RubyGems - aws-sdk-core - Versions diffs - 3.178.0 → 3.233.0 - Mend

aws-sdk-core 3.178.0 → 3.233.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (196) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +709 -0
data/VERSION +1 -1
data/lib/aws-defaults/default_configuration.rb +1 -2
data/lib/aws-defaults.rb +4 -1
data/lib/aws-sdk-core/arn.rb +1 -3
data/lib/aws-sdk-core/assume_role_credentials.rb +13 -5
data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +14 -7
data/lib/aws-sdk-core/binary/decode_handler.rb +3 -9
data/lib/aws-sdk-core/binary/encode_handler.rb +1 -1
data/lib/aws-sdk-core/binary/event_builder.rb +34 -37
data/lib/aws-sdk-core/binary/event_stream_decoder.rb +1 -0
data/lib/aws-sdk-core/binary/event_stream_encoder.rb +4 -3
data/lib/aws-sdk-core/cbor/decoder.rb +308 -0
data/lib/aws-sdk-core/cbor/encoder.rb +243 -0
data/lib/aws-sdk-core/cbor.rb +53 -0
data/lib/aws-sdk-core/client_side_monitoring.rb +9 -0
data/lib/aws-sdk-core/client_stubs.rb +33 -55
data/lib/aws-sdk-core/credential_provider.rb +5 -1
data/lib/aws-sdk-core/credential_provider_chain.rb +38 -11
data/lib/aws-sdk-core/credentials.rb +19 -6
data/lib/aws-sdk-core/ec2_metadata.rb +1 -1
data/lib/aws-sdk-core/ecs_credentials.rb +79 -11
data/lib/aws-sdk-core/endpoints/endpoint.rb +3 -1
data/lib/aws-sdk-core/endpoints/matchers.rb +21 -19
data/lib/aws-sdk-core/endpoints.rb +101 -21
data/lib/aws-sdk-core/error_handler.rb +46 -0
data/lib/aws-sdk-core/errors.rb +14 -5
data/lib/aws-sdk-core/event_emitter.rb +1 -17
data/lib/aws-sdk-core/ini_parser.rb +8 -1
data/lib/aws-sdk-core/instance_profile_credentials.rb +168 -155
data/lib/aws-sdk-core/json/builder.rb +8 -1
data/lib/aws-sdk-core/json/error_handler.rb +29 -13
data/lib/aws-sdk-core/json/handler.rb +13 -6
data/lib/aws-sdk-core/json/json_engine.rb +3 -1
data/lib/aws-sdk-core/json/oj_engine.rb +7 -1
data/lib/aws-sdk-core/json/parser.rb +33 -3
data/lib/aws-sdk-core/json.rb +43 -14
data/lib/aws-sdk-core/log/param_filter.rb +2 -2
data/lib/aws-sdk-core/log/param_formatter.rb +7 -3
data/lib/aws-sdk-core/log.rb +10 -0
data/lib/aws-sdk-core/lru_cache.rb +75 -0
data/lib/aws-sdk-core/pageable_response.rb +1 -1
data/lib/aws-sdk-core/param_validator.rb +9 -4
data/lib/aws-sdk-core/plugins/bearer_authorization.rb +2 -0
data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +332 -167
data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +1 -1
data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +14 -2
data/lib/aws-sdk-core/plugins/credentials_configuration.rb +78 -56
data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +40 -32
data/lib/aws-sdk-core/plugins/global_configuration.rb +8 -9
data/lib/aws-sdk-core/plugins/http_checksum.rb +3 -8
data/lib/aws-sdk-core/plugins/invocation_id.rb +1 -11
data/lib/aws-sdk-core/plugins/logging.rb +2 -0
data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +3 -1
data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -24
data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +6 -8
data/lib/aws-sdk-core/plugins/protocols/query.rb +4 -2
data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +3 -15
data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +3 -0
data/lib/aws-sdk-core/plugins/protocols/rpc_v2.rb +17 -0
data/lib/aws-sdk-core/plugins/regional_endpoint.rb +74 -25
data/lib/aws-sdk-core/plugins/request_compression.rb +11 -2
