aws-sdk-core 3.168.4 → 3.224.1

data/lib/aws-sdk-core/error_handler.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Aws
+  class ErrorHandler < Seahorse::Client::Handler
+
+    private
+
+    def error(context)
+      body = context.http_response.body_contents
+      if body.empty?
+        code, message, data = http_status_error(context)
+      else
+        code, message, data = extract_error(body, context)
+      end
+      build_error(context, code, message, data)
+    end
+
+    def build_error(context, code, message, data)
+      errors_module = context.client.class.errors_module
+      errors_module.error_class(code).new(context, message, data)
+    end
+
+    def http_status_error(context)
+      [http_status_error_code(context), '', EmptyStructure.new]
+    end
+
+    def http_status_error_code(context)
+      status_code = context.http_response.status_code
+      {
+        302 => 'MovedTemporarily',
+        304 => 'NotModified',
+        400 => 'BadRequest',
+        403 => 'Forbidden',
+        404 => 'NotFound',
+        412 => 'PreconditionFailed',
+        413 => 'RequestEntityTooLarge',
+      }[status_code] || "Http#{status_code}Error"
+    end
+
+  end
+end

data/lib/aws-sdk-core/errors.rb

@@ -12,7 +12,7 @@ module Aws
     class ServiceError < RuntimeError
 
       # @param [Seahorse::Client::RequestContext] context
-      # @param [String] message
+      # @param [String, nil] message
       # @param [Aws::Structure] data
       def initialize(context, message, data = Aws::EmptyStructure.new)
         @code = self.class.code
@@ -30,11 +30,11 @@ module Aws
       attr_reader :context
 
       # @return [Aws::Structure]
-      attr_reader :data
+      attr_accessor :data
 
       class << self
 
-        # @return [String]
+        # @return [String, nil]
         attr_accessor :code
 
       end
@@ -68,7 +68,7 @@ module Aws
       end
     end
 
-    # Rasied when endpoint discovery failed for operations
+    # Raised when endpoint discovery failed for operations
     # that requires endpoints from endpoint discovery
     class EndpointDiscoveryError < RuntimeError
       def initialize(*args)
@@ -78,7 +78,7 @@ module Aws
       end
     end
 
-    # raised when hostLabel member is not provided
+    # Raised when hostLabel member is not provided
     # at operation input when endpoint trait is available
     # with 'hostPrefix' requirement
     class MissingEndpointHostLabelValue < RuntimeError
@@ -236,6 +236,15 @@ module Aws
       end
     end
 
+    # Raised when a client is constructed and the sigv4a region set is invalid.
+    # It is invalid when it is empty and/or contains empty strings.
+    class InvalidRegionSetError < ArgumentError
+      def initialize(*args)
+        msg = 'The provided sigv4a region set was empty or invalid.'
+        super(msg)
+      end
+    end
+
     # Raised when a client is contsructed and the region is not valid.
     class InvalidRegionError < ArgumentError
       def initialize(*args)

data/lib/aws-sdk-core/event_emitter.rb

@@ -6,7 +6,6 @@ module Aws
     def initialize
       @listeners = {}
       @validate_event = true
-      @status = :sleep
       @signal_queue = Queue.new
     end
 
@@ -40,25 +39,10 @@ module Aws
         Aws::ParamValidator.validate!(
           @encoder.rules.shape.member(type), params)
       end
-      _ready_for_events?
       @stream.data(
         @encoder.encode(type, params),
         end_stream: type == :end_stream
       )
     end
-
-    private
-
-    def _ready_for_events?
-      return true if @status == :ready
-
-      # blocked until once initial 200 response is received
-      # signal will be available in @signal_queue
-      # and this check will no longer be blocked
-      @signal_queue.pop
-      @status = :ready
-      true
-    end
-
   end
 end

data/lib/aws-sdk-core/ini_parser.rb

@@ -8,6 +8,8 @@ module Aws
       def ini_parse(raw)
         current_profile = nil
         current_prefix = nil
+        item = nil
+        previous_item = nil
         raw.lines.inject({}) do |acc, line|
           line = line.split(/^|\s;/).first # remove comments
           profile = line.match(/^\[([^\[\]]+)\]\s*(#.+)?$/) unless line.nil?
@@ -17,11 +19,16 @@ module Aws
             current_profile = named_profile[1] if named_profile
           elsif current_profile
             unless line.nil?
+              previous_item = item
               item = line.match(/^(.+?)\s*=\s*(.+?)\s*$/)
               prefix = line.match(/^(.+?)\s*=\s*$/)
             end
             if item && item[1].match(/^\s+/)
               # Need to add lines to a nested configuration.
+              if current_prefix.nil? && previous_item[2].strip.empty?
+                current_prefix = previous_item[1]
+                acc[current_profile][current_prefix] = {}
+              end
               inner_item = line.match(/^\s*(.+?)\s*=\s*(.+?)\s*$/)
               acc[current_profile] ||= {}
               acc[current_profile][current_prefix] ||= {}

data/lib/aws-sdk-core/instance_profile_credentials.rb

@@ -53,6 +53,8 @@ module Aws
     # @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
     #   the instance metadata service. This is either 'IPv4' ('169.254.169.254')
     #   or 'IPv6' ('[fd00:ec2::254]').
+    # @option options [Boolean] :disable_imds_v1 (false) Disable the use of the
+    #  legacy EC2 Metadata Service v1.
     # @option options [String] :ip_address ('169.254.169.254') Deprecated. Use
     #   :endpoint instead. The IP address for the endpoint.
     # @option options [Integer] :port (80)
@@ -77,6 +79,9 @@ module Aws
       endpoint_mode = resolve_endpoint_mode(options)
       @endpoint = resolve_endpoint(options, endpoint_mode)
       @port = options[:port] || 80
+      @disable_imds_v1 = resolve_disable_v1(options)
+      # Flag for if v2 flow fails, skip future attempts
+      @imds_v1_fallback = false
       @http_open_timeout = options[:http_open_timeout] || 1
       @http_read_timeout = options[:http_read_timeout] || 1
       @http_debug_output = options[:http_debug_output]
@@ -85,6 +90,7 @@ module Aws
       @token = nil
       @no_refresh_until = nil
       @async_refresh = false
+      @metrics = ['CREDENTIALS_IMDS']
       super
     end
 
@@ -123,6 +129,16 @@ module Aws
       end
     end
 
+    def resolve_disable_v1(options)
+      value = options[:disable_imds_v1]
+      value ||= ENV['AWS_EC2_METADATA_V1_DISABLED']
+      value ||= Aws.shared_config.ec2_metadata_v1_disabled(
+        profile: options[:profile]
+      )
+      value = value.to_s.downcase if value
+      Aws::Util.str_2_bool(value) || false
+    end
+
     def backoff(backoff)
       case backoff
       when Proc then backoff
@@ -141,7 +157,7 @@ module Aws
       # service is responding but is returning invalid JSON documents
       # in response to the GET profile credentials call.
       begin
-        retry_errors([Aws::Json::ParseError, StandardError], max_retries: 3) do
+        retry_errors([Aws::Json::ParseError], max_retries: 3) do
           c = Aws::Json.load(get_credentials.to_s)
           if empty_credentials?(@credentials)
             @credentials = Credentials.new(
@@ -173,7 +189,6 @@ module Aws
               end
             end
           end
-
         end
       rescue Aws::Json::ParseError
         raise Aws::Errors::MetadataParserError
@@ -191,42 +206,53 @@ module Aws
             open_connection do |conn|
               # attempt to fetch token to start secure flow first
               # and rescue to failover
-              begin
-                retry_errors(NETWORK_ERRORS, max_retries: @retries) do
-                  unless token_set?
-                    created_time = Time.now
-                    token_value, ttl = http_put(
-                      conn, METADATA_TOKEN_PATH, @token_ttl
-                    )
-                    @token = Token.new(token_value, ttl, created_time) if token_value && ttl
-                  end
-                end
-              rescue *NETWORK_ERRORS
-                # token attempt failed, reset token
-                # fallback to non-token mode
-                @token = nil
-              end
-
+              fetch_token(conn) unless @imds_v1_fallback
               token = @token.value if token_set?
 
-              begin
-                metadata = http_get(conn, METADATA_PATH_BASE, token)
-                profile_name = metadata.lines.first.strip
-                http_get(conn, METADATA_PATH_BASE + profile_name, token)
-              rescue TokenExpiredError
-                # Token has expired, reset it
-                # The next retry should fetch it
-                @token = nil
-                raise Non200Response
-              end
+              # disable insecure flow if we couldn't get token
+              # and imds v1 is disabled
+              raise TokenRetrivalError if token.nil? && @disable_imds_v1
+
+              _get_credentials(conn, token)
             end
           end
-        rescue
+        rescue => e
+          warn("Error retrieving instance profile credentials: #{e}")
           '{}'
         end
       end
     end
 
+    def fetch_token(conn)
+      retry_errors(NETWORK_ERRORS, max_retries: @retries) do
+        unless token_set?
+          created_time = Time.now
+          token_value, ttl = http_put(
+            conn, METADATA_TOKEN_PATH, @token_ttl
+          )
+          @token = Token.new(token_value, ttl, created_time) if token_value && ttl
+        end
+      end
+    rescue *NETWORK_ERRORS
+      # token attempt failed, reset token
+      # fallback to non-token mode
+      @token = nil
+      @imds_v1_fallback = true
+    end
+
+    # token is optional - if nil, uses v1 (insecure) flow
+    def _get_credentials(conn, token)
+      metadata = http_get(conn, METADATA_PATH_BASE, token)
+      profile_name = metadata.lines.first.strip
+      http_get(conn, METADATA_PATH_BASE + profile_name, token)
+    rescue TokenExpiredError
+      # Token has expired, reset it
+      # The next retry should fetch it
+      @token = nil
+      @imds_v1_fallback = false
+      raise Non200Response
+    end
+
     def token_set?
       @token && !@token.expired?
     end
@@ -237,7 +263,7 @@ module Aws
 
     def open_connection
       uri = URI.parse(@endpoint)
-      http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
+      http = Net::HTTP.new(uri.hostname || @endpoint, uri.port || @port)
       http.open_timeout = @http_open_timeout
       http.read_timeout = @http_read_timeout
       http.set_debug_output(@http_debug_output) if @http_debug_output
@@ -276,8 +302,6 @@ module Aws
         ]
       when 400
         raise TokenRetrivalError
-      when 401
-        raise TokenExpiredError
       else
         raise Non200Response
       end

data/lib/aws-sdk-core/json/builder.rb

@@ -8,7 +8,7 @@ module Aws
 
       include Seahorse::Model::Shapes
 
-      def initialize(rules)
+      def initialize(rules, _options = {})
         @rules = rules
       end
 
@@ -20,6 +20,8 @@ module Aws
       private
 
       def structure(ref, values)
+        return nil if values.nil?
+
         shape = ref.shape
         values.each_pair.with_object({}) do |(key, value), data|
           if shape.member?(key) && !value.nil?
@@ -31,11 +33,15 @@ module Aws
       end
 
       def list(ref, values)
+        return nil if values.nil?
+
         member_ref = ref.shape.member
         values.collect { |value| format(member_ref, value) }
       end
 
       def map(ref, values)
+        return nil if values.nil?
+
         value_ref = ref.shape.value
         values.each.with_object({}) do |(key, value), data|
           data[key] = format(value_ref, value)
@@ -49,6 +55,7 @@ module Aws
         when MapShape       then map(ref, value)
         when TimestampShape then timestamp(ref, value)
         when BlobShape      then encode(value)
+        when FloatShape     then Util.serialize_number(value)
         else value
         end
       end

data/lib/aws-sdk-core/json/error_handler.rb

@@ -2,10 +2,8 @@
 
 module Aws
   module Json
-    class ErrorHandler < Xml::ErrorHandler
+    class ErrorHandler < Aws::ErrorHandler
 
-      # @param [Seahorse::Client::RequestContext] context
-      # @return [Seahorse::Client::Response]
       def call(context)
         @handler.call(context).on(300..599) do |response|
           response.error = error(context)
@@ -19,18 +17,21 @@ module Aws
         json = Json.load(body)
         code = error_code(json, context)
         message = error_message(code, json)
-        data = parse_error_data(context, code)
+        data = parse_error_data(context, body, code)
         [code, message, data]
       rescue Json::ParseError
         [http_status_error_code(context), '', EmptyStructure.new]
       end
 
       def error_code(json, context)
-        code = if aws_query_error?(context)
-          context.http_response.headers['x-amzn-query-error'].split(';')[0]
-        else
-          json['__type']
-        end
+        code =
+          if aws_query_error?(context)
+            query_header = context.http_response.headers['x-amzn-query-error']
+            error, _type = query_header.split(';') # type not supported
+            remove_prefix(error, context)
+          else
+            json['__type']
+          end
         code ||= json['code']
         code ||= context.http_response.headers['x-amzn-errortype']
         if code
@@ -45,6 +46,14 @@ module Aws
           context.http_response.headers['x-amzn-query-error']
       end
 
+      def remove_prefix(error_code, context)
+        if (prefix = context.config.api.metadata['errorPrefix'])
+          error_code.sub(/^#{prefix}/, '')
+        else
+          error_code
+        end
+      end
+
       def error_message(code, json)
         if code == 'RequestEntityTooLarge'
           'Request body must be less than 1 MB'
@@ -53,22 +62,29 @@ module Aws
         end
       end
 
-      def parse_error_data(context, code)
+      def parse_error_data(context, body, code)
         data = EmptyStructure.new
-        if error_rules = context.operation.errors
+        if (error_rules = context.operation.errors)
           error_rules.each do |rule|
             # match modeled shape name with the type(code) only
             # some type(code) might contains invalid characters
             # such as ':' (efs) etc
             match = rule.shape.name == code.gsub(/[^^a-zA-Z0-9]/, '')
-            if match && rule.shape.members.any?
-              data = Parser.new(rule).parse(context.http_response.body_contents)
-            end
+            next unless match && rule.shape.members.any?
+
+            data = Parser.new(rule).parse(body)
+            # errors support HTTP bindings
+            apply_error_headers(rule, context, data)
           end
         end
         data
       end
 
+      def apply_error_headers(rule, context, data)
+        headers = Aws::Rest::Response::Headers.new(rule)
+        headers.apply(context.http_response, data)
+      end
+
     end
   end
 end

data/lib/aws-sdk-core/json/handler.rb

@@ -12,8 +12,7 @@ module Aws
         build_request(context)
         response = @handler.call(context)
         response.on(200..299) { |resp| parse_response(resp) }
-        response.on(200..599) { |resp| apply_request_id(context) }
-        response
+        response.on(200..599) { |_resp| apply_request_id(context) }
       end
 
       private
@@ -22,6 +21,7 @@ module Aws
         context.http_request.http_method = 'POST'
         context.http_request.headers['Content-Type'] = content_type(context)
         context.http_request.headers['X-Amz-Target'] = target(context)
+        context.http_request.headers['X-Amzn-Query-Mode'] = 'true' if query_compatible?(context)
         context.http_request.body = build_body(context)
       end
 
@@ -38,10 +38,10 @@ module Aws
       end
 
       def parse_body(context)
+        json = context.http_response.body_contents
         if simple_json?(context)
-          Json.load(context.http_response.body_contents)
-        elsif rules = context.operation.output
-          json = context.http_response.body_contents
+          Json.load(json)
+        elsif (rules = context.operation.output)
           if json.is_a?(Array)
             # an array of emitted events
             if json[0].respond_to?(:response)
@@ -59,7 +59,10 @@ module Aws
             end
             resp_struct
           else
-            Parser.new(rules).parse(json == '' ? '{}' : json)
+            Parser.new(
+              rules,
+              query_compatible: query_compatible?(context)
+            ).parse(json)
           end
         else
           EmptyStructure.new
@@ -83,6 +86,10 @@ module Aws
         context.config.simple_json
       end
 
+      def query_compatible?(context)
+        context.config.api.metadata.key?('awsQueryCompatible')
+      end
+
     end
   end
 end

data/lib/aws-sdk-core/json/json_engine.rb

@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 
+require 'json'
+
 module Aws
   module Json
-    module JSONEngine
+    module JsonEngine
       class << self
         def load(json)
           JSON.parse(json)

data/lib/aws-sdk-core/json/oj_engine.rb

@@ -1,10 +1,16 @@
 # frozen_string_literal: true
 
+require 'oj'
+
 module Aws
   module Json
     module OjEngine
       # @api private
-      LOAD_OPTIONS = { mode: :compat, symbol_keys: false, empty_string: false }.freeze
+      LOAD_OPTIONS = {
+        mode: :compat,
+        symbol_keys: false,
+        empty_string: false
+      }.freeze
 
       # @api private
       DUMP_OPTIONS = { mode: :compat }.freeze

data/lib/aws-sdk-core/json/parser.rb

@@ -10,12 +10,15 @@ module Aws
       include Seahorse::Model::Shapes
 
       # @param [Seahorse::Model::ShapeRef] rules
-      def initialize(rules)
+      def initialize(rules, query_compatible: false)
         @rules = rules
+        @query_compatible = query_compatible
       end
 
       # @param [String<JSON>] json
       def parse(json, target = nil)
+        json = '{}' if json.empty?
+
         parse_ref(@rules, Json.load(json), target)
       end
 
@@ -28,10 +31,26 @@ module Aws
           member_name, member_ref = shape.member_by_location_name(key)
           if member_ref
             target[member_name] = parse_ref(member_ref, value)
-          elsif shape.union
+          elsif shape.union && key != '__type'
             target[:unknown] = { 'name' => key, 'value' => value }
           end
         end
+        # In services that were previously Query/XML, members that were
+        # "flattened" defaulted to empty lists. In JSON, these values are nil,
+        # which is backwards incompatible. To preserve backwards compatibility,
+        # we set a default value of [] for these members.
+        if @query_compatible
+          ref.shape.members.each do |member_name, member_target|
+            next unless target[member_name].nil?
+
+            if flattened_list?(member_target.shape)
+              target[member_name] = []
+            elsif flattened_map?(member_target.shape)
+              target[member_name] = {}
+            end
+          end
+        end
+
         if shape.union
           # convert to subclass
           member_subclass = shape.member_subclass(target.member).new
@@ -52,6 +71,8 @@ module Aws
       def map(ref, values, target = nil)
         target = {} if target.nil?
         values.each do |key, value|
+          next if value.nil?
+
           target[key] = parse_ref(ref.shape.value, value)
         end
         target
@@ -68,6 +89,7 @@ module Aws
           when TimestampShape then time(value)
           when BlobShape then Base64.decode64(value)
           when BooleanShape then value.to_s == 'true'
+          when FloatShape then Util.deserialize_number(value)
           else value
           end
         end
@@ -76,7 +98,15 @@ module Aws
       # @param [String, Integer] value
       # @return [Time]
       def time(value)
-        value.is_a?(Numeric) ? Time.at(value) : Time.parse(value)
+        value.is_a?(Numeric) ? Time.at(value) : Aws::Util.deserialize_time(value)
+      end
+
+      def flattened_list?(shape)
+        shape.is_a?(ListShape) && shape.flattened
+      end
+
+      def flattened_map?(shape)
+        shape.is_a?(MapShape) && shape.flattened
       end
 
     end

data/lib/aws-sdk-core/json.rb

@@ -1,12 +1,9 @@
 # frozen_string_literal: true
 
-require 'json'
 require_relative 'json/builder'
 require_relative 'json/error_handler'
 require_relative 'json/handler'
 require_relative 'json/parser'
-require_relative 'json/json_engine'
-require_relative 'json/oj_engine'
 
 module Aws
   # @api private
@@ -21,29 +18,61 @@ module Aws
     end
 
     class << self
-      def load(json)
-        ENGINE.load(json)
+      # @param [Symbol,Class] engine
+      #   Must be one of the following values:
+      #
+      #   * :oj
+      #   * :json
+      #
+      def engine=(engine)
+        @engine = Class === engine ? engine : load_engine(engine)
+      end
+
+      # @return [Class] Returns the default engine.
+      #   One of:
+      #
+      #   * {OjEngine}
+      #   * {JsonEngine}
+      #
+      def engine
+        set_default_engine unless @engine
+        @engine
       end
 
-      def load_file(path)
-        load(File.open(path, 'r', encoding: 'UTF-8', &:read))
+      def load(json)
+        @engine.load(json)
       end
 
       def dump(value)
-        ENGINE.dump(value)
+        @engine.dump(value)
+      end
+
+      def set_default_engine
+        [:oj, :json].each do |name|
+          @engine ||= try_load_engine(name)
+        end
+        unless @engine
+          raise 'Unable to find a compatible json library. ' \
+          'Ensure that you have installed or added to your Gemfile one of ' \
+          'oj or json'
+        end
       end
 
       private
 
-      def select_engine
-        require 'oj'
-        OjEngine
+      def load_engine(name)
+        require "aws-sdk-core/json/#{name}_engine"
+        const_name = name[0].upcase + name[1..-1] + 'Engine'
+        const_get(const_name)
+      end
+
+      def try_load_engine(name)
+        load_engine(name)
       rescue LoadError
-        JSONEngine
+        false
       end
     end
 
-    # @api private
-    ENGINE = select_engine
+    set_default_engine
   end
 end