when SignatureV4
|
|
58
|
+
Aws::Plugins::UserAgent.metric(*signer.credentials.metrics, &block)
|
|
59
|
+
when Bearer
|
|
60
|
+
Aws::Plugins::UserAgent.metric(*signer.token_provider.metrics, &block)
|
|
61
|
+
else
|
|
62
|
+
block.call
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
def v2_signing?(config)
|
|
67
|
+
# 's3' is legacy signing, 'v4' is default
|
|
68
|
+
config.respond_to?(:signature_version) &&
|
|
69
|
+
config.signature_version == 's3'
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
# @api private
|
|
74
|
+
class Bearer
|
|
75
|
+
def initialize(config)
|
|
76
|
+
@token_provider = config.token_provider
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
attr_reader :token_provider
|
|
80
|
+
|
|
81
|
+
def sign(context)
|
|
82
|
+
if context.http_request.endpoint.scheme != 'https'
|
|
83
|
+
raise ArgumentError, 'Unable to use bearer authorization on non https endpoint.'
|
|
84
|
+
end
|
|
85
|
+
raise Errors::MissingBearerTokenError unless @token_provider && @token_provider.set?
|
|
86
|
+
|
|
87
|
+
context.http_request.headers['Authorization'] = "Bearer #{@token_provider.token.token}"
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
def presign_url(*args)
|
|
91
|
+
raise ArgumentError, 'Bearer auth does not support presigned urls'
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
def sign_event(*args)
|
|
95
|
+
raise ArgumentError, 'Bearer auth does not support event signing'
|
|
96
|
+
end
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
# @api private
|
|
100
|
+
class SignatureV4
|
|
101
|
+
def initialize(auth_scheme, config, sigv4_overrides = {})
|
|
102
|
+
scheme_name = auth_scheme['name']
|
|
103
|
+
unless %w[sigv4 sigv4a sigv4-s3express].include?(scheme_name)
|
|
104
|
+
raise ArgumentError, "Expected sigv4, sigv4a, or sigv4-s3express auth scheme, got #{scheme_name}"
|
|
105
|
+
end
|
|
106
|
+
region = if scheme_name == 'sigv4a'
|
|
107
|
+
auth_scheme['signingRegionSet'].join(',')
|
|
108
|
+
else
|
|
109
|
+
auth_scheme['signingRegion']
|
|
110
|
+
end
|
|
111
|
+
begin
|
|
112
|
+
@signer = config.sigv4_signer || Aws::Sigv4::Signer.new(
|
|
113
|
+
service: config.sigv4_name || auth_scheme['signingName'],
|
|
114
|
+
region: sigv4_overrides[:region] || config.sigv4_region || region,
|
|
115
|
+
credentials_provider: sigv4_overrides[:credentials] || config.credentials,
|
|
116
|
+
signing_algorithm: scheme_name.to_sym,
|
|
117
|
+
uri_escape_path: !auth_scheme['disableDoubleEncoding'],
|
|
118
|
+
normalize_path: !auth_scheme['disableNormalizePath'],
|
|
119
|
+
unsigned_headers: %w[content-length user-agent x-amzn-trace-id expect transfer-encoding connection]
|
|
120
|
+
)
|
|
121
|
+
rescue Aws::Sigv4::Errors::MissingCredentialsError
|
|
122
|
+
raise Aws::Errors::MissingCredentialsError
