aws-sdk-core 3.178.0 → 3.233.0

data/lib/seahorse/client/base.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'thread'
-
 module Seahorse
   module Client
     class Base
@@ -9,6 +7,7 @@ module Seahorse
       include HandlerBuilder
 
       # default plugins
+      # @api private
       @plugins = PluginList.new([
         Plugins::Endpoint,
         Plugins::NetHttp,
@@ -59,6 +58,7 @@ module Seahorse
       def build_config(plugins, options)
         config = Configuration.new
         config.add_option(:api)
+        config.add_option(:plugins)
         plugins.each do |plugin|
           plugin.add_options(config) if plugin.respond_to?(:add_options)
         end
@@ -95,9 +95,9 @@ module Seahorse
       class << self
 
         def new(options = {})
-          plugins = build_plugins
           options = options.dup
-          before_initialize(plugins, options)
+          plugins = build_plugins(self.plugins + options.fetch(:plugins, []))
+          plugins = before_initialize(plugins, options)
           client = allocate
           client.send(:initialize, plugins, options)
           client
@@ -176,8 +176,6 @@ module Seahorse
         # @return [Model::Api]
         def set_api(api)
           @api = api
-          define_operation_methods
-          @api
         end
 
         # @option options [Model::Api, Hash] :api ({})
@@ -196,29 +194,28 @@ module Seahorse
 
         private
 
-        def define_operation_methods
-          operations_module = Module.new
-          @api.operation_names.each do |method_name|
-            operations_module.send(:define_method, method_name) do |*args, &block|
-              params = args[0] || {}
-              options = args[1] || {}
-              build_request(method_name, params).send_request(options, &block)
-            end
-          end
-          include(operations_module)
-        end
-
-        def build_plugins
+        def build_plugins(plugins)
           plugins.map { |plugin| plugin.is_a?(Class) ? plugin.new : plugin }
         end
 
         def before_initialize(plugins, options)
-          plugins.each do |plugin|
-            plugin.before_initialize(self, options) if plugin.respond_to?(:before_initialize)
+          queue = Queue.new
+          plugins.each { |plugin| queue.push(plugin) }
+          until queue.empty?
+            plugin = queue.pop
+            next unless plugin.respond_to?(:before_initialize)
+
+            plugins_before = options.fetch(:plugins, [])
+            plugin.before_initialize(self, options)
+            plugins_after = build_plugins(options.fetch(:plugins, []) - plugins_before)
+            # Plugins with before_initialize can add other plugins
+            plugins_after.each { |p| queue.push(p); plugins << p }
           end
+          plugins
         end
 
         def inherited(subclass)
+          super
           subclass.instance_variable_set('@plugins', PluginList.new(@plugins))
         end
 

data/lib/seahorse/client/h2/connection.rb

@@ -10,13 +10,8 @@ module Seahorse
   module Client
     # @api private
     module H2
-
       # H2 Connection build on top of `http/2` gem
-      # (requires Ruby >= 2.1)
-      # with TLS layer plus ALPN, requires:
-      # Ruby >= 2.3 and OpenSSL >= 1.0.2
       class Connection
-
         OPTIONS = {
           max_concurrent_streams: 100,
           connection_timeout: 60,
@@ -27,7 +22,7 @@ module Seahorse
           ssl_ca_bundle: nil,
           ssl_ca_directory: nil,
           ssl_ca_store: nil,
-          enable_alpn: false
+          enable_alpn: true
         }
 
         # chunk read size at socket
@@ -41,25 +36,23 @@ module Seahorse
             instance_variable_set("@#{opt_name}", value)
           end
           @h2_client = HTTP2::Client.new(
-            settings_max_concurrent_streams: max_concurrent_streams
+            settings_max_concurrent_streams: @max_concurrent_streams
           )
-          @logger = if @http_wire_trace
-            options[:logger] || Logger.new($stdout)
-          end
+          @logger ||= Logger.new($stdout) if @http_wire_trace
           @chunk_size = options[:read_chunk_size] || CHUNKSIZE
+
           @errors = []
           @status = :ready
+
           @mutex = Mutex.new # connection can be shared across requests
           @socket = nil
           @socket_thread = nil
         end
 
         OPTIONS.keys.each do |attr_name|
-          attr_reader(attr_name)
+          attr_reader attr_name
         end
 
-        alias ssl_verify_peer? ssl_verify_peer
-
         attr_reader :errors
 
         attr_accessor :input_signal_thread
@@ -112,7 +105,7 @@ module Seahorse
                   @h2_client << data
                 rescue IO::WaitReadable
                   begin
-                    unless IO.select([@socket], nil, nil, connection_read_timeout)
+                    unless IO.select([@socket], nil, nil, @connection_read_timeout)
                       self.debug_output('socket connection read time out')
                       self.close!
                     else
@@ -154,11 +147,11 @@ module Seahorse
         end
 
         def debug_output(msg, type = nil)
-          prefix = case type
+          prefix =
+            case type
             when :send then '-> '
             when :receive then '<- '
-            else
-              ''
+            else ''
             end
           return unless @logger
           _debug_entry(prefix + msg)
@@ -206,7 +199,7 @@ module Seahorse
           begin
             tcp.connect_nonblock(addr)
           rescue IO::WaitWritable
-            unless IO.select(nil, [tcp], nil, connection_timeout)
+            unless IO.select(nil, [tcp], nil, @connection_timeout)
               tcp.close
               raise
             end
@@ -220,15 +213,15 @@ module Seahorse
 
         def _tls_context
           ssl_ctx = OpenSSL::SSL::SSLContext.new(:TLSv1_2)
-          if ssl_verify_peer?
+          if @ssl_verify_peer
             ssl_ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
-            ssl_ctx.ca_file = ssl_ca_bundle ? ssl_ca_bundle : _default_ca_bundle
-            ssl_ctx.ca_path = ssl_ca_directory ? ssl_ca_directory : _default_ca_directory
-            ssl_ctx.cert_store = ssl_ca_store if ssl_ca_store
+            ssl_ctx.ca_file = @ssl_ca_bundle || _default_ca_bundle
+            ssl_ctx.ca_path = @ssl_ca_directory || _default_ca_directory
+            ssl_ctx.cert_store = @ssl_ca_store if @ssl_ca_store
           else
             ssl_ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
           end
-          if enable_alpn
+          if @enable_alpn
             debug_output('enabling ALPN for TLS ...')
             ssl_ctx.alpn_protocols = ['h2']
           end
@@ -236,15 +229,12 @@ module Seahorse
         end
 
         def _default_ca_bundle
-          File.exist?(OpenSSL::X509::DEFAULT_CERT_FILE) ?
-            OpenSSL::X509::DEFAULT_CERT_FILE : nil
+          OpenSSL::X509::DEFAULT_CERT_FILE if File.exist?(OpenSSL::X509::DEFAULT_CERT_FILE)
         end
 
         def _default_ca_directory
-          Dir.exist?(OpenSSL::X509::DEFAULT_CERT_DIR) ?
-            OpenSSL::X509::DEFAULT_CERT_DIR : nil
+          OpenSSL::X509::DEFAULT_CERT_DIR if Dir.exist?(OpenSSL::X509::DEFAULT_CERT_DIR)
         end
-
       end
     end
   end

data/lib/seahorse/client/h2/handler.rb

@@ -27,6 +27,12 @@ module Seahorse
       class Handler < Client::Handler
 
         def call(context)
+          span_wrapper(context) { _call(context) }
+        end
+
+        private
+
+        def _call(context)
           stream = nil
           begin
             conn = context.client.connection
@@ -80,8 +86,6 @@ module Seahorse
           )
         end
 
-        private
-
         def _register_callbacks(resp, stream, stream_mutex, close_condition, sync_queue)
           stream.on(:headers) do |headers|
             resp.signal_headers(headers)
@@ -126,6 +130,7 @@ module Seahorse
         # https://http2.github.io/http2-spec/#rfc.section.8.1.2.3
         def _h2_headers(req)
           headers = {}
+          headers[':authority'] = req.endpoint.host
           headers[':method'] = req.http_method.upcase
           headers[':scheme'] = req.endpoint.scheme
           headers[':path'] = req.endpoint.path.empty? ? '/' : req.endpoint.path
@@ -145,8 +150,14 @@ module Seahorse
           end
         end
 
+        def span_wrapper(context, &block)
+          context.tracer.in_span(
+            'Handler.H2',
+            attributes: Aws::Telemetry.http_request_attrs(context),
+            &block
+          )
+        end
       end
-
     end
   end
 end

data/lib/seahorse/client/handler.rb

@@ -15,7 +15,7 @@ module Seahorse
       attr_accessor :handler
 
       # @param [RequestContext] context
-      # @return [Response]
+      # @return [Seahorse::Response]
       def call(context)
         @handler.call(context)
       end

data/lib/seahorse/client/http/response.rb

@@ -66,8 +66,8 @@ module Seahorse
         # @param [string] chunk
         def signal_data(chunk)
           unless chunk == ''
-            @body.write(chunk)
             emit(:data, chunk)
+            @body.write(chunk)
           end
         end
 

data/lib/seahorse/client/net_http/connection_pool.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
-require 'cgi'
+require "cgi/escape"
+require "cgi/util" if RUBY_VERSION < "3.5"
 require 'net/http'
 require 'net/https'
 require 'delegate'
@@ -34,7 +35,9 @@ module Seahorse
           ssl_ca_bundle: nil,
           ssl_ca_directory: nil,
           ssl_ca_store: nil,
-          ssl_timeout: nil
+          ssl_timeout: nil,
+          ssl_cert: nil,
+          ssl_key: nil
         }
 
         # @api private
@@ -119,11 +122,7 @@ module Seahorse
         #   pool, not counting those currently in use.
         def size
           @pool_mutex.synchronize do
-            size = 0
-            @pool.each_pair do |endpoint,sessions|
-              size += sessions.size
-            end
-            size
+            @pool.values.flatten.size
           end
         end
 
@@ -142,9 +141,7 @@ module Seahorse
         # @return [nil]
         def empty!
           @pool_mutex.synchronize do
-            @pool.each_pair do |endpoint,sessions|
-              sessions.each(&:finish)
-            end
+            @pool.values.flatten.map(&:finish)
             @pool.clear
           end
           nil
@@ -252,7 +249,9 @@ module Seahorse
               :ssl_ca_bundle => options[:ssl_ca_bundle],
               :ssl_ca_directory => options[:ssl_ca_directory],
               :ssl_ca_store => options[:ssl_ca_store],
-              :ssl_timeout => options[:ssl_timeout]
+              :ssl_timeout => options[:ssl_timeout],
+              :ssl_cert => options[:ssl_cert],
+              :ssl_key => options[:ssl_key]
             }
           end
 
@@ -297,6 +296,8 @@ module Seahorse
               http.ca_file = ssl_ca_bundle if ssl_ca_bundle
               http.ca_path = ssl_ca_directory if ssl_ca_directory
               http.cert_store = ssl_ca_store if ssl_ca_store
+              http.cert = ssl_cert if ssl_cert
+              http.key = ssl_key if ssl_key
             else
               http.verify_mode = OpenSSL::SSL::VERIFY_NONE
             end
@@ -312,7 +313,7 @@ module Seahorse
         # @note **Must** be called behind a `@pool_mutex` synchronize block.
         def _clean
           now = Aws::Util.monotonic_milliseconds
-          @pool.each_pair do |endpoint,sessions|
+          @pool.values.each do |sessions|
             sessions.delete_if do |session|
               if session.last_used.nil? or now - session.last_used > http_idle_timeout * 1000
                 session.finish
@@ -336,6 +337,8 @@ module Seahorse
           attr_reader :last_used
 
           def __getobj__
+            return yield if block_given? && !defined?(@http)
+
             @http
           end
 

data/lib/seahorse/client/net_http/handler.rb

@@ -23,17 +23,12 @@ module Seahorse
 
         NETWORK_ERRORS = [
           SocketError, EOFError, IOError, Timeout::Error,
-          Errno::ECONNABORTED, Errno::ECONNRESET, Errno::EPIPE,
-          Errno::EINVAL, Errno::ETIMEDOUT, OpenSSL::SSL::SSLError,
-          Errno::EHOSTUNREACH, Errno::ECONNREFUSED,
+          Errno::ECONNABORTED, Errno::ECONNRESET, Errno::EPIPE, Errno::EINVAL,
+          Errno::ETIMEDOUT, Errno::EHOSTUNREACH, Errno::ECONNREFUSED,
+          OpenSSL::SSL::SSLError, OpenSSL::SSL::SSLErrorWaitReadable,
           Net::HTTPFatalError # for proxy connection failures
         ]
 
