aws-sdk-core 3.170.1 → 3.240.0

data/lib/aws-sdk-core/rpc_v2.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require_relative 'cbor'
+require_relative 'rpc_v2/builder'
+require_relative 'rpc_v2/content_type_handler'
+require_relative 'rpc_v2/error_handler'
+require_relative 'rpc_v2/handler'
+require_relative 'rpc_v2/parser'
+
+module Aws
+  # @api private
+  module RpcV2
+    class << self
+      # @param [Symbol,Class] engine
+      #   Must be one of the following values:
+      #
+      #   * :cbor
+      #
+      def engine=(engine)
+        @engine = Class === engine ? engine : load_engine(engine)
+      end
+
+      # @return [Class] Returns the default engine.
+      #   One of:
+      #
+      #   * {CborEngine}
+      #
+      def engine
+        set_default_engine unless @engine
+        @engine
+      end
+
+      def encode(data)
+        @engine.encode(data)
+      end
+
+      def decode(bytes)
+        bytes.force_encoding(Encoding::BINARY)
+        @engine.decode(bytes)
+      end
+
+      def set_default_engine
+        [:cbor].each do |name|
+          @engine ||= try_load_engine(name)
+        end
+
+        unless @engine
+          raise 'Unable to find a compatible cbor library.'
+        end
+      end
+
+      private
+
+      def load_engine(name)
+        require "aws-sdk-core/rpc_v2/#{name}_engine"
+        const_name = name[0].upcase + name[1..-1] + 'Engine'
+        const_get(const_name)
+      end
+
+      def try_load_engine(name)
+        load_engine(name)
+      rescue LoadError
+        false
+      end
+    end
+
+    set_default_engine
+  end
+end

data/lib/aws-sdk-core/shared_config.rb

@@ -138,7 +138,11 @@ module Aws
             role_session_name: entry['role_session_name']
           }
           cfg[:region] = opts[:region] if opts[:region]
-          AssumeRoleWebIdentityCredentials.new(cfg)
+          with_metrics('CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN') do
+            creds = AssumeRoleWebIdentityCredentials.new(cfg)
+            creds.metrics << 'CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN'
+            creds
+          end
         end
       end
     end
@@ -167,6 +171,36 @@ module Aws
       token
     end
 
+    # Attempts to load from shared config or shared credentials file.
+    # Will always attempt first to load from the shared credentials
+    # file, if present.
+    def login_credentials_from_config(opts = {})
+      p = opts[:profile] || @profile_name
+      credentials = login_credentials_from_profile(@parsed_credentials, p, opts[:region])
+      credentials ||= login_credentials_from_profile(@parsed_config, p, opts[:region]) if @parsed_config
+      credentials
+    end
+
+    # Source a custom configured endpoint from the shared configuration file
+    #
+    # @param [Hash] opts
+    # @option opts [String] :profile
+    # @option opts [String] :service_id
+    def configured_endpoint(opts = {})
+      # services section is only allowed in the shared config file (not credentials)
+      profile = opts[:profile] || @profile_name
+      service_id = opts[:service_id]&.gsub(" ", "_")&.downcase
+      if @parsed_config && (prof_config = @parsed_config[profile])
+        services_section_name = prof_config['services']
+        if (services_config = @parsed_config["services #{services_section_name}"]) &&
+          (service_config = services_config[service_id])
+          return service_config['endpoint_url'] if service_config['endpoint_url']
+        end
+        return prof_config['endpoint_url']
+      end
+      nil
+    end
+
     # Add an accessor method (similar to attr_reader) to return a configuration value
     # Uses the get_config_value below to control where
     # values are loaded from
@@ -178,6 +212,9 @@ module Aws
 
     config_reader(
       :region,
+      :account_id_endpoint_mode,
+      :auth_scheme_preference,
+      :sigv4a_signing_region_set,
       :ca_bundle,
       :credential_process,
       :endpoint_discovery_enabled,
@@ -185,10 +222,14 @@ module Aws
       :use_fips_endpoint,
       :ec2_metadata_service_endpoint,
       :ec2_metadata_service_endpoint_mode,
+      :ec2_metadata_v1_disabled,
+      :disable_host_prefix_injection,
       :max_attempts,
       :retry_mode,
       :adaptive_retry_wait_to_fill,
       :correct_clock_skew,
+      :request_checksum_calculation,
+      :response_checksum_validation,
       :csm_client_id,
       :csm_enabled,
       :csm_host,
@@ -197,7 +238,12 @@ module Aws
       :s3_use_arn_region,
       :s3_us_east_1_regional_endpoint,
       :s3_disable_multiregion_access_points,
-      :defaults_mode
+      :s3_disable_express_session_auth,
+      :defaults_mode,
+      :sdk_ua_app_id,
+      :disable_request_compression,
+      :request_min_compression_size_bytes,
+      :ignore_configured_endpoint_urls
     )
 
     private
@@ -225,8 +271,8 @@ module Aws
             'provide only source_profile or credential_source, not both.'
         elsif opts[:source_profile]
           opts[:visited_profiles] ||= Set.new
-          opts[:credentials] = resolve_source_profile(opts[:source_profile], opts)
-          if opts[:credentials]
+          provider = resolve_source_profile(opts[:source_profile], opts)
+          if provider && (opts[:credentials] = provider.credentials)
             opts[:role_session_name] ||= prof_cfg['role_session_name']
             opts[:role_session_name] ||= 'default_session'
             opts[:role_arn] ||= prof_cfg['role_arn']
@@ -235,17 +281,28 @@ module Aws
             opts[:serial_number] ||= prof_cfg['mfa_serial']
             opts[:profile] = opts.delete(:source_profile)
             opts.delete(:visited_profiles)
-            AssumeRoleCredentials.new(opts)
+
+            metrics = provider.metrics
+            if provider.is_a?(AssumeRoleCredentials)
+              opts[:credentials] = provider
+              metrics.delete('CREDENTIALS_STS_ASSUME_ROLE')
+            else
+              metrics << 'CREDENTIALS_PROFILE_SOURCE_PROFILE'
+            end
+            # Set the original credentials metrics to [] to prevent duplicate metrics during sign plugin
+            opts[:credentials].metrics = []
+            with_metrics(metrics) do
+              creds = AssumeRoleCredentials.new(opts)
+              creds.metrics.push(*metrics)
+              creds
+            end
           else
             raise Errors::NoSourceProfileError,
               "Profile #{profile} has a role_arn, and source_profile, but the"\
               ' source_profile does not have credentials.'
           end
         elsif credential_source
-          opts[:credentials] = credentials_from_source(
-            credential_source,
-            chain_config
-          )
+          opts[:credentials] = credentials_from_source(credential_source, chain_config)
           if opts[:credentials]
             opts[:role_session_name] ||= prof_cfg['role_session_name']
             opts[:role_session_name] ||= 'default_session'
@@ -254,7 +311,16 @@ module Aws
             opts[:external_id] ||= prof_cfg['external_id']
             opts[:serial_number] ||= prof_cfg['mfa_serial']
             opts.delete(:source_profile) # Cleanup
-            AssumeRoleCredentials.new(opts)
+
+            metrics = opts[:credentials].metrics
+            metrics << 'CREDENTIALS_PROFILE_NAMED_PROVIDER'
+            # Set the original credentials metrics to [] to prevent duplicate metrics during sign plugin
+            opts[:credentials].metrics = []
+            with_metrics(metrics) do
+              creds = AssumeRoleCredentials.new(opts)
+              creds.metrics.push(*metrics)
+              creds
+            end
           else
             raise Errors::NoSourceCredentials,
               "Profile #{profile} could not get source credentials from"\
@@ -282,12 +348,24 @@ module Aws
       elsif profile_config && profile_config['source_profile']
         opts.delete(:source_profile)
         assume_role_credentials_from_config(opts.merge(profile: profile))
-      elsif (provider = assume_role_web_identity_credentials_from_config(opts.merge(profile: profile)))
-        provider.credentials if provider.credentials.set?
+      elsif (provider = assume_role_web_identity_credentials_from_config_with_metrics(opts.merge(profile: profile)))
+        provider if provider.credentials.set?
       elsif (provider = assume_role_process_credentials_from_config(profile))
-        provider.credentials if provider.credentials.set?
-      elsif (provider = sso_credentials_from_config(profile: profile))
-        provider.credentials if provider.credentials.set?
+        provider if provider.credentials.set?
+      elsif (provider = sso_credentials_from_config_with_metrics(profile))
+        provider if provider.credentials.set?
+      end
+    end
+
+    def assume_role_web_identity_credentials_from_config_with_metrics(opts)
+      with_metrics('CREDENTIALS_PROFILE_SOURCE_PROFILE') do
+        assume_role_web_identity_credentials_from_config(opts)
+      end
+    end
+
+    def sso_credentials_from_config_with_metrics(profile)
+      with_metrics('CREDENTIALS_PROFILE_SOURCE_PROFILE') do
+        sso_credentials_from_config(profile: profile)
       end
     end
 
@@ -301,6 +379,15 @@ module Aws
         )
       when 'EcsContainer'
         ECSCredentials.new
+      when 'Environment'
+        creds = Credentials.new(
+          ENV['AWS_ACCESS_KEY_ID'],
+          ENV['AWS_SECRET_ACCESS_KEY'],
+          ENV['AWS_SESSION_TOKEN'],
+          account_id: ENV['AWS_ACCOUNT_ID']
+        )
+        creds.metrics = ['CREDENTIALS_ENV_VARS']
+        creds
       else
         raise Errors::InvalidCredentialSourceError, "Unsupported credential_source: #{credential_source}"
       end
@@ -312,7 +399,11 @@ module Aws
       if @parsed_config
         credential_process ||= @parsed_config.fetch(profile, {})['credential_process']
       end
-      ProcessCredentials.new(credential_process) if credential_process
+      if credential_process
+        creds = ProcessCredentials.new([credential_process])
+        creds.metrics << 'CREDENTIALS_PROFILE_PROCESS'
+        creds
+      end
     end
 
     def credentials_from_shared(profile, _opts)
@@ -335,12 +426,8 @@ module Aws
          !(prof_config.keys & SSO_CREDENTIAL_PROFILE_KEYS).empty?
 
         if sso_session_name = prof_config['sso_session']
-          sso_session = cfg["sso-session #{sso_session_name}"]
-          unless sso_session
-            raise ArgumentError,
-                  "sso-session #{sso_session_name} must be defined in the config file. " \
-                    "Referenced by profile #{profile}"
-          end
+          sso_session = sso_session(cfg, profile, sso_session_name)
+
           sso_region = sso_session['sso_region']
           sso_start_url = sso_session['sso_start_url']
 
@@ -360,13 +447,18 @@ module Aws
           sso_start_url = prof_config['sso_start_url']
         end
 
-        SSOCredentials.new(
-          sso_account_id: prof_config['sso_account_id'],
-          sso_role_name: prof_config['sso_role_name'],
-          sso_session: prof_config['sso_session'],
-          sso_region: sso_region,
-          sso_start_url: prof_config['sso_start_url']
+        metric = prof_config['sso_session'] ? 'CREDENTIALS_PROFILE_SSO' : 'CREDENTIALS_PROFILE_SSO_LEGACY'
+        with_metrics(metric) do
+          creds = SSOCredentials.new(
+            sso_account_id: prof_config['sso_account_id'],
+            sso_role_name: prof_config['sso_role_name'],
+            sso_session: prof_config['sso_session'],
+            sso_region: sso_region,
+            sso_start_url: sso_start_url
           )
+          creds.metrics << metric
+          creds
+        end
       end
     end
 
@@ -378,16 +470,7 @@ module Aws
         !(prof_config.keys & SSO_TOKEN_PROFILE_KEYS).empty?
 
         sso_session_name = prof_config['sso_session']
-        sso_session = cfg["sso-session #{sso_session_name}"]
-        unless sso_session
-          raise ArgumentError,
-                "sso-session #{sso_session_name} must be defined in the config file." \
-                  "Referenced by profile #{profile}"
-        end
-
-        unless sso_session['sso_region']
-          raise ArgumentError, "sso-session #{sso_session_name} missing required parameter: sso_region"
-        end
+        sso_session = sso_session(cfg, profile, sso_session_name)
 
         SSOTokenProvider.new(
           sso_session: sso_session_name,
@@ -396,12 +479,24 @@ module Aws
       end
     end
 
+    def login_credentials_from_profile(cfg, profile, region)
+      return unless @parsed_config && (prof_config = cfg[profile]) && prof_config['login_session']
+
+      cfg = { login_session: prof_config['login_session'] }
+      cfg[:region] = region if region
+      creds = LoginCredentials.new(cfg)
+      creds.metrics << 'CREDENTIALS_PROFILE_LOGIN'
+      creds
+    end
+
     def credentials_from_profile(prof_config)
       creds = Credentials.new(
         prof_config['aws_access_key_id'],
         prof_config['aws_secret_access_key'],
-        prof_config['aws_session_token']
+        prof_config['aws_session_token'],
+        account_id: prof_config['aws_account_id']
       )
+      creds.metrics = ['CREDENTIALS_PROFILE']
       creds if creds.set?
     end
 
@@ -445,5 +540,26 @@ module Aws
       ret ||= 'default'
       ret
     end
+
+    def sso_session(cfg, profile, sso_session_name)
+      # aws sso-configure may add quotes around sso session names with whitespace
+      sso_session = cfg["sso-session #{sso_session_name}"] || cfg["sso-session '#{sso_session_name}'"]
+
+      unless sso_session
+        raise ArgumentError,
+          "sso-session #{sso_session_name} must be defined in the config file. " \
+                    "Referenced by profile #{profile}"
+      end
+
+      unless sso_session['sso_region']
+        raise ArgumentError, "sso-session #{sso_session_name} missing required parameter: sso_region"
+      end
+
+      sso_session
+    end
+
+    def with_metrics(metrics, &block)
+      Aws::Plugins::UserAgent.metric(*metrics, &block)
+    end
   end
 end

data/lib/aws-sdk-core/shared_credentials.rb

@@ -7,13 +7,6 @@ module Aws
 
     include CredentialProvider
 
-    # @api private
-    KEY_MAP = {
-      'aws_access_key_id' => 'access_key_id',
-      'aws_secret_access_key' => 'secret_access_key',
-      'aws_session_token' => 'session_token',
-    }
-
     # Constructs a new SharedCredentials object. This will load static
     # (access_key_id, secret_access_key and session_token) AWS access
     # credentials from an ini file, which supports profiles. The default
@@ -47,6 +40,7 @@ module Aws
         )
         @credentials = config.credentials(profile: @profile_name)
       end
+      @metrics = ['CREDENTIALS_CODE']
     end
 
     # @return [String]

data/lib/aws-sdk-core/sso_credentials.rb

@@ -7,7 +7,7 @@ module Aws
   # {Aws::SSOTokenProvider} will be used to refresh the token if possible.
   # This class does NOT implement the SSO login token flow - tokens
   # must generated separately by running `aws login` from the
-  # AWS CLI with the correct profile. The `SSOCredentials` will
+  # AWS CLI with the correct profile. The {SSOCredentials} will
   # auto-refresh the AWS credentials from SSO.
   #
   #     # You must first run aws sso login --profile your-sso-profile
@@ -91,6 +91,7 @@ module Aws
           client_opts[:credentials] = nil
           @client = Aws::SSO::Client.new(client_opts)
         end
+        @metrics = ['CREDENTIALS_SSO']
       else # legacy behavior
         missing_keys = LEGACY_REQUIRED_OPTS.select { |k| options[k].nil? }
         unless missing_keys.empty?
@@ -111,6 +112,7 @@ module Aws
         client_opts[:credentials] = nil
 
         @client = options[:client] || Aws::SSO::Client.new(client_opts)
+        @metrics = ['CREDENTIALS_SSO_LEGACY']
       end
 
       @async_refresh = true
@@ -156,9 +158,10 @@ module Aws
       @credentials = Credentials.new(
         c.access_key_id,
         c.secret_access_key,
-        c.session_token
+        c.session_token,
+        account_id: @sso_account_id
       )
-      @expiration = c.expiration
+      @expiration = Time.at(c.expiration / 1000.0)
     end
 
     def sso_cache_file

data/lib/aws-sdk-core/static_token_provider.rb

@@ -2,12 +2,11 @@
 
 module Aws
   class StaticTokenProvider
-
     include TokenProvider
 
     # @param [String] token
     # @param [Time] expiration
-    def initialize(token, expiration=nil)
+    def initialize(token, expiration = nil)
       @token = Token.new(token, expiration)
     end
   end

data/lib/aws-sdk-core/stubbing/protocols/ec2.rb

@@ -3,6 +3,7 @@
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class EC2
 
         def stub_data(api, operation, data)
@@ -16,17 +17,17 @@ module Aws
         end
 
         def stub_error(error_code)
-          http_resp = Seahorse::Client::Http::Response.new
-          http_resp.status_code = 400
-          http_resp.body = <<-XML.strip
-<ErrorResponse>
-  <Error>
-    <Code>#{error_code}</Code>
-    <Message>stubbed-response-error-message</Message>
-  </Error>
-</ErrorResponse>
+          resp = Seahorse::Client::Http::Response.new
+          resp.status_code = 400
+          resp.body = <<~XML.strip
+            <ErrorResponse>
+              <Error>
+                <Code>#{error_code}</Code>
+                <Message>stubbed-response-error-message</Message>
+              </Error>
+            </ErrorResponse>
           XML
-          http_resp
+          resp
         end
 
         private
@@ -37,7 +38,7 @@ module Aws
           xml.shift
           xml.pop
           xmlns = "http://ec2.amazonaws.com/doc/#{api.version}/".inspect
-          xml.unshift("  <requestId>stubbed-request-id</requestId>")
+          xml.unshift('  <requestId>stubbed-request-id</requestId>')
           xml.unshift("<#{operation.name}Response xmlns=#{xmlns}>\n")
           xml.push("</#{operation.name}Response>\n")
           xml.join

data/lib/aws-sdk-core/stubbing/protocols/json.rb

@@ -3,27 +3,28 @@
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class Json
 
         def stub_data(api, operation, data)
           resp = Seahorse::Client::Http::Response.new
           resp.status_code = 200
-          resp.headers["Content-Type"] = content_type(api)
-          resp.headers["x-amzn-RequestId"] = "stubbed-request-id"
+          resp.headers['Content-Type'] = content_type(api)
+          resp.headers['x-amzn-RequestId'] = 'stubbed-request-id'
           resp.body = build_body(operation, data)
           resp
         end
 
         def stub_error(error_code)
-          http_resp = Seahorse::Client::Http::Response.new
-          http_resp.status_code = 400
-          http_resp.body = <<-JSON.strip
-{
-  "code": #{error_code.inspect},
-  "message": "stubbed-response-error-message"
-}
+          resp = Seahorse::Client::Http::Response.new
+          resp.status_code = 400
+          resp.body = <<~JSON.strip
+            {
+              "code": #{error_code.inspect},
+              "message": "stubbed-response-error-message"
+            }
           JSON
-          http_resp
+          resp
         end
 
         private

data/lib/aws-sdk-core/stubbing/protocols/query.rb

@@ -3,6 +3,7 @@
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class Query
 
         def stub_data(api, operation, data)
@@ -13,10 +14,10 @@ module Aws
         end
 
         def stub_error(error_code)
-          http_resp = Seahorse::Client::Http::Response.new
-          http_resp.status_code = 400
-          http_resp.body = XmlError.new(error_code).to_xml
-          http_resp
+          resp = Seahorse::Client::Http::Response.new
+          resp.status_code = 400
+          resp.body = XmlError.new(error_code).to_xml
+          resp
         end
 
         private
@@ -24,9 +25,9 @@ module Aws
         def build_body(api, operation, data)
           xml = []
           builder = Aws::Xml::DocBuilder.new(target: xml, indent: '  ')
-          builder.node(operation.name + 'Response', xmlns: xmlns(api)) do
+          builder.node("#{operation.name}Response", xmlns: xmlns(api)) do
             if (rules = operation.output)
-              rules.location_name = operation.name + 'Result'
+              rules.location_name = "#{operation.name}Result"
               Xml::Builder.new(rules, target: xml, pad:'  ').to_xml(data)
             end
             builder.node('ResponseMetadata') do

data/lib/aws-sdk-core/stubbing/protocols/rest.rb

@@ -5,6 +5,7 @@ require 'aws-eventstream'
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class Rest
 
         include Seahorse::Model::Shapes
@@ -22,7 +23,7 @@ module Aws
         def new_http_response
           resp = Seahorse::Client::Http::Response.new
           resp.status_code = 200
-          resp.headers["x-amzn-RequestId"] = "stubbed-request-id"
+          resp.headers['x-amzn-RequestId'] = 'stubbed-request-id'
           resp
         end
 

data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb

@@ -3,6 +3,7 @@
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class RestJson < Rest
 
         def body_for(_a, _b, rules, data)
@@ -14,15 +15,15 @@ module Aws
         end
 
         def stub_error(error_code)
-          http_resp = Seahorse::Client::Http::Response.new
-          http_resp.status_code = 400
-          http_resp.body = <<-JSON.strip
-{
-  "code": #{error_code.inspect},
-  "message": "stubbed-response-error-message"
-}
+          resp = Seahorse::Client::Http::Response.new
+          resp.status_code = 400
+          resp.body = <<~JSON.strip
+            {
+              "code": #{error_code.inspect},
+              "message": "stubbed-response-error-message"
+            }
           JSON
-          http_resp
+          resp
         end
 
       end

data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb

@@ -3,6 +3,7 @@
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class RestXml < Rest
 
         def body_for(api, operation, rules, data)
@@ -10,7 +11,7 @@ module Aws
             encode_eventstream_response(rules, data, Xml::Builder)
           else
             xml = []
-            rules.location_name = operation.name + 'Result'
+            rules.location_name = "#{operation.name}Result"
             rules['xmlNamespace'] = { 'uri' => api.metadata['xmlNamespace'] }
             Xml::Builder.new(rules, target:xml).to_xml(data)
             xml.join
@@ -18,10 +19,10 @@ module Aws
         end
 
         def stub_error(error_code)
-          http_resp = Seahorse::Client::Http::Response.new
-          http_resp.status_code = 400
-          http_resp.body = XmlError.new(error_code).to_xml
-          http_resp
+          resp = Seahorse::Client::Http::Response.new
+          resp.status_code = 400
+          resp.body = XmlError.new(error_code).to_xml
+          resp
         end
 
         def xmlns(api)