aws-sdk-core 3.200.0 → 3.201.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 370a79ef96fb4ff40cbbfcba57d5b0f01d19220c46f8bc77e96984ed14f10ffd
-  data.tar.gz: 5be2366a83a15ced7f51ceb976a934f5b3a4f26b16337f298d12152f9fe576e8
+  metadata.gz: 3242d42e3e0e5e2edc14b5952789ec1dcf2a1a815c2e3378b8c317279cfb4cde
+  data.tar.gz: ccf76742ca38e548949a69a6d75ad7040e605247b378a597ec6d00336df816f2
 SHA512:
-  metadata.gz: 164598c925b921092a9a9cebc3a28786f6add8737971d3e7322308dad25035d07664a90b7d9cdc01aabb2601a6ebeebeb6ee83a3cfd309fdcd2849eed3f50c51
-  data.tar.gz: 306ce42e04c16d1c7bf3e6509f7641b60be02e74efa80698b3feef014117ee07c256a8703bb6e8de3dd5fc5e33018ff8f1551bef712eb81093b8289e4322ab60
+  metadata.gz: 012726aaef8a0b88c05c1f2168096c9d0f69385f618a1eaba177d949fcf715488d8a7b3475f5eb157f7c0d1a81a7c936851d96f4b25af5a6c1ca329ff98c17ad
+  data.tar.gz: ab95eaef0edc1d0f0a4c04ffa1a1c401b1caff844e56c000df70a8333af8953f82d89828ad52886a5915842c85528399909c895201f666df04a9f015ca8648e9

data/CHANGELOG.md

@@ -1,6 +1,35 @@
 Unreleased Changes
 ------------------
 
+3.201.3 (2024-07-23)
+------------------
+
+* Issue - Add `disableNormalizePath` when resolving auth_scheme for S3.
+
+3.201.2 (2024-07-18)
+------------------
+
+* Issue - Allow modeled types to be used for Union inputs.
+* Issue - Ensure that nested sensitive members and sensitive members of lists and maps are filtered.
+
+3.201.1 (2024-07-05)
+------------------
+
+* Issue - Fix `Aws::ProcessCredentials` warning in cases where shared config is used.
+
+3.201.0 (2024-07-02)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Support `auth` trait to enable SigV4a based services.
+
+* Feature - Support configuration for sigv4a signing regions using `ENV['AWS_SIGV4A_SIGNING_REGION_SET']`, `sigv4a_signing_region_set` shared config, or the `sigv4a_signing_region_set` client option.
+
 3.200.0 (2024-06-28)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.200.0
+3.201.3

data/lib/aws-sdk-core/credential_provider_chain.rb

@@ -84,7 +84,7 @@ module Aws
     def static_profile_process_credentials(options)
       if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
         process_provider = Aws.shared_config.credential_process(profile: options[:config].profile)
-        ProcessCredentials.new(process_provider) if process_provider
+        ProcessCredentials.new([process_provider]) if process_provider
       end
     rescue Errors::NoSuchProfileError
       nil
@@ -117,9 +117,9 @@ module Aws
 
     def process_credentials(options)
       profile_name = determine_profile_name(options)
-      if Aws.shared_config.config_enabled? &&
-         (process_provider = Aws.shared_config.credential_process(profile: profile_name))
-        ProcessCredentials.new(process_provider)
+      if Aws.shared_config.config_enabled?
+        process_provider = Aws.shared_config.credential_process(profile: profile_name)
+        ProcessCredentials.new([process_provider]) if process_provider
       end
     rescue Errors::NoSuchProfileError
       nil

data/lib/aws-sdk-core/endpoints.rb

@@ -14,9 +14,15 @@ require_relative 'endpoints/templater'
 require_relative 'endpoints/tree_rule'
 require_relative 'endpoints/url'
 
