aws-sdk-core 3.215.0 → 3.222.1

data/lib/aws-sdk-ssooidc/types.rb

@@ -53,6 +53,25 @@ module Aws::SSOOIDC
       include Aws::Structure
     end
 
+    # This structure contains Amazon Web Services-specific parameter
+    # extensions for the token endpoint responses and includes the identity
+    # context.
+    #
+    # @!attribute [rw] identity_context
+    #   STS context assertion that carries a user identifier to the Amazon
+    #   Web Services service that it calls and can be used to obtain an
+    #   identity-enhanced IAM role session. This value corresponds to the
+    #   `sts:identity_context` claim in the ID token.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/AwsAdditionalDetails AWS API Documentation
+    #
+    class AwsAdditionalDetails < Struct.new(
+      :identity_context)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] client_id
     #   The unique identifier string for the client or application. This
     #   value comes from the result of the RegisterClient API.
@@ -64,34 +83,32 @@ module Aws::SSOOIDC
     #   @return [String]
     #
     # @!attribute [rw] grant_type
-    #   Supports the following OAuth grant types: Device Code and Refresh
-    #   Token. Specify either of the following values, depending on the
-    #   grant type that you want:
+    #   Supports the following OAuth grant types: Authorization Code, Device
+    #   Code, and Refresh Token. Specify one of the following values,
+    #   depending on the grant type that you want:
+    #
+    #   * Authorization Code - `authorization_code`
     #
     #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
     #
     #   * Refresh Token - `refresh_token`
-    #
-    #   For information about how to obtain the device code, see the
-    #   StartDeviceAuthorization topic.
     #   @return [String]
     #
     # @!attribute [rw] device_code
     #   Used only when calling this API for the Device Code grant type. This
-    #   short-term code is used to identify this authorization request. This
-    #   comes from the result of the StartDeviceAuthorization API.
+    #   short-lived code is used to identify this authorization request.
+    #   This comes from the result of the StartDeviceAuthorization API.
     #   @return [String]
     #
     # @!attribute [rw] code
     #   Used only when calling this API for the Authorization Code grant
-    #   type. The short-term code is used to identify this authorization
-    #   request. This grant type is currently unsupported for the
-    #   CreateToken API.
+    #   type. The short-lived code is used to identify this authorization
+    #   request.
     #   @return [String]
     #
     # @!attribute [rw] refresh_token
     #   Used only when calling this API for the Refresh Token grant type.
-    #   This token is used to refresh short-term tokens, such as the access
+    #   This token is used to refresh short-lived tokens, such as the access
     #   token, that might expire.
     #
     #   For more information about the features and limitations of the
@@ -217,7 +234,7 @@ module Aws::SSOOIDC
     #
     # @!attribute [rw] code
     #   Used only when calling this API for the Authorization Code grant
-    #   type. This short-term code is used to identify this authorization
+    #   type. This short-lived code is used to identify this authorization
     #   request. The code is obtained through a redirect from IAM Identity
     #   Center to a redirect URI persisted in the Authorization Code
     #   GrantOptions for the application.
@@ -225,7 +242,7 @@ module Aws::SSOOIDC
     #
     # @!attribute [rw] refresh_token
     #   Used only when calling this API for the Refresh Token grant type.
-    #   This token is used to refresh short-term tokens, such as the access
+    #   This token is used to refresh short-lived tokens, such as the access
     #   token, that might expire.
     #
     #   For more information about the features and limitations of the
@@ -358,6 +375,13 @@ module Aws::SSOOIDC
     #   token that is issued is limited to the scopes that are granted.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] aws_additional_details
+    #   A structure containing information from the `idToken`. Only the
+    #   `identityContext` is in it, which is a value extracted from the
+    #   `idToken`. This provides direct access to identity information
+    #   without requiring JWT parsing.
+    #   @return [Types::AwsAdditionalDetails]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAMResponse AWS API Documentation
     #
     class CreateTokenWithIAMResponse < Struct.new(
@@ -367,7 +391,8 @@ module Aws::SSOOIDC
       :refresh_token,
       :id_token,
       :issued_token_type,
-      :scope)
+      :scope,
+      :aws_additional_details)
       SENSITIVE = [:access_token, :refresh_token, :id_token]
       include Aws::Structure
     end
@@ -606,7 +631,14 @@ module Aws::SSOOIDC
     # @!attribute [rw] grant_types
     #   The list of OAuth 2.0 grant types that are defined by the client.
     #   This list is used to restrict the token granting flows available to
-    #   the client.
+    #   the client. Supports the following OAuth 2.0 grant types:
+    #   Authorization Code, Device Code, and Refresh Token.
+    #
+    #   * Authorization Code - `authorization_code`
+    #
+    #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
+    #
+    #   * Refresh Token - `refresh_token`
     #   @return [Array<String>]
     #
     # @!attribute [rw] issuer_url

data/lib/aws-sdk-ssooidc.rb

@@ -56,7 +56,7 @@ module Aws::SSOOIDC
   autoload :EndpointProvider, 'aws-sdk-ssooidc/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-ssooidc/endpoints'
 
-  GEM_VERSION = '3.215.0'
+  GEM_VERSION = '3.222.1'
 
 end
 

data/lib/aws-sdk-sts/client.rb

@@ -7,35 +7,35 @@
 #
 # WARNING ABOUT GENERATED CODE
 
-require 'seahorse/client/plugins/content_length.rb'
-require 'aws-sdk-core/plugins/credentials_configuration.rb'
-require 'aws-sdk-core/plugins/logging.rb'
-require 'aws-sdk-core/plugins/param_converter.rb'
-require 'aws-sdk-core/plugins/param_validator.rb'
-require 'aws-sdk-core/plugins/user_agent.rb'
-require 'aws-sdk-core/plugins/helpful_socket_errors.rb'
-require 'aws-sdk-core/plugins/retry_errors.rb'
-require 'aws-sdk-core/plugins/global_configuration.rb'
-require 'aws-sdk-core/plugins/regional_endpoint.rb'
-require 'aws-sdk-core/plugins/endpoint_discovery.rb'
-require 'aws-sdk-core/plugins/endpoint_pattern.rb'
-require 'aws-sdk-core/plugins/response_paging.rb'
-require 'aws-sdk-core/plugins/stub_responses.rb'
-require 'aws-sdk-core/plugins/idempotency_token.rb'
-require 'aws-sdk-core/plugins/invocation_id.rb'
-require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
-require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
-require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
-require 'aws-sdk-core/plugins/transfer_encoding.rb'
-require 'aws-sdk-core/plugins/http_checksum.rb'
-require 'aws-sdk-core/plugins/checksum_algorithm.rb'
-require 'aws-sdk-core/plugins/request_compression.rb'
-require 'aws-sdk-core/plugins/defaults_mode.rb'
-require 'aws-sdk-core/plugins/recursion_detection.rb'
-require 'aws-sdk-core/plugins/telemetry.rb'
-require 'aws-sdk-core/plugins/sign.rb'
-require 'aws-sdk-core/plugins/protocols/query.rb'
-require 'aws-sdk-sts/plugins/sts_regional_endpoints.rb'
+require 'seahorse/client/plugins/content_length'
+require 'aws-sdk-core/plugins/credentials_configuration'
+require 'aws-sdk-core/plugins/logging'
+require 'aws-sdk-core/plugins/param_converter'
+require 'aws-sdk-core/plugins/param_validator'
+require 'aws-sdk-core/plugins/user_agent'
+require 'aws-sdk-core/plugins/helpful_socket_errors'
+require 'aws-sdk-core/plugins/retry_errors'
+require 'aws-sdk-core/plugins/global_configuration'
+require 'aws-sdk-core/plugins/regional_endpoint'
+require 'aws-sdk-core/plugins/endpoint_discovery'
+require 'aws-sdk-core/plugins/endpoint_pattern'
+require 'aws-sdk-core/plugins/response_paging'
+require 'aws-sdk-core/plugins/stub_responses'
+require 'aws-sdk-core/plugins/idempotency_token'
+require 'aws-sdk-core/plugins/invocation_id'
+require 'aws-sdk-core/plugins/jsonvalue_converter'
+require 'aws-sdk-core/plugins/client_metrics_plugin'
+require 'aws-sdk-core/plugins/client_metrics_send_plugin'
+require 'aws-sdk-core/plugins/transfer_encoding'
+require 'aws-sdk-core/plugins/http_checksum'
+require 'aws-sdk-core/plugins/checksum_algorithm'
+require 'aws-sdk-core/plugins/request_compression'
+require 'aws-sdk-core/plugins/defaults_mode'
+require 'aws-sdk-core/plugins/recursion_detection'
+require 'aws-sdk-core/plugins/telemetry'
+require 'aws-sdk-core/plugins/sign'
+require 'aws-sdk-core/plugins/protocols/query'
+require 'aws-sdk-sts/plugins/sts_regional_endpoints'
 
