aws-sdk-core 3.124.0 → 3.186.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (113) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +552 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-defaults/default_configuration.rb +153 -0
  5. data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
  6. data/lib/aws-defaults.rb +3 -0
  7. data/lib/aws-sdk-core/arn.rb +13 -0
  8. data/lib/aws-sdk-core/assume_role_credentials.rb +21 -7
  9. data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +14 -10
  10. data/lib/aws-sdk-core/binary/encode_handler.rb +12 -1
  11. data/lib/aws-sdk-core/client_stubs.rb +5 -1
  12. data/lib/aws-sdk-core/credential_provider.rb +3 -0
  13. data/lib/aws-sdk-core/credential_provider_chain.rb +8 -5
  14. data/lib/aws-sdk-core/ec2_metadata.rb +3 -2
  15. data/lib/aws-sdk-core/ecs_credentials.rb +121 -53
  16. data/lib/aws-sdk-core/endpoints/condition.rb +41 -0
  17. data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
  18. data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +75 -0
  19. data/lib/aws-sdk-core/endpoints/error_rule.rb +42 -0
  20. data/lib/aws-sdk-core/endpoints/function.rb +80 -0
  21. data/lib/aws-sdk-core/endpoints/matchers.rb +131 -0
  22. data/lib/aws-sdk-core/endpoints/reference.rb +31 -0
  23. data/lib/aws-sdk-core/endpoints/rule.rb +25 -0
  24. data/lib/aws-sdk-core/endpoints/rule_set.rb +52 -0
  25. data/lib/aws-sdk-core/endpoints/rules_provider.rb +37 -0
  26. data/lib/aws-sdk-core/endpoints/templater.rb +58 -0
  27. data/lib/aws-sdk-core/endpoints/tree_rule.rb +45 -0
  28. data/lib/aws-sdk-core/endpoints/url.rb +60 -0
  29. data/lib/aws-sdk-core/endpoints.rb +78 -0
  30. data/lib/aws-sdk-core/errors.rb +15 -2
  31. data/lib/aws-sdk-core/ini_parser.rb +7 -0
  32. data/lib/aws-sdk-core/instance_profile_credentials.rb +124 -31
  33. data/lib/aws-sdk-core/json/error_handler.rb +20 -1
  34. data/lib/aws-sdk-core/json/parser.rb +1 -1
  35. data/lib/aws-sdk-core/log/formatter.rb +6 -0
  36. data/lib/aws-sdk-core/pageable_response.rb +81 -32
  37. data/lib/aws-sdk-core/param_validator.rb +2 -2
  38. data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
  39. data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
  40. data/lib/aws-sdk-core/plugins/credentials_configuration.rb +24 -0
  41. data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
  42. data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +6 -2
  43. data/lib/aws-sdk-core/plugins/http_checksum.rb +8 -1
  44. data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
  45. data/lib/aws-sdk-core/plugins/recursion_detection.rb +38 -0
  46. data/lib/aws-sdk-core/plugins/regional_endpoint.rb +111 -30
  47. data/lib/aws-sdk-core/plugins/request_compression.rb +217 -0
  48. data/lib/aws-sdk-core/plugins/response_paging.rb +1 -1
  49. data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +7 -4
  50. data/lib/aws-sdk-core/plugins/retry_errors.rb +21 -5
  51. data/lib/aws-sdk-core/plugins/sign.rb +201 -0
  52. data/lib/aws-sdk-core/plugins/signature_v2.rb +1 -0
  53. data/lib/aws-sdk-core/plugins/signature_v4.rb +15 -8
  54. data/lib/aws-sdk-core/plugins/stub_responses.rb +5 -1
  55. data/lib/aws-sdk-core/plugins/user_agent.rb +117 -14
  56. data/lib/aws-sdk-core/process_credentials.rb +9 -11
  57. data/lib/aws-sdk-core/refreshing_credentials.rb +41 -16
  58. data/lib/aws-sdk-core/refreshing_token.rb +71 -0
  59. data/lib/aws-sdk-core/rest/handler.rb +1 -1
  60. data/lib/aws-sdk-core/rest/request/headers.rb +11 -8
  61. data/lib/aws-sdk-core/rest/request/querystring_builder.rb +43 -29
  62. data/lib/aws-sdk-core/shared_config.rb +108 -12
  63. data/lib/aws-sdk-core/sso_credentials.rb +91 -50
  64. data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
  65. data/lib/aws-sdk-core/static_token_provider.rb +14 -0
  66. data/lib/aws-sdk-core/structure.rb +6 -4
  67. data/lib/aws-sdk-core/stubbing/stub_data.rb +11 -0
  68. data/lib/aws-sdk-core/token.rb +31 -0
  69. data/lib/aws-sdk-core/token_provider.rb +15 -0
  70. data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
  71. data/lib/aws-sdk-core/waiters/poller.rb +3 -1
  72. data/lib/aws-sdk-core/xml/error_handler.rb +7 -0
  73. data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
  74. data/lib/aws-sdk-core/xml/parser/engines/ox.rb +1 -1
  75. data/lib/aws-sdk-core.rb +17 -0
  76. data/lib/aws-sdk-sso/client.rb +85 -12
  77. data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
  78. data/lib/aws-sdk-sso/endpoint_provider.rb +57 -0
  79. data/lib/aws-sdk-sso/endpoints.rb +72 -0
  80. data/lib/aws-sdk-sso/plugins/endpoints.rb +76 -0
  81. data/lib/aws-sdk-sso/types.rb +8 -43
  82. data/lib/aws-sdk-sso.rb +5 -1
  83. data/lib/aws-sdk-ssooidc/client.rb +626 -0
  84. data/lib/aws-sdk-ssooidc/client_api.rb +216 -0
  85. data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
  86. data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
  87. data/lib/aws-sdk-ssooidc/endpoint_provider.rb +57 -0
  88. data/lib/aws-sdk-ssooidc/endpoints.rb +58 -0
  89. data/lib/aws-sdk-ssooidc/errors.rb +290 -0
  90. data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +74 -0
  91. data/lib/aws-sdk-ssooidc/resource.rb +26 -0
  92. data/lib/aws-sdk-ssooidc/types.rb +502 -0
  93. data/lib/aws-sdk-ssooidc.rb +59 -0
  94. data/lib/aws-sdk-sts/client.rb +332 -263
  95. data/lib/aws-sdk-sts/client_api.rb +12 -1
  96. data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
  97. data/lib/aws-sdk-sts/endpoint_provider.rb +112 -0
  98. data/lib/aws-sdk-sts/endpoints.rb +136 -0
  99. data/lib/aws-sdk-sts/plugins/endpoints.rb +84 -0
  100. data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +5 -1
  101. data/lib/aws-sdk-sts/presigner.rb +13 -15
  102. data/lib/aws-sdk-sts/types.rb +121 -204
  103. data/lib/aws-sdk-sts.rb +5 -1
  104. data/lib/seahorse/client/async_base.rb +0 -1
  105. data/lib/seahorse/client/configuration.rb +1 -5
  106. data/lib/seahorse/client/h2/connection.rb +12 -11
  107. data/lib/seahorse/client/net_http/connection_pool.rb +7 -0
  108. data/lib/seahorse/client/plugins/net_http.rb +33 -2
  109. data/lib/seahorse/client/plugins/request_callback.rb +40 -9
  110. data/lib/seahorse/client/response.rb +6 -0
  111. data/lib/seahorse/model/operation.rb +6 -0
  112. data/lib/seahorse/util.rb +4 -0
  113. metadata +62 -8
@@ -43,6 +43,8 @@ module Aws::STS
43
43
  NameQualifier = Shapes::StringShape.new(name: 'NameQualifier')
44
44
  PackedPolicyTooLargeException = Shapes::StructureShape.new(name: 'PackedPolicyTooLargeException')
45
45
  PolicyDescriptorType = Shapes::StructureShape.new(name: 'PolicyDescriptorType')
46
+ ProvidedContext = Shapes::StructureShape.new(name: 'ProvidedContext')
47
+ ProvidedContextsListType = Shapes::ListShape.new(name: 'ProvidedContextsListType')
46
48
  RegionDisabledException = Shapes::StructureShape.new(name: 'RegionDisabledException')
47
49
  SAMLAssertionType = Shapes::StringShape.new(name: 'SAMLAssertionType')
48
50
  Subject = Shapes::StringShape.new(name: 'Subject')
@@ -54,6 +56,7 @@ module Aws::STS
54
56
  arnType = Shapes::StringShape.new(name: 'arnType')
55
57
  assumedRoleIdType = Shapes::StringShape.new(name: 'assumedRoleIdType')
56
58
  clientTokenType = Shapes::StringShape.new(name: 'clientTokenType')
59
+ contextAssertionType = Shapes::StringShape.new(name: 'contextAssertionType')
57
60
  dateType = Shapes::TimestampShape.new(name: 'dateType')
58
61
  decodedMessageType = Shapes::StringShape.new(name: 'decodedMessageType')
59
62
  durationSecondsType = Shapes::IntegerShape.new(name: 'durationSecondsType')
@@ -81,6 +84,7 @@ module Aws::STS
81
84
  tagValueType = Shapes::StringShape.new(name: 'tagValueType')
82
85
  tokenCodeType = Shapes::StringShape.new(name: 'tokenCodeType')
83
86
  tokenType = Shapes::StringShape.new(name: 'tokenType')
87
+ unrestrictedSessionPolicyDocumentType = Shapes::StringShape.new(name: 'unrestrictedSessionPolicyDocumentType')
84
88
  urlType = Shapes::StringShape.new(name: 'urlType')
85
89
  userIdType = Shapes::StringShape.new(name: 'userIdType')
86
90
  userNameType = Shapes::StringShape.new(name: 'userNameType')
@@ -89,7 +93,7 @@ module Aws::STS
89
93
  AssumeRoleRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "RoleArn"))
90
94
  AssumeRoleRequest.add_member(:role_session_name, Shapes::ShapeRef.new(shape: roleSessionNameType, required: true, location_name: "RoleSessionName"))
91
95
  AssumeRoleRequest.add_member(:policy_arns, Shapes::ShapeRef.new(shape: policyDescriptorListType, location_name: "PolicyArns"))
92
- AssumeRoleRequest.add_member(:policy, Shapes::ShapeRef.new(shape: sessionPolicyDocumentType, location_name: "Policy"))
96
+ AssumeRoleRequest.add_member(:policy, Shapes::ShapeRef.new(shape: unrestrictedSessionPolicyDocumentType, location_name: "Policy"))
93
97
  AssumeRoleRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: roleDurationSecondsType, location_name: "DurationSeconds"))
94
98
  AssumeRoleRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
95
99
  AssumeRoleRequest.add_member(:transitive_tag_keys, Shapes::ShapeRef.new(shape: tagKeyListType, location_name: "TransitiveTagKeys"))
@@ -97,6 +101,7 @@ module Aws::STS
97
101
  AssumeRoleRequest.add_member(:serial_number, Shapes::ShapeRef.new(shape: serialNumberType, location_name: "SerialNumber"))
98
102
  AssumeRoleRequest.add_member(:token_code, Shapes::ShapeRef.new(shape: tokenCodeType, location_name: "TokenCode"))
99
103
  AssumeRoleRequest.add_member(:source_identity, Shapes::ShapeRef.new(shape: sourceIdentityType, location_name: "SourceIdentity"))
104
+ AssumeRoleRequest.add_member(:provided_contexts, Shapes::ShapeRef.new(shape: ProvidedContextsListType, location_name: "ProvidedContexts"))
100
105
  AssumeRoleRequest.struct_class = Types::AssumeRoleRequest
101
106
 
102
107
  AssumeRoleResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials"))
@@ -219,6 +224,12 @@ module Aws::STS
219
224
  PolicyDescriptorType.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, location_name: "arn"))
220
225
  PolicyDescriptorType.struct_class = Types::PolicyDescriptorType
221
226
 
227
+ ProvidedContext.add_member(:provider_arn, Shapes::ShapeRef.new(shape: arnType, location_name: "ProviderArn"))
228
+ ProvidedContext.add_member(:context_assertion, Shapes::ShapeRef.new(shape: contextAssertionType, location_name: "ContextAssertion"))
229
+ ProvidedContext.struct_class = Types::ProvidedContext
230
+
231
+ ProvidedContextsListType.member = Shapes::ShapeRef.new(shape: ProvidedContext)
232
+
222
233
  RegionDisabledException.add_member(:message, Shapes::ShapeRef.new(shape: regionDisabledMessage, location_name: "message"))
223
234
  RegionDisabledException.struct_class = Types::RegionDisabledException
224
235
 
@@ -0,0 +1,78 @@
1
+ # frozen_string_literal: true
2
+
3
+ # WARNING ABOUT GENERATED CODE
4
+ #
5
+ # This file is generated. See the contributing guide for more information:
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
+ #
8
+ # WARNING ABOUT GENERATED CODE
9
+
10
+ module Aws::STS
11
+ # Endpoint parameters used to influence endpoints per request.
12
+ #
13
+ # @!attribute region
14
+ # The AWS region used to dispatch the request.
15
+ #
16
+ # @return [String]
17
+ #
18
+ # @!attribute use_dual_stack
19
+ # When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.
20
+ #
21
+ # @return [Boolean]
22
+ #
23
+ # @!attribute use_fips
24
+ # When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.
25
+ #
26
+ # @return [Boolean]
27
+ #
28
+ # @!attribute endpoint
29
+ # Override the endpoint used to send this request
30
+ #
31
+ # @return [String]
32
+ #
33
+ # @!attribute use_global_endpoint
34
+ # Whether the global endpoint should be used, rather then the regional endpoint for us-east-1.
35
+ #
36
+ # @return [Boolean]
37
+ #
38
+ EndpointParameters = Struct.new(
39
+ :region,
40
+ :use_dual_stack,
41
+ :use_fips,
42
+ :endpoint,
43
+ :use_global_endpoint,
44
+ ) do
45
+ include Aws::Structure
46
+
47
+ # @api private
48
+ class << self
49
+ PARAM_MAP = {
50
+ 'Region' => :region,
51
+ 'UseDualStack' => :use_dual_stack,
52
+ 'UseFIPS' => :use_fips,
53
+ 'Endpoint' => :endpoint,
54
+ 'UseGlobalEndpoint' => :use_global_endpoint,
55
+ }.freeze
56
+ end
57
+
58
+ def initialize(options = {})
59
+ self[:region] = options[:region]
60
+ self[:use_dual_stack] = options[:use_dual_stack]
61
+ self[:use_dual_stack] = false if self[:use_dual_stack].nil?
62
+ if self[:use_dual_stack].nil?
63
+ raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack"
64
+ end
65
+ self[:use_fips] = options[:use_fips]
66
+ self[:use_fips] = false if self[:use_fips].nil?
67
+ if self[:use_fips].nil?
68
+ raise ArgumentError, "Missing required EndpointParameter: :use_fips"
69
+ end
70
+ self[:endpoint] = options[:endpoint]
71
+ self[:use_global_endpoint] = options[:use_global_endpoint]
72
+ self[:use_global_endpoint] = false if self[:use_global_endpoint].nil?
73
+ if self[:use_global_endpoint].nil?
74
+ raise ArgumentError, "Missing required EndpointParameter: :use_global_endpoint"
75
+ end
76
+ end
77
+ end
78
+ end
@@ -0,0 +1,112 @@
1
+ # frozen_string_literal: true
2
+
3
+ # WARNING ABOUT GENERATED CODE
4
+ #
5
+ # This file is generated. See the contributing guide for more information:
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
+ #
8
+ # WARNING ABOUT GENERATED CODE
9
+
10
+ module Aws::STS
11
+ class EndpointProvider
12
+ def resolve_endpoint(parameters)
13
+ region = parameters.region
14
+ use_dual_stack = parameters.use_dual_stack
15
+ use_fips = parameters.use_fips
16
+ endpoint = parameters.endpoint
17
+ use_global_endpoint = parameters.use_global_endpoint
18
+ if Aws::Endpoints::Matchers.boolean_equals?(use_global_endpoint, true) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(endpoint)) && Aws::Endpoints::Matchers.set?(region) && (partition_result = Aws::Endpoints::Matchers.aws_partition(region)) && Aws::Endpoints::Matchers.boolean_equals?(use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
19
+ if Aws::Endpoints::Matchers.string_equals?(region, "ap-northeast-1")
20
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
21
+ end
22
+ if Aws::Endpoints::Matchers.string_equals?(region, "ap-south-1")
23
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
24
+ end
25
+ if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-1")
26
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
27
+ end
28
+ if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-2")
29
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
30
+ end
31
+ if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
32
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
33
+ end
34
+ if Aws::Endpoints::Matchers.string_equals?(region, "ca-central-1")
35
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
36
+ end
37
+ if Aws::Endpoints::Matchers.string_equals?(region, "eu-central-1")
38
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
39
+ end
40
+ if Aws::Endpoints::Matchers.string_equals?(region, "eu-north-1")
41
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
42
+ end
43
+ if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-1")
44
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
45
+ end
46
+ if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-2")
47
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
48
+ end
49
+ if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-3")
50
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
51
+ end
52
+ if Aws::Endpoints::Matchers.string_equals?(region, "sa-east-1")
53
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
54
+ end
55
+ if Aws::Endpoints::Matchers.string_equals?(region, "us-east-1")
56
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
57
+ end
58
+ if Aws::Endpoints::Matchers.string_equals?(region, "us-east-2")
59
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
60
+ end
61
+ if Aws::Endpoints::Matchers.string_equals?(region, "us-west-1")
62
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
63
+ end
64
+ if Aws::Endpoints::Matchers.string_equals?(region, "us-west-2")
65
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
66
+ end
67
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"#{region}"}]})
68
+ end
69
+ if Aws::Endpoints::Matchers.set?(endpoint)
70
+ if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
71
+ raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
72
+ end
73
+ if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
74
+ raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
75
+ end
76
+ return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
77
+ end
78
+ if Aws::Endpoints::Matchers.set?(region)
79
+ if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
80
+ if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
81
+ if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
82
+ return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
83
+ end
84
+ raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
85
+ end
86
+ if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
87
+ if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
88
+ if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
89
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.amazonaws.com", headers: {}, properties: {})
90
+ end
91
+ return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
92
+ end
93
+ raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
94
+ end
95
+ if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
96
+ if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
97
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
98
+ end
99
+ raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
100
+ end
101
+ if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
102
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
103
+ end
104
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
105
+ end
106
+ end
107
+ raise ArgumentError, "Invalid Configuration: Missing Region"
108
+ raise ArgumentError, 'No endpoint could be resolved'
109
+
110
+ end
111
+ end
112
+ end
@@ -0,0 +1,136 @@
1
+ # frozen_string_literal: true
2
+
3
+ # WARNING ABOUT GENERATED CODE
4
+ #
5
+ # This file is generated. See the contributing guide for more information:
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
+ #
8
+ # WARNING ABOUT GENERATED CODE
9
+
10
+
11
+ module Aws::STS
12
+ # @api private
13
+ module Endpoints
14
+
15
+ class AssumeRole
16
+ def self.build(context)
17
+ unless context.config.regional_endpoint
18
+ endpoint = context.config.endpoint.to_s
19
+ end
20
+ Aws::STS::EndpointParameters.new(
21
+ region: context.config.region,
22
+ use_dual_stack: context.config.use_dualstack_endpoint,
23
+ use_fips: context.config.use_fips_endpoint,
24
+ endpoint: endpoint,
25
+ use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
26
+ )
27
+ end
28
+ end
29
+
30
+ class AssumeRoleWithSAML
31
+ def self.build(context)
32
+ unless context.config.regional_endpoint
33
+ endpoint = context.config.endpoint.to_s
34
+ end
35
+ Aws::STS::EndpointParameters.new(
36
+ region: context.config.region,
37
+ use_dual_stack: context.config.use_dualstack_endpoint,
38
+ use_fips: context.config.use_fips_endpoint,
39
+ endpoint: endpoint,
40
+ use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
41
+ )
42
+ end
43
+ end
44
+
45
+ class AssumeRoleWithWebIdentity
46
+ def self.build(context)
47
+ unless context.config.regional_endpoint
48
+ endpoint = context.config.endpoint.to_s
49
+ end
50
+ Aws::STS::EndpointParameters.new(
51
+ region: context.config.region,
52
+ use_dual_stack: context.config.use_dualstack_endpoint,
53
+ use_fips: context.config.use_fips_endpoint,
54
+ endpoint: endpoint,
55
+ use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
56
+ )
57
+ end
58
+ end
59
+
60
+ class DecodeAuthorizationMessage
61
+ def self.build(context)
62
+ unless context.config.regional_endpoint
63
+ endpoint = context.config.endpoint.to_s
64
+ end
65
+ Aws::STS::EndpointParameters.new(
66
+ region: context.config.region,
67
+ use_dual_stack: context.config.use_dualstack_endpoint,
68
+ use_fips: context.config.use_fips_endpoint,
69
+ endpoint: endpoint,
70
+ use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
71
+ )
72
+ end
73
+ end
74
+
75
+ class GetAccessKeyInfo
76
+ def self.build(context)
77
+ unless context.config.regional_endpoint
78
+ endpoint = context.config.endpoint.to_s
79
+ end
80
+ Aws::STS::EndpointParameters.new(
81
+ region: context.config.region,
82
+ use_dual_stack: context.config.use_dualstack_endpoint,
83
+ use_fips: context.config.use_fips_endpoint,
84
+ endpoint: endpoint,
85
+ use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
86
+ )
87
+ end
88
+ end
89
+
90
+ class GetCallerIdentity
91
+ def self.build(context)
92
+ unless context.config.regional_endpoint
93
+ endpoint = context.config.endpoint.to_s
94
+ end
95
+ Aws::STS::EndpointParameters.new(
96
+ region: context.config.region,
97
+ use_dual_stack: context.config.use_dualstack_endpoint,
98
+ use_fips: context.config.use_fips_endpoint,
99
+ endpoint: endpoint,
100
+ use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
101
+ )
102
+ end
103
+ end
104
+
105
+ class GetFederationToken
106
+ def self.build(context)
107
+ unless context.config.regional_endpoint
108
+ endpoint = context.config.endpoint.to_s
109
+ end
110
+ Aws::STS::EndpointParameters.new(
111
+ region: context.config.region,
112
+ use_dual_stack: context.config.use_dualstack_endpoint,
113
+ use_fips: context.config.use_fips_endpoint,
114
+ endpoint: endpoint,
115
+ use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
116
+ )
117
+ end
118
+ end
119
+
120
+ class GetSessionToken
121
+ def self.build(context)
122
+ unless context.config.regional_endpoint
123
+ endpoint = context.config.endpoint.to_s
124
+ end
125
+ Aws::STS::EndpointParameters.new(
126
+ region: context.config.region,
127
+ use_dual_stack: context.config.use_dualstack_endpoint,
128
+ use_fips: context.config.use_fips_endpoint,
129
+ endpoint: endpoint,
130
+ use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
131
+ )
132
+ end
133
+ end
134
+
135
+ end
136
+ end
@@ -0,0 +1,84 @@
1
+ # frozen_string_literal: true
2
+
3
+ # WARNING ABOUT GENERATED CODE
4
+ #
5
+ # This file is generated. See the contributing guide for more information:
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
+ #
8
+ # WARNING ABOUT GENERATED CODE
9
+
10
+
11
+ module Aws::STS
12
+ module Plugins
13
+ class Endpoints < Seahorse::Client::Plugin
14
+ option(
15
+ :endpoint_provider,
16
+ doc_type: 'Aws::STS::EndpointProvider',
17
+ docstring: 'The endpoint provider used to resolve endpoints. Any '\
18
+ 'object that responds to `#resolve_endpoint(parameters)` '\
19
+ 'where `parameters` is a Struct similar to '\
20
+ '`Aws::STS::EndpointParameters`'
21
+ ) do |cfg|
22
+ Aws::STS::EndpointProvider.new
23
+ end
24
+
25
+ # @api private
26
+ class Handler < Seahorse::Client::Handler
27
+ def call(context)
28
+ # If endpoint was discovered, do not resolve or apply the endpoint.
