aws-sdk-core 3.31.0 → 3.168.4

data/lib/aws-sdk-core/log/formatter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'pathname'
 
 module Aws
@@ -83,6 +85,9 @@ module Aws
       #   The default list of filtered parameters is documented on the
       #   {ParamFilter} class.
       #
+      # @option options [Boolean] :filter_sensitive_params (true) Set to false
+      #   to disable the sensitive parameter filtering when logging
+      #   `:request_params`.
       def initialize(pattern, options = {})
         @pattern = pattern
         @param_formatter = ParamFormatter.new(options)
@@ -92,12 +97,12 @@ module Aws
       # @return [String]
       attr_reader :pattern
 
-      # Given a resopnse, this will format a log message and return it as a
+      # Given a response, this will format a log message and return it as a
       #   string according to {#pattern}.
       # @param [Seahorse::Client::Response] response
       # @return [String]
       def format(response)
-        pattern.gsub(/:(\w+)/) {|sym| send("_#{sym[1..-1]}", response) }
+        pattern.gsub(/:(\w+)/) { |sym| send("_#{sym[1..-1]}", response) }
       end
 
       # @api private
@@ -121,7 +126,8 @@ module Aws
 
       def _request_params(response)
         params = response.context.params
-        @param_formatter.summarize(@param_filter.filter(params))
+        type = response.context.operation.input.shape.struct_class
+        @param_formatter.summarize(@param_filter.filter(params, type))
       end
 
       def _time(response)
@@ -171,7 +177,13 @@ module Aws
       end
 
       def _http_response_body(response)
-        @param_formatter.summarize(response.context.http_response.body_contents)
+        if response.context.http_response.body.respond_to?(:rewind)
+          @param_formatter.summarize(
+            response.context.http_response.body_contents
+          )
+        else
+          ''
+        end
       end
 
       def _error_class(response)

data/lib/aws-sdk-core/log/handler.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Seahorse
   module Client
     module Logging

data/lib/aws-sdk-core/log/param_filter.rb

@@ -1,43 +1,68 @@
+# frozen_string_literal: true
+
 require 'pathname'
 require 'set'
 
 module Aws
   module Log
     class ParamFilter
-
+      # DEPRECATED - This must exist for backwards compatibility. Sensitive
+      # members are now computed for each request/response type. This can be
+      # removed in a new major version. This list is no longer updated.
+      #
       # A managed list of sensitive parameters that should be filtered from
       # logs. This is updated automatically as part of each release. See the
-      # `tasks/sensitive.rake` for more information.
+      # `tasks/update-sensitive-params.rake` for more information.
       #
       # @api private
       # begin
-      SENSITIVE = [:access_token, :account_name, :account_password, :admin_contact, :artifact_credentials, :auth_code, :authentication_token, :base_32_string_seed, :body, :bot_configuration, :client_id, :client_secret, :configuration, :copy_source_sse_customer_key, :credentials, :custom_attributes, :db_password, :description, :display_name, :email, :email_address, :email_message, :feedback_token, :id, :id_token, :input, :input_text, :key_id, :kms_key_id, :kms_master_key_id, :local_console_password, :master_account_email, :master_user_password, :message, :name, :new_password, :notes, :old_password, :owner_information, :parameters, :passphrase, :password, :payload, :plaintext, :previous_password, :private_key, :proposed_password, :public_key, :qr_code_png, :query, :refresh_token, :registrant_contact, :request_attributes, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :service_password, :session_attributes, :share_notes, :shared_secret, :slots, :sse_customer_key, :ssekms_key_id, :status_message, :task_parameters, :tech_contact, :temporary_password, :text, :trust_password, :upload_credentials, :upload_url, :username, :value, :values, :variables, :zip_file]
+      SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :alexa_for_business_room_arn, :artifact_credentials, :auth_code, :auth_parameters, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :basic_auth_credentials, :block, :block_address, :block_data, :blocks, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_request_token, :client_secret, :comment, :configuration, :content, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :destination_access_token, :digest_tip_address, :display_name, :domain_signing_private_key, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :emergency_phone_number, :error, :external_meeting_id, :external_model_endpoint_data_blobs, :external_user_id, :fall_back_phone_number, :feedback_token, :file, :filter_expression, :first_name, :full_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :join_token, :key, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_name, :master_user_password, :meeting_host_id, :message, :metadata, :name, :new_password, :next_password, :notes, :number, :oauth_token, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :private_key_plaintext, :proof, :proposed_password, :proxy_phone_number, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :resource_arn, :restore_metadata, :revision, :saml_assertion, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :session_token, :share_notes, :shared_secret, :slots, :sns_topic_arn, :source_access_token, :sqs_queue_arn, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :test_phone_number, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :web_identity_token, :zip_file]
       # end
 
