aws-sdk-core 3.31.0 → 3.168.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +1573 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +153 -0
- data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
- data/lib/aws-defaults.rb +3 -0
- data/lib/aws-sdk-core/arn.rb +105 -0
- data/lib/aws-sdk-core/arn_parser.rb +40 -0
- data/lib/aws-sdk-core/assume_role_credentials.rb +23 -7
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +108 -0
- data/lib/aws-sdk-core/async_client_stubs.rb +82 -0
- data/lib/aws-sdk-core/binary/decode_handler.rb +11 -1
- data/lib/aws-sdk-core/binary/encode_handler.rb +45 -0
- data/lib/aws-sdk-core/binary/event_builder.rb +124 -0
- data/lib/aws-sdk-core/binary/event_parser.rb +50 -18
- data/lib/aws-sdk-core/binary/event_stream_decoder.rb +7 -2
- data/lib/aws-sdk-core/binary/event_stream_encoder.rb +55 -0
- data/lib/aws-sdk-core/binary.rb +5 -0
- data/lib/aws-sdk-core/client_side_monitoring/publisher.rb +11 -1
- data/lib/aws-sdk-core/client_side_monitoring/request_metrics.rb +71 -9
- data/lib/aws-sdk-core/client_stubs.rb +21 -14
- data/lib/aws-sdk-core/credential_provider.rb +1 -30
- data/lib/aws-sdk-core/credential_provider_chain.rb +107 -43
- data/lib/aws-sdk-core/credentials.rb +2 -0
- data/lib/aws-sdk-core/deprecations.rb +17 -11
- data/lib/aws-sdk-core/eager_loader.rb +2 -0
- data/lib/aws-sdk-core/ec2_metadata.rb +238 -0
- data/lib/aws-sdk-core/ecs_credentials.rb +24 -9
- data/lib/aws-sdk-core/endpoint_cache.rb +193 -0
- data/lib/aws-sdk-core/endpoints/condition.rb +36 -0
- data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
- data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +71 -0
- data/lib/aws-sdk-core/endpoints/error_rule.rb +37 -0
- data/lib/aws-sdk-core/endpoints/function.rb +75 -0
- data/lib/aws-sdk-core/endpoints/matchers.rb +127 -0
- data/lib/aws-sdk-core/endpoints/reference.rb +26 -0
- data/lib/aws-sdk-core/endpoints/rule.rb +20 -0
- data/lib/aws-sdk-core/endpoints/rule_set.rb +47 -0
- data/lib/aws-sdk-core/endpoints/rules_provider.rb +32 -0
- data/lib/aws-sdk-core/endpoints/templater.rb +52 -0
- data/lib/aws-sdk-core/endpoints/tree_rule.rb +40 -0
- data/lib/aws-sdk-core/endpoints/url.rb +59 -0
- data/lib/aws-sdk-core/endpoints.rb +74 -0
- data/lib/aws-sdk-core/errors.rb +172 -12
- data/lib/aws-sdk-core/event_emitter.rb +44 -0
- data/lib/aws-sdk-core/ini_parser.rb +2 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +231 -42
- data/lib/aws-sdk-core/json/builder.rb +2 -0
- data/lib/aws-sdk-core/json/error_handler.rb +31 -3
- data/lib/aws-sdk-core/json/handler.rb +21 -1
- data/lib/aws-sdk-core/json/json_engine.rb +12 -8
- data/lib/aws-sdk-core/json/oj_engine.rb +35 -6
- data/lib/aws-sdk-core/json/parser.rb +10 -0
- data/lib/aws-sdk-core/json.rb +11 -28
- data/lib/aws-sdk-core/log/formatter.rb +16 -4
- data/lib/aws-sdk-core/log/handler.rb +2 -0
- data/lib/aws-sdk-core/log/param_filter.rb +38 -13
- data/lib/aws-sdk-core/log/param_formatter.rb +2 -0
- data/lib/aws-sdk-core/pageable_response.rb +118 -47
- data/lib/aws-sdk-core/pager.rb +5 -0
- data/lib/aws-sdk-core/param_converter.rb +2 -0
- data/lib/aws-sdk-core/param_validator.rb +63 -7
- data/lib/aws-sdk-core/plugins/api_key.rb +5 -1
- data/lib/aws-sdk-core/plugins/apig_authorizer_token.rb +2 -0
- data/lib/aws-sdk-core/plugins/apig_credentials_configuration.rb +2 -0
- data/lib/aws-sdk-core/plugins/apig_user_agent.rb +2 -0
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
- data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +65 -6
- data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +10 -4
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +50 -7
- data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +172 -0
- data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +65 -0
- data/lib/aws-sdk-core/plugins/event_stream_configuration.rb +16 -0
- data/lib/aws-sdk-core/plugins/global_configuration.rb +2 -0
- data/lib/aws-sdk-core/plugins/helpful_socket_errors.rb +2 -0
- data/lib/aws-sdk-core/plugins/http_checksum.rb +64 -0
- data/lib/aws-sdk-core/plugins/idempotency_token.rb +2 -0
- data/lib/aws-sdk-core/plugins/invocation_id.rb +35 -0
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +36 -6
- data/lib/aws-sdk-core/plugins/logging.rb +2 -0
- data/lib/aws-sdk-core/plugins/param_converter.rb +2 -0
- data/lib/aws-sdk-core/plugins/param_validator.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +19 -0
- data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/query.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +18 -1
- data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +2 -0
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +38 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +81 -16
- data/lib/aws-sdk-core/plugins/response_paging.rb +3 -1
- data/lib/aws-sdk-core/plugins/retries/client_rate_limiter.rb +139 -0
- data/lib/aws-sdk-core/plugins/retries/clock_skew.rb +100 -0
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +147 -0
- data/lib/aws-sdk-core/plugins/retries/retry_quota.rb +59 -0
- data/lib/aws-sdk-core/plugins/retry_errors.rb +312 -92
- data/lib/aws-sdk-core/plugins/sign.rb +200 -0
- data/lib/aws-sdk-core/plugins/signature_v2.rb +3 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +42 -32
- data/lib/aws-sdk-core/plugins/stub_responses.rb +28 -7
- data/lib/aws-sdk-core/plugins/transfer_encoding.rb +53 -0
- data/lib/aws-sdk-core/plugins/user_agent.rb +9 -5
- data/lib/aws-sdk-core/process_credentials.rb +20 -15
- data/lib/aws-sdk-core/query/ec2_param_builder.rb +2 -0
- data/lib/aws-sdk-core/query/handler.rb +8 -1
- data/lib/aws-sdk-core/query/param.rb +2 -0
- data/lib/aws-sdk-core/query/param_builder.rb +2 -0
- data/lib/aws-sdk-core/query/param_list.rb +2 -0
- data/lib/aws-sdk-core/query.rb +2 -0
- data/lib/aws-sdk-core/refreshing_credentials.rb +45 -12
- data/lib/aws-sdk-core/refreshing_token.rb +71 -0
- data/lib/aws-sdk-core/resources/collection.rb +3 -1
- data/lib/aws-sdk-core/rest/handler.rb +3 -1
- data/lib/aws-sdk-core/rest/request/body.rb +21 -1
- data/lib/aws-sdk-core/rest/request/builder.rb +2 -0
- data/lib/aws-sdk-core/rest/request/endpoint.rb +10 -3
- data/lib/aws-sdk-core/rest/request/headers.rb +16 -6
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +4 -2
- data/lib/aws-sdk-core/rest/response/body.rb +2 -0
- data/lib/aws-sdk-core/rest/response/headers.rb +6 -3
- data/lib/aws-sdk-core/rest/response/parser.rb +2 -0
- data/lib/aws-sdk-core/rest/response/status_code.rb +2 -0
- data/lib/aws-sdk-core/rest.rb +2 -0
- data/lib/aws-sdk-core/shared_config.rb +222 -118
- data/lib/aws-sdk-core/shared_credentials.rb +9 -1
- data/lib/aws-sdk-core/sso_credentials.rb +172 -0
- data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
- data/lib/aws-sdk-core/static_token_provider.rb +14 -0
- data/lib/aws-sdk-core/structure.rb +24 -7
- data/lib/aws-sdk-core/stubbing/data_applicator.rb +2 -0
- data/lib/aws-sdk-core/stubbing/empty_stub.rb +2 -0
- data/lib/aws-sdk-core/stubbing/protocols/api_gateway.rb +2 -0
- data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +2 -0
- data/lib/aws-sdk-core/stubbing/protocols/json.rb +3 -1
- data/lib/aws-sdk-core/stubbing/protocols/query.rb +4 -2
- data/lib/aws-sdk-core/stubbing/protocols/rest.rb +52 -7
- data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +3 -1
- data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +2 -2
- data/lib/aws-sdk-core/stubbing/stub_data.rb +15 -4
- data/lib/aws-sdk-core/stubbing/xml_error.rb +2 -0
- data/lib/aws-sdk-core/token.rb +31 -0
- data/lib/aws-sdk-core/token_provider.rb +15 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
- data/lib/aws-sdk-core/type_builder.rb +2 -0
- data/lib/aws-sdk-core/util.rb +24 -0
- data/lib/aws-sdk-core/waiters/errors.rb +2 -0
- data/lib/aws-sdk-core/waiters/poller.rb +2 -0
- data/lib/aws-sdk-core/waiters/waiter.rb +4 -2
- data/lib/aws-sdk-core/waiters.rb +2 -0
- data/lib/aws-sdk-core/xml/builder.rb +5 -3
- data/lib/aws-sdk-core/xml/default_list.rb +2 -0
- data/lib/aws-sdk-core/xml/default_map.rb +2 -0
- data/lib/aws-sdk-core/xml/doc_builder.rb +15 -4
- data/lib/aws-sdk-core/xml/error_handler.rb +36 -4
- data/lib/aws-sdk-core/xml/parser/engines/libxml.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/nokogiri.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/ox.rb +3 -1
- data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +4 -1
- data/lib/aws-sdk-core/xml/parser/frame.rb +25 -0
- data/lib/aws-sdk-core/xml/parser/parsing_error.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
- data/lib/aws-sdk-core/xml/parser.rb +7 -0
- data/lib/aws-sdk-core/xml.rb +2 -0
- data/lib/aws-sdk-core.rb +42 -4
- data/lib/aws-sdk-sso/client.rb +610 -0
- data/lib/aws-sdk-sso/client_api.rb +190 -0
- data/lib/aws-sdk-sso/customizations.rb +1 -0
- data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-sso/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-sso/endpoints.rb +71 -0
- data/lib/aws-sdk-sso/errors.rb +102 -0
- data/lib/aws-sdk-sso/plugins/endpoints.rb +76 -0
- data/lib/aws-sdk-sso/resource.rb +26 -0
- data/lib/aws-sdk-sso/types.rb +317 -0
- data/lib/aws-sdk-sso.rb +59 -0
- data/lib/aws-sdk-ssooidc/client.rb +606 -0
- data/lib/aws-sdk-ssooidc/client_api.rb +216 -0
- data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +111 -0
- data/lib/aws-sdk-ssooidc/endpoints.rb +57 -0
- data/lib/aws-sdk-ssooidc/errors.rb +290 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +74 -0
- data/lib/aws-sdk-ssooidc/resource.rb +26 -0
- data/lib/aws-sdk-ssooidc/types.rb +502 -0
- data/lib/aws-sdk-ssooidc.rb +59 -0
- data/lib/aws-sdk-sts/client.rb +1426 -616
- data/lib/aws-sdk-sts/client_api.rb +76 -1
- data/lib/aws-sdk-sts/customizations.rb +4 -0
- data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
- data/lib/aws-sdk-sts/endpoint_provider.rb +229 -0
- data/lib/aws-sdk-sts/endpoints.rb +135 -0
- data/lib/aws-sdk-sts/errors.rb +153 -1
- data/lib/aws-sdk-sts/plugins/endpoints.rb +84 -0
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +38 -0
- data/lib/aws-sdk-sts/presigner.rb +73 -0
- data/lib/aws-sdk-sts/resource.rb +4 -1
- data/lib/aws-sdk-sts/types.rb +918 -296
- data/lib/aws-sdk-sts.rb +20 -6
- data/lib/seahorse/client/async_base.rb +51 -0
- data/lib/seahorse/client/async_response.rb +64 -0
- data/lib/seahorse/client/base.rb +7 -2
- data/lib/seahorse/client/block_io.rb +6 -2
- data/lib/seahorse/client/configuration.rb +17 -3
- data/lib/seahorse/client/events.rb +3 -1
- data/lib/seahorse/client/h2/connection.rb +247 -0
- data/lib/seahorse/client/h2/handler.rb +152 -0
- data/lib/seahorse/client/handler.rb +2 -0
- data/lib/seahorse/client/handler_builder.rb +2 -0
- data/lib/seahorse/client/handler_list.rb +2 -0
- data/lib/seahorse/client/handler_list_entry.rb +6 -4
- data/lib/seahorse/client/http/async_response.rb +44 -0
- data/lib/seahorse/client/http/headers.rb +2 -0
- data/lib/seahorse/client/http/request.rb +5 -3
- data/lib/seahorse/client/http/response.rb +18 -11
- data/lib/seahorse/client/logging/formatter.rb +6 -2
- data/lib/seahorse/client/logging/handler.rb +2 -0
- data/lib/seahorse/client/managed_file.rb +2 -0
- data/lib/seahorse/client/net_http/connection_pool.rb +30 -23
- data/lib/seahorse/client/net_http/handler.rb +24 -7
- data/lib/seahorse/client/net_http/patches.rb +16 -79
- data/lib/seahorse/client/networking_error.rb +30 -0
- data/lib/seahorse/client/plugin.rb +10 -7
- data/lib/seahorse/client/plugin_list.rb +2 -0
- data/lib/seahorse/client/plugins/content_length.rb +14 -3
- data/lib/seahorse/client/plugins/endpoint.rb +4 -2
- data/lib/seahorse/client/plugins/h2.rb +69 -0
- data/lib/seahorse/client/plugins/logging.rb +2 -0
- data/lib/seahorse/client/plugins/net_http.rb +39 -3
- data/lib/seahorse/client/plugins/operation_methods.rb +2 -0
- data/lib/seahorse/client/plugins/raise_response_errors.rb +2 -0
- data/lib/seahorse/client/plugins/request_callback.rb +110 -0
- data/lib/seahorse/client/plugins/response_target.rb +23 -14
- data/lib/seahorse/client/request.rb +2 -0
- data/lib/seahorse/client/request_context.rb +2 -0
- data/lib/seahorse/client/response.rb +5 -5
- data/lib/seahorse/model/api.rb +14 -0
- data/lib/seahorse/model/authorizer.rb +2 -0
- data/lib/seahorse/model/operation.rb +21 -0
- data/lib/seahorse/model/shapes.rb +29 -2
- data/lib/seahorse/util.rb +12 -1
- data/lib/seahorse/version.rb +2 -0
- data/lib/seahorse.rb +12 -0
- metadata +117 -16
|
@@ -0,0 +1,340 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Aws
|
|
4
|
+
module Plugins
|
|
5
|
+
# @api private
|
|
6
|
+
class ChecksumAlgorithm < Seahorse::Client::Plugin
|
|
7
|
+
CHUNK_SIZE = 1 * 1024 * 1024 # one MB
|
|
8
|
+
|
|
9
|
+
# determine the set of supported client side checksum algorithms
|
|
10
|
+
# CRC32c requires aws-crt (optional sdk dependency) for support
|
|
11
|
+
CLIENT_ALGORITHMS = begin
|
|
12
|
+
supported = %w[SHA256 SHA1 CRC32]
|
|
13
|
+
begin
|
|
14
|
+
require 'aws-crt'
|
|
15
|
+
supported << 'CRC32C'
|
|
16
|
+
rescue LoadError
|
|
17
|
+
end
|
|
18
|
+
supported
|
|
19
|
+
end.freeze
|
|
20
|
+
|
|
21
|
+
# priority order of checksum algorithms to validate responses against
|
|
22
|
+
# Remove any algorithms not supported by client (ie, depending on CRT availability)
|
|
23
|
+
CHECKSUM_ALGORITHM_PRIORITIES = %w[CRC32C SHA1 CRC32 SHA256] & CLIENT_ALGORITHMS
|
|
24
|
+
|
|
25
|
+
# byte size of checksums, used in computing the trailer length
|
|
26
|
+
CHECKSUM_SIZE = {
|
|
27
|
+
'CRC32' => 16,
|
|
28
|
+
'CRC32C' => 16,
|
|
29
|
+
'SHA1' => 36,
|
|
30
|
+
'SHA256' => 52
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
# Interface for computing digests on request/response bodies
|
|
34
|
+
# which may be files, strings or IO like objects
|
|
35
|
+
# Applies only to digest functions that produce 32 bit integer checksums
|
|
36
|
+
# (eg CRC32)
|
|
37
|
+
class Digest32
|
|
38
|
+
|
|
39
|
+
attr_reader :value
|
|
40
|
+
|
|
41
|
+
# @param [Object] digest_fn
|
|
42
|
+
def initialize(digest_fn)
|
|
43
|
+
@digest_fn = digest_fn
|
|
44
|
+
@value = 0
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def update(chunk)
|
|
48
|
+
@value = @digest_fn.call(chunk, @value)
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def base64digest
|
|
52
|
+
Base64.encode64([@value].pack('N')).chomp
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
def add_handlers(handlers, _config)
|
|
57
|
+
handlers.add(OptionHandler, step: :initialize)
|
|
58
|
+
# priority set low to ensure checksum is computed AFTER the request is
|
|
59
|
+
# built but before it is signed
|
|
60
|
+
handlers.add(ChecksumHandler, priority: 15, step: :build)
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
private
|
|
64
|
+
|
|
65
|
+
def self.request_algorithm_selection(context)
|
|
66
|
+
return unless context.operation.http_checksum
|
|
67
|
+
|
|
68
|
+
input_member = context.operation.http_checksum['requestAlgorithmMember']
|
|
69
|
+
context.params[input_member.to_sym]&.upcase if input_member
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
def self.request_validation_mode(context)
|
|
73
|
+
return unless context.operation.http_checksum
|
|
74
|
+
|
|
75
|
+
input_member = context.operation.http_checksum['requestValidationModeMember']
|
|
76
|
+
context.params[input_member.to_sym] if input_member
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def self.operation_response_algorithms(context)
|
|
80
|
+
return unless context.operation.http_checksum
|
|
81
|
+
|
|
82
|
+
context.operation.http_checksum['responseAlgorithms']
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
|
|
86
|
+
# @api private
|
|
87
|
+
class OptionHandler < Seahorse::Client::Handler
|
|
88
|
+
def call(context)
|
|
89
|
+
context[:http_checksum] ||= {}
|
|
90
|
+
|
|
91
|
+
# validate request configuration
|
|
92
|
+
if (request_input = ChecksumAlgorithm.request_algorithm_selection(context))
|
|
93
|
+
unless CLIENT_ALGORITHMS.include? request_input
|
|
94
|
+
if (request_input == 'CRC32C')
|
|
95
|
+
raise ArgumentError, "CRC32C requires crt support - install the aws-crt gem for support."
|
|
96
|
+
else
|
|
97
|
+
raise ArgumentError, "#{request_input} is not a supported checksum algorithm."
|
|
98
|
+
end
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
# validate response configuration
|
|
103
|
+
if (ChecksumAlgorithm.request_validation_mode(context))
|
|
104
|
+
# Compute an ordered list as the union between priority supported and the
|
|
105
|
+
# operation's modeled response algorithms.
|
|
106
|
+
validation_list = CHECKSUM_ALGORITHM_PRIORITIES &
|
|
107
|
+
ChecksumAlgorithm.operation_response_algorithms(context)
|
|
108
|
+
context[:http_checksum][:validation_list] = validation_list
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
@handler.call(context)
|
|
112
|
+
end
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
# @api private
|
|
116
|
+
class ChecksumHandler < Seahorse::Client::Handler
|
|
117
|
+
|
|
118
|
+
def call(context)
|
|
119
|
+
if should_calculate_request_checksum?(context)
|
|
120
|
+
request_algorithm_input = ChecksumAlgorithm.request_algorithm_selection(context)
|
|
121
|
+
context[:checksum_algorithms] = request_algorithm_input
|
|
122
|
+
|
|
123
|
+
request_checksum_property = {
|
|
124
|
+
'algorithm' => request_algorithm_input,
|
|
125
|
+
'in' => checksum_request_in(context),
|
|
126
|
+
'name' => "x-amz-checksum-#{request_algorithm_input.downcase}"
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
calculate_request_checksum(context, request_checksum_property)
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
if should_verify_response_checksum?(context)
|
|
133
|
+
add_verify_response_checksum_handlers(context)
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
@handler.call(context)
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
private
|
|
140
|
+
|
|
141
|
+
def should_calculate_request_checksum?(context)
|
|
142
|
+
context.operation.http_checksum &&
|
|
143
|
+
ChecksumAlgorithm.request_algorithm_selection(context)
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
def should_verify_response_checksum?(context)
|
|
147
|
+
context[:http_checksum][:validation_list] && !context[:http_checksum][:validation_list].empty?
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
def calculate_request_checksum(context, checksum_properties)
|
|
151
|
+
case checksum_properties['in']
|
|
152
|
+
when 'header'
|
|
153
|
+
header_name = checksum_properties['name']
|
|
154
|
+
body = context.http_request.body_contents
|
|
155
|
+
if body
|
|
156
|
+
context.http_request.headers[header_name] ||=
|
|
157
|
+
ChecksumAlgorithm.calculate_checksum(checksum_properties['algorithm'], body)
|
|
158
|
+
end
|
|
159
|
+
when 'trailer'
|
|
160
|
+
apply_request_trailer_checksum(context, checksum_properties)
|
|
161
|
+
end
|
|
162
|
+
end
|
|
163
|
+
|
|
164
|
+
def apply_request_trailer_checksum(context, checksum_properties)
|
|
165
|
+
location_name = checksum_properties['name']
|
|
166
|
+
|
|
167
|
+
# set required headers
|
|
168
|
+
headers = context.http_request.headers
|
|
169
|
+
headers['Content-Encoding'] = 'aws-chunked'
|
|
170
|
+
headers['X-Amz-Content-Sha256'] = 'STREAMING-UNSIGNED-PAYLOAD-TRAILER'
|
|
171
|
+
headers['X-Amz-Trailer'] = location_name
|
|
172
|
+
|
|
173
|
+
# We currently always compute the size in the modified body wrapper - allowing us
|
|
174
|
+
# to set the Content-Length header (set by content_length plugin).
|
|
175
|
+
# This means we cannot use Transfer-Encoding=chunked
|
|
176
|
+
|
|
177
|
+
if !context.http_request.body.respond_to?(:size)
|
|
178
|
+
raise Aws::Errors::ChecksumError, 'Could not determine length of the body'
|
|
179
|
+
end
|
|
180
|
+
headers['X-Amz-Decoded-Content-Length'] = context.http_request.body.size
|
|
181
|
+
|
|
182
|
+
context.http_request.body = AwsChunkedTrailerDigestIO.new(
|
|
183
|
+
context.http_request.body,
|
|
184
|
+
checksum_properties['algorithm'],
|
|
185
|
+
location_name
|
|
186
|
+
)
|
|
187
|
+
end
|
|
188
|
+
|
|
189
|
+
# Add events to the http_response to verify the checksum as its read
|
|
190
|
+
# This prevents the body from being read multiple times
|
|
191
|
+
# verification is done only once a successful response has completed
|
|
192
|
+
def add_verify_response_checksum_handlers(context)
|
|
193
|
+
http_response = context.http_response
|
|
194
|
+
checksum_context = { }
|
|
195
|
+
http_response.on_headers do |_status, headers|
|
|
196
|
+
header_name, algorithm = response_header_to_verify(headers, context[:http_checksum][:validation_list])
|
|
197
|
+
if header_name
|
|
198
|
+
expected = headers[header_name]
|
|
199
|
+
|
|
200
|
+
unless context[:http_checksum][:skip_on_suffix] && /-[\d]+$/.match(expected)
|
|
201
|
+
checksum_context[:algorithm] = algorithm
|
|
202
|
+
checksum_context[:header_name] = header_name
|
|
203
|
+
checksum_context[:digest] = ChecksumAlgorithm.digest_for_algorithm(algorithm)
|
|
204
|
+
checksum_context[:expected] = expected
|
|
205
|
+
end
|
|
206
|
+
end
|
|
207
|
+
end
|
|
208
|
+
|
|
209
|
+
http_response.on_data do |chunk|
|
|
210
|
+
checksum_context[:digest].update(chunk) if checksum_context[:digest]
|
|
211
|
+
end
|
|
212
|
+
|
|
213
|
+
http_response.on_success do
|
|
214
|
+
if checksum_context[:digest] &&
|
|
215
|
+
(computed = checksum_context[:digest].base64digest)
|
|
216
|
+
|
|
217
|
+
if computed != checksum_context[:expected]
|
|
218
|
+
raise Aws::Errors::ChecksumError,
|
|
219
|
+
"Checksum validation failed on #{checksum_context[:header_name]} "\
|
|
220
|
+
"computed: #{computed}, expected: #{checksum_context[:expected]}"
|
|
221
|
+
end
|
|
222
|
+
|
|
223
|
+
context[:http_checksum][:validated] = checksum_context[:algorithm]
|
|
224
|
+
end
|
|
225
|
+
end
|
|
226
|
+
end
|
|
227
|
+
|
|
228
|
+
# returns nil if no headers to verify
|
|
229
|
+
def response_header_to_verify(headers, validation_list)
|
|
230
|
+
validation_list.each do |algorithm|
|
|
231
|
+
header_name = "x-amz-checksum-#{algorithm}"
|
|
232
|
+
return [header_name, algorithm] if headers[header_name]
|
|
233
|
+
end
|
|
234
|
+
nil
|
|
235
|
+
end
|
|
236
|
+
|
|
237
|
+
# determine where (header vs trailer) a request checksum should be added
|
|
238
|
+
def checksum_request_in(context)
|
|
239
|
+
if context.operation['authtype'].eql?('v4-unsigned-body')
|
|
240
|
+
'trailer'
|
|
241
|
+
else
|
|
242
|
+
'header'
|
|
243
|
+
end
|
|
244
|
+
end
|
|
245
|
+
|
|
246
|
+
end
|
|
247
|
+
|
|
248
|
+
def self.calculate_checksum(algorithm, body)
|
|
249
|
+
digest = ChecksumAlgorithm.digest_for_algorithm(algorithm)
|
|
250
|
+
if body.respond_to?(:read)
|
|
251
|
+
ChecksumAlgorithm.update_in_chunks(digest, body)
|
|
252
|
+
else
|
|
253
|
+
digest.update(body)
|
|
254
|
+
end
|
|
255
|
+
digest.base64digest
|
|
256
|
+
end
|
|
257
|
+
|
|
258
|
+
def self.digest_for_algorithm(algorithm)
|
|
259
|
+
case algorithm
|
|
260
|
+
when 'CRC32'
|
|
261
|
+
Digest32.new(Zlib.method(:crc32))
|
|
262
|
+
when 'CRC32C'
|
|
263
|
+
# this will only be used if input algorithm is CRC32C AND client supports it (crt available)
|
|
264
|
+
Digest32.new(Aws::Crt::Checksums.method(:crc32c))
|
|
265
|
+
when 'SHA1'
|
|
266
|
+
Digest::SHA1.new
|
|
267
|
+
when 'SHA256'
|
|
268
|
+
Digest::SHA256.new
|
|
269
|
+
end
|
|
270
|
+
end
|
|
271
|
+
|
|
272
|
+
# The trailer size (in bytes) is the overhead + the trailer name +
|
|
273
|
+
# the length of the base64 encoded checksum
|
|
274
|
+
def self.trailer_length(algorithm, location_name)
|
|
275
|
+
CHECKSUM_SIZE[algorithm] + location_name.size
|
|
276
|
+
end
|
|
277
|
+
|
|
278
|
+
def self.update_in_chunks(digest, io)
|
|
279
|
+
loop do
|
|
280
|
+
chunk = io.read(CHUNK_SIZE)
|
|
281
|
+
break unless chunk
|
|
282
|
+
digest.update(chunk)
|
|
283
|
+
end
|
|
284
|
+
io.rewind
|
|
285
|
+
end
|
|
286
|
+
|
|
287
|
+
# Wrapper for request body that implements application-layer
|
|
288
|
+
# chunking with Digest computed on chunks + added as a trailer
|
|
289
|
+
class AwsChunkedTrailerDigestIO
|
|
290
|
+
CHUNK_SIZE = 16384
|
|
291
|
+
|
|
292
|
+
def initialize(io, algorithm, location_name)
|
|
293
|
+
@io = io
|
|
294
|
+
@location_name = location_name
|
|
295
|
+
@algorithm = algorithm
|
|
296
|
+
@digest = ChecksumAlgorithm.digest_for_algorithm(algorithm)
|
|
297
|
+
@trailer_io = nil
|
|
298
|
+
end
|
|
299
|
+
|
|
300
|
+
# the size of the application layer aws-chunked + trailer body
|
|
301
|
+
def size
|
|
302
|
+
# compute the number of chunks
|
|
303
|
+
# a full chunk has 4 + 4 bytes overhead, a partial chunk is len.to_s(16).size + 4
|
|
304
|
+
orig_body_size = @io.size
|
|
305
|
+
n_full_chunks = orig_body_size / CHUNK_SIZE
|
|
306
|
+
partial_bytes = orig_body_size % CHUNK_SIZE
|
|
307
|
+
chunked_body_size = n_full_chunks * (CHUNK_SIZE + 8)
|
|
308
|
+
chunked_body_size += partial_bytes.to_s(16).size + partial_bytes + 4 unless partial_bytes.zero?
|
|
309
|
+
trailer_size = ChecksumAlgorithm.trailer_length(@algorithm, @location_name)
|
|
310
|
+
chunked_body_size + trailer_size
|
|
311
|
+
end
|
|
312
|
+
|
|
313
|
+
def rewind
|
|
314
|
+
@io.rewind
|
|
315
|
+
end
|
|
316
|
+
|
|
317
|
+
def read(length, buf)
|
|
318
|
+
# account for possible leftover bytes at the end, if we have trailer bytes, send them
|
|
319
|
+
if @trailer_io
|
|
320
|
+
return @trailer_io.read(length, buf)
|
|
321
|
+
end
|
|
322
|
+
|
|
323
|
+
chunk = @io.read(length)
|
|
324
|
+
if chunk
|
|
325
|
+
@digest.update(chunk)
|
|
326
|
+
application_chunked = "#{chunk.bytesize.to_s(16)}\r\n#{chunk}\r\n"
|
|
327
|
+
return StringIO.new(application_chunked).read(application_chunked.size, buf)
|
|
328
|
+
else
|
|
329
|
+
trailers = {}
|
|
330
|
+
trailers[@location_name] = @digest.base64digest
|
|
331
|
+
trailers = trailers.map { |k,v| "#{k}:#{v}"}.join("\r\n")
|
|
332
|
+
@trailer_io = StringIO.new("0\r\n#{trailers}\r\n\r\n")
|
|
333
|
+
chunk = @trailer_io.read(length, buf)
|
|
334
|
+
end
|
|
335
|
+
chunk
|
|
336
|
+
end
|
|
337
|
+
end
|
|
338
|
+
end
|
|
339
|
+
end
|
|
340
|
+
end
|
|
@@ -1,4 +1,7 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'date'
|
|
4
|
+
require_relative 'retries/error_inspector'
|
|
2
5
|
|
|
3
6
|
module Aws
|
|
4
7
|
module Plugins
|
|
@@ -6,6 +9,7 @@ module Aws
|
|
|
6
9
|
|
|
7
10
|
option(:client_side_monitoring,
|
|
8
11
|
default: false,
|
|
12
|
+
doc_type: 'Boolean',
|
|
9
13
|
docstring: <<-DOCS) do |cfg|
|
|
10
14
|
When `true`, client-side metrics will be collected for all API requests from
|
|
11
15
|
this client.
|
|
@@ -15,6 +19,7 @@ this client.
|
|
|
15
19
|
|
|
16
20
|
option(:client_side_monitoring_port,
|
|
17
21
|
default: 31000,
|
|
22
|
+
doc_type: Integer,
|
|
18
23
|
docstring: <<-DOCS) do |cfg|
|
|
19
24
|
Required for publishing client metrics. The port that the client side monitoring
|
|
20
25
|
agent is running on, where client metrics will be published via UDP.
|
|
@@ -22,8 +27,19 @@ agent is running on, where client metrics will be published via UDP.
|
|
|
22
27
|
resolve_client_side_monitoring_port(cfg)
|
|
23
28
|
end
|
|
24
29
|
|
|
30
|
+
option(:client_side_monitoring_host,
|
|
31
|
+
default: "127.0.0.1",
|
|
32
|
+
doc_type: String,
|
|
33
|
+
docstring: <<-DOCS) do |cfg|
|
|
34
|
+
Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client
|
|
35
|
+
side monitoring agent is running on, where client metrics will be published via UDP.
|
|
36
|
+
DOCS
|
|
37
|
+
resolve_client_side_monitoring_host(cfg)
|
|
38
|
+
end
|
|
39
|
+
|
|
25
40
|
option(:client_side_monitoring_publisher,
|
|
26
41
|
default: ClientSideMonitoring::Publisher,
|
|
42
|
+
doc_type: Aws::ClientSideMonitoring::Publisher,
|
|
27
43
|
docstring: <<-DOCS) do |cfg|
|
|
28
44
|
Allows you to provide a custom client-side monitoring publisher class. By default,
|
|
29
45
|
will use the Client Side Monitoring Agent Publisher.
|
|
@@ -33,6 +49,7 @@ will use the Client Side Monitoring Agent Publisher.
|
|
|
33
49
|
|
|
34
50
|
option(:client_side_monitoring_client_id,
|
|
35
51
|
default: "",
|
|
52
|
+
doc_type: String,
|
|
36
53
|
docstring: <<-DOCS) do |cfg|
|
|
37
54
|
Allows you to provide an identifier for this client which will be attached to
|
|
38
55
|
all generated client side metrics. Defaults to an empty string.
|
|
@@ -45,6 +62,7 @@ all generated client side metrics. Defaults to an empty string.
|
|
|
45
62
|
handlers.add(Handler, step: :initialize)
|
|
46
63
|
publisher = config.client_side_monitoring_publisher
|
|
47
64
|
publisher.agent_port = config.client_side_monitoring_port
|
|
65
|
+
publisher.agent_host = config.client_side_monitoring_host
|
|
48
66
|
end
|
|
49
67
|
end
|
|
50
68
|
|
|
@@ -66,6 +84,19 @@ all generated client side metrics. Defaults to an empty string.
|
|
|
66
84
|
end
|
|
67
85
|
end
|
|
68
86
|
|
|
87
|
+
def self.resolve_client_side_monitoring_host(cfg)
|
|
88
|
+
env_source = ENV["AWS_CSM_HOST"]
|
|
89
|
+
env_source = nil if env_source == ""
|
|
90
|
+
cfg_source = Aws.shared_config.csm_host(profile: cfg.profile)
|
|
91
|
+
if env_source
|
|
92
|
+
env_source
|
|
93
|
+
elsif cfg_source
|
|
94
|
+
cfg_source
|
|
95
|
+
else
|
|
96
|
+
"127.0.0.1"
|
|
97
|
+
end
|
|
98
|
+
end
|
|
99
|
+
|
|
69
100
|
def self.resolve_client_side_monitoring(cfg)
|
|
70
101
|
env_source = ENV["AWS_CSM_ENABLED"]
|
|
71
102
|
env_source = nil if env_source == ""
|
|
@@ -103,11 +134,23 @@ all generated client side metrics. Defaults to an empty string.
|
|
|
103
134
|
timestamp: DateTime.now.strftime('%Q').to_i,
|
|
104
135
|
)
|
|
105
136
|
context.metadata[:client_metrics] = request_metrics
|
|
106
|
-
start_time =
|
|
137
|
+
start_time = Aws::Util.monotonic_milliseconds
|
|
138
|
+
final_error_retryable = false
|
|
139
|
+
final_aws_exception = nil
|
|
140
|
+
final_aws_exception_message = nil
|
|
141
|
+
final_sdk_exception = nil
|
|
142
|
+
final_sdk_exception_message = nil
|
|
107
143
|
begin
|
|
108
144
|
@handler.call(context)
|
|
109
145
|
rescue StandardError => e
|
|
110
146
|
# Handle SDK Exceptions
|
|
147
|
+
inspector = Retries::ErrorInspector.new(
|
|
148
|
+
e,
|
|
149
|
+
context.http_response.status_code
|
|
150
|
+
)
|
|
151
|
+
if inspector.retryable?(context)
|
|
152
|
+
final_error_retryable = true
|
|
153
|
+
end
|
|
111
154
|
if request_metrics.api_call_attempts.empty?
|
|
112
155
|
attempt = request_metrics.build_call_attempt
|
|
113
156
|
attempt.sdk_exception = e.class.to_s
|
|
@@ -125,13 +168,29 @@ all generated client side metrics. Defaults to an empty string.
|
|
|
125
168
|
attempt.sdk_exception = e.class.to_s
|
|
126
169
|
attempt.sdk_exception_msg = e.message
|
|
127
170
|
end # Else we don't have an SDK exception and are done.
|
|
171
|
+
final_attempt = request_metrics.api_call_attempts.last
|
|
172
|
+
final_aws_exception = final_attempt.aws_exception
|
|
173
|
+
final_aws_exception_message = final_attempt.aws_exception_msg
|
|
174
|
+
final_sdk_exception = final_attempt.sdk_exception
|
|
175
|
+
final_sdk_exception_message = final_attempt.sdk_exception_msg
|
|
128
176
|
raise e
|
|
129
177
|
ensure
|
|
130
|
-
end_time =
|
|
131
|
-
|
|
132
|
-
latency:
|
|
133
|
-
attempt_count: context.retries + 1
|
|
134
|
-
|
|
178
|
+
end_time = Aws::Util.monotonic_milliseconds
|
|
179
|
+
complete_opts = {
|
|
180
|
+
latency: end_time - start_time,
|
|
181
|
+
attempt_count: context.retries + 1,
|
|
182
|
+
user_agent: context.http_request.headers["user-agent"],
|
|
183
|
+
final_error_retryable: final_error_retryable,
|
|
184
|
+
final_http_status_code: context.http_response.status_code,
|
|
185
|
+
final_aws_exception: final_aws_exception,
|
|
186
|
+
final_aws_exception_message: final_aws_exception_message,
|
|
187
|
+
final_sdk_exception: final_sdk_exception,
|
|
188
|
+
final_sdk_exception_message: final_sdk_exception_message
|
|
189
|
+
}
|
|
190
|
+
if context.metadata[:redirect_region]
|
|
191
|
+
complete_opts[:region] = context.metadata[:redirect_region]
|
|
192
|
+
end
|
|
193
|
+
request_metrics.api_call.complete(complete_opts)
|
|
135
194
|
# Report the metrics by passing the complete RequestMetrics object
|
|
136
195
|
if publisher
|
|
137
196
|
publisher.publish(request_metrics)
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'date'
|
|
2
4
|
|
|
3
5
|
module Aws
|
|
@@ -7,7 +9,8 @@ module Aws
|
|
|
7
9
|
def add_handlers(handlers, config)
|
|
8
10
|
if config.client_side_monitoring && config.client_side_monitoring_port
|
|
9
11
|
# AttemptHandler comes just before we would retry an error.
|
|
10
|
-
|
|
12
|
+
# Or before we would follow redirects.
|
|
13
|
+
handlers.add(AttemptHandler, step: :sign, priority: 39)
|
|
11
14
|
# LatencyHandler is as close to sending as possible.
|
|
12
15
|
handlers.add(LatencyHandler, step: :sign, priority: 0)
|
|
13
16
|
end
|
|
@@ -15,10 +18,10 @@ module Aws
|
|
|
15
18
|
|
|
16
19
|
class LatencyHandler < Seahorse::Client::Handler
|
|
17
20
|
def call(context)
|
|
18
|
-
start_time =
|
|
21
|
+
start_time = Aws::Util.monotonic_milliseconds
|
|
19
22
|
resp = @handler.call(context)
|
|
20
|
-
end_time =
|
|
21
|
-
latency =
|
|
23
|
+
end_time = Aws::Util.monotonic_milliseconds
|
|
24
|
+
latency = end_time - start_time
|
|
22
25
|
context.metadata[:current_call_attempt].request_latency = latency
|
|
23
26
|
resp
|
|
24
27
|
end
|
|
@@ -45,6 +48,9 @@ module Aws
|
|
|
45
48
|
context.metadata[:current_call_attempt] = call_attempt
|
|
46
49
|
|
|
47
50
|
resp = @handler.call(context)
|
|
51
|
+
if context.metadata[:redirect_region]
|
|
52
|
+
call_attempt.region = context.metadata[:redirect_region]
|
|
53
|
+
end
|
|
48
54
|
headers = context.http_response.headers
|
|
49
55
|
if headers.include?("x-amz-id-2")
|
|
50
56
|
call_attempt.x_amz_id_2 = headers["x-amz-id-2"]
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Aws
|
|
2
4
|
# @api private
|
|
3
5
|
module Plugins
|
|
@@ -28,13 +30,28 @@ following classes:
|
|
|
28
30
|
* `Aws::Credentials` - Used for configuring static, non-refreshing
|
|
29
31
|
credentials.
|
|
30
32
|
|
|
33
|
+
* `Aws::SharedCredentials` - Used for loading static credentials from a
|
|
34
|
+
shared file, such as `~/.aws/config`.
|
|
35
|
+
|
|
36
|
+
* `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
|
|
37
|
+
|
|
38
|
+
* `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
|
|
39
|
+
assume a role after providing credentials via the web.
|
|
40
|
+
|
|
41
|
+
* `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
|
|
42
|
+
access token generated from `aws login`.
|
|
43
|
+
|
|
44
|
+
* `Aws::ProcessCredentials` - Used for loading credentials from a
|
|
45
|
+
process that outputs to stdout.
|
|
46
|
+
|
|
31
47
|
* `Aws::InstanceProfileCredentials` - Used for loading credentials
|
|
32
48
|
from an EC2 IMDS on an EC2 instance.
|
|
33
49
|
|
|
34
|
-
* `Aws::
|
|
35
|
-
|
|
50
|
+
* `Aws::ECSCredentials` - Used for loading credentials from
|
|
51
|
+
instances running in ECS.
|
|
36
52
|
|
|
37
|
-
* `Aws::
|
|
53
|
+
* `Aws::CognitoIdentityCredentials` - Used for loading credentials
|
|
54
|
+
from the Cognito Identity service.
|
|
38
55
|
|
|
39
56
|
When `:credentials` are not configured directly, the following
|
|
40
57
|
locations will be searched for credentials:
|
|
@@ -44,10 +61,12 @@ locations will be searched for credentials:
|
|
|
44
61
|
* ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
|
|
45
62
|
* `~/.aws/credentials`
|
|
46
63
|
* `~/.aws/config`
|
|
47
|
-
* EC2 IMDS instance profile - When used by default, the timeouts
|
|
48
|
-
very aggressive. Construct and pass an instance of
|
|
49
|
-
`Aws::InstanceProfileCredentails`
|
|
50
|
-
timeouts.
|
|
64
|
+
* EC2/ECS IMDS instance profile - When used by default, the timeouts
|
|
65
|
+
are very aggressive. Construct and pass an instance of
|
|
66
|
+
`Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
|
67
|
+
enable retries and extended timeouts. Instance profile credential
|
|
68
|
+
fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
|
69
|
+
to true.
|
|
51
70
|
DOCS
|
|
52
71
|
) do |config|
|
|
53
72
|
CredentialProviderChain.new(config).resolve
|
|
@@ -57,6 +76,30 @@ locations will be searched for credentials:
|
|
|
57
76
|
|
|
58
77
|
option(:instance_profile_credentials_timeout, 1)
|
|
59
78
|
|
|
79
|
+
option(:token_provider,
|
|
80
|
+
required: false,
|
|
81
|
+
doc_type: 'Aws::TokenProvider',
|
|
82
|
+
docstring: <<-DOCS
|
|
83
|
+
A Bearer Token Provider. This can be an instance of any one of the
|
|
84
|
+
following classes:
|
|
85
|
+
|
|
86
|
+
* `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
|
|
87
|
+
tokens.
|
|
88
|
+
|
|
89
|
+
* `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
|
|
90
|
+
access token generated from `aws login`.
|
|
91
|
+
|
|
92
|
+
When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
|
|
93
|
+
will be used to search for tokens configured for your profile in shared configuration files.
|
|
94
|
+
DOCS
|
|
95
|
+
) do |config|
|
|
96
|
+
if config.stub_responses
|
|
97
|
+
StaticTokenProvider.new('token')
|
|
98
|
+
else
|
|
99
|
+
TokenProviderChain.new(config).resolve
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
|
|
60
103
|
end
|
|
61
104
|
end
|
|
62
105
|
end
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Aws
|
|
4
|
+
# @api private
|
|
5
|
+
module Plugins
|
|
6
|
+
# @api private
|
|
7
|
+
class DefaultsMode < Seahorse::Client::Plugin
|
|
8
|
+
|
|
9
|
+
option(:defaults_mode,
|
|
10
|
+
default: 'legacy',
|
|
11
|
+
doc_type: String,
|
|
12
|
+
docstring: <<-DOCS
|
|
13
|
+
See {Aws::DefaultsModeConfiguration} for a list of the
|
|
14
|
+
accepted modes and the configuration defaults that are included.
|
|
15
|
+
DOCS
|
|
16
|
+
) do |cfg|
|
|
17
|
+
resolve_defaults_mode(cfg)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
option(:defaults_mode_config_resolver,
|
|
21
|
+
doc_type: 'Aws::DefaultsModeConfigResolver') do |cfg|
|
|
22
|
+
Aws::DefaultsModeConfigResolver.new(
|
|
23
|
+
Aws::DefaultsModeConfiguration::SDK_DEFAULT_CONFIGURATION, cfg)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
class << self
|
|
27
|
+
private
|
|
28
|
+
|
|
29
|
+
def resolve_defaults_mode(cfg)
|
|
30
|
+
value = ENV['AWS_DEFAULTS_MODE']
|
|
31
|
+
value ||= Aws.shared_config.defaults_mode(
|
|
32
|
+
profile: cfg.profile
|
|
33
|
+
)
|
|
34
|
+
value&.downcase || "legacy"
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|