aws-sdk-core 3.185.1 → 3.214.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +409 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +1 -2
- data/lib/aws-defaults.rb +4 -1
- data/lib/aws-sdk-core/assume_role_credentials.rb +12 -5
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +13 -7
- data/lib/aws-sdk-core/binary/decode_handler.rb +3 -9
- data/lib/aws-sdk-core/binary/encode_handler.rb +1 -1
- data/lib/aws-sdk-core/binary/event_builder.rb +34 -37
- data/lib/aws-sdk-core/binary/event_stream_decoder.rb +1 -0
- data/lib/aws-sdk-core/binary/event_stream_encoder.rb +4 -3
- data/lib/aws-sdk-core/cbor/decoder.rb +310 -0
- data/lib/aws-sdk-core/cbor/encoder.rb +243 -0
- data/lib/aws-sdk-core/cbor.rb +53 -0
- data/lib/aws-sdk-core/client_side_monitoring.rb +9 -0
- data/lib/aws-sdk-core/client_stubs.rb +23 -19
- data/lib/aws-sdk-core/credential_provider.rb +1 -1
- data/lib/aws-sdk-core/credential_provider_chain.rb +13 -6
- data/lib/aws-sdk-core/credentials.rb +13 -6
- data/lib/aws-sdk-core/ec2_metadata.rb +1 -1
- data/lib/aws-sdk-core/ecs_credentials.rb +78 -11
- data/lib/aws-sdk-core/endpoints/endpoint.rb +3 -1
- data/lib/aws-sdk-core/endpoints/matchers.rb +6 -9
- data/lib/aws-sdk-core/endpoints.rb +74 -18
- data/lib/aws-sdk-core/error_handler.rb +41 -0
- data/lib/aws-sdk-core/errors.rb +11 -2
- data/lib/aws-sdk-core/event_emitter.rb +0 -16
- data/lib/aws-sdk-core/instance_profile_credentials.rb +55 -32
- data/lib/aws-sdk-core/json/builder.rb +8 -1
- data/lib/aws-sdk-core/json/error_handler.rb +17 -11
- data/lib/aws-sdk-core/json/handler.rb +13 -6
- data/lib/aws-sdk-core/json/json_engine.rb +3 -1
- data/lib/aws-sdk-core/json/oj_engine.rb +7 -1
- data/lib/aws-sdk-core/json/parser.rb +32 -2
- data/lib/aws-sdk-core/json.rb +43 -14
- data/lib/aws-sdk-core/log/param_filter.rb +2 -2
- data/lib/aws-sdk-core/log.rb +10 -0
- data/lib/aws-sdk-core/lru_cache.rb +75 -0
- data/lib/aws-sdk-core/pageable_response.rb +1 -1
- data/lib/aws-sdk-core/param_validator.rb +7 -2
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +2 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +6 -3
- data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +1 -0
- data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +14 -2
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +9 -3
- data/lib/aws-sdk-core/plugins/global_configuration.rb +8 -9
- data/lib/aws-sdk-core/plugins/http_checksum.rb +2 -1
- data/lib/aws-sdk-core/plugins/invocation_id.rb +1 -11
- data/lib/aws-sdk-core/plugins/logging.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +3 -1
- data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -24
- data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +6 -8
- data/lib/aws-sdk-core/plugins/protocols/query.rb +4 -2
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +3 -15
- data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +3 -0
- data/lib/aws-sdk-core/plugins/protocols/rpc_v2.rb +17 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +74 -25
- data/lib/aws-sdk-core/plugins/request_compression.rb +11 -2
- data/lib/aws-sdk-core/plugins/retry_errors.rb +12 -3
- data/lib/aws-sdk-core/plugins/sign.rb +27 -15
- data/lib/aws-sdk-core/plugins/signature_v2.rb +2 -1
- data/lib/aws-sdk-core/plugins/signature_v4.rb +2 -1
- data/lib/aws-sdk-core/plugins/stub_responses.rb +30 -2
- data/lib/aws-sdk-core/plugins/telemetry.rb +75 -0
- data/lib/aws-sdk-core/plugins/transfer_encoding.rb +16 -9
- data/lib/aws-sdk-core/plugins/user_agent.rb +70 -26
- data/lib/aws-sdk-core/plugins.rb +39 -0
- data/lib/aws-sdk-core/process_credentials.rb +47 -28
- data/lib/aws-sdk-core/query/ec2_handler.rb +27 -0
- data/lib/aws-sdk-core/query/ec2_param_builder.rb +5 -7
- data/lib/aws-sdk-core/query/handler.rb +4 -4
- data/lib/aws-sdk-core/query/param_builder.rb +2 -2
- data/lib/aws-sdk-core/query.rb +2 -1
- data/lib/aws-sdk-core/refreshing_credentials.rb +12 -6
- data/lib/aws-sdk-core/resources.rb +8 -0
- data/lib/aws-sdk-core/rest/content_type_handler.rb +60 -0
- data/lib/aws-sdk-core/rest/handler.rb +3 -4
- data/lib/aws-sdk-core/rest/request/body.rb +32 -5
- data/lib/aws-sdk-core/rest/request/endpoint.rb +24 -4
- data/lib/aws-sdk-core/rest/request/headers.rb +14 -6
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +62 -36
- data/lib/aws-sdk-core/rest/response/body.rb +15 -1
- data/lib/aws-sdk-core/rest/response/header_list_parser.rb +79 -0
- data/lib/aws-sdk-core/rest/response/headers.rb +8 -3
- data/lib/aws-sdk-core/rest.rb +1 -0
- data/lib/aws-sdk-core/rpc_v2/builder.rb +62 -0
- data/lib/aws-sdk-core/rpc_v2/cbor_engine.rb +18 -0
- data/lib/aws-sdk-core/rpc_v2/content_type_handler.rb +47 -0
- data/lib/aws-sdk-core/rpc_v2/error_handler.rb +85 -0
- data/lib/aws-sdk-core/rpc_v2/handler.rb +79 -0
- data/lib/aws-sdk-core/rpc_v2/parser.rb +90 -0
- data/lib/aws-sdk-core/rpc_v2.rb +69 -0
- data/lib/aws-sdk-core/shared_config.rb +7 -2
- data/lib/aws-sdk-core/shared_credentials.rb +0 -7
- data/lib/aws-sdk-core/sso_credentials.rb +2 -1
- data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +12 -11
- data/lib/aws-sdk-core/stubbing/protocols/json.rb +11 -10
- data/lib/aws-sdk-core/stubbing/protocols/query.rb +7 -6
- data/lib/aws-sdk-core/stubbing/protocols/rest.rb +2 -1
- data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +9 -8
- data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +6 -5
- data/lib/aws-sdk-core/stubbing/protocols/rpc_v2.rb +39 -0
- data/lib/aws-sdk-core/stubbing.rb +22 -0
- data/lib/aws-sdk-core/telemetry/base.rb +177 -0
- data/lib/aws-sdk-core/telemetry/no_op.rb +70 -0
- data/lib/aws-sdk-core/telemetry/otel.rb +235 -0
- data/lib/aws-sdk-core/telemetry/span_kind.rb +22 -0
- data/lib/aws-sdk-core/telemetry/span_status.rb +59 -0
- data/lib/aws-sdk-core/telemetry.rb +78 -0
- data/lib/aws-sdk-core/util.rb +39 -0
- data/lib/aws-sdk-core/waiters/poller.rb +10 -5
- data/lib/aws-sdk-core/xml/builder.rb +17 -9
- data/lib/aws-sdk-core/xml/error_handler.rb +32 -42
- data/lib/aws-sdk-core/xml/parser/frame.rb +4 -20
- data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
- data/lib/aws-sdk-core/xml/parser.rb +2 -6
- data/lib/aws-sdk-core.rb +82 -107
- data/lib/aws-sdk-sso/client.rb +119 -55
- data/lib/aws-sdk-sso/client_api.rb +7 -0
- data/lib/aws-sdk-sso/endpoint_parameters.rb +9 -6
- data/lib/aws-sdk-sso/endpoints.rb +2 -54
- data/lib/aws-sdk-sso/plugins/endpoints.rb +23 -22
- data/lib/aws-sdk-sso/types.rb +1 -0
- data/lib/aws-sdk-sso.rb +15 -11
- data/lib/aws-sdk-ssooidc/client.rb +504 -83
- data/lib/aws-sdk-ssooidc/client_api.rb +83 -1
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +9 -6
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +2 -2
- data/lib/aws-sdk-ssooidc/endpoints.rb +2 -40
- data/lib/aws-sdk-ssooidc/errors.rb +52 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +23 -20
- data/lib/aws-sdk-ssooidc/types.rb +373 -51
- data/lib/aws-sdk-ssooidc.rb +15 -11
- data/lib/aws-sdk-sts/client.rb +334 -105
- data/lib/aws-sdk-sts/client_api.rb +36 -10
- data/lib/aws-sdk-sts/customizations.rb +5 -1
- data/lib/aws-sdk-sts/endpoint_parameters.rb +10 -9
- data/lib/aws-sdk-sts/endpoint_provider.rb +2 -2
- data/lib/aws-sdk-sts/endpoints.rb +2 -118
- data/lib/aws-sdk-sts/plugins/endpoints.rb +23 -30
- data/lib/aws-sdk-sts/presigner.rb +1 -1
- data/lib/aws-sdk-sts/types.rb +188 -30
- data/lib/aws-sdk-sts.rb +15 -11
- data/lib/seahorse/client/async_base.rb +1 -1
- data/lib/seahorse/client/async_response.rb +19 -0
- data/lib/seahorse/client/base.rb +18 -7
- data/lib/seahorse/client/h2/handler.rb +14 -3
- data/lib/seahorse/client/handler.rb +1 -1
- data/lib/seahorse/client/net_http/connection_pool.rb +11 -11
- data/lib/seahorse/client/net_http/handler.rb +21 -9
- data/lib/seahorse/client/net_http/patches.rb +1 -4
- data/lib/seahorse/client/plugin.rb +9 -0
- data/lib/seahorse/client/plugins/endpoint.rb +0 -1
- data/lib/seahorse/client/plugins/h2.rb +3 -3
- data/lib/seahorse/client/plugins/net_http.rb +57 -16
- data/lib/seahorse/client/request_context.rb +8 -1
- data/lib/seahorse/model/shapes.rb +2 -2
- data/sig/aws-sdk-core/client_stubs.rbs +10 -0
- data/sig/aws-sdk-core/errors.rbs +22 -0
- data/sig/aws-sdk-core/resources/collection.rbs +21 -0
- data/sig/aws-sdk-core/structure.rbs +4 -0
- data/sig/aws-sdk-core/telemetry/base.rbs +46 -0
- data/sig/aws-sdk-core/telemetry/otel.rbs +22 -0
- data/sig/aws-sdk-core/telemetry/span_kind.rbs +15 -0
- data/sig/aws-sdk-core/telemetry/span_status.rbs +24 -0
- data/sig/aws-sdk-core/waiters/errors.rbs +20 -0
- data/sig/aws-sdk-core.rbs +7 -0
- data/sig/seahorse/client/base.rbs +25 -0
- data/sig/seahorse/client/handler_builder.rbs +16 -0
- data/sig/seahorse/client/response.rbs +61 -0
- metadata +61 -19
- /data/lib/aws-sdk-core/xml/parser/{engines/libxml.rb → libxml_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/nokogiri.rb → nokogiri_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/oga.rb → oga_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/ox.rb → ox_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/rexml.rb → rexml_engine.rb} +0 -0
|
@@ -13,8 +13,7 @@ module Aws
|
|
|
13
13
|
option(:sigv4_region)
|
|
14
14
|
option(:unsigned_operations, default: [])
|
|
15
15
|
|
|
16
|
-
supported_auth_types = %w[sigv4 bearer none]
|
|
17
|
-
supported_auth_types += ['sigv4a'] if Aws::Sigv4::Signer.use_crt?
|
|
16
|
+
supported_auth_types = %w[sigv4 bearer sigv4-s3express sigv4a none]
|
|
18
17
|
SUPPORTED_AUTH_TYPES = supported_auth_types.freeze
|
|
19
18
|
|
|
20
19
|
def add_handlers(handlers, cfg)
|
|
@@ -24,10 +23,14 @@ module Aws
|
|
|
24
23
|
|
|
25
24
|
# @api private
|
|
26
25
|
# Return a signer with the `sign(context)` method
|
|
27
|
-
def self.signer_for(auth_scheme, config,
|
|
26
|
+
def self.signer_for(auth_scheme, config, sigv4_region_override = nil, sigv4_credentials_override = nil)
|
|
28
27
|
case auth_scheme['name']
|
|
29
|
-
when 'sigv4', 'sigv4a'
|
|
30
|
-
|
|
28
|
+
when 'sigv4', 'sigv4a', 'sigv4-s3express'
|
|
29
|
+
sigv4_overrides = {
|
|
30
|
+
region: sigv4_region_override,
|
|
31
|
+
credentials: sigv4_credentials_override
|
|
32
|
+
}
|
|
33
|
+
SignatureV4.new(auth_scheme, config, sigv4_overrides)
|
|
31
34
|
when 'bearer'
|
|
32
35
|
Bearer.new
|
|
33
36
|
else
|
|
@@ -42,7 +45,8 @@ module Aws
|
|
|
42
45
|
signer = Sign.signer_for(
|
|
43
46
|
context[:auth_scheme],
|
|
44
47
|
context.config,
|
|
45
|
-
context[:sigv4_region]
|
|
48
|
+
context[:sigv4_region],
|
|
49
|
+
context[:sigv4_credentials]
|
|
46
50
|
)
|
|
47
51
|
signer.sign(context)
|
|
48
52
|
end
|
|
@@ -88,24 +92,24 @@ module Aws
|
|
|
88
92
|
|
|
89
93
|
# @api private
|
|
90
94
|
class SignatureV4
|
|
91
|
-
def initialize(auth_scheme, config,
|
|
95
|
+
def initialize(auth_scheme, config, sigv4_overrides = {})
|
|
92
96
|
scheme_name = auth_scheme['name']
|
|
93
97
|
|
|
94
|
-
unless %w[sigv4 sigv4a].include?(scheme_name)
|
|
98
|
+
unless %w[sigv4 sigv4a sigv4-s3express].include?(scheme_name)
|
|
95
99
|
raise ArgumentError,
|
|
96
|
-
"Expected sigv4 or
|
|
100
|
+
"Expected sigv4, sigv4a, or sigv4-s3express auth scheme, got #{scheme_name}"
|
|
97
101
|
end
|
|
98
102
|
|
|
99
103
|
region = if scheme_name == 'sigv4a'
|
|
100
|
-
auth_scheme['signingRegionSet'].
|
|
104
|
+
auth_scheme['signingRegionSet'].join(',')
|
|
101
105
|
else
|
|
102
106
|
auth_scheme['signingRegion']
|
|
103
107
|
end
|
|
104
108
|
begin
|
|
105
|
-
@signer = Aws::Sigv4::Signer.new(
|
|
109
|
+
@signer = config.sigv4_signer || Aws::Sigv4::Signer.new(
|
|
106
110
|
service: config.sigv4_name || auth_scheme['signingName'],
|
|
107
|
-
region:
|
|
108
|
-
credentials_provider: config.credentials,
|
|
111
|
+
region: sigv4_overrides[:region] || config.sigv4_region || region,
|
|
112
|
+
credentials_provider: sigv4_overrides[:credentials] || config.credentials,
|
|
109
113
|
signing_algorithm: scheme_name.to_sym,
|
|
110
114
|
uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
|
|
111
115
|
normalize_path: !!!auth_scheme['disableNormalizePath'],
|
|
@@ -154,12 +158,20 @@ module Aws
|
|
|
154
158
|
private
|
|
155
159
|
|
|
156
160
|
def apply_authtype(context, req)
|
|
157
|
-
|
|
158
|
-
|
|
161
|
+
# only used for event streaming at input
|
|
162
|
+
if context[:input_event_emitter]
|
|
163
|
+
req.headers['X-Amz-Content-Sha256'] = 'STREAMING-AWS4-HMAC-SHA256-EVENTS'
|
|
164
|
+
elsif unsigned_payload?(context, req)
|
|
159
165
|
req.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
|
|
160
166
|
end
|
|
161
167
|
end
|
|
162
168
|
|
|
169
|
+
def unsigned_payload?(context, req)
|
|
170
|
+
(context.operation['unsignedPayload'] ||
|
|
171
|
+
context.operation['authtype'] == 'v4-unsigned-body') &&
|
|
172
|
+
req.endpoint.scheme == 'https'
|
|
173
|
+
end
|
|
174
|
+
|
|
163
175
|
def reset_signature(req)
|
|
164
176
|
# in case this request is being re-signed
|
|
165
177
|
req.headers.delete('Authorization')
|
|
@@ -3,7 +3,8 @@
|
|
|
3
3
|
module Aws
|
|
4
4
|
module Plugins
|
|
5
5
|
# @api private
|
|
6
|
-
#
|
|
6
|
+
# Deprecated - does not look at new traits like `auth` and `unsignedPayload`
|
|
7
|
+
# Necessary to exist after endpoints 2.0 for old service clients + new core
|
|
7
8
|
class SignatureV2 < Seahorse::Client::Plugin
|
|
8
9
|
|
|
9
10
|
option(:v2_signer) do |cfg|
|
|
@@ -5,7 +5,8 @@ require 'aws-sigv4'
|
|
|
5
5
|
module Aws
|
|
6
6
|
module Plugins
|
|
7
7
|
# @api private
|
|
8
|
-
#
|
|
8
|
+
# Deprecated - does not look at new traits like `auth` and `unsignedPayload`
|
|
9
|
+
# Necessary to exist after endpoints 2.0 for old service clients + new core
|
|
9
10
|
class SignatureV4 < Seahorse::Client::Plugin
|
|
10
11
|
|
|
11
12
|
V4_AUTH = %w[v4 v4-unsigned-payload v4-unsigned-body]
|
|
@@ -8,6 +8,7 @@ module Aws
|
|
|
8
8
|
option(:stub_responses,
|
|
9
9
|
default: false,
|
|
10
10
|
doc_type: 'Boolean',
|
|
11
|
+
rbs_type: 'untyped',
|
|
11
12
|
docstring: <<-DOCS)
|
|
12
13
|
Causes the client to return stubbed responses. By default
|
|
13
14
|
fake responses are generated and returned. You can specify
|
|
@@ -48,6 +49,14 @@ requests are made, and retries are disabled.
|
|
|
48
49
|
class Handler < Seahorse::Client::Handler
|
|
49
50
|
|
|
50
51
|
def call(context)
|
|
52
|
+
span_wrapper(context) do
|
|
53
|
+
stub_responses(context)
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
private
|
|
58
|
+
|
|
59
|
+
def stub_responses(context)
|
|
51
60
|
stub = context.client.next_stub(context)
|
|
52
61
|
resp = Seahorse::Client::Response.new(context: context)
|
|
53
62
|
async_mode = context.client.is_a? Seahorse::Client::AsyncBase
|
|
@@ -57,8 +66,15 @@ requests are made, and retries are disabled.
|
|
|
57
66
|
apply_stub(stub, resp, async_mode)
|
|
58
67
|
end
|
|
59
68
|
|
|
60
|
-
async_mode
|
|
61
|
-
|
|
69
|
+
if async_mode
|
|
70
|
+
Seahorse::Client::AsyncResponse.new(
|
|
71
|
+
context: context,
|
|
72
|
+
stream: context[:input_event_stream_handler].event_emitter.stream,
|
|
73
|
+
sync_queue: Queue.new
|
|
74
|
+
)
|
|
75
|
+
else
|
|
76
|
+
resp
|
|
77
|
+
end
|
|
62
78
|
end
|
|
63
79
|
|
|
64
80
|
def apply_stub(stub, response, async_mode = false)
|
|
@@ -98,6 +114,18 @@ requests are made, and retries are disabled.
|
|
|
98
114
|
http_resp.signal_done
|
|
99
115
|
end
|
|
100
116
|
|
|
117
|
+
def span_wrapper(context, &block)
|
|
118
|
+
context.tracer.in_span(
|
|
119
|
+
'Handler.StubResponses',
|
|
120
|
+
attributes: Aws::Telemetry.http_request_attrs(context)
|
|
121
|
+
) do |span|
|
|
122
|
+
block.call.tap do
|
|
123
|
+
span.add_attributes(
|
|
124
|
+
Aws::Telemetry.http_response_attrs(context)
|
|
125
|
+
)
|
|
126
|
+
end
|
|
127
|
+
end
|
|
128
|
+
end
|
|
101
129
|
end
|
|
102
130
|
end
|
|
103
131
|
end
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Aws
|
|
4
|
+
module Plugins
|
|
5
|
+
# @api private
|
|
6
|
+
class Telemetry < Seahorse::Client::Plugin
|
|
7
|
+
option(
|
|
8
|
+
:telemetry_provider,
|
|
9
|
+
default: Aws::Telemetry::NoOpTelemetryProvider,
|
|
10
|
+
doc_type: Aws::Telemetry::TelemetryProviderBase,
|
|
11
|
+
rbs_type: Aws::Telemetry::TelemetryProviderBase,
|
|
12
|
+
docstring: <<-DOCS) do |_cfg|
|
|
13
|
+
Allows you to provide a telemetry provider, which is used to
|
|
14
|
+
emit telemetry data. By default, uses `NoOpTelemetryProvider` which
|
|
15
|
+
will not record or emit any telemetry data. The SDK supports the
|
|
16
|
+
following telemetry providers:
|
|
17
|
+
|
|
18
|
+
* OpenTelemetry (OTel) - To use the OTel provider, install and require the
|
|
19
|
+
`opentelemetry-sdk` gem and then, pass in an instance of a
|
|
20
|
+
`Aws::Telemetry::OTelProvider` for telemetry provider.
|
|
21
|
+
DOCS
|
|
22
|
+
Aws::Telemetry::NoOpTelemetryProvider.new
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def after_initialize(client)
|
|
26
|
+
validate_telemetry_provider(client.config)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def validate_telemetry_provider(config)
|
|
30
|
+
unless config.telemetry_provider.is_a?(Aws::Telemetry::TelemetryProviderBase)
|
|
31
|
+
raise ArgumentError,
|
|
32
|
+
'Must provide a telemetry provider for the '\
|
|
33
|
+
'`telemetry_provider` configuration option.'
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
class Handler < Seahorse::Client::Handler
|
|
38
|
+
def call(context)
|
|
39
|
+
span_wrapper(context) { @handler.call(context) }
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
private
|
|
43
|
+
|
|
44
|
+
def span_wrapper(context, &block)
|
|
45
|
+
service_id = service_id(context)
|
|
46
|
+
attributes = {
|
|
47
|
+
'rpc.system' => 'aws-api',
|
|
48
|
+
'rpc.service' => service_id,
|
|
49
|
+
'rpc.method' => context.operation.name,
|
|
50
|
+
'code.function' => context.operation_name.to_s,
|
|
51
|
+
'code.namespace' => 'Aws::Plugins::Telemetry'
|
|
52
|
+
}
|
|
53
|
+
context.tracer.in_span(
|
|
54
|
+
parent_span_name(context, service_id),
|
|
55
|
+
attributes: attributes,
|
|
56
|
+
kind: Aws::Telemetry::SpanKind::CLIENT,
|
|
57
|
+
&block
|
|
58
|
+
)
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def service_id(context)
|
|
62
|
+
context.config.api.metadata['serviceId'] ||
|
|
63
|
+
context.config.api.metadata['serviceAbbreviation'] ||
|
|
64
|
+
context.config.api.metadata['serviceFullName']
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def parent_span_name(context, service_id)
|
|
68
|
+
"#{service_id}.#{context.operation.name}".delete(' ')
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
handler(Handler, step: :initialize, priority: 99)
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
|
@@ -5,7 +5,8 @@ module Aws
|
|
|
5
5
|
|
|
6
6
|
# For Streaming Input Operations, when `requiresLength` is enabled
|
|
7
7
|
# checking whether `Content-Length` header can be set,
|
|
8
|
-
# for `v4-unsigned-body` operations,
|
|
8
|
+
# for `unsignedPayload` and `v4-unsigned-body` operations,
|
|
9
|
+
# set `Transfer-Encoding` header.
|
|
9
10
|
class TransferEncoding < Seahorse::Client::Plugin
|
|
10
11
|
|
|
11
12
|
# @api private
|
|
@@ -16,8 +17,8 @@ module Aws
|
|
|
16
17
|
unless context.http_request.body.respond_to?(:size)
|
|
17
18
|
if requires_length?(context.operation.input)
|
|
18
19
|
# if size of the IO is not available but required
|
|
19
|
-
raise Aws::Errors::MissingContentLength
|
|
20
|
-
elsif context.operation
|
|
20
|
+
raise Aws::Errors::MissingContentLength
|
|
21
|
+
elsif unsigned_payload?(context.operation)
|
|
21
22
|
context.http_request.headers['Transfer-Encoding'] = 'chunked'
|
|
22
23
|
end
|
|
23
24
|
end
|
|
@@ -29,18 +30,24 @@ module Aws
|
|
|
29
30
|
private
|
|
30
31
|
|
|
31
32
|
def streaming?(ref)
|
|
32
|
-
if payload = ref[:payload_member]
|
|
33
|
-
payload[
|
|
34
|
-
payload.shape["streaming"]
|
|
33
|
+
if (payload = ref[:payload_member])
|
|
34
|
+
payload['streaming'] || payload.shape['streaming']
|
|
35
35
|
else
|
|
36
36
|
false
|
|
37
37
|
end
|
|
38
38
|
end
|
|
39
39
|
|
|
40
|
+
def unsigned_payload?(operation)
|
|
41
|
+
operation['unsignedPayload'] ||
|
|
42
|
+
operation['authtype'] == 'v4-unsigned-body'
|
|
43
|
+
end
|
|
44
|
+
|
|
40
45
|
def requires_length?(ref)
|
|
41
|
-
payload = ref[:payload_member]
|
|
42
|
-
|
|
43
|
-
|
|
46
|
+
if (payload = ref[:payload_member])
|
|
47
|
+
payload['requiresLength'] || payload.shape['requiresLength']
|
|
48
|
+
else
|
|
49
|
+
false
|
|
50
|
+
end
|
|
44
51
|
end
|
|
45
52
|
|
|
46
53
|
end
|
|
@@ -4,6 +4,31 @@ module Aws
|
|
|
4
4
|
module Plugins
|
|
5
5
|
# @api private
|
|
6
6
|
class UserAgent < Seahorse::Client::Plugin
|
|
7
|
+
METRICS = Aws::Json.load(<<-METRICS)
|
|
8
|
+
{
|
|
9
|
+
"RESOURCE_MODEL": "A",
|
|
10
|
+
"WAITER": "B",
|
|
11
|
+
"PAGINATOR": "C",
|
|
12
|
+
"RETRY_MODE_LEGACY": "D",
|
|
13
|
+
"RETRY_MODE_STANDARD": "E",
|
|
14
|
+
"RETRY_MODE_ADAPTIVE": "F",
|
|
15
|
+
"S3_TRANSFER": "G",
|
|
16
|
+
"S3_CRYPTO_V1N": "H",
|
|
17
|
+
"S3_CRYPTO_V2": "I",
|
|
18
|
+
"S3_EXPRESS_BUCKET": "J",
|
|
19
|
+
"S3_ACCESS_GRANTS": "K",
|
|
20
|
+
"GZIP_REQUEST_COMPRESSION": "L",
|
|
21
|
+
"PROTOCOL_RPC_V2_CBOR": "M",
|
|
22
|
+
"ENDPOINT_OVERRIDE": "N",
|
|
23
|
+
"ACCOUNT_ID_ENDPOINT": "O",
|
|
24
|
+
"ACCOUNT_ID_MODE_PREFERRED": "P",
|
|
25
|
+
"ACCOUNT_ID_MODE_DISABLED": "Q",
|
|
26
|
+
"ACCOUNT_ID_MODE_REQUIRED": "R",
|
|
27
|
+
"SIGV4A_SIGNING": "S",
|
|
28
|
+
"RESOLVED_ACCOUNT_ID": "T"
|
|
29
|
+
}
|
|
30
|
+
METRICS
|
|
31
|
+
|
|
7
32
|
# @api private
|
|
8
33
|
option(:user_agent_suffix)
|
|
9
34
|
# @api private
|
|
@@ -14,20 +39,27 @@ module Aws
|
|
|
14
39
|
doc_type: 'String',
|
|
15
40
|
docstring: <<-DOCS) do |cfg|
|
|
16
41
|
A unique and opaque application ID that is appended to the
|
|
17
|
-
User-Agent header as app
|
|
18
|
-
maximum length of 50.
|
|
42
|
+
User-Agent header as app/sdk_ua_app_id. It should have a
|
|
43
|
+
maximum length of 50. This variable is sourced from environment
|
|
44
|
+
variable AWS_SDK_UA_APP_ID or the shared config profile attribute sdk_ua_app_id.
|
|
19
45
|
DOCS
|
|
20
46
|
app_id = ENV['AWS_SDK_UA_APP_ID']
|
|
21
47
|
app_id ||= Aws.shared_config.sdk_ua_app_id(profile: cfg.profile)
|
|
22
48
|
app_id
|
|
23
49
|
end
|
|
24
50
|
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
51
|
+
# Deprecated - must exist for old service gems
|
|
52
|
+
def self.feature(_feature, &block)
|
|
53
|
+
block.call
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
def self.metric(*metrics, &block)
|
|
57
|
+
Thread.current[:aws_sdk_core_user_agent_metric] ||= []
|
|
58
|
+
metrics = metrics.map { |metric| METRICS[metric] }.compact
|
|
59
|
+
Thread.current[:aws_sdk_core_user_agent_metric].concat(metrics)
|
|
28
60
|
block.call
|
|
29
61
|
ensure
|
|
30
|
-
Thread.current[:
|
|
62
|
+
Thread.current[:aws_sdk_core_user_agent_metric].pop(metrics.size)
|
|
31
63
|
end
|
|
32
64
|
|
|
33
65
|
# @api private
|
|
@@ -48,15 +80,24 @@ maximum length of 50.
|
|
|
48
80
|
|
|
49
81
|
def to_s
|
|
50
82
|
ua = "aws-sdk-ruby3/#{CORE_GEM_VERSION}"
|
|
51
|
-
ua += ' ua/2.
|
|
52
|
-
|
|
83
|
+
ua += ' ua/2.1'
|
|
84
|
+
if (api_m = api_metadata)
|
|
85
|
+
ua += " #{api_m}"
|
|
86
|
+
end
|
|
53
87
|
ua += " #{os_metadata}"
|
|
54
88
|
ua += " #{language_metadata}"
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
89
|
+
if (env_m = env_metadata)
|
|
90
|
+
ua += " #{env_m}"
|
|
91
|
+
end
|
|
92
|
+
if (app_id_m = app_id_metadata)
|
|
93
|
+
ua += " #{app_id_m}"
|
|
94
|
+
end
|
|
95
|
+
if (framework_m = framework_metadata)
|
|
96
|
+
ua += " #{framework_m}"
|
|
97
|
+
end
|
|
98
|
+
if (metric_m = metric_metadata)
|
|
99
|
+
ua += " #{metric_m}"
|
|
100
|
+
end
|
|
60
101
|
if @context.config.user_agent_suffix
|
|
61
102
|
ua += " #{@context.config.user_agent_suffix}"
|
|
62
103
|
end
|
|
@@ -92,7 +133,6 @@ maximum length of 50.
|
|
|
92
133
|
local_version = Gem::Platform.local.version
|
|
93
134
|
metadata += "##{local_version}" if local_version
|
|
94
135
|
metadata += " md/#{RbConfig::CONFIG['host_cpu']}"
|
|
95
|
-
metadata
|
|
96
136
|
end
|
|
97
137
|
|
|
98
138
|
# Used to be RUBY_ENGINE/RUBY_VERSION
|
|
@@ -106,11 +146,7 @@ maximum length of 50.
|
|
|
106
146
|
"exec-env/#{execution_env}"
|
|
107
147
|
end
|
|
108
148
|
|
|
109
|
-
def
|
|
110
|
-
"cfg/retry-mode##{@context.config.retry_mode}"
|
|
111
|
-
end
|
|
112
|
-
|
|
113
|
-
def app_id
|
|
149
|
+
def app_id_metadata
|
|
114
150
|
return unless (app_id = @context.config.sdk_ua_app_id)
|
|
115
151
|
|
|
116
152
|
# Sanitize and only allow these characters
|
|
@@ -118,12 +154,6 @@ maximum length of 50.
|
|
|
118
154
|
"app/#{app_id}"
|
|
119
155
|
end
|
|
120
156
|
|
|
121
|
-
def feature_metadata
|
|
122
|
-
return unless Thread.current[:aws_sdk_core_user_agent_feature]
|
|
123
|
-
|
|
124
|
-
Thread.current[:aws_sdk_core_user_agent_feature].join(' ')
|
|
125
|
-
end
|
|
126
|
-
|
|
127
157
|
def framework_metadata
|
|
128
158
|
if (frameworks_cfg = @context.config.user_agent_frameworks).empty?
|
|
129
159
|
return
|
|
@@ -140,10 +170,24 @@ maximum length of 50.
|
|
|
140
170
|
end
|
|
141
171
|
frameworks.map { |n, v| "lib/#{n}##{v}" }.join(' ')
|
|
142
172
|
end
|
|
173
|
+
|
|
174
|
+
def metric_metadata
|
|
175
|
+
if Thread.current[:aws_sdk_core_user_agent_metric].nil? ||
|
|
176
|
+
Thread.current[:aws_sdk_core_user_agent_metric].empty?
|
|
177
|
+
return
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
metrics = Thread.current[:aws_sdk_core_user_agent_metric].join(',')
|
|
181
|
+
# Metric metadata is limited to 1024 bytes
|
|
182
|
+
return "m/#{metrics}" if metrics.bytesize <= 1024
|
|
183
|
+
|
|
184
|
+
# Removes the last unfinished metric
|
|
185
|
+
"m/#{metrics[0...metrics[0..1024].rindex(',')]}"
|
|
186
|
+
end
|
|
143
187
|
end
|
|
144
188
|
end
|
|
145
189
|
|
|
146
|
-
handler(Handler, priority:
|
|
190
|
+
handler(Handler, step: :sign, priority: 97)
|
|
147
191
|
end
|
|
148
192
|
end
|
|
149
193
|
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Aws
|
|
4
|
+
# setup autoloading for Plugins
|
|
5
|
+
# Most plugins are required explicitly from service clients
|
|
6
|
+
# but users may reference them outside of client usage.
|
|
7
|
+
module Plugins
|
|
8
|
+
autoload :ApiKey, 'aws-sdk-core/plugins/api_key'
|
|
9
|
+
autoload :BearerAuthorization, 'aws-sdk-core/plugins/bearer_authorization'
|
|
10
|
+
autoload :ChecksumAlgorithm, 'aws-sdk-core/plugins/checksum_algorithm'
|
|
11
|
+
autoload :ClientMetricsPlugin, 'aws-sdk-core/plugins/client_metrics_plugin'
|
|
12
|
+
autoload :ClientMetricsSendPlugin, 'aws-sdk-core/plugins/client_metrics_send_plugin'
|
|
13
|
+
autoload :CredentialsConfiguration, 'aws-sdk-core/plugins/credentials_configuration'
|
|
14
|
+
autoload :DefaultsMode, 'aws-sdk-core/plugins/defaults_mode'
|
|
15
|
+
autoload :EndpointDiscovery, 'aws-sdk-core/plugins/endpoint_discovery'
|
|
16
|
+
autoload :EndpointPattern, 'aws-sdk-core/plugins/endpoint_pattern'
|
|
17
|
+
autoload :EventStreamConfiguration, 'aws-sdk-core/plugins/event_stream_configuration'
|
|
18
|
+
autoload :GlobalConfiguration, 'aws-sdk-core/plugins/global_configuration'
|
|
19
|
+
autoload :HelpfulSocketErrors, 'aws-sdk-core/plugins/helpful_socket_errors'
|
|
20
|
+
autoload :HttpChecksum, 'aws-sdk-core/plugins/http_checksum'
|
|
21
|
+
autoload :IdempotencyToken, 'aws-sdk-core/plugins/idempotency_token'
|
|
22
|
+
autoload :InvocationId, 'aws-sdk-core/plugins/invocation_id'
|
|
23
|
+
autoload :JsonvalueConverter, 'aws-sdk-core/plugins/jsonvalue_converter'
|
|
24
|
+
autoload :Logging, 'aws-sdk-core/plugins/logging'
|
|
25
|
+
autoload :ParamConverter, 'aws-sdk-core/plugins/param_converter'
|
|
26
|
+
autoload :ParamValidator, 'aws-sdk-core/plugins/param_validator'
|
|
27
|
+
autoload :RecursionDetection, 'aws-sdk-core/plugins/recursion_detection'
|
|
28
|
+
autoload :RegionalEndpoint, 'aws-sdk-core/plugins/regional_endpoint'
|
|
29
|
+
autoload :RequestCompression, 'aws-sdk-core/plugins/request_compression'
|
|
30
|
+
autoload :ResponsePaging, 'aws-sdk-core/plugins/response_paging'
|
|
31
|
+
autoload :RetryErrors, 'aws-sdk-core/plugins/retry_errors'
|
|
32
|
+
autoload :Sign, 'aws-sdk-core/plugins/sign'
|
|
33
|
+
autoload :SignatureV4, 'aws-sdk-core/plugins/signature_v4'
|
|
34
|
+
autoload :StubResponses, 'aws-sdk-core/plugins/stub_responses'
|
|
35
|
+
autoload :Telemetry, 'aws-sdk-core/plugins/telemetry'
|
|
36
|
+
autoload :TransferEncoding, 'aws-sdk-core/plugins/transfer_encoding'
|
|
37
|
+
autoload :UserAgent, 'aws-sdk-core/plugins/user_agent'
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -2,9 +2,15 @@
|
|
|
2
2
|
|
|
3
3
|
module Aws
|
|
4
4
|
# A credential provider that executes a given process and attempts
|
|
5
|
-
# to read its stdout to
|
|
5
|
+
# to read its stdout to receive a JSON payload containing the credentials.
|
|
6
6
|
#
|
|
7
|
-
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc')
|
|
7
|
+
# credentials = Aws::ProcessCredentials.new(['/usr/bin/credential_proc'])
|
|
8
|
+
# ec2 = Aws::EC2::Client.new(credentials: credentials)
|
|
9
|
+
#
|
|
10
|
+
# Arguments should be provided as strings in the array, for example:
|
|
11
|
+
#
|
|
12
|
+
# process = ['/usr/bin/credential_proc', 'arg1', 'arg2']
|
|
13
|
+
# credentials = Aws::ProcessCredentials.new(process)
|
|
8
14
|
# ec2 = Aws::EC2::Client.new(credentials: credentials)
|
|
9
15
|
#
|
|
10
16
|
# Automatically handles refreshing credentials if an Expiration time is
|
|
@@ -19,56 +25,69 @@ module Aws
|
|
|
19
25
|
# Creates a new ProcessCredentials object, which allows an
|
|
20
26
|
# external process to be used as a credential provider.
|
|
21
27
|
#
|
|
22
|
-
# @param [String] process
|
|
23
|
-
#
|
|
28
|
+
# @param [Array<String>, String] process An array of strings including
|
|
29
|
+
# the process name and its arguments to execute, or a single string to be
|
|
30
|
+
# executed by the shell (deprecated and insecure).
|
|
24
31
|
def initialize(process)
|
|
32
|
+
if process.is_a?(String)
|
|
33
|
+
warn('Passing a single string to Aws::ProcessCredentials.new '\
|
|
34
|
+
'is insecure, please use use an array of system arguments instead')
|
|
35
|
+
end
|
|
25
36
|
@process = process
|
|
26
|
-
@credentials = credentials_from_process
|
|
37
|
+
@credentials = credentials_from_process
|
|
27
38
|
@async_refresh = false
|
|
28
39
|
|
|
29
40
|
super
|
|
30
41
|
end
|
|
31
42
|
|
|
32
43
|
private
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
44
|
+
|
|
45
|
+
def credentials_from_process
|
|
46
|
+
r, w = IO.pipe
|
|
47
|
+
success = system(*@process, out: w)
|
|
48
|
+
w.close
|
|
49
|
+
raw_out = r.read
|
|
50
|
+
r.close
|
|
51
|
+
|
|
52
|
+
unless success
|
|
53
|
+
raise Errors::InvalidProcessCredentialsPayload.new(
|
|
54
|
+
'credential_process provider failure, the credential process had '\
|
|
55
|
+
'non zero exit status and failed to provide credentials'
|
|
56
|
+
)
|
|
39
57
|
end
|
|
40
58
|
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
raise Errors::InvalidProcessCredentialsPayload.new("Invalid JSON response")
|
|
46
|
-
end
|
|
47
|
-
payload_version = creds_json['Version']
|
|
48
|
-
if payload_version == 1
|
|
49
|
-
_parse_payload_format_v1(creds_json)
|
|
50
|
-
else
|
|
51
|
-
raise Errors::InvalidProcessCredentialsPayload.new("Invalid version #{payload_version} for credentials payload")
|
|
52
|
-
end
|
|
53
|
-
else
|
|
54
|
-
raise Errors::InvalidProcessCredentialsPayload.new('credential_process provider failure, the credential process had non zero exit status and failed to provide credentials')
|
|
59
|
+
begin
|
|
60
|
+
creds_json = Aws::Json.load(raw_out)
|
|
61
|
+
rescue Aws::Json::ParseError
|
|
62
|
+
raise Errors::InvalidProcessCredentialsPayload.new('Invalid JSON response')
|
|
55
63
|
end
|
|
64
|
+
|
|
65
|
+
payload_version = creds_json['Version']
|
|
66
|
+
return _parse_payload_format_v1(creds_json) if payload_version == 1
|
|
67
|
+
|
|
68
|
+
raise Errors::InvalidProcessCredentialsPayload.new(
|
|
69
|
+
"Invalid version #{payload_version} for credentials payload"
|
|
70
|
+
)
|
|
56
71
|
end
|
|
57
72
|
|
|
58
73
|
def _parse_payload_format_v1(creds_json)
|
|
59
74
|
creds = Credentials.new(
|
|
60
75
|
creds_json['AccessKeyId'],
|
|
61
76
|
creds_json['SecretAccessKey'],
|
|
62
|
-
creds_json['SessionToken']
|
|
77
|
+
creds_json['SessionToken'],
|
|
78
|
+
account_id: creds_json['AccountId']
|
|
63
79
|
)
|
|
64
80
|
|
|
65
81
|
@expiration = creds_json['Expiration'] ? Time.iso8601(creds_json['Expiration']) : nil
|
|
66
82
|
return creds if creds.set?
|
|
67
|
-
|
|
83
|
+
|
|
84
|
+
raise Errors::InvalidProcessCredentialsPayload.new(
|
|
85
|
+
'Invalid payload for JSON credentials version 1'
|
|
86
|
+
)
|
|
68
87
|
end
|
|
69
88
|
|
|
70
89
|
def refresh
|
|
71
|
-
@credentials = credentials_from_process
|
|
90
|
+
@credentials = credentials_from_process
|
|
72
91
|
end
|
|
73
92
|
|
|
74
93
|
def near_expiration?(expiration_length)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Aws
|
|
4
|
+
# @api private
|
|
5
|
+
module Query
|
|
6
|
+
class EC2Handler < Aws::Query::Handler
|
|
7
|
+
|
|
8
|
+
def apply_params(param_list, params, rules)
|
|
9
|
+
Aws::Query::EC2ParamBuilder.new(param_list).apply(rules, params)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def parse_xml(context)
|
|
13
|
+
if (rules = context.operation.output)
|
|
14
|
+
parser = Xml::Parser.new(rules)
|
|
15
|
+
parser.parse(xml(context)) do |path, value|
|
|
16
|
+
if path.size == 2 && path.last == 'requestId'
|
|
17
|
+
context.metadata[:request_id] = value
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
else
|
|
21
|
+
EmptyStructure.new
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
@@ -31,13 +31,11 @@ module Aws
|
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
def list(ref, values, prefix)
|
|
34
|
-
if values.empty?
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
format(member_ref, value, "#{prefix}.#{n+1}")
|
|
40
|
-
end
|
|
34
|
+
return if values.empty?
|
|
35
|
+
|
|
36
|
+
member_ref = ref.shape.member
|
|
37
|
+
values.each.with_index do |value, n|
|
|
38
|
+
format(member_ref, value, "#{prefix}.#{n + 1}")
|
|
41
39
|
end
|
|
42
40
|
end
|
|
43
41
|
|