aws-sdk-core 3.178.0 → 3.233.0

data/lib/aws-sdk-core/rpc_v2/parser.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+require 'time'
+
+module Aws
+  module RpcV2
+    class Parser
+      include Seahorse::Model::Shapes
+
+      # @param [Seahorse::Model::ShapeRef] rules
+      def initialize(rules, query_compatible: false)
+        @rules = rules
+        @query_compatible = query_compatible
+      end
+
+      def parse(cbor, target = nil)
+        return {} if cbor.empty?
+
+        parse_ref(@rules, RpcV2.decode(cbor), target)
+      end
+
+      private
+
+      def structure(ref, values, target = nil)
+        shape = ref.shape
+        target = ref.shape.struct_class.new if target.nil?
+        values.each do |key, value|
+          member_name, member_ref = shape.member_by_location_name(key)
+          if member_ref
+            target[member_name] = parse_ref(member_ref, value)
+          elsif shape.union && key != '__type'
+            target[:unknown] = { 'name' => key, 'value' => value }
+          end
+        end
+        # In services that were previously Query/XML, members that were
+        # "flattened" defaulted to empty lists. In JSON, these values are nil,
+        # which is backwards incompatible. To preserve backwards compatibility,
+        # we set a default value of [] for these members.
+        if @query_compatible
+          ref.shape.members.each do |member_name, member_target|
+            next unless target[member_name].nil?
+
+            if flattened_list?(member_target.shape)
+              target[member_name] = []
+            elsif flattened_map?(member_target.shape)
+              target[member_name] = {}
+            end
+          end
+        end
+
+        if shape.union
+          # convert to subclass
+          member_subclass = shape.member_subclass(target.member).new
+          member_subclass[target.member] = target.value
+          target = member_subclass
+        end
+        target
+      end
+
+      def list(ref, values, target = nil)
+        target = [] if target.nil?
+        values.each do |value|
+          target << parse_ref(ref.shape.member, value)
+        end
+        target
+      end
+
+      def map(ref, values, target = nil)
+        target = {} if target.nil?
+        values.each do |key, value|
+          target[key] = parse_ref(ref.shape.value, value) unless value.nil?
+        end
+        target
+      end
+
+      def parse_ref(ref, value, target = nil)
+        if value.nil?
+          nil
+        else
+          case ref.shape
+          when StructureShape then structure(ref, value, target)
+          when ListShape then list(ref, value, target)
+          when MapShape then map(ref, value, target)
+          else value
+          end
+        end
+      end
+
+      def flattened_list?(shape)
+        shape.is_a?(ListShape) && shape.flattened
+      end
+
+      def flattened_map?(shape)
+        shape.is_a?(MapShape) && shape.flattened
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/rpc_v2.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require_relative 'cbor'
+require_relative 'rpc_v2/builder'
+require_relative 'rpc_v2/content_type_handler'
+require_relative 'rpc_v2/error_handler'
+require_relative 'rpc_v2/handler'
+require_relative 'rpc_v2/parser'
+
+module Aws
+  # @api private
+  module RpcV2
+    class << self
+      # @param [Symbol,Class] engine
+      #   Must be one of the following values:
+      #
+      #   * :cbor
+      #
+      def engine=(engine)
+        @engine = Class === engine ? engine : load_engine(engine)
+      end
+
+      # @return [Class] Returns the default engine.
+      #   One of:
+      #
+      #   * {CborEngine}
+      #
+      def engine
+        set_default_engine unless @engine
+        @engine
+      end
+
+      def encode(data)
+        @engine.encode(data)
+      end
+
+      def decode(bytes)
+        bytes.force_encoding(Encoding::BINARY)
+        @engine.decode(bytes)
+      end
+
+      def set_default_engine
+        [:cbor].each do |name|
+          @engine ||= try_load_engine(name)
+        end
+
+        unless @engine
+          raise 'Unable to find a compatible cbor library.'
+        end
+      end
+
+      private
+
+      def load_engine(name)
+        require "aws-sdk-core/rpc_v2/#{name}_engine"
+        const_name = name[0].upcase + name[1..-1] + 'Engine'
+        const_get(const_name)
+      end
+
+      def try_load_engine(name)
+        load_engine(name)
+      rescue LoadError
+        false
+      end
+    end
+
+    set_default_engine
+  end
+end

data/lib/aws-sdk-core/shared_config.rb

@@ -138,7 +138,11 @@ module Aws
             role_session_name: entry['role_session_name']
           }
           cfg[:region] = opts[:region] if opts[:region]
-          AssumeRoleWebIdentityCredentials.new(cfg)
+          with_metrics('CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN') do
+            creds = AssumeRoleWebIdentityCredentials.new(cfg)
+            creds.metrics << 'CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN'
+            creds
+          end
         end
       end
     end
@@ -169,9 +173,9 @@ module Aws
 