data/lib/aws-sdk-core/plugins/retry_errors.rb +12 -3
data/lib/aws-sdk-core/plugins/sign.rb +55 -34
data/lib/aws-sdk-core/plugins/signature_v2.rb +2 -1
data/lib/aws-sdk-core/plugins/signature_v4.rb +2 -1
data/lib/aws-sdk-core/plugins/stub_responses.rb +59 -9
data/lib/aws-sdk-core/plugins/telemetry.rb +75 -0
data/lib/aws-sdk-core/plugins/transfer_encoding.rb +16 -9
data/lib/aws-sdk-core/plugins/user_agent.rb +101 -26
data/lib/aws-sdk-core/plugins.rb +39 -0
data/lib/aws-sdk-core/process_credentials.rb +48 -29
data/lib/aws-sdk-core/query/ec2_handler.rb +27 -0
data/lib/aws-sdk-core/query/ec2_param_builder.rb +5 -7
data/lib/aws-sdk-core/query/handler.rb +4 -4
data/lib/aws-sdk-core/query/param_builder.rb +2 -2
data/lib/aws-sdk-core/query.rb +2 -1
data/lib/aws-sdk-core/refreshing_credentials.rb +12 -6
data/lib/aws-sdk-core/resources.rb +8 -0
data/lib/aws-sdk-core/rest/content_type_handler.rb +60 -0
data/lib/aws-sdk-core/rest/handler.rb +3 -4
data/lib/aws-sdk-core/rest/request/body.rb +32 -5
data/lib/aws-sdk-core/rest/request/endpoint.rb +24 -4
data/lib/aws-sdk-core/rest/request/headers.rb +15 -7
data/lib/aws-sdk-core/rest/request/querystring_builder.rb +62 -36
data/lib/aws-sdk-core/rest/response/body.rb +15 -1
data/lib/aws-sdk-core/rest/response/header_list_parser.rb +79 -0
data/lib/aws-sdk-core/rest/response/headers.rb +8 -3
data/lib/aws-sdk-core/rest.rb +1 -0
data/lib/aws-sdk-core/rpc_v2/builder.rb +62 -0
data/lib/aws-sdk-core/rpc_v2/cbor_engine.rb +18 -0
data/lib/aws-sdk-core/rpc_v2/content_type_handler.rb +47 -0
data/lib/aws-sdk-core/rpc_v2/error_handler.rb +95 -0
data/lib/aws-sdk-core/rpc_v2/handler.rb +79 -0
data/lib/aws-sdk-core/rpc_v2/parser.rb +98 -0
data/lib/aws-sdk-core/rpc_v2.rb +69 -0
data/lib/aws-sdk-core/shared_config.rb +113 -41
data/lib/aws-sdk-core/shared_credentials.rb +1 -7
data/lib/aws-sdk-core/sso_credentials.rb +4 -1
data/lib/aws-sdk-core/static_token_provider.rb +1 -2
data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +12 -11
data/lib/aws-sdk-core/stubbing/protocols/json.rb +11 -10
data/lib/aws-sdk-core/stubbing/protocols/query.rb +7 -6
data/lib/aws-sdk-core/stubbing/protocols/rest.rb +2 -1
data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +9 -8
data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +6 -5
data/lib/aws-sdk-core/stubbing/protocols/rpc_v2.rb +39 -0
data/lib/aws-sdk-core/stubbing/stub_data.rb +11 -0
data/lib/aws-sdk-core/stubbing.rb +22 -0
data/lib/aws-sdk-core/telemetry/base.rb +177 -0
data/lib/aws-sdk-core/telemetry/no_op.rb +70 -0
data/lib/aws-sdk-core/telemetry/otel.rb +235 -0
data/lib/aws-sdk-core/telemetry/span_kind.rb +22 -0
data/lib/aws-sdk-core/telemetry/span_status.rb +59 -0
data/lib/aws-sdk-core/telemetry.rb +78 -0
data/lib/aws-sdk-core/token.rb +3 -3
data/lib/aws-sdk-core/token_provider.rb +4 -0
data/lib/aws-sdk-core/token_provider_chain.rb +2 -6
data/lib/aws-sdk-core/util.rb +41 -1
data/lib/aws-sdk-core/waiters/poller.rb +10 -5
data/lib/aws-sdk-core/xml/builder.rb +17 -9
data/lib/aws-sdk-core/xml/error_handler.rb +35 -43
data/lib/aws-sdk-core/xml/parser/frame.rb +4 -20
data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
data/lib/aws-sdk-core/xml/parser.rb +2 -6
data/lib/aws-sdk-core.rb +82 -107
data/lib/aws-sdk-sso/client.rb +189 -96
data/lib/aws-sdk-sso/client_api.rb +7 -0
data/lib/aws-sdk-sso/endpoint_parameters.rb +9 -6
data/lib/aws-sdk-sso/endpoint_provider.rb +30 -28
data/lib/aws-sdk-sso/endpoints.rb +2 -54
data/lib/aws-sdk-sso/plugins/endpoints.rb +23 -22
data/lib/aws-sdk-sso/types.rb +1 -0
data/lib/aws-sdk-sso.rb +15 -11
data/lib/aws-sdk-ssooidc/client.rb +609 -129
data/lib/aws-sdk-ssooidc/client_api.rb +94 -1
data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +9 -6
data/lib/aws-sdk-ssooidc/endpoint_provider.rb +30 -28
data/lib/aws-sdk-ssooidc/endpoints.rb +2 -40
data/lib/aws-sdk-ssooidc/errors.rb +62 -0
data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +23 -20
data/lib/aws-sdk-ssooidc/types.rb +419 -53
data/lib/aws-sdk-ssooidc.rb +15 -11
data/lib/aws-sdk-sts/client.rb +414 -147
data/lib/aws-sdk-sts/client_api.rb +48 -9
data/lib/aws-sdk-sts/customizations.rb +5 -2
data/lib/aws-sdk-sts/endpoint_parameters.rb +10 -9
data/lib/aws-sdk-sts/endpoint_provider.rb +52 -57
data/lib/aws-sdk-sts/endpoints.rb +2 -118
data/lib/aws-sdk-sts/errors.rb +15 -0
data/lib/aws-sdk-sts/plugins/endpoints.rb +23 -30
data/lib/aws-sdk-sts/presigner.rb +3 -7
data/lib/aws-sdk-sts/types.rb +209 -27
data/lib/aws-sdk-sts.rb +15 -11
data/lib/seahorse/client/async_base.rb +4 -5
data/lib/seahorse/client/async_response.rb +19 -0
data/lib/seahorse/client/base.rb +18 -21
data/lib/seahorse/client/h2/connection.rb +18 -28
data/lib/seahorse/client/h2/handler.rb +14 -3
data/lib/seahorse/client/handler.rb +1 -1
data/lib/seahorse/client/http/response.rb +1 -1
data/lib/seahorse/client/net_http/connection_pool.rb +15 -12
data/lib/seahorse/client/net_http/handler.rb +21 -9
data/lib/seahorse/client/net_http/patches.rb +1 -4
data/lib/seahorse/client/networking_error.rb +1 -1
data/lib/seahorse/client/plugin.rb +9 -0
data/lib/seahorse/client/plugins/endpoint.rb +0 -1
data/lib/seahorse/client/plugins/h2.rb +4 -4
data/lib/seahorse/client/plugins/net_http.rb +57 -16
data/lib/seahorse/client/plugins/request_callback.rb +31 -0
data/lib/seahorse/client/request_context.rb +9 -2
data/lib/seahorse/client/response.rb +8 -0
data/lib/seahorse/model/shapes.rb +2 -2
data/lib/seahorse/util.rb +2 -1
data/sig/aws-sdk-core/async_client_stubs.rbs +21 -0
data/sig/aws-sdk-core/client_stubs.rbs +10 -0
data/sig/aws-sdk-core/errors.rbs +22 -0
data/sig/aws-sdk-core/resources/collection.rbs +21 -0
data/sig/aws-sdk-core/structure.rbs +4 -0
data/sig/aws-sdk-core/telemetry/base.rbs +46 -0
data/sig/aws-sdk-core/telemetry/otel.rbs +22 -0
data/sig/aws-sdk-core/telemetry/span_kind.rbs +15 -0
data/sig/aws-sdk-core/telemetry/span_status.rbs +24 -0
data/sig/aws-sdk-core/waiters/errors.rbs +20 -0
data/sig/aws-sdk-core.rbs +7 -0
data/sig/seahorse/client/async_base.rbs +18 -0
data/sig/seahorse/client/base.rbs +25 -0
data/sig/seahorse/client/handler_builder.rbs +16 -0
data/sig/seahorse/client/response.rbs +61 -0
metadata +105 -23
/data/lib/aws-sdk-core/xml/parser/{engines/libxml.rb → libxml_engine.rb} +0 -0
/data/lib/aws-sdk-core/xml/parser/{engines/nokogiri.rb → nokogiri_engine.rb} +0 -0
/data/lib/aws-sdk-core/xml/parser/{engines/oga.rb → oga_engine.rb} +0 -0
/data/lib/aws-sdk-core/xml/parser/{engines/ox.rb → ox_engine.rb} +0 -0
/data/lib/aws-sdk-core/xml/parser/{engines/rexml.rb → rexml_engine.rb} +0 -0

data/lib/aws-sdk-core/ecs_credentials.rb CHANGED Viewed

@@ -6,7 +6,7 @@ require 'resolv'
 module Aws
   # An auto-refreshing credential provider that loads credentials from
-  # instances running in ECS.
+  # instances running in containers.
   #
   #     ecs_credentials = Aws::ECSCredentials.new(retries: 3)
   #     ec2 = Aws::EC2::Client.new(credentials: ecs_credentials)
@@ -17,6 +17,12 @@ module Aws
     # @api private
     class Non200Response < RuntimeError; end
+    # Raised when the token file cannot be read.
+    class TokenFileReadError < RuntimeError; end
+    # Raised when the token file is invalid.
+    class InvalidTokenError < RuntimeError; end
     # These are the errors we trap when attempting to talk to the
     # instance metadata service.  Any of these imply the service
     # is not present, no responding or some other non-recoverable
@@ -41,7 +47,7 @@ module Aws
     #   is set and `credential_path` is not set.
     # @option options [String] :credential_path By default, the value of the
     #   AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable.
-    # @option options [String] :endpoint The ECS credential endpoint.
+    # @option options [String] :endpoint The container credential endpoint.
     #   By default, this is the value of the AWS_CONTAINER_CREDENTIALS_FULL_URI
     #   environment variable. This value is ignored if `credential_path` or
     #   ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] is set.
@@ -64,7 +70,6 @@ module Aws
       endpoint = options[:endpoint] ||
                  ENV['AWS_CONTAINER_CREDENTIALS_FULL_URI']
       initialize_uri(options, credential_path, endpoint)
-      @authorization_token = ENV['AWS_CONTAINER_AUTHORIZATION_TOKEN']
       @retries = options[:retries] || 5
       @http_open_timeout = options[:http_open_timeout] || 5
@@ -72,6 +77,7 @@ module Aws
       @http_debug_output = options[:http_debug_output]
       @backoff = backoff(options[:backoff])
       @async_refresh = false
+      @metrics = ['CREDENTIALS_HTTP']
       super
     end
@@ -103,11 +109,18 @@ module Aws
     def initialize_full_uri(endpoint)
       uri = URI.parse(endpoint)
+      validate_full_uri_scheme!(uri)
       validate_full_uri!(uri)
-      @host = uri.host
+      @host = uri.hostname
       @port = uri.port
       @scheme = uri.scheme
-      @credential_path = uri.path
+      @credential_path = uri.request_uri
+    end
+    def validate_full_uri_scheme!(full_uri)
+      return if full_uri.is_a?(URI::HTTP) || full_uri.is_a?(URI::HTTPS)
+      raise ArgumentError, "'#{full_uri}' must be a valid HTTP or HTTPS URI"
     end
     # Validate that the full URI is using a loopback address if scheme is http.
@@ -115,19 +128,24 @@ module Aws
       return unless full_uri.scheme == 'http'
       begin
-        return if ip_loopback?(IPAddr.new(full_uri.host))
+        return if valid_ip_address?(IPAddr.new(full_uri.host))
       rescue IPAddr::InvalidAddressError
         addresses = Resolv.getaddresses(full_uri.host)
-        return if addresses.all? { |addr| ip_loopback?(IPAddr.new(addr)) }
+        return if addresses.all? { |addr| valid_ip_address?(IPAddr.new(addr)) }
       end
       raise ArgumentError,
-            'AWS_CONTAINER_CREDENTIALS_FULL_URI must use a loopback '\
-            'address when using the http scheme.'
+            'AWS_CONTAINER_CREDENTIALS_FULL_URI must use a local loopback '\
+            'or an ECS or EKS link-local address when using the http scheme.'
+    end
+    def valid_ip_address?(ip_address)
+      ip_loopback?(ip_address) || ecs_or_eks_ip?(ip_address)
     end
     # loopback? method is available in Ruby 2.5+
     # Replicate the logic here.
+    # loopback (IPv4 127.0.0.0/8, IPv6 ::1/128)
     def ip_loopback?(ip_address)
       case ip_address.family
       when Socket::AF_INET
@@ -139,6 +157,20 @@ module Aws
       end
     end
+    # Verify that the IP address is a link-local address from ECS or EKS.
+    # ECS container host (IPv4 `169.254.170.2`)
+    # EKS container host (IPv4 `169.254.170.23`, IPv6 `fd00:ec2::23`)
+    def ecs_or_eks_ip?(ip_address)
+      case ip_address.family
+      when Socket::AF_INET
+        [0xa9feaa02, 0xa9feaa17].include?(ip_address)
+      when Socket::AF_INET6
+        ip_address == 0xfd00_0ec2_0000_0000_0000_0000_0000_0023
+      else
+        false
+      end
+    end
     def backoff(backoff)
       case backoff
       when Proc then backoff
@@ -174,10 +206,37 @@ module Aws
           http_get(conn, @credential_path)
         end
       end
-    rescue StandardError
+    rescue TokenFileReadError, InvalidTokenError
+      raise
+    rescue StandardError => e
+      warn("Error retrieving ECS Credentials: #{e.message}")
       '{}'
     end
+    def fetch_authorization_token
+      if (path = ENV['AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE'])
+        fetch_authorization_token_file(path)
+      elsif (token = ENV['AWS_CONTAINER_AUTHORIZATION_TOKEN'])
+        token
+      end
+    end
+    def fetch_authorization_token_file(path)
+      File.read(path).strip
+    rescue Errno::ENOENT
+      raise TokenFileReadError,
+            'AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE is set '\
+            "but the file doesn't exist: #{path}"
+    end
+    def validate_authorization_token!(token)
+      return unless token.include?("\r\n")
+      raise InvalidTokenError,
+            'Invalid Authorization token: token contains '\
+            'a newline and carriage return character.'
+    end
     def open_connection
       http = Net::HTTP.new(@host, @port, nil)
       http.open_timeout = @http_open_timeout
@@ -190,18 +249,27 @@ module Aws
     def http_get(connection, path)
       request = Net::HTTP::Get.new(path)
-      request['Authorization'] = @authorization_token if @authorization_token
+      set_authorization_token(request)
       response = connection.request(request)
       raise Non200Response unless response.code.to_i == 200
       response.body
     end
+    def set_authorization_token(request)
+      if (authorization_token = fetch_authorization_token)
+        validate_authorization_token!(authorization_token)
+        request['Authorization'] = authorization_token
+      end
+    end
     def retry_errors(error_classes, options = {})
       max_retries = options[:max_retries]
       retries = 0
       begin
         yield
+      rescue TokenFileReadError, InvalidTokenError
+        raise
       rescue *error_classes => _e
         raise unless retries < max_retries

data/lib/aws-sdk-core/endpoints/endpoint.rb CHANGED Viewed

@@ -3,15 +3,17 @@
 module Aws
   module Endpoints
     class Endpoint
-      def initialize(url:, properties: {}, headers: {})
+      def initialize(url:, properties: {}, headers: {}, metadata: {})
         @url = url
         @properties = properties
         @headers = headers
+        @metadata = metadata
       end
       attr_reader :url
       attr_reader :properties
       attr_reader :headers
+      attr_reader :metadata
     end
   end
 end

data/lib/aws-sdk-core/endpoints/matchers.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
-require 'cgi'
+require "cgi/escape"
+require "cgi/util" if RUBY_VERSION < "3.5"
 module Aws
   module Endpoints
@@ -28,7 +29,11 @@ module Aws
         val = if (index = parts.first[BRACKET_REGEX, 1])
                 # remove brackets and index from part before indexing
-                value[parts.first.gsub(BRACKET_REGEX, '')][index.to_i]
+                if (base = parts.first.gsub(BRACKET_REGEX, '')) && !base.empty?
+                  value[base][index.to_i]
+                else
+                  value[index.to_i]
+                end
               else
                 value[parts.first]
               end
@@ -79,25 +84,18 @@ module Aws
         return false if value.empty?
         if allow_sub_domains
-          labels = value.split('.')
+          labels = value.split('.', -1)
           return labels.all? { |l| valid_host_label?(l) }
         end
-        value =~ /\A(?!-)[a-zA-Z0-9-]{1,63}(?<!-)\z/
+        !!(value =~ /\A(?!-)[a-zA-Z0-9-]{1,63}(?<!-)\z/)
       end
       # AWS
       # aws.partition(value: string) Option<Partition>
       def self.aws_partition(value)
-        partition =
-          Aws::Partitions.find { |p| p.region?(value) } ||
-          Aws::Partitions.find { |p| value.match(p.region_regex) } ||
-          Aws::Partitions.find { |p| p.name == 'aws' }
-        return nil unless partition
-        partition.metadata
+        Aws::Partitions::Metadata.partition(value)
       end
       # aws.parseArn(value: string) Option<ARN>
@@ -114,13 +112,17 @@ module Aws
       # aws.isVirtualHostableS3Bucket(value: string, allowSubDomains: bool) bool
       def self.aws_virtual_hostable_s3_bucket?(value, allow_sub_domains = false)
-        !!(value.size < 64 &&
-          # regular naming rules
-          value =~ /^[a-z0-9][a-z0-9\-#{'.' if allow_sub_domains}]+[a-z0-9]$/ &&
-          # not IP address
-          value !~ /(\d+\.){3}\d+/ &&
-          # no dash and hyphen together
-          value !~ /[.-]{2}/)
+        return false if value.empty?
+        if allow_sub_domains
+          labels = value.split('.', -1)
+          return labels.all? { |l| aws_virtual_hostable_s3_bucket?(l) }
+        end
+        # must be between 3 and 63 characters long, no uppercase
+        value =~ /\A(?!-)[a-z0-9-]{3,63}(?<!-)\z/ &&
+          # not an IP address
+          value !~ /(\d+\.){3}\d+/
       end
     end
   end

data/lib/aws-sdk-core/endpoints.rb CHANGED Viewed

@@ -14,15 +14,33 @@ require_relative 'endpoints/templater'
 require_relative 'endpoints/tree_rule'
 require_relative 'endpoints/url'
+require 'aws-sigv4'
 module Aws
   # @api private
   module Endpoints
+    # Maps config auth scheme preferences to endpoint auth scheme names.
+    ENDPOINT_AUTH_PREFERENCE_MAP = {
+      'sigv4' => %w[sigv4 sigv4-s3express],
+      'sigv4a' => ['sigv4a'],
+      'httpBearerAuth' => ['bearer'],
+      'noAuth' => ['none']
+    }.freeze
+    SUPPORTED_ENDPOINT_AUTH = ENDPOINT_AUTH_PREFERENCE_MAP.values.flatten.freeze
+    # Maps configured auth scheme preferences to modeled auth traits.
+    MODELED_AUTH_PREFERENCE_MAP = {
+      'sigv4' => 'aws.auth#sigv4',
+      'sigv4a' => 'aws.auth#sigv4a',
+      'httpBearerAuth' => 'smithy.api#httpBearerAuth',
+      'noAuth' => 'smithy.api#noAuth'
+    }.freeze
+    SUPPORTED_MODELED_AUTH = MODELED_AUTH_PREFERENCE_MAP.values.freeze
     class << self
       def resolve_auth_scheme(context, endpoint)
         if endpoint && (auth_schemes = endpoint.properties['authSchemes'])
-          auth_scheme = auth_schemes.find do |scheme|
-            Aws::Plugins::Sign::SUPPORTED_AUTH_TYPES.include?(scheme['name'])
-          end
+          auth_scheme = endpoint_auth_scheme_preference(auth_schemes, context.config.auth_scheme_preference)
           raise 'No supported auth scheme for this endpoint.' unless auth_scheme
           merge_signing_defaults(auth_scheme, context.config)
@@ -33,8 +51,86 @@ module Aws
       private
+      def endpoint_auth_scheme_preference(auth_schemes, preferred_auth)
+        ordered_auth = preferred_auth.each_with_object([]) do |pref, list|
+          next unless ENDPOINT_AUTH_PREFERENCE_MAP.key?(pref)
+          ENDPOINT_AUTH_PREFERENCE_MAP[pref].each { |name| list << { 'name' => name } }
+        end
+        ordered_auth += auth_schemes
+        ordered_auth.find { |auth| SUPPORTED_ENDPOINT_AUTH.include?(auth['name']) }
+      end
+      def merge_signing_defaults(auth_scheme, config)
+        if %w[sigv4 sigv4a sigv4-s3express].include?(auth_scheme['name'])
+          auth_scheme['signingName'] ||= sigv4_name(config)
+          # back fill disableNormalizePath for S3 until it gets correctly set in the rules
+          if auth_scheme['signingName'] == 's3' &&
+            !auth_scheme.include?('disableNormalizePath') &&
+            auth_scheme.include?('disableDoubleEncoding')
+            auth_scheme['disableNormalizePath'] = auth_scheme['disableDoubleEncoding']
+          end
+          if auth_scheme['name'] == 'sigv4a'
+            # config option supersedes endpoint properties
+            auth_scheme['signingRegionSet'] =
+              config.sigv4a_signing_region_set || auth_scheme['signingRegionSet'] || [config.region]
+          else
+            auth_scheme['signingRegion'] ||= config.region
+          end
+        end
+        auth_scheme
+      end
+      def sigv4_name(config)
+        config.api.metadata['signingName'] || config.api.metadata['endpointPrefix']
+      end
       def default_auth_scheme(context)
-        case default_api_authtype(context)
+        if (modeled_auth = default_api_auth(context))
+          auth = modeled_auth_scheme_preference(modeled_auth, context.config.auth_scheme_preference)
+          case auth
+          when 'aws.auth#sigv4', 'aws.auth#sigv4a'
+            auth_scheme = { 'name' => auth.split('#').last }
+            if s3_or_s3v4_signature_version?(context)
+              auth_scheme = auth_scheme.merge(
+                'disableDoubleEncoding' => true,
+                'disableNormalizePath' => true
+              )
+            end
+            merge_signing_defaults(auth_scheme, context.config)
+          when 'smithy.api#httpBearerAuth'
+            { 'name' => 'bearer' }
+          when 'smithy.api#noAuth'
+            { 'name' => 'none' }
+          else
+            raise 'No supported auth trait for this endpoint.'
+          end
+        else
+          legacy_default_auth_scheme(context)
+        end
+      end
+      def modeled_auth_scheme_preference(modeled_auth, preferred_auth)
+        ordered_auth = preferred_auth.map { |pref| MODELED_AUTH_PREFERENCE_MAP[pref] }.compact
+        ordered_auth += modeled_auth
+        ordered_auth.find { |auth| SUPPORTED_MODELED_AUTH.include?(auth) }
+      end
+      def default_api_auth(context)
+        context.config.api.operation(context.operation_name)['auth'] ||
+          context.config.api.metadata['auth']
+      end
+      def s3_or_s3v4_signature_version?(context)
+        %w[s3 s3v4].include?(context.config.api.metadata['signatureVersion'])
+      end
+      # Legacy auth resolution - looks for deprecated signatureVersion
+      # and authType traits.
+      def legacy_default_auth_scheme(context)
+        case legacy_default_api_authtype(context)
         when 'v4', 'v4-unsigned-body'
           auth_scheme = { 'name' => 'sigv4' }
           merge_signing_defaults(auth_scheme, context.config)
@@ -52,27 +148,11 @@ module Aws
         end
       end
-      def merge_signing_defaults(auth_scheme, config)
-        if %w[sigv4 sigv4a].include?(auth_scheme['name'])
-          auth_scheme['signingName'] ||= sigv4_name(config)
-          if auth_scheme['name'] == 'sigv4a'
-            auth_scheme['signingRegionSet'] ||= ['*']
-          else
-            auth_scheme['signingRegion'] ||= config.region
-          end
-        end
-        auth_scheme
-      end
-      def default_api_authtype(context)
+      def legacy_default_api_authtype(context)
         context.config.api.operation(context.operation_name)['authtype'] ||
           context.config.api.metadata['signatureVersion']
       end
-      def sigv4_name(config)
-        config.api.metadata['signingName'] ||
-          config.api.metadata['endpointPrefix']
-      end
     end
   end
 end

data/lib/aws-sdk-core/error_handler.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+module Aws
+  # @api private
+  class ErrorHandler < Seahorse::Client::Handler
+    private
+    def error(context)
+      body = context.http_response.body_contents
+      # This is not correct per protocol tests. Some headers will determine the error code.
+      # If the body is empty, there is still potentially an error code from the header, but
+      # we are making a generic http status error instead. In a new major version, we should
+      # always try to extract header, and during extraction, check headers and body.
+      if body.empty?
+        code, message, data = http_status_error(context)
+      else
+        code, message, data = extract_error(body, context)
+      end
+      build_error(context, code, message, data)
+    end
+    def build_error(context, code, message, data)
+      errors_module = context.client.class.errors_module
+      errors_module.error_class(code).new(context, message, data)
+    end
+    def http_status_error(context)
+      [http_status_error_code(context), '', EmptyStructure.new]
+    end
+    def http_status_error_code(context)
+      status_code = context.http_response.status_code
+      {
+        302 => 'MovedTemporarily',
+        304 => 'NotModified',
+        400 => 'BadRequest',
+        403 => 'Forbidden',
+        404 => 'NotFound',
+        412 => 'PreconditionFailed',
+        413 => 'RequestEntityTooLarge',
+      }[status_code] || "Http#{status_code}Error"
+    end
+  end
+end

data/lib/aws-sdk-core/errors.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module Aws
     class ServiceError < RuntimeError
       # @param [Seahorse::Client::RequestContext] context
-      # @param [String] message
+      # @param [String, nil] message
       # @param [Aws::Structure] data
       def initialize(context, message, data = Aws::EmptyStructure.new)
         @code = self.class.code
@@ -30,11 +30,11 @@ module Aws
       attr_reader :context
       # @return [Aws::Structure]
-      attr_reader :data
+      attr_accessor :data
       class << self
-        # @return [String]
+        # @return [String, nil]
         attr_accessor :code
       end
@@ -68,7 +68,7 @@ module Aws
       end
     end
-    # Rasied when endpoint discovery failed for operations
+    # Raised when endpoint discovery failed for operations
     # that requires endpoints from endpoint discovery
     class EndpointDiscoveryError < RuntimeError
       def initialize(*args)
@@ -78,7 +78,7 @@ module Aws
       end
     end
-    # raised when hostLabel member is not provided
+    # Raised when hostLabel member is not provided
     # at operation input when endpoint trait is available
     # with 'hostPrefix' requirement
     class MissingEndpointHostLabelValue < RuntimeError
@@ -236,6 +236,15 @@ module Aws
       end
     end
+    # Raised when a client is constructed and the sigv4a region set is invalid.
+    # It is invalid when it is empty and/or contains empty strings.
+    class InvalidRegionSetError < ArgumentError
+      def initialize(*args)
+        msg = 'The provided sigv4a region set was empty or invalid.'
+        super(msg)
+      end
+    end
     # Raised when a client is contsructed and the region is not valid.
     class InvalidRegionError < ArgumentError
       def initialize(*args)

data/lib/aws-sdk-core/event_emitter.rb CHANGED Viewed

@@ -6,7 +6,6 @@ module Aws
     def initialize
       @listeners = {}
       @validate_event = true
-      @status = :sleep
       @signal_queue = Queue.new
     end
@@ -32,7 +31,7 @@ module Aws
     def emit(type, params)
       unless @stream
         raise Aws::Errors::SignalEventError.new(
-          "Singaling events before making async request"\
+          "Signaling events before making async request"\
           " is not allowed."
         )
       end
@@ -40,25 +39,10 @@ module Aws
         Aws::ParamValidator.validate!(
           @encoder.rules.shape.member(type), params)
       end
-      _ready_for_events?
       @stream.data(
         @encoder.encode(type, params),
         end_stream: type == :end_stream
       )
     end
-    private
-    def _ready_for_events?
-      return true if @status == :ready
-      # blocked until once initial 200 response is received
-      # signal will be available in @signal_queue
-      # and this check will no longer be blocked
-      @signal_queue.pop
-      @status = :ready
-      true
-    end
   end
 end

data/lib/aws-sdk-core/ini_parser.rb CHANGED Viewed

@@ -8,6 +8,8 @@ module Aws
       def ini_parse(raw)
         current_profile = nil
         current_prefix = nil
+        item = nil
+        previous_item = nil
         raw.lines.inject({}) do |acc, line|
           line = line.split(/^|\s;/).first # remove comments
           profile = line.match(/^\[([^\[\]]+)\]\s*(#.+)?$/) unless line.nil?
@@ -17,11 +19,16 @@ module Aws
             current_profile = named_profile[1] if named_profile
           elsif current_profile
             unless line.nil?
-              item = line.match(/^(.+?)\s*=\s*([^\s].*?)\s*$/)
+              previous_item = item
+              item = line.match(/^(.+?)\s*=\s*(.+?)\s*$/)
               prefix = line.match(/^(.+?)\s*=\s*$/)
             end
             if item && item[1].match(/^\s+/)
               # Need to add lines to a nested configuration.
+              if current_prefix.nil? && previous_item[2].strip.empty?
+                current_prefix = previous_item[1]
+                acc[current_profile][current_prefix] = {}
+              end
               inner_item = line.match(/^\s*(.+?)\s*=\s*(.+?)\s*$/)
               acc[current_profile] ||= {}
               acc[current_profile][current_prefix] ||= {}