aws-sdk-core 3.46.2 → 3.126.2

data/lib/aws-sdk-core/plugins/http_checksum.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+module Aws
+  module Plugins
+    # @api private
+    class HttpChecksum < Seahorse::Client::Plugin
+      # @api private
+      class Handler < Seahorse::Client::Handler
+        CHUNK_SIZE = 1 * 1024 * 1024 # one MB
+
+        def call(context)
+          if context.operation.http_checksum_required
+            body = context.http_request.body
+            context.http_request.headers['Content-Md5'] ||= md5(body)
+          end
+          @handler.call(context)
+        end
+
+        private
+
+        # @param [File, Tempfile, IO#read, String] value
+        # @return [String<MD5>]
+        def md5(value)
+          if (value.is_a?(File) || value.is_a?(Tempfile)) &&
+             !value.path.nil? && File.exist?(value.path)
+            OpenSSL::Digest::MD5.file(value).base64digest
+          elsif value.respond_to?(:read)
+            md5 = OpenSSL::Digest::MD5.new
+            update_in_chunks(md5, value)
+            md5.base64digest
+          else
+            OpenSSL::Digest::MD5.digest(value).base64digest
+          end
+        end
+
+        def update_in_chunks(digest, io)
+          loop do
+            chunk = io.read(CHUNK_SIZE)
+            break unless chunk
+            digest.update(chunk)
+          end
+          io.rewind
+        end
+
+      end
+
+      def add_handlers(handlers, _config)
+        # priority set low to ensure checksum is computed AFTER the request is
+        # built but before it is signed
+        handlers.add(Handler, priority: 10, step: :build)
+      end
+
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/idempotency_token.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'securerandom'
 
 module Aws

data/lib/aws-sdk-core/plugins/invocation_id.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+
+module Aws
+  module Plugins
+
+    # @api private
+    class InvocationId < Seahorse::Client::Plugin
+
+      # @api private
+      class Handler < Seahorse::Client::Handler
+
+        def call(context)
+          apply_invocation_id(context)
+          @handler.call(context)
+        end
+
+        private
+
+        def apply_invocation_id(context)
+          context.http_request.headers['amz-sdk-invocation-id'] = SecureRandom.uuid
+          if context[:input_event_emitter]
+            # only used for eventstreaming at input
+            context.http_request.headers['x-amz-content-sha256'] = 'STREAMING-AWS4-HMAC-SHA256-EVENTS'
+          end
+        end
+
+      end
+
+      handler(Handler, step: :initialize)
+
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
 

data/lib/aws-sdk-core/plugins/logging.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
     # @see Log::Formatter

data/lib/aws-sdk-core/plugins/param_converter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
     # @api private

data/lib/aws-sdk-core/plugins/param_validator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
     # @api private

data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb

@@ -1,10 +1,29 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
     module Protocols
       class ApiGateway < Seahorse::Client::Plugin
+
+        class ContentTypeHandler < Seahorse::Client::Handler
+          def call(context)
+            body = context.http_request.body
+            # Rest::Handler will set a default JSON body, so size can be checked
+            # if this handler is run after serialization.
+            if !body.respond_to?(:size) ||
+               (body.respond_to?(:size) && body.size > 0)
+               context.http_request.headers['Content-Type'] ||=
+                 'application/json'
+            end
+            @handler.call(context)
+          end
+        end
+
         handler(Rest::Handler)
+        handler(ContentTypeHandler, priority: 30)
         handler(Json::ErrorHandler, step: :sign)
       end
+
     end
   end
 end

data/lib/aws-sdk-core/plugins/protocols/ec2.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative '../../query'
 
 module Aws

data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
     module Protocols

data/lib/aws-sdk-core/plugins/protocols/query.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative '../../query'
 
 module Aws

data/lib/aws-sdk-core/plugins/protocols/rest_json.rb

@@ -1,12 +1,29 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
     module Protocols
       class RestJson < Seahorse::Client::Plugin
 
+        class ContentTypeHandler < Seahorse::Client::Handler
+          def call(context)
+            body = context.http_request.body
+            # Rest::Handler will set a default JSON body, so size can be checked
+            # if this handler is run after serialization.
+            if !body.respond_to?(:size) ||
+               (body.respond_to?(:size) && body.size > 0)
+              context.http_request.headers['Content-Type'] ||=
+                'application/json'
+            end
+            @handler.call(context)
+          end
+        end
+
         handler(Rest::Handler)
+        handler(ContentTypeHandler, priority: 30)
         handler(Json::ErrorHandler, step: :sign)
-
       end
+
     end
   end
 end

data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
     module Protocols

data/lib/aws-sdk-core/plugins/recursion_detection.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Aws
+  module Plugins
+    # @api private
+    class RecursionDetection < Seahorse::Client::Plugin
+
+      # @api private
+      class Handler < Seahorse::Client::Handler
+        def call(context)
+
+          unless context.http_request.headers.key?('x-amz-trace-id')
+            if ENV['AWS_LAMBDA_FUNCTION_NAME'] &&
+              (trace_id = ENV['_X_AMZ_TRACE_ID'])
+              context.http_request.headers['x-amz-trace-id'] = trace_id
+            end
+          end
+          @handler.call(context)
+        end
+      end
+
+      # should be at the end of build so that
+      # modeled traits / service customizations apply first
+      handler(Handler, step: :build, order: 99)
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/regional_endpoint.rb

@@ -1,11 +1,9 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
     # @api private
     class RegionalEndpoint < Seahorse::Client::Plugin
-
-      # raised when region is not configured
-      MISSING_REGION = 'missing required configuration option :region'
-
       option(:profile)
 
       option(:region,
@@ -14,7 +12,7 @@ module Aws
         docstring: <<-DOCS) do |cfg|
 The AWS region to connect to.  The configured `:region` is
 used to determine the service `:endpoint`. When not passed,
-a default `:region` is search for in the following locations:
+a default `:region` is searched for in the following locations:
 
 * `Aws.config[:region]`
 * `ENV['AWS_REGION']`
@@ -26,35 +24,95 @@ a default `:region` is search for in the following locations:
         resolve_region(cfg)
       end
 
+      option(:use_dualstack_endpoint,
+        doc_type: 'Boolean',
+        docstring: <<-DOCS) do |cfg|
+When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
+will be used if available.
+        DOCS
+        resolve_use_dualstack_endpoint(cfg)
+      end
+
+      option(:use_fips_endpoint,
+        doc_type: 'Boolean',
+        docstring: <<-DOCS) do |cfg|
+When set to `true`, fips compatible endpoints will be used if available.
+When a `fips` region is used, the region is normalized and this config
+is set to `true`.
+        DOCS
+        resolve_use_fips_endpoint(cfg)
+      end
+
       option(:regional_endpoint, false)
 
       option(:endpoint, doc_type: String, docstring: <<-DOCS) do |cfg|
 The client endpoint is normally constructed from the `:region`
 option. You should only configure an `:endpoint` when connecting
-to test endpoints. This should be avalid HTTP(S) URI.
+to test or custom endpoints. This should be a valid HTTP(S) URI.
         DOCS
         endpoint_prefix = cfg.api.metadata['endpointPrefix']
         if cfg.region && endpoint_prefix
-          Aws::Partitions::EndpointProvider.resolve(cfg.region, endpoint_prefix)
+          if cfg.respond_to?(:sts_regional_endpoints)
+            sts_regional = cfg.sts_regional_endpoints
+          end
+
+          # check region is a valid RFC host label
+          unless Seahorse::Util.host_label?(cfg.region)
+            raise Errors::InvalidRegionError
+          end
+
+          region = cfg.region
+          new_region = region.gsub('fips-', '').gsub('-fips', '')
+          if region != new_region
+            warn("Legacy region #{region} was transformed to #{new_region}."\
+                 '`use_fips_endpoint` config was set to true.')
+            cfg.override_config(:use_fips_endpoint, true)
+            cfg.override_config(:region, new_region)
+          end
+
+          Aws::Partitions::EndpointProvider.resolve(
+            cfg.region,
+            endpoint_prefix,
+            sts_regional,
+            {
+              dualstack: cfg.use_dualstack_endpoint,
+              fips: cfg.use_fips_endpoint
+            }
+          )
         end
       end
 
       def after_initialize(client)
-        if client.config.region.nil? or client.config.region == ''
+        if client.config.region.nil? || client.config.region == ''
           raise Errors::MissingRegionError
         end
       end
 
-      private
+      class << self
+        private
 
-      def self.resolve_region(cfg)
-        keys = %w(AWS_REGION AMAZON_REGION AWS_DEFAULT_REGION)
-        env_region = ENV.values_at(*keys).compact.first
-        env_region = nil if env_region == ''
-        cfg_region = Aws.shared_config.region(profile: cfg.profile)
-        env_region || cfg_region
-      end
+        def resolve_region(cfg)
+          keys = %w[AWS_REGION AMAZON_REGION AWS_DEFAULT_REGION]
+          env_region = ENV.values_at(*keys).compact.first
+          env_region = nil if env_region == ''
+          cfg_region = Aws.shared_config.region(profile: cfg.profile)
+          env_region || cfg_region
+        end
+
+        def resolve_use_dualstack_endpoint(cfg)
+          value = ENV['AWS_USE_DUALSTACK_ENDPOINT']
+          value ||= Aws.shared_config.use_dualstack_endpoint(
+            profile: cfg.profile
+          )
+          Aws::Util.str_2_bool(value) || false
+        end
 
+        def resolve_use_fips_endpoint(cfg)
+          value = ENV['AWS_USE_FIPS_ENDPOINT']
+          value ||= Aws.shared_config.use_fips_endpoint(profile: cfg.profile)
+          Aws::Util.str_2_bool(value) || false
+        end
+      end
     end
   end
 end

data/lib/aws-sdk-core/plugins/response_paging.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Plugins
     # @api private

data/lib/aws-sdk-core/plugins/retries/client_rate_limiter.rb

@@ -0,0 +1,139 @@
+# frozen_string_literal: true
+
+module Aws
+  module Plugins
+    module Retries
+      # @api private
+      # Used only in 'adaptive' retry mode
+      class ClientRateLimiter
+        MIN_CAPACITY = 1
+        MIN_FILL_RATE = 0.5
+        SMOOTH = 0.8
+        # How much to scale back after a throttling response
+        BETA = 0.7
+        # Controls how aggressively we scale up after being throttled
+        SCALE_CONSTANT = 0.4
+
+        def initialize
+          @mutex                = Mutex.new
+          @fill_rate            = nil
+          @max_capacity         = nil
+          @current_capacity     = 0
+          @last_timestamp       = nil
+          @enabled              = false
+          @measured_tx_rate     = 0
+          @last_tx_rate_bucket  = Aws::Util.monotonic_seconds
+          @request_count        = 0
+          @last_max_rate        = 0
+          @last_throttle_time   = Aws::Util.monotonic_seconds
+          @calculated_rate      = nil
+        end
+
+        def token_bucket_acquire(amount, wait_to_fill = true)
+          # Client side throttling is not enabled until we see a
+          # throttling error
+          return unless @enabled
+
+          @mutex.synchronize do
+            token_bucket_refill
+
+            # Next see if we have enough capacity for the requested amount
+            while @current_capacity < amount
+              raise Aws::Errors::RetryCapacityNotAvailableError unless wait_to_fill
+              @mutex.sleep((amount - @current_capacity) / @fill_rate)
+              token_bucket_refill
+            end
+            @current_capacity -= amount
+          end
+        end
+
+        def update_sending_rate(is_throttling_error)
+          @mutex.synchronize do
+            update_measured_rate
+
+            if is_throttling_error
+              rate_to_use = if @enabled
+                              [@measured_tx_rate, @fill_rate].min
+                            else
+                              @measured_tx_rate
+                            end
+
+              # The fill_rate is from the token bucket
+              @last_max_rate = rate_to_use
+              calculate_time_window
+              @last_throttle_time = Aws::Util.monotonic_seconds
+              @calculated_rate = cubic_throttle(rate_to_use)
+              enable_token_bucket
+            else
+              calculate_time_window
+              @calculated_rate = cubic_success(Aws::Util.monotonic_seconds)
+            end
+
+            new_rate = [@calculated_rate, 2 * @measured_tx_rate].min
+            token_bucket_update_rate(new_rate)
+          end
+        end
+
+        private
+
+        def token_bucket_refill
+          timestamp = Aws::Util.monotonic_seconds
+          unless @last_timestamp
+            @last_timestamp = timestamp
+            return
+          end
+
+          fill_amount = (timestamp - @last_timestamp) * @fill_rate
+          @current_capacity = [
+            @max_capacity, @current_capacity + fill_amount
+          ].min
+
+          @last_timestamp = timestamp
+        end
+
+        def token_bucket_update_rate(new_rps)
+          # Refill based on our current rate before we update to the
+          # new fill rate
+          token_bucket_refill
+          @fill_rate = [new_rps, MIN_FILL_RATE].max
+          @max_capacity = [new_rps, MIN_CAPACITY].max
+          # When we scale down we can't have a current capacity that exceeds our
+          # max_capacity.
+          @current_capacity = [@current_capacity, @max_capacity].min
+        end
+
+        def enable_token_bucket
+          @enabled = true
+        end
+
+        def update_measured_rate
+          t = Aws::Util.monotonic_seconds
+          time_bucket = (t * 2).floor / 2.0
+          @request_count += 1
+          if time_bucket > @last_tx_rate_bucket
+            current_rate = @request_count / (time_bucket - @last_tx_rate_bucket)
+            @measured_tx_rate = (current_rate * SMOOTH) +
+              (@measured_tx_rate * (1 - SMOOTH))
+            @request_count = 0
+            @last_tx_rate_bucket = time_bucket
+          end
+        end
+
+        def calculate_time_window
+          # This is broken out into a separate calculation because it only
+          # gets updated when @last_max_rate changes so it can be cached.
+          @time_window = ((@last_max_rate * (1 - BETA)) / SCALE_CONSTANT)**(1.0 / 3)
+        end
+
+        def cubic_success(timestamp)
+          dt = timestamp - @last_throttle_time
+          (SCALE_CONSTANT * ((dt - @time_window)**3)) + @last_max_rate
+        end
+
+        def cubic_throttle(rate_to_use)
+          rate_to_use * BETA
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/retries/clock_skew.rb

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+module Aws
+  module Plugins
+    module Retries
+
+      # @api private
+      class ClockSkew
+
+        CLOCK_SKEW_THRESHOLD = 5 * 60 # five minutes
+
+        def initialize
+          @mutex = Mutex.new
+          # clock_corrections are recorded only on errors
+          # and only when time difference is greater than the
+          # CLOCK_SKEW_THRESHOLD
+          @endpoint_clock_corrections = Hash.new(0)
+
+          # estimated_skew is calculated on every request
+          # and is used to estimate a TTL for requests
+          @endpoint_estimated_skews = Hash.new(nil)
+        end
+
+        # Gets the clock_correction in seconds to apply to a given endpoint
+        # @param endpoint [URI / String]
+        def clock_correction(endpoint)
+          @mutex.synchronize { @endpoint_clock_corrections[endpoint.to_s] }
+        end
+
+        # The estimated skew factors in any clock skew from
+        # the service along with any network latency.
+        # This provides a more accurate value for the ttl,
+        # which should represent when the client will stop
+        # waiting for a request.
+        # Estimated Skew should not be used to correct clock skew errors
+        # it should only be used to estimate TTL for a request
+        def estimated_skew(endpoint)
+          @mutex.synchronize { @endpoint_estimated_skews[endpoint.to_s] }
+        end
+
+        # Determines whether a request has clock skew by comparing
+        # the current time against the server's time in the response
+        # @param context [Seahorse::Client::RequestContext]
+        def clock_skewed?(context)
+          server_time = server_time(context.http_response)
+          !!server_time &&
+            (Time.now.utc - server_time).abs > CLOCK_SKEW_THRESHOLD
+        end
+
+        # Called only on clock skew related errors
+        # Update the stored clock skew correction value for an endpoint
+        # from the server's time in the response
+        # @param context [Seahorse::Client::RequestContext]
+        def update_clock_correction(context)
+          endpoint = context.http_request.endpoint
+          now_utc = Time.now.utc
+          server_time = server_time(context.http_response)
+          if server_time && (now_utc - server_time).abs > CLOCK_SKEW_THRESHOLD
+            set_clock_correction(endpoint, server_time - now_utc)
+          end
+        end
+
+        # Called for every request
+        # Update our estimated clock skew for the endpoint
+        # from the servers time in the response
+        # @param context [Seahorse::Client::RequestContext]
+        def update_estimated_skew(context)
+          endpoint = context.http_request.endpoint
+          now_utc = Time.now.utc
+          server_time = server_time(context.http_response)
+          return unless server_time
+          @mutex.synchronize do
+            @endpoint_estimated_skews[endpoint.to_s] = server_time - now_utc
+          end
+        end
+
+        private
+
+        # @param response [Seahorse::Client::Http::Response:]
+        def server_time(response)
+          begin
+            Time.parse(response.headers['date']).utc
+          rescue
+            nil
+          end
+        end
+
+        # Sets the clock correction for an endpoint
+        # @param endpoint [URI / String]
+        # @param correction [Number]
+        def set_clock_correction(endpoint, correction)
+          @mutex.synchronize do
+            @endpoint_clock_corrections[endpoint.to_s] = correction
+          end
+        end
+      end
+    end
+  end
+end
+