 module Aws::STS
   # An API client for STS.  To construct a client, you need to configure a `:region` and `:credentials`.
@@ -259,11 +259,34 @@ module Aws::STS
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [String] :request_checksum_calculation ("when_supported")
+    #     Determines when a checksum will be calculated for request payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, a checksum will be
+    #       calculated for all request payloads of operations modeled with the
+    #       `httpChecksum` trait where `requestChecksumRequired` is `true` and/or a
+    #       `requestAlgorithmMember` is modeled.
+    #     * `when_required` - When set, a checksum will only be calculated for
+    #       request payloads of operations modeled with the  `httpChecksum` trait where
+    #       `requestChecksumRequired` is `true` or where a `requestAlgorithmMember`
+    #       is modeled and supplied.
+    #
     #   @option options [Integer] :request_min_compression_size_bytes (10240)
     #     The minimum size in bytes that triggers compression for request
     #     bodies. The value must be non-negative integer value between 0
     #     and 10485780 bytes inclusive.
     #
+    #   @option options [String] :response_checksum_validation ("when_supported")
+    #     Determines when checksum validation will be performed on response payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, checksum validation is performed on all
+    #       response payloads of operations modeled with the `httpChecksum` trait where
+    #       `responseAlgorithms` is modeled, except when no modeled checksum algorithms
+    #       are supported.
+    #     * `when_required` - When set, checksum validation is not performed on
+    #       response payloads of operations unless the checksum algorithm is supported and
+    #       the `requestValidationModeMember` member is set to `ENABLED`.
+    #
     #   @option options [Proc] :retry_backoff
     #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
     #     This option is only used in the `legacy` retry mode.
@@ -2572,7 +2595,7 @@ module Aws::STS
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.215.0'
+      context[:gem_version] = '3.222.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts/endpoint_provider.rb

@@ -10,98 +10,93 @@
 module Aws::STS
   class EndpointProvider
     def resolve_endpoint(parameters)
-      region = parameters.region
-      use_dual_stack = parameters.use_dual_stack
-      use_fips = parameters.use_fips
-      endpoint = parameters.endpoint
-      use_global_endpoint = parameters.use_global_endpoint
-      if Aws::Endpoints::Matchers.boolean_equals?(use_global_endpoint, true) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(endpoint)) && Aws::Endpoints::Matchers.set?(region) && (partition_result = Aws::Endpoints::Matchers.aws_partition(region)) && Aws::Endpoints::Matchers.boolean_equals?(use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
-        if Aws::Endpoints::Matchers.string_equals?(region, "ap-northeast-1")
+      if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_global_endpoint, true) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(parameters.endpoint)) && Aws::Endpoints::Matchers.set?(parameters.region) && (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region)) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, false)
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-northeast-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "ap-south-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-south-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-southeast-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-2")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-southeast-2")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "aws-global")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "ca-central-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ca-central-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "eu-central-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-central-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "eu-north-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-north-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-west-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-2")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-west-2")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-3")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-west-3")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "sa-east-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "sa-east-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "us-east-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-east-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "us-east-2")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-east-2")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "us-west-1")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-west-1")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        if Aws::Endpoints::Matchers.string_equals?(region, "us-west-2")
+        if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-west-2")
           return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
         end
-        return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"#{region}"}]})
+        return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"#{parameters.region}"}]})
       end
-      if Aws::Endpoints::Matchers.set?(endpoint)
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+      if Aws::Endpoints::Matchers.set?(parameters.endpoint)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
           raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
         end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
           raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
         end
-        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+        return Aws::Endpoints::Endpoint.new(url: parameters.endpoint, headers: {}, properties: {})
       end
-      if Aws::Endpoints::Matchers.set?(region)
-        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+      if Aws::Endpoints::Matchers.set?(parameters.region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region))
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
             if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
               if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
-                return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.amazonaws.com", headers: {}, properties: {})
+                return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.amazonaws.com", headers: {}, properties: {})
               end
-              return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
           end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
-          if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
+          if Aws::Endpoints::Matchers.string_equals?(parameters.region, "aws-global")
             return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
           end
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
         end
       end
       raise ArgumentError, "Invalid Configuration: Missing Region"

data/lib/aws-sdk-sts/errors.rb

@@ -29,15 +29,21 @@ module Aws::STS
   # ## Error Classes
   # * {ExpiredTokenException}
   # * {IDPCommunicationErrorException}
+  #    * This error class is not used. `IDPCommunicationError` is used during parsing instead.
   # * {IDPRejectedClaimException}
+  #    * This error class is not used. `IDPRejectedClaim` is used during parsing instead.
   # * {InvalidAuthorizationMessageException}
   # * {InvalidIdentityTokenException}
+  #    * This error class is not used. `InvalidIdentityToken` is used during parsing instead.
   # * {MalformedPolicyDocumentException}
+  #    * This error class is not used. `MalformedPolicyDocument` is used during parsing instead.
   # * {PackedPolicyTooLargeException}
+  #    * This error class is not used. `PackedPolicyTooLarge` is used during parsing instead.
   # * {RegionDisabledException}
   #
   # Additionally, error classes are dynamically generated for service errors based on the error code
   # if they are not defined above.
+  # Some existing error classes may use a different class name than the one documented.
   module Errors
 
     extend Aws::Errors::DynamicErrors
@@ -57,6 +63,8 @@ module Aws::STS
       end
     end
 
+    # @deprecated This error class is not used during parsing.
+    #   Please use `IDPCommunicationError` instead.
     class IDPCommunicationErrorException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -72,6 +80,8 @@ module Aws::STS
       end
     end
 
+    # @deprecated This error class is not used during parsing.
+    #   Please use `IDPRejectedClaim` instead.
     class IDPRejectedClaimException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -102,6 +112,8 @@ module Aws::STS
       end
     end
 
+    # @deprecated This error class is not used during parsing.
+    #   Please use `InvalidIdentityToken` instead.
     class InvalidIdentityTokenException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -117,6 +129,8 @@ module Aws::STS
       end
     end
 
+    # @deprecated This error class is not used during parsing.
+    #   Please use `MalformedPolicyDocument` instead.
     class MalformedPolicyDocumentException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -132,6 +146,8 @@ module Aws::STS
       end
     end
 
+    # @deprecated This error class is not used during parsing.
+    #   Please use `PackedPolicyTooLarge` instead.
     class PackedPolicyTooLargeException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-sts.rb

@@ -56,7 +56,7 @@ module Aws::STS
   autoload :EndpointProvider, 'aws-sdk-sts/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-sts/endpoints'
 
-  GEM_VERSION = '3.215.0'
+  GEM_VERSION = '3.222.1'
 
 end
 

data/lib/seahorse/client/async_base.rb

@@ -3,7 +3,6 @@
 module Seahorse
   module Client
     class AsyncBase < Seahorse::Client::Base
-
       # default H2 plugins
       # @api private
       @plugins = PluginList.new([
@@ -11,10 +10,10 @@ module Seahorse
         Plugins::H2,
         Plugins::ResponseTarget
       ])
+
       def initialize(plugins, options)
-        super
-        @connection = H2::Connection.new(options)
-        @options = options
+        super(plugins, options)
+        @connection = H2::Connection.new(@config)
       end
 
       # @return [H2::Connection]
@@ -36,7 +35,7 @@ module Seahorse
       # @return [Seahorse::Client::H2::Connection]
       def new_connection
         if @connection.closed?
-          @connection = H2::Connection.new(@options)
+          @connection = H2::Connection.new(@config)
         else
           @connection
         end

data/lib/seahorse/client/h2/connection.rb

@@ -10,13 +10,8 @@ module Seahorse
   module Client
     # @api private
     module H2
-
       # H2 Connection build on top of `http/2` gem
-      # (requires Ruby >= 2.1)
-      # with TLS layer plus ALPN, requires:
-      # Ruby >= 2.3 and OpenSSL >= 1.0.2
       class Connection
-
         OPTIONS = {
           max_concurrent_streams: 100,
           connection_timeout: 60,
@@ -27,7 +22,7 @@ module Seahorse
           ssl_ca_bundle: nil,
           ssl_ca_directory: nil,
           ssl_ca_store: nil,
-          enable_alpn: false
+          enable_alpn: true
         }
 
         # chunk read size at socket
@@ -41,25 +36,23 @@ module Seahorse
             instance_variable_set("@#{opt_name}", value)
           end
           @h2_client = HTTP2::Client.new(
-            settings_max_concurrent_streams: max_concurrent_streams
+            settings_max_concurrent_streams: @max_concurrent_streams
           )
-          @logger = if @http_wire_trace
-            options[:logger] || Logger.new($stdout)
-          end
+          @logger ||= Logger.new($stdout) if @http_wire_trace
           @chunk_size = options[:read_chunk_size] || CHUNKSIZE
+
           @errors = []
           @status = :ready
+
           @mutex = Mutex.new # connection can be shared across requests
           @socket = nil
           @socket_thread = nil
         end
 
         OPTIONS.keys.each do |attr_name|
-          attr_reader(attr_name)
+          attr_reader attr_name
         end
 
