aws-sdk-core 3.170.1 → 3.240.0

data/lib/aws-sdk-sts/client_api.rb

@@ -7,6 +7,7 @@
 #
 # WARNING ABOUT GENERATED CODE
 
+
 module Aws::STS
   # @api private
   module ClientApi
@@ -19,60 +20,80 @@ module Aws::STS
     AssumeRoleWithSAMLResponse = Shapes::StructureShape.new(name: 'AssumeRoleWithSAMLResponse')
     AssumeRoleWithWebIdentityRequest = Shapes::StructureShape.new(name: 'AssumeRoleWithWebIdentityRequest')
     AssumeRoleWithWebIdentityResponse = Shapes::StructureShape.new(name: 'AssumeRoleWithWebIdentityResponse')
+    AssumeRootRequest = Shapes::StructureShape.new(name: 'AssumeRootRequest')
+    AssumeRootResponse = Shapes::StructureShape.new(name: 'AssumeRootResponse')
     AssumedRoleUser = Shapes::StructureShape.new(name: 'AssumedRoleUser')
     Audience = Shapes::StringShape.new(name: 'Audience')
     Credentials = Shapes::StructureShape.new(name: 'Credentials')
     DecodeAuthorizationMessageRequest = Shapes::StructureShape.new(name: 'DecodeAuthorizationMessageRequest')
     DecodeAuthorizationMessageResponse = Shapes::StructureShape.new(name: 'DecodeAuthorizationMessageResponse')
-    ExpiredTokenException = Shapes::StructureShape.new(name: 'ExpiredTokenException')
+    ExpiredTokenException = Shapes::StructureShape.new(name: 'ExpiredTokenException', error: {"code" => "ExpiredTokenException", "httpStatusCode" => 400, "senderFault" => true})
+    ExpiredTradeInTokenException = Shapes::StructureShape.new(name: 'ExpiredTradeInTokenException', error: {"code" => "ExpiredTradeInTokenException", "httpStatusCode" => 400, "senderFault" => true})
     FederatedUser = Shapes::StructureShape.new(name: 'FederatedUser')
     GetAccessKeyInfoRequest = Shapes::StructureShape.new(name: 'GetAccessKeyInfoRequest')
     GetAccessKeyInfoResponse = Shapes::StructureShape.new(name: 'GetAccessKeyInfoResponse')
     GetCallerIdentityRequest = Shapes::StructureShape.new(name: 'GetCallerIdentityRequest')
     GetCallerIdentityResponse = Shapes::StructureShape.new(name: 'GetCallerIdentityResponse')
+    GetDelegatedAccessTokenRequest = Shapes::StructureShape.new(name: 'GetDelegatedAccessTokenRequest')
+    GetDelegatedAccessTokenResponse = Shapes::StructureShape.new(name: 'GetDelegatedAccessTokenResponse')
     GetFederationTokenRequest = Shapes::StructureShape.new(name: 'GetFederationTokenRequest')
     GetFederationTokenResponse = Shapes::StructureShape.new(name: 'GetFederationTokenResponse')
     GetSessionTokenRequest = Shapes::StructureShape.new(name: 'GetSessionTokenRequest')
     GetSessionTokenResponse = Shapes::StructureShape.new(name: 'GetSessionTokenResponse')
-    IDPCommunicationErrorException = Shapes::StructureShape.new(name: 'IDPCommunicationErrorException')
-    IDPRejectedClaimException = Shapes::StructureShape.new(name: 'IDPRejectedClaimException')
-    InvalidAuthorizationMessageException = Shapes::StructureShape.new(name: 'InvalidAuthorizationMessageException')
-    InvalidIdentityTokenException = Shapes::StructureShape.new(name: 'InvalidIdentityTokenException')
+    GetWebIdentityTokenRequest = Shapes::StructureShape.new(name: 'GetWebIdentityTokenRequest')
+    GetWebIdentityTokenResponse = Shapes::StructureShape.new(name: 'GetWebIdentityTokenResponse')
+    IDPCommunicationErrorException = Shapes::StructureShape.new(name: 'IDPCommunicationErrorException', error: {"code" => "IDPCommunicationError", "httpStatusCode" => 400, "senderFault" => true})
+    IDPRejectedClaimException = Shapes::StructureShape.new(name: 'IDPRejectedClaimException', error: {"code" => "IDPRejectedClaim", "httpStatusCode" => 403, "senderFault" => true})
+    InvalidAuthorizationMessageException = Shapes::StructureShape.new(name: 'InvalidAuthorizationMessageException', error: {"code" => "InvalidAuthorizationMessageException", "httpStatusCode" => 400, "senderFault" => true})
+    InvalidIdentityTokenException = Shapes::StructureShape.new(name: 'InvalidIdentityTokenException', error: {"code" => "InvalidIdentityToken", "httpStatusCode" => 400, "senderFault" => true})
     Issuer = Shapes::StringShape.new(name: 'Issuer')
-    MalformedPolicyDocumentException = Shapes::StructureShape.new(name: 'MalformedPolicyDocumentException')
+    JWTPayloadSizeExceededException = Shapes::StructureShape.new(name: 'JWTPayloadSizeExceededException', error: {"code" => "JWTPayloadSizeExceededException", "httpStatusCode" => 400, "senderFault" => true})
+    MalformedPolicyDocumentException = Shapes::StructureShape.new(name: 'MalformedPolicyDocumentException', error: {"code" => "MalformedPolicyDocument", "httpStatusCode" => 400, "senderFault" => true})
     NameQualifier = Shapes::StringShape.new(name: 'NameQualifier')
-    PackedPolicyTooLargeException = Shapes::StructureShape.new(name: 'PackedPolicyTooLargeException')
+    OutboundWebIdentityFederationDisabledException = Shapes::StructureShape.new(name: 'OutboundWebIdentityFederationDisabledException', error: {"code" => "OutboundWebIdentityFederationDisabledException", "httpStatusCode" => 403, "senderFault" => true})
+    PackedPolicyTooLargeException = Shapes::StructureShape.new(name: 'PackedPolicyTooLargeException', error: {"code" => "PackedPolicyTooLarge", "httpStatusCode" => 400, "senderFault" => true})
     PolicyDescriptorType = Shapes::StructureShape.new(name: 'PolicyDescriptorType')
-    RegionDisabledException = Shapes::StructureShape.new(name: 'RegionDisabledException')
+    ProvidedContext = Shapes::StructureShape.new(name: 'ProvidedContext')
+    ProvidedContextsListType = Shapes::ListShape.new(name: 'ProvidedContextsListType')
+    RegionDisabledException = Shapes::StructureShape.new(name: 'RegionDisabledException', error: {"code" => "RegionDisabledException", "httpStatusCode" => 403, "senderFault" => true})
+    RootDurationSecondsType = Shapes::IntegerShape.new(name: 'RootDurationSecondsType')
     SAMLAssertionType = Shapes::StringShape.new(name: 'SAMLAssertionType')
+    SessionDurationEscalationException = Shapes::StructureShape.new(name: 'SessionDurationEscalationException', error: {"code" => "SessionDurationEscalationException", "httpStatusCode" => 403, "senderFault" => true})
     Subject = Shapes::StringShape.new(name: 'Subject')
     SubjectType = Shapes::StringShape.new(name: 'SubjectType')
     Tag = Shapes::StructureShape.new(name: 'Tag')
+    TargetPrincipalType = Shapes::StringShape.new(name: 'TargetPrincipalType')
     accessKeyIdType = Shapes::StringShape.new(name: 'accessKeyIdType')
     accessKeySecretType = Shapes::StringShape.new(name: 'accessKeySecretType')
     accountType = Shapes::StringShape.new(name: 'accountType')
     arnType = Shapes::StringShape.new(name: 'arnType')
     assumedRoleIdType = Shapes::StringShape.new(name: 'assumedRoleIdType')
     clientTokenType = Shapes::StringShape.new(name: 'clientTokenType')
+    contextAssertionType = Shapes::StringShape.new(name: 'contextAssertionType')
     dateType = Shapes::TimestampShape.new(name: 'dateType')
     decodedMessageType = Shapes::StringShape.new(name: 'decodedMessageType')
     durationSecondsType = Shapes::IntegerShape.new(name: 'durationSecondsType')
     encodedMessageType = Shapes::StringShape.new(name: 'encodedMessageType')
     expiredIdentityTokenMessage = Shapes::StringShape.new(name: 'expiredIdentityTokenMessage')
+    expiredTradeInTokenExceptionMessage = Shapes::StringShape.new(name: 'expiredTradeInTokenExceptionMessage')
     externalIdType = Shapes::StringShape.new(name: 'externalIdType')
     federatedIdType = Shapes::StringShape.new(name: 'federatedIdType')
     idpCommunicationErrorMessage = Shapes::StringShape.new(name: 'idpCommunicationErrorMessage')
     idpRejectedClaimMessage = Shapes::StringShape.new(name: 'idpRejectedClaimMessage')
     invalidAuthorizationMessage = Shapes::StringShape.new(name: 'invalidAuthorizationMessage')
     invalidIdentityTokenMessage = Shapes::StringShape.new(name: 'invalidIdentityTokenMessage')
+    jwtAlgorithmType = Shapes::StringShape.new(name: 'jwtAlgorithmType')
+    jwtPayloadSizeExceededException = Shapes::StringShape.new(name: 'jwtPayloadSizeExceededException')
     malformedPolicyDocumentMessage = Shapes::StringShape.new(name: 'malformedPolicyDocumentMessage')
     nonNegativeIntegerType = Shapes::IntegerShape.new(name: 'nonNegativeIntegerType')
+    outboundWebIdentityFederationDisabledException = Shapes::StringShape.new(name: 'outboundWebIdentityFederationDisabledException')
     packedPolicyTooLargeMessage = Shapes::StringShape.new(name: 'packedPolicyTooLargeMessage')
     policyDescriptorListType = Shapes::ListShape.new(name: 'policyDescriptorListType')
     regionDisabledMessage = Shapes::StringShape.new(name: 'regionDisabledMessage')
     roleDurationSecondsType = Shapes::IntegerShape.new(name: 'roleDurationSecondsType')
     roleSessionNameType = Shapes::StringShape.new(name: 'roleSessionNameType')
     serialNumberType = Shapes::StringShape.new(name: 'serialNumberType')
+    sessionDurationEscalationException = Shapes::StringShape.new(name: 'sessionDurationEscalationException')
     sessionPolicyDocumentType = Shapes::StringShape.new(name: 'sessionPolicyDocumentType')
     sourceIdentityType = Shapes::StringShape.new(name: 'sourceIdentityType')
     tagKeyListType = Shapes::ListShape.new(name: 'tagKeyListType')
@@ -81,15 +102,21 @@ module Aws::STS
     tagValueType = Shapes::StringShape.new(name: 'tagValueType')
     tokenCodeType = Shapes::StringShape.new(name: 'tokenCodeType')
     tokenType = Shapes::StringShape.new(name: 'tokenType')
+    tradeInTokenType = Shapes::StringShape.new(name: 'tradeInTokenType')
+    unrestrictedSessionPolicyDocumentType = Shapes::StringShape.new(name: 'unrestrictedSessionPolicyDocumentType')
     urlType = Shapes::StringShape.new(name: 'urlType')
     userIdType = Shapes::StringShape.new(name: 'userIdType')
     userNameType = Shapes::StringShape.new(name: 'userNameType')
     webIdentitySubjectType = Shapes::StringShape.new(name: 'webIdentitySubjectType')
+    webIdentityTokenAudienceListType = Shapes::ListShape.new(name: 'webIdentityTokenAudienceListType')
+    webIdentityTokenAudienceStringType = Shapes::StringShape.new(name: 'webIdentityTokenAudienceStringType')
+    webIdentityTokenDurationSecondsType = Shapes::IntegerShape.new(name: 'webIdentityTokenDurationSecondsType')
+    webIdentityTokenType = Shapes::StringShape.new(name: 'webIdentityTokenType')
 
     AssumeRoleRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "RoleArn"))
     AssumeRoleRequest.add_member(:role_session_name, Shapes::ShapeRef.new(shape: roleSessionNameType, required: true, location_name: "RoleSessionName"))
     AssumeRoleRequest.add_member(:policy_arns, Shapes::ShapeRef.new(shape: policyDescriptorListType, location_name: "PolicyArns"))
-    AssumeRoleRequest.add_member(:policy, Shapes::ShapeRef.new(shape: sessionPolicyDocumentType, location_name: "Policy"))
+    AssumeRoleRequest.add_member(:policy, Shapes::ShapeRef.new(shape: unrestrictedSessionPolicyDocumentType, location_name: "Policy"))
     AssumeRoleRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: roleDurationSecondsType, location_name: "DurationSeconds"))
     AssumeRoleRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
     AssumeRoleRequest.add_member(:transitive_tag_keys, Shapes::ShapeRef.new(shape: tagKeyListType, location_name: "TransitiveTagKeys"))
@@ -97,6 +124,7 @@ module Aws::STS
     AssumeRoleRequest.add_member(:serial_number, Shapes::ShapeRef.new(shape: serialNumberType, location_name: "SerialNumber"))
     AssumeRoleRequest.add_member(:token_code, Shapes::ShapeRef.new(shape: tokenCodeType, location_name: "TokenCode"))
     AssumeRoleRequest.add_member(:source_identity, Shapes::ShapeRef.new(shape: sourceIdentityType, location_name: "SourceIdentity"))
+    AssumeRoleRequest.add_member(:provided_contexts, Shapes::ShapeRef.new(shape: ProvidedContextsListType, location_name: "ProvidedContexts"))
     AssumeRoleRequest.struct_class = Types::AssumeRoleRequest
 
     AssumeRoleResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials"))
@@ -142,6 +170,15 @@ module Aws::STS
     AssumeRoleWithWebIdentityResponse.add_member(:source_identity, Shapes::ShapeRef.new(shape: sourceIdentityType, location_name: "SourceIdentity"))
     AssumeRoleWithWebIdentityResponse.struct_class = Types::AssumeRoleWithWebIdentityResponse
 
+    AssumeRootRequest.add_member(:target_principal, Shapes::ShapeRef.new(shape: TargetPrincipalType, required: true, location_name: "TargetPrincipal"))
+    AssumeRootRequest.add_member(:task_policy_arn, Shapes::ShapeRef.new(shape: PolicyDescriptorType, required: true, location_name: "TaskPolicyArn"))
+    AssumeRootRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: RootDurationSecondsType, location_name: "DurationSeconds"))
+    AssumeRootRequest.struct_class = Types::AssumeRootRequest
+
+    AssumeRootResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials"))
+    AssumeRootResponse.add_member(:source_identity, Shapes::ShapeRef.new(shape: sourceIdentityType, location_name: "SourceIdentity"))
+    AssumeRootResponse.struct_class = Types::AssumeRootResponse
+
     AssumedRoleUser.add_member(:assumed_role_id, Shapes::ShapeRef.new(shape: assumedRoleIdType, required: true, location_name: "AssumedRoleId"))
     AssumedRoleUser.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "Arn"))
     AssumedRoleUser.struct_class = Types::AssumedRoleUser
@@ -161,6 +198,9 @@ module Aws::STS
     ExpiredTokenException.add_member(:message, Shapes::ShapeRef.new(shape: expiredIdentityTokenMessage, location_name: "message"))
     ExpiredTokenException.struct_class = Types::ExpiredTokenException
 
+    ExpiredTradeInTokenException.add_member(:message, Shapes::ShapeRef.new(shape: expiredTradeInTokenExceptionMessage, location_name: "message"))
+    ExpiredTradeInTokenException.struct_class = Types::ExpiredTradeInTokenException
+
     FederatedUser.add_member(:federated_user_id, Shapes::ShapeRef.new(shape: federatedIdType, required: true, location_name: "FederatedUserId"))
     FederatedUser.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "Arn"))
     FederatedUser.struct_class = Types::FederatedUser
@@ -178,6 +218,14 @@ module Aws::STS
     GetCallerIdentityResponse.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, location_name: "Arn"))
     GetCallerIdentityResponse.struct_class = Types::GetCallerIdentityResponse
 
+    GetDelegatedAccessTokenRequest.add_member(:trade_in_token, Shapes::ShapeRef.new(shape: tradeInTokenType, required: true, location_name: "TradeInToken"))
+    GetDelegatedAccessTokenRequest.struct_class = Types::GetDelegatedAccessTokenRequest
+
+    GetDelegatedAccessTokenResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials"))
+    GetDelegatedAccessTokenResponse.add_member(:packed_policy_size, Shapes::ShapeRef.new(shape: nonNegativeIntegerType, location_name: "PackedPolicySize"))
+    GetDelegatedAccessTokenResponse.add_member(:assumed_principal, Shapes::ShapeRef.new(shape: arnType, location_name: "AssumedPrincipal"))
+    GetDelegatedAccessTokenResponse.struct_class = Types::GetDelegatedAccessTokenResponse
+
     GetFederationTokenRequest.add_member(:name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "Name"))
     GetFederationTokenRequest.add_member(:policy, Shapes::ShapeRef.new(shape: sessionPolicyDocumentType, location_name: "Policy"))
     GetFederationTokenRequest.add_member(:policy_arns, Shapes::ShapeRef.new(shape: policyDescriptorListType, location_name: "PolicyArns"))
@@ -198,6 +246,16 @@ module Aws::STS
     GetSessionTokenResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials"))
     GetSessionTokenResponse.struct_class = Types::GetSessionTokenResponse
 
+    GetWebIdentityTokenRequest.add_member(:audience, Shapes::ShapeRef.new(shape: webIdentityTokenAudienceListType, required: true, location_name: "Audience"))
+    GetWebIdentityTokenRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: webIdentityTokenDurationSecondsType, location_name: "DurationSeconds"))
+    GetWebIdentityTokenRequest.add_member(:signing_algorithm, Shapes::ShapeRef.new(shape: jwtAlgorithmType, required: true, location_name: "SigningAlgorithm"))
+    GetWebIdentityTokenRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
+    GetWebIdentityTokenRequest.struct_class = Types::GetWebIdentityTokenRequest
+
+    GetWebIdentityTokenResponse.add_member(:web_identity_token, Shapes::ShapeRef.new(shape: webIdentityTokenType, location_name: "WebIdentityToken"))
+    GetWebIdentityTokenResponse.add_member(:expiration, Shapes::ShapeRef.new(shape: dateType, location_name: "Expiration"))
+    GetWebIdentityTokenResponse.struct_class = Types::GetWebIdentityTokenResponse
+
     IDPCommunicationErrorException.add_member(:message, Shapes::ShapeRef.new(shape: idpCommunicationErrorMessage, location_name: "message"))
     IDPCommunicationErrorException.struct_class = Types::IDPCommunicationErrorException
 
@@ -210,18 +268,33 @@ module Aws::STS
     InvalidIdentityTokenException.add_member(:message, Shapes::ShapeRef.new(shape: invalidIdentityTokenMessage, location_name: "message"))
     InvalidIdentityTokenException.struct_class = Types::InvalidIdentityTokenException
 
+    JWTPayloadSizeExceededException.add_member(:message, Shapes::ShapeRef.new(shape: jwtPayloadSizeExceededException, location_name: "message"))
+    JWTPayloadSizeExceededException.struct_class = Types::JWTPayloadSizeExceededException
+
     MalformedPolicyDocumentException.add_member(:message, Shapes::ShapeRef.new(shape: malformedPolicyDocumentMessage, location_name: "message"))
     MalformedPolicyDocumentException.struct_class = Types::MalformedPolicyDocumentException
 
+    OutboundWebIdentityFederationDisabledException.add_member(:message, Shapes::ShapeRef.new(shape: outboundWebIdentityFederationDisabledException, location_name: "message"))
+    OutboundWebIdentityFederationDisabledException.struct_class = Types::OutboundWebIdentityFederationDisabledException
+
     PackedPolicyTooLargeException.add_member(:message, Shapes::ShapeRef.new(shape: packedPolicyTooLargeMessage, location_name: "message"))
     PackedPolicyTooLargeException.struct_class = Types::PackedPolicyTooLargeException
 
     PolicyDescriptorType.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, location_name: "arn"))
     PolicyDescriptorType.struct_class = Types::PolicyDescriptorType
 
+    ProvidedContext.add_member(:provider_arn, Shapes::ShapeRef.new(shape: arnType, location_name: "ProviderArn"))
+    ProvidedContext.add_member(:context_assertion, Shapes::ShapeRef.new(shape: contextAssertionType, location_name: "ContextAssertion"))
+    ProvidedContext.struct_class = Types::ProvidedContext
+
+    ProvidedContextsListType.member = Shapes::ShapeRef.new(shape: ProvidedContext)
+
     RegionDisabledException.add_member(:message, Shapes::ShapeRef.new(shape: regionDisabledMessage, location_name: "message"))
     RegionDisabledException.struct_class = Types::RegionDisabledException
 
+    SessionDurationEscalationException.add_member(:message, Shapes::ShapeRef.new(shape: sessionDurationEscalationException, location_name: "message"))
+    SessionDurationEscalationException.struct_class = Types::SessionDurationEscalationException
+
     Tag.add_member(:key, Shapes::ShapeRef.new(shape: tagKeyType, required: true, location_name: "Key"))
     Tag.add_member(:value, Shapes::ShapeRef.new(shape: tagValueType, required: true, location_name: "Value"))
     Tag.struct_class = Types::Tag
@@ -232,6 +305,8 @@ module Aws::STS
 
     tagListType.member = Shapes::ShapeRef.new(shape: Tag)
 
+    webIdentityTokenAudienceListType.member = Shapes::ShapeRef.new(shape: webIdentityTokenAudienceStringType)
+
 
     # @api private
     API = Seahorse::Model::Api.new.tap do |api|
@@ -240,9 +315,11 @@ module Aws::STS
 
       api.metadata = {
         "apiVersion" => "2011-06-15",
+        "auth" => ["aws.auth#sigv4"],
         "endpointPrefix" => "sts",
         "globalEndpoint" => "sts.amazonaws.com",
         "protocol" => "query",
+        "protocols" => ["query"],
         "serviceAbbreviation" => "AWS STS",
         "serviceFullName" => "AWS Security Token Service",
         "serviceId" => "STS",
@@ -268,6 +345,7 @@ module Aws::STS
         o.http_method = "POST"
         o.http_request_uri = "/"
         o['authtype'] = "none"
+        o['auth'] = ["smithy.api#noAuth"]
         o.input = Shapes::ShapeRef.new(shape: AssumeRoleWithSAMLRequest)
         o.output = Shapes::ShapeRef.new(shape: AssumeRoleWithSAMLResponse)
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
@@ -283,6 +361,7 @@ module Aws::STS
         o.http_method = "POST"
         o.http_request_uri = "/"
         o['authtype'] = "none"
+        o['auth'] = ["smithy.api#noAuth"]
         o.input = Shapes::ShapeRef.new(shape: AssumeRoleWithWebIdentityRequest)
         o.output = Shapes::ShapeRef.new(shape: AssumeRoleWithWebIdentityResponse)
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
@@ -294,6 +373,16 @@ module Aws::STS
         o.errors << Shapes::ShapeRef.new(shape: RegionDisabledException)
       end)
 
+      api.add_operation(:assume_root, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "AssumeRoot"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: AssumeRootRequest)
+        o.output = Shapes::ShapeRef.new(shape: AssumeRootResponse)
+        o.errors << Shapes::ShapeRef.new(shape: RegionDisabledException)
+        o.errors << Shapes::ShapeRef.new(shape: ExpiredTokenException)
+      end)
+
       api.add_operation(:decode_authorization_message, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DecodeAuthorizationMessage"
         o.http_method = "POST"
@@ -319,6 +408,17 @@ module Aws::STS
         o.output = Shapes::ShapeRef.new(shape: GetCallerIdentityResponse)
       end)
 
+      api.add_operation(:get_delegated_access_token, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetDelegatedAccessToken"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetDelegatedAccessTokenRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetDelegatedAccessTokenResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ExpiredTradeInTokenException)
+        o.errors << Shapes::ShapeRef.new(shape: RegionDisabledException)
+        o.errors << Shapes::ShapeRef.new(shape: PackedPolicyTooLargeException)
+      end)
+
       api.add_operation(:get_federation_token, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetFederationToken"
         o.http_method = "POST"
@@ -338,6 +438,17 @@ module Aws::STS
         o.output = Shapes::ShapeRef.new(shape: GetSessionTokenResponse)
         o.errors << Shapes::ShapeRef.new(shape: RegionDisabledException)
       end)
+
+      api.add_operation(:get_web_identity_token, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetWebIdentityToken"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetWebIdentityTokenRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetWebIdentityTokenResponse)
+        o.errors << Shapes::ShapeRef.new(shape: SessionDurationEscalationException)
+        o.errors << Shapes::ShapeRef.new(shape: OutboundWebIdentityFederationDisabledException)
+        o.errors << Shapes::ShapeRef.new(shape: JWTPayloadSizeExceededException)
+      end)
     end
 
   end

data/lib/aws-sdk-sts/customizations.rb

@@ -1,4 +1,7 @@
 # frozen_string_literal: true
 
-# utility classes
-require 'aws-sdk-sts/presigner'
+module Aws
+  module STS
+    autoload :Presigner, 'aws-sdk-sts/presigner'
+  end
+end

data/lib/aws-sdk-sts/endpoint_parameters.rb

@@ -13,27 +13,27 @@ module Aws::STS
   # @!attribute region
   #   The AWS region used to dispatch the request.
   #
-  #   @return [String]
+  #   @return [string]
   #
   # @!attribute use_dual_stack
   #   When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.
   #
-  #   @return [Boolean]
+  #   @return [boolean]
   #
   # @!attribute use_fips
   #   When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.
   #
-  #   @return [Boolean]
+  #   @return [boolean]
   #
   # @!attribute endpoint
   #   Override the endpoint used to send this request
   #
-  #   @return [String]
+  #   @return [string]
   #
   # @!attribute use_global_endpoint
   #   Whether the global endpoint should be used, rather then the regional endpoint for us-east-1.
   #
-  #   @return [Boolean]
+  #   @return [boolean]
   #
   EndpointParameters = Struct.new(
     :region,
@@ -59,20 +59,21 @@ module Aws::STS
       self[:region] = options[:region]
       self[:use_dual_stack] = options[:use_dual_stack]
       self[:use_dual_stack] = false if self[:use_dual_stack].nil?
-      if self[:use_dual_stack].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack"
-      end
       self[:use_fips] = options[:use_fips]
       self[:use_fips] = false if self[:use_fips].nil?
-      if self[:use_fips].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :use_fips"
-      end
       self[:endpoint] = options[:endpoint]
       self[:use_global_endpoint] = options[:use_global_endpoint]
       self[:use_global_endpoint] = false if self[:use_global_endpoint].nil?
-      if self[:use_global_endpoint].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :use_global_endpoint"
-      end
+    end
+
+    def self.create(config, options={})
+      new({
+        region: config.region,
+        use_dual_stack: config.use_dualstack_endpoint,
+        use_fips: config.use_fips_endpoint,
+        endpoint: (config.endpoint.to_s unless config.regional_endpoint),
+        use_global_endpoint: config.sts_regional_endpoints == 'legacy',
+      }.merge(options))
     end
   end
 end

data/lib/aws-sdk-sts/endpoint_provider.rb

@@ -10,98 +10,96 @@
 module Aws::STS
   class EndpointProvider
     def resolve_endpoint(parameters)
-      region = parameters.region
-      use_dual_stack = parameters.use_dual_stack
-      use_fips = parameters.use_fips
-      endpoint = parameters.endpoint
-      use_global_endpoint = parameters.use_global_endpoint
-      if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
-        if Aws::Endpoints::Matchers.boolean_equals?(use_global_endpoint, true) && Aws::Endpoints::Matchers.boolean_equals?(use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(endpoint))
-          if Aws::Endpoints::Matchers.string_equals?(region, "ap-northeast-1")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "ap-south-1")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-1")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-2")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "ca-central-1")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "eu-central-1")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "eu-north-1")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-1")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-2")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-3")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "sa-east-1")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "us-east-1")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "us-east-2")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "us-west-1")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          if Aws::Endpoints::Matchers.string_equals?(region, "us-west-2")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
-          end
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"#{region}", "signingName"=>"sts"}]})
+      if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_global_endpoint, true) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(parameters.endpoint)) && Aws::Endpoints::Matchers.set?(parameters.region) && (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region)) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, false)
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-northeast-1")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.set?(endpoint) && (url = Aws::Endpoints::Matchers.parse_url(endpoint))
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
-          end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-            raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
-          end
-          return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-south-1")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-            return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
-          end
-          raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-southeast-1")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
+        end
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-southeast-2")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
+        end
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "aws-global")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-            if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
-              return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ca-central-1")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
+        end
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-central-1")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
+        end
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-north-1")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
+        end
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-west-1")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
+        end
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-west-2")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
+        end
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-west-3")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
+        end
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "sa-east-1")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
+        end
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-east-1")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
+        end
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-east-2")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
+        end
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-west-1")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
+        end
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-west-2")
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
+        end
+        return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "#{parameters.region}"}]})
+      end
+      if Aws::Endpoints::Matchers.set?(parameters.endpoint)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
+          raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
+        end
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
+          raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
+        end
+        return Aws::Endpoints::Endpoint.new(url: parameters.endpoint, headers: {}, properties: {})
+      end
+      if Aws::Endpoints::Matchers.set?(parameters.region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region))
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
-            return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+            raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
+              if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
+                return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.amazonaws.com", headers: {}, properties: {})
+              end
+              return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
           end
-          raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
-        end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
-          raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
-        end
-        if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
+          if Aws::Endpoints::Matchers.string_equals?(parameters.region, "aws-global")
+            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
+          end
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
         end
-        return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
       end
+      raise ArgumentError, "Invalid Configuration: Missing Region"
       raise ArgumentError, 'No endpoint could be resolved'
 
     end