aws-sdk-core 3.190.3 → 3.240.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +645 -0
- data/VERSION +1 -1
- data/lib/aws-defaults.rb +4 -1
- data/lib/aws-sdk-core/arn.rb +1 -3
- data/lib/aws-sdk-core/assume_role_credentials.rb +21 -13
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +16 -9
- data/lib/aws-sdk-core/binary/decode_handler.rb +3 -9
- data/lib/aws-sdk-core/binary/encode_handler.rb +1 -1
- data/lib/aws-sdk-core/binary/event_builder.rb +34 -37
- data/lib/aws-sdk-core/binary/event_stream_decoder.rb +1 -0
- data/lib/aws-sdk-core/binary/event_stream_encoder.rb +4 -3
- data/lib/aws-sdk-core/cbor/decoder.rb +308 -0
- data/lib/aws-sdk-core/cbor/encoder.rb +243 -0
- data/lib/aws-sdk-core/cbor.rb +53 -0
- data/lib/aws-sdk-core/client_side_monitoring.rb +9 -0
- data/lib/aws-sdk-core/client_stubs.rb +36 -55
- data/lib/aws-sdk-core/credential_provider.rb +5 -1
- data/lib/aws-sdk-core/credential_provider_chain.rb +101 -25
- data/lib/aws-sdk-core/credentials.rb +19 -6
- data/lib/aws-sdk-core/ec2_metadata.rb +1 -1
- data/lib/aws-sdk-core/ecs_credentials.rb +16 -14
- data/lib/aws-sdk-core/endpoints/endpoint.rb +3 -1
- data/lib/aws-sdk-core/endpoints/matchers.rb +8 -10
- data/lib/aws-sdk-core/endpoints.rb +101 -21
- data/lib/aws-sdk-core/error_handler.rb +46 -0
- data/lib/aws-sdk-core/errors.rb +16 -4
- data/lib/aws-sdk-core/event_emitter.rb +1 -17
- data/lib/aws-sdk-core/instance_profile_credentials.rb +148 -157
- data/lib/aws-sdk-core/json/builder.rb +8 -1
- data/lib/aws-sdk-core/json/error_handler.rb +29 -13
- data/lib/aws-sdk-core/json/handler.rb +6 -6
- data/lib/aws-sdk-core/json/json_engine.rb +3 -1
- data/lib/aws-sdk-core/json/oj_engine.rb +7 -1
- data/lib/aws-sdk-core/json/parser.rb +6 -1
- data/lib/aws-sdk-core/json.rb +43 -14
- data/lib/aws-sdk-core/log/param_filter.rb +2 -2
- data/lib/aws-sdk-core/log/param_formatter.rb +7 -3
- data/lib/aws-sdk-core/log.rb +10 -0
- data/lib/aws-sdk-core/login_credentials.rb +229 -0
- data/lib/aws-sdk-core/lru_cache.rb +75 -0
- data/lib/aws-sdk-core/pageable_response.rb +1 -1
- data/lib/aws-sdk-core/param_validator.rb +7 -2
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +2 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +347 -170
- data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +1 -1
- data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +14 -2
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +78 -56
- data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +40 -32
- data/lib/aws-sdk-core/plugins/global_configuration.rb +8 -9
- data/lib/aws-sdk-core/plugins/http_checksum.rb +2 -8
- data/lib/aws-sdk-core/plugins/invocation_id.rb +1 -11
- data/lib/aws-sdk-core/plugins/logging.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +3 -1
- data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -24
- data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +6 -8
- data/lib/aws-sdk-core/plugins/protocols/query.rb +4 -2
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +3 -15
- data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +3 -0
- data/lib/aws-sdk-core/plugins/protocols/rpc_v2.rb +17 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +74 -25
- data/lib/aws-sdk-core/plugins/request_compression.rb +11 -2
- data/lib/aws-sdk-core/plugins/retry_errors.rb +12 -3
- data/lib/aws-sdk-core/plugins/sign.rb +42 -26
- data/lib/aws-sdk-core/plugins/signature_v2.rb +2 -1
- data/lib/aws-sdk-core/plugins/signature_v4.rb +2 -1
- data/lib/aws-sdk-core/plugins/stub_responses.rb +59 -9
- data/lib/aws-sdk-core/plugins/telemetry.rb +75 -0
- data/lib/aws-sdk-core/plugins/transfer_encoding.rb +16 -9
- data/lib/aws-sdk-core/plugins/user_agent.rb +103 -26
- data/lib/aws-sdk-core/plugins.rb +39 -0
- data/lib/aws-sdk-core/process_credentials.rb +48 -29
- data/lib/aws-sdk-core/query/ec2_handler.rb +27 -0
- data/lib/aws-sdk-core/query/ec2_param_builder.rb +5 -7
- data/lib/aws-sdk-core/query/handler.rb +4 -4
- data/lib/aws-sdk-core/query/param_builder.rb +2 -2
- data/lib/aws-sdk-core/query.rb +2 -1
- data/lib/aws-sdk-core/refreshing_credentials.rb +8 -11
- data/lib/aws-sdk-core/resources.rb +8 -0
- data/lib/aws-sdk-core/rest/content_type_handler.rb +60 -0
- data/lib/aws-sdk-core/rest/handler.rb +3 -4
- data/lib/aws-sdk-core/rest/request/body.rb +32 -5
- data/lib/aws-sdk-core/rest/request/endpoint.rb +24 -4
- data/lib/aws-sdk-core/rest/request/headers.rb +15 -7
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +23 -11
- data/lib/aws-sdk-core/rest/response/body.rb +15 -1
- data/lib/aws-sdk-core/rest/response/header_list_parser.rb +79 -0
- data/lib/aws-sdk-core/rest/response/headers.rb +8 -3
- data/lib/aws-sdk-core/rest.rb +1 -0
- data/lib/aws-sdk-core/rpc_v2/builder.rb +62 -0
- data/lib/aws-sdk-core/rpc_v2/cbor_engine.rb +18 -0
- data/lib/aws-sdk-core/rpc_v2/content_type_handler.rb +47 -0
- data/lib/aws-sdk-core/rpc_v2/error_handler.rb +95 -0
- data/lib/aws-sdk-core/rpc_v2/handler.rb +79 -0
- data/lib/aws-sdk-core/rpc_v2/parser.rb +98 -0
- data/lib/aws-sdk-core/rpc_v2.rb +69 -0
- data/lib/aws-sdk-core/shared_config.rb +108 -22
- data/lib/aws-sdk-core/shared_credentials.rb +1 -7
- data/lib/aws-sdk-core/sso_credentials.rb +5 -2
- data/lib/aws-sdk-core/static_token_provider.rb +1 -2
- data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +12 -11
- data/lib/aws-sdk-core/stubbing/protocols/json.rb +11 -10
- data/lib/aws-sdk-core/stubbing/protocols/query.rb +7 -6
- data/lib/aws-sdk-core/stubbing/protocols/rest.rb +2 -1
- data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +9 -8
- data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +6 -5
- data/lib/aws-sdk-core/stubbing/protocols/rpc_v2.rb +39 -0
- data/lib/aws-sdk-core/stubbing.rb +22 -0
- data/lib/aws-sdk-core/telemetry/base.rb +177 -0
- data/lib/aws-sdk-core/telemetry/no_op.rb +70 -0
- data/lib/aws-sdk-core/telemetry/otel.rb +235 -0
- data/lib/aws-sdk-core/telemetry/span_kind.rb +22 -0
- data/lib/aws-sdk-core/telemetry/span_status.rb +59 -0
- data/lib/aws-sdk-core/telemetry.rb +78 -0
- data/lib/aws-sdk-core/token.rb +3 -3
- data/lib/aws-sdk-core/token_provider.rb +4 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +2 -6
- data/lib/aws-sdk-core/util.rb +41 -1
- data/lib/aws-sdk-core/waiters/poller.rb +10 -5
- data/lib/aws-sdk-core/xml/builder.rb +17 -9
- data/lib/aws-sdk-core/xml/error_handler.rb +35 -43
- data/lib/aws-sdk-core/xml/parser/frame.rb +4 -20
- data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
- data/lib/aws-sdk-core/xml/parser.rb +2 -6
- data/lib/aws-sdk-core.rb +86 -107
- data/lib/aws-sdk-signin/client.rb +604 -0
- data/lib/aws-sdk-signin/client_api.rb +119 -0
- data/lib/aws-sdk-signin/customizations.rb +1 -0
- data/lib/aws-sdk-signin/endpoint_parameters.rb +69 -0
- data/lib/aws-sdk-signin/endpoint_provider.rb +59 -0
- data/lib/aws-sdk-signin/endpoints.rb +20 -0
- data/lib/aws-sdk-signin/errors.rb +122 -0
- data/lib/aws-sdk-signin/plugins/endpoints.rb +77 -0
- data/lib/aws-sdk-signin/resource.rb +26 -0
- data/lib/aws-sdk-signin/types.rb +299 -0
- data/lib/aws-sdk-signin.rb +63 -0
- data/lib/aws-sdk-sso/client.rb +189 -96
- data/lib/aws-sdk-sso/client_api.rb +7 -0
- data/lib/aws-sdk-sso/endpoint_parameters.rb +13 -10
- data/lib/aws-sdk-sso/endpoint_provider.rb +16 -20
- data/lib/aws-sdk-sso/endpoints.rb +2 -54
- data/lib/aws-sdk-sso/plugins/endpoints.rb +20 -20
- data/lib/aws-sdk-sso/types.rb +1 -0
- data/lib/aws-sdk-sso.rb +15 -11
- data/lib/aws-sdk-ssooidc/client.rb +293 -122
- data/lib/aws-sdk-ssooidc/client_api.rb +38 -0
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +13 -10
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +14 -18
- data/lib/aws-sdk-ssooidc/endpoints.rb +2 -54
- data/lib/aws-sdk-ssooidc/errors.rb +31 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +20 -20
- data/lib/aws-sdk-ssooidc/types.rb +142 -29
- data/lib/aws-sdk-ssooidc.rb +15 -11
- data/lib/aws-sdk-sts/client.rb +529 -156
- data/lib/aws-sdk-sts/client_api.rb +108 -8
- data/lib/aws-sdk-sts/customizations.rb +5 -2
- data/lib/aws-sdk-sts/endpoint_parameters.rb +15 -14
- data/lib/aws-sdk-sts/endpoint_provider.rb +50 -55
- data/lib/aws-sdk-sts/endpoints.rb +2 -118
- data/lib/aws-sdk-sts/errors.rb +79 -0
- data/lib/aws-sdk-sts/plugins/endpoints.rb +20 -28
- data/lib/aws-sdk-sts/presigner.rb +2 -6
- data/lib/aws-sdk-sts/types.rb +344 -32
- data/lib/aws-sdk-sts.rb +15 -11
- data/lib/seahorse/client/async_base.rb +4 -5
- data/lib/seahorse/client/async_response.rb +19 -0
- data/lib/seahorse/client/base.rb +18 -21
- data/lib/seahorse/client/h2/connection.rb +18 -28
- data/lib/seahorse/client/h2/handler.rb +19 -3
- data/lib/seahorse/client/handler.rb +1 -1
- data/lib/seahorse/client/http/response.rb +1 -1
- data/lib/seahorse/client/net_http/connection_pool.rb +15 -12
- data/lib/seahorse/client/net_http/handler.rb +21 -9
- data/lib/seahorse/client/networking_error.rb +1 -1
- data/lib/seahorse/client/plugin.rb +9 -0
- data/lib/seahorse/client/plugins/endpoint.rb +0 -1
- data/lib/seahorse/client/plugins/h2.rb +4 -4
- data/lib/seahorse/client/plugins/net_http.rb +57 -16
- data/lib/seahorse/client/request_context.rb +9 -2
- data/lib/seahorse/client/response.rb +2 -0
- data/lib/seahorse/model/shapes.rb +2 -2
- data/lib/seahorse/util.rb +2 -1
- data/sig/aws-sdk-core/async_client_stubs.rbs +21 -0
- data/sig/aws-sdk-core/client_stubs.rbs +10 -0
- data/sig/aws-sdk-core/errors.rbs +22 -0
- data/sig/aws-sdk-core/resources/collection.rbs +21 -0
- data/sig/aws-sdk-core/structure.rbs +4 -0
- data/sig/aws-sdk-core/telemetry/base.rbs +46 -0
- data/sig/aws-sdk-core/telemetry/otel.rbs +22 -0
- data/sig/aws-sdk-core/telemetry/span_kind.rbs +15 -0
- data/sig/aws-sdk-core/telemetry/span_status.rbs +24 -0
- data/sig/aws-sdk-core/waiters/errors.rbs +20 -0
- data/sig/aws-sdk-core.rbs +7 -0
- data/sig/seahorse/client/async_base.rbs +18 -0
- data/sig/seahorse/client/base.rbs +25 -0
- data/sig/seahorse/client/handler_builder.rbs +16 -0
- data/sig/seahorse/client/response.rbs +61 -0
- metadata +117 -23
- /data/lib/aws-sdk-core/xml/parser/{engines/libxml.rb → libxml_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/nokogiri.rb → nokogiri_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/oga.rb → oga_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/ox.rb → ox_engine.rb} +0 -0
- /data/lib/aws-sdk-core/xml/parser/{engines/rexml.rb → rexml_engine.rb} +0 -0
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'time'
|
|
4
|
+
|
|
5
|
+
module Aws
|
|
6
|
+
module RpcV2
|
|
7
|
+
class Parser
|
|
8
|
+
include Seahorse::Model::Shapes
|
|
9
|
+
|
|
10
|
+
# @param [Seahorse::Model::ShapeRef] rules
|
|
11
|
+
def initialize(rules, query_compatible: false)
|
|
12
|
+
@rules = rules
|
|
13
|
+
@query_compatible = query_compatible
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def parse(cbor, target = nil)
|
|
17
|
+
return {} if cbor.empty?
|
|
18
|
+
|
|
19
|
+
parse_ref(@rules, RpcV2.decode(cbor), target)
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
private
|
|
23
|
+
|
|
24
|
+
def structure(ref, values, target = nil)
|
|
25
|
+
shape = ref.shape
|
|
26
|
+
target = ref.shape.struct_class.new if target.nil?
|
|
27
|
+
values.each do |key, value|
|
|
28
|
+
member_name, member_ref = shape.member_by_location_name(key)
|
|
29
|
+
if member_ref
|
|
30
|
+
target[member_name] = parse_ref(member_ref, value)
|
|
31
|
+
elsif shape.union && key != '__type'
|
|
32
|
+
target[:unknown] = { 'name' => key, 'value' => value }
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
# In services that were previously Query/XML, members that were
|
|
36
|
+
# "flattened" defaulted to empty lists. In JSON, these values are nil,
|
|
37
|
+
# which is backwards incompatible. To preserve backwards compatibility,
|
|
38
|
+
# we set a default value of [] for these members.
|
|
39
|
+
if @query_compatible
|
|
40
|
+
ref.shape.members.each do |member_name, member_target|
|
|
41
|
+
next unless target[member_name].nil?
|
|
42
|
+
|
|
43
|
+
if flattened_list?(member_target.shape)
|
|
44
|
+
target[member_name] = []
|
|
45
|
+
elsif flattened_map?(member_target.shape)
|
|
46
|
+
target[member_name] = {}
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
if shape.union
|
|
52
|
+
# convert to subclass
|
|
53
|
+
member_subclass = shape.member_subclass(target.member).new
|
|
54
|
+
member_subclass[target.member] = target.value
|
|
55
|
+
target = member_subclass
|
|
56
|
+
end
|
|
57
|
+
target
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def list(ref, values, target = nil)
|
|
61
|
+
target = [] if target.nil?
|
|
62
|
+
values.each do |value|
|
|
63
|
+
target << parse_ref(ref.shape.member, value)
|
|
64
|
+
end
|
|
65
|
+
target
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def map(ref, values, target = nil)
|
|
69
|
+
target = {} if target.nil?
|
|
70
|
+
values.each do |key, value|
|
|
71
|
+
target[key] = parse_ref(ref.shape.value, value) unless value.nil?
|
|
72
|
+
end
|
|
73
|
+
target
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def parse_ref(ref, value, target = nil)
|
|
77
|
+
if value.nil?
|
|
78
|
+
nil
|
|
79
|
+
else
|
|
80
|
+
case ref.shape
|
|
81
|
+
when StructureShape then structure(ref, value, target)
|
|
82
|
+
when ListShape then list(ref, value, target)
|
|
83
|
+
when MapShape then map(ref, value, target)
|
|
84
|
+
else value
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
def flattened_list?(shape)
|
|
90
|
+
shape.is_a?(ListShape) && shape.flattened
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
def flattened_map?(shape)
|
|
94
|
+
shape.is_a?(MapShape) && shape.flattened
|
|
95
|
+
end
|
|
96
|
+
end
|
|
97
|
+
end
|
|
98
|
+
end
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative 'cbor'
|
|
4
|
+
require_relative 'rpc_v2/builder'
|
|
5
|
+
require_relative 'rpc_v2/content_type_handler'
|
|
6
|
+
require_relative 'rpc_v2/error_handler'
|
|
7
|
+
require_relative 'rpc_v2/handler'
|
|
8
|
+
require_relative 'rpc_v2/parser'
|
|
9
|
+
|
|
10
|
+
module Aws
|
|
11
|
+
# @api private
|
|
12
|
+
module RpcV2
|
|
13
|
+
class << self
|
|
14
|
+
# @param [Symbol,Class] engine
|
|
15
|
+
# Must be one of the following values:
|
|
16
|
+
#
|
|
17
|
+
# * :cbor
|
|
18
|
+
#
|
|
19
|
+
def engine=(engine)
|
|
20
|
+
@engine = Class === engine ? engine : load_engine(engine)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
# @return [Class] Returns the default engine.
|
|
24
|
+
# One of:
|
|
25
|
+
#
|
|
26
|
+
# * {CborEngine}
|
|
27
|
+
#
|
|
28
|
+
def engine
|
|
29
|
+
set_default_engine unless @engine
|
|
30
|
+
@engine
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def encode(data)
|
|
34
|
+
@engine.encode(data)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def decode(bytes)
|
|
38
|
+
bytes.force_encoding(Encoding::BINARY)
|
|
39
|
+
@engine.decode(bytes)
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def set_default_engine
|
|
43
|
+
[:cbor].each do |name|
|
|
44
|
+
@engine ||= try_load_engine(name)
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
unless @engine
|
|
48
|
+
raise 'Unable to find a compatible cbor library.'
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
private
|
|
53
|
+
|
|
54
|
+
def load_engine(name)
|
|
55
|
+
require "aws-sdk-core/rpc_v2/#{name}_engine"
|
|
56
|
+
const_name = name[0].upcase + name[1..-1] + 'Engine'
|
|
57
|
+
const_get(const_name)
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def try_load_engine(name)
|
|
61
|
+
load_engine(name)
|
|
62
|
+
rescue LoadError
|
|
63
|
+
false
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
set_default_engine
|
|
68
|
+
end
|
|
69
|
+
end
|
|
@@ -138,7 +138,11 @@ module Aws
|
|
|
138
138
|
role_session_name: entry['role_session_name']
|
|
139
139
|
}
|
|
140
140
|
cfg[:region] = opts[:region] if opts[:region]
|
|
141
|
-
|
|
141
|
+
with_metrics('CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN') do
|
|
142
|
+
creds = AssumeRoleWebIdentityCredentials.new(cfg)
|
|
143
|
+
creds.metrics << 'CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN'
|
|
144
|
+
creds
|
|
145
|
+
end
|
|
142
146
|
end
|
|
143
147
|
end
|
|
144
148
|
end
|
|
@@ -167,6 +171,16 @@ module Aws
|
|
|
167
171
|
token
|
|
168
172
|
end
|
|
169
173
|
|
|
174
|
+
# Attempts to load from shared config or shared credentials file.
|
|
175
|
+
# Will always attempt first to load from the shared credentials
|
|
176
|
+
# file, if present.
|
|
177
|
+
def login_credentials_from_config(opts = {})
|
|
178
|
+
p = opts[:profile] || @profile_name
|
|
179
|
+
credentials = login_credentials_from_profile(@parsed_credentials, p, opts[:region])
|
|
180
|
+
credentials ||= login_credentials_from_profile(@parsed_config, p, opts[:region]) if @parsed_config
|
|
181
|
+
credentials
|
|
182
|
+
end
|
|
183
|
+
|
|
170
184
|
# Source a custom configured endpoint from the shared configuration file
|
|
171
185
|
#
|
|
172
186
|
# @param [Hash] opts
|
|
@@ -198,6 +212,9 @@ module Aws
|
|
|
198
212
|
|
|
199
213
|
config_reader(
|
|
200
214
|
:region,
|
|
215
|
+
:account_id_endpoint_mode,
|
|
216
|
+
:auth_scheme_preference,
|
|
217
|
+
:sigv4a_signing_region_set,
|
|
201
218
|
:ca_bundle,
|
|
202
219
|
:credential_process,
|
|
203
220
|
:endpoint_discovery_enabled,
|
|
@@ -206,10 +223,13 @@ module Aws
|
|
|
206
223
|
:ec2_metadata_service_endpoint,
|
|
207
224
|
:ec2_metadata_service_endpoint_mode,
|
|
208
225
|
:ec2_metadata_v1_disabled,
|
|
226
|
+
:disable_host_prefix_injection,
|
|
209
227
|
:max_attempts,
|
|
210
228
|
:retry_mode,
|
|
211
229
|
:adaptive_retry_wait_to_fill,
|
|
212
230
|
:correct_clock_skew,
|
|
231
|
+
:request_checksum_calculation,
|
|
232
|
+
:response_checksum_validation,
|
|
213
233
|
:csm_client_id,
|
|
214
234
|
:csm_enabled,
|
|
215
235
|
:csm_host,
|
|
@@ -251,8 +271,8 @@ module Aws
|
|
|
251
271
|
'provide only source_profile or credential_source, not both.'
|
|
252
272
|
elsif opts[:source_profile]
|
|
253
273
|
opts[:visited_profiles] ||= Set.new
|
|
254
|
-
|
|
255
|
-
if opts[:credentials]
|
|
274
|
+
provider = resolve_source_profile(opts[:source_profile], opts)
|
|
275
|
+
if provider && (opts[:credentials] = provider.credentials)
|
|
256
276
|
opts[:role_session_name] ||= prof_cfg['role_session_name']
|
|
257
277
|
opts[:role_session_name] ||= 'default_session'
|
|
258
278
|
opts[:role_arn] ||= prof_cfg['role_arn']
|
|
@@ -261,17 +281,28 @@ module Aws
|
|
|
261
281
|
opts[:serial_number] ||= prof_cfg['mfa_serial']
|
|
262
282
|
opts[:profile] = opts.delete(:source_profile)
|
|
263
283
|
opts.delete(:visited_profiles)
|
|
264
|
-
|
|
284
|
+
|
|
285
|
+
metrics = provider.metrics
|
|
286
|
+
if provider.is_a?(AssumeRoleCredentials)
|
|
287
|
+
opts[:credentials] = provider
|
|
288
|
+
metrics.delete('CREDENTIALS_STS_ASSUME_ROLE')
|
|
289
|
+
else
|
|
290
|
+
metrics << 'CREDENTIALS_PROFILE_SOURCE_PROFILE'
|
|
291
|
+
end
|
|
292
|
+
# Set the original credentials metrics to [] to prevent duplicate metrics during sign plugin
|
|
293
|
+
opts[:credentials].metrics = []
|
|
294
|
+
with_metrics(metrics) do
|
|
295
|
+
creds = AssumeRoleCredentials.new(opts)
|
|
296
|
+
creds.metrics.push(*metrics)
|
|
297
|
+
creds
|
|
298
|
+
end
|
|
265
299
|
else
|
|
266
300
|
raise Errors::NoSourceProfileError,
|
|
267
301
|
"Profile #{profile} has a role_arn, and source_profile, but the"\
|
|
268
302
|
' source_profile does not have credentials.'
|
|
269
303
|
end
|
|
270
304
|
elsif credential_source
|
|
271
|
-
opts[:credentials] = credentials_from_source(
|
|
272
|
-
credential_source,
|
|
273
|
-
chain_config
|
|
274
|
-
)
|
|
305
|
+
opts[:credentials] = credentials_from_source(credential_source, chain_config)
|
|
275
306
|
if opts[:credentials]
|
|
276
307
|
opts[:role_session_name] ||= prof_cfg['role_session_name']
|
|
277
308
|
opts[:role_session_name] ||= 'default_session'
|
|
@@ -280,7 +311,16 @@ module Aws
|
|
|
280
311
|
opts[:external_id] ||= prof_cfg['external_id']
|
|
281
312
|
opts[:serial_number] ||= prof_cfg['mfa_serial']
|
|
282
313
|
opts.delete(:source_profile) # Cleanup
|
|
283
|
-
|
|
314
|
+
|
|
315
|
+
metrics = opts[:credentials].metrics
|
|
316
|
+
metrics << 'CREDENTIALS_PROFILE_NAMED_PROVIDER'
|
|
317
|
+
# Set the original credentials metrics to [] to prevent duplicate metrics during sign plugin
|
|
318
|
+
opts[:credentials].metrics = []
|
|
319
|
+
with_metrics(metrics) do
|
|
320
|
+
creds = AssumeRoleCredentials.new(opts)
|
|
321
|
+
creds.metrics.push(*metrics)
|
|
322
|
+
creds
|
|
323
|
+
end
|
|
284
324
|
else
|
|
285
325
|
raise Errors::NoSourceCredentials,
|
|
286
326
|
"Profile #{profile} could not get source credentials from"\
|
|
@@ -308,12 +348,24 @@ module Aws
|
|
|
308
348
|
elsif profile_config && profile_config['source_profile']
|
|
309
349
|
opts.delete(:source_profile)
|
|
310
350
|
assume_role_credentials_from_config(opts.merge(profile: profile))
|
|
311
|
-
elsif (provider =
|
|
312
|
-
provider
|
|
351
|
+
elsif (provider = assume_role_web_identity_credentials_from_config_with_metrics(opts.merge(profile: profile)))
|
|
352
|
+
provider if provider.credentials.set?
|
|
313
353
|
elsif (provider = assume_role_process_credentials_from_config(profile))
|
|
314
|
-
provider
|
|
315
|
-
elsif (provider =
|
|
316
|
-
provider
|
|
354
|
+
provider if provider.credentials.set?
|
|
355
|
+
elsif (provider = sso_credentials_from_config_with_metrics(profile))
|
|
356
|
+
provider if provider.credentials.set?
|
|
357
|
+
end
|
|
358
|
+
end
|
|
359
|
+
|
|
360
|
+
def assume_role_web_identity_credentials_from_config_with_metrics(opts)
|
|
361
|
+
with_metrics('CREDENTIALS_PROFILE_SOURCE_PROFILE') do
|
|
362
|
+
assume_role_web_identity_credentials_from_config(opts)
|
|
363
|
+
end
|
|
364
|
+
end
|
|
365
|
+
|
|
366
|
+
def sso_credentials_from_config_with_metrics(profile)
|
|
367
|
+
with_metrics('CREDENTIALS_PROFILE_SOURCE_PROFILE') do
|
|
368
|
+
sso_credentials_from_config(profile: profile)
|
|
317
369
|
end
|
|
318
370
|
end
|
|
319
371
|
|
|
@@ -327,6 +379,15 @@ module Aws
|
|
|
327
379
|
)
|
|
328
380
|
when 'EcsContainer'
|
|
329
381
|
ECSCredentials.new
|
|
382
|
+
when 'Environment'
|
|
383
|
+
creds = Credentials.new(
|
|
384
|
+
ENV['AWS_ACCESS_KEY_ID'],
|
|
385
|
+
ENV['AWS_SECRET_ACCESS_KEY'],
|
|
386
|
+
ENV['AWS_SESSION_TOKEN'],
|
|
387
|
+
account_id: ENV['AWS_ACCOUNT_ID']
|
|
388
|
+
)
|
|
389
|
+
creds.metrics = ['CREDENTIALS_ENV_VARS']
|
|
390
|
+
creds
|
|
330
391
|
else
|
|
331
392
|
raise Errors::InvalidCredentialSourceError, "Unsupported credential_source: #{credential_source}"
|
|
332
393
|
end
|
|
@@ -338,7 +399,11 @@ module Aws
|
|
|
338
399
|
if @parsed_config
|
|
339
400
|
credential_process ||= @parsed_config.fetch(profile, {})['credential_process']
|
|
340
401
|
end
|
|
341
|
-
|
|
402
|
+
if credential_process
|
|
403
|
+
creds = ProcessCredentials.new([credential_process])
|
|
404
|
+
creds.metrics << 'CREDENTIALS_PROFILE_PROCESS'
|
|
405
|
+
creds
|
|
406
|
+
end
|
|
342
407
|
end
|
|
343
408
|
|
|
344
409
|
def credentials_from_shared(profile, _opts)
|
|
@@ -382,13 +447,18 @@ module Aws
|
|
|
382
447
|
sso_start_url = prof_config['sso_start_url']
|
|
383
448
|
end
|
|
384
449
|
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
450
|
+
metric = prof_config['sso_session'] ? 'CREDENTIALS_PROFILE_SSO' : 'CREDENTIALS_PROFILE_SSO_LEGACY'
|
|
451
|
+
with_metrics(metric) do
|
|
452
|
+
creds = SSOCredentials.new(
|
|
453
|
+
sso_account_id: prof_config['sso_account_id'],
|
|
454
|
+
sso_role_name: prof_config['sso_role_name'],
|
|
455
|
+
sso_session: prof_config['sso_session'],
|
|
456
|
+
sso_region: sso_region,
|
|
457
|
+
sso_start_url: sso_start_url
|
|
391
458
|
)
|
|
459
|
+
creds.metrics << metric
|
|
460
|
+
creds
|
|
461
|
+
end
|
|
392
462
|
end
|
|
393
463
|
end
|
|
394
464
|
|
|
@@ -409,12 +479,24 @@ module Aws
|
|
|
409
479
|
end
|
|
410
480
|
end
|
|
411
481
|
|
|
482
|
+
def login_credentials_from_profile(cfg, profile, region)
|
|
483
|
+
return unless @parsed_config && (prof_config = cfg[profile]) && prof_config['login_session']
|
|
484
|
+
|
|
485
|
+
cfg = { login_session: prof_config['login_session'] }
|
|
486
|
+
cfg[:region] = region if region
|
|
487
|
+
creds = LoginCredentials.new(cfg)
|
|
488
|
+
creds.metrics << 'CREDENTIALS_PROFILE_LOGIN'
|
|
489
|
+
creds
|
|
490
|
+
end
|
|
491
|
+
|
|
412
492
|
def credentials_from_profile(prof_config)
|
|
413
493
|
creds = Credentials.new(
|
|
414
494
|
prof_config['aws_access_key_id'],
|
|
415
495
|
prof_config['aws_secret_access_key'],
|
|
416
|
-
prof_config['aws_session_token']
|
|
496
|
+
prof_config['aws_session_token'],
|
|
497
|
+
account_id: prof_config['aws_account_id']
|
|
417
498
|
)
|
|
499
|
+
creds.metrics = ['CREDENTIALS_PROFILE']
|
|
418
500
|
creds if creds.set?
|
|
419
501
|
end
|
|
420
502
|
|
|
@@ -475,5 +557,9 @@ module Aws
|
|
|
475
557
|
|
|
476
558
|
sso_session
|
|
477
559
|
end
|
|
560
|
+
|
|
561
|
+
def with_metrics(metrics, &block)
|
|
562
|
+
Aws::Plugins::UserAgent.metric(*metrics, &block)
|
|
563
|
+
end
|
|
478
564
|
end
|
|
479
565
|
end
|
|
@@ -7,13 +7,6 @@ module Aws
|
|
|
7
7
|
|
|
8
8
|
include CredentialProvider
|
|
9
9
|
|
|
10
|
-
# @api private
|
|
11
|
-
KEY_MAP = {
|
|
12
|
-
'aws_access_key_id' => 'access_key_id',
|
|
13
|
-
'aws_secret_access_key' => 'secret_access_key',
|
|
14
|
-
'aws_session_token' => 'session_token',
|
|
15
|
-
}
|
|
16
|
-
|
|
17
10
|
# Constructs a new SharedCredentials object. This will load static
|
|
18
11
|
# (access_key_id, secret_access_key and session_token) AWS access
|
|
19
12
|
# credentials from an ini file, which supports profiles. The default
|
|
@@ -47,6 +40,7 @@ module Aws
|
|
|
47
40
|
)
|
|
48
41
|
@credentials = config.credentials(profile: @profile_name)
|
|
49
42
|
end
|
|
43
|
+
@metrics = ['CREDENTIALS_CODE']
|
|
50
44
|
end
|
|
51
45
|
|
|
52
46
|
# @return [String]
|
|
@@ -7,7 +7,7 @@ module Aws
|
|
|
7
7
|
# {Aws::SSOTokenProvider} will be used to refresh the token if possible.
|
|
8
8
|
# This class does NOT implement the SSO login token flow - tokens
|
|
9
9
|
# must generated separately by running `aws login` from the
|
|
10
|
-
# AWS CLI with the correct profile. The
|
|
10
|
+
# AWS CLI with the correct profile. The {SSOCredentials} will
|
|
11
11
|
# auto-refresh the AWS credentials from SSO.
|
|
12
12
|
#
|
|
13
13
|
# # You must first run aws sso login --profile your-sso-profile
|
|
@@ -91,6 +91,7 @@ module Aws
|
|
|
91
91
|
client_opts[:credentials] = nil
|
|
92
92
|
@client = Aws::SSO::Client.new(client_opts)
|
|
93
93
|
end
|
|
94
|
+
@metrics = ['CREDENTIALS_SSO']
|
|
94
95
|
else # legacy behavior
|
|
95
96
|
missing_keys = LEGACY_REQUIRED_OPTS.select { |k| options[k].nil? }
|
|
96
97
|
unless missing_keys.empty?
|
|
@@ -111,6 +112,7 @@ module Aws
|
|
|
111
112
|
client_opts[:credentials] = nil
|
|
112
113
|
|
|
113
114
|
@client = options[:client] || Aws::SSO::Client.new(client_opts)
|
|
115
|
+
@metrics = ['CREDENTIALS_SSO_LEGACY']
|
|
114
116
|
end
|
|
115
117
|
|
|
116
118
|
@async_refresh = true
|
|
@@ -156,7 +158,8 @@ module Aws
|
|
|
156
158
|
@credentials = Credentials.new(
|
|
157
159
|
c.access_key_id,
|
|
158
160
|
c.secret_access_key,
|
|
159
|
-
c.session_token
|
|
161
|
+
c.session_token,
|
|
162
|
+
account_id: @sso_account_id
|
|
160
163
|
)
|
|
161
164
|
@expiration = Time.at(c.expiration / 1000.0)
|
|
162
165
|
end
|
|
@@ -2,12 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
module Aws
|
|
4
4
|
class StaticTokenProvider
|
|
5
|
-
|
|
6
5
|
include TokenProvider
|
|
7
6
|
|
|
8
7
|
# @param [String] token
|
|
9
8
|
# @param [Time] expiration
|
|
10
|
-
def initialize(token, expiration=nil)
|
|
9
|
+
def initialize(token, expiration = nil)
|
|
11
10
|
@token = Token.new(token, expiration)
|
|
12
11
|
end
|
|
13
12
|
end
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
module Aws
|
|
4
4
|
module Stubbing
|
|
5
5
|
module Protocols
|
|
6
|
+
# @api private
|
|
6
7
|
class EC2
|
|
7
8
|
|
|
8
9
|
def stub_data(api, operation, data)
|
|
@@ -16,17 +17,17 @@ module Aws
|
|
|
16
17
|
end
|
|
17
18
|
|
|
18
19
|
def stub_error(error_code)
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
<ErrorResponse>
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
</ErrorResponse>
|
|
20
|
+
resp = Seahorse::Client::Http::Response.new
|
|
21
|
+
resp.status_code = 400
|
|
22
|
+
resp.body = <<~XML.strip
|
|
23
|
+
<ErrorResponse>
|
|
24
|
+
<Error>
|
|
25
|
+
<Code>#{error_code}</Code>
|
|
26
|
+
<Message>stubbed-response-error-message</Message>
|
|
27
|
+
</Error>
|
|
28
|
+
</ErrorResponse>
|
|
28
29
|
XML
|
|
29
|
-
|
|
30
|
+
resp
|
|
30
31
|
end
|
|
31
32
|
|
|
32
33
|
private
|
|
@@ -37,7 +38,7 @@ module Aws
|
|
|
37
38
|
xml.shift
|
|
38
39
|
xml.pop
|
|
39
40
|
xmlns = "http://ec2.amazonaws.com/doc/#{api.version}/".inspect
|
|
40
|
-
xml.unshift(
|
|
41
|
+
xml.unshift(' <requestId>stubbed-request-id</requestId>')
|
|
41
42
|
xml.unshift("<#{operation.name}Response xmlns=#{xmlns}>\n")
|
|
42
43
|
xml.push("</#{operation.name}Response>\n")
|
|
43
44
|
xml.join
|
|
@@ -3,27 +3,28 @@
|
|
|
3
3
|
module Aws
|
|
4
4
|
module Stubbing
|
|
5
5
|
module Protocols
|
|
6
|
+
# @api private
|
|
6
7
|
class Json
|
|
7
8
|
|
|
8
9
|
def stub_data(api, operation, data)
|
|
9
10
|
resp = Seahorse::Client::Http::Response.new
|
|
10
11
|
resp.status_code = 200
|
|
11
|
-
resp.headers[
|
|
12
|
-
resp.headers[
|
|
12
|
+
resp.headers['Content-Type'] = content_type(api)
|
|
13
|
+
resp.headers['x-amzn-RequestId'] = 'stubbed-request-id'
|
|
13
14
|
resp.body = build_body(operation, data)
|
|
14
15
|
resp
|
|
15
16
|
end
|
|
16
17
|
|
|
17
18
|
def stub_error(error_code)
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
{
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
}
|
|
19
|
+
resp = Seahorse::Client::Http::Response.new
|
|
20
|
+
resp.status_code = 400
|
|
21
|
+
resp.body = <<~JSON.strip
|
|
22
|
+
{
|
|
23
|
+
"code": #{error_code.inspect},
|
|
24
|
+
"message": "stubbed-response-error-message"
|
|
25
|
+
}
|
|
25
26
|
JSON
|
|
26
|
-
|
|
27
|
+
resp
|
|
27
28
|
end
|
|
28
29
|
|
|
29
30
|
private
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
module Aws
|
|
4
4
|
module Stubbing
|
|
5
5
|
module Protocols
|
|
6
|
+
# @api private
|
|
6
7
|
class Query
|
|
7
8
|
|
|
8
9
|
def stub_data(api, operation, data)
|
|
@@ -13,10 +14,10 @@ module Aws
|
|
|
13
14
|
end
|
|
14
15
|
|
|
15
16
|
def stub_error(error_code)
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
17
|
+
resp = Seahorse::Client::Http::Response.new
|
|
18
|
+
resp.status_code = 400
|
|
19
|
+
resp.body = XmlError.new(error_code).to_xml
|
|
20
|
+
resp
|
|
20
21
|
end
|
|
21
22
|
|
|
22
23
|
private
|
|
@@ -24,9 +25,9 @@ module Aws
|
|
|
24
25
|
def build_body(api, operation, data)
|
|
25
26
|
xml = []
|
|
26
27
|
builder = Aws::Xml::DocBuilder.new(target: xml, indent: ' ')
|
|
27
|
-
builder.node(operation.name
|
|
28
|
+
builder.node("#{operation.name}Response", xmlns: xmlns(api)) do
|
|
28
29
|
if (rules = operation.output)
|
|
29
|
-
rules.location_name = operation.name
|
|
30
|
+
rules.location_name = "#{operation.name}Result"
|
|
30
31
|
Xml::Builder.new(rules, target: xml, pad:' ').to_xml(data)
|
|
31
32
|
end
|
|
32
33
|
builder.node('ResponseMetadata') do
|
|
@@ -5,6 +5,7 @@ require 'aws-eventstream'
|
|
|
5
5
|
module Aws
|
|
6
6
|
module Stubbing
|
|
7
7
|
module Protocols
|
|
8
|
+
# @api private
|
|
8
9
|
class Rest
|
|
9
10
|
|
|
10
11
|
include Seahorse::Model::Shapes
|
|
@@ -22,7 +23,7 @@ module Aws
|
|
|
22
23
|
def new_http_response
|
|
23
24
|
resp = Seahorse::Client::Http::Response.new
|
|
24
25
|
resp.status_code = 200
|
|
25
|
-
resp.headers[
|
|
26
|
+
resp.headers['x-amzn-RequestId'] = 'stubbed-request-id'
|
|
26
27
|
resp
|
|
27
28
|
end
|
|
28
29
|
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
module Aws
|
|
4
4
|
module Stubbing
|
|
5
5
|
module Protocols
|
|
6
|
+
# @api private
|
|
6
7
|
class RestJson < Rest
|
|
7
8
|
|
|
8
9
|
def body_for(_a, _b, rules, data)
|
|
@@ -14,15 +15,15 @@ module Aws
|
|
|
14
15
|
end
|
|
15
16
|
|
|
16
17
|
def stub_error(error_code)
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
{
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
}
|
|
18
|
+
resp = Seahorse::Client::Http::Response.new
|
|
19
|
+
resp.status_code = 400
|
|
20
|
+
resp.body = <<~JSON.strip
|
|
21
|
+
{
|
|
22
|
+
"code": #{error_code.inspect},
|
|
23
|
+
"message": "stubbed-response-error-message"
|
|
24
|
+
}
|
|
24
25
|
JSON
|
|
25
|
-
|
|
26
|
+
resp
|
|
26
27
|
end
|
|
27
28
|
|
|
28
29
|
end
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
module Aws
|
|
4
4
|
module Stubbing
|
|
5
5
|
module Protocols
|
|
6
|
+
# @api private
|
|
6
7
|
class RestXml < Rest
|
|
7
8
|
|
|
8
9
|
def body_for(api, operation, rules, data)
|
|
@@ -10,7 +11,7 @@ module Aws
|
|
|
10
11
|
encode_eventstream_response(rules, data, Xml::Builder)
|
|
11
12
|
else
|
|
12
13
|
xml = []
|
|
13
|
-
rules.location_name = operation.name
|
|
14
|
+
rules.location_name = "#{operation.name}Result"
|
|
14
15
|
rules['xmlNamespace'] = { 'uri' => api.metadata['xmlNamespace'] }
|
|
15
16
|
Xml::Builder.new(rules, target:xml).to_xml(data)
|
|
16
17
|
xml.join
|
|
@@ -18,10 +19,10 @@ module Aws
|
|
|
18
19
|
end
|
|
19
20
|
|
|
20
21
|
def stub_error(error_code)
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
22
|
+
resp = Seahorse::Client::Http::Response.new
|
|
23
|
+
resp.status_code = 400
|
|
24
|
+
resp.body = XmlError.new(error_code).to_xml
|
|
25
|
+
resp
|
|
25
26
|
end
|
|
26
27
|
|
|
27
28
|
def xmlns(api)
|