aws-sdk-core 3.217.1 → 3.224.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 13c7508d3fe8738d7cf214927f7ce2c56291b98bd48140df95f9b870f4d47b22
-  data.tar.gz: b02761bcdae833ec72bde159bfbdebeaf31cbe6d1a133218b2431fcbb9678bef
+  metadata.gz: c0504743f3e3a403f83f5ee206527bedd7e65670b2398299eb608e9808694ced
+  data.tar.gz: 4fd94bb6f4e7f33f2b7e81b77e09fede47ef0385aab7002448dadbe2b569c91e
 SHA512:
-  metadata.gz: 97147bdd4fd7e610d78e9b058cc8b0db1b4dc88dcb7ec16aa4c9f08819d3c4e6acc965ddc8591b8e52f0f34b33c2beec1a76bdf39bbb6e34b405dd8c63fbe348
-  data.tar.gz: 8290e9fae3593b24ae2247882bdaced352fb4f86989b20493473ffa84685ede8c6ff7c4e46397a5711a0eeeedbd8bee5b3b8205571babb937f25f9b9e38e35bf
+  metadata.gz: b746c5749870287501ea3d1d0cdf968913d3c95331c520f62518a2bf17a7caa21c9c2454098feb42fba3f38d5db11f5e7835076f8b81c47dd284d4b428c447bb
+  data.tar.gz: 95695ed0514d2ed18fd9c9acdd14c975118fb2e3fced14f4c96274e357b7da3f59400e5ea8872bec9d1faba89212e638cd08178dfff3b2e27b9fda0ef9be8e69

data/CHANGELOG.md

@@ -1,6 +1,94 @@
 Unreleased Changes
 ------------------
 
+3.224.1 (2025-05-28)
+------------------
+
+* Issue - Signal data in http response listeners prior to writing, so that data can be inspected or verified before potential mutation.
+
+3.224.0 (2025-05-12)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Support `ENV['AWS_DISABLE_HOST_PREFIX_INJECTION']` and `disable_host_prefix_injection` shared config to disable host prefix injection for all services.
+
+3.223.0 (2025-05-01)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.222.3 (2025-04-28)
+------------------
+
+* Issue - Do not dynamically create operation methods from the API. (#3234)
+
+3.222.2 (2025-04-16)
+------------------
+
+* Issue - Additional metrics collection for credentials in the User-Agent plugin.
+
+3.222.1 (2025-03-28)
+------------------
+
+* Issue - Allow explicit modeled headers to override prefixed headers for `rest` protocols. 
+
+3.222.0 (2025-03-27)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - This release adds AwsAdditionalDetails in the CreateTokenWithIAM API response.
+
+3.221.0 (2025-03-24)
+------------------
+
+* Feature - Add `logger` as an explicit dependency for Ruby 3.5.
+* Issue - Enable ALPN over TLS for H2 Connection by default.
+* Issue - Fix HTTP-2 connections to properly use config values configured on the client.
+
+3.220.2 (2025-03-20)
+------------------
+
+* Issue - Enable ALPN over TLS for H2 by default.
+
+3.220.1 (2025-03-06)
+------------------
+
+* Issue - Convert stubs at request time.
+
+3.220.0 (2025-03-04)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.219.0 (2025-02-18)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.218.1 (2025-02-07)
+------------------
+
+* Issue - Add handling of block in ExtendedSession delegation (#3178).
+
+3.218.0 (2025-02-06)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
 3.217.1 (2025-01-30)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.217.1
+3.224.1

data/lib/aws-sdk-core/assume_role_credentials.rb

@@ -50,6 +50,7 @@ module Aws
       end
       @client = client_opts[:client] || STS::Client.new(client_opts)
       @async_refresh = true
+      @metrics = ['CREDENTIALS_STS_ASSUME_ROLE']
       super
     end
 

data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb

@@ -61,6 +61,7 @@ module Aws
         @assume_role_web_identity_params[:role_session_name] = _session_name
       end
       @client = client_opts[:client] || STS::Client.new(client_opts.merge(credentials: nil))
+      @metrics = ['CREDENTIALS_STS_ASSUME_ROLE_WEB_ID']
       super
     end
 

data/lib/aws-sdk-core/client_stubs.rb

@@ -15,27 +15,11 @@ module Aws
 
     # @api private
     def setup_stubbing
-      @stubs = {}
-      @stub_mutex = Mutex.new
       if Hash === @config.stub_responses
         @config.stub_responses.each do |operation_name, stubs|
           apply_stubs(operation_name, Array === stubs ? stubs : [stubs])
         end
       end
-
-      # When a client is stubbed allow the user to access the requests made
-      requests = @api_requests = []
-      requests_mutex = @requests_mutex = Mutex.new
-      self.handle do |context|
-        requests_mutex.synchronize do
-          requests << {
-            operation_name: context.operation_name,
-            params: context.params,
-            context: context
-          }
-        end
-        @handler.call(context)
-      end
     end
 
     # Configures what data / errors should be returned from the named operation
@@ -175,7 +159,7 @@ module Aws
     #   on a client that has not enabled response stubbing via
     #   `:stub_responses => true`.
     def stub_responses(operation_name, *stubs)
-      if config.stub_responses
+      if @config.stub_responses
         apply_stubs(operation_name, stubs.flatten)
       else
         msg = 'stubbing is not enabled; enable stubbing in the constructor '\
@@ -194,12 +178,12 @@ module Aws
     # @raise [NotImplementedError] Raises `NotImplementedError` when the client
     #   is not stubbed.
     def api_requests(options = {})
-      if config.stub_responses
-        @requests_mutex.synchronize do
+      if @config.stub_responses
+        @config.api_requests_mutex.synchronize do
           if options[:exclude_presign]
-            @api_requests.reject {|req| req[:context][:presigned_url] }
+            @config.api_requests.reject {|req| req[:context][:presigned_url] }
           else
-            @api_requests
+            @config.api_requests
           end
         end
       else
@@ -228,54 +212,44 @@ module Aws
     # @return [Structure] Returns a stubbed response data structure. The
     #   actual class returned will depend on the given `operation_name`.
     def stub_data(operation_name, data = {})
-      Stubbing::StubData.new(config.api.operation(operation_name)).stub(data)
+      Stubbing::StubData.new(@config.api.operation(operation_name)).stub(data)
     end
 
     # @api private
     def next_stub(context)
       operation_name = context.operation_name.to_sym
-      stub = @stub_mutex.synchronize do
-        stubs = @stubs[operation_name] || []
+      stub = @config.stubs_mutex.synchronize do
+        stubs = @config.stubs[operation_name] || []
         case stubs.length
-        when 0 then default_stub(operation_name)
+        when 0 then stub_data(operation_name)
         when 1 then stubs.first
         else stubs.shift
         end
       end
-      Proc === stub ? convert_stub(operation_name, stub.call(context)) : stub
+      stub = convert_stub(operation_name, stub, context)
+      stub[:mutex] = Mutex.new
+      stub
     end
 
     private
 
-    def default_stub(operation_name)
-      stub = stub_data(operation_name)
-      http_response_stub(operation_name, stub)
+    def apply_stubs(operation_name, stubs)
+      @config.stubs_mutex.synchronize do
+        @config.stubs[operation_name.to_sym] = stubs
+      end
     end
 
     # This method converts the given stub data and converts it to a
     # HTTP response (when possible). This enables the response stubbing
     # plugin to provide a HTTP response that triggers all normal events
     # during response handling.
-    def apply_stubs(operation_name, stubs)
-      @stub_mutex.synchronize do
-        @stubs[operation_name.to_sym] = stubs.map do |stub|
-          convert_stub(operation_name, stub)
-        end
-      end
-    end
-
-    def convert_stub(operation_name, stub)
-      stub = case stub
-      when Proc then stub
+    def convert_stub(operation_name, stub, context)
+      case stub
+      when Proc then convert_stub(operation_name, stub.call(context), context)
       when Exception, Class then { error: stub }
       when String then service_error_stub(stub)
-      when Hash then http_response_stub(operation_name, stub)
-      else { data: stub }
-      end
-      if Hash === stub
-        stub[:mutex] = Mutex.new
+      else http_response_stub(operation_name, stub)
       end
-      stub
     end
 
     def service_error_stub(error_code)
@@ -299,14 +273,14 @@ module Aws
     end
 
     def data_to_http_resp(operation_name, data)
-      api = config.api
+      api = @config.api
       operation = api.operation(operation_name)
       ParamValidator.new(operation.output, input: false).validate!(data)
       protocol_helper.stub_data(api, operation, data)
     end
 
     def protocol_helper
-      case config.api.metadata['protocol']
+      case @config.api.metadata['protocol']
       when 'json'               then Stubbing::Protocols::Json
       when 'rest-json'          then Stubbing::Protocols::RestJson
       when 'rest-xml'           then Stubbing::Protocols::RestXml

data/lib/aws-sdk-core/credential_provider.rb

@@ -9,6 +9,10 @@ module Aws
     # @return [Time]
     attr_reader :expiration
 
+    # @api private
+    # Returns UserAgent metrics for credentials.
+    attr_accessor :metrics
+
     # @return [Boolean]
     def set?
       !!@credentials && @credentials.set?

data/lib/aws-sdk-core/credential_provider_chain.rb

@@ -42,12 +42,14 @@ module Aws
 
     def static_credentials(options)
       if options[:config]
-        Credentials.new(
+        creds = Credentials.new(
           options[:config].access_key_id,
           options[:config].secret_access_key,
           options[:config].session_token,
           account_id: options[:config].account_id
         )
+        creds.metrics = ['CREDENTIALS_PROFILE']
+        creds
       end
     end
 
@@ -76,7 +78,9 @@ module Aws
 
     def static_profile_credentials(options)
       if options[:config] && options[:config].profile
-        SharedCredentials.new(profile_name: options[:config].profile)
+        creds = SharedCredentials.new(profile_name: options[:config].profile)
+        creds.metrics = ['CREDENTIALS_PROFILE']
+        creds
       end
     rescue Errors::NoSuchProfileError
       nil
@@ -85,7 +89,11 @@ module Aws
     def static_profile_process_credentials(options)
       if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
         process_provider = Aws.shared_config.credential_process(profile: options[:config].profile)
-        ProcessCredentials.new([process_provider]) if process_provider
+        if process_provider
+          creds = ProcessCredentials.new([process_provider])
+          creds.metrics << 'CREDENTIALS_PROFILE_PROCESS'
+          creds
+        end
       end
     rescue Errors::NoSuchProfileError
       nil
@@ -96,12 +104,14 @@ module Aws
       secret = %w[AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY]
       token =  %w[AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN]
       account_id = %w[AWS_ACCOUNT_ID]
-      Credentials.new(
+      creds = Credentials.new(
         envar(key),
         envar(secret),
         envar(token),
         account_id: envar(account_id)
       )
+      creds.metrics = ['CREDENTIALS_ENV_VARS']
+      creds
     end
 
     def envar(keys)
@@ -117,7 +127,9 @@ module Aws
 
     def shared_credentials(options)
       profile_name = determine_profile_name(options)
-      SharedCredentials.new(profile_name: profile_name)
+      creds = SharedCredentials.new(profile_name: profile_name)
+      creds.metrics = ['CREDENTIALS_PROFILE']
+      creds
     rescue Errors::NoSuchProfileError
       nil
     end
@@ -126,7 +138,11 @@ module Aws
       profile_name = determine_profile_name(options)
       if Aws.shared_config.config_enabled?
         process_provider = Aws.shared_config.credential_process(profile: profile_name)
-        ProcessCredentials.new([process_provider]) if process_provider
+        if process_provider
+          creds = ProcessCredentials.new([process_provider])
+          creds.metrics << 'CREDENTIALS_PROFILE_PROCESS'
+          creds
+        end
       end
     rescue Errors::NoSuchProfileError
       nil
@@ -156,7 +172,11 @@ module Aws
           role_session_name: ENV['AWS_ROLE_SESSION_NAME']
         }
         cfg[:region] = region if region
-        AssumeRoleWebIdentityCredentials.new(cfg)
+        Aws::Plugins::UserAgent.metric('CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN') do
+          creds = AssumeRoleWebIdentityCredentials.new(cfg)
+          creds.metrics << 'CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN'
+          creds
+        end
       elsif Aws.shared_config.config_enabled?
         profile = options[:config].profile if options[:config]
         Aws.shared_config.assume_role_web_identity_credentials_from_config(

data/lib/aws-sdk-core/credentials.rb

@@ -14,6 +14,7 @@ module Aws
       @secret_access_key = secret_access_key
       @session_token = session_token
       @account_id = kwargs[:account_id]
+      @metrics = ['CREDENTIALS_CODE']
     end
 
     # @return [String]
@@ -28,6 +29,11 @@ module Aws
     # @return [String, nil]
     attr_reader :account_id
 
+    # @api private
+    # Returns the credentials source. Used for tracking credentials
+    # related UserAgent metrics.
+    attr_accessor :metrics
+
     # @return [Credentials]
     def credentials
       self

data/lib/aws-sdk-core/ecs_credentials.rb

@@ -77,6 +77,7 @@ module Aws
       @http_debug_output = options[:http_debug_output]
       @backoff = backoff(options[:backoff])
       @async_refresh = false
+      @metrics = ['CREDENTIALS_HTTP']
       super
     end
 

data/lib/aws-sdk-core/errors.rb

@@ -68,7 +68,7 @@ module Aws
       end
     end
 
-    # Rasied when endpoint discovery failed for operations
+    # Raised when endpoint discovery failed for operations
     # that requires endpoints from endpoint discovery
     class EndpointDiscoveryError < RuntimeError
       def initialize(*args)
@@ -78,7 +78,7 @@ module Aws
       end
     end
 
-    # raised when hostLabel member is not provided
+    # Raised when hostLabel member is not provided
     # at operation input when endpoint trait is available
     # with 'hostPrefix' requirement
     class MissingEndpointHostLabelValue < RuntimeError

data/lib/aws-sdk-core/instance_profile_credentials.rb

@@ -90,6 +90,7 @@ module Aws
       @token = nil
       @no_refresh_until = nil
       @async_refresh = false
+      @metrics = ['CREDENTIALS_IMDS']
       super
     end
 

data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb

@@ -180,7 +180,6 @@ all generated client side metrics. Defaults to an empty string.
             complete_opts = {
               latency: end_time - start_time,
               attempt_count: context.retries + 1,
-              user_agent: context.http_request.headers["user-agent"],
               final_error_retryable: final_error_retryable,
               final_http_status_code: context.http_response.status_code,
               final_aws_exception: final_aws_exception,

data/lib/aws-sdk-core/plugins/endpoint_pattern.rb

@@ -4,62 +4,70 @@ module Aws
   module Plugins
     # @api private
     class EndpointPattern < Seahorse::Client::Plugin
-
-      option(:disable_host_prefix_injection,
+      option(
+        :disable_host_prefix_injection,
         default: false,
         doc_type: 'Boolean',
-        docstring: <<-DOCS
-Set to true to disable SDK automatically adding host prefix
-to default service endpoint when available.
-        DOCS
-      )
+        docstring: 'When `true`, the SDK will not prepend the modeled host prefix to the endpoint.'
+      ) do |cfg|
+        resolve_disable_host_prefix_injection(cfg)
+      end
 
-      def add_handlers(handlers, config)
+      def add_handlers(handlers, _config)
         handlers.add(Handler, priority: 10)
       end
 
-      class Handler < Seahorse::Client::Handler
+      class << self
+        private
+
+        def resolve_disable_host_prefix_injection(cfg)
+          value = ENV['AWS_DISABLE_HOST_PREFIX_INJECTION'] ||
+                  Aws.shared_config.disable_host_prefix_injection(profile: cfg.profile) ||
+                  'false'
+          value = Aws::Util.str_2_bool(value)
+          unless [true, false].include?(value)
+            raise ArgumentError,
+                  'Must provide either `true` or `false` for '\
+                    'disable_host_prefix_injection profile option or for '\
+                    'ENV[\'AWS_DISABLE_HOST_PREFIX_INJECTION\']'
+          end
+          value
+        end
+      end
 
+      # @api private
+      class Handler < Seahorse::Client::Handler
         def call(context)
-          if !context.config.disable_host_prefix_injection
+          unless context.config.disable_host_prefix_injection
             endpoint_trait = context.operation.endpoint_pattern
-            if endpoint_trait && !endpoint_trait.empty?
-              _apply_endpoint_trait(context, endpoint_trait)
-            end
+            apply_endpoint_trait(context, endpoint_trait) if endpoint_trait && !endpoint_trait.empty?
           end
           @handler.call(context)
         end
 
         private
 
-        def _apply_endpoint_trait(context, trait)
-          # currently only support host pattern
-          ori_host = context.http_request.endpoint.host
-          if pattern = trait['hostPrefix']
-            host_prefix = pattern.gsub(/\{.+?\}/) do |label|
-              label = label.delete("{}")
-              _replace_label_value(
-                ori_host, label, context.operation.input, context.params)
-            end
-            context.http_request.endpoint.host = host_prefix + context.http_request.endpoint.host
+        def apply_endpoint_trait(context, trait)
+          pattern = trait['hostPrefix']
+          return unless pattern
+
+          host_prefix = pattern.gsub(/\{.+?}/) do |label|
+            label = label.delete('{}')
+            replace_label_value(label, context.operation.input, context.params)
           end
+          context.http_request.endpoint.host = host_prefix + context.http_request.endpoint.host
         end
 
-        def _replace_label_value(ori, label, input_ref, params)
+        def replace_label_value(label, input_ref, params)
           name = nil
           input_ref.shape.members.each do |m_name, ref|
-            if ref['hostLabel'] && ref['hostLabelName'] == label
-              name = m_name
-            end
-          end
-          if name.nil? || params[name].nil?
-            raise Errors::MissingEndpointHostLabelValue.new(name)
+            name = m_name if ref['hostLabel'] && ref['hostLabelName'] == label
           end
+          raise Errors::MissingEndpointHostLabelValue, name if name.nil? || params[name].nil?
+
           params[name]
         end
-
       end
-
     end
   end
 end

data/lib/aws-sdk-core/plugins/sign.rb

@@ -41,6 +41,7 @@ module Aws
       class Handler < Seahorse::Client::Handler
         def call(context)
           # Skip signing if using sigv2 signing from s3_signer in S3
+          credentials = nil
           unless v2_signing?(context.config)
             signer = Sign.signer_for(
               context[:auth_scheme],
@@ -48,13 +49,20 @@ module Aws
               context[:sigv4_region],
               context[:sigv4_credentials]
             )
+            credentials = signer.credentials if signer.is_a?(SignatureV4)
             signer.sign(context)
           end
-          @handler.call(context)
+          with_metrics(credentials) { @handler.call(context) }
         end
 
         private
 
+        def with_metrics(credentials, &block)
+          return block.call unless credentials&.respond_to?(:metrics)
+
+          Aws::Plugins::UserAgent.metric(*credentials.metrics, &block)
+        end
+
         def v2_signing?(config)
           # 's3' is legacy signing, 'v4' is default
           config.respond_to?(:signature_version) &&
@@ -92,6 +100,8 @@ module Aws
 
       # @api private
       class SignatureV4
+        attr_reader :signer
+
         def initialize(auth_scheme, config, sigv4_overrides = {})
           scheme_name = auth_scheme['name']
 
@@ -155,6 +165,10 @@ module Aws
           @signer.sign_event(*args)
         end
 
+        def credentials
+          @signer.credentials_provider
+        end
+
         private
 
         def apply_authtype(context, req)

data/lib/aws-sdk-core/plugins/stub_responses.rb

@@ -29,8 +29,16 @@ requests are made, and retries are disabled.
         end
       end
 
+      option(:stubs) { {} }
+      option(:stubs_mutex) { Mutex.new }
+      option(:api_requests) { [] }
+      option(:api_requests_mutex) { Mutex.new }
+
       def add_handlers(handlers, config)
-        handlers.add(Handler, step: :send) if config.stub_responses
+        return unless config.stub_responses
+
+        handlers.add(ApiRequestsHandler)
+        handlers.add(StubbingHandler, step: :send)
       end
 
       def after_initialize(client)
@@ -46,8 +54,20 @@ requests are made, and retries are disabled.
         end
       end
 
-      class Handler < Seahorse::Client::Handler
+      class ApiRequestsHandler < Seahorse::Client::Handler
+        def call(context)
+          context.config.api_requests_mutex.synchronize do
+            context.config.api_requests << {
+              operation_name: context.operation_name,
+              params: context.params,
+              context: context
+            }
+          end
+          @handler.call(context)
+        end
+      end
 
+      class StubbingHandler < Seahorse::Client::Handler
         def call(context)
           span_wrapper(context) do
             stub_responses(context)
@@ -57,14 +77,10 @@ requests are made, and retries are disabled.
         private
 
         def stub_responses(context)
-          stub = context.client.next_stub(context)
           resp = Seahorse::Client::Response.new(context: context)
           async_mode = context.client.is_a? Seahorse::Client::AsyncBase
-          if Hash === stub && stub[:mutex]
-            stub[:mutex].synchronize { apply_stub(stub, resp, async_mode) }
-          else
-            apply_stub(stub, resp, async_mode)
-          end
+          stub = context.client.next_stub(context)
+          stub[:mutex].synchronize { apply_stub(stub, resp, async_mode) }
 
           if async_mode
             Seahorse::Client::AsyncResponse.new(