aws-sdk-core 3.164.0 → 3.165.0

data/lib/aws-sdk-core/endpoints/url.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+require 'ipaddr'
+
+module Aws
+  module Endpoints
+    # @api private
+    class URL
+      def initialize(url)
+        uri = URI(url)
+        @scheme = uri.scheme
+        # only support http and https schemes
+        raise ArgumentError unless %w[https http].include?(@scheme)
+
+        # do not support query
+        raise ArgumentError if uri.query
+
+        @authority = _authority(url, uri)
+        @path = uri.path
+        @normalized_path = uri.path + (uri.path[-1] == '/' ? '' : '/')
+        @is_ip = _is_ip(uri.host)
+      end
+
+      attr_reader :scheme
+      attr_reader :authority
+      attr_reader :path
+      attr_reader :normalized_path
+      attr_reader :is_ip
+
+      def as_json(_options = {})
+        {
+          'scheme' => scheme,
+          'authority' => authority,
+          'path' => path,
+          'normalizedPath' => normalized_path,
+          'isIp' => is_ip
+        }
+      end
+
+      private
+
+      def _authority(url, uri)
+        # don't include port if it's default and not parsed originally
+        if uri.default_port == uri.port && !url.include?(":#{uri.port}")
+          uri.host
+        else
+          "#{uri.host}:#{uri.port}"
+        end
+      end
+
+      def _is_ip(authority)
+        IPAddr.new(authority)
+        true
+      rescue IPAddr::InvalidAddressError
+        false
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/endpoints.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+require_relative 'endpoints/rule'
+require_relative 'endpoints/condition'
+require_relative 'endpoints/endpoint_rule'
+require_relative 'endpoints/endpoint'
+require_relative 'endpoints/error_rule'
+require_relative 'endpoints/function'
+require_relative 'endpoints/matchers'
+require_relative 'endpoints/reference'
+require_relative 'endpoints/rules_provider'
+require_relative 'endpoints/rule_set'
+require_relative 'endpoints/templater'
+require_relative 'endpoints/tree_rule'
+require_relative 'endpoints/url'
+
+module Aws
+  # @api private
+  module Endpoints
+    class << self
+      def resolve_auth_scheme(context, endpoint)
+        if endpoint && (auth_schemes = endpoint.properties['authSchemes'])
+          auth_scheme = auth_schemes.find do |scheme|
+            Aws::Plugins::Sign::SUPPORTED_AUTH_TYPES.include?(scheme['name'])
+          end
+          raise 'No supported auth scheme for this endpoint.' unless auth_scheme
+
+          merge_signing_defaults(auth_scheme, context.config)
+        else
+          default_auth_scheme(context)
+        end
+      end
+
+      private
+
+      def default_auth_scheme(context)
+        case default_api_authtype(context)
+        when 'v4', 'v4-unsigned-body'
+          auth_scheme = { 'name' => 'sigv4' }
+          merge_signing_defaults(auth_scheme, context.config)
+        when 's3', 's3v4'
+          auth_scheme = { 'name' => 'sigv4', 'disableDoubleEncoding' => true }
+          merge_signing_defaults(auth_scheme, context.config)
+        when 'bearer'
+          { 'name' => 'bearer' }
+        when 'none', nil
+          { 'name' => 'none' }
+        end
+      end
+
+      def merge_signing_defaults(auth_scheme, config)
+        if %w[sigv4 sigv4a].include?(auth_scheme['name'])
+          auth_scheme['signingName'] ||= sigv4_name(config)
+          if auth_scheme['name'] == 'sigv4a'
+            auth_scheme['signingRegionSet'] ||= ['*']
+          else
+            auth_scheme['signingRegion'] ||= config.region
+          end
+        end
+        auth_scheme
+      end
+
+      def default_api_authtype(context)
+        context.config.api.operation(context.operation_name)['authtype'] ||
+          context.config.api.metadata['signatureVersion']
+      end
+
+      def sigv4_name(config)
+        config.api.metadata['signingName'] ||
+          config.api.metadata['endpointPrefix']
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/credentials_configuration.rb

@@ -76,6 +76,30 @@ locations will be searched for credentials:
 
       option(:instance_profile_credentials_timeout, 1)
 
+      option(:token_provider,
+             required: false,
+             doc_type: 'Aws::TokenProvider',
+             docstring: <<-DOCS
+A Bearer Token Provider. This can be an instance of any one of the
+following classes:
+
+* `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+  tokens.
+
+* `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+  access token generated from `aws login`.
+
+When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+will be used to search for tokens configured for your profile in shared configuration files.
+      DOCS
+      ) do |config|
+        if config.stub_responses
+          StaticTokenProvider.new('token')
+        else
+          TokenProviderChain.new(config).resolve
+        end
+      end
+
     end
   end
 end

data/lib/aws-sdk-core/plugins/endpoint_discovery.rb

@@ -72,7 +72,11 @@ the background every 60 secs (default). Defaults to `false`.
               context,
               Aws::Util.str_2_bool(discovery_cfg["required"])
             )
-            context.http_request.endpoint = _valid_uri(endpoint.address) if endpoint
+            if endpoint
+              context.http_request.endpoint = _valid_uri(endpoint.address)
+              # Skips dynamic endpoint usage, use this endpoint instead
+              context[:discovered_endpoint] = true
+            end
             if endpoint || context.config.endpoint_discovery
               _apply_endpoint_discovery_user_agent(context)
             end
@@ -100,7 +104,7 @@ the background every 60 secs (default). Defaults to `false`.
         end
 
         def _discover_endpoint(ctx, required)
-          cache = ctx.config.endpoint_cache 
+          cache = ctx.config.endpoint_cache
           key = cache.extract_key(ctx)
 
           if required

data/lib/aws-sdk-core/plugins/regional_endpoint.rb

@@ -43,8 +43,13 @@ is set to `true`.
         resolve_use_fips_endpoint(cfg)
       end
 
+      # This option signals whether :endpoint was provided or not.
+      # Legacy endpoints must continue to be generated at client time.
       option(:regional_endpoint, false)
 
+      # NOTE: All of the defaults block code is effectively deprecated.
+      # Because old services can depend on this new core version, we must
+      # retain it.
       option(:endpoint, doc_type: String, docstring: <<-DOCS) do |cfg|
 The client endpoint is normally constructed from the `:region`
 option. You should only configure an `:endpoint` when connecting

data/lib/aws-sdk-core/plugins/sign.rb

@@ -0,0 +1,190 @@
+# frozen_string_literal: true
+
+require 'aws-sigv4'
+
+module Aws
+  module Plugins
+    # @api private
+    class Sign < Seahorse::Client::Plugin
+      # These once had defaults. But now they are used as overrides to
+      # new endpoint and auth resolution.
+      option(:sigv4_signer)
+      option(:sigv4_name)
+      option(:sigv4_region)
+      option(:unsigned_operations, default: [])
+
+      supported_auth_types = %w[sigv4 bearer none]
+      supported_auth_types += ['sigv4a'] if Aws::Sigv4::Signer.use_crt?
+      SUPPORTED_AUTH_TYPES = supported_auth_types.freeze
+
+      def add_handlers(handlers, cfg)
+        operations = cfg.api.operation_names - cfg.unsigned_operations
+        handlers.add(Handler, step: :sign, operations: operations)
+      end
+
+      # @api private
+      # Return a signer with the `sign(context)` method
+      def self.signer_for(auth_scheme, config, region_override = nil)
+        case auth_scheme['name']
+        when 'sigv4', 'sigv4a'
+          SignatureV4.new(auth_scheme, config, region_override)
+        when 'bearer'
+          Bearer.new
+        else
+          NullSigner.new
+        end
+      end
+
+      class Handler < Seahorse::Client::Handler
+        def call(context)
+          signer = Sign.signer_for(
+            context[:auth_scheme],
+            context.config,
+            context[:sigv4_region]
+          )
+
+          signer.sign(context)
+          @handler.call(context)
+        end
+      end
+
+      # @api private
+      class Bearer
+        def initialize
+        end
+
+        def sign(context)
+          if context.http_request.endpoint.scheme != 'https'
+            raise ArgumentError,
+                  'Unable to use bearer authorization on non https endpoint.'
+          end
+
+          token_provider = context.config.token_provider
+
+          raise Errors::MissingBearerTokenError unless token_provider&.set?
+
+          context.http_request.headers['Authorization'] =
+            "Bearer #{token_provider.token.token}"
+        end
+
+        def presign_url(*args)
+          raise ArgumentError, 'Bearer auth does not support presigned urls'
+        end
+
+        def sign_event(*args)
+          raise ArgumentError, 'Bearer auth does not support event signing'
+        end
+      end
+
+      # @api private
+      class SignatureV4
+        def initialize(auth_scheme, config, region_override = nil)
+          scheme_name = auth_scheme['name']
+
+          unless %w[sigv4 sigv4a].include?(scheme_name)
+            raise ArgumentError,
+                  "Expected sigv4 or sigv4a auth scheme, got #{scheme_name}"
+          end
+
+          region = if scheme_name == 'sigv4a'
+                     auth_scheme['signingRegionSet'].first
+                   else
+                     auth_scheme['signingRegion']
+                   end
+          begin
+            @signer = Aws::Sigv4::Signer.new(
+              service: config.sigv4_name || auth_scheme['signingName'],
+              region: region_override || config.sigv4_region || region,
+              credentials_provider: config.credentials,
+              signing_algorithm: scheme_name.to_sym,
+              uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
+              unsigned_headers: %w[content-length user-agent x-amzn-trace-id]
+            )
+          rescue Aws::Sigv4::Errors::MissingCredentialsError
+            raise Aws::Errors::MissingCredentialsError
+          end
+        end
+
+        def sign(context)
+          req = context.http_request
+
+          apply_authtype(context, req)
+          reset_signature(req)
+          apply_clock_skew(context, req)
+
+          # compute the signature
+          begin
+            signature = @signer.sign_request(
+              http_method: req.http_method,
+              url: req.endpoint,
+              headers: req.headers,
+              body: req.body
+            )
+          rescue Aws::Sigv4::Errors::MissingCredentialsError
+            # Necessary for when credentials is explicitly set to nil
+            raise Aws::Errors::MissingCredentialsError
+          end
+          # apply signature headers
+          req.headers.update(signature.headers)
+
+          # add request metadata with signature components for debugging
+          context[:canonical_request] = signature.canonical_request
+          context[:string_to_sign] = signature.string_to_sign
+        end
+
+        def presign_url(*args)
+          @signer.presign_url(*args)
+        end
+
+        def sign_event(*args)
+          @signer.sign_event(*args)
+        end
+
+        private
+
+        def apply_authtype(context, req)
+          if context.operation['authtype'].eql?('v4-unsigned-body') &&
+             req.endpoint.scheme.eql?('https')
+            req.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
+          end
+        end
+
+        def reset_signature(req)
+          # in case this request is being re-signed
+          req.headers.delete('Authorization')
+          req.headers.delete('X-Amz-Security-Token')
+          req.headers.delete('X-Amz-Date')
+          req.headers.delete('x-Amz-Region-Set')
+        end
+
+        def apply_clock_skew(context, req)
+          if context.config.respond_to?(:clock_skew) &&
+             context.config.clock_skew &&
+             context.config.correct_clock_skew
+
+            endpoint = context.http_request.endpoint
+            skew = context.config.clock_skew.clock_correction(endpoint)
+            if skew.abs.positive?
+              req.headers['X-Amz-Date'] =
+                (Time.now.utc + skew).strftime('%Y%m%dT%H%M%SZ')
+            end
+          end
+        end
+
+      end
+
+      # @api private
+      class NullSigner
+
+        def sign(context)
+        end
+
+        def presign_url(*args)
+        end
+
+        def sign_event(*args)
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/signature_v2.rb

@@ -3,6 +3,7 @@
 module Aws
   module Plugins
     # @api private
+    # Necessary to keep after Endpoints 2.0
     class SignatureV2 < Seahorse::Client::Plugin
 
       option(:v2_signer) do |cfg|

data/lib/aws-sdk-core/plugins/signature_v4.rb

@@ -5,6 +5,7 @@ require 'aws-sigv4'
 module Aws
   module Plugins
     # @api private
+    # Necessary to exist after endpoints 2.0
     class SignatureV4 < Seahorse::Client::Plugin
 
       V4_AUTH = %w[v4 v4-unsigned-payload v4-unsigned-body]

data/lib/aws-sdk-core/rest/request/headers.rb

@@ -53,12 +53,8 @@ module Aws
           return if !value || value.empty?
           headers[ref.location_name] = value
             .compact
-            .map { |s| escape_header_list_string(s.to_s) }
-            .join(",")
-        end
-
-        def escape_header_list_string(s)
-          (s.include?('"') || s.include?(",")) ? "\"#{s.gsub('"', '\"')}\"" : s
+            .map { |s| Seahorse::Util.escape_header_list_string(s.to_s) }
+            .join(',')
         end
 
         def apply_header_map(headers, ref, values)

data/lib/aws-sdk-core.rb

@@ -97,6 +97,9 @@ require_relative 'aws-sdk-core/arn'
 require_relative 'aws-sdk-core/arn_parser'
 require_relative 'aws-sdk-core/ec2_metadata'
 
+# dynamic endpoints
+require_relative 'aws-sdk-core/endpoints'
+
 # defaults
 require_relative 'aws-defaults'
 

data/lib/aws-sdk-sso/client.rb

@@ -30,7 +30,7 @@ require 'aws-sdk-core/plugins/http_checksum.rb'
 require 'aws-sdk-core/plugins/checksum_algorithm.rb'
 require 'aws-sdk-core/plugins/defaults_mode.rb'
 require 'aws-sdk-core/plugins/recursion_detection.rb'
-require 'aws-sdk-core/plugins/signature_v4.rb'
+require 'aws-sdk-core/plugins/sign.rb'
 require 'aws-sdk-core/plugins/protocols/rest_json.rb'
 
 Aws::Plugins::GlobalConfiguration.add_identifier(:sso)
@@ -79,8 +79,9 @@ module Aws::SSO
     add_plugin(Aws::Plugins::ChecksumAlgorithm)
     add_plugin(Aws::Plugins::DefaultsMode)
     add_plugin(Aws::Plugins::RecursionDetection)
-    add_plugin(Aws::Plugins::SignatureV4)
+    add_plugin(Aws::Plugins::Sign)
     add_plugin(Aws::Plugins::Protocols::RestJson)
+    add_plugin(Aws::SSO::Plugins::Endpoints)
 
     # @overload initialize(options)
     #   @param [Hash] options
@@ -287,6 +288,19 @@ module Aws::SSO
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Aws::TokenProvider] :token_provider
+    #     A Bearer Token Provider. This can be an instance of any one of the
+    #     following classes:
+    #
+    #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+    #       tokens.
+    #
+    #     * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+    #     will be used to search for tokens configured for your profile in shared configuration files.
+    #
     #   @option options [Boolean] :use_dualstack_endpoint
     #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
     #     will be used if available.
@@ -300,6 +314,9 @@ module Aws::SSO
     #     When `true`, request parameters are validated before
     #     sending the request.
     #
+    #   @option options [Aws::SSO::EndpointProvider] :endpoint_provider
+    #     The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::SSO::EndpointParameters`
+    #
     #   @option options [URI::HTTP,String] :http_proxy A proxy to send
     #     requests through.  Formatted like 'http://proxy.com:123'.
     #
@@ -568,7 +585,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.164.0'
+      context[:gem_version] = '3.165.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso/endpoint_parameters.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+module Aws::SSO
+  # Endpoint parameters used to influence endpoints per request.
+  #
+  # @!attribute region
+  #   The AWS region used to dispatch the request.
+  #
+  #   @return [String]
+  #
+  # @!attribute use_dual_stack
+  #   When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.
+  #
+  #   @return [Boolean]
+  #
+  # @!attribute use_fips
+  #   When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.
+  #
+  #   @return [Boolean]
+  #
+  # @!attribute endpoint
+  #   Override the endpoint used to send this request
+  #
+  #   @return [String]
+  #
+  EndpointParameters = Struct.new(
+    :region,
+    :use_dual_stack,
+    :use_fips,
+    :endpoint,
+  ) do
+    include Aws::Structure
+
+    # @api private
+    class << self
+      PARAM_MAP = {
+        'Region' => :region,
+        'UseDualStack' => :use_dual_stack,
+        'UseFIPS' => :use_fips,
+        'Endpoint' => :endpoint,
+      }.freeze
+    end
+
+    def initialize(options = {})
+      self[:region] = options[:region]
+      self[:use_dual_stack] = options[:use_dual_stack]
+      self[:use_dual_stack] = false if self[:use_dual_stack].nil?
+      if self[:use_dual_stack].nil?
+        raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack"
+      end
+      self[:use_fips] = options[:use_fips]
+      self[:use_fips] = false if self[:use_fips].nil?
+      if self[:use_fips].nil?
+        raise ArgumentError, "Missing required EndpointParameter: :use_fips"
+      end
+      self[:endpoint] = options[:endpoint]
+    end
+  end
+end

data/lib/aws-sdk-sso/endpoint_provider.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+module Aws::SSO
+  class EndpointProvider
+    def initialize(rule_set = nil)
+      @@rule_set ||= begin
+        endpoint_rules = Aws::Json.load(Base64.decode64(RULES))
+        Aws::Endpoints::RuleSet.new(
+          version: endpoint_rules['version'],
+          service_id: endpoint_rules['serviceId'],
+          parameters: endpoint_rules['parameters'],
+          rules: endpoint_rules['rules']
+        )
+      end
+      @provider = Aws::Endpoints::RulesProvider.new(rule_set || @@rule_set)
+    end
+
+    def resolve_endpoint(parameters)
+      @provider.resolve_endpoint(parameters)
+    end
+
+    # @api private
+    RULES = <<-JSON
+eyJ2ZXJzaW9uIjoiMS4wIiwicGFyYW1ldGVycyI6eyJSZWdpb24iOnsiYnVp
+bHRJbiI6IkFXUzo6UmVnaW9uIiwicmVxdWlyZWQiOmZhbHNlLCJkb2N1bWVu
+dGF0aW9uIjoiVGhlIEFXUyByZWdpb24gdXNlZCB0byBkaXNwYXRjaCB0aGUg
+cmVxdWVzdC4iLCJ0eXBlIjoiU3RyaW5nIn0sIlVzZUR1YWxTdGFjayI6eyJi
+dWlsdEluIjoiQVdTOjpVc2VEdWFsU3RhY2siLCJyZXF1aXJlZCI6dHJ1ZSwi
+ZGVmYXVsdCI6ZmFsc2UsImRvY3VtZW50YXRpb24iOiJXaGVuIHRydWUsIHVz
+ZSB0aGUgZHVhbC1zdGFjayBlbmRwb2ludC4gSWYgdGhlIGNvbmZpZ3VyZWQg
+ZW5kcG9pbnQgZG9lcyBub3Qgc3VwcG9ydCBkdWFsLXN0YWNrLCBkaXNwYXRj
+aGluZyB0aGUgcmVxdWVzdCBNQVkgcmV0dXJuIGFuIGVycm9yLiIsInR5cGUi
+OiJCb29sZWFuIn0sIlVzZUZJUFMiOnsiYnVpbHRJbiI6IkFXUzo6VXNlRklQ
+UyIsInJlcXVpcmVkIjp0cnVlLCJkZWZhdWx0IjpmYWxzZSwiZG9jdW1lbnRh
+dGlvbiI6IldoZW4gdHJ1ZSwgc2VuZCB0aGlzIHJlcXVlc3QgdG8gdGhlIEZJ
+UFMtY29tcGxpYW50IHJlZ2lvbmFsIGVuZHBvaW50LiBJZiB0aGUgY29uZmln
+dXJlZCBlbmRwb2ludCBkb2VzIG5vdCBoYXZlIGEgRklQUyBjb21wbGlhbnQg
+ZW5kcG9pbnQsIGRpc3BhdGNoaW5nIHRoZSByZXF1ZXN0IHdpbGwgcmV0dXJu
+IGFuIGVycm9yLiIsInR5cGUiOiJCb29sZWFuIn0sIkVuZHBvaW50Ijp7ImJ1
+aWx0SW4iOiJTREs6OkVuZHBvaW50IiwicmVxdWlyZWQiOmZhbHNlLCJkb2N1
+bWVudGF0aW9uIjoiT3ZlcnJpZGUgdGhlIGVuZHBvaW50IHVzZWQgdG8gc2Vu
+ZCB0aGlzIHJlcXVlc3QiLCJ0eXBlIjoiU3RyaW5nIn19LCJydWxlcyI6W3si
