aws-sdk-core 3.185.0 → 3.187.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8b349088694d49324665364f4038b350e918b6db7f8987473a7a4a8ded10e1f7
-  data.tar.gz: 665e4f12235cfe6fc9ee326981acb8b2bff3329d30f5c0e45a2b8113a6f563a8
+  metadata.gz: 561667b57fedf978414b0b67a7f19b73b01efa69bdfdd5db8a08c27c010f7b18
+  data.tar.gz: 460eec65537106f724e800ef0f81508fc714903da611ac8807071109d560206d
 SHA512:
-  metadata.gz: 3c3e4dfc2aa8eac44b4188987415aa9c129020e062a29c4dde335ef44c985c89b45d3b90ff980f3671b32746da762498ce1a2d4ebfaeb9e4ac77d15a24e5b5c3
-  data.tar.gz: 9d6dacf14ed1d093275a1b631d4cb90f330daf6bd4f4625d57768a4173aad627d65e953e41b4dc447fa2e9db87f0af401204c2c56c68b47fec37910b80a73eb5
+  metadata.gz: 63ec538568fc713a797c3f4f8c775482e0e2da2b8ea6938c9c8b7366aa52a36606d5e2feed58f8475306217a7e4599843a7c98889046dc4ea2a2a15ee339d8c9
+  data.tar.gz: c09ed8f0ba5302dbd470132a01c759851eacaab6c18f93034d95e3b755c645fae03702d80e4f1fb20630a2407d778ed60b2a8740f809255e5d00cef89120a982

data/CHANGELOG.md

@@ -1,6 +1,33 @@
 Unreleased Changes
 ------------------
 
+3.187.1 (2023-11-20)
+------------------
+
+* Issue - For `awsQueryCompatible` services, default an empty list or map for shapes that were previously flattened in the query protocol.
+
+3.187.0 (2023-11-17)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+3.186.0 (2023-11-02)
+------------------
+
+* Feature - Support disabling IMDSv1 in `InstanceProfileCredentials` using `ENV['AWS_EC2_METADATA_V1_DISABLED']`, `ec2_metadata_v1_disabled` shared config, or the `disable_imds_v1` credentials option.
+
+3.185.2 (2023-10-31)
+------------------
+
+* Issue - Fix query string support to lists of booleans, floats, integers and timestamps per rest-json protocol.
+
+3.185.1 (2023-10-05)
+------------------
+
+* Issue - Ignore `__type` when deserializing Unions.
+
 3.185.0 (2023-10-02)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.185.0
+3.187.1

data/lib/aws-sdk-core/instance_profile_credentials.rb

@@ -53,6 +53,8 @@ module Aws
     # @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
     #   the instance metadata service. This is either 'IPv4' ('169.254.169.254')
     #   or 'IPv6' ('[fd00:ec2::254]').
+    # @option options [Boolean] :disable_imds_v1 (false) Disable the use of the
+    #  legacy EC2 Metadata Service v1.
     # @option options [String] :ip_address ('169.254.169.254') Deprecated. Use
     #   :endpoint instead. The IP address for the endpoint.
     # @option options [Integer] :port (80)
@@ -77,6 +79,9 @@ module Aws
       endpoint_mode = resolve_endpoint_mode(options)
       @endpoint = resolve_endpoint(options, endpoint_mode)
       @port = options[:port] || 80
+      @disable_imds_v1 = resolve_disable_v1(options)
+      # Flag for if v2 flow fails, skip future attempts
+      @imds_v1_fallback = false
       @http_open_timeout = options[:http_open_timeout] || 1
       @http_read_timeout = options[:http_read_timeout] || 1
       @http_debug_output = options[:http_debug_output]
@@ -123,6 +128,16 @@ module Aws
       end
     end
 
+    def resolve_disable_v1(options)
+      value = options[:disable_imds_v1]
+      value ||= ENV['AWS_EC2_METADATA_V1_DISABLED']
+      value ||= Aws.shared_config.ec2_metadata_v1_disabled(
+        profile: options[:profile]
+      )
+      value = value.to_s.downcase if value
+      Aws::Util.str_2_bool(value) || false
+    end
+
     def backoff(backoff)
       case backoff
       when Proc then backoff
@@ -141,7 +156,7 @@ module Aws
       # service is responding but is returning invalid JSON documents
       # in response to the GET profile credentials call.
       begin
-        retry_errors([Aws::Json::ParseError, StandardError], max_retries: 3) do
+        retry_errors([Aws::Json::ParseError], max_retries: 3) do
           c = Aws::Json.load(get_credentials.to_s)
           if empty_credentials?(@credentials)
             @credentials = Credentials.new(
@@ -173,7 +188,6 @@ module Aws
               end
             end
           end
-
         end
       rescue Aws::Json::ParseError
         raise Aws::Errors::MetadataParserError
@@ -191,34 +205,14 @@ module Aws
             open_connection do |conn|
               # attempt to fetch token to start secure flow first
               # and rescue to failover
-              begin
-                retry_errors(NETWORK_ERRORS, max_retries: @retries) do
-                  unless token_set?
-                    created_time = Time.now
-                    token_value, ttl = http_put(
-                      conn, METADATA_TOKEN_PATH, @token_ttl
-                    )
-                    @token = Token.new(token_value, ttl, created_time) if token_value && ttl
-                  end
-                end
-              rescue *NETWORK_ERRORS
-                # token attempt failed, reset token
-                # fallback to non-token mode
-                @token = nil
-              end
-
+              fetch_token(conn) unless @imds_v1_fallback
               token = @token.value if token_set?
 
-              begin
-                metadata = http_get(conn, METADATA_PATH_BASE, token)
-                profile_name = metadata.lines.first.strip
-                http_get(conn, METADATA_PATH_BASE + profile_name, token)
-              rescue TokenExpiredError
-                # Token has expired, reset it
-                # The next retry should fetch it
-                @token = nil
-                raise Non200Response
-              end
+              # disable insecure flow if we couldn't get token
+              # and imds v1 is disabled
+              raise TokenRetrivalError if token.nil? && @disable_imds_v1
+
+              _get_credentials(conn, token)
             end
           end
         rescue
@@ -227,6 +221,36 @@ module Aws
       end
     end
 
+    def fetch_token(conn)
+      retry_errors(NETWORK_ERRORS, max_retries: @retries) do
+        unless token_set?
+          created_time = Time.now
+          token_value, ttl = http_put(
+            conn, METADATA_TOKEN_PATH, @token_ttl
+          )
+          @token = Token.new(token_value, ttl, created_time) if token_value && ttl
+        end
+      end
+    rescue *NETWORK_ERRORS
+      # token attempt failed, reset token
+      # fallback to non-token mode
+      @token = nil
+      @imds_v1_fallback = true
+    end
+
+    # token is optional - if nil, uses v1 (insecure) flow
+    def _get_credentials(conn, token)
+      metadata = http_get(conn, METADATA_PATH_BASE, token)
+      profile_name = metadata.lines.first.strip
+      http_get(conn, METADATA_PATH_BASE + profile_name, token)
+    rescue TokenExpiredError
+      # Token has expired, reset it
+      # The next retry should fetch it
+      @token = nil
+      @imds_v1_fallback = false
+      raise Non200Response
+    end
+
     def token_set?
       @token && !@token.expired?
     end
@@ -276,8 +300,6 @@ module Aws
         ]
       when 400
         raise TokenRetrivalError
-      when 401
-        raise TokenExpiredError
       else
         raise Non200Response
       end

data/lib/aws-sdk-core/json/handler.rb

@@ -59,7 +59,10 @@ module Aws
             end
             resp_struct
           else
-            Parser.new(rules).parse(json == '' ? '{}' : json)
+            Parser.new(
+              rules,
+              query_compatible: query_compatible?(context)
+            ).parse(json == '' ? '{}' : json)
           end
         else
           EmptyStructure.new
@@ -83,6 +86,10 @@ module Aws
         context.config.simple_json
       end
 
+      def query_compatible?(context)
+        context.config.api.metadata.key?('awsQueryCompatible')
+      end
+
     end
   end
 end

data/lib/aws-sdk-core/json/parser.rb

@@ -10,8 +10,9 @@ module Aws
       include Seahorse::Model::Shapes
 
       # @param [Seahorse::Model::ShapeRef] rules
-      def initialize(rules)
+      def initialize(rules, query_compatible: false)
         @rules = rules
+        @query_compatible = query_compatible
       end
 
       # @param [String<JSON>] json
@@ -28,10 +29,26 @@ module Aws
           member_name, member_ref = shape.member_by_location_name(key)
           if member_ref
             target[member_name] = parse_ref(member_ref, value)
-          elsif shape.union
+          elsif shape.union && key != '__type'
             target[:unknown] = { 'name' => key, 'value' => value }
           end
         end
+        # In services that were previously Query/XML, members that were
+        # "flattened" defaulted to empty lists. In JSON, these values are nil,
+        # which is backwards incompatible. To preserve backwards compatibility,
+        # we set a default value of [] for these members.
+        if @query_compatible
+          ref.shape.members.each do |member_name, member_target|
+            next unless target[member_name].nil?
+
+            if flattened_list?(member_target.shape)
+              target[member_name] = []
+            elsif flattened_map?(member_target.shape)
+              target[member_name] = {}
+            end
+          end
+        end
+
         if shape.union
           # convert to subclass
           member_subclass = shape.member_subclass(target.member).new
@@ -79,6 +96,14 @@ module Aws
         value.is_a?(Numeric) ? Time.at(value) : Time.parse(value)
       end
 
+      def flattened_list?(shape)
+        shape.is_a?(ListShape) && shape.flattened
+      end
+
+      def flattened_map?(shape)
+        shape.is_a?(MapShape) && shape.flattened
+      end
+
     end
   end
 end

data/lib/aws-sdk-core/rest/request/querystring_builder.rb

@@ -4,9 +4,16 @@ module Aws
   module Rest
     module Request
       class QuerystringBuilder
-
         include Seahorse::Model::Shapes
 
+        SUPPORTED_TYPES = [
+          BooleanShape,
+          FloatShape,
+          IntegerShape,
+          StringShape,
+          TimestampShape
+        ].freeze
+
         # Provide shape references and param values:
         #
         #     [
@@ -33,29 +40,12 @@ module Aws
         def build_part(shape_ref, param_value)
           case shape_ref.shape
           # supported scalar types
-          when StringShape, BooleanShape, FloatShape, IntegerShape, StringShape
-            param_name = shape_ref.location_name
-            "#{param_name}=#{escape(param_value.to_s)}"
-          when TimestampShape
-            param_name = shape_ref.location_name
-            "#{param_name}=#{escape(timestamp(shape_ref, param_value))}"
+          when *SUPPORTED_TYPES
+            "#{shape_ref.location_name}=#{query_value(shape_ref, param_value)}"
           when MapShape
-            if StringShape === shape_ref.shape.value.shape
-              query_map_of_string(param_value)
-            elsif ListShape === shape_ref.shape.value.shape
-              query_map_of_string_list(param_value)
-            else
-              msg = "only map of string and string list supported"
-              raise NotImplementedError, msg
-            end
+            generate_query_map(shape_ref, param_value)
           when ListShape
-            if StringShape === shape_ref.shape.member.shape
-              list_of_strings(shape_ref.location_name, param_value)
-            else
-              msg = "Only list of strings supported, got "\
-                    "#{shape_ref.shape.member.shape.class.name}"
-              raise NotImplementedError, msg
-            end
+            generate_query_list(shape_ref, param_value)
           else
             raise NotImplementedError
           end
@@ -71,6 +61,37 @@ module Aws
           end
         end
 
+        def query_value(ref, value)
+          case ref.shape
+          when TimestampShape
+            escape(timestamp(ref, value))
+          when *SUPPORTED_TYPES
+            escape(value.to_s)
+          else
+            raise NotImplementedError
+          end
+        end
+
+        def generate_query_list(ref, values)
+          member_ref = ref.shape.member
+          values.map do |value|
+            value = query_value(member_ref, value)
+            "#{ref.location_name}=#{value}"
+          end
+        end
+
+        def generate_query_map(ref, value)
+          case ref.shape.value.shape
+          when StringShape
+            query_map_of_string(value)
+          when ListShape
+            query_map_of_string_list(value)
+          else
+            msg = 'Only map of string and string list supported'
+            raise NotImplementedError, msg
+          end
+        end
+
         def query_map_of_string(hash)
           list = []
           hash.each_pair do |key, value|
@@ -89,16 +110,9 @@ module Aws
           list
         end
 
-        def list_of_strings(name, values)
-          values.map do |value|
-            "#{name}=#{escape(value)}"
-          end
-        end
-
         def escape(string)
           Seahorse::Util.uri_escape(string)
         end
-
       end
     end
   end

data/lib/aws-sdk-core/shared_config.rb

@@ -205,6 +205,7 @@ module Aws
       :use_fips_endpoint,
       :ec2_metadata_service_endpoint,
       :ec2_metadata_service_endpoint_mode,
+      :ec2_metadata_v1_disabled,
       :max_attempts,
       :retry_mode,
       :adaptive_retry_wait_to_fill,

data/lib/aws-sdk-sso/client.rb

@@ -605,7 +605,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.185.0'
+      context[:gem_version] = '3.187.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso.rb

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
 
-  GEM_VERSION = '3.185.0'
+  GEM_VERSION = '3.187.1'
 
 end