     # Source a custom configured endpoint from the shared configuration file
     #
-    # @param [Hash] options
-    # @option options [String] :profile
-    # @option options [String] :service_id
+    # @param [Hash] opts
+    # @option opts [String] :profile
+    # @option opts [String] :service_id
     def configured_endpoint(opts = {})
       # services section is only allowed in the shared config file (not credentials)
       profile = opts[:profile] || @profile_name
@@ -198,6 +202,9 @@ module Aws
 
     config_reader(
       :region,
+      :account_id_endpoint_mode,
+      :auth_scheme_preference,
+      :sigv4a_signing_region_set,
       :ca_bundle,
       :credential_process,
       :endpoint_discovery_enabled,
@@ -205,10 +212,14 @@ module Aws
       :use_fips_endpoint,
       :ec2_metadata_service_endpoint,
       :ec2_metadata_service_endpoint_mode,
+      :ec2_metadata_v1_disabled,
+      :disable_host_prefix_injection,
       :max_attempts,
       :retry_mode,
       :adaptive_retry_wait_to_fill,
       :correct_clock_skew,
+      :request_checksum_calculation,
+      :response_checksum_validation,
       :csm_client_id,
       :csm_enabled,
       :csm_host,
@@ -217,6 +228,7 @@ module Aws
       :s3_use_arn_region,
       :s3_us_east_1_regional_endpoint,
       :s3_disable_multiregion_access_points,
+      :s3_disable_express_session_auth,
       :defaults_mode,
       :sdk_ua_app_id,
       :disable_request_compression,
@@ -249,8 +261,8 @@ module Aws
             'provide only source_profile or credential_source, not both.'
         elsif opts[:source_profile]
           opts[:visited_profiles] ||= Set.new
-          opts[:credentials] = resolve_source_profile(opts[:source_profile], opts)
-          if opts[:credentials]
+          provider = resolve_source_profile(opts[:source_profile], opts)
+          if provider && (opts[:credentials] = provider.credentials)
             opts[:role_session_name] ||= prof_cfg['role_session_name']
             opts[:role_session_name] ||= 'default_session'
             opts[:role_arn] ||= prof_cfg['role_arn']
@@ -259,17 +271,28 @@ module Aws
             opts[:serial_number] ||= prof_cfg['mfa_serial']
             opts[:profile] = opts.delete(:source_profile)
             opts.delete(:visited_profiles)
-            AssumeRoleCredentials.new(opts)
+
+            metrics = provider.metrics
+            if provider.is_a?(AssumeRoleCredentials)
+              opts[:credentials] = provider
+              metrics.delete('CREDENTIALS_STS_ASSUME_ROLE')
+            else
+              metrics << 'CREDENTIALS_PROFILE_SOURCE_PROFILE'
+            end
+            # Set the original credentials metrics to [] to prevent duplicate metrics during sign plugin
+            opts[:credentials].metrics = []
+            with_metrics(metrics) do
+              creds = AssumeRoleCredentials.new(opts)
+              creds.metrics.push(*metrics)
+              creds
+            end
           else
             raise Errors::NoSourceProfileError,
               "Profile #{profile} has a role_arn, and source_profile, but the"\
               ' source_profile does not have credentials.'
           end
         elsif credential_source
-          opts[:credentials] = credentials_from_source(
-            credential_source,
-            chain_config
-          )
+          opts[:credentials] = credentials_from_source(credential_source, chain_config)
           if opts[:credentials]
             opts[:role_session_name] ||= prof_cfg['role_session_name']
             opts[:role_session_name] ||= 'default_session'
@@ -278,7 +301,16 @@ module Aws
             opts[:external_id] ||= prof_cfg['external_id']
             opts[:serial_number] ||= prof_cfg['mfa_serial']
             opts.delete(:source_profile) # Cleanup
-            AssumeRoleCredentials.new(opts)
+
+            metrics = opts[:credentials].metrics
+            metrics << 'CREDENTIALS_PROFILE_NAMED_PROVIDER'
+            # Set the original credentials metrics to [] to prevent duplicate metrics during sign plugin
+            opts[:credentials].metrics = []
+            with_metrics(metrics) do
+              creds = AssumeRoleCredentials.new(opts)
+              creds.metrics.push(*metrics)
+              creds
+            end
           else
             raise Errors::NoSourceCredentials,
               "Profile #{profile} could not get source credentials from"\
@@ -306,12 +338,24 @@ module Aws
       elsif profile_config && profile_config['source_profile']
         opts.delete(:source_profile)
         assume_role_credentials_from_config(opts.merge(profile: profile))
-      elsif (provider = assume_role_web_identity_credentials_from_config(opts.merge(profile: profile)))
-        provider.credentials if provider.credentials.set?
+      elsif (provider = assume_role_web_identity_credentials_from_config_with_metrics(opts.merge(profile: profile)))
+        provider if provider.credentials.set?
       elsif (provider = assume_role_process_credentials_from_config(profile))
-        provider.credentials if provider.credentials.set?
-      elsif (provider = sso_credentials_from_config(profile: profile))
-        provider.credentials if provider.credentials.set?
+        provider if provider.credentials.set?
+      elsif (provider = sso_credentials_from_config_with_metrics(profile))
+        provider if provider.credentials.set?
+      end
+    end
+
+    def assume_role_web_identity_credentials_from_config_with_metrics(opts)
+      with_metrics('CREDENTIALS_PROFILE_SOURCE_PROFILE') do
+        assume_role_web_identity_credentials_from_config(opts)
+      end
+    end
+
+    def sso_credentials_from_config_with_metrics(profile)
+      with_metrics('CREDENTIALS_PROFILE_SOURCE_PROFILE') do
+        sso_credentials_from_config(profile: profile)
       end
     end
 
@@ -325,6 +369,15 @@ module Aws
         )
       when 'EcsContainer'
         ECSCredentials.new
+      when 'Environment'
+        creds = Credentials.new(
+          ENV['AWS_ACCESS_KEY_ID'],
+          ENV['AWS_SECRET_ACCESS_KEY'],
+          ENV['AWS_SESSION_TOKEN'],
+          account_id: ENV['AWS_ACCOUNT_ID']
+        )
+        creds.metrics = ['CREDENTIALS_ENV_VARS']
+        creds
       else
         raise Errors::InvalidCredentialSourceError, "Unsupported credential_source: #{credential_source}"
       end
@@ -336,7 +389,11 @@ module Aws
       if @parsed_config
         credential_process ||= @parsed_config.fetch(profile, {})['credential_process']
       end
-      ProcessCredentials.new(credential_process) if credential_process
+      if credential_process
+        creds = ProcessCredentials.new([credential_process])
+        creds.metrics << 'CREDENTIALS_PROFILE_PROCESS'
+        creds
+      end
     end
 
     def credentials_from_shared(profile, _opts)
@@ -359,12 +416,8 @@ module Aws
          !(prof_config.keys & SSO_CREDENTIAL_PROFILE_KEYS).empty?
 
         if sso_session_name = prof_config['sso_session']
-          sso_session = cfg["sso-session #{sso_session_name}"]
-          unless sso_session
-            raise ArgumentError,
-                  "sso-session #{sso_session_name} must be defined in the config file. " \
-                    "Referenced by profile #{profile}"
-          end
+          sso_session = sso_session(cfg, profile, sso_session_name)
+
           sso_region = sso_session['sso_region']
           sso_start_url = sso_session['sso_start_url']
 
@@ -384,13 +437,18 @@ module Aws
           sso_start_url = prof_config['sso_start_url']
         end
 
-        SSOCredentials.new(
-          sso_account_id: prof_config['sso_account_id'],
-          sso_role_name: prof_config['sso_role_name'],
-          sso_session: prof_config['sso_session'],
-          sso_region: sso_region,
-          sso_start_url: prof_config['sso_start_url']
+        metric = prof_config['sso_session'] ? 'CREDENTIALS_PROFILE_SSO' : 'CREDENTIALS_PROFILE_SSO_LEGACY'
+        with_metrics(metric) do
+          creds = SSOCredentials.new(
+            sso_account_id: prof_config['sso_account_id'],
+            sso_role_name: prof_config['sso_role_name'],
+            sso_session: prof_config['sso_session'],
+            sso_region: sso_region,
+            sso_start_url: sso_start_url
           )
+          creds.metrics << metric
+          creds
+        end
       end
     end
 
@@ -402,16 +460,7 @@ module Aws
         !(prof_config.keys & SSO_TOKEN_PROFILE_KEYS).empty?
 
         sso_session_name = prof_config['sso_session']
-        sso_session = cfg["sso-session #{sso_session_name}"]
-        unless sso_session
-          raise ArgumentError,
-                "sso-session #{sso_session_name} must be defined in the config file." \
-                  "Referenced by profile #{profile}"
-        end
-
-        unless sso_session['sso_region']
-          raise ArgumentError, "sso-session #{sso_session_name} missing required parameter: sso_region"
-        end
+        sso_session = sso_session(cfg, profile, sso_session_name)
 
         SSOTokenProvider.new(
           sso_session: sso_session_name,
@@ -424,8 +473,10 @@ module Aws
       creds = Credentials.new(
         prof_config['aws_access_key_id'],
         prof_config['aws_secret_access_key'],
-        prof_config['aws_session_token']
+        prof_config['aws_session_token'],
+        account_id: prof_config['aws_account_id']
       )
+      creds.metrics = ['CREDENTIALS_PROFILE']
       creds if creds.set?
     end
 
@@ -469,5 +520,26 @@ module Aws
       ret ||= 'default'
       ret
     end
+
+    def sso_session(cfg, profile, sso_session_name)
+      # aws sso-configure may add quotes around sso session names with whitespace
+      sso_session = cfg["sso-session #{sso_session_name}"] || cfg["sso-session '#{sso_session_name}'"]
+
+      unless sso_session
+        raise ArgumentError,
+          "sso-session #{sso_session_name} must be defined in the config file. " \
+                    "Referenced by profile #{profile}"
+      end
+
+      unless sso_session['sso_region']
+        raise ArgumentError, "sso-session #{sso_session_name} missing required parameter: sso_region"
+      end
+
+      sso_session
+    end
+
+    def with_metrics(metrics, &block)
+      Aws::Plugins::UserAgent.metric(*metrics, &block)
+    end
   end
 end

data/lib/aws-sdk-core/shared_credentials.rb

@@ -7,13 +7,6 @@ module Aws
 
     include CredentialProvider
 
-    # @api private
-    KEY_MAP = {
-      'aws_access_key_id' => 'access_key_id',
-      'aws_secret_access_key' => 'secret_access_key',
-      'aws_session_token' => 'session_token',
-    }
-
     # Constructs a new SharedCredentials object. This will load static
     # (access_key_id, secret_access_key and session_token) AWS access
     # credentials from an ini file, which supports profiles. The default
@@ -47,6 +40,7 @@ module Aws
         )
         @credentials = config.credentials(profile: @profile_name)
       end
+      @metrics = ['CREDENTIALS_CODE']
     end
 
     # @return [String]

data/lib/aws-sdk-core/sso_credentials.rb

@@ -91,6 +91,7 @@ module Aws
           client_opts[:credentials] = nil
           @client = Aws::SSO::Client.new(client_opts)
         end
+        @metrics = ['CREDENTIALS_SSO']
       else # legacy behavior
         missing_keys = LEGACY_REQUIRED_OPTS.select { |k| options[k].nil? }
         unless missing_keys.empty?
@@ -111,6 +112,7 @@ module Aws
         client_opts[:credentials] = nil
 
         @client = options[:client] || Aws::SSO::Client.new(client_opts)
+        @metrics = ['CREDENTIALS_SSO_LEGACY']
       end
 
       @async_refresh = true
@@ -156,7 +158,8 @@ module Aws
       @credentials = Credentials.new(
         c.access_key_id,
         c.secret_access_key,
-        c.session_token
+        c.session_token,
+        account_id: @sso_account_id
       )
       @expiration = Time.at(c.expiration / 1000.0)
     end

data/lib/aws-sdk-core/static_token_provider.rb

@@ -2,12 +2,11 @@
 
 module Aws
   class StaticTokenProvider
-
     include TokenProvider
 
     # @param [String] token
     # @param [Time] expiration
-    def initialize(token, expiration=nil)
+    def initialize(token, expiration = nil)
       @token = Token.new(token, expiration)
     end
   end

data/lib/aws-sdk-core/stubbing/protocols/ec2.rb

@@ -3,6 +3,7 @@
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class EC2
 
         def stub_data(api, operation, data)
@@ -16,17 +17,17 @@ module Aws
         end
 
         def stub_error(error_code)
-          http_resp = Seahorse::Client::Http::Response.new
-          http_resp.status_code = 400
-          http_resp.body = <<-XML.strip
-<ErrorResponse>
-  <Error>
-    <Code>#{error_code}</Code>
-    <Message>stubbed-response-error-message</Message>
-  </Error>
-</ErrorResponse>
+          resp = Seahorse::Client::Http::Response.new
+          resp.status_code = 400
+          resp.body = <<~XML.strip
+            <ErrorResponse>
+              <Error>
+                <Code>#{error_code}</Code>
+                <Message>stubbed-response-error-message</Message>
+              </Error>
+            </ErrorResponse>
           XML
-          http_resp
+          resp
         end
 
         private
@@ -37,7 +38,7 @@ module Aws
           xml.shift
           xml.pop
           xmlns = "http://ec2.amazonaws.com/doc/#{api.version}/".inspect
-          xml.unshift("  <requestId>stubbed-request-id</requestId>")
+          xml.unshift('  <requestId>stubbed-request-id</requestId>')
           xml.unshift("<#{operation.name}Response xmlns=#{xmlns}>\n")
           xml.push("</#{operation.name}Response>\n")
           xml.join

data/lib/aws-sdk-core/stubbing/protocols/json.rb

@@ -3,27 +3,28 @@
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class Json
 
         def stub_data(api, operation, data)
           resp = Seahorse::Client::Http::Response.new
           resp.status_code = 200
-          resp.headers["Content-Type"] = content_type(api)
-          resp.headers["x-amzn-RequestId"] = "stubbed-request-id"
+          resp.headers['Content-Type'] = content_type(api)
+          resp.headers['x-amzn-RequestId'] = 'stubbed-request-id'
           resp.body = build_body(operation, data)
           resp
         end
 
         def stub_error(error_code)
-          http_resp = Seahorse::Client::Http::Response.new
-          http_resp.status_code = 400
-          http_resp.body = <<-JSON.strip
-{
-  "code": #{error_code.inspect},
-  "message": "stubbed-response-error-message"
-}
+          resp = Seahorse::Client::Http::Response.new
+          resp.status_code = 400
+          resp.body = <<~JSON.strip
+            {
+              "code": #{error_code.inspect},
+              "message": "stubbed-response-error-message"
+            }
           JSON
-          http_resp
+          resp
         end
 
         private

data/lib/aws-sdk-core/stubbing/protocols/query.rb

@@ -3,6 +3,7 @@
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class Query
 
         def stub_data(api, operation, data)
@@ -13,10 +14,10 @@ module Aws
         end
 
         def stub_error(error_code)
-          http_resp = Seahorse::Client::Http::Response.new
-          http_resp.status_code = 400
-          http_resp.body = XmlError.new(error_code).to_xml
-          http_resp
+          resp = Seahorse::Client::Http::Response.new
+          resp.status_code = 400
+          resp.body = XmlError.new(error_code).to_xml
+          resp
         end
 
         private
@@ -24,9 +25,9 @@ module Aws
         def build_body(api, operation, data)
           xml = []
           builder = Aws::Xml::DocBuilder.new(target: xml, indent: '  ')
-          builder.node(operation.name + 'Response', xmlns: xmlns(api)) do
+          builder.node("#{operation.name}Response", xmlns: xmlns(api)) do
             if (rules = operation.output)
-              rules.location_name = operation.name + 'Result'
+              rules.location_name = "#{operation.name}Result"
               Xml::Builder.new(rules, target: xml, pad:'  ').to_xml(data)
             end
             builder.node('ResponseMetadata') do

data/lib/aws-sdk-core/stubbing/protocols/rest.rb

@@ -5,6 +5,7 @@ require 'aws-eventstream'
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class Rest
 
         include Seahorse::Model::Shapes
@@ -22,7 +23,7 @@ module Aws
         def new_http_response
           resp = Seahorse::Client::Http::Response.new
           resp.status_code = 200
-          resp.headers["x-amzn-RequestId"] = "stubbed-request-id"
+          resp.headers['x-amzn-RequestId'] = 'stubbed-request-id'
           resp
         end
 

data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb

@@ -3,6 +3,7 @@
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class RestJson < Rest
 
         def body_for(_a, _b, rules, data)
@@ -14,15 +15,15 @@ module Aws
         end
 
         def stub_error(error_code)
-          http_resp = Seahorse::Client::Http::Response.new
-          http_resp.status_code = 400
-          http_resp.body = <<-JSON.strip
-{
-  "code": #{error_code.inspect},
-  "message": "stubbed-response-error-message"
-}
+          resp = Seahorse::Client::Http::Response.new
+          resp.status_code = 400
+          resp.body = <<~JSON.strip
+            {
+              "code": #{error_code.inspect},
+              "message": "stubbed-response-error-message"
+            }
           JSON
-          http_resp
+          resp
         end
 
       end