aws-sdk-core 3.90.0 → 3.93.0

data/lib/aws-sdk-core/plugins/signature_v4.rb

@@ -42,7 +42,7 @@ module Aws
       option(:unsigned_operations) do |cfg|
         cfg.api.operation_names.inject([]) do |unsigned, operation_name|
           if cfg.api.operation(operation_name)['authtype'] == 'none' ||
-            cfg.api.operation(operation_name)['authtype'] == 'custom'
+             cfg.api.operation(operation_name)['authtype'] == 'custom'
             # Unsign requests that has custom apigateway authorizer as well
             unsigned << operation_name
           else
@@ -107,6 +107,17 @@ module Aws
           req.headers.delete('X-Amz-Security-Token')
           req.headers.delete('X-Amz-Date')
 
+          if context.config.respond_to?(:clock_skew) &&
+             context.config.clock_skew &&
+             context.config.correct_clock_skew
+
+            endpoint = context.http_request.endpoint
+            skew = context.config.clock_skew.clock_correction(endpoint)
+            if skew.abs > 0
+              req.headers['X-Amz-Date'] = (Time.now.utc + skew).strftime("%Y%m%dT%H%M%SZ")
+            end
+          end
+
           # compute the signature
           begin
             signature = signer.sign_request(
@@ -130,7 +141,7 @@ module Aws
         # @api private
         def apply_authtype(context)
           if context.operation['authtype'].eql?('v4-unsigned-body') &&
-            context.http_request.endpoint.scheme.eql?('https')
+             context.http_request.endpoint.scheme.eql?('https')
             context.http_request.headers['X-Amz-Content-Sha256'] = 'UNSIGNED-PAYLOAD'
           end
           context

data/lib/aws-sdk-core/plugins/stub_responses.rb

@@ -34,6 +34,7 @@ requests are made, and retries are disabled.
         if client.config.stub_responses
           client.setup_stubbing
           client.handlers.remove(RetryErrors::Handler)
+          client.handlers.remove(RetryErrors::LegacyHandler)
           client.handlers.remove(ClientMetricsPlugin::Handler)
           client.handlers.remove(ClientMetricsSendPlugin::LatencyHandler)
           client.handlers.remove(ClientMetricsSendPlugin::AttemptHandler)

data/lib/aws-sdk-core/shared_config.rb

@@ -117,16 +117,18 @@ module Aws
       credentials
     end
 
-    def assume_role_web_identity_credentials_from_config(profile)
-      p = profile || @profile_name
+    def assume_role_web_identity_credentials_from_config(opts = {})
+      p = opts[:profile] || @profile_name
       if @config_enabled && @parsed_config
         entry = @parsed_config.fetch(p, {})
         if entry['web_identity_token_file'] && entry['role_arn']
-          AssumeRoleWebIdentityCredentials.new(
+          cfg = {
             role_arn: entry['role_arn'],
             web_identity_token_file: entry['web_identity_token_file'],
             role_session_name: entry['role_session_name']
-          )
+          }
+          cfg[:region] = opts[:region] if opts[:region]
+          AssumeRoleWebIdentityCredentials.new(cfg)
         end
       end
     end
@@ -141,16 +143,20 @@ module Aws
     end
 
     config_reader(
+      :region,
       :credential_process,
+      :endpoint_discovery_enabled,
+      :max_attempts,
+      :retry_mode,
+      :adaptive_retry_wait_to_fill,
+      :correct_clock_skew,
       :csm_client_id,
       :csm_enabled,
       :csm_host,
       :csm_port,
-      :endpoint_discovery_enabled,
-      :region,
+      :sts_regional_endpoints,
       :s3_use_arn_region,
-      :s3_us_east_1_regional_endpoint,
-      :sts_regional_endpoints
+      :s3_us_east_1_regional_endpoint
     )
 
     private
@@ -182,7 +188,7 @@ module Aws
                 'a credential_source. For assume role credentials, must '\
                 'provide only source_profile or credential_source, not both.'
         elsif opts[:source_profile]
-          opts[:credentials] = resolve_source_profile(opts[:source_profile])
+          opts[:credentials] = resolve_source_profile(opts[:source_profile], opts)
           if opts[:credentials]
             opts[:role_session_name] ||= prof_cfg['role_session_name']
             opts[:role_session_name] ||= 'default_session'
@@ -220,10 +226,10 @@ module Aws
       end
     end
 
-    def resolve_source_profile(profile)
+    def resolve_source_profile(profile, opts = {})
       if (creds = credentials(profile: profile))
         creds # static credentials
-      elsif (provider = assume_role_web_identity_credentials_from_config(profile))
+      elsif (provider = assume_role_web_identity_credentials_from_config(opts.merge(profile: profile)))
         provider.credentials if provider.credentials.set?
       elsif (provider = assume_role_process_credentials_from_config(profile))
         provider.credentials if provider.credentials.set?

data/lib/aws-sdk-core/util.rb

@@ -52,6 +52,10 @@ module Aws
         end
       end
 
+      def monotonic_seconds
+        monotonic_milliseconds / 1000.0
+      end
+
       def str_2_bool(str)
         case str.to_s
         when "true" then true

data/lib/aws-sdk-sts.rb

@@ -22,17 +22,20 @@ require_relative 'aws-sdk-sts/customizations'
 # methods each accept a hash of request parameters and return a response
 # structure.
 #
+#     sts = Aws::STS::Client.new
+#     resp = sts.assume_role(params)
+#
 # See {Client} for more information.
 #
 # # Errors
 #
-# Errors returned from AWS Security Token Service all
-# extend {Errors::ServiceError}.
+# Errors returned from AWS Security Token Service are defined in the
+# {Errors} module and all extend {Errors::ServiceError}.
 #
 #     begin
 #       # do stuff
 #     rescue Aws::STS::Errors::ServiceError
-#       # rescues all service API errors
+#       # rescues all AWS Security Token Service API errors
 #     end
 #
 # See {Errors} for more information.
@@ -40,6 +43,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @service
 module Aws::STS
 
-  GEM_VERSION = '3.90.0'
+  GEM_VERSION = '3.93.0'
 
 end

data/lib/aws-sdk-sts/client.rb

@@ -31,6 +31,18 @@ require 'aws-sdk-sts/plugins/sts_regional_endpoints.rb'
 Aws::Plugins::GlobalConfiguration.add_identifier(:sts)
 
 module Aws::STS
+  # An API client for STS.  To construct a client, you need to configure a `:region` and `:credentials`.
+  #
+  #     client = Aws::STS::Client.new(
+  #       region: region_name,
+  #       credentials: credentials,
+  #       # ...
+  #     )
+  #
+  # For details on configuring region and credentials see
+  # the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
+  #
+  # See {#initialize} for a full list of supported configuration options.
   class Client < Seahorse::Client::Base
 
     include Aws::ClientStubs
@@ -110,6 +122,12 @@ module Aws::STS
     #     When set to `true`, a thread polling for endpoints will be running in
     #     the background every 60 secs (default). Defaults to `false`.
     #
+    #   @option options [Boolean] :adaptive_retry_wait_to_fill (true)
+    #     Used only in `adaptive` retry mode.  When true, the request will sleep
+    #     until there is sufficent client side capacity to retry the request.
+    #     When false, the request will raise a `RetryCapacityNotAvailableError` and will
+    #     not retry instead of sleeping.
+    #
     #   @option options [Boolean] :client_side_monitoring (false)
     #     When `true`, client-side metrics will be collected for all API requests from
     #     this client.
@@ -134,6 +152,10 @@ module Aws::STS
     #     When `true`, an attempt is made to coerce request parameters into
     #     the required types.
     #
+    #   @option options [Boolean] :correct_clock_skew (true)
+    #     Used only in `standard` and adaptive retry modes. Specifies whether to apply
+    #     a clock skew correction and retry requests with skewed client clocks.
+    #
     #   @option options [Boolean] :disable_host_prefix_injection (false)
     #     Set to true to disable SDK automatically adding host prefix
     #     to default service endpoint when available.
@@ -168,15 +190,29 @@ module Aws::STS
     #     The Logger instance to send log messages to.  If this option
     #     is not set, logging will be disabled.
     #
+    #   @option options [Integer] :max_attempts (3)
+    #     An integer representing the maximum number attempts that will be made for
+    #     a single request, including the initial attempt.  For example,
+    #     setting this value to 5 will result in a request being retried up to
+    #     4 times. Used in `standard` and `adaptive` retry modes.
+    #
     #   @option options [String] :profile ("default")
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [Proc] :retry_backoff
+    #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
+    #     This option is only used in the `legacy` retry mode.
+    #
     #   @option options [Float] :retry_base_delay (0.3)
-    #     The base delay in seconds used by the default backoff function.
+    #     The base delay in seconds used by the default backoff function. This option
+    #     is only used in the `legacy` retry mode.
     #
     #   @option options [Symbol] :retry_jitter (:none)
-    #     A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number.
+    #     A delay randomiser function used by the default backoff function.
+    #     Some predefined functions can be referenced by name - :none, :equal, :full,
+    #     otherwise a Proc that takes and returns a number. This option is only used
+    #     in the `legacy` retry mode.
     #
     #     @see https://www.awsarchitectureblog.com/2015/03/backoff.html
     #
@@ -184,20 +220,39 @@ module Aws::STS
     #     The maximum number of times to retry failed requests.  Only
     #     ~ 500 level server errors and certain ~ 400 level client errors
     #     are retried.  Generally, these are throttling errors, data
-    #     checksum errors, networking errors, timeout errors and auth
-    #     errors from expired credentials.
+    #     checksum errors, networking errors, timeout errors, auth errors,
+    #     endpoint discovery, and errors from expired credentials.
+    #     This option is only used in the `legacy` retry mode.
     #
     #   @option options [Integer] :retry_max_delay (0)
-    #     The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function.
+    #     The maximum number of seconds to delay between retries (0 for no limit)
+    #     used by the default backoff function. This option is only used in the
+    #     `legacy` retry mode.
+    #
+    #   @option options [String] :retry_mode ("legacy")
+    #     Specifies which retry algorithm to use. Values are:
+    #
+    #     * `legacy` - The pre-existing retry behavior.  This is default value if
+    #       no retry mode is provided.
+    #
+    #     * `standard` - A standardized set of retry rules across the AWS SDKs.
+    #       This includes support for retry quotas, which limit the number of
+    #       unsuccessful retries a client can make.
+    #
+    #     * `adaptive` - An experimental retry mode that includes all the
+    #       functionality of `standard` mode along with automatic client side
+    #       throttling.  This is a provisional mode that may change behavior
+    #       in the future.
+    #
     #
     #   @option options [String] :secret_access_key
     #
     #   @option options [String] :session_token
     #
-    #   @option options [String] :sts_regional_endpoints ("legacy")
+    #   @option options [String] :sts_regional_endpoints ("regional")
     #     Passing in 'regional' to enable regional endpoint for STS for all supported
-    #     regions (except 'aws-global'), defaults to 'legacy' mode, using global endpoint
-    #     for legacy regions.
+    #     regions (except 'aws-global'). Using 'legacy' mode will force all legacy
+    #     regions to resolve to the STS global endpoint.
     #
     #   @option options [Boolean] :stub_responses (false)
     #     Causes the client to return stubbed responses. By default
@@ -216,16 +271,15 @@ module Aws::STS
     #     requests through.  Formatted like 'http://proxy.com:123'.
     #
     #   @option options [Float] :http_open_timeout (15) The number of
-    #     seconds to wait when opening a HTTP session before rasing a
+    #     seconds to wait when opening a HTTP session before raising a
     #     `Timeout::Error`.
     #
     #   @option options [Integer] :http_read_timeout (60) The default
     #     number of seconds to wait for response data.  This value can
-    #     safely be set
-    #     per-request on the session yeidled by {#session_for}.
+    #     safely be set per-request on the session.
     #
     #   @option options [Float] :http_idle_timeout (5) The number of
-    #     seconds a connection is allowed to sit idble before it is
+    #     seconds a connection is allowed to sit idle before it is
     #     considered stale.  Stale connections are closed and removed
     #     from the pool before making a request.
     #
@@ -234,7 +288,7 @@ module Aws::STS
     #     request body.  This option has no effect unless the request has
     #     "Expect" header set to "100-continue".  Defaults to `nil` which
     #     disables this behaviour.  This value can safely be set per
-    #     request on the session yeidled by {#session_for}.
+    #     request on the session.
     #
     #   @option options [Boolean] :http_wire_trace (false) When `true`,
     #     HTTP debug output will be sent to the `:logger`.
@@ -2131,7 +2185,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.90.0'
+      context[:gem_version] = '3.93.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts/errors.rb

@@ -6,6 +6,36 @@
 # WARNING ABOUT GENERATED CODE
 
 module Aws::STS
+
+  # When STS returns an error response, the Ruby SDK constructs and raises an error.
+  # These errors all extend Aws::STS::Errors::ServiceError < {Aws::Errors::ServiceError}
+  #
+  # You can rescue all STS errors using ServiceError:
+  #
+  #     begin
+  #       # do stuff
+  #     rescue Aws::STS::Errors::ServiceError
+  #       # rescues all STS API errors
+  #     end
+  #
+  #
+  # ## Request Context
+  # ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns
+  # information about the request that generated the error.
+  # See {Seahorse::Client::RequestContext} for more information.
+  #
+  # ## Error Classes
+  # * {ExpiredTokenException}
+  # * {IDPCommunicationErrorException}
+  # * {IDPRejectedClaimException}
+  # * {InvalidAuthorizationMessageException}
+  # * {InvalidIdentityTokenException}
+  # * {MalformedPolicyDocumentException}
+  # * {PackedPolicyTooLargeException}
+  # * {RegionDisabledException}
+  #
+  # Additionally, error classes are dynamically generated for service errors based on the error code
+  # if they are not defined above.
   module Errors
 
     extend Aws::Errors::DynamicErrors
@@ -23,7 +53,6 @@ module Aws::STS
       def message
         @message || @data[:message]
       end
-
     end
 
     class IDPCommunicationErrorException < ServiceError
@@ -39,7 +68,6 @@ module Aws::STS
       def message
         @message || @data[:message]
       end
-
     end
 
     class IDPRejectedClaimException < ServiceError
@@ -55,7 +83,6 @@ module Aws::STS
       def message
         @message || @data[:message]
       end
-
     end
 
     class InvalidAuthorizationMessageException < ServiceError
@@ -71,7 +98,6 @@ module Aws::STS
       def message
         @message || @data[:message]
       end
-
     end
 
     class InvalidIdentityTokenException < ServiceError
@@ -87,7 +113,6 @@ module Aws::STS
       def message
         @message || @data[:message]
       end
-
     end
 
     class MalformedPolicyDocumentException < ServiceError
@@ -103,7 +128,6 @@ module Aws::STS
       def message
         @message || @data[:message]
       end
-
     end
 
     class PackedPolicyTooLargeException < ServiceError
@@ -119,7 +143,6 @@ module Aws::STS
       def message
         @message || @data[:message]
       end
-
     end
 
     class RegionDisabledException < ServiceError
@@ -135,7 +158,6 @@ module Aws::STS
       def message
         @message || @data[:message]
       end
-
     end
 
   end

data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb

@@ -5,12 +5,12 @@ module Aws
       class STSRegionalEndpoints < Seahorse::Client::Plugin
 
         option(:sts_regional_endpoints,
-          default: 'legacy',
+          default: 'regional',
           doc_type: String,
           docstring: <<-DOCS) do |cfg|
 Passing in 'regional' to enable regional endpoint for STS for all supported
-regions (except 'aws-global'), defaults to 'legacy' mode, using global endpoint
-for legacy regions.
+regions (except 'aws-global'). Using 'legacy' mode will force all legacy 
+regions to resolve to the STS global endpoint.
           DOCS
           resolve_sts_regional_endpoints(cfg)
         end
@@ -22,7 +22,7 @@ for legacy regions.
           env_mode = nil if env_mode == ''
           cfg_mode = Aws.shared_config.sts_regional_endpoints(
             profile: cfg.profile)
-          env_mode || cfg_mode || 'legacy'
+          env_mode || cfg_mode || 'regional'
         end
 
       end

data/lib/aws-sdk-sts/resource.rb

@@ -6,6 +6,7 @@
 # WARNING ABOUT GENERATED CODE
 
 module Aws::STS
+
   class Resource
 
     # @param options ({})

data/lib/seahorse/client/response.rb

@@ -3,7 +3,6 @@ require 'delegate'
 module Seahorse
   module Client
     class Response < Delegator
-
       # @option options [RequestContext] :context (nil)
       # @option options [Integer] :status_code (nil)
       # @option options [Http::Headers] :headers (Http::Headers.new)
@@ -39,10 +38,10 @@ module Seahorse
       #     witin the given range.
       #
       # @return [self]
-      def on(range, &block)
+      def on(range, &_block)
         response = self
         @context.http_response.on_success(range) do
-          block.call(response)
+          yield response
         end
         self
       end
@@ -56,7 +55,7 @@ module Seahorse
       # @return [Boolean] Returns `true` if the response is complete with
       #   a ~ 200 level http status code.
       def successful?
-        (200..299).include?(@context.http_response.status_code) && @error.nil?
+        (200..299).cover?(@context.http_response.status_code) && @error.nil?
       end
 
       # @api private
@@ -76,7 +75,6 @@ module Seahorse
       def __setobj__(obj)
         @data = obj
       end
-
     end
   end
 end