+require 'aws-sigv4'
+
 module Aws
   # @api private
   module Endpoints
+    supported_auth_traits = %w[aws.auth#sigv4 smithy.api#httpBearerAuth smithy.api#noAuth]
+    supported_auth_traits += ['aws.auth#sigv4a'] if Aws::Sigv4::Signer.use_crt?
+    SUPPORTED_AUTH_TRAITS = supported_auth_traits.freeze
+
     class << self
       def resolve_auth_scheme(context, endpoint)
         if endpoint && (auth_schemes = endpoint.properties['authSchemes'])
@@ -33,8 +39,71 @@ module Aws
 
       private
 
+      def merge_signing_defaults(auth_scheme, config)
+        if %w[sigv4 sigv4a sigv4-s3express].include?(auth_scheme['name'])
+          auth_scheme['signingName'] ||= sigv4_name(config)
+
+          # back fill disableNormalizePath for S3 until it gets correctly set in the rules
+          if auth_scheme['signingName'] == 's3' &&
+            !auth_scheme.include?('disableNormalizePath') &&
+            auth_scheme.include?('disableDoubleEncoding')
+            auth_scheme['disableNormalizePath'] = auth_scheme['disableDoubleEncoding']
+          end
+          if auth_scheme['name'] == 'sigv4a'
+            # config option supersedes endpoint properties
+            auth_scheme['signingRegionSet'] =
+              config.sigv4a_signing_region_set || auth_scheme['signingRegionSet'] || [config.region]
+          else
+            auth_scheme['signingRegion'] ||= config.region
+          end
+        end
+        auth_scheme
+      end
+
+      def sigv4_name(config)
+        config.api.metadata['signingName'] ||
+          config.api.metadata['endpointPrefix']
+      end
+
       def default_auth_scheme(context)
-        case default_api_authtype(context)
+        if (auth_list = default_api_auth(context))
+          auth = auth_list.find { |a| SUPPORTED_AUTH_TRAITS.include?(a) }
+          case auth
+          when 'aws.auth#sigv4', 'aws.auth#sigv4a'
+            auth_scheme = { 'name' => auth.split('#').last }
+            if s3_or_s3v4_signature_version?(context)
+              auth_scheme = auth_scheme.merge(
+                'disableDoubleEncoding' => true,
+                'disableNormalizePath' => true
+              )
+            end
+            merge_signing_defaults(auth_scheme, context.config)
+          when 'smithy.api#httpBearerAuth'
+            { 'name' => 'bearer' }
+          when 'smithy.api#noAuth'
+            { 'name' => 'none' }
+          else
+            raise 'No supported auth trait for this endpoint.'
+          end
+        else
+          legacy_default_auth_scheme(context)
+        end
+      end
+
+      def default_api_auth(context)
+        context.config.api.operation(context.operation_name)['auth'] ||
+          context.config.api.metadata['auth']
+      end
+
+      def s3_or_s3v4_signature_version?(context)
+        %w[s3 s3v4].include?(context.config.api.metadata['signatureVersion'])
+      end
+
+      # Legacy auth resolution - looks for deprecated signatureVersion
+      # and authType traits.
+
+      def legacy_default_auth_scheme(context)
+        case legacy_default_api_authtype(context)
         when 'v4', 'v4-unsigned-body'
           auth_scheme = { 'name' => 'sigv4' }
           merge_signing_defaults(auth_scheme, context.config)
@@ -52,27 +121,11 @@ module Aws
         end
       end
 
-      def merge_signing_defaults(auth_scheme, config)
-        if %w[sigv4 sigv4a sigv4-s3express].include?(auth_scheme['name'])
-          auth_scheme['signingName'] ||= sigv4_name(config)
-          if auth_scheme['name'] == 'sigv4a'
-            auth_scheme['signingRegionSet'] ||= ['*']
-          else
-            auth_scheme['signingRegion'] ||= config.region
-          end
-        end
-        auth_scheme
-      end
-
-      def default_api_authtype(context)
+      def legacy_default_api_authtype(context)
         context.config.api.operation(context.operation_name)['authtype'] ||
           context.config.api.metadata['signatureVersion']
       end
 
