aws-sdk-core 3.209.1 → 3.240.0

data/lib/aws-sdk-signin/types.rb

@@ -0,0 +1,299 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+module Aws::Signin
+  module Types
+
+    # Error thrown for access denied scenarios with flexible HTTP status
+    # mapping
+    #
+    # Runtime HTTP Status Code Mapping:
+    #
+    # * HTTP 401 (Unauthorized): TOKEN\_EXPIRED, AUTHCODE\_EXPIRED
+    # * HTTP 403 (Forbidden): USER\_CREDENTIALS\_CHANGED,
+    #   INSUFFICIENT\_PERMISSIONS
+    #
+    # The specific HTTP status code is determined at runtime based on the
+    # error enum value. Consumers should use the error field to determine
+    # the specific access denial reason.
+    #
+    # @!attribute [rw] error
+    #   OAuth 2.0 error code indicating the specific type of access denial
+    #   Can be TOKEN\_EXPIRED, AUTHCODE\_EXPIRED,
+    #   USER\_CREDENTIALS\_CHANGED, or INSUFFICIENT\_PERMISSIONS
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   Detailed message explaining the access denial Provides specific
+    #   information about why access was denied
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/AccessDeniedException AWS API Documentation
+    #
+    class AccessDeniedException < Struct.new(
+      :error,
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # AWS credentials structure containing temporary access credentials
+    #
+    # The scoped-down, 15 minute duration AWS credentials. Scoping down will
+    # be based on CLI policy (CLI team needs to create it). Similar to cloud
+    # shell implementation.
+    #
+    # @!attribute [rw] access_key_id
+    #   AWS access key ID for temporary credentials
+    #   @return [String]
+    #
+    # @!attribute [rw] secret_access_key
+    #   AWS secret access key for temporary credentials
+    #   @return [String]
+    #
+    # @!attribute [rw] session_token
+    #   AWS session token for temporary credentials
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/AccessToken AWS API Documentation
+    #
+    class AccessToken < Struct.new(
+      :access_key_id,
+      :secret_access_key,
+      :session_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Input structure for CreateOAuth2Token operation
+    #
+    # Contains flattened token operation inputs for both authorization code
+    # and refresh token flows. The operation type is determined by the
+    # grant\_type parameter in the request body.
+    #
+    # @!attribute [rw] token_input
+    #   Flattened token operation inputs The specific operation is
+    #   determined by grant\_type in the request body
+    #   @return [Types::CreateOAuth2TokenRequestBody]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/CreateOAuth2TokenRequest AWS API Documentation
+    #
+    class CreateOAuth2TokenRequest < Struct.new(
+      :token_input)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Request body payload for CreateOAuth2Token operation
+    #
+    # The operation type is determined by the grant\_type parameter:
+    #
+    # * grant\_type=authorization\_code: Requires code, redirect\_uri,
+    #   code\_verifier
+    # * grant\_type=refresh\_token: Requires refresh\_token
+    #
+    # @!attribute [rw] client_id
+    #   The client identifier (ARN) used during Sign-In onboarding Required
+    #   for both authorization code and refresh token flows
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_type
+    #   OAuth 2.0 grant type - determines which flow is used Must be
+    #   "authorization\_code" or "refresh\_token"
+    #   @return [String]
+    #
+    # @!attribute [rw] code
+    #   The authorization code received from /v1/authorize Required only
+    #   when grant\_type=authorization\_code
+    #   @return [String]
+    #
+    # @!attribute [rw] redirect_uri
+    #   The redirect URI that must match the original authorization request
+    #   Required only when grant\_type=authorization\_code
+    #   @return [String]
+    #
+    # @!attribute [rw] code_verifier
+    #   PKCE code verifier to prove possession of the original code
+    #   challenge Required only when grant\_type=authorization\_code
+    #   @return [String]
+    #
+    # @!attribute [rw] refresh_token
+    #   The refresh token returned from auth\_code redemption Required only
+    #   when grant\_type=refresh\_token
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/CreateOAuth2TokenRequestBody AWS API Documentation
+    #
+    class CreateOAuth2TokenRequestBody < Struct.new(
+      :client_id,
+      :grant_type,
+      :code,
+      :redirect_uri,
+      :code_verifier,
+      :refresh_token)
+      SENSITIVE = [:refresh_token]
+      include Aws::Structure
+    end
+
+    # Output structure for CreateOAuth2Token operation
+    #
+    # Contains flattened token operation outputs for both authorization code
+    # and refresh token flows. The response content depends on the
+    # grant\_type from the original request.
+    #
+    # @!attribute [rw] token_output
+    #   Flattened token operation outputs The specific response fields
+    #   depend on the grant\_type used in the request
+    #   @return [Types::CreateOAuth2TokenResponseBody]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/CreateOAuth2TokenResponse AWS API Documentation
+    #
+    class CreateOAuth2TokenResponse < Struct.new(
+      :token_output)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Response body payload for CreateOAuth2Token operation
+    #
+    # The response content depends on the grant\_type from the request:
+    #
+    # * grant\_type=authorization\_code: Returns all fields including
+    #   refresh\_token and id\_token
+    # * grant\_type=refresh\_token: Returns access\_token, token\_type,
+    #   expires\_in, refresh\_token (no id\_token)
+    #
+    # @!attribute [rw] access_token
+    #   Scoped-down AWS credentials (15 minute duration) Present for both
+    #   authorization code redemption and token refresh
+    #   @return [Types::AccessToken]
+    #
+    # @!attribute [rw] token_type
+    #   Token type indicating this is AWS SigV4 credentials Value is
+    #   "aws\_sigv4" for both flows
+    #   @return [String]
+    #
+    # @!attribute [rw] expires_in
+    #   Time to expiry in seconds (maximum 900) Present for both
+    #   authorization code redemption and token refresh
+    #   @return [Integer]
+    #
+    # @!attribute [rw] refresh_token
+    #   Encrypted refresh token with cnf.jkt (SHA-256 thumbprint of
+    #   presented jwk) Always present in responses (required for both flows)
+    #   @return [String]
+    #
+    # @!attribute [rw] id_token
+    #   ID token containing user identity information Present only in
+    #   authorization code redemption response
+    #   (grant\_type=authorization\_code) Not included in token refresh
+    #   responses
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/CreateOAuth2TokenResponseBody AWS API Documentation
+    #
+    class CreateOAuth2TokenResponseBody < Struct.new(
+      :access_token,
+      :token_type,
+      :expires_in,
+      :refresh_token,
+      :id_token)
+      SENSITIVE = [:access_token, :refresh_token]
+      include Aws::Structure
+    end
+
+    # Error thrown when an internal server error occurs
+    #
+    # HTTP Status Code: 500 Internal Server Error
+    #
+    # Used for unexpected server-side errors that prevent request
+    # processing.
+    #
+    # @!attribute [rw] error
+    #   OAuth 2.0 error code indicating server error Will be SERVER\_ERROR
+    #   for internal server errors
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   Detailed message explaining the server error May include error
+    #   details for debugging purposes
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/InternalServerException AWS API Documentation
+    #
+    class InternalServerException < Struct.new(
+      :error,
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Error thrown when rate limit is exceeded
+    #
+    # HTTP Status Code: 429 Too Many Requests
+    #
+    # Possible OAuth2ErrorCode values:
+    #
+    # * INVALID\_REQUEST: Rate limiting, too many requests, abuse prevention
+    #
+    # Possible causes:
+    #
+    # * Too many token requests from the same client
+    # * Rate limiting based on client\_id or IP address
+    # * Abuse prevention mechanisms triggered
+    # * Service protection against excessive token generation
+    #
+    # @!attribute [rw] error
+    #   OAuth 2.0 error code indicating the specific type of error Will be
+    #   INVALID\_REQUEST for rate limiting scenarios
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   Detailed message about the rate limiting May include retry-after
+    #   information or rate limit details
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/TooManyRequestsError AWS API Documentation
+    #
+    class TooManyRequestsError < Struct.new(
+      :error,
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Error thrown when request validation fails
+    #
+    # HTTP Status Code: 400 Bad Request
+    #
+    # Used for request validation errors such as malformed parameters,
+    # missing required fields, or invalid parameter values.
+    #
+    # @!attribute [rw] error
+    #   OAuth 2.0 error code indicating validation failure Will be
+    #   INVALID\_REQUEST for validation errors
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   Detailed message explaining the validation failure Provides specific
+    #   information about which validation failed
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/signin-2023-01-01/ValidationException AWS API Documentation
+    #
+    class ValidationException < Struct.new(
+      :error,
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+  end
+end
+

data/lib/aws-sdk-signin.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+
+unless Module.const_defined?(:Aws)
+  require 'aws-sdk-core'
+  require 'aws-sigv4'
+end
+
+Aws::Plugins::GlobalConfiguration.add_identifier(:signin)
+
+# This module provides support for AWS Sign-In Service. This module is available in the
+# `aws-sdk-core` gem.
+#
+# # Client
+#
+# The {Client} class provides one method for each API operation. Operation
+# methods each accept a hash of request parameters and return a response
+# structure.
+#
+#     signin = Aws::Signin::Client.new
+#     resp = signin.create_o_auth_2_token(params)
+#
+# See {Client} for more information.
+#
+# # Errors
+#
+# Errors returned from AWS Sign-In Service are defined in the
+# {Errors} module and all extend {Errors::ServiceError}.
+#
+#     begin
+#       # do stuff
+#     rescue Aws::Signin::Errors::ServiceError
+#       # rescues all AWS Sign-In Service API errors
+#     end
+#
+# See {Errors} for more information.
+#
+# @!group service
+module Aws::Signin
+  autoload :Types, 'aws-sdk-signin/types'
+  autoload :ClientApi, 'aws-sdk-signin/client_api'
+  module Plugins
+    autoload :Endpoints, 'aws-sdk-signin/plugins/endpoints.rb'
+  end
+  autoload :Client, 'aws-sdk-signin/client'
+  autoload :Errors, 'aws-sdk-signin/errors'
+  autoload :Resource, 'aws-sdk-signin/resource'
+  autoload :EndpointParameters, 'aws-sdk-signin/endpoint_parameters'
+  autoload :EndpointProvider, 'aws-sdk-signin/endpoint_provider'
+  autoload :Endpoints, 'aws-sdk-signin/endpoints'
+
+  GEM_VERSION = '3.240.0'
+
+end
+
+require_relative 'aws-sdk-signin/customizations'

data/lib/aws-sdk-sso/client.rb

@@ -7,34 +7,34 @@
 #
 # WARNING ABOUT GENERATED CODE
 
-require 'seahorse/client/plugins/content_length.rb'
-require 'aws-sdk-core/plugins/credentials_configuration.rb'
-require 'aws-sdk-core/plugins/logging.rb'
-require 'aws-sdk-core/plugins/param_converter.rb'
-require 'aws-sdk-core/plugins/param_validator.rb'
-require 'aws-sdk-core/plugins/user_agent.rb'
-require 'aws-sdk-core/plugins/helpful_socket_errors.rb'
-require 'aws-sdk-core/plugins/retry_errors.rb'
-require 'aws-sdk-core/plugins/global_configuration.rb'
-require 'aws-sdk-core/plugins/regional_endpoint.rb'
-require 'aws-sdk-core/plugins/endpoint_discovery.rb'
-require 'aws-sdk-core/plugins/endpoint_pattern.rb'
-require 'aws-sdk-core/plugins/response_paging.rb'
-require 'aws-sdk-core/plugins/stub_responses.rb'
-require 'aws-sdk-core/plugins/idempotency_token.rb'
-require 'aws-sdk-core/plugins/invocation_id.rb'
-require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
-require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
-require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
-require 'aws-sdk-core/plugins/transfer_encoding.rb'
-require 'aws-sdk-core/plugins/http_checksum.rb'
-require 'aws-sdk-core/plugins/checksum_algorithm.rb'
-require 'aws-sdk-core/plugins/request_compression.rb'
-require 'aws-sdk-core/plugins/defaults_mode.rb'
-require 'aws-sdk-core/plugins/recursion_detection.rb'
-require 'aws-sdk-core/plugins/telemetry.rb'
-require 'aws-sdk-core/plugins/sign.rb'
-require 'aws-sdk-core/plugins/protocols/rest_json.rb'
+require 'seahorse/client/plugins/content_length'
+require 'aws-sdk-core/plugins/credentials_configuration'
+require 'aws-sdk-core/plugins/logging'
+require 'aws-sdk-core/plugins/param_converter'
+require 'aws-sdk-core/plugins/param_validator'
+require 'aws-sdk-core/plugins/user_agent'
+require 'aws-sdk-core/plugins/helpful_socket_errors'
+require 'aws-sdk-core/plugins/retry_errors'
+require 'aws-sdk-core/plugins/global_configuration'
+require 'aws-sdk-core/plugins/regional_endpoint'
+require 'aws-sdk-core/plugins/endpoint_discovery'
+require 'aws-sdk-core/plugins/endpoint_pattern'
+require 'aws-sdk-core/plugins/response_paging'
+require 'aws-sdk-core/plugins/stub_responses'
+require 'aws-sdk-core/plugins/idempotency_token'
+require 'aws-sdk-core/plugins/invocation_id'
+require 'aws-sdk-core/plugins/jsonvalue_converter'
+require 'aws-sdk-core/plugins/client_metrics_plugin'
+require 'aws-sdk-core/plugins/client_metrics_send_plugin'
+require 'aws-sdk-core/plugins/transfer_encoding'
+require 'aws-sdk-core/plugins/http_checksum'
+require 'aws-sdk-core/plugins/checksum_algorithm'
+require 'aws-sdk-core/plugins/request_compression'
+require 'aws-sdk-core/plugins/defaults_mode'
+require 'aws-sdk-core/plugins/recursion_detection'
+require 'aws-sdk-core/plugins/telemetry'
+require 'aws-sdk-core/plugins/sign'
+require 'aws-sdk-core/plugins/protocols/rest_json'
 
 module Aws::SSO
   # An API client for SSO.  To construct a client, you need to configure a `:region` and `:credentials`.
@@ -95,8 +95,8 @@ module Aws::SSO
     #     class name or an instance of a plugin class.
     #
     #   @option options [required, Aws::CredentialProvider] :credentials
-    #     Your AWS credentials. This can be an instance of any one of the
-    #     following classes:
+    #     Your AWS credentials used for authentication. This can be any class that includes and implements
+    #     `Aws::CredentialProvider`, or instance of any one of the following classes:
     #
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
     #       credentials.
@@ -124,22 +124,24 @@ module Aws::SSO
     #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
     #       from the Cognito Identity service.
     #
-    #     When `:credentials` are not configured directly, the following
-    #     locations will be searched for credentials:
+    #     When `:credentials` are not configured directly, the following locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
+    #
     #     * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
     #       `:account_id` options.
-    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
-    #       ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
+    #
+    #     * `ENV['AWS_ACCESS_KEY_ID']`, `ENV['AWS_SECRET_ACCESS_KEY']`,
+    #       `ENV['AWS_SESSION_TOKEN']`, and `ENV['AWS_ACCOUNT_ID']`.
+    #
     #     * `~/.aws/credentials`
+    #
     #     * `~/.aws/config`
-    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
-    #       are very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts. Instance profile credential
-    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
-    #       to true.
+    #
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive.
+    #       Construct and pass an instance of `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts. Instance profile credential fetching can be disabled by
+    #       setting `ENV['AWS_EC2_METADATA_DISABLED']` to `true`.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -167,6 +169,11 @@ module Aws::SSO
     #     When false, the request will raise a `RetryCapacityNotAvailableError` and will
     #     not retry instead of sleeping.
     #
+    #   @option options [Array<String>] :auth_scheme_preference
+    #     A list of preferred authentication schemes to use when making a request. Supported values are:
+    #     `sigv4`, `sigv4a`, `httpBearerAuth`, and `noAuth`. When set using `ENV['AWS_AUTH_SCHEME_PREFERENCE']` or in
+    #     shared config as `auth_scheme_preference`, the value should be a comma-separated list.
+    #
     #   @option options [Boolean] :client_side_monitoring (false)
     #     When `true`, client-side metrics will be collected for all API requests from
     #     this client.
@@ -200,8 +207,7 @@ module Aws::SSO
     #     accepted modes and the configuration defaults that are included.
     #
     #   @option options [Boolean] :disable_host_prefix_injection (false)
-    #     Set to true to disable SDK automatically adding host prefix
-    #     to default service endpoint when available.
+    #     When `true`, the SDK will not prepend the modeled host prefix to the endpoint.
     #
     #   @option options [Boolean] :disable_request_compression (false)
     #     When set to 'true' the request body will not be compressed
@@ -254,14 +260,37 @@ module Aws::SSO
     #     4 times. Used in `standard` and `adaptive` retry modes.
     #
     #   @option options [String] :profile ("default")
-    #     Used when loading credentials from the shared credentials file
-    #     at HOME/.aws/credentials.  When not specified, 'default' is used.
+    #     Used when loading credentials from the shared credentials file at `HOME/.aws/credentials`.
+    #     When not specified, 'default' is used.
+    #
+    #   @option options [String] :request_checksum_calculation ("when_supported")
+    #     Determines when a checksum will be calculated for request payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, a checksum will be
+    #       calculated for all request payloads of operations modeled with the
+    #       `httpChecksum` trait where `requestChecksumRequired` is `true` and/or a
+    #       `requestAlgorithmMember` is modeled.
+    #     * `when_required` - When set, a checksum will only be calculated for
+    #       request payloads of operations modeled with the  `httpChecksum` trait where
+    #       `requestChecksumRequired` is `true` or where a `requestAlgorithmMember`
+    #       is modeled and supplied.
     #
     #   @option options [Integer] :request_min_compression_size_bytes (10240)
     #     The minimum size in bytes that triggers compression for request
     #     bodies. The value must be non-negative integer value between 0
     #     and 10485780 bytes inclusive.
     #
+    #   @option options [String] :response_checksum_validation ("when_supported")
+    #     Determines when checksum validation will be performed on response payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, checksum validation is performed on all
+    #       response payloads of operations modeled with the `httpChecksum` trait where
+    #       `responseAlgorithms` is modeled, except when no modeled checksum algorithms
+    #       are supported.
+    #     * `when_required` - When set, checksum validation is not performed on
+    #       response payloads of operations unless the checksum algorithm is supported and
+    #       the `requestValidationModeMember` member is set to `ENABLED`.
+    #
     #   @option options [Proc] :retry_backoff
     #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
     #     This option is only used in the `legacy` retry mode.
@@ -345,8 +374,8 @@ module Aws::SSO
     #     `Aws::Telemetry::OTelProvider` for telemetry provider.
     #
     #   @option options [Aws::TokenProvider] :token_provider
-    #     A Bearer Token Provider. This can be an instance of any one of the
-    #     following classes:
+    #     Your Bearer token used for authentication. This can be any class that includes and implements
+    #     `Aws::TokenProvider`, or instance of any one of the following classes:
     #
     #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
     #       tokens.
@@ -669,7 +698,7 @@ module Aws::SSO
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.209.1'
+      context[:gem_version] = '3.240.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso/endpoint_parameters.rb

