RubyGems - aws-sdk-core - Versions diffs - 3.46.2 → 3.126.2 - Mend

aws-sdk-core 3.46.2 → 3.126.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (206) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +1258 -0
data/LICENSE.txt +202 -0
data/VERSION +1 -1
data/lib/aws-defaults/default_configuration.rb +153 -0
data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
data/lib/aws-defaults.rb +3 -0
data/lib/aws-sdk-core/arn.rb +92 -0
data/lib/aws-sdk-core/arn_parser.rb +40 -0
data/lib/aws-sdk-core/assume_role_credentials.rb +20 -0
data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +109 -0
data/lib/aws-sdk-core/async_client_stubs.rb +82 -0
data/lib/aws-sdk-core/binary/decode_handler.rb +11 -1
data/lib/aws-sdk-core/binary/encode_handler.rb +34 -0
data/lib/aws-sdk-core/binary/event_builder.rb +124 -0
data/lib/aws-sdk-core/binary/event_parser.rb +50 -18
data/lib/aws-sdk-core/binary/event_stream_decoder.rb +7 -2
data/lib/aws-sdk-core/binary/event_stream_encoder.rb +55 -0
data/lib/aws-sdk-core/binary.rb +5 -0
data/lib/aws-sdk-core/client_side_monitoring/publisher.rb +11 -1
data/lib/aws-sdk-core/client_side_monitoring/request_metrics.rb +2 -0
data/lib/aws-sdk-core/client_stubs.rb +16 -13
data/lib/aws-sdk-core/credential_provider.rb +1 -30
data/lib/aws-sdk-core/credential_provider_chain.rb +102 -40
data/lib/aws-sdk-core/credentials.rb +2 -0
data/lib/aws-sdk-core/deprecations.rb +17 -11
data/lib/aws-sdk-core/eager_loader.rb +2 -0
data/lib/aws-sdk-core/ec2_metadata.rb +238 -0
data/lib/aws-sdk-core/ecs_credentials.rb +18 -9
data/lib/aws-sdk-core/endpoint_cache.rb +16 -11
data/lib/aws-sdk-core/errors.rb +138 -15
data/lib/aws-sdk-core/event_emitter.rb +44 -0
data/lib/aws-sdk-core/ini_parser.rb +2 -0
data/lib/aws-sdk-core/instance_profile_credentials.rb +179 -42
data/lib/aws-sdk-core/json/builder.rb +2 -0
data/lib/aws-sdk-core/json/error_handler.rb +21 -2
data/lib/aws-sdk-core/json/handler.rb +21 -1
data/lib/aws-sdk-core/json/json_engine.rb +12 -8
data/lib/aws-sdk-core/json/oj_engine.rb +35 -6
data/lib/aws-sdk-core/json/parser.rb +10 -0
data/lib/aws-sdk-core/json.rb +11 -28
data/lib/aws-sdk-core/log/formatter.rb +16 -4
data/lib/aws-sdk-core/log/handler.rb +2 -0
data/lib/aws-sdk-core/log/param_filter.rb +38 -13
data/lib/aws-sdk-core/log/param_formatter.rb +2 -0
data/lib/aws-sdk-core/pageable_response.rb +48 -24
data/lib/aws-sdk-core/pager.rb +5 -0
data/lib/aws-sdk-core/param_converter.rb +2 -0
data/lib/aws-sdk-core/param_validator.rb +63 -7
data/lib/aws-sdk-core/plugins/api_key.rb +5 -1
data/lib/aws-sdk-core/plugins/apig_authorizer_token.rb +2 -0
data/lib/aws-sdk-core/plugins/apig_credentials_configuration.rb +2 -0
data/lib/aws-sdk-core/plugins/apig_user_agent.rb +2 -0
data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +28 -1
data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +2 -0
data/lib/aws-sdk-core/plugins/credentials_configuration.rb +26 -7
data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +12 -4
data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +8 -6
data/lib/aws-sdk-core/plugins/event_stream_configuration.rb +16 -0
data/lib/aws-sdk-core/plugins/global_configuration.rb +2 -0
data/lib/aws-sdk-core/plugins/helpful_socket_errors.rb +2 -0
data/lib/aws-sdk-core/plugins/http_checksum.rb +57 -0
data/lib/aws-sdk-core/plugins/idempotency_token.rb +2 -0
data/lib/aws-sdk-core/plugins/invocation_id.rb +35 -0
data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +2 -0
