aws-sdk-core 3.170.0 → 3.175.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 621db310544612392db658a6d7ef590b805f1de5e445fce164af947327bccf66
-  data.tar.gz: 87484fd54203a9bac01f64aa23f09f4fa042b4f3a0a263bc3c4b0669a9086d21
+  metadata.gz: 00b5dd5634edc052e3a3b44da5f1d06a96c5897585de71fe994130a991bf7cee
+  data.tar.gz: 4aab11d507d492ed8b2eec6123bb9170c5271c40b42afb026dd844dbb082786f
 SHA512:
-  metadata.gz: 213e9846a695ffa86ead83972d6d2d98e94ef06b0f3449cb8602e188cf55e65b4eb3c5045548dc51c144d855fb02c8758bfd34b721b65ca1b8afaebb959750bf
-  data.tar.gz: e3b5347c678c996eae43e13007e61272e8711d522b84842397e2773fb65c0fc469921761ffd01377383d25ad7309ba0b3da886d592f990ee3efcfa39f2e9f687
+  metadata.gz: e85525d950b0e7dbe029a0b8c45661edf1ed398d32f4e63b2f0641d6febbdfee370701309719146e5da98415233d2a978fc88905e4fc1073cd95dca42cd13eff
+  data.tar.gz: 3a9c20834b4b0f8faf9fdbc3963156cf996719f1f1051ae4b8e251f5f32ec45a7f072b9c0f007cbbeabcc6496aa6f473f840ee338d97e3f227b72217d53f2cba

data/CHANGELOG.md

@@ -1,6 +1,58 @@
 Unreleased Changes
 ------------------
 
+3.175.0 (2023-06-15)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.174.0 (2023-05-31)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Improve User-Agent metrics tracking.
+
+3.173.1 (2023-05-24)
+------------------
+
+* Issue - Updated `checksum_algorithm` plugin to use IO.copy_stream for JRuby.
+
+3.173.0 (2023-05-18)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.172.0 (2023-05-08)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Add :region option to `Aws::Log::Formatter`.
+
+3.171.1 (2023-05-04)
+------------------
+
+* Issue - Fix error code parsing in AWS query compatible JSON services.
+
+3.171.0 (2023-03-22)
+------------------
+
+* Feature - Add support for `AWS_CONTAINER_CREDENTIALS_FULL_URI` and `AWS_CONTAINER_AUTHORIZATION_TOKEN` environment variables to `ECSCredentials`.
+
+3.170.1 (2023-03-17)
+------------------
+
+* Issue - Reduce memory usage in H2::Connection when `http_wire_log` is not set.
+
 3.170.0 (2023-01-25)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.170.0
+3.175.0

data/lib/aws-defaults/default_configuration.rb

@@ -20,7 +20,7 @@ module Aws
   #  * Globally via the "AWS_DEFAULTS_MODE" environment variable.
   #
   #
-  # @code_generation START - documentation
+  # #defaults START - documentation
   # The following `:default_mode` values are supported:
   #
   # * `'standard'` -
@@ -105,10 +105,10 @@ module Aws
   # [2]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-retry_mode.html
   # [3]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-sts_regional_endpoints.html
   #
-  # @code_generation END - documentation
+  # #defaults END - documentation
   module DefaultsModeConfiguration
     # @api private
-    # @code_generation START - configuration
+    # #defaults START - configuration
     SDK_DEFAULT_CONFIGURATION = 
     {
       "version" => 1,
@@ -148,6 +148,6 @@ module Aws
         }
       }
     }
-    # @code_generation END - configuration
+    # #defaults END - configuration
   end
 end

data/lib/aws-sdk-core/credential_provider_chain.rb

@@ -161,7 +161,8 @@ module Aws
 
     def instance_profile_credentials(options)
       profile_name = determine_profile_name(options)
-      if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
+      if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] ||
+         ENV['AWS_CONTAINER_CREDENTIALS_FULL_URI']
         ECSCredentials.new(options)
       else
         InstanceProfileCredentials.new(options.merge(profile: profile_name))

data/lib/aws-sdk-core/ecs_credentials.rb

@@ -2,6 +2,7 @@
 
 require 'time'
 require 'net/http'
+require 'resolv'
 
 module Aws
   # An auto-refreshing credential provider that loads credentials from
@@ -10,7 +11,6 @@ module Aws
   #     ecs_credentials = Aws::ECSCredentials.new(retries: 3)
   #     ec2 = Aws::EC2::Client.new(credentials: ecs_credentials)
   class ECSCredentials
-
     include CredentialProvider
     include RefreshingCredentials
 
@@ -29,16 +29,22 @@ module Aws
       Errno::ENETUNREACH,
       SocketError,
       Timeout::Error,
-      Non200Response,
-    ]
+      Non200Response
+    ].freeze
 
     # @param [Hash] options
     # @option options [Integer] :retries (5) Number of times to retry
     #   when retrieving credentials.
-    # @option options [String] :ip_address ('169.254.170.2')
-    # @option options [Integer] :port (80)
+    # @option options [String] :ip_address ('169.254.170.2') This value is
+    #   ignored if `endpoint` is set and `credential_path` is not set.
+    # @option options [Integer] :port (80) This value is ignored if `endpoint`
+    #   is set and `credential_path` is not set.
     # @option options [String] :credential_path By default, the value of the
     #   AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable.
+    # @option options [String] :endpoint The ECS credential endpoint.
+    #   By default, this is the value of the AWS_CONTAINER_CREDENTIALS_FULL_URI
+    #   environment variable. This value is ignored if `credential_path` or
+    #   ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] is set.
     # @option options [Float] :http_open_timeout (5)
     # @option options [Float] :http_read_timeout (5)
     # @option options [Numeric, Proc] :delay By default, failures are retried
@@ -52,17 +58,15 @@ module Aws
     #   credentials are refreshed. `before_refresh` is called
     #   with an instance of this object when
     #   AWS credentials are required and need to be refreshed.
-    def initialize options = {}
+    def initialize(options = {})
+      credential_path = options[:credential_path] ||
+                        ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
+      endpoint = options[:endpoint] ||
+                 ENV['AWS_CONTAINER_CREDENTIALS_FULL_URI']
+      initialize_uri(options, credential_path, endpoint)
+      @authorization_token = ENV['AWS_CONTAINER_AUTHORIZATION_TOKEN']
+
       @retries = options[:retries] || 5
-      @ip_address = options[:ip_address] || '169.254.170.2'
-      @port = options[:port] || 80
-      @credential_path = options[:credential_path]
-      @credential_path ||= ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
-      unless @credential_path
-        raise ArgumentError.new(
-          "Cannot instantiate an ECS Credential Provider without a credential path."
-        )
-      end
       @http_open_timeout = options[:http_open_timeout] || 5
       @http_read_timeout = options[:http_read_timeout] || 5
       @http_debug_output = options[:http_debug_output]
@@ -77,11 +81,69 @@ module Aws
 
     private
 
+    def initialize_uri(options, credential_path, endpoint)
+      if credential_path
+        initialize_relative_uri(options, credential_path)
+      # Use FULL_URI/endpoint only if RELATIVE_URI/path is not set
+      elsif endpoint
+        initialize_full_uri(endpoint)
+      else
+        raise ArgumentError,
+              'Cannot instantiate an ECS Credential Provider '\
+              'without a credential path or endpoint.'
+      end
+    end
+
+    def initialize_relative_uri(options, path)
+      @host = options[:ip_address] || '169.254.170.2'
+      @port = options[:port] || 80
+      @scheme = 'http'
+      @credential_path = path
+    end
+
+    def initialize_full_uri(endpoint)
+      uri = URI.parse(endpoint)
+      validate_full_uri!(uri)
+      @host = uri.host
+      @port = uri.port
+      @scheme = uri.scheme
+      @credential_path = uri.path
+    end
+
+    # Validate that the full URI is using a loopback address if scheme is http.
+    def validate_full_uri!(full_uri)
+      return unless full_uri.scheme == 'http'
+
+      begin
+        return if ip_loopback?(IPAddr.new(full_uri.host))
+      rescue IPAddr::InvalidAddressError
+        addresses = Resolv.getaddresses(full_uri.host)
+        return if addresses.all? { |addr| ip_loopback?(IPAddr.new(addr)) }
+      end
+
+      raise ArgumentError,
+            'AWS_CONTAINER_CREDENTIALS_FULL_URI must use a loopback '\
+            'address when using the http scheme.'
+    end
+
+    # loopback? method is available in Ruby 2.5+
+    # Replicate the logic here.
+    def ip_loopback?(ip_address)
+      case ip_address.family
+      when Socket::AF_INET
+        ip_address & 0xff000000 == 0x7f000000
+      when Socket::AF_INET6
+        ip_address == 1
+      else
+        false
+      end
+    end
+
     def backoff(backoff)
       case backoff
       when Proc then backoff
-      when Numeric then lambda { |_| sleep(backoff) }
-      else lambda { |num_failures| Kernel.sleep(1.2 ** num_failures) }
+      when Numeric then ->(_) { sleep(backoff) }
+      else ->(num_failures) { Kernel.sleep(1.2**num_failures) }
       end
     end
 
@@ -89,68 +151,64 @@ module Aws
       # Retry loading credentials up to 3 times is the instance metadata
       # service is responding but is returning invalid JSON documents
       # in response to the GET profile credentials call.
-      begin
-        retry_errors([Aws::Json::ParseError, StandardError], max_retries: 3) do
-          c = Aws::Json.load(get_credentials.to_s)
-          @credentials = Credentials.new(
-            c['AccessKeyId'],
-            c['SecretAccessKey'],
-            c['Token']
-          )
-          @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
-        end
-      rescue Aws::Json::ParseError
-        raise Aws::Errors::MetadataParserError.new
+
+      retry_errors([Aws::Json::ParseError, StandardError], max_retries: 3) do
+        c = Aws::Json.load(get_credentials.to_s)
+        @credentials = Credentials.new(
+          c['AccessKeyId'],
+          c['SecretAccessKey'],
+          c['Token']
+        )
+        @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
       end
+    rescue Aws::Json::ParseError
+      raise Aws::Errors::MetadataParserError
     end
 
     def get_credentials
       # Retry loading credentials a configurable number of times if
       # the instance metadata service is not responding.
-      begin
-        retry_errors(NETWORK_ERRORS, max_retries: @retries) do
-          open_connection do |conn|
-            http_get(conn, @credential_path)
-          end
+
+      retry_errors(NETWORK_ERRORS, max_retries: @retries) do
+        open_connection do |conn|
+          http_get(conn, @credential_path)
         end
-      rescue
-        '{}'
       end
+    rescue StandardError
+      '{}'
     end
 
     def open_connection
-      http = Net::HTTP.new(@ip_address, @port, nil)
+      http = Net::HTTP.new(@host, @port, nil)
       http.open_timeout = @http_open_timeout
       http.read_timeout = @http_read_timeout
       http.set_debug_output(@http_debug_output) if @http_debug_output
+      http.use_ssl = @scheme == 'https'
       http.start
       yield(http).tap { http.finish }
     end
 
     def http_get(connection, path)
-      response = connection.request(Net::HTTP::Get.new(path))
-      if response.code.to_i == 200
-        response.body
-      else
-        raise Non200Response
-      end
+      request = Net::HTTP::Get.new(path)
+      request['Authorization'] = @authorization_token if @authorization_token
+      response = connection.request(request)
+      raise Non200Response unless response.code.to_i == 200
+
+      response.body
     end
 
-    def retry_errors(error_classes, options = {}, &block)
+    def retry_errors(error_classes, options = {})
       max_retries = options[:max_retries]
       retries = 0
       begin
         yield
-      rescue *error_classes => _error
-        if retries < max_retries
-          @backoff.call(retries)
-          retries += 1
-          retry
-        else
-          raise
-        end
+      rescue *error_classes => _e
+        raise unless retries < max_retries
+
+        @backoff.call(retries)
+        retries += 1
+        retry
       end
     end
-
   end
 end

data/lib/aws-sdk-core/json/error_handler.rb

@@ -26,11 +26,13 @@ module Aws
       end
 
       def error_code(json, context)
-        code = if aws_query_error?(context)
-          context.http_response.headers['x-amzn-query-error'].split(';')[0]
-        else
-          json['__type']
-        end
+        code =
+          if aws_query_error?(context)
+            error = context.http_response.headers['x-amzn-query-error'].split(';')[0]
+            remove_prefix(error, context)
+          else
+            json['__type']
+          end
         code ||= json['code']
         code ||= context.http_response.headers['x-amzn-errortype']
         if code
@@ -45,6 +47,14 @@ module Aws
           context.http_response.headers['x-amzn-query-error']
       end
 
+      def remove_prefix(error_code, context)
+        if prefix = context.config.api.metadata['errorPrefix']
+          error_code.sub(/^#{prefix}/, '')
+        else
+          error_code
+        end
+      end
+
       def error_message(code, json)
         if code == 'RequestEntityTooLarge'
           'Request body must be less than 1 MB'

data/lib/aws-sdk-core/log/formatter.rb

@@ -26,6 +26,8 @@ module Aws
     #
     # You can put any of these placeholders into you pattern.
     #
+    #   * `:region` - The region configured for the client.
+    #
     #   * `:client_class` - The name of the client class.
     #
     #   * `:operation` - The name of the client request method.
@@ -116,6 +118,10 @@ module Aws
 
       private
 
+      def _region(response)
+        response.context.config.region
+      end
+
       def _client_class(response)
         response.context.client.class.name
       end

data/lib/aws-sdk-core/pageable_response.rb

@@ -201,7 +201,9 @@ module Aws
       def next_response(params)
         params = next_page_params(params)
         request = context.client.build_request(context.operation_name, params)
-        request.send_request
+        Aws::Plugins::UserAgent.feature('paginator') do
+          request.send_request
+        end
       end
 
       def next_page_params(params)

data/lib/aws-sdk-core/plugins/checksum_algorithm.rb

@@ -314,7 +314,7 @@ module Aws
           @io.rewind
         end
 
-        def read(length, buf)
+        def read(length, buf = nil)
           # account for possible leftover bytes at the end, if we have trailer bytes, send them
           if @trailer_io
             return @trailer_io.read(length, buf)

data/lib/aws-sdk-core/plugins/user_agent.rb

@@ -4,7 +4,31 @@ module Aws
   module Plugins
     # @api private
     class UserAgent < Seahorse::Client::Plugin
+      # @api private
       option(:user_agent_suffix)
+      # @api private
+      option(:user_agent_frameworks, default: [])
+
+      option(
+        :sdk_ua_app_id,
+        doc_type: 'String',
+        docstring: <<-DOCS) do |cfg|
+A unique and opaque application ID that is appended to the
+User-Agent header as app/<sdk_ua_app_id>. It should have a
+maximum length of 50.
+        DOCS
+        app_id = ENV['AWS_SDK_UA_APP_ID']
+        app_id ||= Aws.shared_config.sdk_ua_app_id(profile: cfg.profile)
+        app_id
+      end
+
+      def self.feature(feature, &block)
+        Thread.current[:aws_sdk_core_user_agent_feature] ||= []
+        Thread.current[:aws_sdk_core_user_agent_feature] << "ft/#{feature}"
+        block.call
+      ensure
+        Thread.current[:aws_sdk_core_user_agent_feature].pop
+      end
 
       # @api private
       class Handler < Seahorse::Client::Handler
@@ -14,33 +38,112 @@ module Aws
         end
 
         def set_user_agent(context)
-          ua = "aws-sdk-ruby3/#{CORE_GEM_VERSION}"
+          context.http_request.headers['User-Agent'] = UserAgent.new(context).to_s
+        end
+
+        class UserAgent
+          def initialize(context)
+            @context = context
+          end
+
+          def to_s
+            ua = "aws-sdk-ruby3/#{CORE_GEM_VERSION}"
+            ua += ' ua/2.0'
+            ua += " #{api_metadata}" if api_metadata
+            ua += " #{os_metadata}"
+            ua += " #{language_metadata}"
+            ua += " #{env_metadata}" if env_metadata
+            ua += " #{config_metadata}" if config_metadata
+            ua += " #{app_id}" if app_id
+            ua += " #{feature_metadata}" if feature_metadata
+            ua += " #{framework_metadata}" if framework_metadata
+            if @context.config.user_agent_suffix
+              ua += " #{@context.config.user_agent_suffix}"
+            end
+            ua.strip
+          end
+
+          private
 
-          begin
-            ua += " #{RUBY_ENGINE}/#{RUBY_VERSION}"
-          rescue
-            ua += " RUBY_ENGINE_NA/#{RUBY_VERSION}"
+          # Used to be gem_name/gem_version
+          def api_metadata
+            service_id = @context.config.api.metadata['serviceId']
+            return unless service_id
+
+            service_id = service_id.gsub(' ', '_').downcase
+            gem_version = @context[:gem_version]
+            "api/#{service_id}##{gem_version}"
+          end
+
+          # Used to be RUBY_PLATFORM
+          def os_metadata
+            os =
+              case RbConfig::CONFIG['host_os']
+              when /mac|darwin/
+                'macos'
+              when /linux|cygwin/
+                'linux'
+              when /mingw|mswin/
+                'windows'
+              else
+                'other'
+              end
+            metadata = "os/#{os}"
+            local_version = Gem::Platform.local.version
+            metadata += "##{local_version}" if local_version
+            metadata += " md/#{RbConfig::CONFIG['host_cpu']}"
+            metadata
           end
 
-          ua += " #{RUBY_PLATFORM}"
+          # Used to be RUBY_ENGINE/RUBY_VERSION
+          def language_metadata
+            "lang/#{RUBY_ENGINE}##{RUBY_ENGINE_VERSION} md/#{RUBY_VERSION}"
+          end
+
+          def env_metadata
+            return unless (execution_env = ENV['AWS_EXECUTION_ENV'])
+
+            "exec-env/#{execution_env}"
+          end
 
-          if context[:gem_name] && context[:gem_version]
-            ua += " #{context[:gem_name]}/#{context[:gem_version]}"
+          def config_metadata
+            "cfg/retry-mode##{@context.config.retry_mode}"
           end
 
-          if (execution_env = ENV['AWS_EXECUTION_ENV'])
-            ua += " exec-env/#{execution_env}"
+          def app_id
+            return unless (app_id = @context.config.sdk_ua_app_id)
+
+            # Sanitize and only allow these characters
+            app_id = app_id.gsub(/[^!#$%&'*+\-.^_`|~0-9A-Za-z]/, '-')
+            "app/#{app_id}"
           end
 
-          if context.config.user_agent_suffix
-            ua += " #{context.config.user_agent_suffix}"
+          def feature_metadata
+            return unless Thread.current[:aws_sdk_core_user_agent_feature]
+
+            Thread.current[:aws_sdk_core_user_agent_feature].join(' ')
           end
 
-          context.http_request.headers['User-Agent'] = ua.strip
+          def framework_metadata
+            if (frameworks_cfg = @context.config.user_agent_frameworks).empty?
+              return
+            end
+
+            # Frameworks may be aws-record, aws-sdk-rails, etc.
+            regex = /gems\/(?<name>#{frameworks_cfg.join('|')})-(?<version>\d+\.\d+\.\d+)/.freeze
+            frameworks = {}
+            Kernel.caller.each do |line|
+              match = line.match(regex)
+              next unless match
+
+              frameworks[match[:name]] = match[:version]
+            end
+            frameworks.map { |n, v| "lib/#{n}##{v}" }.join(' ')
+          end
         end
       end
 
-      handler(Handler)
+      handler(Handler, priority: 1)
     end
   end
 end

data/lib/aws-sdk-core/shared_config.rb

@@ -197,7 +197,8 @@ module Aws
       :s3_use_arn_region,
       :s3_us_east_1_regional_endpoint,
       :s3_disable_multiregion_access_points,
-      :defaults_mode
+      :defaults_mode,
+      :sdk_ua_app_id
     )
 
     private

data/lib/aws-sdk-core/waiters/poller.rb

@@ -62,7 +62,9 @@ module Aws
       def send_request(options)
         req = options[:client].build_request(@operation_name, options[:params])
         req.handlers.remove(RAISE_HANDLER)
-        req.send_request
+        Aws::Plugins::UserAgent.feature('waiter') do
+          req.send_request
+        end
       end
 
       def acceptor_matches?(acceptor, response)

data/lib/aws-sdk-sso/client.rb

@@ -275,6 +275,11 @@ module Aws::SSO
     #       in the future.
     #
     #
+    #   @option options [String] :sdk_ua_app_id
+    #     A unique and opaque application ID that is appended to the
+    #     User-Agent header as app/<sdk_ua_app_id>. It should have a
+    #     maximum length of 50.
+    #
     #   @option options [String] :secret_access_key
     #
     #   @option options [String] :session_token
@@ -585,7 +590,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.170.0'
+      context[:gem_version] = '3.175.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso/endpoints.rb

@@ -9,6 +9,7 @@
 
 
 module Aws::SSO
+  # @api private
   module Endpoints
 
     class GetRoleCredentials

data/lib/aws-sdk-sso.rb

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
 
-  GEM_VERSION = '3.170.0'
+  GEM_VERSION = '3.175.0'
 
 end

data/lib/aws-sdk-ssooidc/client.rb

@@ -275,6 +275,11 @@ module Aws::SSOOIDC
     #       in the future.
     #
     #
+    #   @option options [String] :sdk_ua_app_id
+    #     A unique and opaque application ID that is appended to the
+    #     User-Agent header as app/<sdk_ua_app_id>. It should have a
+    #     maximum length of 50.
+    #
     #   @option options [String] :secret_access_key
     #
     #   @option options [String] :session_token
@@ -581,7 +586,7 @@ module Aws::SSOOIDC
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.170.0'
+      context[:gem_version] = '3.175.0'
       Seahorse::Client::Request.new(handlers, context)
     end