aws-sdk-core 3.82.0 → 3.86.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2d22cd876f546f0134b026ebf16193c7128ecc85
-  data.tar.gz: b81bc569ccc1a761e644df8e28e0f62239026f43
+  metadata.gz: e4f12e315118f644ba06ef0924852cf03db4ae32
+  data.tar.gz: 3f784b55c285f300d90a65d043d09ebfc4fbb537
 SHA512:
-  metadata.gz: 6761c455d02dbfe5ff4b77c438666ac8d943955564ee9588587b3b9f7ba130d01a88df18bc793fe8264f607e8a1ca7d5ec26b1aad5d2c479246400a4fb148f5d
-  data.tar.gz: 0d285ce9a4897cd6637fc4a7c76da2e83f4dc4b40dc6c600954ece44d5d7deba261545e7fe5b8d507fa2eb682476d3b46d808f0bbff8c0f2366fc1626d313739
+  metadata.gz: 746a4eb2d620470828b3e1d647c5db2669643d04a8348b5c6e1c23d9ccd332ba826af6d2905744f215ccbd1612ed9d1016504dbd2a1f7c566e608eafa8167d60
+  data.tar.gz: eb3c70f45e0d9d954ac9e711d6fffaa3358c366c153a020ed99e3eaeb8c941ef750e00e44a9db14f1404d6903afdded7d7227ea8cec05c8a202a69a23c0cc09b

data/VERSION

@@ -1 +1 @@
-3.82.0
+3.86.0

data/lib/aws-sdk-core.rb

@@ -79,6 +79,10 @@ require_relative 'aws-sdk-core/endpoint_cache'
 require_relative 'aws-sdk-core/client_side_monitoring/request_metrics'
 require_relative 'aws-sdk-core/client_side_monitoring/publisher'
 
+# arn
+require_relative 'aws-sdk-core/arn'
+require_relative 'aws-sdk-core/arn_parser'
+
 # aws-sdk-sts is vendored to support Aws::AssumeRoleCredentials
 
 require 'aws-sdk-sts'

data/lib/aws-sdk-core/arn.rb

@@ -0,0 +1,77 @@
+module Aws
+  # Create and provide access to components of Amazon Resource Names (ARN).
+  #
+  # You can create an ARN and access it's components like the following:
+  #
+  #   arn = Aws::ARN.new(
+  #     partition: 'aws',
+  #     service: 's3',
+  #     region: 'us-west-2',
+  #     account_id: '12345678910',
+  #     resource: 'foo/bar'
+  #   )
+  #   # => #<Aws::ARN ...>
+  #
+  #   arn.to_s
+  #   # => "arn:aws:s3:us-west-2:12345678910:foo/bar"
+  #
+  #   arn.partition
+  #   # => 'aws'
+  #   arn.service
+  #   # => 's3'
+  #   arn.resource
+  #   # => foo/bar
+  #
+  #   # Note: parser available for parsing resource details
+  #   @see Aws::ARNParser#parse_resource
+  #
+  # @see https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns
+  class ARN
+
+    # @param [Hash] options
+    # @option options [String] :partition
+    # @option options [String] :service
+    # @option options [String] :region
+    # @option options [String] :account_id
+    # @option options [String] :resource
+    def initialize(options = {})
+      @partition = options[:partition]
+      @service = options[:service]
+      @region = options[:region]
+      @account_id = options[:account_id]
+      @resource = options[:resource]
+    end
+
+    # @return [String]
+    attr_reader :partition
+
+    # @return [String]
+    attr_reader :service
+
+    # @return [String]
+    attr_reader :region
+
+    # @return [String]
+    attr_reader :account_id
+
+    # @return [String]
+    attr_reader :resource
+
+    # Validates ARN contains non-empty required components.
+    # Region and account_id can be optional.
+    #
+    # @return [Boolean]
+    def valid?
+      !partition.nil? && !partition.empty? &&
+        !service.nil? && !service.empty? &&
+        !resource.nil? && !resource.empty?
+    end
+
+    # Return the ARN format in string
+    #
+    # @return [String]
+    def to_s
+      "arn:#{partition}:#{service}:#{region}:#{account_id}:#{resource}"
+    end
+  end
+end

data/lib/aws-sdk-core/arn_parser.rb

@@ -0,0 +1,38 @@
+module Aws
+  module ARNParser
+    # Parse a string with an ARN format into an {Aws::ARN} object.
+    # `InvalidARNError` would be raised when encountering a parsing error or the
+    # ARN object contains invalid components (nil/empty).
+    #
+    # @param [String] arn_str
+    #
+    # @return [Aws::ARN]
+    # @see https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns
+    def self.parse(arn_str)
+      parts = arn_str.nil? ? [] : arn_str.split(':', 6)
+      raise Aws::Errors::InvalidARNError if parts.size < 6
+
+      # part[0] is "arn"
+      arn = ARN.new(
+        partition: parts[1],
+        service: parts[2],
+        region: parts[3],
+        account_id: parts[4],
+        resource: parts[5]
+      )
+      raise Aws::Errors::InvalidARNError unless arn.valid?
+
+      arn
+    end
+
+    # Checks whether a String could be a ARN or not. An ARN starts with 'arn:'
+    # and has at least 6 segments separated by a colon (:).
+    #
+    # @param [String] str
+    #
+    # @return [Boolean]
+    def self.arn?(str)
+      !str.nil? && str.start_with?('arn:') && str.scan(/:/).length >= 5
+    end
+  end
+end

data/lib/aws-sdk-core/errors.rb

@@ -1,5 +1,3 @@
-require 'thread'
-
 module Aws
   module Errors
 
@@ -125,6 +123,29 @@ module Aws
 
     end
 
+    # Raised when ARN string input doesn't follow the standard:
+    # https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns
+    class InvalidARNError < RuntimeError; end
+
+    # Raised when the region from the ARN string is different from the :region
+    # configured on the service client.
+    class InvalidARNRegionError < RuntimeError
+      def initialize(*args)
+        msg = 'ARN region is different from the configured client region.'
+        super(msg)
+      end
+    end
+
+    # Raised when the partition of the ARN region is different than the
+    # partition of the :region configured on the service client.
+    class InvalidARNPartitionError < RuntimeError
+      def initialize(*args)
+        msg = 'ARN region partition is different from the configured '\
+              'client region partition.'
+        super(msg)
+      end
+    end
+
     # Various plugins perform client-side checksums of responses.
     # This error indicates a checksum failed.
     class ChecksumError < RuntimeError; end

data/lib/aws-sdk-core/instance_profile_credentials.rb

@@ -29,24 +29,24 @@ module Aws
       Errno::ENETUNREACH,
       SocketError,
       Timeout::Error,
-      Non200Response,
-    ]
+      Non200Response
+    ].freeze
 
     # Path base for GET request for profile and credentials
     # @api private
-    METADATA_PATH_BASE = '/latest/meta-data/iam/security-credentials/'
+    METADATA_PATH_BASE = '/latest/meta-data/iam/security-credentials/'.freeze
 
     # Path for PUT request for token
     # @api private
-    METADATA_TOKEN_PATH = '/latest/api/token'
+    METADATA_TOKEN_PATH = '/latest/api/token'.freeze
 
     # @param [Hash] options
-    # @option options [Integer] :retries (5) Number of times to retry
+    # @option options [Integer] :retries (1) Number of times to retry
     #   when retrieving credentials.
     # @option options [String] :ip_address ('169.254.169.254')
     # @option options [Integer] :port (80)
-    # @option options [Float] :http_open_timeout (5)
-    # @option options [Float] :http_read_timeout (5)
+    # @option options [Float] :http_open_timeout (1)
+    # @option options [Float] :http_read_timeout (1)
     # @option options [Numeric, Proc] :delay By default, failures are retried
     #   with exponential back-off, i.e. `sleep(1.2 ** num_failures)`. You can
     #   pass a number of seconds to sleep between failed attempts, or
@@ -57,15 +57,16 @@ module Aws
     # @option options [Integer] :token_ttl Time-to-Live in seconds for EC2
     #   Metadata Token used for fetching Metadata Profile Credentials, defaults
     #   to 21600 seconds
-    def initialize options = {}
-      @retries = options[:retries] || 5
+    def initialize(options = {})
+      @retries = options[:retries] || 1
       @ip_address = options[:ip_address] || '169.254.169.254'
       @port = options[:port] || 80
-      @http_open_timeout = options[:http_open_timeout] || 5
-      @http_read_timeout = options[:http_read_timeout] || 5
+      @http_open_timeout = options[:http_open_timeout] || 1
+      @http_read_timeout = options[:http_read_timeout] || 1
       @http_debug_output = options[:http_debug_output]
       @backoff = backoff(options[:backoff])
-      @token_ttl = options[:token_ttl] || 21600
+      @token_ttl = options[:token_ttl] || 21_600
+      @token = nil
       super
     end
 
@@ -79,8 +80,8 @@ module Aws
     def backoff(backoff)
       case backoff
       when Proc then backoff
-      when Numeric then lambda { |_| sleep(backoff) }
-      else lambda { |num_failures| Kernel.sleep(1.2 ** num_failures) }
+      when Numeric then ->(_) { sleep(backoff) }
+      else ->(num_failures) { Kernel.sleep(1.2**num_failures) }
       end
     end
 
@@ -99,7 +100,7 @@ module Aws
           @expiration = c['Expiration'] ? Time.iso8601(c['Expiration']) : nil
         end
       rescue JSON::ParserError
-        raise Aws::Errors::MetadataParserError.new
+        raise Aws::Errors::MetadataParserError
       end
     end
 
@@ -117,7 +118,9 @@ module Aws
               begin
                 retry_errors(NETWORK_ERRORS, max_retries: @retries) do
                   unless token_set?
-                    token_value, ttl = http_put(conn, METADATA_TOKEN_PATH, @token_ttl)
+                    token_value, ttl = http_put(
+                      conn, METADATA_TOKEN_PATH, @token_ttl
+                    )
                     @token = Token.new(token_value, ttl) if token_value && ttl
                   end
                 end
@@ -127,13 +130,10 @@ module Aws
                 @token = nil
               end
 
-              if token_set?
-                profile_name = http_get(conn, METADATA_PATH_BASE, @token.value).lines.first.strip
-                http_get(conn, METADATA_PATH_BASE + profile_name, @token.value)
-              else
-                profile_name = http_get(conn, METADATA_PATH_BASE).lines.first.strip
-                http_get(conn, METADATA_PATH_BASE + profile_name)
-              end
+              token = @token.value if token_set?
+              metadata = http_get(conn, METADATA_PATH_BASE, token)
+              profile_name = metadata.lines.first.strip
+              http_get(conn, METADATA_PATH_BASE + profile_name, token)
             end
           end
         rescue
@@ -147,8 +147,7 @@ module Aws
     end
 
     def _metadata_disabled?
-      flag = ENV["AWS_EC2_METADATA_DISABLED"]
-      !flag.nil? && flag.downcase == "true"
+      ENV.fetch('AWS_EC2_METADATA_DISABLED', 'false').downcase == 'true'
     end
 
     def open_connection
@@ -161,59 +160,54 @@ module Aws
     end
 
     # GET request fetch profile and credentials
-    def http_get(connection, path, token=nil)
-      headers = {"User-Agent" => "aws-sdk-ruby3/#{CORE_GEM_VERSION}"}
-      headers["x-aws-ec2-metadata-token"] = token if token
+    def http_get(connection, path, token = nil)
+      headers = { 'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}" }
+      headers['x-aws-ec2-metadata-token'] = token if token
       response = connection.request(Net::HTTP::Get.new(path, headers))
-      if response.code.to_i == 200
-        response.body
-      else
-        raise Non200Response
-      end
+      raise Non200Response unless response.code.to_i == 200
+
+      response.body
     end
 
     # PUT request fetch token with ttl
     def http_put(connection, path, ttl)
       headers = {
-        "User-Agent" => "aws-sdk-ruby3/#{CORE_GEM_VERSION}",
-        "x-aws-ec2-metadata-token-ttl-seconds" => ttl.to_s
+        'User-Agent' => "aws-sdk-ruby3/#{CORE_GEM_VERSION}",
+        'x-aws-ec2-metadata-token-ttl-seconds' => ttl.to_s
       }
       response = connection.request(Net::HTTP::Put.new(path, headers))
       case response.code.to_i
       when 200
         [
           response.body,
-          response.header["x-aws-ec2-metadata-token-ttl-seconds"].to_i
+          response.header['x-aws-ec2-metadata-token-ttl-seconds'].to_i
         ]
-      when 401
-        raise TokenExpiredError
       when 400
         raise TokenRetrivalError
+      when 401
+        raise TokenExpiredError
       else
         raise Non200Response
       end
     end
 
-    def retry_errors(error_classes, options = {}, &block)
+    def retry_errors(error_classes, options = {}, &_block)
       max_retries = options[:max_retries]
       retries = 0
       begin
         yield
       rescue *error_classes
-        if retries < max_retries
-          @backoff.call(retries)
-          retries += 1
-          retry
-        else
-          raise
-        end
+        raise unless retries < max_retries
+
+        @backoff.call(retries)
+        retries += 1
+        retry
       end
     end
 
     # @api private
     # Token used to fetch IMDS profile and credentials
     class Token
-
       def initialize(value, ttl)
         @ttl = ttl
         @value = value
@@ -226,8 +220,6 @@ module Aws
       def expired?
         Time.now - @created_time > @ttl
       end
-
     end
-
   end
 end

data/lib/aws-sdk-core/log/formatter.rb

@@ -171,7 +171,13 @@ module Aws
       end
 
       def _http_response_body(response)
-        @param_formatter.summarize(response.context.http_response.body_contents)
+        if response.context.http_response.body.respond_to?(:rewind)
+          @param_formatter.summarize(
+            response.context.http_response.body_contents
+          )
+        else
+          ''
+        end
       end
 
       def _error_class(response)

data/lib/aws-sdk-core/log/param_filter.rb

@@ -11,7 +11,7 @@ module Aws
       #
       # @api private
       # begin
-      SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_request_token, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :destination_access_token, :digest_tip_address, :display_name, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :external_user_id, :feedback_token, :file, :first_name, :full_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :join_token, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :meeting_host_id, :message, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :private_key_plaintext, :proof, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :revision, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :session_token, :share_notes, :shared_secret, :slots, :sns_topic_arn, :source_access_token, :sqs_queue_arn, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :zip_file]
+      SENSITIVE = [:access_token, :account_name, :account_password, :address, :admin_contact, :admin_password, :artifact_credentials, :auth_code, :authentication_token, :authorization_result, :backup_plan_tags, :backup_vault_tags, :base_32_string_seed, :block, :block_address, :block_data, :blocks, :body, :bot_configuration, :bot_email, :calling_name, :cause, :client_id, :client_request_token, :client_secret, :comment, :configuration, :copy_source_sse_customer_key, :credentials, :current_password, :custom_attributes, :custom_private_key, :db_password, :default_phone_number, :definition, :description, :destination_access_token, :digest_tip_address, :display_name, :domain_signing_private_key, :e164_phone_number, :email, :email_address, :email_message, :embed_url, :error, :external_model_endpoint_data_blobs, :external_user_id, :feedback_token, :file, :first_name, :full_name, :host_key, :id, :id_token, :input, :input_text, :ion_text, :join_token, :key_id, :key_material, :key_store_password, :kms_key_id, :kms_master_key_id, :lambda_function_arn, :last_name, :local_console_password, :master_account_email, :master_user_password, :meeting_host_id, :message, :name, :new_password, :next_password, :notes, :number, :old_password, :outbound_events_https_endpoint, :output, :owner_information, :parameters, :passphrase, :password, :payload, :phone_number, :plaintext, :previous_password, :primary_email, :primary_provisioned_number, :private_key, :private_key_plaintext, :proof, :proposed_password, :public_key, :qr_code_png, :query, :random_password, :recovery_point_tags, :refresh_token, :registrant_contact, :request_attributes, :revision, :search_query, :secret_access_key, :secret_binary, :secret_code, :secret_hash, :secret_string, :secret_to_authenticate_initiator, :secret_to_authenticate_target, :security_token, :service_password, :session_attributes, :session_token, :share_notes, :shared_secret, :slots, :sns_topic_arn, :source_access_token, :sqs_queue_arn, :sse_customer_key, :ssekms_encryption_context, :ssekms_key_id, :status_message, :tag_key_list, :tags, :target_address, :task_parameters, :tech_contact, :temporary_password, :text, :token, :trust_password, :type, :upload_credentials, :upload_url, :uri, :user_data, :user_email, :user_name, :user_password, :username, :value, :values, :variables, :vpn_psk, :zip_file]
       # end
 
       def initialize(options = {})

data/lib/aws-sdk-core/shared_config.rb

@@ -183,6 +183,21 @@ module Aws
       end
     end
 
+    def s3_use_arn_region(opts = {})
+      p = opts[:profile] || @profile_name
+      if @config_enabled
+        if @parsed_credentials
+          value = @parsed_credentials.fetch(p, {})["s3_use_arn_region"]
+        end
+        if @parsed_config
+          value ||= @parsed_config.fetch(p, {})["s3_use_arn_region"]
+        end
+        value
+      else
+        nil
+      end
+    end
+
     def endpoint_discovery(opts = {})
       p = opts[:profile] || @profile_name
       if @config_enabled && @parsed_config

data/lib/aws-sdk-sts.rb

@@ -40,6 +40,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @service
 module Aws::STS
 
-  GEM_VERSION = '3.82.0'
+  GEM_VERSION = '3.86.0'
 
 end

data/lib/aws-sdk-sts/client.rb

@@ -2101,7 +2101,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.82.0'
+      context[:gem_version] = '3.86.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts/customizations.rb

@@ -0,0 +1,2 @@
+# utility classes
+require 'aws-sdk-sts/presigner'

data/lib/aws-sdk-sts/presigner.rb

@@ -0,0 +1,67 @@
+require 'aws-sigv4'
+
+module Aws
+  module STS
+    # Allows you to create presigned URLs for STS operations.
+    #
+    # @example
+    #
+    #   signer = Aws::STS::Presigner.new
+    #   url = signer.get_caller_identity_presigned_url(
+    #     headers: {"X-K8s-Aws-Id" => 'my-eks-cluster'}
+    #   )
+    class Presigner
+      # @option options [Client] :client Optionally provide an existing
+      #   STS client
+      def initialize(options = {})
+        @client = options[:client] || Aws::STS::Client.new
+      end
+
+      # Returns a presigned url for get_caller_identity.
+      #
+      # @option options [Hash] :headers
+      #   Headers that should be signed and sent along with the request. All
+      #   x-amz-* headers must be present during signing. Other headers are
+      #   optional.
+      #
+      # @return [String] A presigned url string.
+      #
+      # @example
+      #
+      #   url = signer.get_caller_identity_presigned_url(
+      #     headers: {"X-K8s-Aws-Id" => 'my-eks-cluster'},
+      #   )
+      #
+      # This can be easily converted to a token used by the EKS service:
+      # {https://ruby-doc.org/stdlib-2.3.1/libdoc/base64/rdoc/Base64.html#method-i-encode64}
+      # "k8s-aws-v1." + Base64.urlsafe_encode64(url).chomp("==")
+      def get_caller_identity_presigned_url(options = {})
+        req = @client.build_request(:get_session_token, {})
+
+        param_list = Aws::Query::ParamList.new
+        param_list.set('Action', 'GetCallerIdentity')
+        param_list.set('Version', req.context.config.api.version)
+        Aws::Query::EC2ParamBuilder.new(param_list)
+          .apply(req.context.operation.input, {})
+
+        signer = Aws::Sigv4::Signer.new(
+          service: 'sts',
+          region: req.context.config.region,
+          credentials_provider: req.context.config.credentials
+        )
+
+        url = Aws::Partitions::EndpointProvider.resolve(
+          req.context.config.region, 'sts', 'regional'
+        )
+        url += "/?#{param_list}"
+
+        signer.presign_url(
+          http_method: 'GET',
+          url: url,
+          body: '',
+          headers: options[:headers]
+        ).to_s
+      end
+    end
+  end
+end

data/lib/seahorse/client/h2/connection.rb

@@ -48,6 +48,8 @@ module Seahorse
           @errors = []
           @status = :ready
           @mutex = Mutex.new # connection can be shared across requests
+          @socket = nil
+          @socket_thread = nil
         end
 
         OPTIONS.keys.each do |attr_name|

data/lib/seahorse/client/logging/formatter.rb

@@ -173,9 +173,11 @@ module Seahorse
         end
 
         def _http_response_body(response)
-          response.context.http_response.body.respond_to?(:rewind) ?
-            summarize_value(response.context.http_response.body_contents) :
+          if response.context.http_response.body.respond_to?(:rewind)
+            summarize_value(response.context.http_response.body_contents)
+          else
             ''
+          end
         end
 
         def _error_class(response)

data/lib/seahorse/client/plugin.rb

@@ -109,6 +109,7 @@ module Seahorse
 
         def initialize(name, options = {})
           @name = name
+          @doc_default = nil
           options.each_pair do |opt_name, opt_value|
             self.send("#{opt_name}=", opt_value)
           end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.82.0
+  version: 3.86.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-25 00:00:00.000000000 Z
+date: 2019-12-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath
@@ -88,6 +88,8 @@ files:
 - VERSION
 - ca-bundle.crt
 - lib/aws-sdk-core.rb
+- lib/aws-sdk-core/arn.rb
+- lib/aws-sdk-core/arn_parser.rb
 - lib/aws-sdk-core/assume_role_credentials.rb
 - lib/aws-sdk-core/assume_role_web_identity_credentials.rb
 - lib/aws-sdk-core/async_client_stubs.rb
@@ -220,6 +222,7 @@ files:
 - lib/aws-sdk-sts/customizations.rb
 - lib/aws-sdk-sts/errors.rb
 - lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb
+- lib/aws-sdk-sts/presigner.rb
 - lib/aws-sdk-sts/resource.rb
 - lib/aws-sdk-sts/types.rb
 - lib/seahorse.rb