aws-sdk-core 3.186.0 → 3.240.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +695 -0
- data/VERSION +1 -1
- data/lib/aws-defaults.rb +4 -1
- data/lib/aws-sdk-core/arn.rb +1 -3
- data/lib/aws-sdk-core/assume_role_credentials.rb +21 -13
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +16 -9
- data/lib/aws-sdk-core/binary/decode_handler.rb +3 -9
- data/lib/aws-sdk-core/binary/encode_handler.rb +1 -1
- data/lib/aws-sdk-core/binary/event_builder.rb +34 -37
- data/lib/aws-sdk-core/binary/event_stream_decoder.rb +1 -0
- data/lib/aws-sdk-core/binary/event_stream_encoder.rb +4 -3
- data/lib/aws-sdk-core/cbor/decoder.rb +308 -0
- data/lib/aws-sdk-core/cbor/encoder.rb +243 -0
- data/lib/aws-sdk-core/cbor.rb +53 -0
- data/lib/aws-sdk-core/client_side_monitoring.rb +9 -0
- data/lib/aws-sdk-core/client_stubs.rb +39 -55
- data/lib/aws-sdk-core/credential_provider.rb +5 -1
- data/lib/aws-sdk-core/credential_provider_chain.rb +101 -25
- data/lib/aws-sdk-core/credentials.rb +19 -6
- data/lib/aws-sdk-core/ec2_metadata.rb +1 -1
- data/lib/aws-sdk-core/ecs_credentials.rb +92 -24
- data/lib/aws-sdk-core/endpoints/endpoint.rb +3 -1
- data/lib/aws-sdk-core/endpoints/matchers.rb +8 -10
- data/lib/aws-sdk-core/endpoints.rb +101 -21
- data/lib/aws-sdk-core/error_handler.rb +46 -0
- data/lib/aws-sdk-core/errors.rb +16 -4
- data/lib/aws-sdk-core/event_emitter.rb +1 -17
- data/lib/aws-sdk-core/instance_profile_credentials.rb +148 -157
- data/lib/aws-sdk-core/json/builder.rb +8 -1
- data/lib/aws-sdk-core/json/error_handler.rb +29 -13
- data/lib/aws-sdk-core/json/handler.rb +13 -6
- data/lib/aws-sdk-core/json/json_engine.rb +3 -1
- data/lib/aws-sdk-core/json/oj_engine.rb +7 -1
- data/lib/aws-sdk-core/json/parser.rb +32 -2
- data/lib/aws-sdk-core/json.rb +43 -14
- data/lib/aws-sdk-core/log/param_filter.rb +2 -2
- data/lib/aws-sdk-core/log/param_formatter.rb +7 -3
- data/lib/aws-sdk-core/log.rb +10 -0
- data/lib/aws-sdk-core/login_credentials.rb +229 -0
- data/lib/aws-sdk-core/lru_cache.rb +75 -0
- data/lib/aws-sdk-core/pageable_response.rb +1 -1
- data/lib/aws-sdk-core/param_validator.rb +7 -2
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +2 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +347 -168
- data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +1 -1
- data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +14 -2
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +78 -56
- data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +40 -32
- data/lib/aws-sdk-core/plugins/global_configuration.rb +8 -9
- data/lib/aws-sdk-core/plugins/http_checksum.rb +3 -8
- data/lib/aws-sdk-core/plugins/invocation_id.rb +1 -11
- data/lib/aws-sdk-core/plugins/logging.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +3 -1
- data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -24
- data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +6 -8
- data/lib/aws-sdk-core/plugins/protocols/query.rb +4 -2
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +3 -15
- data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +3 -0
- data/lib/aws-sdk-core/plugins/protocols/rpc_v2.rb +17 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +74 -25
- data/lib/aws-sdk-core/plugins/request_compression.rb +11 -2
- data/lib/aws-sdk-core/plugins/retry_errors.rb +12 -3
- data/lib/aws-sdk-core/plugins/sign.rb +55 -34
- data/lib/aws-sdk-core/plugins/signature_v2.rb +2 -1
- data/lib/aws-sdk-core/plugins/signature_v4.rb +2 -1
- data/lib/aws-sdk-core/plugins/stub_responses.rb +59 -9
- data/lib/aws-sdk-core/plugins/telemetry.rb +75 -0
- data/lib/aws-sdk-core/plugins/transfer_encoding.rb +16 -9
- data/lib/aws-sdk-core/plugins/user_agent.rb +103 -26
- data/lib/aws-sdk-core/plugins.rb +39 -0
- data/lib/aws-sdk-core/process_credentials.rb +48 -29
- data/lib/aws-sdk-core/query/ec2_handler.rb +27 -0
- data/lib/aws-sdk-core/query/ec2_param_builder.rb +5 -7
- data/lib/aws-sdk-core/query/handler.rb +4 -4
- data/lib/aws-sdk-core/query/param_builder.rb +2 -2
- data/lib/aws-sdk-core/query.rb +2 -1
- data/lib/aws-sdk-core/refreshing_credentials.rb +20 -17
- data/lib/aws-sdk-core/resources.rb +8 -0
- data/lib/aws-sdk-core/rest/content_type_handler.rb +60 -0
- data/lib/aws-sdk-core/rest/handler.rb +3 -4
- data/lib/aws-sdk-core/rest/request/body.rb +32 -5
- data/lib/aws-sdk-core/rest/request/endpoint.rb +24 -4
- data/lib/aws-sdk-core/rest/request/headers.rb +15 -7
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +23 -11
- data/lib/aws-sdk-core/rest/response/body.rb +15 -1
- data/lib/aws-sdk-core/rest/response/header_list_parser.rb +79 -0
- data/lib/aws-sdk-core/rest/response/headers.rb +8 -3
- data/lib/aws-sdk-core/rest.rb +1 -0
- data/lib/aws-sdk-core/rpc_v2/builder.rb +62 -0
- data/lib/aws-sdk-core/rpc_v2/cbor_engine.rb +18 -0
- data/lib/aws-sdk-core/rpc_v2/content_type_handler.rb +47 -0
- data/lib/aws-sdk-core/rpc_v2/error_handler.rb +95 -0
- data/lib/aws-sdk-core/rpc_v2/handler.rb +79 -0
- data/lib/aws-sdk-core/rpc_v2/parser.rb +98 -0
- data/lib/aws-sdk-core/rpc_v2.rb +69 -0
- data/lib/aws-sdk-core/shared_config.rb +109 -22
- data/lib/aws-sdk-core/shared_credentials.rb +1 -7
- data/lib/aws-sdk-core/sso_credentials.rb +5 -2
- data/lib/aws-sdk-core/static_token_provider.rb +1 -2
- data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +12 -11
- data/lib/aws-sdk-core/stubbing/protocols/json.rb +11 -10
- data/lib/aws-sdk-core/stubbing/protocols/query.rb +7 -6
- data/lib/aws-sdk-core/stubbing/protocols/rest.rb +2 -1
- data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +9 -8
- data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +6 -5
- data/lib/aws-sdk-core/stubbing/protocols/rpc_v2.rb +39 -0
- data/lib/aws-sdk-core/stubbing.rb +22 -0
- data/lib/aws-sdk-core/telemetry/base.rb +177 -0
- data/lib/aws-sdk-core/telemetry/no_op.rb +70 -0
- data/lib/aws-sdk-core/telemetry/otel.rb +235 -0
- data/lib/aws-sdk-core/telemetry/span_kind.rb +22 -0
- data/lib/aws-sdk-core/telemetry/span_status.rb +59 -0
- data/lib/aws-sdk-core/telemetry.rb +78 -0
- data/lib/aws-sdk-core/token.rb +3 -3
- data/lib/aws-sdk-core/token_provider.rb +4 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +2 -6
- data/lib/aws-sdk-core/util.rb +41 -1
- data/lib/aws-sdk-core/waiters/poller.rb +10 -5
- data/lib/aws-sdk-core/xml/builder.rb +17 -9
- data/lib/aws-sdk-core/xml/error_handler.rb +35 -43
- data/lib/aws-sdk-core/xml/parser/frame.rb +4 -20
- data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
- data/lib/aws-sdk-core/xml/parser.rb +2 -6
- data/lib/aws-sdk-core.rb +86 -107
- data/lib/aws-sdk-signin/client.rb +604 -0
- data/lib/aws-sdk-signin/client_api.rb +119 -0
- data/lib/aws-sdk-signin/customizations.rb +1 -0
- data/lib/aws-sdk-signin/endpoint_parameters.rb +69 -0
- data/lib/aws-sdk-signin/endpoint_provider.rb +59 -0
- data/lib/aws-sdk-signin/endpoints.rb +20 -0
- data/lib/aws-sdk-signin/errors.rb +122 -0
- data/lib/aws-sdk-signin/plugins/endpoints.rb +77 -0
- data/lib/aws-sdk-signin/resource.rb +26 -0
- data/lib/aws-sdk-signin/types.rb +299 -0
- data/lib/aws-sdk-signin.rb +63 -0
- data/lib/aws-sdk-sso/client.rb +189 -96
- data/lib/aws-sdk-sso/client_api.rb +7 -0
- data/lib/aws-sdk-sso/endpoint_parameters.rb +13 -10
- data/lib/aws-sdk-sso/endpoint_provider.rb +16 -20
- data/lib/aws-sdk-sso/endpoints.rb +2 -54
- data/lib/aws-sdk-sso/plugins/endpoints.rb +23 -22
- data/lib/aws-sdk-sso/types.rb +1 -0
- data/lib/aws-sdk-sso.rb +15 -11
- data/lib/aws-sdk-ssooidc/client.rb +609 -129
- data/lib/aws-sdk-ssooidc/client_api.rb +94 -1
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +13 -10
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +16 -20
- data/lib/aws-sdk-ssooidc/endpoints.rb +2 -40
- data/lib/aws-sdk-ssooidc/errors.rb +62 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +23 -20
- data/lib/aws-sdk-ssooidc/types.rb +419 -53
- data/lib/aws-sdk-ssooidc.rb +15 -11
- data/lib/aws-sdk-sts/client.rb +537 -156
- data/lib/aws-sdk-sts/client_api.rb +108 -8
- data/lib/aws-sdk-sts/customizations.rb +5 -2
- data/lib/aws-sdk-sts/endpoint_parameters.rb +15 -14
- data/lib/aws-sdk-sts/endpoint_provider.rb +52 -57
- data/lib/aws-sdk-sts/endpoints.rb +2 -118
- data/lib/aws-sdk-sts/errors.rb +79 -0
- data/lib/aws-sdk-sts/plugins/endpoints.rb +23 -30
- data/lib/aws-sdk-sts/presigner.rb +3 -7
- data/lib/aws-sdk-sts/types.rb +361 -35
- data/lib/aws-sdk-sts.rb +15 -11
- data/lib/seahorse/client/async_base.rb +4 -5
- data/lib/seahorse/client/async_response.rb +19 -0
- data/lib/seahorse/client/base.rb +18 -21
- data/lib/seahorse/client/h2/connection.rb +18 -28
- data/lib/seahorse/client/h2/handler.rb +19 -3
- data/lib/seahorse/client/handler.rb +1 -1
- data/lib/seahorse/client/http/response.rb +1 -1
- data/lib/seahorse/client/net_http/connection_pool.rb +15 -12
- data/lib/seahorse/client/net_http/handler.rb +21 -9
- data/lib/seahorse/client/net_http/patches.rb +1 -4
- data/lib/seahorse/client/networking_error.rb +1 -1
- data/lib/seahorse/client/plugin.rb +9 -0
- data/lib/seahorse/client/plugins/endpoint.rb +0 -1
- data/lib/seahorse/client/plugins/h2.rb +4 -4
- data/lib/seahorse/client/plugins/net_http.rb +57 -16
- data/lib/seahorse/client/request_context.rb +9 -2
- data/lib/seahorse/client/response.rb +2 -0
- data/lib/seahorse/model/shapes.rb +2 -2
- data/lib/seahorse/util.rb +2 -1
- data/sig/aws-sdk-core/async_client_stubs.rbs +21 -0
- data/sig/aws-sdk-core/client_stubs.rbs +10 -0
- data/sig/aws-sdk-core/errors.rbs +22 -0
- data/sig/aws-sdk-core/resources/collection.rbs +21 -0
- data/sig/aws-sdk-core/structure.rbs +4 -0
- data/sig/aws-sdk-core/telemetry/base.rbs +46 -0
- data/sig/aws-sdk-core/telemetry/otel.rbs +22 -0
- data/sig/aws-sdk-core/telemetry/span_kind.rbs +15 -0
- data/sig/aws-sdk-core/telemetry/span_status.rbs +24 -0
- data/sig/aws-sdk-core/waiters/errors.rbs +20 -0
- data/sig/aws-sdk-core.rbs +7 -0
- data/sig/seahorse/client/async_base.rbs +18 -0
- data/sig/seahorse/client/base.rbs +25 -0
- data/sig/seahorse/client/handler_builder.rbs +16 -0
- data/sig/seahorse/client/response.rbs +61 -0
- metadata +117 -23
- /data/lib/aws-sdk-core/xml/parser/{engines/libxml.rb → libxml_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/nokogiri.rb → nokogiri_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/oga.rb → oga_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/ox.rb → ox_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/rexml.rb → rexml_engine.rb} +0 -0
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'time'
|
|
4
|
+
|
|
5
|
+
module Aws
|
|
6
|
+
module RpcV2
|
|
7
|
+
class Parser
|
|
8
|
+
include Seahorse::Model::Shapes
|
|
9
|
+
|
|
10
|
+
# @param [Seahorse::Model::ShapeRef] rules
|
|
11
|
+
def initialize(rules, query_compatible: false)
|
|
12
|
+
@rules = rules
|
|
13
|
+
@query_compatible = query_compatible
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def parse(cbor, target = nil)
|
|
17
|
+
return {} if cbor.empty?
|
|
18
|
+
|
|
19
|
+
parse_ref(@rules, RpcV2.decode(cbor), target)
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
private
|
|
23
|
+
|
|
24
|
+
def structure(ref, values, target = nil)
|
|
25
|
+
shape = ref.shape
|
|
26
|
+
target = ref.shape.struct_class.new if target.nil?
|
|
27
|
+
values.each do |key, value|
|
|
28
|
+
member_name, member_ref = shape.member_by_location_name(key)
|
|
29
|
+
if member_ref
|
|
30
|
+
target[member_name] = parse_ref(member_ref, value)
|
|
31
|
+
elsif shape.union && key != '__type'
|
|
32
|
+
target[:unknown] = { 'name' => key, 'value' => value }
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
# In services that were previously Query/XML, members that were
|
|
36
|
+
# "flattened" defaulted to empty lists. In JSON, these values are nil,
|
|
37
|
+
# which is backwards incompatible. To preserve backwards compatibility,
|
|
38
|
+
# we set a default value of [] for these members.
|
|
39
|
+
if @query_compatible
|
|
40
|
+
ref.shape.members.each do |member_name, member_target|
|
|
41
|
+
next unless target[member_name].nil?
|
|
42
|
+
|
|
43
|
+
if flattened_list?(member_target.shape)
|
|
44
|
+
target[member_name] = []
|
|
45
|
+
elsif flattened_map?(member_target.shape)
|
|
46
|
+
target[member_name] = {}
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
if shape.union
|
|
52
|
+
# convert to subclass
|
|
53
|
+
member_subclass = shape.member_subclass(target.member).new
|
|
54
|
+
member_subclass[target.member] = target.value
|
|
55
|
+
target = member_subclass
|
|
56
|
+
end
|
|
57
|
+
target
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def list(ref, values, target = nil)
|
|
61
|
+
target = [] if target.nil?
|
|
62
|
+
values.each do |value|
|
|
63
|
+
target << parse_ref(ref.shape.member, value)
|
|
64
|
+
end
|
|
65
|
+
target
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def map(ref, values, target = nil)
|
|
69
|
+
target = {} if target.nil?
|
|
70
|
+
values.each do |key, value|
|
|
71
|
+
target[key] = parse_ref(ref.shape.value, value) unless value.nil?
|
|
72
|
+
end
|
|
73
|
+
target
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def parse_ref(ref, value, target = nil)
|
|
77
|
+
if value.nil?
|
|
78
|
+
nil
|
|
79
|
+
else
|
|
80
|
+
case ref.shape
|
|
81
|
+
when StructureShape then structure(ref, value, target)
|
|
82
|
+
when ListShape then list(ref, value, target)
|
|
83
|
+
when MapShape then map(ref, value, target)
|
|
84
|
+
else value
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
def flattened_list?(shape)
|
|
90
|
+
shape.is_a?(ListShape) && shape.flattened
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
def flattened_map?(shape)
|
|
94
|
+
shape.is_a?(MapShape) && shape.flattened
|
|
95
|
+
end
|
|
96
|
+
end
|
|
97
|
+
end
|
|
98
|
+
end
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative 'cbor'
|
|
4
|
+
require_relative 'rpc_v2/builder'
|
|
5
|
+
require_relative 'rpc_v2/content_type_handler'
|
|
6
|
+
require_relative 'rpc_v2/error_handler'
|
|
7
|
+
require_relative 'rpc_v2/handler'
|
|
8
|
+
require_relative 'rpc_v2/parser'
|
|
9
|
+
|
|
10
|
+
module Aws
|
|
11
|
+
# @api private
|
|
12
|
+
module RpcV2
|
|
13
|
+
class << self
|
|
14
|
+
# @param [Symbol,Class] engine
|
|
15
|
+
# Must be one of the following values:
|
|
16
|
+
#
|
|
17
|
+
# * :cbor
|
|
18
|
+
#
|
|
19
|
+
def engine=(engine)
|
|
20
|
+
@engine = Class === engine ? engine : load_engine(engine)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
# @return [Class] Returns the default engine.
|
|
24
|
+
# One of:
|
|
25
|
+
#
|
|
26
|
+
# * {CborEngine}
|
|
27
|
+
#
|
|
28
|
+
def engine
|
|
29
|
+
set_default_engine unless @engine
|
|
30
|
+
@engine
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def encode(data)
|
|
34
|
+
@engine.encode(data)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def decode(bytes)
|
|
38
|
+
bytes.force_encoding(Encoding::BINARY)
|
|
39
|
+
@engine.decode(bytes)
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def set_default_engine
|
|
43
|
+
[:cbor].each do |name|
|
|
44
|
+
@engine ||= try_load_engine(name)
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
unless @engine
|
|
48
|
+
raise 'Unable to find a compatible cbor library.'
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
private
|
|
53
|
+
|
|
54
|
+
def load_engine(name)
|
|
55
|
+
require "aws-sdk-core/rpc_v2/#{name}_engine"
|
|
56
|
+
const_name = name[0].upcase + name[1..-1] + 'Engine'
|
|
57
|
+
const_get(const_name)
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def try_load_engine(name)
|
|
61
|
+
load_engine(name)
|
|
62
|
+
rescue LoadError
|
|
63
|
+
false
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
set_default_engine
|
|
68
|
+
end
|
|
69
|
+
end
|
|
@@ -138,7 +138,11 @@ module Aws
|
|
|
138
138
|
role_session_name: entry['role_session_name']
|
|
139
139
|
}
|
|
140
140
|
cfg[:region] = opts[:region] if opts[:region]
|
|
141
|
-
|
|
141
|
+
with_metrics('CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN') do
|
|
142
|
+
creds = AssumeRoleWebIdentityCredentials.new(cfg)
|
|
143
|
+
creds.metrics << 'CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN'
|
|
144
|
+
creds
|
|
145
|
+
end
|
|
142
146
|
end
|
|
143
147
|
end
|
|
144
148
|
end
|
|
@@ -167,6 +171,16 @@ module Aws
|
|
|
167
171
|
token
|
|
168
172
|
end
|
|
169
173
|
|
|
174
|
+
# Attempts to load from shared config or shared credentials file.
|
|
175
|
+
# Will always attempt first to load from the shared credentials
|
|
176
|
+
# file, if present.
|
|
177
|
+
def login_credentials_from_config(opts = {})
|
|
178
|
+
p = opts[:profile] || @profile_name
|
|
179
|
+
credentials = login_credentials_from_profile(@parsed_credentials, p, opts[:region])
|
|
180
|
+
credentials ||= login_credentials_from_profile(@parsed_config, p, opts[:region]) if @parsed_config
|
|
181
|
+
credentials
|
|
182
|
+
end
|
|
183
|
+
|
|
170
184
|
# Source a custom configured endpoint from the shared configuration file
|
|
171
185
|
#
|
|
172
186
|
# @param [Hash] opts
|
|
@@ -198,6 +212,9 @@ module Aws
|
|
|
198
212
|
|
|
199
213
|
config_reader(
|
|
200
214
|
:region,
|
|
215
|
+
:account_id_endpoint_mode,
|
|
216
|
+
:auth_scheme_preference,
|
|
217
|
+
:sigv4a_signing_region_set,
|
|
201
218
|
:ca_bundle,
|
|
202
219
|
:credential_process,
|
|
203
220
|
:endpoint_discovery_enabled,
|
|
@@ -206,10 +223,13 @@ module Aws
|
|
|
206
223
|
:ec2_metadata_service_endpoint,
|
|
207
224
|
:ec2_metadata_service_endpoint_mode,
|
|
208
225
|
:ec2_metadata_v1_disabled,
|
|
226
|
+
:disable_host_prefix_injection,
|
|
209
227
|
:max_attempts,
|
|
210
228
|
:retry_mode,
|
|
211
229
|
:adaptive_retry_wait_to_fill,
|
|
212
230
|
:correct_clock_skew,
|
|
231
|
+
:request_checksum_calculation,
|
|
232
|
+
:response_checksum_validation,
|
|
213
233
|
:csm_client_id,
|
|
214
234
|
:csm_enabled,
|
|
215
235
|
:csm_host,
|
|
@@ -218,6 +238,7 @@ module Aws
|
|
|
218
238
|
:s3_use_arn_region,
|
|
219
239
|
:s3_us_east_1_regional_endpoint,
|
|
220
240
|
:s3_disable_multiregion_access_points,
|
|
241
|
+
:s3_disable_express_session_auth,
|
|
221
242
|
:defaults_mode,
|
|
222
243
|
:sdk_ua_app_id,
|
|
223
244
|
:disable_request_compression,
|
|
@@ -250,8 +271,8 @@ module Aws
|
|
|
250
271
|
'provide only source_profile or credential_source, not both.'
|
|
251
272
|
elsif opts[:source_profile]
|
|
252
273
|
opts[:visited_profiles] ||= Set.new
|
|
253
|
-
|
|
254
|
-
if opts[:credentials]
|
|
274
|
+
provider = resolve_source_profile(opts[:source_profile], opts)
|
|
275
|
+
if provider && (opts[:credentials] = provider.credentials)
|
|
255
276
|
opts[:role_session_name] ||= prof_cfg['role_session_name']
|
|
256
277
|
opts[:role_session_name] ||= 'default_session'
|
|
257
278
|
opts[:role_arn] ||= prof_cfg['role_arn']
|
|
@@ -260,17 +281,28 @@ module Aws
|
|
|
260
281
|
opts[:serial_number] ||= prof_cfg['mfa_serial']
|
|
261
282
|
opts[:profile] = opts.delete(:source_profile)
|
|
262
283
|
opts.delete(:visited_profiles)
|
|
263
|
-
|
|
284
|
+
|
|
285
|
+
metrics = provider.metrics
|
|
286
|
+
if provider.is_a?(AssumeRoleCredentials)
|
|
287
|
+
opts[:credentials] = provider
|
|
288
|
+
metrics.delete('CREDENTIALS_STS_ASSUME_ROLE')
|
|
289
|
+
else
|
|
290
|
+
metrics << 'CREDENTIALS_PROFILE_SOURCE_PROFILE'
|
|
291
|
+
end
|
|
292
|
+
# Set the original credentials metrics to [] to prevent duplicate metrics during sign plugin
|
|
293
|
+
opts[:credentials].metrics = []
|
|
294
|
+
with_metrics(metrics) do
|
|
295
|
+
creds = AssumeRoleCredentials.new(opts)
|
|
296
|
+
creds.metrics.push(*metrics)
|
|
297
|
+
creds
|
|
298
|
+
end
|
|
264
299
|
else
|
|
265
300
|
raise Errors::NoSourceProfileError,
|
|
266
301
|
"Profile #{profile} has a role_arn, and source_profile, but the"\
|
|
267
302
|
' source_profile does not have credentials.'
|
|
268
303
|
end
|
|
269
304
|
elsif credential_source
|
|
270
|
-
opts[:credentials] = credentials_from_source(
|
|
271
|
-
credential_source,
|
|
272
|
-
chain_config
|
|
273
|
-
)
|
|
305
|
+
opts[:credentials] = credentials_from_source(credential_source, chain_config)
|
|
274
306
|
if opts[:credentials]
|
|
275
307
|
opts[:role_session_name] ||= prof_cfg['role_session_name']
|
|
276
308
|
opts[:role_session_name] ||= 'default_session'
|
|
@@ -279,7 +311,16 @@ module Aws
|
|
|
279
311
|
opts[:external_id] ||= prof_cfg['external_id']
|
|
280
312
|
opts[:serial_number] ||= prof_cfg['mfa_serial']
|
|
281
313
|
opts.delete(:source_profile) # Cleanup
|
|
282
|
-
|
|
314
|
+
|
|
315
|
+
metrics = opts[:credentials].metrics
|
|
316
|
+
metrics << 'CREDENTIALS_PROFILE_NAMED_PROVIDER'
|
|
317
|
+
# Set the original credentials metrics to [] to prevent duplicate metrics during sign plugin
|
|
318
|
+
opts[:credentials].metrics = []
|
|
319
|
+
with_metrics(metrics) do
|
|
320
|
+
creds = AssumeRoleCredentials.new(opts)
|
|
321
|
+
creds.metrics.push(*metrics)
|
|
322
|
+
creds
|
|
323
|
+
end
|
|
283
324
|
else
|
|
284
325
|
raise Errors::NoSourceCredentials,
|
|
285
326
|
"Profile #{profile} could not get source credentials from"\
|
|
@@ -307,12 +348,24 @@ module Aws
|
|
|
307
348
|
elsif profile_config && profile_config['source_profile']
|
|
308
349
|
opts.delete(:source_profile)
|
|
309
350
|
assume_role_credentials_from_config(opts.merge(profile: profile))
|
|
310
|
-
elsif (provider =
|
|
311
|
-
provider
|
|
351
|
+
elsif (provider = assume_role_web_identity_credentials_from_config_with_metrics(opts.merge(profile: profile)))
|
|
352
|
+
provider if provider.credentials.set?
|
|
312
353
|
elsif (provider = assume_role_process_credentials_from_config(profile))
|
|
313
|
-
provider
|
|
314
|
-
elsif (provider =
|
|
315
|
-
provider
|
|
354
|
+
provider if provider.credentials.set?
|
|
355
|
+
elsif (provider = sso_credentials_from_config_with_metrics(profile))
|
|
356
|
+
provider if provider.credentials.set?
|
|
357
|
+
end
|
|
358
|
+
end
|
|
359
|
+
|
|
360
|
+
def assume_role_web_identity_credentials_from_config_with_metrics(opts)
|
|
361
|
+
with_metrics('CREDENTIALS_PROFILE_SOURCE_PROFILE') do
|
|
362
|
+
assume_role_web_identity_credentials_from_config(opts)
|
|
363
|
+
end
|
|
364
|
+
end
|
|
365
|
+
|
|
366
|
+
def sso_credentials_from_config_with_metrics(profile)
|
|
367
|
+
with_metrics('CREDENTIALS_PROFILE_SOURCE_PROFILE') do
|
|
368
|
+
sso_credentials_from_config(profile: profile)
|
|
316
369
|
end
|
|
317
370
|
end
|
|
318
371
|
|
|
@@ -326,6 +379,15 @@ module Aws
|
|
|
326
379
|
)
|
|
327
380
|
when 'EcsContainer'
|
|
328
381
|
ECSCredentials.new
|
|
382
|
+
when 'Environment'
|
|
383
|
+
creds = Credentials.new(
|
|
384
|
+
ENV['AWS_ACCESS_KEY_ID'],
|
|
385
|
+
ENV['AWS_SECRET_ACCESS_KEY'],
|
|
386
|
+
ENV['AWS_SESSION_TOKEN'],
|
|
387
|
+
account_id: ENV['AWS_ACCOUNT_ID']
|
|
388
|
+
)
|
|
389
|
+
creds.metrics = ['CREDENTIALS_ENV_VARS']
|
|
390
|
+
creds
|
|
329
391
|
else
|
|
330
392
|
raise Errors::InvalidCredentialSourceError, "Unsupported credential_source: #{credential_source}"
|
|
331
393
|
end
|
|
@@ -337,7 +399,11 @@ module Aws
|
|
|
337
399
|
if @parsed_config
|
|
338
400
|
credential_process ||= @parsed_config.fetch(profile, {})['credential_process']
|
|
339
401
|
end
|
|
340
|
-
|
|
402
|
+
if credential_process
|
|
403
|
+
creds = ProcessCredentials.new([credential_process])
|
|
404
|
+
creds.metrics << 'CREDENTIALS_PROFILE_PROCESS'
|
|
405
|
+
creds
|
|
406
|
+
end
|
|
341
407
|
end
|
|
342
408
|
|
|
343
409
|
def credentials_from_shared(profile, _opts)
|
|
@@ -381,13 +447,18 @@ module Aws
|
|
|
381
447
|
sso_start_url = prof_config['sso_start_url']
|
|
382
448
|
end
|
|
383
449
|
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
450
|
+
metric = prof_config['sso_session'] ? 'CREDENTIALS_PROFILE_SSO' : 'CREDENTIALS_PROFILE_SSO_LEGACY'
|
|
451
|
+
with_metrics(metric) do
|
|
452
|
+
creds = SSOCredentials.new(
|
|
453
|
+
sso_account_id: prof_config['sso_account_id'],
|
|
454
|
+
sso_role_name: prof_config['sso_role_name'],
|
|
455
|
+
sso_session: prof_config['sso_session'],
|
|
456
|
+
sso_region: sso_region,
|
|
457
|
+
sso_start_url: sso_start_url
|
|
390
458
|
)
|
|
459
|
+
creds.metrics << metric
|
|
460
|
+
creds
|
|
461
|
+
end
|
|
391
462
|
end
|
|
392
463
|
end
|
|
393
464
|
|
|
@@ -408,12 +479,24 @@ module Aws
|
|
|
408
479
|
end
|
|
409
480
|
end
|
|
410
481
|
|
|
482
|
+
def login_credentials_from_profile(cfg, profile, region)
|
|
483
|
+
return unless @parsed_config && (prof_config = cfg[profile]) && prof_config['login_session']
|
|
484
|
+
|
|
485
|
+
cfg = { login_session: prof_config['login_session'] }
|
|
486
|
+
cfg[:region] = region if region
|
|
487
|
+
creds = LoginCredentials.new(cfg)
|
|
488
|
+
creds.metrics << 'CREDENTIALS_PROFILE_LOGIN'
|
|
489
|
+
creds
|
|
490
|
+
end
|
|
491
|
+
|
|
411
492
|
def credentials_from_profile(prof_config)
|
|
412
493
|
creds = Credentials.new(
|
|
413
494
|
prof_config['aws_access_key_id'],
|
|
414
495
|
prof_config['aws_secret_access_key'],
|
|
415
|
-
prof_config['aws_session_token']
|
|
496
|
+
prof_config['aws_session_token'],
|
|
497
|
+
account_id: prof_config['aws_account_id']
|
|
416
498
|
)
|
|
499
|
+
creds.metrics = ['CREDENTIALS_PROFILE']
|
|
417
500
|
creds if creds.set?
|
|
418
501
|
end
|
|
419
502
|
|
|
@@ -474,5 +557,9 @@ module Aws
|
|
|
474
557
|
|
|
475
558
|
sso_session
|
|
476
559
|
end
|
|
560
|
+
|
|
561
|
+
def with_metrics(metrics, &block)
|
|
562
|
+
Aws::Plugins::UserAgent.metric(*metrics, &block)
|
|
563
|
+
end
|
|
477
564
|
end
|
|
478
565
|
end
|
|
@@ -7,13 +7,6 @@ module Aws
|
|
|
7
7
|
|
|
8
8
|
include CredentialProvider
|
|
9
9
|
|
|
10
|
-
# @api private
|
|
11
|
-
KEY_MAP = {
|
|
12
|
-
'aws_access_key_id' => 'access_key_id',
|
|
13
|
-
'aws_secret_access_key' => 'secret_access_key',
|
|
14
|
-
'aws_session_token' => 'session_token',
|
|
15
|
-
}
|
|
16
|
-
|
|
17
10
|
# Constructs a new SharedCredentials object. This will load static
|
|
18
11
|
# (access_key_id, secret_access_key and session_token) AWS access
|
|
19
12
|
# credentials from an ini file, which supports profiles. The default
|
|
@@ -47,6 +40,7 @@ module Aws
|
|
|
47
40
|
)
|
|
48
41
|
@credentials = config.credentials(profile: @profile_name)
|
|
49
42
|
end
|
|
43
|
+
@metrics = ['CREDENTIALS_CODE']
|
|
50
44
|
end
|
|
51
45
|
|
|
52
46
|
# @return [String]
|
|
@@ -7,7 +7,7 @@ module Aws
|
|
|
7
7
|
# {Aws::SSOTokenProvider} will be used to refresh the token if possible.
|
|
8
8
|
# This class does NOT implement the SSO login token flow - tokens
|
|
9
9
|
# must generated separately by running `aws login` from the
|
|
10
|
-
# AWS CLI with the correct profile. The
|
|
10
|
+
# AWS CLI with the correct profile. The {SSOCredentials} will
|
|
11
11
|
# auto-refresh the AWS credentials from SSO.
|
|
12
12
|
#
|
|
13
13
|
# # You must first run aws sso login --profile your-sso-profile
|
|
@@ -91,6 +91,7 @@ module Aws
|
|
|
91
91
|
client_opts[:credentials] = nil
|
|
92
92
|
@client = Aws::SSO::Client.new(client_opts)
|
|
93
93
|
end
|
|
94
|
+
@metrics = ['CREDENTIALS_SSO']
|
|
94
95
|
else # legacy behavior
|
|
95
96
|
missing_keys = LEGACY_REQUIRED_OPTS.select { |k| options[k].nil? }
|
|
96
97
|
unless missing_keys.empty?
|
|
@@ -111,6 +112,7 @@ module Aws
|
|
|
111
112
|
client_opts[:credentials] = nil
|
|
112
113
|
|
|
113
114
|
@client = options[:client] || Aws::SSO::Client.new(client_opts)
|
|
115
|
+
@metrics = ['CREDENTIALS_SSO_LEGACY']
|
|
114
116
|
end
|
|
115
117
|
|
|
116
118
|
@async_refresh = true
|
|
@@ -156,7 +158,8 @@ module Aws
|
|
|
156
158
|
@credentials = Credentials.new(
|
|
157
159
|
c.access_key_id,
|
|
158
160
|
c.secret_access_key,
|
|
159
|
-
c.session_token
|
|
161
|
+
c.session_token,
|
|
162
|
+
account_id: @sso_account_id
|
|
160
163
|
)
|
|
161
164
|
@expiration = Time.at(c.expiration / 1000.0)
|
|
162
165
|
end
|
|
@@ -2,12 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
module Aws
|
|
4
4
|
class StaticTokenProvider
|
|
5
|
-
|
|
6
5
|
include TokenProvider
|
|
7
6
|
|
|
8
7
|
# @param [String] token
|
|
9
8
|
# @param [Time] expiration
|
|
10
|
-
def initialize(token, expiration=nil)
|
|
9
|
+
def initialize(token, expiration = nil)
|
|
11
10
|
@token = Token.new(token, expiration)
|
|
12
11
|
end
|
|
13
12
|
end
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
module Aws
|
|
4
4
|
module Stubbing
|
|
5
5
|
module Protocols
|
|
6
|
+
# @api private
|
|
6
7
|
class EC2
|
|
7
8
|
|
|
8
9
|
def stub_data(api, operation, data)
|
|
@@ -16,17 +17,17 @@ module Aws
|
|
|
16
17
|
end
|
|
17
18
|
|
|
18
19
|
def stub_error(error_code)
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
<ErrorResponse>
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
</ErrorResponse>
|
|
20
|
+
resp = Seahorse::Client::Http::Response.new
|
|
21
|
+
resp.status_code = 400
|
|
22
|
+
resp.body = <<~XML.strip
|
|
23
|
+
<ErrorResponse>
|
|
24
|
+
<Error>
|
|
25
|
+
<Code>#{error_code}</Code>
|
|
26
|
+
<Message>stubbed-response-error-message</Message>
|
|
27
|
+
</Error>
|
|
28
|
+
</ErrorResponse>
|
|
28
29
|
XML
|
|
29
|
-
|
|
30
|
+
resp
|
|
30
31
|
end
|
|
31
32
|
|
|
32
33
|
private
|
|
@@ -37,7 +38,7 @@ module Aws
|
|
|
37
38
|
xml.shift
|
|
38
39
|
xml.pop
|
|
39
40
|
xmlns = "http://ec2.amazonaws.com/doc/#{api.version}/".inspect
|
|
40
|
-
xml.unshift(
|
|
41
|
+
xml.unshift(' <requestId>stubbed-request-id</requestId>')
|
|
41
42
|
xml.unshift("<#{operation.name}Response xmlns=#{xmlns}>\n")
|
|
42
43
|
xml.push("</#{operation.name}Response>\n")
|
|
43
44
|
xml.join
|
|
@@ -3,27 +3,28 @@
|
|
|
3
3
|
module Aws
|
|
4
4
|
module Stubbing
|
|
5
5
|
module Protocols
|
|
6
|
+
# @api private
|
|
6
7
|
class Json
|
|
7
8
|
|
|
8
9
|
def stub_data(api, operation, data)
|
|
9
10
|
resp = Seahorse::Client::Http::Response.new
|
|
10
11
|
resp.status_code = 200
|
|
11
|
-
resp.headers[
|
|
12
|
-
resp.headers[
|
|
12
|
+
resp.headers['Content-Type'] = content_type(api)
|
|
13
|
+
resp.headers['x-amzn-RequestId'] = 'stubbed-request-id'
|
|
13
14
|
resp.body = build_body(operation, data)
|
|
14
15
|
resp
|
|
15
16
|
end
|
|
16
17
|
|
|
17
18
|
def stub_error(error_code)
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
{
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
}
|
|
19
|
+
resp = Seahorse::Client::Http::Response.new
|
|
20
|
+
resp.status_code = 400
|
|
21
|
+
resp.body = <<~JSON.strip
|
|
22
|
+
{
|
|
23
|
+
"code": #{error_code.inspect},
|
|
24
|
+
"message": "stubbed-response-error-message"
|
|
25
|
+
}
|
|
25
26
|
JSON
|
|
26
|
-
|
|
27
|
+
resp
|
|
27
28
|
end
|
|
28
29
|
|
|
29
30
|
private
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
module Aws
|
|
4
4
|
module Stubbing
|
|
5
5
|
module Protocols
|
|
6
|
+
# @api private
|
|
6
7
|
class Query
|
|
7
8
|
|
|
8
9
|
def stub_data(api, operation, data)
|
|
@@ -13,10 +14,10 @@ module Aws
|
|
|
13
14
|
end
|
|
14
15
|
|
|
15
16
|
def stub_error(error_code)
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
17
|
+
resp = Seahorse::Client::Http::Response.new
|
|
18
|
+
resp.status_code = 400
|
|
19
|
+
resp.body = XmlError.new(error_code).to_xml
|
|
20
|
+
resp
|
|
20
21
|
end
|
|
21
22
|
|
|
22
23
|
private
|
|
@@ -24,9 +25,9 @@ module Aws
|
|
|
24
25
|
def build_body(api, operation, data)
|
|
25
26
|
xml = []
|
|
26
27
|
builder = Aws::Xml::DocBuilder.new(target: xml, indent: ' ')
|
|
27
|
-
builder.node(operation.name
|
|
28
|
+
builder.node("#{operation.name}Response", xmlns: xmlns(api)) do
|
|
28
29
|
if (rules = operation.output)
|
|
29
|
-
rules.location_name = operation.name
|
|
30
|
+
rules.location_name = "#{operation.name}Result"
|
|
30
31
|
Xml::Builder.new(rules, target: xml, pad:' ').to_xml(data)
|
|
31
32
|
end
|
|
32
33
|
builder.node('ResponseMetadata') do
|
|
@@ -5,6 +5,7 @@ require 'aws-eventstream'
|
|
|
5
5
|
module Aws
|
|
6
6
|
module Stubbing
|
|
7
7
|
module Protocols
|
|
8
|
+
# @api private
|
|
8
9
|
class Rest
|
|
9
10
|
|
|
10
11
|
include Seahorse::Model::Shapes
|
|
@@ -22,7 +23,7 @@ module Aws
|
|
|
22
23
|
def new_http_response
|
|
23
24
|
resp = Seahorse::Client::Http::Response.new
|
|
24
25
|
resp.status_code = 200
|
|
25
|
-
resp.headers[
|
|
26
|
+
resp.headers['x-amzn-RequestId'] = 'stubbed-request-id'
|
|
26
27
|
resp
|
|
27
28
|
end
|
|
28
29
|
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
module Aws
|
|
4
4
|
module Stubbing
|
|
5
5
|
module Protocols
|
|
6
|
+
# @api private
|
|
6
7
|
class RestJson < Rest
|
|
7
8
|
|
|
8
9
|
def body_for(_a, _b, rules, data)
|
|
@@ -14,15 +15,15 @@ module Aws
|
|
|
14
15
|
end
|
|
15
16
|
|
|
16
17
|
def stub_error(error_code)
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
{
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
}
|
|
18
|
+
resp = Seahorse::Client::Http::Response.new
|
|
19
|
+
resp.status_code = 400
|
|
20
|
+
resp.body = <<~JSON.strip
|
|
21
|
+
{
|
|
22
|
+
"code": #{error_code.inspect},
|
|
23
|
+
"message": "stubbed-response-error-message"
|
|
24
|
+
}
|
|
24
25
|
JSON
|
|
25
|
-
|
|
26
|
+
resp
|
|
26
27
|
end
|
|
27
28
|
|
|
28
29
|
end
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
module Aws
|
|
4
4
|
module Stubbing
|
|
5
5
|
module Protocols
|
|
6
|
+
# @api private
|
|
6
7
|
class RestXml < Rest
|
|
7
8
|
|
|
8
9
|
def body_for(api, operation, rules, data)
|
|
@@ -10,7 +11,7 @@ module Aws
|
|
|
10
11
|
encode_eventstream_response(rules, data, Xml::Builder)
|
|
11
12
|
else
|
|
12
13
|
xml = []
|
|
13
|
-
rules.location_name = operation.name
|
|
14
|
+
rules.location_name = "#{operation.name}Result"
|
|
14
15
|
rules['xmlNamespace'] = { 'uri' => api.metadata['xmlNamespace'] }
|
|
15
16
|
Xml::Builder.new(rules, target:xml).to_xml(data)
|
|
16
17
|
xml.join
|
|
@@ -18,10 +19,10 @@ module Aws
|
|
|
18
19
|
end
|
|
19
20
|
|
|
20
21
|
def stub_error(error_code)
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
22
|
+
resp = Seahorse::Client::Http::Response.new
|
|
23
|
+
resp.status_code = 400
|
|
24
|
+
resp.body = XmlError.new(error_code).to_xml
|
|
25
|
+
resp
|
|
25
26
|
end
|
|
26
27
|
|
|
27
28
|
def xmlns(api)
|