       def initialize(options = {})
-        @filters = Set.new(SENSITIVE + Array(options[:filter]))
+        @enabled = options[:filter_sensitive_params] != false
+        @additional_filters = options[:filter] || []
       end
 
-      def filter(value)
-        case value
-        when Struct, Hash then filter_hash(value)
-        when Array then filter_array(value)
-        else value
+      def filter(values, type)
+        case values
+        when Struct then filter_struct(values, type)
+        when Hash then filter_hash(values, type)
+        when Array then filter_array(values, type)
+        else values
         end
       end
 
       private
 
-      def filter_hash(values)
+      def filter_struct(values, type)
+        if values.class.include? Aws::Structure::Union
+          values = { values.member => values.value }
+        end
+        filter_hash(values, type)
+      end
+
+      def filter_hash(values, type)
+        if type.const_defined?('SENSITIVE')
+          filters = type::SENSITIVE + @additional_filters
+        else
+          # Support backwards compatibility (new core + old service)
+          filters = SENSITIVE + @additional_filters
+        end
+
         filtered = {}
         values.each_pair do |key, value|
-          filtered[key] = @filters.include?(key) ? '[FILTERED]' : filter(value)
+          filtered[key] = if @enabled && filters.include?(key)
+            '[FILTERED]'
+          else
+            filter(value, type)
+          end
         end
         filtered
       end
 
-      def filter_array(values)
-        values.map { |value| filter(value) }
+      def filter_array(values, type)
+        values.map { |value| filter(value, type) }
       end
 
     end

data/lib/aws-sdk-core/log/param_formatter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'pathname'
 
 module Aws

data/lib/aws-sdk-core/pageable_response.rb

@@ -1,40 +1,58 @@
-module Aws
+# frozen_string_literal: true
 
-  # Decorates a {Seahorse::Client::Response} with paging methods:
-  #
-  #     resp = s3.list_objects(params)
-  #     resp.last_page?
-  #     #=> false
+module Aws
+  # Decorates a {Seahorse::Client::Response} with paging convenience methods.
+  # Some AWS calls provide paged responses to limit the amount of data returned
+  # with each response. To optimize for latency, some APIs may return an
+  # inconsistent number of responses per page. You should rely on the values of
+  # the `next_page?` method or using enumerable methods such as `each` rather
+  # than the number of items returned to iterate through results. See below for
+  # examples.
   #
-  #     # sends a request to receive the next response page
-  #     resp = resp.next_page
-  #     resp.last_page?
-  #     #=> true
+  # @note Methods such as `to_json` will enumerate all of the responses before
+  #   returning the full response as JSON.
   #
-  #     resp.next_page
-  #     #=> raises PageableResponse::LastPageError
+  # # Paged Responses Are Enumerable
+  # The simplest way to handle paged response data is to use the built-in
+  # enumerator in the response object, as shown in the following example.
   #
-  # You can enumerate all response pages with a block
+  #     s3 = Aws::S3::Client.new
   #
-  #     ec2.describe_instances(params).each do |page|
-  #       # yields once per page
-  #       page.reservations.each do |r|
-  #         # ...
-  #       end
+  #     s3.list_objects(bucket:'aws-sdk').each do |response|
+  #       puts response.contents.map(&:key)
   #     end
   #
-  # Or using {#next_page} and {#last_page?}:
+  # This yields one response object per API call made, and enumerates objects
+  # in the named bucket. The SDK retrieves additional pages of data to
+  # complete the request.
+  #
+  # # Handling Paged Responses Manually
+  # To handle paging yourself, use the response’s `next_page?` method to verify
+  # there are more pages to retrieve, or use the last_page? method to verify
+  # there are no more pages to retrieve.
+  #
+  # If there are more pages, use the `next_page` method to retrieve the
+  # next page of results, as shown in the following example.
   #
-  #     resp.last_page?
-  #     resp = resp.next_page until resp.last_page?
+  #     s3 = Aws::S3::Client.new
+  #
+  #     # Get the first page of data
+  #     response = s3.list_objects(bucket:'aws-sdk')
+  #
+  #     # Get additional pages
+  #     while response.next_page? do
+  #       response = response.next_page
+  #       # Use the response data here...
+  #       puts response.contents.map(&:key)
+  #     end
   #
   module PageableResponse
 
-    def self.extended(base)
-      base.send(:extend, Enumerable)
-      base.send(:extend, UnsafeEnumerableMethods)
-      base.instance_variable_set("@last_page", nil)
-      base.instance_variable_set("@more_results", nil)
+    def self.apply(base)
+      base.extend Extension
+      base.instance_variable_set(:@last_page, nil)
+      base.instance_variable_set(:@more_results, nil)
+      base
     end
 
     # @return [Paging::Pager]
@@ -44,39 +62,26 @@ module Aws
     # when this method returns `false` will raise an error.
     # @return [Boolean]
     def last_page?
-      if @last_page.nil?
-        @last_page = !@pager.truncated?(self)
-      end
-      @last_page
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # Returns `true` if there are more results.  Calling {#next_page} will
     # return the next response.
     # @return [Boolean]
     def next_page?
-      !last_page?
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # @return [Seahorse::Client::Response]
     def next_page(params = {})
-      if last_page?
-        raise LastPageError.new(self)
-      else
-        next_response(params)
-      end
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # Yields the current and each following response to the given block.
     # @yieldparam [Response] response
     # @return [Enumerable,nil] Returns a new Enumerable if no block is given.
     def each(&block)
-      return enum_for(:each_page) unless block_given?
-      response = self
-      yield(response)
-      until response.last_page?
-        response = response.next_page
-        yield(response)
-      end
+      # Actual implementation is in PageableResponse::Extension
     end
     alias each_page each
 
@@ -87,9 +92,7 @@ module Aws
     # @return [Seahorse::Client::Response] Returns the next page of
     #   results.
     def next_response(params)
-      params = next_page_params(params)
-      request = context.client.build_request(context.operation_name, params)
-      request.send_request
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # @param [Hash] params A hash of additional request params to
@@ -97,7 +100,7 @@ module Aws
     # @return [Hash] Returns the hash of request parameters for the
     #   next page, merging any given params.
     def next_page_params(params)
-      context[:original_params].merge(@pager.next_tokens(self).merge(params))
+      # Actual implementation is in PageableResponse::Extension
     end
 
     # Raised when calling {PageableResponse#next_page} on a pager that
@@ -143,6 +146,74 @@ module Aws
         data.to_h
       end
 
+      def as_json(_options = {})
+        data.to_h(data, as_json: true)
+      end
+
+      def to_json(options = {})
+        as_json.to_json(options)
+      end
+    end
+
+    # The actual decorator module implementation. It is in a distinct module
+    # so that it can be used to extend objects without busting Ruby's constant cache.
+    # object.extend(mod) bust the constant cache only if `mod` contains constants of its own.
+    # @api private
+    module Extension
+
+      include Enumerable
+      include UnsafeEnumerableMethods
+
+      attr_accessor :pager
+
+      def last_page?
+        if @last_page.nil?
+          @last_page = !@pager.truncated?(self)
+        end
+        @last_page
+      end
+
+      def next_page?
+        !last_page?
+      end
+
+      def next_page(params = {})
+        if last_page?
+          raise LastPageError.new(self)
+        else
+          next_response(params)
+        end
+      end
+
+      def each(&block)
+        return enum_for(:each_page) unless block_given?
+        response = self
+        yield(response)
+        until response.last_page?
+          response = response.next_page
+          yield(response)
+        end
+      end
+      alias each_page each
+
+      private
+
+      def next_response(params)
+        params = next_page_params(params)
+        request = context.client.build_request(context.operation_name, params)
+        request.send_request
+      end
+
+      def next_page_params(params)
+        # Remove all previous tokens from original params
+        # Sometimes a token can be nil and merge would not include it.
+        tokens = @pager.tokens.values.map(&:to_sym)
+
+        params_without_tokens = context[:original_params].reject { |k, _v| tokens.include?(k) }
+        params_without_tokens.merge!(@pager.next_tokens(self).merge(params))
+        params_without_tokens
+      end
+
     end
   end
 end

data/lib/aws-sdk-core/pager.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'jmespath'
 
 module Aws
@@ -16,6 +18,9 @@ module Aws
     # @return [Symbol, nil]
     attr_reader :limit_key
 
+    # @return [Hash, nil]
+    attr_reader :tokens
+
     # @param [Seahorse::Client::Response] response
     # @return [Hash]
     def next_tokens(response)

data/lib/aws-sdk-core/param_converter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'stringio'
 require 'date'
 require 'time'

data/lib/aws-sdk-core/param_validator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   # @api private
   class ParamValidator
@@ -22,6 +24,7 @@ module Aws
         ShapeRef.new(shape: shape)
       end
       @validate_required = options[:validate_required] != false
+      @input = options[:input].nil? ? true : !!options[:input]
     end
 
     # @param [Hash] params
@@ -39,6 +42,7 @@ module Aws
       return unless correct_type?(ref, values, errors, context)
 
       if ref.eventstream
+        # input eventstream is provided from event signals
         values.each do |value|
           # each event is structure type
           case value[:message_type]
@@ -58,13 +62,22 @@ module Aws
         # ensure required members are present
         if @validate_required
           shape.required.each do |member_name|
-            if values[member_name].nil?
+            input_eventstream = ref.shape.member(member_name).eventstream && @input
+            if values[member_name].nil? && !input_eventstream
               param = "#{context}[#{member_name.inspect}]"
               errors << "missing required parameter #{param}"
             end
           end
         end
 
+        if @validate_required && shape.union
+          if values.length > 1
+            errors << "multiple values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}"
+          elsif values.length == 0
+            errors << "No values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}"
+          end
+        end
+
         # validate non-nil members
         values.each_pair do |name, value|
           unless value.nil?
@@ -112,11 +125,32 @@ module Aws
       end
     end
 
+    def document(ref, value, errors, context)
+      document_types = [Hash, Array, Numeric, String, TrueClass, FalseClass, NilClass]
+      unless document_types.any? { |t| value.is_a?(t) }
+        errors << expected_got(context, "one of #{document_types.join(', ')}", value)
+      end
+
+      # recursively validate types for aggregated types
+      case value
+      when Hash
+        value.each do |k, v|
+          document(ref, v, errors, context + "[#{k}]")
+        end
+      when Array
+        value.each do |v|
+          document(ref, v, errors, context)
+        end
+      end
+
+    end
+
     def shape(ref, value, errors, context)
       case ref.shape
       when StructureShape then structure(ref, value, errors, context)
       when ListShape then list(ref, value, errors, context)
       when MapShape then map(ref, value, errors, context)
+      when DocumentShape then document(ref, value, errors, context)
       when StringShape
         unless value.is_a?(String)
           errors << expected_got(context, "a String", value)
@@ -138,8 +172,22 @@ module Aws
           errors << expected_got(context, "true or false", value)
         end
       when BlobShape
-        unless io_like?(value) or value.is_a?(String)
-          errors << expected_got(context, "a String or IO object", value)
+        unless value.is_a?(String)
+          if streaming_input?(ref)
+            unless io_like?(value, _require_size = false)
+              errors << expected_got(
+                context,
+                "a String or IO like object that supports read and rewind",
+                value
+              )
+            end
+          elsif !io_like?(value, _require_size = true)
+            errors << expected_got(
+              context,
+              "a String or IO like object that supports read, rewind, and size",
+              value
+            )
+          end
         end
       else
         raise "unhandled shape type: #{ref.shape.class.name}"
@@ -147,6 +195,11 @@ module Aws
     end
 
     def correct_type?(ref, value, errors, context)
+      if ref.eventstream && @input
+        errors << "instead of providing value directly for eventstreams at input,"\
+                  " expected to use #signal events per stream"
+        return false
+      end
       case value
       when Hash then true
       when ref.shape.struct_class then true
@@ -157,10 +210,13 @@ module Aws
       end
     end
 
-    def io_like?(value)
-      value.respond_to?(:read) &&
-      value.respond_to?(:rewind) &&
-      value.respond_to?(:size)
+    def io_like?(value, require_size = true)
+      value.respond_to?(:read) && value.respond_to?(:rewind) &&
+        (!require_size || value.respond_to?(:size))
+    end
+
+    def streaming_input?(ref)
+      (ref["streaming"] || ref.shape["streaming"])
     end
 
     def error_messages(errors)

data/lib/aws-sdk-core/plugins/api_key.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
 
@@ -21,7 +23,9 @@ When provided, `x-api-key` header will be injected with the value provided.
       class OptionHandler < Seahorse::Client::Handler
         def call(context)
           if context.operation.require_apikey
-            api_key = context.params.delete(:api_key)
+            if context.params.is_a?(Hash) && context.params[:api_key]
+              api_key = context.params.delete(:api_key)
+            end
             api_key = context.config.api_key if api_key.nil?
             context[:api_key] = api_key
           end

data/lib/aws-sdk-core/plugins/apig_authorizer_token.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
 

data/lib/aws-sdk-core/plugins/apig_credentials_configuration.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   # @api private
   module Plugins

data/lib/aws-sdk-core/plugins/apig_user_agent.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
     # @api private

data/lib/aws-sdk-core/plugins/bearer_authorization.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Aws
+  # @api private
+  module Plugins
+    # @api private
+    class BearerAuthorization < Seahorse::Client::Plugin
+
+      option(:token_provider,
+             required: false,
+             doc_type: 'Aws::TokenProvider',
+             docstring: <<-DOCS
+A Bearer Token Provider. This can be an instance of any one of the
+following classes:
+
+* `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+  tokens.
+
+* `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+  access token generated from `aws login`.
+
+When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+will be used to search for tokens configured for your profile in shared configuration files.
+      DOCS
+      ) do |config|
+        if config.stub_responses
+          StaticTokenProvider.new('token')
+        else
+          TokenProviderChain.new(config).resolve
+        end
+      end
+
+
+      def add_handlers(handlers, cfg)
+        bearer_operations =
+          if cfg.api.metadata['signatureVersion'] == 'bearer'
+            # select operations where authtype is either not set or is bearer
+            cfg.api.operation_names.select do |o|
+              !cfg.api.operation(o)['authtype'] || cfg.api.operation(o)['authtype'] == 'bearer'
+            end
+          else # service is not bearer auth
+            # select only operations where authtype is explicitly bearer
+            cfg.api.operation_names.select do |o|
+              cfg.api.operation(o)['authtype'] == 'bearer'
+            end
+          end
+        handlers.add(Handler, step: :sign, operations: bearer_operations)
+      end
+
+      class Handler < Seahorse::Client::Handler
+        def call(context)
+          if context.http_request.endpoint.scheme != 'https'
+            raise ArgumentError, 'Unable to use bearer authorization on non https endpoint.'
+          end
+
+          token_provider = context.config.token_provider
+          if token_provider && token_provider.set?
+            context.http_request.headers['Authorization'] = "Bearer #{token_provider.token.token}"
+          else
+            raise Errors::MissingBearerTokenError
+          end
+          @handler.call(context)
+        end
+      end
+    end
+  end
+end