aws-sdk-core 3.117.0 → 3.197.2

data/lib/aws-sdk-sso/client.rb

@@ -22,14 +22,18 @@ require 'aws-sdk-core/plugins/endpoint_pattern.rb'
 require 'aws-sdk-core/plugins/response_paging.rb'
 require 'aws-sdk-core/plugins/stub_responses.rb'
 require 'aws-sdk-core/plugins/idempotency_token.rb'
+require 'aws-sdk-core/plugins/invocation_id.rb'
 require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
 require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/http_checksum.rb'
-require 'aws-sdk-core/plugins/signature_v4.rb'
+require 'aws-sdk-core/plugins/checksum_algorithm.rb'
+require 'aws-sdk-core/plugins/request_compression.rb'
+require 'aws-sdk-core/plugins/defaults_mode.rb'
+require 'aws-sdk-core/plugins/recursion_detection.rb'
+require 'aws-sdk-core/plugins/sign.rb'
 require 'aws-sdk-core/plugins/protocols/rest_json.rb'
-require 'aws-sdk-sso/plugins/content_type.rb'
 
 Aws::Plugins::GlobalConfiguration.add_identifier(:sso)
 
@@ -69,14 +73,19 @@ module Aws::SSO
     add_plugin(Aws::Plugins::ResponsePaging)
     add_plugin(Aws::Plugins::StubResponses)
     add_plugin(Aws::Plugins::IdempotencyToken)
+    add_plugin(Aws::Plugins::InvocationId)
     add_plugin(Aws::Plugins::JsonvalueConverter)
     add_plugin(Aws::Plugins::ClientMetricsPlugin)
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::HttpChecksum)
-    add_plugin(Aws::Plugins::SignatureV4)
+    add_plugin(Aws::Plugins::ChecksumAlgorithm)
+    add_plugin(Aws::Plugins::RequestCompression)
+    add_plugin(Aws::Plugins::DefaultsMode)
+    add_plugin(Aws::Plugins::RecursionDetection)
+    add_plugin(Aws::Plugins::Sign)
     add_plugin(Aws::Plugins::Protocols::RestJson)
-    add_plugin(Aws::SSO::Plugins::ContentType)
+    add_plugin(Aws::SSO::Plugins::Endpoints)
 
     # @overload initialize(options)
     #   @param [Hash] options
@@ -121,7 +130,9 @@ module Aws::SSO
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
     #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts.
+    #       enable retries and extended timeouts. Instance profile credential
+    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
+    #       to true.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -175,14 +186,29 @@ module Aws::SSO
     #     Used only in `standard` and adaptive retry modes. Specifies whether to apply
     #     a clock skew correction and retry requests with skewed client clocks.
     #
+    #   @option options [String] :defaults_mode ("legacy")
+    #     See {Aws::DefaultsModeConfiguration} for a list of the
+    #     accepted modes and the configuration defaults that are included.
+    #
     #   @option options [Boolean] :disable_host_prefix_injection (false)
     #     Set to true to disable SDK automatically adding host prefix
     #     to default service endpoint when available.
     #
-    #   @option options [String] :endpoint
-    #     The client endpoint is normally constructed from the `:region`
-    #     option. You should only configure an `:endpoint` when connecting
-    #     to test or custom endpoints. This should be a valid HTTP(S) URI.
+    #   @option options [Boolean] :disable_request_compression (false)
+    #     When set to 'true' the request body will not be compressed
+    #     for supported operations.
+    #
+    #   @option options [String, URI::HTTPS, URI::HTTP] :endpoint
+    #     Normally you should not configure the `:endpoint` option
+    #     directly. This is normally constructed from the `:region`
+    #     option. Configuring `:endpoint` is normally reserved for
+    #     connecting to test or custom endpoints. The endpoint should
+    #     be a URI formatted like:
+    #
+    #         'http://example.com'
+    #         'https://example.com'
+    #         'http://example.com:123'
+    #
     #
     #   @option options [Integer] :endpoint_cache_max_entries (1000)
     #     Used for the maximum size limit of the LRU cache storing endpoints data
@@ -199,6 +225,10 @@ module Aws::SSO
     #   @option options [Boolean] :endpoint_discovery (false)
     #     When set to `true`, endpoint discovery will be enabled for operations when available.
     #
+    #   @option options [Boolean] :ignore_configured_endpoint_urls
+    #     Setting to true disables use of endpoint URLs provided via environment
+    #     variables and the shared configuration file.
+    #
     #   @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
     #     The log formatter.
     #
@@ -219,6 +249,11 @@ module Aws::SSO
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [Integer] :request_min_compression_size_bytes (10240)
+    #     The minimum size in bytes that triggers compression for request
+    #     bodies. The value must be non-negative integer value between 0
+    #     and 10485780 bytes inclusive.
+    #
     #   @option options [Proc] :retry_backoff
     #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
     #     This option is only used in the `legacy` retry mode.
@@ -264,6 +299,12 @@ module Aws::SSO
     #       in the future.
     #
     #
+    #   @option options [String] :sdk_ua_app_id
+    #     A unique and opaque application ID that is appended to the
+    #     User-Agent header as app/sdk_ua_app_id. It should have a
+    #     maximum length of 50. This variable is sourced from environment
+    #     variable AWS_SDK_UA_APP_ID or the shared config profile attribute sdk_ua_app_id.
+    #
     #   @option options [String] :secret_access_key
     #
     #   @option options [String] :session_token
@@ -277,51 +318,94 @@ module Aws::SSO
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Aws::TokenProvider] :token_provider
+    #     A Bearer Token Provider. This can be an instance of any one of the
+    #     following classes:
+    #
+    #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+    #       tokens.
+    #
+    #     * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+    #     will be used to search for tokens configured for your profile in shared configuration files.
+    #
+    #   @option options [Boolean] :use_dualstack_endpoint
+    #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
+    #     will be used if available.
+    #
+    #   @option options [Boolean] :use_fips_endpoint
+    #     When set to `true`, fips compatible endpoints will be used if available.
+    #     When a `fips` region is used, the region is normalized and this config
+    #     is set to `true`.
+    #
     #   @option options [Boolean] :validate_params (true)
     #     When `true`, request parameters are validated before
     #     sending the request.
     #
-    #   @option options [URI::HTTP,String] :http_proxy A proxy to send
-    #     requests through.  Formatted like 'http://proxy.com:123'.
+    #   @option options [Aws::SSO::EndpointProvider] :endpoint_provider
+    #     The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::SSO::EndpointParameters`
     #
-    #   @option options [Float] :http_open_timeout (15) The number of
-    #     seconds to wait when opening a HTTP session before raising a
-    #     `Timeout::Error`.
+    #   @option options [Float] :http_continue_timeout (1)
+    #     The number of seconds to wait for a 100-continue response before sending the
+    #     request body.  This option has no effect unless the request has "Expect"
+    #     header set to "100-continue".  Defaults to `nil` which  disables this
+    #     behaviour.  This value can safely be set per request on the session.
     #
-    #   @option options [Integer] :http_read_timeout (60) The default
-    #     number of seconds to wait for response data.  This value can
-    #     safely be set per-request on the session.
+    #   @option options [Float] :http_idle_timeout (5)
+    #     The number of seconds a connection is allowed to sit idle before it
+    #     is considered stale.  Stale connections are closed and removed from the
+    #     pool before making a request.
     #
-    #   @option options [Float] :http_idle_timeout (5) The number of
-    #     seconds a connection is allowed to sit idle before it is
-    #     considered stale.  Stale connections are closed and removed
-    #     from the pool before making a request.
+    #   @option options [Float] :http_open_timeout (15)
+    #     The default number of seconds to wait for response data.
+    #     This value can safely be set per-request on the session.
     #
-    #   @option options [Float] :http_continue_timeout (1) The number of
-    #     seconds to wait for a 100-continue response before sending the
-    #     request body.  This option has no effect unless the request has
-    #     "Expect" header set to "100-continue".  Defaults to `nil` which
-    #     disables this behaviour.  This value can safely be set per
-    #     request on the session.
+    #   @option options [URI::HTTP,String] :http_proxy
+    #     A proxy to send requests through.  Formatted like 'http://proxy.com:123'.
     #
-    #   @option options [Boolean] :http_wire_trace (false) When `true`,
-    #     HTTP debug output will be sent to the `:logger`.
+    #   @option options [Float] :http_read_timeout (60)
+    #     The default number of seconds to wait for response data.
+    #     This value can safely be set per-request on the session.
     #
-    #   @option options [Boolean] :ssl_verify_peer (true) When `true`,
-    #     SSL peer certificates are verified when establishing a
-    #     connection.
+    #   @option options [Boolean] :http_wire_trace (false)
+    #     When `true`,  HTTP debug output will be sent to the `:logger`.
     #
-    #   @option options [String] :ssl_ca_bundle Full path to the SSL
-    #     certificate authority bundle file that should be used when
-    #     verifying peer certificates.  If you do not pass
-    #     `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default
-    #     will be used if available.
+    #   @option options [Proc] :on_chunk_received
+    #     When a Proc object is provided, it will be used as callback when each chunk
+    #     of the response body is received. It provides three arguments: the chunk,
+    #     the number of bytes received, and the total number of
+    #     bytes in the response (or nil if the server did not send a `content-length`).
+    #
+    #   @option options [Proc] :on_chunk_sent
+    #     When a Proc object is provided, it will be used as callback when each chunk
+    #     of the request body is sent. It provides three arguments: the chunk,
+    #     the number of bytes read from the body, and the total number of
+    #     bytes in the body.
+    #
+    #   @option options [Boolean] :raise_response_errors (true)
+    #     When `true`, response errors are raised.
     #
-    #   @option options [String] :ssl_ca_directory Full path of the
-    #     directory that contains the unbundled SSL certificate
+    #   @option options [String] :ssl_ca_bundle
+    #     Full path to the SSL certificate authority bundle file that should be used when
+    #     verifying peer certificates.  If you do not pass `:ssl_ca_bundle` or
+    #     `:ssl_ca_directory` the the system default will be used if available.
+    #
+    #   @option options [String] :ssl_ca_directory
+    #     Full path of the directory that contains the unbundled SSL certificate
     #     authority files for verifying peer certificates.  If you do
-    #     not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the
-    #     system default will be used if available.
+    #     not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the system
+    #     default will be used if available.
+    #
+    #   @option options [String] :ssl_ca_store
+    #     Sets the X509::Store to verify peer certificate.
+    #
+    #   @option options [Float] :ssl_timeout
+    #     Sets the SSL timeout in seconds
+    #
+    #   @option options [Boolean] :ssl_verify_peer (true)
+    #     When `true`, SSL peer certificates are verified when establishing a connection.
     #
     def initialize(*args)
       super
@@ -340,7 +424,8 @@ module Aws::SSO
     #
     # @option params [required, String] :access_token
     #   The token issued by the `CreateToken` API call. For more information,
-    #   see [CreateToken][1] in the *AWS SSO OIDC API Reference Guide*.
+    #   see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
+    #   Guide*.
     #
     #
     #
@@ -385,7 +470,8 @@ module Aws::SSO
     #
     # @option params [required, String] :access_token
     #   The token issued by the `CreateToken` API call. For more information,
-    #   see [CreateToken][1] in the *AWS SSO OIDC API Reference Guide*.
+    #   see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
+    #   Guide*.
     #
     #
     #
@@ -428,8 +514,8 @@ module Aws::SSO
 
     # Lists all AWS accounts assigned to the user. These AWS accounts are
     # assigned by the administrator of the account. For more information,
-    # see [Assign User Access][1] in the *AWS SSO User Guide*. This
-    # operation returns a paginated response.
+    # see [Assign User Access][1] in the *IAM Identity Center User Guide*.
+    # This operation returns a paginated response.
     #
     #
     #
@@ -444,7 +530,8 @@ module Aws::SSO
     #
     # @option params [required, String] :access_token
     #   The token issued by the `CreateToken` API call. For more information,
-    #   see [CreateToken][1] in the *AWS SSO OIDC API Reference Guide*.
+    #   see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
+    #   Guide*.
     #
     #
     #
@@ -482,12 +569,32 @@ module Aws::SSO
       req.send_request(options)
     end
 
-    # Removes the client- and server-side session that is associated with
-    # the user.
+    # Removes the locally stored SSO tokens from the client-side cache and
+    # sends an API call to the IAM Identity Center service to invalidate the
+    # corresponding server-side IAM Identity Center sign in session.
+    #
+    # <note markdown="1"> If a user uses IAM Identity Center to access the AWS CLI, the user’s
+    # IAM Identity Center sign in session is used to obtain an IAM session,
+    # as specified in the corresponding IAM Identity Center permission set.
+    # More specifically, IAM Identity Center assumes an IAM role in the
+    # target account on behalf of the user, and the corresponding temporary
+    # AWS credentials are returned to the client.
+    #
+    #  After user logout, any existing IAM role sessions that were created by
+    # using IAM Identity Center permission sets continue based on the
+    # duration configured in the permission set. For more information, see
+    # [User authentications][1] in the *IAM Identity Center User Guide*.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html
     #
     # @option params [required, String] :access_token
     #   The token issued by the `CreateToken` API call. For more information,
-    #   see [CreateToken][1] in the *AWS SSO OIDC API Reference Guide*.
+    #   see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
+    #   Guide*.
     #
     #
     #
@@ -523,7 +630,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.117.0'
+      context[:gem_version] = '3.197.2'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso/endpoint_parameters.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+module Aws::SSO
+  # Endpoint parameters used to influence endpoints per request.
+  #
+  # @!attribute region
+  #   The AWS region used to dispatch the request.
+  #
+  #   @return [String]
+  #
+  # @!attribute use_dual_stack
+  #   When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.
+  #
+  #   @return [Boolean]
+  #
+  # @!attribute use_fips
+  #   When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.
+  #
+  #   @return [Boolean]
+  #
+  # @!attribute endpoint
+  #   Override the endpoint used to send this request
+  #
+  #   @return [String]
+  #
+  EndpointParameters = Struct.new(
+    :region,
+    :use_dual_stack,
+    :use_fips,
+    :endpoint,
+  ) do
+    include Aws::Structure
+
+    # @api private
+    class << self
+      PARAM_MAP = {
+        'Region' => :region,
+        'UseDualStack' => :use_dual_stack,
+        'UseFIPS' => :use_fips,
+        'Endpoint' => :endpoint,
+      }.freeze
+    end
+
+    def initialize(options = {})
+      self[:region] = options[:region]
+      self[:use_dual_stack] = options[:use_dual_stack]
+      self[:use_dual_stack] = false if self[:use_dual_stack].nil?
+      if self[:use_dual_stack].nil?
+        raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack"
+      end
+      self[:use_fips] = options[:use_fips]
+      self[:use_fips] = false if self[:use_fips].nil?
+      if self[:use_fips].nil?
+        raise ArgumentError, "Missing required EndpointParameter: :use_fips"
+      end
+      self[:endpoint] = options[:endpoint]
+    end
+  end
+end

data/lib/aws-sdk-sso/endpoint_provider.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+module Aws::SSO
+  class EndpointProvider
+    def resolve_endpoint(parameters)
+      region = parameters.region
+      use_dual_stack = parameters.use_dual_stack
+      use_fips = parameters.use_fips
+      endpoint = parameters.endpoint
+      if Aws::Endpoints::Matchers.set?(endpoint)
+        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+          raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
+        end
+        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
+        end
+        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+      end
+      if Aws::Endpoints::Matchers.set?(region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+              if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
+                return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.amazonaws.com", headers: {}, properties: {})
+              end
+              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
+          end
+          return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+        end
+      end
+      raise ArgumentError, "Invalid Configuration: Missing Region"
+      raise ArgumentError, 'No endpoint could be resolved'
+
+    end
+  end
+end

data/lib/aws-sdk-sso/endpoints.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+
+module Aws::SSO
+  # @api private
+  module Endpoints
+
+    class GetRoleCredentials
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::SSO::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
+    class ListAccountRoles
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::SSO::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
+    class ListAccounts
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::SSO::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
+    class Logout
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::SSO::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
+  end
+end

data/lib/aws-sdk-sso/plugins/endpoints.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+
+module Aws::SSO
+  module Plugins
+    class Endpoints < Seahorse::Client::Plugin
+      option(
+        :endpoint_provider,
+        doc_type: 'Aws::SSO::EndpointProvider',
+        rbs_type: 'untyped',
+        docstring: 'The endpoint provider used to resolve endpoints. Any '\
+                   'object that responds to `#resolve_endpoint(parameters)` '\
+                   'where `parameters` is a Struct similar to '\
+                   '`Aws::SSO::EndpointParameters`'
+      ) do |cfg|
+        Aws::SSO::EndpointProvider.new
+      end
+
+      # @api private
+      class Handler < Seahorse::Client::Handler
+        def call(context)
+          unless context[:discovered_endpoint]
+            params = parameters_for_operation(context)
+            endpoint = context.config.endpoint_provider.resolve_endpoint(params)
+
+            context.http_request.endpoint = endpoint.url
+            apply_endpoint_headers(context, endpoint.headers)
+
+            context[:endpoint_params] = params
+            context[:endpoint_properties] = endpoint.properties
+          end
+
+          context[:auth_scheme] =
+            Aws::Endpoints.resolve_auth_scheme(context, endpoint)
+
+          @handler.call(context)
+        end
+
+        private
+
+        def apply_endpoint_headers(context, headers)
+          headers.each do |key, values|
+            value = values
+              .compact
+              .map { |s| Seahorse::Util.escape_header_list_string(s.to_s) }
+              .join(',')
+
+            context.http_request.headers[key] = value
+          end
+        end
+
+        def parameters_for_operation(context)
+          case context.operation_name
+          when :get_role_credentials
+            Aws::SSO::Endpoints::GetRoleCredentials.build(context)
+          when :list_account_roles
+            Aws::SSO::Endpoints::ListAccountRoles.build(context)
+          when :list_accounts
+            Aws::SSO::Endpoints::ListAccounts.build(context)
+          when :logout
+            Aws::SSO::Endpoints::Logout.build(context)
+          end
+        end
+      end
+
+      def add_handlers(handlers, _config)
+        handlers.add(Handler, step: :build, priority: 75)
+      end
+    end
+  end
+end