aws-sdk-core 3.214.0 → 3.222.2

data/lib/aws-sdk-sts/client.rb

@@ -7,35 +7,35 @@
 #
 # WARNING ABOUT GENERATED CODE
 
-require 'seahorse/client/plugins/content_length.rb'
-require 'aws-sdk-core/plugins/credentials_configuration.rb'
-require 'aws-sdk-core/plugins/logging.rb'
-require 'aws-sdk-core/plugins/param_converter.rb'
-require 'aws-sdk-core/plugins/param_validator.rb'
-require 'aws-sdk-core/plugins/user_agent.rb'
-require 'aws-sdk-core/plugins/helpful_socket_errors.rb'
-require 'aws-sdk-core/plugins/retry_errors.rb'
-require 'aws-sdk-core/plugins/global_configuration.rb'
-require 'aws-sdk-core/plugins/regional_endpoint.rb'
-require 'aws-sdk-core/plugins/endpoint_discovery.rb'
-require 'aws-sdk-core/plugins/endpoint_pattern.rb'
-require 'aws-sdk-core/plugins/response_paging.rb'
-require 'aws-sdk-core/plugins/stub_responses.rb'
-require 'aws-sdk-core/plugins/idempotency_token.rb'
-require 'aws-sdk-core/plugins/invocation_id.rb'
-require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
-require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
-require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
-require 'aws-sdk-core/plugins/transfer_encoding.rb'
-require 'aws-sdk-core/plugins/http_checksum.rb'
-require 'aws-sdk-core/plugins/checksum_algorithm.rb'
-require 'aws-sdk-core/plugins/request_compression.rb'
-require 'aws-sdk-core/plugins/defaults_mode.rb'
-require 'aws-sdk-core/plugins/recursion_detection.rb'
-require 'aws-sdk-core/plugins/telemetry.rb'
-require 'aws-sdk-core/plugins/sign.rb'
-require 'aws-sdk-core/plugins/protocols/query.rb'
-require 'aws-sdk-sts/plugins/sts_regional_endpoints.rb'
+require 'seahorse/client/plugins/content_length'
+require 'aws-sdk-core/plugins/credentials_configuration'
+require 'aws-sdk-core/plugins/logging'
+require 'aws-sdk-core/plugins/param_converter'
+require 'aws-sdk-core/plugins/param_validator'
+require 'aws-sdk-core/plugins/user_agent'
+require 'aws-sdk-core/plugins/helpful_socket_errors'
+require 'aws-sdk-core/plugins/retry_errors'
+require 'aws-sdk-core/plugins/global_configuration'
+require 'aws-sdk-core/plugins/regional_endpoint'
+require 'aws-sdk-core/plugins/endpoint_discovery'
+require 'aws-sdk-core/plugins/endpoint_pattern'
+require 'aws-sdk-core/plugins/response_paging'
+require 'aws-sdk-core/plugins/stub_responses'
+require 'aws-sdk-core/plugins/idempotency_token'
+require 'aws-sdk-core/plugins/invocation_id'
+require 'aws-sdk-core/plugins/jsonvalue_converter'
+require 'aws-sdk-core/plugins/client_metrics_plugin'
+require 'aws-sdk-core/plugins/client_metrics_send_plugin'
+require 'aws-sdk-core/plugins/transfer_encoding'
+require 'aws-sdk-core/plugins/http_checksum'
+require 'aws-sdk-core/plugins/checksum_algorithm'
+require 'aws-sdk-core/plugins/request_compression'
+require 'aws-sdk-core/plugins/defaults_mode'
+require 'aws-sdk-core/plugins/recursion_detection'
+require 'aws-sdk-core/plugins/telemetry'
+require 'aws-sdk-core/plugins/sign'
+require 'aws-sdk-core/plugins/protocols/query'
+require 'aws-sdk-sts/plugins/sts_regional_endpoints'
 
 module Aws::STS
   # An API client for STS.  To construct a client, you need to configure a `:region` and `:credentials`.
@@ -259,11 +259,34 @@ module Aws::STS
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [String] :request_checksum_calculation ("when_supported")
+    #     Determines when a checksum will be calculated for request payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, a checksum will be
+    #       calculated for all request payloads of operations modeled with the
+    #       `httpChecksum` trait where `requestChecksumRequired` is `true` and/or a
+    #       `requestAlgorithmMember` is modeled.
+    #     * `when_required` - When set, a checksum will only be calculated for
+    #       request payloads of operations modeled with the  `httpChecksum` trait where
+    #       `requestChecksumRequired` is `true` or where a `requestAlgorithmMember`
+    #       is modeled and supplied.
+    #
     #   @option options [Integer] :request_min_compression_size_bytes (10240)
     #     The minimum size in bytes that triggers compression for request
     #     bodies. The value must be non-negative integer value between 0
     #     and 10485780 bytes inclusive.
     #
+    #   @option options [String] :response_checksum_validation ("when_supported")
+    #     Determines when checksum validation will be performed on response payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, checksum validation is performed on all
+    #       response payloads of operations modeled with the `httpChecksum` trait where
+    #       `responseAlgorithms` is modeled, except when no modeled checksum algorithms
+    #       are supported.
+    #     * `when_required` - When set, checksum validation is not performed on
+    #       response payloads of operations unless the checksum algorithm is supported and
+    #       the `requestValidationModeMember` member is set to `ENABLED`.
+    #
     #   @option options [Proc] :retry_backoff
     #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
     #     This option is only used in the `legacy` retry mode.
@@ -831,7 +854,7 @@ module Aws::STS
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
     #   spaces. You can also include underscores or any of the following
-    #   characters: =,.@-. You cannot use a value that begins with the text
+    #   characters: +=,.@-. You cannot use a value that begins with the text
     #   `aws:`. This prefix is reserved for Amazon Web Services internal use.
     #
     #
@@ -1514,8 +1537,9 @@ module Aws::STS
     #   authenticating the user who is using your application with a web
     #   identity provider before the application makes an
     #   `AssumeRoleWithWebIdentity` call. Timestamps in the token must be
-    #   formatted as either an integer or a long integer. Only tokens with RSA
-    #   algorithms (RS256) are supported.
+    #   formatted as either an integer or a long integer. Tokens must be
+    #   signed using either RSA keys (RS256, RS384, or RS512) or ECDSA keys
+    #   (ES256, ES384, or ES512).
     #
     # @option params [String] :provider_id
     #   The fully qualified host component of the domain name of the OAuth 2.0
@@ -1708,14 +1732,14 @@ module Aws::STS
     end
 
     # Returns a set of short term credentials you can use to perform
-    # privileged tasks in a member account.
+    # privileged tasks on a member account in your organization.
     #
-    # Before you can launch a privileged session, you must have enabled
-    # centralized root access in your organization. For steps to enable this
-    # feature, see [Centralize root access for member accounts][1] in the
-    # *IAM User Guide*.
+    # Before you can launch a privileged session, you must have centralized
+    # root access in your organization. For steps to enable this feature,
+    # see [Centralize root access for member accounts][1] in the *IAM User
+    # Guide*.
     #
-    # <note markdown="1"> The global endpoint is not supported for AssumeRoot. You must send
+    # <note markdown="1"> The STS global endpoint is not supported for AssumeRoot. You must send
     # this request to a Regional STS endpoint. For more information, see
     # [Endpoints][2].
     #
@@ -1737,9 +1761,7 @@ module Aws::STS
     # @option params [required, Types::PolicyDescriptorType] :task_policy_arn
     #   The identity based policy that scopes the session to the privileged
     #   tasks that can be performed. You can use one of following Amazon Web
-    #   Services managed policies to scope root session actions. You can add
-    #   additional customer managed policies to further limit the permissions
-    #   for the root session.
+    #   Services managed policies to scope root session actions.
     #
     #   * [IAMAuditRootUserCredentials][1]
     #
@@ -2573,7 +2595,7 @@ module Aws::STS
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.214.0'
+      context[:gem_version] = '3.222.2'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts/endpoint_provider.rb

@@ -10,98 +10,93 @@
 module Aws::STS
   class EndpointProvider
     def resolve_endpoint(parameters)
-      region = parameters.region
-      use_dual_stack = parameters.use_dual_stack
-      use_fips = parameters.use_fips
-      endpoint = parameters.endpoint
-      use_global_endpoint = parameters.use_global_endpoint
-      if Aws::Endpoints::Matchers.boolean_equals?(use_global_endpoint, true) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(endpoint)) && Aws::Endpoints::Matchers.set?(region) && (partition_result = Aws::Endpoints::Matchers.aws_partition(region)) && Aws::Endpoints::Matchers.boolean_equals?(use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
-        if Aws::Endpoints::Matchers.string_equals?(region, "ap-northeast-1")
+      if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_global_endpoint, true) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(parameters.endpoint)) && Aws::Endpoints::Matchers.set?(parameters.region) && (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region)) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, false)
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-northeast-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "ap-south-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-south-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-southeast-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-2")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-southeast-2")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "aws-global")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "ca-central-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ca-central-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "eu-central-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-central-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "eu-north-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-north-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-west-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-2")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-west-2")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-3")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-west-3")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "sa-east-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "sa-east-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "us-east-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-east-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "us-east-2")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-east-2")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "us-west-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-west-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "us-west-2")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-west-2")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"#{region}"}]})
+        return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"#{parameters.region}"}]})
       end
-      if Aws::Endpoints::Matchers.set?(endpoint)
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+      if Aws::Endpoints::Matchers.set?(parameters.endpoint)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
           raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
         end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
           raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
         end
-        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+        return Aws::Endpoints::Endpoint.new(url: parameters.endpoint, headers: {}, properties: {})
       end
-      if Aws::Endpoints::Matchers.set?(region)
-        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+      if Aws::Endpoints::Matchers.set?(parameters.region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region))
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
             if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
               if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
-                return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.amazonaws.com", headers: {}, properties: {})
+                return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.amazonaws.com", headers: {}, properties: {})
               end
-              return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
           end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
-          if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
+          if Aws::Endpoints::Matchers.string_equals?(parameters.region, "aws-global")
             return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
           end
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
         end
       end
       raise ArgumentError, "Invalid Configuration: Missing Region"

data/lib/aws-sdk-sts/errors.rb

@@ -29,15 +29,21 @@ module Aws::STS
   # ## Error Classes
   # * {ExpiredTokenException}
   # * {IDPCommunicationErrorException}
+  #    * This error class is not used. `IDPCommunicationError` is used during parsing instead.
   # * {IDPRejectedClaimException}
+  #    * This error class is not used. `IDPRejectedClaim` is used during parsing instead.
   # * {InvalidAuthorizationMessageException}
   # * {InvalidIdentityTokenException}
+  #    * This error class is not used. `InvalidIdentityToken` is used during parsing instead.
   # * {MalformedPolicyDocumentException}
+  #    * This error class is not used. `MalformedPolicyDocument` is used during parsing instead.
   # * {PackedPolicyTooLargeException}
+  #    * This error class is not used. `PackedPolicyTooLarge` is used during parsing instead.
   # * {RegionDisabledException}
   #
   # Additionally, error classes are dynamically generated for service errors based on the error code
   # if they are not defined above.
+  # Some existing error classes may use a different class name than the one documented.
   module Errors
 
     extend Aws::Errors::DynamicErrors
@@ -57,6 +63,8 @@ module Aws::STS
       end
     end
 
+    # @deprecated This error class is not used during parsing.
+    #   Please use `IDPCommunicationError` instead.
     class IDPCommunicationErrorException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -72,6 +80,8 @@ module Aws::STS
       end
     end
 
+    # @deprecated This error class is not used during parsing.
+    #   Please use `IDPRejectedClaim` instead.
     class IDPRejectedClaimException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -102,6 +112,8 @@ module Aws::STS
       end
     end
 
+    # @deprecated This error class is not used during parsing.
+    #   Please use `InvalidIdentityToken` instead.
     class InvalidIdentityTokenException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -117,6 +129,8 @@ module Aws::STS
       end
     end
 
+    # @deprecated This error class is not used during parsing.
+    #   Please use `MalformedPolicyDocument` instead.
     class MalformedPolicyDocumentException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -132,6 +146,8 @@ module Aws::STS
       end
     end
 
+    # @deprecated This error class is not used during parsing.
+    #   Please use `PackedPolicyTooLarge` instead.
     class PackedPolicyTooLargeException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-sts/types.rb

@@ -291,7 +291,7 @@ module Aws::STS
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
     #   spaces. You can also include underscores or any of the following
-    #   characters: =,.@-. You cannot use a value that begins with the text
+    #   characters: +=,.@-. You cannot use a value that begins with the text
     #   `aws:`. This prefix is reserved for Amazon Web Services internal
     #   use.
     #
@@ -717,8 +717,9 @@ module Aws::STS
     #   token by authenticating the user who is using your application with
     #   a web identity provider before the application makes an
     #   `AssumeRoleWithWebIdentity` call. Timestamps in the token must be
-    #   formatted as either an integer or a long integer. Only tokens with
-    #   RSA algorithms (RS256) are supported.
+    #   formatted as either an integer or a long integer. Tokens must be
+    #   signed using either RSA keys (RS256, RS384, or RS512) or ECDSA keys
+    #   (ES256, ES384, or ES512).
     #   @return [String]
     #
     # @!attribute [rw] provider_id
@@ -961,9 +962,7 @@ module Aws::STS
     # @!attribute [rw] task_policy_arn
     #   The identity based policy that scopes the session to the privileged
     #   tasks that can be performed. You can use one of following Amazon Web
-    #   Services managed policies to scope root session actions. You can add
-    #   additional customer managed policies to further limit the
-    #   permissions for the root session.
+    #   Services managed policies to scope root session actions.
     #
     #   * [IAMAuditRootUserCredentials][1]
     #

data/lib/aws-sdk-sts.rb

@@ -56,7 +56,7 @@ module Aws::STS
   autoload :EndpointProvider, 'aws-sdk-sts/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-sts/endpoints'
 
-  GEM_VERSION = '3.214.0'
+  GEM_VERSION = '3.222.2'
 
 end
 

data/lib/seahorse/client/async_base.rb

@@ -3,7 +3,6 @@
 module Seahorse
   module Client
     class AsyncBase < Seahorse::Client::Base
-
       # default H2 plugins
       # @api private
       @plugins = PluginList.new([
@@ -11,10 +10,10 @@ module Seahorse
         Plugins::H2,
         Plugins::ResponseTarget
       ])
+
       def initialize(plugins, options)
-        super
-        @connection = H2::Connection.new(options)
-        @options = options
+        super(plugins, options)
+        @connection = H2::Connection.new(@config)
       end
 
       # @return [H2::Connection]
@@ -36,7 +35,7 @@ module Seahorse
       # @return [Seahorse::Client::H2::Connection]
       def new_connection
         if @connection.closed?
-          @connection = H2::Connection.new(@options)
+          @connection = H2::Connection.new(@config)
         else
           @connection
         end

data/lib/seahorse/client/h2/connection.rb

@@ -10,13 +10,8 @@ module Seahorse
   module Client
     # @api private
     module H2
-
       # H2 Connection build on top of `http/2` gem
-      # (requires Ruby >= 2.1)
-      # with TLS layer plus ALPN, requires:
-      # Ruby >= 2.3 and OpenSSL >= 1.0.2
       class Connection
-
         OPTIONS = {
           max_concurrent_streams: 100,
           connection_timeout: 60,
@@ -27,7 +22,7 @@ module Seahorse
           ssl_ca_bundle: nil,
           ssl_ca_directory: nil,
           ssl_ca_store: nil,
-          enable_alpn: false
+          enable_alpn: true
         }
 
         # chunk read size at socket
@@ -41,25 +36,23 @@ module Seahorse
             instance_variable_set("@#{opt_name}", value)
           end
           @h2_client = HTTP2::Client.new(
-            settings_max_concurrent_streams: max_concurrent_streams
+            settings_max_concurrent_streams: @max_concurrent_streams
           )
-          @logger = if @http_wire_trace
-            options[:logger] || Logger.new($stdout)
-          end
+          @logger ||= Logger.new($stdout) if @http_wire_trace
           @chunk_size = options[:read_chunk_size] || CHUNKSIZE
+
           @errors = []
           @status = :ready
+
           @mutex = Mutex.new # connection can be shared across requests
           @socket = nil
           @socket_thread = nil
         end
 
         OPTIONS.keys.each do |attr_name|
-          attr_reader(attr_name)
+          attr_reader attr_name
         end
 
-        alias ssl_verify_peer? ssl_verify_peer
-
         attr_reader :errors
 
         attr_accessor :input_signal_thread
@@ -112,7 +105,7 @@ module Seahorse
                   @h2_client << data
                 rescue IO::WaitReadable
                   begin
-                    unless IO.select([@socket], nil, nil, connection_read_timeout)
+                    unless IO.select([@socket], nil, nil, @connection_read_timeout)
                       self.debug_output('socket connection read time out')
                       self.close!
                     else
@@ -154,11 +147,11 @@ module Seahorse
         end
 
         def debug_output(msg, type = nil)
-          prefix = case type
+          prefix =
+            case type
             when :send then '-> '
             when :receive then '<- '
-            else
-              ''
+            else ''
             end
           return unless @logger
           _debug_entry(prefix + msg)
@@ -206,7 +199,7 @@ module Seahorse
           begin
             tcp.connect_nonblock(addr)
           rescue IO::WaitWritable
-            unless IO.select(nil, [tcp], nil, connection_timeout)
+            unless IO.select(nil, [tcp], nil, @connection_timeout)
               tcp.close
               raise
             end
@@ -220,15 +213,15 @@ module Seahorse
 
         def _tls_context
           ssl_ctx = OpenSSL::SSL::SSLContext.new(:TLSv1_2)
-          if ssl_verify_peer?
+          if @ssl_verify_peer
             ssl_ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
-            ssl_ctx.ca_file = ssl_ca_bundle ? ssl_ca_bundle : _default_ca_bundle
-            ssl_ctx.ca_path = ssl_ca_directory ? ssl_ca_directory : _default_ca_directory
-            ssl_ctx.cert_store = ssl_ca_store if ssl_ca_store
+            ssl_ctx.ca_file = @ssl_ca_bundle || _default_ca_bundle
+            ssl_ctx.ca_path = @ssl_ca_directory || _default_ca_directory
+            ssl_ctx.cert_store = @ssl_ca_store if @ssl_ca_store
           else
             ssl_ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
           end
-          if enable_alpn
+          if @enable_alpn
             debug_output('enabling ALPN for TLS ...')
             ssl_ctx.alpn_protocols = ['h2']
           end
@@ -236,15 +229,12 @@ module Seahorse
         end
 
         def _default_ca_bundle
-          File.exist?(OpenSSL::X509::DEFAULT_CERT_FILE) ?
-            OpenSSL::X509::DEFAULT_CERT_FILE : nil
+          OpenSSL::X509::DEFAULT_CERT_FILE if File.exist?(OpenSSL::X509::DEFAULT_CERT_FILE)
         end
 
         def _default_ca_directory
-          Dir.exist?(OpenSSL::X509::DEFAULT_CERT_DIR) ?
-            OpenSSL::X509::DEFAULT_CERT_DIR : nil
+          OpenSSL::X509::DEFAULT_CERT_DIR if Dir.exist?(OpenSSL::X509::DEFAULT_CERT_DIR)
         end
-
       end
     end
   end

data/lib/seahorse/client/net_http/connection_pool.rb

@@ -336,6 +336,8 @@ module Seahorse
           attr_reader :last_used
 
           def __getobj__
+            return yield if block_given? && !defined?(@http)
+
             @http
           end
 

data/lib/seahorse/client/networking_error.rb

@@ -39,7 +39,7 @@ module Seahorse
 
     end
 
-    # Rasied when trying to use an closed connection
+    # Raised when trying to use an closed connection
     class Http2ConnectionClosedError < StandardError; end
   end
 end

data/lib/seahorse/client/plugins/h2.rb

@@ -53,10 +53,10 @@ When `true`, SSL peer certificates are verified when establishing a connection.
 When `true`, HTTP2 debug output will be sent to the `:logger`.
         DOCS
 
-        option(:enable_alpn, default: false, doc_type: 'Boolean', docstring: <<-DOCS)
-Set to `true` to enable ALPN in HTTP2 over TLS. Requires Openssl version >= 1.0.2.
-Defaults to false. Note: not all service HTTP2 operations supports ALPN on server
-side, please refer to service documentation.
+        option(:enable_alpn, default: true, doc_type: 'Boolean', docstring: <<-DOCS)
+Set to `false` to disable ALPN in HTTP2 over TLS. ALPN requires Openssl version >= 1.0.2.
+Note: RFC7540 requires HTTP2 to use ALPN over TLS but some
+services may not fully support ALPN and require setting this to `false`.
         DOCS
 
         option(:logger)

data/lib/seahorse/client/response.rb

@@ -75,6 +75,8 @@ module Seahorse
       # Necessary to define as a subclass of Delegator
       # @api private
       def __getobj__
+        return yield if block_given? && !defined?(@data)
+
         @data
       end