aws-sdk-core 3.185.1 → 3.214.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +409 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +1 -2
- data/lib/aws-defaults.rb +4 -1
- data/lib/aws-sdk-core/assume_role_credentials.rb +12 -5
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +13 -7
- data/lib/aws-sdk-core/binary/decode_handler.rb +3 -9
- data/lib/aws-sdk-core/binary/encode_handler.rb +1 -1
- data/lib/aws-sdk-core/binary/event_builder.rb +34 -37
- data/lib/aws-sdk-core/binary/event_stream_decoder.rb +1 -0
- data/lib/aws-sdk-core/binary/event_stream_encoder.rb +4 -3
- data/lib/aws-sdk-core/cbor/decoder.rb +310 -0
- data/lib/aws-sdk-core/cbor/encoder.rb +243 -0
- data/lib/aws-sdk-core/cbor.rb +53 -0
- data/lib/aws-sdk-core/client_side_monitoring.rb +9 -0
- data/lib/aws-sdk-core/client_stubs.rb +23 -19
- data/lib/aws-sdk-core/credential_provider.rb +1 -1
- data/lib/aws-sdk-core/credential_provider_chain.rb +13 -6
- data/lib/aws-sdk-core/credentials.rb +13 -6
- data/lib/aws-sdk-core/ec2_metadata.rb +1 -1
- data/lib/aws-sdk-core/ecs_credentials.rb +78 -11
- data/lib/aws-sdk-core/endpoints/endpoint.rb +3 -1
- data/lib/aws-sdk-core/endpoints/matchers.rb +6 -9
- data/lib/aws-sdk-core/endpoints.rb +74 -18
- data/lib/aws-sdk-core/error_handler.rb +41 -0
- data/lib/aws-sdk-core/errors.rb +11 -2
- data/lib/aws-sdk-core/event_emitter.rb +0 -16
- data/lib/aws-sdk-core/instance_profile_credentials.rb +55 -32
- data/lib/aws-sdk-core/json/builder.rb +8 -1
- data/lib/aws-sdk-core/json/error_handler.rb +17 -11
- data/lib/aws-sdk-core/json/handler.rb +13 -6
- data/lib/aws-sdk-core/json/json_engine.rb +3 -1
- data/lib/aws-sdk-core/json/oj_engine.rb +7 -1
- data/lib/aws-sdk-core/json/parser.rb +32 -2
- data/lib/aws-sdk-core/json.rb +43 -14
- data/lib/aws-sdk-core/log/param_filter.rb +2 -2
- data/lib/aws-sdk-core/log.rb +10 -0
- data/lib/aws-sdk-core/lru_cache.rb +75 -0
- data/lib/aws-sdk-core/pageable_response.rb +1 -1
- data/lib/aws-sdk-core/param_validator.rb +7 -2
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +2 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +6 -3
- data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +1 -0
- data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +14 -2
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +9 -3
- data/lib/aws-sdk-core/plugins/global_configuration.rb +8 -9
- data/lib/aws-sdk-core/plugins/http_checksum.rb +2 -1
- data/lib/aws-sdk-core/plugins/invocation_id.rb +1 -11
- data/lib/aws-sdk-core/plugins/logging.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +3 -1
- data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -24
- data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +6 -8
- data/lib/aws-sdk-core/plugins/protocols/query.rb +4 -2
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +3 -15
- data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +3 -0
- data/lib/aws-sdk-core/plugins/protocols/rpc_v2.rb +17 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +74 -25
- data/lib/aws-sdk-core/plugins/request_compression.rb +11 -2
- data/lib/aws-sdk-core/plugins/retry_errors.rb +12 -3
- data/lib/aws-sdk-core/plugins/sign.rb +27 -15
- data/lib/aws-sdk-core/plugins/signature_v2.rb +2 -1
- data/lib/aws-sdk-core/plugins/signature_v4.rb +2 -1
- data/lib/aws-sdk-core/plugins/stub_responses.rb +30 -2
- data/lib/aws-sdk-core/plugins/telemetry.rb +75 -0
- data/lib/aws-sdk-core/plugins/transfer_encoding.rb +16 -9
- data/lib/aws-sdk-core/plugins/user_agent.rb +70 -26
- data/lib/aws-sdk-core/plugins.rb +39 -0
- data/lib/aws-sdk-core/process_credentials.rb +47 -28
- data/lib/aws-sdk-core/query/ec2_handler.rb +27 -0
- data/lib/aws-sdk-core/query/ec2_param_builder.rb +5 -7
- data/lib/aws-sdk-core/query/handler.rb +4 -4
- data/lib/aws-sdk-core/query/param_builder.rb +2 -2
- data/lib/aws-sdk-core/query.rb +2 -1
