AWS SDK

rev. c177bc6112cbc5135de1e24e8d7509ab305c676a

Files changed:

tmp-codegen-diff/aws-sdk/README.md

@@ -1,1 +57,57 @@

 <!--
 IMPORTANT:
 This README file is auto-generated by the build system in smithy-lang/smithy-rs.
 To update it, edit the `aws/SDK_README.md.hb` Handlebars template in that repository.
 -->
-6
 # The AWS SDK for Rust [![Docs](https://img.shields.io/badge/docs-blue)](https://awslabs.github.io/aws-sdk-rust/) ![MSRV](https://img.shields.io/badge/msrv-1.86.0-red) [![Usage Guide](https://img.shields.io/badge/Developer_Guide-blue)](https://docs.aws.amazon.com/sdk-for-rust/latest/dg/welcome.html)
-8
 This repo contains the AWS SDK for Rust and its [public roadmap](https://github.com/orgs/awslabs/projects/50/views/1).
-10
 The SDK is code generated from [Smithy models](https://smithy.io/2.0/index.html) that represent each AWS service.
 The code used to generate the SDK can be found in [smithy-rs](https://github.com/smithy-lang/smithy-rs).
-13
 ## Getting Started with the SDK
-15
 > Examples are available for many services and operations, check out the [examples folder](./examples).

-17
 > For a step-by-step guide including several advanced use cases, check out the [Developer Guide](https://docs.aws.amazon.com/sdk-for-rust/latest/dg/welcome.html).
-19
 The SDK provides one crate per AWS service. You must add [Tokio](https://crates.io/crates/tokio) as a dependency within your Rust project to execute asynchronous code.
-21
 . Create a new Rust project: `cargo new sdk-example`
 . Add dependencies to DynamoDB and Tokio to your **Cargo.toml** file:
-24
     ```toml
     [dependencies]
     aws-config = { version= "1.8.3", features = ["behavior-version-latest"] }
     aws-config = { version= "1.8.4", features = ["behavior-version-latest"] }
     aws-sdk-dynamodb = "0.0.0-local"
     tokio = { version = "1", features = ["full"] }
     ```
-31
 . Provide your AWS credentials with the default credential provider chain, which currently looks in:
    - Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_REGION`
    - The default credentials files located in `~/.aws/config` and `~/.aws/credentials` (location can vary per platform)
    - Web Identity Token credentials from the environment or container (including EKS)
    - ECS Container Credentials (IAM roles for tasks)
    - EC2 Instance Metadata Service (IAM Roles attached to instance)

↧ Expand context

-38
 . Make a request using DynamoDB
-40
 ```rust
 use aws_sdk_dynamodb::{Client, Error};
-43
 #[tokio::main]
 async fn main() -> Result<(), Error> {
     let shared_config = aws_config::load_from_env().await;
     let client = Client::new(&shared_config);
     let req = client.list_tables().limit(10);
     let resp = req.send().await?;
     println!("Current DynamoDB tables: {:?}", resp.table_names);
     Ok(())
-52
+}
 ```
-54
 ### Prerequisites
-56
 In order to use the SDK, you must already have Rust and Cargo installed. If you don't, [these instructions](https://doc.rust-lang.org/book/ch01-01-installation.html) describe how to install Rust and Cargo.

tmp-codegen-diff/aws-sdk/sdk/aws-config/Cargo.toml

@@ -1,1 +157,157 @@

 # Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
 [package]
 name = "aws-config"
 version = "1.8.3"
 version = "1.8.4"
 authors = ["AWS Rust SDK Team <aws-sdk-rust@amazon.com>", "Russell Cohen <rcoh@amazon.com>"]
 description = "AWS SDK config and credential provider implementations."
 edition = "2021"
 exclude = ["test-data/*", "integration-tests/*"]
 license = "Apache-2.0"
 repository = "https://github.com/smithy-lang/smithy-rs"
 [package.metadata.docs.rs]
 all-features = true
 targets = ["x86_64-unknown-linux-gnu"]
 cargo-args = ["-Zunstable-options", "-Zrustdoc-scrape-examples"]
 rustdoc-args = ["--cfg", "docsrs"]
-16
 [package.metadata.smithy-rs-release-tooling]
 stable = true
 [package.metadata.cargo-udeps.ignore]
 normal = ["proc-macro2"]
-21
 [features]
 behavior-version-latest = []
 credentials-process = ["tokio/process"]
 default = ["default-https-client", "rt-tokio", "credentials-process", "sso"]
 rt-tokio = ["aws-smithy-async/rt-tokio", "aws-smithy-runtime/rt-tokio", "tokio/rt"]
 client-hyper = ["aws-smithy-runtime/default-https-client"]
 rustls = ["client-hyper"]
 default-https-client = ["aws-smithy-runtime/default-https-client"]
 sso = ["dep:aws-sdk-sso", "dep:aws-sdk-ssooidc", "dep:ring", "dep:hex", "dep:zeroize", "aws-smithy-runtime-api/http-auth"]
 test-util = ["aws-runtime/test-util"]
 test-util = ["aws-runtime/test-util", "aws-smithy-http-client/test-util", "aws-smithy-async/test-util"]
 allow-compilation = []
-33
 [dependencies]
 bytes = "1.1.0"
 http = "1"
 url = "2.5.4"
 fastrand = "2.3.0"
-39
 [dependencies.aws-credential-types]
 path = "../aws-credential-types"
 features = ["test-util"]
 version = "1.2.5"
-44
 [dependencies.aws-runtime]
 path = "../aws-runtime"
 version = "1.5.10"
-48
 [dependencies.aws-sdk-sts]
 path = "../sts"
 default-features = false
 version = "0.0.0-local"
-53
 [dependencies.aws-smithy-async]
 path = "../aws-smithy-async"
 version = "1.2.5"
-57
 [dependencies.aws-smithy-http]
 path = "../aws-smithy-http"
 version = "0.62.2"
-61
 [dependencies.aws-smithy-http-client]
 path = "../aws-smithy-http-client"
 features = ["default-client"]
 version = "1.0.6"
-+
 [dependencies.aws-smithy-json]
 path = "../aws-smithy-json"
 version = "0.61.4"
-70
 [dependencies.aws-smithy-runtime]
 path = "../aws-smithy-runtime"
 features = ["client"]
 version = "1.8.6"
-75
 [dependencies.aws-smithy-runtime-api]
 path = "../aws-smithy-runtime-api"
 features = ["client"]
 version = "1.8.5"
 version = "1.8.6"
-80
 [dependencies.aws-smithy-types]
 path = "../aws-smithy-types"
 version = "1.3.2"
-84
 [dependencies.aws-types]
 path = "../aws-types"
 version = "1.3.8"
-88
 [dependencies.time]
 version = "0.3.4"
 features = ["parsing"]
-92
 [dependencies.tokio]
 version = "1.13.1"
 features = ["sync"]
-96
 [dependencies.tracing]
 version = "0.1"
-99
 [dependencies.aws-sdk-sso]
 path = "../sso"
 default-features = false
 optional = true
 version = "0.0.0-local"
-105
 [dependencies.ring]
 version = "0.17.5"
 optional = true
-109
 [dependencies.hex]
 version = "0.4.3"
 optional = true
-113
 [dependencies.zeroize]
 version = "1"
 optional = true
-117
 [dependencies.aws-sdk-ssooidc]
 path = "../ssooidc"
 default-features = false
 optional = true
 version = "0.0.0-local"
-123
 [dev-dependencies]
 tracing-test = "0.2.4"
 serde_json = "1"
-127
 [dev-dependencies.aws-smithy-async]
 path = "../aws-smithy-async"
 features = ["rt-tokio", "test-util"]
 version = "1.2.5"
-132
 [dev-dependencies.aws-smithy-runtime]
 path = "../aws-smithy-runtime"
 features = ["client", "test-util"]
 version = "1.8.6"
-137
 [dev-dependencies.aws-smithy-http-client]
 path = "../aws-smithy-http-client"
 features = ["default-client", "test-util"]
 version = "1.0.6"
--
 [dev-dependencies.aws-smithy-runtime-api]
 path = "../aws-smithy-runtime-api"
 features = ["test-util"]
 version = "1.8.5"
 version = "1.8.6"
-142
 [dev-dependencies.futures-util]
 version = "0.3.29"
 default-features = false
-146
 [dev-dependencies.tracing-subscriber]
 version = "0.3.16"
 features = ["fmt", "json"]
-150
 [dev-dependencies.tokio]

↧ Expand context

 version = "1.23.1"
 features = ["full", "test-util"]
-154
 [dev-dependencies.serde]
 version = "1"
 features = ["derive"]

tmp-codegen-diff/aws-sdk/sdk/aws-config/fuzz/Cargo.toml

@@ -1,1 +30,30 @@

↥ Expand context

 # Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
 [[bin]]
 name = "profile-parser"
 path = "fuzz_targets/profile-parser.rs"
 test = false
 doc = false
-7
 [package]
 name = "aws-types-fuzz"
 version = "0.0.0"
 authors = ["Automatically generated"]
 publish = false

 edition = "2021"
-14
 [package.metadata]
 cargo-fuzz = true
-17
 [dependencies]
 libfuzzer-sys = "=0.4.7"
-20
 [dependencies.aws-config]
 path = ".."
 version = "1.8.3"
 version = "1.8.4"
-24
 [dependencies.aws-types]
 path = "../../../sdk/build/aws-sdk/sdk/aws-types"
 version = "1.3.8"
-28
 [workspace]
 members = ["."]

tmp-codegen-diff/aws-sdk/sdk/aws-config/src/credential_process.rs

@@ -1,1 +42,43 @@

↥ Expand context

  * SPDX-License-Identifier: Apache-2.0
  */
-5
 #![cfg(feature = "credentials-process")]
-7
 //! Credentials Provider for external process
-9
 use crate::json_credentials::{json_parse_loop, InvalidJsonCredentials};
 use crate::sensitive_command::CommandWithSensitiveArgs;
 use aws_credential_types::attributes::AccountId;
 use aws_credential_types::credential_feature::AwsCredentialFeature;
 use aws_credential_types::provider::{self, error::CredentialsError, future, ProvideCredentials};
 use aws_credential_types::Credentials;
 use aws_smithy_json::deserialize::Token;
 use std::borrow::Cow;
 use std::process::Command;
 use std::time::SystemTime;
 use time::format_description::well_known::Rfc3339;
 use time::OffsetDateTime;
-22
 /// External process credentials provider

↧ Expand context

 ///
 /// This credentials provider runs a configured external process and parses
 /// its output to retrieve credentials.
 ///
 /// The external process must exit with status 0 and output the following
 /// JSON format to `stdout` to provide credentials:
 ///
 /// ```json
 /// {
 ///     "Version:" 1,
 ///     "AccessKeyId": "access key id",
 ///     "SecretAccessKey": "secret access key",
 ///     "SessionToken": "session token",
 ///     "Expiration": "time that the expiration will expire"
 /// }
 /// ```
 ///
 /// The `Version` must be set to 1. `AccessKeyId` and `SecretAccessKey` are always required.
 /// `SessionToken` must be set if a session token is associated with the `AccessKeyId`.
 /// The `Expiration` is optional, and must be given in the RFC 3339 date time format (e.g.,

@@ -95,96 +162,168 @@

↥ Expand context

         };
         let output = tokio::process::Command::from(command)
             .output()
             .await
             .map_err(|e| {
                 CredentialsError::provider_error(format!(
                     "Error retrieving credentials from external process: {}",
-103
+                    e
                 ))
             })?;
-106
         // Security: command arguments can be logged at trace level
         tracing::trace!(command = ?self.command, status = ?output.status, "executed command (unredacted)");
-109
         if !output.status.success() {
             let reason =
                 std::str::from_utf8(&output.stderr).unwrap_or("could not decode stderr as UTF-8");
             return Err(CredentialsError::provider_error(format!(
                 "Error retrieving credentials: external process exited with code {}. Stderr: {}",
                 output.status, reason

             )));
-117
+        }
-118
         let output = std::str::from_utf8(&output.stdout).map_err(|e| {
             CredentialsError::provider_error(format!(
                 "Error retrieving credentials from external process: could not decode output as UTF-8: {}",
-122
+                e
             ))
         })?;
-125
         parse_credential_process_json_credentials(output, self.profile_account_id.as_ref()).map_err(
             |invalid| {
         parse_credential_process_json_credentials(output, self.profile_account_id.as_ref())
             .map(|mut creds| {
                 creds
                     .get_property_mut_or_default::<Vec<AwsCredentialFeature>>()
                     .push(AwsCredentialFeature::CredentialsProcess);
                 creds
             })
             .map_err(|invalid| {
                 CredentialsError::provider_error(format!(
                 "Error retrieving credentials from external process, could not parse response: {}",
                 invalid
             ))
             },
--
+        )
             })
-139
+    }
-140
+}
-141
 #[derive(Debug, Default)]
 pub(crate) struct Builder {
     command: Option<CommandWithSensitiveArgs<String>>,
     profile_account_id: Option<AccountId>,
-146
+}
-147
 impl Builder {

↧ Expand context

     pub(crate) fn command(mut self, command: CommandWithSensitiveArgs<String>) -> Self {
         self.command = Some(command);
         self
-152
+    }
-153
     #[allow(dead_code)] // only used in unit tests
     pub(crate) fn account_id(mut self, account_id: impl Into<AccountId>) -> Self {
         self.set_account_id(Some(account_id.into()));
         self
-158
+    }
-159
     pub(crate) fn set_account_id(&mut self, account_id: Option<AccountId>) {
         self.profile_account_id = account_id;
-162
+    }
-163
     pub(crate) fn build(self) -> CredentialProcessProvider {
         CredentialProcessProvider {
             command: self.command.expect("should be set"),
             profile_account_id: self.profile_account_id,
-168
+        }

tmp-codegen-diff/aws-sdk/sdk/aws-config/src/environment/credentials.rs

@@ -1,1 +106,120 @@

 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
-5
 use std::env::VarError;
-7
 use aws_credential_types::attributes::AccountId;
 use aws_credential_types::credential_feature::AwsCredentialFeature;
 use aws_credential_types::provider::{self, error::CredentialsError, future, ProvideCredentials};
 use aws_credential_types::Credentials;
 use aws_types::os_shim_internal::Env;
-13
 /// Load Credentials from Environment Variables
 ///
 /// `EnvironmentVariableCredentialsProvider` uses the following variables:
 /// - `AWS_ACCESS_KEY_ID`
 /// - `AWS_SECRET_ACCESS_KEY` with fallback to `SECRET_ACCESS_KEY`
 /// - `AWS_SESSION_TOKEN` (optional)
 /// - `AWS_ACCOUNT_ID` (optional)
 #[derive(Debug, Clone)]
 pub struct EnvironmentVariableCredentialsProvider {
     env: Env,
-24
+}
-25
 impl EnvironmentVariableCredentialsProvider {
     fn credentials(&self) -> provider::Result {
         let access_key = self
             .env
             .get("AWS_ACCESS_KEY_ID")
             .and_then(err_if_blank)
             .map_err(to_cred_error)?;
         let secret_key = self
             .env
             .get("AWS_SECRET_ACCESS_KEY")
             .and_then(err_if_blank)
             .or_else(|_| self.env.get("SECRET_ACCESS_KEY"))
             .and_then(err_if_blank)
             .map_err(to_cred_error)?;
         let session_token =
             self.env
                 .get("AWS_SESSION_TOKEN")
                 .ok()
                 .and_then(|token| match token.trim() {
                     "" => None,
                     s => Some(s.to_string()),
                 });
         let account_id =
             self.env
                 .get("AWS_ACCOUNT_ID")
                 .ok()
                 .and_then(|account_id| match account_id.trim() {
                     "" => None,
                     s => Some(AccountId::from(s)),
                 });
         let mut builder = Credentials::builder()
             .access_key_id(access_key)
             .secret_access_key(secret_key)
             .provider_name(ENV_PROVIDER);
         builder.set_session_token(session_token);
         builder.set_account_id(account_id);
         Ok(builder.build())
         let mut creds = builder.build();
         creds
             .get_property_mut_or_default::<Vec<AwsCredentialFeature>>()
             .push(AwsCredentialFeature::CredentialsEnvVars);
         Ok(creds)
-67
+    }
-68
+}
-69
 impl EnvironmentVariableCredentialsProvider {
     /// Create a `EnvironmentVariableCredentialsProvider`
     pub fn new() -> Self {
         Self::new_with_env(Env::real())
-74
+    }
-75
     /// Create a new `EnvironmentVariableCredentialsProvider` with `Env` overridden
     ///
     /// This function is intended for tests that mock out the process environment.
     #[cfg(not(feature = "test-util"))]
     pub(crate) fn new_with_env(env: Env) -> Self {
         Self { env }
-82
+    }
-+
     /// Create a new `EnvironmentVariableCredentialsProvider` with `Env` overridden
     ///
     /// This function is intended for tests that mock out the process environment.
     #[cfg(feature = "test-util")]
     pub fn new_with_env(env: Env) -> Self {
         Self { env }
-+
+    }
-91
+}
-92
 impl Default for EnvironmentVariableCredentialsProvider {
     fn default() -> Self {
         Self::new()
-96
+    }
-97
+}
-98
 const ENV_PROVIDER: &str = "EnvironmentVariable";
-100

↧ Expand context

 impl ProvideCredentials for EnvironmentVariableCredentialsProvider {
     fn provide_credentials<'a>(&'a self) -> future::ProvideCredentials<'a>
     where
         Self: 'a,
-105
+    {
         future::ProvideCredentials::ready(self.credentials())
-107
+    }
-108
+}
-109
 fn to_cred_error(err: VarError) -> CredentialsError {
     match err {
         VarError::NotPresent => CredentialsError::not_loaded("environment variable not set"),
         e @ VarError::NotUnicode(_) => CredentialsError::unhandled(e),
-114
+    }
-115
+}
-116
 fn err_if_blank(value: String) -> Result<String, VarError> {
     if value.trim().is_empty() {
         Err(VarError::NotPresent)
     } else {

tmp-codegen-diff/aws-sdk/sdk/aws-config/src/http_credential_provider.rs

@@ -1,1 +87,97 @@

↥ Expand context

  */
-5
 //! Generalized HTTP credential provider. Currently, this cannot be used directly and can only
 //! be used via the ECS credential provider.
 //!
 //! Future work will stabilize this interface and enable it to be used directly.
-10
 use crate::json_credentials::{parse_json_credentials, JsonCredentials, RefreshableCredentials};
 use crate::provider_config::ProviderConfig;
 use aws_credential_types::attributes::AccountId;
 use aws_credential_types::credential_feature::AwsCredentialFeature;
 use aws_credential_types::provider::{self, error::CredentialsError};
 use aws_credential_types::Credentials;
 use aws_smithy_runtime::client::metrics::MetricsRuntimePlugin;
 use aws_smithy_runtime::client::orchestrator::operation::Operation;
 use aws_smithy_runtime::client::retries::classifiers::{
     HttpStatusCodeClassifier, TransientErrorClassifier,
 };
 use aws_smithy_runtime_api::client::http::HttpConnectorSettings;
 use aws_smithy_runtime_api::client::interceptors::context::{Error, InterceptorContext};
 use aws_smithy_runtime_api::client::orchestrator::{
     HttpResponse, Metadata, OrchestratorError, SensitiveOutput,
 };
 use aws_smithy_runtime_api::client::result::SdkError;
 use aws_smithy_runtime_api::client::retries::classifiers::ClassifyRetry;
 use aws_smithy_runtime_api::client::retries::classifiers::RetryAction;
 use aws_smithy_runtime_api::client::runtime_plugin::StaticRuntimePlugin;
 use aws_smithy_types::body::SdkBody;
 use aws_smithy_types::config_bag::Layer;
 use aws_smithy_types::retry::RetryConfig;
 use aws_smithy_types::timeout::TimeoutConfig;
 use http::header::{ACCEPT, AUTHORIZATION};
 use http::HeaderValue;
 use std::time::Duration;
-38
 const DEFAULT_READ_TIMEOUT: Duration = Duration::from_secs(5);
 const DEFAULT_CONNECT_TIMEOUT: Duration = Duration::from_secs(2);
-41
 #[derive(Debug)]
 struct HttpProviderAuth {
     auth: Option<HeaderValue>,
-45
+}
-46
 #[derive(Debug)]
 pub(crate) struct HttpCredentialProvider {
     operation: Operation<HttpProviderAuth, Credentials, CredentialsError>,
-50
+}
-51
 impl HttpCredentialProvider {
     pub(crate) fn builder() -> Builder {
         Builder::default()
-55
+    }
-56
     pub(crate) async fn credentials(&self, auth: Option<HeaderValue>) -> provider::Result {
         let credentials = self.operation.invoke(HttpProviderAuth { auth }).await;
         let credentials =
             self.operation
                 .invoke(HttpProviderAuth { auth })
                 .await
                 .map(|mut creds| {
                     creds
                         .get_property_mut_or_default::<Vec<AwsCredentialFeature>>()
                         .push(AwsCredentialFeature::CredentialsHttp);
                     creds
                 });
         match credentials {
             Ok(creds) => Ok(creds),
             Err(SdkError::ServiceError(context)) => Err(context.into_err()),
             Err(other) => Err(CredentialsError::unhandled(other)),
-72
+        }
-73
+    }
-74
+}
-75
 #[derive(Default)]
 pub(crate) struct Builder {

↧ Expand context

     provider_config: Option<ProviderConfig>,
     http_connector_settings: Option<HttpConnectorSettings>,
-80
+}
-81
 impl Builder {
     pub(crate) fn configure(mut self, provider_config: &ProviderConfig) -> Self {
         self.provider_config = Some(provider_config.clone());
         self
-86
+    }
-87
     pub(crate) fn http_connector_settings(
         mut self,
         http_connector_settings: HttpConnectorSettings,
     ) -> Self {
         self.http_connector_settings = Some(http_connector_settings);
         self
-94
+    }
-95
     pub(crate) fn build(
         self,

tmp-codegen-diff/aws-sdk/sdk/aws-config/src/imds/client.rs

@@ -614,614 +775,790 @@

↥ Expand context

-614
+    }
-615
+}
-616
 impl ClassifyRetry for ImdsResponseRetryClassifier {
     fn name(&self) -> &'static str {
         "ImdsResponseRetryClassifier"
-620
+    }
-621
     fn classify_retry(&self, ctx: &InterceptorContext) -> RetryAction {
         if let Some(response) = ctx.response() {
             let status = response.status();
             match status {
                 _ if status.is_server_error() => RetryAction::server_error(),
                 // 401 indicates that the token has expired, this is retryable
                 _ if status.as_u16() == 401 => RetryAction::server_error(),
                 // This catch-all includes successful responses that fail to parse. These should not be retried.
                 _ => RetryAction::NoActionIndicated,
-631
+            }
         } else if self.retry_connect_timeouts {
             RetryAction::server_error()

         } else {
             // This is the default behavior.
             // Don't retry timeouts for IMDS, or else it will take ~30 seconds for the default
             // credentials provider chain to fail to provide credentials.
             // Also don't retry non-responses.
             RetryAction::NoActionIndicated
-640
+        }
-641
+    }
-642
+}
-643
 #[cfg(test)]
 pub(crate) mod test {
     use crate::imds::client::{Client, EndpointMode, ImdsResponseRetryClassifier};
 /// Utilities for testing IMDS clients
 #[cfg(feature = "test-util")]
 pub mod test_util {
     use crate::provider_config::ProviderConfig;
     use aws_smithy_async::rt::sleep::TokioSleep;
     use aws_smithy_async::test_util::{instant_time_and_sleep, InstantSleep};
     use aws_smithy_http_client::test_util::{capture_request, ReplayEvent, StaticReplayClient};
     use aws_smithy_runtime::test_util::capture_test_logs::capture_test_logs;
     use aws_smithy_runtime_api::client::interceptors::context::{
         Input, InterceptorContext, Output,
     };
     use aws_smithy_runtime_api::client::orchestrator::{
         HttpRequest, HttpResponse, OrchestratorError,
     };
     use aws_smithy_runtime_api::client::result::ConnectorError;
     use aws_smithy_runtime_api::client::retries::classifiers::{
         ClassifyRetry, RetryAction, SharedRetryClassifier,
     };
     use aws_smithy_async::test_util::InstantSleep;
     use aws_smithy_http_client::test_util::StaticReplayClient;
     use aws_smithy_runtime_api::client::orchestrator::{HttpRequest, HttpResponse};
     use aws_smithy_types::body::SdkBody;
     use aws_smithy_types::error::display::DisplayErrorContext;
     use aws_types::os_shim_internal::{Env, Fs};
     use http::header::USER_AGENT;
     use http::Uri;
     use serde::Deserialize;
     use std::collections::HashMap;
     use std::error::Error;
     use std::io;
     use std::time::SystemTime;
     use std::time::{Duration, UNIX_EPOCH};
     use tracing_test::traced_test;
--
     macro_rules! assert_full_error_contains {
         ($err:expr, $contains:expr) => {
             let err = $err;
             let message = format!(
                 "{}",
                 aws_smithy_types::error::display::DisplayErrorContext(&err)
             );
             assert!(
                 message.contains($contains),
                 "Error message '{message}' didn't contain text '{}'",
                 $contains
             );
         };
--
+    }
-653
     const TOKEN_A: &str = "AQAEAFTNrA4eEGx0AQgJ1arIq_Cc-t4tWt3fB0Hd8RKhXlKc5ccvhg==";
     const TOKEN_B: &str = "alternatetoken==";
--
     pub(crate) fn token_request(base: &str, ttl: u32) -> HttpRequest {
     /// Create a simple token request
     pub fn token_request(base: &str, ttl: u32) -> HttpRequest {
         http::Request::builder()
             .uri(format!("{}/latest/api/token", base))
             .header("x-aws-ec2-metadata-token-ttl-seconds", ttl)
             .method("PUT")
             .body(SdkBody::empty())
             .unwrap()
             .try_into()
             .unwrap()
-664
+    }
-665
     pub(crate) fn token_response(ttl: u32, token: &'static str) -> HttpResponse {
     /// Create a simple token response
     pub fn token_response(ttl: u32, token: &'static str) -> HttpResponse {
         HttpResponse::try_from(
             http::Response::builder()
                 .status(200)
                 .header("X-aws-ec2-metadata-token-ttl-seconds", ttl)
                 .body(SdkBody::from(token))
                 .unwrap(),
-674
+        )
         .unwrap()
-676
+    }
-677
     pub(crate) fn imds_request(path: &'static str, token: &str) -> HttpRequest {
     /// Create a simple IMDS request
     pub fn imds_request(path: &'static str, token: &str) -> HttpRequest {
         http::Request::builder()
             .uri(Uri::from_static(path))
             .method("GET")
             .header("x-aws-ec2-metadata-token", token)
             .body(SdkBody::empty())
             .unwrap()
             .try_into()
             .unwrap()
-688
+    }
-689
     pub(crate) fn imds_response(body: &'static str) -> HttpResponse {
     /// Create a simple IMDS response
     pub fn imds_response(body: &'static str) -> HttpResponse {
         HttpResponse::try_from(
             http::Response::builder()
                 .status(200)
                 .body(SdkBody::from(body))
                 .unwrap(),
-697
+        )
         .unwrap()
-699
+    }
-700
     pub(crate) fn make_imds_client(http_client: &StaticReplayClient) -> super::Client {
     /// Create an IMDS client with an underlying [StaticReplayClient]
     pub fn make_imds_client(http_client: &StaticReplayClient) -> super::Client {
         tokio::time::pause();
         super::Client::builder()
             .configure(
                 &ProviderConfig::no_configuration()
                     .with_sleep_impl(InstantSleep::unlogged())
                     .with_http_client(http_client.clone()),
-709
+            )
             .build()
-711
+    }
-+
+}
-+
 #[cfg(all(test, feature = "test-util"))]
 pub(crate) mod test {
     use crate::imds::client::{Client, EndpointMode, ImdsResponseRetryClassifier};
     use crate::provider_config::ProviderConfig;
     use aws_smithy_async::rt::sleep::TokioSleep;
     use aws_smithy_async::test_util::{instant_time_and_sleep, InstantSleep};
     use aws_smithy_http_client::test_util::{capture_request, ReplayEvent, StaticReplayClient};
     use aws_smithy_runtime::test_util::capture_test_logs::capture_test_logs;
     use aws_smithy_runtime_api::client::interceptors::context::{
         Input, InterceptorContext, Output,
     };
     use aws_smithy_runtime_api::client::orchestrator::OrchestratorError;
     use aws_smithy_runtime_api::client::result::ConnectorError;
     use aws_smithy_runtime_api::client::retries::classifiers::{
         ClassifyRetry, RetryAction, SharedRetryClassifier,
     };
     use aws_smithy_types::body::SdkBody;
     use aws_smithy_types::error::display::DisplayErrorContext;
     use aws_types::os_shim_internal::{Env, Fs};
     use http::header::USER_AGENT;
-+
     use super::test_util::*;
     use serde::Deserialize;
     use std::collections::HashMap;
     use std::error::Error;
     use std::io;
     use std::time::SystemTime;
     use std::time::{Duration, UNIX_EPOCH};
     use tracing_test::traced_test;
-+
     macro_rules! assert_full_error_contains {
         ($err:expr, $contains:expr) => {
             let err = $err;
             let message = format!(
                 "{}",
                 aws_smithy_types::error::display::DisplayErrorContext(&err)
             );
             assert!(
                 message.contains($contains),
                 "Error message '{message}' didn't contain text '{}'",
                 $contains
             );
         };
-+
+    }
-+
     const TOKEN_A: &str = "AQAEAFTNrA4eEGx0AQgJ1arIq_Cc-t4tWt3fB0Hd8RKhXlKc5ccvhg==";
     const TOKEN_B: &str = "alternatetoken==";
-761
     fn mock_imds_client(events: Vec<ReplayEvent>) -> (Client, StaticReplayClient) {
         let http_client = StaticReplayClient::new(events);
         let client = make_imds_client(&http_client);
         (client, http_client)
-766
+    }
-767
     #[tokio::test]
     async fn client_caches_token() {
         let (client, http_client) = mock_imds_client(vec![

↧ Expand context

             ReplayEvent::new(
                 token_request("http://169.254.169.254", 21600),
                 token_response(21600, TOKEN_A),
             ),
             ReplayEvent::new(
                 imds_request("http://169.254.169.254/latest/metadata", TOKEN_A),
                 imds_response(r#"test-imds-output"#),
             ),
             ReplayEvent::new(
                 imds_request("http://169.254.169.254/latest/metadata2", TOKEN_A),
                 imds_response("output2"),
             ),
         ]);
         // load once
         let metadata = client.get("/latest/metadata").await.expect("failed");
         assert_eq!("test-imds-output", metadata.as_ref());
         // load again: the cached token should be used
         let metadata = client.get("/latest/metadata2").await.expect("failed");
         assert_eq!("output2", metadata.as_ref());
         http_client.assert_requests_match(&[]);

tmp-codegen-diff/aws-sdk/sdk/aws-config/src/imds/credentials.rs

@@ -1,1 +44,45 @@

↥ Expand context

 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */

-5
 //! IMDSv2 Credentials Provider
 //!
 //! # Important
 //! This credential provider will NOT fallback to IMDSv1. Ensure that IMDSv2 is enabled on your instances.
-10
 use super::client::error::ImdsError;
 use crate::imds::{self, Client};
 use crate::json_credentials::{parse_json_credentials, JsonCredentials, RefreshableCredentials};
 use crate::provider_config::ProviderConfig;
 use aws_credential_types::credential_feature::AwsCredentialFeature;
 use aws_credential_types::provider::{self, error::CredentialsError, future, ProvideCredentials};
 use aws_credential_types::Credentials;
 use aws_smithy_async::time::SharedTimeSource;
 use aws_types::os_shim_internal::Env;
 use std::borrow::Cow;
 use std::error::Error as StdError;
 use std::fmt;
 use std::sync::{Arc, RwLock};
 use std::time::{Duration, SystemTime};
-25

↧ Expand context

 const CREDENTIAL_EXPIRATION_INTERVAL: Duration = Duration::from_secs(10 * 60);
 const WARNING_FOR_EXTENDING_CREDENTIALS_EXPIRY: &str =
     "Attempting credential expiration extension due to a credential service availability issue. \
     A refresh of these credentials will be attempted again within the next";
-30
 #[derive(Debug)]
 struct ImdsCommunicationError {
     source: Box<dyn StdError + Send + Sync + 'static>,
-34
+}
-35
 impl fmt::Display for ImdsCommunicationError {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(f, "could not communicate with IMDS")
-39
+    }
-40
+}
-41
 impl StdError for ImdsCommunicationError {
     fn source(&self) -> Option<&(dyn StdError + 'static)> {
         Some(self.source.as_ref())
-45
+    }

@@ -242,243 +319,326 @@

↥ Expand context

                 let _ = account_id;
                 let expiration = self.maybe_extend_expiration(expiration);
                 let creds = Credentials::new(
                     access_key_id,
                     secret_access_key,
                     Some(session_token.to_string()),
                     expiration.into(),
                     "IMDSv2",
                 );
                 *self.last_retrieved_credentials.write().unwrap() = Some(creds.clone());
                 Ok(creds)
-254
+            }
             Ok(JsonCredentials::Error { code, message })
                 if code == codes::ASSUME_ROLE_UNAUTHORIZED_ACCESS =>
-257
+            {
                 Err(CredentialsError::invalid_configuration(format!(
                     "Incorrect IMDS/IAM configuration: [{}] {}. \
                         Hint: Does this role have a trust relationship with EC2?",
                     code, message
                 )))

-263
+            }
             Ok(JsonCredentials::Error { code, message }) => {
                 Err(CredentialsError::provider_error(format!(
                     "Error retrieving credentials from IMDS: {} {}",
                     code, message
                 )))
-269
+            }
             // got bad data from IMDS, should not occur during normal operation:
             Err(invalid) => Err(CredentialsError::unhandled(invalid)),
-272
+        }
         .map(|mut creds| {
             creds
                 .get_property_mut_or_default::<Vec<AwsCredentialFeature>>()
                 .push(AwsCredentialFeature::CredentialsImds);
             creds
         })
-279
+    }
-280
     async fn credentials(&self) -> provider::Result {
         match self.retrieve_credentials().await {
             creds @ Ok(_) => creds,
             // Any failure while retrieving credentials MUST NOT impede use of existing credentials.
             err => match &*self.last_retrieved_credentials.read().unwrap() {
                 Some(creds) => Ok(creds.clone()),
                 _ => err,
             },
-289
+        }
-290
+    }
-291
+}
-292
 #[cfg(test)]
 #[cfg(all(test, feature = "test-util"))]
 mod test {
     use super::*;
     use crate::imds::client::test::{
     use crate::imds::client::test_util::{
         imds_request, imds_response, make_imds_client, token_request, token_response,
     };
     use crate::provider_config::ProviderConfig;
     use aws_credential_types::provider::ProvideCredentials;
     use aws_smithy_async::test_util::instant_time_and_sleep;
     use aws_smithy_http_client::test_util::{ReplayEvent, StaticReplayClient};
     use aws_smithy_types::body::SdkBody;
     use std::time::{Duration, UNIX_EPOCH};
     use tracing_test::traced_test;
-306

↧ Expand context

     const TOKEN_A: &str = "token_a";
-308
     #[tokio::test]
     async fn profile_is_not_cached() {
         let http_client = StaticReplayClient::new(vec![
             ReplayEvent::new(
                 token_request("http://169.254.169.254", 21600),
                 token_response(21600, TOKEN_A),
             ),
             ReplayEvent::new(
                 imds_request("http://169.254.169.254/latest/meta-data/iam/security-credentials/", TOKEN_A),
                 imds_response(r#"profile-name"#),
             ),
             ReplayEvent::new(
                 imds_request("http://169.254.169.254/latest/meta-data/iam/security-credentials/profile-name", TOKEN_A),
                 imds_response("{\n  \"Code\" : \"Success\",\n  \"LastUpdated\" : \"2021-09-20T21:42:26Z\",\n  \"Type\" : \"AWS-HMAC\",\n  \"AccessKeyId\" : \"ASIARTEST\",\n  \"SecretAccessKey\" : \"testsecret\",\n  \"Token\" : \"testtoken\",\n  \"Expiration\" : \"2021-09-21T04:16:53Z\"\n}"),
             ),
             ReplayEvent::new(
                 imds_request("http://169.254.169.254/latest/meta-data/iam/security-credentials/", TOKEN_A),
                 imds_response(r#"different-profile"#),

tmp-codegen-diff/aws-sdk/sdk/aws-config/src/imds/region.rs

@@ -87,87 +149,151 @@

↥ Expand context

-87
+}
-88
 impl Builder {
     /// Set configuration options of the [`Builder`]
     pub fn configure(self, provider_config: &ProviderConfig) -> Self {
         Self {
             provider_config: Some(provider_config.clone()),
             ..self
-95
+        }
-96
+    }
-97
     /// Override the IMDS client used to load the region
     pub fn imds_client(mut self, imds_client: imds::Client) -> Self {
         self.imds_client_override = Some(imds_client);
         self
-102
+    }
-103
     /// Create an [`ImdsRegionProvider`] from this builder
     pub fn build(self) -> ImdsRegionProvider {
         let provider_config = self.provider_config.unwrap_or_default();

         let client = self
             .imds_client_override
             .unwrap_or_else(|| imds::Client::builder().configure(&provider_config).build());
         ImdsRegionProvider {
             client,
             env: provider_config.env(),
-113
+        }
-114
+    }
-115
+}
-116
 #[cfg(test)]
 #[cfg(all(test, feature = "test-util"))]
 mod test {
     use crate::imds::client::test::{imds_request, imds_response, token_request, token_response};
     use crate::imds::client::test_util::{
         imds_request, imds_response, token_request, token_response,
     };
     use crate::imds::region::ImdsRegionProvider;
     use crate::provider_config::ProviderConfig;
     use aws_smithy_async::rt::sleep::TokioSleep;
     use aws_smithy_http_client::test_util::{ReplayEvent, StaticReplayClient};
     use aws_smithy_types::body::SdkBody;
     use aws_types::region::Region;
     use tracing_test::traced_test;
-129
     #[tokio::test]
     async fn load_region() {

↧ Expand context

         let http_client = StaticReplayClient::new(vec![
             ReplayEvent::new(
                 token_request("http://169.254.169.254", 21600),
                 token_response(21600, "token"),
             ),
             ReplayEvent::new(
                 imds_request(
                     "http://169.254.169.254/latest/meta-data/placement/region",
                     "token",
                 ),
                 imds_response("eu-west-1"),
             ),
         ]);
         let provider = ImdsRegionProvider::builder()
             .configure(
                 &ProviderConfig::no_configuration()
                     .with_http_client(http_client)
                     .with_sleep_impl(TokioSleep::new()),
-150
+            )
             .build();

tmp-codegen-diff/aws-sdk/sdk/aws-config/src/profile/credentials.rs

@@ -1,1 +60,61 @@

↥ Expand context

 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
-5
 //! Profile File Based Credential Providers
 //!
 //! Profile file based providers combine two pieces:
 //!
 //! 1. Parsing and resolution of the assume role chain
 //! 2. A user-modifiable hashmap of provider name to provider.
 //!
 //! Profile file based providers first determine the chain of providers that will be used to load
 //! credentials. After determining and validating this chain, a `Vec` of providers will be created.
 //!
 //! Each subsequent provider will provide boostrap providers to the next provider in order to load
 //! the final credentials.
 //!
 //! This module contains two sub modules:
 //! - `repr` which contains an abstract representation of a provider chain and the logic to

 //!   build it from `~/.aws/credentials` and `~/.aws/config`.
 //! - `exec` which contains a chain representation of providers to implement passing bootstrapped credentials
 //!   through a series of providers.
-24
 use crate::profile::cell::ErrorTakingOnceCell;
 #[allow(deprecated)]
 use crate::profile::profile_file::ProfileFiles;
 use crate::profile::Profile;
 use crate::profile::ProfileFileLoadError;
 use crate::provider_config::ProviderConfig;
 use aws_credential_types::credential_feature::AwsCredentialFeature;
 use aws_credential_types::{
     provider::{self, error::CredentialsError, future, ProvideCredentials},
     Credentials,
 };
 use aws_smithy_types::error::display::DisplayErrorContext;
 use std::borrow::Cow;
 use std::collections::HashMap;
 use std::error::Error;
 use std::fmt::{Display, Formatter};
 use std::sync::Arc;

↧ Expand context

 use tracing::Instrument;
-43
 mod exec;
 pub(crate) mod repr;
-46
 /// AWS Profile based credentials provider
 ///
 /// This credentials provider will load credentials from `~/.aws/config` and `~/.aws/credentials`.
 /// The locations of these files are configurable via environment variables, see [below](#location-of-profile-files).
 ///
 /// Generally, this will be constructed via the default provider chain, however, it can be manually
 /// constructed with the builder:
 /// ```rust,no_run
 /// use aws_config::profile::ProfileFileCredentialsProvider;
 /// let provider = ProfileFileCredentialsProvider::builder().build();
 /// ```
 ///
 /// _Note: Profile providers, when called, will load and parse the profile from the file system
 /// only once. Parsed file contents will be cached indefinitely._
 ///

@@ -159,160 +219,225 @@

↥ Expand context

             .get_or_init(
-161
+                {
                     let config = self.config.clone();
                     move || async move {
                         match build_provider_chain(config.clone()).await {
                             Ok(chain) => Ok(ChainProvider {
                                 config: config.clone(),
                                 chain: Some(Arc::new(chain)),
                             }),
                             Err(err) => match err {
                                 ProfileFileError::NoProfilesDefined
                                 | ProfileFileError::ProfileDidNotContainCredentials { .. } => {
                                     Ok(ChainProvider {
                                         config: config.clone(),
                                         chain: None,
                                     })
-176
+                                }
                                 _ => Err(CredentialsError::invalid_configuration(format!(
                                     "ProfileFile provider could not be built: {}",
                                     &err

                                 ))),
                             },
-182
+                        }
-183
+                    }
                 },
                 CredentialsError::unhandled(
                     "profile file credentials provider initialization error already taken",
                 ),
-188
+            )
             .await?;
         inner_provider.provide_credentials().await
         inner_provider.provide_credentials().await.map(|mut creds| {
             creds
                 .get_property_mut_or_default::<Vec<AwsCredentialFeature>>()
                 .push(AwsCredentialFeature::CredentialsProfile);
             creds
         })
-196
+    }
-197
+}
-198
 impl ProvideCredentials for ProfileFileCredentialsProvider {
     fn provide_credentials<'a>(&'a self) -> future::ProvideCredentials<'a>
     where
         Self: 'a,
-203
+    {
         future::ProvideCredentials::new(self.load_credentials())
-205
+    }

↧ Expand context

-206
+}
-207
 /// An Error building a Credential source from an AWS Profile
 #[derive(Debug)]
 #[non_exhaustive]
 pub enum ProfileFileError {
     /// The profile was not a valid AWS profile
     #[non_exhaustive]
     InvalidProfile(ProfileFileLoadError),
-215
     /// No profiles existed (the profile was empty)
     #[non_exhaustive]
     NoProfilesDefined,
-219
     /// The profile did not contain any credential information
     #[non_exhaustive]
     ProfileDidNotContainCredentials {
         /// The name of the profile
         profile: String,
     },

tmp-codegen-diff/aws-sdk/sdk/aws-config/src/provider_config.rs

@@ -63,63 +123,123 @@

↥ Expand context

             .field("retry_config", &self.retry_config)
             .field("sleep_impl", &self.sleep_impl)
             .field("region", &self.region)
             .field("use_fips", &self.use_fips)
             .field("use_dual_stack", &self.use_dual_stack)
             .field("profile_name_override", &self.profile_name_override)
             .finish()
-70
+    }
-71
+}
-72
 impl Default for ProviderConfig {
     fn default() -> Self {
         Self {
             env: Env::default(),
             fs: Fs::default(),
             time_source: SharedTimeSource::default(),
             http_client: None,
             retry_config: None,
             sleep_impl: default_async_sleep(),
             region: None,

             use_fips: None,
             use_dual_stack: None,
             parsed_profile: Default::default(),
             #[allow(deprecated)]
             profile_files: ProfileFiles::default(),
             profile_name_override: None,
-89
+        }
-90
+    }
-91
+}
-92
 #[cfg(test)]
 #[cfg(any(test, feature = "test-util"))]
 impl ProviderConfig {
     /// ProviderConfig with all configuration removed
     ///
     /// Unlike [`ProviderConfig::empty`] where `env` and `fs` will use their non-mocked implementations,
     /// this method will use an empty mock environment and an empty mock file system.
     pub fn no_configuration() -> Self {
         use aws_smithy_async::time::StaticTimeSource;
         use std::collections::HashMap;
         use std::time::UNIX_EPOCH;
         let fs = Fs::from_raw_map(HashMap::new());

↧ Expand context

         let env = Env::from_slice(&[]);
         Self {
             parsed_profile: Default::default(),
             #[allow(deprecated)]
             profile_files: ProfileFiles::default(),
             env,
             fs,
             time_source: SharedTimeSource::new(StaticTimeSource::new(UNIX_EPOCH)),
             http_client: None,
             retry_config: None,
             sleep_impl: None,
             region: None,
             use_fips: None,
             use_dual_stack: None,
             profile_name_override: None,
-119
+        }
-120
+    }
-121
+}
-122
 impl ProviderConfig {

@@ -332,332 +407,429 @@

↥ Expand context

     pub(crate) fn with_profile_config(
         self,
         profile_files: Option<ProfileFiles>,
         profile_name_override: Option<String>,
     ) -> Self {
         // if there is no override, then don't clear out `parsed_profile`.
         if profile_files.is_none() && profile_name_override.is_none() {
             return self;
-340
+        }
         ProviderConfig {
             // clear out the profile since we need to reparse it
             parsed_profile: Default::default(),
             profile_files: profile_files.unwrap_or(self.profile_files),
             profile_name_override: profile_name_override
                 .map(Cow::Owned)
                 .or(self.profile_name_override),
             ..self
-349
+        }
-350
+    }
-351

     /// Use the [default region chain](crate::default_provider::region) to set the
     /// region for this configuration
     ///
     /// Note: the `env` and `fs` already set on this provider will be used when loading the default region.
     pub async fn load_default_region(self) -> Self {
         use crate::default_provider::region::DefaultRegionChain;
         let provider_chain = DefaultRegionChain::builder().configure(&self).build();
         self.with_region(provider_chain.region().await)
-360
+    }
-361
     pub(crate) fn with_fs(self, fs: Fs) -> Self {
     fn with_fs_internal(self, fs: Fs) -> Self {
         ProviderConfig {
             parsed_profile: Default::default(),
             fs,
             ..self
-367
+        }
-368
+    }
-369
     pub(crate) fn with_env(self, env: Env) -> Self {
     #[cfg(not(feature = "test-util"))]
     pub(crate) fn with_fs(self, fs: Fs) -> Self {
         self.with_fs_internal(fs)
-+
+    }
-+
     /// Specify a [Fs] implementation for testing
     #[cfg(feature = "test-util")]
     pub fn with_fs(self, fs: Fs) -> Self {
         self.with_fs_internal(fs)
-+
+    }
-+
     fn with_env_internal(self, env: Env) -> Self {
         ProviderConfig {
             parsed_profile: Default::default(),
             env,
             ..self
-386
+        }
-387
+    }
-388
     #[cfg(not(feature = "test-util"))]
     pub(crate) fn with_env(self, env: Env) -> Self {
         self.with_env_internal(env)
-+
+    }
-+
     /// Specify an [Env] implementation for testing
     #[cfg(feature = "test-util")]
     pub fn with_env(self, env: Env) -> Self {
         self.with_env_internal(env)
-+
+    }
-+
     /// Override the time source for this configuration
     pub fn with_time_source(self, time_source: impl TimeSource + 'static) -> Self {
         ProviderConfig {
             time_source: time_source.into_shared(),
             ..self
-405
+        }
-406
+    }
-407
     /// Override the HTTP client for this configuration
     pub fn with_http_client(self, http_client: impl HttpClient + 'static) -> Self {

↧ Expand context

         ProviderConfig {
             http_client: Some(http_client.into_shared()),
             ..self
-413
+        }
-414
+    }
-415
     /// Override the sleep implementation for this configuration
     pub fn with_sleep_impl(self, sleep_impl: impl AsyncSleep + 'static) -> Self {
         ProviderConfig {
             sleep_impl: Some(sleep_impl.into_shared()),
             ..self
-421
+        }
-422
+    }
-423
     /// Override the retry config for this configuration
     pub fn with_retry_config(self, retry_config: RetryConfig) -> Self {
         ProviderConfig {
             retry_config: Some(retry_config),
             ..self
-429
+        }

tmp-codegen-diff/aws-sdk/sdk/aws-config/src/sso/credentials.rs

@@ -1,1 +46,47 @@

↥ Expand context

 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
-5
 //! SSO Credentials Provider

 //!
 //! This credentials provider enables loading credentials from `~/.aws/sso/cache`. For more information,
 //! see [Using AWS SSO Credentials](https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/sso-credentials.html)
 //!
 //! This provider is included automatically when profiles are loaded.
-12
 use super::cache::load_cached_token;
 use crate::identity::IdentityCache;
 use crate::provider_config::ProviderConfig;
 use crate::sso::SsoTokenProvider;
 use aws_credential_types::credential_feature::AwsCredentialFeature;
 use aws_credential_types::provider::{self, error::CredentialsError, future, ProvideCredentials};
 use aws_credential_types::Credentials;
 use aws_sdk_sso::types::RoleCredentials;
 use aws_sdk_sso::Client as SsoClient;
 use aws_smithy_async::time::SharedTimeSource;
 use aws_smithy_types::DateTime;
 use aws_types::os_shim_internal::{Env, Fs};
 use aws_types::region::Region;
 use aws_types::SdkConfig;
-27

↧ Expand context

 /// SSO Credentials Provider
 ///
 /// _Note: This provider is part of the default credentials chain and is integrated with the profile-file provider._
 ///
 /// This credentials provider will use cached SSO tokens stored in `~/.aws/sso/cache/<hash>.json`.
 /// Two different values will be tried for `<hash>` in order:
 /// 1. The configured [`session_name`](Builder::session_name).
 /// 2. The configured [`start_url`](Builder::start_url).
 #[derive(Debug)]
 pub struct SsoCredentialsProvider {
     fs: Fs,
     env: Env,
     sso_provider_config: SsoProviderConfig,
     sdk_config: SdkConfig,
     token_provider: Option<SsoTokenProvider>,
     time_source: SharedTimeSource,
-44
+}
-45
 impl SsoCredentialsProvider {
     /// Creates a builder for [`SsoCredentialsProvider`]

@@ -61,62 +120,127 @@

↥ Expand context

                     .configure(&provider_config.client_config())
                     .start_url(&sso_provider_config.start_url)
                     .session_name(session_name)
                     .region(sso_provider_config.region.clone())
                     .build_with(env.clone(), fs.clone()),
-67
+            )
         } else {
             None
         };
-71
         SsoCredentialsProvider {
             fs,
             env,
             sso_provider_config,
             sdk_config: provider_config.client_config(),
             token_provider,
             time_source: provider_config.time_source(),
-79
+        }
-80
+    }
-81

     async fn credentials(&self) -> provider::Result {
         load_sso_credentials(
             &self.sso_provider_config,
             &self.sdk_config,
             self.token_provider.as_ref(),
             &self.env,
             &self.fs,
             self.time_source.clone(),
-90
+        )
         .await
         .map(|mut creds| {
             creds
                 .get_property_mut_or_default::<Vec<AwsCredentialFeature>>()
                 .push(AwsCredentialFeature::CredentialsSso);
             creds
         })
-98
+    }
-99
+}
-100
 impl ProvideCredentials for SsoCredentialsProvider {
     fn provide_credentials<'a>(&'a self) -> future::ProvideCredentials<'a>
     where
         Self: 'a,
-105
+    {
         future::ProvideCredentials::new(self.credentials())
-107
+    }

↧ Expand context

-108
+}
-109
 /// Builder for [`SsoCredentialsProvider`]
 #[derive(Default, Debug, Clone)]
 pub struct Builder {
     provider_config: Option<ProviderConfig>,
     account_id: Option<String>,
     region: Option<Region>,
     role_name: Option<String>,
     start_url: Option<String>,
     session_name: Option<String>,
-119
+}
-120
 impl Builder {
     /// Create a new builder for [`SsoCredentialsProvider`]
     pub fn new() -> Self {
         Self::default()
-125
+    }
-126
     /// Override the configuration used for this provider

tmp-codegen-diff/aws-sdk/sdk/aws-config/src/sts/assume_role.rs

@@ -1,1 +37,38 @@

 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
-5
 //! Assume credentials for a role through the AWS Security Token Service (STS).
-7
 use aws_credential_types::credential_feature::AwsCredentialFeature;
 use aws_credential_types::provider::{
     self, error::CredentialsError, future, ProvideCredentials, SharedCredentialsProvider,
 };
 use aws_sdk_sts::operation::assume_role::builders::AssumeRoleFluentBuilder;
 use aws_sdk_sts::operation::assume_role::AssumeRoleError;
 use aws_sdk_sts::types::PolicyDescriptorType;
 use aws_sdk_sts::Client as StsClient;
 use aws_smithy_runtime::client::identity::IdentityCache;
 use aws_smithy_runtime_api::client::result::SdkError;
 use aws_smithy_types::error::display::DisplayErrorContext;

↧ Expand context

 use aws_types::region::Region;
 use aws_types::SdkConfig;
 use std::time::Duration;
 use tracing::Instrument;
-23
 /// Credentials provider that uses credentials provided by another provider to assume a role
 /// through the AWS Security Token Service (STS).
 ///
 /// When asked to provide credentials, this provider will first invoke the inner credentials
 /// provider to get AWS credentials for STS. Then, it will call STS to get assumed credentials for
 /// the desired role.
 ///
 /// # Examples
 /// Create an AssumeRoleProvider explicitly set to us-east-2 that utilizes the default credentials chain.
 /// ```no_run
 /// use aws_config::sts::AssumeRoleProvider;
 /// use aws_types::region::Region;
 /// # async fn docs() {
 /// let provider = AssumeRoleProvider::builder("arn:aws:iam::123456789012:role/demo")
 ///   .region(Region::from_static("us-east-2"))

@@ -258,259 +346,354 @@

↥ Expand context

             .set_duration_seconds(self.session_length.map(|dur| dur.as_secs() as i32));
-260
         AssumeRoleProvider {
             inner: Inner { fluent_builder },
-263
+        }
-264
+    }
-265
     /// Build a credentials provider for this role authorized by the given `provider`.
     pub async fn build_from_provider(
         mut self,
         provider: impl ProvideCredentials + 'static,
     ) -> AssumeRoleProvider {
         let conf = match self.sdk_config {
             Some(conf) => conf,
             None => crate::load_defaults(crate::BehaviorVersion::latest()).await,
         };
         let conf = conf
             .into_builder()
             .credentials_provider(SharedCredentialsProvider::new(provider))
             .build();

         self.sdk_config = Some(conf);
         self.build().await
-281
+    }
-282
+}
-283
 impl Inner {
     async fn credentials(&self) -> provider::Result {
         tracing::debug!("retrieving assumed credentials");
-287
         let assumed = self.fluent_builder.clone().send().in_current_span().await;
         match assumed {
         let assumed = match assumed {
             Ok(assumed) => {
                 tracing::debug!(
                     access_key_id = ?assumed.credentials.as_ref().map(|c| &c.access_key_id),
                     "obtained assumed credentials"
                 );
                 super::util::into_credentials(
                     assumed.credentials,
                     assumed.assumed_role_user,
                     "AssumeRoleProvider",
-299
+                )
-300
+            }
             Err(SdkError::ServiceError(ref context))
                 if matches!(
                     context.err(),
                     AssumeRoleError::RegionDisabledException(_)
                         | AssumeRoleError::MalformedPolicyDocumentException(_)
                 ) =>
-307
+            {
                 Err(CredentialsError::invalid_configuration(
                     assumed.err().unwrap(),
                 ))
-311
+            }
             Err(SdkError::ServiceError(ref context)) => {
                 tracing::warn!(error = %DisplayErrorContext(context.err()), "STS refused to grant assume role");
                 Err(CredentialsError::provider_error(assumed.err().unwrap()))
-315
+            }
             Err(err) => Err(CredentialsError::provider_error(err)),
--
+        }
         };
-+
         assumed.map(|mut creds| {
             creds
                 .get_property_mut_or_default::<Vec<AwsCredentialFeature>>()
                 .push(AwsCredentialFeature::CredentialsStsAssumeRole);
             creds
         })
-325
+    }
-326
+}
-327
 impl ProvideCredentials for AssumeRoleProvider {
     fn provide_credentials<'a>(&'a self) -> future::ProvideCredentials<'a>
     where
         Self: 'a,
-332
+    {
         future::ProvideCredentials::new(
             self.inner

↧ Expand context

                 .credentials()
                 .instrument(tracing::debug_span!("assume_role")),
-337
+        )
-338
+    }
-339
+}
-340
 #[cfg(test)]
 mod test {
     use crate::sts::AssumeRoleProvider;
     use aws_credential_types::credential_fn::provide_credentials_fn;
     use aws_credential_types::provider::{ProvideCredentials, SharedCredentialsProvider};
     use aws_credential_types::Credentials;
     use aws_smithy_async::rt::sleep::{SharedAsyncSleep, TokioSleep};
     use aws_smithy_async::test_util::instant_time_and_sleep;
     use aws_smithy_async::time::StaticTimeSource;
     use aws_smithy_http_client::test_util::{capture_request, ReplayEvent, StaticReplayClient};
     use aws_smithy_runtime::test_util::capture_test_logs::capture_test_logs;
     use aws_smithy_runtime_api::client::behavior_version::BehaviorVersion;
     use aws_smithy_types::body::SdkBody;
     use aws_types::os_shim_internal::Env;

tmp-codegen-diff/aws-sdk/sdk/aws-config/src/web_identity_token.rs

@@ -36,36 +95,96 @@

↥ Expand context

 //! 2. As a source profile for another role:
 //!
 //!   ```ini
 //!   [profile default]
 //!   role_arn = arn:aws:iam::123456789:role/RoleA
 //!   source_profile = base
 //!
 //!   [profile base]
 //!   role_arn = arn:aws:iam::123456789012:role/s3-reader
 //!   web_identity_token_file = /token.jwt
 //!   ```
 //!
 //! # Examples
 //! Web Identity Token providers are part of the [default chain](crate::default_provider::credentials).
 //! However, they may be directly constructed if you don't want to use the default provider chain.
 //! Unless overridden with [`static_configuration`](Builder::static_configuration), the provider will
 //! load configuration from environment variables.
 //!
 //! ```no_run
 //! # async fn test() {

 //! use aws_config::web_identity_token::WebIdentityTokenCredentialsProvider;
 //! use aws_config::provider_config::ProviderConfig;
 //! let provider = WebIdentityTokenCredentialsProvider::builder()
 //!     .configure(&ProviderConfig::with_default_region().await)
 //!     .build();
 //! # }
 //! ```
-63
 use crate::provider_config::ProviderConfig;
 use crate::sts;
 use aws_credential_types::credential_feature::AwsCredentialFeature;
 use aws_credential_types::provider::{self, error::CredentialsError, future, ProvideCredentials};
 use aws_sdk_sts::{types::PolicyDescriptorType, Client as StsClient};
 use aws_smithy_async::time::SharedTimeSource;
 use aws_smithy_types::error::display::DisplayErrorContext;
 use aws_types::os_shim_internal::{Env, Fs};
-72
 use std::borrow::Cow;
 use std::path::{Path, PathBuf};
-75
 const ENV_VAR_TOKEN_FILE: &str = "AWS_WEB_IDENTITY_TOKEN_FILE";

↧ Expand context

 const ENV_VAR_ROLE_ARN: &str = "AWS_ROLE_ARN";
 const ENV_VAR_SESSION_NAME: &str = "AWS_ROLE_SESSION_NAME";
-79
 /// Credential provider to load credentials from Web Identity Tokens
 ///
 /// See Module documentation for more details
 #[derive(Debug)]
 pub struct WebIdentityTokenCredentialsProvider {
     source: Source,
     time_source: SharedTimeSource,
     fs: Fs,
     sts_client: StsClient,
     policy: Option<String>,
     policy_arns: Option<Vec<PolicyDescriptorType>>,
-91
+}
-92
 impl WebIdentityTokenCredentialsProvider {
     /// Builder for this credentials provider
     pub fn builder() -> Builder {
         Builder::default()

@@ -133,134 +192,199 @@

↥ Expand context

                 })?;
                 let role_arn = env.get(ENV_VAR_ROLE_ARN).map_err(|_| {
                     CredentialsError::invalid_configuration(
                         "AWS_ROLE_ARN environment variable must be set",
-138
+                    )
                 })?;
                 let session_name = env.get(ENV_VAR_SESSION_NAME).unwrap_or_else(|_| {
                     sts::util::default_session_name("web-identity-token", self.time_source.now())
                 });
                 Ok(Cow::Owned(StaticConfiguration {
                     web_identity_token_file: token_file.into(),
                     role_arn,
                     session_name,
                 }))
-148
+            }
             Source::Static(conf) => Ok(Cow::Borrowed(conf)),
-150
+        }
-151
+    }
     async fn credentials(&self) -> provider::Result {
         let conf = self.source()?;

         load_credentials(
             &self.fs,
             &self.sts_client,
             self.policy.clone(),
             self.policy_arns.clone(),
             &conf.web_identity_token_file,
             &conf.role_arn,
             &conf.session_name,
-162
+        )
         .await
         .map(|mut creds| {
             creds
                 .get_property_mut_or_default::<Vec<AwsCredentialFeature>>()
                 .push(AwsCredentialFeature::CredentialsProfileStsWebIdToken);
             creds
         })
-170
+    }
-171
+}
-172
 /// Builder for [`WebIdentityTokenCredentialsProvider`].
 #[derive(Debug, Default)]
 pub struct Builder {
     source: Option<Source>,
     config: Option<ProviderConfig>,
     policy: Option<String>,
     policy_arns: Option<Vec<PolicyDescriptorType>>,

↧ Expand context

-180
+}
-181
 impl Builder {
     /// Configure generic options of the [WebIdentityTokenCredentialsProvider]
     ///
     /// # Examples
     /// ```no_run
     /// # async fn test() {
     /// use aws_config::web_identity_token::WebIdentityTokenCredentialsProvider;
     /// use aws_config::provider_config::ProviderConfig;
     /// let provider = WebIdentityTokenCredentialsProvider::builder()
     ///     .configure(&ProviderConfig::with_default_region().await)
     ///     .build();
     /// # }
     /// ```
     pub fn configure(mut self, provider_config: &ProviderConfig) -> Self {
         self.config = Some(provider_config.clone());
         self
-198
+    }
-199

tmp-codegen-diff/aws-sdk/sdk/aws-credential-types/Cargo.toml

@@ -7,7 +49,49 @@

↥ Expand context

 edition = "2021"
 license = "Apache-2.0"
 repository = "https://github.com/smithy-lang/smithy-rs"
 [package.metadata.docs.rs]
 all-features = true
 targets = ["x86_64-unknown-linux-gnu"]
 cargo-args = ["-Zunstable-options", "-Zrustdoc-scrape-examples"]
 rustdoc-args = ["--cfg", "docsrs"]
-15
 [package.metadata.smithy-rs-release-tooling]
 stable = true
-18
 [features]
 hardcoded-credentials = []
 test-util = ["aws-smithy-runtime-api/test-util"]
-22
 [dependencies]
 zeroize = "1.7.0"
-25
 [dependencies.aws-smithy-async]

 path = "../aws-smithy-async"
 version = "1.2.5"
-29
 [dependencies.aws-smithy-types]
 path = "../aws-smithy-types"
 version = "1.3.2"
-33
 [dependencies.aws-smithy-runtime-api]
 path = "../aws-smithy-runtime-api"
 features = ["client", "http-auth"]
 version = "1.8.5"
 version = "1.8.6"
-38
 [dev-dependencies]
 async-trait = "0.1.74"
-41
 [dev-dependencies.aws-smithy-runtime-api]
 path = "../aws-smithy-runtime-api"
 features = ["test-util"]
 version = "1.8.5"
 version = "1.8.6"
-46
 [dev-dependencies.tokio]
 version = "1.23.1"
 features = ["full", "test-util", "rt"]

Pages: 1 2 3 4

1 1	`/*`
2 2	`* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.`

1 1	`/*`
2 2	`* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.`
3 3	`* SPDX-License-Identifier: Apache-2.0`