data/lib/aws-sdk-core/plugins/logging.rb +2 -0
data/lib/aws-sdk-core/plugins/param_converter.rb +2 -0
data/lib/aws-sdk-core/plugins/param_validator.rb +2 -0
data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +19 -0
data/lib/aws-sdk-core/plugins/protocols/ec2.rb +2 -0
data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +2 -0
data/lib/aws-sdk-core/plugins/protocols/query.rb +2 -0
data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +18 -1
data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +2 -0
data/lib/aws-sdk-core/plugins/recursion_detection.rb +27 -0
data/lib/aws-sdk-core/plugins/regional_endpoint.rb +74 -16
data/lib/aws-sdk-core/plugins/response_paging.rb +2 -0
data/lib/aws-sdk-core/plugins/retries/client_rate_limiter.rb +139 -0
data/lib/aws-sdk-core/plugins/retries/clock_skew.rb +100 -0
data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +146 -0
data/lib/aws-sdk-core/plugins/retries/retry_quota.rb +59 -0
data/lib/aws-sdk-core/plugins/retry_errors.rb +295 -107
data/lib/aws-sdk-core/plugins/signature_v2.rb +2 -0
data/lib/aws-sdk-core/plugins/signature_v4.rb +28 -25
data/lib/aws-sdk-core/plugins/stub_responses.rb +24 -7
data/lib/aws-sdk-core/plugins/transfer_encoding.rb +53 -0
data/lib/aws-sdk-core/plugins/user_agent.rb +6 -8
data/lib/aws-sdk-core/process_credentials.rb +12 -5
data/lib/aws-sdk-core/query/ec2_param_builder.rb +2 -0
data/lib/aws-sdk-core/query/handler.rb +2 -0
data/lib/aws-sdk-core/query/param.rb +2 -0
data/lib/aws-sdk-core/query/param_builder.rb +2 -0
data/lib/aws-sdk-core/query/param_list.rb +2 -0
data/lib/aws-sdk-core/query.rb +2 -0
data/lib/aws-sdk-core/refreshing_credentials.rb +15 -2
data/lib/aws-sdk-core/resources/collection.rb +2 -0
data/lib/aws-sdk-core/rest/handler.rb +2 -0
data/lib/aws-sdk-core/rest/request/body.rb +21 -1
data/lib/aws-sdk-core/rest/request/builder.rb +2 -0
data/lib/aws-sdk-core/rest/request/endpoint.rb +10 -3
data/lib/aws-sdk-core/rest/request/headers.rb +20 -6
data/lib/aws-sdk-core/rest/request/querystring_builder.rb +4 -2
data/lib/aws-sdk-core/rest/response/body.rb +2 -0
data/lib/aws-sdk-core/rest/response/headers.rb +6 -3
data/lib/aws-sdk-core/rest/response/parser.rb +2 -0
data/lib/aws-sdk-core/rest/response/status_code.rb +2 -0
data/lib/aws-sdk-core/rest.rb +2 -0
data/lib/aws-sdk-core/shared_config.rb +153 -127
data/lib/aws-sdk-core/shared_credentials.rb +9 -1
data/lib/aws-sdk-core/sso_credentials.rb +136 -0
data/lib/aws-sdk-core/structure.rb +14 -4
data/lib/aws-sdk-core/stubbing/data_applicator.rb +2 -0
data/lib/aws-sdk-core/stubbing/empty_stub.rb +2 -0
data/lib/aws-sdk-core/stubbing/protocols/api_gateway.rb +2 -0
data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +2 -0
data/lib/aws-sdk-core/stubbing/protocols/json.rb +3 -1
data/lib/aws-sdk-core/stubbing/protocols/query.rb +4 -2
data/lib/aws-sdk-core/stubbing/protocols/rest.rb +52 -7
data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +3 -1
data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +2 -2
data/lib/aws-sdk-core/stubbing/stub_data.rb +15 -4
data/lib/aws-sdk-core/stubbing/xml_error.rb +2 -0
data/lib/aws-sdk-core/type_builder.rb +2 -0
data/lib/aws-sdk-core/util.rb +6 -0
data/lib/aws-sdk-core/waiters/errors.rb +2 -0
data/lib/aws-sdk-core/waiters/poller.rb +2 -0
data/lib/aws-sdk-core/waiters/waiter.rb +4 -2
data/lib/aws-sdk-core/waiters.rb +2 -0
data/lib/aws-sdk-core/xml/builder.rb +5 -3
data/lib/aws-sdk-core/xml/default_list.rb +2 -0
data/lib/aws-sdk-core/xml/default_map.rb +2 -0
data/lib/aws-sdk-core/xml/doc_builder.rb +15 -4
data/lib/aws-sdk-core/xml/error_handler.rb +29 -4
data/lib/aws-sdk-core/xml/parser/engines/libxml.rb +2 -0
data/lib/aws-sdk-core/xml/parser/engines/nokogiri.rb +2 -0
data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
data/lib/aws-sdk-core/xml/parser/engines/ox.rb +3 -1
data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +4 -1
data/lib/aws-sdk-core/xml/parser/frame.rb +25 -0
data/lib/aws-sdk-core/xml/parser/parsing_error.rb +2 -0
data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
data/lib/aws-sdk-core/xml/parser.rb +7 -0
data/lib/aws-sdk-core/xml.rb +2 -0
data/lib/aws-sdk-core.rb +23 -4
data/lib/aws-sdk-sso/client.rb +568 -0
data/lib/aws-sdk-sso/client_api.rb +190 -0
data/lib/aws-sdk-sso/customizations.rb +1 -0
data/lib/aws-sdk-sso/errors.rb +102 -0
data/lib/aws-sdk-sso/resource.rb +26 -0
data/lib/aws-sdk-sso/types.rb +352 -0
data/lib/aws-sdk-sso.rb +55 -0
data/lib/aws-sdk-sts/client.rb +1282 -531
data/lib/aws-sdk-sts/client_api.rb +76 -1
data/lib/aws-sdk-sts/customizations.rb +4 -0
data/lib/aws-sdk-sts/errors.rb +153 -1
data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +38 -0
data/lib/aws-sdk-sts/presigner.rb +75 -0
data/lib/aws-sdk-sts/resource.rb +4 -1
data/lib/aws-sdk-sts/types.rb +958 -229
data/lib/aws-sdk-sts.rb +16 -6
data/lib/seahorse/client/async_base.rb +52 -0
data/lib/seahorse/client/async_response.rb +64 -0
data/lib/seahorse/client/base.rb +7 -2
data/lib/seahorse/client/block_io.rb +6 -2
data/lib/seahorse/client/configuration.rb +7 -1
data/lib/seahorse/client/events.rb +3 -1
data/lib/seahorse/client/h2/connection.rb +250 -0
data/lib/seahorse/client/h2/handler.rb +152 -0
data/lib/seahorse/client/handler.rb +2 -0
data/lib/seahorse/client/handler_builder.rb +2 -0
data/lib/seahorse/client/handler_list.rb +2 -0
data/lib/seahorse/client/handler_list_entry.rb +6 -4
data/lib/seahorse/client/http/async_response.rb +44 -0
data/lib/seahorse/client/http/headers.rb +2 -0
data/lib/seahorse/client/http/request.rb +5 -3
data/lib/seahorse/client/http/response.rb +18 -11
data/lib/seahorse/client/logging/formatter.rb +6 -2
data/lib/seahorse/client/logging/handler.rb +2 -0
data/lib/seahorse/client/managed_file.rb +2 -0
data/lib/seahorse/client/net_http/connection_pool.rb +30 -23
data/lib/seahorse/client/net_http/handler.rb +24 -7
data/lib/seahorse/client/net_http/patches.rb +15 -84
data/lib/seahorse/client/networking_error.rb +30 -0
data/lib/seahorse/client/plugin.rb +10 -7
data/lib/seahorse/client/plugin_list.rb +2 -0
data/lib/seahorse/client/plugins/content_length.rb +14 -3
data/lib/seahorse/client/plugins/endpoint.rb +4 -2
data/lib/seahorse/client/plugins/h2.rb +69 -0
data/lib/seahorse/client/plugins/logging.rb +2 -0
data/lib/seahorse/client/plugins/net_http.rb +39 -3
data/lib/seahorse/client/plugins/operation_methods.rb +2 -0
data/lib/seahorse/client/plugins/raise_response_errors.rb +2 -0
data/lib/seahorse/client/plugins/request_callback.rb +110 -0
data/lib/seahorse/client/plugins/response_target.rb +23 -14
data/lib/seahorse/client/request.rb +2 -0
data/lib/seahorse/client/request_context.rb +2 -0
data/lib/seahorse/client/response.rb +5 -5
data/lib/seahorse/model/api.rb +10 -0
data/lib/seahorse/model/authorizer.rb +2 -0
data/lib/seahorse/model/operation.rb +9 -0
data/lib/seahorse/model/shapes.rb +29 -2
data/lib/seahorse/util.rb +8 -1
data/lib/seahorse/version.rb +2 -0
data/lib/seahorse.rb +12 -0
metadata +64 -14

data/lib/aws-sdk-core/instance_profile_credentials.rb CHANGED Viewed

@@ -1,16 +1,22 @@
-require 'json'
+# frozen_string_literal: true
 require 'time'
 require 'net/http'
 module Aws
   class InstanceProfileCredentials
     include CredentialProvider
     include RefreshingCredentials
     # @api private
     class Non200Response < RuntimeError; end
+    # @api private
+    class TokenRetrivalError < RuntimeError; end
+    # @api private
+    class TokenExpiredError < RuntimeError; end
     # These are the errors we trap when attempting to talk to the
     # instance metadata service.  Any of these imply the service
     # is not present, no responding or some other non-recoverable
@@ -23,16 +29,30 @@ module Aws
       Errno::ENETUNREACH,
       SocketError,
       Timeout::Error,
-      Non200Response,
-    ]
+      Non200Response
+    ].freeze
+    # Path base for GET request for profile and credentials
+    # @api private
+    METADATA_PATH_BASE = '/latest/meta-data/iam/security-credentials/'.freeze
+    # Path for PUT request for token
+    # @api private
+    METADATA_TOKEN_PATH = '/latest/api/token'.freeze
     # @param [Hash] options
-    # @option options [Integer] :retries (5) Number of times to retry
+    # @option options [Integer] :retries (1) Number of times to retry
     #   when retrieving credentials.
-    # @option options [String] :ip_address ('169.254.169.254')
+    # @option options [String] :endpoint ('http://169.254.169.254') The IMDS
+    #   endpoint. This option has precedence over the :endpoint_mode.
+    # @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
+    #   the instance metadata service. This is either 'IPv4' ('169.254.169.254')
+    #   or 'IPv6' ('[fd00:ec2::254]').
+    # @option options [String] :ip_address ('169.254.169.254') Deprecated. Use
+    #   :endpoint instead. The IP address for the endpoint.
     # @option options [Integer] :port (80)
-    # @option options [Float] :http_open_timeout (5)
-    # @option options [Float] :http_read_timeout (5)
+    # @option options [Float] :http_open_timeout (1)
+    # @option options [Float] :http_read_timeout (1)
     # @option options [Numeric, Proc] :delay By default, failures are retried
     #   with exponential back-off, i.e. `sleep(1.2 ** num_failures)`. You can
     #   pass a number of seconds to sleep between failed attempts, or
@@ -40,28 +60,67 @@ module Aws
     # @option options [IO] :http_debug_output (nil) HTTP wire
     #   traces are sent to this object.  You can specify something
     #   like $stdout.
-    def initialize options = {}
-      @retries = options[:retries] || 5
-      @ip_address = options[:ip_address] || '169.254.169.254'
+    # @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
+    #   Metadata Token used for fetching Metadata Profile Credentials, defaults
+    #   to 21600 seconds
+    # @option options [Callable] before_refresh Proc called before
+    #   credentials are refreshed. `before_refresh` is called
+    #   with an instance of this object when
+    #   AWS credentials are required and need to be refreshed.
+    def initialize(options = {})
+      @retries = options[:retries] || 1
+      endpoint_mode = resolve_endpoint_mode(options)
+      @endpoint = resolve_endpoint(options, endpoint_mode)
       @port = options[:port] || 80
-      @http_open_timeout = options[:http_open_timeout] || 5
-      @http_read_timeout = options[:http_read_timeout] || 5
+      @http_open_timeout = options[:http_open_timeout] || 1
+      @http_read_timeout = options[:http_read_timeout] || 1
       @http_debug_output = options[:http_debug_output]
       @backoff = backoff(options[:backoff])
+      @token_ttl = options[:token_ttl] || 21_600
+      @token = nil
       super
     end
-    # @return [Integer] The number of times to retry failed attempts to
-    #   fetch credentials from the instance metadata service. Defaults to 0.
+    # @return [Integer] Number of times to retry when retrieving credentials
+    #   from the instance metadata service. Defaults to 0 when resolving from
+    #   the default credential chain ({Aws::CredentialProviderChain}).
     attr_reader :retries
     private
+    def resolve_endpoint_mode(options)
+      value = options[:endpoint_mode]
+      value ||= ENV['AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE']
+      value ||= Aws.shared_config.ec2_metadata_service_endpoint_mode(
+        profile: options[:profile]
+      )
+      value || 'IPv4'
+    end
+    def resolve_endpoint(options, endpoint_mode)
+      value = options[:endpoint] || options[:ip_address]
+      value ||= ENV['AWS_EC2_METADATA_SERVICE_ENDPOINT']
+      value ||= Aws.shared_config.ec2_metadata_service_endpoint(
+        profile: options[:profile]
+      )
+      return value if value
+      case endpoint_mode.downcase
+      when 'ipv4' then 'http://169.254.169.254'
+      when 'ipv6' then 'http://[fd00:ec2::254]'
+      else
+        raise ArgumentError,
+              ':endpoint_mode is not valid, expected IPv4 or IPv6, '\
+              "got: #{endpoint_mode}"
+      end
+    end
     def backoff(backoff)
       case backoff
       when Proc then backoff
-      when Numeric then lambda { |_| sleep(backoff) }
-      else lambda { |num_failures| Kernel.sleep(1.2 ** num_failures) }
+      when Numeric then ->(_) { sleep(backoff) }
+      else ->(num_failures) { Kernel.sleep(1.2**num_failures) }
       end
     end
@@ -69,14 +128,18 @@ module Aws
       # Retry loading credentials up to 3 times is the instance metadata
       # service is responding but is returning invalid JSON documents
       # in response to the GET profile credentials call.
-      retry_errors([JSON::ParserError, StandardError], max_retries: 3) do
-        c = JSON.parse(get_credentials.to_s)
-        @credentials = Credentials.new(
-          c['AccessKeyId'],
-          c['SecretAccessKey'],
-          c['Token']
-        )
-        @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
+      begin
+        retry_errors([Aws::Json::ParseError, StandardError], max_retries: 3) do
+          c = Aws::Json.load(get_credentials.to_s)
+          @credentials = Credentials.new(
+            c['AccessKeyId'],
+            c['SecretAccessKey'],
+            c['Token']
+          )
+          @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
+        end
+      rescue Aws::Json::ParseError
+        raise Aws::Errors::MetadataParserError
       end
     end
@@ -89,9 +152,36 @@ module Aws
         begin
           retry_errors(NETWORK_ERRORS, max_retries: @retries) do
             open_connection do |conn|
-              path = '/latest/meta-data/iam/security-credentials/'
-              profile_name = http_get(conn, path).lines.first.strip
-              http_get(conn, path + profile_name)
+              # attempt to fetch token to start secure flow first
+              # and rescue to failover
+              begin
+                retry_errors(NETWORK_ERRORS, max_retries: @retries) do
+                  unless token_set?
+                    created_time = Time.now
+                    token_value, ttl = http_put(
+                      conn, METADATA_TOKEN_PATH, @token_ttl
+                    )
+                    @token = Token.new(token_value, ttl, created_time) if token_value && ttl
+                  end
+                end
+              rescue *NETWORK_ERRORS
+                # token attempt failed, reset token
+                # fallback to non-token mode
+                @token = nil
+              end
+              token = @token.value if token_set?
+              begin
+                metadata = http_get(conn, METADATA_PATH_BASE, token)
+                profile_name = metadata.lines.first.strip
+                http_get(conn, METADATA_PATH_BASE + profile_name, token)
+              rescue TokenExpiredError
+                # Token has expired, reset it
+                # The next retry should fetch it
+                @token = nil
+                raise Non200Response
+              end
             end
           end
         rescue
@@ -100,13 +190,17 @@ module Aws
       end
     end
+    def token_set?
+      @token && !@token.expired?
+    end
     def _metadata_disabled?
-      flag = ENV["AWS_EC2_METADATA_DISABLED"]
-      !flag.nil? && flag.downcase == "true"
+      ENV.fetch('AWS_EC2_METADATA_DISABLED', 'false').downcase == 'true'
     end
     def open_connection
-      http = Net::HTTP.new(@ip_address, @port, nil)
+      uri = URI.parse(@endpoint)
+      http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
       http.open_timeout = @http_open_timeout
       http.read_timeout = @http_read_timeout
       http.set_debug_output(@http_debug_output) if @http_debug_output
@@ -114,30 +208,73 @@ module Aws
       yield(http).tap { http.finish }
     end
-    def http_get(connection, path)
-      response = connection.request(Net::HTTP::Get.new(path, {"User-Agent" => "aws-sdk-ruby3/#{CORE_GEM_VERSION}"}))
-      if response.code.to_i == 200
+    # GET request fetch profile and credentials
+    def http_get(connection, path, token = nil)
+      headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}" }
+      headers['x-aws-ec2-metadata-token'] = token if token
+      response = connection.request(Net::HTTP::Get.new(path, headers))
+      case response.code.to_i
+      when 200
         response.body
+      when 401
+        raise TokenExpiredError
       else
         raise Non200Response
       end
     end
-    def retry_errors(error_classes, options = {}, &block)
+    # PUT request fetch token with ttl
+    def http_put(connection, path, ttl)
+      headers = {
+        'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}",
+        'x-aws-ec2-metadata-token-ttl-seconds' => ttl.to_s
+      }
+      response = connection.request(Net::HTTP::Put.new(path, headers))
+      case response.code.to_i
+      when 200
+        [
+          response.body,
+          response.header['x-aws-ec2-metadata-token-ttl-seconds'].to_i
+        ]
+      when 400
+        raise TokenRetrivalError
+      when 401
+        raise TokenExpiredError
+      else
+        raise Non200Response
+      end
+    end
+    def retry_errors(error_classes, options = {}, &_block)
       max_retries = options[:max_retries]
       retries = 0
       begin
         yield
       rescue *error_classes
-        if retries < max_retries
-          @backoff.call(retries)
-          retries += 1
-          retry
-        else
-          raise
-        end
+        raise unless retries < max_retries
+        @backoff.call(retries)
+        retries += 1
+        retry
       end
     end
+    # @api private
+    # Token used to fetch IMDS profile and credentials
+    class Token
+      def initialize(value, ttl, created_time = Time.now)
+        @ttl = ttl
+        @value = value
+        @created_time = created_time
+      end
+      # [String] token value
+      attr_reader :value
+      def expired?
+        Time.now - @created_time > @ttl
+      end
+    end
   end
 end