-        # does not exist in Ruby 1.9.3
-        if OpenSSL::SSL.const_defined?(:SSLErrorWaitReadable)
-          NETWORK_ERRORS << OpenSSL::SSL::SSLErrorWaitReadable
-        end
-
         # @api private
         DNS_ERROR_MESSAGES = [
           'getaddrinfo: nodename nor servname provided, or not known', # MacOS
@@ -47,7 +42,13 @@ module Seahorse
         # @param [RequestContext] context
         # @return [Response]
         def call(context)
-          transmit(context.config, context.http_request, context.http_response)
+          span_wrapper(context) do
+            transmit(
+              context.config,
+              context.http_request,
+              context.http_response
+            )
+          end
           Response.new(context: context)
         end
 
@@ -197,6 +198,17 @@ module Seahorse
           end
         end
 
+        def span_wrapper(context, &block)
+          context.tracer.in_span(
+            'Handler.NetHttp',
+            attributes: Aws::Telemetry.http_request_attrs(context)
+          ) do |span|
+            block.call
+            span.add_attributes(
+              Aws::Telemetry.http_response_attrs(context)
+            )
+          end
+        end
       end
     end
   end

data/lib/seahorse/client/net_http/patches.rb

@@ -12,12 +12,9 @@ module Seahorse
 
         def self.apply!
           Net::HTTPGenericRequest.prepend(PatchDefaultContentType)
-          return unless RUBY_VERSION < '2.5'
-
-          Net::HTTP::IDEMPOTENT_METHODS_.clear
         end
 
-        # For requests with bodys, Net::HTTP sets a default content type of:
+        # For requests with bodies, Net::HTTP sets a default content type of:
         #   'application/x-www-form-urlencoded'
         # There are cases where we should not send content type at all.
         # Even when no body is supplied, Net::HTTP uses a default empty body

data/lib/seahorse/client/networking_error.rb

@@ -39,7 +39,7 @@ module Seahorse
 
     end
 
-    # Rasied when trying to use an closed connection
+    # Raised when trying to use an closed connection
     class Http2ConnectionClosedError < StandardError; end
   end
 end

data/lib/seahorse/client/plugin.rb

@@ -111,7 +111,15 @@ module Seahorse
 
         def initialize(name, options = {})
           @name = name
+          # prevent unstable object shapes by ensuring
+          # order and presence of instance variables
+          @default = nil
+          @default_block = nil
+          @required = nil
+          @doc_type = nil
           @doc_default = nil
+          @docstring = nil
+          @rbs_type = nil
           options.each_pair do |opt_name, opt_value|
             self.send("#{opt_name}=", opt_value)
           end
@@ -124,6 +132,7 @@ module Seahorse
         attr_accessor :doc_type
         attr_writer :doc_default
         attr_accessor :docstring
+        attr_accessor :rbs_type
 
         def doc_default(options)
           if @doc_default.nil? && !default.is_a?(Proc)

data/lib/seahorse/client/plugins/endpoint.rb

@@ -17,7 +17,6 @@ be a URI formatted like:
     'http://example.com'
     'https://example.com'
     'http://example.com:123'
-
           DOCS
 
         def add_handlers(handlers, config)

data/lib/seahorse/client/plugins/h2.rb

@@ -53,10 +53,10 @@ When `true`, SSL peer certificates are verified when establishing a connection.
 When `true`, HTTP2 debug output will be sent to the `:logger`.
         DOCS
 
-        option(:enable_alpn, default: false, doc_type: 'Boolean', docstring: <<-DOCS)
-Setting to `true` to enable ALPN in HTTP2 over TLS, requires Ruby version >= 2.3 and
-Openssl version >= 1.0.2. Defaults to false. Note: not all service HTTP2 operations
-supports ALPN on server side, please refer to service documentation.
+        option(:enable_alpn, default: true, doc_type: 'Boolean', docstring: <<-DOCS)
+Set to `false` to disable ALPN in HTTP2 over TLS. ALPN requires Openssl version >= 1.0.2.
+Note: RFC7540 requires HTTP2 to use ALPN over TLS but some
+services may not fully support ALPN and require setting this to `false`.
         DOCS
 
         option(:logger)

data/lib/seahorse/client/plugins/net_http.rb

@@ -7,37 +7,78 @@ module Seahorse
     module Plugins
       class NetHttp < Plugin
 
-        option(:http_proxy, default: nil, doc_type: String, docstring: '')
-
-        option(:http_open_timeout, default: 15, doc_type: Integer, docstring: '') do |cfg|
+        option(:http_proxy, default: nil, doc_type: "URI::HTTP,String", docstring: <<-DOCS)
+A proxy to send requests through.  Formatted like 'http://proxy.com:123'.
+        DOCS
+
+        option(:http_open_timeout, default: 15, doc_type: Float, docstring: <<-DOCS) do |cfg|
+The default number of seconds to wait for response data.
+This value can safely be set per-request on the session.
+        DOCS
           resolve_http_open_timeout(cfg)
         end
 
-        option(:http_read_timeout, default: 60, doc_type: Integer, docstring: '') do |cfg|
+        option(:http_read_timeout, default: 60, doc_type: Float, docstring: <<-DOCS) do |cfg|
+The default number of seconds to wait for response data.
+This value can safely be set per-request on the session.
+        DOCS
           resolve_http_read_timeout(cfg)
         end
 
-        option(:http_idle_timeout, default: 5, doc_type: Integer, docstring: '')
-
-        option(:http_continue_timeout, default: 1, doc_type: Integer, docstring: '')
-
-        option(:http_wire_trace, default: false, doc_type: 'Boolean', docstring: '')
-
-        option(:ssl_verify_peer, default: true, doc_type: 'Boolean', docstring: '')
-
-        option(:ssl_ca_bundle, doc_type: String, docstring: '') do |cfg|
+        option(:http_idle_timeout, default: 5, doc_type: Float, docstring: <<-DOCS)
+The number of seconds a connection is allowed to sit idle before it 
+is considered stale.  Stale connections are closed and removed from the 
+pool before making a request.
+        DOCS
+
+        option(:http_continue_timeout, default: 1, doc_type: Float, docstring: <<-DOCS)
+The number of seconds to wait for a 100-continue response before sending the 
+request body.  This option has no effect unless the request has "Expect"
+header set to "100-continue".  Defaults to `nil` which  disables this 
+behaviour.  This value can safely be set per request on the session.
+          DOCS
+
+        option(:http_wire_trace, default: false, doc_type: 'Boolean', docstring: <<-DOCS)
+When `true`,  HTTP debug output will be sent to the `:logger`.
+        DOCS
+
+        option(:ssl_verify_peer, default: true, doc_type: 'Boolean', docstring: <<-DOCS)
+When `true`, SSL peer certificates are verified when establishing a connection.
+        DOCS
+
+        option(:ssl_ca_bundle, doc_type: String, docstring: <<-DOCS) do |cfg|
+Full path to the SSL certificate authority bundle file that should be used when 
+verifying peer certificates.  If you do not pass `:ssl_ca_bundle` or 
+`:ssl_ca_directory` the the system default will be used if available.       
+        DOCS
           ENV['AWS_CA_BUNDLE'] ||
             Aws.shared_config.ca_bundle(profile: cfg.profile) if cfg.respond_to?(:profile)
         end
 
-        option(:ssl_ca_directory, default: nil, doc_type: String, docstring: '')
+        option(:ssl_ca_directory, default: nil, doc_type: String, docstring: <<-DOCS)
+Full path of the directory that contains the unbundled SSL certificate 
+authority files for verifying peer certificates.  If you do 
+not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the system 
+default will be used if available.
+        DOCS
 
-        option(:ssl_ca_store, default: nil, doc_type: String, docstring: '')
+        option(:ssl_ca_store, default: nil, doc_type: String, docstring: <<-DOCS)
+Sets the X509::Store to verify peer certificate.
+        DOCS
 
-        option(:ssl_timeout, default: nil, doc_type: Float, docstring: '') do |cfg|
+        option(:ssl_timeout, default: nil, doc_type: Float, docstring: 'Sets the SSL timeout in seconds') do |cfg|
           resolve_ssl_timeout(cfg)
         end
 
+        option(:ssl_cert, default: nil, doc_type: OpenSSL::X509::Certificate, docstring: <<-DOCS)
+Sets a client certificate when creating http connections.
+        DOCS
+
+
+        option(:ssl_key, default: nil, doc_type: OpenSSL::PKey, docstring: <<-DOCS)
+Sets a client key when creating http connections.
+        DOCS
+
         option(:logger) # for backwards compat
 
         handler(Client::NetHttp::Handler, step: :send)

data/lib/seahorse/client/plugins/request_callback.rb

@@ -60,6 +60,16 @@ the number of bytes read from the body, and the total number of
 bytes in the body.
           DOCS
 
+        option(:on_chunk_received,
+          default: nil,
+          doc_type: 'Proc',
+          docstring: <<-DOCS)
+When a Proc object is provided, it will be used as callback when each chunk 
+of the response body is received. It provides three arguments: the chunk,
+the number of bytes received, and the total number of 
+bytes in the response (or nil if the server did not send a `content-length`).
+        DOCS
+
         # @api private
         class OptionHandler < Client::Handler
           def call(context)
@@ -68,8 +78,29 @@ bytes in the body.
             end
             on_chunk_sent = context.config.on_chunk_sent if on_chunk_sent.nil?
             context[:on_chunk_sent] = on_chunk_sent if on_chunk_sent
+
+            if context.params.is_a?(Hash) && context.params[:on_chunk_received]
+              on_chunk_received = context.params.delete(:on_chunk_received)
+            end
+            on_chunk_received = context.config.on_chunk_received if on_chunk_received.nil?
+
+            add_response_events(on_chunk_received, context) if on_chunk_received
+
             @handler.call(context)
           end
+
+          def add_response_events(on_chunk_received, context)
+            shared_data = {bytes_received: 0}
+
+            context.http_response.on_headers do |_status, headers|
+              shared_data[:content_length] = headers['content-length']&.to_i
+            end
+
+            context.http_response.on_data do |chunk|
+              shared_data[:bytes_received] += chunk.bytesize if chunk && chunk.respond_to?(:bytesize)
+              on_chunk_received.call(chunk, shared_data[:bytes_received], shared_data[:content_length])
+            end
+          end
         end
 
         # @api private

data/lib/seahorse/client/request_context.rb

@@ -5,15 +5,18 @@ require 'stringio'
 module Seahorse
   module Client
     class RequestContext
-
+      # @param [Hash] options
       # @option options [required,Symbol] :operation_name (nil)
       # @option options [required,Model::Operation] :operation (nil)
       # @option options [Model::Authorizer] :authorizer (nil)
+      # @option options [Client] :client (nil)
       # @option options [Hash] :params ({})
       # @option options [Configuration] :config (nil)
       # @option options [Http::Request] :http_request (Http::Request.new)
       # @option options [Http::Response] :http_response (Http::Response.new)
-      #   and #rewind.
+      # @option options [Integer] :retries (0)
+      # @option options [Aws::Telemetry::TracerBase] :tracer (Aws::Telemetry::NoOpTracer.new)
+      # @option options [Hash] :metadata ({})
       def initialize(options = {})
         @operation_name = options[:operation_name]
         @operation = options[:operation]
@@ -24,6 +27,7 @@ module Seahorse
         @http_request = options[:http_request] || Http::Request.new
         @http_response = options[:http_response] || Http::Response.new
         @retries = 0
+        @tracer = options[:tracer] || Aws::Telemetry::NoOpTracer.new
         @metadata = {}
       end
 
@@ -54,6 +58,9 @@ module Seahorse
       # @return [Integer]
       attr_accessor :retries
 
+      # @return [Tracer]
+      attr_accessor :tracer
+
       # @return [Hash]
       attr_reader :metadata