aws-sdk-core 3.203.0 → 3.209.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7bf46cc1c58aa2eab7feaaaa91a1c3042a3fcb9737f8b752e92a2075b20c18e7
-  data.tar.gz: 36d04c3b40f2b9e6a235ed726c6a8bc47d6b5245204ab5cac2fd16a373602dd6
+  metadata.gz: b21a55766ac3b065464e202f9e5e8eaa449fb1b186776cc439f9ef6859c51923
+  data.tar.gz: d0602af7e12f340646722e0ca65ebbe1b9950d8b7ac7da1da2bfaf22a6723fbb
 SHA512:
-  metadata.gz: 696a9df19fd3f81a85d9fdc77300ab98d13ad7aec127d892f2a81ac7994aa324d0a92164fecd63462440c11056781642a44b379e14a1f2c029b32a8c0a5c0f76
-  data.tar.gz: 1255facb9c4205650241f60f2469e89cc576b522f01aacb1907cf57b7c4d7bddcb28ae269b25b4608412e45b5afbd61ec1c367840aa022de7e4a208de595a3ef
+  metadata.gz: dce3b13eced2c29beecdbc6929836c9917cc0d7524033cb76e0ea7ae6cf6f01c87b9f0f07a88a17197cb2989c4addf3a9c303acbdb6cf5fb331ecb328d16feec
+  data.tar.gz: ace0cb1e6d8e05083601c36607a3c8d6902a72a36cec481081939626ce8399fa43b603b42d6fb026cddce1ec51ab98f405a02e6fa4eb861aabe23aa658519457

data/CHANGELOG.md

@@ -1,6 +1,75 @@
 Unreleased Changes
 ------------------
 
+3.209.1 (2024-09-25)
+------------------
+
+* Issue - Add all core plugins to autoloads.
+
+3.209.0 (2024-09-24)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Issue - Add service identifiers to GlobalConfig's list of identifiers outside of autoload (#3113).
+
+* Issue - Ignore invalid ARNs when trying to parse accountId in assume role credentials.
+
+3.208.0 (2024-09-23)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Use autoloading at the service level to load service clients and resources.
+
+3.207.0 (2024-09-20)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Support Account ID credentials using `ENV['AWS_ACCOUNT_ID']`, `aws_account_id` shared config, or the `account_id` Client configuration option.
+
+* Feature - Support Account ID endpoint mode using `ENV['AWS_ACCOUNT_ID_ENDPOINT_MODE']`, `aws_account_id_endpoint_mode` shared config, or the `account_id_endpoint_mode` Client configuration option. Defaults to `preferred`, which will use the account id endpoint if available. Set to `disabled` to disable account id endpoints. Set to `required` to require account id endpoint usage; an error is raised if credentials do not have an account id.
+
+3.206.0 (2024-09-17)
+------------------
+
+* Feature - Support `sigv4a` endpoint auth without CRT.
+
+3.205.0 (2024-09-11)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Issue - Additional metrics collection in the User-Agent plugin.
+
+3.204.0 (2024-09-10)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Issue - Add support for `ssl_cert` and `ssl_key` configuration options to support mTLS.
+
 3.203.0 (2024-09-03)
 ------------------
 
@@ -37,6 +106,7 @@ Unreleased Changes
 ------------------
 
 * Issue - Allow legacy/undocumented `sigv4_signer` configuration to override resolved signer.
+
 * Issue - Consider sigv4a supported without crt check.
 
 3.201.4 (2024-08-08)

data/VERSION

@@ -1 +1 @@
-3.203.0
+3.209.1

data/lib/aws-defaults.rb

@@ -1,3 +1,6 @@
 # frozen_string_literal: true
 
-require_relative 'aws-defaults/default_configuration'
+module Aws
+  autoload :DefaultsModeConfiguration, 'aws-defaults/default_configuration'
+  autoload :DefaultsModeConfigResolver, 'aws-defaults/defaults_mode_config_resolver'
+end

data/lib/aws-sdk-core/assume_role_credentials.rb

@@ -62,13 +62,20 @@ module Aws
     private
 
     def refresh
-      c = @client.assume_role(@assume_role_params).credentials
+      resp = @client.assume_role(@assume_role_params)
+      creds = resp.credentials
       @credentials = Credentials.new(
-        c.access_key_id,
-        c.secret_access_key,
-        c.session_token
+        creds.access_key_id,
+        creds.secret_access_key,
+        creds.session_token,
+        account_id: parse_account_id(resp)
       )
-      @expiration = c.expiration
+      @expiration = creds.expiration
+    end
+
+    def parse_account_id(resp)
+      arn = resp.assumed_role_user&.arn
+      ARNParser.parse(arn).account_id if ARNParser.arn?(arn)
     end
 
     class << self

data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb

@@ -60,7 +60,7 @@ module Aws
         # not provided, generate encoded UUID as session name
         @assume_role_web_identity_params[:role_session_name] = _session_name
       end
-      @client = client_opts[:client] || STS::Client.new(client_opts.merge(credentials: false))
+      @client = client_opts[:client] || STS::Client.new(client_opts.merge(credentials: nil))
       super
     end
 
@@ -73,14 +73,15 @@ module Aws
       # read from token file everytime it refreshes
       @assume_role_web_identity_params[:web_identity_token] = _token_from_file(@token_file)
 
-      c = @client.assume_role_with_web_identity(
-        @assume_role_web_identity_params).credentials
+      resp = @client.assume_role_with_web_identity(@assume_role_web_identity_params)
+      creds = resp.credentials
       @credentials = Credentials.new(
-        c.access_key_id,
-        c.secret_access_key,
-        c.session_token
+        creds.access_key_id,
+        creds.secret_access_key,
+        creds.session_token,
+        account_id: parse_account_id(resp)
       )
-      @expiration = c.expiration
+      @expiration = creds.expiration
     end
 
     def _token_from_file(path)
@@ -94,6 +95,11 @@ module Aws
       Base64.strict_encode64(SecureRandom.uuid)
     end
 
+    def parse_account_id(resp)
+      arn = resp.assumed_role_user&.arn
+      ARNParser.parse(arn).account_id if ARNParser.arn?(arn)
+    end
+
     class << self
 
       # @api private

data/lib/aws-sdk-core/client_side_monitoring.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Aws
+  # setup autoloading for ClientSideMonitoring module
+  module ClientSideMonitoring
+    autoload :RequestMetrics, 'aws-sdk-core/client_side_monitoring/request_metrics'
+    autoload :Publisher, 'aws-sdk-core/client_side_monitoring/publisher'
+  end
+end

data/lib/aws-sdk-core/credential_provider_chain.rb

@@ -45,7 +45,8 @@ module Aws
         Credentials.new(
           options[:config].access_key_id,
           options[:config].secret_access_key,
-          options[:config].session_token
+          options[:config].session_token,
+          account_id: options[:config].account_id
         )
       end
     end
@@ -94,7 +95,13 @@ module Aws
       key =    %w[AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY]
       secret = %w[AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY]
       token =  %w[AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN]
-      Credentials.new(envar(key), envar(secret), envar(token))
+      account_id = %w[AWS_ACCOUNT_ID]
+      Credentials.new(
+        envar(key),
+        envar(secret),
+        envar(token),
+        account_id: envar(account_id)
+      )
     end
 
     def envar(keys)

data/lib/aws-sdk-core/credentials.rb

@@ -6,21 +6,28 @@ module Aws
     # @param [String] access_key_id
     # @param [String] secret_access_key
     # @param [String] session_token (nil)
-    def initialize(access_key_id, secret_access_key, session_token = nil)
+    # @param [Hash] kwargs
+    # @option kwargs [String] :credential_scope (nil)
+    def initialize(access_key_id, secret_access_key, session_token = nil,
+                   **kwargs)
       @access_key_id = access_key_id
       @secret_access_key = secret_access_key
       @session_token = session_token
+      @account_id = kwargs[:account_id]
     end
 
-    # @return [String, nil]
+    # @return [String]
     attr_reader :access_key_id
 
-    # @return [String, nil]
+    # @return [String]
     attr_reader :secret_access_key
 
     # @return [String, nil]
     attr_reader :session_token
 
+    # @return [String, nil]
+    attr_reader :account_id
+
     # @return [Credentials]
     def credentials
       self
@@ -30,9 +37,9 @@ module Aws
     #   access key are both set.
     def set?
       !access_key_id.nil? &&
-      !access_key_id.empty? &&
-      !secret_access_key.nil? &&
-      !secret_access_key.empty?
+        !access_key_id.empty? &&
+        !secret_access_key.nil? &&
+        !secret_access_key.empty?
     end
 
     # Removing the secret access key from the default inspect string.

data/lib/aws-sdk-core/endpoints/endpoint.rb

@@ -3,15 +3,17 @@
 module Aws
   module Endpoints
     class Endpoint
-      def initialize(url:, properties: {}, headers: {})
+      def initialize(url:, properties: {}, headers: {}, metadata: {})
         @url = url
         @properties = properties
         @headers = headers
+        @metadata = metadata
       end
 
       attr_reader :url
       attr_reader :properties
       attr_reader :headers
+      attr_reader :metadata
     end
   end
 end

data/lib/aws-sdk-core/endpoints.rb

@@ -19,9 +19,12 @@ require 'aws-sigv4'
 module Aws
   # @api private
   module Endpoints
-    supported_auth_traits = %w[aws.auth#sigv4 smithy.api#httpBearerAuth smithy.api#noAuth]
-    supported_auth_traits += ['aws.auth#sigv4a'] if Aws::Sigv4::Signer.use_crt?
-    SUPPORTED_AUTH_TRAITS = supported_auth_traits.freeze
+    SUPPORTED_AUTH_TRAITS = %w[
+      aws.auth#sigv4
+      aws.auth#sigv4a
+      smithy.api#httpBearerAuth
+      smithy.api#noAuth
+    ].freeze
 
     class << self
       def resolve_auth_scheme(context, endpoint)

data/lib/aws-sdk-core/log.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module Aws
+  # setup autoloading for Log module
+  module Log
+    autoload :Formatter, 'aws-sdk-core/log/formatter'
+    autoload :ParamFilter, 'aws-sdk-core/log/param_filter'
+    autoload :ParamFormatter, 'aws-sdk-core/log/param_formatter'
+  end
+end

data/lib/aws-sdk-core/plugins/credentials_configuration.rb

@@ -12,6 +12,8 @@ module Aws
 
       option(:session_token, doc_type: String, docstring: '')
 
+      option(:account_id, doc_type: String, docstring: '')
+
       option(:profile,
         doc_default: 'default',
         doc_type: String,
@@ -58,13 +60,15 @@ When `:credentials` are not configured directly, the following
 locations will be searched for credentials:
 
 * `Aws.config[:credentials]`
-* The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
-* ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
+* The `:access_key_id`, `:secret_access_key`, `:session_token`, and
+  `:account_id` options.
+* ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
+  ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
 * `~/.aws/credentials`
 * `~/.aws/config`
 * EC2/ECS IMDS instance profile - When used by default, the timeouts
   are very aggressive. Construct and pass an instance of
-  `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+  `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
   enable retries and extended timeouts. Instance profile credential
   fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
   to true.

data/lib/aws-sdk-core/plugins/regional_endpoint.rb

@@ -205,6 +205,7 @@ to test or custom endpoints. This should be a valid HTTP(S) URI.
             cfg.override_config(:region, new_region)
           end
         end
+
         # set a default endpoint in config using legacy (endpoints.json) resolver
         def resolve_legacy_endpoint(cfg)
           endpoint_prefix = cfg.api.metadata['endpointPrefix']

data/lib/aws-sdk-core/plugins/user_agent.rb

@@ -17,7 +17,15 @@ module Aws
           "S3_CRYPTO_V2": "I",
           "S3_EXPRESS_BUCKET": "J",
           "S3_ACCESS_GRANTS": "K",
-          "GZIP_REQUEST_COMPRESSION": "L"
+          "GZIP_REQUEST_COMPRESSION": "L",
+          "PROTOCOL_RPC_V2_CBOR": "M",
+          "ENDPOINT_OVERRIDE": "N",
+          "ACCOUNT_ID_ENDPOINT": "O",
+          "ACCOUNT_ID_MODE_PREFERRED": "P",
+          "ACCOUNT_ID_MODE_DISABLED": "Q",
+          "ACCOUNT_ID_MODE_REQUIRED": "R",
+          "SIGV4A_SIGNING": "S",
+          "RESOLVED_ACCOUNT_ID": "T"
         }
       METRICS
 
@@ -45,15 +53,13 @@ variable AWS_SDK_UA_APP_ID or the shared config profile attribute sdk_ua_app_id.
         block.call
       end
 
-      def self.metric(metric, &block)
+      def self.metric(*metrics, &block)
         Thread.current[:aws_sdk_core_user_agent_metric] ||= []
-        Thread.current[:aws_sdk_core_user_agent_metric] << METRICS[metric]
+        metrics = metrics.map { |metric| METRICS[metric] }.compact
+        Thread.current[:aws_sdk_core_user_agent_metric].concat(metrics)
         block.call
       ensure
-        Thread.current[:aws_sdk_core_user_agent_metric].pop
-        if Thread.current[:aws_sdk_core_user_agent_metric].empty?
-          Thread.current[:aws_sdk_core_user_agent_metric] = nil
-        end
+        Thread.current[:aws_sdk_core_user_agent_metric].pop(metrics.size)
       end
 
       # @api private
@@ -166,7 +172,10 @@ variable AWS_SDK_UA_APP_ID or the shared config profile attribute sdk_ua_app_id.
           end
 
           def metric_metadata
-            return unless Thread.current[:aws_sdk_core_user_agent_metric]
+            if Thread.current[:aws_sdk_core_user_agent_metric].nil? ||
+               Thread.current[:aws_sdk_core_user_agent_metric].empty?
+              return
+            end
 
             metrics = Thread.current[:aws_sdk_core_user_agent_metric].join(',')
             # Metric metadata is limited to 1024 bytes

data/lib/aws-sdk-core/plugins.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Aws
+  # setup autoloading for Plugins
+  # Most plugins are required explicitly from service clients
+  # but users may reference them outside of client usage.
+  module Plugins
+    autoload :ApiKey, 'aws-sdk-core/plugins/api_key'
+    autoload :BearerAuthorization, 'aws-sdk-core/plugins/bearer_authorization'
+    autoload :ChecksumAlgorithm, 'aws-sdk-core/plugins/checksum_algorithm'
+    autoload :ClientMetricsPlugin, 'aws-sdk-core/plugins/client_metrics_plugin'
+    autoload :ClientMetricsSendPlugin, 'aws-sdk-core/plugins/client_metrics_send_plugin'
+    autoload :CredentialsConfiguration, 'aws-sdk-core/plugins/credentials_configuration'
+    autoload :DefaultsMode, 'aws-sdk-core/plugins/defaults_mode'
+    autoload :EndpointDiscovery, 'aws-sdk-core/plugins/endpoint_discovery'
+    autoload :EndpointPattern, 'aws-sdk-core/plugins/endpoint_pattern'
+    autoload :EventStreamConfiguration, 'aws-sdk-core/plugins/event_stream_configuration'
+    autoload :GlobalConfiguration, 'aws-sdk-core/plugins/global_configuration'
+    autoload :HelpfulSocketErrors, 'aws-sdk-core/plugins/helpful_socket_errors'
+    autoload :HttpChecksum, 'aws-sdk-core/plugins/http_checksum'
+    autoload :IdempotencyToken, 'aws-sdk-core/plugins/idempotency_token'
+    autoload :InvocationId, 'aws-sdk-core/plugins/invocation_id'
+    autoload :JsonvalueConverter, 'aws-sdk-core/plugins/jsonvalue_converter'
+    autoload :Logging, 'aws-sdk-core/plugins/logging'
+    autoload :ParamConverter, 'aws-sdk-core/plugins/param_converter'
+    autoload :ParamValidator, 'aws-sdk-core/plugins/param_validator'
+    autoload :RecursionDetection, 'aws-sdk-core/plugins/recursion_detection'
+    autoload :RegionalEndpoint, 'aws-sdk-core/plugins/regional_endpoint'
+    autoload :RequestCompression, 'aws-sdk-core/plugins/request_compression'
+    autoload :ResponsePaging, 'aws-sdk-core/plugins/response_paging'
+    autoload :RetryErrors, 'aws-sdk-core/plugins/retry_errors'
+    autoload :Sign, 'aws-sdk-core/plugins/sign'
+    autoload :SignatureV4, 'aws-sdk-core/plugins/signature_v4'
+    autoload :StubResponses, 'aws-sdk-core/plugins/stub_responses'
+    autoload :Telemetry, 'aws-sdk-core/plugins/telemetry'
+    autoload :TransferEncoding, 'aws-sdk-core/plugins/transfer_encoding'
+    autoload :UserAgent, 'aws-sdk-core/plugins/user_agent'
+  end
+end

data/lib/aws-sdk-core/process_credentials.rb

@@ -74,7 +74,8 @@ module Aws
       creds = Credentials.new(
         creds_json['AccessKeyId'],
         creds_json['SecretAccessKey'],
-        creds_json['SessionToken']
+        creds_json['SessionToken'],
+        account_id: creds_json['AccountId']
       )
 
       @expiration = creds_json['Expiration'] ? Time.iso8601(creds_json['Expiration']) : nil

data/lib/aws-sdk-core/resources.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module Aws
+  # setup autoloading for Resources module
+  module Resources
+    autoload :Collection, 'aws-sdk-core/resources/collection'
+  end
+end

data/lib/aws-sdk-core/rpc_v2/handler.rb

@@ -7,7 +7,7 @@ module Aws
       # @return [Seahorse::Client::Response]
       def call(context)
         build_request(context)
-        response = @handler.call(context)
+        response = with_metric { @handler.call(context) }
         response.on(200..299) { |resp| resp.data = parse_body(context) }
         response.on(200..599) { |_resp| apply_request_id(context) }
         response
@@ -15,6 +15,10 @@ module Aws
 
       private
 
+      def with_metric(&block)
+        Aws::Plugins::UserAgent.metric('PROTOCOL_RPC_V2_CBOR', &block)
+      end
+
       def build_request(context)
         context.http_request.headers['smithy-protocol'] = 'rpc-v2-cbor'
         context.http_request.http_method = 'POST'

data/lib/aws-sdk-core/shared_config.rb

@@ -198,6 +198,7 @@ module Aws
 
     config_reader(
       :region,
+      :account_id_endpoint_mode,
       :sigv4a_signing_region_set,
       :ca_bundle,
       :credential_process,
@@ -414,7 +415,8 @@ module Aws
       creds = Credentials.new(
         prof_config['aws_access_key_id'],
         prof_config['aws_secret_access_key'],
-        prof_config['aws_session_token']
+        prof_config['aws_session_token'],
+        account_id: prof_config['aws_account_id']
       )
       creds if creds.set?
     end

data/lib/aws-sdk-core/shared_credentials.rb

@@ -7,13 +7,6 @@ module Aws
 
     include CredentialProvider
 
-    # @api private
-    KEY_MAP = {
-      'aws_access_key_id' => 'access_key_id',
-      'aws_secret_access_key' => 'secret_access_key',
-      'aws_session_token' => 'session_token',
-    }
-
     # Constructs a new SharedCredentials object. This will load static
     # (access_key_id, secret_access_key and session_token) AWS access
     # credentials from an ini file, which supports profiles. The default

data/lib/aws-sdk-core/sso_credentials.rb

@@ -156,7 +156,8 @@ module Aws
       @credentials = Credentials.new(
         c.access_key_id,
         c.secret_access_key,
-        c.session_token
+        c.session_token,
+        account_id: @sso_account_id
       )
       @expiration = Time.at(c.expiration / 1000.0)
     end

data/lib/aws-sdk-core/stubbing.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Aws
+  # setup autoloading for Stubbing module
+  module Stubbing
+    autoload :EmptyStub, 'aws-sdk-core/stubbing/empty_stub'
+    autoload :DataApplicator, 'aws-sdk-core/stubbing/data_applicator'
+    autoload :StubData, 'aws-sdk-core/stubbing/stub_data'
+    autoload :XmlError, 'aws-sdk-core/stubbing/xml_error'
+
+    module Protocols
+      autoload :Json, 'aws-sdk-core/stubbing/protocols/json'
+      autoload :Rest, 'aws-sdk-core/stubbing/protocols/rest'
+      autoload :RestJson, 'aws-sdk-core/stubbing/protocols/rest_json'
+      autoload :RestXml, 'aws-sdk-core/stubbing/protocols/rest_xml'
+      autoload :Query, 'aws-sdk-core/stubbing/protocols/query'
+      autoload :EC2, 'aws-sdk-core/stubbing/protocols/ec2'
+      autoload :RpcV2, 'aws-sdk-core/stubbing/protocols/rpc_v2'
+      autoload :ApiGateway, 'aws-sdk-core/stubbing/protocols/api_gateway'
+    end
+  end
+end