RubyGems - aws-sdk-core - Versions diffs - 3.114.0 → 3.180.2 - Mend

aws-sdk-core 3.114.0 → 3.180.2

Files changed (132) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +617 -0
data/VERSION +1 -1
data/lib/aws-defaults/default_configuration.rb +153 -0
data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
data/lib/aws-defaults.rb +3 -0
data/lib/aws-sdk-core/arn.rb +13 -0
data/lib/aws-sdk-core/assume_role_credentials.rb +21 -7
data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +14 -10
data/lib/aws-sdk-core/binary/encode_handler.rb +12 -1
data/lib/aws-sdk-core/client_stubs.rb +5 -1
data/lib/aws-sdk-core/credential_provider.rb +3 -0
data/lib/aws-sdk-core/credential_provider_chain.rb +10 -6
data/lib/aws-sdk-core/ec2_metadata.rb +27 -7
data/lib/aws-sdk-core/ecs_credentials.rb +121 -53
data/lib/aws-sdk-core/endpoints/condition.rb +41 -0
data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +75 -0
data/lib/aws-sdk-core/endpoints/error_rule.rb +42 -0
data/lib/aws-sdk-core/endpoints/function.rb +80 -0
data/lib/aws-sdk-core/endpoints/matchers.rb +127 -0
data/lib/aws-sdk-core/endpoints/reference.rb +31 -0
data/lib/aws-sdk-core/endpoints/rule.rb +25 -0
data/lib/aws-sdk-core/endpoints/rule_set.rb +52 -0
data/lib/aws-sdk-core/endpoints/rules_provider.rb +37 -0
data/lib/aws-sdk-core/endpoints/templater.rb +58 -0
data/lib/aws-sdk-core/endpoints/tree_rule.rb +45 -0
data/lib/aws-sdk-core/endpoints/url.rb +60 -0
data/lib/aws-sdk-core/endpoints.rb +78 -0
data/lib/aws-sdk-core/errors.rb +18 -1
data/lib/aws-sdk-core/ini_parser.rb +7 -0
data/lib/aws-sdk-core/instance_profile_credentials.rb +124 -18
data/lib/aws-sdk-core/json/error_handler.rb +20 -1
data/lib/aws-sdk-core/json/json_engine.rb +10 -8
data/lib/aws-sdk-core/json/oj_engine.rb +33 -6
data/lib/aws-sdk-core/json/parser.rb +8 -0
data/lib/aws-sdk-core/json.rb +8 -26
data/lib/aws-sdk-core/log/formatter.rb +6 -0
data/lib/aws-sdk-core/log/param_filter.rb +9 -1
data/lib/aws-sdk-core/pageable_response.rb +81 -26
data/lib/aws-sdk-core/pager.rb +3 -0
data/lib/aws-sdk-core/param_validator.rb +29 -0
data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
data/lib/aws-sdk-core/plugins/credentials_configuration.rb +27 -1
data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +6 -2
data/lib/aws-sdk-core/plugins/http_checksum.rb +8 -1
data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +17 -0
data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +16 -1
data/lib/aws-sdk-core/plugins/recursion_detection.rb +38 -0
data/lib/aws-sdk-core/plugins/regional_endpoint.rb +144 -17
data/lib/aws-sdk-core/plugins/request_compression.rb +217 -0
data/lib/aws-sdk-core/plugins/response_paging.rb +1 -1
data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +7 -4
data/lib/aws-sdk-core/plugins/retry_errors.rb +21 -5
data/lib/aws-sdk-core/plugins/sign.rb +201 -0
data/lib/aws-sdk-core/plugins/signature_v2.rb +1 -0
data/lib/aws-sdk-core/plugins/signature_v4.rb +28 -31
data/lib/aws-sdk-core/plugins/stub_responses.rb +5 -1
data/lib/aws-sdk-core/plugins/user_agent.rb +117 -14
data/lib/aws-sdk-core/process_credentials.rb +9 -11
data/lib/aws-sdk-core/refreshing_credentials.rb +41 -16
data/lib/aws-sdk-core/refreshing_token.rb +71 -0
data/lib/aws-sdk-core/rest/handler.rb +1 -1
data/lib/aws-sdk-core/rest/request/body.rb +19 -1
data/lib/aws-sdk-core/rest/request/headers.rb +14 -6
data/lib/aws-sdk-core/rest/response/headers.rb +3 -1
data/lib/aws-sdk-core/shared_config.rb +127 -13
data/lib/aws-sdk-core/shared_credentials.rb +7 -1
data/lib/aws-sdk-core/sso_credentials.rb +92 -52
data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
data/lib/aws-sdk-core/static_token_provider.rb +14 -0
data/lib/aws-sdk-core/structure.rb +16 -5
data/lib/aws-sdk-core/stubbing/protocols/json.rb +1 -1
data/lib/aws-sdk-core/stubbing/stub_data.rb +11 -0
data/lib/aws-sdk-core/token.rb +31 -0
data/lib/aws-sdk-core/token_provider.rb +15 -0
data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
data/lib/aws-sdk-core/waiters/poller.rb +3 -1
data/lib/aws-sdk-core/xml/builder.rb +1 -1
data/lib/aws-sdk-core/xml/error_handler.rb +7 -0
data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
data/lib/aws-sdk-core/xml/parser/engines/ox.rb +1 -1
data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +0 -8
data/lib/aws-sdk-core/xml/parser/frame.rb +23 -0
data/lib/aws-sdk-core.rb +20 -0
data/lib/aws-sdk-sso/client.rb +97 -15
data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
data/lib/aws-sdk-sso/endpoint_provider.rb +51 -0
data/lib/aws-sdk-sso/endpoints.rb +72 -0
data/lib/aws-sdk-sso/plugins/endpoints.rb +76 -0
data/lib/aws-sdk-sso/types.rb +8 -43
data/lib/aws-sdk-sso.rb +5 -1
data/lib/aws-sdk-ssooidc/client.rb +626 -0
data/lib/aws-sdk-ssooidc/client_api.rb +216 -0
data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
data/lib/aws-sdk-ssooidc/endpoint_provider.rb +51 -0
data/lib/aws-sdk-ssooidc/endpoints.rb +58 -0
data/lib/aws-sdk-ssooidc/errors.rb +290 -0
data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +74 -0
data/lib/aws-sdk-ssooidc/resource.rb +26 -0
data/lib/aws-sdk-ssooidc/types.rb +502 -0
data/lib/aws-sdk-ssooidc.rb +59 -0
data/lib/aws-sdk-sts/client.rb +535 -472
data/lib/aws-sdk-sts/client_api.rb +10 -0
data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
data/lib/aws-sdk-sts/endpoint_provider.rb +112 -0
data/lib/aws-sdk-sts/endpoints.rb +136 -0
data/lib/aws-sdk-sts/plugins/endpoints.rb +84 -0
data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +5 -1
data/lib/aws-sdk-sts/presigner.rb +13 -9
data/lib/aws-sdk-sts/types.rb +248 -313
data/lib/aws-sdk-sts.rb +5 -1
data/lib/seahorse/client/async_base.rb +0 -1
data/lib/seahorse/client/configuration.rb +5 -5
data/lib/seahorse/client/h2/connection.rb +26 -22
data/lib/seahorse/client/h2/handler.rb +4 -5
data/lib/seahorse/client/net_http/connection_pool.rb +7 -0
data/lib/seahorse/client/net_http/handler.rb +15 -7
data/lib/seahorse/client/net_http/patches.rb +13 -84
data/lib/seahorse/client/plugins/content_length.rb +11 -5
data/lib/seahorse/client/plugins/net_http.rb +33 -2
data/lib/seahorse/client/plugins/request_callback.rb +9 -9
data/lib/seahorse/client/response.rb +6 -0
data/lib/seahorse/model/operation.rb +6 -0
data/lib/seahorse/model/shapes.rb +25 -0
data/lib/seahorse/util.rb +4 -0
metadata +64 -12
data/lib/aws-sdk-sso/plugins/content_type.rb +0 -25

data/lib/aws-sdk-core/plugins/regional_endpoint.rb CHANGED Viewed

@@ -24,30 +24,44 @@ a default `:region` is searched for in the following locations:
         resolve_region(cfg)
       end
+      option(:use_dualstack_endpoint,
+        doc_type: 'Boolean',
+        docstring: <<-DOCS) do |cfg|
+When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
+will be used if available.
+        DOCS
+        resolve_use_dualstack_endpoint(cfg)
+      end
+      option(:use_fips_endpoint,
+        doc_type: 'Boolean',
+        docstring: <<-DOCS) do |cfg|
+When set to `true`, fips compatible endpoints will be used if available.
+When a `fips` region is used, the region is normalized and this config
+is set to `true`.
+        DOCS
+        resolve_use_fips_endpoint(cfg)
+      end
+      # This option signals whether :endpoint was provided or not.
+      # Legacy endpoints must continue to be generated at client time.
       option(:regional_endpoint, false)
+      option(:ignore_configured_endpoint_urls,
+        doc_type: 'Boolean',
+        docstring: <<-DOCS) do |cfg|
+Setting to true disables use of endpoint URLs provided via environment
+variables and the shared configuration file.
+        DOCS
+        resolve_ignore_configured_endpoint_urls(cfg)
+      end
       option(:endpoint, doc_type: String, docstring: <<-DOCS) do |cfg|
 The client endpoint is normally constructed from the `:region`
 option. You should only configure an `:endpoint` when connecting
 to test or custom endpoints. This should be a valid HTTP(S) URI.
         DOCS
-        endpoint_prefix = cfg.api.metadata['endpointPrefix']
-        if cfg.region && endpoint_prefix
-          if cfg.respond_to?(:sts_regional_endpoints)
-            sts_regional = cfg.sts_regional_endpoints
-          end
-          # check region is a valid RFC host label
-          unless Seahorse::Util.host_label?(cfg.region)
-            raise Errors::InvalidRegionError
-          end
-          Aws::Partitions::EndpointProvider.resolve(
-            cfg.region,
-            endpoint_prefix,
-            sts_regional
-          )
-        end
+        resolve_endpoint(cfg)
       end
       def after_initialize(client)
@@ -66,6 +80,119 @@ to test or custom endpoints. This should be a valid HTTP(S) URI.
           cfg_region = Aws.shared_config.region(profile: cfg.profile)
           env_region || cfg_region
         end
+        def resolve_use_dualstack_endpoint(cfg)
+          value = ENV['AWS_USE_DUALSTACK_ENDPOINT']
+          value ||= Aws.shared_config.use_dualstack_endpoint(
+            profile: cfg.profile
+          )
+          Aws::Util.str_2_bool(value) || false
+        end
+        def resolve_use_fips_endpoint(cfg)
+          value = ENV['AWS_USE_FIPS_ENDPOINT']
+          value ||= Aws.shared_config.use_fips_endpoint(profile: cfg.profile)
+          Aws::Util.str_2_bool(value) || false
+        end
+        def resolve_ignore_configured_endpoint_urls(cfg)
+          value = ENV['AWS_IGNORE_CONFIGURED_ENDPOINT_URLS']
+          value ||= Aws.shared_config.ignore_configured_endpoint_urls(profile: cfg.profile)
+          Aws::Util.str_2_bool(value&.downcase) || false
+        end
+        # NOTE: with Endpoints 2.0, some of this logic is deprecated
+        # but because new old service gems may depend on new core versions
+        # we must preserve that behavior.
+        # Additional behavior controls the setting of the custom SDK::Endpoint
+        # parameter.
+        # When the `regional_endpoint` config is set to true - this indicates to
+        # Endpoints2.0 that a custom endpoint has NOT been configured by the user.
+        def resolve_endpoint(cfg)
+          endpoint = resolve_custom_config_endpoint(cfg)
+          endpoint_prefix = cfg.api.metadata['endpointPrefix']
+          return endpoint unless endpoint.nil? && cfg.region && endpoint_prefix
+          validate_region!(cfg.region)
+          handle_legacy_pseudo_regions(cfg)
+          # set regional_endpoint flag - this indicates to Endpoints 2.0
+          # that a custom endpoint has NOT been configured by the user
+          cfg.override_config(:regional_endpoint, true)
+          resolve_legacy_endpoint(cfg)
+        end
+        # get a custom configured endpoint from ENV or configuration
+        def resolve_custom_config_endpoint(cfg)
+          return if cfg.ignore_configured_endpoint_urls
+          env_service_endpoint(cfg) || env_global_endpoint(cfg) || shared_config_endpoint(cfg)
+        end
+        def env_service_endpoint(cfg)
+          service_id = cfg.api.metadata['serviceId'] || cfg.api.metadata['endpointPrefix']
+          env_service_id = service_id.gsub(" ", "_").upcase
+          return unless endpoint = ENV["AWS_ENDPOINT_URL_#{env_service_id}"]
+          cfg.logger&.debug(
+            "Endpoint configured from ENV['AWS_ENDPOINT_URL_#{env_service_id}']: #{endpoint}\n")
+          endpoint
+        end
+        def env_global_endpoint(cfg)
+          return unless endpoint = ENV['AWS_ENDPOINT_URL']
+          cfg.logger&.debug(
+            "Endpoint configured from ENV['AWS_ENDPOINT_URL']: #{endpoint}\n")
+          endpoint
+        end
+        def shared_config_endpoint(cfg)
+          service_id = cfg.api.metadata['serviceId'] || cfg.api.metadata['endpointPrefix']
+          return unless endpoint = Aws.shared_config.configured_endpoint(profile: cfg.profile, service_id: service_id)
+          cfg.logger&.debug(
+            "Endpoint configured from shared config(profile: #{cfg.profile}): #{endpoint}\n")
+          endpoint
+        end
+        # check region is a valid RFC host label
+        def validate_region!(region)
+          unless Seahorse::Util.host_label?(region)
+            raise Errors::InvalidRegionError
+          end
+        end
+        def handle_legacy_pseudo_regions(cfg)
+          region = cfg.region
+          new_region = region.gsub('fips-', '').gsub('-fips', '')
+          if region != new_region
+            warn("Legacy region #{region} was transformed to #{new_region}."\
+                 '`use_fips_endpoint` config was set to true.')
+            cfg.override_config(:use_fips_endpoint, true)
+            cfg.override_config(:region, new_region)
+          end
+        end
+        # set a default endpoint in config using legacy (endpoints.json) resolver
+        def resolve_legacy_endpoint(cfg)
+          endpoint_prefix = cfg.api.metadata['endpointPrefix']
+          if cfg.respond_to?(:sts_regional_endpoints)
+            sts_regional = cfg.sts_regional_endpoints
+          end
+          Aws::Partitions::EndpointProvider.resolve(
+            cfg.region,
+            endpoint_prefix,
+            sts_regional,
+            {
+              dualstack: cfg.use_dualstack_endpoint,
+              fips: cfg.use_fips_endpoint
+            }
+          )
+        end
       end
     end
   end

data/lib/aws-sdk-core/plugins/request_compression.rb ADDED Viewed

@@ -0,0 +1,217 @@
+# frozen_string_literal: true
+module Aws
+  module Plugins
+    # @api private
+    class RequestCompression < Seahorse::Client::Plugin
+      DEFAULT_MIN_COMPRESSION_SIZE = 10_240
+      MIN_COMPRESSION_SIZE_LIMIT = 10_485_760
+      SUPPORTED_ENCODINGS = %w[gzip].freeze
+      CHUNK_SIZE = 1 * 1024 * 1024 # one MB
+      option(
+        :disable_request_compression,
+        default: false,
+        doc_type: 'Boolean',
+        docstring: <<-DOCS) do |cfg|
+When set to 'true' the request body will not be compressed
+for supported operations.
+      DOCS
+        resolve_disable_request_compression(cfg)
+      end
+      option(
+        :request_min_compression_size_bytes,
+        default: 10_240,
+        doc_type: 'Integer',
+        docstring: <<-DOCS) do |cfg|
+The minimum size in bytes that triggers compression for request
+bodies. The value must be non-negative integer value between 0
+and 10485780 bytes inclusive.
+      DOCS
+        resolve_request_min_compression_size_bytes(cfg)
+      end
+      def after_initialize(client)
+        validate_disable_request_compression_input(client.config)
+        validate_request_min_compression_size_bytes_input(client.config)
+      end
+      def validate_disable_request_compression_input(cfg)
+        unless [true, false].include?(cfg.disable_request_compression)
+          raise ArgumentError,
+                'Must provide either `true` or `false` for the '\
+                '`disable_request_compression` configuration option.'
+        end
+      end
+      def validate_request_min_compression_size_bytes_input(cfg)
+        value = Integer(cfg.request_min_compression_size_bytes)
+        unless value.between?(0, MIN_COMPRESSION_SIZE_LIMIT)
+          raise ArgumentError,
+                'Must provide a non-negative integer value between '\
+                  '`0` and `10485760` bytes inclusive for the '\
+                  '`request_min_compression_size_bytes` configuration option.'
+        end
+      end
+      def add_handlers(handlers, _config)
+        # priority set to ensure compression happens BEFORE checksum
+        handlers.add(CompressionHandler, priority: 16, step: :build)
+      end
+      class << self
+        private
+        def resolve_disable_request_compression(cfg)
+          value = ENV['AWS_DISABLE_REQUEST_COMPRESSION'] ||
+                  Aws.shared_config.disable_request_compression(profile: cfg.profile) ||
+                  'false'
+          Aws::Util.str_2_bool(value)
+        end
+        def resolve_request_min_compression_size_bytes(cfg)
+          value = ENV['AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES'] ||
+                  Aws.shared_config.request_min_compression_size_bytes(profile: cfg.profile) ||
+                  DEFAULT_MIN_COMPRESSION_SIZE.to_s
+          Integer(value)
+        end
+      end
+      # @api private
+      class CompressionHandler < Seahorse::Client::Handler
+        def call(context)
+          if should_compress?(context)
+            selected_encoding = request_encoding_selection(context)
+            if selected_encoding
+              if streaming?(context.operation.input)
+                process_streaming_compression(selected_encoding, context)
+              elsif context.http_request.body.size >= context.config.request_min_compression_size_bytes
+                process_compression(selected_encoding, context)
+              end
+            end
+          end
+          @handler.call(context)
+        end
+        private
+        def request_encoding_selection(context)
+          encoding_list = context.operation.request_compression['encodings']
+          encoding_list.find { |encoding| RequestCompression::SUPPORTED_ENCODINGS.include?(encoding) }
+        end
+        def update_content_encoding(encoding, context)
+          headers = context.http_request.headers
+          if headers['Content-Encoding']
+            headers['Content-Encoding'] += ',' + encoding
+          else
+            headers['Content-Encoding'] = encoding
+          end
+        end
+        def should_compress?(context)
+          context.operation.request_compression &&
+            !context.config.disable_request_compression
+        end
+        def streaming?(input)
+          if payload = input[:payload_member] # checking ref and shape
+            payload['streaming'] || payload.shape['streaming']
+          else
+            false
+          end
+        end
+        def process_compression(encoding, context)
+          case encoding
+          when 'gzip'
+            gzip_compress(context)
+          else
+            raise StandardError, "We currently do not support #{encoding} encoding"
+          end
+          update_content_encoding(encoding, context)
+        end
+        def gzip_compress(context)
+          compressed = StringIO.new
+          compressed.binmode
+          gzip_writer = Zlib::GzipWriter.new(compressed)
+          if context.http_request.body.respond_to?(:read)
+            update_in_chunks(gzip_writer, context.http_request.body)
+          else
+            gzip_writer.write(context.http_request.body)
+          end
+          gzip_writer.close
+          new_body = StringIO.new(compressed.string)
+          context.http_request.body = new_body
+        end
+        def update_in_chunks(compressor, io)
+          loop do
+            chunk = io.read(CHUNK_SIZE)
+            break unless chunk
+            compressor.write(chunk)
+          end
+        end
+        def process_streaming_compression(encoding, context)
+          case encoding
+          when 'gzip'
+            context.http_request.body = GzipIO.new(context.http_request.body)
+          else
+            raise StandardError, "We currently do not support #{encoding} encoding"
+          end
+          update_content_encoding(encoding, context)
+        end
+        # @api private
+        class GzipIO
+          def initialize(body)
+            @body = body
+            @buffer = ChunkBuffer.new
+            @gzip_writer = Zlib::GzipWriter.new(@buffer)
+          end
+          def read(length, buff = nil)
+            if @gzip_writer.closed?
+              # an empty string to signify an end as
+              # there will be nothing remaining to be read
+              StringIO.new('').read(length, buff)
+              return
+            end
+            chunk = @body.read(length)
+            if !chunk || chunk.empty?
+              # closing the writer will write one last chunk
+              # with a trailer (to be read from the @buffer)
+              @gzip_writer.close
+            else
+              # flush happens first to ensure that header fields
+              # are being sent over since write will override
+              @gzip_writer.flush
+              @gzip_writer.write(chunk)
+            end
+            StringIO.new(@buffer.last_chunk).read(length, buff)
+          end
+        end
+        # @api private
+        class ChunkBuffer
+          def initialize
+            @last_chunk = nil
+          end
+          attr_reader :last_chunk
+          def write(data)
+            @last_chunk = data
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/response_paging.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module Aws
         def call(context)
           context[:original_params] = context.params
           resp = @handler.call(context)
-          resp.extend(PageableResponse)
+          PageableResponse.apply(resp)
           resp.pager = context.operation[:pager] || Aws::Pager::NullPager.new
           resp
         end

data/lib/aws-sdk-core/plugins/retries/error_inspector.rb CHANGED Viewed

@@ -13,7 +13,8 @@ module Aws
             'InvalidAccessKeyId',          # s3
             'AuthFailure',                 # ec2
             'InvalidIdentityToken',        # sts
-            'ExpiredToken'                 # route53
+            'ExpiredToken',                # route53
+            'ExpiredTokenException'        # kinesis
           ]
         )
@@ -38,13 +39,15 @@ module Aws
         CHECKSUM_ERRORS = Set.new(
           [
-            'CRC32CheckFailed' # dynamodb
+            'CRC32CheckFailed', # dynamodb
+            'BadDigest' # s3
           ]
         )
         NETWORKING_ERRORS = Set.new(
           [
             'RequestTimeout',          # s3
+            'InternalError',           # s3
             'RequestTimeoutException', # glacier
             'IDPCommunicationError'    # sts
           ]
@@ -80,7 +83,7 @@ module Aws
         end
         def checksum?
-          CHECKSUM_ERRORS.include?(@name) || @error.is_a?(Errors::ChecksumError)
+          CHECKSUM_ERRORS.include?(@name)
         end
         def networking?
@@ -141,4 +144,4 @@ module Aws
       end
     end
   end
-end
+end

data/lib/aws-sdk-core/plugins/retry_errors.rb CHANGED Viewed

@@ -163,9 +163,15 @@ a clock skew correction and retry requests with skewed client clocks.
       option(:clock_skew) { Retries::ClockSkew.new }
       def self.resolve_retry_mode(cfg)
-        value = ENV['AWS_RETRY_MODE'] ||
-                Aws.shared_config.retry_mode(profile: cfg.profile) ||
-                'legacy'
+        default_mode_value =
+          if cfg.respond_to?(:defaults_mode_config_resolver)
+            cfg.defaults_mode_config_resolver.resolve(:retry_mode)
+          end
+          value = ENV['AWS_RETRY_MODE'] ||
+                  Aws.shared_config.retry_mode(profile: cfg.profile) ||
+                  default_mode_value ||
+                  'legacy'
         # Raise if provided value is not one of the retry modes
         if value != 'legacy' && value != 'standard' && value != 'adaptive'
           raise ArgumentError,
@@ -307,12 +313,17 @@ a clock skew correction and retry requests with skewed client clocks.
         def retry_request(context, error)
           context.retries += 1
-          context.config.credentials.refresh! if error.expired_credentials?
+          context.config.credentials.refresh! if refresh_credentials?(context, error)
           context.http_request.body.rewind
           context.http_response.reset
           call(context)
         end
+        def refresh_credentials?(context, error)
+          error.expired_credentials? &&
+            context.config.credentials.respond_to?(:refresh!)
+        end
         def add_retry_headers(context)
           request_pairs = {
             'attempt' => context.retries,
@@ -377,7 +388,7 @@ a clock skew correction and retry requests with skewed client clocks.
         def retry_request(context, error)
           delay_retry(context)
           context.retries += 1
-          context.config.credentials.refresh! if error.expired_credentials?
+          context.config.credentials.refresh! if refresh_credentials?(context, error)
           context.http_request.body.rewind
           context.http_response.reset
           call(context)
@@ -393,6 +404,11 @@ a clock skew correction and retry requests with skewed client clocks.
             response_truncatable?(context)
         end
+        def refresh_credentials?(context, error)
+          error.expired_credentials? &&
+            context.config.credentials.respond_to?(:refresh!)
+        end
         def retry_limit(context)
           context.config.retry_limit
         end