@@ -13,22 +13,22 @@ module Aws::SSO
   # @!attribute region
   #   The AWS region used to dispatch the request.
   #
-  #   @return [String]
+  #   @return [string]
   #
   # @!attribute use_dual_stack
   #   When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.
   #
-  #   @return [Boolean]
+  #   @return [boolean]
   #
   # @!attribute use_fips
   #   When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.
   #
-  #   @return [Boolean]
+  #   @return [boolean]
   #
   # @!attribute endpoint
   #   Override the endpoint used to send this request
   #
-  #   @return [String]
+  #   @return [string]
   #
   EndpointParameters = Struct.new(
     :region,
@@ -52,15 +52,18 @@ module Aws::SSO
       self[:region] = options[:region]
       self[:use_dual_stack] = options[:use_dual_stack]
       self[:use_dual_stack] = false if self[:use_dual_stack].nil?
-      if self[:use_dual_stack].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack"
-      end
       self[:use_fips] = options[:use_fips]
       self[:use_fips] = false if self[:use_fips].nil?
-      if self[:use_fips].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :use_fips"
-      end
       self[:endpoint] = options[:endpoint]
     end
+
+    def self.create(config, options={})
+      new({
+        region: config.region,
+        use_dual_stack: config.use_dualstack_endpoint,
+        use_fips: config.use_fips_endpoint,
+        endpoint: (config.endpoint.to_s unless config.regional_endpoint),
+      }.merge(options))
+    end
   end
 end

data/lib/aws-sdk-sso/endpoint_provider.rb

@@ -10,43 +10,39 @@
 module Aws::SSO
   class EndpointProvider
     def resolve_endpoint(parameters)
-      region = parameters.region
-      use_dual_stack = parameters.use_dual_stack
-      use_fips = parameters.use_fips
-      endpoint = parameters.endpoint
-      if Aws::Endpoints::Matchers.set?(endpoint)
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+      if Aws::Endpoints::Matchers.set?(parameters.endpoint)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
           raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
         end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
           raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
         end
-        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+        return Aws::Endpoints::Endpoint.new(url: parameters.endpoint, headers: {}, properties: {})
       end
-      if Aws::Endpoints::Matchers.set?(region)
-        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+      if Aws::Endpoints::Matchers.set?(parameters.region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region))
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-              if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
-                return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.amazonaws.com", headers: {}, properties: {})
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
+              if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
+                return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{parameters.region}.amazonaws.com", headers: {}, properties: {})
               end
-              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
           end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
-          return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+          return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
         end
       end
       raise ArgumentError, "Invalid Configuration: Missing Region"