aws-sdk-core 3.170.1 → 3.171.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 356eca893266769e12ef7bdbbf4e836357f1de35bcfd7c02ba2557a2db0eab47
4
- data.tar.gz: 6b9ef8c0bbcc188f06c1d3ab30a39072ffc699f288de496cbb24021f8c6e3836
3
+ metadata.gz: 77d1ea18ecbf1fbe9719e1a0cbacbc0ed27728d99a81e1f646bc192311263830
4
+ data.tar.gz: 69a01c8aad8d94d35971796fe6f4b847b700e892626f564c17a9e35ab5ed660a
5
5
  SHA512:
6
- metadata.gz: 77b2cb81a5a01dbd614eced5c2a06fbf63c6e836706d2203827928a58313540b5b84e0b5a2ccf77b90ed6bb86f7de0eac290a87f762aa198391f6a464ebbe1c7
7
- data.tar.gz: 54c3c5554ade60baa2b7bd8102ab2f9d52ecb9619649b2fd4664f0f4ec112ff73739f1427ff7e1c415ba95c84a20b6d04fc3527f8cc24ffe4b6b5dd194b97eca
6
+ metadata.gz: 14dab48dae835a45f4466f394e5eeced702923345a9d3a113dbac2e4ebb48faaa6b89d51c804ff9d3ecd608e7411629a9fc0e86b45a05f26de0ae64df954ccee
7
+ data.tar.gz: 8394d0cf230a56969279dbec6437c9cdd2500417bb6b6a270476f49fa3f0e4dddc0c3dcb9fa6b90b7a5f921bfbe402289f20e10d7992c94663627f2d41f84848
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 3.171.1 (2023-05-04)
5
+ ------------------
6
+
7
+ * Issue - Fix error code parsing in AWS query compatible JSON services.
8
+
9
+ 3.171.0 (2023-03-22)
10
+ ------------------
11
+
12
+ * Feature - Add support for `AWS_CONTAINER_CREDENTIALS_FULL_URI` and `AWS_CONTAINER_AUTHORIZATION_TOKEN` environment variables to `ECSCredentials`.
13
+
4
14
  3.170.1 (2023-03-17)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.170.1
1
+ 3.171.1
@@ -161,7 +161,8 @@ module Aws
161
161
 
162
162
  def instance_profile_credentials(options)
163
163
  profile_name = determine_profile_name(options)
164
- if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
164
+ if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] ||
165
+ ENV['AWS_CONTAINER_CREDENTIALS_FULL_URI']
165
166
  ECSCredentials.new(options)
166
167
  else
167
168
  InstanceProfileCredentials.new(options.merge(profile: profile_name))
@@ -2,6 +2,7 @@
2
2
 
3
3
  require 'time'
4
4
  require 'net/http'
5
+ require 'resolv'
5
6
 
6
7
  module Aws
7
8
  # An auto-refreshing credential provider that loads credentials from
@@ -10,7 +11,6 @@ module Aws
10
11
  # ecs_credentials = Aws::ECSCredentials.new(retries: 3)
11
12
  # ec2 = Aws::EC2::Client.new(credentials: ecs_credentials)
12
13
  class ECSCredentials
13
-
14
14
  include CredentialProvider
15
15
  include RefreshingCredentials
16
16
 
@@ -29,16 +29,22 @@ module Aws
29
29
  Errno::ENETUNREACH,
30
30
  SocketError,
31
31
  Timeout::Error,
32
- Non200Response,
33
- ]
32
+ Non200Response
33
+ ].freeze
34
34
 
35
35
  # @param [Hash] options
36
36
  # @option options [Integer] :retries (5) Number of times to retry
37
37
  # when retrieving credentials.
38
- # @option options [String] :ip_address ('169.254.170.2')
39
- # @option options [Integer] :port (80)
38
+ # @option options [String] :ip_address ('169.254.170.2') This value is
39
+ # ignored if `endpoint` is set and `credential_path` is not set.
40
+ # @option options [Integer] :port (80) This value is ignored if `endpoint`
41
+ # is set and `credential_path` is not set.
40
42
  # @option options [String] :credential_path By default, the value of the
41
43
  # AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable.
44
+ # @option options [String] :endpoint The ECS credential endpoint.
45
+ # By default, this is the value of the AWS_CONTAINER_CREDENTIALS_FULL_URI
46
+ # environment variable. This value is ignored if `credential_path` or
47
+ # ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] is set.
42
48
  # @option options [Float] :http_open_timeout (5)
43
49
  # @option options [Float] :http_read_timeout (5)
44
50
  # @option options [Numeric, Proc] :delay By default, failures are retried
@@ -52,17 +58,15 @@ module Aws
52
58
  # credentials are refreshed. `before_refresh` is called
53
59
  # with an instance of this object when
54
60
  # AWS credentials are required and need to be refreshed.
55
- def initialize options = {}
61
+ def initialize(options = {})
62
+ credential_path = options[:credential_path] ||
63
+ ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
64
+ endpoint = options[:endpoint] ||
65
+ ENV['AWS_CONTAINER_CREDENTIALS_FULL_URI']
66
+ initialize_uri(options, credential_path, endpoint)
67
+ @authorization_token = ENV['AWS_CONTAINER_AUTHORIZATION_TOKEN']
68
+
56
69
  @retries = options[:retries] || 5
57
- @ip_address = options[:ip_address] || '169.254.170.2'
58
- @port = options[:port] || 80
59
- @credential_path = options[:credential_path]
60
- @credential_path ||= ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
61
- unless @credential_path
62
- raise ArgumentError.new(
63
- "Cannot instantiate an ECS Credential Provider without a credential path."
64
- )
65
- end
66
70
  @http_open_timeout = options[:http_open_timeout] || 5
67
71
  @http_read_timeout = options[:http_read_timeout] || 5
68
72
  @http_debug_output = options[:http_debug_output]
@@ -77,11 +81,69 @@ module Aws
77
81
 
78
82
  private
79
83
 
84
+ def initialize_uri(options, credential_path, endpoint)
85
+ if credential_path
86
+ initialize_relative_uri(options, credential_path)
87
+ # Use FULL_URI/endpoint only if RELATIVE_URI/path is not set
88
+ elsif endpoint
89
+ initialize_full_uri(endpoint)
90
+ else
91
+ raise ArgumentError,
92
+ 'Cannot instantiate an ECS Credential Provider '\
93
+ 'without a credential path or endpoint.'
94
+ end
95
+ end
96
+
97
+ def initialize_relative_uri(options, path)
98
+ @host = options[:ip_address] || '169.254.170.2'
99
+ @port = options[:port] || 80
100
+ @scheme = 'http'
101
+ @credential_path = path
102
+ end
103
+
104
+ def initialize_full_uri(endpoint)
105
+ uri = URI.parse(endpoint)
106
+ validate_full_uri!(uri)
107
+ @host = uri.host
108
+ @port = uri.port
109
+ @scheme = uri.scheme
110
+ @credential_path = uri.path
111
+ end
112
+
113
+ # Validate that the full URI is using a loopback address if scheme is http.
114
+ def validate_full_uri!(full_uri)
115
+ return unless full_uri.scheme == 'http'
116
+
117
+ begin
118
+ return if ip_loopback?(IPAddr.new(full_uri.host))
119
+ rescue IPAddr::InvalidAddressError
120
+ addresses = Resolv.getaddresses(full_uri.host)
121
+ return if addresses.all? { |addr| ip_loopback?(IPAddr.new(addr)) }
122
+ end
123
+
124
+ raise ArgumentError,
125
+ 'AWS_CONTAINER_CREDENTIALS_FULL_URI must use a loopback '\
126
+ 'address when using the http scheme.'
127
+ end
128
+
129
+ # loopback? method is available in Ruby 2.5+
130
+ # Replicate the logic here.
131
+ def ip_loopback?(ip_address)
132
+ case ip_address.family
133
+ when Socket::AF_INET
134
+ ip_address & 0xff000000 == 0x7f000000
135
+ when Socket::AF_INET6
136
+ ip_address == 1
137
+ else
138
+ false
139
+ end
140
+ end
141
+
80
142
  def backoff(backoff)
81
143
  case backoff
82
144
  when Proc then backoff
83
- when Numeric then lambda { |_| sleep(backoff) }
84
- else lambda { |num_failures| Kernel.sleep(1.2 ** num_failures) }
145
+ when Numeric then ->(_) { sleep(backoff) }
146
+ else ->(num_failures) { Kernel.sleep(1.2**num_failures) }
85
147
  end
86
148
  end
87
149
 
@@ -89,68 +151,64 @@ module Aws
89
151
  # Retry loading credentials up to 3 times is the instance metadata
90
152
  # service is responding but is returning invalid JSON documents
91
153
  # in response to the GET profile credentials call.
92
- begin
93
- retry_errors([Aws::Json::ParseError, StandardError], max_retries: 3) do
94
- c = Aws::Json.load(get_credentials.to_s)
95
- @credentials = Credentials.new(
96
- c['AccessKeyId'],
97
- c['SecretAccessKey'],
98
- c['Token']
99
- )
100
- @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
101
- end
102
- rescue Aws::Json::ParseError
103
- raise Aws::Errors::MetadataParserError.new
154
+
155
+ retry_errors([Aws::Json::ParseError, StandardError], max_retries: 3) do
156
+ c = Aws::Json.load(get_credentials.to_s)
157
+ @credentials = Credentials.new(
158
+ c['AccessKeyId'],
159
+ c['SecretAccessKey'],
160
+ c['Token']
161
+ )
162
+ @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
104
163
  end
164
+ rescue Aws::Json::ParseError
165
+ raise Aws::Errors::MetadataParserError
105
166
  end
106
167
 
107
168
  def get_credentials
108
169
  # Retry loading credentials a configurable number of times if
109
170
  # the instance metadata service is not responding.
110
- begin
111
- retry_errors(NETWORK_ERRORS, max_retries: @retries) do
112
- open_connection do |conn|
113
- http_get(conn, @credential_path)
114
- end
171
+
172
+ retry_errors(NETWORK_ERRORS, max_retries: @retries) do
173
+ open_connection do |conn|
174
+ http_get(conn, @credential_path)
115
175
  end
116
- rescue
117
- '{}'
118
176
  end
177
+ rescue StandardError
178
+ '{}'
119
179
  end
120
180
 
121
181
  def open_connection
122
- http = Net::HTTP.new(@ip_address, @port, nil)
182
+ http = Net::HTTP.new(@host, @port, nil)
123
183
  http.open_timeout = @http_open_timeout
124
184
  http.read_timeout = @http_read_timeout
125
185
  http.set_debug_output(@http_debug_output) if @http_debug_output
186
+ http.use_ssl = @scheme == 'https'
126
187
  http.start
127
188
  yield(http).tap { http.finish }
128
189
  end
129
190
 
130
191
  def http_get(connection, path)
131
- response = connection.request(Net::HTTP::Get.new(path))
132
- if response.code.to_i == 200
133
- response.body
134
- else
135
- raise Non200Response
136
- end
192
+ request = Net::HTTP::Get.new(path)
193
+ request['Authorization'] = @authorization_token if @authorization_token
194
+ response = connection.request(request)
195
+ raise Non200Response unless response.code.to_i == 200
196
+
197
+ response.body
137
198
  end
138
199
 
139
- def retry_errors(error_classes, options = {}, &block)
200
+ def retry_errors(error_classes, options = {})
140
201
  max_retries = options[:max_retries]
141
202
  retries = 0
142
203
  begin
143
204
  yield
144
- rescue *error_classes => _error
145
- if retries < max_retries
146
- @backoff.call(retries)
147
- retries += 1
148
- retry
149
- else
150
- raise
151
- end
205
+ rescue *error_classes => _e
206
+ raise unless retries < max_retries
207
+
208
+ @backoff.call(retries)
209
+ retries += 1
210
+ retry
152
211
  end
153
212
  end
154
-
155
213
  end
156
214
  end
@@ -26,11 +26,13 @@ module Aws
26
26
  end
27
27
 
28
28
  def error_code(json, context)
29
- code = if aws_query_error?(context)
30
- context.http_response.headers['x-amzn-query-error'].split(';')[0]
31
- else
32
- json['__type']
33
- end
29
+ code =
30
+ if aws_query_error?(context)
31
+ error = context.http_response.headers['x-amzn-query-error'].split(';')[0]
32
+ remove_prefix(error, context)
33
+ else
34
+ json['__type']
35
+ end
34
36
  code ||= json['code']
35
37
  code ||= context.http_response.headers['x-amzn-errortype']
36
38
  if code
@@ -45,6 +47,14 @@ module Aws
45
47
  context.http_response.headers['x-amzn-query-error']
46
48
  end
47
49
 
50
+ def remove_prefix(error_code, context)
51
+ if prefix = context.config.api.metadata['errorPrefix']
52
+ error_code.sub(/^#{prefix}/, '')
53
+ else
54
+ error_code
55
+ end
56
+ end
57
+
48
58
  def error_message(code, json)
49
59
  if code == 'RequestEntityTooLarge'
50
60
  'Request body must be less than 1 MB'
@@ -585,7 +585,7 @@ module Aws::SSO
585
585
  params: params,
586
586
  config: config)
587
587
  context[:gem_name] = 'aws-sdk-core'
588
- context[:gem_version] = '3.170.1'
588
+ context[:gem_version] = '3.171.1'
589
589
  Seahorse::Client::Request.new(handlers, context)
590
590
  end
591
591
 
data/lib/aws-sdk-sso.rb CHANGED
@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sso/customizations'
54
54
  # @!group service
55
55
  module Aws::SSO
56
56
 
57
- GEM_VERSION = '3.170.1'
57
+ GEM_VERSION = '3.171.1'
58
58
 
59
59
  end
@@ -581,7 +581,7 @@ module Aws::SSOOIDC
581
581
  params: params,
582
582
  config: config)
583
583
  context[:gem_name] = 'aws-sdk-core'
584
- context[:gem_version] = '3.170.1'
584
+ context[:gem_version] = '3.171.1'
585
585
  Seahorse::Client::Request.new(handlers, context)
586
586
  end
587
587
 
@@ -54,6 +54,6 @@ require_relative 'aws-sdk-ssooidc/customizations'
54
54
  # @!group service
55
55
  module Aws::SSOOIDC
56
56
 
57
- GEM_VERSION = '3.170.1'
57
+ GEM_VERSION = '3.171.1'
58
58
 
59
59
  end
@@ -2318,7 +2318,7 @@ module Aws::STS
2318
2318
  params: params,
2319
2319
  config: config)
2320
2320
  context[:gem_name] = 'aws-sdk-core'
2321
- context[:gem_version] = '3.170.1'
2321
+ context[:gem_version] = '3.171.1'
2322
2322
  Seahorse::Client::Request.new(handlers, context)
2323
2323
  end
2324
2324
 
data/lib/aws-sdk-sts.rb CHANGED
@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sts/customizations'
54
54
  # @!group service
55
55
  module Aws::STS
56
56
 
57
- GEM_VERSION = '3.170.1'
57
+ GEM_VERSION = '3.171.1'
58
58
 
59
59
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.170.1
4
+ version: 3.171.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-03-17 00:00:00.000000000 Z
11
+ date: 2023-05-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jmespath