data/lib/aws-sdk-core/json/builder.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'base64'
 module Aws

data/lib/aws-sdk-core/json/error_handler.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Aws
   module Json
     class ErrorHandler < Xml::ErrorHandler
@@ -17,9 +19,10 @@ module Aws
         json = Json.load(body)
         code = error_code(json, context)
         message = error_message(code, json)
-        [code, message]
+        data = parse_error_data(context, code)
+        [code, message, data]
       rescue Json::ParseError
-        [http_status_error_code(context), '']
+        [http_status_error_code(context), '', EmptyStructure.new]
       end
       def error_code(json, context)
@@ -41,6 +44,22 @@ module Aws
         end
       end
+      def parse_error_data(context, code)
+        data = EmptyStructure.new
+        if error_rules = context.operation.errors
+          error_rules.each do |rule|
+            # match modeled shape name with the type(code) only
+            # some type(code) might contains invalid characters
+            # such as ':' (efs) etc
+            match = rule.shape.name == code.gsub(/[^^a-zA-Z0-9]/, '')
+            if match && rule.shape.members.any?
+              data = Parser.new(rule).parse(context.http_response.body_contents)
+            end
+          end
+        end
+        data
+      end
     end
   end
 end

data/lib/aws-sdk-core/json/handler.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Aws
   module Json
     class Handler < Seahorse::Client::Handler
@@ -40,7 +42,25 @@ module Aws
           Json.load(context.http_response.body_contents)
         elsif rules = context.operation.output
           json = context.http_response.body_contents
-          Parser.new(rules).parse(json == '' ? '{}' : json)
+          if json.is_a?(Array)
+            # an array of emitted events
+            if json[0].respond_to?(:response)
+              # initial response exists
+              # it must be the first event arrived
+              resp_struct = json.shift.response
+            else
+              resp_struct = context.operation.output.shape.struct_class.new
+            end
+            rules.shape.members.each do |name, ref|
+              if ref.eventstream
+                resp_struct.send("#{name}=", json.to_enum)
+              end
+            end
+            resp_struct
+          else
+            Parser.new(rules).parse(json == '' ? '{}' : json)
+          end
         else
           EmptyStructure.new
         end

data/lib/aws-sdk-core/json/json_engine.rb CHANGED Viewed

@@ -1,15 +1,19 @@
+# frozen_string_literal: true
 module Aws
   module Json
-    class OjEngine
-      def self.load(json)
-        Oj.load(json)
-      end
+    module JSONEngine
+      class << self
+        def load(json)
+          JSON.parse(json)
+        rescue JSON::ParserError => e
+          raise ParseError.new(e)
+        end
-      def self.dump(value)
-        Oj.dump(value)
+        def dump(value)
+          JSON.dump(value)
+        end
       end
     end
   end
 end

data/lib/aws-sdk-core/json/oj_engine.rb CHANGED Viewed

@@ -1,15 +1,44 @@
+# frozen_string_literal: true
 module Aws
   module Json
-    class JSONEngine
+    module OjEngine
+      # @api private
+      LOAD_OPTIONS = { mode: :compat, symbol_keys: false, empty_string: false }.freeze
-      def self.load(json)
-        JSON.load(json)
-      end
+      # @api private
+      DUMP_OPTIONS = { mode: :compat }.freeze
+      class << self
+        def load(json)
+          Oj.load(json, LOAD_OPTIONS)
+        rescue *PARSE_ERRORS => e
+          raise ParseError.new(e)
+        end
+        def dump(value)
+          Oj.dump(value, DUMP_OPTIONS)
+        end
+        private
+        # Oj before 1.4.0 does not define Oj::ParseError and instead raises
+        # SyntaxError on failure
+        def detect_oj_parse_errors
+          require 'oj'
-      def self.dump(value)
-        JSON.dump(value)
+          if Oj.const_defined?(:ParseError)
+            [Oj::ParseError, EncodingError, JSON::ParserError]
+          else
+            [SyntaxError]
+          end
+        rescue LoadError
+          nil
+        end
       end
+      # @api private
+      PARSE_ERRORS = detect_oj_parse_errors
     end
   end
 end

data/lib/aws-sdk-core/json/parser.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'base64'
 require 'time'
@@ -26,8 +28,16 @@ module Aws
           member_name, member_ref = shape.member_by_location_name(key)
           if member_ref
             target[member_name] = parse_ref(member_ref, value)
+          elsif shape.union
+            target[:unknown] = { 'name' => key, 'value' => value }
           end
         end
+        if shape.union
+          # convert to subclass
+          member_subclass = shape.member_subclass(target.member).new
+          member_subclass[target.member] = target.value
+          target = member_subclass
+        end
         target
       end

data/lib/aws-sdk-core/json.rb CHANGED Viewed

@@ -1,66 +1,49 @@
+# frozen_string_literal: true
 require 'json'
 require_relative 'json/builder'
 require_relative 'json/error_handler'
 require_relative 'json/handler'
 require_relative 'json/parser'
+require_relative 'json/json_engine'
+require_relative 'json/oj_engine'
 module Aws
   # @api private
   module Json
     class ParseError < StandardError
       def initialize(error)
         @error = error
         super(error.message)
       end
       attr_reader :error
     end
     class << self
       def load(json)
-        ENGINE.load(json, *ENGINE_LOAD_OPTIONS)
-      rescue ENGINE_ERROR => e
-        raise ParseError.new(e)
+        ENGINE.load(json)
       end
       def load_file(path)
-        self.load(File.open(path, 'r', encoding: 'UTF-8') { |f| f.read })
+        load(File.open(path, 'r', encoding: 'UTF-8', &:read))
       end
       def dump(value)
-        ENGINE.dump(value, *ENGINE_DUMP_OPTIONS)
+        ENGINE.dump(value)
       end
       private
-      def oj_engine
+      def select_engine
         require 'oj'
-        [Oj, [{mode: :compat, symbol_keys: false}], [{ mode: :compat }], oj_parse_error]
+        OjEngine
       rescue LoadError
-        false
+        JSONEngine
       end
-      def json_engine
-        [JSON, [], [], JSON::ParserError]
-      end
-      def oj_parse_error
-        if Oj.const_defined?('ParseError')
-          Oj::ParseError
-        else
-          SyntaxError
-        end
-      end
     end
     # @api private
-    ENGINE, ENGINE_LOAD_OPTIONS, ENGINE_DUMP_OPTIONS, ENGINE_ERROR =
-      oj_engine || json_engine
+    ENGINE = select_engine
   end
 end

data/lib/aws-sdk-core/log/formatter.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'pathname'
 module Aws
@@ -83,6 +85,9 @@ module Aws
       #   The default list of filtered parameters is documented on the
       #   {ParamFilter} class.
       #
+      # @option options [Boolean] :filter_sensitive_params (true) Set to false
+      #   to disable the sensitive parameter filtering when logging
+      #   `:request_params`.
       def initialize(pattern, options = {})
         @pattern = pattern
         @param_formatter = ParamFormatter.new(options)
@@ -92,12 +97,12 @@ module Aws
       # @return [String]
       attr_reader :pattern
-      # Given a resopnse, this will format a log message and return it as a
+      # Given a response, this will format a log message and return it as a
       #   string according to {#pattern}.
       # @param [Seahorse::Client::Response] response
       # @return [String]
       def format(response)
-        pattern.gsub(/:(\w+)/) {|sym| send("_#{sym[1..-1]}", response) }
+        pattern.gsub(/:(\w+)/) { |sym| send("_#{sym[1..-1]}", response) }
       end
       # @api private
@@ -121,7 +126,8 @@ module Aws
       def _request_params(response)
         params = response.context.params
-        @param_formatter.summarize(@param_filter.filter(params))
+        type = response.context.operation.input.shape.struct_class
+        @param_formatter.summarize(@param_filter.filter(params, type))
       end
       def _time(response)
@@ -171,7 +177,13 @@ module Aws
       end
       def _http_response_body(response)
-        @param_formatter.summarize(response.context.http_response.body_contents)
+        if response.context.http_response.body.respond_to?(:rewind)
+          @param_formatter.summarize(
+            response.context.http_response.body_contents
+          )
+        else
+          ''
+        end
       end
       def _error_class(response)

data/lib/aws-sdk-core/log/handler.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Seahorse
   module Client
     module Logging