-        alias ssl_verify_peer? ssl_verify_peer
-
         attr_reader :errors
 
         attr_accessor :input_signal_thread
@@ -112,7 +105,7 @@ module Seahorse
                   @h2_client << data
                 rescue IO::WaitReadable
                   begin
-                    unless IO.select([@socket], nil, nil, connection_read_timeout)
+                    unless IO.select([@socket], nil, nil, @connection_read_timeout)
                       self.debug_output('socket connection read time out')
                       self.close!
                     else
@@ -154,11 +147,11 @@ module Seahorse
         end
 
         def debug_output(msg, type = nil)
-          prefix = case type
+          prefix =
+            case type
             when :send then '-> '
             when :receive then '<- '
-            else
-              ''
+            else ''
             end
           return unless @logger
           _debug_entry(prefix + msg)
@@ -206,7 +199,7 @@ module Seahorse
           begin
             tcp.connect_nonblock(addr)
           rescue IO::WaitWritable
-            unless IO.select(nil, [tcp], nil, connection_timeout)
+            unless IO.select(nil, [tcp], nil, @connection_timeout)
               tcp.close
               raise
             end
@@ -220,15 +213,15 @@ module Seahorse
 
         def _tls_context
           ssl_ctx = OpenSSL::SSL::SSLContext.new(:TLSv1_2)
-          if ssl_verify_peer?
+          if @ssl_verify_peer
             ssl_ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
-            ssl_ctx.ca_file = ssl_ca_bundle ? ssl_ca_bundle : _default_ca_bundle
-            ssl_ctx.ca_path = ssl_ca_directory ? ssl_ca_directory : _default_ca_directory
-            ssl_ctx.cert_store = ssl_ca_store if ssl_ca_store
+            ssl_ctx.ca_file = @ssl_ca_bundle || _default_ca_bundle
+            ssl_ctx.ca_path = @ssl_ca_directory || _default_ca_directory
+            ssl_ctx.cert_store = @ssl_ca_store if @ssl_ca_store
           else
             ssl_ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
           end
-          if enable_alpn
+          if @enable_alpn
             debug_output('enabling ALPN for TLS ...')
             ssl_ctx.alpn_protocols = ['h2']
           end
@@ -236,15 +229,12 @@ module Seahorse
         end
 
         def _default_ca_bundle
-          File.exist?(OpenSSL::X509::DEFAULT_CERT_FILE) ?
-            OpenSSL::X509::DEFAULT_CERT_FILE : nil
+          OpenSSL::X509::DEFAULT_CERT_FILE if File.exist?(OpenSSL::X509::DEFAULT_CERT_FILE)
         end
 
         def _default_ca_directory
-          Dir.exist?(OpenSSL::X509::DEFAULT_CERT_DIR) ?
-            OpenSSL::X509::DEFAULT_CERT_DIR : nil
+          OpenSSL::X509::DEFAULT_CERT_DIR if Dir.exist?(OpenSSL::X509::DEFAULT_CERT_DIR)
         end
-
       end
     end
   end

data/lib/seahorse/client/net_http/connection_pool.rb

@@ -336,6 +336,8 @@ module Seahorse
           attr_reader :last_used
 
           def __getobj__
+            return yield if block_given? && !defined?(@http)
+
             @http
           end
 

data/lib/seahorse/client/plugins/h2.rb

@@ -53,10 +53,10 @@ When `true`, SSL peer certificates are verified when establishing a connection.
 When `true`, HTTP2 debug output will be sent to the `:logger`.
         DOCS
 
-        option(:enable_alpn, default: false, doc_type: 'Boolean', docstring: <<-DOCS)
-Set to `true` to enable ALPN in HTTP2 over TLS. Requires Openssl version >= 1.0.2.
-Defaults to false. Note: not all service HTTP2 operations supports ALPN on server
-side, please refer to service documentation.
+        option(:enable_alpn, default: true, doc_type: 'Boolean', docstring: <<-DOCS)
+Set to `false` to disable ALPN in HTTP2 over TLS. ALPN requires Openssl version >= 1.0.2.
+Note: RFC7540 requires HTTP2 to use ALPN over TLS but some
+services may not fully support ALPN and require setting this to `false`.
         DOCS
 
         option(:logger)

data/lib/seahorse/client/response.rb

@@ -75,6 +75,8 @@ module Seahorse
       # Necessary to define as a subclass of Delegator
       # @api private
       def __getobj__
+        return yield if block_given? && !defined?(@data)
+
         @data
       end