aws-sdk-core 3.209.1 → 3.240.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b21a55766ac3b065464e202f9e5e8eaa449fb1b186776cc439f9ef6859c51923
-  data.tar.gz: d0602af7e12f340646722e0ca65ebbe1b9950d8b7ac7da1da2bfaf22a6723fbb
+  metadata.gz: bfea66796a6586854e469946701deeb09f2b344e82967f505262052efea4c972
+  data.tar.gz: 98d0d7a3da929b82b7b14098d0041532d94ec0f88bfa04e74c5bcf8286e090b3
 SHA512:
-  metadata.gz: dce3b13eced2c29beecdbc6929836c9917cc0d7524033cb76e0ea7ae6cf6f01c87b9f0f07a88a17197cb2989c4addf3a9c303acbdb6cf5fb331ecb328d16feec
-  data.tar.gz: ace0cb1e6d8e05083601c36607a3c8d6902a72a36cec481081939626ce8399fa43b603b42d6fb026cddce1ec51ab98f405a02e6fa4eb861aabe23aa658519457
+  metadata.gz: 65092f9f2795f01ee929393ccdbb06ca55d2e0ea420ac7004c0d24fe6bfd9e3b155cd2d4869b96a6deb64e65c8d4fd0e917e8834ea0cac3602a9289df6de4c4f
+  data.tar.gz: 806b5e412f3a25b956d607f948e957e71241b25fdea11306d43a9752570d5daa80e33740c543bc499d74412d63db8325c9c9bf39ae4738c971e318ac33503b47

data/CHANGELOG.md

@@ -1,6 +1,337 @@
 Unreleased Changes
 ------------------
 
+3.240.0 (2025-12-16)
+------------------
+
+* Feature - Updated configuration values for `defaults_mode`.
+
+* Issue - Prioritizes JSON over CBOR when both are supported for stubbed clients.
+
+3.239.2 (2025-11-25)
+------------------
+
+* Issue - Fix `login_credentials` in credentials chain when config is enabled.
+
+3.239.1 (2025-11-21)
+------------------
+
+* Issue - Fixed HTTP/2 connection issues when using custom ports.
+
+3.239.0 (2025-11-20)
+------------------
+
+* Feature - Updated Aws::Signin::Client with the latest API changes.
+
+* Issue - Fix region configuration for LoginCredential's Signin client.
+
+3.238.0 (2025-11-19)
+------------------
+
+* Feature - Updated Aws::Signin::Client with the latest API changes.
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - IAM now supports outbound identity federation via the STS GetWebIdentityToken API, enabling AWS workloads to securely authenticate with external services using short-lived JSON Web Tokens.
+
+* Feature - Add `LoginCredentials` which retrieves credentials from AWS Sign-In. Support `aws-sdk-signin` alias gem.
+
+3.237.0 (2025-11-10)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Added GetDelegatedAccessToken API, which is not available for general use at this time.
+
+3.236.0 (2025-10-30)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Update endpoint ruleset parameters casing
+
+3.235.0 (2025-10-24)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Update endpoint ruleset parameters casing
+
+3.234.0 (2025-10-21)
+------------------
+
+* Issue - Fix `request_checksum_calculation` `when_required` mode to only calculate checksums when explicitly provided by user.
+
+* Feature - Add `CREDENTIALS_CODE` metric for `static_profile_` prefixed methods in default credential chain.
+
+3.233.0 (2025-09-23)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - This release includes exception definition and documentation updates.
+
+3.232.0 (2025-08-28)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Remove incorrect endpoint tests
+
+3.231.0 (2025-08-26)
+------------------
+
+* Feature - Remove incorrect endpoint tests
+
+* Feature - Add support for ENV as credential source for `AssumeRoleCredentials`.
+
+3.230.0 (2025-08-21)
+------------------
+
+* Feature - Remove incorrect endpoint tests
+
+3.229.0 (2025-08-04)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.228.0 (2025-07-31)
+------------------
+
+* Feature - Add `bigdecimal` as a dependency. For systems that are not able to build native extension gems, prefer the locally installed `bigdecimal` with `bundle install --prefer-local`.
+
+3.227.0 (2025-07-21)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Support an auth scheme signing preference list using `ENV['AWS_AUTH_SCHEME_PREFERENCE']` or `auth_scheme_preference` in shared configuration.
+
+* Feature - Support metric tracking for Bedrock Bearer tokens.
+
+3.226.3 (2025-07-17)
+------------------
+
+* Issue - Skip `Aws::InstanceProfileCredentials` instantiation when `ENV['AWS_EC2_METADATA_DISABLED']` is set to `true` in the credential resolution chain.
+
+* Issue - Refactor `InstanceProfileCredentials` to improve code clarity and documentation. 
+
+3.226.2 (2025-07-01)
+------------------
+
+* Issue - Document incorrect behavior in protocol error parsing (specifically around query and query compatible services).
+
+3.226.1 (2025-06-24)
+------------------
+
+* Issue - Fixed spelling in the `Aws::Errors::SignalEventError` error message.
+
+3.226.0 (2025-06-17)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - The AWS Security Token Service APIs AssumeRoleWithSAML and AssumeRoleWithWebIdentity can now be invoked without pre-configured AWS credentials in the SDK configuration.
+
+3.225.2 (2025-06-10)
+------------------
+
+* Issue - Only load required `cgi` modules for Ruby 3.5.
+
+3.225.1 (2025-06-05)
+------------------
+
+* Issue - Fix RPCv2 parser to handle flattened list and flattened map members correctly for `AwsQueryCompatible` services.
+
+3.225.0 (2025-06-02)
+------------------
+
+* Feature - AWS SDK for Ruby no longer supports Ruby runtime versions 2.5 and 2.6.
+
+3.224.1 (2025-05-28)
+------------------
+
+* Issue - Signal data in http response listeners prior to writing, so that data can be inspected or verified before potential mutation.
+
+3.224.0 (2025-05-12)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Support `ENV['AWS_DISABLE_HOST_PREFIX_INJECTION']` and `disable_host_prefix_injection` shared config to disable host prefix injection for all services.
+
+3.223.0 (2025-05-01)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.222.3 (2025-04-28)
+------------------
+
+* Issue - Do not dynamically create operation methods from the API. (#3234)
+
+3.222.2 (2025-04-16)
+------------------
+
+* Issue - Additional metrics collection for credentials in the User-Agent plugin.
+
+3.222.1 (2025-03-28)
+------------------
+
+* Issue - Allow explicit modeled headers to override prefixed headers for `rest` protocols. 
+
+3.222.0 (2025-03-27)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - This release adds AwsAdditionalDetails in the CreateTokenWithIAM API response.
+
+3.221.0 (2025-03-24)
+------------------
+
+* Feature - Add `logger` as an explicit dependency for Ruby 3.5.
+* Issue - Enable ALPN over TLS for H2 Connection by default.
+* Issue - Fix HTTP-2 connections to properly use config values configured on the client.
+
+3.220.2 (2025-03-20)
+------------------
+
+* Issue - Enable ALPN over TLS for H2 by default.
+
+3.220.1 (2025-03-06)
+------------------
+
+* Issue - Convert stubs at request time.
+
+3.220.0 (2025-03-04)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.219.0 (2025-02-18)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.218.1 (2025-02-07)
+------------------
+
+* Issue - Add handling of block in ExtendedSession delegation (#3178).
+
+3.218.0 (2025-02-06)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.217.1 (2025-01-30)
+------------------
+
+* Issue - Add `transfer-encoding` and `connection` to list of unsigned sigv4 headers.
+
+3.217.0 (2025-01-24)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Fixed typos in the descriptions.
+
+3.216.1 (2025-01-22)
+------------------
+
+* Issue - Use epoch seconds instead of milliseconds in cbor encode/decode.
+
+* Issue - Add handling of block in response delegation (#3169). 
+
+3.216.0 (2025-01-15)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Always calculate request checksums for operations that support or require it. Supported config options are `when_supported` and `when_required`. The default value is `when_supported`. This option is configured in code with `:request_checksum_calculation`, in the shared config file as `request_checksum_calculation`, and in the ENV as `ENV['AWS_REQUEST_CHECKSUM_CALCULATION']`.
+
+* Feature - Always validate response checksums for operations that support or require it. Supported config options are `when_supported` and `when_required`. The default value is `when_supported`. This option is configured in code with `:response_checksum_validation`, in the shared config file as `response_checksum_validation`, and in the ENV as `ENV['AWS_RESPONSE_CHECKSUM_VALIDATION']`.
+
+* Feature - Support CRC64NVME checksums through the `aws-crt` gem.
+
+3.215.1 (2025-01-14)
+------------------
+
+* Issue - Fixed error when attempting to log an unlinked tempfile.
+
+3.215.0 (2025-01-10)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Fixed typos in the descriptions.
+
+3.214.1 (2024-12-28)
+------------------
+
+* Issue - Fix documentation that references a non-existent method.
+
+3.214.0 (2024-11-25)
+------------------
+
+* Feature - Updated configuration values for `defaults_mode`.
+
+3.213.0 (2024-11-14)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - This release introduces the new API 'AssumeRoot', which returns short-term credentials that you can use to perform privileged tasks.
+
+3.212.0 (2024-11-06)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.211.0 (2024-10-21)
+------------------
+
+* Feature - Support functionality for services that migrate from AWS Query to AWS JSON or CBOR.
+
+* Issue - Fix RPCv2 protocol to always send an Accept header for CBOR.
+
+3.210.0 (2024-10-18)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - reduce memory usage by not using legacy endpoint data unless required.
+
 3.209.1 (2024-09-25)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.209.1
+3.240.0

data/lib/aws-sdk-core/arn.rb

@@ -24,9 +24,7 @@ module Aws
   #   arn.resource
   #   # => foo/bar
   #
-  #   # Note: parser available for parsing resource details
-  #   @see Aws::ARNParser#parse_resource
-  #
+  # @see ARNParser
   # @see https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns
   class ARN
 

data/lib/aws-sdk-core/assume_role_credentials.rb

@@ -7,7 +7,7 @@ module Aws
   # {Aws::STS::Client#assume_role}.
   #
   #     role_credentials = Aws::AssumeRoleCredentials.new(
-  #       client: Aws::STS::Client.new(...),
+  #       client: Aws::STS::Client.new(sts_options),
   #       role_arn: "linked::account::arn",
   #       role_session_name: "session-name"
   #     )
@@ -28,15 +28,15 @@ module Aws
     # @option options [Integer] :duration_seconds
     # @option options [String] :external_id
     # @option options [STS::Client] :client
-    # @option options [Callable] before_refresh Proc called before
+    # @option options [Proc] :before_refresh A Proc called before
     #   credentials are refreshed.  Useful for updating tokens.
-    #   `before_refresh` is called when AWS credentials are
-    #   required and need to be refreshed. Tokens can be refreshed using
-    #   the following example:
+    #   `:before_refresh` is called when AWS credentials are
+    #   required and need to be refreshed. See the example in this doc.
     #
-    #      before_refresh = Proc.new do |assume_role_credentials| do
-    #        assume_role_credentials.assume_role_params['token_code'] = update_token
-    #      end
+    # @example Tokens can be refreshed using a Proc.
+    #   before_refresh = Proc.new do |assume_role_credentials|
+    #     assume_role_credentials.assume_role_params['token_code'] = update_token
+    #   end
     #
     def initialize(options = {})
       client_opts = {}
@@ -50,6 +50,7 @@ module Aws
       end
       @client = client_opts[:client] || STS::Client.new(client_opts)
       @async_refresh = true
+      @metrics = ['CREDENTIALS_STS_ASSUME_ROLE']
       super
     end
 

data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb

@@ -9,11 +9,11 @@ module Aws
   # {Aws::STS::Client#assume_role_with_web_identity}.
   #
   #     role_credentials = Aws::AssumeRoleWebIdentityCredentials.new(
-  #       client: Aws::STS::Client.new(...),
+  #       client: Aws::STS::Client.new(sts_options),
   #       role_arn: "linked::account::arn",
   #       web_identity_token_file: "/path/to/token/file",
   #       role_session_name: "session-name"
-  #       ...
+  #       # ...
   #     )
   #     ec2 = Aws::EC2::Client.new(credentials: role_credentials)
   #
@@ -61,6 +61,7 @@ module Aws
         @assume_role_web_identity_params[:role_session_name] = _session_name
       end
       @client = client_opts[:client] || STS::Client.new(client_opts.merge(credentials: nil))
+      @metrics = ['CREDENTIALS_STS_ASSUME_ROLE_WEB_ID']
       super
     end
 

data/lib/aws-sdk-core/cbor/decoder.rb

@@ -61,9 +61,7 @@ module Aws
         when :tag
           case (tag = read_tag)
           when TAG_TYPE_EPOCH
-            type = peek_type
             item = decode_item
-            item /= 1000.0 if type == :integer
             Time.at(item)
           when TAG_TYPE_BIGNUM, TAG_TYPE_NEG_BIGNUM
             read_bignum(tag)

data/lib/aws-sdk-core/cbor/encoder.rb

@@ -226,8 +226,8 @@ module Aws
 
       def add_time(value)
         head(MAJOR_TYPE_TAG, TAG_TYPE_EPOCH)
-        epoch_ms = (value.to_f * 1000).to_i
-        add_integer(epoch_ms)
+        epoch = value.to_f
+        add_double(epoch)
       end
 
       def bignum_to_bytes(value)

data/lib/aws-sdk-core/cbor.rb

@@ -1,5 +1,8 @@
 # frozen_string_literal: true
 
+require_relative 'cbor/encoder'
+require_relative 'cbor/decoder'
+
 module Aws
   # @api private
   module Cbor
@@ -46,61 +49,5 @@ module Aws
         super("Unexpected additional information: #{add_info}")
       end
     end
-
-    class << self
-      # @param [Symbol,Class] engine
-      #   Must be one of the following values:
-      #
-      #   * :cbor
-      #
-      def engine=(engine)
-        @engine = Class === engine ? engine : load_engine(engine)
-      end
-
-      # @return [Class] Returns the default engine.
-      #   One of:
-      #
-      #   * {CborEngine}
-      #
-      def engine
-        set_default_engine unless @engine
-        @engine
-      end
-
-      def encode(data)
-        @engine.encode(data)
-      end
-
-      def decode(bytes)
-        bytes.force_encoding(Encoding::BINARY)
-        @engine.decode(bytes)
-      end
-
-      def set_default_engine
-        [:cbor].each do |name|
-          @engine ||= try_load_engine(name)
-        end
-
-        unless @engine
-          raise 'Unable to find a compatible cbor library.'
-        end
-      end
-
-      private
-
-      def load_engine(name)
-        require "aws-sdk-core/cbor/#{name}_engine"
-        const_name = name[0].upcase + name[1..-1] + 'Engine'
-        const_get(const_name)
-      end
-
-      def try_load_engine(name)
-        load_engine(name)
-      rescue LoadError
-        false
-      end
-    end
-
-    set_default_engine
   end
 end

data/lib/aws-sdk-core/client_stubs.rb

@@ -15,27 +15,11 @@ module Aws
 
     # @api private
     def setup_stubbing
-      @stubs = {}
-      @stub_mutex = Mutex.new
       if Hash === @config.stub_responses
         @config.stub_responses.each do |operation_name, stubs|
           apply_stubs(operation_name, Array === stubs ? stubs : [stubs])
         end
       end
-
-      # When a client is stubbed allow the user to access the requests made
-      requests = @api_requests = []
-      requests_mutex = @requests_mutex = Mutex.new
-      self.handle do |context|
-        requests_mutex.synchronize do
-          requests << {
-            operation_name: context.operation_name,
-            params: context.params,
-            context: context
-          }
-        end
-        @handler.call(context)
-      end
     end
 
     # Configures what data / errors should be returned from the named operation
@@ -175,7 +159,7 @@ module Aws
     #   on a client that has not enabled response stubbing via
     #   `:stub_responses => true`.
     def stub_responses(operation_name, *stubs)
-      if config.stub_responses
+      if @config.stub_responses
         apply_stubs(operation_name, stubs.flatten)
       else
         msg = 'stubbing is not enabled; enable stubbing in the constructor '\
@@ -194,12 +178,12 @@ module Aws
     # @raise [NotImplementedError] Raises `NotImplementedError` when the client
     #   is not stubbed.
     def api_requests(options = {})
-      if config.stub_responses
-        @requests_mutex.synchronize do
+      if @config.stub_responses
+        @config.api_requests_mutex.synchronize do
           if options[:exclude_presign]
-            @api_requests.reject {|req| req[:context][:presigned_url] }
+            @config.api_requests.reject {|req| req[:context][:presigned_url] }
           else
-            @api_requests
+            @config.api_requests
           end
         end
       else
@@ -228,54 +212,44 @@ module Aws
     # @return [Structure] Returns a stubbed response data structure. The
     #   actual class returned will depend on the given `operation_name`.
     def stub_data(operation_name, data = {})
-      Stubbing::StubData.new(config.api.operation(operation_name)).stub(data)
+      Stubbing::StubData.new(@config.api.operation(operation_name)).stub(data)
     end
 
     # @api private
     def next_stub(context)
       operation_name = context.operation_name.to_sym
-      stub = @stub_mutex.synchronize do
-        stubs = @stubs[operation_name] || []
+      stub = @config.stubs_mutex.synchronize do
+        stubs = @config.stubs[operation_name] || []
         case stubs.length
-        when 0 then default_stub(operation_name)
+        when 0 then stub_data(operation_name)
         when 1 then stubs.first
         else stubs.shift
         end
       end
-      Proc === stub ? convert_stub(operation_name, stub.call(context)) : stub
+      stub = convert_stub(operation_name, stub, context)
+      stub[:mutex] = Mutex.new
+      stub
     end
 
     private
 
-    def default_stub(operation_name)
-      stub = stub_data(operation_name)
-      http_response_stub(operation_name, stub)
+    def apply_stubs(operation_name, stubs)
+      @config.stubs_mutex.synchronize do
+        @config.stubs[operation_name.to_sym] = stubs
+      end
     end
 
     # This method converts the given stub data and converts it to a
     # HTTP response (when possible). This enables the response stubbing
     # plugin to provide a HTTP response that triggers all normal events
     # during response handling.
-    def apply_stubs(operation_name, stubs)
-      @stub_mutex.synchronize do
-        @stubs[operation_name.to_sym] = stubs.map do |stub|
-          convert_stub(operation_name, stub)
-        end
-      end
-    end
-
-    def convert_stub(operation_name, stub)
-      stub = case stub
-      when Proc then stub
+    def convert_stub(operation_name, stub, context)
+      case stub
+      when Proc then convert_stub(operation_name, stub.call(context), context)
       when Exception, Class then { error: stub }
       when String then service_error_stub(stub)
-      when Hash then http_response_stub(operation_name, stub)
-      else { data: stub }
-      end
-      if Hash === stub
-        stub[:mutex] = Mutex.new
+      else http_response_stub(operation_name, stub)
       end
-      stub
     end
 
     def service_error_stub(error_code)
@@ -299,22 +273,28 @@ module Aws
     end
 
     def data_to_http_resp(operation_name, data)
-      api = config.api
+      api = @config.api
       operation = api.operation(operation_name)
       ParamValidator.new(operation.output, input: false).validate!(data)
       protocol_helper.stub_data(api, operation, data)
     end
 
     def protocol_helper
-      case config.api.metadata['protocol']
-      when 'json'        then Stubbing::Protocols::Json
-      when 'rest-json'   then Stubbing::Protocols::RestJson
-      when 'rest-xml'    then Stubbing::Protocols::RestXml
-      when 'query'       then Stubbing::Protocols::Query
-      when 'ec2'         then Stubbing::Protocols::EC2
+      # Prioritize JSON over CBOR when CBOR is the configured protocol but both are supported. This is to match similar
+      # prioritization in service.rb code generation.
+      if @config.api.metadata['protocol'] == 'smithy-rpc-v2-cbor' && @config.api.metadata['protocols']&.include?('json')
+        return Stubbing::Protocols::Json.new
+      end
+
+      case @config.api.metadata['protocol']
+      when 'json'               then Stubbing::Protocols::Json
+      when 'rest-json'          then Stubbing::Protocols::RestJson
+      when 'rest-xml'           then Stubbing::Protocols::RestXml
+      when 'query'              then Stubbing::Protocols::Query
+      when 'ec2'                then Stubbing::Protocols::EC2
       when 'smithy-rpc-v2-cbor' then Stubbing::Protocols::RpcV2
-      when 'api-gateway' then Stubbing::Protocols::ApiGateway
-      else raise "unsupported protocol"
+      when 'api-gateway'        then Stubbing::Protocols::ApiGateway
+      else raise 'unsupported protocol'
       end.new
     end
   end

data/lib/aws-sdk-core/credential_provider.rb

@@ -9,6 +9,10 @@ module Aws
     # @return [Time]
     attr_reader :expiration
 
+    # @api private
+    # Returns UserAgent metrics for credentials.
+    attr_accessor :metrics
+
     # @return [Boolean]
     def set?
       !!@credentials && @credentials.set?