29
+ unless context[:discovered_endpoint]
30
+ params = parameters_for_operation(context)
31
+ endpoint = context.config.endpoint_provider.resolve_endpoint(params)
32
+
33
+ context.http_request.endpoint = endpoint.url
34
+ apply_endpoint_headers(context, endpoint.headers)
35
+ end
36
+
37
+ context[:endpoint_params] = params
38
+ context[:auth_scheme] =
39
+ Aws::Endpoints.resolve_auth_scheme(context, endpoint)
40
+
41
+ @handler.call(context)
42
+ end
43
+
44
+ private
45
+
46
+ def apply_endpoint_headers(context, headers)
47
+ headers.each do |key, values|
48
+ value = values
49
+ .compact
50
+ .map { |s| Seahorse::Util.escape_header_list_string(s.to_s) }
51
+ .join(',')
52
+
53
+ context.http_request.headers[key] = value
54
+ end
55
+ end
56
+
57
+ def parameters_for_operation(context)
58
+ case context.operation_name
59
+ when :assume_role
60
+ Aws::STS::Endpoints::AssumeRole.build(context)
61
+ when :assume_role_with_saml
62
+ Aws::STS::Endpoints::AssumeRoleWithSAML.build(context)
63
+ when :assume_role_with_web_identity
64
+ Aws::STS::Endpoints::AssumeRoleWithWebIdentity.build(context)
65
+ when :decode_authorization_message
66
+ Aws::STS::Endpoints::DecodeAuthorizationMessage.build(context)
67
+ when :get_access_key_info
68
+ Aws::STS::Endpoints::GetAccessKeyInfo.build(context)
69
+ when :get_caller_identity
70
+ Aws::STS::Endpoints::GetCallerIdentity.build(context)
71
+ when :get_federation_token
72
+ Aws::STS::Endpoints::GetFederationToken.build(context)
73
+ when :get_session_token
74
+ Aws::STS::Endpoints::GetSessionToken.build(context)
75
+ end
76
+ end
77
+ end
78
+
79
+ def add_handlers(handlers, _config)
80
+ handlers.add(Handler, step: :build, priority: 75)
81
+ end
82
+ end
83
+ end
84
+ end
@@ -24,7 +24,11 @@ regions to resolve to the STS global endpoint.
24
24
  env_mode = nil if env_mode == ''
25
25
  cfg_mode = Aws.shared_config.sts_regional_endpoints(
26
26
  profile: cfg.profile)
27
- env_mode || cfg_mode || 'regional'
27
+ default_mode_value =
28
+ if cfg.respond_to?(:defaults_mode_config_resolver)
29
+ cfg.defaults_mode_config_resolver.resolve(:sts_regional_endpoints)
30
+ end
31
+ env_mode || cfg_mode || default_mode_value || 'regional'
28
32
  end
29
33
 
30
34
  end
@@ -38,7 +38,8 @@ module Aws
38
38
  # {https://ruby-doc.org/stdlib-2.3.1/libdoc/base64/rdoc/Base64.html#method-i-encode64}
39
39
  # "k8s-aws-v1." + Base64.urlsafe_encode64(url).chomp("==")
40
40
  def get_caller_identity_presigned_url(options = {})
41
- req = @client.build_request(:get_session_token, {})
41
+ req = @client.build_request(:get_caller_identity, {})
42
+ context = req.context
42
43
 
43
44
  param_list = Aws::Query::ParamList.new
44
45
  param_list.set('Action', 'GetCallerIdentity')
@@ -46,26 +47,23 @@ module Aws
46
47
  Aws::Query::EC2ParamBuilder.new(param_list)
47
48
  .apply(req.context.operation.input, {})
48
49
 
49
- signer = Aws::Sigv4::Signer.new(
50
- service: 'sts',
51
- region: req.context.config.region,
52
- credentials_provider: req.context.config.credentials
50
+ endpoint_params = Aws::STS::EndpointParameters.new(
51
+ region: context.config.region,
52
+ use_dual_stack: context.config.use_dualstack_endpoint,
53
+ use_fips: context.config.use_fips_endpoint,
54
+ use_global_endpoint: context.config.sts_regional_endpoints == 'legacy'
53
55
  )
56
+ endpoint = context.config.endpoint_provider
57
+ .resolve_endpoint(endpoint_params)
58
+ auth_scheme = Aws::Endpoints.resolve_auth_scheme(context, endpoint)
54
59
 
55
- url = Aws::Partitions::EndpointProvider.resolve(
56
- req.context.config.region,
57
- 'sts',
58
- req.context.config.sts_regional_endpoints,
59
- {
60
- dualstack: req.context.config.use_dualstack_endpoint,
61
- fips: req.context.config.use_fips_endpoint
62
- }
60
+ signer = Aws::Plugins::Sign.signer_for(
61
+ auth_scheme, context.config
63
62
  )
64
- url += "/?#{param_list}"
65
63
 
66
64
  signer.presign_url(
67
65
  http_method: 'GET',
68
- url: url,
66
+ url: "#{endpoint.url}/?#{param_list}",
69
67
  body: '',
70
68
  headers: options[:headers]
71
69
  ).to_s