aws-sdk-core 3.122.0 → 3.180.1

data/lib/aws-sdk-sso/client.rb

@@ -27,7 +27,11 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/http_checksum.rb'
-require 'aws-sdk-core/plugins/signature_v4.rb'
+require 'aws-sdk-core/plugins/checksum_algorithm.rb'
+require 'aws-sdk-core/plugins/request_compression.rb'
+require 'aws-sdk-core/plugins/defaults_mode.rb'
+require 'aws-sdk-core/plugins/recursion_detection.rb'
+require 'aws-sdk-core/plugins/sign.rb'
 require 'aws-sdk-core/plugins/protocols/rest_json.rb'
 
 Aws::Plugins::GlobalConfiguration.add_identifier(:sso)
@@ -73,8 +77,13 @@ module Aws::SSO
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::HttpChecksum)
-    add_plugin(Aws::Plugins::SignatureV4)
+    add_plugin(Aws::Plugins::ChecksumAlgorithm)
+    add_plugin(Aws::Plugins::RequestCompression)
+    add_plugin(Aws::Plugins::DefaultsMode)
+    add_plugin(Aws::Plugins::RecursionDetection)
+    add_plugin(Aws::Plugins::Sign)
     add_plugin(Aws::Plugins::Protocols::RestJson)
+    add_plugin(Aws::SSO::Plugins::Endpoints)
 
     # @overload initialize(options)
     #   @param [Hash] options
@@ -119,7 +128,9 @@ module Aws::SSO
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
     #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts.
+    #       enable retries and extended timeouts. Instance profile credential
+    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
+    #       to true.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -173,10 +184,18 @@ module Aws::SSO
     #     Used only in `standard` and adaptive retry modes. Specifies whether to apply
     #     a clock skew correction and retry requests with skewed client clocks.
     #
+    #   @option options [String] :defaults_mode ("legacy")
+    #     See {Aws::DefaultsModeConfiguration} for a list of the
+    #     accepted modes and the configuration defaults that are included.
+    #
     #   @option options [Boolean] :disable_host_prefix_injection (false)
     #     Set to true to disable SDK automatically adding host prefix
     #     to default service endpoint when available.
     #
+    #   @option options [Boolean] :disable_request_compression (false)
+    #     When set to 'true' the request body will not be compressed
+    #     for supported operations.
+    #
     #   @option options [String] :endpoint
     #     The client endpoint is normally constructed from the `:region`
     #     option. You should only configure an `:endpoint` when connecting
@@ -197,6 +216,10 @@ module Aws::SSO
     #   @option options [Boolean] :endpoint_discovery (false)
     #     When set to `true`, endpoint discovery will be enabled for operations when available.
     #
+    #   @option options [Boolean] :ignore_configured_endpoint_urls
+    #     Setting to true disables use of endpoint URLs provided via environment
+    #     variables and the shared configuration file.
+    #
     #   @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
     #     The log formatter.
     #
@@ -217,6 +240,11 @@ module Aws::SSO
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [Integer] :request_min_compression_size_bytes (10240)
+    #     The minimum size in bytes that triggers compression for request
+    #     bodies. The value must be non-negative integer value between 0
+    #     and 10485780 bytes inclusive.
+    #
     #   @option options [Proc] :retry_backoff
     #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
     #     This option is only used in the `legacy` retry mode.
@@ -262,6 +290,11 @@ module Aws::SSO
     #       in the future.
     #
     #
+    #   @option options [String] :sdk_ua_app_id
+    #     A unique and opaque application ID that is appended to the
+    #     User-Agent header as app/<sdk_ua_app_id>. It should have a
+    #     maximum length of 50.
+    #
     #   @option options [String] :secret_access_key
     #
     #   @option options [String] :session_token
@@ -275,6 +308,19 @@ module Aws::SSO
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Aws::TokenProvider] :token_provider
+    #     A Bearer Token Provider. This can be an instance of any one of the
+    #     following classes:
+    #
+    #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+    #       tokens.
+    #
+    #     * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+    #     will be used to search for tokens configured for your profile in shared configuration files.
+    #
     #   @option options [Boolean] :use_dualstack_endpoint
     #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
     #     will be used if available.
@@ -288,6 +334,9 @@ module Aws::SSO
     #     When `true`, request parameters are validated before
     #     sending the request.
     #
+    #   @option options [Aws::SSO::EndpointProvider] :endpoint_provider
+    #     The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::SSO::EndpointParameters`
+    #
     #   @option options [URI::HTTP,String] :http_proxy A proxy to send
     #     requests through.  Formatted like 'http://proxy.com:123'.
     #
@@ -295,7 +344,7 @@ module Aws::SSO
     #     seconds to wait when opening a HTTP session before raising a
     #     `Timeout::Error`.
     #
-    #   @option options [Integer] :http_read_timeout (60) The default
+    #   @option options [Float] :http_read_timeout (60) The default
     #     number of seconds to wait for response data.  This value can
     #     safely be set per-request on the session.
     #
@@ -311,6 +360,9 @@ module Aws::SSO
     #     disables this behaviour.  This value can safely be set per
     #     request on the session.
     #
+    #   @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
+    #     in seconds.
+    #
     #   @option options [Boolean] :http_wire_trace (false) When `true`,
     #     HTTP debug output will be sent to the `:logger`.
     #
@@ -347,7 +399,8 @@ module Aws::SSO
     #
     # @option params [required, String] :access_token
     #   The token issued by the `CreateToken` API call. For more information,
-    #   see [CreateToken][1] in the *AWS SSO OIDC API Reference Guide*.
+    #   see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
+    #   Guide*.
     #
     #
     #
@@ -392,7 +445,8 @@ module Aws::SSO
     #
     # @option params [required, String] :access_token
     #   The token issued by the `CreateToken` API call. For more information,
-    #   see [CreateToken][1] in the *AWS SSO OIDC API Reference Guide*.
+    #   see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
+    #   Guide*.
     #
     #
     #
@@ -435,8 +489,8 @@ module Aws::SSO
 
     # Lists all AWS accounts assigned to the user. These AWS accounts are
     # assigned by the administrator of the account. For more information,
-    # see [Assign User Access][1] in the *AWS SSO User Guide*. This
-    # operation returns a paginated response.
+    # see [Assign User Access][1] in the *IAM Identity Center User Guide*.
+    # This operation returns a paginated response.
     #
     #
     #
@@ -451,7 +505,8 @@ module Aws::SSO
     #
     # @option params [required, String] :access_token
     #   The token issued by the `CreateToken` API call. For more information,
-    #   see [CreateToken][1] in the *AWS SSO OIDC API Reference Guide*.
+    #   see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
+    #   Guide*.
     #
     #
     #
@@ -489,12 +544,32 @@ module Aws::SSO
       req.send_request(options)
     end
 
-    # Removes the client- and server-side session that is associated with
-    # the user.
+    # Removes the locally stored SSO tokens from the client-side cache and
+    # sends an API call to the IAM Identity Center service to invalidate the
+    # corresponding server-side IAM Identity Center sign in session.
+    #
+    # <note markdown="1"> If a user uses IAM Identity Center to access the AWS CLI, the user’s
+    # IAM Identity Center sign in session is used to obtain an IAM session,
+    # as specified in the corresponding IAM Identity Center permission set.
+    # More specifically, IAM Identity Center assumes an IAM role in the
+    # target account on behalf of the user, and the corresponding temporary
+    # AWS credentials are returned to the client.
+    #
+    #  After user logout, any existing IAM role sessions that were created by
+    # using IAM Identity Center permission sets continue based on the
+    # duration configured in the permission set. For more information, see
+    # [User authentications][1] in the *IAM Identity Center User Guide*.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html
     #
     # @option params [required, String] :access_token
     #   The token issued by the `CreateToken` API call. For more information,
-    #   see [CreateToken][1] in the *AWS SSO OIDC API Reference Guide*.
+    #   see [CreateToken][1] in the *IAM Identity Center OIDC API Reference
+    #   Guide*.
     #
     #
     #
@@ -530,7 +605,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.122.0'
+      context[:gem_version] = '3.180.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso/endpoint_parameters.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+module Aws::SSO
+  # Endpoint parameters used to influence endpoints per request.
+  #
+  # @!attribute region
+  #   The AWS region used to dispatch the request.
+  #
+  #   @return [String]
+  #
+  # @!attribute use_dual_stack
+  #   When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.
+  #
+  #   @return [Boolean]
+  #
+  # @!attribute use_fips
+  #   When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.
+  #
+  #   @return [Boolean]
+  #
+  # @!attribute endpoint
+  #   Override the endpoint used to send this request
+  #
+  #   @return [String]
+  #
+  EndpointParameters = Struct.new(
+    :region,
+    :use_dual_stack,
+    :use_fips,
+    :endpoint,
+  ) do
+    include Aws::Structure
+
+    # @api private
+    class << self
+      PARAM_MAP = {
+        'Region' => :region,
+        'UseDualStack' => :use_dual_stack,
+        'UseFIPS' => :use_fips,
+        'Endpoint' => :endpoint,
+      }.freeze
+    end
+
+    def initialize(options = {})
+      self[:region] = options[:region]
+      self[:use_dual_stack] = options[:use_dual_stack]
+      self[:use_dual_stack] = false if self[:use_dual_stack].nil?
+      if self[:use_dual_stack].nil?
+        raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack"
+      end
+      self[:use_fips] = options[:use_fips]
+      self[:use_fips] = false if self[:use_fips].nil?
+      if self[:use_fips].nil?
+        raise ArgumentError, "Missing required EndpointParameter: :use_fips"
+      end
+      self[:endpoint] = options[:endpoint]
+    end
+  end
+end