-      def sigv4_name(config)
-        config.api.metadata['signingName'] ||
-          config.api.metadata['endpointPrefix']
-      end
     end
   end
 end

data/lib/aws-sdk-core/errors.rb

@@ -236,6 +236,15 @@ module Aws
       end
     end
 
+    # Raised when a client is constructed and the sigv4a region set is invalid.
+    # It is invalid when it is empty and/or contains empty strings.
+    class InvalidRegionSetError < ArgumentError
+      def initialize(*args)
+        msg = 'The provided sigv4a region set was empty or invalid.'
+        super(msg)
+      end
+    end
+
     # Raised when a client is contsructed and the region is not valid.
     class InvalidRegionError < ArgumentError
       def initialize(*args)

data/lib/aws-sdk-core/log/param_filter.rb

@@ -55,14 +55,14 @@ module Aws
           filtered[key] = if @enabled && filters.include?(key)
             '[FILTERED]'
           else
-            filter(value, type)
+            filter(value, value.class)
           end
         end
         filtered
       end
 
       def filter_array(values, type)
-        values.map { |value| filter(value, type) }
+        values.map { |value| filter(value, value.class) }
       end
 
     end

data/lib/aws-sdk-core/param_validator.rb

@@ -71,7 +71,7 @@ module Aws
         end
 
         if @validate_required && shape.union
-          set_values = @input ? values.length : values.to_h.length
+          set_values = values.to_h.length
           if set_values > 1
             errors << "multiple values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}"
           elsif set_values == 0

data/lib/aws-sdk-core/plugins/bearer_authorization.rb

@@ -4,6 +4,8 @@ module Aws
   # @api private
   module Plugins
     # @api private
+    # Deprecated - does not look at new traits like `auth` and `unsignedPayload`
+    # Necessary to exist after endpoints 2.0 for old service clients + new core
     class BearerAuthorization < Seahorse::Client::Plugin
 
       option(:token_provider,

data/lib/aws-sdk-core/plugins/checksum_algorithm.rb

@@ -238,7 +238,8 @@ module Aws
 
         # determine where (header vs trailer) a request checksum should be added
         def checksum_request_in(context)
-          if context.operation['authtype'].eql?('v4-unsigned-body')
+          if context.operation['unsignedPayload'] ||
+             context.operation['authtype'] == 'v4-unsigned-body'
             'trailer'
           else
             'header'

data/lib/aws-sdk-core/plugins/regional_endpoint.rb

@@ -24,6 +24,21 @@ a default `:region` is searched for in the following locations:
         resolve_region(cfg)
       end
 
+      option(:sigv4a_signing_region_set,
+             doc_type: Array,
+             rbs_type: 'Array[String]',
+             docstring: <<-DOCS) do |cfg|
+A list of regions that should be signed with SigV4a signing. When
+not passed, a default `:sigv4a_signing_region_set` is searched for
+in the following locations:
+
+* `Aws.config[:sigv4a_signing_region_set]`
+* `ENV['AWS_SIGV4A_SIGNING_REGION_SET']`
+* `~/.aws/config`
+        DOCS
+        resolve_sigv4a_signing_region_set(cfg)
+      end
+
       option(:use_dualstack_endpoint,
         doc_type: 'Boolean',
         docstring: <<-DOCS) do |cfg|
@@ -65,9 +80,17 @@ to test or custom endpoints. This should be a valid HTTP(S) URI.
       end
 
       def after_initialize(client)
-        if client.config.region.nil? || client.config.region == ''
-          raise Errors::MissingRegionError
-        end
+        region = client.config.region
+        raise Errors::MissingRegionError if region.nil? || region == ''
+
+        region_set = client.config.sigv4a_signing_region_set
+        return if region_set.nil?
+        raise Errors::InvalidRegionSetError unless region_set.is_a?(Array)
+
+        region_set = region_set.compact.reject(&:empty?)
+        raise Errors::InvalidRegionSetError if region_set.empty?
+
+        client.config.sigv4a_signing_region_set = region_set
       end
 
       class << self
@@ -81,6 +104,12 @@ to test or custom endpoints. This should be a valid HTTP(S) URI.
           env_region || cfg_region
         end
 
+        def resolve_sigv4a_signing_region_set(cfg)
+          value = ENV['AWS_SIGV4A_SIGNING_REGION_SET']
+          value ||= Aws.shared_config.sigv4a_signing_region_set(profile: cfg.profile)
+          value.split(',') if value
+        end
+
         def resolve_use_dualstack_endpoint(cfg)
           value = ENV['AWS_USE_DUALSTACK_ENDPOINT']
           value ||= Aws.shared_config.use_dualstack_endpoint(

data/lib/aws-sdk-core/plugins/sign.rb

@@ -102,7 +102,7 @@ module Aws
           end
 
           region = if scheme_name == 'sigv4a'
-                     auth_scheme['signingRegionSet'].first
+                     auth_scheme['signingRegionSet'].join(',')
                    else
                      auth_scheme['signingRegion']
                    end
@@ -159,17 +159,20 @@ module Aws
         private
 
         def apply_authtype(context, req)
-          # only used for eventstreaming at input
+          # only used for event streaming at input
           if context[:input_event_emitter]
             req.headers['X-Amz-Content-Sha256'] = 'STREAMING-AWS4-HMAC-SHA256-EVENTS'
-          else
-            if context.operation['authtype'].eql?('v4-unsigned-body') &&
-              req.endpoint.scheme.eql?('https')
-              req.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
-            end
+          elsif unsigned_payload?(context, req)
+            req.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
           end
         end
 
+        def unsigned_payload?(context, req)
+          (context.operation['unsignedPayload'] ||
+            context.operation['authtype'] == 'v4-unsigned-body') &&
+            req.endpoint.scheme == 'https'
+        end
+
         def reset_signature(req)
           # in case this request is being re-signed
           req.headers.delete('Authorization')

data/lib/aws-sdk-core/plugins/signature_v2.rb

@@ -3,7 +3,8 @@
 module Aws
   module Plugins
     # @api private
-    # Necessary to keep after Endpoints 2.0
+    # Deprecated - does not look at new traits like `auth` and `unsignedPayload`
+    # Necessary to exist after endpoints 2.0 for old service clients + new core
     class SignatureV2 < Seahorse::Client::Plugin
 
       option(:v2_signer) do |cfg|

data/lib/aws-sdk-core/plugins/signature_v4.rb

@@ -5,7 +5,8 @@ require 'aws-sigv4'
 module Aws
   module Plugins
     # @api private
-    # Necessary to exist after endpoints 2.0
+    # Deprecated - does not look at new traits like `auth` and `unsignedPayload`
+    # Necessary to exist after endpoints 2.0 for old service clients + new core
     class SignatureV4 < Seahorse::Client::Plugin
 
       V4_AUTH = %w[v4 v4-unsigned-payload v4-unsigned-body]

data/lib/aws-sdk-core/plugins/transfer_encoding.rb

@@ -5,7 +5,8 @@ module Aws
 
     # For Streaming Input Operations, when `requiresLength` is enabled
     # checking whether `Content-Length` header can be set,
-    # for `v4-unsigned-body` operations, set `Transfer-Encoding` header
+    # for `unsignedPayload` and `v4-unsigned-body` operations,
+    # set `Transfer-Encoding` header.
     class TransferEncoding < Seahorse::Client::Plugin
 
       # @api private
@@ -16,8 +17,8 @@ module Aws
             unless context.http_request.body.respond_to?(:size)
               if requires_length?(context.operation.input)
                 # if size of the IO is not available but required
-                raise Aws::Errors::MissingContentLength.new
-              elsif context.operation['authtype'] == "v4-unsigned-body"
+                raise Aws::Errors::MissingContentLength
+              elsif unsigned_payload?(context.operation)
                 context.http_request.headers['Transfer-Encoding'] = 'chunked'
               end
             end
@@ -29,18 +30,24 @@ module Aws
         private
 
         def streaming?(ref)
-          if payload = ref[:payload_member]
-            payload["streaming"] || # checking ref and shape
-              payload.shape["streaming"]
+          if (payload = ref[:payload_member])
+            payload['streaming'] || payload.shape['streaming']
           else
             false
           end
         end
 
+        def unsigned_payload?(operation)
+          operation['unsignedPayload'] ||
+            operation['authtype'] == 'v4-unsigned-body'
+        end
+
         def requires_length?(ref)
-          payload = ref[:payload_member]
-          payload["requiresLength"] || # checking ref and shape
-            payload.shape["requiresLength"]
+          if (payload = ref[:payload_member])
+            payload['requiresLength'] || payload.shape['requiresLength']
+          else
+            false
+          end
         end
 
       end

data/lib/aws-sdk-core/shared_config.rb

@@ -198,6 +198,7 @@ module Aws
 
     config_reader(
       :region,
+      :sigv4a_signing_region_set,
       :ca_bundle,
       :credential_process,
       :endpoint_discovery_enabled,
@@ -338,7 +339,7 @@ module Aws
       if @parsed_config
         credential_process ||= @parsed_config.fetch(profile, {})['credential_process']
       end
-      ProcessCredentials.new(credential_process) if credential_process
+      ProcessCredentials.new([credential_process]) if credential_process
     end
 
     def credentials_from_shared(profile, _opts)

data/lib/aws-sdk-sso/client.rb

@@ -312,6 +312,15 @@ module Aws::SSO
     #
     #   @option options [String] :session_token
     #
+    #   @option options [Array] :sigv4a_signing_region_set
+    #     A list of regions that should be signed with SigV4a signing. When
+    #     not passed, a default `:sigv4a_signing_region_set` is searched for
+    #     in the following locations:
+    #
+    #     * `Aws.config[:sigv4a_signing_region_set]`
+    #     * `ENV['AWS_SIGV4A_SIGNING_REGION_SET']`
+    #     * `~/.aws/config`
+    #
     #   @option options [Boolean] :stub_responses (false)
     #     Causes the client to return stubbed responses. By default
     #     fake responses are generated and returned. You can specify
@@ -633,7 +642,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.200.0'
+      context[:gem_version] = '3.201.3'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso/client_api.rb

@@ -129,6 +129,7 @@ module Aws::SSO
         o.http_method = "GET"
         o.http_request_uri = "/federation/credentials"
         o['authtype'] = "none"
+        o['auth'] = ["smithy.api#noAuth"]
         o.input = Shapes::ShapeRef.new(shape: GetRoleCredentialsRequest)
         o.output = Shapes::ShapeRef.new(shape: GetRoleCredentialsResponse)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
@@ -142,6 +143,7 @@ module Aws::SSO
         o.http_method = "GET"
         o.http_request_uri = "/assignment/roles"
         o['authtype'] = "none"
+        o['auth'] = ["smithy.api#noAuth"]
         o.input = Shapes::ShapeRef.new(shape: ListAccountRolesRequest)
         o.output = Shapes::ShapeRef.new(shape: ListAccountRolesResponse)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
@@ -161,6 +163,7 @@ module Aws::SSO
         o.http_method = "GET"
         o.http_request_uri = "/assignment/accounts"
         o['authtype'] = "none"
+        o['auth'] = ["smithy.api#noAuth"]
         o.input = Shapes::ShapeRef.new(shape: ListAccountsRequest)
         o.output = Shapes::ShapeRef.new(shape: ListAccountsResponse)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
@@ -180,6 +183,7 @@ module Aws::SSO
         o.http_method = "POST"
         o.http_request_uri = "/logout"
         o['authtype'] = "none"
+        o['auth'] = ["smithy.api#noAuth"]
         o.input = Shapes::ShapeRef.new(shape: LogoutRequest)
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)

data/lib/aws-sdk-sso.rb

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
 
-  GEM_VERSION = '3.200.0'
+  GEM_VERSION = '3.201.3'
 
 end

data/lib/aws-sdk-ssooidc/client.rb

@@ -312,6 +312,15 @@ module Aws::SSOOIDC
     #
     #   @option options [String] :session_token
     #
+    #   @option options [Array] :sigv4a_signing_region_set
+    #     A list of regions that should be signed with SigV4a signing. When
+    #     not passed, a default `:sigv4a_signing_region_set` is searched for
+    #     in the following locations:
+    #
+    #     * `Aws.config[:sigv4a_signing_region_set]`
+    #     * `ENV['AWS_SIGV4A_SIGNING_REGION_SET']`
+    #     * `~/.aws/config`
+    #
     #   @option options [Boolean] :stub_responses (false)
     #     Causes the client to return stubbed responses. By default
     #     fake responses are generated and returned. You can specify
@@ -986,7 +995,7 @@ module Aws::SSOOIDC
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.200.0'
+      context[:gem_version] = '3.201.3'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ssooidc/client_api.rb

@@ -225,6 +225,7 @@ module Aws::SSOOIDC
         o.http_method = "POST"
         o.http_request_uri = "/token"
         o['authtype'] = "none"
+        o['auth'] = ["smithy.api#noAuth"]
         o.input = Shapes::ShapeRef.new(shape: CreateTokenRequest)
         o.output = Shapes::ShapeRef.new(shape: CreateTokenResponse)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
@@ -265,6 +266,7 @@ module Aws::SSOOIDC
         o.http_method = "POST"
         o.http_request_uri = "/client/register"
         o['authtype'] = "none"
+        o['auth'] = ["smithy.api#noAuth"]
         o.input = Shapes::ShapeRef.new(shape: RegisterClientRequest)
         o.output = Shapes::ShapeRef.new(shape: RegisterClientResponse)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
@@ -280,6 +282,7 @@ module Aws::SSOOIDC
         o.http_method = "POST"
         o.http_request_uri = "/device_authorization"
         o['authtype'] = "none"
+        o['auth'] = ["smithy.api#noAuth"]
         o.input = Shapes::ShapeRef.new(shape: StartDeviceAuthorizationRequest)
         o.output = Shapes::ShapeRef.new(shape: StartDeviceAuthorizationResponse)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)

data/lib/aws-sdk-ssooidc.rb

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-ssooidc/customizations'
 # @!group service
 module Aws::SSOOIDC
 
-  GEM_VERSION = '3.200.0'
+  GEM_VERSION = '3.201.3'
 
 end

data/lib/aws-sdk-sts/client.rb

@@ -314,6 +314,15 @@ module Aws::STS
     #
     #   @option options [String] :session_token
     #
+    #   @option options [Array] :sigv4a_signing_region_set
+    #     A list of regions that should be signed with SigV4a signing. When
+    #     not passed, a default `:sigv4a_signing_region_set` is searched for
+    #     in the following locations:
+    #
+    #     * `Aws.config[:sigv4a_signing_region_set]`
+    #     * `ENV['AWS_SIGV4A_SIGNING_REGION_SET']`
+    #     * `~/.aws/config`
+    #
     #   @option options [String] :sts_regional_endpoints ("regional")
     #     Passing in 'regional' to enable regional endpoint for STS for all supported
     #     regions (except 'aws-global'). Using 'legacy' mode will force all legacy
@@ -2380,7 +2389,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.200.0'
+      context[:gem_version] = '3.201.3'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts/client_api.rb

@@ -280,7 +280,7 @@ module Aws::STS
         o.name = "AssumeRoleWithSAML"
         o.http_method = "POST"
         o.http_request_uri = "/"
-        o['authtype'] = "none"
+        o['auth'] = ["smithy.api#noAuth"]
         o.input = Shapes::ShapeRef.new(shape: AssumeRoleWithSAMLRequest)
         o.output = Shapes::ShapeRef.new(shape: AssumeRoleWithSAMLResponse)
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
@@ -295,7 +295,7 @@ module Aws::STS
         o.name = "AssumeRoleWithWebIdentity"
         o.http_method = "POST"
         o.http_request_uri = "/"
-        o['authtype'] = "none"
+        o['auth'] = ["smithy.api#noAuth"]
         o.input = Shapes::ShapeRef.new(shape: AssumeRoleWithWebIdentityRequest)
         o.output = Shapes::ShapeRef.new(shape: AssumeRoleWithWebIdentityResponse)
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)

data/lib/aws-sdk-sts.rb

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @!group service
 module Aws::STS
 
-  GEM_VERSION = '3.200.0'
+  GEM_VERSION = '3.201.3'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.200.0
+  version: 3.201.3
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-28 00:00:00.000000000 Z
+date: 2024-07-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath