RubyGems - aws-sdk-core - Versions diffs - 3.191.1 → 3.228.0 - Mend

aws-sdk-core 3.191.1 → 3.228.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (181) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +530 -1
data/VERSION +1 -1
data/lib/aws-defaults/default_configuration.rb +1 -2
data/lib/aws-defaults.rb +4 -1
data/lib/aws-sdk-core/arn.rb +1 -3
data/lib/aws-sdk-core/assume_role_credentials.rb +13 -5
data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +14 -7
data/lib/aws-sdk-core/binary/decode_handler.rb +3 -9
data/lib/aws-sdk-core/binary/encode_handler.rb +1 -1
data/lib/aws-sdk-core/binary/event_builder.rb +34 -37
data/lib/aws-sdk-core/binary/event_stream_decoder.rb +1 -0
data/lib/aws-sdk-core/binary/event_stream_encoder.rb +4 -3
data/lib/aws-sdk-core/cbor/decoder.rb +308 -0
data/lib/aws-sdk-core/cbor/encoder.rb +243 -0
data/lib/aws-sdk-core/cbor.rb +53 -0
data/lib/aws-sdk-core/client_side_monitoring.rb +9 -0
data/lib/aws-sdk-core/client_stubs.rb +30 -55
data/lib/aws-sdk-core/credential_provider.rb +4 -0
data/lib/aws-sdk-core/credential_provider_chain.rb +38 -11
data/lib/aws-sdk-core/credentials.rb +19 -6
data/lib/aws-sdk-core/ec2_metadata.rb +1 -1
data/lib/aws-sdk-core/ecs_credentials.rb +1 -0
data/lib/aws-sdk-core/endpoints/endpoint.rb +3 -1
data/lib/aws-sdk-core/endpoints/matchers.rb +8 -10
data/lib/aws-sdk-core/endpoints.rb +101 -21
data/lib/aws-sdk-core/error_handler.rb +46 -0
data/lib/aws-sdk-core/errors.rb +11 -2
data/lib/aws-sdk-core/event_emitter.rb +1 -17
data/lib/aws-sdk-core/instance_profile_credentials.rb +148 -158
data/lib/aws-sdk-core/json/builder.rb +8 -1
data/lib/aws-sdk-core/json/error_handler.rb +29 -13
data/lib/aws-sdk-core/json/handler.rb +6 -6
data/lib/aws-sdk-core/json/json_engine.rb +3 -1
data/lib/aws-sdk-core/json/oj_engine.rb +7 -1
data/lib/aws-sdk-core/json/parser.rb +6 -1
data/lib/aws-sdk-core/json.rb +43 -14
data/lib/aws-sdk-core/log/param_filter.rb +2 -2
data/lib/aws-sdk-core/log/param_formatter.rb +7 -3
data/lib/aws-sdk-core/log.rb +10 -0
data/lib/aws-sdk-core/lru_cache.rb +75 -0
data/lib/aws-sdk-core/pageable_response.rb +1 -1
data/lib/aws-sdk-core/param_validator.rb +7 -2
data/lib/aws-sdk-core/plugins/bearer_authorization.rb +2 -0
data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +332 -169
data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +0 -1
data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +14 -2
data/lib/aws-sdk-core/plugins/credentials_configuration.rb +87 -68
data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +40 -32
data/lib/aws-sdk-core/plugins/global_configuration.rb +8 -9
data/lib/aws-sdk-core/plugins/http_checksum.rb +2 -8
data/lib/aws-sdk-core/plugins/invocation_id.rb +1 -11
data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +3 -1
data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -24
data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +6 -8
data/lib/aws-sdk-core/plugins/protocols/query.rb +4 -2
data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +3 -15
data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +3 -0
data/lib/aws-sdk-core/plugins/protocols/rpc_v2.rb +17 -0
data/lib/aws-sdk-core/plugins/regional_endpoint.rb +74 -25
data/lib/aws-sdk-core/plugins/request_compression.rb +11 -2
data/lib/aws-sdk-core/plugins/retry_errors.rb +10 -3
data/lib/aws-sdk-core/plugins/sign.rb +42 -26
data/lib/aws-sdk-core/plugins/signature_v2.rb +2 -1
data/lib/aws-sdk-core/plugins/signature_v4.rb +2 -1
data/lib/aws-sdk-core/plugins/stub_responses.rb +58 -9
data/lib/aws-sdk-core/plugins/telemetry.rb +75 -0
data/lib/aws-sdk-core/plugins/transfer_encoding.rb +16 -9
data/lib/aws-sdk-core/plugins/user_agent.rb +101 -26
data/lib/aws-sdk-core/plugins.rb +39 -0
data/lib/aws-sdk-core/process_credentials.rb +48 -29
data/lib/aws-sdk-core/query/ec2_handler.rb +27 -0
data/lib/aws-sdk-core/query/ec2_param_builder.rb +5 -7
data/lib/aws-sdk-core/query/handler.rb +4 -4
data/lib/aws-sdk-core/query/param_builder.rb +2 -2
data/lib/aws-sdk-core/query.rb +2 -1
data/lib/aws-sdk-core/resources.rb +8 -0
data/lib/aws-sdk-core/rest/content_type_handler.rb +60 -0
data/lib/aws-sdk-core/rest/handler.rb +3 -4
data/lib/aws-sdk-core/rest/request/body.rb +32 -5
data/lib/aws-sdk-core/rest/request/endpoint.rb +24 -4
data/lib/aws-sdk-core/rest/request/headers.rb +15 -7
data/lib/aws-sdk-core/rest/request/querystring_builder.rb +23 -11
data/lib/aws-sdk-core/rest/response/body.rb +15 -1
data/lib/aws-sdk-core/rest/response/header_list_parser.rb +79 -0
data/lib/aws-sdk-core/rest/response/headers.rb +8 -3
data/lib/aws-sdk-core/rest.rb +1 -0
data/lib/aws-sdk-core/rpc_v2/builder.rb +62 -0
data/lib/aws-sdk-core/rpc_v2/cbor_engine.rb +18 -0
data/lib/aws-sdk-core/rpc_v2/content_type_handler.rb +47 -0
data/lib/aws-sdk-core/rpc_v2/error_handler.rb +95 -0
data/lib/aws-sdk-core/rpc_v2/handler.rb +79 -0
data/lib/aws-sdk-core/rpc_v2/parser.rb +98 -0
data/lib/aws-sdk-core/rpc_v2.rb +69 -0
data/lib/aws-sdk-core/shared_config.rb +79 -22
data/lib/aws-sdk-core/shared_credentials.rb +1 -7
data/lib/aws-sdk-core/sso_credentials.rb +4 -1
data/lib/aws-sdk-core/static_token_provider.rb +1 -2
data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +12 -11
data/lib/aws-sdk-core/stubbing/protocols/json.rb +11 -10
data/lib/aws-sdk-core/stubbing/protocols/query.rb +7 -6
data/lib/aws-sdk-core/stubbing/protocols/rest.rb +2 -1
data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +9 -8
data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +6 -5
data/lib/aws-sdk-core/stubbing/protocols/rpc_v2.rb +39 -0
data/lib/aws-sdk-core/stubbing.rb +22 -0
data/lib/aws-sdk-core/telemetry/base.rb +177 -0
data/lib/aws-sdk-core/telemetry/no_op.rb +70 -0
data/lib/aws-sdk-core/telemetry/otel.rb +235 -0
data/lib/aws-sdk-core/telemetry/span_kind.rb +22 -0
data/lib/aws-sdk-core/telemetry/span_status.rb +59 -0
data/lib/aws-sdk-core/telemetry.rb +78 -0
data/lib/aws-sdk-core/token.rb +3 -3
data/lib/aws-sdk-core/token_provider.rb +4 -0
data/lib/aws-sdk-core/token_provider_chain.rb +2 -6
data/lib/aws-sdk-core/util.rb +41 -1
data/lib/aws-sdk-core/waiters/poller.rb +10 -5
data/lib/aws-sdk-core/xml/builder.rb +17 -9
data/lib/aws-sdk-core/xml/error_handler.rb +35 -43
data/lib/aws-sdk-core/xml/parser/frame.rb +4 -20
data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
data/lib/aws-sdk-core/xml/parser.rb +2 -6
data/lib/aws-sdk-core.rb +82 -107
data/lib/aws-sdk-sso/client.rb +185 -89
data/lib/aws-sdk-sso/client_api.rb +7 -0
data/lib/aws-sdk-sso/endpoint_parameters.rb +9 -6
data/lib/aws-sdk-sso/endpoint_provider.rb +14 -18
data/lib/aws-sdk-sso/endpoints.rb +2 -54
data/lib/aws-sdk-sso/plugins/endpoints.rb +19 -20
data/lib/aws-sdk-sso/types.rb +1 -0
data/lib/aws-sdk-sso.rb +15 -11
data/lib/aws-sdk-ssooidc/client.rb +270 -109
data/lib/aws-sdk-ssooidc/client_api.rb +33 -0
data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +9 -6
data/lib/aws-sdk-ssooidc/endpoint_provider.rb +14 -18
data/lib/aws-sdk-ssooidc/endpoints.rb +2 -54
data/lib/aws-sdk-ssooidc/errors.rb +21 -0
data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +19 -20
data/lib/aws-sdk-ssooidc/types.rb +125 -24
data/lib/aws-sdk-ssooidc.rb +15 -11
data/lib/aws-sdk-sts/client.rb +393 -141
data/lib/aws-sdk-sts/client_api.rb +36 -8
data/lib/aws-sdk-sts/customizations.rb +5 -1
data/lib/aws-sdk-sts/endpoint_parameters.rb +10 -9
data/lib/aws-sdk-sts/endpoint_provider.rb +50 -55
data/lib/aws-sdk-sts/endpoints.rb +2 -118
data/lib/aws-sdk-sts/errors.rb +15 -0
data/lib/aws-sdk-sts/plugins/endpoints.rb +19 -28
data/lib/aws-sdk-sts/presigner.rb +2 -6
data/lib/aws-sdk-sts/types.rb +171 -28
data/lib/aws-sdk-sts.rb +15 -11
data/lib/seahorse/client/async_base.rb +4 -5
data/lib/seahorse/client/async_response.rb +19 -0
data/lib/seahorse/client/base.rb +18 -21
data/lib/seahorse/client/h2/connection.rb +18 -28
data/lib/seahorse/client/h2/handler.rb +14 -3
data/lib/seahorse/client/handler.rb +1 -1
data/lib/seahorse/client/http/response.rb +1 -1
data/lib/seahorse/client/net_http/connection_pool.rb +15 -12
data/lib/seahorse/client/net_http/handler.rb +21 -9
data/lib/seahorse/client/networking_error.rb +1 -1
data/lib/seahorse/client/plugin.rb +8 -0
data/lib/seahorse/client/plugins/endpoint.rb +0 -1
data/lib/seahorse/client/plugins/h2.rb +4 -4
data/lib/seahorse/client/plugins/net_http.rb +57 -16
data/lib/seahorse/client/request_context.rb +9 -2
data/lib/seahorse/client/response.rb +2 -0
data/lib/seahorse/model/shapes.rb +2 -2
data/lib/seahorse/util.rb +2 -1
data/sig/aws-sdk-core/async_client_stubs.rbs +21 -0
data/sig/aws-sdk-core/telemetry/base.rbs +46 -0
data/sig/aws-sdk-core/telemetry/otel.rbs +22 -0
data/sig/aws-sdk-core/telemetry/span_kind.rbs +15 -0
data/sig/aws-sdk-core/telemetry/span_status.rbs +24 -0
data/sig/seahorse/client/async_base.rbs +18 -0
metadata +96 -23
/data/lib/aws-sdk-core/xml/parser/{engines/libxml.rb → libxml_engine.rb} +0 -0
/data/lib/aws-sdk-core/xml/parser/{engines/nokogiri.rb → nokogiri_engine.rb} +0 -0
/data/lib/aws-sdk-core/xml/parser/{engines/oga.rb → oga_engine.rb} +0 -0
/data/lib/aws-sdk-core/xml/parser/{engines/ox.rb → ox_engine.rb} +0 -0
/data/lib/aws-sdk-core/xml/parser/{engines/rexml.rb → rexml_engine.rb} +0 -0

data/lib/aws-sdk-core/cbor.rb ADDED Viewed

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+require_relative 'cbor/encoder'
+require_relative 'cbor/decoder'
+module Aws
+  # @api private
+  module Cbor
+    # CBOR Tagged data (Major type 6).
+    # A Tag consists of a tag number and a value.
+    # In the extended generic data model, a tag number's definition
+    # describes the additional semantics conveyed with the tag number.
+    # # @!method initialize(*args)
+    #   @option args [Integer] :tag The tag number.
+    #   @option args [Object] :value The tag's content.
+    # @!attribute tag
+    #   The tag number.
+    #   @return [Integer]
+    # @!attribute value
+    #   The tag's content.
+    #   @return [Object]
+    Tagged = Struct.new(:tag, :value)
+    class Error < StandardError; end
+    class OutOfBytesError < Error
+      def initialize(n, left)
+        super("Out of bytes. Trying to read #{n} bytes but buffer contains only #{left}")
+      end
+    end
+    class UnknownTypeError < Error
+      def initialize(type)
+        super("Unable to encode #{type}")
+      end
+    end
+    class ExtraBytesError < Error
+      def initialize(pos, size)
+        super("Extra bytes follow after decoding item. Read #{pos} / #{size} bytes")
+      end
+    end
+    class UnexpectedBreakCodeError < Error; end
+    class UnexpectedAdditionalInformationError < Error
+      def initialize(add_info)
+        super("Unexpected additional information: #{add_info}")
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/client_side_monitoring.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+module Aws
+  # setup autoloading for ClientSideMonitoring module
+  module ClientSideMonitoring
+    autoload :RequestMetrics, 'aws-sdk-core/client_side_monitoring/request_metrics'
+    autoload :Publisher, 'aws-sdk-core/client_side_monitoring/publisher'
+  end
+end

data/lib/aws-sdk-core/client_stubs.rb CHANGED Viewed

@@ -15,27 +15,11 @@ module Aws
     # @api private
     def setup_stubbing
-      @stubs = {}
-      @stub_mutex = Mutex.new
       if Hash === @config.stub_responses
         @config.stub_responses.each do |operation_name, stubs|
           apply_stubs(operation_name, Array === stubs ? stubs : [stubs])
         end
       end
-      # When a client is stubbed allow the user to access the requests made
-      requests = @api_requests = []
-      requests_mutex = @requests_mutex = Mutex.new
-      self.handle do |context|
-        requests_mutex.synchronize do
-          requests << {
-            operation_name: context.operation_name,
-            params: context.params,
-            context: context
-          }
-        end
-        @handler.call(context)
-      end
     end
     # Configures what data / errors should be returned from the named operation
@@ -175,7 +159,7 @@ module Aws
     #   on a client that has not enabled response stubbing via
     #   `:stub_responses => true`.
     def stub_responses(operation_name, *stubs)
-      if config.stub_responses
+      if @config.stub_responses
         apply_stubs(operation_name, stubs.flatten)
       else
         msg = 'stubbing is not enabled; enable stubbing in the constructor '\
@@ -194,12 +178,12 @@ module Aws
     # @raise [NotImplementedError] Raises `NotImplementedError` when the client
     #   is not stubbed.
     def api_requests(options = {})
-      if config.stub_responses
-        @requests_mutex.synchronize do
+      if @config.stub_responses
+        @config.api_requests_mutex.synchronize do
           if options[:exclude_presign]
-            @api_requests.reject {|req| req[:context][:presigned_url] }
+            @config.api_requests.reject {|req| req[:context][:presigned_url] }
           else
-            @api_requests
+            @config.api_requests
           end
         end
       else
@@ -228,54 +212,44 @@ module Aws
     # @return [Structure] Returns a stubbed response data structure. The
     #   actual class returned will depend on the given `operation_name`.
     def stub_data(operation_name, data = {})
-      Stubbing::StubData.new(config.api.operation(operation_name)).stub(data)
+      Stubbing::StubData.new(@config.api.operation(operation_name)).stub(data)
     end
     # @api private
     def next_stub(context)
       operation_name = context.operation_name.to_sym
-      stub = @stub_mutex.synchronize do
-        stubs = @stubs[operation_name] || []
+      stub = @config.stubs_mutex.synchronize do
+        stubs = @config.stubs[operation_name] || []
         case stubs.length
-        when 0 then default_stub(operation_name)
+        when 0 then stub_data(operation_name)
         when 1 then stubs.first
         else stubs.shift
         end
       end
-      Proc === stub ? convert_stub(operation_name, stub.call(context)) : stub
+      stub = convert_stub(operation_name, stub, context)
+      stub[:mutex] = Mutex.new
+      stub
     end
     private
-    def default_stub(operation_name)
-      stub = stub_data(operation_name)
-      http_response_stub(operation_name, stub)
+    def apply_stubs(operation_name, stubs)
+      @config.stubs_mutex.synchronize do
+        @config.stubs[operation_name.to_sym] = stubs
+      end
     end
     # This method converts the given stub data and converts it to a
     # HTTP response (when possible). This enables the response stubbing
     # plugin to provide a HTTP response that triggers all normal events
     # during response handling.
-    def apply_stubs(operation_name, stubs)
-      @stub_mutex.synchronize do
-        @stubs[operation_name.to_sym] = stubs.map do |stub|
-          convert_stub(operation_name, stub)
-        end
-      end
-    end
-    def convert_stub(operation_name, stub)
-      stub = case stub
-      when Proc then stub
+    def convert_stub(operation_name, stub, context)
+      case stub
+      when Proc then convert_stub(operation_name, stub.call(context), context)
       when Exception, Class then { error: stub }
       when String then service_error_stub(stub)
-      when Hash then http_response_stub(operation_name, stub)
-      else { data: stub }
-      end
-      if Hash === stub
-        stub[:mutex] = Mutex.new
+      else http_response_stub(operation_name, stub)
       end
-      stub
     end
     def service_error_stub(error_code)
@@ -299,21 +273,22 @@ module Aws
     end
     def data_to_http_resp(operation_name, data)
-      api = config.api
+      api = @config.api
       operation = api.operation(operation_name)
       ParamValidator.new(operation.output, input: false).validate!(data)
       protocol_helper.stub_data(api, operation, data)
     end
     def protocol_helper
-      case config.api.metadata['protocol']
-      when 'json'        then Stubbing::Protocols::Json
-      when 'query'       then Stubbing::Protocols::Query
-      when 'ec2'         then Stubbing::Protocols::EC2
-      when 'rest-json'   then Stubbing::Protocols::RestJson
-      when 'rest-xml'    then Stubbing::Protocols::RestXml
-      when 'api-gateway' then Stubbing::Protocols::ApiGateway
-      else raise "unsupported protocol"
+      case @config.api.metadata['protocol']
+      when 'json'               then Stubbing::Protocols::Json
+      when 'rest-json'          then Stubbing::Protocols::RestJson
+      when 'rest-xml'           then Stubbing::Protocols::RestXml
+      when 'query'              then Stubbing::Protocols::Query
+      when 'ec2'                then Stubbing::Protocols::EC2
+      when 'smithy-rpc-v2-cbor' then Stubbing::Protocols::RpcV2
+      when 'api-gateway'        then Stubbing::Protocols::ApiGateway
+      else raise 'unsupported protocol'
       end.new
     end
   end

data/lib/aws-sdk-core/credential_provider.rb CHANGED Viewed

@@ -9,6 +9,10 @@ module Aws
     # @return [Time]
     attr_reader :expiration
+    # @api private
+    # Returns UserAgent metrics for credentials.
+    attr_accessor :metrics
     # @return [Boolean]
     def set?
       !!@credentials && @credentials.set?

data/lib/aws-sdk-core/credential_provider_chain.rb CHANGED Viewed

@@ -42,11 +42,14 @@ module Aws
     def static_credentials(options)
       if options[:config]
-        Credentials.new(
+        creds = Credentials.new(
           options[:config].access_key_id,
           options[:config].secret_access_key,
-          options[:config].session_token
+          options[:config].session_token,
+          account_id: options[:config].account_id
         )
+        creds.metrics = ['CREDENTIALS_PROFILE']
+        creds
       end
     end
@@ -75,7 +78,9 @@ module Aws
     def static_profile_credentials(options)
       if options[:config] && options[:config].profile
-        SharedCredentials.new(profile_name: options[:config].profile)
+        creds = SharedCredentials.new(profile_name: options[:config].profile)
+        creds.metrics = ['CREDENTIALS_PROFILE']
+        creds
       end
     rescue Errors::NoSuchProfileError
       nil
@@ -84,7 +89,11 @@ module Aws
     def static_profile_process_credentials(options)
       if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
         process_provider = Aws.shared_config.credential_process(profile: options[:config].profile)
-        ProcessCredentials.new(process_provider) if process_provider
+        if process_provider
+          creds = ProcessCredentials.new([process_provider])
+          creds.metrics << 'CREDENTIALS_PROFILE_PROCESS'
+          creds
+        end
       end
     rescue Errors::NoSuchProfileError
       nil
@@ -94,7 +103,15 @@ module Aws
       key =    %w[AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY]
       secret = %w[AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY]
       token =  %w[AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN]
-      Credentials.new(envar(key), envar(secret), envar(token))
+      account_id = %w[AWS_ACCOUNT_ID]
+      creds = Credentials.new(
+        envar(key),
+        envar(secret),
+        envar(token),
+        account_id: envar(account_id)
+      )
+      creds.metrics = ['CREDENTIALS_ENV_VARS']
+      creds
     end
     def envar(keys)
@@ -110,16 +127,22 @@ module Aws
     def shared_credentials(options)
       profile_name = determine_profile_name(options)
-      SharedCredentials.new(profile_name: profile_name)
+      creds = SharedCredentials.new(profile_name: profile_name)
+      creds.metrics = ['CREDENTIALS_PROFILE']
+      creds
     rescue Errors::NoSuchProfileError
       nil
     end
     def process_credentials(options)
       profile_name = determine_profile_name(options)
-      if Aws.shared_config.config_enabled? &&
-         (process_provider = Aws.shared_config.credential_process(profile: profile_name))
-        ProcessCredentials.new(process_provider)
+      if Aws.shared_config.config_enabled?
+        process_provider = Aws.shared_config.credential_process(profile: profile_name)
+        if process_provider
+          creds = ProcessCredentials.new([process_provider])
+          creds.metrics << 'CREDENTIALS_PROFILE_PROCESS'
+          creds
+        end
       end
     rescue Errors::NoSuchProfileError
       nil
@@ -149,7 +172,11 @@ module Aws
           role_session_name: ENV['AWS_ROLE_SESSION_NAME']
         }
         cfg[:region] = region if region
-        AssumeRoleWebIdentityCredentials.new(cfg)
+        Aws::Plugins::UserAgent.metric('CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN') do
+          creds = AssumeRoleWebIdentityCredentials.new(cfg)
+          creds.metrics << 'CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN'
+          creds
+        end
       elsif Aws.shared_config.config_enabled?
         profile = options[:config].profile if options[:config]
         Aws.shared_config.assume_role_web_identity_credentials_from_config(
@@ -164,7 +191,7 @@ module Aws
       if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'] ||
          ENV['AWS_CONTAINER_CREDENTIALS_FULL_URI']
         ECSCredentials.new(options)
-      else
+      elsif !(ENV.fetch('AWS_EC2_METADATA_DISABLED', 'false').downcase == 'true')
         InstanceProfileCredentials.new(options.merge(profile: profile_name))
       end
     end

data/lib/aws-sdk-core/credentials.rb CHANGED Viewed

@@ -6,21 +6,34 @@ module Aws
     # @param [String] access_key_id
     # @param [String] secret_access_key
     # @param [String] session_token (nil)
-    def initialize(access_key_id, secret_access_key, session_token = nil)
+    # @param [Hash] kwargs
+    # @option kwargs [String] :credential_scope (nil)
+    def initialize(access_key_id, secret_access_key, session_token = nil,
+                   **kwargs)
       @access_key_id = access_key_id
       @secret_access_key = secret_access_key
       @session_token = session_token
+      @account_id = kwargs[:account_id]
+      @metrics = ['CREDENTIALS_CODE']
     end
-    # @return [String, nil]
+    # @return [String]
     attr_reader :access_key_id
-    # @return [String, nil]
+    # @return [String]
     attr_reader :secret_access_key
     # @return [String, nil]
     attr_reader :session_token
+    # @return [String, nil]
+    attr_reader :account_id
+    # @api private
+    # Returns the credentials source. Used for tracking credentials
+    # related UserAgent metrics.
+    attr_accessor :metrics
     # @return [Credentials]
     def credentials
       self
@@ -30,9 +43,9 @@ module Aws
     #   access key are both set.
     def set?
       !access_key_id.nil? &&
-      !access_key_id.empty? &&
-      !secret_access_key.nil? &&
-      !secret_access_key.empty?
+        !access_key_id.empty? &&
+        !secret_access_key.nil? &&
+        !secret_access_key.empty?
     end
     # Removing the secret access key from the default inspect string.

data/lib/aws-sdk-core/ec2_metadata.rb CHANGED Viewed

@@ -183,7 +183,7 @@ module Aws
     def open_connection
       uri = URI.parse(@endpoint)
-      http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
+      http = Net::HTTP.new(uri.hostname || @endpoint, uri.port || @port)
       http.open_timeout = @http_open_timeout
       http.read_timeout = @http_read_timeout
       http.set_debug_output(@http_debug_output) if @http_debug_output

data/lib/aws-sdk-core/ecs_credentials.rb CHANGED Viewed

@@ -77,6 +77,7 @@ module Aws
       @http_debug_output = options[:http_debug_output]
       @backoff = backoff(options[:backoff])
       @async_refresh = false
+      @metrics = ['CREDENTIALS_HTTP']
       super
     end

data/lib/aws-sdk-core/endpoints/endpoint.rb CHANGED Viewed

@@ -3,15 +3,17 @@
 module Aws
   module Endpoints
     class Endpoint
-      def initialize(url:, properties: {}, headers: {})
+      def initialize(url:, properties: {}, headers: {}, metadata: {})
         @url = url
         @properties = properties
         @headers = headers
+        @metadata = metadata
       end
       attr_reader :url
       attr_reader :properties
       attr_reader :headers
+      attr_reader :metadata
     end
   end
 end

data/lib/aws-sdk-core/endpoints/matchers.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
-require 'cgi'
+require "cgi/escape"
+require "cgi/util" if RUBY_VERSION < "3.5"
 module Aws
   module Endpoints
@@ -28,7 +29,11 @@ module Aws
         val = if (index = parts.first[BRACKET_REGEX, 1])
                 # remove brackets and index from part before indexing
-                value[parts.first.gsub(BRACKET_REGEX, '')][index.to_i]
+                if (base = parts.first.gsub(BRACKET_REGEX, '')) && !base.empty?
+                  value[base][index.to_i]
+                else
+                  value[index.to_i]
+                end
               else
                 value[parts.first]
               end
@@ -90,14 +95,7 @@ module Aws
       # aws.partition(value: string) Option<Partition>
       def self.aws_partition(value)
-        partition =
-          Aws::Partitions.find { |p| p.region?(value) } ||
-          Aws::Partitions.find { |p| value.match(p.region_regex) } ||
-          Aws::Partitions.find { |p| p.name == 'aws' }
-        return nil unless partition
-        partition.metadata
+        Aws::Partitions::Metadata.partition(value)
       end
       # aws.parseArn(value: string) Option<ARN>

data/lib/aws-sdk-core/endpoints.rb CHANGED Viewed

@@ -14,15 +14,33 @@ require_relative 'endpoints/templater'
 require_relative 'endpoints/tree_rule'
 require_relative 'endpoints/url'
+require 'aws-sigv4'
 module Aws
   # @api private
   module Endpoints
+    # Maps config auth scheme preferences to endpoint auth scheme names.
+    ENDPOINT_AUTH_PREFERENCE_MAP = {
+      'sigv4' => %w[sigv4 sigv4-s3express],
+      'sigv4a' => ['sigv4a'],
+      'httpBearerAuth' => ['bearer'],
+      'noAuth' => ['none']
+    }.freeze
+    SUPPORTED_ENDPOINT_AUTH = ENDPOINT_AUTH_PREFERENCE_MAP.values.flatten.freeze
+    # Maps configured auth scheme preferences to modeled auth traits.
+    MODELED_AUTH_PREFERENCE_MAP = {
+      'sigv4' => 'aws.auth#sigv4',
+      'sigv4a' => 'aws.auth#sigv4a',
+      'httpBearerAuth' => 'smithy.api#httpBearerAuth',
+      'noAuth' => 'smithy.api#noAuth'
+    }.freeze
+    SUPPORTED_MODELED_AUTH = MODELED_AUTH_PREFERENCE_MAP.values.freeze
     class << self
       def resolve_auth_scheme(context, endpoint)
         if endpoint && (auth_schemes = endpoint.properties['authSchemes'])
-          auth_scheme = auth_schemes.find do |scheme|
-            Aws::Plugins::Sign::SUPPORTED_AUTH_TYPES.include?(scheme['name'])
-          end
+          auth_scheme = endpoint_auth_scheme_preference(auth_schemes, context.config.auth_scheme_preference)
           raise 'No supported auth scheme for this endpoint.' unless auth_scheme
           merge_signing_defaults(auth_scheme, context.config)
@@ -33,8 +51,86 @@ module Aws
       private
+      def endpoint_auth_scheme_preference(auth_schemes, preferred_auth)
+        ordered_auth = preferred_auth.each_with_object([]) do |pref, list|
+          next unless ENDPOINT_AUTH_PREFERENCE_MAP.key?(pref)
+          ENDPOINT_AUTH_PREFERENCE_MAP[pref].each { |name| list << { 'name' => name } }
+        end
+        ordered_auth += auth_schemes
+        ordered_auth.find { |auth| SUPPORTED_ENDPOINT_AUTH.include?(auth['name']) }
+      end
+      def merge_signing_defaults(auth_scheme, config)
+        if %w[sigv4 sigv4a sigv4-s3express].include?(auth_scheme['name'])
+          auth_scheme['signingName'] ||= sigv4_name(config)
+          # back fill disableNormalizePath for S3 until it gets correctly set in the rules
+          if auth_scheme['signingName'] == 's3' &&
+            !auth_scheme.include?('disableNormalizePath') &&
+            auth_scheme.include?('disableDoubleEncoding')
+            auth_scheme['disableNormalizePath'] = auth_scheme['disableDoubleEncoding']
+          end
+          if auth_scheme['name'] == 'sigv4a'
+            # config option supersedes endpoint properties
+            auth_scheme['signingRegionSet'] =
+              config.sigv4a_signing_region_set || auth_scheme['signingRegionSet'] || [config.region]
+          else
+            auth_scheme['signingRegion'] ||= config.region
+          end
+        end
+        auth_scheme
+      end
+      def sigv4_name(config)
+        config.api.metadata['signingName'] || config.api.metadata['endpointPrefix']
+      end
       def default_auth_scheme(context)
-        case default_api_authtype(context)
+        if (modeled_auth = default_api_auth(context))
+          auth = modeled_auth_scheme_preference(modeled_auth, context.config.auth_scheme_preference)
+          case auth
+          when 'aws.auth#sigv4', 'aws.auth#sigv4a'
+            auth_scheme = { 'name' => auth.split('#').last }
+            if s3_or_s3v4_signature_version?(context)
+              auth_scheme = auth_scheme.merge(
+                'disableDoubleEncoding' => true,
+                'disableNormalizePath' => true
+              )
+            end
+            merge_signing_defaults(auth_scheme, context.config)
+          when 'smithy.api#httpBearerAuth'
+            { 'name' => 'bearer' }
+          when 'smithy.api#noAuth'
+            { 'name' => 'none' }
+          else
+            raise 'No supported auth trait for this endpoint.'
+          end
+        else
+          legacy_default_auth_scheme(context)
+        end
+      end
+      def modeled_auth_scheme_preference(modeled_auth, preferred_auth)
+        ordered_auth = preferred_auth.map { |pref| MODELED_AUTH_PREFERENCE_MAP[pref] }.compact
+        ordered_auth += modeled_auth
+        ordered_auth.find { |auth| SUPPORTED_MODELED_AUTH.include?(auth) }
+      end
+      def default_api_auth(context)
+        context.config.api.operation(context.operation_name)['auth'] ||
+          context.config.api.metadata['auth']
+      end
+      def s3_or_s3v4_signature_version?(context)
+        %w[s3 s3v4].include?(context.config.api.metadata['signatureVersion'])
+      end
+      # Legacy auth resolution - looks for deprecated signatureVersion
+      # and authType traits.
+      def legacy_default_auth_scheme(context)
+        case legacy_default_api_authtype(context)
         when 'v4', 'v4-unsigned-body'
           auth_scheme = { 'name' => 'sigv4' }
           merge_signing_defaults(auth_scheme, context.config)
@@ -52,27 +148,11 @@ module Aws
         end
       end
-      def merge_signing_defaults(auth_scheme, config)
-        if %w[sigv4 sigv4a sigv4-s3express].include?(auth_scheme['name'])
-          auth_scheme['signingName'] ||= sigv4_name(config)
-          if auth_scheme['name'] == 'sigv4a'
-            auth_scheme['signingRegionSet'] ||= ['*']
-          else
-            auth_scheme['signingRegion'] ||= config.region
-          end
-        end
-        auth_scheme
-      end
-      def default_api_authtype(context)
+      def legacy_default_api_authtype(context)
         context.config.api.operation(context.operation_name)['authtype'] ||
           context.config.api.metadata['signatureVersion']
       end
-      def sigv4_name(config)
-        config.api.metadata['signingName'] ||
-          config.api.metadata['endpointPrefix']
-      end
     end
   end
 end

data/lib/aws-sdk-core/error_handler.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+module Aws
+  # @api private
+  class ErrorHandler < Seahorse::Client::Handler
+    private
+    def error(context)
+      body = context.http_response.body_contents
+      # This is not correct per protocol tests. Some headers will determine the error code.
+      # If the body is empty, there is still potentially an error code from the header, but
+      # we are making a generic http status error instead. In a new major version, we should
+      # always try to extract header, and during extraction, check headers and body.
+      if body.empty?
+        code, message, data = http_status_error(context)
+      else
+        code, message, data = extract_error(body, context)
+      end
+      build_error(context, code, message, data)
+    end
+    def build_error(context, code, message, data)
+      errors_module = context.client.class.errors_module
+      errors_module.error_class(code).new(context, message, data)
+    end
+    def http_status_error(context)
+      [http_status_error_code(context), '', EmptyStructure.new]
+    end
+    def http_status_error_code(context)
+      status_code = context.http_response.status_code
+      {
+        302 => 'MovedTemporarily',
+        304 => 'NotModified',
+        400 => 'BadRequest',
+        403 => 'Forbidden',
+        404 => 'NotFound',
+        412 => 'PreconditionFailed',
+        413 => 'RequestEntityTooLarge',
+      }[status_code] || "Http#{status_code}Error"
+    end
+  end
+end