aws-sdk-core 3.203.0 → 3.207.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7bf46cc1c58aa2eab7feaaaa91a1c3042a3fcb9737f8b752e92a2075b20c18e7
-  data.tar.gz: 36d04c3b40f2b9e6a235ed726c6a8bc47d6b5245204ab5cac2fd16a373602dd6
+  metadata.gz: a63894f219adadc4bcde19d3476c76b008c42d68397b5226b749450b09636410
+  data.tar.gz: 5548f6777eac7439ae36dd37725e3c0b476337c4a8cd3543739e65723d100f12
 SHA512:
-  metadata.gz: 696a9df19fd3f81a85d9fdc77300ab98d13ad7aec127d892f2a81ac7994aa324d0a92164fecd63462440c11056781642a44b379e14a1f2c029b32a8c0a5c0f76
-  data.tar.gz: 1255facb9c4205650241f60f2469e89cc576b522f01aacb1907cf57b7c4d7bddcb28ae269b25b4608412e45b5afbd61ec1c367840aa022de7e4a208de595a3ef
+  metadata.gz: 0dcdd4ecb00a84ad875c4a778e327ed9d025cf0db509e2998c388d4a67f1b5f68f0940bd3ea28d4dddf8caa738855e71f0b2aae31ba7d8ce4f245515b7bb34ca
+  data.tar.gz: 5df63f1e46f77d3c1e577dd8008f38005fd16c1d1289d9c79e053aa7e65a2d662c73bd376bda36674986bb35e13d2c426ecc94f3d256d1e7c59940d54d3dea1b

data/CHANGELOG.md

@@ -1,6 +1,46 @@
 Unreleased Changes
 ------------------
 
+3.207.0 (2024-09-20)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Support Account ID credentials using `ENV['AWS_ACCOUNT_ID']`, `aws_account_id` shared config, or the `account_id` Client configuration option.
+
+* Feature - Support Account ID endpoint mode using `ENV['AWS_ACCOUNT_ID_ENDPOINT_MODE']`, `aws_account_id_endpoint_mode` shared config, or the `account_id_endpoint_mode` Client configuration option. Defaults to `preferred`, which will use the account id endpoint if available. Set to `disabled` to disable account id endpoints. Set to `required` to require account id endpoint usage; an error is raised if credentials do not have an account id.
+
+3.206.0 (2024-09-17)
+------------------
+
+* Feature - Support `sigv4a` endpoint auth without CRT.
+
+3.205.0 (2024-09-11)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Issue - Additional metrics collection in the User-Agent plugin.
+
+3.204.0 (2024-09-10)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Issue - Add support for `ssl_cert` and `ssl_key` configuration options to support mTLS.
+
 3.203.0 (2024-09-03)
 ------------------
 
@@ -37,6 +77,7 @@ Unreleased Changes
 ------------------
 
 * Issue - Allow legacy/undocumented `sigv4_signer` configuration to override resolved signer.
+
 * Issue - Consider sigv4a supported without crt check.
 
 3.201.4 (2024-08-08)

data/VERSION

@@ -1 +1 @@
-3.203.0
+3.207.0

data/lib/aws-sdk-core/assume_role_credentials.rb

@@ -62,13 +62,15 @@ module Aws
     private
 
     def refresh
-      c = @client.assume_role(@assume_role_params).credentials
+      c = @client.assume_role(@assume_role_params)
+      creds = c.credentials
       @credentials = Credentials.new(
-        c.access_key_id,
-        c.secret_access_key,
-        c.session_token
+        creds.access_key_id,
+        creds.secret_access_key,
+        creds.session_token,
+        account_id: ARNParser.parse(c.assumed_role_user.arn).account_id
       )
-      @expiration = c.expiration
+      @expiration = creds.expiration
     end
 
     class << self

data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb

@@ -60,7 +60,7 @@ module Aws
         # not provided, generate encoded UUID as session name
         @assume_role_web_identity_params[:role_session_name] = _session_name
       end
-      @client = client_opts[:client] || STS::Client.new(client_opts.merge(credentials: false))
+      @client = client_opts[:client] || STS::Client.new(client_opts.merge(credentials: nil))
       super
     end
 
@@ -73,14 +73,15 @@ module Aws
       # read from token file everytime it refreshes
       @assume_role_web_identity_params[:web_identity_token] = _token_from_file(@token_file)
 
-      c = @client.assume_role_with_web_identity(
-        @assume_role_web_identity_params).credentials
+      c = @client.assume_role_with_web_identity(@assume_role_web_identity_params)
+      creds = c.credentials
       @credentials = Credentials.new(
-        c.access_key_id,
-        c.secret_access_key,
-        c.session_token
+        creds.access_key_id,
+        creds.secret_access_key,
+        creds.session_token,
+        account_id: ARNParser.parse(c.assumed_role_user.arn).account_id
       )
-      @expiration = c.expiration
+      @expiration = creds.expiration
     end
 
     def _token_from_file(path)

data/lib/aws-sdk-core/credential_provider_chain.rb

@@ -45,7 +45,8 @@ module Aws
         Credentials.new(
           options[:config].access_key_id,
           options[:config].secret_access_key,
-          options[:config].session_token
+          options[:config].session_token,
+          account_id: options[:config].account_id
         )
       end
     end
@@ -94,7 +95,13 @@ module Aws
       key =    %w[AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY]
       secret = %w[AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY]
       token =  %w[AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN]
-      Credentials.new(envar(key), envar(secret), envar(token))
+      account_id = %w[AWS_ACCOUNT_ID]
+      Credentials.new(
+        envar(key),
+        envar(secret),
+        envar(token),
+        account_id: envar(account_id)
+      )
     end
 
     def envar(keys)

data/lib/aws-sdk-core/credentials.rb

@@ -6,21 +6,28 @@ module Aws
     # @param [String] access_key_id
     # @param [String] secret_access_key
     # @param [String] session_token (nil)
-    def initialize(access_key_id, secret_access_key, session_token = nil)
+    # @param [Hash] kwargs
+    # @option kwargs [String] :credential_scope (nil)
+    def initialize(access_key_id, secret_access_key, session_token = nil,
+                   **kwargs)
       @access_key_id = access_key_id
       @secret_access_key = secret_access_key
       @session_token = session_token
+      @account_id = kwargs[:account_id]
     end
 
-    # @return [String, nil]
+    # @return [String]
     attr_reader :access_key_id
 
-    # @return [String, nil]
+    # @return [String]
     attr_reader :secret_access_key
 
     # @return [String, nil]
     attr_reader :session_token
 
+    # @return [String, nil]
+    attr_reader :account_id
+
     # @return [Credentials]
     def credentials
       self
@@ -30,9 +37,9 @@ module Aws
     #   access key are both set.
     def set?
       !access_key_id.nil? &&
-      !access_key_id.empty? &&
-      !secret_access_key.nil? &&
-      !secret_access_key.empty?
+        !access_key_id.empty? &&
+        !secret_access_key.nil? &&
+        !secret_access_key.empty?
     end
 
     # Removing the secret access key from the default inspect string.

data/lib/aws-sdk-core/endpoints/endpoint.rb

@@ -3,15 +3,17 @@
 module Aws
   module Endpoints
     class Endpoint
-      def initialize(url:, properties: {}, headers: {})
+      def initialize(url:, properties: {}, headers: {}, metadata: {})
         @url = url
         @properties = properties
         @headers = headers
+        @metadata = metadata
       end
 
       attr_reader :url
       attr_reader :properties
       attr_reader :headers
+      attr_reader :metadata
     end
   end
 end

data/lib/aws-sdk-core/endpoints.rb

@@ -19,9 +19,12 @@ require 'aws-sigv4'
 module Aws
   # @api private
   module Endpoints
-    supported_auth_traits = %w[aws.auth#sigv4 smithy.api#httpBearerAuth smithy.api#noAuth]
-    supported_auth_traits += ['aws.auth#sigv4a'] if Aws::Sigv4::Signer.use_crt?
-    SUPPORTED_AUTH_TRAITS = supported_auth_traits.freeze
+    SUPPORTED_AUTH_TRAITS = %w[
+      aws.auth#sigv4
+      aws.auth#sigv4a
+      smithy.api#httpBearerAuth
+      smithy.api#noAuth
+    ].freeze
 
     class << self
       def resolve_auth_scheme(context, endpoint)

data/lib/aws-sdk-core/plugins/credentials_configuration.rb

@@ -12,6 +12,8 @@ module Aws
 
       option(:session_token, doc_type: String, docstring: '')
 
+      option(:account_id, doc_type: String, docstring: '')
+
       option(:profile,
         doc_default: 'default',
         doc_type: String,
@@ -58,13 +60,15 @@ When `:credentials` are not configured directly, the following
 locations will be searched for credentials:
 
 * `Aws.config[:credentials]`
-* The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
-* ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
+* The `:access_key_id`, `:secret_access_key`, `:session_token`, and
+  `:account_id` options.
+* ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
+  ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
 * `~/.aws/credentials`
 * `~/.aws/config`
 * EC2/ECS IMDS instance profile - When used by default, the timeouts
   are very aggressive. Construct and pass an instance of
-  `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+  `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
   enable retries and extended timeouts. Instance profile credential
   fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
   to true.

data/lib/aws-sdk-core/plugins/regional_endpoint.rb

@@ -205,6 +205,7 @@ to test or custom endpoints. This should be a valid HTTP(S) URI.
             cfg.override_config(:region, new_region)
           end
         end
+
         # set a default endpoint in config using legacy (endpoints.json) resolver
         def resolve_legacy_endpoint(cfg)
           endpoint_prefix = cfg.api.metadata['endpointPrefix']

data/lib/aws-sdk-core/plugins/user_agent.rb

@@ -17,7 +17,15 @@ module Aws
           "S3_CRYPTO_V2": "I",
           "S3_EXPRESS_BUCKET": "J",
           "S3_ACCESS_GRANTS": "K",
-          "GZIP_REQUEST_COMPRESSION": "L"
+          "GZIP_REQUEST_COMPRESSION": "L",
+          "PROTOCOL_RPC_V2_CBOR": "M",
+          "ENDPOINT_OVERRIDE": "N",
+          "ACCOUNT_ID_ENDPOINT": "O",
+          "ACCOUNT_ID_MODE_PREFERRED": "P",
+          "ACCOUNT_ID_MODE_DISABLED": "Q",
+          "ACCOUNT_ID_MODE_REQUIRED": "R",
+          "SIGV4A_SIGNING": "S",
+          "RESOLVED_ACCOUNT_ID": "T"
         }
       METRICS
 
@@ -45,15 +53,13 @@ variable AWS_SDK_UA_APP_ID or the shared config profile attribute sdk_ua_app_id.
         block.call
       end
 
-      def self.metric(metric, &block)
+      def self.metric(*metrics, &block)
         Thread.current[:aws_sdk_core_user_agent_metric] ||= []
-        Thread.current[:aws_sdk_core_user_agent_metric] << METRICS[metric]
+        metrics = metrics.map { |metric| METRICS[metric] }.compact
+        Thread.current[:aws_sdk_core_user_agent_metric].concat(metrics)
         block.call
       ensure
-        Thread.current[:aws_sdk_core_user_agent_metric].pop
-        if Thread.current[:aws_sdk_core_user_agent_metric].empty?
-          Thread.current[:aws_sdk_core_user_agent_metric] = nil
-        end
+        Thread.current[:aws_sdk_core_user_agent_metric].pop(metrics.size)
       end
 
       # @api private
@@ -166,7 +172,10 @@ variable AWS_SDK_UA_APP_ID or the shared config profile attribute sdk_ua_app_id.
           end
 
           def metric_metadata
-            return unless Thread.current[:aws_sdk_core_user_agent_metric]
+            if Thread.current[:aws_sdk_core_user_agent_metric].nil? ||
+               Thread.current[:aws_sdk_core_user_agent_metric].empty?
+              return
+            end
 
             metrics = Thread.current[:aws_sdk_core_user_agent_metric].join(',')
             # Metric metadata is limited to 1024 bytes

data/lib/aws-sdk-core/process_credentials.rb

@@ -74,7 +74,8 @@ module Aws
       creds = Credentials.new(
         creds_json['AccessKeyId'],
         creds_json['SecretAccessKey'],
-        creds_json['SessionToken']
+        creds_json['SessionToken'],
+        account_id: creds_json['AccountId']
       )
 
       @expiration = creds_json['Expiration'] ? Time.iso8601(creds_json['Expiration']) : nil

data/lib/aws-sdk-core/rpc_v2/handler.rb

@@ -7,7 +7,7 @@ module Aws
       # @return [Seahorse::Client::Response]
       def call(context)
         build_request(context)
-        response = @handler.call(context)
+        response = with_metric { @handler.call(context) }
         response.on(200..299) { |resp| resp.data = parse_body(context) }
         response.on(200..599) { |_resp| apply_request_id(context) }
         response
@@ -15,6 +15,10 @@ module Aws
 
       private
 
+      def with_metric(&block)
+        Aws::Plugins::UserAgent.metric('PROTOCOL_RPC_V2_CBOR', &block)
+      end
+
       def build_request(context)
         context.http_request.headers['smithy-protocol'] = 'rpc-v2-cbor'
         context.http_request.http_method = 'POST'

data/lib/aws-sdk-core/shared_config.rb

@@ -198,6 +198,7 @@ module Aws
 
     config_reader(
       :region,
+      :account_id_endpoint_mode,
       :sigv4a_signing_region_set,
       :ca_bundle,
       :credential_process,
@@ -414,7 +415,8 @@ module Aws
       creds = Credentials.new(
         prof_config['aws_access_key_id'],
         prof_config['aws_secret_access_key'],
-        prof_config['aws_session_token']
+        prof_config['aws_session_token'],
+        account_id: prof_config['aws_account_id']
       )
       creds if creds.set?
     end

data/lib/aws-sdk-core/shared_credentials.rb

@@ -7,13 +7,6 @@ module Aws
 
     include CredentialProvider
 
-    # @api private
-    KEY_MAP = {
-      'aws_access_key_id' => 'access_key_id',
-      'aws_secret_access_key' => 'secret_access_key',
-      'aws_session_token' => 'session_token',
-    }
-
     # Constructs a new SharedCredentials object. This will load static
     # (access_key_id, secret_access_key and session_token) AWS access
     # credentials from an ini file, which supports profiles. The default

data/lib/aws-sdk-core/sso_credentials.rb

@@ -156,7 +156,8 @@ module Aws
       @credentials = Credentials.new(
         c.access_key_id,
         c.secret_access_key,
-        c.session_token
+        c.session_token,
+        account_id: @sso_account_id
       )
       @expiration = Time.at(c.expiration / 1000.0)
     end

data/lib/aws-sdk-sso/client.rb

@@ -130,13 +130,15 @@ module Aws::SSO
     #     locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
-    #     * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
-    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
+    #     * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
+    #       `:account_id` options.
+    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
+    #       ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
     #     * `~/.aws/credentials`
     #     * `~/.aws/config`
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+    #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
     #       enable retries and extended timeouts. Instance profile credential
     #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
     #       to true.
@@ -155,6 +157,8 @@ module Aws::SSO
     #
     #   @option options [String] :access_key_id
     #
+    #   @option options [String] :account_id
+    #
     #   @option options [Boolean] :active_endpoint_cache (false)
     #     When set to `true`, a thread polling for endpoints will be running in
     #     the background every 60 secs (default). Defaults to `false`.
@@ -369,7 +373,9 @@ module Aws::SSO
     #     sending the request.
     #
     #   @option options [Aws::SSO::EndpointProvider] :endpoint_provider
-    #     The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::SSO::EndpointParameters`
+    #     The endpoint provider used to resolve endpoints. Any object that responds to
+    #     `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
+    #     `Aws::SSO::EndpointParameters`.
     #
     #   @option options [Float] :http_continue_timeout (1)
     #     The number of seconds to wait for a 100-continue response before sending the
@@ -425,6 +431,12 @@ module Aws::SSO
     #   @option options [String] :ssl_ca_store
     #     Sets the X509::Store to verify peer certificate.
     #
+    #   @option options [OpenSSL::X509::Certificate] :ssl_cert
+    #     Sets a client certificate when creating http connections.
+    #
+    #   @option options [OpenSSL::PKey] :ssl_key
+    #     Sets a client key when creating http connections.
+    #
     #   @option options [Float] :ssl_timeout
     #     Sets the SSL timeout in seconds
     #
@@ -659,7 +671,7 @@ module Aws::SSO
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.203.0'
+      context[:gem_version] = '3.207.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso/endpoints.rb

@@ -14,56 +14,44 @@ module Aws::SSO
 
     class GetRoleCredentials
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::SSO::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
         )
       end
     end
 
     class ListAccountRoles
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::SSO::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
         )
       end
     end
 
     class ListAccounts
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::SSO::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
         )
       end
     end
 
     class Logout
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::SSO::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
         )
       end
     end

data/lib/aws-sdk-sso/plugins/endpoints.rb

@@ -15,11 +15,11 @@ module Aws::SSO
         :endpoint_provider,
         doc_type: 'Aws::SSO::EndpointProvider',
         rbs_type: 'untyped',
-        docstring: 'The endpoint provider used to resolve endpoints. Any '\
-                   'object that responds to `#resolve_endpoint(parameters)` '\
-                   'where `parameters` is a Struct similar to '\
-                   '`Aws::SSO::EndpointParameters`'
-      ) do |cfg|
+        docstring: <<~DOCS) do |_cfg|
+The endpoint provider used to resolve endpoints. Any object that responds to
+`#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
+`Aws::SSO::EndpointParameters`.
+        DOCS
         Aws::SSO::EndpointProvider.new
       end
 
@@ -40,11 +40,23 @@ module Aws::SSO
           context[:auth_scheme] =
             Aws::Endpoints.resolve_auth_scheme(context, endpoint)
 
-          @handler.call(context)
+          with_metrics(context) { @handler.call(context) }
         end
 
         private
 
+        def with_metrics(context, &block)
+          metrics = []
+          metrics << 'ENDPOINT_OVERRIDE' unless context.config.regional_endpoint
+          if context[:auth_scheme] && context[:auth_scheme]['name'] == 'sigv4a'
+            metrics << 'SIGV4A_SIGNING'
+          end
+          if context.config.credentials&.credentials&.account_id
+            metrics << 'RESOLVED_ACCOUNT_ID'
+          end
+          Aws::Plugins::UserAgent.metric(*metrics, &block)
+        end
+
         def apply_endpoint_headers(context, headers)
           headers.each do |key, values|
             value = values

data/lib/aws-sdk-sso.rb

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
 
-  GEM_VERSION = '3.203.0'
+  GEM_VERSION = '3.207.0'
 
 end

data/lib/aws-sdk-ssooidc/client.rb

@@ -130,13 +130,15 @@ module Aws::SSOOIDC
     #     locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
-    #     * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
-    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
+    #     * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
+    #       `:account_id` options.
+    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
+    #       ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
     #     * `~/.aws/credentials`
     #     * `~/.aws/config`
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+    #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
     #       enable retries and extended timeouts. Instance profile credential
     #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
     #       to true.
@@ -155,6 +157,8 @@ module Aws::SSOOIDC
     #
     #   @option options [String] :access_key_id
     #
+    #   @option options [String] :account_id
+    #
     #   @option options [Boolean] :active_endpoint_cache (false)
     #     When set to `true`, a thread polling for endpoints will be running in
     #     the background every 60 secs (default). Defaults to `false`.
@@ -369,7 +373,9 @@ module Aws::SSOOIDC
     #     sending the request.
     #
     #   @option options [Aws::SSOOIDC::EndpointProvider] :endpoint_provider
-    #     The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::SSOOIDC::EndpointParameters`
+    #     The endpoint provider used to resolve endpoints. Any object that responds to
+    #     `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
+    #     `Aws::SSOOIDC::EndpointParameters`.
     #
     #   @option options [Float] :http_continue_timeout (1)
     #     The number of seconds to wait for a 100-continue response before sending the
@@ -425,6 +431,12 @@ module Aws::SSOOIDC
     #   @option options [String] :ssl_ca_store
     #     Sets the X509::Store to verify peer certificate.
     #
+    #   @option options [OpenSSL::X509::Certificate] :ssl_cert
+    #     Sets a client certificate when creating http connections.
+    #
+    #   @option options [OpenSSL::PKey] :ssl_key
+    #     Sets a client key when creating http connections.
+    #
     #   @option options [Float] :ssl_timeout
     #     Sets the SSL timeout in seconds
     #
@@ -1012,7 +1024,7 @@ module Aws::SSOOIDC
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.203.0'
+      context[:gem_version] = '3.207.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ssooidc/endpoints.rb

@@ -14,56 +14,44 @@ module Aws::SSOOIDC
 
     class CreateToken
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::SSOOIDC::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
         )
       end
     end
 
     class CreateTokenWithIAM
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::SSOOIDC::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
         )
       end
     end
 
     class RegisterClient
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::SSOOIDC::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
         )
       end
     end
 
     class StartDeviceAuthorization
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::SSOOIDC::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
         )
       end
     end

data/lib/aws-sdk-ssooidc/plugins/endpoints.rb

@@ -15,11 +15,11 @@ module Aws::SSOOIDC
         :endpoint_provider,
         doc_type: 'Aws::SSOOIDC::EndpointProvider',
         rbs_type: 'untyped',
-        docstring: 'The endpoint provider used to resolve endpoints. Any '\
-                   'object that responds to `#resolve_endpoint(parameters)` '\
-                   'where `parameters` is a Struct similar to '\
-                   '`Aws::SSOOIDC::EndpointParameters`'
-      ) do |cfg|
+        docstring: <<~DOCS) do |_cfg|
+The endpoint provider used to resolve endpoints. Any object that responds to
+`#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
+`Aws::SSOOIDC::EndpointParameters`.
+        DOCS
         Aws::SSOOIDC::EndpointProvider.new
       end
 
@@ -40,11 +40,23 @@ module Aws::SSOOIDC
           context[:auth_scheme] =
             Aws::Endpoints.resolve_auth_scheme(context, endpoint)
 
-          @handler.call(context)
+          with_metrics(context) { @handler.call(context) }
         end
 
         private
 
+        def with_metrics(context, &block)
+          metrics = []
+          metrics << 'ENDPOINT_OVERRIDE' unless context.config.regional_endpoint
+          if context[:auth_scheme] && context[:auth_scheme]['name'] == 'sigv4a'
+            metrics << 'SIGV4A_SIGNING'
+          end
+          if context.config.credentials&.credentials&.account_id
+            metrics << 'RESOLVED_ACCOUNT_ID'
+          end
+          Aws::Plugins::UserAgent.metric(*metrics, &block)
+        end
+
         def apply_endpoint_headers(context, headers)
           headers.each do |key, values|
             value = values

data/lib/aws-sdk-ssooidc.rb

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-ssooidc/customizations'
 # @!group service
 module Aws::SSOOIDC
 
