aws-sdk-core 3.201.2 → 3.226.2

data/lib/aws-sdk-core/rest/request/headers.rb

@@ -20,7 +20,7 @@ module Aws
         def apply(http_req, params)
           @rules.shape.members.each do |name, ref|
             value = params[name]
-            next if value.nil? || ((ref.shape).is_a?(StringShape) && value.empty?)
+            next if value.nil?
 
             case ref.location
             when 'header' then apply_header_value(http_req.headers, ref, value)
@@ -51,7 +51,7 @@ module Aws
         end
 
         def list(headers, ref, values)
-          return if !values || values.empty?
+          return if values.nil?
 
           member_ref = ref.shape.member
           values = values.collect do |value|
@@ -68,7 +68,7 @@ module Aws
         def apply_header_map(headers, ref, values)
           prefix = ref.location_name || ''
           values.each_pair do |name, value|
-            headers["#{prefix}#{name}"] = value.to_s
+            headers["#{prefix}#{name}"] ||= value.to_s
           end
         end
 

data/lib/aws-sdk-core/rpc_v2/builder.rb

@@ -16,7 +16,7 @@ module Aws
         # different than if the input shape is a structure with no members.
         return nil if @rules.shape.struct_class == EmptyStructure
 
-        Cbor.encode(format(@rules, params))
+        RpcV2.encode(format(@rules, params))
       end
 
       private

data/lib/aws-sdk-core/{cbor → rpc_v2}/cbor_engine.rb

@@ -1,18 +1,17 @@
 # frozen_string_literal: true
 
-require_relative 'encoder'
-require_relative 'decoder'
+require_relative '../cbor'
 
 module Aws
-  module Cbor
+  module RpcV2
     # Pure Ruby implementation of CBOR encode and decode
     module CborEngine
       def self.encode(data)
-        Encoder.new.add(data).bytes
+        Cbor::Encoder.new.add(data).bytes
       end
 
       def self.decode(bytes)
-        Decoder.new(bytes.force_encoding(Encoding::BINARY)).decode
+        Cbor::Decoder.new(bytes.force_encoding(Encoding::BINARY)).decode
       end
     end
   end

data/lib/aws-sdk-core/rpc_v2/content_type_handler.rb

@@ -13,11 +13,13 @@ module Aws
         accept =
           if eventstream_output?(context)
             'application/vnd.amazon.eventstream'
+          else
+            'application/cbor'
           end
 
         headers = context.http_request.headers
         headers['Content-Type'] ||= content_type if content_type
-        headers['Accept'] ||= accept if accept
+        headers['Accept'] ||= accept
         @handler.call(context)
       end
 

data/lib/aws-sdk-core/rpc_v2/error_handler.rb

@@ -2,6 +2,7 @@
 
 module Aws
   module RpcV2
+    # @api private
     class ErrorHandler < Aws::ErrorHandler
 
       def call(context)
@@ -27,7 +28,7 @@ module Aws
       end
 
       def extract_error(body, context)
-        data = Cbor.decode(body)
+        data = RpcV2.decode(body)
         code = error_code(data, context)
         message = data['message']
         data = parse_error_data(context, body, code)
@@ -37,10 +38,14 @@ module Aws
       end
 
       def error_code(data, context)
+        # This is not correct per protocol tests. awsQueryError is intended to populate the
+        # error code of the error class. The error class should come from __type. Query and
+        # query compatible services currently have dynamic errors raised from error codes instead
+        # of the modeled error class. However, changing this in this major version would break
+        # existing usage.
         code =
           if aws_query_error?(context)
-            error = context.http_response.headers['x-amzn-query-error'].split(';')[0]
-            remove_prefix(error, context)
+            aws_query_error_code(context)
           else
             data['__type']
           end
@@ -51,6 +56,25 @@ module Aws
         end
       end
 
+      def aws_query_error?(context)
+        context.config.api.metadata['awsQueryCompatible'] &&
+          context.http_response.headers['x-amzn-query-error']
+      end
+
+      def aws_query_error_code(context)
+        query_header = context.http_response.headers['x-amzn-query-error']
+        error, _type = query_header.split(';') # type not supported
+        remove_prefix(error, context)
+      end
+
+      def remove_prefix(error_code, context)
+        if (prefix = context.config.api.metadata['errorPrefix'])
+          error_code.sub(/^#{prefix}/, '')
+        else
+          error_code
+        end
+      end
+
       def parse_error_data(context, body, code)
         data = EmptyStructure.new
         if (error_rules = context.operation.errors)
@@ -66,19 +90,6 @@ module Aws
         end
         data
       end
-
-      def aws_query_error?(context)
-        context.config.api.metadata['awsQueryCompatible'] &&
-          context.http_response.headers['x-amzn-query-error']
-      end
-
-      def remove_prefix(error_code, context)
-        if (prefix = context.config.api.metadata['errorPrefix'])
-          error_code.sub(/^#{prefix}/, '')
-        else
-          error_code
-        end
-      end
     end
   end
 end

data/lib/aws-sdk-core/rpc_v2/handler.rb

@@ -7,7 +7,7 @@ module Aws
       # @return [Seahorse::Client::Response]
       def call(context)
         build_request(context)
-        response = @handler.call(context)
+        response = with_metric { @handler.call(context) }
         response.on(200..299) { |resp| resp.data = parse_body(context) }
         response.on(200..599) { |_resp| apply_request_id(context) }
         response
@@ -15,8 +15,13 @@ module Aws
 
       private
 
+      def with_metric(&block)
+        Aws::Plugins::UserAgent.metric('PROTOCOL_RPC_V2_CBOR', &block)
+      end
+
       def build_request(context)
-        context.http_request.headers['smithy-protocol'] = 'rpc-v2-cbor'
+        context.http_request.headers['Smithy-Protocol'] = 'rpc-v2-cbor'
+        context.http_request.headers['X-Amzn-Query-Mode'] = 'true' if query_compatible?(context)
         context.http_request.http_method = 'POST'
         context.http_request.body = build_body(context)
         build_url(context)

data/lib/aws-sdk-core/rpc_v2/parser.rb

@@ -16,7 +16,7 @@ module Aws
       def parse(cbor, target = nil)
         return {} if cbor.empty?
 
-        parse_ref(@rules, Cbor.decode(cbor), target)
+        parse_ref(@rules, RpcV2.decode(cbor), target)
       end
 
       private
@@ -85,6 +85,14 @@ module Aws
           end
         end
       end
+
+      def flattened_list?(shape)
+        shape.is_a?(ListShape) && shape.flattened
+      end
+
+      def flattened_map?(shape)
+        shape.is_a?(MapShape) && shape.flattened
+      end
     end
   end
 end

data/lib/aws-sdk-core/rpc_v2.rb

@@ -1,6 +1,69 @@
+# frozen_string_literal: true
+
 require_relative 'cbor'
-require_relative 'rpc_v2/handler'
+require_relative 'rpc_v2/builder'
 require_relative 'rpc_v2/content_type_handler'
 require_relative 'rpc_v2/error_handler'
-require_relative 'rpc_v2/builder'
+require_relative 'rpc_v2/handler'
 require_relative 'rpc_v2/parser'
+
+module Aws
+  # @api private
+  module RpcV2
+    class << self
+      # @param [Symbol,Class] engine
+      #   Must be one of the following values:
+      #
+      #   * :cbor
+      #
+      def engine=(engine)
+        @engine = Class === engine ? engine : load_engine(engine)
+      end
+
+      # @return [Class] Returns the default engine.
+      #   One of:
+      #
+      #   * {CborEngine}
+      #
+      def engine
+        set_default_engine unless @engine
+        @engine
+      end
+
+      def encode(data)
+        @engine.encode(data)
+      end
+
+      def decode(bytes)
+        bytes.force_encoding(Encoding::BINARY)
+        @engine.decode(bytes)
+      end
+
+      def set_default_engine
+        [:cbor].each do |name|
+          @engine ||= try_load_engine(name)
+        end
+
+        unless @engine
+          raise 'Unable to find a compatible cbor library.'
+        end
+      end
+
+      private
+
+      def load_engine(name)
+        require "aws-sdk-core/rpc_v2/#{name}_engine"
+        const_name = name[0].upcase + name[1..-1] + 'Engine'
+        const_get(const_name)
+      end
+
+      def try_load_engine(name)
+        load_engine(name)
+      rescue LoadError
+        false
+      end
+    end
+
+    set_default_engine
+  end
+end

data/lib/aws-sdk-core/shared_config.rb

@@ -138,7 +138,11 @@ module Aws
             role_session_name: entry['role_session_name']
           }
           cfg[:region] = opts[:region] if opts[:region]
-          AssumeRoleWebIdentityCredentials.new(cfg)
+          with_metrics('CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN') do
+            creds = AssumeRoleWebIdentityCredentials.new(cfg)
+            creds.metrics << 'CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN'
+            creds
+          end
         end
       end
     end
@@ -198,6 +202,7 @@ module Aws
 
     config_reader(
       :region,
+      :account_id_endpoint_mode,
       :sigv4a_signing_region_set,
       :ca_bundle,
       :credential_process,
@@ -207,10 +212,13 @@ module Aws
       :ec2_metadata_service_endpoint,
       :ec2_metadata_service_endpoint_mode,
       :ec2_metadata_v1_disabled,
+      :disable_host_prefix_injection,
       :max_attempts,
       :retry_mode,
       :adaptive_retry_wait_to_fill,
       :correct_clock_skew,
+      :request_checksum_calculation,
+      :response_checksum_validation,
       :csm_client_id,
       :csm_enabled,
       :csm_host,
@@ -252,8 +260,8 @@ module Aws
             'provide only source_profile or credential_source, not both.'
         elsif opts[:source_profile]
           opts[:visited_profiles] ||= Set.new
-          opts[:credentials] = resolve_source_profile(opts[:source_profile], opts)
-          if opts[:credentials]
+          provider = resolve_source_profile(opts[:source_profile], opts)
+          if provider && (opts[:credentials] = provider.credentials)
             opts[:role_session_name] ||= prof_cfg['role_session_name']
             opts[:role_session_name] ||= 'default_session'
             opts[:role_arn] ||= prof_cfg['role_arn']
@@ -262,17 +270,28 @@ module Aws
             opts[:serial_number] ||= prof_cfg['mfa_serial']
             opts[:profile] = opts.delete(:source_profile)
             opts.delete(:visited_profiles)
-            AssumeRoleCredentials.new(opts)
+
+            metrics = provider.metrics
+            if provider.is_a?(AssumeRoleCredentials)
+              opts[:credentials] = provider
+              metrics.delete('CREDENTIALS_STS_ASSUME_ROLE')
+            else
+              metrics << 'CREDENTIALS_PROFILE_SOURCE_PROFILE'
+            end
+            # Set the original credentials metrics to [] to prevent duplicate metrics during sign plugin
+            opts[:credentials].metrics = []
+            with_metrics(metrics) do
+              creds = AssumeRoleCredentials.new(opts)
+              creds.metrics.push(*metrics)
+              creds
+            end
           else
             raise Errors::NoSourceProfileError,
               "Profile #{profile} has a role_arn, and source_profile, but the"\
               ' source_profile does not have credentials.'
           end
         elsif credential_source
-          opts[:credentials] = credentials_from_source(
-            credential_source,
-            chain_config
-          )
+          opts[:credentials] = credentials_from_source(credential_source, chain_config)
           if opts[:credentials]
             opts[:role_session_name] ||= prof_cfg['role_session_name']
             opts[:role_session_name] ||= 'default_session'
@@ -281,7 +300,16 @@ module Aws
             opts[:external_id] ||= prof_cfg['external_id']
             opts[:serial_number] ||= prof_cfg['mfa_serial']
             opts.delete(:source_profile) # Cleanup
-            AssumeRoleCredentials.new(opts)
+
+            metrics = opts[:credentials].metrics
+            metrics << 'CREDENTIALS_PROFILE_NAMED_PROVIDER'
+            # Set the original credentials metrics to [] to prevent duplicate metrics during sign plugin
+            opts[:credentials].metrics = []
+            with_metrics(metrics) do
+              creds = AssumeRoleCredentials.new(opts)
+              creds.metrics.push(*metrics)
+              creds
+            end
           else
             raise Errors::NoSourceCredentials,
               "Profile #{profile} could not get source credentials from"\
@@ -309,12 +337,24 @@ module Aws
       elsif profile_config && profile_config['source_profile']
         opts.delete(:source_profile)
         assume_role_credentials_from_config(opts.merge(profile: profile))
-      elsif (provider = assume_role_web_identity_credentials_from_config(opts.merge(profile: profile)))
-        provider.credentials if provider.credentials.set?
+      elsif (provider = assume_role_web_identity_credentials_from_config_with_metrics(opts.merge(profile: profile)))
+        provider if provider.credentials.set?
       elsif (provider = assume_role_process_credentials_from_config(profile))
-        provider.credentials if provider.credentials.set?
-      elsif (provider = sso_credentials_from_config(profile: profile))
-        provider.credentials if provider.credentials.set?
+        provider if provider.credentials.set?
+      elsif (provider = sso_credentials_from_config_with_metrics(profile))
+        provider if provider.credentials.set?
+      end
+    end
+
+    def assume_role_web_identity_credentials_from_config_with_metrics(opts)
+      with_metrics('CREDENTIALS_PROFILE_SOURCE_PROFILE') do
+        assume_role_web_identity_credentials_from_config(opts)
+      end
+    end
+
+    def sso_credentials_from_config_with_metrics(profile)
+      with_metrics('CREDENTIALS_PROFILE_SOURCE_PROFILE') do
+        sso_credentials_from_config(profile: profile)
       end
     end
 
@@ -339,7 +379,11 @@ module Aws
       if @parsed_config
         credential_process ||= @parsed_config.fetch(profile, {})['credential_process']
       end
-      ProcessCredentials.new([credential_process]) if credential_process
+      if credential_process
+        creds = ProcessCredentials.new([credential_process])
+        creds.metrics << 'CREDENTIALS_PROFILE_PROCESS'
+        creds
+      end
     end
 
     def credentials_from_shared(profile, _opts)
@@ -383,13 +427,18 @@ module Aws
           sso_start_url = prof_config['sso_start_url']
         end
 
-        SSOCredentials.new(
-          sso_account_id: prof_config['sso_account_id'],
-          sso_role_name: prof_config['sso_role_name'],
-          sso_session: prof_config['sso_session'],
-          sso_region: sso_region,
-          sso_start_url: sso_start_url
+        metric = prof_config['sso_session'] ? 'CREDENTIALS_PROFILE_SSO' : 'CREDENTIALS_PROFILE_SSO_LEGACY'
+        with_metrics(metric) do
+          creds = SSOCredentials.new(
+            sso_account_id: prof_config['sso_account_id'],
+            sso_role_name: prof_config['sso_role_name'],
+            sso_session: prof_config['sso_session'],
+            sso_region: sso_region,
+            sso_start_url: sso_start_url
           )
+          creds.metrics << metric
+          creds
+        end
       end
     end
 
@@ -414,8 +463,10 @@ module Aws
       creds = Credentials.new(
         prof_config['aws_access_key_id'],
         prof_config['aws_secret_access_key'],
-        prof_config['aws_session_token']
+        prof_config['aws_session_token'],
+        account_id: prof_config['aws_account_id']
       )
+      creds.metrics = ['CREDENTIALS_PROFILE']
       creds if creds.set?
     end
 
@@ -476,5 +527,9 @@ module Aws
 
       sso_session
     end
+
+    def with_metrics(metrics, &block)
+      Aws::Plugins::UserAgent.metric(*metrics, &block)
+    end
   end
 end

data/lib/aws-sdk-core/shared_credentials.rb

@@ -7,13 +7,6 @@ module Aws
 
     include CredentialProvider
 
-    # @api private
-    KEY_MAP = {
-      'aws_access_key_id' => 'access_key_id',
-      'aws_secret_access_key' => 'secret_access_key',
-      'aws_session_token' => 'session_token',
-    }
-
     # Constructs a new SharedCredentials object. This will load static
     # (access_key_id, secret_access_key and session_token) AWS access
     # credentials from an ini file, which supports profiles. The default
@@ -47,6 +40,7 @@ module Aws
         )
         @credentials = config.credentials(profile: @profile_name)
       end
+      @metrics = ['CREDENTIALS_CODE']
     end
 
     # @return [String]

data/lib/aws-sdk-core/sso_credentials.rb

@@ -91,6 +91,7 @@ module Aws
           client_opts[:credentials] = nil
           @client = Aws::SSO::Client.new(client_opts)
         end
+        @metrics = ['CREDENTIALS_SSO']
       else # legacy behavior
         missing_keys = LEGACY_REQUIRED_OPTS.select { |k| options[k].nil? }
         unless missing_keys.empty?
@@ -111,6 +112,7 @@ module Aws
         client_opts[:credentials] = nil
 
         @client = options[:client] || Aws::SSO::Client.new(client_opts)
+        @metrics = ['CREDENTIALS_SSO_LEGACY']
       end
 
       @async_refresh = true
@@ -156,7 +158,8 @@ module Aws
       @credentials = Credentials.new(
         c.access_key_id,
         c.secret_access_key,
-        c.session_token
+        c.session_token,
+        account_id: @sso_account_id
       )
       @expiration = Time.at(c.expiration / 1000.0)
     end

data/lib/aws-sdk-core/stubbing/protocols/ec2.rb

@@ -3,6 +3,7 @@
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class EC2
 
         def stub_data(api, operation, data)
@@ -16,17 +17,17 @@ module Aws
         end
 
         def stub_error(error_code)
-          http_resp = Seahorse::Client::Http::Response.new
-          http_resp.status_code = 400
-          http_resp.body = <<-XML.strip
-<ErrorResponse>
-  <Error>
-    <Code>#{error_code}</Code>
-    <Message>stubbed-response-error-message</Message>
-  </Error>
-</ErrorResponse>
+          resp = Seahorse::Client::Http::Response.new
+          resp.status_code = 400
+          resp.body = <<~XML.strip
+            <ErrorResponse>
+              <Error>
+                <Code>#{error_code}</Code>
+                <Message>stubbed-response-error-message</Message>
+              </Error>
+            </ErrorResponse>
           XML
-          http_resp
+          resp
         end
 
         private
@@ -37,7 +38,7 @@ module Aws
           xml.shift
           xml.pop
           xmlns = "http://ec2.amazonaws.com/doc/#{api.version}/".inspect
-          xml.unshift("  <requestId>stubbed-request-id</requestId>")
+          xml.unshift('  <requestId>stubbed-request-id</requestId>')
           xml.unshift("<#{operation.name}Response xmlns=#{xmlns}>\n")
           xml.push("</#{operation.name}Response>\n")
           xml.join

data/lib/aws-sdk-core/stubbing/protocols/json.rb

@@ -3,27 +3,28 @@
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class Json
 
         def stub_data(api, operation, data)
           resp = Seahorse::Client::Http::Response.new
           resp.status_code = 200
-          resp.headers["Content-Type"] = content_type(api)
-          resp.headers["x-amzn-RequestId"] = "stubbed-request-id"
+          resp.headers['Content-Type'] = content_type(api)
+          resp.headers['x-amzn-RequestId'] = 'stubbed-request-id'
           resp.body = build_body(operation, data)
           resp
         end
 
         def stub_error(error_code)
-          http_resp = Seahorse::Client::Http::Response.new
-          http_resp.status_code = 400
-          http_resp.body = <<-JSON.strip
-{
-  "code": #{error_code.inspect},
-  "message": "stubbed-response-error-message"
-}
+          resp = Seahorse::Client::Http::Response.new
+          resp.status_code = 400
+          resp.body = <<~JSON.strip
+            {
+              "code": #{error_code.inspect},
+              "message": "stubbed-response-error-message"
+            }
           JSON
-          http_resp
+          resp
         end
 
         private

data/lib/aws-sdk-core/stubbing/protocols/query.rb

@@ -3,6 +3,7 @@
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class Query
 
         def stub_data(api, operation, data)
@@ -13,10 +14,10 @@ module Aws
         end
 
         def stub_error(error_code)
-          http_resp = Seahorse::Client::Http::Response.new
-          http_resp.status_code = 400
-          http_resp.body = XmlError.new(error_code).to_xml
-          http_resp
+          resp = Seahorse::Client::Http::Response.new
+          resp.status_code = 400
+          resp.body = XmlError.new(error_code).to_xml
+          resp
         end
 
         private
@@ -24,9 +25,9 @@ module Aws
         def build_body(api, operation, data)
           xml = []
           builder = Aws::Xml::DocBuilder.new(target: xml, indent: '  ')
-          builder.node(operation.name + 'Response', xmlns: xmlns(api)) do
+          builder.node("#{operation.name}Response", xmlns: xmlns(api)) do
             if (rules = operation.output)
-              rules.location_name = operation.name + 'Result'
+              rules.location_name = "#{operation.name}Result"
               Xml::Builder.new(rules, target: xml, pad:'  ').to_xml(data)
             end
             builder.node('ResponseMetadata') do

data/lib/aws-sdk-core/stubbing/protocols/rest.rb

@@ -5,6 +5,7 @@ require 'aws-eventstream'
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class Rest
 
         include Seahorse::Model::Shapes
@@ -22,7 +23,7 @@ module Aws
         def new_http_response
           resp = Seahorse::Client::Http::Response.new
           resp.status_code = 200
-          resp.headers["x-amzn-RequestId"] = "stubbed-request-id"
+          resp.headers['x-amzn-RequestId'] = 'stubbed-request-id'
           resp
         end
 

data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb

@@ -3,6 +3,7 @@
 module Aws
   module Stubbing
     module Protocols
+      # @api private
       class RestJson < Rest
 
         def body_for(_a, _b, rules, data)
@@ -14,15 +15,15 @@ module Aws
         end
 
         def stub_error(error_code)
-          http_resp = Seahorse::Client::Http::Response.new
-          http_resp.status_code = 400
-          http_resp.body = <<-JSON.strip
-{
-  "code": #{error_code.inspect},
-  "message": "stubbed-response-error-message"
-}
+          resp = Seahorse::Client::Http::Response.new
+          resp.status_code = 400
+          resp.body = <<~JSON.strip
+            {
+              "code": #{error_code.inspect},
+              "message": "stubbed-response-error-message"
+            }
           JSON
-          http_resp
+          resp
         end
 
       end