+Y29uZGl0aW9ucyI6W3siZm4iOiJhd3MucGFydGl0aW9uIiwiYXJndiI6W3si
+cmVmIjoiUmVnaW9uIn1dLCJhc3NpZ24iOiJQYXJ0aXRpb25SZXN1bHQifV0s
+InR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOlt7ImZuIjoi
+aXNTZXQiLCJhcmd2IjpbeyJyZWYiOiJFbmRwb2ludCJ9XX0seyJmbiI6InBh
+cnNlVVJMIiwiYXJndiI6W3sicmVmIjoiRW5kcG9pbnQifV0sImFzc2lnbiI6
+InVybCJ9XSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0aW9ucyI6
+W3siZm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRklQ
+UyJ9LHRydWVdfV0sImVycm9yIjoiSW52YWxpZCBDb25maWd1cmF0aW9uOiBG
+SVBTIGFuZCBjdXN0b20gZW5kcG9pbnQgYXJlIG5vdCBzdXBwb3J0ZWQiLCJ0
+eXBlIjoiZXJyb3IifSx7ImNvbmRpdGlvbnMiOltdLCJ0eXBlIjoidHJlZSIs
+InJ1bGVzIjpbeyJjb25kaXRpb25zIjpbeyJmbiI6ImJvb2xlYW5FcXVhbHMi
+LCJhcmd2IjpbeyJyZWYiOiJVc2VEdWFsU3RhY2sifSx0cnVlXX1dLCJlcnJv
+ciI6IkludmFsaWQgQ29uZmlndXJhdGlvbjogRHVhbHN0YWNrIGFuZCBjdXN0
+b20gZW5kcG9pbnQgYXJlIG5vdCBzdXBwb3J0ZWQiLCJ0eXBlIjoiZXJyb3Ii
+fSx7ImNvbmRpdGlvbnMiOltdLCJlbmRwb2ludCI6eyJ1cmwiOnsicmVmIjoi
+RW5kcG9pbnQifSwicHJvcGVydGllcyI6e30sImhlYWRlcnMiOnt9fSwidHlw
+ZSI6ImVuZHBvaW50In1dfV19LHsiY29uZGl0aW9ucyI6W3siZm4iOiJib29s
+ZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRklQUyJ9LHRydWVdfSx7
+ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt7InJlZiI6IlVzZUR1YWxT
+dGFjayJ9LHRydWVdfV0sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRp
+dGlvbnMiOlt7ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt0cnVlLHsi
+Zm4iOiJnZXRBdHRyIiwiYXJndiI6W3sicmVmIjoiUGFydGl0aW9uUmVzdWx0
+In0sInN1cHBvcnRzRklQUyJdfV19LHsiZm4iOiJib29sZWFuRXF1YWxzIiwi
+YXJndiI6W3RydWUseyJmbiI6ImdldEF0dHIiLCJhcmd2IjpbeyJyZWYiOiJQ
+YXJ0aXRpb25SZXN1bHQifSwic3VwcG9ydHNEdWFsU3RhY2siXX1dfV0sInR5
+cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOltdLCJlbmRwb2lu
+dCI6eyJ1cmwiOiJodHRwczovL3BvcnRhbC5zc28tZmlwcy57UmVnaW9ufS57
+UGFydGl0aW9uUmVzdWx0I2R1YWxTdGFja0Ruc1N1ZmZpeH0iLCJwcm9wZXJ0
+aWVzIjp7fSwiaGVhZGVycyI6e319LCJ0eXBlIjoiZW5kcG9pbnQifV19LHsi
