aws-sdk-core 3.197.2 → 3.225.1

data/lib/aws-sdk-core/plugins/endpoint_pattern.rb

@@ -4,62 +4,70 @@ module Aws
   module Plugins
     # @api private
     class EndpointPattern < Seahorse::Client::Plugin
-
-      option(:disable_host_prefix_injection,
+      option(
+        :disable_host_prefix_injection,
         default: false,
         doc_type: 'Boolean',
-        docstring: <<-DOCS
-Set to true to disable SDK automatically adding host prefix
-to default service endpoint when available.
-        DOCS
-      )
+        docstring: 'When `true`, the SDK will not prepend the modeled host prefix to the endpoint.'
+      ) do |cfg|
+        resolve_disable_host_prefix_injection(cfg)
+      end
 
-      def add_handlers(handlers, config)
+      def add_handlers(handlers, _config)
         handlers.add(Handler, priority: 10)
       end
 
-      class Handler < Seahorse::Client::Handler
+      class << self
+        private
+
+        def resolve_disable_host_prefix_injection(cfg)
+          value = ENV['AWS_DISABLE_HOST_PREFIX_INJECTION'] ||
+                  Aws.shared_config.disable_host_prefix_injection(profile: cfg.profile) ||
+                  'false'
+          value = Aws::Util.str_2_bool(value)
+          unless [true, false].include?(value)
+            raise ArgumentError,
+                  'Must provide either `true` or `false` for '\
+                    'disable_host_prefix_injection profile option or for '\
+                    'ENV[\'AWS_DISABLE_HOST_PREFIX_INJECTION\']'
+          end
+          value
+        end
+      end
 
+      # @api private
+      class Handler < Seahorse::Client::Handler
         def call(context)
-          if !context.config.disable_host_prefix_injection
+          unless context.config.disable_host_prefix_injection
             endpoint_trait = context.operation.endpoint_pattern
-            if endpoint_trait && !endpoint_trait.empty?
-              _apply_endpoint_trait(context, endpoint_trait)
-            end
+            apply_endpoint_trait(context, endpoint_trait) if endpoint_trait && !endpoint_trait.empty?
           end
           @handler.call(context)
         end
 
         private
 
-        def _apply_endpoint_trait(context, trait)
-          # currently only support host pattern
-          ori_host = context.http_request.endpoint.host
-          if pattern = trait['hostPrefix']
-            host_prefix = pattern.gsub(/\{.+?\}/) do |label|
-              label = label.delete("{}")
-              _replace_label_value(
-                ori_host, label, context.operation.input, context.params)
-            end
-            context.http_request.endpoint.host = host_prefix + context.http_request.endpoint.host
+        def apply_endpoint_trait(context, trait)
+          pattern = trait['hostPrefix']
+          return unless pattern
+
+          host_prefix = pattern.gsub(/\{.+?}/) do |label|
+            label = label.delete('{}')
+            replace_label_value(label, context.operation.input, context.params)
           end
+          context.http_request.endpoint.host = host_prefix + context.http_request.endpoint.host
         end
 
-        def _replace_label_value(ori, label, input_ref, params)
+        def replace_label_value(label, input_ref, params)
           name = nil
           input_ref.shape.members.each do |m_name, ref|
-            if ref['hostLabel'] && ref['hostLabelName'] == label
-              name = m_name
-            end
-          end
-          if name.nil? || params[name].nil?
-            raise Errors::MissingEndpointHostLabelValue.new(name)
+            name = m_name if ref['hostLabel'] && ref['hostLabelName'] == label
           end
+          raise Errors::MissingEndpointHostLabelValue, name if name.nil? || params[name].nil?
+
           params[name]
         end
-
       end
-
     end
   end
 end

data/lib/aws-sdk-core/plugins/global_configuration.rb

@@ -43,7 +43,7 @@ module Aws
     # @api private
     class GlobalConfiguration < Seahorse::Client::Plugin
 
-      @identifiers = Set.new()
+      @identifiers = Set.new
 
       # @api private
       def before_initialize(client_class, options)
@@ -55,17 +55,18 @@ module Aws
       private
 
       def apply_service_defaults(client_class, options)
-        if defaults = Aws.config[client_class.identifier]
-          defaults.each do |option_name, default|
-            options[option_name] = default unless options.key?(option_name)
-          end
+        return unless (defaults = Aws.config[client_class.identifier])
+
+        defaults.each do |option_name, default|
+          options[option_name] = default unless options.key?(option_name)
         end
       end
 
-      def apply_aws_defaults(client_class, options)
+      def apply_aws_defaults(_client_class, options)
         Aws.config.each do |option_name, default|
           next if self.class.identifiers.include?(option_name)
           next if options.key?(option_name)
+
           options[option_name] = default
         end
       end
@@ -80,9 +81,7 @@ module Aws
 
         # @return [Set<String>]
         # @api private
-        def identifiers
-          @identifiers
-        end
+        attr_reader :identifiers
 
       end
     end

data/lib/aws-sdk-core/plugins/http_checksum.rb

@@ -11,8 +11,8 @@ module Aws
         CHUNK_SIZE = 1 * 1024 * 1024 # one MB
 
         def call(context)
-          if checksum_required?(context) &&
-             !context[:checksum_algorithms] && # skip in favor of flexible checksum
+          if context.operation.http_checksum_required &&
+             !context[:http_checksum][:request_algorithm] && # skip in favor of flexible checksum
              !context[:s3_express_endpoint] # s3 express endpoints do not support md5
             body = context.http_request.body
             context.http_request.headers['Content-Md5'] ||= md5(body)
@@ -22,12 +22,6 @@ module Aws
 
         private
 
-        def checksum_required?(context)
-          context.operation.http_checksum_required ||
-            (context.operation.http_checksum &&
-              context.operation.http_checksum['requestChecksumRequired'])
-        end
-
         # @param [File, Tempfile, IO#read, String] value
         # @return [String<MD5>]
         def md5(value)

data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb

@@ -5,6 +5,8 @@ module Aws
     module Protocols
       class ApiGateway < Seahorse::Client::Plugin
 
+        option(:protocol, 'api-gateway')
+
         class ContentTypeHandler < Seahorse::Client::Handler
           def call(context)
             body = context.http_request.body
@@ -22,8 +24,8 @@ module Aws
         handler(Rest::Handler)
         handler(ContentTypeHandler, priority: 30)
         handler(Json::ErrorHandler, step: :sign)
-      end
 
+      end
     end
   end
 end

data/lib/aws-sdk-core/plugins/protocols/ec2.rb

@@ -1,35 +1,13 @@
 # frozen_string_literal: true
 
-require_relative '../../query'
-
 module Aws
   module Plugins
     module Protocols
       class EC2 < Seahorse::Client::Plugin
 
-        class Handler < Aws::Query::Handler
-
-          def apply_params(param_list, params, rules)
-            Aws::Query::EC2ParamBuilder.new(param_list).apply(rules, params)
-          end
-
-          def parse_xml(context)
-            if rules = context.operation.output
-              parser = Xml::Parser.new(rules)
-              data = parser.parse(xml(context)) do |path, value|
-                if path.size == 2 && path.last == 'requestId'
-                  context.metadata[:request_id] = value
-                end
-              end
-              data
-            else
-              EmptyStructure.new
-            end
-          end
-
-        end
+        option(:protocol, 'ec2')
 
-        handler(Handler)
+        handler(Aws::Query::EC2Handler)
         handler(Xml::ErrorHandler, step: :sign)
 
       end

data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb

@@ -5,18 +5,17 @@ module Aws
     module Protocols
       class JsonRpc < Seahorse::Client::Plugin
 
+        option(:protocol, 'json')
+
         option(:simple_json,
           default: false,
           doc_type: 'Boolean',
           docstring: <<-DOCS)
 Disables request parameter conversion, validation, and formatting.
-Also disable response data type conversions. This option is useful
-when you want to ensure the highest level of performance by
-avoiding overhead of walking request parameters and response data
-structures.
-
-When `:simple_json` is enabled, the request parameters hash must
-be formatted exactly as the DynamoDB API expects.
+Also disables response data type conversions. The request parameters
+hash must be formatted exactly as the API expects.This option is useful
+when you want to ensure the highest level of performance by avoiding
+overhead of walking request parameters and response data structures.
           DOCS
 
         option(:validate_params) { |config| !config.simple_json }
@@ -24,7 +23,6 @@ be formatted exactly as the DynamoDB API expects.
         option(:convert_params) { |config| !config.simple_json }
 
         handler(Json::Handler)
-
         handler(Json::ErrorHandler, step: :sign)
 
       end

data/lib/aws-sdk-core/plugins/protocols/query.rb

@@ -1,13 +1,15 @@
 # frozen_string_literal: true
 
-require_relative '../../query'
-
 module Aws
   module Plugins
     module Protocols
       class Query < Seahorse::Client::Plugin
+
+        option(:protocol, 'query')
+
         handler(Aws::Query::Handler)
         handler(Xml::ErrorHandler, step: :sign)
+
       end
     end
   end

data/lib/aws-sdk-core/plugins/protocols/rest_json.rb

@@ -4,13 +4,14 @@ module Aws
   module Plugins
     module Protocols
       class RestJson < Seahorse::Client::Plugin
+
+        option(:protocol, 'rest-json')
+
         handler(Rest::Handler)
-        # Rest::Handler will set a default JSON body, so size can be checked
-        # if this handler is run after serialization.
         handler(Rest::ContentTypeHandler, priority: 30)
         handler(Json::ErrorHandler, step: :sign)
-      end
 
+      end
     end
   end
 end

data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb

@@ -4,9 +4,13 @@ module Aws
   module Plugins
     module Protocols
       class RestXml < Seahorse::Client::Plugin
+
+        option(:protocol, 'rest-xml')
+
         handler(Rest::Handler)
-        handler(Rest::ContentTypeHandler)
+        handler(Rest::ContentTypeHandler, priority: 30)
         handler(Xml::ErrorHandler, step: :sign)
+
       end
     end
   end

data/lib/aws-sdk-core/plugins/protocols/rpc_v2.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Aws
+  module Plugins
+    module Protocols
+      class RpcV2 < Seahorse::Client::Plugin
+
+        option(:protocol, 'smithy-rpc-v2-cbor')
+
+        handler(Aws::RpcV2::Handler)
+        handler(Aws::RpcV2::ContentTypeHandler, priority: 30)
+        handler(Aws::RpcV2::ErrorHandler, step: :sign)
+
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/regional_endpoint.rb

@@ -20,16 +20,31 @@ a default `:region` is searched for in the following locations:
 * `ENV['AWS_DEFAULT_REGION']`
 * `~/.aws/credentials`
 * `~/.aws/config`
-        DOCS
+             DOCS
         resolve_region(cfg)
       end
 
+      option(:sigv4a_signing_region_set,
+             doc_type: Array,
+             rbs_type: 'Array[String]',
+             docstring: <<-DOCS) do |cfg|
+A list of regions that should be signed with SigV4a signing. When
+not passed, a default `:sigv4a_signing_region_set` is searched for
+in the following locations:
+
+* `Aws.config[:sigv4a_signing_region_set]`
+* `ENV['AWS_SIGV4A_SIGNING_REGION_SET']`
+* `~/.aws/config`
+             DOCS
+        resolve_sigv4a_signing_region_set(cfg)
+      end
+
       option(:use_dualstack_endpoint,
         doc_type: 'Boolean',
         docstring: <<-DOCS) do |cfg|
 When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
 will be used if available.
-        DOCS
+             DOCS
         resolve_use_dualstack_endpoint(cfg)
       end
 
@@ -39,7 +54,7 @@ will be used if available.
 When set to `true`, fips compatible endpoints will be used if available.
 When a `fips` region is used, the region is normalized and this config
 is set to `true`.
-        DOCS
+             DOCS
         resolve_use_fips_endpoint(cfg)
       end
 
@@ -52,7 +67,7 @@ is set to `true`.
         docstring: <<-DOCS) do |cfg|
 Setting to true disables use of endpoint URLs provided via environment 
 variables and the shared configuration file.
-        DOCS
+             DOCS
         resolve_ignore_configured_endpoint_urls(cfg)
       end
 
@@ -60,14 +75,58 @@ variables and the shared configuration file.
 The client endpoint is normally constructed from the `:region`
 option. You should only configure an `:endpoint` when connecting
 to test or custom endpoints. This should be a valid HTTP(S) URI.
-        DOCS
+      DOCS
         resolve_endpoint(cfg)
       end
 
       def after_initialize(client)
-        if client.config.region.nil? || client.config.region == ''
-          raise Errors::MissingRegionError
+        region = client.config.region
+        raise Errors::MissingRegionError if region.nil? || region == ''
+
+        # resolve a default endpoint to preserve legacy behavior
+        initialize_default_endpoint(client) if client.config.endpoint.nil?
+
+        region_set = client.config.sigv4a_signing_region_set
+        return if region_set.nil?
+        raise Errors::InvalidRegionSetError unless region_set.is_a?(Array)
+
+        region_set = region_set.compact.reject(&:empty?)
+        raise Errors::InvalidRegionSetError if region_set.empty?
+
+        client.config.sigv4a_signing_region_set = region_set
+      end
+
+      private
+
+      def initialize_default_endpoint(client)
+        client_module = Object.const_get(client.class.name.rpartition('::').first)
+        param_class = client_module.const_get(:EndpointParameters)
+        endpoint_provider = client.config.endpoint_provider
+        params = param_class.create(client.config)
+        endpoint = endpoint_provider.resolve_endpoint(params)
+        client.config.endpoint = endpoint.url
+      rescue ArgumentError, NameError
+        # fallback to legacy
+        client.config.endpoint = resolve_legacy_endpoint(client.config)
+      end
+
+      # set a default endpoint in config using legacy (endpoints.json) resolver
+      def resolve_legacy_endpoint(cfg)
+        endpoint_prefix = cfg.api.metadata['endpointPrefix']
+        if cfg.respond_to?(:sts_regional_endpoints)
+          sts_regional = cfg.sts_regional_endpoints
         end
+
+        endpoint = Aws::Partitions::EndpointProvider.resolve(
+          cfg.region,
+          endpoint_prefix,
+          sts_regional,
+          {
+            dualstack: cfg.use_dualstack_endpoint,
+            fips: cfg.use_fips_endpoint
+          }
+        )
+        URI(endpoint)
       end
 
       class << self
@@ -81,6 +140,12 @@ to test or custom endpoints. This should be a valid HTTP(S) URI.
           env_region || cfg_region
         end
 
+        def resolve_sigv4a_signing_region_set(cfg)
+          value = ENV['AWS_SIGV4A_SIGNING_REGION_SET']
+          value ||= Aws.shared_config.sigv4a_signing_region_set(profile: cfg.profile)
+          value.split(',') if value
+        end
+
         def resolve_use_dualstack_endpoint(cfg)
           value = ENV['AWS_USE_DUALSTACK_ENDPOINT']
           value ||= Aws.shared_config.use_dualstack_endpoint(
@@ -121,7 +186,8 @@ to test or custom endpoints. This should be a valid HTTP(S) URI.
           # that a custom endpoint has NOT been configured by the user
           cfg.override_config(:regional_endpoint, true)
 
-          resolve_legacy_endpoint(cfg)
+          # a default endpoint is resolved in after_initialize
+          nil
         end
 
         # get a custom configured endpoint from ENV or configuration
@@ -176,23 +242,6 @@ to test or custom endpoints. This should be a valid HTTP(S) URI.
             cfg.override_config(:region, new_region)
           end
         end
-        # set a default endpoint in config using legacy (endpoints.json) resolver
-        def resolve_legacy_endpoint(cfg)
-          endpoint_prefix = cfg.api.metadata['endpointPrefix']
-          if cfg.respond_to?(:sts_regional_endpoints)
-            sts_regional = cfg.sts_regional_endpoints
-          end
-
-          Aws::Partitions::EndpointProvider.resolve(
-            cfg.region,
-            endpoint_prefix,
-            sts_regional,
-            {
-              dualstack: cfg.use_dualstack_endpoint,
-              fips: cfg.use_fips_endpoint
-            }
-          )
-        end
       end
     end
   end

data/lib/aws-sdk-core/plugins/retry_errors.rb

@@ -113,7 +113,6 @@ Specifies which retry algorithm to use. Values are:
   functionality of `standard` mode along with automatic client side
   throttling.  This is a provisional mode that may change behavior
   in the future.
-
         DOCS
         resolve_retry_mode(cfg)
       end

data/lib/aws-sdk-core/plugins/sign.rb

@@ -13,8 +13,7 @@ module Aws
       option(:sigv4_region)
       option(:unsigned_operations, default: [])
 
-      supported_auth_types = %w[sigv4 bearer sigv4-s3express none]
-      supported_auth_types += ['sigv4a'] if Aws::Sigv4::Signer.use_crt?
+      supported_auth_types = %w[sigv4 bearer sigv4-s3express sigv4a none]
       SUPPORTED_AUTH_TYPES = supported_auth_types.freeze
 
       def add_handlers(handlers, cfg)
@@ -42,6 +41,7 @@ module Aws
       class Handler < Seahorse::Client::Handler
         def call(context)
           # Skip signing if using sigv2 signing from s3_signer in S3
+          credentials = nil
           unless v2_signing?(context.config)
             signer = Sign.signer_for(
               context[:auth_scheme],
@@ -49,13 +49,20 @@ module Aws
               context[:sigv4_region],
               context[:sigv4_credentials]
             )
+            credentials = signer.credentials if signer.is_a?(SignatureV4)
             signer.sign(context)
           end
-          @handler.call(context)
+          with_metrics(credentials) { @handler.call(context) }
         end
 
         private
 
+        def with_metrics(credentials, &block)
+          return block.call unless credentials&.respond_to?(:metrics)
+
+          Aws::Plugins::UserAgent.metric(*credentials.metrics, &block)
+        end
+
         def v2_signing?(config)
           # 's3' is legacy signing, 'v4' is default
           config.respond_to?(:signature_version) &&
@@ -93,6 +100,8 @@ module Aws
 
       # @api private
       class SignatureV4
+        attr_reader :signer
+
         def initialize(auth_scheme, config, sigv4_overrides = {})
           scheme_name = auth_scheme['name']
 
@@ -102,19 +111,19 @@ module Aws
           end
 
           region = if scheme_name == 'sigv4a'
-                     auth_scheme['signingRegionSet'].first
+                     auth_scheme['signingRegionSet'].join(',')
                    else
                      auth_scheme['signingRegion']
                    end
           begin
-            @signer = Aws::Sigv4::Signer.new(
+            @signer = config.sigv4_signer || Aws::Sigv4::Signer.new(
               service: config.sigv4_name || auth_scheme['signingName'],
               region: sigv4_overrides[:region] || config.sigv4_region || region,
               credentials_provider: sigv4_overrides[:credentials] || config.credentials,
               signing_algorithm: scheme_name.to_sym,
               uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
               normalize_path: !!!auth_scheme['disableNormalizePath'],
-              unsigned_headers: %w[content-length user-agent x-amzn-trace-id]
+              unsigned_headers: %w[content-length user-agent x-amzn-trace-id expect transfer-encoding connection]
             )
           rescue Aws::Sigv4::Errors::MissingCredentialsError
             raise Aws::Errors::MissingCredentialsError
@@ -156,20 +165,27 @@ module Aws
           @signer.sign_event(*args)
         end
 
+        def credentials
+          @signer.credentials_provider
+        end
+
         private
 
         def apply_authtype(context, req)
-          # only used for eventstreaming at input
+          # only used for event streaming at input
           if context[:input_event_emitter]
             req.headers['X-Amz-Content-Sha256'] = 'STREAMING-AWS4-HMAC-SHA256-EVENTS'
-          else
-            if context.operation['authtype'].eql?('v4-unsigned-body') &&
-              req.endpoint.scheme.eql?('https')
-              req.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
-            end
+          elsif unsigned_payload?(context, req)
+            req.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
           end
         end
 
+        def unsigned_payload?(context, req)
+          (context.operation['unsignedPayload'] ||
+            context.operation['authtype'] == 'v4-unsigned-body') &&
+            req.endpoint.scheme == 'https'
+        end
+
         def reset_signature(req)
           # in case this request is being re-signed
           req.headers.delete('Authorization')

data/lib/aws-sdk-core/plugins/signature_v2.rb

@@ -3,7 +3,8 @@
 module Aws
   module Plugins
     # @api private
-    # Necessary to keep after Endpoints 2.0
+    # Deprecated - does not look at new traits like `auth` and `unsignedPayload`
+    # Necessary to exist after endpoints 2.0 for old service clients + new core
     class SignatureV2 < Seahorse::Client::Plugin
 
       option(:v2_signer) do |cfg|

data/lib/aws-sdk-core/plugins/signature_v4.rb

@@ -5,7 +5,8 @@ require 'aws-sigv4'
 module Aws
   module Plugins
     # @api private
-    # Necessary to exist after endpoints 2.0
+    # Deprecated - does not look at new traits like `auth` and `unsignedPayload`
+    # Necessary to exist after endpoints 2.0 for old service clients + new core
     class SignatureV4 < Seahorse::Client::Plugin
 
       V4_AUTH = %w[v4 v4-unsigned-payload v4-unsigned-body]