RubyGems - aws-sdk-core - Versions diffs - 3.31.0 → 3.168.4 - Mend

aws-sdk-core 3.31.0 → 3.168.4

Files changed (248) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +1573 -0
data/LICENSE.txt +202 -0
data/VERSION +1 -1
data/lib/aws-defaults/default_configuration.rb +153 -0
data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
data/lib/aws-defaults.rb +3 -0
data/lib/aws-sdk-core/arn.rb +105 -0
data/lib/aws-sdk-core/arn_parser.rb +40 -0
data/lib/aws-sdk-core/assume_role_credentials.rb +23 -7
data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +108 -0
data/lib/aws-sdk-core/async_client_stubs.rb +82 -0
data/lib/aws-sdk-core/binary/decode_handler.rb +11 -1
data/lib/aws-sdk-core/binary/encode_handler.rb +45 -0
data/lib/aws-sdk-core/binary/event_builder.rb +124 -0
data/lib/aws-sdk-core/binary/event_parser.rb +50 -18
data/lib/aws-sdk-core/binary/event_stream_decoder.rb +7 -2
data/lib/aws-sdk-core/binary/event_stream_encoder.rb +55 -0
data/lib/aws-sdk-core/binary.rb +5 -0
data/lib/aws-sdk-core/client_side_monitoring/publisher.rb +11 -1
data/lib/aws-sdk-core/client_side_monitoring/request_metrics.rb +71 -9
data/lib/aws-sdk-core/client_stubs.rb +21 -14
data/lib/aws-sdk-core/credential_provider.rb +1 -30
data/lib/aws-sdk-core/credential_provider_chain.rb +107 -43
data/lib/aws-sdk-core/credentials.rb +2 -0
data/lib/aws-sdk-core/deprecations.rb +17 -11
data/lib/aws-sdk-core/eager_loader.rb +2 -0
data/lib/aws-sdk-core/ec2_metadata.rb +238 -0
data/lib/aws-sdk-core/ecs_credentials.rb +24 -9
data/lib/aws-sdk-core/endpoint_cache.rb +193 -0
data/lib/aws-sdk-core/endpoints/condition.rb +36 -0
data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +71 -0
data/lib/aws-sdk-core/endpoints/error_rule.rb +37 -0
data/lib/aws-sdk-core/endpoints/function.rb +75 -0
data/lib/aws-sdk-core/endpoints/matchers.rb +127 -0
data/lib/aws-sdk-core/endpoints/reference.rb +26 -0
data/lib/aws-sdk-core/endpoints/rule.rb +20 -0
data/lib/aws-sdk-core/endpoints/rule_set.rb +47 -0
data/lib/aws-sdk-core/endpoints/rules_provider.rb +32 -0
data/lib/aws-sdk-core/endpoints/templater.rb +52 -0
data/lib/aws-sdk-core/endpoints/tree_rule.rb +40 -0
data/lib/aws-sdk-core/endpoints/url.rb +59 -0
data/lib/aws-sdk-core/endpoints.rb +74 -0
data/lib/aws-sdk-core/errors.rb +172 -12
data/lib/aws-sdk-core/event_emitter.rb +44 -0
data/lib/aws-sdk-core/ini_parser.rb +2 -0
data/lib/aws-sdk-core/instance_profile_credentials.rb +231 -42
data/lib/aws-sdk-core/json/builder.rb +2 -0
data/lib/aws-sdk-core/json/error_handler.rb +31 -3
data/lib/aws-sdk-core/json/handler.rb +21 -1
data/lib/aws-sdk-core/json/json_engine.rb +12 -8
data/lib/aws-sdk-core/json/oj_engine.rb +35 -6
data/lib/aws-sdk-core/json/parser.rb +10 -0
data/lib/aws-sdk-core/json.rb +11 -28
data/lib/aws-sdk-core/log/formatter.rb +16 -4
data/lib/aws-sdk-core/log/handler.rb +2 -0
data/lib/aws-sdk-core/log/param_filter.rb +38 -13
data/lib/aws-sdk-core/log/param_formatter.rb +2 -0
data/lib/aws-sdk-core/pageable_response.rb +118 -47
data/lib/aws-sdk-core/pager.rb +5 -0
data/lib/aws-sdk-core/param_converter.rb +2 -0
data/lib/aws-sdk-core/param_validator.rb +63 -7
data/lib/aws-sdk-core/plugins/api_key.rb +5 -1
data/lib/aws-sdk-core/plugins/apig_authorizer_token.rb +2 -0
data/lib/aws-sdk-core/plugins/apig_credentials_configuration.rb +2 -0
data/lib/aws-sdk-core/plugins/apig_user_agent.rb +2 -0
data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +65 -6
data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +10 -4
data/lib/aws-sdk-core/plugins/credentials_configuration.rb +50 -7
data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +172 -0
data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +65 -0
data/lib/aws-sdk-core/plugins/event_stream_configuration.rb +16 -0
data/lib/aws-sdk-core/plugins/global_configuration.rb +2 -0
data/lib/aws-sdk-core/plugins/helpful_socket_errors.rb +2 -0
data/lib/aws-sdk-core/plugins/http_checksum.rb +64 -0
data/lib/aws-sdk-core/plugins/idempotency_token.rb +2 -0
data/lib/aws-sdk-core/plugins/invocation_id.rb +35 -0
data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +36 -6
data/lib/aws-sdk-core/plugins/logging.rb +2 -0
data/lib/aws-sdk-core/plugins/param_converter.rb +2 -0
data/lib/aws-sdk-core/plugins/param_validator.rb +2 -0
data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +19 -0
data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -0
data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +2 -0
data/lib/aws-sdk-core/plugins/protocols/query.rb +2 -0
data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +18 -1
data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +2 -0
data/lib/aws-sdk-core/plugins/recursion_detection.rb +38 -0
data/lib/aws-sdk-core/plugins/regional_endpoint.rb +81 -16
data/lib/aws-sdk-core/plugins/response_paging.rb +3 -1
data/lib/aws-sdk-core/plugins/retries/client_rate_limiter.rb +139 -0
data/lib/aws-sdk-core/plugins/retries/clock_skew.rb +100 -0
data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +147 -0
data/lib/aws-sdk-core/plugins/retries/retry_quota.rb +59 -0
data/lib/aws-sdk-core/plugins/retry_errors.rb +312 -92
data/lib/aws-sdk-core/plugins/sign.rb +200 -0
data/lib/aws-sdk-core/plugins/signature_v2.rb +3 -0
data/lib/aws-sdk-core/plugins/signature_v4.rb +42 -32
data/lib/aws-sdk-core/plugins/stub_responses.rb +28 -7
data/lib/aws-sdk-core/plugins/transfer_encoding.rb +53 -0
data/lib/aws-sdk-core/plugins/user_agent.rb +9 -5
data/lib/aws-sdk-core/process_credentials.rb +20 -15
data/lib/aws-sdk-core/query/ec2_param_builder.rb +2 -0
data/lib/aws-sdk-core/query/handler.rb +8 -1
data/lib/aws-sdk-core/query/param.rb +2 -0
data/lib/aws-sdk-core/query/param_builder.rb +2 -0
data/lib/aws-sdk-core/query/param_list.rb +2 -0
data/lib/aws-sdk-core/query.rb +2 -0
data/lib/aws-sdk-core/refreshing_credentials.rb +45 -12
data/lib/aws-sdk-core/refreshing_token.rb +71 -0
data/lib/aws-sdk-core/resources/collection.rb +3 -1
data/lib/aws-sdk-core/rest/handler.rb +3 -1
data/lib/aws-sdk-core/rest/request/body.rb +21 -1
data/lib/aws-sdk-core/rest/request/builder.rb +2 -0
data/lib/aws-sdk-core/rest/request/endpoint.rb +10 -3
data/lib/aws-sdk-core/rest/request/headers.rb +16 -6
data/lib/aws-sdk-core/rest/request/querystring_builder.rb +4 -2
data/lib/aws-sdk-core/rest/response/body.rb +2 -0
data/lib/aws-sdk-core/rest/response/headers.rb +6 -3
data/lib/aws-sdk-core/rest/response/parser.rb +2 -0
data/lib/aws-sdk-core/rest/response/status_code.rb +2 -0
data/lib/aws-sdk-core/rest.rb +2 -0
data/lib/aws-sdk-core/shared_config.rb +222 -118
data/lib/aws-sdk-core/shared_credentials.rb +9 -1
data/lib/aws-sdk-core/sso_credentials.rb +172 -0
data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
data/lib/aws-sdk-core/static_token_provider.rb +14 -0
data/lib/aws-sdk-core/structure.rb +24 -7
data/lib/aws-sdk-core/stubbing/data_applicator.rb +2 -0
data/lib/aws-sdk-core/stubbing/empty_stub.rb +2 -0
data/lib/aws-sdk-core/stubbing/protocols/api_gateway.rb +2 -0
data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +2 -0
data/lib/aws-sdk-core/stubbing/protocols/json.rb +3 -1
data/lib/aws-sdk-core/stubbing/protocols/query.rb +4 -2
data/lib/aws-sdk-core/stubbing/protocols/rest.rb +52 -7
data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +3 -1
data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +2 -2
data/lib/aws-sdk-core/stubbing/stub_data.rb +15 -4
data/lib/aws-sdk-core/stubbing/xml_error.rb +2 -0
data/lib/aws-sdk-core/token.rb +31 -0
data/lib/aws-sdk-core/token_provider.rb +15 -0
data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
data/lib/aws-sdk-core/type_builder.rb +2 -0
data/lib/aws-sdk-core/util.rb +24 -0
data/lib/aws-sdk-core/waiters/errors.rb +2 -0
data/lib/aws-sdk-core/waiters/poller.rb +2 -0
data/lib/aws-sdk-core/waiters/waiter.rb +4 -2
data/lib/aws-sdk-core/waiters.rb +2 -0
data/lib/aws-sdk-core/xml/builder.rb +5 -3
data/lib/aws-sdk-core/xml/default_list.rb +2 -0
data/lib/aws-sdk-core/xml/default_map.rb +2 -0
data/lib/aws-sdk-core/xml/doc_builder.rb +15 -4
data/lib/aws-sdk-core/xml/error_handler.rb +36 -4
data/lib/aws-sdk-core/xml/parser/engines/libxml.rb +2 -0
data/lib/aws-sdk-core/xml/parser/engines/nokogiri.rb +2 -0
data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
data/lib/aws-sdk-core/xml/parser/engines/ox.rb +3 -1
data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +4 -1
data/lib/aws-sdk-core/xml/parser/frame.rb +25 -0
data/lib/aws-sdk-core/xml/parser/parsing_error.rb +2 -0
data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
data/lib/aws-sdk-core/xml/parser.rb +7 -0
data/lib/aws-sdk-core/xml.rb +2 -0
data/lib/aws-sdk-core.rb +42 -4
data/lib/aws-sdk-sso/client.rb +610 -0
data/lib/aws-sdk-sso/client_api.rb +190 -0
data/lib/aws-sdk-sso/customizations.rb +1 -0
data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
data/lib/aws-sdk-sso/endpoint_provider.rb +112 -0
data/lib/aws-sdk-sso/endpoints.rb +71 -0
data/lib/aws-sdk-sso/errors.rb +102 -0
data/lib/aws-sdk-sso/plugins/endpoints.rb +76 -0
data/lib/aws-sdk-sso/resource.rb +26 -0
data/lib/aws-sdk-sso/types.rb +317 -0
data/lib/aws-sdk-sso.rb +59 -0
data/lib/aws-sdk-ssooidc/client.rb +606 -0
data/lib/aws-sdk-ssooidc/client_api.rb +216 -0
data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
data/lib/aws-sdk-ssooidc/endpoint_provider.rb +111 -0
data/lib/aws-sdk-ssooidc/endpoints.rb +57 -0
data/lib/aws-sdk-ssooidc/errors.rb +290 -0
data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +74 -0
data/lib/aws-sdk-ssooidc/resource.rb +26 -0
data/lib/aws-sdk-ssooidc/types.rb +502 -0
data/lib/aws-sdk-ssooidc.rb +59 -0
data/lib/aws-sdk-sts/client.rb +1426 -616
data/lib/aws-sdk-sts/client_api.rb +76 -1
data/lib/aws-sdk-sts/customizations.rb +4 -0
data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
data/lib/aws-sdk-sts/endpoint_provider.rb +229 -0
data/lib/aws-sdk-sts/endpoints.rb +135 -0
data/lib/aws-sdk-sts/errors.rb +153 -1
data/lib/aws-sdk-sts/plugins/endpoints.rb +84 -0
data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +38 -0
data/lib/aws-sdk-sts/presigner.rb +73 -0
data/lib/aws-sdk-sts/resource.rb +4 -1
data/lib/aws-sdk-sts/types.rb +918 -296
data/lib/aws-sdk-sts.rb +20 -6
data/lib/seahorse/client/async_base.rb +51 -0
data/lib/seahorse/client/async_response.rb +64 -0
data/lib/seahorse/client/base.rb +7 -2
data/lib/seahorse/client/block_io.rb +6 -2
data/lib/seahorse/client/configuration.rb +17 -3
data/lib/seahorse/client/events.rb +3 -1
data/lib/seahorse/client/h2/connection.rb +247 -0
data/lib/seahorse/client/h2/handler.rb +152 -0
data/lib/seahorse/client/handler.rb +2 -0
data/lib/seahorse/client/handler_builder.rb +2 -0
data/lib/seahorse/client/handler_list.rb +2 -0
data/lib/seahorse/client/handler_list_entry.rb +6 -4
data/lib/seahorse/client/http/async_response.rb +44 -0
data/lib/seahorse/client/http/headers.rb +2 -0
data/lib/seahorse/client/http/request.rb +5 -3
data/lib/seahorse/client/http/response.rb +18 -11
data/lib/seahorse/client/logging/formatter.rb +6 -2
data/lib/seahorse/client/logging/handler.rb +2 -0
data/lib/seahorse/client/managed_file.rb +2 -0
data/lib/seahorse/client/net_http/connection_pool.rb +30 -23
data/lib/seahorse/client/net_http/handler.rb +24 -7
data/lib/seahorse/client/net_http/patches.rb +16 -79
data/lib/seahorse/client/networking_error.rb +30 -0
data/lib/seahorse/client/plugin.rb +10 -7
data/lib/seahorse/client/plugin_list.rb +2 -0
data/lib/seahorse/client/plugins/content_length.rb +14 -3
data/lib/seahorse/client/plugins/endpoint.rb +4 -2
data/lib/seahorse/client/plugins/h2.rb +69 -0
data/lib/seahorse/client/plugins/logging.rb +2 -0
data/lib/seahorse/client/plugins/net_http.rb +39 -3
data/lib/seahorse/client/plugins/operation_methods.rb +2 -0
data/lib/seahorse/client/plugins/raise_response_errors.rb +2 -0
data/lib/seahorse/client/plugins/request_callback.rb +110 -0
data/lib/seahorse/client/plugins/response_target.rb +23 -14
data/lib/seahorse/client/request.rb +2 -0
data/lib/seahorse/client/request_context.rb +2 -0
data/lib/seahorse/client/response.rb +5 -5
data/lib/seahorse/model/api.rb +14 -0
data/lib/seahorse/model/authorizer.rb +2 -0
data/lib/seahorse/model/operation.rb +21 -0
data/lib/seahorse/model/shapes.rb +29 -2
data/lib/seahorse/util.rb +12 -1
data/lib/seahorse/version.rb +2 -0
data/lib/seahorse.rb +12 -0
metadata +117 -16

data/lib/aws-sdk-core/plugins/sign.rb ADDED Viewed

@@ -0,0 +1,200 @@
+# frozen_string_literal: true
+require 'aws-sigv4'
+module Aws
+  module Plugins
+    # @api private
+    class Sign < Seahorse::Client::Plugin
+      # These once had defaults. But now they are used as overrides to
+      # new endpoint and auth resolution.
+      option(:sigv4_signer)
+      option(:sigv4_name)
+      option(:sigv4_region)
+      option(:unsigned_operations, default: [])
+      supported_auth_types = %w[sigv4 bearer none]
+      supported_auth_types += ['sigv4a'] if Aws::Sigv4::Signer.use_crt?
+      SUPPORTED_AUTH_TYPES = supported_auth_types.freeze
+      def add_handlers(handlers, cfg)
+        operations = cfg.api.operation_names - cfg.unsigned_operations
+        handlers.add(Handler, step: :sign, operations: operations)
+      end
+      # @api private
+      # Return a signer with the `sign(context)` method
+      def self.signer_for(auth_scheme, config, region_override = nil)
+        case auth_scheme['name']
+        when 'sigv4', 'sigv4a'
+          SignatureV4.new(auth_scheme, config, region_override)
+        when 'bearer'
+          Bearer.new
+        else
+          NullSigner.new
+        end
+      end
+      class Handler < Seahorse::Client::Handler
+        def call(context)
+          # Skip signing if using sigv2 signing from s3_signer in S3
+          unless v2_signing?(context.config)
+            signer = Sign.signer_for(
+              context[:auth_scheme],
+              context.config,
+              context[:sigv4_region]
+            )
+            signer.sign(context)
+          end
+          @handler.call(context)
+        end
+        private
+        def v2_signing?(config)
+          # 's3' is legacy signing, 'v4' is default
+          config.respond_to?(:signature_version) &&
+            config.signature_version == 's3'
+        end
+      end
+      # @api private
+      class Bearer
+        def initialize
+        end
+        def sign(context)
+          if context.http_request.endpoint.scheme != 'https'
+            raise ArgumentError,
+                  'Unable to use bearer authorization on non https endpoint.'
+          end
+          token_provider = context.config.token_provider
+          raise Errors::MissingBearerTokenError unless token_provider&.set?
+          context.http_request.headers['Authorization'] =
+            "Bearer #{token_provider.token.token}"
+        end
+        def presign_url(*args)
+          raise ArgumentError, 'Bearer auth does not support presigned urls'
+        end
+        def sign_event(*args)
+          raise ArgumentError, 'Bearer auth does not support event signing'
+        end
+      end
+      # @api private
+      class SignatureV4
+        def initialize(auth_scheme, config, region_override = nil)
+          scheme_name = auth_scheme['name']
+          unless %w[sigv4 sigv4a].include?(scheme_name)
+            raise ArgumentError,
+                  "Expected sigv4 or sigv4a auth scheme, got #{scheme_name}"
+          end
+          region = if scheme_name == 'sigv4a'
+                     auth_scheme['signingRegionSet'].first
+                   else
+                     auth_scheme['signingRegion']
+                   end
+          begin
+            @signer = Aws::Sigv4::Signer.new(
+              service: config.sigv4_name || auth_scheme['signingName'],
+              region: region_override || config.sigv4_region || region,
+              credentials_provider: config.credentials,
+              signing_algorithm: scheme_name.to_sym,
+              uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
+              unsigned_headers: %w[content-length user-agent x-amzn-trace-id]
+            )
+          rescue Aws::Sigv4::Errors::MissingCredentialsError
+            raise Aws::Errors::MissingCredentialsError
+          end
+        end
+        def sign(context)
+          req = context.http_request
+          apply_authtype(context, req)
+          reset_signature(req)
+          apply_clock_skew(context, req)
+          # compute the signature
+          begin
+            signature = @signer.sign_request(
+              http_method: req.http_method,
+              url: req.endpoint,
+              headers: req.headers,
+              body: req.body
+            )
+          rescue Aws::Sigv4::Errors::MissingCredentialsError
+            # Necessary for when credentials is explicitly set to nil
+            raise Aws::Errors::MissingCredentialsError
+          end
+          # apply signature headers
+          req.headers.update(signature.headers)
+          # add request metadata with signature components for debugging
+          context[:canonical_request] = signature.canonical_request
+          context[:string_to_sign] = signature.string_to_sign
+        end
+        def presign_url(*args)
+          @signer.presign_url(*args)
+        end
+        def sign_event(*args)
+          @signer.sign_event(*args)
+        end
+        private
+        def apply_authtype(context, req)
+          if context.operation['authtype'].eql?('v4-unsigned-body') &&
+             req.endpoint.scheme.eql?('https')
+            req.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
+          end
+        end
+        def reset_signature(req)
+          # in case this request is being re-signed
+          req.headers.delete('Authorization')
+          req.headers.delete('X-Amz-Security-Token')
+          req.headers.delete('X-Amz-Date')
+          req.headers.delete('x-Amz-Region-Set')
+        end
+        def apply_clock_skew(context, req)
+          if context.config.respond_to?(:clock_skew) &&
+             context.config.clock_skew &&
+             context.config.correct_clock_skew
+            endpoint = context.http_request.endpoint
+            skew = context.config.clock_skew.clock_correction(endpoint)
+            if skew.abs.positive?
+              req.headers['X-Amz-Date'] =
+                (Time.now.utc + skew).strftime('%Y%m%dT%H%M%SZ')
+            end
+          end
+        end
+      end
+      # @api private
+      class NullSigner
+        def sign(context)
+        end
+        def presign_url(*args)
+        end
+        def sign_event(*args)
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/signature_v2.rb CHANGED Viewed

@@ -1,6 +1,9 @@
+# frozen_string_literal: true
 module Aws
   module Plugins
     # @api private
+    # Necessary to keep after Endpoints 2.0
     class SignatureV2 < Seahorse::Client::Plugin
       option(:v2_signer) do |cfg|

data/lib/aws-sdk-core/plugins/signature_v4.rb CHANGED Viewed

@@ -1,52 +1,50 @@
+# frozen_string_literal: true
 require 'aws-sigv4'
 module Aws
   module Plugins
     # @api private
+    # Necessary to exist after endpoints 2.0
     class SignatureV4 < Seahorse::Client::Plugin
+      V4_AUTH = %w[v4 v4-unsigned-payload v4-unsigned-body]
       option(:sigv4_signer) do |cfg|
         SignatureV4.build_signer(cfg)
       end
       option(:sigv4_name) do |cfg|
-        cfg.api.metadata['signingName'] || cfg.api.metadata['endpointPrefix']
+        signingName = if cfg.region
+          Aws::Partitions::EndpointProvider.signing_service(
+            cfg.region, cfg.api.metadata['endpointPrefix']
+          )
+        end
+        signingName || cfg.api.metadata['signingName'] || cfg.api.metadata['endpointPrefix']
       end
       option(:sigv4_region) do |cfg|
-        # The signature version 4 signing region is most
-        # commonly the configured region. There are a few
-        # notable exceptions:
-        #
-        # * Some services have a global endpoint to the entire
-        #   partition. For example, when constructing a route53
-        #   client for a region like "us-west-2", we will
-        #   always use "route53.amazonaws.com". This endpoint
-        #   is actually global to the entire partition,
-        #   and must be signed as "us-east-1".
-        #
-        # * When the region is configured, but it is configured
-        #   to a non region, such as "aws-global". This is similar
-        #   to the previous case. We use the Aws::Partitions::EndpointProvider
-        #   to resolve to the actual signing region.
-        #
-        prefix = cfg.api.metadata['endpointPrefix']
-        if prefix && cfg.endpoint.to_s.match(/#{prefix}\.amazonaws\.com/)
-          'us-east-1'
-        elsif cfg.region
-          Aws::Partitions::EndpointProvider.signing_region(cfg.region, cfg.sigv4_name)
+        if cfg.region
+          if cfg.respond_to?(:sts_regional_endpoints)
+            sts_regional = cfg.sts_regional_endpoints
+          end
+          Aws::Partitions::EndpointProvider.signing_region(
+            cfg.region, cfg.api.metadata['endpointPrefix'], sts_regional
+          )
         end
       end
       option(:unsigned_operations) do |cfg|
-        cfg.api.operation_names.inject([]) do |unsigned, operation_name|
-          if cfg.api.operation(operation_name)['authtype'] == 'none' ||
-            cfg.api.operation(operation_name)['authtype'] == 'custom'
-            # Unsign requests that has custom apigateway authorizer as well
-            unsigned << operation_name
-          else
-            unsigned
+        if cfg.api.metadata['signatureVersion'] == 'v4'
+          # select operations where authtype is set and is not v4
+          cfg.api.operation_names.select do |o|
+            cfg.api.operation(o)['authtype'] && !V4_AUTH.include?(cfg.api.operation(o)['authtype'])
+          end
+        else # service is not v4 auth
+          # select all operations where authtype is not v4
+          # (includes operations with no explicit authtype)
+          cfg.api.operation_names.select do |o|
+            !V4_AUTH.include?(cfg.api.operation(o)['authtype'])
           end
         end
       end
@@ -106,6 +104,18 @@ module Aws
           req.headers.delete('Authorization')
           req.headers.delete('X-Amz-Security-Token')
           req.headers.delete('X-Amz-Date')
+          req.headers.delete('x-Amz-Region-Set')
+          if context.config.respond_to?(:clock_skew) &&
+             context.config.clock_skew &&
+             context.config.correct_clock_skew
+            endpoint = context.http_request.endpoint
+            skew = context.config.clock_skew.clock_correction(endpoint)
+            if skew.abs > 0
+              req.headers['X-Amz-Date'] = (Time.now.utc + skew).strftime("%Y%m%dT%H%M%SZ")
+            end
+          end
           # compute the signature
           begin
@@ -130,8 +140,8 @@ module Aws
         # @api private
         def apply_authtype(context)
           if context.operation['authtype'].eql?('v4-unsigned-body') &&
-            context.http_request.endpoint.scheme.eql?('https')
-            context.http_request.headers['X-Amz-Content-Sha256'] = 'UNSIGNED-PAYLOAD'
+             context.http_request.endpoint.scheme.eql?('https')
+            context.http_request.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
           end
           context
         end

data/lib/aws-sdk-core/plugins/stub_responses.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Aws
   module Plugins
     # @api private
@@ -34,9 +36,12 @@ requests are made, and retries are disabled.
         if client.config.stub_responses
           client.setup_stubbing
           client.handlers.remove(RetryErrors::Handler)
+          client.handlers.remove(RetryErrors::LegacyHandler)
           client.handlers.remove(ClientMetricsPlugin::Handler)
           client.handlers.remove(ClientMetricsSendPlugin::LatencyHandler)
           client.handlers.remove(ClientMetricsSendPlugin::AttemptHandler)
+          client.handlers.remove(Seahorse::Client::Plugins::RequestCallback::OptionHandler)
+          client.handlers.remove(Seahorse::Client::Plugins::RequestCallback::ReadCallbackHandler)
         end
       end
@@ -45,15 +50,22 @@ requests are made, and retries are disabled.
         def call(context)
           stub = context.client.next_stub(context)
           resp = Seahorse::Client::Response.new(context: context)
-          apply_stub(stub, resp)
-          resp
+          async_mode = context.client.is_a? Seahorse::Client::AsyncBase
+          if Hash === stub && stub[:mutex]
+            stub[:mutex].synchronize { apply_stub(stub, resp, async_mode) }
+          else
+            apply_stub(stub, resp, async_mode)
+          end
+          async_mode ? Seahorse::Client::AsyncResponse.new(
+            context: context, stream: context[:input_event_stream_handler].event_emitter.stream, sync_queue: Queue.new) : resp
         end
-        def apply_stub(stub, response)
+        def apply_stub(stub, response, async_mode = false)
           http_resp = response.context.http_response
           case
           when stub[:error] then signal_error(stub[:error], http_resp)
-          when stub[:http] then signal_http(stub[:http], http_resp)
+          when stub[:http] then signal_http(stub[:http], http_resp, async_mode)
           when stub[:data] then response.data = stub[:data]
           end
         end
@@ -67,9 +79,18 @@ requests are made, and retries are disabled.
         end
         # @param [Seahorse::Client::Http::Response] stub
-        # @param [Seahorse::Client::Http::Response] http_resp
-        def signal_http(stub, http_resp)
-          http_resp.signal_headers(stub.status_code, stub.headers.to_h)
+        # @param [Seahorse::Client::Http::Response | Seahorse::Client::Http::AsyncResponse] http_resp
+        # @param [Boolean] async_mode
+        def signal_http(stub, http_resp, async_mode = false)
+          if async_mode
+            h2_headers = stub.headers.to_h.inject([]) do |arr, (k, v)|
+              arr << [k, v]
+            end
+            h2_headers << [":status", stub.status_code]
+            http_resp.signal_headers(h2_headers)
+          else
+            http_resp.signal_headers(stub.status_code, stub.headers.to_h)
+          end
           while chunk = stub.body.read(1024 * 1024)
             http_resp.signal_data(chunk)
           end

data/lib/aws-sdk-core/plugins/transfer_encoding.rb ADDED Viewed

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+module Aws
+  module Plugins
+    # For Streaming Input Operations, when `requiresLength` is enabled
+    # checking whether `Content-Length` header can be set,
+    # for `v4-unsigned-body` operations, set `Transfer-Encoding` header
+    class TransferEncoding < Seahorse::Client::Plugin
+      # @api private
+      class Handler < Seahorse::Client::Handler
+        def call(context)
+          if streaming?(context.operation.input)
+            # If it's an IO object and not a File / String / String IO
+            unless context.http_request.body.respond_to?(:size)
+              if requires_length?(context.operation.input)
+                # if size of the IO is not available but required
+                raise Aws::Errors::MissingContentLength.new
+              elsif context.operation['authtype'] == "v4-unsigned-body"
+                context.http_request.headers['Transfer-Encoding'] = 'chunked'
+              end
+            end
+          end
+          @handler.call(context)
+        end
+        private
+        def streaming?(ref)
+          if payload = ref[:payload_member]
+            payload["streaming"] || # checking ref and shape
+              payload.shape["streaming"]
+          else
+            false
+          end
+        end
+        def requires_length?(ref)
+          payload = ref[:payload_member]
+          payload["requiresLength"] || # checking ref and shape
+            payload.shape["requiresLength"]
+        end
+      end
+      handler(Handler, step: :sign)
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/user_agent.rb CHANGED Viewed

@@ -1,13 +1,13 @@
+# frozen_string_literal: true
 module Aws
   module Plugins
     # @api private
     class UserAgent < Seahorse::Client::Plugin
       option(:user_agent_suffix)
       # @api private
       class Handler < Seahorse::Client::Handler
         def call(context)
           set_user_agent(context)
           @handler.call(context)
@@ -28,15 +28,19 @@ module Aws
             ua += " #{context[:gem_name]}/#{context[:gem_version]}"
           end
-          ua += " #{context.config.user_agent_suffix}" if context.config.user_agent_suffix
+          if (execution_env = ENV['AWS_EXECUTION_ENV'])
+            ua += " exec-env/#{execution_env}"
+          end
+          if context.config.user_agent_suffix
+            ua += " #{context.config.user_agent_suffix}"
+          end
           context.http_request.headers['User-Agent'] = ua.strip
         end
       end
       handler(Handler)
     end
   end
 end

data/lib/aws-sdk-core/process_credentials.rb CHANGED Viewed

@@ -1,19 +1,16 @@
-require 'open3'
+# frozen_string_literal: true
 module Aws
   # A credential provider that executes a given process and attempts
-  # to read its stdout to recieve a JSON payload containing the credentials
-  #
-  # Automatically handles refreshing credentials if an Expiration time is
-  # provided in the credentials payload
-  #
-  #     credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc').credentials
+  # to read its stdout to recieve a JSON payload containing the credentials.
   #
+  #     credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc')
   #     ec2 = Aws::EC2::Client.new(credentials: credentials)
   #
-  # More documentation on process based credentials can be found here:
-  # https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes
+  # Automatically handles refreshing credentials if an Expiration time is
+  # provided in the credentials payload.
+  #
+  # @see https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes
   class ProcessCredentials
     include CredentialProvider
@@ -23,22 +20,30 @@ module Aws
     # external process to be used as a credential provider.
     #
     # @param [String] process Invocation string for process
-    # credentials provider.
+    # credentials provider.
     def initialize(process)
       @process = process
       @credentials = credentials_from_process(@process)
+      @async_refresh = false
+      super
     end
     private
     def credentials_from_process(proc_invocation)
       begin
-        raw_out, process_status = Open3.capture2(proc_invocation)
+        raw_out = `#{proc_invocation}`
+        process_status = $?
       rescue Errno::ENOENT
         raise Errors::InvalidProcessCredentialsPayload.new("Could not find process #{proc_invocation}")
       end
       if process_status.success?
-        creds_json = JSON.parse(raw_out)
+        begin
+          creds_json = Aws::Json.load(raw_out)
+        rescue Aws::Json::ParseError
+          raise Errors::InvalidProcessCredentialsPayload.new("Invalid JSON response")
+        end
         payload_version = creds_json['Version']
         if payload_version == 1
           _parse_payload_format_v1(creds_json)
@@ -66,9 +71,9 @@ module Aws
       @credentials = credentials_from_process(@process)
     end
-    def near_expiration?
+    def near_expiration?(expiration_length)
       # are we within 5 minutes of expiration?
-      @expiration && (Time.now.to_i + 5 * 60) > @expiration.to_i
+      @expiration && (Time.now.to_i + expiration_length) > @expiration.to_i
     end
   end
 end

data/lib/aws-sdk-core/query/ec2_param_builder.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'base64'
 module Aws

data/lib/aws-sdk-core/query/handler.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Aws
   # @api private
   module Query
@@ -27,7 +29,12 @@ module Aws
         build_request(context)
         @handler.call(context).on_success do |response|
           response.error = nil
-          response.data = parse_xml(context) || EmptyStructure.new
+          parsed = parse_xml(context)
+          if parsed.nil? || parsed == EmptyStructure
+            response.data = EmptyStructure.new
+          else
+            response.data = parsed
+          end
         end
       end

data/lib/aws-sdk-core/query/param.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Aws
   module Query
     class Param

data/lib/aws-sdk-core/query/param_builder.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'base64'
 module Aws

data/lib/aws-sdk-core/query/param_list.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'stringio'
 module Aws

data/lib/aws-sdk-core/query.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'query/ec2_param_builder'
 require_relative 'query/handler'
 require_relative 'query/param'