aws-sdk-core 3.214.1 → 3.217.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 99d23d77dd74ca639579a7a2b7aab408659ad813b8e767b0ab0b6a5e43aed50d
-  data.tar.gz: ea6ada6b8cf80e872f985fc5e289b2cb1a17ab49e34d373f764d01da490af825
+  metadata.gz: 13c7508d3fe8738d7cf214927f7ce2c56291b98bd48140df95f9b870f4d47b22
+  data.tar.gz: b02761bcdae833ec72bde159bfbdebeaf31cbe6d1a133218b2431fcbb9678bef
 SHA512:
-  metadata.gz: 5d22bc46279b4f56fc95750e3dc771b5dea133a358a3b2750a4216969ec5e93ae7c9c134107eba6a2f496a1b59f9c2f020bcf58770eb9cc96e6046b9bd17f4d7
-  data.tar.gz: f678aa56840d77c47824e38e633763a9a94697750c395aeaa9220987ce852adbc32684f213e68230f3e3e9320b4d444f2179ea13965de8b70f1387ef0bd26aac
+  metadata.gz: 97147bdd4fd7e610d78e9b058cc8b0db1b4dc88dcb7ec16aa4c9f08819d3c4e6acc965ddc8591b8e52f0f34b33c2beec1a76bdf39bbb6e34b405dd8c63fbe348
+  data.tar.gz: 8290e9fae3593b24ae2247882bdaced352fb4f86989b20493473ffa84685ede8c6ff7c4e46397a5711a0eeeedbd8bee5b3b8205571babb937f25f9b9e38e35bf

data/CHANGELOG.md

@@ -1,6 +1,52 @@
 Unreleased Changes
 ------------------
 
+3.217.1 (2025-01-30)
+------------------
+
+* Issue - Add `transfer-encoding` and `connection` to list of unsigned sigv4 headers.
+
+3.217.0 (2025-01-24)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Fixed typos in the descriptions.
+
+3.216.1 (2025-01-22)
+------------------
+
+* Issue - Use epoch seconds instead of milliseconds in cbor encode/decode.
+
+* Issue - Add handling of block in response delegation (#3169). 
+
+3.216.0 (2025-01-15)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Always calculate request checksums for operations that support or require it. Supported config options are `when_supported` and `when_required`. The default value is `when_supported`. This option is configured in code with `:request_checksum_calculation`, in the shared config file as `request_checksum_calculation`, and in the ENV as `ENV['AWS_REQUEST_CHECKSUM_CALCULATION']`.
+
+* Feature - Always validate response checksums for operations that support or require it. Supported config options are `when_supported` and `when_required`. The default value is `when_supported`. This option is configured in code with `:response_checksum_validation`, in the shared config file as `response_checksum_validation`, and in the ENV as `ENV['AWS_RESPONSE_CHECKSUM_VALIDATION']`.
+
+* Feature - Support CRC64NVME checksums through the `aws-crt` gem.
+
+3.215.1 (2025-01-14)
+------------------
+
+* Issue - Fixed error when attempting to log an unlinked tempfile.
+
+3.215.0 (2025-01-10)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Fixed typos in the descriptions.
+
 3.214.1 (2024-12-28)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.214.1
+3.217.1

data/lib/aws-sdk-core/cbor/decoder.rb

@@ -61,9 +61,7 @@ module Aws
         when :tag
           case (tag = read_tag)
           when TAG_TYPE_EPOCH
-            type = peek_type
             item = decode_item
-            item /= 1000.0 if type == :integer
             Time.at(item)
           when TAG_TYPE_BIGNUM, TAG_TYPE_NEG_BIGNUM
             read_bignum(tag)

data/lib/aws-sdk-core/cbor/encoder.rb

@@ -226,8 +226,8 @@ module Aws
 
       def add_time(value)
         head(MAJOR_TYPE_TAG, TAG_TYPE_EPOCH)
-        epoch_ms = (value.to_f * 1000).to_i
-        add_integer(epoch_ms)
+        epoch = value.to_f
+        add_double(epoch)
       end
 
       def bignum_to_bytes(value)

data/lib/aws-sdk-core/log/param_formatter.rb

@@ -51,13 +51,17 @@ module Aws
         when String   then summarize_string(value)
         when Hash     then '{' + summarize_hash(value) + '}'
         when Array    then summarize_array(value)
-        when File     then summarize_file(value.path)
-        when Pathname then summarize_file(value)
+        when File     then summarize_file(value)
+        when Pathname then summarize_filepath(value)
         else value.inspect
         end
       end
 
-      def summarize_file(path)
+      def summarize_file(file)
+        "#<File:#{file.path} (#{file.size} bytes)>"
+      end
+
+      def summarize_filepath(path)
         "#<File:#{path} (#{File.size(path)} bytes)>"
       end
 

data/lib/aws-sdk-core/plugins/checksum_algorithm.rb

@@ -13,34 +13,131 @@ module Aws
         begin
           require 'aws-crt'
           supported << 'CRC32C'
+          supported << 'CRC64NVME' if Aws::Crt::GEM_VERSION >= '0.3.0'
         rescue LoadError
+          # Ignored
         end
         supported
       end.freeze
 
-      # priority order of checksum algorithms to validate responses against
-      # Remove any algorithms not supported by client (ie, depending on CRT availability)
-      CHECKSUM_ALGORITHM_PRIORITIES = %w[CRC32C SHA1 CRC32 SHA256] & CLIENT_ALGORITHMS
+      CRT_ALGORITHMS = %w[CRC32C CRC64NVME].freeze
+
+      # Priority order of checksum algorithms to validate responses against.
+      # Remove any algorithms not supported by client (ie, depending on CRT availability).
+      # This list was chosen based on average performance.
+      CHECKSUM_ALGORITHM_PRIORITIES = %w[CRC32 CRC32C CRC64NVME SHA1 SHA256] & CLIENT_ALGORITHMS
 
       # byte size of checksums, used in computing the trailer length
       CHECKSUM_SIZE = {
-        'CRC32' => 16,
-        'CRC32C' => 16,
-        'SHA1' => 36,
-        'SHA256' => 52
-      }
+        'CRC32' => 9,
+        'CRC32C' => 9,
+        'CRC64NVME' => 13,
+        # SHA functions need 1 byte padding because of how they are encoded
+        'SHA1' => 28 + 1,
+        'SHA256' => 44 + 1
+      }.freeze
+
+      DEFAULT_CHECKSUM = 'CRC32'
+
+      option(:request_checksum_calculation,
+             doc_default: 'when_supported',
+             doc_type: 'String',
+             docstring: <<~DOCS) do |cfg|
+               Determines when a checksum will be calculated for request payloads. Values are:
+
+               * `when_supported` - (default) When set, a checksum will be
+                 calculated for all request payloads of operations modeled with the
+                 `httpChecksum` trait where `requestChecksumRequired` is `true` and/or a
+                 `requestAlgorithmMember` is modeled.
+               * `when_required` - When set, a checksum will only be calculated for
+                 request payloads of operations modeled with the  `httpChecksum` trait where
+                 `requestChecksumRequired` is `true` or where a `requestAlgorithmMember`
+                 is modeled and supplied.
+             DOCS
+        resolve_request_checksum_calculation(cfg)
+      end
 
-      # Interface for computing digests on request/response bodies
-      # which may be files, strings or IO like objects
-      # Applies only to digest functions that produce 32 bit integer checksums
-      # (eg CRC32)
-      class Digest32
+      option(:response_checksum_validation,
+             doc_default: 'when_supported',
+             doc_type: 'String',
+             docstring: <<~DOCS) do |cfg|
+               Determines when checksum validation will be performed on response payloads. Values are:
+
+               * `when_supported` - (default) When set, checksum validation is performed on all
+                 response payloads of operations modeled with the `httpChecksum` trait where
+                 `responseAlgorithms` is modeled, except when no modeled checksum algorithms
+                 are supported.
+               * `when_required` - When set, checksum validation is not performed on
+                 response payloads of operations unless the checksum algorithm is supported and
+                 the `requestValidationModeMember` member is set to `ENABLED`.
+             DOCS
+        resolve_response_checksum_validation(cfg)
+      end
 
-        attr_reader :value
+      class << self
+        def digest_for_algorithm(algorithm)
+          case algorithm
+          when 'CRC32'
+            Digest.new(Zlib.method(:crc32), 'N')
+          when 'CRC32C'
+            Digest.new(Aws::Crt::Checksums.method(:crc32c), 'N')
+          when 'CRC64NVME'
+            Digest.new(Aws::Crt::Checksums.method(:crc64nvme), 'Q>')
+          when 'SHA1'
+            ::Digest::SHA1.new
+          when 'SHA256'
+            ::Digest::SHA256.new
+          else
+            raise ArgumentError,
+                  "#{algorithm} is not a supported checksum algorithm."
+          end
+        end
+
+        # The trailer size (in bytes) is the overhead (0, \r, \n) + the trailer
+        # name + the bytesize of the base64 encoded checksum.
+        def trailer_length(algorithm, location_name)
+          7 + location_name.size + CHECKSUM_SIZE[algorithm]
+        end
 
-        # @param [Object] digest_fn
-        def initialize(digest_fn)
+        private
+
+        def resolve_request_checksum_calculation(cfg)
+          mode = ENV['AWS_REQUEST_CHECKSUM_CALCULATION'] ||
+                 Aws.shared_config.request_checksum_calculation(profile: cfg.profile) ||
+                 'when_supported'
+          mode = mode.downcase
+          unless %w[when_supported when_required].include?(mode)
+            raise ArgumentError,
+                  'expected :request_checksum_calculation or' \
+                  " ENV['AWS_REQUEST_CHECKSUM_CALCULATION'] to be " \
+                  '`when_supported` or `when_required`.'
+          end
+          mode
+        end
+
+        def resolve_response_checksum_validation(cfg)
+          mode = ENV['AWS_RESPONSE_CHECKSUM_VALIDATION'] ||
+                 Aws.shared_config.response_checksum_validation(profile: cfg.profile) ||
+                 'when_supported'
+          mode = mode.downcase
+          unless %w[when_supported when_required].include?(mode)
+            raise ArgumentError,
+                  'expected :response_checksum_validation or' \
+                  " ENV['AWS_RESPONSE_CHECKSUM_VALIDATION'] to be " \
+                  '`when_supported` or `when_required`.'
+          end
+          mode
+        end
+      end
+
+      # Interface for computing digests on request/response bodies
+      # which may be files, strings or IO like objects.
+      # Applies only to digest functions that produce 32 or 64 bit
+      # integer checksums (eg CRC32 or CRC64).
+      class Digest
+        def initialize(digest_fn, directive)
           @digest_fn = digest_fn
+          @directive = directive
           @value = 0
         end
 
@@ -49,125 +146,223 @@ module Aws
         end
 
         def base64digest
-          Base64.encode64([@value].pack('N')).chomp
+          Base64.encode64([@value].pack(@directive)).chomp
         end
       end
 
       def add_handlers(handlers, _config)
         handlers.add(OptionHandler, step: :initialize)
-        # priority set low to ensure checksum is computed AFTER the request is
-        # built but before it is signed
+        # Priority is set low to ensure the checksum is computed AFTER the
+        # request is built but before it is signed.
         handlers.add(ChecksumHandler, priority: 15, step: :build)
       end
 
-      private
-
-      def self.request_algorithm_selection(context)
-        return unless context.operation.http_checksum
-
-        input_member = context.operation.http_checksum['requestAlgorithmMember']
-        context.params[input_member.to_sym]&.upcase if input_member
-      end
-
-      def self.request_validation_mode(context)
-        return unless context.operation.http_checksum
-
-        input_member = context.operation.http_checksum['requestValidationModeMember']
-        context.params[input_member.to_sym] if input_member
-      end
-
-      def self.operation_response_algorithms(context)
-        return unless context.operation.http_checksum
-
-        context.operation.http_checksum['responseAlgorithms']
-      end
-
-
-      # @api private
       class OptionHandler < Seahorse::Client::Handler
         def call(context)
           context[:http_checksum] ||= {}
 
-          # validate request configuration
-          if (request_input = ChecksumAlgorithm.request_algorithm_selection(context))
-            unless CLIENT_ALGORITHMS.include? request_input
-              if (request_input == 'CRC32C')
-                raise ArgumentError, "CRC32C requires crt support - install the aws-crt gem for support."
-              else
-                raise ArgumentError, "#{request_input} is not a supported checksum algorithm."
-              end
-            end
-          end
-
-        # validate response configuration
-          if (ChecksumAlgorithm.request_validation_mode(context))
-            # Compute an ordered list as the union between priority supported and the
-            # operation's modeled response algorithms.
-            validation_list = CHECKSUM_ALGORITHM_PRIORITIES &
-              ChecksumAlgorithm.operation_response_algorithms(context)
-            context[:http_checksum][:validation_list] = validation_list
+          # Set validation mode to enabled when supported.
+          if context.config.response_checksum_validation == 'when_supported'
+            enable_request_validation_mode(context)
           end
 
           @handler.call(context)
         end
+
+        private
+
+        def enable_request_validation_mode(context)
+          return unless context.operation.http_checksum
+
+          input_member = context.operation.http_checksum['requestValidationModeMember']
+          context.params[input_member.to_sym] ||= 'ENABLED' if input_member
+        end
       end
 
-      # @api private
       class ChecksumHandler < Seahorse::Client::Handler
-
         def call(context)
+          algorithm = nil
           if should_calculate_request_checksum?(context)
-            request_algorithm_input = ChecksumAlgorithm.request_algorithm_selection(context) ||
-                                      context[:default_request_checksum_algorithm]
-            context[:checksum_algorithms] = request_algorithm_input
-
-            request_checksum_property = {
-              'algorithm' => request_algorithm_input,
-              'in' => checksum_request_in(context),
-              'name' => "x-amz-checksum-#{request_algorithm_input.downcase}"
+            algorithm = choose_request_algorithm!(context)
+            request_algorithm = {
+              algorithm: algorithm,
+              in: checksum_request_in(context),
+              name: "x-amz-checksum-#{algorithm.downcase}",
+              request_algorithm_header: request_algorithm_header(context)
             }
 
-            calculate_request_checksum(context, request_checksum_property)
+            context[:http_checksum][:request_algorithm] = request_algorithm
+            calculate_request_checksum(context, request_algorithm)
           end
 
           if should_verify_response_checksum?(context)
             add_verify_response_checksum_handlers(context)
           end
 
-          @handler.call(context)
+          with_metrics(context.config, algorithm) { @handler.call(context) }
         end
 
         private
 
-        def should_calculate_request_checksum?(context)
+        def with_metrics(config, algorithm, &block)
+          metrics = []
+          add_request_config_metric(config, metrics)
+          add_response_config_metric(config, metrics)
+          add_request_checksum_metrics(algorithm, metrics)
+          Aws::Plugins::UserAgent.metric(*metrics, &block)
+        end
+
+        def add_request_config_metric(config, metrics)
+          case config.request_checksum_calculation
+          when 'when_supported'
+            metrics << 'FLEXIBLE_CHECKSUMS_REQ_WHEN_SUPPORTED'
+          when 'when_required'
+            metrics << 'FLEXIBLE_CHECKSUMS_REQ_WHEN_REQUIRED'
+          end
+        end
+
+        def add_response_config_metric(config, metrics)
+          case config.response_checksum_validation
+          when 'when_supported'
+            metrics << 'FLEXIBLE_CHECKSUMS_RES_WHEN_SUPPORTED'
+          when 'when_required'
+            metrics << 'FLEXIBLE_CHECKSUMS_RES_WHEN_REQUIRED'
+          end
+        end
+
+        def add_request_checksum_metrics(algorithm, metrics)
+          case algorithm
+          when 'CRC32'
+            metrics << 'FLEXIBLE_CHECKSUMS_REQ_CRC32'
+          when 'CRC32C'
+            metrics << 'FLEXIBLE_CHECKSUMS_REQ_CRC32C'
+          when 'CRC64NVME'
+            metrics << 'FLEXIBLE_CHECKSUMS_REQ_CRC64'
+          when 'SHA1'
+            metrics << 'FLEXIBLE_CHECKSUMS_REQ_SHA1'
+          when 'SHA256'
+            metrics << 'FLEXIBLE_CHECKSUMS_REQ_SHA256'
+          end
+        end
+
+        def request_algorithm_selection(context)
+          return unless context.operation.http_checksum
+
+          input_member = context.operation.http_checksum['requestAlgorithmMember']
+          context.params[input_member.to_sym] ||= DEFAULT_CHECKSUM if input_member
+        end
+
+        def request_algorithm_header(context)
+          input_member = context.operation.http_checksum['requestAlgorithmMember']
+          shape = context.operation.input.shape.member(input_member)
+          shape.location_name if shape && shape.location == 'header'
+        end
+
+        def request_validation_mode(context)
+          return unless context.operation.http_checksum
+
+          input_member = context.operation.http_checksum['requestValidationModeMember']
+          context.params[input_member.to_sym] if input_member
+        end
+
+        def operation_response_algorithms(context)
+          return unless context.operation.http_checksum
+
+          context.operation.http_checksum['responseAlgorithms']
+        end
+
+        def checksum_required?(context)
+          (http_checksum = context.operation.http_checksum) &&
+            (checksum_required = http_checksum['requestChecksumRequired']) &&
+            (checksum_required && context.config.request_checksum_calculation == 'when_required')
+        end
+
+        def checksum_optional?(context)
           context.operation.http_checksum &&
-            (ChecksumAlgorithm.request_algorithm_selection(context) ||
-              context[:default_request_checksum_algorithm])
+            context.config.request_checksum_calculation != 'when_required'
         end
 
-        def should_verify_response_checksum?(context)
-          context[:http_checksum][:validation_list] && !context[:http_checksum][:validation_list].empty?
+        def checksum_provided_as_header?(headers)
+          headers.any? { |k, _| k.start_with?('x-amz-checksum-') }
+        end
+
+        def should_calculate_request_checksum?(context)
+          !checksum_provided_as_header?(context.http_request.headers) &&
+            request_algorithm_selection(context) &&
+            (checksum_required?(context) || checksum_optional?(context))
+        end
+
+        def choose_request_algorithm!(context)
+          algorithm = request_algorithm_selection(context).upcase
+          return algorithm if CLIENT_ALGORITHMS.include?(algorithm)
+
+          if CRT_ALGORITHMS.include?(algorithm)
+            raise ArgumentError,
+                  'CRC32C and CRC64NVME requires CRT support ' \
+                  '- install the aws-crt gem'
+          end
+
+          raise ArgumentError,
+                "#{algorithm} is not a supported checksum algorithm."
+        end
+
+        def checksum_request_in(context)
+          if context.operation['unsignedPayload'] ||
+             context.operation['authtype'] == 'v4-unsigned-body'
+            'trailer'
+          else
+            'header'
+          end
         end
 
         def calculate_request_checksum(context, checksum_properties)
-          case checksum_properties['in']
+          headers = context.http_request.headers
+          if (algorithm_header = checksum_properties[:request_algorithm_header])
+            headers[algorithm_header] = checksum_properties[:algorithm]
+          end
+          case checksum_properties[:in]
           when 'header'
-            header_name = checksum_properties['name']
-            body = context.http_request.body_contents
-            if body
-              context.http_request.headers[header_name] ||=
-                ChecksumAlgorithm.calculate_checksum(checksum_properties['algorithm'], body)
-            end
+            apply_request_checksum(context, headers, checksum_properties)
           when 'trailer'
-            apply_request_trailer_checksum(context, checksum_properties)
+            apply_request_trailer_checksum(context, headers, checksum_properties)
+          else
+            # nothing
+          end
+        end
+
+        def apply_request_checksum(context, headers, checksum_properties)
+          header_name = checksum_properties[:name]
+          body = context.http_request.body_contents
+          headers[header_name] = calculate_checksum(
+            checksum_properties[:algorithm],
+            body
+          )
+        end
+
+        def calculate_checksum(algorithm, body)
+          digest = ChecksumAlgorithm.digest_for_algorithm(algorithm)
+          if body.respond_to?(:read)
+            update_in_chunks(digest, body)
+          else
+            digest.update(body)
+          end
+          digest.base64digest
+        end
+
+        def update_in_chunks(digest, io)
+          loop do
+            chunk = io.read(CHUNK_SIZE)
+            break unless chunk
+
+            digest.update(chunk)
           end
+          io.rewind
         end
 
-        def apply_request_trailer_checksum(context, checksum_properties)
-          location_name = checksum_properties['name']
+        def apply_request_trailer_checksum(context, headers, checksum_properties)
+          location_name = checksum_properties[:name]
 
           # set required headers
-          headers = context.http_request.headers
           headers['Content-Encoding'] = 'aws-chunked'
           headers['X-Amz-Content-Sha256'] = 'STREAMING-UNSIGNED-PAYLOAD-TRAILER'
           headers['X-Amz-Trailer'] = location_name
@@ -176,121 +371,88 @@ module Aws
           # to set the Content-Length header (set by content_length plugin).
           # This means we cannot use Transfer-Encoding=chunked
 
-          if !context.http_request.body.respond_to?(:size)
+          unless context.http_request.body.respond_to?(:size)
             raise Aws::Errors::ChecksumError, 'Could not determine length of the body'
           end
           headers['X-Amz-Decoded-Content-Length'] = context.http_request.body.size
 
           context.http_request.body = AwsChunkedTrailerDigestIO.new(
             context.http_request.body,
-            checksum_properties['algorithm'],
+            checksum_properties[:algorithm],
             location_name
           )
         end
 
+        def should_verify_response_checksum?(context)
+          request_validation_mode(context) == 'ENABLED'
+        end
+
         # Add events to the http_response to verify the checksum as its read
         # This prevents the body from being read multiple times
         # verification is done only once a successful response has completed
         def add_verify_response_checksum_handlers(context)
-          http_response = context.http_response
-          checksum_context = { }
-          http_response.on_headers do |_status, headers|
-            header_name, algorithm = response_header_to_verify(headers, context[:http_checksum][:validation_list])
-            if header_name
-              expected = headers[header_name]
-
-              unless context[:http_checksum][:skip_on_suffix] && /-[\d]+$/.match(expected)
-                checksum_context[:algorithm] = algorithm
-                checksum_context[:header_name] = header_name
-                checksum_context[:digest] = ChecksumAlgorithm.digest_for_algorithm(algorithm)
-                checksum_context[:expected] = expected
-              end
-            end
-          end
+          checksum_context = {}
+          add_verify_response_headers_handler(context, checksum_context)
+          add_verify_response_data_handler(context, checksum_context)
+          add_verify_response_success_handler(context, checksum_context)
+        end
 
-          http_response.on_data do |chunk|
-            checksum_context[:digest].update(chunk) if checksum_context[:digest]
+        def add_verify_response_headers_handler(context, checksum_context)
+          validation_list = CHECKSUM_ALGORITHM_PRIORITIES &
+                            operation_response_algorithms(context)
+          context[:http_checksum][:validation_list] = validation_list
+
+          context.http_response.on_headers do |_status, headers|
+            header_name, algorithm = response_header_to_verify(
+              headers,
+              validation_list
+            )
+            next unless header_name
+
+            expected = headers[header_name]
+            next if context[:http_checksum][:skip_on_suffix] && /-\d+$/.match(expected)
+
+            checksum_context[:algorithm] = algorithm
+            checksum_context[:header_name] = header_name
+            checksum_context[:digest] = ChecksumAlgorithm.digest_for_algorithm(algorithm)
+            checksum_context[:expected] = expected
           end
+        end
 
-          http_response.on_success do
-            if checksum_context[:digest] &&
-              (computed = checksum_context[:digest].base64digest)
+        def add_verify_response_data_handler(context, checksum_context)
+          context.http_response.on_data do |chunk|
+            checksum_context[:digest]&.update(chunk)
+          end
+        end
 
-              if computed != checksum_context[:expected]
-                raise Aws::Errors::ChecksumError,
-                      "Checksum validation failed on #{checksum_context[:header_name]} "\
-                      "computed: #{computed}, expected: #{checksum_context[:expected]}"
-              end
+        def add_verify_response_success_handler(context, checksum_context)
+          context.http_response.on_success do
+            next unless checksum_context[:digest]
 
+            computed = checksum_context[:digest].base64digest
+            if computed == checksum_context[:expected]
               context[:http_checksum][:validated] = checksum_context[:algorithm]
+            else
+              raise Aws::Errors::ChecksumError,
+                    "Checksum validation failed on #{checksum_context[:header_name]} "\
+                    "computed: #{computed}, expected: #{checksum_context[:expected]}"
             end
           end
         end
 
-        # returns nil if no headers to verify
         def response_header_to_verify(headers, validation_list)
           validation_list.each do |algorithm|
-            header_name = "x-amz-checksum-#{algorithm}"
+            header_name = "x-amz-checksum-#{algorithm.downcase}"
             return [header_name, algorithm] if headers[header_name]
           end
           nil
         end
-
-        # determine where (header vs trailer) a request checksum should be added
-        def checksum_request_in(context)
-          if context.operation['unsignedPayload'] ||
-             context.operation['authtype'] == 'v4-unsigned-body'
-            'trailer'
-          else
-            'header'
-          end
-        end
-
-      end
-
-      def self.calculate_checksum(algorithm, body)
-        digest = ChecksumAlgorithm.digest_for_algorithm(algorithm)
-        if body.respond_to?(:read)
-          ChecksumAlgorithm.update_in_chunks(digest, body)
-        else
-          digest.update(body)
-        end
-        digest.base64digest
-      end
-
-      def self.digest_for_algorithm(algorithm)
-        case algorithm
-        when 'CRC32'
-          Digest32.new(Zlib.method(:crc32))
-        when 'CRC32C'
-          # this will only be used if input algorithm is CRC32C AND client supports it (crt available)
-          Digest32.new(Aws::Crt::Checksums.method(:crc32c))
-        when 'SHA1'
-          Digest::SHA1.new
-        when 'SHA256'
-          Digest::SHA256.new
-        end
-      end
-
-      # The trailer size (in bytes) is the overhead + the trailer name +
-      # the length of the base64 encoded checksum
-      def self.trailer_length(algorithm, location_name)
-        CHECKSUM_SIZE[algorithm] + location_name.size
-      end
-
-      def self.update_in_chunks(digest, io)
-        loop do
-          chunk = io.read(CHUNK_SIZE)
-          break unless chunk
-          digest.update(chunk)
-        end
-        io.rewind
       end
 
       # Wrapper for request body that implements application-layer
       # chunking with Digest computed on chunks + added as a trailer
       class AwsChunkedTrailerDigestIO
-        CHUNK_SIZE = 16384
+        CHUNK_SIZE = 16_384
 
         def initialize(io, algorithm, location_name)
           @io = io
@@ -331,7 +493,7 @@ module Aws
           else
             trailers = {}
             trailers[@location_name] = @digest.base64digest
-            trailers = trailers.map { |k,v| "#{k}:#{v}"}.join("\r\n")
+            trailers = trailers.map { |k,v| "#{k}:#{v}" }.join("\r\n")
             @trailer_io = StringIO.new("0\r\n#{trailers}\r\n\r\n")
             chunk = @trailer_io.read(length, buf)
           end

data/lib/aws-sdk-core/plugins/http_checksum.rb

@@ -11,8 +11,8 @@ module Aws
         CHUNK_SIZE = 1 * 1024 * 1024 # one MB
 
         def call(context)
-          if checksum_required?(context) &&
-             !context[:checksum_algorithms] && # skip in favor of flexible checksum
+          if context.operation.http_checksum_required &&
+             !context[:http_checksum][:request_algorithm] && # skip in favor of flexible checksum
              !context[:s3_express_endpoint] # s3 express endpoints do not support md5
             body = context.http_request.body
             context.http_request.headers['Content-Md5'] ||= md5(body)
@@ -22,12 +22,6 @@ module Aws
 
         private
 
-        def checksum_required?(context)
-          context.operation.http_checksum_required ||
-            (context.operation.http_checksum &&
-              context.operation.http_checksum['requestChecksumRequired'])
-        end
-
         # @param [File, Tempfile, IO#read, String] value
         # @return [String<MD5>]
         def md5(value)

data/lib/aws-sdk-core/plugins/sign.rb

@@ -113,7 +113,7 @@ module Aws
               signing_algorithm: scheme_name.to_sym,
               uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
               normalize_path: !!!auth_scheme['disableNormalizePath'],
-              unsigned_headers: %w[content-length user-agent x-amzn-trace-id]
+              unsigned_headers: %w[content-length user-agent x-amzn-trace-id expect transfer-encoding connection]
             )
           rescue Aws::Sigv4::Errors::MissingCredentialsError
             raise Aws::Errors::MissingCredentialsError

data/lib/aws-sdk-core/plugins/user_agent.rb

@@ -25,7 +25,16 @@ module Aws
           "ACCOUNT_ID_MODE_DISABLED": "Q",
           "ACCOUNT_ID_MODE_REQUIRED": "R",
           "SIGV4A_SIGNING": "S",
-          "RESOLVED_ACCOUNT_ID": "T"
+          "RESOLVED_ACCOUNT_ID": "T",
+          "FLEXIBLE_CHECKSUMS_REQ_CRC32" : "U",
+          "FLEXIBLE_CHECKSUMS_REQ_CRC32C" : "V",
+          "FLEXIBLE_CHECKSUMS_REQ_CRC64" : "W",
+          "FLEXIBLE_CHECKSUMS_REQ_SHA1" : "X",
+          "FLEXIBLE_CHECKSUMS_REQ_SHA256" : "Y",
+          "FLEXIBLE_CHECKSUMS_REQ_WHEN_SUPPORTED" : "Z",
+          "FLEXIBLE_CHECKSUMS_REQ_WHEN_REQUIRED" : "a",
+          "FLEXIBLE_CHECKSUMS_RES_WHEN_SUPPORTED" : "b",
+          "FLEXIBLE_CHECKSUMS_RES_WHEN_REQUIRED" : "c"
         }
       METRICS
 

data/lib/aws-sdk-core/shared_config.rb

@@ -212,6 +212,8 @@ module Aws
       :retry_mode,
       :adaptive_retry_wait_to_fill,
       :correct_clock_skew,
+      :request_checksum_calculation,
+      :response_checksum_validation,
       :csm_client_id,
       :csm_enabled,
       :csm_host,

data/lib/aws-sdk-sso/client.rb

@@ -257,11 +257,34 @@ module Aws::SSO
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [String] :request_checksum_calculation ("when_supported")
+    #     Determines when a checksum will be calculated for request payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, a checksum will be
+    #       calculated for all request payloads of operations modeled with the
+    #       `httpChecksum` trait where `requestChecksumRequired` is `true` and/or a
+    #       `requestAlgorithmMember` is modeled.
+    #     * `when_required` - When set, a checksum will only be calculated for
+    #       request payloads of operations modeled with the  `httpChecksum` trait where
+    #       `requestChecksumRequired` is `true` or where a `requestAlgorithmMember`
+    #       is modeled and supplied.
+    #
     #   @option options [Integer] :request_min_compression_size_bytes (10240)
     #     The minimum size in bytes that triggers compression for request
     #     bodies. The value must be non-negative integer value between 0
     #     and 10485780 bytes inclusive.
     #
+    #   @option options [String] :response_checksum_validation ("when_supported")
+    #     Determines when checksum validation will be performed on response payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, checksum validation is performed on all
+    #       response payloads of operations modeled with the `httpChecksum` trait where
+    #       `responseAlgorithms` is modeled, except when no modeled checksum algorithms
+    #       are supported.
+    #     * `when_required` - When set, checksum validation is not performed on
+    #       response payloads of operations unless the checksum algorithm is supported and
+    #       the `requestValidationModeMember` member is set to `ENABLED`.
+    #
     #   @option options [Proc] :retry_backoff
     #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
     #     This option is only used in the `legacy` retry mode.
@@ -669,7 +692,7 @@ module Aws::SSO
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.214.1'
+      context[:gem_version] = '3.217.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso.rb

@@ -56,7 +56,7 @@ module Aws::SSO
   autoload :EndpointProvider, 'aws-sdk-sso/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-sso/endpoints'
 
-  GEM_VERSION = '3.214.1'
+  GEM_VERSION = '3.217.1'
 
 end
 

data/lib/aws-sdk-ssooidc/client.rb

@@ -257,11 +257,34 @@ module Aws::SSOOIDC
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [String] :request_checksum_calculation ("when_supported")
+    #     Determines when a checksum will be calculated for request payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, a checksum will be
+    #       calculated for all request payloads of operations modeled with the
+    #       `httpChecksum` trait where `requestChecksumRequired` is `true` and/or a
+    #       `requestAlgorithmMember` is modeled.
+    #     * `when_required` - When set, a checksum will only be calculated for
+    #       request payloads of operations modeled with the  `httpChecksum` trait where
+    #       `requestChecksumRequired` is `true` or where a `requestAlgorithmMember`
+    #       is modeled and supplied.
+    #
     #   @option options [Integer] :request_min_compression_size_bytes (10240)
     #     The minimum size in bytes that triggers compression for request
     #     bodies. The value must be non-negative integer value between 0
     #     and 10485780 bytes inclusive.
     #
+    #   @option options [String] :response_checksum_validation ("when_supported")
+    #     Determines when checksum validation will be performed on response payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, checksum validation is performed on all
+    #       response payloads of operations modeled with the `httpChecksum` trait where
+    #       `responseAlgorithms` is modeled, except when no modeled checksum algorithms
+    #       are supported.
+    #     * `when_required` - When set, checksum validation is not performed on
+    #       response payloads of operations unless the checksum algorithm is supported and
+    #       the `requestValidationModeMember` member is set to `ENABLED`.
+    #
     #   @option options [Proc] :retry_backoff
     #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
     #     This option is only used in the `legacy` retry mode.
@@ -449,7 +472,7 @@ module Aws::SSOOIDC
 
     # Creates and returns access and refresh tokens for clients that are
     # authenticated using client secrets. The access token can be used to
-    # fetch short-term credentials for the assigned AWS accounts or to
+    # fetch short-lived credentials for the assigned AWS accounts or to
     # access application APIs using `bearer` authentication.
     #
     # @option params [required, String] :client_id
@@ -461,30 +484,28 @@ module Aws::SSOOIDC
     #   the persisted result of the RegisterClient API.
     #
     # @option params [required, String] :grant_type
-    #   Supports the following OAuth grant types: Device Code and Refresh
-    #   Token. Specify either of the following values, depending on the grant
-    #   type that you want:
+    #   Supports the following OAuth grant types: Authorization Code, Device
+    #   Code, and Refresh Token. Specify one of the following values,
+    #   depending on the grant type that you want:
+    #
+    #   * Authorization Code - `authorization_code`
     #
     #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
     #
     #   * Refresh Token - `refresh_token`
     #
-    #   For information about how to obtain the device code, see the
-    #   StartDeviceAuthorization topic.
-    #
     # @option params [String] :device_code
     #   Used only when calling this API for the Device Code grant type. This
-    #   short-term code is used to identify this authorization request. This
+    #   short-lived code is used to identify this authorization request. This
     #   comes from the result of the StartDeviceAuthorization API.
     #
     # @option params [String] :code
     #   Used only when calling this API for the Authorization Code grant type.
-    #   The short-term code is used to identify this authorization request.
-    #   This grant type is currently unsupported for the CreateToken API.
+    #   The short-lived code is used to identify this authorization request.
     #
     # @option params [String] :refresh_token
     #   Used only when calling this API for the Refresh Token grant type. This
-    #   token is used to refresh short-term tokens, such as the access token,
+    #   token is used to refresh short-lived tokens, such as the access token,
     #   that might expire.
     #
     #   For more information about the features and limitations of the current
@@ -590,7 +611,7 @@ module Aws::SSOOIDC
 
     # Creates and returns access and refresh tokens for clients and
     # applications that are authenticated using IAM entities. The access
-    # token can be used to fetch short-term credentials for the assigned
+    # token can be used to fetch short-lived credentials for the assigned
     # Amazon Web Services accounts or to access application APIs using
     # `bearer` authentication.
     #
@@ -613,14 +634,14 @@ module Aws::SSOOIDC
     #
     # @option params [String] :code
     #   Used only when calling this API for the Authorization Code grant type.
-    #   This short-term code is used to identify this authorization request.
+    #   This short-lived code is used to identify this authorization request.
     #   The code is obtained through a redirect from IAM Identity Center to a
     #   redirect URI persisted in the Authorization Code GrantOptions for the
     #   application.
     #
     # @option params [String] :refresh_token
     #   Used only when calling this API for the Refresh Token grant type. This
-    #   token is used to refresh short-term tokens, such as the access token,
+    #   token is used to refresh short-lived tokens, such as the access token,
     #   that might expire.
     #
     #   For more information about the features and limitations of the current
@@ -823,9 +844,10 @@ module Aws::SSOOIDC
       req.send_request(options)
     end
 
-    # Registers a client with IAM Identity Center. This allows clients to
-    # initiate device authorization. The output should be persisted for
-    # reuse through many authentication requests.
+    # Registers a public client with IAM Identity Center. This allows
+    # clients to perform authorization using the authorization
+    # code grant with Proof Key for Code Exchange (PKCE) or the device
+    # code grant.
     #
     # @option params [required, String] :client_name
     #   The friendly name of the client.
@@ -847,7 +869,14 @@ module Aws::SSOOIDC
     # @option params [Array<String>] :grant_types
     #   The list of OAuth 2.0 grant types that are defined by the client. This
     #   list is used to restrict the token granting flows available to the
-    #   client.
+    #   client. Supports the following OAuth 2.0 grant types: Authorization
+    #   Code, Device Code, and Refresh Token.
+    #
+    #   * Authorization Code - `authorization_code`
+    #
+    #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
+    #
+    #   * Refresh Token - `refresh_token`
     #
     # @option params [String] :issuer_url
     #   The IAM Identity Center Issuer URL associated with an instance of IAM
@@ -1022,7 +1051,7 @@ module Aws::SSOOIDC
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.214.1'
+      context[:gem_version] = '3.217.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ssooidc/types.rb

@@ -64,34 +64,32 @@ module Aws::SSOOIDC
     #   @return [String]
     #
     # @!attribute [rw] grant_type
-    #   Supports the following OAuth grant types: Device Code and Refresh
-    #   Token. Specify either of the following values, depending on the
-    #   grant type that you want:
+    #   Supports the following OAuth grant types: Authorization Code, Device
+    #   Code, and Refresh Token. Specify one of the following values,
+    #   depending on the grant type that you want:
+    #
+    #   * Authorization Code - `authorization_code`
     #
     #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
     #
     #   * Refresh Token - `refresh_token`
-    #
-    #   For information about how to obtain the device code, see the
-    #   StartDeviceAuthorization topic.
     #   @return [String]
     #
     # @!attribute [rw] device_code
     #   Used only when calling this API for the Device Code grant type. This
-    #   short-term code is used to identify this authorization request. This
-    #   comes from the result of the StartDeviceAuthorization API.
+    #   short-lived code is used to identify this authorization request.
+    #   This comes from the result of the StartDeviceAuthorization API.
     #   @return [String]
     #
     # @!attribute [rw] code
     #   Used only when calling this API for the Authorization Code grant
-    #   type. The short-term code is used to identify this authorization
-    #   request. This grant type is currently unsupported for the
-    #   CreateToken API.
+    #   type. The short-lived code is used to identify this authorization
+    #   request.
     #   @return [String]
     #
     # @!attribute [rw] refresh_token
     #   Used only when calling this API for the Refresh Token grant type.
-    #   This token is used to refresh short-term tokens, such as the access
+    #   This token is used to refresh short-lived tokens, such as the access
     #   token, that might expire.
     #
     #   For more information about the features and limitations of the
@@ -217,7 +215,7 @@ module Aws::SSOOIDC
     #
     # @!attribute [rw] code
     #   Used only when calling this API for the Authorization Code grant
-    #   type. This short-term code is used to identify this authorization
+    #   type. This short-lived code is used to identify this authorization
     #   request. The code is obtained through a redirect from IAM Identity
     #   Center to a redirect URI persisted in the Authorization Code
     #   GrantOptions for the application.
@@ -225,7 +223,7 @@ module Aws::SSOOIDC
     #
     # @!attribute [rw] refresh_token
     #   Used only when calling this API for the Refresh Token grant type.
-    #   This token is used to refresh short-term tokens, such as the access
+    #   This token is used to refresh short-lived tokens, such as the access
     #   token, that might expire.
     #
     #   For more information about the features and limitations of the
@@ -606,7 +604,14 @@ module Aws::SSOOIDC
     # @!attribute [rw] grant_types
     #   The list of OAuth 2.0 grant types that are defined by the client.
     #   This list is used to restrict the token granting flows available to
-    #   the client.
+    #   the client. Supports the following OAuth 2.0 grant types:
+    #   Authorization Code, Device Code, and Refresh Token.
+    #
+    #   * Authorization Code - `authorization_code`
+    #
+    #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
+    #
+    #   * Refresh Token - `refresh_token`
     #   @return [Array<String>]
     #
     # @!attribute [rw] issuer_url

data/lib/aws-sdk-ssooidc.rb

@@ -56,7 +56,7 @@ module Aws::SSOOIDC
   autoload :EndpointProvider, 'aws-sdk-ssooidc/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-ssooidc/endpoints'
 
-  GEM_VERSION = '3.214.1'
+  GEM_VERSION = '3.217.1'
 
 end
 

data/lib/aws-sdk-sts/client.rb

@@ -259,11 +259,34 @@ module Aws::STS
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [String] :request_checksum_calculation ("when_supported")
+    #     Determines when a checksum will be calculated for request payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, a checksum will be
+    #       calculated for all request payloads of operations modeled with the
+    #       `httpChecksum` trait where `requestChecksumRequired` is `true` and/or a
+    #       `requestAlgorithmMember` is modeled.
+    #     * `when_required` - When set, a checksum will only be calculated for
+    #       request payloads of operations modeled with the  `httpChecksum` trait where
+    #       `requestChecksumRequired` is `true` or where a `requestAlgorithmMember`
+    #       is modeled and supplied.
+    #
     #   @option options [Integer] :request_min_compression_size_bytes (10240)
     #     The minimum size in bytes that triggers compression for request
     #     bodies. The value must be non-negative integer value between 0
     #     and 10485780 bytes inclusive.
     #
+    #   @option options [String] :response_checksum_validation ("when_supported")
+    #     Determines when checksum validation will be performed on response payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, checksum validation is performed on all
+    #       response payloads of operations modeled with the `httpChecksum` trait where
+    #       `responseAlgorithms` is modeled, except when no modeled checksum algorithms
+    #       are supported.
+    #     * `when_required` - When set, checksum validation is not performed on
+    #       response payloads of operations unless the checksum algorithm is supported and
+    #       the `requestValidationModeMember` member is set to `ENABLED`.
+    #
     #   @option options [Proc] :retry_backoff
     #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
     #     This option is only used in the `legacy` retry mode.
@@ -831,7 +854,7 @@ module Aws::STS
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
     #   spaces. You can also include underscores or any of the following
-    #   characters: =,.@-. You cannot use a value that begins with the text
+    #   characters: +=,.@-. You cannot use a value that begins with the text
     #   `aws:`. This prefix is reserved for Amazon Web Services internal use.
     #
     #
@@ -1514,8 +1537,9 @@ module Aws::STS
     #   authenticating the user who is using your application with a web
     #   identity provider before the application makes an
     #   `AssumeRoleWithWebIdentity` call. Timestamps in the token must be
-    #   formatted as either an integer or a long integer. Only tokens with RSA
-    #   algorithms (RS256) are supported.
+    #   formatted as either an integer or a long integer. Tokens must be
+    #   signed using either RSA keys (RS256, RS384, or RS512) or ECDSA keys
+    #   (ES256, ES384, or ES512).
     #
     # @option params [String] :provider_id
     #   The fully qualified host component of the domain name of the OAuth 2.0
@@ -1708,14 +1732,14 @@ module Aws::STS
     end
 
     # Returns a set of short term credentials you can use to perform
-    # privileged tasks in a member account.
+    # privileged tasks on a member account in your organization.
     #
-    # Before you can launch a privileged session, you must have enabled
-    # centralized root access in your organization. For steps to enable this
-    # feature, see [Centralize root access for member accounts][1] in the
-    # *IAM User Guide*.
+    # Before you can launch a privileged session, you must have centralized
+    # root access in your organization. For steps to enable this feature,
+    # see [Centralize root access for member accounts][1] in the *IAM User
+    # Guide*.
     #
-    # <note markdown="1"> The global endpoint is not supported for AssumeRoot. You must send
+    # <note markdown="1"> The STS global endpoint is not supported for AssumeRoot. You must send
     # this request to a Regional STS endpoint. For more information, see
     # [Endpoints][2].
     #
@@ -1737,9 +1761,7 @@ module Aws::STS
     # @option params [required, Types::PolicyDescriptorType] :task_policy_arn
     #   The identity based policy that scopes the session to the privileged
     #   tasks that can be performed. You can use one of following Amazon Web
-    #   Services managed policies to scope root session actions. You can add
-    #   additional customer managed policies to further limit the permissions
-    #   for the root session.
+    #   Services managed policies to scope root session actions.
     #
     #   * [IAMAuditRootUserCredentials][1]
     #
@@ -2573,7 +2595,7 @@ module Aws::STS
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.214.1'
+      context[:gem_version] = '3.217.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts/types.rb

@@ -291,7 +291,7 @@ module Aws::STS
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
     #   spaces. You can also include underscores or any of the following
-    #   characters: =,.@-. You cannot use a value that begins with the text
+    #   characters: +=,.@-. You cannot use a value that begins with the text
     #   `aws:`. This prefix is reserved for Amazon Web Services internal
     #   use.
     #
@@ -717,8 +717,9 @@ module Aws::STS
     #   token by authenticating the user who is using your application with
     #   a web identity provider before the application makes an
     #   `AssumeRoleWithWebIdentity` call. Timestamps in the token must be
-    #   formatted as either an integer or a long integer. Only tokens with
-    #   RSA algorithms (RS256) are supported.
+    #   formatted as either an integer or a long integer. Tokens must be
+    #   signed using either RSA keys (RS256, RS384, or RS512) or ECDSA keys
+    #   (ES256, ES384, or ES512).
     #   @return [String]
     #
     # @!attribute [rw] provider_id
@@ -961,9 +962,7 @@ module Aws::STS
     # @!attribute [rw] task_policy_arn
     #   The identity based policy that scopes the session to the privileged
     #   tasks that can be performed. You can use one of following Amazon Web
-    #   Services managed policies to scope root session actions. You can add
-    #   additional customer managed policies to further limit the
-    #   permissions for the root session.
+    #   Services managed policies to scope root session actions.
     #
     #   * [IAMAuditRootUserCredentials][1]
     #

data/lib/aws-sdk-sts.rb

@@ -56,7 +56,7 @@ module Aws::STS
   autoload :EndpointProvider, 'aws-sdk-sts/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-sts/endpoints'
 
-  GEM_VERSION = '3.214.1'
+  GEM_VERSION = '3.217.1'
 
 end
 

data/lib/seahorse/client/response.rb

@@ -75,6 +75,8 @@ module Seahorse
       # Necessary to define as a subclass of Delegator
       # @api private
       def __getobj__
+        return yield if block_given? && !defined?(@data)
+
         @data
       end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.214.1
+  version: 3.217.1
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-28 00:00:00.000000000 Z
+date: 2025-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath