chore(deps): update module github.com/aws/aws-sdk-go to v1.55.5 (#2)
Some checks are pending
Dev Version / Release (push) Waiting to run
Some checks are pending
Dev Version / Release (push) Waiting to run
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | require | minor | `v1.45.25` -> `v1.55.5` | > ❗ **Important** > > Release Notes retrieval for this PR were skipped because no github.com credentials were available. > If you are self-hosted, please see [this instruction](https://github.com/renovatebot/renovate/blob/master/docs/usage/examples/self-hosting.md#githubcom-token-for-release-notes). --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yMS4yIiwidXBkYXRlZEluVmVyIjoiMzguMjEuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Reviewed-on: #2 Co-authored-by: Renovate Bot <renovate@keks.cloud> Co-committed-by: Renovate Bot <renovate@keks.cloud>
This commit is contained in:
parent
ea786500b5
commit
df8ce1f61a
22 changed files with 13038 additions and 2628 deletions
2
go.mod
2
go.mod
|
@ -3,7 +3,7 @@ module idun
|
||||||
go 1.21
|
go 1.21
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/aws/aws-sdk-go v1.45.25
|
github.com/aws/aws-sdk-go v1.55.5
|
||||||
github.com/pkg/sftp v1.13.6
|
github.com/pkg/sftp v1.13.6
|
||||||
github.com/rs/zerolog v1.31.0
|
github.com/rs/zerolog v1.31.0
|
||||||
github.com/stretchr/testify v1.8.4
|
github.com/stretchr/testify v1.8.4
|
||||||
|
|
2
go.sum
2
go.sum
|
@ -1,5 +1,7 @@
|
||||||
github.com/aws/aws-sdk-go v1.45.25 h1:c4fLlh5sLdK2DCRTY1z0hyuJZU4ygxX8m1FswL6/nF4=
|
github.com/aws/aws-sdk-go v1.45.25 h1:c4fLlh5sLdK2DCRTY1z0hyuJZU4ygxX8m1FswL6/nF4=
|
||||||
github.com/aws/aws-sdk-go v1.45.25/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
|
github.com/aws/aws-sdk-go v1.45.25/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
|
||||||
|
github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
|
||||||
|
github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
|
||||||
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
|
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
|
||||||
github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
|
github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
|
||||||
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||||
|
|
11
vendor/github.com/aws/aws-sdk-go/aws/config.go
generated
vendored
11
vendor/github.com/aws/aws-sdk-go/aws/config.go
generated
vendored
|
@ -442,6 +442,17 @@ func (c *Config) WithUseDualStack(enable bool) *Config {
|
||||||
return c
|
return c
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// WithUseFIPSEndpoint sets a config UseFIPSEndpoint value returning a Config
|
||||||
|
// pointer for chaining.
|
||||||
|
func (c *Config) WithUseFIPSEndpoint(enable bool) *Config {
|
||||||
|
if enable {
|
||||||
|
c.UseFIPSEndpoint = endpoints.FIPSEndpointStateEnabled
|
||||||
|
} else {
|
||||||
|
c.UseFIPSEndpoint = endpoints.FIPSEndpointStateDisabled
|
||||||
|
}
|
||||||
|
return c
|
||||||
|
}
|
||||||
|
|
||||||
// WithEC2MetadataDisableTimeoutOverride sets a config EC2MetadataDisableTimeoutOverride value
|
// WithEC2MetadataDisableTimeoutOverride sets a config EC2MetadataDisableTimeoutOverride value
|
||||||
// returning a Config pointer for chaining.
|
// returning a Config pointer for chaining.
|
||||||
func (c *Config) WithEC2MetadataDisableTimeoutOverride(enable bool) *Config {
|
func (c *Config) WithEC2MetadataDisableTimeoutOverride(enable bool) *Config {
|
||||||
|
|
47
vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
generated
vendored
47
vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
generated
vendored
|
@ -31,6 +31,8 @@ package endpointcreds
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go/aws"
|
"github.com/aws/aws-sdk-go/aws"
|
||||||
|
@ -69,7 +71,37 @@ type Provider struct {
|
||||||
|
|
||||||
// Optional authorization token value if set will be used as the value of
|
// Optional authorization token value if set will be used as the value of
|
||||||
// the Authorization header of the endpoint credential request.
|
// the Authorization header of the endpoint credential request.
|
||||||
|
//
|
||||||
|
// When constructed from environment, the provider will use the value of
|
||||||
|
// AWS_CONTAINER_AUTHORIZATION_TOKEN environment variable as the token
|
||||||
|
//
|
||||||
|
// Will be overridden if AuthorizationTokenProvider is configured
|
||||||
AuthorizationToken string
|
AuthorizationToken string
|
||||||
|
|
||||||
|
// Optional auth provider func to dynamically load the auth token from a file
|
||||||
|
// everytime a credential is retrieved
|
||||||
|
//
|
||||||
|
// When constructed from environment, the provider will read and use the content
|
||||||
|
// of the file pointed to by AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variable
|
||||||
|
// as the auth token everytime credentials are retrieved
|
||||||
|
//
|
||||||
|
// Will override AuthorizationToken if configured
|
||||||
|
AuthorizationTokenProvider AuthTokenProvider
|
||||||
|
}
|
||||||
|
|
||||||
|
// AuthTokenProvider defines an interface to dynamically load a value to be passed
|
||||||
|
// for the Authorization header of a credentials request.
|
||||||
|
type AuthTokenProvider interface {
|
||||||
|
GetToken() (string, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
// TokenProviderFunc is a func type implementing AuthTokenProvider interface
|
||||||
|
// and enables customizing token provider behavior
|
||||||
|
type TokenProviderFunc func() (string, error)
|
||||||
|
|
||||||
|
// GetToken func retrieves auth token according to TokenProviderFunc implementation
|
||||||
|
func (p TokenProviderFunc) GetToken() (string, error) {
|
||||||
|
return p()
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewProviderClient returns a credentials Provider for retrieving AWS credentials
|
// NewProviderClient returns a credentials Provider for retrieving AWS credentials
|
||||||
|
@ -164,7 +196,20 @@ func (p *Provider) getCredentials(ctx aws.Context) (*getCredentialsOutput, error
|
||||||
req := p.Client.NewRequest(op, nil, out)
|
req := p.Client.NewRequest(op, nil, out)
|
||||||
req.SetContext(ctx)
|
req.SetContext(ctx)
|
||||||
req.HTTPRequest.Header.Set("Accept", "application/json")
|
req.HTTPRequest.Header.Set("Accept", "application/json")
|
||||||
if authToken := p.AuthorizationToken; len(authToken) != 0 {
|
|
||||||
|
authToken := p.AuthorizationToken
|
||||||
|
var err error
|
||||||
|
if p.AuthorizationTokenProvider != nil {
|
||||||
|
authToken, err = p.AuthorizationTokenProvider.GetToken()
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("get authorization token: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if strings.ContainsAny(authToken, "\r\n") {
|
||||||
|
return nil, fmt.Errorf("authorization token contains invalid newline sequence")
|
||||||
|
}
|
||||||
|
if len(authToken) != 0 {
|
||||||
req.HTTPRequest.Header.Set("Authorization", authToken)
|
req.HTTPRequest.Header.Set("Authorization", authToken)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
64
vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
generated
vendored
64
vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
generated
vendored
|
@ -9,6 +9,7 @@ package defaults
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
@ -115,9 +116,31 @@ func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Pro
|
||||||
|
|
||||||
const (
|
const (
|
||||||
httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
|
httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
|
||||||
|
httpProviderAuthFileEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE"
|
||||||
httpProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
|
httpProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// direct representation of the IPv4 address for the ECS container
|
||||||
|
// "169.254.170.2"
|
||||||
|
var ecsContainerIPv4 net.IP = []byte{
|
||||||
|
169, 254, 170, 2,
|
||||||
|
}
|
||||||
|
|
||||||
|
// direct representation of the IPv4 address for the EKS container
|
||||||
|
// "169.254.170.23"
|
||||||
|
var eksContainerIPv4 net.IP = []byte{
|
||||||
|
169, 254, 170, 23,
|
||||||
|
}
|
||||||
|
|
||||||
|
// direct representation of the IPv6 address for the EKS container
|
||||||
|
// "fd00:ec2::23"
|
||||||
|
var eksContainerIPv6 net.IP = []byte{
|
||||||
|
0xFD, 0, 0xE, 0xC2,
|
||||||
|
0, 0, 0, 0,
|
||||||
|
0, 0, 0, 0,
|
||||||
|
0, 0, 0, 0x23,
|
||||||
|
}
|
||||||
|
|
||||||
// RemoteCredProvider returns a credentials provider for the default remote
|
// RemoteCredProvider returns a credentials provider for the default remote
|
||||||
// endpoints such as EC2 or ECS Roles.
|
// endpoints such as EC2 or ECS Roles.
|
||||||
func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider {
|
func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider {
|
||||||
|
@ -135,19 +158,22 @@ func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.P
|
||||||
|
|
||||||
var lookupHostFn = net.LookupHost
|
var lookupHostFn = net.LookupHost
|
||||||
|
|
||||||
func isLoopbackHost(host string) (bool, error) {
|
// isAllowedHost allows host to be loopback or known ECS/EKS container IPs
|
||||||
ip := net.ParseIP(host)
|
//
|
||||||
if ip != nil {
|
// host can either be an IP address OR an unresolved hostname - resolution will
|
||||||
return ip.IsLoopback(), nil
|
// be automatically performed in the latter case
|
||||||
|
func isAllowedHost(host string) (bool, error) {
|
||||||
|
if ip := net.ParseIP(host); ip != nil {
|
||||||
|
return isIPAllowed(ip), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Host is not an ip, perform lookup
|
|
||||||
addrs, err := lookupHostFn(host)
|
addrs, err := lookupHostFn(host)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, addr := range addrs {
|
for _, addr := range addrs {
|
||||||
if !net.ParseIP(addr).IsLoopback() {
|
if ip := net.ParseIP(addr); ip == nil || !isIPAllowed(ip) {
|
||||||
return false, nil
|
return false, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -155,6 +181,13 @@ func isLoopbackHost(host string) (bool, error) {
|
||||||
return true, nil
|
return true, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func isIPAllowed(ip net.IP) bool {
|
||||||
|
return ip.IsLoopback() ||
|
||||||
|
ip.Equal(ecsContainerIPv4) ||
|
||||||
|
ip.Equal(eksContainerIPv4) ||
|
||||||
|
ip.Equal(eksContainerIPv6)
|
||||||
|
}
|
||||||
|
|
||||||
func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider {
|
func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider {
|
||||||
var errMsg string
|
var errMsg string
|
||||||
|
|
||||||
|
@ -165,10 +198,12 @@ func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string)
|
||||||
host := aws.URLHostname(parsed)
|
host := aws.URLHostname(parsed)
|
||||||
if len(host) == 0 {
|
if len(host) == 0 {
|
||||||
errMsg = "unable to parse host from local HTTP cred provider URL"
|
errMsg = "unable to parse host from local HTTP cred provider URL"
|
||||||
} else if isLoopback, loopbackErr := isLoopbackHost(host); loopbackErr != nil {
|
} else if parsed.Scheme == "http" {
|
||||||
errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, loopbackErr)
|
if isAllowedHost, allowHostErr := isAllowedHost(host); allowHostErr != nil {
|
||||||
} else if !isLoopback {
|
errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, allowHostErr)
|
||||||
errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback hosts are allowed.", host)
|
} else if !isAllowedHost {
|
||||||
|
errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback/ecs/eks hosts are allowed.", host)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -190,6 +225,15 @@ func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) crede
|
||||||
func(p *endpointcreds.Provider) {
|
func(p *endpointcreds.Provider) {
|
||||||
p.ExpiryWindow = 5 * time.Minute
|
p.ExpiryWindow = 5 * time.Minute
|
||||||
p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar)
|
p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar)
|
||||||
|
if authFilePath := os.Getenv(httpProviderAuthFileEnvVar); authFilePath != "" {
|
||||||
|
p.AuthorizationTokenProvider = endpointcreds.TokenProviderFunc(func() (string, error) {
|
||||||
|
if contents, err := ioutil.ReadFile(authFilePath); err != nil {
|
||||||
|
return "", fmt.Errorf("failed to read authorization token from %v: %v", authFilePath, err)
|
||||||
|
} else {
|
||||||
|
return string(contents), nil
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
3
vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
generated
vendored
3
vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
generated
vendored
|
@ -2,6 +2,7 @@ package ec2metadata
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"github.com/aws/aws-sdk-go/aws"
|
||||||
"net/http"
|
"net/http"
|
||||||
"sync/atomic"
|
"sync/atomic"
|
||||||
"time"
|
"time"
|
||||||
|
@ -65,7 +66,9 @@ func (t *tokenProvider) fetchTokenHandler(r *request.Request) {
|
||||||
switch requestFailureError.StatusCode() {
|
switch requestFailureError.StatusCode() {
|
||||||
case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed:
|
case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed:
|
||||||
atomic.StoreUint32(&t.disabled, 1)
|
atomic.StoreUint32(&t.disabled, 1)
|
||||||
|
if t.client.Config.LogLevel.Matches(aws.LogDebugWithDeprecated) {
|
||||||
t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError))
|
t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError))
|
||||||
|
}
|
||||||
case http.StatusBadRequest:
|
case http.StatusBadRequest:
|
||||||
r.Error = requestFailureError
|
r.Error = requestFailureError
|
||||||
}
|
}
|
||||||
|
|
6923
vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
generated
vendored
6923
vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
generated
vendored
File diff suppressed because it is too large
Load diff
11
vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go
generated
vendored
11
vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go
generated
vendored
|
@ -256,8 +256,17 @@ func (a *WaiterAcceptor) match(name string, l aws.Logger, req *Request, err erro
|
||||||
s := a.Expected.(int)
|
s := a.Expected.(int)
|
||||||
result = s == req.HTTPResponse.StatusCode
|
result = s == req.HTTPResponse.StatusCode
|
||||||
case ErrorWaiterMatch:
|
case ErrorWaiterMatch:
|
||||||
|
switch ex := a.Expected.(type) {
|
||||||
|
case string:
|
||||||
if aerr, ok := err.(awserr.Error); ok {
|
if aerr, ok := err.(awserr.Error); ok {
|
||||||
result = aerr.Code() == a.Expected.(string)
|
result = aerr.Code() == ex
|
||||||
|
}
|
||||||
|
case bool:
|
||||||
|
if ex {
|
||||||
|
result = err != nil
|
||||||
|
} else {
|
||||||
|
result = err == nil
|
||||||
|
}
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
waiterLogf(l, "WARNING: Waiter %s encountered unexpected matcher: %s",
|
waiterLogf(l, "WARNING: Waiter %s encountered unexpected matcher: %s",
|
||||||
|
|
28
vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
generated
vendored
28
vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
generated
vendored
|
@ -171,6 +171,12 @@ type envConfig struct {
|
||||||
// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
|
// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
|
||||||
EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
|
EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
|
||||||
|
|
||||||
|
// Specifies that IMDS clients should not fallback to IMDSv1 if token
|
||||||
|
// requests fail.
|
||||||
|
//
|
||||||
|
// AWS_EC2_METADATA_V1_DISABLED=true
|
||||||
|
EC2IMDSv1Disabled *bool
|
||||||
|
|
||||||
// Specifies that SDK clients must resolve a dual-stack endpoint for
|
// Specifies that SDK clients must resolve a dual-stack endpoint for
|
||||||
// services.
|
// services.
|
||||||
//
|
//
|
||||||
|
@ -251,6 +257,9 @@ var (
|
||||||
ec2IMDSEndpointModeEnvKey = []string{
|
ec2IMDSEndpointModeEnvKey = []string{
|
||||||
"AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE",
|
"AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE",
|
||||||
}
|
}
|
||||||
|
ec2MetadataV1DisabledEnvKey = []string{
|
||||||
|
"AWS_EC2_METADATA_V1_DISABLED",
|
||||||
|
}
|
||||||
useCABundleKey = []string{
|
useCABundleKey = []string{
|
||||||
"AWS_CA_BUNDLE",
|
"AWS_CA_BUNDLE",
|
||||||
}
|
}
|
||||||
|
@ -393,6 +402,7 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) {
|
||||||
if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil {
|
if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil {
|
||||||
return envConfig{}, err
|
return envConfig{}, err
|
||||||
}
|
}
|
||||||
|
setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, ec2MetadataV1DisabledEnvKey)
|
||||||
|
|
||||||
if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, awsUseDualStackEndpoint); err != nil {
|
if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, awsUseDualStackEndpoint); err != nil {
|
||||||
return cfg, err
|
return cfg, err
|
||||||
|
@ -414,6 +424,24 @@ func setFromEnvVal(dst *string, keys []string) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func setBoolPtrFromEnvVal(dst **bool, keys []string) {
|
||||||
|
for _, k := range keys {
|
||||||
|
value := os.Getenv(k)
|
||||||
|
if len(value) == 0 {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
switch {
|
||||||
|
case strings.EqualFold(value, "false"):
|
||||||
|
*dst = new(bool)
|
||||||
|
**dst = false
|
||||||
|
case strings.EqualFold(value, "true"):
|
||||||
|
*dst = new(bool)
|
||||||
|
**dst = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error {
|
func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error {
|
||||||
for _, k := range keys {
|
for _, k := range keys {
|
||||||
value := os.Getenv(k)
|
value := os.Getenv(k)
|
||||||
|
|
8
vendor/github.com/aws/aws-sdk-go/aws/session/session.go
generated
vendored
8
vendor/github.com/aws/aws-sdk-go/aws/session/session.go
generated
vendored
|
@ -779,6 +779,14 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config,
|
||||||
cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode)
|
cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
cfg.EC2MetadataEnableFallback = userCfg.EC2MetadataEnableFallback
|
||||||
|
if cfg.EC2MetadataEnableFallback == nil && envCfg.EC2IMDSv1Disabled != nil {
|
||||||
|
cfg.EC2MetadataEnableFallback = aws.Bool(!*envCfg.EC2IMDSv1Disabled)
|
||||||
|
}
|
||||||
|
if cfg.EC2MetadataEnableFallback == nil && sharedCfg.EC2IMDSv1Disabled != nil {
|
||||||
|
cfg.EC2MetadataEnableFallback = aws.Bool(!*sharedCfg.EC2IMDSv1Disabled)
|
||||||
|
}
|
||||||
|
|
||||||
cfg.S3UseARNRegion = userCfg.S3UseARNRegion
|
cfg.S3UseARNRegion = userCfg.S3UseARNRegion
|
||||||
if cfg.S3UseARNRegion == nil {
|
if cfg.S3UseARNRegion == nil {
|
||||||
cfg.S3UseARNRegion = &envCfg.S3UseARNRegion
|
cfg.S3UseARNRegion = &envCfg.S3UseARNRegion
|
||||||
|
|
10
vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
generated
vendored
10
vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
generated
vendored
|
@ -80,6 +80,9 @@ const (
|
||||||
// EC2 IMDS Endpoint
|
// EC2 IMDS Endpoint
|
||||||
ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint"
|
ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint"
|
||||||
|
|
||||||
|
// ECS IMDSv1 disable fallback
|
||||||
|
ec2MetadataV1DisabledKey = "ec2_metadata_v1_disabled"
|
||||||
|
|
||||||
// Use DualStack Endpoint Resolution
|
// Use DualStack Endpoint Resolution
|
||||||
useDualStackEndpoint = "use_dualstack_endpoint"
|
useDualStackEndpoint = "use_dualstack_endpoint"
|
||||||
|
|
||||||
|
@ -179,6 +182,12 @@ type sharedConfig struct {
|
||||||
// ec2_metadata_service_endpoint=http://fd00:ec2::254
|
// ec2_metadata_service_endpoint=http://fd00:ec2::254
|
||||||
EC2IMDSEndpoint string
|
EC2IMDSEndpoint string
|
||||||
|
|
||||||
|
// Specifies that IMDS clients should not fallback to IMDSv1 if token
|
||||||
|
// requests fail.
|
||||||
|
//
|
||||||
|
// ec2_metadata_v1_disabled=true
|
||||||
|
EC2IMDSv1Disabled *bool
|
||||||
|
|
||||||
// Specifies that SDK clients must resolve a dual-stack endpoint for
|
// Specifies that SDK clients must resolve a dual-stack endpoint for
|
||||||
// services.
|
// services.
|
||||||
//
|
//
|
||||||
|
@ -434,6 +443,7 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
|
||||||
ec2MetadataServiceEndpointModeKey, file.Filename, err)
|
ec2MetadataServiceEndpointModeKey, file.Filename, err)
|
||||||
}
|
}
|
||||||
updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey)
|
updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey)
|
||||||
|
updateBoolPtr(&cfg.EC2IMDSv1Disabled, section, ec2MetadataV1DisabledKey)
|
||||||
|
|
||||||
updateUseDualStackEndpoint(&cfg.UseDualStackEndpoint, section, useDualStackEndpoint)
|
updateUseDualStackEndpoint(&cfg.UseDualStackEndpoint, section, useDualStackEndpoint)
|
||||||
|
|
||||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
generated
vendored
|
@ -125,6 +125,7 @@ var requiredSignedHeaders = rules{
|
||||||
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
|
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
|
||||||
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{},
|
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{},
|
||||||
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{},
|
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{},
|
||||||
|
"X-Amz-Expected-Bucket-Owner": struct{}{},
|
||||||
"X-Amz-Grant-Full-control": struct{}{},
|
"X-Amz-Grant-Full-control": struct{}{},
|
||||||
"X-Amz-Grant-Read": struct{}{},
|
"X-Amz-Grant-Read": struct{}{},
|
||||||
"X-Amz-Grant-Read-Acp": struct{}{},
|
"X-Amz-Grant-Read-Acp": struct{}{},
|
||||||
|
|
2
vendor/github.com/aws/aws-sdk-go/aws/version.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go/aws/version.go
generated
vendored
|
@ -5,4 +5,4 @@ package aws
|
||||||
const SDKName = "aws-sdk-go"
|
const SDKName = "aws-sdk-go"
|
||||||
|
|
||||||
// SDKVersion is the version of this SDK
|
// SDKVersion is the version of this SDK
|
||||||
const SDKVersion = "1.45.25"
|
const SDKVersion = "1.55.5"
|
||||||
|
|
4
vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go
generated
vendored
4
vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go
generated
vendored
|
@ -122,8 +122,8 @@ func (q *queryParser) parseStruct(v url.Values, value reflect.Value, prefix stri
|
||||||
}
|
}
|
||||||
|
|
||||||
func (q *queryParser) parseList(v url.Values, value reflect.Value, prefix string, tag reflect.StructTag) error {
|
func (q *queryParser) parseList(v url.Values, value reflect.Value, prefix string, tag reflect.StructTag) error {
|
||||||
// If it's empty, generate an empty value
|
// If it's empty, and not ec2, generate an empty value
|
||||||
if !value.IsNil() && value.Len() == 0 {
|
if !value.IsNil() && value.Len() == 0 && !q.isEC2 {
|
||||||
v.Set(prefix, "")
|
v.Set(prefix, "")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
7608
vendor/github.com/aws/aws-sdk-go/service/s3/api.go
generated
vendored
7608
vendor/github.com/aws/aws-sdk-go/service/s3/api.go
generated
vendored
File diff suppressed because it is too large
Load diff
9
vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
generated
vendored
9
vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
generated
vendored
|
@ -25,6 +25,15 @@ const (
|
||||||
// "InvalidObjectState".
|
// "InvalidObjectState".
|
||||||
//
|
//
|
||||||
// Object is archived and inaccessible until restored.
|
// Object is archived and inaccessible until restored.
|
||||||
|
//
|
||||||
|
// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval
|
||||||
|
// storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering
|
||||||
|
// Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier,
|
||||||
|
// before you can retrieve the object you must first restore a copy using RestoreObject
|
||||||
|
// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html).
|
||||||
|
// Otherwise, this operation returns an InvalidObjectState error. For information
|
||||||
|
// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html)
|
||||||
|
// in the Amazon S3 User Guide.
|
||||||
ErrCodeInvalidObjectState = "InvalidObjectState"
|
ErrCodeInvalidObjectState = "InvalidObjectState"
|
||||||
|
|
||||||
// ErrCodeNoSuchBucket for service response error code
|
// ErrCodeNoSuchBucket for service response error code
|
||||||
|
|
818
vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go
generated
vendored
818
vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go
generated
vendored
File diff suppressed because it is too large
Load diff
39
vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go
generated
vendored
39
vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go
generated
vendored
|
@ -3,15 +3,13 @@
|
||||||
// Package ssooidc provides the client and types for making API
|
// Package ssooidc provides the client and types for making API
|
||||||
// requests to AWS SSO OIDC.
|
// requests to AWS SSO OIDC.
|
||||||
//
|
//
|
||||||
// AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect
|
// IAM Identity Center OpenID Connect (OIDC) is a web service that enables a
|
||||||
// (OIDC) is a web service that enables a client (such as AWS CLI or a native
|
// client (such as CLI or a native application) to register with IAM Identity
|
||||||
// application) to register with IAM Identity Center. The service also enables
|
// Center. The service also enables the client to fetch the user’s access
|
||||||
// the client to fetch the user’s access token upon successful authentication
|
// token upon successful authentication and authorization with IAM Identity
|
||||||
// and authorization with IAM Identity Center.
|
// Center.
|
||||||
//
|
//
|
||||||
// Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces
|
// IAM Identity Center uses the sso and identitystore API namespaces.
|
||||||
// will continue to retain their original name for backward compatibility purposes.
|
|
||||||
// For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).
|
|
||||||
//
|
//
|
||||||
// # Considerations for Using This Guide
|
// # Considerations for Using This Guide
|
||||||
//
|
//
|
||||||
|
@ -22,21 +20,24 @@
|
||||||
// - The IAM Identity Center OIDC service currently implements only the portions
|
// - The IAM Identity Center OIDC service currently implements only the portions
|
||||||
// of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628
|
// of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628
|
||||||
// (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single
|
// (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single
|
||||||
// sign-on authentication with the AWS CLI. Support for other OIDC flows
|
// sign-on authentication with the CLI.
|
||||||
// frequently needed for native applications, such as Authorization Code
|
|
||||||
// Flow (+ PKCE), will be addressed in future releases.
|
|
||||||
//
|
//
|
||||||
// - The service emits only OIDC access tokens, such that obtaining a new
|
// - With older versions of the CLI, the service only emits OIDC access tokens,
|
||||||
// token (For example, token refresh) requires explicit user re-authentication.
|
// so to obtain a new token, users must explicitly re-authenticate. To access
|
||||||
|
// the OIDC flow that supports token refresh and doesn’t require re-authentication,
|
||||||
|
// update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI
|
||||||
|
// V2) with support for OIDC token refresh and configurable IAM Identity
|
||||||
|
// Center session durations. For more information, see Configure Amazon Web
|
||||||
|
// Services access portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html).
|
||||||
//
|
//
|
||||||
// - The access tokens provided by this service grant access to all AWS account
|
// - The access tokens provided by this service grant access to all Amazon
|
||||||
// entitlements assigned to an IAM Identity Center user, not just a particular
|
// Web Services account entitlements assigned to an IAM Identity Center user,
|
||||||
// application.
|
// not just a particular application.
|
||||||
//
|
//
|
||||||
// - The documentation in this guide does not describe the mechanism to convert
|
// - The documentation in this guide does not describe the mechanism to convert
|
||||||
// the access token into AWS Auth (“sigv4”) credentials for use with
|
// the access token into Amazon Web Services Auth (“sigv4”) credentials
|
||||||
// IAM-protected AWS service endpoints. For more information, see GetRoleCredentials
|
// for use with IAM-protected Amazon Web Services service endpoints. For
|
||||||
// (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
|
// more information, see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
|
||||||
// in the IAM Identity Center Portal API Reference Guide.
|
// in the IAM Identity Center Portal API Reference Guide.
|
||||||
//
|
//
|
||||||
// For general information about IAM Identity Center, see What is IAM Identity
|
// For general information about IAM Identity Center, see What is IAM Identity
|
||||||
|
|
16
vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go
generated
vendored
16
vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go
generated
vendored
|
@ -57,6 +57,13 @@ const (
|
||||||
// makes a CreateToken request with an invalid grant type.
|
// makes a CreateToken request with an invalid grant type.
|
||||||
ErrCodeInvalidGrantException = "InvalidGrantException"
|
ErrCodeInvalidGrantException = "InvalidGrantException"
|
||||||
|
|
||||||
|
// ErrCodeInvalidRedirectUriException for service response error code
|
||||||
|
// "InvalidRedirectUriException".
|
||||||
|
//
|
||||||
|
// Indicates that one or more redirect URI in the request is not supported for
|
||||||
|
// this operation.
|
||||||
|
ErrCodeInvalidRedirectUriException = "InvalidRedirectUriException"
|
||||||
|
|
||||||
// ErrCodeInvalidRequestException for service response error code
|
// ErrCodeInvalidRequestException for service response error code
|
||||||
// "InvalidRequestException".
|
// "InvalidRequestException".
|
||||||
//
|
//
|
||||||
|
@ -64,6 +71,13 @@ const (
|
||||||
// a required parameter might be missing or out of range.
|
// a required parameter might be missing or out of range.
|
||||||
ErrCodeInvalidRequestException = "InvalidRequestException"
|
ErrCodeInvalidRequestException = "InvalidRequestException"
|
||||||
|
|
||||||
|
// ErrCodeInvalidRequestRegionException for service response error code
|
||||||
|
// "InvalidRequestRegionException".
|
||||||
|
//
|
||||||
|
// Indicates that a token provided as input to the request was issued by and
|
||||||
|
// is only usable by calling IAM Identity Center endpoints in another region.
|
||||||
|
ErrCodeInvalidRequestRegionException = "InvalidRequestRegionException"
|
||||||
|
|
||||||
// ErrCodeInvalidScopeException for service response error code
|
// ErrCodeInvalidScopeException for service response error code
|
||||||
// "InvalidScopeException".
|
// "InvalidScopeException".
|
||||||
//
|
//
|
||||||
|
@ -99,7 +113,9 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
|
||||||
"InvalidClientException": newErrorInvalidClientException,
|
"InvalidClientException": newErrorInvalidClientException,
|
||||||
"InvalidClientMetadataException": newErrorInvalidClientMetadataException,
|
"InvalidClientMetadataException": newErrorInvalidClientMetadataException,
|
||||||
"InvalidGrantException": newErrorInvalidGrantException,
|
"InvalidGrantException": newErrorInvalidGrantException,
|
||||||
|
"InvalidRedirectUriException": newErrorInvalidRedirectUriException,
|
||||||
"InvalidRequestException": newErrorInvalidRequestException,
|
"InvalidRequestException": newErrorInvalidRequestException,
|
||||||
|
"InvalidRequestRegionException": newErrorInvalidRequestRegionException,
|
||||||
"InvalidScopeException": newErrorInvalidScopeException,
|
"InvalidScopeException": newErrorInvalidScopeException,
|
||||||
"SlowDownException": newErrorSlowDownException,
|
"SlowDownException": newErrorSlowDownException,
|
||||||
"UnauthorizedClientException": newErrorUnauthorizedClientException,
|
"UnauthorizedClientException": newErrorUnauthorizedClientException,
|
||||||
|
|
2
vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go
generated
vendored
|
@ -51,7 +51,7 @@ const (
|
||||||
func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC {
|
func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC {
|
||||||
c := p.ClientConfig(EndpointsID, cfgs...)
|
c := p.ClientConfig(EndpointsID, cfgs...)
|
||||||
if c.SigningNameDerived || len(c.SigningName) == 0 {
|
if c.SigningNameDerived || len(c.SigningName) == 0 {
|
||||||
c.SigningName = "awsssooidc"
|
c.SigningName = "sso-oauth"
|
||||||
}
|
}
|
||||||
return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
|
return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
|
||||||
}
|
}
|
||||||
|
|
20
vendor/github.com/aws/aws-sdk-go/service/sts/api.go
generated
vendored
20
vendor/github.com/aws/aws-sdk-go/service/sts/api.go
generated
vendored
|
@ -1460,7 +1460,15 @@ type AssumeRoleInput struct {
|
||||||
// in the IAM User Guide.
|
// in the IAM User Guide.
|
||||||
PolicyArns []*PolicyDescriptorType `type:"list"`
|
PolicyArns []*PolicyDescriptorType `type:"list"`
|
||||||
|
|
||||||
// Reserved for future use.
|
// A list of previously acquired trusted context assertions in the format of
|
||||||
|
// a JSON array. The trusted context assertion is signed and encrypted by Amazon
|
||||||
|
// Web Services STS.
|
||||||
|
//
|
||||||
|
// The following is an example of a ProvidedContext value that includes a single
|
||||||
|
// trusted context assertion and the ARN of the context provider from which
|
||||||
|
// the trusted context assertion was generated.
|
||||||
|
//
|
||||||
|
// [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
|
||||||
ProvidedContexts []*ProvidedContext `type:"list"`
|
ProvidedContexts []*ProvidedContext `type:"list"`
|
||||||
|
|
||||||
// The Amazon Resource Name (ARN) of the role to assume.
|
// The Amazon Resource Name (ARN) of the role to assume.
|
||||||
|
@ -3405,14 +3413,18 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType {
|
||||||
return s
|
return s
|
||||||
}
|
}
|
||||||
|
|
||||||
// Reserved for future use.
|
// Contains information about the provided context. This includes the signed
|
||||||
|
// and encrypted trusted context assertion and the context provider ARN from
|
||||||
|
// which the trusted context assertion was generated.
|
||||||
type ProvidedContext struct {
|
type ProvidedContext struct {
|
||||||
_ struct{} `type:"structure"`
|
_ struct{} `type:"structure"`
|
||||||
|
|
||||||
// Reserved for future use.
|
// The signed and encrypted trusted context assertion generated by the context
|
||||||
|
// provider. The trusted context assertion is signed and encrypted by Amazon
|
||||||
|
// Web Services STS.
|
||||||
ContextAssertion *string `min:"4" type:"string"`
|
ContextAssertion *string `min:"4" type:"string"`
|
||||||
|
|
||||||
// Reserved for future use.
|
// The context provider ARN from which the trusted context assertion was generated.
|
||||||
ProviderArn *string `min:"20" type:"string"`
|
ProviderArn *string `min:"20" type:"string"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
4
vendor/modules.txt
vendored
4
vendor/modules.txt
vendored
|
@ -1,5 +1,5 @@
|
||||||
# github.com/aws/aws-sdk-go v1.45.25
|
# github.com/aws/aws-sdk-go v1.55.5
|
||||||
## explicit; go 1.11
|
## explicit; go 1.19
|
||||||
github.com/aws/aws-sdk-go/aws
|
github.com/aws/aws-sdk-go/aws
|
||||||
github.com/aws/aws-sdk-go/aws/arn
|
github.com/aws/aws-sdk-go/aws/arn
|
||||||
github.com/aws/aws-sdk-go/aws/auth/bearer
|
github.com/aws/aws-sdk-go/aws/auth/bearer
|
||||||
|
|
Loading…
Reference in a new issue