+Y29uZGl0aW9ucyI6W10sImVycm9yIjoiRklQUyBhbmQgRHVhbFN0YWNrIGFy
+ZSBlbmFibGVkLCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBub3Qgc3VwcG9y
+dCBvbmUgb3IgYm90aCIsInR5cGUiOiJlcnJvciJ9XX0seyJjb25kaXRpb25z
+IjpbeyJmbiI6ImJvb2xlYW5FcXVhbHMiLCJhcmd2IjpbeyJyZWYiOiJVc2VG
+SVBTIn0sdHJ1ZV19XSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0
+aW9ucyI6W3siZm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3RydWUseyJm
+biI6ImdldEF0dHIiLCJhcmd2IjpbeyJyZWYiOiJQYXJ0aXRpb25SZXN1bHQi
+fSwic3VwcG9ydHNGSVBTIl19XX1dLCJ0eXBlIjoidHJlZSIsInJ1bGVzIjpb
+eyJjb25kaXRpb25zIjpbXSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29u
+ZGl0aW9ucyI6W10sImVuZHBvaW50Ijp7InVybCI6Imh0dHBzOi8vcG9ydGFs
+LnNzby1maXBzLntSZWdpb259LntQYXJ0aXRpb25SZXN1bHQjZG5zU3VmZml4
+fSIsInByb3BlcnRpZXMiOnt9LCJoZWFkZXJzIjp7fX0sInR5cGUiOiJlbmRw
+b2ludCJ9XX1dfSx7ImNvbmRpdGlvbnMiOltdLCJlcnJvciI6IkZJUFMgaXMg
+ZW5hYmxlZCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBub3Qgc3VwcG9ydCBG
+SVBTIiwidHlwZSI6ImVycm9yIn1dfSx7ImNvbmRpdGlvbnMiOlt7ImZuIjoi
+Ym9vbGVhbkVxdWFscyIsImFyZ3YiOlt7InJlZiI6IlVzZUR1YWxTdGFjayJ9
+LHRydWVdfV0sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMi
+Olt7ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt0cnVlLHsiZm4iOiJn
+ZXRBdHRyIiwiYXJndiI6W3sicmVmIjoiUGFydGl0aW9uUmVzdWx0In0sInN1
+cHBvcnRzRHVhbFN0YWNrIl19XX1dLCJ0eXBlIjoidHJlZSIsInJ1bGVzIjpb
+eyJjb25kaXRpb25zIjpbXSwiZW5kcG9pbnQiOnsidXJsIjoiaHR0cHM6Ly9w
+b3J0YWwuc3NvLntSZWdpb259LntQYXJ0aXRpb25SZXN1bHQjZHVhbFN0YWNr
+RG5zU3VmZml4fSIsInByb3BlcnRpZXMiOnt9LCJoZWFkZXJzIjp7fX0sInR5
+cGUiOiJlbmRwb2ludCJ9XX0seyJjb25kaXRpb25zIjpbXSwiZXJyb3IiOiJE
+dWFsU3RhY2sgaXMgZW5hYmxlZCBidXQgdGhpcyBwYXJ0aXRpb24gZG9lcyBu
+b3Qgc3VwcG9ydCBEdWFsU3RhY2siLCJ0eXBlIjoiZXJyb3IifV19LHsiY29u
+ZGl0aW9ucyI6W10sImVuZHBvaW50Ijp7InVybCI6Imh0dHBzOi8vcG9ydGFs
+LnNzby57UmVnaW9ufS57UGFydGl0aW9uUmVzdWx0I2Ruc1N1ZmZpeH0iLCJw
+cm9wZXJ0aWVzIjp7fSwiaGVhZGVycyI6e319LCJ0eXBlIjoiZW5kcG9pbnQi
+fV19XX0=
+
+    JSON
+  end
+end