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
attr_reader :signer
|
|
127
|
+
|
|
128
|
+
def sign(context)
|
|
129
|
+
req = context.http_request
|
|
130
|
+
|
|
131
|
+
apply_authtype(context, req)
|
|
132
|
+
reset_signature(req)
|
|
133
|
+
apply_clock_skew(context, req)
|
|
134
|
+
|
|
135
|
+
# compute the signature
|
|
136
|
+
begin
|
|
137
|
+
signature = @signer.sign_request(
|
|
138
|
+
http_method: req.http_method,
|
|
139
|
+
url: req.endpoint,
|
|
140
|
+
headers: req.headers,
|
|
141
|
+
body: req.body
|
|
142
|
+
)
|
|
143
|
+
rescue Aws::Sigv4::Errors::MissingCredentialsError
|
|
144
|
+
# Necessary for when credentials is explicitly set to nil
|
|
145
|
+
raise Aws::Errors::MissingCredentialsError
|
|
146
|
+
end
|
|
147
|
+
# apply signature headers
|
|
148
|
+
req.headers.update(signature.headers)
|
|
149
|
+
|
|
150
|
+
# add request metadata with signature components for debugging
|
|
151
|
+
context[:canonical_request] = signature.canonical_request
|
|
152
|
+
context[:string_to_sign] = signature.string_to_sign
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
def presign_url(*args)
|
|
156
|
+
@signer.presign_url(*args)
|
|
157
|
+
end
|
|
158
|
+
|
|
159
|
+
def sign_event(*args)
|
|
160
|
+
@signer.sign_event(*args)
|
|
161
|
+
end
|
|
162
|
+
|
|
163
|
+
def credentials
|
|
164
|
+
@signer.credentials_provider
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
private
|
|
168
|
+
|
|
169
|
+
def apply_authtype(context, req)
|
|
170
|
+
# only used for event streaming at input
|
|
171
|
+
if context[:input_event_emitter]
|
|
172
|
+
req.headers['X-Amz-Content-Sha256'] = 'STREAMING-AWS4-HMAC-SHA256-EVENTS'
|
|
173
|
+
elsif unsigned_payload?(context, req)
|
|
174
|
+
req.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
|
|
175
|
+
end
|
|
176
|
+
end
|
|
177
|
+
|
|
178
|
+
def unsigned_payload?(context, req)
|
|
179
|
+
(context.operation['unsignedPayload'] ||
|
|
180
|
+
context.operation['authtype'] == 'v4-unsigned-body') &&
|
|
181
|
+
req.endpoint.scheme == 'https'
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
def reset_signature(req)
|
|
185
|
+
# in case this request is being re-signed
|
|
186
|
+
req.headers.delete('Authorization')
|
|
187
|
+
req.headers.delete('X-Amz-Security-Token')
|
|
188
|
+
req.headers.delete('X-Amz-Date')
|
|
189
|
+
req.headers.delete('x-Amz-Region-Set')
|
|
190
|
+
end
|
|
191
|
+
|
|
192
|
+
def apply_clock_skew(context, req)
|
|
193
|
+
if context.config.respond_to?(:clock_skew) &&
|
|
194
|
+
context.config.clock_skew &&
|
|
195
|
+
context.config.correct_clock_skew
|
|
196
|
+
|
|
197
|
+
endpoint = context.http_request.endpoint
|
|
198
|
+
skew = context.config.clock_skew.clock_correction(endpoint)
|
|
199
|
+
if skew.abs.positive?
|
|
200
|
+
req.headers['X-Amz-Date'] =
|
|
201
|
+
(Time.now.utc + skew).strftime('%Y%m%dT%H%M%SZ')
|
|
202
|
+
end
|
|
203
|
+
end
|
|
204
|
+
end
|
|
205
|
+
|
|
206
|
+
end
|
|
207
|
+
|
|
208
|
+
# @api private
|
|
209
|
+
class NullSigner
|
|
210
|
+
|
|
211
|
+
def sign(context)
|
|
212
|
+
end
|
|
213
|
+
|
|
214
|
+
def presign_url(*args)
|
|
215
|
+
end
|
|
216
|
+
|
|
217
|
+
def sign_event(*args)
|
|
218
|
+
end
|
|
219
|
+
end
|
|
220
|
+
end
|
|
221
|
+
end
|
|
222
|
+
end
|
|
@@ -3,6 +3,8 @@
|
|
|
3
3
|
module Aws
|
|
4
4
|
module Plugins
|
|
5
5
|
# @api private
|
|
6
|
+
# Deprecated - does not look at new traits like `auth` and `unsignedPayload`
|
|
7
|
+
# Necessary to exist after endpoints 2.0 for old service clients + new core
|
|
6
8
|
class SignatureV2 < Seahorse::Client::Plugin
|
|
7
9
|
|
|
8
10
|
option(:v2_signer) do |cfg|
|
|
@@ -5,6 +5,8 @@ require 'aws-sigv4'
|
|
|
5
5
|
module Aws
|
|
6
6
|
module Plugins
|
|
7
7
|
# @api private
|
|
8
|
+
# Deprecated - does not look at new traits like `auth` and `unsignedPayload`
|
|
9
|
+
# Necessary to exist after endpoints 2.0 for old service clients + new core
|
|
8
10
|
class SignatureV4 < Seahorse::Client::Plugin
|
|
9
11
|
|
|
10
12
|
V4_AUTH = %w[v4 v4-unsigned-payload v4-unsigned-body]
|
|
@@ -8,6 +8,7 @@ module Aws
|
|
|
8
8
|
option(:stub_responses,
|
|
9
9
|
default: false,
|
|
10
10
|
doc_type: 'Boolean',
|
|
11
|
+
rbs_type: 'untyped',
|
|
11
12
|
docstring: <<-DOCS)
|
|
12
13
|
Causes the client to return stubbed responses. By default
|
|
13
14
|
fake responses are generated and returned. You can specify
|
|
@@ -28,8 +29,22 @@ requests are made, and retries are disabled.
|
|
|
28
29
|
end
|
|
29
30
|
end
|
|
30
31
|
|
|
32
|
+
option(:token_provider) do |config|
|
|
33
|
+
if config.stub_responses
|
|
34
|
+
StaticTokenProvider.new('stubbed-token')
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
option(:stubs) { {} }
|
|
39
|
+
option(:stubs_mutex) { Mutex.new }
|
|
40
|
+
option(:api_requests) { [] }
|
|
41
|
+
option(:api_requests_mutex) { Mutex.new }
|
|
42
|
+
|
|
31
43
|
def add_handlers(handlers, config)
|
|
32
|
-
|
|
44
|
+
return unless config.stub_responses
|
|
45
|
+
|
|
46
|
+
handlers.add(ApiRequestsHandler)
|
|
47
|
+
handlers.add(StubbingHandler, step: :send)
|
|
33
48
|
end
|
|
34
49
|
|
|
35
50
|
def after_initialize(client)
|
|
@@ -45,20 +60,43 @@ requests are made, and retries are disabled.
|
|
|
45
60
|
end
|
|
46
61
|
end
|
|
47
62
|
|
|
48
|
-
class
|
|
63
|
+
class ApiRequestsHandler < Seahorse::Client::Handler
|
|
64
|
+
def call(context)
|
|
65
|
+
context.config.api_requests_mutex.synchronize do
|
|
66
|
+
context.config.api_requests << {
|
|
67
|
+
operation_name: context.operation_name,
|
|
68
|
+
params: context.params,
|
|
69
|
+
context: context
|
|
70
|
+
}
|
|
71
|
+
end
|
|
72
|
+
@handler.call(context)
|
|
73
|
+
end
|
|
74
|
+
end
|
|
49
75
|
|
|
76
|
+
class StubbingHandler < Seahorse::Client::Handler
|
|
50
77
|
def call(context)
|
|
51
|
-
|
|
78
|
+
span_wrapper(context) do
|
|
79
|
+
stub_responses(context)
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
private
|
|
84
|
+
|
|
85
|
+
def stub_responses(context)
|
|
52
86
|
resp = Seahorse::Client::Response.new(context: context)
|
|
53
87
|
async_mode = context.client.is_a? Seahorse::Client::AsyncBase
|
|
54
|
-
|
|
55
|
-
|
|
88
|
+
stub = context.client.next_stub(context)
|
|
89
|
+
stub[:mutex].synchronize { apply_stub(stub, resp, async_mode) }
|
|
90
|
+
|
|
91
|
+
if async_mode
|
|
92
|
+
Seahorse::Client::AsyncResponse.new(
|
|
93
|
+
context: context,
|
|
94
|
+
stream: context[:input_event_stream_handler].event_emitter.stream,
|
|
95
|
+
sync_queue: Queue.new
|
|
96
|
+
)
|
|
56
97
|
else
|
|
57
|
-
|
|
98
|
+
resp
|
|
58
99
|
end
|
|
59
|
-
|
|
60
|
-
async_mode ? Seahorse::Client::AsyncResponse.new(
|
|
61
|
-
context: context, stream: context[:input_event_stream_handler].event_emitter.stream, sync_queue: Queue.new) : resp
|
|
62
100
|
end
|
|
63
101
|
|
|
64
102
|
def apply_stub(stub, response, async_mode = false)
|
|
@@ -98,6 +136,18 @@ requests are made, and retries are disabled.
|
|
|
98
136
|
http_resp.signal_done
|
|
99
137
|
end
|
|
100
138
|
|
|
139
|
+
def span_wrapper(context, &block)
|
|
140
|
+
context.tracer.in_span(
|
|
141
|
+
'Handler.StubResponses',
|
|
142
|
+
attributes: Aws::Telemetry.http_request_attrs(context)
|
|
143
|
+
) do |span|
|
|
144
|
+
block.call.tap do
|
|
145
|
+
span.add_attributes(
|
|
146
|
+
Aws::Telemetry.http_response_attrs(context)
|
|
147
|
+
)
|
|
148
|
+
end
|
|
149
|
+
end
|
|
150
|
+
end
|
|
101
151
|
end
|
|
102
152
|
end
|
|
103
153
|
end
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Aws
|
|
4
|
+
module Plugins
|
|
5
|
+
# @api private
|
|
6
|
+
class Telemetry < Seahorse::Client::Plugin
|
|
7
|
+
option(
|
|
8
|
+
:telemetry_provider,
|
|
9
|
+
default: Aws::Telemetry::NoOpTelemetryProvider,
|
|
10
|
+
doc_type: Aws::Telemetry::TelemetryProviderBase,
|
|
11
|
+
rbs_type: Aws::Telemetry::TelemetryProviderBase,
|
|
12
|
+
docstring: <<-DOCS) do |_cfg|
|
|
13
|
+
Allows you to provide a telemetry provider, which is used to
|
|
14
|
+
emit telemetry data. By default, uses `NoOpTelemetryProvider` which
|
|
15
|
+
will not record or emit any telemetry data. The SDK supports the
|
|
16
|
+
following telemetry providers:
|
|
17
|
+
|
|
18
|
+
* OpenTelemetry (OTel) - To use the OTel provider, install and require the
|
|
19
|
+
`opentelemetry-sdk` gem and then, pass in an instance of a
|
|
20
|
+
`Aws::Telemetry::OTelProvider` for telemetry provider.
|
|
21
|
+
DOCS
|
|
22
|
+
Aws::Telemetry::NoOpTelemetryProvider.new
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def after_initialize(client)
|
|
26
|
+
validate_telemetry_provider(client.config)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def validate_telemetry_provider(config)
|
|
30
|
+
unless config.telemetry_provider.is_a?(Aws::Telemetry::TelemetryProviderBase)
|
|
31
|
+
raise ArgumentError,
|
|
32
|
+
'Must provide a telemetry provider for the '\
|
|
33
|
+
'`telemetry_provider` configuration option.'
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
class Handler < Seahorse::Client::Handler
|
|
38
|
+
def call(context)
|
|
39
|
+
span_wrapper(context) { @handler.call(context) }
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
private
|
|
43
|
+
|
|
44
|
+
def span_wrapper(context, &block)
|
|
45
|
+
service_id = service_id(context)
|
|
46
|
+
attributes = {
|
|
47
|
+
'rpc.system' => 'aws-api',
|
|
48
|
+
'rpc.service' => service_id,
|
|
49
|
+
'rpc.method' => context.operation.name,
|
|
50
|
+
'code.function' => context.operation_name.to_s,
|
|
51
|
+
'code.namespace' => 'Aws::Plugins::Telemetry'
|
|
52
|
+
}
|
|
53
|
+
context.tracer.in_span(
|
|
54
|
+
parent_span_name(context, service_id),
|
|
55
|
+
attributes: attributes,
|
|
56
|
+
kind: Aws::Telemetry::SpanKind::CLIENT,
|
|
57
|
+
&block
|
|
58
|
+
)
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def service_id(context)
|
|
62
|
+
context.config.api.metadata['serviceId'] ||
|
|
63
|
+
context.config.api.metadata['serviceAbbreviation'] ||
|
|
64
|
+
context.config.api.metadata['serviceFullName']
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def parent_span_name(context, service_id)
|
|
68
|
+
"#{service_id}.#{context.operation.name}".delete(' ')
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
handler(Handler, step: :initialize, priority: 99)
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
|
@@ -5,7 +5,8 @@ module Aws
|
|
|
5
5
|
|
|
6
6
|
# For Streaming Input Operations, when `requiresLength` is enabled
|
|
7
7
|
# checking whether `Content-Length` header can be set,
|
|
8
|
-
# for `v4-unsigned-body` operations,
|
|
8
|
+
# for `unsignedPayload` and `v4-unsigned-body` operations,
|
|
9
|
+
# set `Transfer-Encoding` header.
|
|
9
10
|
class TransferEncoding < Seahorse::Client::Plugin
|
|
10
11
|
|
|
11
12
|
# @api private
|
|
@@ -16,8 +17,8 @@ module Aws
|
|
|
16
17
|
unless context.http_request.body.respond_to?(:size)
|
|
17
18
|
if requires_length?(context.operation.input)
|
|
18
19
|
# if size of the IO is not available but required
|
|
19
|
-
raise Aws::Errors::MissingContentLength
|
|
20
|
-
elsif context.operation
|
|
20
|
+
raise Aws::Errors::MissingContentLength
|
|
21
|
+
elsif unsigned_payload?(context.operation)
|
|
21
22
|
context.http_request.headers['Transfer-Encoding'] = 'chunked'
|
|
22
23
|
end
|
|
23
24
|
end
|
|
@@ -29,18 +30,24 @@ module Aws
|
|
|
29
30
|
private
|
|
30
31
|
|
|
31
32
|
def streaming?(ref)
|
|
32
|
-
if payload = ref[:payload_member]
|
|
33
|
-
payload[
|
|
34
|
-
payload.shape["streaming"]
|
|
33
|
+
if (payload = ref[:payload_member])
|
|
34
|
+
payload['streaming'] || payload.shape['streaming']
|
|
35
35
|
else
|
|
36
36
|
false
|
|
37
37
|
end
|
|
38
38
|
end
|
|
39
39
|
|
|
40
|
+
def unsigned_payload?(operation)
|
|
41
|
+
operation['unsignedPayload'] ||
|
|
42
|
+
operation['authtype'] == 'v4-unsigned-body'
|
|
43
|
+
end
|
|
44
|
+
|
|
40
45
|
def requires_length?(ref)
|
|
41
|
-
payload = ref[:payload_member]
|
|
42
|
-
|
|
43
|
-
|
|
46
|
+
if (payload = ref[:payload_member])
|
|
47
|
+
payload['requiresLength'] || payload.shape['requiresLength']
|
|
48
|
+
else
|
|
49
|
+
false
|
|
50
|
+
end
|
|
44
51
|
end
|
|
45
52
|
|
|
46
53
|
end
|