-  GEM_VERSION = '3.203.0'
+  GEM_VERSION = '3.207.0'
 
 end

data/lib/aws-sdk-sts/client.rb

@@ -132,13 +132,15 @@ module Aws::STS
     #     locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
-    #     * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
-    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
+    #     * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
+    #       `:account_id` options.
+    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
+    #       ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
     #     * `~/.aws/credentials`
     #     * `~/.aws/config`
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+    #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
     #       enable retries and extended timeouts. Instance profile credential
     #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
     #       to true.
@@ -157,6 +159,8 @@ module Aws::STS
     #
     #   @option options [String] :access_key_id
     #
+    #   @option options [String] :account_id
+    #
     #   @option options [Boolean] :active_endpoint_cache (false)
     #     When set to `true`, a thread polling for endpoints will be running in
     #     the background every 60 secs (default). Defaults to `false`.
@@ -376,7 +380,9 @@ module Aws::STS
     #     sending the request.
     #
     #   @option options [Aws::STS::EndpointProvider] :endpoint_provider
-    #     The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::STS::EndpointParameters`
+    #     The endpoint provider used to resolve endpoints. Any object that responds to
+    #     `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
+    #     `Aws::STS::EndpointParameters`.
     #
     #   @option options [Float] :http_continue_timeout (1)
     #     The number of seconds to wait for a 100-continue response before sending the
@@ -432,6 +438,12 @@ module Aws::STS
     #   @option options [String] :ssl_ca_store
     #     Sets the X509::Store to verify peer certificate.
     #
+    #   @option options [OpenSSL::X509::Certificate] :ssl_cert
+    #     Sets a client certificate when creating http connections.
+    #
+    #   @option options [OpenSSL::PKey] :ssl_key
+    #     Sets a client key when creating http connections.
+    #
     #   @option options [Float] :ssl_timeout
     #     Sets the SSL timeout in seconds
     #
@@ -2406,7 +2418,7 @@ module Aws::STS
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.203.0'
+      context[:gem_version] = '3.207.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts/endpoints.rb

@@ -14,14 +14,11 @@ module Aws::STS
 
     class AssumeRole
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::STS::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
           use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
         )
       end
@@ -29,14 +26,11 @@ module Aws::STS
 
     class AssumeRoleWithSAML
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::STS::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
           use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
         )
       end
@@ -44,14 +38,11 @@ module Aws::STS
 
     class AssumeRoleWithWebIdentity
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::STS::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
           use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
         )
       end
@@ -59,14 +50,11 @@ module Aws::STS
 
     class DecodeAuthorizationMessage
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::STS::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
           use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
         )
       end
@@ -74,14 +62,11 @@ module Aws::STS
 
     class GetAccessKeyInfo
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::STS::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
           use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
         )
       end
@@ -89,14 +74,11 @@ module Aws::STS
 
     class GetCallerIdentity
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::STS::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
           use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
         )
       end
@@ -104,14 +86,11 @@ module Aws::STS
 
     class GetFederationToken
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::STS::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
           use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
         )
       end
@@ -119,14 +98,11 @@ module Aws::STS
 
     class GetSessionToken
       def self.build(context)
-        unless context.config.regional_endpoint
-          endpoint = context.config.endpoint.to_s
-        end
         Aws::STS::EndpointParameters.new(
           region: context.config.region,
           use_dual_stack: context.config.use_dualstack_endpoint,
           use_fips: context.config.use_fips_endpoint,
-          endpoint: endpoint,
+          endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
           use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
         )
       end

data/lib/aws-sdk-sts/plugins/endpoints.rb

@@ -15,11 +15,11 @@ module Aws::STS
         :endpoint_provider,
         doc_type: 'Aws::STS::EndpointProvider',
         rbs_type: 'untyped',
-        docstring: 'The endpoint provider used to resolve endpoints. Any '\
-                   'object that responds to `#resolve_endpoint(parameters)` '\
-                   'where `parameters` is a Struct similar to '\
-                   '`Aws::STS::EndpointParameters`'
-      ) do |cfg|
+        docstring: <<~DOCS) do |_cfg|
+The endpoint provider used to resolve endpoints. Any object that responds to
+`#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
+`Aws::STS::EndpointParameters`.
+        DOCS
         Aws::STS::EndpointProvider.new
       end
 
@@ -40,11 +40,23 @@ module Aws::STS
           context[:auth_scheme] =
             Aws::Endpoints.resolve_auth_scheme(context, endpoint)
 
-          @handler.call(context)
+          with_metrics(context) { @handler.call(context) }
         end
 
         private
 
+        def with_metrics(context, &block)
+          metrics = []
+          metrics << 'ENDPOINT_OVERRIDE' unless context.config.regional_endpoint
+          if context[:auth_scheme] && context[:auth_scheme]['name'] == 'sigv4a'
+            metrics << 'SIGV4A_SIGNING'
+          end
+          if context.config.credentials&.credentials&.account_id
+            metrics << 'RESOLVED_ACCOUNT_ID'
+          end
+          Aws::Plugins::UserAgent.metric(*metrics, &block)
+        end
+
         def apply_endpoint_headers(context, headers)
           headers.each do |key, values|
             value = values

data/lib/aws-sdk-sts.rb

@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @!group service
 module Aws::STS
 
-  GEM_VERSION = '3.203.0'
+  GEM_VERSION = '3.207.0'
 
 end

data/lib/seahorse/client/net_http/connection_pool.rb

@@ -34,7 +34,9 @@ module Seahorse
           ssl_ca_bundle: nil,
           ssl_ca_directory: nil,
           ssl_ca_store: nil,
-          ssl_timeout: nil
+          ssl_timeout: nil,
+          ssl_cert: nil,
+          ssl_key: nil
         }
 
         # @api private
@@ -246,7 +248,9 @@ module Seahorse
               :ssl_ca_bundle => options[:ssl_ca_bundle],
               :ssl_ca_directory => options[:ssl_ca_directory],
               :ssl_ca_store => options[:ssl_ca_store],
-              :ssl_timeout => options[:ssl_timeout]
+              :ssl_timeout => options[:ssl_timeout],
+              :ssl_cert => options[:ssl_cert],
+              :ssl_key => options[:ssl_key]
             }
           end
 
@@ -291,6 +295,8 @@ module Seahorse
               http.ca_file = ssl_ca_bundle if ssl_ca_bundle
               http.ca_path = ssl_ca_directory if ssl_ca_directory
               http.cert_store = ssl_ca_store if ssl_ca_store
+              http.cert = ssl_cert if ssl_cert
+              http.key = ssl_key if ssl_key
             else
               http.verify_mode = OpenSSL::SSL::VERIFY_NONE
             end

data/lib/seahorse/client/plugins/net_http.rb

@@ -70,6 +70,15 @@ Sets the X509::Store to verify peer certificate.
           resolve_ssl_timeout(cfg)
         end
 
+        option(:ssl_cert, default: nil, doc_type: OpenSSL::X509::Certificate, docstring: <<-DOCS)
+Sets a client certificate when creating http connections.
+        DOCS
+
+
+        option(:ssl_key, default: nil, doc_type: OpenSSL::PKey, docstring: <<-DOCS)
+Sets a client key when creating http connections.
+        DOCS
+
         option(:logger) # for backwards compat
 
         handler(Client::NetHttp::Handler, step: :send)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.203.0
+  version: 3.207.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-03 00:00:00.000000000 Z
+date: 2024-09-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath