RubyGems - aws-sdk-core - Versions diffs - 3.190.2 → 3.240.0 - Mend

aws-sdk-core 3.190.2 → 3.240.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (203) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +650 -0
data/VERSION +1 -1
data/lib/aws-defaults.rb +4 -1
data/lib/aws-sdk-core/arn.rb +1 -3
data/lib/aws-sdk-core/assume_role_credentials.rb +21 -13
data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +16 -9
data/lib/aws-sdk-core/binary/decode_handler.rb +3 -9
data/lib/aws-sdk-core/binary/encode_handler.rb +1 -1
data/lib/aws-sdk-core/binary/event_builder.rb +34 -37
data/lib/aws-sdk-core/binary/event_stream_decoder.rb +1 -0
data/lib/aws-sdk-core/binary/event_stream_encoder.rb +4 -3
data/lib/aws-sdk-core/cbor/decoder.rb +308 -0
data/lib/aws-sdk-core/cbor/encoder.rb +243 -0
data/lib/aws-sdk-core/cbor.rb +53 -0
data/lib/aws-sdk-core/client_side_monitoring.rb +9 -0
data/lib/aws-sdk-core/client_stubs.rb +39 -58
data/lib/aws-sdk-core/credential_provider.rb +5 -1
data/lib/aws-sdk-core/credential_provider_chain.rb +101 -25
data/lib/aws-sdk-core/credentials.rb +19 -6
data/lib/aws-sdk-core/ec2_metadata.rb +1 -1
data/lib/aws-sdk-core/ecs_credentials.rb +16 -14
data/lib/aws-sdk-core/endpoints/endpoint.rb +3 -1
data/lib/aws-sdk-core/endpoints/matchers.rb +8 -10
data/lib/aws-sdk-core/endpoints.rb +101 -21
data/lib/aws-sdk-core/error_handler.rb +46 -0
data/lib/aws-sdk-core/errors.rb +16 -4
data/lib/aws-sdk-core/event_emitter.rb +1 -17
data/lib/aws-sdk-core/instance_profile_credentials.rb +148 -157
data/lib/aws-sdk-core/json/builder.rb +8 -1
data/lib/aws-sdk-core/json/error_handler.rb +29 -13
data/lib/aws-sdk-core/json/handler.rb +6 -6
data/lib/aws-sdk-core/json/json_engine.rb +3 -1
data/lib/aws-sdk-core/json/oj_engine.rb +7 -1
data/lib/aws-sdk-core/json/parser.rb +6 -1
data/lib/aws-sdk-core/json.rb +43 -14
data/lib/aws-sdk-core/log/param_filter.rb +2 -2
data/lib/aws-sdk-core/log/param_formatter.rb +7 -3
data/lib/aws-sdk-core/log.rb +10 -0
data/lib/aws-sdk-core/login_credentials.rb +229 -0
data/lib/aws-sdk-core/lru_cache.rb +75 -0
data/lib/aws-sdk-core/pageable_response.rb +1 -1
data/lib/aws-sdk-core/param_validator.rb +7 -2
data/lib/aws-sdk-core/plugins/bearer_authorization.rb +2 -0
data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +347 -170
data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +1 -1
data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +14 -2
data/lib/aws-sdk-core/plugins/credentials_configuration.rb +78 -56
data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +40 -32
data/lib/aws-sdk-core/plugins/global_configuration.rb +8 -9
data/lib/aws-sdk-core/plugins/http_checksum.rb +2 -8
data/lib/aws-sdk-core/plugins/invocation_id.rb +1 -11
data/lib/aws-sdk-core/plugins/logging.rb +2 -0
data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +3 -1
data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -24
data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +6 -8
data/lib/aws-sdk-core/plugins/protocols/query.rb +4 -2
data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +3 -15
data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +3 -0
data/lib/aws-sdk-core/plugins/protocols/rpc_v2.rb +17 -0
data/lib/aws-sdk-core/plugins/regional_endpoint.rb +74 -25
data/lib/aws-sdk-core/plugins/request_compression.rb +11 -2
data/lib/aws-sdk-core/plugins/retry_errors.rb +12 -3
data/lib/aws-sdk-core/plugins/sign.rb +42 -26
data/lib/aws-sdk-core/plugins/signature_v2.rb +2 -1
data/lib/aws-sdk-core/plugins/signature_v4.rb +2 -1
data/lib/aws-sdk-core/plugins/stub_responses.rb +59 -9
data/lib/aws-sdk-core/plugins/telemetry.rb +75 -0
data/lib/aws-sdk-core/plugins/transfer_encoding.rb +16 -9
data/lib/aws-sdk-core/plugins/user_agent.rb +103 -26
data/lib/aws-sdk-core/plugins.rb +39 -0
data/lib/aws-sdk-core/process_credentials.rb +48 -29
data/lib/aws-sdk-core/query/ec2_handler.rb +27 -0
data/lib/aws-sdk-core/query/ec2_param_builder.rb +5 -7
data/lib/aws-sdk-core/query/handler.rb +4 -4
data/lib/aws-sdk-core/query/param_builder.rb +2 -2
data/lib/aws-sdk-core/query.rb +2 -1
data/lib/aws-sdk-core/refreshing_credentials.rb +8 -11
data/lib/aws-sdk-core/resources.rb +8 -0
data/lib/aws-sdk-core/rest/content_type_handler.rb +60 -0
data/lib/aws-sdk-core/rest/handler.rb +3 -4
data/lib/aws-sdk-core/rest/request/body.rb +32 -5
data/lib/aws-sdk-core/rest/request/endpoint.rb +24 -4
data/lib/aws-sdk-core/rest/request/headers.rb +15 -7
data/lib/aws-sdk-core/rest/request/querystring_builder.rb +23 -11
data/lib/aws-sdk-core/rest/response/body.rb +15 -1
data/lib/aws-sdk-core/rest/response/header_list_parser.rb +79 -0
data/lib/aws-sdk-core/rest/response/headers.rb +8 -3
data/lib/aws-sdk-core/rest.rb +1 -0
data/lib/aws-sdk-core/rpc_v2/builder.rb +62 -0
data/lib/aws-sdk-core/rpc_v2/cbor_engine.rb +18 -0
data/lib/aws-sdk-core/rpc_v2/content_type_handler.rb +47 -0
data/lib/aws-sdk-core/rpc_v2/error_handler.rb +95 -0
data/lib/aws-sdk-core/rpc_v2/handler.rb +79 -0
data/lib/aws-sdk-core/rpc_v2/parser.rb +98 -0
data/lib/aws-sdk-core/rpc_v2.rb +69 -0
data/lib/aws-sdk-core/shared_config.rb +108 -22
data/lib/aws-sdk-core/shared_credentials.rb +1 -7
data/lib/aws-sdk-core/sso_credentials.rb +5 -2
data/lib/aws-sdk-core/static_token_provider.rb +1 -2
data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +12 -11
data/lib/aws-sdk-core/stubbing/protocols/json.rb +11 -10
data/lib/aws-sdk-core/stubbing/protocols/query.rb +7 -6
data/lib/aws-sdk-core/stubbing/protocols/rest.rb +2 -1
data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +9 -8
data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +6 -5
data/lib/aws-sdk-core/stubbing/protocols/rpc_v2.rb +39 -0
data/lib/aws-sdk-core/stubbing.rb +22 -0
data/lib/aws-sdk-core/telemetry/base.rb +177 -0
data/lib/aws-sdk-core/telemetry/no_op.rb +70 -0
data/lib/aws-sdk-core/telemetry/otel.rb +235 -0
data/lib/aws-sdk-core/telemetry/span_kind.rb +22 -0
data/lib/aws-sdk-core/telemetry/span_status.rb +59 -0
data/lib/aws-sdk-core/telemetry.rb +78 -0
data/lib/aws-sdk-core/token.rb +3 -3
data/lib/aws-sdk-core/token_provider.rb +4 -0
data/lib/aws-sdk-core/token_provider_chain.rb +2 -6
data/lib/aws-sdk-core/util.rb +41 -1
data/lib/aws-sdk-core/waiters/poller.rb +10 -5
data/lib/aws-sdk-core/xml/builder.rb +17 -9
data/lib/aws-sdk-core/xml/error_handler.rb +35 -43
data/lib/aws-sdk-core/xml/parser/frame.rb +4 -20
data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
data/lib/aws-sdk-core/xml/parser.rb +2 -6
data/lib/aws-sdk-core.rb +86 -107
data/lib/aws-sdk-signin/client.rb +604 -0
data/lib/aws-sdk-signin/client_api.rb +119 -0
data/lib/aws-sdk-signin/customizations.rb +1 -0
data/lib/aws-sdk-signin/endpoint_parameters.rb +69 -0
data/lib/aws-sdk-signin/endpoint_provider.rb +59 -0
data/lib/aws-sdk-signin/endpoints.rb +20 -0
data/lib/aws-sdk-signin/errors.rb +122 -0
data/lib/aws-sdk-signin/plugins/endpoints.rb +77 -0
data/lib/aws-sdk-signin/resource.rb +26 -0
data/lib/aws-sdk-signin/types.rb +299 -0
data/lib/aws-sdk-signin.rb +63 -0
data/lib/aws-sdk-sso/client.rb +189 -96
data/lib/aws-sdk-sso/client_api.rb +7 -0
data/lib/aws-sdk-sso/endpoint_parameters.rb +13 -10
data/lib/aws-sdk-sso/endpoint_provider.rb +16 -20
data/lib/aws-sdk-sso/endpoints.rb +2 -54
data/lib/aws-sdk-sso/plugins/endpoints.rb +20 -20
data/lib/aws-sdk-sso/types.rb +1 -0
data/lib/aws-sdk-sso.rb +15 -11
data/lib/aws-sdk-ssooidc/client.rb +293 -122
data/lib/aws-sdk-ssooidc/client_api.rb +38 -0
data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +13 -10
data/lib/aws-sdk-ssooidc/endpoint_provider.rb +14 -18
data/lib/aws-sdk-ssooidc/endpoints.rb +2 -54
data/lib/aws-sdk-ssooidc/errors.rb +31 -0
data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +20 -20
data/lib/aws-sdk-ssooidc/types.rb +142 -29
data/lib/aws-sdk-ssooidc.rb +15 -11
data/lib/aws-sdk-sts/client.rb +529 -156
data/lib/aws-sdk-sts/client_api.rb +108 -8
data/lib/aws-sdk-sts/customizations.rb +5 -2
data/lib/aws-sdk-sts/endpoint_parameters.rb +15 -14
data/lib/aws-sdk-sts/endpoint_provider.rb +50 -55
data/lib/aws-sdk-sts/endpoints.rb +2 -118
data/lib/aws-sdk-sts/errors.rb +79 -0
data/lib/aws-sdk-sts/plugins/endpoints.rb +20 -28
data/lib/aws-sdk-sts/presigner.rb +2 -6
data/lib/aws-sdk-sts/types.rb +344 -32
data/lib/aws-sdk-sts.rb +15 -11
data/lib/seahorse/client/async_base.rb +4 -5
data/lib/seahorse/client/async_response.rb +19 -0
data/lib/seahorse/client/base.rb +18 -21
data/lib/seahorse/client/h2/connection.rb +18 -28
data/lib/seahorse/client/h2/handler.rb +19 -3
data/lib/seahorse/client/handler.rb +1 -1
data/lib/seahorse/client/http/response.rb +1 -1
data/lib/seahorse/client/net_http/connection_pool.rb +15 -12
data/lib/seahorse/client/net_http/handler.rb +21 -9
data/lib/seahorse/client/networking_error.rb +1 -1
data/lib/seahorse/client/plugin.rb +9 -0
data/lib/seahorse/client/plugins/endpoint.rb +0 -1
data/lib/seahorse/client/plugins/h2.rb +4 -4
data/lib/seahorse/client/plugins/net_http.rb +57 -16
data/lib/seahorse/client/request_context.rb +9 -2
data/lib/seahorse/client/response.rb +2 -0
data/lib/seahorse/model/shapes.rb +2 -2
data/lib/seahorse/util.rb +2 -1
data/sig/aws-sdk-core/async_client_stubs.rbs +21 -0
data/sig/aws-sdk-core/client_stubs.rbs +10 -0
data/sig/aws-sdk-core/errors.rbs +22 -0
data/sig/aws-sdk-core/resources/collection.rbs +21 -0
data/sig/aws-sdk-core/structure.rbs +4 -0
data/sig/aws-sdk-core/telemetry/base.rbs +46 -0
data/sig/aws-sdk-core/telemetry/otel.rbs +22 -0
data/sig/aws-sdk-core/telemetry/span_kind.rbs +15 -0
data/sig/aws-sdk-core/telemetry/span_status.rbs +24 -0
data/sig/aws-sdk-core/waiters/errors.rbs +20 -0
data/sig/aws-sdk-core.rbs +7 -0
data/sig/seahorse/client/async_base.rbs +18 -0
data/sig/seahorse/client/base.rbs +25 -0
data/sig/seahorse/client/handler_builder.rbs +16 -0
data/sig/seahorse/client/response.rbs +61 -0
metadata +117 -23
/data/lib/aws-sdk-core/xml/parser/{engines/libxml.rb → libxml_engine.rb} +0 -0
/data/lib/aws-sdk-core/xml/parser/{engines/nokogiri.rb → nokogiri_engine.rb} +0 -0
/data/lib/aws-sdk-core/xml/parser/{engines/oga.rb → oga_engine.rb} +0 -0
/data/lib/aws-sdk-core/xml/parser/{engines/ox.rb → ox_engine.rb} +0 -0
/data/lib/aws-sdk-core/xml/parser/{engines/rexml.rb → rexml_engine.rb} +0 -0

data/lib/aws-sdk-core/json/parser.rb CHANGED Viewed

@@ -17,6 +17,8 @@ module Aws
       # @param [String<JSON>] json
       def parse(json, target = nil)
+        json = '{}' if json.empty?
         parse_ref(@rules, Json.load(json), target)
       end
@@ -69,6 +71,8 @@ module Aws
       def map(ref, values, target = nil)
         target = {} if target.nil?
         values.each do |key, value|
+          next if value.nil?
           target[key] = parse_ref(ref.shape.value, value)
         end
         target
@@ -85,6 +89,7 @@ module Aws
           when TimestampShape then time(value)
           when BlobShape then Base64.decode64(value)
           when BooleanShape then value.to_s == 'true'
+          when FloatShape then Util.deserialize_number(value)
           else value
           end
         end
@@ -93,7 +98,7 @@ module Aws
       # @param [String, Integer] value
       # @return [Time]
       def time(value)
-        value.is_a?(Numeric) ? Time.at(value) : Time.parse(value)
+        value.is_a?(Numeric) ? Time.at(value) : Aws::Util.deserialize_time(value)
       end
       def flattened_list?(shape)

data/lib/aws-sdk-core/json.rb CHANGED Viewed

@@ -1,12 +1,9 @@
 # frozen_string_literal: true
-require 'json'
 require_relative 'json/builder'
 require_relative 'json/error_handler'
 require_relative 'json/handler'
 require_relative 'json/parser'
-require_relative 'json/json_engine'
-require_relative 'json/oj_engine'
 module Aws
   # @api private
@@ -21,29 +18,61 @@ module Aws
     end
     class << self
-      def load(json)
-        ENGINE.load(json)
+      # @param [Symbol,Class] engine
+      #   Must be one of the following values:
+      #
+      #   * :oj
+      #   * :json
+      #
+      def engine=(engine)
+        @engine = Class === engine ? engine : load_engine(engine)
+      end
+      # @return [Class] Returns the default engine.
+      #   One of:
+      #
+      #   * {OjEngine}
+      #   * {JsonEngine}
+      #
+      def engine
+        set_default_engine unless @engine
+        @engine
       end
-      def load_file(path)
-        load(File.open(path, 'r', encoding: 'UTF-8', &:read))
+      def load(json)
+        @engine.load(json)
       end
       def dump(value)
-        ENGINE.dump(value)
+        @engine.dump(value)
+      end
+      def set_default_engine
+        [:oj, :json].each do |name|
+          @engine ||= try_load_engine(name)
+        end
+        unless @engine
+          raise 'Unable to find a compatible json library. ' \
+          'Ensure that you have installed or added to your Gemfile one of ' \
+          'oj or json'
+        end
       end
       private
-      def select_engine
-        require 'oj'
-        OjEngine
+      def load_engine(name)
+        require "aws-sdk-core/json/#{name}_engine"
+        const_name = name[0].upcase + name[1..-1] + 'Engine'
+        const_get(const_name)
+      end
+      def try_load_engine(name)
+        load_engine(name)
       rescue LoadError
-        JSONEngine
+        false
       end
     end
-    # @api private
-    ENGINE = select_engine
+    set_default_engine
   end
 end

data/lib/aws-sdk-core/log/param_filter.rb CHANGED Viewed

@@ -55,14 +55,14 @@ module Aws
           filtered[key] = if @enabled && filters.include?(key)
             '[FILTERED]'
           else
-            filter(value, type)
+            filter(value, value.class)
           end
         end
         filtered
       end
       def filter_array(values, type)
-        values.map { |value| filter(value, type) }
+        values.map { |value| filter(value, value.class) }
       end
     end

data/lib/aws-sdk-core/log/param_formatter.rb CHANGED Viewed

@@ -51,13 +51,17 @@ module Aws
         when String   then summarize_string(value)
         when Hash     then '{' + summarize_hash(value) + '}'
         when Array    then summarize_array(value)
-        when File     then summarize_file(value.path)
-        when Pathname then summarize_file(value)
+        when File     then summarize_file(value)
+        when Pathname then summarize_filepath(value)
         else value.inspect
         end
       end
-      def summarize_file(path)
+      def summarize_file(file)
+        "#<File:#{file.path} (#{file.size} bytes)>"
+      end
+      def summarize_filepath(path)
         "#<File:#{path} (#{File.size(path)} bytes)>"
       end

data/lib/aws-sdk-core/log.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+module Aws
+  # setup autoloading for Log module
+  module Log
+    autoload :Formatter, 'aws-sdk-core/log/formatter'
+    autoload :ParamFilter, 'aws-sdk-core/log/param_filter'
+    autoload :ParamFormatter, 'aws-sdk-core/log/param_formatter'
+  end
+end

data/lib/aws-sdk-core/login_credentials.rb ADDED Viewed

@@ -0,0 +1,229 @@
+# frozen_string_literal: true
+module Aws
+  # An auto-refreshing credential provider that retrieves credentials from
+  # a cached login token. This class does NOT implement the AWS Sign-In
+  # login flow - tokens must be generated separately by running `aws login`
+  # from the AWS CLI/AWS Tools for PowerShell with the correct profile.
+  # The {LoginCredentials} will auto-refresh the AWS credentials from AWS Sign-In.
+  #
+  #     # You must first run aws login --profile your-login-profile
+  #     login_credentials = Aws::LoginCredentials.new(login_session: 'my_login_session')
+  #     ec2 = Aws::EC2::Client.new(credentials: login_credentials)
+  #
+  # If you omit the `:client` option, a new {Aws::Signin::Client} object will
+  # be constructed with additional options that were provided.
+  class LoginCredentials
+    include CredentialProvider
+    include RefreshingCredentials
+    # @option options [required, String] :login_session An opaque string
+    #   used to determine the cache file location. This value can be found
+    #   in the AWS config file which is set by the AWS CLI/AWS Tools for
+    #   PowerShell automatically.
+    #
+    # @option options [Signin::Client] :client Optional `Signin::Client`.
+    #   If not provided, a client will be constructed.
+    def initialize(options = {})
+      raise ArgumentError, 'Missing login_session' unless options[:login_session]
+      @login_session = options.delete(:login_session)
+      @client = options[:client]
+      unless @client
+        client_opts = options.reject { |key, _| CLIENT_EXCLUDE_OPTIONS.include?(key) }
+        @client = Signin::Client.new(client_opts.merge(credentials: nil))
+      end
+      @metrics = ['CREDENTIALS_LOGIN']
+      @async_refresh = true
+      super
+    end
+    # @return [Signin::Client]
+    attr_reader :client
+    private
+    def refresh
+      # First reload the token from disk to ensure it hasn't been refreshed externally
+      token_json = read_cached_token
+      update_creds(token_json['accessToken'])
+      return if @credentials && @expiration && !near_expiration?(sync_expiration_length)
+      # Using OpenSSL 3.6.0 may result in errors like "certificate verify failed (unable to get certificate CRL)."
+      # A recommended workaround is to use OpenSSL version < 3.6.0 or requiring the openssl gem with a version of at
+      # least 3.2.2. GitHub issue: https://github.com/openssl/openssl/issues/28752.
+      if OpenSSL::OPENSSL_LIBRARY_VERSION.include?('3.6.') &&
+         (!Gem.loaded_specs['openssl'] || Gem.loaded_specs['openssl'].version < Gem::Version.new('3.2.2'))
+        warn 'WARNING: OpenSSL 3.6.x may cause certificate verify errors - use OpenSSL < 3.6.0 or openssl gem >= 3.2.2'
+      end
+      # Attempt to refresh the token
+      attempt_refresh(token_json)
+      # Raise if token is hard expired
+      return unless !@expiration || @expiration < Time.now
+      raise Errors::InvalidLoginToken,
+            'Login token is invalid and failed to refresh. Please reauthenticate.'
+    end
+    def read_cached_token
+      cached_token = JSON.load_file(login_cache_file)
+      validate_cached_token(cached_token)
+      cached_token
+    rescue Errno::ENOENT, Aws::Json::ParseError
+      raise Errors::InvalidLoginToken,
+            "Failed to load a Login token for login session #{@login_session}. Please reauthenticate."
+    end
+    def login_cache_file
+      directory = ENV['AWS_LOGIN_CACHE_DIRECTORY'] || File.join(Dir.home, '.aws', 'login', 'cache')
+      login_session_sha = OpenSSL::Digest::SHA256.hexdigest(@login_session.strip.encode('utf-8'))
+      File.join(directory, "#{login_session_sha}.json")
+    end
+    def validate_cached_token(cached_token)
+      required_cached_token_fields = %w[accessToken clientId refreshToken dpopKey]
+      missing_fields = required_cached_token_fields.reject { |field| cached_token[field] }
+      unless missing_fields.empty?
+        raise ArgumentError, "Cached login token is missing required field(s): #{missing_fields}. " \
+          'Please reauthenticate.'
+      end
+      access_token = cached_token['accessToken']
+      required_access_token_fields = %w[accessKeyId secretAccessKey sessionToken accountId expiresAt]
+      missing_fields = required_access_token_fields.reject { |field| access_token[field] }
+      return if missing_fields.empty?
+      raise ArgumentError, "Access token in cached login token is missing required field(s): #{missing_fields}. " \
+        'Please reauthenticate.'
+    end
+    def update_creds(access_token)
+      @credentials = Credentials.new(
+        access_token['accessKeyId'],
+        access_token['secretAccessKey'],
+        access_token['sessionToken'],
+        account_id: access_token['accountId']
+      )
+      @expiration = Time.parse(access_token['expiresAt'])
+    end
+    def attempt_refresh(token_json)
+      resp = make_request(token_json)
+      parse_resp(resp.token_output, token_json)
+      update_creds(token_json['accessToken'])
+      update_token_cache(token_json)
+    rescue Signin::Errors::AccessDeniedException => e
+      case e.error
+      when 'TOKEN_EXPIRED'
+        warn 'Your session has expired. Please reauthenticate.'
+      when 'USER_CREDENTIALS_CHANGED'
+        warn 'Unable to refresh credentials because of a change in your password. ' \
+          'Please reauthenticate with your new password.'
+      when 'INSUFFICIENT_PERMISSIONS'
+        warn 'Unable to refresh credentials due to insufficient permissions. ' \
+          'You may be missing permission for the `CreateOAuth2Token` action.'
+      end
+    rescue StandardError => e
+      warn("Failed to refresh Login token for LoginCredentials: #{e.message}")
+    end
+    def make_request(token_json)
+      options = {
+        token_input: {
+          client_id: token_json['clientId'],
+          grant_type: 'refresh_token',
+          refresh_token: token_json['refreshToken']
+        }
+      }
+      req = @client.build_request(:create_o_auth_2_token, options)
+      endpoint_params = Aws::Signin::EndpointParameters.create(req.context.config)
+      endpoint = req.context.config.endpoint_provider.resolve_endpoint(endpoint_params)
+      endpoint = URI.join(endpoint.url, @client.config.api.operation(:create_o_auth_2_token).http_request_uri).to_s
+      req.context.http_request.headers['DPoP'] = dpop_proof(token_json['dpopKey'], endpoint)
+      req.send_request
+    end
+    def dpop_proof(dpop_key, endpoint)
+      # Load private key from cached token file
+      private_key = OpenSSL::PKey.read(dpop_key)
+      public_key = private_key.public_key.to_octet_string(:uncompressed)
+      # Construct header and payload
+      header = build_header(public_key[1, 32], public_key[33, 32])
+      payload = build_payload(endpoint)
+      # Base64URL encode header and payload, sign message using private key, and create header
+      message = build_message(header, payload)
+      signature = private_key.sign(OpenSSL::Digest.new('SHA256'), message)
+      jws_signature = der_to_jws(signature)
+      "#{message}.#{Base64.urlsafe_encode64(jws_signature, padding: false)}"
+    end
+    def build_header(x_bytes, y_bytes)
+      {
+        'alg' => 'ES256', # signing algorithm
+        'jwk' => {
+          'crv' => 'P-256', # curve name
+          'kty' => 'EC', # key type
+          'x' => Base64.urlsafe_encode64(x_bytes, padding: false), # public x coordinate
+          'y' => Base64.urlsafe_encode64(y_bytes, padding: false) # public y coordinate
+        },
+        'typ' => 'dpop+jwt' # hardcoded
+      }
+    end
+    def build_payload(htu)
+      {
+        'jti' => SecureRandom.uuid, # unique identifier (UUID4)
+        'htm' => @client.config.api.operation(:create_o_auth_2_token).http_method, # POST
+        'htu' => htu, # endpoint of the CreateOAuth2Token operation, with path
+        'iat' => Time.now.utc.to_i # UTC timestamp, specified number of seconds from 1970-01-01T00:00:00Z UTC
+      }
+    end
+    def build_message(header, payload)
+      encoded_header = Base64.urlsafe_encode64(JSON.dump(header), padding: false)
+      encoded_payload = Base64.urlsafe_encode64(JSON.dump(payload), padding: false)
+      "#{encoded_header}.#{encoded_payload}"
+    end
+    # Converts DER-encoded ASN.1 signature to JWS
+    def der_to_jws(der_signature)
+      asn1 = OpenSSL::ASN1.decode(der_signature)
+      r = asn1.value[0].value
+      s = asn1.value[1].value
+      r_hex = r.to_s(16).rjust(64, '0')
+      s_hex = s.to_s(16).rjust(64, '0')
+      [r_hex + s_hex].pack('H*')
+    end
+    def parse_resp(resp, token_json)
+      access_token = token_json['accessToken']
+      access_token.merge!(
+        'accessKeyId' => resp.access_token.access_key_id,
+        'secretAccessKey' => resp.access_token.secret_access_key,
+        'sessionToken' => resp.access_token.session_token,
+        'expiresAt' => (Time.now.utc + resp.expires_in).to_datetime.rfc3339
+      )
+      token_json['refreshToken'] = resp.refresh_token
+    end
+    def update_token_cache(token_json)
+      cached_token = token_json.dup
+      # File.write is not atomic so use temp file and move
+      temp_file = Tempfile.new('temp_file')
+      begin
+        temp_file.write(Json.dump(cached_token))
+        temp_file.close
+        FileUtils.mv(temp_file.path, login_cache_file)
+      ensure
+        temp_file.unlink if File.exist?(temp_file.path) # Ensure temp file is cleaned up
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/lru_cache.rb ADDED Viewed

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+module Aws
+  # @api private
+  # A simple thread safe LRU cache
+  class LRUCache
+    # @param [Hash] options
+    # @option options [Integer] :max_entries (100) Maximum number of entries
+    # @option options [Integer] :expiration (nil) Expiration time in seconds
+    def initialize(options = {})
+      @max_entries = options[:max_entries] || 100
+      @expiration = options[:expiration]
+      @entries = {}
+      @mutex = Mutex.new
+    end
+    # @param [String] key
+    # @return [Object]
+    def [](key)
+      @mutex.synchronize do
+        value = @entries[key]
+        if value
+          @entries.delete(key)
+          @entries[key] = value unless value.expired?
+        end
+        @entries[key]&.value
+      end
+    end
+    # @param [String] key
+    # @param [Object] value
+    def []=(key, value)
+      @mutex.synchronize do
+        @entries.shift unless @entries.size < @max_entries
+        # delete old value if exists
+        @entries.delete(key)
+        @entries[key] = Entry.new(value: value, expiration: @expiration)
+        @entries[key].value
+      end
+    end
+    # @param [String] key
+    # @return [Boolean]
+    def key?(key)
+      @mutex.synchronize do
+        @entries.delete(key) if @entries.key?(key) && @entries[key].expired?
+        @entries.key?(key)
+      end
+    end
+    def clear
+      @mutex.synchronize do
+        @entries.clear
+      end
+    end
+    # @api private
+    class Entry
+      def initialize(options = {})
+        @value = options[:value]
+        @expiration = options[:expiration]
+        @created_time = Time.now
+      end
+      # @return [Object]
+      attr_reader :value
+      def expired?
+        return false unless @expiration
+        Time.now - @created_time > @expiration
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/pageable_response.rb CHANGED Viewed

@@ -201,7 +201,7 @@ module Aws
       def next_response(params)
         params = next_page_params(params)
         request = context.client.build_request(context.operation_name, params)
-        Aws::Plugins::UserAgent.feature('paginator') do
+        Aws::Plugins::UserAgent.metric('PAGINATOR') do
           request.send_request
         end
       end

data/lib/aws-sdk-core/param_validator.rb CHANGED Viewed

@@ -71,9 +71,10 @@ module Aws
         end
         if @validate_required && shape.union
-          if values.length > 1
+          set_values = values.to_h.length
+          if set_values > 1
             errors << "multiple values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}"
-          elsif values.length == 0
+          elsif set_values == 0
             errors << "No values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}"
           end
         end
@@ -106,6 +107,8 @@ module Aws
       # validate members
       member_ref = ref.shape.member
       values.each.with_index do |value, index|
+        next unless value
         shape(member_ref, value, errors, context + "[#{index}]")
       end
     end
@@ -121,6 +124,8 @@ module Aws
       values.each do |key, value|
         shape(key_ref, key, errors, "#{context} #{key.inspect} key")
+        next unless value
         shape(value_ref, value, errors, context + "[#{key.inspect}]")
       end
     end

data/lib/aws-sdk-core/plugins/bearer_authorization.rb CHANGED Viewed

@@ -4,6 +4,8 @@ module Aws
   # @api private
   module Plugins
     # @api private
+    # Deprecated - does not look at new traits like `auth` and `unsignedPayload`
+    # Necessary to exist after endpoints 2.0 for old service clients + new core
     class BearerAuthorization < Seahorse::Client::Plugin
       option(:token_provider,