aws-sdk-core 3.175.0 → 3.184.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 00b5dd5634edc052e3a3b44da5f1d06a96c5897585de71fe994130a991bf7cee
-  data.tar.gz: 4aab11d507d492ed8b2eec6123bb9170c5271c40b42afb026dd844dbb082786f
+  metadata.gz: c174e3e20f53c69aab8b23ec85ca75a84f7a9541b4a833da4cd7aabe5d08bdf9
+  data.tar.gz: eff5a3c9814ecfe8b4dbdd0eec1b72cb66f66d6d3ff514f89d06167f86dde081
 SHA512:
-  metadata.gz: e85525d950b0e7dbe029a0b8c45661edf1ed398d32f4e63b2f0641d6febbdfee370701309719146e5da98415233d2a978fc88905e4fc1073cd95dca42cd13eff
-  data.tar.gz: 3a9c20834b4b0f8faf9fdbc3963156cf996719f1f1051ae4b8e251f5f32ec45a7f072b9c0f007cbbeabcc6496aa6f473f840ee338d97e3f227b72217d53f2cba
+  metadata.gz: '09f540689c00d522c6a38026d284d660825faefcfd55b93337feeb226edd4b83e2c0c809206994630ee8dfa54505cc38802495117fb409d75aa482d1a22f3979'
+  data.tar.gz: fe803a96b1dab3ad3850ea180462f183baef5ad8055e6b38082e3be4965c32fd5f262431d49897d7dfd4ff0140f61e78ee772cc05385cd8865a075b0d93b0ca8

data/CHANGELOG.md

@@ -1,6 +1,97 @@
 Unreleased Changes
 ------------------
 
+3.184.0 (2023-09-27)
+------------------
+
+* Feature - Change the `ServiceError` data member from read only to read/write.
+
+3.183.1 (2023-09-25)
+------------------
+
+* Issue - Remove value inspection from param validation errors.
+
+3.183.0 (2023-09-20)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+3.182.0 (2023-09-19)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.181.1 (2023-09-14)
+------------------
+
+* Issue - Fix host label validation in endpoint matchers.
+
+3.181.0 (2023-08-22)
+------------------
+
+* Feature - Add support for `on_chunk_received` callback.
+
+3.180.3 (2023-08-09)
+------------------
+
+* Issue - Add support for sso-session names with whitespace configured by the CLI `aws sso configure` command (#2895).
+
+3.180.2 (2023-08-07)
+------------------
+
+* Issue - Fix parsing of ini files with mixes of blank properties and nested configurations.
+
+3.180.1 (2023-07-31)
+------------------
+
+* Issue - Remove checksums from default stubs (#2888).
+
+3.180.0 (2023-07-25)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.179.0 (2023-07-24)
+------------------
+
+* Feature - Add `checksum_validated` method to response.
+
+3.178.0 (2023-07-11)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Add support for configuring the endpoint URL in the shared configuration file or via an environment variable for a specific AWS service or all AWS services.
+
+3.177.0 (2023-07-06)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Add support for Request Compression.
+
+3.176.1 (2023-06-29)
+------------------
+
+* Issue - Fix signing for S3/S3 Control and `aws-crt` gem for certain object keys (#2849).
+
+* Issue - Ensure `SSOCredentials` `#expiration` is a `Time` (#2874)
+
+3.176.0 (2023-06-28)
+------------------
+
+* Feature - Add :expiration accessor to `CredentialProvider` and do not refresh credentials when checking expiration (#2872).
+
 3.175.0 (2023-06-15)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.175.0
+3.184.0

data/lib/aws-sdk-core/credential_provider.rb

@@ -6,6 +6,9 @@ module Aws
     # @return [Credentials]
     attr_reader :credentials
 
+    # @return [Time]
+    attr_reader :expiration
+
     # @return [Boolean]
     def set?
       !!credentials && credentials.set?

data/lib/aws-sdk-core/endpoints/matchers.rb

@@ -79,11 +79,11 @@ module Aws
         return false if value.empty?
 
         if allow_sub_domains
-          labels = value.split('.')
+          labels = value.split('.', -1)
           return labels.all? { |l| valid_host_label?(l) }
         end
 
-        value =~ /\A(?!-)[a-zA-Z0-9-]{1,63}(?<!-)\z/
+        !!(value =~ /\A(?!-)[a-zA-Z0-9-]{1,63}(?<!-)\z/)
       end
 
       # AWS
@@ -114,13 +114,17 @@ module Aws
 
       # aws.isVirtualHostableS3Bucket(value: string, allowSubDomains: bool) bool
       def self.aws_virtual_hostable_s3_bucket?(value, allow_sub_domains = false)
-        !!(value.size < 64 &&
-          # regular naming rules
-          value =~ /^[a-z0-9][a-z0-9\-#{'.' if allow_sub_domains}]+[a-z0-9]$/ &&
-          # not IP address
-          value !~ /(\d+\.){3}\d+/ &&
-          # no dash and hyphen together
-          value !~ /[.-]{2}/)
+        return false if value.empty?
+
+        if allow_sub_domains
+          labels = value.split('.', -1)
+          return labels.all? { |l| aws_virtual_hostable_s3_bucket?(l) }
+        end
+
+        # must be between 3 and 63 characters long, no uppercase
+        value =~ /\A(?!-)[a-z0-9-]{3,63}(?<!-)\z/ &&
+          # not an IP address
+          value !~ /(\d+\.){3}\d+/
       end
     end
   end

data/lib/aws-sdk-core/endpoints.rb

@@ -39,7 +39,11 @@ module Aws
           auth_scheme = { 'name' => 'sigv4' }
           merge_signing_defaults(auth_scheme, context.config)
         when 's3', 's3v4'
-          auth_scheme = { 'name' => 'sigv4', 'disableDoubleEncoding' => true }
+          auth_scheme = {
+            'name' => 'sigv4',
+            'disableDoubleEncoding' => true,
+            'disableNormalizePath' => true
+          }
           merge_signing_defaults(auth_scheme, context.config)
         when 'bearer'
           { 'name' => 'bearer' }

data/lib/aws-sdk-core/errors.rb

@@ -30,7 +30,7 @@ module Aws
       attr_reader :context
 
       # @return [Aws::Structure]
-      attr_reader :data
+      attr_accessor :data
 
       class << self
 

data/lib/aws-sdk-core/ini_parser.rb

@@ -8,6 +8,8 @@ module Aws
       def ini_parse(raw)
         current_profile = nil
         current_prefix = nil
+        item = nil
+        previous_item = nil
         raw.lines.inject({}) do |acc, line|
           line = line.split(/^|\s;/).first # remove comments
           profile = line.match(/^\[([^\[\]]+)\]\s*(#.+)?$/) unless line.nil?
@@ -17,11 +19,16 @@ module Aws
             current_profile = named_profile[1] if named_profile
           elsif current_profile
             unless line.nil?
+              previous_item = item
               item = line.match(/^(.+?)\s*=\s*(.+?)\s*$/)
               prefix = line.match(/^(.+?)\s*=\s*$/)
             end
             if item && item[1].match(/^\s+/)
               # Need to add lines to a nested configuration.
+              if current_prefix.nil? && previous_item[2].strip.empty?
+                current_prefix = previous_item[1]
+                acc[current_profile][current_prefix] = {}
+              end
               inner_item = line.match(/^\s*(.+?)\s*=\s*(.+?)\s*$/)
               acc[current_profile] ||= {}
               acc[current_profile][current_prefix] ||= {}

data/lib/aws-sdk-core/param_validator.rb

@@ -6,7 +6,7 @@ module Aws
 
     include Seahorse::Model::Shapes
 
-    EXPECTED_GOT = "expected %s to be %s, got value %s (class: %s) instead."
+    EXPECTED_GOT = 'expected %s to be %s, got class %s instead.'
 
     # @param [Seahorse::Model::Shapes::ShapeRef] rules
     # @param [Hash] params
@@ -230,7 +230,7 @@ module Aws
     end
 
     def expected_got(context, expected, got)
-      EXPECTED_GOT % [context, expected, got.inspect, got.class.name]
+      EXPECTED_GOT % [context, expected, got.class.name]
     end
 
   end

data/lib/aws-sdk-core/plugins/regional_endpoint.rb

@@ -47,44 +47,21 @@ is set to `true`.
       # Legacy endpoints must continue to be generated at client time.
       option(:regional_endpoint, false)
 
-      # NOTE: All of the defaults block code is effectively deprecated.
-      # Because old services can depend on this new core version, we must
-      # retain it.
+      option(:ignore_configured_endpoint_urls,
+        doc_type: 'Boolean',
+        docstring: <<-DOCS) do |cfg|
+Setting to true disables use of endpoint URLs provided via environment 
+variables and the shared configuration file.
+        DOCS
+        resolve_ignore_configured_endpoint_urls(cfg)
+      end
+
       option(:endpoint, doc_type: String, docstring: <<-DOCS) do |cfg|
 The client endpoint is normally constructed from the `:region`
 option. You should only configure an `:endpoint` when connecting
 to test or custom endpoints. This should be a valid HTTP(S) URI.
         DOCS
-        endpoint_prefix = cfg.api.metadata['endpointPrefix']
-        if cfg.region && endpoint_prefix
-          if cfg.respond_to?(:sts_regional_endpoints)
-            sts_regional = cfg.sts_regional_endpoints
-          end
-
-          # check region is a valid RFC host label
-          unless Seahorse::Util.host_label?(cfg.region)
-            raise Errors::InvalidRegionError
-          end
-
-          region = cfg.region
-          new_region = region.gsub('fips-', '').gsub('-fips', '')
-          if region != new_region
-            warn("Legacy region #{region} was transformed to #{new_region}."\
-                 '`use_fips_endpoint` config was set to true.')
-            cfg.override_config(:use_fips_endpoint, true)
-            cfg.override_config(:region, new_region)
-          end
-
-          Aws::Partitions::EndpointProvider.resolve(
-            cfg.region,
-            endpoint_prefix,
-            sts_regional,
-            {
-              dualstack: cfg.use_dualstack_endpoint,
-              fips: cfg.use_fips_endpoint
-            }
-          )
-        end
+        resolve_endpoint(cfg)
       end
 
       def after_initialize(client)
@@ -117,6 +94,105 @@ to test or custom endpoints. This should be a valid HTTP(S) URI.
           value ||= Aws.shared_config.use_fips_endpoint(profile: cfg.profile)
           Aws::Util.str_2_bool(value) || false
         end
+
+        def resolve_ignore_configured_endpoint_urls(cfg)
+          value = ENV['AWS_IGNORE_CONFIGURED_ENDPOINT_URLS']
+          value ||= Aws.shared_config.ignore_configured_endpoint_urls(profile: cfg.profile)
+          Aws::Util.str_2_bool(value&.downcase) || false
+        end
+
+        # NOTE: with Endpoints 2.0, some of this logic is deprecated
+        # but because new old service gems may depend on new core versions
+        # we must preserve that behavior.
+        # Additional behavior controls the setting of the custom SDK::Endpoint
+        # parameter.
+        # When the `regional_endpoint` config is set to true - this indicates to
+        # Endpoints2.0 that a custom endpoint has NOT been configured by the user.
+        def resolve_endpoint(cfg)
+          endpoint = resolve_custom_config_endpoint(cfg)
+          endpoint_prefix = cfg.api.metadata['endpointPrefix']
+
+          return endpoint unless endpoint.nil? && cfg.region && endpoint_prefix
+
+          validate_region!(cfg.region)
+          handle_legacy_pseudo_regions(cfg)
+
+          # set regional_endpoint flag - this indicates to Endpoints 2.0
+          # that a custom endpoint has NOT been configured by the user
+          cfg.override_config(:regional_endpoint, true)
+
+          resolve_legacy_endpoint(cfg)
+        end
+
+        # get a custom configured endpoint from ENV or configuration
+        def resolve_custom_config_endpoint(cfg)
+          return if cfg.ignore_configured_endpoint_urls
+
+
+          env_service_endpoint(cfg) || env_global_endpoint(cfg) || shared_config_endpoint(cfg)
+        end
+
+        def env_service_endpoint(cfg)
+          service_id = cfg.api.metadata['serviceId'] || cfg.api.metadata['endpointPrefix']
+          env_service_id = service_id.gsub(" ", "_").upcase
+          return unless endpoint = ENV["AWS_ENDPOINT_URL_#{env_service_id}"]
+
+          cfg.logger&.debug(
+            "Endpoint configured from ENV['AWS_ENDPOINT_URL_#{env_service_id}']: #{endpoint}\n")
+          endpoint
+        end
+
+        def env_global_endpoint(cfg)
+          return unless endpoint = ENV['AWS_ENDPOINT_URL']
+
+          cfg.logger&.debug(
+            "Endpoint configured from ENV['AWS_ENDPOINT_URL']: #{endpoint}\n")
+          endpoint
+        end
+
+        def shared_config_endpoint(cfg)
+          service_id = cfg.api.metadata['serviceId'] || cfg.api.metadata['endpointPrefix']
+          return unless endpoint = Aws.shared_config.configured_endpoint(profile: cfg.profile, service_id: service_id)
+
+          cfg.logger&.debug(
+            "Endpoint configured from shared config(profile: #{cfg.profile}): #{endpoint}\n")
+          endpoint
+        end
+
+        # check region is a valid RFC host label
+        def validate_region!(region)
+          unless Seahorse::Util.host_label?(region)
+            raise Errors::InvalidRegionError
+          end
+        end
+
+        def handle_legacy_pseudo_regions(cfg)
+          region = cfg.region
+          new_region = region.gsub('fips-', '').gsub('-fips', '')
+          if region != new_region
+            warn("Legacy region #{region} was transformed to #{new_region}."\
+                 '`use_fips_endpoint` config was set to true.')
+            cfg.override_config(:use_fips_endpoint, true)
+            cfg.override_config(:region, new_region)
+          end
+        end
+        # set a default endpoint in config using legacy (endpoints.json) resolver
+        def resolve_legacy_endpoint(cfg)
+          endpoint_prefix = cfg.api.metadata['endpointPrefix']
+          if cfg.respond_to?(:sts_regional_endpoints)
+            sts_regional = cfg.sts_regional_endpoints
+          end
+
+          Aws::Partitions::EndpointProvider.resolve(
+            cfg.region,
+            endpoint_prefix,
+            sts_regional,
+            {
+              dualstack: cfg.use_dualstack_endpoint,
+              fips: cfg.use_fips_endpoint
+            }
+          )
+        end
       end
     end
   end

data/lib/aws-sdk-core/plugins/request_compression.rb

@@ -0,0 +1,217 @@
+# frozen_string_literal: true
+
+module Aws
+  module Plugins
+    # @api private
+    class RequestCompression < Seahorse::Client::Plugin
+      DEFAULT_MIN_COMPRESSION_SIZE = 10_240
+      MIN_COMPRESSION_SIZE_LIMIT = 10_485_760
+      SUPPORTED_ENCODINGS = %w[gzip].freeze
+      CHUNK_SIZE = 1 * 1024 * 1024 # one MB
+
+      option(
+        :disable_request_compression,
+        default: false,
+        doc_type: 'Boolean',
+        docstring: <<-DOCS) do |cfg|
+When set to 'true' the request body will not be compressed
+for supported operations.
+      DOCS
+        resolve_disable_request_compression(cfg)
+      end
+
+      option(
+        :request_min_compression_size_bytes,
+        default: 10_240,
+        doc_type: 'Integer',
+        docstring: <<-DOCS) do |cfg|
+The minimum size in bytes that triggers compression for request
+bodies. The value must be non-negative integer value between 0
+and 10485780 bytes inclusive.
+      DOCS
+        resolve_request_min_compression_size_bytes(cfg)
+      end
+
+      def after_initialize(client)
+        validate_disable_request_compression_input(client.config)
+        validate_request_min_compression_size_bytes_input(client.config)
+      end
+
+      def validate_disable_request_compression_input(cfg)
+        unless [true, false].include?(cfg.disable_request_compression)
+          raise ArgumentError,
+                'Must provide either `true` or `false` for the '\
+                '`disable_request_compression` configuration option.'
+        end
+      end
+
+      def validate_request_min_compression_size_bytes_input(cfg)
+        value = Integer(cfg.request_min_compression_size_bytes)
+        unless value.between?(0, MIN_COMPRESSION_SIZE_LIMIT)
+          raise ArgumentError,
+                'Must provide a non-negative integer value between '\
+                  '`0` and `10485760` bytes inclusive for the '\
+                  '`request_min_compression_size_bytes` configuration option.'
+        end
+      end
+
+      def add_handlers(handlers, _config)
+        # priority set to ensure compression happens BEFORE checksum
+        handlers.add(CompressionHandler, priority: 16, step: :build)
+      end
+
+      class << self
+        private
+
+        def resolve_disable_request_compression(cfg)
+          value = ENV['AWS_DISABLE_REQUEST_COMPRESSION'] ||
+                  Aws.shared_config.disable_request_compression(profile: cfg.profile) ||
+                  'false'
+          Aws::Util.str_2_bool(value)
+        end
+
+        def resolve_request_min_compression_size_bytes(cfg)
+          value = ENV['AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES'] ||
+                  Aws.shared_config.request_min_compression_size_bytes(profile: cfg.profile) ||
+                  DEFAULT_MIN_COMPRESSION_SIZE.to_s
+          Integer(value)
+        end
+      end
+
+      # @api private
+      class CompressionHandler < Seahorse::Client::Handler
+        def call(context)
+          if should_compress?(context)
+            selected_encoding = request_encoding_selection(context)
+            if selected_encoding
+              if streaming?(context.operation.input)
+                process_streaming_compression(selected_encoding, context)
+              elsif context.http_request.body.size >= context.config.request_min_compression_size_bytes
+                process_compression(selected_encoding, context)
+              end
+            end
+          end
+          @handler.call(context)
+        end
+
+        private
+
+        def request_encoding_selection(context)
+          encoding_list = context.operation.request_compression['encodings']
+          encoding_list.find { |encoding| RequestCompression::SUPPORTED_ENCODINGS.include?(encoding) }
+        end
+
+        def update_content_encoding(encoding, context)
+          headers = context.http_request.headers
+          if headers['Content-Encoding']
+            headers['Content-Encoding'] += ',' + encoding
+          else
+            headers['Content-Encoding'] = encoding
+          end
+        end
+
+        def should_compress?(context)
+          context.operation.request_compression &&
+            !context.config.disable_request_compression
+        end
+
+        def streaming?(input)
+          if payload = input[:payload_member] # checking ref and shape
+            payload['streaming'] || payload.shape['streaming']
+          else
+            false
+          end
+        end
+
+        def process_compression(encoding, context)
+          case encoding
+          when 'gzip'
+            gzip_compress(context)
+          else
+            raise StandardError, "We currently do not support #{encoding} encoding"
+          end
+          update_content_encoding(encoding, context)
+        end
+
+        def gzip_compress(context)
+          compressed = StringIO.new
+          compressed.binmode
+          gzip_writer = Zlib::GzipWriter.new(compressed)
+          if context.http_request.body.respond_to?(:read)
+            update_in_chunks(gzip_writer, context.http_request.body)
+          else
+            gzip_writer.write(context.http_request.body)
+          end
+          gzip_writer.close
+          new_body = StringIO.new(compressed.string)
+          context.http_request.body = new_body
+        end
+
+        def update_in_chunks(compressor, io)
+          loop do
+            chunk = io.read(CHUNK_SIZE)
+            break unless chunk
+
+            compressor.write(chunk)
+          end
+        end
+
+        def process_streaming_compression(encoding, context)
+          case encoding
+          when 'gzip'
+            context.http_request.body = GzipIO.new(context.http_request.body)
+          else
+            raise StandardError, "We currently do not support #{encoding} encoding"
+          end
+          update_content_encoding(encoding, context)
+        end
+
+        # @api private
+        class GzipIO
+          def initialize(body)
+            @body = body
+            @buffer = ChunkBuffer.new
+            @gzip_writer = Zlib::GzipWriter.new(@buffer)
+          end
+
+          def read(length, buff = nil)
+            if @gzip_writer.closed?
+              # an empty string to signify an end as
+              # there will be nothing remaining to be read
+              StringIO.new('').read(length, buff)
+              return
+            end
+
+            chunk = @body.read(length)
+            if !chunk || chunk.empty?
+              # closing the writer will write one last chunk
+              # with a trailer (to be read from the @buffer)
+              @gzip_writer.close
+            else
+              # flush happens first to ensure that header fields
+              # are being sent over since write will override
+              @gzip_writer.flush
+              @gzip_writer.write(chunk)
+            end
+
+            StringIO.new(@buffer.last_chunk).read(length, buff)
+          end
+        end
+
+        # @api private
+        class ChunkBuffer
+          def initialize
+            @last_chunk = nil
+          end
+
+          attr_reader :last_chunk
+
+          def write(data)
+            @last_chunk = data
+          end
+        end
+      end
+
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/sign.rb

@@ -108,6 +108,7 @@ module Aws
               credentials_provider: config.credentials,
               signing_algorithm: scheme_name.to_sym,
               uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
+              normalize_path: !!!auth_scheme['disableNormalizePath'],
               unsigned_headers: %w[content-length user-agent x-amzn-trace-id]
             )
           rescue Aws::Sigv4::Errors::MissingCredentialsError

data/lib/aws-sdk-core/refreshing_credentials.rb

@@ -36,12 +36,6 @@ module Aws
       @credentials
     end
 
-    # @return [Time,nil]
-    def expiration
-      refresh_if_near_expiration!
-      @expiration
-    end
-
     # Refresh credentials.
     # @return [void]
     def refresh!