chore(deps): update module github.com/aws/aws-sdk-go to v1.55.5 #2
22 changed files with 13038 additions and 2628 deletions
2
go.mod
2
go.mod
|
@ -3,7 +3,7 @@ module idun
|
|||
go 1.21
|
||||
|
||||
require (
|
||||
github.com/aws/aws-sdk-go v1.45.25
|
||||
github.com/aws/aws-sdk-go v1.55.5
|
||||
github.com/pkg/sftp v1.13.6
|
||||
github.com/rs/zerolog v1.31.0
|
||||
github.com/stretchr/testify v1.8.4
|
||||
|
|
2
go.sum
2
go.sum
|
@ -1,5 +1,7 @@
|
|||
github.com/aws/aws-sdk-go v1.45.25 h1:c4fLlh5sLdK2DCRTY1z0hyuJZU4ygxX8m1FswL6/nF4=
|
||||
github.com/aws/aws-sdk-go v1.45.25/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
|
||||
github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
|
||||
github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
|
||||
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||
|
|
11
vendor/github.com/aws/aws-sdk-go/aws/config.go
generated
vendored
11
vendor/github.com/aws/aws-sdk-go/aws/config.go
generated
vendored
|
@ -442,6 +442,17 @@ func (c *Config) WithUseDualStack(enable bool) *Config {
|
|||
return c
|
||||
}
|
||||
|
||||
// WithUseFIPSEndpoint sets a config UseFIPSEndpoint value returning a Config
|
||||
// pointer for chaining.
|
||||
func (c *Config) WithUseFIPSEndpoint(enable bool) *Config {
|
||||
if enable {
|
||||
c.UseFIPSEndpoint = endpoints.FIPSEndpointStateEnabled
|
||||
} else {
|
||||
c.UseFIPSEndpoint = endpoints.FIPSEndpointStateDisabled
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
// WithEC2MetadataDisableTimeoutOverride sets a config EC2MetadataDisableTimeoutOverride value
|
||||
// returning a Config pointer for chaining.
|
||||
func (c *Config) WithEC2MetadataDisableTimeoutOverride(enable bool) *Config {
|
||||
|
|
47
vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
generated
vendored
47
vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
generated
vendored
|
@ -31,6 +31,8 @@ package endpointcreds
|
|||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
|
@ -69,7 +71,37 @@ type Provider struct {
|
|||
|
||||
// Optional authorization token value if set will be used as the value of
|
||||
// the Authorization header of the endpoint credential request.
|
||||
//
|
||||
// When constructed from environment, the provider will use the value of
|
||||
// AWS_CONTAINER_AUTHORIZATION_TOKEN environment variable as the token
|
||||
//
|
||||
// Will be overridden if AuthorizationTokenProvider is configured
|
||||
AuthorizationToken string
|
||||
|
||||
// Optional auth provider func to dynamically load the auth token from a file
|
||||
// everytime a credential is retrieved
|
||||
//
|
||||
// When constructed from environment, the provider will read and use the content
|
||||
// of the file pointed to by AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variable
|
||||
// as the auth token everytime credentials are retrieved
|
||||
//
|
||||
// Will override AuthorizationToken if configured
|
||||
AuthorizationTokenProvider AuthTokenProvider
|
||||
}
|
||||
|
||||
// AuthTokenProvider defines an interface to dynamically load a value to be passed
|
||||
// for the Authorization header of a credentials request.
|
||||
type AuthTokenProvider interface {
|
||||
GetToken() (string, error)
|
||||
}
|
||||
|
||||
// TokenProviderFunc is a func type implementing AuthTokenProvider interface
|
||||
// and enables customizing token provider behavior
|
||||
type TokenProviderFunc func() (string, error)
|
||||
|
||||
// GetToken func retrieves auth token according to TokenProviderFunc implementation
|
||||
func (p TokenProviderFunc) GetToken() (string, error) {
|
||||
return p()
|
||||
}
|
||||
|
||||
// NewProviderClient returns a credentials Provider for retrieving AWS credentials
|
||||
|
@ -164,7 +196,20 @@ func (p *Provider) getCredentials(ctx aws.Context) (*getCredentialsOutput, error
|
|||
req := p.Client.NewRequest(op, nil, out)
|
||||
req.SetContext(ctx)
|
||||
req.HTTPRequest.Header.Set("Accept", "application/json")
|
||||
if authToken := p.AuthorizationToken; len(authToken) != 0 {
|
||||
|
||||
authToken := p.AuthorizationToken
|
||||
var err error
|
||||
if p.AuthorizationTokenProvider != nil {
|
||||
authToken, err = p.AuthorizationTokenProvider.GetToken()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("get authorization token: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
if strings.ContainsAny(authToken, "\r\n") {
|
||||
return nil, fmt.Errorf("authorization token contains invalid newline sequence")
|
||||
}
|
||||
if len(authToken) != 0 {
|
||||
req.HTTPRequest.Header.Set("Authorization", authToken)
|
||||
}
|
||||
|
||||
|
|
64
vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
generated
vendored
64
vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go
generated
vendored
|
@ -9,6 +9,7 @@ package defaults
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
|
@ -115,9 +116,31 @@ func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Pro
|
|||
|
||||
const (
|
||||
httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
|
||||
httpProviderAuthFileEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE"
|
||||
httpProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
|
||||
)
|
||||
|
||||
// direct representation of the IPv4 address for the ECS container
|
||||
// "169.254.170.2"
|
||||
var ecsContainerIPv4 net.IP = []byte{
|
||||
169, 254, 170, 2,
|
||||
}
|
||||
|
||||
// direct representation of the IPv4 address for the EKS container
|
||||
// "169.254.170.23"
|
||||
var eksContainerIPv4 net.IP = []byte{
|
||||
169, 254, 170, 23,
|
||||
}
|
||||
|
||||
// direct representation of the IPv6 address for the EKS container
|
||||
// "fd00:ec2::23"
|
||||
var eksContainerIPv6 net.IP = []byte{
|
||||
0xFD, 0, 0xE, 0xC2,
|
||||
0, 0, 0, 0,
|
||||
0, 0, 0, 0,
|
||||
0, 0, 0, 0x23,
|
||||
}
|
||||
|
||||
// RemoteCredProvider returns a credentials provider for the default remote
|
||||
// endpoints such as EC2 or ECS Roles.
|
||||
func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider {
|
||||
|
@ -135,19 +158,22 @@ func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.P
|
|||
|
||||
var lookupHostFn = net.LookupHost
|
||||
|
||||
func isLoopbackHost(host string) (bool, error) {
|
||||
ip := net.ParseIP(host)
|
||||
if ip != nil {
|
||||
return ip.IsLoopback(), nil
|
||||
// isAllowedHost allows host to be loopback or known ECS/EKS container IPs
|
||||
//
|
||||
// host can either be an IP address OR an unresolved hostname - resolution will
|
||||
// be automatically performed in the latter case
|
||||
func isAllowedHost(host string) (bool, error) {
|
||||
if ip := net.ParseIP(host); ip != nil {
|
||||
return isIPAllowed(ip), nil
|
||||
}
|
||||
|
||||
// Host is not an ip, perform lookup
|
||||
addrs, err := lookupHostFn(host)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
for _, addr := range addrs {
|
||||
if !net.ParseIP(addr).IsLoopback() {
|
||||
if ip := net.ParseIP(addr); ip == nil || !isIPAllowed(ip) {
|
||||
return false, nil
|
||||
}
|
||||
}
|
||||
|
@ -155,6 +181,13 @@ func isLoopbackHost(host string) (bool, error) {
|
|||
return true, nil
|
||||
}
|
||||
|
||||
func isIPAllowed(ip net.IP) bool {
|
||||
return ip.IsLoopback() ||
|
||||
ip.Equal(ecsContainerIPv4) ||
|
||||
ip.Equal(eksContainerIPv4) ||
|
||||
ip.Equal(eksContainerIPv6)
|
||||
}
|
||||
|
||||
func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider {
|
||||
var errMsg string
|
||||
|
||||
|
@ -165,10 +198,12 @@ func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string)
|
|||
host := aws.URLHostname(parsed)
|
||||
if len(host) == 0 {
|
||||
errMsg = "unable to parse host from local HTTP cred provider URL"
|
||||
} else if isLoopback, loopbackErr := isLoopbackHost(host); loopbackErr != nil {
|
||||
errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, loopbackErr)
|
||||
} else if !isLoopback {
|
||||
errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback hosts are allowed.", host)
|
||||
} else if parsed.Scheme == "http" {
|
||||
if isAllowedHost, allowHostErr := isAllowedHost(host); allowHostErr != nil {
|
||||
errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, allowHostErr)
|
||||
} else if !isAllowedHost {
|
||||
errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback/ecs/eks hosts are allowed.", host)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -190,6 +225,15 @@ func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) crede
|
|||
func(p *endpointcreds.Provider) {
|
||||
p.ExpiryWindow = 5 * time.Minute
|
||||
p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar)
|
||||
if authFilePath := os.Getenv(httpProviderAuthFileEnvVar); authFilePath != "" {
|
||||
p.AuthorizationTokenProvider = endpointcreds.TokenProviderFunc(func() (string, error) {
|
||||
if contents, err := ioutil.ReadFile(authFilePath); err != nil {
|
||||
return "", fmt.Errorf("failed to read authorization token from %v: %v", authFilePath, err)
|
||||
} else {
|
||||
return string(contents), nil
|
||||
}
|
||||
})
|
||||
}
|
||||
},
|
||||
)
|
||||
}
|
||||
|
|
3
vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
generated
vendored
3
vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
generated
vendored
|
@ -2,6 +2,7 @@ package ec2metadata
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"net/http"
|
||||
"sync/atomic"
|
||||
"time"
|
||||
|
@ -65,7 +66,9 @@ func (t *tokenProvider) fetchTokenHandler(r *request.Request) {
|
|||
switch requestFailureError.StatusCode() {
|
||||
case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed:
|
||||
atomic.StoreUint32(&t.disabled, 1)
|
||||
if t.client.Config.LogLevel.Matches(aws.LogDebugWithDeprecated) {
|
||||
t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError))
|
||||
}
|
||||
case http.StatusBadRequest:
|
||||
r.Error = requestFailureError
|
||||
}
|
||||
|
|
6923
vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
generated
vendored
6923
vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
generated
vendored
File diff suppressed because it is too large
Load diff
11
vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go
generated
vendored
11
vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go
generated
vendored
|
@ -256,8 +256,17 @@ func (a *WaiterAcceptor) match(name string, l aws.Logger, req *Request, err erro
|
|||
s := a.Expected.(int)
|
||||
result = s == req.HTTPResponse.StatusCode
|
||||
case ErrorWaiterMatch:
|
||||
switch ex := a.Expected.(type) {
|
||||
case string:
|
||||
if aerr, ok := err.(awserr.Error); ok {
|
||||
result = aerr.Code() == a.Expected.(string)
|
||||
result = aerr.Code() == ex
|
||||
}
|
||||
case bool:
|
||||
if ex {
|
||||
result = err != nil
|
||||
} else {
|
||||
result = err == nil
|
||||
}
|
||||
}
|
||||
default:
|
||||
waiterLogf(l, "WARNING: Waiter %s encountered unexpected matcher: %s",
|
||||
|
|
28
vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
generated
vendored
28
vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
generated
vendored
|
@ -171,6 +171,12 @@ type envConfig struct {
|
|||
// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
|
||||
EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
|
||||
|
||||
// Specifies that IMDS clients should not fallback to IMDSv1 if token
|
||||
// requests fail.
|
||||
//
|
||||
// AWS_EC2_METADATA_V1_DISABLED=true
|
||||
EC2IMDSv1Disabled *bool
|
||||
|
||||
// Specifies that SDK clients must resolve a dual-stack endpoint for
|
||||
// services.
|
||||
//
|
||||
|
@ -251,6 +257,9 @@ var (
|
|||
ec2IMDSEndpointModeEnvKey = []string{
|
||||
"AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE",
|
||||
}
|
||||
ec2MetadataV1DisabledEnvKey = []string{
|
||||
"AWS_EC2_METADATA_V1_DISABLED",
|
||||
}
|
||||
useCABundleKey = []string{
|
||||
"AWS_CA_BUNDLE",
|
||||
}
|
||||
|
@ -393,6 +402,7 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) {
|
|||
if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil {
|
||||
return envConfig{}, err
|
||||
}
|
||||
setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, ec2MetadataV1DisabledEnvKey)
|
||||
|
||||
if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, awsUseDualStackEndpoint); err != nil {
|
||||
return cfg, err
|
||||
|
@ -414,6 +424,24 @@ func setFromEnvVal(dst *string, keys []string) {
|
|||
}
|
||||
}
|
||||
|
||||
func setBoolPtrFromEnvVal(dst **bool, keys []string) {
|
||||
for _, k := range keys {
|
||||
value := os.Getenv(k)
|
||||
if len(value) == 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
switch {
|
||||
case strings.EqualFold(value, "false"):
|
||||
*dst = new(bool)
|
||||
**dst = false
|
||||
case strings.EqualFold(value, "true"):
|
||||
*dst = new(bool)
|
||||
**dst = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error {
|
||||
for _, k := range keys {
|
||||
value := os.Getenv(k)
|
||||
|
|
8
vendor/github.com/aws/aws-sdk-go/aws/session/session.go
generated
vendored
8
vendor/github.com/aws/aws-sdk-go/aws/session/session.go
generated
vendored
|
@ -779,6 +779,14 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config,
|
|||
cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode)
|
||||
}
|
||||
|
||||
cfg.EC2MetadataEnableFallback = userCfg.EC2MetadataEnableFallback
|
||||
if cfg.EC2MetadataEnableFallback == nil && envCfg.EC2IMDSv1Disabled != nil {
|
||||
cfg.EC2MetadataEnableFallback = aws.Bool(!*envCfg.EC2IMDSv1Disabled)
|
||||
}
|
||||
if cfg.EC2MetadataEnableFallback == nil && sharedCfg.EC2IMDSv1Disabled != nil {
|
||||
cfg.EC2MetadataEnableFallback = aws.Bool(!*sharedCfg.EC2IMDSv1Disabled)
|
||||
}
|
||||
|
||||
cfg.S3UseARNRegion = userCfg.S3UseARNRegion
|
||||
if cfg.S3UseARNRegion == nil {
|
||||
cfg.S3UseARNRegion = &envCfg.S3UseARNRegion
|
||||
|
|
10
vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
generated
vendored
10
vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
generated
vendored
|
@ -80,6 +80,9 @@ const (
|
|||
// EC2 IMDS Endpoint
|
||||
ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint"
|
||||
|
||||
// ECS IMDSv1 disable fallback
|
||||
ec2MetadataV1DisabledKey = "ec2_metadata_v1_disabled"
|
||||
|
||||
// Use DualStack Endpoint Resolution
|
||||
useDualStackEndpoint = "use_dualstack_endpoint"
|
||||
|
||||
|
@ -179,6 +182,12 @@ type sharedConfig struct {
|
|||
// ec2_metadata_service_endpoint=http://fd00:ec2::254
|
||||
EC2IMDSEndpoint string
|
||||
|
||||
// Specifies that IMDS clients should not fallback to IMDSv1 if token
|
||||
// requests fail.
|
||||
//
|
||||
// ec2_metadata_v1_disabled=true
|
||||
EC2IMDSv1Disabled *bool
|
||||
|
||||
// Specifies that SDK clients must resolve a dual-stack endpoint for
|
||||
// services.
|
||||
//
|
||||
|
@ -434,6 +443,7 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
|
|||
ec2MetadataServiceEndpointModeKey, file.Filename, err)
|
||||
}
|
||||
updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey)
|
||||
updateBoolPtr(&cfg.EC2IMDSv1Disabled, section, ec2MetadataV1DisabledKey)
|
||||
|
||||
updateUseDualStackEndpoint(&cfg.UseDualStackEndpoint, section, useDualStackEndpoint)
|
||||
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
generated
vendored
|
@ -125,6 +125,7 @@ var requiredSignedHeaders = rules{
|
|||
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
|
||||
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{},
|
||||
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{},
|
||||
"X-Amz-Expected-Bucket-Owner": struct{}{},
|
||||
"X-Amz-Grant-Full-control": struct{}{},
|
||||
"X-Amz-Grant-Read": struct{}{},
|
||||
"X-Amz-Grant-Read-Acp": struct{}{},
|
||||
|
|
2
vendor/github.com/aws/aws-sdk-go/aws/version.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go/aws/version.go
generated
vendored
|
@ -5,4 +5,4 @@ package aws
|
|||
const SDKName = "aws-sdk-go"
|
||||
|
||||
// SDKVersion is the version of this SDK
|
||||
const SDKVersion = "1.45.25"
|
||||
const SDKVersion = "1.55.5"
|
||||
|
|
4
vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go
generated
vendored
4
vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go
generated
vendored
|
@ -122,8 +122,8 @@ func (q *queryParser) parseStruct(v url.Values, value reflect.Value, prefix stri
|
|||
}
|
||||
|
||||
func (q *queryParser) parseList(v url.Values, value reflect.Value, prefix string, tag reflect.StructTag) error {
|
||||
// If it's empty, generate an empty value
|
||||
if !value.IsNil() && value.Len() == 0 {
|
||||
// If it's empty, and not ec2, generate an empty value
|
||||
if !value.IsNil() && value.Len() == 0 && !q.isEC2 {
|
||||
v.Set(prefix, "")
|
||||
return nil
|
||||
}
|
||||
|
|
7608
vendor/github.com/aws/aws-sdk-go/service/s3/api.go
generated
vendored
7608
vendor/github.com/aws/aws-sdk-go/service/s3/api.go
generated
vendored
File diff suppressed because it is too large
Load diff
9
vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
generated
vendored
9
vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
generated
vendored
|
@ -25,6 +25,15 @@ const (
|
|||
// "InvalidObjectState".
|
||||
//
|
||||
// Object is archived and inaccessible until restored.
|
||||
//
|
||||
// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval
|
||||
// storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering
|
||||
// Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier,
|
||||
// before you can retrieve the object you must first restore a copy using RestoreObject
|
||||
// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html).
|
||||
// Otherwise, this operation returns an InvalidObjectState error. For information
|
||||
// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html)
|
||||
// in the Amazon S3 User Guide.
|
||||
ErrCodeInvalidObjectState = "InvalidObjectState"
|
||||
|
||||
// ErrCodeNoSuchBucket for service response error code
|
||||
|
|
818
vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go
generated
vendored
818
vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go
generated
vendored
File diff suppressed because it is too large
Load diff
39
vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go
generated
vendored
39
vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go
generated
vendored
|
@ -3,15 +3,13 @@
|
|||
// Package ssooidc provides the client and types for making API
|
||||
// requests to AWS SSO OIDC.
|
||||
//
|
||||
// AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect
|
||||
// (OIDC) is a web service that enables a client (such as AWS CLI or a native
|
||||
// application) to register with IAM Identity Center. The service also enables
|
||||
// the client to fetch the user’s access token upon successful authentication
|
||||
// and authorization with IAM Identity Center.
|
||||
// IAM Identity Center OpenID Connect (OIDC) is a web service that enables a
|
||||
// client (such as CLI or a native application) to register with IAM Identity
|
||||
// Center. The service also enables the client to fetch the user’s access
|
||||
// token upon successful authentication and authorization with IAM Identity
|
||||
// Center.
|
||||
//
|
||||
// Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces
|
||||
// will continue to retain their original name for backward compatibility purposes.
|
||||
// For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).
|
||||
// IAM Identity Center uses the sso and identitystore API namespaces.
|
||||
//
|
||||
// # Considerations for Using This Guide
|
||||
//
|
||||
|
@ -22,21 +20,24 @@
|
|||
// - The IAM Identity Center OIDC service currently implements only the portions
|
||||
// of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628
|
||||
// (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single
|
||||
// sign-on authentication with the AWS CLI. Support for other OIDC flows
|
||||
// frequently needed for native applications, such as Authorization Code
|
||||
// Flow (+ PKCE), will be addressed in future releases.
|
||||
// sign-on authentication with the CLI.
|
||||
//
|
||||
// - The service emits only OIDC access tokens, such that obtaining a new
|
||||
// token (For example, token refresh) requires explicit user re-authentication.
|
||||
// - With older versions of the CLI, the service only emits OIDC access tokens,
|
||||
// so to obtain a new token, users must explicitly re-authenticate. To access
|
||||
// the OIDC flow that supports token refresh and doesn’t require re-authentication,
|
||||
// update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI
|
||||
// V2) with support for OIDC token refresh and configurable IAM Identity
|
||||
// Center session durations. For more information, see Configure Amazon Web
|
||||
// Services access portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html).
|
||||
//
|
||||
// - The access tokens provided by this service grant access to all AWS account
|
||||
// entitlements assigned to an IAM Identity Center user, not just a particular
|
||||
// application.
|
||||
// - The access tokens provided by this service grant access to all Amazon
|
||||
// Web Services account entitlements assigned to an IAM Identity Center user,
|
||||
// not just a particular application.
|
||||
//
|
||||
// - The documentation in this guide does not describe the mechanism to convert
|
||||
// the access token into AWS Auth (“sigv4”) credentials for use with
|
||||
// IAM-protected AWS service endpoints. For more information, see GetRoleCredentials
|
||||
// (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
|
||||
// the access token into Amazon Web Services Auth (“sigv4”) credentials
|
||||
// for use with IAM-protected Amazon Web Services service endpoints. For
|
||||
// more information, see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
|
||||
// in the IAM Identity Center Portal API Reference Guide.
|
||||
//
|
||||
// For general information about IAM Identity Center, see What is IAM Identity
|
||||
|
|
16
vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go
generated
vendored
16
vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go
generated
vendored
|
@ -57,6 +57,13 @@ const (
|
|||
// makes a CreateToken request with an invalid grant type.
|
||||
ErrCodeInvalidGrantException = "InvalidGrantException"
|
||||
|
||||
// ErrCodeInvalidRedirectUriException for service response error code
|
||||
// "InvalidRedirectUriException".
|
||||
//
|
||||
// Indicates that one or more redirect URI in the request is not supported for
|
||||
// this operation.
|
||||
ErrCodeInvalidRedirectUriException = "InvalidRedirectUriException"
|
||||
|
||||
// ErrCodeInvalidRequestException for service response error code
|
||||
// "InvalidRequestException".
|
||||
//
|
||||
|
@ -64,6 +71,13 @@ const (
|
|||
// a required parameter might be missing or out of range.
|
||||
ErrCodeInvalidRequestException = "InvalidRequestException"
|
||||
|
||||
// ErrCodeInvalidRequestRegionException for service response error code
|
||||
// "InvalidRequestRegionException".
|
||||
//
|
||||
// Indicates that a token provided as input to the request was issued by and
|
||||
// is only usable by calling IAM Identity Center endpoints in another region.
|
||||
ErrCodeInvalidRequestRegionException = "InvalidRequestRegionException"
|
||||
|
||||
// ErrCodeInvalidScopeException for service response error code
|
||||
// "InvalidScopeException".
|
||||
//
|
||||
|
@ -99,7 +113,9 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
|
|||
"InvalidClientException": newErrorInvalidClientException,
|
||||
"InvalidClientMetadataException": newErrorInvalidClientMetadataException,
|
||||
"InvalidGrantException": newErrorInvalidGrantException,
|
||||
"InvalidRedirectUriException": newErrorInvalidRedirectUriException,
|
||||
"InvalidRequestException": newErrorInvalidRequestException,
|
||||
"InvalidRequestRegionException": newErrorInvalidRequestRegionException,
|
||||
"InvalidScopeException": newErrorInvalidScopeException,
|
||||
"SlowDownException": newErrorSlowDownException,
|
||||
"UnauthorizedClientException": newErrorUnauthorizedClientException,
|
||||
|
|
2
vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go
generated
vendored
|
@ -51,7 +51,7 @@ const (
|
|||
func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC {
|
||||
c := p.ClientConfig(EndpointsID, cfgs...)
|
||||
if c.SigningNameDerived || len(c.SigningName) == 0 {
|
||||
c.SigningName = "awsssooidc"
|
||||
c.SigningName = "sso-oauth"
|
||||
}
|
||||
return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
|
||||
}
|
||||
|
|
20
vendor/github.com/aws/aws-sdk-go/service/sts/api.go
generated
vendored
20
vendor/github.com/aws/aws-sdk-go/service/sts/api.go
generated
vendored
|
@ -1460,7 +1460,15 @@ type AssumeRoleInput struct {
|
|||
// in the IAM User Guide.
|
||||
PolicyArns []*PolicyDescriptorType `type:"list"`
|
||||
|
||||
// Reserved for future use.
|
||||
// A list of previously acquired trusted context assertions in the format of
|
||||
// a JSON array. The trusted context assertion is signed and encrypted by Amazon
|
||||
// Web Services STS.
|
||||
//
|
||||
// The following is an example of a ProvidedContext value that includes a single
|
||||
// trusted context assertion and the ARN of the context provider from which
|
||||
// the trusted context assertion was generated.
|
||||
//
|
||||
// [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
|
||||
ProvidedContexts []*ProvidedContext `type:"list"`
|
||||
|
||||
// The Amazon Resource Name (ARN) of the role to assume.
|
||||
|
@ -3405,14 +3413,18 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType {
|
|||
return s
|
||||
}
|
||||
|
||||
// Reserved for future use.
|
||||
// Contains information about the provided context. This includes the signed
|
||||
// and encrypted trusted context assertion and the context provider ARN from
|
||||
// which the trusted context assertion was generated.
|
||||
type ProvidedContext struct {
|
||||
_ struct{} `type:"structure"`
|
||||
|
||||
// Reserved for future use.
|
||||
// The signed and encrypted trusted context assertion generated by the context
|
||||
// provider. The trusted context assertion is signed and encrypted by Amazon
|
||||
// Web Services STS.
|
||||
ContextAssertion *string `min:"4" type:"string"`
|
||||
|
||||
// Reserved for future use.
|
||||
// The context provider ARN from which the trusted context assertion was generated.
|
||||
ProviderArn *string `min:"20" type:"string"`
|
||||
}
|
||||
|
||||
|
|
4
vendor/modules.txt
vendored
4
vendor/modules.txt
vendored
|
@ -1,5 +1,5 @@
|
|||
# github.com/aws/aws-sdk-go v1.45.25
|
||||
## explicit; go 1.11
|
||||
# github.com/aws/aws-sdk-go v1.55.5
|
||||
## explicit; go 1.19
|
||||
github.com/aws/aws-sdk-go/aws
|
||||
github.com/aws/aws-sdk-go/aws/arn
|
||||
github.com/aws/aws-sdk-go/aws/auth/bearer
|
||||
|
|
Loading…
Reference in a new issue