aws-sdk-core 3.31.0 → 3.168.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +1573 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +153 -0
- data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
- data/lib/aws-defaults.rb +3 -0
- data/lib/aws-sdk-core/arn.rb +105 -0
- data/lib/aws-sdk-core/arn_parser.rb +40 -0
- data/lib/aws-sdk-core/assume_role_credentials.rb +23 -7
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +108 -0
- data/lib/aws-sdk-core/async_client_stubs.rb +82 -0
- data/lib/aws-sdk-core/binary/decode_handler.rb +11 -1
- data/lib/aws-sdk-core/binary/encode_handler.rb +45 -0
- data/lib/aws-sdk-core/binary/event_builder.rb +124 -0
- data/lib/aws-sdk-core/binary/event_parser.rb +50 -18
- data/lib/aws-sdk-core/binary/event_stream_decoder.rb +7 -2
- data/lib/aws-sdk-core/binary/event_stream_encoder.rb +55 -0
- data/lib/aws-sdk-core/binary.rb +5 -0
- data/lib/aws-sdk-core/client_side_monitoring/publisher.rb +11 -1
- data/lib/aws-sdk-core/client_side_monitoring/request_metrics.rb +71 -9
- data/lib/aws-sdk-core/client_stubs.rb +21 -14
- data/lib/aws-sdk-core/credential_provider.rb +1 -30
- data/lib/aws-sdk-core/credential_provider_chain.rb +107 -43
- data/lib/aws-sdk-core/credentials.rb +2 -0
- data/lib/aws-sdk-core/deprecations.rb +17 -11
- data/lib/aws-sdk-core/eager_loader.rb +2 -0
- data/lib/aws-sdk-core/ec2_metadata.rb +238 -0
- data/lib/aws-sdk-core/ecs_credentials.rb +24 -9
- data/lib/aws-sdk-core/endpoint_cache.rb +193 -0
- data/lib/aws-sdk-core/endpoints/condition.rb +36 -0
- data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
- data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +71 -0
- data/lib/aws-sdk-core/endpoints/error_rule.rb +37 -0
- data/lib/aws-sdk-core/endpoints/function.rb +75 -0
- data/lib/aws-sdk-core/endpoints/matchers.rb +127 -0
- data/lib/aws-sdk-core/endpoints/reference.rb +26 -0
- data/lib/aws-sdk-core/endpoints/rule.rb +20 -0
- data/lib/aws-sdk-core/endpoints/rule_set.rb +47 -0
- data/lib/aws-sdk-core/endpoints/rules_provider.rb +32 -0
- data/lib/aws-sdk-core/endpoints/templater.rb +52 -0
- data/lib/aws-sdk-core/endpoints/tree_rule.rb +40 -0
- data/lib/aws-sdk-core/endpoints/url.rb +59 -0
- data/lib/aws-sdk-core/endpoints.rb +74 -0
- data/lib/aws-sdk-core/errors.rb +172 -12
- data/lib/aws-sdk-core/event_emitter.rb +44 -0
- data/lib/aws-sdk-core/ini_parser.rb +2 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +231 -42
- data/lib/aws-sdk-core/json/builder.rb +2 -0
- data/lib/aws-sdk-core/json/error_handler.rb +31 -3
- data/lib/aws-sdk-core/json/handler.rb +21 -1
- data/lib/aws-sdk-core/json/json_engine.rb +12 -8
- data/lib/aws-sdk-core/json/oj_engine.rb +35 -6
- data/lib/aws-sdk-core/json/parser.rb +10 -0
- data/lib/aws-sdk-core/json.rb +11 -28
- data/lib/aws-sdk-core/log/formatter.rb +16 -4
- data/lib/aws-sdk-core/log/handler.rb +2 -0
- data/lib/aws-sdk-core/log/param_filter.rb +38 -13
- data/lib/aws-sdk-core/log/param_formatter.rb +2 -0
- data/lib/aws-sdk-core/pageable_response.rb +118 -47
- data/lib/aws-sdk-core/pager.rb +5 -0
- data/lib/aws-sdk-core/param_converter.rb +2 -0
- data/lib/aws-sdk-core/param_validator.rb +63 -7
- data/lib/aws-sdk-core/plugins/api_key.rb +5 -1
- data/lib/aws-sdk-core/plugins/apig_authorizer_token.rb +2 -0
- data/lib/aws-sdk-core/plugins/apig_credentials_configuration.rb +2 -0
- data/lib/aws-sdk-core/plugins/apig_user_agent.rb +2 -0
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
- data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +65 -6
- data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +10 -4
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +50 -7
- data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +172 -0
- data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +65 -0
- data/lib/aws-sdk-core/plugins/event_stream_configuration.rb +16 -0
- data/lib/aws-sdk-core/plugins/global_configuration.rb +2 -0
- data/lib/aws-sdk-core/plugins/helpful_socket_errors.rb +2 -0
- data/lib/aws-sdk-core/plugins/http_checksum.rb +64 -0
- data/lib/aws-sdk-core/plugins/idempotency_token.rb +2 -0
- data/lib/aws-sdk-core/plugins/invocation_id.rb +35 -0
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +36 -6
- data/lib/aws-sdk-core/plugins/logging.rb +2 -0
- data/lib/aws-sdk-core/plugins/param_converter.rb +2 -0
- data/lib/aws-sdk-core/plugins/param_validator.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +19 -0
- data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/query.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +18 -1
- data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +2 -0
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +38 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +81 -16
- data/lib/aws-sdk-core/plugins/response_paging.rb +3 -1
- data/lib/aws-sdk-core/plugins/retries/client_rate_limiter.rb +139 -0
- data/lib/aws-sdk-core/plugins/retries/clock_skew.rb +100 -0
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +147 -0
- data/lib/aws-sdk-core/plugins/retries/retry_quota.rb +59 -0
- data/lib/aws-sdk-core/plugins/retry_errors.rb +312 -92
- data/lib/aws-sdk-core/plugins/sign.rb +200 -0
- data/lib/aws-sdk-core/plugins/signature_v2.rb +3 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +42 -32
- data/lib/aws-sdk-core/plugins/stub_responses.rb +28 -7
- data/lib/aws-sdk-core/plugins/transfer_encoding.rb +53 -0
- data/lib/aws-sdk-core/plugins/user_agent.rb +9 -5
- data/lib/aws-sdk-core/process_credentials.rb +20 -15
- data/lib/aws-sdk-core/query/ec2_param_builder.rb +2 -0
- data/lib/aws-sdk-core/query/handler.rb +8 -1
- data/lib/aws-sdk-core/query/param.rb +2 -0
- data/lib/aws-sdk-core/query/param_builder.rb +2 -0
- data/lib/aws-sdk-core/query/param_list.rb +2 -0
- data/lib/aws-sdk-core/query.rb +2 -0
- data/lib/aws-sdk-core/refreshing_credentials.rb +45 -12
- data/lib/aws-sdk-core/refreshing_token.rb +71 -0
- data/lib/aws-sdk-core/resources/collection.rb +3 -1
- data/lib/aws-sdk-core/rest/handler.rb +3 -1
- data/lib/aws-sdk-core/rest/request/body.rb +21 -1
- data/lib/aws-sdk-core/rest/request/builder.rb +2 -0
- data/lib/aws-sdk-core/rest/request/endpoint.rb +10 -3
- data/lib/aws-sdk-core/rest/request/headers.rb +16 -6
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +4 -2
- data/lib/aws-sdk-core/rest/response/body.rb +2 -0
- data/lib/aws-sdk-core/rest/response/headers.rb +6 -3
- data/lib/aws-sdk-core/rest/response/parser.rb +2 -0
- data/lib/aws-sdk-core/rest/response/status_code.rb +2 -0
- data/lib/aws-sdk-core/rest.rb +2 -0
- data/lib/aws-sdk-core/shared_config.rb +222 -118
- data/lib/aws-sdk-core/shared_credentials.rb +9 -1
- data/lib/aws-sdk-core/sso_credentials.rb +172 -0
- data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
- data/lib/aws-sdk-core/static_token_provider.rb +14 -0
- data/lib/aws-sdk-core/structure.rb +24 -7
- data/lib/aws-sdk-core/stubbing/data_applicator.rb +2 -0
- data/lib/aws-sdk-core/stubbing/empty_stub.rb +2 -0
- data/lib/aws-sdk-core/stubbing/protocols/api_gateway.rb +2 -0
- data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +2 -0
- data/lib/aws-sdk-core/stubbing/protocols/json.rb +3 -1
- data/lib/aws-sdk-core/stubbing/protocols/query.rb +4 -2
- data/lib/aws-sdk-core/stubbing/protocols/rest.rb +52 -7
- data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +3 -1
- data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +2 -2
- data/lib/aws-sdk-core/stubbing/stub_data.rb +15 -4
- data/lib/aws-sdk-core/stubbing/xml_error.rb +2 -0
- data/lib/aws-sdk-core/token.rb +31 -0
- data/lib/aws-sdk-core/token_provider.rb +15 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
- data/lib/aws-sdk-core/type_builder.rb +2 -0
- data/lib/aws-sdk-core/util.rb +24 -0
- data/lib/aws-sdk-core/waiters/errors.rb +2 -0
- data/lib/aws-sdk-core/waiters/poller.rb +2 -0
- data/lib/aws-sdk-core/waiters/waiter.rb +4 -2
- data/lib/aws-sdk-core/waiters.rb +2 -0
- data/lib/aws-sdk-core/xml/builder.rb +5 -3
- data/lib/aws-sdk-core/xml/default_list.rb +2 -0
- data/lib/aws-sdk-core/xml/default_map.rb +2 -0
- data/lib/aws-sdk-core/xml/doc_builder.rb +15 -4
- data/lib/aws-sdk-core/xml/error_handler.rb +36 -4
- data/lib/aws-sdk-core/xml/parser/engines/libxml.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/nokogiri.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/ox.rb +3 -1
- data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +4 -1
- data/lib/aws-sdk-core/xml/parser/frame.rb +25 -0
- data/lib/aws-sdk-core/xml/parser/parsing_error.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
- data/lib/aws-sdk-core/xml/parser.rb +7 -0
- data/lib/aws-sdk-core/xml.rb +2 -0
- data/lib/aws-sdk-core.rb +42 -4
- data/lib/aws-sdk-sso/client.rb +610 -0
- data/lib/aws-sdk-sso/client_api.rb +190 -0
- data/lib/aws-sdk-sso/customizations.rb +1 -0
- data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-sso/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-sso/endpoints.rb +71 -0
- data/lib/aws-sdk-sso/errors.rb +102 -0
- data/lib/aws-sdk-sso/plugins/endpoints.rb +76 -0
- data/lib/aws-sdk-sso/resource.rb +26 -0
- data/lib/aws-sdk-sso/types.rb +317 -0
- data/lib/aws-sdk-sso.rb +59 -0
- data/lib/aws-sdk-ssooidc/client.rb +606 -0
- data/lib/aws-sdk-ssooidc/client_api.rb +216 -0
- data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +111 -0
- data/lib/aws-sdk-ssooidc/endpoints.rb +57 -0
- data/lib/aws-sdk-ssooidc/errors.rb +290 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +74 -0
- data/lib/aws-sdk-ssooidc/resource.rb +26 -0
- data/lib/aws-sdk-ssooidc/types.rb +502 -0
- data/lib/aws-sdk-ssooidc.rb +59 -0
- data/lib/aws-sdk-sts/client.rb +1426 -616
- data/lib/aws-sdk-sts/client_api.rb +76 -1
- data/lib/aws-sdk-sts/customizations.rb +4 -0
- data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
- data/lib/aws-sdk-sts/endpoint_provider.rb +229 -0
- data/lib/aws-sdk-sts/endpoints.rb +135 -0
- data/lib/aws-sdk-sts/errors.rb +153 -1
- data/lib/aws-sdk-sts/plugins/endpoints.rb +84 -0
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +38 -0
- data/lib/aws-sdk-sts/presigner.rb +73 -0
- data/lib/aws-sdk-sts/resource.rb +4 -1
- data/lib/aws-sdk-sts/types.rb +918 -296
- data/lib/aws-sdk-sts.rb +20 -6
- data/lib/seahorse/client/async_base.rb +51 -0
- data/lib/seahorse/client/async_response.rb +64 -0
- data/lib/seahorse/client/base.rb +7 -2
- data/lib/seahorse/client/block_io.rb +6 -2
- data/lib/seahorse/client/configuration.rb +17 -3
- data/lib/seahorse/client/events.rb +3 -1
- data/lib/seahorse/client/h2/connection.rb +247 -0
- data/lib/seahorse/client/h2/handler.rb +152 -0
- data/lib/seahorse/client/handler.rb +2 -0
- data/lib/seahorse/client/handler_builder.rb +2 -0
- data/lib/seahorse/client/handler_list.rb +2 -0
- data/lib/seahorse/client/handler_list_entry.rb +6 -4
- data/lib/seahorse/client/http/async_response.rb +44 -0
- data/lib/seahorse/client/http/headers.rb +2 -0
- data/lib/seahorse/client/http/request.rb +5 -3
- data/lib/seahorse/client/http/response.rb +18 -11
- data/lib/seahorse/client/logging/formatter.rb +6 -2
- data/lib/seahorse/client/logging/handler.rb +2 -0
- data/lib/seahorse/client/managed_file.rb +2 -0
- data/lib/seahorse/client/net_http/connection_pool.rb +30 -23
- data/lib/seahorse/client/net_http/handler.rb +24 -7
- data/lib/seahorse/client/net_http/patches.rb +16 -79
- data/lib/seahorse/client/networking_error.rb +30 -0
- data/lib/seahorse/client/plugin.rb +10 -7
- data/lib/seahorse/client/plugin_list.rb +2 -0
- data/lib/seahorse/client/plugins/content_length.rb +14 -3
- data/lib/seahorse/client/plugins/endpoint.rb +4 -2
- data/lib/seahorse/client/plugins/h2.rb +69 -0
- data/lib/seahorse/client/plugins/logging.rb +2 -0
- data/lib/seahorse/client/plugins/net_http.rb +39 -3
- data/lib/seahorse/client/plugins/operation_methods.rb +2 -0
- data/lib/seahorse/client/plugins/raise_response_errors.rb +2 -0
- data/lib/seahorse/client/plugins/request_callback.rb +110 -0
- data/lib/seahorse/client/plugins/response_target.rb +23 -14
- data/lib/seahorse/client/request.rb +2 -0
- data/lib/seahorse/client/request_context.rb +2 -0
- data/lib/seahorse/client/response.rb +5 -5
- data/lib/seahorse/model/api.rb +14 -0
- data/lib/seahorse/model/authorizer.rb +2 -0
- data/lib/seahorse/model/operation.rb +21 -0
- data/lib/seahorse/model/shapes.rb +29 -2
- data/lib/seahorse/util.rb +12 -1
- data/lib/seahorse/version.rb +2 -0
- data/lib/seahorse.rb +12 -0
- metadata +117 -16
@@ -0,0 +1,238 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'time'
|
4
|
+
require 'net/http'
|
5
|
+
|
6
|
+
module Aws
|
7
|
+
# A client that can query version 2 of the EC2 Instance Metadata
|
8
|
+
class EC2Metadata
|
9
|
+
# Path for PUT request for token
|
10
|
+
# @api private
|
11
|
+
METADATA_TOKEN_PATH = '/latest/api/token'.freeze
|
12
|
+
|
13
|
+
# Raised when the PUT request is not valid. This would be thrown if
|
14
|
+
# `token_ttl` is not an Integer.
|
15
|
+
# @api private
|
16
|
+
class TokenRetrievalError < RuntimeError; end
|
17
|
+
|
18
|
+
# Token has expired, and the request can be retried with a new token.
|
19
|
+
# @api private
|
20
|
+
class TokenExpiredError < RuntimeError; end
|
21
|
+
|
22
|
+
# The requested metadata path does not exist.
|
23
|
+
# @api private
|
24
|
+
class MetadataNotFoundError < RuntimeError; end
|
25
|
+
|
26
|
+
# The request is not allowed or IMDS is turned off.
|
27
|
+
# @api private
|
28
|
+
class RequestForbiddenError < RuntimeError; end
|
29
|
+
|
30
|
+
# Creates a client that can query version 2 of the EC2 Instance Metadata
|
31
|
+
# service (IMDS).
|
32
|
+
#
|
33
|
+
# @note Customers using containers may need to increase their hop limit
|
34
|
+
# to access IMDSv2.
|
35
|
+
# @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html#instance-metadata-transition-to-version-2
|
36
|
+
#
|
37
|
+
# @param [Hash] options
|
38
|
+
# @option options [Integer] :token_ttl (21600) The session token's TTL,
|
39
|
+
# defaulting to 6 hours.
|
40
|
+
# @option options [Integer] :retries (3) The number of retries for failed
|
41
|
+
# requests.
|
42
|
+
# @option options [String] :endpoint ('http://169.254.169.254') The IMDS
|
43
|
+
# endpoint. This option has precedence over the :endpoint_mode.
|
44
|
+
# @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
|
45
|
+
# the instance metadata service. This is either 'IPv4'
|
46
|
+
# ('http://169.254.169.254') or 'IPv6' ('http://[fd00:ec2::254]').
|
47
|
+
# @option options [Integer] :port (80) The IMDS endpoint port.
|
48
|
+
# @option options [Integer] :http_open_timeout (1) The number of seconds to
|
49
|
+
# wait for the connection to open.
|
50
|
+
# @option options [Integer] :http_read_timeout (1) The number of seconds for
|
51
|
+
# one chunk of data to be read.
|
52
|
+
# @option options [IO] :http_debug_output An output stream for debugging. Do
|
53
|
+
# not use this in production.
|
54
|
+
# @option options [Integer,Proc] :backoff A backoff used for retryable
|
55
|
+
# requests. When given an Integer, it sleeps that amount. When given a
|
56
|
+
# Proc, it is called with the current number of failed retries.
|
57
|
+
def initialize(options = {})
|
58
|
+
@token_ttl = options[:token_ttl] || 21_600
|
59
|
+
@retries = options[:retries] || 3
|
60
|
+
@backoff = backoff(options[:backoff])
|
61
|
+
|
62
|
+
endpoint_mode = options[:endpoint_mode] || 'IPv4'
|
63
|
+
@endpoint = resolve_endpoint(options[:endpoint], endpoint_mode)
|
64
|
+
@port = options[:port] || 80
|
65
|
+
|
66
|
+
@http_open_timeout = options[:http_open_timeout] || 1
|
67
|
+
@http_read_timeout = options[:http_read_timeout] || 1
|
68
|
+
@http_debug_output = options[:http_debug_output]
|
69
|
+
|
70
|
+
@token = nil
|
71
|
+
@mutex = Mutex.new
|
72
|
+
end
|
73
|
+
|
74
|
+
# Fetches a given metadata category using a String path, and returns the
|
75
|
+
# result as a String. A path starts with the API version (usually
|
76
|
+
# "/latest/"). See the instance data categories for possible paths.
|
77
|
+
#
|
78
|
+
# @example Fetching the instance ID
|
79
|
+
#
|
80
|
+
# ec2_metadata = Aws::EC2Metadata.new
|
81
|
+
# ec2_metadata.get('/latest/meta-data/instance-id')
|
82
|
+
# => "i-023a25f10a73a0f79"
|
83
|
+
#
|
84
|
+
# @note This implementation always returns a String and will not parse any
|
85
|
+
# responses. Parsable responses may include JSON objects or directory
|
86
|
+
# listings, which are strings separated by line feeds (ASCII 10).
|
87
|
+
#
|
88
|
+
# @example Fetching and parsing JSON meta-data
|
89
|
+
#
|
90
|
+
# require 'json'
|
91
|
+
# data = ec2_metadata.get('/latest/dynamic/instance-identity/document')
|
92
|
+
# JSON.parse(data)
|
93
|
+
# => {"accountId"=>"012345678912", ... }
|
94
|
+
#
|
95
|
+
# @example Fetching and parsing directory listings
|
96
|
+
#
|
97
|
+
# listing = ec2_metadata.get('/latest/meta-data')
|
98
|
+
# listing.split(10.chr)
|
99
|
+
# => ["ami-id", "ami-launch-index", ...]
|
100
|
+
#
|
101
|
+
# @note Unlike other services, IMDS does not have a service API model. This
|
102
|
+
# means that we cannot confidently generate code with methods and
|
103
|
+
# response structures. This implementation ensures that new IMDS features
|
104
|
+
# are always supported by being deployed to the instance and does not
|
105
|
+
# require code changes.
|
106
|
+
#
|
107
|
+
# @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-categories.html
|
108
|
+
# @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html
|
109
|
+
# @param [String] path The full path to the metadata.
|
110
|
+
def get(path)
|
111
|
+
retry_errors(max_retries: @retries) do
|
112
|
+
@mutex.synchronize do
|
113
|
+
fetch_token unless @token && !@token.expired?
|
114
|
+
end
|
115
|
+
|
116
|
+
open_connection do |conn|
|
117
|
+
http_get(conn, path, @token.value)
|
118
|
+
end
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
private
|
123
|
+
|
124
|
+
def resolve_endpoint(endpoint, endpoint_mode)
|
125
|
+
return endpoint if endpoint
|
126
|
+
|
127
|
+
case endpoint_mode.downcase
|
128
|
+
when 'ipv4' then 'http://169.254.169.254'
|
129
|
+
when 'ipv6' then 'http://[fd00:ec2::254]'
|
130
|
+
else
|
131
|
+
raise ArgumentError,
|
132
|
+
':endpoint_mode is not valid, expected IPv4 or IPv6, '\
|
133
|
+
"got: #{endpoint_mode}"
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
137
|
+
def fetch_token
|
138
|
+
open_connection do |conn|
|
139
|
+
created_time = Time.now
|
140
|
+
token_value, token_ttl = http_put(conn, @token_ttl)
|
141
|
+
@token = Token.new(value: token_value, ttl: token_ttl, created_time: created_time)
|
142
|
+
end
|
143
|
+
end
|
144
|
+
|
145
|
+
def http_get(connection, path, token)
|
146
|
+
headers = {
|
147
|
+
'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}",
|
148
|
+
'x-aws-ec2-metadata-token' => token
|
149
|
+
}
|
150
|
+
request = Net::HTTP::Get.new(path, headers)
|
151
|
+
response = connection.request(request)
|
152
|
+
|
153
|
+
case response.code.to_i
|
154
|
+
when 200
|
155
|
+
response.body
|
156
|
+
when 401
|
157
|
+
raise TokenExpiredError
|
158
|
+
when 404
|
159
|
+
raise MetadataNotFoundError
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
def http_put(connection, ttl)
|
164
|
+
headers = {
|
165
|
+
'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}",
|
166
|
+
'x-aws-ec2-metadata-token-ttl-seconds' => ttl.to_s
|
167
|
+
}
|
168
|
+
request = Net::HTTP::Put.new(METADATA_TOKEN_PATH, headers)
|
169
|
+
response = connection.request(request)
|
170
|
+
|
171
|
+
case response.code.to_i
|
172
|
+
when 200
|
173
|
+
[
|
174
|
+
response.body,
|
175
|
+
response.header['x-aws-ec2-metadata-token-ttl-seconds'].to_i
|
176
|
+
]
|
177
|
+
when 400
|
178
|
+
raise TokenRetrievalError
|
179
|
+
when 403
|
180
|
+
raise RequestForbiddenError
|
181
|
+
end
|
182
|
+
end
|
183
|
+
|
184
|
+
def open_connection
|
185
|
+
uri = URI.parse(@endpoint)
|
186
|
+
http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
|
187
|
+
http.open_timeout = @http_open_timeout
|
188
|
+
http.read_timeout = @http_read_timeout
|
189
|
+
http.set_debug_output(@http_debug_output) if @http_debug_output
|
190
|
+
http.start
|
191
|
+
yield(http).tap { http.finish }
|
192
|
+
end
|
193
|
+
|
194
|
+
def retry_errors(options = {}, &_block)
|
195
|
+
max_retries = options[:max_retries]
|
196
|
+
retries = 0
|
197
|
+
begin
|
198
|
+
yield
|
199
|
+
# These errors should not be retried.
|
200
|
+
rescue TokenRetrievalError, MetadataNotFoundError, RequestForbiddenError
|
201
|
+
raise
|
202
|
+
# StandardError is not ideal but it covers Net::HTTP errors.
|
203
|
+
# https://gist.github.com/tenderlove/245188
|
204
|
+
rescue StandardError, TokenExpiredError
|
205
|
+
raise unless retries < max_retries
|
206
|
+
|
207
|
+
@backoff.call(retries)
|
208
|
+
retries += 1
|
209
|
+
retry
|
210
|
+
end
|
211
|
+
end
|
212
|
+
|
213
|
+
def backoff(backoff)
|
214
|
+
case backoff
|
215
|
+
when Proc then backoff
|
216
|
+
when Numeric then ->(_) { Kernel.sleep(backoff) }
|
217
|
+
else ->(num_failures) { Kernel.sleep(1.2**num_failures) }
|
218
|
+
end
|
219
|
+
end
|
220
|
+
|
221
|
+
# @api private
|
222
|
+
class Token
|
223
|
+
def initialize(options = {})
|
224
|
+
@ttl = options[:ttl]
|
225
|
+
@value = options[:value]
|
226
|
+
@created_time = options[:created_time] || Time.now
|
227
|
+
end
|
228
|
+
|
229
|
+
# [String] Returns the token value.
|
230
|
+
attr_reader :value
|
231
|
+
|
232
|
+
# [Boolean] Returns true if the token expired.
|
233
|
+
def expired?
|
234
|
+
Time.now - @created_time > @ttl
|
235
|
+
end
|
236
|
+
end
|
237
|
+
end
|
238
|
+
end
|
@@ -1,8 +1,14 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
2
3
|
require 'time'
|
3
4
|
require 'net/http'
|
4
5
|
|
5
6
|
module Aws
|
7
|
+
# An auto-refreshing credential provider that loads credentials from
|
8
|
+
# instances running in ECS.
|
9
|
+
#
|
10
|
+
# ecs_credentials = Aws::ECSCredentials.new(retries: 3)
|
11
|
+
# ec2 = Aws::EC2::Client.new(credentials: ecs_credentials)
|
6
12
|
class ECSCredentials
|
7
13
|
|
8
14
|
include CredentialProvider
|
@@ -42,6 +48,10 @@ module Aws
|
|
42
48
|
# @option options [IO] :http_debug_output (nil) HTTP wire
|
43
49
|
# traces are sent to this object. You can specify something
|
44
50
|
# like $stdout.
|
51
|
+
# @option options [Callable] before_refresh Proc called before
|
52
|
+
# credentials are refreshed. `before_refresh` is called
|
53
|
+
# with an instance of this object when
|
54
|
+
# AWS credentials are required and need to be refreshed.
|
45
55
|
def initialize options = {}
|
46
56
|
@retries = options[:retries] || 5
|
47
57
|
@ip_address = options[:ip_address] || '169.254.170.2'
|
@@ -57,6 +67,7 @@ module Aws
|
|
57
67
|
@http_read_timeout = options[:http_read_timeout] || 5
|
58
68
|
@http_debug_output = options[:http_debug_output]
|
59
69
|
@backoff = backoff(options[:backoff])
|
70
|
+
@async_refresh = false
|
60
71
|
super
|
61
72
|
end
|
62
73
|
|
@@ -78,14 +89,18 @@ module Aws
|
|
78
89
|
# Retry loading credentials up to 3 times is the instance metadata
|
79
90
|
# service is responding but is returning invalid JSON documents
|
80
91
|
# in response to the GET profile credentials call.
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
92
|
+
begin
|
93
|
+
retry_errors([Aws::Json::ParseError, StandardError], max_retries: 3) do
|
94
|
+
c = Aws::Json.load(get_credentials.to_s)
|
95
|
+
@credentials = Credentials.new(
|
96
|
+
c['AccessKeyId'],
|
97
|
+
c['SecretAccessKey'],
|
98
|
+
c['Token']
|
99
|
+
)
|
100
|
+
@expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
|
101
|
+
end
|
102
|
+
rescue Aws::Json::ParseError
|
103
|
+
raise Aws::Errors::MetadataParserError.new
|
89
104
|
end
|
90
105
|
end
|
91
106
|
|
@@ -0,0 +1,193 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
# @api private
|
5
|
+
# a LRU cache caching endpoints data
|
6
|
+
class EndpointCache
|
7
|
+
|
8
|
+
# default cache entries limit
|
9
|
+
MAX_ENTRIES = 1000
|
10
|
+
|
11
|
+
# default max threads pool size
|
12
|
+
MAX_THREADS = 10
|
13
|
+
|
14
|
+
def initialize(options = {})
|
15
|
+
@max_entries = options[:max_entries] || MAX_ENTRIES
|
16
|
+
@entries = {} # store endpoints
|
17
|
+
@max_threads = options[:max_threads] || MAX_THREADS
|
18
|
+
@pool = {} # store polling threads
|
19
|
+
@mutex = Mutex.new
|
20
|
+
@require_identifier = nil # whether endpoint operation support identifier
|
21
|
+
end
|
22
|
+
|
23
|
+
# @return [Integer] Max size limit of cache
|
24
|
+
attr_reader :max_entries
|
25
|
+
|
26
|
+
# @return [Integer] Max count of polling threads
|
27
|
+
attr_reader :max_threads
|
28
|
+
|
29
|
+
# return [Hash] Polling threads pool
|
30
|
+
attr_reader :pool
|
31
|
+
|
32
|
+
# @param [String] key
|
33
|
+
# @return [Endpoint]
|
34
|
+
def [](key)
|
35
|
+
@mutex.synchronize do
|
36
|
+
# fetching an existing endpoint delete it and then append it
|
37
|
+
endpoint = @entries[key]
|
38
|
+
if endpoint
|
39
|
+
@entries.delete(key)
|
40
|
+
@entries[key] = endpoint
|
41
|
+
end
|
42
|
+
endpoint
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
# @param [String] key
|
47
|
+
# @param [Hash] value
|
48
|
+
def []=(key, value)
|
49
|
+
@mutex.synchronize do
|
50
|
+
# delete the least recent used endpoint when cache is full
|
51
|
+
unless @entries.size < @max_entries
|
52
|
+
old_key, = @entries.shift
|
53
|
+
delete_polling_thread(old_key)
|
54
|
+
end
|
55
|
+
# delete old value if exists
|
56
|
+
@entries.delete(key)
|
57
|
+
@entries[key] = Endpoint.new(value.to_hash)
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
# checking whether an unexpired endpoint key exists in cache
|
62
|
+
# @param [String] key
|
63
|
+
# @return [Boolean]
|
64
|
+
def key?(key)
|
65
|
+
@mutex.synchronize do
|
66
|
+
if @entries.key?(key) && (@entries[key].nil? || @entries[key].expired?)
|
67
|
+
@entries.delete(key)
|
68
|
+
end
|
69
|
+
@entries.key?(key)
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
# checking whether an polling thread exist for the key
|
74
|
+
# @param [String] key
|
75
|
+
# @return [Boolean]
|
76
|
+
def threads_key?(key)
|
77
|
+
@pool.key?(key)
|
78
|
+
end
|
79
|
+
|
80
|
+
# remove entry only
|
81
|
+
# @param [String] key
|
82
|
+
def delete(key)
|
83
|
+
@mutex.synchronize do
|
84
|
+
@entries.delete(key)
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
# kill the old polling thread and remove it from pool
|
89
|
+
# @param [String] key
|
90
|
+
def delete_polling_thread(key)
|
91
|
+
Thread.kill(@pool[key]) if threads_key?(key)
|
92
|
+
@pool.delete(key)
|
93
|
+
end
|
94
|
+
|
95
|
+
# update cache with requests (using service endpoint operation)
|
96
|
+
# to fetch endpoint list (with identifiers when available)
|
97
|
+
# @param [String] key
|
98
|
+
# @param [RequestContext] ctx
|
99
|
+
def update(key, ctx)
|
100
|
+
resp = _request_endpoint(ctx)
|
101
|
+
if resp && resp.endpoints
|
102
|
+
resp.endpoints.each { |e| self[key] = e }
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
# extract the key to be used in the cache from request context
|
107
|
+
# @param [RequestContext] ctx
|
108
|
+
# @return [String]
|
109
|
+
def extract_key(ctx)
|
110
|
+
parts = []
|
111
|
+
# fetching from cred provider directly gives warnings
|
112
|
+
parts << ctx.config.credentials.credentials.access_key_id
|
113
|
+
if _endpoint_operation_identifier(ctx)
|
114
|
+
parts << ctx.operation_name
|
115
|
+
ctx.operation.input.shape.members.inject(parts) do |p, (name, ref)|
|
116
|
+
p << ctx.params[name] if ref['endpointdiscoveryid']
|
117
|
+
p
|
118
|
+
end
|
119
|
+
end
|
120
|
+
parts.join('_')
|
121
|
+
end
|
122
|
+
|
123
|
+
# update polling threads pool
|
124
|
+
# param [String] key
|
125
|
+
# param [Thread] thread
|
126
|
+
def update_polling_pool(key, thread)
|
127
|
+
unless @pool.size < @max_threads
|
128
|
+
_, thread = @pool.shift
|
129
|
+
Thread.kill(thread)
|
130
|
+
end
|
131
|
+
@pool[key] = thread
|
132
|
+
end
|
133
|
+
|
134
|
+
# kill all polling threads
|
135
|
+
def stop_polling!
|
136
|
+
@pool.each { |_, t| Thread.kill(t) }
|
137
|
+
@pool = {}
|
138
|
+
end
|
139
|
+
|
140
|
+
private
|
141
|
+
|
142
|
+
def _request_endpoint(ctx)
|
143
|
+
params = {}
|
144
|
+
if _endpoint_operation_identifier(ctx)
|
145
|
+
# build identifier params when available
|
146
|
+
params[:operation] = ctx.operation.name
|
147
|
+
ctx.operation.input.shape.members.inject(params) do |p, (name, ref)|
|
148
|
+
if ref['endpointdiscoveryid']
|
149
|
+
p[:identifiers] ||= {}
|
150
|
+
p[:identifiers][ref.location_name] = ctx.params[name]
|
151
|
+
end
|
152
|
+
p
|
153
|
+
end
|
154
|
+
end
|
155
|
+
|
156
|
+
begin
|
157
|
+
endpoint_operation_name = ctx.config.api.endpoint_operation
|
158
|
+
ctx.client.send(endpoint_operation_name, params)
|
159
|
+
rescue Aws::Errors::ServiceError
|
160
|
+
nil
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
164
|
+
def _endpoint_operation_identifier(ctx)
|
165
|
+
return @require_identifier unless @require_identifier.nil?
|
166
|
+
|
167
|
+
operation_name = ctx.config.api.endpoint_operation
|
168
|
+
operation = ctx.config.api.operation(operation_name)
|
169
|
+
@require_identifier = operation.input.shape.members.any?
|
170
|
+
end
|
171
|
+
|
172
|
+
class Endpoint
|
173
|
+
|
174
|
+
# default endpoint cache time, 1 minute
|
175
|
+
CACHE_PERIOD = 1
|
176
|
+
|
177
|
+
def initialize(options)
|
178
|
+
@address = options.fetch(:address)
|
179
|
+
@cache_period = options[:cache_period_in_minutes] || CACHE_PERIOD
|
180
|
+
@created_time = Time.now
|
181
|
+
end
|
182
|
+
|
183
|
+
# [String] valid URI address (with path)
|
184
|
+
attr_reader :address
|
185
|
+
|
186
|
+
def expired?
|
187
|
+
Time.now - @created_time > @cache_period * 60
|
188
|
+
end
|
189
|
+
|
190
|
+
end
|
191
|
+
|
192
|
+
end
|
193
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module Endpoints
|
5
|
+
# @api private
|
6
|
+
class Condition
|
7
|
+
def initialize(fn:, argv:, assign: nil)
|
8
|
+
@fn = Function.new(fn: fn, argv: argv)
|
9
|
+
@assign = assign
|
10
|
+
@assigned = {}
|
11
|
+
end
|
12
|
+
|
13
|
+
attr_reader :fn
|
14
|
+
attr_reader :argv
|
15
|
+
attr_reader :assign
|
16
|
+
|
17
|
+
attr_reader :assigned
|
18
|
+
|
19
|
+
def match?(parameters, assigns)
|
20
|
+
output = @fn.call(parameters, assigns)
|
21
|
+
@assigned = @assigned.merge({ @assign => output }) if @assign
|
22
|
+
output
|
23
|
+
end
|
24
|
+
|
25
|
+
def self.from_json(conditions_json)
|
26
|
+
conditions_json.each.with_object([]) do |condition, conditions|
|
27
|
+
conditions << new(
|
28
|
+
fn: condition['fn'],
|
29
|
+
argv: condition['argv'],
|
30
|
+
assign: condition['assign']
|
31
|
+
)
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module Endpoints
|
5
|
+
class Endpoint
|
6
|
+
def initialize(url:, properties: {}, headers: {})
|
7
|
+
@url = url
|
8
|
+
@properties = properties
|
9
|
+
@headers = headers
|
10
|
+
end
|
11
|
+
|
12
|
+
attr_reader :url
|
13
|
+
attr_reader :properties
|
14
|
+
attr_reader :headers
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,71 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module Endpoints
|
5
|
+
# @api private
|
6
|
+
class EndpointRule < Rule
|
7
|
+
def initialize(type: 'endpoint', conditions:, endpoint:,
|
8
|
+
documentation: nil)
|
9
|
+
@type = type
|
10
|
+
@conditions = Condition.from_json(conditions)
|
11
|
+
@endpoint = endpoint
|
12
|
+
@documentation = documentation
|
13
|
+
end
|
14
|
+
|
15
|
+
attr_reader :type
|
16
|
+
attr_reader :conditions
|
17
|
+
attr_reader :endpoint
|
18
|
+
attr_reader :documentation
|
19
|
+
|
20
|
+
def match(parameters, assigned = {})
|
21
|
+
assigns = assigned.dup
|
22
|
+
matched = conditions.all? do |condition|
|
23
|
+
output = condition.match?(parameters, assigns)
|
24
|
+
assigns = assigns.merge(condition.assigned) if condition.assign
|
25
|
+
output
|
26
|
+
end
|
27
|
+
resolved_endpoint(parameters, assigns) if matched
|
28
|
+
end
|
29
|
+
|
30
|
+
def resolved_endpoint(parameters, assigns)
|
31
|
+
Endpoint.new(
|
32
|
+
url: resolve_value(@endpoint['url'], parameters, assigns),
|
33
|
+
properties: resolve_properties(
|
34
|
+
@endpoint['properties'] || {},
|
35
|
+
parameters,
|
36
|
+
assigns
|
37
|
+
),
|
38
|
+
headers: resolve_headers(parameters, assigns)
|
39
|
+
)
|
40
|
+
end
|
41
|
+
|
42
|
+
private
|
43
|
+
|
44
|
+
def resolve_headers(parameters, assigns)
|
45
|
+
(@endpoint['headers'] || {}).each.with_object({}) do |(key, arr), headers|
|
46
|
+
headers[key] = []
|
47
|
+
arr.each do |value|
|
48
|
+
headers[key] << resolve_value(value, parameters, assigns)
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
def resolve_properties(obj, parameters, assigns)
|
54
|
+
case obj
|
55
|
+
when Hash
|
56
|
+
obj.each.with_object({}) do |(key, value), hash|
|
57
|
+
hash[key] = resolve_properties(value, parameters, assigns)
|
58
|
+
end
|
59
|
+
when Array
|
60
|
+
obj.collect { |value| resolve_properties(value, parameters, assigns) }
|
61
|
+
else
|
62
|
+
if obj.is_a?(String)
|
63
|
+
Templater.resolve(obj, parameters, assigns)
|
64
|
+
else
|
65
|
+
obj
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module Endpoints
|
5
|
+
# @api private
|
6
|
+
class ErrorRule < Rule
|
7
|
+
def initialize(type: 'error', conditions:, error: nil, documentation: nil)
|
8
|
+
@type = type
|
9
|
+
@conditions = Condition.from_json(conditions)
|
10
|
+
@error = error
|
11
|
+
@documentation = documentation
|
12
|
+
end
|
13
|
+
|
14
|
+
attr_reader :type
|
15
|
+
attr_reader :conditions
|
16
|
+
attr_reader :error
|
17
|
+
attr_reader :documentation
|
18
|
+
|
19
|
+
def match(parameters, assigned = {})
|
20
|
+
assigns = assigned.dup
|
21
|
+
matched = conditions.all? do |condition|
|
22
|
+
output = condition.match?(parameters, assigns)
|
23
|
+
assigns = assigns.merge(condition.assigned) if condition.assign
|
24
|
+
output
|
25
|
+
end
|
26
|
+
resolved_error(parameters, assigns) if matched
|
27
|
+
end
|
28
|
+
|
29
|
+
private
|
30
|
+
|
31
|
+
def resolved_error(parameters, assigns)
|
32
|
+
error = resolve_value(@error, parameters, assigns)
|
33
|
+
ArgumentError.new(error)
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|