- data/lib/aws-sdk-core/refreshing_credentials.rb +12 -6
- data/lib/aws-sdk-core/resources.rb +8 -0
- data/lib/aws-sdk-core/rest/content_type_handler.rb +60 -0
- data/lib/aws-sdk-core/rest/handler.rb +3 -4
- data/lib/aws-sdk-core/rest/request/body.rb +32 -5
- data/lib/aws-sdk-core/rest/request/endpoint.rb +24 -4
- data/lib/aws-sdk-core/rest/request/headers.rb +14 -6
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +62 -36
- data/lib/aws-sdk-core/rest/response/body.rb +15 -1
- data/lib/aws-sdk-core/rest/response/header_list_parser.rb +79 -0
- data/lib/aws-sdk-core/rest/response/headers.rb +8 -3
- data/lib/aws-sdk-core/rest.rb +1 -0
- data/lib/aws-sdk-core/rpc_v2/builder.rb +62 -0
- data/lib/aws-sdk-core/rpc_v2/cbor_engine.rb +18 -0
- data/lib/aws-sdk-core/rpc_v2/content_type_handler.rb +47 -0
- data/lib/aws-sdk-core/rpc_v2/error_handler.rb +85 -0
- data/lib/aws-sdk-core/rpc_v2/handler.rb +79 -0
- data/lib/aws-sdk-core/rpc_v2/parser.rb +90 -0
- data/lib/aws-sdk-core/rpc_v2.rb +69 -0
- data/lib/aws-sdk-core/shared_config.rb +7 -2
- data/lib/aws-sdk-core/shared_credentials.rb +0 -7
- data/lib/aws-sdk-core/sso_credentials.rb +2 -1
- data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +12 -11
- data/lib/aws-sdk-core/stubbing/protocols/json.rb +11 -10
- data/lib/aws-sdk-core/stubbing/protocols/query.rb +7 -6
- data/lib/aws-sdk-core/stubbing/protocols/rest.rb +2 -1
- data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +9 -8
- data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +6 -5
- data/lib/aws-sdk-core/stubbing/protocols/rpc_v2.rb +39 -0
- data/lib/aws-sdk-core/stubbing.rb +22 -0
- data/lib/aws-sdk-core/telemetry/base.rb +177 -0
- data/lib/aws-sdk-core/telemetry/no_op.rb +70 -0
- data/lib/aws-sdk-core/telemetry/otel.rb +235 -0
- data/lib/aws-sdk-core/telemetry/span_kind.rb +22 -0
- data/lib/aws-sdk-core/telemetry/span_status.rb +59 -0
- data/lib/aws-sdk-core/telemetry.rb +78 -0
- data/lib/aws-sdk-core/util.rb +39 -0
- data/lib/aws-sdk-core/waiters/poller.rb +10 -5
- data/lib/aws-sdk-core/xml/builder.rb +17 -9
- data/lib/aws-sdk-core/xml/error_handler.rb +32 -42
- data/lib/aws-sdk-core/xml/parser/frame.rb +4 -20
- data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
- data/lib/aws-sdk-core/xml/parser.rb +2 -6
- data/lib/aws-sdk-core.rb +82 -107
- data/lib/aws-sdk-sso/client.rb +119 -55
- data/lib/aws-sdk-sso/client_api.rb +7 -0
- data/lib/aws-sdk-sso/endpoint_parameters.rb +9 -6
- data/lib/aws-sdk-sso/endpoints.rb +2 -54
- data/lib/aws-sdk-sso/plugins/endpoints.rb +23 -22
- data/lib/aws-sdk-sso/types.rb +1 -0
- data/lib/aws-sdk-sso.rb +15 -11
- data/lib/aws-sdk-ssooidc/client.rb +504 -83
- data/lib/aws-sdk-ssooidc/client_api.rb +83 -1
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +9 -6
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +2 -2
- data/lib/aws-sdk-ssooidc/endpoints.rb +2 -40
- data/lib/aws-sdk-ssooidc/errors.rb +52 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +23 -20
- data/lib/aws-sdk-ssooidc/types.rb +373 -51
- data/lib/aws-sdk-ssooidc.rb +15 -11
- data/lib/aws-sdk-sts/client.rb +334 -105
- data/lib/aws-sdk-sts/client_api.rb +36 -10
- data/lib/aws-sdk-sts/customizations.rb +5 -1
- data/lib/aws-sdk-sts/endpoint_parameters.rb +10 -9
- data/lib/aws-sdk-sts/endpoint_provider.rb +2 -2
- data/lib/aws-sdk-sts/endpoints.rb +2 -118
- data/lib/aws-sdk-sts/plugins/endpoints.rb +23 -30
- data/lib/aws-sdk-sts/presigner.rb +1 -1
- data/lib/aws-sdk-sts/types.rb +188 -30
- data/lib/aws-sdk-sts.rb +15 -11
- data/lib/seahorse/client/async_base.rb +1 -1
- data/lib/seahorse/client/async_response.rb +19 -0
- data/lib/seahorse/client/base.rb +18 -7
- data/lib/seahorse/client/h2/handler.rb +14 -3
- data/lib/seahorse/client/handler.rb +1 -1
- data/lib/seahorse/client/net_http/connection_pool.rb +11 -11
- data/lib/seahorse/client/net_http/handler.rb +21 -9
- data/lib/seahorse/client/net_http/patches.rb +1 -4
- data/lib/seahorse/client/plugin.rb +9 -0
- data/lib/seahorse/client/plugins/endpoint.rb +0 -1
- data/lib/seahorse/client/plugins/h2.rb +3 -3
- data/lib/seahorse/client/plugins/net_http.rb +57 -16
- data/lib/seahorse/client/request_context.rb +8 -1
- data/lib/seahorse/model/shapes.rb +2 -2
- data/sig/aws-sdk-core/client_stubs.rbs +10 -0
- data/sig/aws-sdk-core/errors.rbs +22 -0
- data/sig/aws-sdk-core/resources/collection.rbs +21 -0
- data/sig/aws-sdk-core/structure.rbs +4 -0
- data/sig/aws-sdk-core/telemetry/base.rbs +46 -0
- data/sig/aws-sdk-core/telemetry/otel.rbs +22 -0
- data/sig/aws-sdk-core/telemetry/span_kind.rbs +15 -0
- data/sig/aws-sdk-core/telemetry/span_status.rbs +24 -0
- data/sig/aws-sdk-core/waiters/errors.rbs +20 -0
- data/sig/aws-sdk-core.rbs +7 -0
- data/sig/seahorse/client/base.rbs +25 -0
- data/sig/seahorse/client/handler_builder.rbs +16 -0
- data/sig/seahorse/client/response.rbs +61 -0
- metadata +61 -19
- /data/lib/aws-sdk-core/xml/parser/{engines/libxml.rb → libxml_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/nokogiri.rb → nokogiri_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/oga.rb → oga_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/ox.rb → ox_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/rexml.rb → rexml_engine.rb} +0 -0
|
@@ -45,7 +45,8 @@ module Aws
|
|
|
45
45
|
Credentials.new(
|
|
46
46
|
options[:config].access_key_id,
|
|
47
47
|
options[:config].secret_access_key,
|
|
48
|
-
options[:config].session_token
|
|
48
|
+
options[:config].session_token,
|
|
49
|
+
account_id: options[:config].account_id
|
|
49
50
|
)
|
|
50
51
|
end
|
|
51
52
|
end
|
|
@@ -84,7 +85,7 @@ module Aws
|
|
|
84
85
|
def static_profile_process_credentials(options)
|
|
85
86
|
if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
|
|
86
87
|
process_provider = Aws.shared_config.credential_process(profile: options[:config].profile)
|
|
87
|
-
ProcessCredentials.new(process_provider) if process_provider
|
|
88
|
+
ProcessCredentials.new([process_provider]) if process_provider
|
|
88
89
|
end
|
|
89
90
|
rescue Errors::NoSuchProfileError
|
|
90
91
|
nil
|
|
@@ -94,7 +95,13 @@ module Aws
|
|
|
94
95
|
key = %w[AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY]
|
|
95
96
|
secret = %w[AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY]
|
|
96
97
|
token = %w[AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN]
|
|
97
|
-
|
|
98
|
+
account_id = %w[AWS_ACCOUNT_ID]
|
|
99
|
+
Credentials.new(
|
|
100
|
+
envar(key),
|
|
101
|
+
envar(secret),
|
|
102
|
+
envar(token),
|
|
103
|
+
account_id: envar(account_id)
|
|
104
|
+
)
|
|
98
105
|
end
|
|
99
106
|
|
|
100
107
|
def envar(keys)
|
|
@@ -117,9 +124,9 @@ module Aws
|
|
|
117
124
|
|
|
118
125
|
def process_credentials(options)
|
|
119
126
|
profile_name = determine_profile_name(options)
|
|
120
|
-
if Aws.shared_config.config_enabled?
|
|
121
|
-
|
|
122
|
-
ProcessCredentials.new(process_provider)
|
|
127
|
+
if Aws.shared_config.config_enabled?
|
|
128
|
+
process_provider = Aws.shared_config.credential_process(profile: profile_name)
|
|
129
|
+
ProcessCredentials.new([process_provider]) if process_provider
|
|
123
130
|
end
|
|
124
131
|
rescue Errors::NoSuchProfileError
|
|
125
132
|
nil
|
|
@@ -6,21 +6,28 @@ module Aws
|
|
|
6
6
|
# @param [String] access_key_id
|
|
7
7
|
# @param [String] secret_access_key
|
|
8
8
|
# @param [String] session_token (nil)
|
|
9
|
-
|
|
9
|
+
# @param [Hash] kwargs
|
|
10
|
+
# @option kwargs [String] :credential_scope (nil)
|
|
11
|
+
def initialize(access_key_id, secret_access_key, session_token = nil,
|
|
12
|
+
**kwargs)
|
|
10
13
|
@access_key_id = access_key_id
|
|
11
14
|
@secret_access_key = secret_access_key
|
|
12
15
|
@session_token = session_token
|
|
16
|
+
@account_id = kwargs[:account_id]
|
|
13
17
|
end
|
|
14
18
|
|
|
15
|
-
# @return [String
|
|
19
|
+
# @return [String]
|
|
16
20
|
attr_reader :access_key_id
|
|
17
21
|
|
|
18
|
-
# @return [String
|
|
22
|
+
# @return [String]
|
|
19
23
|
attr_reader :secret_access_key
|
|
20
24
|
|
|
21
25
|
# @return [String, nil]
|
|
22
26
|
attr_reader :session_token
|
|
23
27
|
|
|
28
|
+
# @return [String, nil]
|
|
29
|
+
attr_reader :account_id
|
|
30
|
+
|
|
24
31
|
# @return [Credentials]
|
|
25
32
|
def credentials
|
|
26
33
|
self
|
|
@@ -30,9 +37,9 @@ module Aws
|
|
|
30
37
|
# access key are both set.
|
|
31
38
|
def set?
|
|
32
39
|
!access_key_id.nil? &&
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
40
|
+
!access_key_id.empty? &&
|
|
41
|
+
!secret_access_key.nil? &&
|
|
42
|
+
!secret_access_key.empty?
|
|
36
43
|
end
|
|
37
44
|
|
|
38
45
|
# Removing the secret access key from the default inspect string.
|
|
@@ -183,7 +183,7 @@ module Aws
|
|
|
183
183
|
|
|
184
184
|
def open_connection
|
|
185
185
|
uri = URI.parse(@endpoint)
|
|
186
|
-
http = Net::HTTP.new(uri.hostname || @endpoint,
|
|
186
|
+
http = Net::HTTP.new(uri.hostname || @endpoint, uri.port || @port)
|
|
187
187
|
http.open_timeout = @http_open_timeout
|
|
188
188
|
http.read_timeout = @http_read_timeout
|
|
189
189
|
http.set_debug_output(@http_debug_output) if @http_debug_output
|
|
@@ -6,7 +6,7 @@ require 'resolv'
|
|
|
6
6
|
|
|
7
7
|
module Aws
|
|
8
8
|
# An auto-refreshing credential provider that loads credentials from
|
|
9
|
-
# instances running in
|
|
9
|
+
# instances running in containers.
|
|
10
10
|
#
|
|
11
11
|
# ecs_credentials = Aws::ECSCredentials.new(retries: 3)
|
|
12
12
|
# ec2 = Aws::EC2::Client.new(credentials: ecs_credentials)
|
|
@@ -17,6 +17,12 @@ module Aws
|
|
|
17
17
|
# @api private
|
|
18
18
|
class Non200Response < RuntimeError; end
|
|
19
19
|
|
|
20
|
+
# Raised when the token file cannot be read.
|
|
21
|
+
class TokenFileReadError < RuntimeError; end
|
|
22
|
+
|
|
23
|
+
# Raised when the token file is invalid.
|
|
24
|
+
class InvalidTokenError < RuntimeError; end
|
|
25
|
+
|
|
20
26
|
# These are the errors we trap when attempting to talk to the
|
|
21
27
|
# instance metadata service. Any of these imply the service
|
|
22
28
|
# is not present, no responding or some other non-recoverable
|
|
@@ -41,7 +47,7 @@ module Aws
|
|
|
41
47
|
# is set and `credential_path` is not set.
|
|
42
48
|
# @option options [String] :credential_path By default, the value of the
|
|
43
49
|
# AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable.
|
|
44
|
-
# @option options [String] :endpoint The
|
|
50
|
+
# @option options [String] :endpoint The container credential endpoint.
|
|
45
51
|
# By default, this is the value of the AWS_CONTAINER_CREDENTIALS_FULL_URI
|
|
46
52
|
# environment variable. This value is ignored if `credential_path` or
|
|
47
53
|
# ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] is set.
|
|
@@ -64,7 +70,6 @@ module Aws
|
|
|
64
70
|
endpoint = options[:endpoint] ||
|
|
65
71
|
ENV['AWS_CONTAINER_CREDENTIALS_FULL_URI']
|
|
66
72
|
initialize_uri(options, credential_path, endpoint)
|
|
67
|
-
@authorization_token = ENV['AWS_CONTAINER_AUTHORIZATION_TOKEN']
|
|
68
73
|
|
|
69
74
|
@retries = options[:retries] || 5
|
|
70
75
|
@http_open_timeout = options[:http_open_timeout] || 5
|
|
@@ -103,11 +108,18 @@ module Aws
|
|
|
103
108
|
|
|
104
109
|
def initialize_full_uri(endpoint)
|
|
105
110
|
uri = URI.parse(endpoint)
|
|
111
|
+
validate_full_uri_scheme!(uri)
|
|
106
112
|
validate_full_uri!(uri)
|
|
107
|
-
@host = uri.
|
|
113
|
+
@host = uri.hostname
|
|
108
114
|
@port = uri.port
|
|
109
115
|
@scheme = uri.scheme
|
|
110
|
-
@credential_path = uri.
|
|
116
|
+
@credential_path = uri.request_uri
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
def validate_full_uri_scheme!(full_uri)
|
|
120
|
+
return if full_uri.is_a?(URI::HTTP) || full_uri.is_a?(URI::HTTPS)
|
|
121
|
+
|
|
122
|
+
raise ArgumentError, "'#{full_uri}' must be a valid HTTP or HTTPS URI"
|
|
111
123
|
end
|
|
112
124
|
|
|
113
125
|
# Validate that the full URI is using a loopback address if scheme is http.
|
|
@@ -115,19 +127,24 @@ module Aws
|
|
|
115
127
|
return unless full_uri.scheme == 'http'
|
|
116
128
|
|
|
117
129
|
begin
|
|
118
|
-
return if
|
|
130
|
+
return if valid_ip_address?(IPAddr.new(full_uri.host))
|
|
119
131
|
rescue IPAddr::InvalidAddressError
|
|
120
132
|
addresses = Resolv.getaddresses(full_uri.host)
|
|
121
|
-
return if addresses.all? { |addr|
|
|
133
|
+
return if addresses.all? { |addr| valid_ip_address?(IPAddr.new(addr)) }
|
|
122
134
|
end
|
|
123
135
|
|
|
124
136
|
raise ArgumentError,
|
|
125
|
-
'AWS_CONTAINER_CREDENTIALS_FULL_URI must use a loopback '\
|
|
126
|
-
'address when using the http scheme.'
|
|
137
|
+
'AWS_CONTAINER_CREDENTIALS_FULL_URI must use a local loopback '\
|
|
138
|
+
'or an ECS or EKS link-local address when using the http scheme.'
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
def valid_ip_address?(ip_address)
|
|
142
|
+
ip_loopback?(ip_address) || ecs_or_eks_ip?(ip_address)
|
|
127
143
|
end
|
|
128
144
|
|
|
129
145
|
# loopback? method is available in Ruby 2.5+
|
|
130
146
|
# Replicate the logic here.
|
|
147
|
+
# loopback (IPv4 127.0.0.0/8, IPv6 ::1/128)
|
|
131
148
|
def ip_loopback?(ip_address)
|
|
132
149
|
case ip_address.family
|
|
133
150
|
when Socket::AF_INET
|
|
@@ -139,6 +156,20 @@ module Aws
|
|
|
139
156
|
end
|
|
140
157
|
end
|
|
141
158
|
|
|
159
|
+
# Verify that the IP address is a link-local address from ECS or EKS.
|
|
160
|
+
# ECS container host (IPv4 `169.254.170.2`)
|
|
161
|
+
# EKS container host (IPv4 `169.254.170.23`, IPv6 `fd00:ec2::23`)
|
|
162
|
+
def ecs_or_eks_ip?(ip_address)
|
|
163
|
+
case ip_address.family
|
|
164
|
+
when Socket::AF_INET
|
|
165
|
+
[0xa9feaa02, 0xa9feaa17].include?(ip_address)
|
|
166
|
+
when Socket::AF_INET6
|
|
167
|
+
ip_address == 0xfd00_0ec2_0000_0000_0000_0000_0000_0023
|
|
168
|
+
else
|
|
169
|
+
false
|
|
170
|
+
end
|
|
171
|
+
end
|
|
172
|
+
|
|
142
173
|
def backoff(backoff)
|
|
143
174
|
case backoff
|
|
144
175
|
when Proc then backoff
|
|
@@ -174,10 +205,37 @@ module Aws
|
|
|
174
205
|
http_get(conn, @credential_path)
|
|
175
206
|
end
|
|
176
207
|
end
|
|
177
|
-
rescue
|
|
208
|
+
rescue TokenFileReadError, InvalidTokenError
|
|
209
|
+
raise
|
|
210
|
+
rescue StandardError => e
|
|
211
|
+
warn("Error retrieving ECS Credentials: #{e.message}")
|
|
178
212
|
'{}'
|
|
179
213
|
end
|
|
180
214
|
|
|
215
|
+
def fetch_authorization_token
|
|
216
|
+
if (path = ENV['AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE'])
|
|
217
|
+
fetch_authorization_token_file(path)
|
|
218
|
+
elsif (token = ENV['AWS_CONTAINER_AUTHORIZATION_TOKEN'])
|
|
219
|
+
token
|
|
220
|
+
end
|
|
221
|
+
end
|
|
222
|
+
|
|
223
|
+
def fetch_authorization_token_file(path)
|
|
224
|
+
File.read(path).strip
|
|
225
|
+
rescue Errno::ENOENT
|
|
226
|
+
raise TokenFileReadError,
|
|
227
|
+
'AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE is set '\
|
|
228
|
+
"but the file doesn't exist: #{path}"
|
|
229
|
+
end
|
|
230
|
+
|
|
231
|
+
def validate_authorization_token!(token)
|
|
232
|
+
return unless token.include?("\r\n")
|
|
233
|
+
|
|
234
|
+
raise InvalidTokenError,
|
|
235
|
+
'Invalid Authorization token: token contains '\
|
|
236
|
+
'a newline and carriage return character.'
|
|
237
|
+
end
|
|
238
|
+
|
|
181
239
|
def open_connection
|
|
182
240
|
http = Net::HTTP.new(@host, @port, nil)
|
|
183
241
|
http.open_timeout = @http_open_timeout
|
|
@@ -190,18 +248,27 @@ module Aws
|
|
|
190
248
|
|
|
191
249
|
def http_get(connection, path)
|
|
192
250
|
request = Net::HTTP::Get.new(path)
|
|
193
|
-
request
|
|
251
|
+
set_authorization_token(request)
|
|
194
252
|
response = connection.request(request)
|
|
195
253
|
raise Non200Response unless response.code.to_i == 200
|
|
196
254
|
|
|
197
255
|
response.body
|
|
198
256
|
end
|
|
199
257
|
|
|
258
|
+
def set_authorization_token(request)
|
|
259
|
+
if (authorization_token = fetch_authorization_token)
|
|
260
|
+
validate_authorization_token!(authorization_token)
|
|
261
|
+
request['Authorization'] = authorization_token
|
|
262
|
+
end
|
|
263
|
+
end
|
|
264
|
+
|
|
200
265
|
def retry_errors(error_classes, options = {})
|
|
201
266
|
max_retries = options[:max_retries]
|
|
202
267
|
retries = 0
|
|
203
268
|
begin
|
|
204
269
|
yield
|
|
270
|
+
rescue TokenFileReadError, InvalidTokenError
|
|
271
|
+
raise
|
|
205
272
|
rescue *error_classes => _e
|
|
206
273
|
raise unless retries < max_retries
|
|
207
274
|
|
|
@@ -3,15 +3,17 @@
|
|
|
3
3
|
module Aws
|
|
4
4
|
module Endpoints
|
|
5
5
|
class Endpoint
|
|
6
|
-
def initialize(url:, properties: {}, headers: {})
|
|
6
|
+
def initialize(url:, properties: {}, headers: {}, metadata: {})
|
|
7
7
|
@url = url
|
|
8
8
|
@properties = properties
|
|
9
9
|
@headers = headers
|
|
10
|
+
@metadata = metadata
|
|
10
11
|
end
|
|
11
12
|
|
|
12
13
|
attr_reader :url
|
|
13
14
|
attr_reader :properties
|
|
14
15
|
attr_reader :headers
|
|
16
|
+
attr_reader :metadata
|
|
15
17
|
end
|
|
16
18
|
end
|
|
17
19
|
end
|
|
@@ -28,7 +28,11 @@ module Aws
|
|
|
28
28
|
|
|
29
29
|
val = if (index = parts.first[BRACKET_REGEX, 1])
|
|
30
30
|
# remove brackets and index from part before indexing
|
|
31
|
-
|
|
31
|
+
if (base = parts.first.gsub(BRACKET_REGEX, '')) && !base.empty?
|
|
32
|
+
value[base][index.to_i]
|
|
33
|
+
else
|
|
34
|
+
value[index.to_i]
|
|
35
|
+
end
|
|
32
36
|
else
|
|
33
37
|
value[parts.first]
|
|
34
38
|
end
|
|
@@ -90,14 +94,7 @@ module Aws
|
|
|
90
94
|
|
|
91
95
|
# aws.partition(value: string) Option<Partition>
|
|
92
96
|
def self.aws_partition(value)
|
|
93
|
-
partition
|
|
94
|
-
Aws::Partitions.find { |p| p.region?(value) } ||
|
|
95
|
-
Aws::Partitions.find { |p| value.match(p.region_regex) } ||
|
|
96
|
-
Aws::Partitions.find { |p| p.name == 'aws' }
|
|
97
|
-
|
|
98
|
-
return nil unless partition
|
|
99
|
-
|
|
100
|
-
partition.metadata
|
|
97
|
+
Aws::Partitions::Metadata.partition(value)
|
|
101
98
|
end
|
|
102
99
|
|
|
103
100
|
# aws.parseArn(value: string) Option<ARN>
|
|
@@ -14,9 +14,18 @@ require_relative 'endpoints/templater'
|
|
|
14
14
|
require_relative 'endpoints/tree_rule'
|
|
15
15
|
require_relative 'endpoints/url'
|
|
16
16
|
|
|
17
|
+
require 'aws-sigv4'
|
|
18
|
+
|
|
17
19
|
module Aws
|
|
18
20
|
# @api private
|
|
19
21
|
module Endpoints
|
|
22
|
+
SUPPORTED_AUTH_TRAITS = %w[
|
|
23
|
+
aws.auth#sigv4
|
|
24
|
+
aws.auth#sigv4a
|
|
25
|
+
smithy.api#httpBearerAuth
|
|
26
|
+
smithy.api#noAuth
|
|
27
|
+
].freeze
|
|
28
|
+
|
|
20
29
|
class << self
|
|
21
30
|
def resolve_auth_scheme(context, endpoint)
|
|
22
31
|
if endpoint && (auth_schemes = endpoint.properties['authSchemes'])
|
|
@@ -33,8 +42,71 @@ module Aws
|
|
|
33
42
|
|
|
34
43
|
private
|
|
35
44
|
|
|
45
|
+
def merge_signing_defaults(auth_scheme, config)
|
|
46
|
+
if %w[sigv4 sigv4a sigv4-s3express].include?(auth_scheme['name'])
|
|
47
|
+
auth_scheme['signingName'] ||= sigv4_name(config)
|
|
48
|
+
|
|
49
|
+
# back fill disableNormalizePath for S3 until it gets correctly set in the rules
|
|
50
|
+
if auth_scheme['signingName'] == 's3' &&
|
|
51
|
+
!auth_scheme.include?('disableNormalizePath') &&
|
|
52
|
+
auth_scheme.include?('disableDoubleEncoding')
|
|
53
|
+
auth_scheme['disableNormalizePath'] = auth_scheme['disableDoubleEncoding']
|
|
54
|
+
end
|
|
55
|
+
if auth_scheme['name'] == 'sigv4a'
|
|
56
|
+
# config option supersedes endpoint properties
|
|
57
|
+
auth_scheme['signingRegionSet'] =
|
|
58
|
+
config.sigv4a_signing_region_set || auth_scheme['signingRegionSet'] || [config.region]
|
|
59
|
+
else
|
|
60
|
+
auth_scheme['signingRegion'] ||= config.region
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
auth_scheme
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
def sigv4_name(config)
|
|
67
|
+
config.api.metadata['signingName'] ||
|
|
68
|
+
config.api.metadata['endpointPrefix']
|
|
69
|
+
end
|
|
70
|
+
|
|
36
71
|
def default_auth_scheme(context)
|
|
37
|
-
|
|
72
|
+
if (auth_list = default_api_auth(context))
|
|
73
|
+
auth = auth_list.find { |a| SUPPORTED_AUTH_TRAITS.include?(a) }
|
|
74
|
+
case auth
|
|
75
|
+
when 'aws.auth#sigv4', 'aws.auth#sigv4a'
|
|
76
|
+
auth_scheme = { 'name' => auth.split('#').last }
|
|
77
|
+
if s3_or_s3v4_signature_version?(context)
|
|
78
|
+
auth_scheme = auth_scheme.merge(
|
|
79
|
+
'disableDoubleEncoding' => true,
|
|
80
|
+
'disableNormalizePath' => true
|
|
81
|
+
)
|
|
82
|
+
end
|
|
83
|
+
merge_signing_defaults(auth_scheme, context.config)
|
|
84
|
+
when 'smithy.api#httpBearerAuth'
|
|
85
|
+
{ 'name' => 'bearer' }
|
|
86
|
+
when 'smithy.api#noAuth'
|
|
87
|
+
{ 'name' => 'none' }
|
|
88
|
+
else
|
|
89
|
+
raise 'No supported auth trait for this endpoint.'
|
|
90
|
+
end
|
|
91
|
+
else
|
|
92
|
+
legacy_default_auth_scheme(context)
|
|
93
|
+
end
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
def default_api_auth(context)
|
|
97
|
+
context.config.api.operation(context.operation_name)['auth'] ||
|
|
98
|
+
context.config.api.metadata['auth']
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
def s3_or_s3v4_signature_version?(context)
|
|
102
|
+
%w[s3 s3v4].include?(context.config.api.metadata['signatureVersion'])
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
# Legacy auth resolution - looks for deprecated signatureVersion
|
|
106
|
+
# and authType traits.
|
|
107
|
+
|
|
108
|
+
def legacy_default_auth_scheme(context)
|
|
109
|
+
case legacy_default_api_authtype(context)
|
|
38
110
|
when 'v4', 'v4-unsigned-body'
|
|
39
111
|
auth_scheme = { 'name' => 'sigv4' }
|
|
40
112
|
merge_signing_defaults(auth_scheme, context.config)
|
|
@@ -52,27 +124,11 @@ module Aws
|
|
|
52
124
|
end
|
|
53
125
|
end
|
|
54
126
|
|
|
55
|
-
def
|
|
56
|
-
if %w[sigv4 sigv4a].include?(auth_scheme['name'])
|
|
57
|
-
auth_scheme['signingName'] ||= sigv4_name(config)
|
|
58
|
-
if auth_scheme['name'] == 'sigv4a'
|
|
59
|
-
auth_scheme['signingRegionSet'] ||= ['*']
|
|
60
|
-
else
|
|
61
|
-
auth_scheme['signingRegion'] ||= config.region
|
|
62
|
-
end
|
|
63
|
-
end
|
|
64
|
-
auth_scheme
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
def default_api_authtype(context)
|
|
127
|
+
def legacy_default_api_authtype(context)
|
|
68
128
|
context.config.api.operation(context.operation_name)['authtype'] ||
|
|
69
129
|
context.config.api.metadata['signatureVersion']
|
|
70
130
|
end
|
|
71
131
|
|
|
72
|
-
def sigv4_name(config)
|
|
73
|
-
config.api.metadata['signingName'] ||
|
|
74
|
-
config.api.metadata['endpointPrefix']
|
|
75
|
-
end
|
|
76
132
|
end
|
|
77
133
|
end
|
|
78
134
|
end
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Aws
|
|
4
|
+
class ErrorHandler < Seahorse::Client::Handler
|
|
5
|
+
|
|
6
|
+
private
|
|
7
|
+
|
|
8
|
+
def error(context)
|
|
9
|
+
body = context.http_response.body_contents
|
|
10
|
+
if body.empty?
|
|
11
|
+
code, message, data = http_status_error(context)
|
|
12
|
+
else
|
|
13
|
+
code, message, data = extract_error(body, context)
|
|
14
|
+
end
|
|
15
|
+
build_error(context, code, message, data)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def build_error(context, code, message, data)
|
|
19
|
+
errors_module = context.client.class.errors_module
|
|
20
|
+
errors_module.error_class(code).new(context, message, data)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def http_status_error(context)
|
|
24
|
+
[http_status_error_code(context), '', EmptyStructure.new]
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def http_status_error_code(context)
|
|
28
|
+
status_code = context.http_response.status_code
|
|
29
|
+
{
|
|
30
|
+
302 => 'MovedTemporarily',
|
|
31
|
+
304 => 'NotModified',
|
|
32
|
+
400 => 'BadRequest',
|
|
33
|
+
403 => 'Forbidden',
|
|
34
|
+
404 => 'NotFound',
|
|
35
|
+
412 => 'PreconditionFailed',
|
|
36
|
+
413 => 'RequestEntityTooLarge',
|
|
37
|
+
}[status_code] || "Http#{status_code}Error"
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
end
|
|
41
|
+
end
|
data/lib/aws-sdk-core/errors.rb
CHANGED
|
@@ -12,7 +12,7 @@ module Aws
|
|
|
12
12
|
class ServiceError < RuntimeError
|
|
13
13
|
|
|
14
14
|
# @param [Seahorse::Client::RequestContext] context
|
|
15
|
-
# @param [String] message
|
|
15
|
+
# @param [String, nil] message
|
|
16
16
|
# @param [Aws::Structure] data
|
|
17
17
|
def initialize(context, message, data = Aws::EmptyStructure.new)
|
|
18
18
|
@code = self.class.code
|
|
@@ -34,7 +34,7 @@ module Aws
|
|
|
34
34
|
|
|
35
35
|
class << self
|
|
36
36
|
|
|
37
|
-
# @return [String]
|
|
37
|
+
# @return [String, nil]
|
|
38
38
|
attr_accessor :code
|
|
39
39
|
|
|
40
40
|
end
|
|
@@ -236,6 +236,15 @@ module Aws
|
|
|
236
236
|
end
|
|
237
237
|
end
|
|
238
238
|
|
|
239
|
+
# Raised when a client is constructed and the sigv4a region set is invalid.
|
|
240
|
+
# It is invalid when it is empty and/or contains empty strings.
|
|
241
|
+
class InvalidRegionSetError < ArgumentError
|
|
242
|
+
def initialize(*args)
|
|
243
|
+
msg = 'The provided sigv4a region set was empty or invalid.'
|
|
244
|
+
super(msg)
|
|
245
|
+
end
|
|
246
|
+
end
|
|
247
|
+
|
|
239
248
|
# Raised when a client is contsructed and the region is not valid.
|
|
240
249
|
class InvalidRegionError < ArgumentError
|
|
241
250
|
def initialize(*args)
|
|
@@ -6,7 +6,6 @@ module Aws
|
|
|
6
6
|
def initialize
|
|
7
7
|
@listeners = {}
|
|
8
8
|
@validate_event = true
|
|
9
|
-
@status = :sleep
|
|
10
9
|
@signal_queue = Queue.new
|
|
11
10
|
end
|
|
12
11
|
|
|
@@ -40,25 +39,10 @@ module Aws
|
|
|
40
39
|
Aws::ParamValidator.validate!(
|
|
41
40
|
@encoder.rules.shape.member(type), params)
|
|
42
41
|
end
|
|
43
|
-
_ready_for_events?
|
|
44
42
|
@stream.data(
|
|
45
43
|
@encoder.encode(type, params),
|
|
46
44
|
end_stream: type == :end_stream
|
|
47
45
|
)
|
|
48
46
|
end
|
|
49
|
-
|
|
50
|
-
private
|
|
51
|
-
|
|
52
|
-
def _ready_for_events?
|
|
53
|
-
return true if @status == :ready
|
|
54
|
-
|
|
55
|
-
# blocked until once initial 200 response is received
|
|
56
|
-
# signal will be available in @signal_queue
|
|
57
|
-
# and this check will no longer be blocked
|
|
58
|
-
@signal_queue.pop
|
|
59
|
-
@status = :ready
|
|
60
|
-
true
|
|
61
|
-
end
|
|
62
|
-
|
|
63
47
|
end
|
|
64
48
|
end
|