data/lib/aws-sdk-sso/endpoint_provider.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+module Aws::SSO
+  class EndpointProvider
+    def resolve_endpoint(parameters)
+      region = parameters.region
+      use_dual_stack = parameters.use_dual_stack
+      use_fips = parameters.use_fips
+      endpoint = parameters.endpoint
+      if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
+        if Aws::Endpoints::Matchers.set?(endpoint) && (url = Aws::Endpoints::Matchers.parse_url(endpoint))
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+            raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+            raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
+          end
+          return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+        end
+        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+            return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+          end
+          raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
+        end
+        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+            return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+          end
+          raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+        end
+        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+            return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+          end
+          raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
+        end
+        return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+      end
+      raise ArgumentError, 'No endpoint could be resolved'
+
+    end
+  end
+end

data/lib/aws-sdk-sso/endpoints.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+
+module Aws::SSO
+  # @api private
+  module Endpoints
+
+    class GetRoleCredentials
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::SSO::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
+    class ListAccountRoles
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::SSO::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
+    class ListAccounts
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::SSO::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
+    class Logout
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::SSO::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
+  end
+end

data/lib/aws-sdk-sso/plugins/endpoints.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+
+module Aws::SSO
+  module Plugins
+    class Endpoints < Seahorse::Client::Plugin
+      option(
+        :endpoint_provider,
+        doc_type: 'Aws::SSO::EndpointProvider',
+        docstring: 'The endpoint provider used to resolve endpoints. Any '\
+                   'object that responds to `#resolve_endpoint(parameters)` '\
+                   'where `parameters` is a Struct similar to '\
+                   '`Aws::SSO::EndpointParameters`'
+      ) do |cfg|
+        Aws::SSO::EndpointProvider.new
+      end
+
+      # @api private
+      class Handler < Seahorse::Client::Handler
+        def call(context)
+          # If endpoint was discovered, do not resolve or apply the endpoint.
+          unless context[:discovered_endpoint]
+            params = parameters_for_operation(context)
+            endpoint = context.config.endpoint_provider.resolve_endpoint(params)
+
+            context.http_request.endpoint = endpoint.url
+            apply_endpoint_headers(context, endpoint.headers)
+          end
+
+          context[:endpoint_params] = params
+          context[:auth_scheme] =
+            Aws::Endpoints.resolve_auth_scheme(context, endpoint)
+
+          @handler.call(context)
+        end
+
+        private
+
+        def apply_endpoint_headers(context, headers)
+          headers.each do |key, values|
+            value = values
+              .compact
+              .map { |s| Seahorse::Util.escape_header_list_string(s.to_s) }
+              .join(',')
+
+            context.http_request.headers[key] = value
+          end
+        end
+
+        def parameters_for_operation(context)
+          case context.operation_name
+          when :get_role_credentials
+            Aws::SSO::Endpoints::GetRoleCredentials.build(context)
+          when :list_account_roles
+            Aws::SSO::Endpoints::ListAccountRoles.build(context)
+          when :list_accounts
+            Aws::SSO::Endpoints::ListAccounts.build(context)
+          when :logout
+            Aws::SSO::Endpoints::Logout.build(context)
+          end
+        end
+      end
+
+      def add_handlers(handlers, _config)
+        handlers.add(Handler, step: :build, priority: 75)
+      end
+    end
+  end
+end

data/lib/aws-sdk-sso/types.rb

@@ -34,15 +34,6 @@ module Aws::SSO
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetRoleCredentialsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         role_name: "RoleNameType", # required
-    #         account_id: "AccountIdType", # required
-    #         access_token: "AccessTokenType", # required
-    #       }
-    #
     # @!attribute [rw] role_name
     #   The friendly name of the role that is assigned to the user.
     #   @return [String]
@@ -53,8 +44,8 @@ module Aws::SSO
     #
     # @!attribute [rw] access_token
     #   The token issued by the `CreateToken` API call. For more
-    #   information, see [CreateToken][1] in the *AWS SSO OIDC API Reference
-    #   Guide*.
+    #   information, see [CreateToken][1] in the *IAM Identity Center OIDC
+    #   API Reference Guide*.
     #
     #
     #
@@ -97,16 +88,6 @@ module Aws::SSO
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListAccountRolesRequest
-    #   data as a hash:
-    #
-    #       {
-    #         next_token: "NextTokenType",
-    #         max_results: 1,
-    #         access_token: "AccessTokenType", # required
-    #         account_id: "AccountIdType", # required
-    #       }
-    #
     # @!attribute [rw] next_token
     #   The page token from the previous response output when you request
     #   subsequent pages.
@@ -118,8 +99,8 @@ module Aws::SSO
     #
     # @!attribute [rw] access_token
     #   The token issued by the `CreateToken` API call. For more
-    #   information, see [CreateToken][1] in the *AWS SSO OIDC API Reference
-    #   Guide*.
+    #   information, see [CreateToken][1] in the *IAM Identity Center OIDC
+    #   API Reference Guide*.
     #
     #
     #
@@ -159,15 +140,6 @@ module Aws::SSO
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListAccountsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         next_token: "NextTokenType",
-    #         max_results: 1,
-    #         access_token: "AccessTokenType", # required
-    #       }
-    #
     # @!attribute [rw] next_token
     #   (Optional) When requesting subsequent pages, this is the page token
     #   from the previous response output.
@@ -179,8 +151,8 @@ module Aws::SSO
     #
     # @!attribute [rw] access_token
     #   The token issued by the `CreateToken` API call. For more
-    #   information, see [CreateToken][1] in the *AWS SSO OIDC API Reference
-    #   Guide*.
+    #   information, see [CreateToken][1] in the *IAM Identity Center OIDC
+    #   API Reference Guide*.
     #
     #
     #
@@ -215,17 +187,10 @@ module Aws::SSO
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass LogoutRequest
-    #   data as a hash:
-    #
-    #       {
-    #         access_token: "AccessTokenType", # required
-    #       }
-    #
     # @!attribute [rw] access_token
     #   The token issued by the `CreateToken` API call. For more
-    #   information, see [CreateToken][1] in the *AWS SSO OIDC API Reference
-    #   Guide*.
+    #   information, see [CreateToken][1] in the *IAM Identity Center OIDC
+    #   API Reference Guide*.
     #
     #
     #

data/lib/aws-sdk-sso.rb

@@ -15,9 +15,13 @@ end
 
 require_relative 'aws-sdk-sso/types'
 require_relative 'aws-sdk-sso/client_api'
+require_relative 'aws-sdk-sso/plugins/endpoints.rb'
 require_relative 'aws-sdk-sso/client'
 require_relative 'aws-sdk-sso/errors'
 require_relative 'aws-sdk-sso/resource'
+require_relative 'aws-sdk-sso/endpoint_parameters'
+require_relative 'aws-sdk-sso/endpoint_provider'
+require_relative 'aws-sdk-sso/endpoints'
 require_relative 'aws-sdk-sso/customizations'
 
 # This module provides support for AWS Single Sign-On. This module is available in the
@@ -50,6 +54,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
 
-  GEM_VERSION = '3.122.0'
+  GEM_VERSION = '3.180.1'
 
 end