aws-sdk-core 3.85.0 → 3.89.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3b886138d094d6e84d381f1bb005b0eccf254f3a
-  data.tar.gz: 494272b4b2023250f4ce9d436b7e04b23f8e557f
+  metadata.gz: 4792718d8a5ff91e016c51a0c086d283c2ac7ba2
+  data.tar.gz: dff849117e3ccf090d80b3d4d2982549af9efbcc
 SHA512:
-  metadata.gz: 8099062c26429ee165c039b5f8b82188bf4f775d1f7d51b6cc645a96d6d131278b467404411ad0fec901e0f8a099e084d9d9dc0736579232c4e2a997a89fef9f
-  data.tar.gz: 853ea7b6a336a90bff25edb5702a240e69e05d1b233bbb29ebd17a1da5ec27ece237444304b8753030f6ee47fd65f988ccd63ebabffd96318bb5bf1ee539c7d0
+  metadata.gz: 88c0554839f9982b6ef115edb9aaac87d7bceb6e41f35b20efd1235cf4f14bfd922a50a6e75611fc6147bf0178fddedcd51b9735abe3f4509aff71fb6254c44a
+  data.tar.gz: 530fc62c766be09fe9b4a3d180a4050e5d41137dc53ac0c42d2b6d2524a56763a65e893f77c368ce6892270389f52294edc6dfae001a996bac254bf9ef948b17

data/VERSION

@@ -1 +1 @@
-3.85.0
+3.89.0

data/lib/aws-sdk-core.rb

@@ -80,6 +80,7 @@ require_relative 'aws-sdk-core/client_side_monitoring/request_metrics'
 require_relative 'aws-sdk-core/client_side_monitoring/publisher'
 
 # arn
+
 require_relative 'aws-sdk-core/arn'
 require_relative 'aws-sdk-core/arn_parser'
 

data/lib/aws-sdk-core/instance_profile_credentials.rb

@@ -29,24 +29,24 @@ module Aws
       Errno::ENETUNREACH,
       SocketError,
       Timeout::Error,
-      Non200Response,
-    ]
+      Non200Response
+    ].freeze
 
     # Path base for GET request for profile and credentials
     # @api private
-    METADATA_PATH_BASE = '/latest/meta-data/iam/security-credentials/'
+    METADATA_PATH_BASE = '/latest/meta-data/iam/security-credentials/'.freeze
 
     # Path for PUT request for token
     # @api private
-    METADATA_TOKEN_PATH = '/latest/api/token'
+    METADATA_TOKEN_PATH = '/latest/api/token'.freeze
 
     # @param [Hash] options
-    # @option options [Integer] :retries (5) Number of times to retry
+    # @option options [Integer] :retries (1) Number of times to retry
     #   when retrieving credentials.
     # @option options [String] :ip_address ('169.254.169.254')
     # @option options [Integer] :port (80)
-    # @option options [Float] :http_open_timeout (5)
-    # @option options [Float] :http_read_timeout (5)
+    # @option options [Float] :http_open_timeout (1)
+    # @option options [Float] :http_read_timeout (1)
     # @option options [Numeric, Proc] :delay By default, failures are retried
     #   with exponential back-off, i.e. `sleep(1.2 ** num_failures)`. You can
     #   pass a number of seconds to sleep between failed attempts, or
@@ -57,15 +57,15 @@ module Aws
     # @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
     #   Metadata Token used for fetching Metadata Profile Credentials, defaults
     #   to 21600 seconds
-    def initialize options = {}
-      @retries = options[:retries] || 5
+    def initialize(options = {})
+      @retries = options[:retries] || 1
       @ip_address = options[:ip_address] || '169.254.169.254'
       @port = options[:port] || 80
-      @http_open_timeout = options[:http_open_timeout] || 5
-      @http_read_timeout = options[:http_read_timeout] || 5
+      @http_open_timeout = options[:http_open_timeout] || 1
+      @http_read_timeout = options[:http_read_timeout] || 1
       @http_debug_output = options[:http_debug_output]
       @backoff = backoff(options[:backoff])
-      @token_ttl = options[:token_ttl] || 21600
+      @token_ttl = options[:token_ttl] || 21_600
       @token = nil
       super
     end
@@ -80,8 +80,8 @@ module Aws
     def backoff(backoff)
       case backoff
       when Proc then backoff
-      when Numeric then lambda { |_| sleep(backoff) }
-      else lambda { |num_failures| Kernel.sleep(1.2 ** num_failures) }
+      when Numeric then ->(_) { sleep(backoff) }
+      else ->(num_failures) { Kernel.sleep(1.2**num_failures) }
       end
     end
 
@@ -100,7 +100,7 @@ module Aws
           @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
         end
       rescue JSON::ParserError
-        raise Aws::Errors::MetadataParserError.new
+        raise Aws::Errors::MetadataParserError
       end
     end
 
@@ -118,7 +118,9 @@ module Aws
               begin
                 retry_errors(NETWORK_ERRORS, max_retries: @retries) do
                   unless token_set?
-                    token_value, ttl = http_put(conn, METADATA_TOKEN_PATH, @token_ttl)
+                    token_value, ttl = http_put(
+                      conn, METADATA_TOKEN_PATH, @token_ttl
+                    )
                     @token = Token.new(token_value, ttl) if token_value && ttl
                   end
                 end
@@ -128,13 +130,10 @@ module Aws
                 @token = nil
               end
 
-              if token_set?
-                profile_name = http_get(conn, METADATA_PATH_BASE, @token.value).lines.first.strip
-                http_get(conn, METADATA_PATH_BASE + profile_name, @token.value)
-              else
-                profile_name = http_get(conn, METADATA_PATH_BASE).lines.first.strip
-                http_get(conn, METADATA_PATH_BASE + profile_name)
-              end
+              token = @token.value if token_set?
+              metadata = http_get(conn, METADATA_PATH_BASE, token)
+              profile_name = metadata.lines.first.strip
+              http_get(conn, METADATA_PATH_BASE + profile_name, token)
             end
           end
         rescue
@@ -148,8 +147,7 @@ module Aws
     end
 
     def _metadata_disabled?
-      flag = ENV["AWS_EC2_METADATA_DISABLED"]
-      !flag.nil? && flag.downcase == "true"
+      ENV.fetch('AWS_EC2_METADATA_DISABLED', 'false').downcase == 'true'
     end
 
     def open_connection
@@ -162,59 +160,54 @@ module Aws
     end
 
     # GET request fetch profile and credentials
-    def http_get(connection, path, token=nil)
-      headers = {"User-Agent" => "aws-sdk-ruby3/#{CORE_GEM_VERSION}"}
-      headers["x-aws-ec2-metadata-token"] = token if token
+    def http_get(connection, path, token = nil)
+      headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}" }
+      headers['x-aws-ec2-metadata-token'] = token if token
       response = connection.request(Net::HTTP::Get.new(path, headers))
-      if response.code.to_i == 200
-        response.body
-      else
-        raise Non200Response
-      end
+      raise Non200Response unless response.code.to_i == 200
+
+      response.body
     end
 
     # PUT request fetch token with ttl
     def http_put(connection, path, ttl)
       headers = {
-        "User-Agent" => "aws-sdk-ruby3/#{CORE_GEM_VERSION}",
-        "x-aws-ec2-metadata-token-ttl-seconds" => ttl.to_s
+        'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}",
+        'x-aws-ec2-metadata-token-ttl-seconds' => ttl.to_s
       }
       response = connection.request(Net::HTTP::Put.new(path, headers))
       case response.code.to_i
       when 200
         [
           response.body,
-          response.header["x-aws-ec2-metadata-token-ttl-seconds"].to_i
+          response.header['x-aws-ec2-metadata-token-ttl-seconds'].to_i
         ]
-      when 401
-        raise TokenExpiredError
       when 400
         raise TokenRetrivalError
+      when 401
+        raise TokenExpiredError
       else
         raise Non200Response
       end
     end
 
-    def retry_errors(error_classes, options = {}, &block)
+    def retry_errors(error_classes, options = {}, &_block)
       max_retries = options[:max_retries]
       retries = 0
       begin
         yield
       rescue *error_classes
-        if retries < max_retries
-          @backoff.call(retries)
-          retries += 1
-          retry
-        else
-          raise
-        end
+        raise unless retries < max_retries
+
+        @backoff.call(retries)
+        retries += 1
+        retry
       end
     end
 
     # @api private
     # Token used to fetch IMDS profile and credentials
     class Token
-
       def initialize(value, ttl)
         @ttl = ttl
         @value = value
@@ -227,8 +220,6 @@ module Aws
       def expired?
         Time.now - @created_time > @ttl
       end
-
     end
-
   end
 end

data/lib/aws-sdk-core/log/param_filter.rb

@@ -11,7 +11,7 @@ module Aws
       #
       # @api private
       # begin
-      SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :block_data, :blocks, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_request_token, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :destination_access_token, :digest_tip_address, :display_name, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :external_model_endpoint_data_blobs, :external_user_id, :feedback_token, :file, :first_name, :full_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :join_token, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :meeting_host_id, :message, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :private_key_plaintext, :proof, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :revision, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :session_token, :share_notes, :shared_secret, :slots, :sns_topic_arn, :source_access_token, :sqs_queue_arn, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :zip_file]
+      SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :alexa_for_business_room_arn, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :block_data, :blocks, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_request_token, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :destination_access_token, :digest_tip_address, :display_name, :domain_signing_private_key, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :external_model_endpoint_data_blobs, :external_user_id, :feedback_token, :file, :first_name, :full_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :join_token, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :meeting_host_id, :message, :metadata, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :private_key_plaintext, :proof, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :restore_metadata, :revision, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :session_token, :share_notes, :shared_secret, :slots, :sns_topic_arn, :source_access_token, :sqs_queue_arn, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :zip_file]
       # end
 
       def initialize(options = {})

data/lib/aws-sdk-core/plugins/user_agent.rb

@@ -2,20 +2,16 @@ module Aws
   module Plugins
     # @api private
     class UserAgent < Seahorse::Client::Plugin
-
       option(:user_agent_suffix)
 
       # @api private
       class Handler < Seahorse::Client::Handler
-
         def call(context)
           set_user_agent(context)
           @handler.call(context)
         end
 
         def set_user_agent(context)
-          execution_env = ENV["AWS_EXECUTION_ENV"]
-
           ua = "aws-sdk-ruby3/#{CORE_GEM_VERSION}"
 
           begin
@@ -30,19 +26,19 @@ module Aws
             ua += " #{context[:gem_name]}/#{context[:gem_version]}"
           end
 
-          if execution_env
+          if (execution_env = ENV['AWS_EXECUTION_ENV'])
             ua += " exec-env/#{execution_env}"
           end
 
-          ua += " #{context.config.user_agent_suffix}" if context.config.user_agent_suffix
+          if context.config.user_agent_suffix
+            ua += " #{context.config.user_agent_suffix}"
+          end
 
           context.http_request.headers['User-Agent'] = ua.strip
         end
-
       end
 
       handler(Handler)
-
     end
   end
 end

data/lib/aws-sdk-sts.rb

@@ -40,6 +40,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @service
 module Aws::STS
 
-  GEM_VERSION = '3.85.0'
+  GEM_VERSION = '3.89.0'
 
 end

data/lib/aws-sdk-sts/client.rb

@@ -975,6 +975,36 @@ module Aws::STS
     #   * {Types::AssumeRoleWithSAMLResponse#audience #audience} => String
     #   * {Types::AssumeRoleWithSAMLResponse#name_qualifier #name_qualifier} => String
     #
+    #
+    # @example Example: To assume a role using a SAML assertion
+    #
+    #   resp = client.assume_role_with_saml({
+    #     duration_seconds: 3600, 
+    #     principal_arn: "arn:aws:iam::123456789012:saml-provider/SAML-test", 
+    #     role_arn: "arn:aws:iam::123456789012:role/TestSaml", 
+    #     saml_assertion: "VERYLONGENCODEDASSERTIONEXAMPLExzYW1sOkF1ZGllbmNlPmJsYW5rPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50Ij5TYW1sRXhhbXBsZTwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxOS0xMS0wMVQyMDoyNTowNS4xNDVaIiBSZWNpcGllbnQ9Imh0dHBzOi8vc2lnbmluLmF3cy5hbWF6b24uY29tL3NhbWwiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRoPD94bWwgdmpSZXNwb25zZT4=", 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     assumed_role_user: {
+    #       arn: "arn:aws:sts::123456789012:assumed-role/TestSaml", 
+    #       assumed_role_id: "ARO456EXAMPLE789:TestSaml", 
+    #     }, 
+    #     audience: "https://signin.aws.amazon.com/saml", 
+    #     credentials: {
+    #       access_key_id: "ASIAV3ZUEFP6EXAMPLE", 
+    #       expiration: Time.parse("2019-11-01T20:26:47Z"), 
+    #       secret_access_key: "8P+SQvWIuLnKhh8d++jpw0nNmQRBZvNEXAMPLEKEY", 
+    #       session_token: "IQoJb3JpZ2luX2VjEOz////////////////////wEXAMPLEtMSJHMEUCIDoKK3JH9uGQE1z0sINr5M4jk+Na8KHDcCYRVjJCZEvOAiEA3OvJGtw1EcViOleS2vhs8VdCKFJQWPQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==", 
+    #     }, 
+    #     issuer: "https://integ.example.com/idp/shibboleth", 
+    #     name_qualifier: "SbdGOnUkh1i4+EXAMPLExL/jEvs=", 
+    #     packed_policy_size: 6, 
+    #     subject: "SamlExample", 
+    #     subject_type: "transient", 
+    #   }
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.assume_role_with_saml({
@@ -2101,7 +2131,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.85.0'
+      context[:gem_version] = '3.89.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/seahorse/client/net_http/connection_pool.rb

@@ -18,6 +18,7 @@ module Seahorse
 
         @pools_mutex = Mutex.new
         @pools = {}
+        @default_logger = Logger.new($stdout)
 
         OPTIONS = {
           http_proxy: nil,
@@ -231,7 +232,7 @@ module Seahorse
           # @return [Hash]
           def pool_options options
             wire_trace = !!options[:http_wire_trace]
-            logger = options[:logger] || Logger.new($stdout) if wire_trace
+            logger = options[:logger] || @default_logger if wire_trace
             verify_peer = options.key?(:ssl_verify_peer) ?
               !!options[:ssl_verify_peer] : true
             {

data/lib/seahorse/client/net_http/handler.rb

@@ -163,7 +163,13 @@ module Seahorse
         # @return [Hash] Returns a vanilla hash of headers to send with the
         #   HTTP request.
         def headers(request)
-          # setting these to stop net/http from providing defaults
+          # Net::HTTP adds default headers for content-type to POSTs (1.8.7+)
+          # and accept-encoding (2.0.0+). Setting a default empty value defeats
+          # this.
+          #
+          # Removing these are necessary for most services to not break request
+          # signatures as well as dynamodb crc32 checks (these fail if the
+          # response is gzipped).
           headers = { 'content-type' => '', 'accept-encoding' => '' }
           request.headers.each_pair do |key, value|
             headers[key] = value

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.85.0
+  version: 3.89.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-12-09 00:00:00.000000000 Z
+date: 2020-01-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath