mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 02:50:30 +00:00
rebase: bump the github-dependencies group across 1 directory with 9 updates
Bumps the github-dependencies group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/IBM/keyprotect-go-client](https://github.com/IBM/keyprotect-go-client) | `0.12.2` | `0.14.1` | | [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.53.14` | `1.54.6` | | [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) | `1.28.1` | `1.29.1` | | [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) | `1.12.0` | `1.14.0` | | [github.com/kubernetes-csi/csi-lib-utils](https://github.com/kubernetes-csi/csi-lib-utils) | `0.17.0` | `0.18.1` | | [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.17.1` | `2.19.0` | | [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.18.0` | `1.19.1` | | [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.6.0` | `1.7.0` | Updates `github.com/IBM/keyprotect-go-client` from 0.12.2 to 0.14.1 - [Release notes](https://github.com/IBM/keyprotect-go-client/releases) - [Changelog](https://github.com/IBM/keyprotect-go-client/blob/master/CHANGELOG.md) - [Commits](https://github.com/IBM/keyprotect-go-client/compare/v0.12.2...v0.14.1) Updates `github.com/aws/aws-sdk-go` from 1.53.14 to 1.54.6 - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.53.14...v1.54.6) Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.28.1 to 1.29.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecr/v1.28.1...service/s3/v1.29.1) Updates `github.com/hashicorp/vault/api` from 1.12.0 to 1.14.0 - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/vault/compare/v1.12.0...v1.14.0) Updates `github.com/kubernetes-csi/csi-lib-utils` from 0.17.0 to 0.18.1 - [Release notes](https://github.com/kubernetes-csi/csi-lib-utils/releases) - [Commits](https://github.com/kubernetes-csi/csi-lib-utils/compare/v0.17.0...v0.18.1) Updates `github.com/onsi/ginkgo/v2` from 2.17.1 to 2.19.0 - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.17.1...v2.19.0) Updates `github.com/onsi/gomega` from 1.32.0 to 1.33.1 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.32.0...v1.33.1) Updates `github.com/prometheus/client_golang` from 1.18.0 to 1.19.1 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.18.0...v1.19.1) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.6.0 to 1.7.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.6.0...sdk/azcore/v1.7.0) --- updated-dependencies: - dependency-name: github.com/IBM/keyprotect-go-client dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/hashicorp/vault/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/kubernetes-csi/csi-lib-utils dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
parent
29dde7abc2
commit
171ba6a65d
39
go.mod
39
go.mod
@ -3,9 +3,9 @@ module github.com/ceph/ceph-csi
|
|||||||
go 1.22.0
|
go 1.22.0
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/IBM/keyprotect-go-client v0.12.2
|
github.com/IBM/keyprotect-go-client v0.14.1
|
||||||
github.com/aws/aws-sdk-go v1.53.14
|
github.com/aws/aws-sdk-go v1.54.6
|
||||||
github.com/aws/aws-sdk-go-v2/service/sts v1.28.1
|
github.com/aws/aws-sdk-go-v2/service/sts v1.29.1
|
||||||
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
|
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
|
||||||
github.com/ceph/go-ceph v0.28.0
|
github.com/ceph/go-ceph v0.28.0
|
||||||
github.com/container-storage-interface/spec v1.9.0
|
github.com/container-storage-interface/spec v1.9.0
|
||||||
@ -16,14 +16,14 @@ require (
|
|||||||
github.com/google/uuid v1.6.0
|
github.com/google/uuid v1.6.0
|
||||||
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
|
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
|
||||||
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
|
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
|
||||||
github.com/hashicorp/vault/api v1.12.0
|
github.com/hashicorp/vault/api v1.14.0
|
||||||
github.com/kubernetes-csi/csi-lib-utils v0.17.0
|
github.com/kubernetes-csi/csi-lib-utils v0.18.1
|
||||||
github.com/kubernetes-csi/external-snapshotter/client/v7 v7.0.0
|
github.com/kubernetes-csi/external-snapshotter/client/v7 v7.0.0
|
||||||
github.com/libopenstorage/secrets v0.0.0-20231011182615-5f4b25ceede1
|
github.com/libopenstorage/secrets v0.0.0-20231011182615-5f4b25ceede1
|
||||||
github.com/onsi/ginkgo/v2 v2.17.1
|
github.com/onsi/ginkgo/v2 v2.19.0
|
||||||
github.com/onsi/gomega v1.32.0
|
github.com/onsi/gomega v1.33.1
|
||||||
github.com/pkg/xattr v0.4.9
|
github.com/pkg/xattr v0.4.9
|
||||||
github.com/prometheus/client_golang v1.18.0
|
github.com/prometheus/client_golang v1.19.1
|
||||||
github.com/stretchr/testify v1.9.0
|
github.com/stretchr/testify v1.9.0
|
||||||
golang.org/x/crypto v0.24.0
|
golang.org/x/crypto v0.24.0
|
||||||
golang.org/x/net v0.26.0
|
golang.org/x/net v0.26.0
|
||||||
@ -46,7 +46,7 @@ require (
|
|||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0
|
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0
|
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -60,12 +60,12 @@ require (
|
|||||||
github.com/ansel1/merry/v2 v2.0.1 // indirect
|
github.com/ansel1/merry/v2 v2.0.1 // indirect
|
||||||
github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
|
github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
|
||||||
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
|
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
|
||||||
github.com/aws/aws-sdk-go-v2 v1.25.2 // indirect
|
github.com/aws/aws-sdk-go-v2 v1.30.0 // indirect
|
||||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 // indirect
|
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 // indirect
|
||||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 // indirect
|
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 // indirect
|
||||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect
|
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
|
||||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 // indirect
|
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 // indirect
|
||||||
github.com/aws/smithy-go v1.20.1 // indirect
|
github.com/aws/smithy-go v1.20.2 // indirect
|
||||||
github.com/beorn7/perks v1.0.1 // indirect
|
github.com/beorn7/perks v1.0.1 // indirect
|
||||||
github.com/blang/semver/v4 v4.0.0 // indirect
|
github.com/blang/semver/v4 v4.0.0 // indirect
|
||||||
github.com/cenkalti/backoff/v3 v3.2.2 // indirect
|
github.com/cenkalti/backoff/v3 v3.2.2 // indirect
|
||||||
@ -82,13 +82,13 @@ require (
|
|||||||
github.com/fsnotify/fsnotify v1.7.0 // indirect
|
github.com/fsnotify/fsnotify v1.7.0 // indirect
|
||||||
github.com/gemalto/flume v0.13.0 // indirect
|
github.com/gemalto/flume v0.13.0 // indirect
|
||||||
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 // indirect
|
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 // indirect
|
||||||
github.com/go-jose/go-jose/v3 v3.0.3 // indirect
|
github.com/go-jose/go-jose/v4 v4.0.1 // indirect
|
||||||
github.com/go-logr/logr v1.4.1 // indirect
|
github.com/go-logr/logr v1.4.1 // indirect
|
||||||
github.com/go-logr/stdr v1.2.2 // indirect
|
github.com/go-logr/stdr v1.2.2 // indirect
|
||||||
github.com/go-openapi/jsonpointer v0.19.6 // indirect
|
github.com/go-openapi/jsonpointer v0.19.6 // indirect
|
||||||
github.com/go-openapi/jsonreference v0.20.2 // indirect
|
github.com/go-openapi/jsonreference v0.20.2 // indirect
|
||||||
github.com/go-openapi/swag v0.22.3 // indirect
|
github.com/go-openapi/swag v0.22.3 // indirect
|
||||||
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
|
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
|
||||||
github.com/gogo/protobuf v1.3.2 // indirect
|
github.com/gogo/protobuf v1.3.2 // indirect
|
||||||
github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
|
github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
|
||||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
||||||
@ -96,7 +96,7 @@ require (
|
|||||||
github.com/google/gnostic-models v0.6.8 // indirect
|
github.com/google/gnostic-models v0.6.8 // indirect
|
||||||
github.com/google/go-cmp v0.6.0 // indirect
|
github.com/google/go-cmp v0.6.0 // indirect
|
||||||
github.com/google/gofuzz v1.2.0 // indirect
|
github.com/google/gofuzz v1.2.0 // indirect
|
||||||
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
|
github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
|
||||||
github.com/gorilla/websocket v1.5.0 // indirect
|
github.com/gorilla/websocket v1.5.0 // indirect
|
||||||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
|
github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
|
||||||
github.com/hashicorp/errwrap v1.1.0 // indirect
|
github.com/hashicorp/errwrap v1.1.0 // indirect
|
||||||
@ -119,7 +119,6 @@ require (
|
|||||||
github.com/mailru/easyjson v0.7.7 // indirect
|
github.com/mailru/easyjson v0.7.7 // indirect
|
||||||
github.com/mattn/go-colorable v0.1.13 // indirect
|
github.com/mattn/go-colorable v0.1.13 // indirect
|
||||||
github.com/mattn/go-isatty v0.0.20 // indirect
|
github.com/mattn/go-isatty v0.0.20 // indirect
|
||||||
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
|
|
||||||
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
|
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
|
||||||
github.com/mitchellh/go-homedir v1.1.0 // indirect
|
github.com/mitchellh/go-homedir v1.1.0 // indirect
|
||||||
github.com/mitchellh/mapstructure v1.5.0 // indirect
|
github.com/mitchellh/mapstructure v1.5.0 // indirect
|
||||||
@ -136,7 +135,7 @@ require (
|
|||||||
github.com/pkg/errors v0.9.1 // indirect
|
github.com/pkg/errors v0.9.1 // indirect
|
||||||
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
|
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
|
||||||
github.com/prometheus/client_model v0.5.0 // indirect
|
github.com/prometheus/client_model v0.5.0 // indirect
|
||||||
github.com/prometheus/common v0.45.0 // indirect
|
github.com/prometheus/common v0.48.0 // indirect
|
||||||
github.com/prometheus/procfs v0.12.0 // indirect
|
github.com/prometheus/procfs v0.12.0 // indirect
|
||||||
github.com/ryanuber/go-glob v1.0.0 // indirect
|
github.com/ryanuber/go-glob v1.0.0 // indirect
|
||||||
github.com/sirupsen/logrus v1.9.0 // indirect
|
github.com/sirupsen/logrus v1.9.0 // indirect
|
||||||
|
76
go.sum
76
go.sum
@ -761,8 +761,8 @@ git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3p
|
|||||||
github.com/Azure/azure-sdk-for-go v62.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
|
github.com/Azure/azure-sdk-for-go v62.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM=
|
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo=
|
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg=
|
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
|
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo=
|
github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg=
|
github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 h1:h4Zxgmi9oyZL2l8jeg1iRTqPloHktywWcu0nlJmo1tA=
|
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 h1:h4Zxgmi9oyZL2l8jeg1iRTqPloHktywWcu0nlJmo1tA=
|
||||||
@ -786,8 +786,8 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83
|
|||||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||||
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
|
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
|
||||||
github.com/IBM/keyprotect-go-client v0.5.1/go.mod h1:5TwDM/4FRJq1ZOlwQL1xFahLWQ3TveR88VmL1u3njyI=
|
github.com/IBM/keyprotect-go-client v0.5.1/go.mod h1:5TwDM/4FRJq1ZOlwQL1xFahLWQ3TveR88VmL1u3njyI=
|
||||||
github.com/IBM/keyprotect-go-client v0.12.2 h1:Cjxcqin9Pl0xz3MnxdiVd4v/eIa79xL3hQpSbwOr/DQ=
|
github.com/IBM/keyprotect-go-client v0.14.1 h1:FSBJ3l6GKCuB3CoQPvVy94lOzYTKpjov8WdSDt5Ercs=
|
||||||
github.com/IBM/keyprotect-go-client v0.12.2/go.mod h1:yr8h2noNgU8vcbs+vhqoXp3Lmv73PI0zAc6VMgFvWwM=
|
github.com/IBM/keyprotect-go-client v0.14.1/go.mod h1:cAt714Vnwnd03mmkBHHSJlDNRVthdRmJB6RePd4/B8Q=
|
||||||
github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk=
|
github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk=
|
||||||
github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
|
github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
|
||||||
github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
|
github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
|
||||||
@ -834,22 +834,22 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
|
|||||||
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
|
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
|
||||||
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
|
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
|
||||||
github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
|
github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
|
||||||
github.com/aws/aws-sdk-go v1.53.14 h1:SzhkC2Pzag0iRW8WBb80RzKdGXDydJR9LAMs2GyKJ2M=
|
github.com/aws/aws-sdk-go v1.54.6 h1:HEYUib3yTt8E6vxjMWM3yAq5b+qjj/6aKA62mkgux9g=
|
||||||
github.com/aws/aws-sdk-go v1.53.14/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
|
github.com/aws/aws-sdk-go v1.54.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
|
||||||
github.com/aws/aws-sdk-go-v2 v1.25.2 h1:/uiG1avJRgLGiQM9X3qJM8+Qa6KRGK5rRPuXE0HUM+w=
|
github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6kAA=
|
||||||
github.com/aws/aws-sdk-go-v2 v1.25.2/go.mod h1:Evoc5AsmtveRt1komDwIsjHFyrP5tDuF1D1U+6z6pNo=
|
github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
|
||||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 h1:bNo4LagzUKbjdxE0tIcR9pMzLR2U/Tgie1Hq1HQ3iH8=
|
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 h1:SJ04WXGTwnHlWIODtC5kJzKbeuHt+OUNOgKg7nfnUGw=
|
||||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2/go.mod h1:wRQv0nN6v9wDXuWThpovGQjqF1HFdcgWjporw14lS8k=
|
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12/go.mod h1:FkpvXhA92gb3GE9LD6Og0pHHycTxW7xGpnEh5E7Opwo=
|
||||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 h1:EtOU5jsPdIQNP+6Q2C5e3d65NKT1PeCiQk+9OdzO12Q=
|
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 h1:hb5KgeYfObi5MHkSSZMEudnIvX30iB+E21evI4r6BnQ=
|
||||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2/go.mod h1:tyF5sKccmDz0Bv4NrstEr+/9YkSPJHrcO7UsUKf7pWM=
|
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12/go.mod h1:CroKe/eWJdyfy9Vx4rljP5wTUjNJfb+fPz1uMYUhEGM=
|
||||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE=
|
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
|
||||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8=
|
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
|
||||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 h1:5ffmXjPtwRExp1zc7gENLgCPyHFbhEPwVTkTiH9niSk=
|
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/pVnkqABXYRicYuPf9z2bTqfH13HT3v6UheIk=
|
||||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2/go.mod h1:Ru7vg1iQ7cR4i7SZ/JTLYN9kaXtbL69UdgG0OQWQxW0=
|
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14/go.mod h1:3TTcI5JSzda1nw/pkVC9dhgLre0SNBFj2lYS4GctXKI=
|
||||||
github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 h1:3I2cBEYgKhrWlwyZgfpSO2BpaMY1LHPqXYk/QGlu2ew=
|
github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 h1:myX5CxqXE0QMZNja6FA1/FSE3Vu1rVmeUmpJMMzeZg0=
|
||||||
github.com/aws/aws-sdk-go-v2/service/sts v1.28.1/go.mod h1:uQ7YYKZt3adCRrdCBREm1CD3efFLOUNH77MrUCvx5oA=
|
github.com/aws/aws-sdk-go-v2/service/sts v1.29.1/go.mod h1:N2mQiucsO0VwK9CYuS4/c2n6Smeh1v47Rz3dWCPFLdE=
|
||||||
github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=
|
github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
|
||||||
github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
|
github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
|
||||||
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
|
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
|
||||||
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
|
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
|
||||||
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
|
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
|
||||||
@ -1000,8 +1000,8 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9
|
|||||||
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
|
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
|
||||||
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
|
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
|
||||||
github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
|
github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
|
||||||
github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
|
github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
|
||||||
github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
|
github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
|
||||||
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||||
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||||
github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
|
github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
|
||||||
@ -1043,8 +1043,9 @@ github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhO
|
|||||||
github.com/go-pdf/fpdf v0.6.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M=
|
github.com/go-pdf/fpdf v0.6.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M=
|
||||||
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
|
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
|
||||||
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
|
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
|
||||||
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
|
|
||||||
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
|
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
|
||||||
|
github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
|
||||||
|
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
|
||||||
github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
|
github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
|
||||||
github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
|
github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
|
||||||
github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
|
github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
|
||||||
@ -1165,8 +1166,9 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe
|
|||||||
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||||
github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||||
github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||||
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
|
|
||||||
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||||
|
github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
|
||||||
|
github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
|
||||||
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
|
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
|
||||||
github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM=
|
github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM=
|
||||||
github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
|
github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
|
||||||
@ -1268,8 +1270,8 @@ github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0m
|
|||||||
github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
|
github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
|
||||||
github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
|
github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
|
||||||
github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
|
github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
|
||||||
github.com/hashicorp/vault/api v1.12.0 h1:meCpJSesvzQyao8FCOgk2fGdoADAnbDu2WPJN1lDLJ4=
|
github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU=
|
||||||
github.com/hashicorp/vault/api v1.12.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck=
|
github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk=
|
||||||
github.com/hashicorp/vault/api/auth/approle v0.5.0 h1:a1TK6VGwYqSAfkmX4y4dJ4WBxMU5dStIZqScW4EPXR8=
|
github.com/hashicorp/vault/api/auth/approle v0.5.0 h1:a1TK6VGwYqSAfkmX4y4dJ4WBxMU5dStIZqScW4EPXR8=
|
||||||
github.com/hashicorp/vault/api/auth/approle v0.5.0/go.mod h1:CHOQIA1AZACfjTzHggmyfiOZ+xCSKNRFqe48FTCzH0k=
|
github.com/hashicorp/vault/api/auth/approle v0.5.0/go.mod h1:CHOQIA1AZACfjTzHggmyfiOZ+xCSKNRFqe48FTCzH0k=
|
||||||
github.com/hashicorp/vault/api/auth/kubernetes v0.5.0 h1:CXO0fD7M3iCGovP/UApeHhPcH4paDFKcu7AjEXi94rI=
|
github.com/hashicorp/vault/api/auth/kubernetes v0.5.0 h1:CXO0fD7M3iCGovP/UApeHhPcH4paDFKcu7AjEXi94rI=
|
||||||
@ -1333,8 +1335,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
|||||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||||
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
|
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
|
||||||
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
|
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
|
||||||
github.com/kubernetes-csi/csi-lib-utils v0.17.0 h1:xEpJ3WYgMyyYF6fvcKHh4cDRtknuTkBS9rG8bYoLTCU=
|
github.com/kubernetes-csi/csi-lib-utils v0.18.1 h1:vpg1kbQ6lFVCz7mY71zcqVE7W0GAQXXBoFfHvbW3gdw=
|
||||||
github.com/kubernetes-csi/csi-lib-utils v0.17.0/go.mod h1:2Ba5/aQgUjbpqyC2uCcFwMF3rnPVs5jhZXm8jAzcT9Q=
|
github.com/kubernetes-csi/csi-lib-utils v0.18.1/go.mod h1:PIcn27zmbY0KBue4JDdZVfDF56tjcS3jKroZPi+pMoY=
|
||||||
github.com/kubernetes-csi/external-snapshotter/client/v4 v4.0.0/go.mod h1:YBCo4DoEeDndqvAn6eeu0vWM7QdXmHEeI9cFWplmBys=
|
github.com/kubernetes-csi/external-snapshotter/client/v4 v4.0.0/go.mod h1:YBCo4DoEeDndqvAn6eeu0vWM7QdXmHEeI9cFWplmBys=
|
||||||
github.com/kubernetes-csi/external-snapshotter/client/v7 v7.0.0 h1:j3YK74myEQRxR/srciTpOrm221SAvz6J5OVWbyfeXFo=
|
github.com/kubernetes-csi/external-snapshotter/client/v7 v7.0.0 h1:j3YK74myEQRxR/srciTpOrm221SAvz6J5OVWbyfeXFo=
|
||||||
github.com/kubernetes-csi/external-snapshotter/client/v7 v7.0.0/go.mod h1:FlyYFe32mPxKEPaRXKNxfX576d1AoCzstYDoOOnyMA4=
|
github.com/kubernetes-csi/external-snapshotter/client/v7 v7.0.0/go.mod h1:FlyYFe32mPxKEPaRXKNxfX576d1AoCzstYDoOOnyMA4=
|
||||||
@ -1375,8 +1377,6 @@ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4
|
|||||||
github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
|
github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
|
||||||
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
|
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
|
||||||
github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
|
github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
|
||||||
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
|
|
||||||
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
|
|
||||||
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
|
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
|
||||||
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
|
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
|
||||||
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
|
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
|
||||||
@ -1442,8 +1442,8 @@ github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7
|
|||||||
github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
|
github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
|
||||||
github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
|
github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
|
||||||
github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
|
github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
|
||||||
github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
|
github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
|
||||||
github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
|
github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
|
||||||
github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
|
github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
|
||||||
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
|
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
|
||||||
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
|
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
|
||||||
@ -1465,8 +1465,8 @@ github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3ev
|
|||||||
github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
|
github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
|
||||||
github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
|
github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
|
||||||
github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk=
|
github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk=
|
||||||
github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
|
github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
|
||||||
github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
|
github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
|
||||||
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
|
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
|
||||||
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
|
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
|
||||||
github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
|
github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
|
||||||
@ -1522,8 +1522,8 @@ github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrb
|
|||||||
github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
|
github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
|
||||||
github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk=
|
github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk=
|
||||||
github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
|
github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
|
||||||
github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk=
|
github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
|
||||||
github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA=
|
github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
|
||||||
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
||||||
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||||
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||||
@ -1542,8 +1542,8 @@ github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+
|
|||||||
github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
|
github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
|
||||||
github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
|
github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
|
||||||
github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
|
github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
|
||||||
github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
|
github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
|
||||||
github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
|
github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
|
||||||
github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||||
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||||
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
|
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
|
||||||
|
24
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md
generated
vendored
24
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md
generated
vendored
@ -1,5 +1,29 @@
|
|||||||
# Release History
|
# Release History
|
||||||
|
|
||||||
|
## 1.7.0 (2024-06-20)
|
||||||
|
|
||||||
|
### Features Added
|
||||||
|
* `AzurePipelinesCredential` authenticates an Azure Pipelines service connection with
|
||||||
|
workload identity federation
|
||||||
|
|
||||||
|
### Breaking Changes
|
||||||
|
> These changes affect only code written against a beta version such as v1.7.0-beta.1
|
||||||
|
* Removed the persistent token caching API. It will return in v1.8.0-beta.1
|
||||||
|
|
||||||
|
## 1.7.0-beta.1 (2024-06-10)
|
||||||
|
|
||||||
|
### Features Added
|
||||||
|
* Restored `AzurePipelinesCredential` and persistent token caching API
|
||||||
|
|
||||||
|
## Breaking Changes
|
||||||
|
> These changes affect only code written against a beta version such as v1.6.0-beta.4
|
||||||
|
* Values which `NewAzurePipelinesCredential` read from environment variables in
|
||||||
|
prior versions are now parameters
|
||||||
|
* Renamed `AzurePipelinesServiceConnectionCredentialOptions` to `AzurePipelinesCredentialOptions`
|
||||||
|
|
||||||
|
### Bugs Fixed
|
||||||
|
* Managed identity bug fixes
|
||||||
|
|
||||||
## 1.6.0 (2024-06-10)
|
## 1.6.0 (2024-06-10)
|
||||||
|
|
||||||
### Features Added
|
### Features Added
|
||||||
|
1
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/README.md
generated
vendored
1
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/README.md
generated
vendored
@ -140,6 +140,7 @@ client := armresources.NewResourceGroupsClient("subscription ID", chain, nil)
|
|||||||
|
|
||||||
|Credential|Usage
|
|Credential|Usage
|
||||||
|-|-
|
|-|-
|
||||||
|
|[AzurePipelinesCredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#AzurePipelinesCredential)|Authenticate an Azure Pipelines [service connection](https://learn.microsoft.com/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml)
|
||||||
|[ClientAssertionCredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#ClientAssertionCredential)|Authenticate a service principal with a signed client assertion
|
|[ClientAssertionCredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#ClientAssertionCredential)|Authenticate a service principal with a signed client assertion
|
||||||
|[ClientCertificateCredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#ClientCertificateCredential)|Authenticate a service principal with a certificate
|
|[ClientCertificateCredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#ClientCertificateCredential)|Authenticate a service principal with a certificate
|
||||||
|[ClientSecretCredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#ClientSecretCredential)|Authenticate a service principal with a secret
|
|[ClientSecretCredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#ClientSecretCredential)|Authenticate a service principal with a secret
|
||||||
|
1
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TOKEN_CACHING.MD
generated
vendored
1
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TOKEN_CACHING.MD
generated
vendored
@ -57,6 +57,7 @@ The following table indicates the state of in-memory and persistent caching in e
|
|||||||
|--------------------------------|---------------------------------------------------------------------|--------------------------|
|
|--------------------------------|---------------------------------------------------------------------|--------------------------|
|
||||||
| `AzureCLICredential` | Not Supported | Not Supported |
|
| `AzureCLICredential` | Not Supported | Not Supported |
|
||||||
| `AzureDeveloperCLICredential` | Not Supported | Not Supported |
|
| `AzureDeveloperCLICredential` | Not Supported | Not Supported |
|
||||||
|
| `AzurePipelinesCredential` | Supported | Supported |
|
||||||
| `ClientAssertionCredential` | Supported | Supported |
|
| `ClientAssertionCredential` | Supported | Supported |
|
||||||
| `ClientCertificateCredential` | Supported | Supported |
|
| `ClientCertificateCredential` | Supported | Supported |
|
||||||
| `ClientSecretCredential` | Supported | Supported |
|
| `ClientSecretCredential` | Supported | Supported |
|
||||||
|
10
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TROUBLESHOOTING.md
generated
vendored
10
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TROUBLESHOOTING.md
generated
vendored
@ -10,6 +10,7 @@ This troubleshooting guide covers failure investigation techniques, common error
|
|||||||
- [Enable and configure logging](#enable-and-configure-logging)
|
- [Enable and configure logging](#enable-and-configure-logging)
|
||||||
- [Troubleshoot AzureCLICredential authentication issues](#troubleshoot-azureclicredential-authentication-issues)
|
- [Troubleshoot AzureCLICredential authentication issues](#troubleshoot-azureclicredential-authentication-issues)
|
||||||
- [Troubleshoot AzureDeveloperCLICredential authentication issues](#troubleshoot-azuredeveloperclicredential-authentication-issues)
|
- [Troubleshoot AzureDeveloperCLICredential authentication issues](#troubleshoot-azuredeveloperclicredential-authentication-issues)
|
||||||
|
- [Troubleshoot AzurePipelinesCredential authentication issues](#troubleshoot-azurepipelinescredential-authentication-issues)
|
||||||
- [Troubleshoot ClientCertificateCredential authentication issues](#troubleshoot-clientcertificatecredential-authentication-issues)
|
- [Troubleshoot ClientCertificateCredential authentication issues](#troubleshoot-clientcertificatecredential-authentication-issues)
|
||||||
- [Troubleshoot ClientSecretCredential authentication issues](#troubleshoot-clientsecretcredential-authentication-issues)
|
- [Troubleshoot ClientSecretCredential authentication issues](#troubleshoot-clientsecretcredential-authentication-issues)
|
||||||
- [Troubleshoot DefaultAzureCredential authentication issues](#troubleshoot-defaultazurecredential-authentication-issues)
|
- [Troubleshoot DefaultAzureCredential authentication issues](#troubleshoot-defaultazurecredential-authentication-issues)
|
||||||
@ -226,6 +227,15 @@ azd auth token --output json --scope https://management.core.windows.net/.defaul
|
|||||||
|---|---|---|
|
|---|---|---|
|
||||||
|no client ID/tenant ID/token file specified|Incomplete configuration|In most cases these values are provided via environment variables set by Azure Workload Identity.<ul><li>If your application runs on Azure Kubernetes Servide (AKS) or a cluster that has deployed the Azure Workload Identity admission webhook, check pod labels and service account configuration. See the [AKS documentation](https://learn.microsoft.com/azure/aks/workload-identity-deploy-cluster#disable-workload-identity) and [Azure Workload Identity troubleshooting guide](https://azure.github.io/azure-workload-identity/docs/troubleshooting.html) for more details.<li>If your application isn't running on AKS or your cluster hasn't deployed the Workload Identity admission webhook, set these values in `WorkloadIdentityCredentialOptions`
|
|no client ID/tenant ID/token file specified|Incomplete configuration|In most cases these values are provided via environment variables set by Azure Workload Identity.<ul><li>If your application runs on Azure Kubernetes Servide (AKS) or a cluster that has deployed the Azure Workload Identity admission webhook, check pod labels and service account configuration. See the [AKS documentation](https://learn.microsoft.com/azure/aks/workload-identity-deploy-cluster#disable-workload-identity) and [Azure Workload Identity troubleshooting guide](https://azure.github.io/azure-workload-identity/docs/troubleshooting.html) for more details.<li>If your application isn't running on AKS or your cluster hasn't deployed the Workload Identity admission webhook, set these values in `WorkloadIdentityCredentialOptions`
|
||||||
|
|
||||||
|
<a id="apc"></a>
|
||||||
|
## Troubleshoot AzurePipelinesCredential authentication issues
|
||||||
|
|
||||||
|
| Error Message |Description| Mitigation |
|
||||||
|
|---|---|---|
|
||||||
|
| AADSTS900023: Specified tenant identifier 'some tenant ID' is neither a valid DNS name, nor a valid external domain.|The `tenantID` argument to `NewAzurePipelinesCredential` is incorrect| Verify the tenant ID. It must identify the tenant of the user-assigned managed identity or service principal configured for the service connection.|
|
||||||
|
| No service connection found with identifier |The `serviceConnectionID` argument to `NewAzurePipelinesCredential` is incorrect| Verify the service connection ID. This parameter refers to the `resourceId` of the Azure Service Connection. It can also be found in the query string of the service connection's configuration in Azure DevOps. [Azure Pipelines documentation](https://learn.microsoft.com/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml) has more information about service connections.|
|
||||||
|
|302 (Found) response from OIDC endpoint|The `systemAccessToken` argument to `NewAzurePipelinesCredential` is incorrect|Check pipeline configuration. This value comes from the predefined variable `System.AccessToken` [as described in Azure Pipelines documentation](https://learn.microsoft.com/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#systemaccesstoken).|
|
||||||
|
|
||||||
## Get additional help
|
## Get additional help
|
||||||
|
|
||||||
Additional information on ways to reach out for support can be found in [SUPPORT.md](https://github.com/Azure/azure-sdk-for-go/blob/main/SUPPORT.md).
|
Additional information on ways to reach out for support can be found in [SUPPORT.md](https://github.com/Azure/azure-sdk-for-go/blob/main/SUPPORT.md).
|
||||||
|
50
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_pipelines_credential.go
generated
vendored
50
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_pipelines_credential.go
generated
vendored
@ -19,21 +19,20 @@ import (
|
|||||||
const (
|
const (
|
||||||
credNameAzurePipelines = "AzurePipelinesCredential"
|
credNameAzurePipelines = "AzurePipelinesCredential"
|
||||||
oidcAPIVersion = "7.1"
|
oidcAPIVersion = "7.1"
|
||||||
systemAccessToken = "SYSTEM_ACCESSTOKEN"
|
|
||||||
systemOIDCRequestURI = "SYSTEM_OIDCREQUESTURI"
|
systemOIDCRequestURI = "SYSTEM_OIDCREQUESTURI"
|
||||||
)
|
)
|
||||||
|
|
||||||
// azurePipelinesCredential authenticates with workload identity federation in an Azure Pipeline. See
|
// AzurePipelinesCredential authenticates with workload identity federation in an Azure Pipeline. See
|
||||||
// [Azure Pipelines documentation] for more information.
|
// [Azure Pipelines documentation] for more information.
|
||||||
//
|
//
|
||||||
// [Azure Pipelines documentation]: https://learn.microsoft.com/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-that-uses-workload-identity-federation
|
// [Azure Pipelines documentation]: https://learn.microsoft.com/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-that-uses-workload-identity-federation
|
||||||
type azurePipelinesCredential struct {
|
type AzurePipelinesCredential struct {
|
||||||
connectionID, oidcURI, systemAccessToken string
|
connectionID, oidcURI, systemAccessToken string
|
||||||
cred *ClientAssertionCredential
|
cred *ClientAssertionCredential
|
||||||
}
|
}
|
||||||
|
|
||||||
// azurePipelinesCredentialOptions contains optional parameters for AzurePipelinesCredential.
|
// AzurePipelinesCredentialOptions contains optional parameters for AzurePipelinesCredential.
|
||||||
type azurePipelinesCredentialOptions struct {
|
type AzurePipelinesCredentialOptions struct {
|
||||||
azcore.ClientOptions
|
azcore.ClientOptions
|
||||||
|
|
||||||
// AdditionallyAllowedTenants specifies additional tenants for which the credential may acquire tokens.
|
// AdditionallyAllowedTenants specifies additional tenants for which the credential may acquire tokens.
|
||||||
@ -48,28 +47,39 @@ type azurePipelinesCredentialOptions struct {
|
|||||||
DisableInstanceDiscovery bool
|
DisableInstanceDiscovery bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// newAzurePipelinesCredential is the constructor for AzurePipelinesCredential. In addition to its required arguments,
|
// NewAzurePipelinesCredential is the constructor for AzurePipelinesCredential.
|
||||||
// it reads a security token for the running build, which is required to authenticate the service connection, from the
|
//
|
||||||
// environment variable SYSTEM_ACCESSTOKEN. See the [Azure Pipelines documentation] for an example showing how to set
|
// - tenantID: tenant ID of the service principal federated with the service connection
|
||||||
// this variable in build job YAML.
|
// - clientID: client ID of that service principal
|
||||||
|
// - serviceConnectionID: ID of the service connection to authenticate
|
||||||
|
// - systemAccessToken: security token for the running build. See [Azure Pipelines documentation] for
|
||||||
|
// an example showing how to get this value.
|
||||||
//
|
//
|
||||||
// [Azure Pipelines documentation]: https://learn.microsoft.com/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#systemaccesstoken
|
// [Azure Pipelines documentation]: https://learn.microsoft.com/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#systemaccesstoken
|
||||||
func newAzurePipelinesCredential(tenantID, clientID, serviceConnectionID string, options *azurePipelinesCredentialOptions) (*azurePipelinesCredential, error) {
|
func NewAzurePipelinesCredential(tenantID, clientID, serviceConnectionID, systemAccessToken string, options *AzurePipelinesCredentialOptions) (*AzurePipelinesCredential, error) {
|
||||||
if options == nil {
|
if !validTenantID(tenantID) {
|
||||||
options = &azurePipelinesCredentialOptions{}
|
return nil, errInvalidTenantID
|
||||||
|
}
|
||||||
|
if clientID == "" {
|
||||||
|
return nil, errors.New("no client ID specified")
|
||||||
|
}
|
||||||
|
if serviceConnectionID == "" {
|
||||||
|
return nil, errors.New("no service connection ID specified")
|
||||||
|
}
|
||||||
|
if systemAccessToken == "" {
|
||||||
|
return nil, errors.New("no system access token specified")
|
||||||
}
|
}
|
||||||
u := os.Getenv(systemOIDCRequestURI)
|
u := os.Getenv(systemOIDCRequestURI)
|
||||||
if u == "" {
|
if u == "" {
|
||||||
return nil, fmt.Errorf("no value for environment variable %s. This should be set by Azure Pipelines", systemOIDCRequestURI)
|
return nil, fmt.Errorf("no value for environment variable %s. This should be set by Azure Pipelines", systemOIDCRequestURI)
|
||||||
}
|
}
|
||||||
sat := os.Getenv(systemAccessToken)
|
a := AzurePipelinesCredential{
|
||||||
if sat == "" {
|
|
||||||
return nil, errors.New("no value for environment variable " + systemAccessToken)
|
|
||||||
}
|
|
||||||
a := azurePipelinesCredential{
|
|
||||||
connectionID: serviceConnectionID,
|
connectionID: serviceConnectionID,
|
||||||
oidcURI: u,
|
oidcURI: u,
|
||||||
systemAccessToken: sat,
|
systemAccessToken: systemAccessToken,
|
||||||
|
}
|
||||||
|
if options == nil {
|
||||||
|
options = &AzurePipelinesCredentialOptions{}
|
||||||
}
|
}
|
||||||
caco := ClientAssertionCredentialOptions{
|
caco := ClientAssertionCredentialOptions{
|
||||||
AdditionallyAllowedTenants: options.AdditionallyAllowedTenants,
|
AdditionallyAllowedTenants: options.AdditionallyAllowedTenants,
|
||||||
@ -86,7 +96,7 @@ func newAzurePipelinesCredential(tenantID, clientID, serviceConnectionID string,
|
|||||||
}
|
}
|
||||||
|
|
||||||
// GetToken requests an access token from Microsoft Entra ID. Azure SDK clients call this method automatically.
|
// GetToken requests an access token from Microsoft Entra ID. Azure SDK clients call this method automatically.
|
||||||
func (a *azurePipelinesCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
|
func (a *AzurePipelinesCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
|
||||||
var err error
|
var err error
|
||||||
ctx, endSpan := runtime.StartSpan(ctx, credNameAzurePipelines+"."+traceOpGetToken, a.cred.client.azClient.Tracer(), nil)
|
ctx, endSpan := runtime.StartSpan(ctx, credNameAzurePipelines+"."+traceOpGetToken, a.cred.client.azClient.Tracer(), nil)
|
||||||
defer func() { endSpan(err) }()
|
defer func() { endSpan(err) }()
|
||||||
@ -94,7 +104,7 @@ func (a *azurePipelinesCredential) GetToken(ctx context.Context, opts policy.Tok
|
|||||||
return tk, err
|
return tk, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *azurePipelinesCredential) getAssertion(ctx context.Context) (string, error) {
|
func (a *AzurePipelinesCredential) getAssertion(ctx context.Context) (string, error) {
|
||||||
url := a.oidcURI + "?api-version=" + oidcAPIVersion + "&serviceConnectionId=" + a.connectionID
|
url := a.oidcURI + "?api-version=" + oidcAPIVersion + "&serviceConnectionId=" + a.connectionID
|
||||||
url, err := runtime.EncodeQueryParams(url)
|
url, err := runtime.EncodeQueryParams(url)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
2
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/errors.go
generated
vendored
2
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/errors.go
generated
vendored
@ -83,6 +83,8 @@ func (e *AuthenticationFailedError) Error() string {
|
|||||||
anchor = "azure-cli"
|
anchor = "azure-cli"
|
||||||
case credNameAzureDeveloperCLI:
|
case credNameAzureDeveloperCLI:
|
||||||
anchor = "azd"
|
anchor = "azd"
|
||||||
|
case credNameAzurePipelines:
|
||||||
|
anchor = "apc"
|
||||||
case credNameCert:
|
case credNameCert:
|
||||||
anchor = "client-cert"
|
anchor = "client-cert"
|
||||||
case credNameSecret:
|
case credNameSecret:
|
||||||
|
2
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/version.go
generated
vendored
2
vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/version.go
generated
vendored
@ -14,5 +14,5 @@ const (
|
|||||||
module = "github.com/Azure/azure-sdk-for-go/sdk/" + component
|
module = "github.com/Azure/azure-sdk-for-go/sdk/" + component
|
||||||
|
|
||||||
// Version is the semantic version (see http://semver.org) of this module.
|
// Version is the semantic version (see http://semver.org) of this module.
|
||||||
version = "v1.6.0"
|
version = "v1.7.0"
|
||||||
)
|
)
|
||||||
|
6
vendor/github.com/IBM/keyprotect-go-client/.travis.yml
generated
vendored
6
vendor/github.com/IBM/keyprotect-go-client/.travis.yml
generated
vendored
@ -1,6 +1,6 @@
|
|||||||
language: go
|
language: go
|
||||||
|
|
||||||
dist: bionic
|
dist: jammy
|
||||||
|
|
||||||
go:
|
go:
|
||||||
- 1.17.x
|
- 1.17.x
|
||||||
@ -13,7 +13,6 @@ env:
|
|||||||
|
|
||||||
before_install:
|
before_install:
|
||||||
- sudo apt-get update
|
- sudo apt-get update
|
||||||
- pyenv global 3.8
|
|
||||||
|
|
||||||
before_script:
|
before_script:
|
||||||
- GO111MODULE=off go get -u github.com/haya14busa/goverage
|
- GO111MODULE=off go get -u github.com/haya14busa/goverage
|
||||||
@ -27,6 +26,9 @@ script:
|
|||||||
- $GOPATH/bin/goverage -v -race -coverprofile=cover.out $(go list ./... | grep -v '/vendor|/scripts')
|
- $GOPATH/bin/goverage -v -race -coverprofile=cover.out $(go list ./... | grep -v '/vendor|/scripts')
|
||||||
- go tool cover -func=cover.out
|
- go tool cover -func=cover.out
|
||||||
- go tool cover -html=cover.out -o=cover.html
|
- go tool cover -html=cover.out -o=cover.html
|
||||||
|
# these steps are to make sure that node will properly install for semantic release.
|
||||||
|
- nvm install node
|
||||||
|
- npm install -g npm
|
||||||
|
|
||||||
# To enable semantic-release, uncomment these sections.
|
# To enable semantic-release, uncomment these sections.
|
||||||
before_deploy:
|
before_deploy:
|
||||||
|
4
vendor/github.com/IBM/keyprotect-go-client/CONTRIBUTING.md
generated
vendored
4
vendor/github.com/IBM/keyprotect-go-client/CONTRIBUTING.md
generated
vendored
@ -11,6 +11,10 @@ please open a [Github Issue](https://github.com/IBM/keyprotect-go-client/issues)
|
|||||||
|
|
||||||
For your pull request to be merged, it must meet the criteria of a "correct patch", and also
|
For your pull request to be merged, it must meet the criteria of a "correct patch", and also
|
||||||
be fully reviewed and approved by two Maintainer level contributors.
|
be fully reviewed and approved by two Maintainer level contributors.
|
||||||
|
The PR should be named with the proper prefix to satisfy the semantic release.
|
||||||
|
- `fix(build):` for patch version bump (0.0.x)
|
||||||
|
- `feat(build):` for minor version bump (0.x.0)
|
||||||
|
- `perf(build):` for major version bump (x.0.0)
|
||||||
|
|
||||||
A correct patch is defined as the following:
|
A correct patch is defined as the following:
|
||||||
|
|
||||||
|
55
vendor/github.com/IBM/keyprotect-go-client/instances.go
generated
vendored
55
vendor/github.com/IBM/keyprotect-go-client/instances.go
generated
vendored
@ -61,14 +61,14 @@ type PolicyData struct {
|
|||||||
|
|
||||||
// Attributes contains the details of an instance policy
|
// Attributes contains the details of an instance policy
|
||||||
type Attributes struct {
|
type Attributes struct {
|
||||||
AllowedNetwork *string `json:"allowed_network,omitempty"`
|
AllowedNetwork *string `json:"allowed_network,omitempty"`
|
||||||
AllowedIP IPAddresses `json:"allowed_ip,omitempty"`
|
AllowedIP *IPAddresses `json:"allowed_ip,omitempty"`
|
||||||
CreateRootKey *bool `json:"create_root_key,omitempty"`
|
CreateRootKey *bool `json:"create_root_key,omitempty"`
|
||||||
CreateStandardKey *bool `json:"create_standard_key,omitempty"`
|
CreateStandardKey *bool `json:"create_standard_key,omitempty"`
|
||||||
ImportRootKey *bool `json:"import_root_key,omitempty"`
|
ImportRootKey *bool `json:"import_root_key,omitempty"`
|
||||||
ImportStandardKey *bool `json:"import_standard_key,omitempty"`
|
ImportStandardKey *bool `json:"import_standard_key,omitempty"`
|
||||||
EnforceToken *bool `json:"enforce_token,omitempty"`
|
EnforceToken *bool `json:"enforce_token,omitempty"`
|
||||||
IntervalMonth *int `json:"interval_month,omitempty"`
|
IntervalMonth *int `json:"interval_month,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// IPAddresses ...
|
// IPAddresses ...
|
||||||
@ -313,7 +313,8 @@ func (c *Client) SetAllowedIPInstancePolicy(ctx context.Context, enable bool, al
|
|||||||
// The IP address validation is performed by the key protect service.
|
// The IP address validation is performed by the key protect service.
|
||||||
if enable && len(allowedIPs) != 0 {
|
if enable && len(allowedIPs) != 0 {
|
||||||
policy.PolicyData.Attributes = &Attributes{}
|
policy.PolicyData.Attributes = &Attributes{}
|
||||||
policy.PolicyData.Attributes.AllowedIP = allowedIPs
|
ips := IPAddresses(allowedIPs)
|
||||||
|
policy.PolicyData.Attributes.AllowedIP = &ips
|
||||||
} else if enable && len(allowedIPs) == 0 {
|
} else if enable && len(allowedIPs) == 0 {
|
||||||
return fmt.Errorf("Please provide at least 1 IP subnet specified with CIDR notation")
|
return fmt.Errorf("Please provide at least 1 IP subnet specified with CIDR notation")
|
||||||
} else if !enable && len(allowedIPs) != 0 {
|
} else if !enable && len(allowedIPs) != 0 {
|
||||||
@ -445,17 +446,21 @@ type AllowedNetworkPolicyData struct {
|
|||||||
// AllowedIPPolicyData defines the attribute input for the Allowed IP instance policy
|
// AllowedIPPolicyData defines the attribute input for the Allowed IP instance policy
|
||||||
type AllowedIPPolicyData struct {
|
type AllowedIPPolicyData struct {
|
||||||
Enabled bool
|
Enabled bool
|
||||||
IPAddresses IPAddresses
|
IPAddresses *IPAddresses
|
||||||
}
|
}
|
||||||
|
|
||||||
// KeyAccessInstancePolicyData defines the attribute input for the Key Create Import Access instance policy
|
// KeyAccessInstancePolicyData defines the attribute input for the Key Create Import Access instance policy
|
||||||
type KeyCreateImportAccessInstancePolicy struct {
|
type KeyCreateImportAccessInstancePolicy struct {
|
||||||
Enabled bool
|
Enabled bool
|
||||||
CreateRootKey bool
|
Attributes *KeyCreateImportAccessInstancePolicyAttributes
|
||||||
CreateStandardKey bool
|
}
|
||||||
ImportRootKey bool
|
|
||||||
ImportStandardKey bool
|
type KeyCreateImportAccessInstancePolicyAttributes struct {
|
||||||
EnforceToken bool
|
CreateRootKey *bool
|
||||||
|
CreateStandardKey *bool
|
||||||
|
ImportRootKey *bool
|
||||||
|
ImportStandardKey *bool
|
||||||
|
EnforceToken *bool
|
||||||
}
|
}
|
||||||
|
|
||||||
type RotationPolicyData struct {
|
type RotationPolicyData struct {
|
||||||
@ -492,6 +497,7 @@ func (c *Client) SetInstancePolicies(ctx context.Context, policies MultiplePolic
|
|||||||
PolicyType: AllowedNetwork,
|
PolicyType: AllowedNetwork,
|
||||||
PolicyData: PolicyData{
|
PolicyData: PolicyData{
|
||||||
Enabled: &(policies.AllowedNetwork.Enabled),
|
Enabled: &(policies.AllowedNetwork.Enabled),
|
||||||
|
// due to legacy reasons, the allowed_network policy requires attribute to always be specified
|
||||||
Attributes: &Attributes{
|
Attributes: &Attributes{
|
||||||
AllowedNetwork: &(policies.AllowedNetwork.Network),
|
AllowedNetwork: &(policies.AllowedNetwork.Network),
|
||||||
},
|
},
|
||||||
@ -527,16 +533,19 @@ func (c *Client) SetInstancePolicies(ctx context.Context, policies MultiplePolic
|
|||||||
policy := InstancePolicy{
|
policy := InstancePolicy{
|
||||||
PolicyType: KeyCreateImportAccess,
|
PolicyType: KeyCreateImportAccess,
|
||||||
PolicyData: PolicyData{
|
PolicyData: PolicyData{
|
||||||
Enabled: &(policies.KeyCreateImportAccess.Enabled),
|
Enabled: &(policies.KeyCreateImportAccess.Enabled),
|
||||||
Attributes: &Attributes{},
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
policy.PolicyData.Attributes.CreateRootKey = &policies.KeyCreateImportAccess.CreateRootKey
|
if attr := policies.KeyCreateImportAccess.Attributes; attr != nil {
|
||||||
policy.PolicyData.Attributes.CreateStandardKey = &policies.KeyCreateImportAccess.CreateStandardKey
|
policy.PolicyData.Attributes = &Attributes{
|
||||||
policy.PolicyData.Attributes.ImportRootKey = &policies.KeyCreateImportAccess.ImportRootKey
|
CreateRootKey: attr.CreateRootKey,
|
||||||
policy.PolicyData.Attributes.ImportStandardKey = &policies.KeyCreateImportAccess.ImportStandardKey
|
CreateStandardKey: attr.CreateStandardKey,
|
||||||
policy.PolicyData.Attributes.EnforceToken = &policies.KeyCreateImportAccess.EnforceToken
|
ImportRootKey: attr.ImportRootKey,
|
||||||
|
ImportStandardKey: attr.ImportStandardKey,
|
||||||
|
EnforceToken: attr.EnforceToken,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
resPolicies = append(resPolicies, policy)
|
resPolicies = append(resPolicies, policy)
|
||||||
}
|
}
|
||||||
|
8
vendor/github.com/IBM/keyprotect-go-client/key_rings.go
generated
vendored
8
vendor/github.com/IBM/keyprotect-go-client/key_rings.go
generated
vendored
@ -9,7 +9,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
path = "key_rings"
|
keyRingPath = "key_rings"
|
||||||
)
|
)
|
||||||
|
|
||||||
type KeyRing struct {
|
type KeyRing struct {
|
||||||
@ -28,7 +28,7 @@ type KeyRings struct {
|
|||||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-managing-key-rings#create-key-ring-api
|
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-managing-key-rings#create-key-ring-api
|
||||||
func (c *Client) CreateKeyRing(ctx context.Context, id string) error {
|
func (c *Client) CreateKeyRing(ctx context.Context, id string) error {
|
||||||
|
|
||||||
req, err := c.newRequest("POST", fmt.Sprintf(path+"/%s", id), nil)
|
req, err := c.newRequest("POST", fmt.Sprintf(keyRingPath+"/%s", id), nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -46,7 +46,7 @@ func (c *Client) CreateKeyRing(ctx context.Context, id string) error {
|
|||||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-managing-key-rings#list-key-ring-api
|
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-managing-key-rings#list-key-ring-api
|
||||||
func (c *Client) GetKeyRings(ctx context.Context) (*KeyRings, error) {
|
func (c *Client) GetKeyRings(ctx context.Context) (*KeyRings, error) {
|
||||||
rings := KeyRings{}
|
rings := KeyRings{}
|
||||||
req, err := c.newRequest("GET", path, nil)
|
req, err := c.newRequest("GET", keyRingPath, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -73,7 +73,7 @@ func WithForce(force bool) DeleteKeyRingQueryOption {
|
|||||||
// For information please refer to the link below:
|
// For information please refer to the link below:
|
||||||
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-managing-key-rings#delete-key-ring-api
|
// https://cloud.ibm.com/docs/key-protect?topic=key-protect-managing-key-rings#delete-key-ring-api
|
||||||
func (c *Client) DeleteKeyRing(ctx context.Context, id string, opts ...DeleteKeyRingQueryOption) error {
|
func (c *Client) DeleteKeyRing(ctx context.Context, id string, opts ...DeleteKeyRingQueryOption) error {
|
||||||
req, err := c.newRequest("DELETE", fmt.Sprintf(path+"/%s", id), nil)
|
req, err := c.newRequest("DELETE", fmt.Sprintf(keyRingPath+"/%s", id), nil)
|
||||||
for _, opt := range opts {
|
for _, opt := range opts {
|
||||||
opt(req)
|
opt(req)
|
||||||
}
|
}
|
||||||
|
164
vendor/github.com/IBM/keyprotect-go-client/kmip_mgmt_adapters.go
generated
vendored
Normal file
164
vendor/github.com/IBM/keyprotect-go-client/kmip_mgmt_adapters.go
generated
vendored
Normal file
@ -0,0 +1,164 @@
|
|||||||
|
package kp
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
kmipAdapterPath = "kmip_adapters"
|
||||||
|
kmipAdapterType = "application/vnd.ibm.kms.kmip_adapter+json"
|
||||||
|
)
|
||||||
|
|
||||||
|
type KMIPAdapter struct {
|
||||||
|
ID string `json:"id,omitempty"`
|
||||||
|
Profile string `json:"profile,omitempty"`
|
||||||
|
ProfileData map[string]string `json:"profile_data,omitempty"`
|
||||||
|
Name string `json:"name,omitempty"`
|
||||||
|
Description string `json:"description"`
|
||||||
|
CreatedBy string `json:"created_by,omitempty"`
|
||||||
|
CreatedAt *time.Time `json:"created_at,omitempty"`
|
||||||
|
UpdatedBy string `json:"updated_by,omitempty"`
|
||||||
|
UpdatedAt *time.Time `json:"updated_at,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type KMIPAdapters struct {
|
||||||
|
Metadata CollectionMetadata `json:"metadata"`
|
||||||
|
Adapters []KMIPAdapter `json:"resources"`
|
||||||
|
}
|
||||||
|
|
||||||
|
const (
|
||||||
|
KMIP_Profile_Native = "native_1.0"
|
||||||
|
)
|
||||||
|
|
||||||
|
// CreateKMIPAdapter method creates a KMIP Adapter with the specified profile.
|
||||||
|
func (c *Client) CreateKMIPAdapter(ctx context.Context, profileOpt CreateKMIPAdapterProfile, options ...CreateKMIPAdapterOption) (*KMIPAdapter, error) {
|
||||||
|
newAdapter := &KMIPAdapter{}
|
||||||
|
profileOpt(newAdapter)
|
||||||
|
for _, opt := range options {
|
||||||
|
opt(newAdapter)
|
||||||
|
}
|
||||||
|
req, err := c.newRequest("POST", kmipAdapterPath, wrapKMIPAdapter(*newAdapter))
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
create_resp := &KMIPAdapters{}
|
||||||
|
_, err = c.do(ctx, req, create_resp)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return unwrapKMIPAdapterResp(create_resp), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Functions to be passed into the CreateKMIPAdapter() method to specify specific fields.
|
||||||
|
type CreateKMIPAdapterOption func(*KMIPAdapter)
|
||||||
|
type CreateKMIPAdapterProfile func(*KMIPAdapter)
|
||||||
|
|
||||||
|
func WithKMIPAdapterName(name string) CreateKMIPAdapterOption {
|
||||||
|
return func(adapter *KMIPAdapter) {
|
||||||
|
adapter.Name = name
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func WithKMIPAdapterDescription(description string) CreateKMIPAdapterOption {
|
||||||
|
return func(adapter *KMIPAdapter) {
|
||||||
|
adapter.Description = description
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func WithNativeProfile(crkID string) CreateKMIPAdapterProfile {
|
||||||
|
return func(adapter *KMIPAdapter) {
|
||||||
|
adapter.Profile = KMIP_Profile_Native
|
||||||
|
|
||||||
|
adapter.ProfileData = map[string]string{
|
||||||
|
"crk_id": crkID,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
type ListKmipAdaptersOptions struct {
|
||||||
|
Limit *uint32
|
||||||
|
Offset *uint32
|
||||||
|
TotalCount *bool
|
||||||
|
CrkID *string
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetKMIPAdapters method lists KMIP Adapters associated with a specific KP instance.
|
||||||
|
func (c *Client) GetKMIPAdapters(ctx context.Context, listOpts *ListKmipAdaptersOptions) (*KMIPAdapters, error) {
|
||||||
|
adapters := KMIPAdapters{}
|
||||||
|
req, err := c.newRequest("GET", kmipAdapterPath, nil)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if listOpts != nil {
|
||||||
|
values := req.URL.Query()
|
||||||
|
if listOpts.Limit != nil {
|
||||||
|
values.Set("limit", fmt.Sprint(*listOpts.Limit))
|
||||||
|
}
|
||||||
|
if listOpts.Offset != nil {
|
||||||
|
values.Set("offset", fmt.Sprint(*listOpts.Offset))
|
||||||
|
}
|
||||||
|
if listOpts.TotalCount != nil {
|
||||||
|
values.Set("totalCount", fmt.Sprint(*listOpts.TotalCount))
|
||||||
|
}
|
||||||
|
if listOpts.CrkID != nil {
|
||||||
|
values.Set("crk_id", *listOpts.CrkID)
|
||||||
|
}
|
||||||
|
req.URL.RawQuery = values.Encode()
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = c.do(ctx, req, &adapters)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return &adapters, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetKMIPAdapter method retrieves a single KMIP Adapter by name or ID.
|
||||||
|
func (c *Client) GetKMIPAdapter(ctx context.Context, nameOrID string) (*KMIPAdapter, error) {
|
||||||
|
adapters := KMIPAdapters{}
|
||||||
|
req, err := c.newRequest("GET", fmt.Sprintf("%s/%s", kmipAdapterPath, nameOrID), nil)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = c.do(ctx, req, &adapters)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return unwrapKMIPAdapterResp(&adapters), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeletesKMIPAdapter method deletes a single KMIP Adapter by name or ID.
|
||||||
|
func (c *Client) DeleteKMIPAdapter(ctx context.Context, nameOrID string) error {
|
||||||
|
req, err := c.newRequest("DELETE", fmt.Sprintf("%s/%s", kmipAdapterPath, nameOrID), nil)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = c.do(ctx, req, nil)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func wrapKMIPAdapter(adapter KMIPAdapter) KMIPAdapters {
|
||||||
|
return KMIPAdapters{
|
||||||
|
Metadata: CollectionMetadata{
|
||||||
|
CollectionType: kmipAdapterType,
|
||||||
|
CollectionTotal: 1,
|
||||||
|
},
|
||||||
|
Adapters: []KMIPAdapter{adapter},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func unwrapKMIPAdapterResp(resp *KMIPAdapters) *KMIPAdapter {
|
||||||
|
return &resp.Adapters[0]
|
||||||
|
}
|
136
vendor/github.com/IBM/keyprotect-go-client/kmip_mgmt_certs.go
generated
vendored
Normal file
136
vendor/github.com/IBM/keyprotect-go-client/kmip_mgmt_certs.go
generated
vendored
Normal file
@ -0,0 +1,136 @@
|
|||||||
|
package kp
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
kmipClientCertSubPath = "certificates"
|
||||||
|
kmipClientCertType = "application/vnd.ibm.kms.kmip_client_certificate+json"
|
||||||
|
)
|
||||||
|
|
||||||
|
type KMIPClientCertificate struct {
|
||||||
|
ID string `json:"id,omitempty"`
|
||||||
|
Name string `json:"name,omitempty"`
|
||||||
|
Certificate string `json:"certificate,omitempty"`
|
||||||
|
CreatedBy string `json:"created_by,omitempty"`
|
||||||
|
CreatedAt *time.Time `json:"created_at,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type KMIPClientCertificates struct {
|
||||||
|
Metadata CollectionMetadata `json:"metadata"`
|
||||||
|
Certificates []KMIPClientCertificate `json:"resources"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateKMIPClientCertificate registers/creates a KMIP PEM format certificate
|
||||||
|
// for use with a specific KMIP adapter.
|
||||||
|
// cert_payload is the string representation of
|
||||||
|
// the certificate to be associated with the KMIP Adapter in PEM format.
|
||||||
|
// It should explicitly have the BEGIN CERTIFICATE and END CERTIFICATE tags.
|
||||||
|
// Regex: ^\s*-----BEGIN CERTIFICATE-----[A-Za-z0-9+\/\=\r\n]+-----END CERTIFICATE-----\s*$
|
||||||
|
func (c *Client) CreateKMIPClientCertificate(ctx context.Context, adapter_nameOrID, cert_payload string, opts ...CreateKMIPClientCertOption) (*KMIPClientCertificate, error) {
|
||||||
|
newCert := &KMIPClientCertificate{
|
||||||
|
Certificate: cert_payload,
|
||||||
|
}
|
||||||
|
for _, opt := range opts {
|
||||||
|
opt(newCert)
|
||||||
|
}
|
||||||
|
req, err := c.newRequest("POST", fmt.Sprintf("%s/%s/%s", kmipAdapterPath, adapter_nameOrID, kmipClientCertSubPath), wrapKMIPClientCert(*newCert))
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
certResp := &KMIPClientCertificates{}
|
||||||
|
_, err = c.do(ctx, req, certResp)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return unwrapKMIPClientCert(certResp), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type CreateKMIPClientCertOption func(*KMIPClientCertificate)
|
||||||
|
|
||||||
|
func WithKMIPClientCertName(name string) CreateKMIPClientCertOption {
|
||||||
|
return func(cert *KMIPClientCertificate) {
|
||||||
|
cert.Name = name
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetKMIPClientCertificates lists all certificates associated with a KMIP adapter
|
||||||
|
func (c *Client) GetKMIPClientCertificates(ctx context.Context, adapter_nameOrID string, listOpts *ListOptions) (*KMIPClientCertificates, error) {
|
||||||
|
certs := KMIPClientCertificates{}
|
||||||
|
req, err := c.newRequest("GET", fmt.Sprintf("%s/%s/%s", kmipAdapterPath, adapter_nameOrID, kmipClientCertSubPath), nil)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if listOpts != nil {
|
||||||
|
values := req.URL.Query()
|
||||||
|
if listOpts.Limit != nil {
|
||||||
|
values.Set("limit", fmt.Sprint(*listOpts.Limit))
|
||||||
|
}
|
||||||
|
if listOpts.Offset != nil {
|
||||||
|
values.Set("offset", fmt.Sprint(*listOpts.Offset))
|
||||||
|
}
|
||||||
|
if listOpts.TotalCount != nil {
|
||||||
|
values.Set("totalCount", fmt.Sprint(*listOpts.TotalCount))
|
||||||
|
}
|
||||||
|
req.URL.RawQuery = values.Encode()
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = c.do(ctx, req, &certs)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return &certs, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetKMIPClientCertificate gets a single certificate associated with a KMIP adapter
|
||||||
|
func (c *Client) GetKMIPClientCertificate(ctx context.Context, adapter_nameOrID, cert_nameOrID string) (*KMIPClientCertificate, error) {
|
||||||
|
certs := &KMIPClientCertificates{}
|
||||||
|
req, err := c.newRequest("GET", fmt.Sprintf("%s/%s/%s/%s",
|
||||||
|
kmipAdapterPath, adapter_nameOrID, kmipClientCertSubPath, cert_nameOrID), nil)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = c.do(ctx, req, certs)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return unwrapKMIPClientCert(certs), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeleteKMIPClientCertificate deletes a single certificate
|
||||||
|
func (c *Client) DeleteKMIPClientCertificate(ctx context.Context, adapter_nameOrID, cert_nameOrID string) error {
|
||||||
|
req, err := c.newRequest("DELETE", fmt.Sprintf("%s/%s/%s/%s",
|
||||||
|
kmipAdapterPath, adapter_nameOrID, kmipClientCertSubPath, cert_nameOrID), nil)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = c.do(ctx, req, nil)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func wrapKMIPClientCert(cert KMIPClientCertificate) KMIPClientCertificates {
|
||||||
|
return KMIPClientCertificates{
|
||||||
|
Metadata: CollectionMetadata{
|
||||||
|
CollectionType: kmipClientCertType,
|
||||||
|
CollectionTotal: 1,
|
||||||
|
},
|
||||||
|
Certificates: []KMIPClientCertificate{cert},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func unwrapKMIPClientCert(certs *KMIPClientCertificates) *KMIPClientCertificate {
|
||||||
|
return &certs.Certificates[0]
|
||||||
|
}
|
122
vendor/github.com/IBM/keyprotect-go-client/kmip_mgmt_objects.go
generated
vendored
Normal file
122
vendor/github.com/IBM/keyprotect-go-client/kmip_mgmt_objects.go
generated
vendored
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
package kp
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
kmipObjectSubPath = "kmip_objects"
|
||||||
|
kmipObjectType = "application/vnd.ibm.kms.kmip_object+json"
|
||||||
|
)
|
||||||
|
|
||||||
|
type KMIPObject struct {
|
||||||
|
ID string `json:"id,omitempty"`
|
||||||
|
KMIPObjectType int `json:"kmip_object_type,omitempty"`
|
||||||
|
ObjectState int `json:"state,omitempty"`
|
||||||
|
CreatedByCertID string `json:"created_by_kmip_client_cert_id,omitempty"`
|
||||||
|
CreatedBy string `json:"created_by,omitempty"`
|
||||||
|
CreatedAt *time.Time `json:"created_at,omitempty"`
|
||||||
|
UpdatedByCertID string `json:"updated_by_kmip_client_cert_id,omitempty"`
|
||||||
|
UpdatedBy string `json:"updated_by,omitempty"`
|
||||||
|
UpdatedAt *time.Time `json:"updated_at,omitempty"`
|
||||||
|
DestroyedByCertID string `json:"destroyed_by_kmip_client_cert_id,omitempty"`
|
||||||
|
DestroyedBy string `json:"destroyed_by,omitempty"`
|
||||||
|
DestroyedAt *time.Time `json:"destroyed_at,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type KMIPObjects struct {
|
||||||
|
Metadata CollectionMetadata `json:"metadata"`
|
||||||
|
Objects []KMIPObject `json:"resources"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type ListKmipObjectsOptions struct {
|
||||||
|
Limit *uint32
|
||||||
|
Offset *uint32
|
||||||
|
TotalCount *bool
|
||||||
|
ObjectStateFilter *[]int32
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) GetKMIPObjects(ctx context.Context, adapter_id string, listOpts *ListKmipObjectsOptions) (*KMIPObjects, error) {
|
||||||
|
objects := KMIPObjects{}
|
||||||
|
req, err := c.newRequest("GET", fmt.Sprintf("%s/%s/%s", kmipAdapterPath, adapter_id, kmipObjectSubPath), nil)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if listOpts != nil {
|
||||||
|
values := req.URL.Query()
|
||||||
|
if listOpts.Limit != nil {
|
||||||
|
values.Set("limit", fmt.Sprint(*listOpts.Limit))
|
||||||
|
}
|
||||||
|
if listOpts.Offset != nil {
|
||||||
|
values.Set("offset", fmt.Sprint(*listOpts.Offset))
|
||||||
|
}
|
||||||
|
if listOpts.TotalCount != nil {
|
||||||
|
values.Set("totalCount", fmt.Sprint(*listOpts.TotalCount))
|
||||||
|
}
|
||||||
|
if listOpts.ObjectStateFilter != nil {
|
||||||
|
var stateStrs []string
|
||||||
|
for _, i := range *listOpts.ObjectStateFilter {
|
||||||
|
stateStrs = append(stateStrs, strconv.FormatInt(int64(i), 10))
|
||||||
|
}
|
||||||
|
values.Set("state", strings.Join(stateStrs, ","))
|
||||||
|
}
|
||||||
|
req.URL.RawQuery = values.Encode()
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = c.do(ctx, req, &objects)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return &objects, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) GetKMIPObject(ctx context.Context, adapter_id, object_id string) (*KMIPObject, error) {
|
||||||
|
objects := &KMIPObjects{}
|
||||||
|
req, err := c.newRequest("GET", fmt.Sprintf("%s/%s/%s/%s",
|
||||||
|
kmipAdapterPath, adapter_id, kmipObjectSubPath, object_id), nil)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = c.do(ctx, req, objects)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return unwrapKMIPObject(objects), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) DeleteKMIPObject(ctx context.Context, adapter_id, object_id string) error {
|
||||||
|
req, err := c.newRequest("DELETE", fmt.Sprintf("%s/%s/%s/%s",
|
||||||
|
kmipAdapterPath, adapter_id, kmipObjectSubPath, object_id), nil)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = c.do(ctx, req, nil)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func wrapKMIPObject(object KMIPObject) KMIPObjects {
|
||||||
|
return KMIPObjects{
|
||||||
|
Metadata: CollectionMetadata{
|
||||||
|
CollectionType: kmipObjectType,
|
||||||
|
CollectionTotal: 1,
|
||||||
|
},
|
||||||
|
Objects: []KMIPObject{object},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func unwrapKMIPObject(objects *KMIPObjects) *KMIPObject {
|
||||||
|
return &objects.Objects[0]
|
||||||
|
}
|
17
vendor/github.com/IBM/keyprotect-go-client/kp.go
generated
vendored
17
vendor/github.com/IBM/keyprotect-go-client/kp.go
generated
vendored
@ -23,7 +23,6 @@ import (
|
|||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
@ -276,7 +275,7 @@ func (c *Client) do(ctx context.Context, req *http.Request, res interface{}) (*h
|
|||||||
}
|
}
|
||||||
defer response.Body.Close()
|
defer response.Body.Close()
|
||||||
|
|
||||||
resBody, err := ioutil.ReadAll(response.Body)
|
resBody, err := io.ReadAll(response.Body)
|
||||||
redact := []string{c.Config.APIKey, req.Header.Get("authorization")}
|
redact := []string{c.Config.APIKey, req.Header.Get("authorization")}
|
||||||
c.Dump(req, response, []byte{}, resBody, c.Logger, redact)
|
c.Dump(req, response, []byte{}, resBody, c.Logger, redact)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -515,3 +514,17 @@ func redact(s string, redactStrings []string) string {
|
|||||||
func noredact(s string, redactStrings []string) string {
|
func noredact(s string, redactStrings []string) string {
|
||||||
return s
|
return s
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Collection Metadata is generic and can be shared between multiple resource types
|
||||||
|
type CollectionMetadata struct {
|
||||||
|
CollectionType string `json:"collectionType"`
|
||||||
|
CollectionTotal int `json:"collectionTotal"`
|
||||||
|
TotalCount int `json:"totalCount,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// ListsOptions struct to add the query parameters for list functions. Extensible.
|
||||||
|
type ListOptions struct {
|
||||||
|
Limit *uint32
|
||||||
|
Offset *uint32
|
||||||
|
TotalCount *bool
|
||||||
|
}
|
||||||
|
18
vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go
generated
vendored
Normal file
18
vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go
generated
vendored
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
package aws
|
||||||
|
|
||||||
|
// AccountIDEndpointMode controls how a resolved AWS account ID is handled for endpoint routing.
|
||||||
|
type AccountIDEndpointMode string
|
||||||
|
|
||||||
|
const (
|
||||||
|
// AccountIDEndpointModeUnset indicates the AWS account ID will not be used for endpoint routing
|
||||||
|
AccountIDEndpointModeUnset AccountIDEndpointMode = ""
|
||||||
|
|
||||||
|
// AccountIDEndpointModePreferred indicates the AWS account ID will be used for endpoint routing if present
|
||||||
|
AccountIDEndpointModePreferred = "preferred"
|
||||||
|
|
||||||
|
// AccountIDEndpointModeRequired indicates an error will be returned if the AWS account ID is not resolved from identity
|
||||||
|
AccountIDEndpointModeRequired = "required"
|
||||||
|
|
||||||
|
// AccountIDEndpointModeDisabled indicates the AWS account ID will be ignored during endpoint routing
|
||||||
|
AccountIDEndpointModeDisabled = "disabled"
|
||||||
|
)
|
3
vendor/github.com/aws/aws-sdk-go-v2/aws/config.go
generated
vendored
3
vendor/github.com/aws/aws-sdk-go-v2/aws/config.go
generated
vendored
@ -162,6 +162,9 @@ type Config struct {
|
|||||||
// This variable is sourced from environment variable AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES or
|
// This variable is sourced from environment variable AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES or
|
||||||
// the shared config profile attribute request_min_compression_size_bytes
|
// the shared config profile attribute request_min_compression_size_bytes
|
||||||
RequestMinCompressSizeBytes int64
|
RequestMinCompressSizeBytes int64
|
||||||
|
|
||||||
|
// Controls how a resolved AWS account ID is handled for endpoint routing.
|
||||||
|
AccountIDEndpointMode AccountIDEndpointMode
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewConfig returns a new Config pointer that can be chained with builder
|
// NewConfig returns a new Config pointer that can be chained with builder
|
||||||
|
3
vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go
generated
vendored
3
vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go
generated
vendored
@ -90,6 +90,9 @@ type Credentials struct {
|
|||||||
// The time the credentials will expire at. Should be ignored if CanExpire
|
// The time the credentials will expire at. Should be ignored if CanExpire
|
||||||
// is false.
|
// is false.
|
||||||
Expires time.Time
|
Expires time.Time
|
||||||
|
|
||||||
|
// The ID of the account for the credentials.
|
||||||
|
AccountID string
|
||||||
}
|
}
|
||||||
|
|
||||||
// Expired returns if the credentials have expired.
|
// Expired returns if the credentials have expired.
|
||||||
|
26
vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go
generated
vendored
26
vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go
generated
vendored
@ -70,6 +70,10 @@ func GetUseFIPSEndpoint(options ...interface{}) (value FIPSEndpointState, found
|
|||||||
// The SDK will automatically resolve these endpoints per API client using an
|
// The SDK will automatically resolve these endpoints per API client using an
|
||||||
// internal endpoint resolvers. If you'd like to provide custom endpoint
|
// internal endpoint resolvers. If you'd like to provide custom endpoint
|
||||||
// resolving behavior you can implement the EndpointResolver interface.
|
// resolving behavior you can implement the EndpointResolver interface.
|
||||||
|
//
|
||||||
|
// Deprecated: This structure was used with the global [EndpointResolver]
|
||||||
|
// interface, which has been deprecated in favor of service-specific endpoint
|
||||||
|
// resolution. See the deprecation docs on that interface for more information.
|
||||||
type Endpoint struct {
|
type Endpoint struct {
|
||||||
// The base URL endpoint the SDK API clients will use to make API calls to.
|
// The base URL endpoint the SDK API clients will use to make API calls to.
|
||||||
// The SDK will suffix URI path and query elements to this endpoint.
|
// The SDK will suffix URI path and query elements to this endpoint.
|
||||||
@ -124,6 +128,8 @@ type Endpoint struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// EndpointSource is the endpoint source type.
|
// EndpointSource is the endpoint source type.
|
||||||
|
//
|
||||||
|
// Deprecated: The global [Endpoint] structure is deprecated.
|
||||||
type EndpointSource int
|
type EndpointSource int
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -161,19 +167,25 @@ func (e *EndpointNotFoundError) Unwrap() error {
|
|||||||
// API clients will fallback to attempting to resolve the endpoint using its
|
// API clients will fallback to attempting to resolve the endpoint using its
|
||||||
// internal default endpoint resolver.
|
// internal default endpoint resolver.
|
||||||
//
|
//
|
||||||
// Deprecated: See EndpointResolverWithOptions
|
// Deprecated: The global endpoint resolution interface is deprecated. The API
|
||||||
|
// for endpoint resolution is now unique to each service and is set via the
|
||||||
|
// EndpointResolverV2 field on service client options. Setting a value for
|
||||||
|
// EndpointResolver on aws.Config or service client options will prevent you
|
||||||
|
// from using any endpoint-related service features released after the
|
||||||
|
// introduction of EndpointResolverV2. You may also encounter broken or
|
||||||
|
// unexpected behavior when using the old global interface with services that
|
||||||
|
// use many endpoint-related customizations such as S3.
|
||||||
type EndpointResolver interface {
|
type EndpointResolver interface {
|
||||||
ResolveEndpoint(service, region string) (Endpoint, error)
|
ResolveEndpoint(service, region string) (Endpoint, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// EndpointResolverFunc wraps a function to satisfy the EndpointResolver interface.
|
// EndpointResolverFunc wraps a function to satisfy the EndpointResolver interface.
|
||||||
//
|
//
|
||||||
// Deprecated: See EndpointResolverWithOptionsFunc
|
// Deprecated: The global endpoint resolution interface is deprecated. See
|
||||||
|
// deprecation docs on [EndpointResolver].
|
||||||
type EndpointResolverFunc func(service, region string) (Endpoint, error)
|
type EndpointResolverFunc func(service, region string) (Endpoint, error)
|
||||||
|
|
||||||
// ResolveEndpoint calls the wrapped function and returns the results.
|
// ResolveEndpoint calls the wrapped function and returns the results.
|
||||||
//
|
|
||||||
// Deprecated: See EndpointResolverWithOptions.ResolveEndpoint
|
|
||||||
func (e EndpointResolverFunc) ResolveEndpoint(service, region string) (Endpoint, error) {
|
func (e EndpointResolverFunc) ResolveEndpoint(service, region string) (Endpoint, error) {
|
||||||
return e(service, region)
|
return e(service, region)
|
||||||
}
|
}
|
||||||
@ -184,11 +196,17 @@ func (e EndpointResolverFunc) ResolveEndpoint(service, region string) (Endpoint,
|
|||||||
// available. If the EndpointResolverWithOptions returns an EndpointNotFoundError error,
|
// available. If the EndpointResolverWithOptions returns an EndpointNotFoundError error,
|
||||||
// API clients will fallback to attempting to resolve the endpoint using its
|
// API clients will fallback to attempting to resolve the endpoint using its
|
||||||
// internal default endpoint resolver.
|
// internal default endpoint resolver.
|
||||||
|
//
|
||||||
|
// Deprecated: The global endpoint resolution interface is deprecated. See
|
||||||
|
// deprecation docs on [EndpointResolver].
|
||||||
type EndpointResolverWithOptions interface {
|
type EndpointResolverWithOptions interface {
|
||||||
ResolveEndpoint(service, region string, options ...interface{}) (Endpoint, error)
|
ResolveEndpoint(service, region string, options ...interface{}) (Endpoint, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// EndpointResolverWithOptionsFunc wraps a function to satisfy the EndpointResolverWithOptions interface.
|
// EndpointResolverWithOptionsFunc wraps a function to satisfy the EndpointResolverWithOptions interface.
|
||||||
|
//
|
||||||
|
// Deprecated: The global endpoint resolution interface is deprecated. See
|
||||||
|
// deprecation docs on [EndpointResolver].
|
||||||
type EndpointResolverWithOptionsFunc func(service, region string, options ...interface{}) (Endpoint, error)
|
type EndpointResolverWithOptionsFunc func(service, region string, options ...interface{}) (Endpoint, error)
|
||||||
|
|
||||||
// ResolveEndpoint calls the wrapped function and returns the results.
|
// ResolveEndpoint calls the wrapped function and returns the results.
|
||||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
|||||||
package aws
|
package aws
|
||||||
|
|
||||||
// goModuleVersion is the tagged release for this module
|
// goModuleVersion is the tagged release for this module
|
||||||
const goModuleVersion = "1.25.2"
|
const goModuleVersion = "1.30.0"
|
||||||
|
5
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics/metrics.go
generated
vendored
5
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics/metrics.go
generated
vendored
@ -112,6 +112,8 @@ type MetricData struct {
|
|||||||
ResolveEndpointStartTime time.Time
|
ResolveEndpointStartTime time.Time
|
||||||
ResolveEndpointEndTime time.Time
|
ResolveEndpointEndTime time.Time
|
||||||
EndpointResolutionDuration time.Duration
|
EndpointResolutionDuration time.Duration
|
||||||
|
GetIdentityStartTime time.Time
|
||||||
|
GetIdentityEndTime time.Time
|
||||||
InThroughput float64
|
InThroughput float64
|
||||||
OutThroughput float64
|
OutThroughput float64
|
||||||
RetryCount int
|
RetryCount int
|
||||||
@ -122,6 +124,7 @@ type MetricData struct {
|
|||||||
OperationName string
|
OperationName string
|
||||||
PartitionID string
|
PartitionID string
|
||||||
Region string
|
Region string
|
||||||
|
UserAgent string
|
||||||
RequestContentLength int64
|
RequestContentLength int64
|
||||||
Stream StreamMetrics
|
Stream StreamMetrics
|
||||||
Attempts []AttemptMetrics
|
Attempts []AttemptMetrics
|
||||||
@ -144,8 +147,6 @@ type AttemptMetrics struct {
|
|||||||
ConnRequestedTime time.Time
|
ConnRequestedTime time.Time
|
||||||
ConnObtainedTime time.Time
|
ConnObtainedTime time.Time
|
||||||
ConcurrencyAcquireDuration time.Duration
|
ConcurrencyAcquireDuration time.Duration
|
||||||
CredentialFetchStartTime time.Time
|
|
||||||
CredentialFetchEndTime time.Time
|
|
||||||
SignStartTime time.Time
|
SignStartTime time.Time
|
||||||
SignEndTime time.Time
|
SignEndTime time.Time
|
||||||
SigningDuration time.Duration
|
SigningDuration time.Duration
|
||||||
|
44
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go
generated
vendored
44
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go
generated
vendored
@ -5,6 +5,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"runtime"
|
"runtime"
|
||||||
|
"sort"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go-v2/aws"
|
"github.com/aws/aws-sdk-go-v2/aws"
|
||||||
@ -30,6 +31,7 @@ const (
|
|||||||
FrameworkMetadata
|
FrameworkMetadata
|
||||||
AdditionalMetadata
|
AdditionalMetadata
|
||||||
ApplicationIdentifier
|
ApplicationIdentifier
|
||||||
|
FeatureMetadata2
|
||||||
)
|
)
|
||||||
|
|
||||||
func (k SDKAgentKeyType) string() string {
|
func (k SDKAgentKeyType) string() string {
|
||||||
@ -50,6 +52,8 @@ func (k SDKAgentKeyType) string() string {
|
|||||||
return "lib"
|
return "lib"
|
||||||
case ApplicationIdentifier:
|
case ApplicationIdentifier:
|
||||||
return "app"
|
return "app"
|
||||||
|
case FeatureMetadata2:
|
||||||
|
return "m"
|
||||||
case AdditionalMetadata:
|
case AdditionalMetadata:
|
||||||
fallthrough
|
fallthrough
|
||||||
default:
|
default:
|
||||||
@ -64,9 +68,29 @@ var validChars = map[rune]bool{
|
|||||||
'-': true, '.': true, '^': true, '_': true, '`': true, '|': true, '~': true,
|
'-': true, '.': true, '^': true, '_': true, '`': true, '|': true, '~': true,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// UserAgentFeature enumerates tracked SDK features.
|
||||||
|
type UserAgentFeature string
|
||||||
|
|
||||||
|
// Enumerates UserAgentFeature.
|
||||||
|
const (
|
||||||
|
UserAgentFeatureResourceModel UserAgentFeature = "A" // n/a (we don't generate separate resource types)
|
||||||
|
UserAgentFeatureWaiter = "B"
|
||||||
|
UserAgentFeaturePaginator = "C"
|
||||||
|
UserAgentFeatureRetryModeLegacy = "D" // n/a (equivalent to standard)
|
||||||
|
UserAgentFeatureRetryModeStandard = "E"
|
||||||
|
UserAgentFeatureRetryModeAdaptive = "F"
|
||||||
|
UserAgentFeatureS3Transfer = "G"
|
||||||
|
UserAgentFeatureS3CryptoV1N = "H" // n/a (crypto client is external)
|
||||||
|
UserAgentFeatureS3CryptoV2 = "I" // n/a
|
||||||
|
UserAgentFeatureS3ExpressBucket = "J"
|
||||||
|
UserAgentFeatureS3AccessGrants = "K" // not yet implemented
|
||||||
|
UserAgentFeatureGZIPRequestCompression = "L"
|
||||||
|
)
|
||||||
|
|
||||||
// RequestUserAgent is a build middleware that set the User-Agent for the request.
|
// RequestUserAgent is a build middleware that set the User-Agent for the request.
|
||||||
type RequestUserAgent struct {
|
type RequestUserAgent struct {
|
||||||
sdkAgent, userAgent *smithyhttp.UserAgentBuilder
|
sdkAgent, userAgent *smithyhttp.UserAgentBuilder
|
||||||
|
features map[UserAgentFeature]struct{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewRequestUserAgent returns a new requestUserAgent which will set the User-Agent and X-Amz-User-Agent for the
|
// NewRequestUserAgent returns a new requestUserAgent which will set the User-Agent and X-Amz-User-Agent for the
|
||||||
@ -87,6 +111,7 @@ func NewRequestUserAgent() *RequestUserAgent {
|
|||||||
r := &RequestUserAgent{
|
r := &RequestUserAgent{
|
||||||
sdkAgent: sdkAgent,
|
sdkAgent: sdkAgent,
|
||||||
userAgent: userAgent,
|
userAgent: userAgent,
|
||||||
|
features: map[UserAgentFeature]struct{}{},
|
||||||
}
|
}
|
||||||
|
|
||||||
addSDKMetadata(r)
|
addSDKMetadata(r)
|
||||||
@ -191,6 +216,12 @@ func (u *RequestUserAgent) AddUserAgentKeyValue(key, value string) {
|
|||||||
u.userAgent.AddKeyValue(strings.Map(rules, key), strings.Map(rules, value))
|
u.userAgent.AddKeyValue(strings.Map(rules, key), strings.Map(rules, value))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// AddUserAgentFeature adds the feature ID to the tracking list to be emitted
|
||||||
|
// in the final User-Agent string.
|
||||||
|
func (u *RequestUserAgent) AddUserAgentFeature(feature UserAgentFeature) {
|
||||||
|
u.features[feature] = struct{}{}
|
||||||
|
}
|
||||||
|
|
||||||
// AddSDKAgentKey adds the component identified by name to the User-Agent string.
|
// AddSDKAgentKey adds the component identified by name to the User-Agent string.
|
||||||
func (u *RequestUserAgent) AddSDKAgentKey(keyType SDKAgentKeyType, key string) {
|
func (u *RequestUserAgent) AddSDKAgentKey(keyType SDKAgentKeyType, key string) {
|
||||||
// TODO: should target sdkAgent
|
// TODO: should target sdkAgent
|
||||||
@ -227,6 +258,9 @@ func (u *RequestUserAgent) HandleBuild(ctx context.Context, in middleware.BuildI
|
|||||||
func (u *RequestUserAgent) addHTTPUserAgent(request *smithyhttp.Request) {
|
func (u *RequestUserAgent) addHTTPUserAgent(request *smithyhttp.Request) {
|
||||||
const userAgent = "User-Agent"
|
const userAgent = "User-Agent"
|
||||||
updateHTTPHeader(request, userAgent, u.userAgent.Build())
|
updateHTTPHeader(request, userAgent, u.userAgent.Build())
|
||||||
|
if len(u.features) > 0 {
|
||||||
|
updateHTTPHeader(request, userAgent, buildFeatureMetrics(u.features))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (u *RequestUserAgent) addHTTPSDKAgent(request *smithyhttp.Request) {
|
func (u *RequestUserAgent) addHTTPSDKAgent(request *smithyhttp.Request) {
|
||||||
@ -259,3 +293,13 @@ func rules(r rune) rune {
|
|||||||
return '-'
|
return '-'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func buildFeatureMetrics(features map[UserAgentFeature]struct{}) string {
|
||||||
|
fs := make([]string, 0, len(features))
|
||||||
|
for f := range features {
|
||||||
|
fs = append(fs, string(f))
|
||||||
|
}
|
||||||
|
|
||||||
|
sort.Strings(fs)
|
||||||
|
return fmt.Sprintf("%s/%s", FeatureMetadata2.string(), strings.Join(fs, ","))
|
||||||
|
}
|
||||||
|
20
vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/none.go
generated
vendored
Normal file
20
vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/none.go
generated
vendored
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
package ratelimit
|
||||||
|
|
||||||
|
import "context"
|
||||||
|
|
||||||
|
// None implements a no-op rate limiter which effectively disables client-side
|
||||||
|
// rate limiting (also known as "retry quotas").
|
||||||
|
//
|
||||||
|
// GetToken does nothing and always returns a nil error. The returned
|
||||||
|
// token-release function does nothing, and always returns a nil error.
|
||||||
|
//
|
||||||
|
// AddTokens does nothing and always returns a nil error.
|
||||||
|
var None = &none{}
|
||||||
|
|
||||||
|
type none struct{}
|
||||||
|
|
||||||
|
func (*none) GetToken(ctx context.Context, cost uint) (func() error, error) {
|
||||||
|
return func() error { return nil }, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (*none) AddTokens(v uint) error { return nil }
|
45
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go
generated
vendored
45
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go
generated
vendored
@ -2,12 +2,15 @@ package retry
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics"
|
||||||
|
internalcontext "github.com/aws/aws-sdk-go-v2/internal/context"
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go-v2/aws"
|
"github.com/aws/aws-sdk-go-v2/aws"
|
||||||
awsmiddle "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
awsmiddle "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
||||||
"github.com/aws/aws-sdk-go-v2/internal/sdk"
|
"github.com/aws/aws-sdk-go-v2/internal/sdk"
|
||||||
@ -39,6 +42,10 @@ type Attempt struct {
|
|||||||
requestCloner RequestCloner
|
requestCloner RequestCloner
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// define the threshold at which we will consider certain kind of errors to be probably
|
||||||
|
// caused by clock skew
|
||||||
|
const skewThreshold = 4 * time.Minute
|
||||||
|
|
||||||
// NewAttemptMiddleware returns a new Attempt retry middleware.
|
// NewAttemptMiddleware returns a new Attempt retry middleware.
|
||||||
func NewAttemptMiddleware(retryer aws.Retryer, requestCloner RequestCloner, optFns ...func(*Attempt)) *Attempt {
|
func NewAttemptMiddleware(retryer aws.Retryer, requestCloner RequestCloner, optFns ...func(*Attempt)) *Attempt {
|
||||||
m := &Attempt{
|
m := &Attempt{
|
||||||
@ -86,6 +93,9 @@ func (r *Attempt) HandleFinalize(ctx context.Context, in smithymiddle.FinalizeIn
|
|||||||
AttemptClockSkew: attemptClockSkew,
|
AttemptClockSkew: attemptClockSkew,
|
||||||
})
|
})
|
||||||
|
|
||||||
|
// Setting clock skew to be used on other context (like signing)
|
||||||
|
ctx = internalcontext.SetAttemptSkewContext(ctx, attemptClockSkew)
|
||||||
|
|
||||||
var attemptResult AttemptResult
|
var attemptResult AttemptResult
|
||||||
out, attemptResult, releaseRetryToken, err = r.handleAttempt(attemptCtx, attemptInput, releaseRetryToken, next)
|
out, attemptResult, releaseRetryToken, err = r.handleAttempt(attemptCtx, attemptInput, releaseRetryToken, next)
|
||||||
attemptClockSkew, _ = awsmiddle.GetAttemptSkew(attemptResult.ResponseMetadata)
|
attemptClockSkew, _ = awsmiddle.GetAttemptSkew(attemptResult.ResponseMetadata)
|
||||||
@ -185,6 +195,8 @@ func (r *Attempt) handleAttempt(
|
|||||||
return out, attemptResult, nopRelease, err
|
return out, attemptResult, nopRelease, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
err = wrapAsClockSkew(ctx, err)
|
||||||
|
|
||||||
//------------------------------
|
//------------------------------
|
||||||
// Is Retryable and Should Retry
|
// Is Retryable and Should Retry
|
||||||
//------------------------------
|
//------------------------------
|
||||||
@ -247,6 +259,37 @@ func (r *Attempt) handleAttempt(
|
|||||||
return out, attemptResult, releaseRetryToken, err
|
return out, attemptResult, releaseRetryToken, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// errors that, if detected when we know there's a clock skew,
|
||||||
|
// can be retried and have a high chance of success
|
||||||
|
var possibleSkewCodes = map[string]struct{}{
|
||||||
|
"InvalidSignatureException": {},
|
||||||
|
"SignatureDoesNotMatch": {},
|
||||||
|
"AuthFailure": {},
|
||||||
|
}
|
||||||
|
|
||||||
|
var definiteSkewCodes = map[string]struct{}{
|
||||||
|
"RequestExpired": {},
|
||||||
|
"RequestInTheFuture": {},
|
||||||
|
"RequestTimeTooSkewed": {},
|
||||||
|
}
|
||||||
|
|
||||||
|
// wrapAsClockSkew checks if this error could be related to a clock skew
|
||||||
|
// error and if so, wrap the error.
|
||||||
|
func wrapAsClockSkew(ctx context.Context, err error) error {
|
||||||
|
var v interface{ ErrorCode() string }
|
||||||
|
if !errors.As(err, &v) {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if _, ok := definiteSkewCodes[v.ErrorCode()]; ok {
|
||||||
|
return &retryableClockSkewError{Err: err}
|
||||||
|
}
|
||||||
|
_, isPossibleSkewCode := possibleSkewCodes[v.ErrorCode()]
|
||||||
|
if skew := internalcontext.GetAttemptSkewContext(ctx); skew > skewThreshold && isPossibleSkewCode {
|
||||||
|
return &retryableClockSkewError{Err: err}
|
||||||
|
}
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
// MetricsHeader attaches SDK request metric header for retries to the transport
|
// MetricsHeader attaches SDK request metric header for retries to the transport
|
||||||
type MetricsHeader struct{}
|
type MetricsHeader struct{}
|
||||||
|
|
||||||
|
21
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
generated
vendored
21
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
generated
vendored
@ -2,6 +2,7 @@ package retry
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
@ -199,3 +200,23 @@ func (r RetryableErrorCode) IsErrorRetryable(err error) aws.Ternary {
|
|||||||
|
|
||||||
return aws.TrueTernary
|
return aws.TrueTernary
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// retryableClockSkewError marks errors that can be caused by clock skew
|
||||||
|
// (difference between server time and client time).
|
||||||
|
// This is returned when there's certain confidence that adjusting the client time
|
||||||
|
// could allow a retry to succeed
|
||||||
|
type retryableClockSkewError struct{ Err error }
|
||||||
|
|
||||||
|
func (e *retryableClockSkewError) Error() string {
|
||||||
|
return fmt.Sprintf("Probable clock skew error: %v", e.Err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Unwrap returns the wrapped error.
|
||||||
|
func (e *retryableClockSkewError) Unwrap() error {
|
||||||
|
return e.Err
|
||||||
|
}
|
||||||
|
|
||||||
|
// RetryableError allows the retryer to retry this request
|
||||||
|
func (e *retryableClockSkewError) RetryableError() bool {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
11
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/standard.go
generated
vendored
11
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/standard.go
generated
vendored
@ -123,6 +123,17 @@ type StandardOptions struct {
|
|||||||
|
|
||||||
// Provides the rate limiting strategy for rate limiting attempt retries
|
// Provides the rate limiting strategy for rate limiting attempt retries
|
||||||
// across all attempts the retryer is being used with.
|
// across all attempts the retryer is being used with.
|
||||||
|
//
|
||||||
|
// A RateLimiter operates as a token bucket with a set capacity, where
|
||||||
|
// attempt failures events consume tokens. A retry attempt that attempts to
|
||||||
|
// consume more tokens than what's available results in operation failure.
|
||||||
|
// The default implementation is parameterized as follows:
|
||||||
|
// - a capacity of 500 (DefaultRetryRateTokens)
|
||||||
|
// - a retry caused by a timeout costs 10 tokens (DefaultRetryCost)
|
||||||
|
// - a retry caused by other errors costs 5 tokens (DefaultRetryTimeoutCost)
|
||||||
|
// - an operation that succeeds on the 1st attempt adds 1 token (DefaultNoRetryIncrement)
|
||||||
|
//
|
||||||
|
// You can disable rate limiting by setting this field to ratelimit.None.
|
||||||
RateLimiter RateLimiter
|
RateLimiter RateLimiter
|
||||||
|
|
||||||
// The cost to deduct from the RateLimiter's token bucket per retry.
|
// The cost to deduct from the RateLimiter's token bucket per retry.
|
||||||
|
1
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go
generated
vendored
@ -38,7 +38,6 @@ var RequiredSignedHeaders = Rules{
|
|||||||
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
|
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
|
||||||
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{},
|
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{},
|
||||||
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{},
|
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{},
|
||||||
"X-Amz-Expected-Bucket-Owner": struct{}{},
|
|
||||||
"X-Amz-Grant-Full-control": struct{}{},
|
"X-Amz-Grant-Full-control": struct{}{},
|
||||||
"X-Amz-Grant-Read": struct{}{},
|
"X-Amz-Grant-Read": struct{}{},
|
||||||
"X-Amz-Grant-Read-Acp": struct{}{},
|
"X-Amz-Grant-Read-Acp": struct{}{},
|
||||||
|
29
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go
generated
vendored
29
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go
generated
vendored
@ -11,7 +11,6 @@ import (
|
|||||||
|
|
||||||
"github.com/aws/aws-sdk-go-v2/aws"
|
"github.com/aws/aws-sdk-go-v2/aws"
|
||||||
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
||||||
"github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics"
|
|
||||||
v4Internal "github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4"
|
v4Internal "github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4"
|
||||||
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
|
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
|
||||||
"github.com/aws/aws-sdk-go-v2/internal/sdk"
|
"github.com/aws/aws-sdk-go-v2/internal/sdk"
|
||||||
@ -301,22 +300,7 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl
|
|||||||
return out, metadata, &SigningError{Err: fmt.Errorf("computed payload hash missing from context")}
|
return out, metadata, &SigningError{Err: fmt.Errorf("computed payload hash missing from context")}
|
||||||
}
|
}
|
||||||
|
|
||||||
mctx := metrics.Context(ctx)
|
|
||||||
|
|
||||||
if mctx != nil {
|
|
||||||
if attempt, err := mctx.Data().LatestAttempt(); err == nil {
|
|
||||||
attempt.CredentialFetchStartTime = sdk.NowTime()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
credentials, err := s.credentialsProvider.Retrieve(ctx)
|
credentials, err := s.credentialsProvider.Retrieve(ctx)
|
||||||
|
|
||||||
if mctx != nil {
|
|
||||||
if attempt, err := mctx.Data().LatestAttempt(); err == nil {
|
|
||||||
attempt.CredentialFetchEndTime = sdk.NowTime()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return out, metadata, &SigningError{Err: fmt.Errorf("failed to retrieve credentials: %w", err)}
|
return out, metadata, &SigningError{Err: fmt.Errorf("failed to retrieve credentials: %w", err)}
|
||||||
}
|
}
|
||||||
@ -337,20 +321,7 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
if mctx != nil {
|
|
||||||
if attempt, err := mctx.Data().LatestAttempt(); err == nil {
|
|
||||||
attempt.SignStartTime = sdk.NowTime()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
err = s.signer.SignHTTP(ctx, credentials, req.Request, payloadHash, signingName, signingRegion, sdk.NowTime(), signerOptions...)
|
err = s.signer.SignHTTP(ctx, credentials, req.Request, payloadHash, signingName, signingRegion, sdk.NowTime(), signerOptions...)
|
||||||
|
|
||||||
if mctx != nil {
|
|
||||||
if attempt, err := mctx.Data().LatestAttempt(); err == nil {
|
|
||||||
attempt.SignEndTime = sdk.NowTime()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return out, metadata, &SigningError{Err: fmt.Errorf("failed to sign http request, %w", err)}
|
return out, metadata, &SigningError{Err: fmt.Errorf("failed to sign http request, %w", err)}
|
||||||
}
|
}
|
||||||
|
61
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go
generated
vendored
61
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go
generated
vendored
@ -1,48 +1,41 @@
|
|||||||
// Package v4 implements signing for AWS V4 signer
|
// Package v4 implements the AWS signature version 4 algorithm (commonly known
|
||||||
|
// as SigV4).
|
||||||
//
|
//
|
||||||
// Provides request signing for request that need to be signed with
|
// For more information about SigV4, see [Signing AWS API requests] in the IAM
|
||||||
// AWS V4 Signatures.
|
// user guide.
|
||||||
//
|
//
|
||||||
// # Standalone Signer
|
// While this implementation CAN work in an external context, it is developed
|
||||||
|
// primarily for SDK use and you may encounter fringe behaviors around header
|
||||||
|
// canonicalization.
|
||||||
//
|
//
|
||||||
// Generally using the signer outside of the SDK should not require any additional
|
// # Pre-escaping a request URI
|
||||||
//
|
//
|
||||||
// The signer does this by taking advantage of the URL.EscapedPath method. If your request URI requires
|
// AWS v4 signature validation requires that the canonical string's URI path
|
||||||
|
// component must be the escaped form of the HTTP request's path.
|
||||||
//
|
//
|
||||||
// additional escaping you many need to use the URL.Opaque to define what the raw URI should be sent
|
// The Go HTTP client will perform escaping automatically on the HTTP request.
|
||||||
// to the service as.
|
// This may cause signature validation errors because the request differs from
|
||||||
|
// the URI path or query from which the signature was generated.
|
||||||
//
|
//
|
||||||
// The signer will first check the URL.Opaque field, and use its value if set.
|
// Because of this, we recommend that you explicitly escape the request when
|
||||||
// The signer does require the URL.Opaque field to be set in the form of:
|
// using this signer outside of the SDK to prevent possible signature mismatch.
|
||||||
|
// This can be done by setting URL.Opaque on the request. The signer will
|
||||||
|
// prefer that value, falling back to the return of URL.EscapedPath if unset.
|
||||||
|
//
|
||||||
|
// When setting URL.Opaque you must do so in the form of:
|
||||||
//
|
//
|
||||||
// "//<hostname>/<path>"
|
// "//<hostname>/<path>"
|
||||||
//
|
//
|
||||||
// // e.g.
|
// // e.g.
|
||||||
// "//example.com/some/path"
|
// "//example.com/some/path"
|
||||||
//
|
//
|
||||||
// The leading "//" and hostname are required or the URL.Opaque escaping will
|
// The leading "//" and hostname are required or the escaping will not work
|
||||||
// not work correctly.
|
// correctly.
|
||||||
//
|
//
|
||||||
// If URL.Opaque is not set the signer will fallback to the URL.EscapedPath()
|
// The TestStandaloneSign unit test provides a complete example of using the
|
||||||
// method and using the returned value.
|
// signer outside of the SDK and pre-escaping the URI path.
|
||||||
//
|
//
|
||||||
// AWS v4 signature validation requires that the canonical string's URI path
|
// [Signing AWS API requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
||||||
// element must be the URI escaped form of the HTTP request's path.
|
|
||||||
// http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
|
|
||||||
//
|
|
||||||
// The Go HTTP client will perform escaping automatically on the request. Some
|
|
||||||
// of these escaping may cause signature validation errors because the HTTP
|
|
||||||
// request differs from the URI path or query that the signature was generated.
|
|
||||||
// https://golang.org/pkg/net/url/#URL.EscapedPath
|
|
||||||
//
|
|
||||||
// Because of this, it is recommended that when using the signer outside of the
|
|
||||||
// SDK that explicitly escaping the request prior to being signed is preferable,
|
|
||||||
// and will help prevent signature validation errors. This can be done by setting
|
|
||||||
// the URL.Opaque or URL.RawPath. The SDK will use URL.Opaque first and then
|
|
||||||
// call URL.EscapedPath() if Opaque is not set.
|
|
||||||
//
|
|
||||||
// Test `TestStandaloneSign` provides a complete example of using the signer
|
|
||||||
// outside of the SDK and pre-escaping the URI path.
|
|
||||||
package v4
|
package v4
|
||||||
|
|
||||||
import (
|
import (
|
||||||
@ -402,6 +395,12 @@ func buildQuery(r v4Internal.Rule, header http.Header) (url.Values, http.Header)
|
|||||||
query := url.Values{}
|
query := url.Values{}
|
||||||
unsignedHeaders := http.Header{}
|
unsignedHeaders := http.Header{}
|
||||||
for k, h := range header {
|
for k, h := range header {
|
||||||
|
// literally just this header has this constraint for some stupid reason,
|
||||||
|
// see #2508
|
||||||
|
if k == "X-Amz-Expected-Bucket-Owner" {
|
||||||
|
k = "x-amz-expected-bucket-owner"
|
||||||
|
}
|
||||||
|
|
||||||
if r.IsValid(k) {
|
if r.IsValid(k) {
|
||||||
query[k] = h
|
query[k] = h
|
||||||
} else {
|
} else {
|
||||||
|
6
vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter.go
generated
vendored
6
vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter.go
generated
vendored
@ -5,6 +5,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
|
v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
|
||||||
|
internalcontext "github.com/aws/aws-sdk-go-v2/internal/context"
|
||||||
"github.com/aws/aws-sdk-go-v2/internal/sdk"
|
"github.com/aws/aws-sdk-go-v2/internal/sdk"
|
||||||
"github.com/aws/smithy-go"
|
"github.com/aws/smithy-go"
|
||||||
"github.com/aws/smithy-go/auth"
|
"github.com/aws/smithy-go/auth"
|
||||||
@ -39,7 +40,10 @@ func (v *V4SignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request
|
|||||||
}
|
}
|
||||||
|
|
||||||
hash := v4.GetPayloadHash(ctx)
|
hash := v4.GetPayloadHash(ctx)
|
||||||
err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, region, sdk.NowTime(), func(o *v4.SignerOptions) {
|
signingTime := sdk.NowTime()
|
||||||
|
skew := internalcontext.GetAttemptSkewContext(ctx)
|
||||||
|
signingTime = signingTime.Add(skew)
|
||||||
|
err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, region, signingTime, func(o *v4.SignerOptions) {
|
||||||
o.DisableURIPathEscaping, _ = smithyhttp.GetDisableDoubleEncoding(&props)
|
o.DisableURIPathEscaping, _ = smithyhttp.GetDisableDoubleEncoding(&props)
|
||||||
|
|
||||||
o.Logger = v.Logger
|
o.Logger = v.Logger
|
||||||
|
40
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
generated
vendored
40
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
generated
vendored
@ -1,3 +1,43 @@
|
|||||||
|
# v1.3.12 (2024-06-19)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.3.11 (2024-06-18)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.3.10 (2024-06-17)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.3.9 (2024-06-07)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.3.8 (2024-06-03)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.3.7 (2024-05-16)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.3.6 (2024-05-15)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.3.5 (2024-03-29)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.3.4 (2024-03-18)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.3.3 (2024-03-07)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
# v1.3.2 (2024-02-23)
|
# v1.3.2 (2024-02-23)
|
||||||
|
|
||||||
* **Dependency Update**: Updated to the latest SDK module versions
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
|||||||
package configsources
|
package configsources
|
||||||
|
|
||||||
// goModuleVersion is the tagged release for this module
|
// goModuleVersion is the tagged release for this module
|
||||||
const goModuleVersion = "1.3.2"
|
const goModuleVersion = "1.3.12"
|
||||||
|
52
vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go
generated
vendored
Normal file
52
vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go
generated
vendored
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
package context
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/aws/smithy-go/middleware"
|
||||||
|
)
|
||||||
|
|
||||||
|
type s3BackendKey struct{}
|
||||||
|
type checksumInputAlgorithmKey struct{}
|
||||||
|
type clockSkew struct{}
|
||||||
|
|
||||||
|
const (
|
||||||
|
// S3BackendS3Express identifies the S3Express backend
|
||||||
|
S3BackendS3Express = "S3Express"
|
||||||
|
)
|
||||||
|
|
||||||
|
// SetS3Backend stores the resolved endpoint backend within the request
|
||||||
|
// context, which is required for a variety of custom S3 behaviors.
|
||||||
|
func SetS3Backend(ctx context.Context, typ string) context.Context {
|
||||||
|
return middleware.WithStackValue(ctx, s3BackendKey{}, typ)
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetS3Backend retrieves the stored endpoint backend within the context.
|
||||||
|
func GetS3Backend(ctx context.Context) string {
|
||||||
|
v, _ := middleware.GetStackValue(ctx, s3BackendKey{}).(string)
|
||||||
|
return v
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetChecksumInputAlgorithm sets the request checksum algorithm on the
|
||||||
|
// context.
|
||||||
|
func SetChecksumInputAlgorithm(ctx context.Context, value string) context.Context {
|
||||||
|
return middleware.WithStackValue(ctx, checksumInputAlgorithmKey{}, value)
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetChecksumInputAlgorithm returns the checksum algorithm from the context.
|
||||||
|
func GetChecksumInputAlgorithm(ctx context.Context) string {
|
||||||
|
v, _ := middleware.GetStackValue(ctx, checksumInputAlgorithmKey{}).(string)
|
||||||
|
return v
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetAttemptSkewContext sets the clock skew value on the context
|
||||||
|
func SetAttemptSkewContext(ctx context.Context, v time.Duration) context.Context {
|
||||||
|
return middleware.WithStackValue(ctx, clockSkew{}, v)
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetAttemptSkewContext gets the clock skew value from the context
|
||||||
|
func GetAttemptSkewContext(ctx context.Context) time.Duration {
|
||||||
|
x, _ := middleware.GetStackValue(ctx, clockSkew{}).(time.Duration)
|
||||||
|
return x
|
||||||
|
}
|
11
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partition.go
generated
vendored
11
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partition.go
generated
vendored
@ -12,11 +12,12 @@ type Partition struct {
|
|||||||
|
|
||||||
// PartitionConfig provides the endpoint metadata for an AWS region or partition.
|
// PartitionConfig provides the endpoint metadata for an AWS region or partition.
|
||||||
type PartitionConfig struct {
|
type PartitionConfig struct {
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
DnsSuffix string `json:"dnsSuffix"`
|
DnsSuffix string `json:"dnsSuffix"`
|
||||||
DualStackDnsSuffix string `json:"dualStackDnsSuffix"`
|
DualStackDnsSuffix string `json:"dualStackDnsSuffix"`
|
||||||
SupportsFIPS bool `json:"supportsFIPS"`
|
SupportsFIPS bool `json:"supportsFIPS"`
|
||||||
SupportsDualStack bool `json:"supportsDualStack"`
|
SupportsDualStack bool `json:"supportsDualStack"`
|
||||||
|
ImplicitGlobalRegion string `json:"implicitGlobalRegion"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type RegionOverrides struct {
|
type RegionOverrides struct {
|
||||||
|
94
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go
generated
vendored
94
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go
generated
vendored
@ -13,11 +13,12 @@ var partitions = []Partition{
|
|||||||
ID: "aws",
|
ID: "aws",
|
||||||
RegionRegex: "^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$",
|
RegionRegex: "^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$",
|
||||||
DefaultConfig: PartitionConfig{
|
DefaultConfig: PartitionConfig{
|
||||||
Name: "aws",
|
Name: "aws",
|
||||||
DnsSuffix: "amazonaws.com",
|
DnsSuffix: "amazonaws.com",
|
||||||
DualStackDnsSuffix: "api.aws",
|
DualStackDnsSuffix: "api.aws",
|
||||||
SupportsFIPS: true,
|
SupportsFIPS: true,
|
||||||
SupportsDualStack: true,
|
SupportsDualStack: true,
|
||||||
|
ImplicitGlobalRegion: "us-east-1",
|
||||||
},
|
},
|
||||||
Regions: map[string]RegionOverrides{
|
Regions: map[string]RegionOverrides{
|
||||||
"af-south-1": {
|
"af-south-1": {
|
||||||
@ -111,6 +112,13 @@ var partitions = []Partition{
|
|||||||
SupportsFIPS: nil,
|
SupportsFIPS: nil,
|
||||||
SupportsDualStack: nil,
|
SupportsDualStack: nil,
|
||||||
},
|
},
|
||||||
|
"ca-west-1": {
|
||||||
|
Name: nil,
|
||||||
|
DnsSuffix: nil,
|
||||||
|
DualStackDnsSuffix: nil,
|
||||||
|
SupportsFIPS: nil,
|
||||||
|
SupportsDualStack: nil,
|
||||||
|
},
|
||||||
"eu-central-1": {
|
"eu-central-1": {
|
||||||
Name: nil,
|
Name: nil,
|
||||||
DnsSuffix: nil,
|
DnsSuffix: nil,
|
||||||
@ -229,11 +237,12 @@ var partitions = []Partition{
|
|||||||
ID: "aws-cn",
|
ID: "aws-cn",
|
||||||
RegionRegex: "^cn\\-\\w+\\-\\d+$",
|
RegionRegex: "^cn\\-\\w+\\-\\d+$",
|
||||||
DefaultConfig: PartitionConfig{
|
DefaultConfig: PartitionConfig{
|
||||||
Name: "aws-cn",
|
Name: "aws-cn",
|
||||||
DnsSuffix: "amazonaws.com.cn",
|
DnsSuffix: "amazonaws.com.cn",
|
||||||
DualStackDnsSuffix: "api.amazonwebservices.com.cn",
|
DualStackDnsSuffix: "api.amazonwebservices.com.cn",
|
||||||
SupportsFIPS: true,
|
SupportsFIPS: true,
|
||||||
SupportsDualStack: true,
|
SupportsDualStack: true,
|
||||||
|
ImplicitGlobalRegion: "cn-northwest-1",
|
||||||
},
|
},
|
||||||
Regions: map[string]RegionOverrides{
|
Regions: map[string]RegionOverrides{
|
||||||
"aws-cn-global": {
|
"aws-cn-global": {
|
||||||
@ -263,11 +272,12 @@ var partitions = []Partition{
|
|||||||
ID: "aws-us-gov",
|
ID: "aws-us-gov",
|
||||||
RegionRegex: "^us\\-gov\\-\\w+\\-\\d+$",
|
RegionRegex: "^us\\-gov\\-\\w+\\-\\d+$",
|
||||||
DefaultConfig: PartitionConfig{
|
DefaultConfig: PartitionConfig{
|
||||||
Name: "aws-us-gov",
|
Name: "aws-us-gov",
|
||||||
DnsSuffix: "amazonaws.com",
|
DnsSuffix: "amazonaws.com",
|
||||||
DualStackDnsSuffix: "api.aws",
|
DualStackDnsSuffix: "api.aws",
|
||||||
SupportsFIPS: true,
|
SupportsFIPS: true,
|
||||||
SupportsDualStack: true,
|
SupportsDualStack: true,
|
||||||
|
ImplicitGlobalRegion: "us-gov-west-1",
|
||||||
},
|
},
|
||||||
Regions: map[string]RegionOverrides{
|
Regions: map[string]RegionOverrides{
|
||||||
"aws-us-gov-global": {
|
"aws-us-gov-global": {
|
||||||
@ -297,11 +307,12 @@ var partitions = []Partition{
|
|||||||
ID: "aws-iso",
|
ID: "aws-iso",
|
||||||
RegionRegex: "^us\\-iso\\-\\w+\\-\\d+$",
|
RegionRegex: "^us\\-iso\\-\\w+\\-\\d+$",
|
||||||
DefaultConfig: PartitionConfig{
|
DefaultConfig: PartitionConfig{
|
||||||
Name: "aws-iso",
|
Name: "aws-iso",
|
||||||
DnsSuffix: "c2s.ic.gov",
|
DnsSuffix: "c2s.ic.gov",
|
||||||
DualStackDnsSuffix: "c2s.ic.gov",
|
DualStackDnsSuffix: "c2s.ic.gov",
|
||||||
SupportsFIPS: true,
|
SupportsFIPS: true,
|
||||||
SupportsDualStack: false,
|
SupportsDualStack: false,
|
||||||
|
ImplicitGlobalRegion: "us-iso-east-1",
|
||||||
},
|
},
|
||||||
Regions: map[string]RegionOverrides{
|
Regions: map[string]RegionOverrides{
|
||||||
"aws-iso-global": {
|
"aws-iso-global": {
|
||||||
@ -331,11 +342,12 @@ var partitions = []Partition{
|
|||||||
ID: "aws-iso-b",
|
ID: "aws-iso-b",
|
||||||
RegionRegex: "^us\\-isob\\-\\w+\\-\\d+$",
|
RegionRegex: "^us\\-isob\\-\\w+\\-\\d+$",
|
||||||
DefaultConfig: PartitionConfig{
|
DefaultConfig: PartitionConfig{
|
||||||
Name: "aws-iso-b",
|
Name: "aws-iso-b",
|
||||||
DnsSuffix: "sc2s.sgov.gov",
|
DnsSuffix: "sc2s.sgov.gov",
|
||||||
DualStackDnsSuffix: "sc2s.sgov.gov",
|
DualStackDnsSuffix: "sc2s.sgov.gov",
|
||||||
SupportsFIPS: true,
|
SupportsFIPS: true,
|
||||||
SupportsDualStack: false,
|
SupportsDualStack: false,
|
||||||
|
ImplicitGlobalRegion: "us-isob-east-1",
|
||||||
},
|
},
|
||||||
Regions: map[string]RegionOverrides{
|
Regions: map[string]RegionOverrides{
|
||||||
"aws-iso-b-global": {
|
"aws-iso-b-global": {
|
||||||
@ -358,23 +370,33 @@ var partitions = []Partition{
|
|||||||
ID: "aws-iso-e",
|
ID: "aws-iso-e",
|
||||||
RegionRegex: "^eu\\-isoe\\-\\w+\\-\\d+$",
|
RegionRegex: "^eu\\-isoe\\-\\w+\\-\\d+$",
|
||||||
DefaultConfig: PartitionConfig{
|
DefaultConfig: PartitionConfig{
|
||||||
Name: "aws-iso-e",
|
Name: "aws-iso-e",
|
||||||
DnsSuffix: "cloud.adc-e.uk",
|
DnsSuffix: "cloud.adc-e.uk",
|
||||||
DualStackDnsSuffix: "cloud.adc-e.uk",
|
DualStackDnsSuffix: "cloud.adc-e.uk",
|
||||||
SupportsFIPS: true,
|
SupportsFIPS: true,
|
||||||
SupportsDualStack: false,
|
SupportsDualStack: false,
|
||||||
|
ImplicitGlobalRegion: "eu-isoe-west-1",
|
||||||
|
},
|
||||||
|
Regions: map[string]RegionOverrides{
|
||||||
|
"eu-isoe-west-1": {
|
||||||
|
Name: nil,
|
||||||
|
DnsSuffix: nil,
|
||||||
|
DualStackDnsSuffix: nil,
|
||||||
|
SupportsFIPS: nil,
|
||||||
|
SupportsDualStack: nil,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
Regions: map[string]RegionOverrides{},
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
ID: "aws-iso-f",
|
ID: "aws-iso-f",
|
||||||
RegionRegex: "^us\\-isof\\-\\w+\\-\\d+$",
|
RegionRegex: "^us\\-isof\\-\\w+\\-\\d+$",
|
||||||
DefaultConfig: PartitionConfig{
|
DefaultConfig: PartitionConfig{
|
||||||
Name: "aws-iso-f",
|
Name: "aws-iso-f",
|
||||||
DnsSuffix: "csp.hci.ic.gov",
|
DnsSuffix: "csp.hci.ic.gov",
|
||||||
DualStackDnsSuffix: "csp.hci.ic.gov",
|
DualStackDnsSuffix: "csp.hci.ic.gov",
|
||||||
SupportsFIPS: true,
|
SupportsFIPS: true,
|
||||||
SupportsDualStack: false,
|
SupportsDualStack: false,
|
||||||
|
ImplicitGlobalRegion: "us-isof-south-1",
|
||||||
},
|
},
|
||||||
Regions: map[string]RegionOverrides{},
|
Regions: map[string]RegionOverrides{},
|
||||||
},
|
},
|
||||||
|
6
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json
generated
vendored
6
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json
generated
vendored
@ -198,7 +198,11 @@
|
|||||||
"supportsFIPS" : true
|
"supportsFIPS" : true
|
||||||
},
|
},
|
||||||
"regionRegex" : "^eu\\-isoe\\-\\w+\\-\\d+$",
|
"regionRegex" : "^eu\\-isoe\\-\\w+\\-\\d+$",
|
||||||
"regions" : { }
|
"regions" : {
|
||||||
|
"eu-isoe-west-1" : {
|
||||||
|
"description" : "EU ISOE West"
|
||||||
|
}
|
||||||
|
}
|
||||||
}, {
|
}, {
|
||||||
"id" : "aws-iso-f",
|
"id" : "aws-iso-f",
|
||||||
"outputs" : {
|
"outputs" : {
|
||||||
|
41
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
generated
vendored
41
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
generated
vendored
@ -1,3 +1,44 @@
|
|||||||
|
# v2.6.12 (2024-06-19)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v2.6.11 (2024-06-18)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v2.6.10 (2024-06-17)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v2.6.9 (2024-06-07)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v2.6.8 (2024-06-03)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v2.6.7 (2024-05-16)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v2.6.6 (2024-05-15)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v2.6.5 (2024-03-29)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v2.6.4 (2024-03-18)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v2.6.3 (2024-03-07)
|
||||||
|
|
||||||
|
* **Bug Fix**: Remove dependency on go-cmp.
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
# v2.6.2 (2024-02-23)
|
# v2.6.2 (2024-02-23)
|
||||||
|
|
||||||
* **Dependency Update**: Updated to the latest SDK module versions
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
|||||||
package endpoints
|
package endpoints
|
||||||
|
|
||||||
// goModuleVersion is the tagged release for this module
|
// goModuleVersion is the tagged release for this module
|
||||||
const goModuleVersion = "2.6.2"
|
const goModuleVersion = "2.6.12"
|
||||||
|
42
vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go
generated
vendored
Normal file
42
vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go
generated
vendored
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
package middleware
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"sync/atomic"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
internalcontext "github.com/aws/aws-sdk-go-v2/internal/context"
|
||||||
|
"github.com/aws/smithy-go/middleware"
|
||||||
|
)
|
||||||
|
|
||||||
|
// AddTimeOffsetMiddleware sets a value representing clock skew on the request context.
|
||||||
|
// This can be read by other operations (such as signing) to correct the date value they send
|
||||||
|
// on the request
|
||||||
|
type AddTimeOffsetMiddleware struct {
|
||||||
|
Offset *atomic.Int64
|
||||||
|
}
|
||||||
|
|
||||||
|
// ID the identifier for AddTimeOffsetMiddleware
|
||||||
|
func (m *AddTimeOffsetMiddleware) ID() string { return "AddTimeOffsetMiddleware" }
|
||||||
|
|
||||||
|
// HandleBuild sets a value for attemptSkew on the request context if one is set on the client.
|
||||||
|
func (m AddTimeOffsetMiddleware) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
|
||||||
|
out middleware.BuildOutput, metadata middleware.Metadata, err error,
|
||||||
|
) {
|
||||||
|
if m.Offset != nil {
|
||||||
|
offset := time.Duration(m.Offset.Load())
|
||||||
|
ctx = internalcontext.SetAttemptSkewContext(ctx, offset)
|
||||||
|
}
|
||||||
|
return next.HandleBuild(ctx, in)
|
||||||
|
}
|
||||||
|
|
||||||
|
// HandleDeserialize gets the clock skew context from the context, and if set, sets it on the pointer
|
||||||
|
// held by AddTimeOffsetMiddleware
|
||||||
|
func (m *AddTimeOffsetMiddleware) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
|
||||||
|
out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
|
||||||
|
) {
|
||||||
|
if v := internalcontext.GetAttemptSkewContext(ctx); v != 0 {
|
||||||
|
m.Offset.Store(v.Nanoseconds())
|
||||||
|
}
|
||||||
|
return next.HandleDeserialize(ctx, in)
|
||||||
|
}
|
4
vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md
generated
vendored
4
vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md
generated
vendored
@ -1,3 +1,7 @@
|
|||||||
|
# v1.11.2 (2024-03-29)
|
||||||
|
|
||||||
|
* No change notes available for this release.
|
||||||
|
|
||||||
# v1.11.1 (2024-02-21)
|
# v1.11.1 (2024-02-21)
|
||||||
|
|
||||||
* No change notes available for this release.
|
* No change notes available for this release.
|
||||||
|
@ -3,4 +3,4 @@
|
|||||||
package acceptencoding
|
package acceptencoding
|
||||||
|
|
||||||
// goModuleVersion is the tagged release for this module
|
// goModuleVersion is the tagged release for this module
|
||||||
const goModuleVersion = "1.11.1"
|
const goModuleVersion = "1.11.2"
|
||||||
|
49
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
generated
vendored
49
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
generated
vendored
@ -1,3 +1,52 @@
|
|||||||
|
# v1.11.14 (2024-06-19)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.11.13 (2024-06-18)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.11.12 (2024-06-17)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.11.11 (2024-06-07)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.11.10 (2024-06-03)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.11.9 (2024-05-16)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.11.8 (2024-05-15)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.11.7 (2024-03-29)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.11.6 (2024-03-18)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.11.5 (2024-03-07)
|
||||||
|
|
||||||
|
* **Bug Fix**: Remove dependency on go-cmp.
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.11.4 (2024-03-05)
|
||||||
|
|
||||||
|
* **Bug Fix**: Restore typo'd API `AddAsIsInternalPresigingMiddleware` as an alias for backwards compatibility.
|
||||||
|
|
||||||
|
# v1.11.3 (2024-03-04)
|
||||||
|
|
||||||
|
* **Bug Fix**: Correct a typo in internal AddAsIsPresigningMiddleware API.
|
||||||
|
|
||||||
# v1.11.2 (2024-02-23)
|
# v1.11.2 (2024-02-23)
|
||||||
|
|
||||||
* **Dependency Update**: Updated to the latest SDK module versions
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
12
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/context.go
generated
vendored
12
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/context.go
generated
vendored
@ -27,13 +27,21 @@ func GetIsPresigning(ctx context.Context) bool {
|
|||||||
|
|
||||||
type isPresigningKey struct{}
|
type isPresigningKey struct{}
|
||||||
|
|
||||||
// AddAsIsPresigingMiddleware adds a middleware to the head of the stack that
|
// AddAsIsPresigningMiddleware adds a middleware to the head of the stack that
|
||||||
// will update the stack's context to be flagged as being invoked for the
|
// will update the stack's context to be flagged as being invoked for the
|
||||||
// purpose of presigning.
|
// purpose of presigning.
|
||||||
func AddAsIsPresigingMiddleware(stack *middleware.Stack) error {
|
func AddAsIsPresigningMiddleware(stack *middleware.Stack) error {
|
||||||
return stack.Initialize.Add(asIsPresigningMiddleware{}, middleware.Before)
|
return stack.Initialize.Add(asIsPresigningMiddleware{}, middleware.Before)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// AddAsIsPresigingMiddleware is an alias for backwards compatibility.
|
||||||
|
//
|
||||||
|
// Deprecated: This API was released with a typo. Use
|
||||||
|
// [AddAsIsPresigningMiddleware] instead.
|
||||||
|
func AddAsIsPresigingMiddleware(stack *middleware.Stack) error {
|
||||||
|
return AddAsIsPresigningMiddleware(stack)
|
||||||
|
}
|
||||||
|
|
||||||
type asIsPresigningMiddleware struct{}
|
type asIsPresigningMiddleware struct{}
|
||||||
|
|
||||||
func (asIsPresigningMiddleware) ID() string { return "AsIsPresigningMiddleware" }
|
func (asIsPresigningMiddleware) ID() string { return "AsIsPresigningMiddleware" }
|
||||||
|
@ -3,4 +3,4 @@
|
|||||||
package presignedurl
|
package presignedurl
|
||||||
|
|
||||||
// goModuleVersion is the tagged release for this module
|
// goModuleVersion is the tagged release for this module
|
||||||
const goModuleVersion = "1.11.2"
|
const goModuleVersion = "1.11.14"
|
||||||
|
60
vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
generated
vendored
60
vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
generated
vendored
@ -1,3 +1,63 @@
|
|||||||
|
# v1.29.1 (2024-06-19)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.29.0 (2024-06-18)
|
||||||
|
|
||||||
|
* **Feature**: Track usage of various AWS SDK features in user-agent string.
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.28.13 (2024-06-17)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.28.12 (2024-06-07)
|
||||||
|
|
||||||
|
* **Bug Fix**: Add clock skew correction on all service clients
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.28.11 (2024-06-03)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.28.10 (2024-05-23)
|
||||||
|
|
||||||
|
* No change notes available for this release.
|
||||||
|
|
||||||
|
# v1.28.9 (2024-05-16)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.28.8 (2024-05-15)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.28.7 (2024-05-08)
|
||||||
|
|
||||||
|
* **Bug Fix**: GoDoc improvement
|
||||||
|
|
||||||
|
# v1.28.6 (2024-03-29)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.28.5 (2024-03-18)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.28.4 (2024-03-07)
|
||||||
|
|
||||||
|
* **Bug Fix**: Remove dependency on go-cmp.
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.28.3 (2024-03-05)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
|
# v1.28.2 (2024-03-04)
|
||||||
|
|
||||||
|
* **Bug Fix**: Update internal/presigned-url dependency for corrected API name.
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
# v1.28.1 (2024-02-23)
|
# v1.28.1 (2024-02-23)
|
||||||
|
|
||||||
* **Bug Fix**: Move all common, SDK-side middleware stack ops into the service client module to prevent cross-module compatibility issues in the future.
|
* **Bug Fix**: Move all common, SDK-side middleware stack ops into the service client module to prevent cross-module compatibility issues in the future.
|
||||||
|
110
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
generated
vendored
110
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
generated
vendored
@ -15,15 +15,18 @@ import (
|
|||||||
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
|
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
|
||||||
internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
|
internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
|
||||||
internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources"
|
internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources"
|
||||||
|
internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware"
|
||||||
acceptencodingcust "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding"
|
acceptencodingcust "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding"
|
||||||
presignedurlcust "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url"
|
presignedurlcust "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url"
|
||||||
smithy "github.com/aws/smithy-go"
|
smithy "github.com/aws/smithy-go"
|
||||||
|
smithyauth "github.com/aws/smithy-go/auth"
|
||||||
smithydocument "github.com/aws/smithy-go/document"
|
smithydocument "github.com/aws/smithy-go/document"
|
||||||
"github.com/aws/smithy-go/logging"
|
"github.com/aws/smithy-go/logging"
|
||||||
"github.com/aws/smithy-go/middleware"
|
"github.com/aws/smithy-go/middleware"
|
||||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"sync/atomic"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -34,6 +37,9 @@ const ServiceAPIVersion = "2011-06-15"
|
|||||||
// Service.
|
// Service.
|
||||||
type Client struct {
|
type Client struct {
|
||||||
options Options
|
options Options
|
||||||
|
|
||||||
|
// Difference between the time reported by the server and the client
|
||||||
|
timeOffset *atomic.Int64
|
||||||
}
|
}
|
||||||
|
|
||||||
// New returns an initialized Client based on the functional options. Provide
|
// New returns an initialized Client based on the functional options. Provide
|
||||||
@ -72,6 +78,8 @@ func New(options Options, optFns ...func(*Options)) *Client {
|
|||||||
options: options,
|
options: options,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
initializeTimeOffsetResolver(client)
|
||||||
|
|
||||||
return client
|
return client
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -233,15 +241,16 @@ func setResolvedDefaultsMode(o *Options) {
|
|||||||
// NewFromConfig returns a new client from the provided config.
|
// NewFromConfig returns a new client from the provided config.
|
||||||
func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
|
func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
|
||||||
opts := Options{
|
opts := Options{
|
||||||
Region: cfg.Region,
|
Region: cfg.Region,
|
||||||
DefaultsMode: cfg.DefaultsMode,
|
DefaultsMode: cfg.DefaultsMode,
|
||||||
RuntimeEnvironment: cfg.RuntimeEnvironment,
|
RuntimeEnvironment: cfg.RuntimeEnvironment,
|
||||||
HTTPClient: cfg.HTTPClient,
|
HTTPClient: cfg.HTTPClient,
|
||||||
Credentials: cfg.Credentials,
|
Credentials: cfg.Credentials,
|
||||||
APIOptions: cfg.APIOptions,
|
APIOptions: cfg.APIOptions,
|
||||||
Logger: cfg.Logger,
|
Logger: cfg.Logger,
|
||||||
ClientLogMode: cfg.ClientLogMode,
|
ClientLogMode: cfg.ClientLogMode,
|
||||||
AppID: cfg.AppID,
|
AppID: cfg.AppID,
|
||||||
|
AccountIDEndpointMode: cfg.AccountIDEndpointMode,
|
||||||
}
|
}
|
||||||
resolveAWSRetryerProvider(cfg, &opts)
|
resolveAWSRetryerProvider(cfg, &opts)
|
||||||
resolveAWSRetryMaxAttempts(cfg, &opts)
|
resolveAWSRetryMaxAttempts(cfg, &opts)
|
||||||
@ -445,6 +454,30 @@ func addContentSHA256Header(stack *middleware.Stack) error {
|
|||||||
return stack.Finalize.Insert(&v4.ContentSHA256Header{}, (*v4.ComputePayloadSHA256)(nil).ID(), middleware.After)
|
return stack.Finalize.Insert(&v4.ContentSHA256Header{}, (*v4.ComputePayloadSHA256)(nil).ID(), middleware.After)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func addIsWaiterUserAgent(o *Options) {
|
||||||
|
o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
|
||||||
|
ua, err := getOrAddRequestUserAgent(stack)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureWaiter)
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func addIsPaginatorUserAgent(o *Options) {
|
||||||
|
o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
|
||||||
|
ua, err := getOrAddRequestUserAgent(stack)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeaturePaginator)
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func addRetry(stack *middleware.Stack, o Options) error {
|
func addRetry(stack *middleware.Stack, o Options) error {
|
||||||
attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) {
|
attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) {
|
||||||
m.LogAttempts = o.ClientLogMode.IsRetries()
|
m.LogAttempts = o.ClientLogMode.IsRetries()
|
||||||
@ -488,6 +521,63 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string {
|
||||||
|
if mode == aws.AccountIDEndpointModeDisabled {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" {
|
||||||
|
return aws.String(ca.Credentials.AccountID)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error {
|
||||||
|
mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset}
|
||||||
|
if err := stack.Build.Add(&mw, middleware.After); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before)
|
||||||
|
}
|
||||||
|
func initializeTimeOffsetResolver(c *Client) {
|
||||||
|
c.timeOffset = new(atomic.Int64)
|
||||||
|
}
|
||||||
|
|
||||||
|
func checkAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) error {
|
||||||
|
switch mode {
|
||||||
|
case aws.AccountIDEndpointModeUnset:
|
||||||
|
case aws.AccountIDEndpointModePreferred:
|
||||||
|
case aws.AccountIDEndpointModeDisabled:
|
||||||
|
case aws.AccountIDEndpointModeRequired:
|
||||||
|
if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); !ok {
|
||||||
|
return fmt.Errorf("accountID is required but not set")
|
||||||
|
} else if ca.Credentials.AccountID == "" {
|
||||||
|
return fmt.Errorf("accountID is required but not set")
|
||||||
|
}
|
||||||
|
// default check in case invalid mode is configured through request config
|
||||||
|
default:
|
||||||
|
return fmt.Errorf("invalid accountID endpoint mode %s, must be preferred/required/disabled", mode)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func addUserAgentRetryMode(stack *middleware.Stack, options Options) error {
|
||||||
|
ua, err := getOrAddRequestUserAgent(stack)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
switch options.Retryer.(type) {
|
||||||
|
case *retry.Standard:
|
||||||
|
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeStandard)
|
||||||
|
case *retry.AdaptiveMode:
|
||||||
|
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeAdaptive)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func addRecursionDetection(stack *middleware.Stack) error {
|
func addRecursionDetection(stack *middleware.Stack) error {
|
||||||
return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After)
|
return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After)
|
||||||
}
|
}
|
||||||
@ -643,7 +733,7 @@ func (c presignConverter) convertToPresignMiddleware(stack *middleware.Stack, op
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
err = presignedurlcust.AddAsIsPresigingMiddleware(stack)
|
err = presignedurlcust.AddAsIsPresigningMiddleware(stack)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
457
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go
generated
vendored
457
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go
generated
vendored
@ -16,69 +16,99 @@ import (
|
|||||||
// Amazon Web Services resources. These temporary credentials consist of an access
|
// Amazon Web Services resources. These temporary credentials consist of an access
|
||||||
// key ID, a secret access key, and a security token. Typically, you use AssumeRole
|
// key ID, a secret access key, and a security token. Typically, you use AssumeRole
|
||||||
// within your account or for cross-account access. For a comparison of AssumeRole
|
// within your account or for cross-account access. For a comparison of AssumeRole
|
||||||
// with other API operations that produce temporary credentials, see Requesting
|
// with other API operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the
|
||||||
// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
// IAM User Guide.
|
||||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
//
|
||||||
// in the IAM User Guide. Permissions The temporary security credentials created by
|
// # Permissions
|
||||||
// AssumeRole can be used to make API calls to any Amazon Web Services service
|
//
|
||||||
// with the following exception: You cannot call the Amazon Web Services STS
|
// The temporary security credentials created by AssumeRole can be used to make
|
||||||
// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
|
// API calls to any Amazon Web Services service with the following exception: You
|
||||||
// inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
// cannot call the Amazon Web Services STS GetFederationToken or GetSessionToken
|
||||||
// to this operation. You can pass a single JSON policy document to use as an
|
// API operations.
|
||||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
//
|
||||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
// (Optional) You can pass inline or managed [session policies] to this operation. You can pass a
|
||||||
// use for both inline and managed session policies can't exceed 2,048 characters.
|
// single JSON policy document to use as an inline session policy. You can also
|
||||||
// Passing policies to this operation returns new temporary credentials. The
|
// specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
|
||||||
// resulting session's permissions are the intersection of the role's
|
// session policies. The plaintext that you use for both inline and managed session
|
||||||
// identity-based policy and the session policies. You can use the role's temporary
|
// policies can't exceed 2,048 characters. Passing policies to this operation
|
||||||
// credentials in subsequent Amazon Web Services API calls to access resources in
|
// returns new temporary credentials. The resulting session's permissions are the
|
||||||
// the account that owns the role. You cannot use session policies to grant more
|
// intersection of the role's identity-based policy and the session policies. You
|
||||||
// permissions than those allowed by the identity-based policy of the role that is
|
// can use the role's temporary credentials in subsequent Amazon Web Services API
|
||||||
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
// calls to access resources in the account that owns the role. You cannot use
|
||||||
// in the IAM User Guide. When you create a role, you create two policies: a role
|
// session policies to grant more permissions than those allowed by the
|
||||||
// trust policy that specifies who can assume the role, and a permissions policy
|
// identity-based policy of the role that is being assumed. For more information,
|
||||||
// that specifies what can be done with the role. You specify the trusted principal
|
// see [Session Policies]in the IAM User Guide.
|
||||||
// that is allowed to assume the role in the role trust policy. To assume a role
|
//
|
||||||
// from a different account, your Amazon Web Services account must be trusted by
|
// When you create a role, you create two policies: a role trust policy that
|
||||||
// the role. The trust relationship is defined in the role's trust policy when the
|
// specifies who can assume the role, and a permissions policy that specifies what
|
||||||
// role is created. That trust policy states which accounts are allowed to delegate
|
// can be done with the role. You specify the trusted principal that is allowed to
|
||||||
// that access to users in the account. A user who wants to access a role in a
|
// assume the role in the role trust policy.
|
||||||
// different account must also have permissions that are delegated from the account
|
//
|
||||||
// administrator. The administrator must attach a policy that allows the user to
|
// To assume a role from a different account, your Amazon Web Services account
|
||||||
// call AssumeRole for the ARN of the role in the other account. To allow a user
|
// must be trusted by the role. The trust relationship is defined in the role's
|
||||||
// to assume a role in the same account, you can do either of the following:
|
// trust policy when the role is created. That trust policy states which accounts
|
||||||
|
// are allowed to delegate that access to users in the account.
|
||||||
|
//
|
||||||
|
// A user who wants to access a role in a different account must also have
|
||||||
|
// permissions that are delegated from the account administrator. The administrator
|
||||||
|
// must attach a policy that allows the user to call AssumeRole for the ARN of the
|
||||||
|
// role in the other account.
|
||||||
|
//
|
||||||
|
// To allow a user to assume a role in the same account, you can do either of the
|
||||||
|
// following:
|
||||||
|
//
|
||||||
// - Attach a policy to the user that allows the user to call AssumeRole (as long
|
// - Attach a policy to the user that allows the user to call AssumeRole (as long
|
||||||
// as the role's trust policy trusts the account).
|
// as the role's trust policy trusts the account).
|
||||||
|
//
|
||||||
// - Add the user as a principal directly in the role's trust policy.
|
// - Add the user as a principal directly in the role's trust policy.
|
||||||
//
|
//
|
||||||
// You can do either because the role’s trust policy acts as an IAM resource-based
|
// You can do either because the role’s trust policy acts as an IAM resource-based
|
||||||
// policy. When a resource-based policy grants access to a principal in the same
|
// policy. When a resource-based policy grants access to a principal in the same
|
||||||
// account, no additional identity-based policy is required. For more information
|
// account, no additional identity-based policy is required. For more information
|
||||||
// about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
|
// about trust policies and resource-based policies, see [IAM Policies]in the IAM User Guide.
|
||||||
// in the IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your
|
//
|
||||||
// session. These tags are called session tags. For more information about session
|
// # Tags
|
||||||
// tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
//
|
||||||
// in the IAM User Guide. An administrator must grant you the permissions necessary
|
// (Optional) You can pass tag key-value pairs to your session. These tags are
|
||||||
// to pass session tags. The administrator can also create granular permissions to
|
// called session tags. For more information about session tags, see [Passing Session Tags in STS]in the IAM
|
||||||
// allow you to pass only specific session tags. For more information, see
|
// User Guide.
|
||||||
// Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
//
|
||||||
// in the IAM User Guide. You can set the session tags as transitive. Transitive
|
// An administrator must grant you the permissions necessary to pass session tags.
|
||||||
// tags persist during role chaining. For more information, see Chaining Roles
|
// The administrator can also create granular permissions to allow you to pass only
|
||||||
// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
// specific session tags. For more information, see [Tutorial: Using Tags for Attribute-Based Access Control]in the IAM User Guide.
|
||||||
// in the IAM User Guide. Using MFA with AssumeRole (Optional) You can include
|
//
|
||||||
// multi-factor authentication (MFA) information when you call AssumeRole . This is
|
// You can set the session tags as transitive. Transitive tags persist during role
|
||||||
// useful for cross-account scenarios to ensure that the user that assumes the role
|
// chaining. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide.
|
||||||
// has been authenticated with an Amazon Web Services MFA device. In that scenario,
|
//
|
||||||
// the trust policy of the role being assumed includes a condition that tests for
|
// # Using MFA with AssumeRole
|
||||||
// MFA authentication. If the caller does not include valid MFA information, the
|
//
|
||||||
// request to assume the role is denied. The condition in a trust policy that tests
|
// (Optional) You can include multi-factor authentication (MFA) information when
|
||||||
// for MFA authentication might look like the following example. "Condition":
|
// you call AssumeRole . This is useful for cross-account scenarios to ensure that
|
||||||
// {"Bool": {"aws:MultiFactorAuthPresent": true}} For more information, see
|
// the user that assumes the role has been authenticated with an Amazon Web
|
||||||
// Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html)
|
// Services MFA device. In that scenario, the trust policy of the role being
|
||||||
// in the IAM User Guide guide. To use MFA with AssumeRole , you pass values for
|
// assumed includes a condition that tests for MFA authentication. If the caller
|
||||||
// the SerialNumber and TokenCode parameters. The SerialNumber value identifies
|
// does not include valid MFA information, the request to assume the role is
|
||||||
// the user's hardware or virtual MFA device. The TokenCode is the time-based
|
// denied. The condition in a trust policy that tests for MFA authentication might
|
||||||
// one-time password (TOTP) that the MFA device produces.
|
// look like the following example.
|
||||||
|
//
|
||||||
|
// "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}}
|
||||||
|
//
|
||||||
|
// For more information, see [Configuring MFA-Protected API Access] in the IAM User Guide guide.
|
||||||
|
//
|
||||||
|
// To use MFA with AssumeRole , you pass values for the SerialNumber and TokenCode
|
||||||
|
// parameters. The SerialNumber value identifies the user's hardware or virtual
|
||||||
|
// MFA device. The TokenCode is the time-based one-time password (TOTP) that the
|
||||||
|
// MFA device produces.
|
||||||
|
//
|
||||||
|
// [Configuring MFA-Protected API Access]: https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html
|
||||||
|
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
||||||
|
// [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
|
||||||
|
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
||||||
|
// [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
// [IAM Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
|
||||||
|
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
||||||
|
// [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
|
||||||
func (c *Client) AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error) {
|
func (c *Client) AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error) {
|
||||||
if params == nil {
|
if params == nil {
|
||||||
params = &AssumeRoleInput{}
|
params = &AssumeRoleInput{}
|
||||||
@ -101,17 +131,19 @@ type AssumeRoleInput struct {
|
|||||||
// This member is required.
|
// This member is required.
|
||||||
RoleArn *string
|
RoleArn *string
|
||||||
|
|
||||||
// An identifier for the assumed role session. Use the role session name to
|
// An identifier for the assumed role session.
|
||||||
// uniquely identify a session when the same role is assumed by different
|
//
|
||||||
// principals or for different reasons. In cross-account scenarios, the role
|
// Use the role session name to uniquely identify a session when the same role is
|
||||||
// session name is visible to, and can be logged by the account that owns the role.
|
// assumed by different principals or for different reasons. In cross-account
|
||||||
// The role session name is also used in the ARN of the assumed role principal.
|
// scenarios, the role session name is visible to, and can be logged by the account
|
||||||
// This means that subsequent cross-account API requests that use the temporary
|
// that owns the role. The role session name is also used in the ARN of the assumed
|
||||||
// security credentials will expose the role session name to the external account
|
// role principal. This means that subsequent cross-account API requests that use
|
||||||
// in their CloudTrail logs. The regex used to validate this parameter is a string
|
// the temporary security credentials will expose the role session name to the
|
||||||
// of characters consisting of upper- and lower-case alphanumeric characters with
|
// external account in their CloudTrail logs.
|
||||||
// no spaces. You can also include underscores or any of the following characters:
|
//
|
||||||
// =,.@-
|
// The regex used to validate this parameter is a string of characters consisting
|
||||||
|
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||||
|
// include underscores or any of the following characters: =,.@-
|
||||||
//
|
//
|
||||||
// This member is required.
|
// This member is required.
|
||||||
RoleSessionName *string
|
RoleSessionName *string
|
||||||
@ -122,23 +154,27 @@ type AssumeRoleInput struct {
|
|||||||
// hours. If you specify a value higher than this setting or the administrator
|
// hours. If you specify a value higher than this setting or the administrator
|
||||||
// setting (whichever is lower), the operation fails. For example, if you specify a
|
// setting (whichever is lower), the operation fails. For example, if you specify a
|
||||||
// session duration of 12 hours, but your administrator set the maximum session
|
// session duration of 12 hours, but your administrator set the maximum session
|
||||||
// duration to 6 hours, your operation fails. Role chaining limits your Amazon Web
|
// duration to 6 hours, your operation fails.
|
||||||
// Services CLI or Amazon Web Services API role session to a maximum of one hour.
|
//
|
||||||
// When you use the AssumeRole API operation to assume a role, you can specify the
|
// Role chaining limits your Amazon Web Services CLI or Amazon Web Services API
|
||||||
// duration of your role session with the DurationSeconds parameter. You can
|
// role session to a maximum of one hour. When you use the AssumeRole API
|
||||||
// specify a parameter value of up to 43200 seconds (12 hours), depending on the
|
// operation to assume a role, you can specify the duration of your role session
|
||||||
// maximum session duration setting for your role. However, if you assume a role
|
// with the DurationSeconds parameter. You can specify a parameter value of up to
|
||||||
// using role chaining and provide a DurationSeconds parameter value greater than
|
// 43200 seconds (12 hours), depending on the maximum session duration setting for
|
||||||
// one hour, the operation fails. To learn how to view the maximum value for your
|
// your role. However, if you assume a role using role chaining and provide a
|
||||||
// role, see View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
// DurationSeconds parameter value greater than one hour, the operation fails. To
|
||||||
// in the IAM User Guide. By default, the value is set to 3600 seconds. The
|
// learn how to view the maximum value for your role, see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide.
|
||||||
// DurationSeconds parameter is separate from the duration of a console session
|
//
|
||||||
// that you might request using the returned credentials. The request to the
|
// By default, the value is set to 3600 seconds.
|
||||||
// federation endpoint for a console sign-in token takes a SessionDuration
|
//
|
||||||
|
// The DurationSeconds parameter is separate from the duration of a console
|
||||||
|
// session that you might request using the returned credentials. The request to
|
||||||
|
// the federation endpoint for a console sign-in token takes a SessionDuration
|
||||||
// parameter that specifies the maximum length of the console session. For more
|
// parameter that specifies the maximum length of the console session. For more
|
||||||
// information, see Creating a URL that Enables Federated Users to Access the
|
// information, see [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]in the IAM User Guide.
|
||||||
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
|
//
|
||||||
// in the IAM User Guide.
|
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
||||||
|
// [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
|
||||||
DurationSeconds *int32
|
DurationSeconds *int32
|
||||||
|
|
||||||
// A unique identifier that might be required when you assume a role in another
|
// A unique identifier that might be required when you assume a role in another
|
||||||
@ -149,63 +185,79 @@ type AssumeRoleInput struct {
|
|||||||
// the administrator of the trusting account might send an external ID to the
|
// the administrator of the trusting account might send an external ID to the
|
||||||
// administrator of the trusted account. That way, only someone with the ID can
|
// administrator of the trusted account. That way, only someone with the ID can
|
||||||
// assume the role, rather than everyone in the account. For more information about
|
// assume the role, rather than everyone in the account. For more information about
|
||||||
// the external ID, see How to Use an External ID When Granting Access to Your
|
// the external ID, see [How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party]in the IAM User Guide.
|
||||||
// Amazon Web Services Resources to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
|
//
|
||||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
// The regex used to validate this parameter is a string of characters consisting
|
||||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||||
// spaces. You can also include underscores or any of the following characters:
|
// include underscores or any of the following characters: =,.@:/-
|
||||||
// =,.@:/-
|
//
|
||||||
|
// [How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
|
||||||
ExternalId *string
|
ExternalId *string
|
||||||
|
|
||||||
// An IAM policy in JSON format that you want to use as an inline session policy.
|
// An IAM policy in JSON format that you want to use as an inline session policy.
|
||||||
|
//
|
||||||
// This parameter is optional. Passing policies to this operation returns new
|
// This parameter is optional. Passing policies to this operation returns new
|
||||||
// temporary credentials. The resulting session's permissions are the intersection
|
// temporary credentials. The resulting session's permissions are the intersection
|
||||||
// of the role's identity-based policy and the session policies. You can use the
|
// of the role's identity-based policy and the session policies. You can use the
|
||||||
// role's temporary credentials in subsequent Amazon Web Services API calls to
|
// role's temporary credentials in subsequent Amazon Web Services API calls to
|
||||||
// access resources in the account that owns the role. You cannot use session
|
// access resources in the account that owns the role. You cannot use session
|
||||||
// policies to grant more permissions than those allowed by the identity-based
|
// policies to grant more permissions than those allowed by the identity-based
|
||||||
// policy of the role that is being assumed. For more information, see Session
|
// policy of the role that is being assumed. For more information, see [Session Policies]in the IAM
|
||||||
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
// User Guide.
|
||||||
// in the IAM User Guide. The plaintext that you use for both inline and managed
|
//
|
||||||
// session policies can't exceed 2,048 characters. The JSON policy characters can
|
// The plaintext that you use for both inline and managed session policies can't
|
||||||
// be any ASCII character from the space character to the end of the valid
|
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
|
||||||
// character list (\u0020 through \u00FF). It can also include the tab (\u0009),
|
// from the space character to the end of the valid character list (\u0020 through
|
||||||
// linefeed (\u000A), and carriage return (\u000D) characters. An Amazon Web
|
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
|
||||||
// Services conversion compresses the passed inline session policy, managed policy
|
// return (\u000D) characters.
|
||||||
// ARNs, and session tags into a packed binary format that has a separate limit.
|
//
|
||||||
// Your request can fail for this limit even if your plaintext meets the other
|
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||||
// requirements. The PackedPolicySize response element indicates by percentage how
|
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||||
// close the policies and tags for your request are to the upper size limit.
|
// separate limit. Your request can fail for this limit even if your plaintext
|
||||||
|
// meets the other requirements. The PackedPolicySize response element indicates
|
||||||
|
// by percentage how close the policies and tags for your request are to the upper
|
||||||
|
// size limit.
|
||||||
|
//
|
||||||
|
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
Policy *string
|
Policy *string
|
||||||
|
|
||||||
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
|
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
|
||||||
// use as managed session policies. The policies must exist in the same account as
|
// use as managed session policies. The policies must exist in the same account as
|
||||||
// the role. This parameter is optional. You can provide up to 10 managed policy
|
// the role.
|
||||||
// ARNs. However, the plaintext that you use for both inline and managed session
|
//
|
||||||
// policies can't exceed 2,048 characters. For more information about ARNs, see
|
// This parameter is optional. You can provide up to 10 managed policy ARNs.
|
||||||
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
// However, the plaintext that you use for both inline and managed session policies
|
||||||
// in the Amazon Web Services General Reference. An Amazon Web Services conversion
|
// can't exceed 2,048 characters. For more information about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]in the
|
||||||
// compresses the passed inline session policy, managed policy ARNs, and session
|
// Amazon Web Services General Reference.
|
||||||
// tags into a packed binary format that has a separate limit. Your request can
|
//
|
||||||
// fail for this limit even if your plaintext meets the other requirements. The
|
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||||
// PackedPolicySize response element indicates by percentage how close the policies
|
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||||
// and tags for your request are to the upper size limit. Passing policies to this
|
// separate limit. Your request can fail for this limit even if your plaintext
|
||||||
// operation returns new temporary credentials. The resulting session's permissions
|
// meets the other requirements. The PackedPolicySize response element indicates
|
||||||
// are the intersection of the role's identity-based policy and the session
|
// by percentage how close the policies and tags for your request are to the upper
|
||||||
// policies. You can use the role's temporary credentials in subsequent Amazon Web
|
// size limit.
|
||||||
// Services API calls to access resources in the account that owns the role. You
|
//
|
||||||
// cannot use session policies to grant more permissions than those allowed by the
|
// Passing policies to this operation returns new temporary credentials. The
|
||||||
// identity-based policy of the role that is being assumed. For more information,
|
// resulting session's permissions are the intersection of the role's
|
||||||
// see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
// identity-based policy and the session policies. You can use the role's temporary
|
||||||
// in the IAM User Guide.
|
// credentials in subsequent Amazon Web Services API calls to access resources in
|
||||||
|
// the account that owns the role. You cannot use session policies to grant more
|
||||||
|
// permissions than those allowed by the identity-based policy of the role that is
|
||||||
|
// being assumed. For more information, see [Session Policies]in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
// [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
||||||
PolicyArns []types.PolicyDescriptorType
|
PolicyArns []types.PolicyDescriptorType
|
||||||
|
|
||||||
// A list of previously acquired trusted context assertions in the format of a
|
// A list of previously acquired trusted context assertions in the format of a
|
||||||
// JSON array. The trusted context assertion is signed and encrypted by Amazon Web
|
// JSON array. The trusted context assertion is signed and encrypted by Amazon Web
|
||||||
// Services STS. The following is an example of a ProvidedContext value that
|
// Services STS.
|
||||||
// includes a single trusted context assertion and the ARN of the context provider
|
//
|
||||||
// from which the trusted context assertion was generated.
|
// The following is an example of a ProvidedContext value that includes a single
|
||||||
// [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
|
// trusted context assertion and the ARN of the context provider from which the
|
||||||
|
// trusted context assertion was generated.
|
||||||
|
//
|
||||||
|
// [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
|
||||||
ProvidedContexts []types.ProvidedContext
|
ProvidedContexts []types.ProvidedContext
|
||||||
|
|
||||||
// The identification number of the MFA device that is associated with the user
|
// The identification number of the MFA device that is associated with the user
|
||||||
@ -213,79 +265,97 @@ type AssumeRoleInput struct {
|
|||||||
// the role being assumed includes a condition that requires MFA authentication.
|
// the role being assumed includes a condition that requires MFA authentication.
|
||||||
// The value is either the serial number for a hardware device (such as
|
// The value is either the serial number for a hardware device (such as
|
||||||
// GAHT12345678 ) or an Amazon Resource Name (ARN) for a virtual device (such as
|
// GAHT12345678 ) or an Amazon Resource Name (ARN) for a virtual device (such as
|
||||||
// arn:aws:iam::123456789012:mfa/user ). The regex used to validate this parameter
|
// arn:aws:iam::123456789012:mfa/user ).
|
||||||
// is a string of characters consisting of upper- and lower-case alphanumeric
|
//
|
||||||
// characters with no spaces. You can also include underscores or any of the
|
// The regex used to validate this parameter is a string of characters consisting
|
||||||
// following characters: =,.@-
|
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||||
|
// include underscores or any of the following characters: =,.@-
|
||||||
SerialNumber *string
|
SerialNumber *string
|
||||||
|
|
||||||
// The source identity specified by the principal that is calling the AssumeRole
|
// The source identity specified by the principal that is calling the AssumeRole
|
||||||
// operation. You can require users to specify a source identity when they assume a
|
// operation.
|
||||||
// role. You do this by using the sts:SourceIdentity condition key in a role trust
|
//
|
||||||
// policy. You can use source identity information in CloudTrail logs to determine
|
// You can require users to specify a source identity when they assume a role. You
|
||||||
// who took actions with a role. You can use the aws:SourceIdentity condition key
|
// do this by using the sts:SourceIdentity condition key in a role trust policy.
|
||||||
// to further control access to Amazon Web Services resources based on the value of
|
// You can use source identity information in CloudTrail logs to determine who took
|
||||||
// source identity. For more information about using source identity, see Monitor
|
// actions with a role. You can use the aws:SourceIdentity condition key to
|
||||||
// and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
// further control access to Amazon Web Services resources based on the value of
|
||||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
// source identity. For more information about using source identity, see [Monitor and control actions taken with assumed roles]in the
|
||||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
// IAM User Guide.
|
||||||
// spaces. You can also include underscores or any of the following characters:
|
//
|
||||||
// =,.@-. You cannot use a value that begins with the text aws: . This prefix is
|
// The regex used to validate this parameter is a string of characters consisting
|
||||||
// reserved for Amazon Web Services internal use.
|
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||||
|
// include underscores or any of the following characters: =,.@-. You cannot use a
|
||||||
|
// value that begins with the text aws: . This prefix is reserved for Amazon Web
|
||||||
|
// Services internal use.
|
||||||
|
//
|
||||||
|
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
|
||||||
SourceIdentity *string
|
SourceIdentity *string
|
||||||
|
|
||||||
// A list of session tags that you want to pass. Each session tag consists of a
|
// A list of session tags that you want to pass. Each session tag consists of a
|
||||||
// key name and an associated value. For more information about session tags, see
|
// key name and an associated value. For more information about session tags, see [Tagging Amazon Web Services STS Sessions]
|
||||||
// Tagging Amazon Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
|
||||||
// in the IAM User Guide. This parameter is optional. You can pass up to 50 session
|
|
||||||
// tags. The plaintext session tag keys can’t exceed 128 characters, and the values
|
|
||||||
// can’t exceed 256 characters. For these and additional limits, see IAM and STS
|
|
||||||
// Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
|
||||||
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
|
|
||||||
// inline session policy, managed policy ARNs, and session tags into a packed
|
|
||||||
// binary format that has a separate limit. Your request can fail for this limit
|
|
||||||
// even if your plaintext meets the other requirements. The PackedPolicySize
|
|
||||||
// response element indicates by percentage how close the policies and tags for
|
|
||||||
// your request are to the upper size limit. You can pass a session tag with the
|
|
||||||
// same key as a tag that is already attached to the role. When you do, session
|
|
||||||
// tags override a role tag with the same key. Tag key–value pairs are not case
|
|
||||||
// sensitive, but case is preserved. This means that you cannot have separate
|
|
||||||
// Department and department tag keys. Assume that the role has the Department =
|
|
||||||
// Marketing tag and you pass the department = engineering session tag. Department
|
|
||||||
// and department are not saved as separate tags, and the session tag passed in
|
|
||||||
// the request takes precedence over the role tag. Additionally, if you used
|
|
||||||
// temporary credentials to perform this operation, the new session inherits any
|
|
||||||
// transitive session tags from the calling session. If you pass a session tag with
|
|
||||||
// the same key as an inherited tag, the operation fails. To view the inherited
|
|
||||||
// tags for a session, see the CloudTrail logs. For more information, see Viewing
|
|
||||||
// Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs)
|
|
||||||
// in the IAM User Guide.
|
// in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// This parameter is optional. You can pass up to 50 session tags. The plaintext
|
||||||
|
// session tag keys can’t exceed 128 characters, and the values can’t exceed 256
|
||||||
|
// characters. For these and additional limits, see [IAM and STS Character Limits]in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||||
|
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||||
|
// separate limit. Your request can fail for this limit even if your plaintext
|
||||||
|
// meets the other requirements. The PackedPolicySize response element indicates
|
||||||
|
// by percentage how close the policies and tags for your request are to the upper
|
||||||
|
// size limit.
|
||||||
|
//
|
||||||
|
// You can pass a session tag with the same key as a tag that is already attached
|
||||||
|
// to the role. When you do, session tags override a role tag with the same key.
|
||||||
|
//
|
||||||
|
// Tag key–value pairs are not case sensitive, but case is preserved. This means
|
||||||
|
// that you cannot have separate Department and department tag keys. Assume that
|
||||||
|
// the role has the Department = Marketing tag and you pass the department =
|
||||||
|
// engineering session tag. Department and department are not saved as separate
|
||||||
|
// tags, and the session tag passed in the request takes precedence over the role
|
||||||
|
// tag.
|
||||||
|
//
|
||||||
|
// Additionally, if you used temporary credentials to perform this operation, the
|
||||||
|
// new session inherits any transitive session tags from the calling session. If
|
||||||
|
// you pass a session tag with the same key as an inherited tag, the operation
|
||||||
|
// fails. To view the inherited tags for a session, see the CloudTrail logs. For
|
||||||
|
// more information, see [Viewing Session Tags in CloudTrail]in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// [Tagging Amazon Web Services STS Sessions]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
||||||
|
// [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
||||||
|
// [Viewing Session Tags in CloudTrail]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs
|
||||||
Tags []types.Tag
|
Tags []types.Tag
|
||||||
|
|
||||||
// The value provided by the MFA device, if the trust policy of the role being
|
// The value provided by the MFA device, if the trust policy of the role being
|
||||||
// assumed requires MFA. (In other words, if the policy includes a condition that
|
// assumed requires MFA. (In other words, if the policy includes a condition that
|
||||||
// tests for MFA). If the role being assumed requires MFA and if the TokenCode
|
// tests for MFA). If the role being assumed requires MFA and if the TokenCode
|
||||||
// value is missing or expired, the AssumeRole call returns an "access denied"
|
// value is missing or expired, the AssumeRole call returns an "access denied"
|
||||||
// error. The format for this parameter, as described by its regex pattern, is a
|
// error.
|
||||||
// sequence of six numeric digits.
|
//
|
||||||
|
// The format for this parameter, as described by its regex pattern, is a sequence
|
||||||
|
// of six numeric digits.
|
||||||
TokenCode *string
|
TokenCode *string
|
||||||
|
|
||||||
// A list of keys for session tags that you want to set as transitive. If you set
|
// A list of keys for session tags that you want to set as transitive. If you set
|
||||||
// a tag key as transitive, the corresponding key and value passes to subsequent
|
// a tag key as transitive, the corresponding key and value passes to subsequent
|
||||||
// sessions in a role chain. For more information, see Chaining Roles with Session
|
// sessions in a role chain. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide.
|
||||||
// Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
//
|
||||||
// in the IAM User Guide. This parameter is optional. When you set session tags as
|
// This parameter is optional. When you set session tags as transitive, the
|
||||||
// transitive, the session policy and session tags packed binary limit is not
|
// session policy and session tags packed binary limit is not affected.
|
||||||
// affected. If you choose not to specify a transitive tag key, then no tags are
|
//
|
||||||
// passed from this session to any subsequent sessions.
|
// If you choose not to specify a transitive tag key, then no tags are passed from
|
||||||
|
// this session to any subsequent sessions.
|
||||||
|
//
|
||||||
|
// [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
|
||||||
TransitiveTagKeys []string
|
TransitiveTagKeys []string
|
||||||
|
|
||||||
noSmithyDocumentSerde
|
noSmithyDocumentSerde
|
||||||
}
|
}
|
||||||
|
|
||||||
// Contains the response to a successful AssumeRole request, including temporary
|
// Contains the response to a successful AssumeRole request, including temporary Amazon Web
|
||||||
// Amazon Web Services credentials that can be used to make Amazon Web Services
|
// Services credentials that can be used to make Amazon Web Services requests.
|
||||||
// requests.
|
|
||||||
type AssumeRoleOutput struct {
|
type AssumeRoleOutput struct {
|
||||||
|
|
||||||
// The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers
|
// The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers
|
||||||
@ -296,9 +366,10 @@ type AssumeRoleOutput struct {
|
|||||||
AssumedRoleUser *types.AssumedRoleUser
|
AssumedRoleUser *types.AssumedRoleUser
|
||||||
|
|
||||||
// The temporary security credentials, which include an access key ID, a secret
|
// The temporary security credentials, which include an access key ID, a secret
|
||||||
// access key, and a security (or session) token. The size of the security token
|
// access key, and a security (or session) token.
|
||||||
// that STS API operations return is not fixed. We strongly recommend that you make
|
//
|
||||||
// no assumptions about the maximum size.
|
// The size of the security token that STS API operations return is not fixed. We
|
||||||
|
// strongly recommend that you make no assumptions about the maximum size.
|
||||||
Credentials *types.Credentials
|
Credentials *types.Credentials
|
||||||
|
|
||||||
// A percentage value that indicates the packed size of the session policies and
|
// A percentage value that indicates the packed size of the session policies and
|
||||||
@ -308,17 +379,21 @@ type AssumeRoleOutput struct {
|
|||||||
PackedPolicySize *int32
|
PackedPolicySize *int32
|
||||||
|
|
||||||
// The source identity specified by the principal that is calling the AssumeRole
|
// The source identity specified by the principal that is calling the AssumeRole
|
||||||
// operation. You can require users to specify a source identity when they assume a
|
// operation.
|
||||||
// role. You do this by using the sts:SourceIdentity condition key in a role trust
|
//
|
||||||
// policy. You can use source identity information in CloudTrail logs to determine
|
// You can require users to specify a source identity when they assume a role. You
|
||||||
// who took actions with a role. You can use the aws:SourceIdentity condition key
|
// do this by using the sts:SourceIdentity condition key in a role trust policy.
|
||||||
// to further control access to Amazon Web Services resources based on the value of
|
// You can use source identity information in CloudTrail logs to determine who took
|
||||||
// source identity. For more information about using source identity, see Monitor
|
// actions with a role. You can use the aws:SourceIdentity condition key to
|
||||||
// and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
// further control access to Amazon Web Services resources based on the value of
|
||||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
// source identity. For more information about using source identity, see [Monitor and control actions taken with assumed roles]in the
|
||||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
// IAM User Guide.
|
||||||
// spaces. You can also include underscores or any of the following characters:
|
//
|
||||||
// =,.@-
|
// The regex used to validate this parameter is a string of characters consisting
|
||||||
|
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||||
|
// include underscores or any of the following characters: =,.@-
|
||||||
|
//
|
||||||
|
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
|
||||||
SourceIdentity *string
|
SourceIdentity *string
|
||||||
|
|
||||||
// Metadata pertaining to the operation's result.
|
// Metadata pertaining to the operation's result.
|
||||||
@ -382,6 +457,12 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
|
|||||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
if err = addOpAssumeRoleValidationMiddleware(stack); err != nil {
|
if err = addOpAssumeRoleValidationMiddleware(stack); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
373
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go
generated
vendored
373
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go
generated
vendored
@ -16,92 +16,132 @@ import (
|
|||||||
// mechanism for tying an enterprise identity store or directory to role-based
|
// mechanism for tying an enterprise identity store or directory to role-based
|
||||||
// Amazon Web Services access without user-specific credentials or configuration.
|
// Amazon Web Services access without user-specific credentials or configuration.
|
||||||
// For a comparison of AssumeRoleWithSAML with the other API operations that
|
// For a comparison of AssumeRoleWithSAML with the other API operations that
|
||||||
// produce temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
// produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide.
|
||||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
//
|
||||||
// in the IAM User Guide. The temporary security credentials returned by this
|
// The temporary security credentials returned by this operation consist of an
|
||||||
// operation consist of an access key ID, a secret access key, and a security
|
// access key ID, a secret access key, and a security token. Applications can use
|
||||||
// token. Applications can use these temporary security credentials to sign calls
|
// these temporary security credentials to sign calls to Amazon Web Services
|
||||||
// to Amazon Web Services services. Session Duration By default, the temporary
|
// services.
|
||||||
// security credentials created by AssumeRoleWithSAML last for one hour. However,
|
//
|
||||||
// you can use the optional DurationSeconds parameter to specify the duration of
|
// # Session Duration
|
||||||
// your session. Your role session lasts for the duration that you specify, or
|
//
|
||||||
// until the time specified in the SAML authentication response's
|
// By default, the temporary security credentials created by AssumeRoleWithSAML
|
||||||
// SessionNotOnOrAfter value, whichever is shorter. You can provide a
|
// last for one hour. However, you can use the optional DurationSeconds parameter
|
||||||
// DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
|
// to specify the duration of your session. Your role session lasts for the
|
||||||
// duration setting for the role. This setting can have a value from 1 hour to 12
|
// duration that you specify, or until the time specified in the SAML
|
||||||
// hours. To learn how to view the maximum value for your role, see View the
|
// authentication response's SessionNotOnOrAfter value, whichever is shorter. You
|
||||||
// Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
// can provide a DurationSeconds value from 900 seconds (15 minutes) up to the
|
||||||
// in the IAM User Guide. The maximum session duration limit applies when you use
|
// maximum session duration setting for the role. This setting can have a value
|
||||||
// the AssumeRole* API operations or the assume-role* CLI commands. However the
|
// from 1 hour to 12 hours. To learn how to view the maximum value for your role,
|
||||||
// limit does not apply when you use those operations to create a console URL. For
|
// see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide. The maximum session duration limit applies when you
|
||||||
// more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
|
// use the AssumeRole* API operations or the assume-role* CLI commands. However
|
||||||
// in the IAM User Guide. Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
|
// the limit does not apply when you use those operations to create a console URL.
|
||||||
// limits your CLI or Amazon Web Services API role session to a maximum of one
|
// For more information, see [Using IAM Roles]in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// [Role chaining]limits your CLI or Amazon Web Services API role session to a maximum of one
|
||||||
// hour. When you use the AssumeRole API operation to assume a role, you can
|
// hour. When you use the AssumeRole API operation to assume a role, you can
|
||||||
// specify the duration of your role session with the DurationSeconds parameter.
|
// specify the duration of your role session with the DurationSeconds parameter.
|
||||||
// You can specify a parameter value of up to 43200 seconds (12 hours), depending
|
// You can specify a parameter value of up to 43200 seconds (12 hours), depending
|
||||||
// on the maximum session duration setting for your role. However, if you assume a
|
// on the maximum session duration setting for your role. However, if you assume a
|
||||||
// role using role chaining and provide a DurationSeconds parameter value greater
|
// role using role chaining and provide a DurationSeconds parameter value greater
|
||||||
// than one hour, the operation fails. Permissions The temporary security
|
// than one hour, the operation fails.
|
||||||
// credentials created by AssumeRoleWithSAML can be used to make API calls to any
|
//
|
||||||
// Amazon Web Services service with the following exception: you cannot call the
|
// # Permissions
|
||||||
// STS GetFederationToken or GetSessionToken API operations. (Optional) You can
|
//
|
||||||
// pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
// The temporary security credentials created by AssumeRoleWithSAML can be used to
|
||||||
// to this operation. You can pass a single JSON policy document to use as an
|
// make API calls to any Amazon Web Services service with the following exception:
|
||||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
// you cannot call the STS GetFederationToken or GetSessionToken API operations.
|
||||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
//
|
||||||
// use for both inline and managed session policies can't exceed 2,048 characters.
|
// (Optional) You can pass inline or managed [session policies] to this operation. You can pass a
|
||||||
// Passing policies to this operation returns new temporary credentials. The
|
// single JSON policy document to use as an inline session policy. You can also
|
||||||
// resulting session's permissions are the intersection of the role's
|
// specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
|
||||||
// identity-based policy and the session policies. You can use the role's temporary
|
// session policies. The plaintext that you use for both inline and managed session
|
||||||
// credentials in subsequent Amazon Web Services API calls to access resources in
|
// policies can't exceed 2,048 characters. Passing policies to this operation
|
||||||
// the account that owns the role. You cannot use session policies to grant more
|
// returns new temporary credentials. The resulting session's permissions are the
|
||||||
// permissions than those allowed by the identity-based policy of the role that is
|
// intersection of the role's identity-based policy and the session policies. You
|
||||||
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
// can use the role's temporary credentials in subsequent Amazon Web Services API
|
||||||
// in the IAM User Guide. Calling AssumeRoleWithSAML does not require the use of
|
// calls to access resources in the account that owns the role. You cannot use
|
||||||
// Amazon Web Services security credentials. The identity of the caller is
|
// session policies to grant more permissions than those allowed by the
|
||||||
// validated by using keys in the metadata document that is uploaded for the SAML
|
// identity-based policy of the role that is being assumed. For more information,
|
||||||
// provider entity for your identity provider. Calling AssumeRoleWithSAML can
|
// see [Session Policies]in the IAM User Guide.
|
||||||
// result in an entry in your CloudTrail logs. The entry includes the value in the
|
//
|
||||||
// NameID element of the SAML assertion. We recommend that you use a NameIDType
|
// Calling AssumeRoleWithSAML does not require the use of Amazon Web Services
|
||||||
// that is not associated with any personally identifiable information (PII). For
|
// security credentials. The identity of the caller is validated by using keys in
|
||||||
// example, you could instead use the persistent identifier (
|
// the metadata document that is uploaded for the SAML provider entity for your
|
||||||
// urn:oasis:names:tc:SAML:2.0:nameid-format:persistent ). Tags (Optional) You can
|
// identity provider.
|
||||||
// configure your IdP to pass attributes into your SAML assertion as session tags.
|
//
|
||||||
// Each session tag consists of a key name and an associated value. For more
|
// Calling AssumeRoleWithSAML can result in an entry in your CloudTrail logs. The
|
||||||
// information about session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
// entry includes the value in the NameID element of the SAML assertion. We
|
||||||
// in the IAM User Guide. You can pass up to 50 session tags. The plaintext session
|
// recommend that you use a NameIDType that is not associated with any personally
|
||||||
// tag keys can’t exceed 128 characters and the values can’t exceed 256 characters.
|
// identifiable information (PII). For example, you could instead use the
|
||||||
// For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
// persistent identifier ( urn:oasis:names:tc:SAML:2.0:nameid-format:persistent ).
|
||||||
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
|
//
|
||||||
// inline session policy, managed policy ARNs, and session tags into a packed
|
// # Tags
|
||||||
// binary format that has a separate limit. Your request can fail for this limit
|
//
|
||||||
// even if your plaintext meets the other requirements. The PackedPolicySize
|
// (Optional) You can configure your IdP to pass attributes into your SAML
|
||||||
// response element indicates by percentage how close the policies and tags for
|
// assertion as session tags. Each session tag consists of a key name and an
|
||||||
// your request are to the upper size limit. You can pass a session tag with the
|
// associated value. For more information about session tags, see [Passing Session Tags in STS]in the IAM User
|
||||||
// same key as a tag that is attached to the role. When you do, session tags
|
// Guide.
|
||||||
// override the role's tags with the same key. An administrator must grant you the
|
//
|
||||||
// permissions necessary to pass session tags. The administrator can also create
|
// You can pass up to 50 session tags. The plaintext session tag keys can’t exceed
|
||||||
// granular permissions to allow you to pass only specific session tags. For more
|
// 128 characters and the values can’t exceed 256 characters. For these and
|
||||||
// information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
// additional limits, see [IAM and STS Character Limits]in the IAM User Guide.
|
||||||
// in the IAM User Guide. You can set the session tags as transitive. Transitive
|
//
|
||||||
// tags persist during role chaining. For more information, see Chaining Roles
|
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||||
// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||||
// in the IAM User Guide. SAML Configuration Before your application can call
|
// separate limit. Your request can fail for this limit even if your plaintext
|
||||||
// AssumeRoleWithSAML , you must configure your SAML identity provider (IdP) to
|
// meets the other requirements. The PackedPolicySize response element indicates
|
||||||
// issue the claims required by Amazon Web Services. Additionally, you must use
|
// by percentage how close the policies and tags for your request are to the upper
|
||||||
// Identity and Access Management (IAM) to create a SAML provider entity in your
|
// size limit.
|
||||||
// Amazon Web Services account that represents your identity provider. You must
|
//
|
||||||
// also create an IAM role that specifies this SAML provider in its trust policy.
|
// You can pass a session tag with the same key as a tag that is attached to the
|
||||||
|
// role. When you do, session tags override the role's tags with the same key.
|
||||||
|
//
|
||||||
|
// An administrator must grant you the permissions necessary to pass session tags.
|
||||||
|
// The administrator can also create granular permissions to allow you to pass only
|
||||||
|
// specific session tags. For more information, see [Tutorial: Using Tags for Attribute-Based Access Control]in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// You can set the session tags as transitive. Transitive tags persist during role
|
||||||
|
// chaining. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// # SAML Configuration
|
||||||
|
//
|
||||||
|
// Before your application can call AssumeRoleWithSAML , you must configure your
|
||||||
|
// SAML identity provider (IdP) to issue the claims required by Amazon Web
|
||||||
|
// Services. Additionally, you must use Identity and Access Management (IAM) to
|
||||||
|
// create a SAML provider entity in your Amazon Web Services account that
|
||||||
|
// represents your identity provider. You must also create an IAM role that
|
||||||
|
// specifies this SAML provider in its trust policy.
|
||||||
|
//
|
||||||
// For more information, see the following resources:
|
// For more information, see the following resources:
|
||||||
// - About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
|
//
|
||||||
// in the IAM User Guide.
|
// [About SAML 2.0-based Federation]
|
||||||
// - Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
|
// - in the IAM User Guide.
|
||||||
// in the IAM User Guide.
|
//
|
||||||
// - Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
|
// [Creating SAML Identity Providers]
|
||||||
// in the IAM User Guide.
|
// - in the IAM User Guide.
|
||||||
// - Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
|
//
|
||||||
// in the IAM User Guide.
|
// [Configuring a Relying Party and Claims]
|
||||||
|
// - in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// [Creating a Role for SAML 2.0 Federation]
|
||||||
|
// - in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
||||||
|
// [Creating a Role for SAML 2.0 Federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html
|
||||||
|
// [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
||||||
|
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
||||||
|
// [Creating SAML Identity Providers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html
|
||||||
|
// [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
||||||
|
// [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
|
||||||
|
// [Configuring a Relying Party and Claims]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html
|
||||||
|
// [Role chaining]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining
|
||||||
|
// [Using IAM Roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
|
||||||
|
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
||||||
|
// [About SAML 2.0-based Federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
|
||||||
|
// [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
|
||||||
func (c *Client) AssumeRoleWithSAML(ctx context.Context, params *AssumeRoleWithSAMLInput, optFns ...func(*Options)) (*AssumeRoleWithSAMLOutput, error) {
|
func (c *Client) AssumeRoleWithSAML(ctx context.Context, params *AssumeRoleWithSAMLInput, optFns ...func(*Options)) (*AssumeRoleWithSAMLOutput, error) {
|
||||||
if params == nil {
|
if params == nil {
|
||||||
params = &AssumeRoleWithSAMLInput{}
|
params = &AssumeRoleWithSAMLInput{}
|
||||||
@ -130,9 +170,11 @@ type AssumeRoleWithSAMLInput struct {
|
|||||||
// This member is required.
|
// This member is required.
|
||||||
RoleArn *string
|
RoleArn *string
|
||||||
|
|
||||||
// The base64 encoded SAML authentication response provided by the IdP. For more
|
// The base64 encoded SAML authentication response provided by the IdP.
|
||||||
// information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
|
//
|
||||||
// in the IAM User Guide.
|
// For more information, see [Configuring a Relying Party and Adding Claims] in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// [Configuring a Relying Party and Adding Claims]: https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html
|
||||||
//
|
//
|
||||||
// This member is required.
|
// This member is required.
|
||||||
SAMLAssertion *string
|
SAMLAssertion *string
|
||||||
@ -146,92 +188,114 @@ type AssumeRoleWithSAMLInput struct {
|
|||||||
// than this setting, the operation fails. For example, if you specify a session
|
// than this setting, the operation fails. For example, if you specify a session
|
||||||
// duration of 12 hours, but your administrator set the maximum session duration to
|
// duration of 12 hours, but your administrator set the maximum session duration to
|
||||||
// 6 hours, your operation fails. To learn how to view the maximum value for your
|
// 6 hours, your operation fails. To learn how to view the maximum value for your
|
||||||
// role, see View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
// role, see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide.
|
||||||
// in the IAM User Guide. By default, the value is set to 3600 seconds. The
|
//
|
||||||
// DurationSeconds parameter is separate from the duration of a console session
|
// By default, the value is set to 3600 seconds.
|
||||||
// that you might request using the returned credentials. The request to the
|
//
|
||||||
// federation endpoint for a console sign-in token takes a SessionDuration
|
// The DurationSeconds parameter is separate from the duration of a console
|
||||||
|
// session that you might request using the returned credentials. The request to
|
||||||
|
// the federation endpoint for a console sign-in token takes a SessionDuration
|
||||||
// parameter that specifies the maximum length of the console session. For more
|
// parameter that specifies the maximum length of the console session. For more
|
||||||
// information, see Creating a URL that Enables Federated Users to Access the
|
// information, see [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]in the IAM User Guide.
|
||||||
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
|
//
|
||||||
// in the IAM User Guide.
|
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
||||||
|
// [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
|
||||||
DurationSeconds *int32
|
DurationSeconds *int32
|
||||||
|
|
||||||
// An IAM policy in JSON format that you want to use as an inline session policy.
|
// An IAM policy in JSON format that you want to use as an inline session policy.
|
||||||
|
//
|
||||||
// This parameter is optional. Passing policies to this operation returns new
|
// This parameter is optional. Passing policies to this operation returns new
|
||||||
// temporary credentials. The resulting session's permissions are the intersection
|
// temporary credentials. The resulting session's permissions are the intersection
|
||||||
// of the role's identity-based policy and the session policies. You can use the
|
// of the role's identity-based policy and the session policies. You can use the
|
||||||
// role's temporary credentials in subsequent Amazon Web Services API calls to
|
// role's temporary credentials in subsequent Amazon Web Services API calls to
|
||||||
// access resources in the account that owns the role. You cannot use session
|
// access resources in the account that owns the role. You cannot use session
|
||||||
// policies to grant more permissions than those allowed by the identity-based
|
// policies to grant more permissions than those allowed by the identity-based
|
||||||
// policy of the role that is being assumed. For more information, see Session
|
// policy of the role that is being assumed. For more information, see [Session Policies]in the IAM
|
||||||
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
// User Guide.
|
||||||
// in the IAM User Guide. The plaintext that you use for both inline and managed
|
//
|
||||||
// session policies can't exceed 2,048 characters. The JSON policy characters can
|
// The plaintext that you use for both inline and managed session policies can't
|
||||||
// be any ASCII character from the space character to the end of the valid
|
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
|
||||||
// character list (\u0020 through \u00FF). It can also include the tab (\u0009),
|
// from the space character to the end of the valid character list (\u0020 through
|
||||||
// linefeed (\u000A), and carriage return (\u000D) characters. An Amazon Web
|
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
|
||||||
// Services conversion compresses the passed inline session policy, managed policy
|
// return (\u000D) characters.
|
||||||
// ARNs, and session tags into a packed binary format that has a separate limit.
|
//
|
||||||
// Your request can fail for this limit even if your plaintext meets the other
|
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||||
// requirements. The PackedPolicySize response element indicates by percentage how
|
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||||
// close the policies and tags for your request are to the upper size limit.
|
// separate limit. Your request can fail for this limit even if your plaintext
|
||||||
|
// meets the other requirements. The PackedPolicySize response element indicates
|
||||||
|
// by percentage how close the policies and tags for your request are to the upper
|
||||||
|
// size limit.
|
||||||
|
//
|
||||||
|
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
Policy *string
|
Policy *string
|
||||||
|
|
||||||
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
|
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
|
||||||
// use as managed session policies. The policies must exist in the same account as
|
// use as managed session policies. The policies must exist in the same account as
|
||||||
// the role. This parameter is optional. You can provide up to 10 managed policy
|
// the role.
|
||||||
// ARNs. However, the plaintext that you use for both inline and managed session
|
//
|
||||||
// policies can't exceed 2,048 characters. For more information about ARNs, see
|
// This parameter is optional. You can provide up to 10 managed policy ARNs.
|
||||||
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
// However, the plaintext that you use for both inline and managed session policies
|
||||||
// in the Amazon Web Services General Reference. An Amazon Web Services conversion
|
// can't exceed 2,048 characters. For more information about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]in the
|
||||||
// compresses the passed inline session policy, managed policy ARNs, and session
|
// Amazon Web Services General Reference.
|
||||||
// tags into a packed binary format that has a separate limit. Your request can
|
//
|
||||||
// fail for this limit even if your plaintext meets the other requirements. The
|
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||||
// PackedPolicySize response element indicates by percentage how close the policies
|
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||||
// and tags for your request are to the upper size limit. Passing policies to this
|
// separate limit. Your request can fail for this limit even if your plaintext
|
||||||
// operation returns new temporary credentials. The resulting session's permissions
|
// meets the other requirements. The PackedPolicySize response element indicates
|
||||||
// are the intersection of the role's identity-based policy and the session
|
// by percentage how close the policies and tags for your request are to the upper
|
||||||
// policies. You can use the role's temporary credentials in subsequent Amazon Web
|
// size limit.
|
||||||
// Services API calls to access resources in the account that owns the role. You
|
//
|
||||||
// cannot use session policies to grant more permissions than those allowed by the
|
// Passing policies to this operation returns new temporary credentials. The
|
||||||
// identity-based policy of the role that is being assumed. For more information,
|
// resulting session's permissions are the intersection of the role's
|
||||||
// see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
// identity-based policy and the session policies. You can use the role's temporary
|
||||||
// in the IAM User Guide.
|
// credentials in subsequent Amazon Web Services API calls to access resources in
|
||||||
|
// the account that owns the role. You cannot use session policies to grant more
|
||||||
|
// permissions than those allowed by the identity-based policy of the role that is
|
||||||
|
// being assumed. For more information, see [Session Policies]in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
// [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
||||||
PolicyArns []types.PolicyDescriptorType
|
PolicyArns []types.PolicyDescriptorType
|
||||||
|
|
||||||
noSmithyDocumentSerde
|
noSmithyDocumentSerde
|
||||||
}
|
}
|
||||||
|
|
||||||
// Contains the response to a successful AssumeRoleWithSAML request, including
|
// Contains the response to a successful AssumeRoleWithSAML request, including temporary Amazon Web
|
||||||
// temporary Amazon Web Services credentials that can be used to make Amazon Web
|
// Services credentials that can be used to make Amazon Web Services requests.
|
||||||
// Services requests.
|
|
||||||
type AssumeRoleWithSAMLOutput struct {
|
type AssumeRoleWithSAMLOutput struct {
|
||||||
|
|
||||||
// The identifiers for the temporary security credentials that the operation
|
// The identifiers for the temporary security credentials that the operation
|
||||||
// returns.
|
// returns.
|
||||||
AssumedRoleUser *types.AssumedRoleUser
|
AssumedRoleUser *types.AssumedRoleUser
|
||||||
|
|
||||||
// The value of the Recipient attribute of the SubjectConfirmationData element of
|
// The value of the Recipient attribute of the SubjectConfirmationData element of
|
||||||
// the SAML assertion.
|
// the SAML assertion.
|
||||||
Audience *string
|
Audience *string
|
||||||
|
|
||||||
// The temporary security credentials, which include an access key ID, a secret
|
// The temporary security credentials, which include an access key ID, a secret
|
||||||
// access key, and a security (or session) token. The size of the security token
|
// access key, and a security (or session) token.
|
||||||
// that STS API operations return is not fixed. We strongly recommend that you make
|
//
|
||||||
// no assumptions about the maximum size.
|
// The size of the security token that STS API operations return is not fixed. We
|
||||||
|
// strongly recommend that you make no assumptions about the maximum size.
|
||||||
Credentials *types.Credentials
|
Credentials *types.Credentials
|
||||||
|
|
||||||
// The value of the Issuer element of the SAML assertion.
|
// The value of the Issuer element of the SAML assertion.
|
||||||
Issuer *string
|
Issuer *string
|
||||||
|
|
||||||
// A hash value based on the concatenation of the following:
|
// A hash value based on the concatenation of the following:
|
||||||
|
//
|
||||||
// - The Issuer response value.
|
// - The Issuer response value.
|
||||||
|
//
|
||||||
// - The Amazon Web Services account ID.
|
// - The Amazon Web Services account ID.
|
||||||
|
//
|
||||||
// - The friendly name (the last part of the ARN) of the SAML provider in IAM.
|
// - The friendly name (the last part of the ARN) of the SAML provider in IAM.
|
||||||
|
//
|
||||||
// The combination of NameQualifier and Subject can be used to uniquely identify a
|
// The combination of NameQualifier and Subject can be used to uniquely identify a
|
||||||
// user. The following pseudocode shows how the hash value is calculated: BASE64 (
|
// user.
|
||||||
// SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP" ) )
|
//
|
||||||
|
// The following pseudocode shows how the hash value is calculated:
|
||||||
|
//
|
||||||
|
// BASE64 ( SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP" ) )
|
||||||
NameQualifier *string
|
NameQualifier *string
|
||||||
|
|
||||||
// A percentage value that indicates the packed size of the session policies and
|
// A percentage value that indicates the packed size of the session policies and
|
||||||
@ -240,31 +304,36 @@ type AssumeRoleWithSAMLOutput struct {
|
|||||||
// allowed space.
|
// allowed space.
|
||||||
PackedPolicySize *int32
|
PackedPolicySize *int32
|
||||||
|
|
||||||
// The value in the SourceIdentity attribute in the SAML assertion. You can
|
// The value in the SourceIdentity attribute in the SAML assertion.
|
||||||
// require users to set a source identity value when they assume a role. You do
|
//
|
||||||
// this by using the sts:SourceIdentity condition key in a role trust policy. That
|
// You can require users to set a source identity value when they assume a role.
|
||||||
// way, actions that are taken with the role are associated with that user. After
|
// You do this by using the sts:SourceIdentity condition key in a role trust
|
||||||
// the source identity is set, the value cannot be changed. It is present in the
|
// policy. That way, actions that are taken with the role are associated with that
|
||||||
// request for all actions that are taken by the role and persists across chained
|
// user. After the source identity is set, the value cannot be changed. It is
|
||||||
// role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
|
// present in the request for all actions that are taken by the role and persists
|
||||||
// sessions. You can configure your SAML identity provider to use an attribute
|
// across [chained role]sessions. You can configure your SAML identity provider to use an
|
||||||
// associated with your users, like user name or email, as the source identity when
|
// attribute associated with your users, like user name or email, as the source
|
||||||
// calling AssumeRoleWithSAML . You do this by adding an attribute to the SAML
|
// identity when calling AssumeRoleWithSAML . You do this by adding an attribute to
|
||||||
// assertion. For more information about using source identity, see Monitor and
|
// the SAML assertion. For more information about using source identity, see [Monitor and control actions taken with assumed roles]in
|
||||||
// control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
// the IAM User Guide.
|
||||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
//
|
||||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
// The regex used to validate this parameter is a string of characters consisting
|
||||||
// spaces. You can also include underscores or any of the following characters:
|
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||||
// =,.@-
|
// include underscores or any of the following characters: =,.@-
|
||||||
|
//
|
||||||
|
// [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining
|
||||||
|
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
|
||||||
SourceIdentity *string
|
SourceIdentity *string
|
||||||
|
|
||||||
// The value of the NameID element in the Subject element of the SAML assertion.
|
// The value of the NameID element in the Subject element of the SAML assertion.
|
||||||
Subject *string
|
Subject *string
|
||||||
|
|
||||||
// The format of the name ID, as defined by the Format attribute in the NameID
|
// The format of the name ID, as defined by the Format attribute in the NameID
|
||||||
// element of the SAML assertion. Typical examples of the format are transient or
|
// element of the SAML assertion. Typical examples of the format are transient or
|
||||||
// persistent . If the format includes the prefix
|
// persistent .
|
||||||
// urn:oasis:names:tc:SAML:2.0:nameid-format , that prefix is removed. For example,
|
//
|
||||||
|
// If the format includes the prefix urn:oasis:names:tc:SAML:2.0:nameid-format ,
|
||||||
|
// that prefix is removed. For example,
|
||||||
// urn:oasis:names:tc:SAML:2.0:nameid-format:transient is returned as transient .
|
// urn:oasis:names:tc:SAML:2.0:nameid-format:transient is returned as transient .
|
||||||
// If the format includes any other prefix, the format is returned with no
|
// If the format includes any other prefix, the format is returned with no
|
||||||
// modifications.
|
// modifications.
|
||||||
@ -328,6 +397,12 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
|
|||||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
if err = addOpAssumeRoleWithSAMLValidationMiddleware(stack); err != nil {
|
if err = addOpAssumeRoleWithSAMLValidationMiddleware(stack); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
387
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go
generated
vendored
387
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go
generated
vendored
@ -14,105 +14,143 @@ import (
|
|||||||
// Returns a set of temporary security credentials for users who have been
|
// Returns a set of temporary security credentials for users who have been
|
||||||
// authenticated in a mobile or web application with a web identity provider.
|
// authenticated in a mobile or web application with a web identity provider.
|
||||||
// Example providers include the OAuth 2.0 providers Login with Amazon and
|
// Example providers include the OAuth 2.0 providers Login with Amazon and
|
||||||
// Facebook, or any OpenID Connect-compatible identity provider such as Google or
|
// Facebook, or any OpenID Connect-compatible identity provider such as Google or [Amazon Cognito federated identities].
|
||||||
// Amazon Cognito federated identities (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
|
//
|
||||||
// . For mobile applications, we recommend that you use Amazon Cognito. You can use
|
// For mobile applications, we recommend that you use Amazon Cognito. You can use
|
||||||
// Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
|
// Amazon Cognito with the [Amazon Web Services SDK for iOS Developer Guide]and the [Amazon Web Services SDK for Android Developer Guide] to uniquely identify a user. You can also
|
||||||
// and the Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
|
// supply the user with a consistent identity throughout the lifetime of an
|
||||||
// to uniquely identify a user. You can also supply the user with a consistent
|
// application.
|
||||||
// identity throughout the lifetime of an application. To learn more about Amazon
|
//
|
||||||
// Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
|
// To learn more about Amazon Cognito, see [Amazon Cognito identity pools] in Amazon Cognito Developer Guide.
|
||||||
// in Amazon Cognito Developer Guide. Calling AssumeRoleWithWebIdentity does not
|
//
|
||||||
// require the use of Amazon Web Services security credentials. Therefore, you can
|
// Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web
|
||||||
// distribute an application (for example, on mobile devices) that requests
|
// Services security credentials. Therefore, you can distribute an application (for
|
||||||
// temporary security credentials without including long-term Amazon Web Services
|
// example, on mobile devices) that requests temporary security credentials without
|
||||||
// credentials in the application. You also don't need to deploy server-based proxy
|
// including long-term Amazon Web Services credentials in the application. You also
|
||||||
// services that use long-term Amazon Web Services credentials. Instead, the
|
// don't need to deploy server-based proxy services that use long-term Amazon Web
|
||||||
// identity of the caller is validated by using a token from the web identity
|
// Services credentials. Instead, the identity of the caller is validated by using
|
||||||
// provider. For a comparison of AssumeRoleWithWebIdentity with the other API
|
// a token from the web identity provider. For a comparison of
|
||||||
// operations that produce temporary credentials, see Requesting Temporary
|
// AssumeRoleWithWebIdentity with the other API operations that produce temporary
|
||||||
// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
// credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide.
|
||||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
//
|
||||||
// in the IAM User Guide. The temporary security credentials returned by this API
|
// The temporary security credentials returned by this API consist of an access
|
||||||
// consist of an access key ID, a secret access key, and a security token.
|
// key ID, a secret access key, and a security token. Applications can use these
|
||||||
// Applications can use these temporary security credentials to sign calls to
|
// temporary security credentials to sign calls to Amazon Web Services service API
|
||||||
// Amazon Web Services service API operations. Session Duration By default, the
|
// operations.
|
||||||
// temporary security credentials created by AssumeRoleWithWebIdentity last for
|
//
|
||||||
// one hour. However, you can use the optional DurationSeconds parameter to
|
// # Session Duration
|
||||||
// specify the duration of your session. You can provide a value from 900 seconds
|
//
|
||||||
// (15 minutes) up to the maximum session duration setting for the role. This
|
// By default, the temporary security credentials created by
|
||||||
// setting can have a value from 1 hour to 12 hours. To learn how to view the
|
// AssumeRoleWithWebIdentity last for one hour. However, you can use the optional
|
||||||
// maximum value for your role, see View the Maximum Session Duration Setting for
|
// DurationSeconds parameter to specify the duration of your session. You can
|
||||||
// a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
// provide a value from 900 seconds (15 minutes) up to the maximum session duration
|
||||||
// in the IAM User Guide. The maximum session duration limit applies when you use
|
// setting for the role. This setting can have a value from 1 hour to 12 hours. To
|
||||||
// the AssumeRole* API operations or the assume-role* CLI commands. However the
|
// learn how to view the maximum value for your role, see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide.
|
||||||
// limit does not apply when you use those operations to create a console URL. For
|
// The maximum session duration limit applies when you use the AssumeRole* API
|
||||||
// more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
|
// operations or the assume-role* CLI commands. However the limit does not apply
|
||||||
// in the IAM User Guide. Permissions The temporary security credentials created by
|
// when you use those operations to create a console URL. For more information, see
|
||||||
// AssumeRoleWithWebIdentity can be used to make API calls to any Amazon Web
|
// [Using IAM Roles]in the IAM User Guide.
|
||||||
// Services service with the following exception: you cannot call the STS
|
//
|
||||||
// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
|
// # Permissions
|
||||||
// inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
//
|
||||||
// to this operation. You can pass a single JSON policy document to use as an
|
// The temporary security credentials created by AssumeRoleWithWebIdentity can be
|
||||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
// used to make API calls to any Amazon Web Services service with the following
|
||||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
// exception: you cannot call the STS GetFederationToken or GetSessionToken API
|
||||||
// use for both inline and managed session policies can't exceed 2,048 characters.
|
// operations.
|
||||||
// Passing policies to this operation returns new temporary credentials. The
|
//
|
||||||
// resulting session's permissions are the intersection of the role's
|
// (Optional) You can pass inline or managed [session policies] to this operation. You can pass a
|
||||||
// identity-based policy and the session policies. You can use the role's temporary
|
// single JSON policy document to use as an inline session policy. You can also
|
||||||
// credentials in subsequent Amazon Web Services API calls to access resources in
|
// specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
|
||||||
// the account that owns the role. You cannot use session policies to grant more
|
// session policies. The plaintext that you use for both inline and managed session
|
||||||
// permissions than those allowed by the identity-based policy of the role that is
|
// policies can't exceed 2,048 characters. Passing policies to this operation
|
||||||
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
// returns new temporary credentials. The resulting session's permissions are the
|
||||||
// in the IAM User Guide. Tags (Optional) You can configure your IdP to pass
|
// intersection of the role's identity-based policy and the session policies. You
|
||||||
// attributes into your web identity token as session tags. Each session tag
|
// can use the role's temporary credentials in subsequent Amazon Web Services API
|
||||||
// consists of a key name and an associated value. For more information about
|
// calls to access resources in the account that owns the role. You cannot use
|
||||||
// session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
// session policies to grant more permissions than those allowed by the
|
||||||
// in the IAM User Guide. You can pass up to 50 session tags. The plaintext session
|
// identity-based policy of the role that is being assumed. For more information,
|
||||||
// tag keys can’t exceed 128 characters and the values can’t exceed 256 characters.
|
// see [Session Policies]in the IAM User Guide.
|
||||||
// For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
//
|
||||||
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
|
// # Tags
|
||||||
// inline session policy, managed policy ARNs, and session tags into a packed
|
//
|
||||||
// binary format that has a separate limit. Your request can fail for this limit
|
// (Optional) You can configure your IdP to pass attributes into your web identity
|
||||||
// even if your plaintext meets the other requirements. The PackedPolicySize
|
// token as session tags. Each session tag consists of a key name and an associated
|
||||||
// response element indicates by percentage how close the policies and tags for
|
// value. For more information about session tags, see [Passing Session Tags in STS]in the IAM User Guide.
|
||||||
// your request are to the upper size limit. You can pass a session tag with the
|
//
|
||||||
// same key as a tag that is attached to the role. When you do, the session tag
|
// You can pass up to 50 session tags. The plaintext session tag keys can’t exceed
|
||||||
// overrides the role tag with the same key. An administrator must grant you the
|
// 128 characters and the values can’t exceed 256 characters. For these and
|
||||||
// permissions necessary to pass session tags. The administrator can also create
|
// additional limits, see [IAM and STS Character Limits]in the IAM User Guide.
|
||||||
// granular permissions to allow you to pass only specific session tags. For more
|
//
|
||||||
// information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||||
// in the IAM User Guide. You can set the session tags as transitive. Transitive
|
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||||
// tags persist during role chaining. For more information, see Chaining Roles
|
// separate limit. Your request can fail for this limit even if your plaintext
|
||||||
// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
// meets the other requirements. The PackedPolicySize response element indicates
|
||||||
// in the IAM User Guide. Identities Before your application can call
|
// by percentage how close the policies and tags for your request are to the upper
|
||||||
// AssumeRoleWithWebIdentity , you must have an identity token from a supported
|
// size limit.
|
||||||
// identity provider and create a role that the application can assume. The role
|
//
|
||||||
// that your application assumes must trust the identity provider that is
|
// You can pass a session tag with the same key as a tag that is attached to the
|
||||||
// associated with the identity token. In other words, the identity provider must
|
// role. When you do, the session tag overrides the role tag with the same key.
|
||||||
// be specified in the role's trust policy. Calling AssumeRoleWithWebIdentity can
|
//
|
||||||
// result in an entry in your CloudTrail logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims)
|
// An administrator must grant you the permissions necessary to pass session tags.
|
||||||
// of the provided web identity token. We recommend that you avoid using any
|
// The administrator can also create granular permissions to allow you to pass only
|
||||||
// personally identifiable information (PII) in this field. For example, you could
|
// specific session tags. For more information, see [Tutorial: Using Tags for Attribute-Based Access Control]in the IAM User Guide.
|
||||||
// instead use a GUID or a pairwise identifier, as suggested in the OIDC
|
//
|
||||||
// specification (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes)
|
// You can set the session tags as transitive. Transitive tags persist during role
|
||||||
// . For more information about how to use web identity federation and the
|
// chaining. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// # Identities
|
||||||
|
//
|
||||||
|
// Before your application can call AssumeRoleWithWebIdentity , you must have an
|
||||||
|
// identity token from a supported identity provider and create a role that the
|
||||||
|
// application can assume. The role that your application assumes must trust the
|
||||||
|
// identity provider that is associated with the identity token. In other words,
|
||||||
|
// the identity provider must be specified in the role's trust policy.
|
||||||
|
//
|
||||||
|
// Calling AssumeRoleWithWebIdentity can result in an entry in your CloudTrail
|
||||||
|
// logs. The entry includes the [Subject]of the provided web identity token. We recommend
|
||||||
|
// that you avoid using any personally identifiable information (PII) in this
|
||||||
|
// field. For example, you could instead use a GUID or a pairwise identifier, as [suggested in the OIDC specification].
|
||||||
|
//
|
||||||
|
// For more information about how to use web identity federation and the
|
||||||
// AssumeRoleWithWebIdentity API, see the following resources:
|
// AssumeRoleWithWebIdentity API, see the following resources:
|
||||||
// - Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
|
//
|
||||||
// and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
|
// [Using Web Identity Federation API Operations for Mobile Apps]
|
||||||
// .
|
// - and [Federation Through a Web-based Identity Provider].
|
||||||
// - Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/)
|
//
|
||||||
// . Walk through the process of authenticating through Login with Amazon,
|
// [Web Identity Federation Playground]
|
||||||
|
// - . Walk through the process of authenticating through Login with Amazon,
|
||||||
// Facebook, or Google, getting temporary security credentials, and then using
|
// Facebook, or Google, getting temporary security credentials, and then using
|
||||||
// those credentials to make a request to Amazon Web Services.
|
// those credentials to make a request to Amazon Web Services.
|
||||||
// - Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
|
//
|
||||||
// and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
|
// [Amazon Web Services SDK for iOS Developer Guide]
|
||||||
// . These toolkits contain sample apps that show how to invoke the identity
|
// - and [Amazon Web Services SDK for Android Developer Guide]. These toolkits contain sample apps that show how to invoke the
|
||||||
// providers. The toolkits then show how to use the information from these
|
// identity providers. The toolkits then show how to use the information from these
|
||||||
// providers to get and use temporary security credentials.
|
// providers to get and use temporary security credentials.
|
||||||
// - Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications)
|
//
|
||||||
// . This article discusses web identity federation and shows an example of how to
|
// [Web Identity Federation with Mobile Applications]
|
||||||
// use web identity federation to get access to content in Amazon S3.
|
// - . This article discusses web identity federation and shows an example of
|
||||||
|
// how to use web identity federation to get access to content in Amazon S3.
|
||||||
|
//
|
||||||
|
// [Amazon Web Services SDK for iOS Developer Guide]: http://aws.amazon.com/sdkforios/
|
||||||
|
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
||||||
|
// [Web Identity Federation Playground]: https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/
|
||||||
|
// [Amazon Web Services SDK for Android Developer Guide]: http://aws.amazon.com/sdkforandroid/
|
||||||
|
// [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
||||||
|
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
||||||
|
// [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
||||||
|
// [Subject]: http://openid.net/specs/openid-connect-core-1_0.html#Claims
|
||||||
|
// [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
|
||||||
|
// [Amazon Cognito identity pools]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html
|
||||||
|
// [Federation Through a Web-based Identity Provider]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
|
||||||
|
// [Using IAM Roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
|
||||||
|
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
// [Amazon Cognito federated identities]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html
|
||||||
|
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
||||||
|
// [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
|
||||||
|
// [Web Identity Federation with Mobile Applications]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications
|
||||||
|
// [Using Web Identity Federation API Operations for Mobile Apps]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html
|
||||||
|
// [suggested in the OIDC specification]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
|
||||||
func (c *Client) AssumeRoleWithWebIdentity(ctx context.Context, params *AssumeRoleWithWebIdentityInput, optFns ...func(*Options)) (*AssumeRoleWithWebIdentityOutput, error) {
|
func (c *Client) AssumeRoleWithWebIdentity(ctx context.Context, params *AssumeRoleWithWebIdentityInput, optFns ...func(*Options)) (*AssumeRoleWithWebIdentityOutput, error) {
|
||||||
if params == nil {
|
if params == nil {
|
||||||
params = &AssumeRoleWithWebIdentityInput{}
|
params = &AssumeRoleWithWebIdentityInput{}
|
||||||
@ -139,10 +177,11 @@ type AssumeRoleWithWebIdentityInput struct {
|
|||||||
// identifier that is associated with the user who is using your application. That
|
// identifier that is associated with the user who is using your application. That
|
||||||
// way, the temporary security credentials that your application will use are
|
// way, the temporary security credentials that your application will use are
|
||||||
// associated with that user. This session name is included as part of the ARN and
|
// associated with that user. This session name is included as part of the ARN and
|
||||||
// assumed role ID in the AssumedRoleUser response element. The regex used to
|
// assumed role ID in the AssumedRoleUser response element.
|
||||||
// validate this parameter is a string of characters consisting of upper- and
|
//
|
||||||
// lower-case alphanumeric characters with no spaces. You can also include
|
// The regex used to validate this parameter is a string of characters consisting
|
||||||
// underscores or any of the following characters: =,.@-
|
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||||
|
// include underscores or any of the following characters: =,.@-
|
||||||
//
|
//
|
||||||
// This member is required.
|
// This member is required.
|
||||||
RoleSessionName *string
|
RoleSessionName *string
|
||||||
@ -162,73 +201,90 @@ type AssumeRoleWithWebIdentityInput struct {
|
|||||||
// higher than this setting, the operation fails. For example, if you specify a
|
// higher than this setting, the operation fails. For example, if you specify a
|
||||||
// session duration of 12 hours, but your administrator set the maximum session
|
// session duration of 12 hours, but your administrator set the maximum session
|
||||||
// duration to 6 hours, your operation fails. To learn how to view the maximum
|
// duration to 6 hours, your operation fails. To learn how to view the maximum
|
||||||
// value for your role, see View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
// value for your role, see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide.
|
||||||
// in the IAM User Guide. By default, the value is set to 3600 seconds. The
|
//
|
||||||
// DurationSeconds parameter is separate from the duration of a console session
|
// By default, the value is set to 3600 seconds.
|
||||||
// that you might request using the returned credentials. The request to the
|
//
|
||||||
// federation endpoint for a console sign-in token takes a SessionDuration
|
// The DurationSeconds parameter is separate from the duration of a console
|
||||||
|
// session that you might request using the returned credentials. The request to
|
||||||
|
// the federation endpoint for a console sign-in token takes a SessionDuration
|
||||||
// parameter that specifies the maximum length of the console session. For more
|
// parameter that specifies the maximum length of the console session. For more
|
||||||
// information, see Creating a URL that Enables Federated Users to Access the
|
// information, see [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]in the IAM User Guide.
|
||||||
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
|
//
|
||||||
// in the IAM User Guide.
|
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
||||||
|
// [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
|
||||||
DurationSeconds *int32
|
DurationSeconds *int32
|
||||||
|
|
||||||
// An IAM policy in JSON format that you want to use as an inline session policy.
|
// An IAM policy in JSON format that you want to use as an inline session policy.
|
||||||
|
//
|
||||||
// This parameter is optional. Passing policies to this operation returns new
|
// This parameter is optional. Passing policies to this operation returns new
|
||||||
// temporary credentials. The resulting session's permissions are the intersection
|
// temporary credentials. The resulting session's permissions are the intersection
|
||||||
// of the role's identity-based policy and the session policies. You can use the
|
// of the role's identity-based policy and the session policies. You can use the
|
||||||
// role's temporary credentials in subsequent Amazon Web Services API calls to
|
// role's temporary credentials in subsequent Amazon Web Services API calls to
|
||||||
// access resources in the account that owns the role. You cannot use session
|
// access resources in the account that owns the role. You cannot use session
|
||||||
// policies to grant more permissions than those allowed by the identity-based
|
// policies to grant more permissions than those allowed by the identity-based
|
||||||
// policy of the role that is being assumed. For more information, see Session
|
// policy of the role that is being assumed. For more information, see [Session Policies]in the IAM
|
||||||
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
// User Guide.
|
||||||
// in the IAM User Guide. The plaintext that you use for both inline and managed
|
//
|
||||||
// session policies can't exceed 2,048 characters. The JSON policy characters can
|
// The plaintext that you use for both inline and managed session policies can't
|
||||||
// be any ASCII character from the space character to the end of the valid
|
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
|
||||||
// character list (\u0020 through \u00FF). It can also include the tab (\u0009),
|
// from the space character to the end of the valid character list (\u0020 through
|
||||||
// linefeed (\u000A), and carriage return (\u000D) characters. An Amazon Web
|
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
|
||||||
// Services conversion compresses the passed inline session policy, managed policy
|
// return (\u000D) characters.
|
||||||
// ARNs, and session tags into a packed binary format that has a separate limit.
|
//
|
||||||
// Your request can fail for this limit even if your plaintext meets the other
|
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||||
// requirements. The PackedPolicySize response element indicates by percentage how
|
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||||
// close the policies and tags for your request are to the upper size limit.
|
// separate limit. Your request can fail for this limit even if your plaintext
|
||||||
|
// meets the other requirements. The PackedPolicySize response element indicates
|
||||||
|
// by percentage how close the policies and tags for your request are to the upper
|
||||||
|
// size limit.
|
||||||
|
//
|
||||||
|
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
Policy *string
|
Policy *string
|
||||||
|
|
||||||
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
|
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
|
||||||
// use as managed session policies. The policies must exist in the same account as
|
// use as managed session policies. The policies must exist in the same account as
|
||||||
// the role. This parameter is optional. You can provide up to 10 managed policy
|
// the role.
|
||||||
// ARNs. However, the plaintext that you use for both inline and managed session
|
//
|
||||||
// policies can't exceed 2,048 characters. For more information about ARNs, see
|
// This parameter is optional. You can provide up to 10 managed policy ARNs.
|
||||||
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
// However, the plaintext that you use for both inline and managed session policies
|
||||||
// in the Amazon Web Services General Reference. An Amazon Web Services conversion
|
// can't exceed 2,048 characters. For more information about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]in the
|
||||||
// compresses the passed inline session policy, managed policy ARNs, and session
|
// Amazon Web Services General Reference.
|
||||||
// tags into a packed binary format that has a separate limit. Your request can
|
//
|
||||||
// fail for this limit even if your plaintext meets the other requirements. The
|
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||||
// PackedPolicySize response element indicates by percentage how close the policies
|
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||||
// and tags for your request are to the upper size limit. Passing policies to this
|
// separate limit. Your request can fail for this limit even if your plaintext
|
||||||
// operation returns new temporary credentials. The resulting session's permissions
|
// meets the other requirements. The PackedPolicySize response element indicates
|
||||||
// are the intersection of the role's identity-based policy and the session
|
// by percentage how close the policies and tags for your request are to the upper
|
||||||
// policies. You can use the role's temporary credentials in subsequent Amazon Web
|
// size limit.
|
||||||
// Services API calls to access resources in the account that owns the role. You
|
//
|
||||||
// cannot use session policies to grant more permissions than those allowed by the
|
// Passing policies to this operation returns new temporary credentials. The
|
||||||
// identity-based policy of the role that is being assumed. For more information,
|
// resulting session's permissions are the intersection of the role's
|
||||||
// see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
// identity-based policy and the session policies. You can use the role's temporary
|
||||||
// in the IAM User Guide.
|
// credentials in subsequent Amazon Web Services API calls to access resources in
|
||||||
|
// the account that owns the role. You cannot use session policies to grant more
|
||||||
|
// permissions than those allowed by the identity-based policy of the role that is
|
||||||
|
// being assumed. For more information, see [Session Policies]in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
// [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
||||||
PolicyArns []types.PolicyDescriptorType
|
PolicyArns []types.PolicyDescriptorType
|
||||||
|
|
||||||
// The fully qualified host component of the domain name of the OAuth 2.0 identity
|
// The fully qualified host component of the domain name of the OAuth 2.0 identity
|
||||||
// provider. Do not specify this value for an OpenID Connect identity provider.
|
// provider. Do not specify this value for an OpenID Connect identity provider.
|
||||||
|
//
|
||||||
// Currently www.amazon.com and graph.facebook.com are the only supported identity
|
// Currently www.amazon.com and graph.facebook.com are the only supported identity
|
||||||
// providers for OAuth 2.0 access tokens. Do not include URL schemes and port
|
// providers for OAuth 2.0 access tokens. Do not include URL schemes and port
|
||||||
// numbers. Do not specify this value for OpenID Connect ID tokens.
|
// numbers.
|
||||||
|
//
|
||||||
|
// Do not specify this value for OpenID Connect ID tokens.
|
||||||
ProviderId *string
|
ProviderId *string
|
||||||
|
|
||||||
noSmithyDocumentSerde
|
noSmithyDocumentSerde
|
||||||
}
|
}
|
||||||
|
|
||||||
// Contains the response to a successful AssumeRoleWithWebIdentity request,
|
// Contains the response to a successful AssumeRoleWithWebIdentity request, including temporary Amazon Web
|
||||||
// including temporary Amazon Web Services credentials that can be used to make
|
// Services credentials that can be used to make Amazon Web Services requests.
|
||||||
// Amazon Web Services requests.
|
|
||||||
type AssumeRoleWithWebIdentityOutput struct {
|
type AssumeRoleWithWebIdentityOutput struct {
|
||||||
|
|
||||||
// The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers
|
// The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers
|
||||||
@ -244,9 +300,10 @@ type AssumeRoleWithWebIdentityOutput struct {
|
|||||||
Audience *string
|
Audience *string
|
||||||
|
|
||||||
// The temporary security credentials, which include an access key ID, a secret
|
// The temporary security credentials, which include an access key ID, a secret
|
||||||
// access key, and a security token. The size of the security token that STS API
|
// access key, and a security token.
|
||||||
// operations return is not fixed. We strongly recommend that you make no
|
//
|
||||||
// assumptions about the maximum size.
|
// The size of the security token that STS API operations return is not fixed. We
|
||||||
|
// strongly recommend that you make no assumptions about the maximum size.
|
||||||
Credentials *types.Credentials
|
Credentials *types.Credentials
|
||||||
|
|
||||||
// A percentage value that indicates the packed size of the session policies and
|
// A percentage value that indicates the packed size of the session policies and
|
||||||
@ -255,30 +312,34 @@ type AssumeRoleWithWebIdentityOutput struct {
|
|||||||
// allowed space.
|
// allowed space.
|
||||||
PackedPolicySize *int32
|
PackedPolicySize *int32
|
||||||
|
|
||||||
// The issuing authority of the web identity token presented. For OpenID Connect
|
// The issuing authority of the web identity token presented. For OpenID Connect
|
||||||
// ID tokens, this contains the value of the iss field. For OAuth 2.0 access
|
// ID tokens, this contains the value of the iss field. For OAuth 2.0 access
|
||||||
// tokens, this contains the value of the ProviderId parameter that was passed in
|
// tokens, this contains the value of the ProviderId parameter that was passed in
|
||||||
// the AssumeRoleWithWebIdentity request.
|
// the AssumeRoleWithWebIdentity request.
|
||||||
Provider *string
|
Provider *string
|
||||||
|
|
||||||
// The value of the source identity that is returned in the JSON web token (JWT)
|
// The value of the source identity that is returned in the JSON web token (JWT)
|
||||||
// from the identity provider. You can require users to set a source identity value
|
// from the identity provider.
|
||||||
// when they assume a role. You do this by using the sts:SourceIdentity condition
|
//
|
||||||
// key in a role trust policy. That way, actions that are taken with the role are
|
// You can require users to set a source identity value when they assume a role.
|
||||||
// associated with that user. After the source identity is set, the value cannot be
|
// You do this by using the sts:SourceIdentity condition key in a role trust
|
||||||
// changed. It is present in the request for all actions that are taken by the role
|
// policy. That way, actions that are taken with the role are associated with that
|
||||||
// and persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
|
// user. After the source identity is set, the value cannot be changed. It is
|
||||||
// sessions. You can configure your identity provider to use an attribute
|
// present in the request for all actions that are taken by the role and persists
|
||||||
|
// across [chained role]sessions. You can configure your identity provider to use an attribute
|
||||||
// associated with your users, like user name or email, as the source identity when
|
// associated with your users, like user name or email, as the source identity when
|
||||||
// calling AssumeRoleWithWebIdentity . You do this by adding a claim to the JSON
|
// calling AssumeRoleWithWebIdentity . You do this by adding a claim to the JSON
|
||||||
// web token. To learn more about OIDC tokens and claims, see Using Tokens with
|
// web token. To learn more about OIDC tokens and claims, see [Using Tokens with User Pools]in the Amazon
|
||||||
// User Pools (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html)
|
// Cognito Developer Guide. For more information about using source identity, see [Monitor and control actions taken with assumed roles]
|
||||||
// in the Amazon Cognito Developer Guide. For more information about using source
|
// in the IAM User Guide.
|
||||||
// identity, see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
//
|
||||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
// The regex used to validate this parameter is a string of characters consisting
|
||||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||||
// spaces. You can also include underscores or any of the following characters:
|
// include underscores or any of the following characters: =,.@-
|
||||||
// =,.@-
|
//
|
||||||
|
// [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining
|
||||||
|
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
|
||||||
|
// [Using Tokens with User Pools]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html
|
||||||
SourceIdentity *string
|
SourceIdentity *string
|
||||||
|
|
||||||
// The unique user identifier that is returned by the identity provider. This
|
// The unique user identifier that is returned by the identity provider. This
|
||||||
@ -347,6 +408,12 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew
|
|||||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
if err = addOpAssumeRoleWithWebIdentityValidationMiddleware(stack); err != nil {
|
if err = addOpAssumeRoleWithWebIdentityValidationMiddleware(stack); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
51
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go
generated
vendored
51
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go
generated
vendored
@ -11,28 +11,39 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// Decodes additional information about the authorization status of a request from
|
// Decodes additional information about the authorization status of a request from
|
||||||
// an encoded message returned in response to an Amazon Web Services request. For
|
// an encoded message returned in response to an Amazon Web Services request.
|
||||||
// example, if a user is not authorized to perform an operation that he or she has
|
//
|
||||||
// requested, the request returns a Client.UnauthorizedOperation response (an HTTP
|
// For example, if a user is not authorized to perform an operation that he or she
|
||||||
// 403 response). Some Amazon Web Services operations additionally return an
|
// has requested, the request returns a Client.UnauthorizedOperation response (an
|
||||||
// encoded message that can provide details about this authorization failure. Only
|
// HTTP 403 response). Some Amazon Web Services operations additionally return an
|
||||||
// certain Amazon Web Services operations return an encoded authorization message.
|
// encoded message that can provide details about this authorization failure.
|
||||||
// The documentation for an individual operation indicates whether that operation
|
//
|
||||||
// returns an encoded message in addition to returning an HTTP code. The message is
|
// Only certain Amazon Web Services operations return an encoded authorization
|
||||||
// encoded because the details of the authorization status can contain privileged
|
// message. The documentation for an individual operation indicates whether that
|
||||||
// information that the user who requested the operation should not see. To decode
|
// operation returns an encoded message in addition to returning an HTTP code.
|
||||||
// an authorization status message, a user must be granted permissions through an
|
//
|
||||||
// IAM policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
|
// The message is encoded because the details of the authorization status can
|
||||||
// to request the DecodeAuthorizationMessage ( sts:DecodeAuthorizationMessage )
|
// contain privileged information that the user who requested the operation should
|
||||||
// action. The decoded message includes the following type of information:
|
// not see. To decode an authorization status message, a user must be granted
|
||||||
|
// permissions through an IAM [policy]to request the DecodeAuthorizationMessage (
|
||||||
|
// sts:DecodeAuthorizationMessage ) action.
|
||||||
|
//
|
||||||
|
// The decoded message includes the following type of information:
|
||||||
|
//
|
||||||
// - Whether the request was denied due to an explicit deny or due to the
|
// - Whether the request was denied due to an explicit deny or due to the
|
||||||
// absence of an explicit allow. For more information, see Determining Whether a
|
// absence of an explicit allow. For more information, see [Determining Whether a Request is Allowed or Denied]in the IAM User
|
||||||
// Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
|
// Guide.
|
||||||
// in the IAM User Guide.
|
//
|
||||||
// - The principal who made the request.
|
// - The principal who made the request.
|
||||||
|
//
|
||||||
// - The requested action.
|
// - The requested action.
|
||||||
|
//
|
||||||
// - The requested resource.
|
// - The requested resource.
|
||||||
|
//
|
||||||
// - The values of condition keys in the context of the user's request.
|
// - The values of condition keys in the context of the user's request.
|
||||||
|
//
|
||||||
|
// [Determining Whether a Request is Allowed or Denied]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow
|
||||||
|
// [policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
|
||||||
func (c *Client) DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error) {
|
func (c *Client) DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error) {
|
||||||
if params == nil {
|
if params == nil {
|
||||||
params = &DecodeAuthorizationMessageInput{}
|
params = &DecodeAuthorizationMessageInput{}
|
||||||
@ -127,6 +138,12 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle
|
|||||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
if err = addOpDecodeAuthorizationMessageValidationMiddleware(stack); err != nil {
|
if err = addOpDecodeAuthorizationMessageValidationMiddleware(stack); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
55
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go
generated
vendored
55
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go
generated
vendored
@ -10,23 +10,31 @@ import (
|
|||||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Returns the account identifier for the specified access key ID. Access keys
|
// Returns the account identifier for the specified access key ID.
|
||||||
// consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE ) and
|
//
|
||||||
// a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY ).
|
// Access keys consist of two parts: an access key ID (for example,
|
||||||
// For more information about access keys, see Managing Access Keys for IAM Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
|
// AKIAIOSFODNN7EXAMPLE ) and a secret access key (for example,
|
||||||
// in the IAM User Guide. When you pass an access key ID to this operation, it
|
// wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY ). For more information about access
|
||||||
// returns the ID of the Amazon Web Services account to which the keys belong.
|
// keys, see [Managing Access Keys for IAM Users]in the IAM User Guide.
|
||||||
// Access key IDs beginning with AKIA are long-term credentials for an IAM user or
|
//
|
||||||
// the Amazon Web Services account root user. Access key IDs beginning with ASIA
|
// When you pass an access key ID to this operation, it returns the ID of the
|
||||||
// are temporary credentials that are created using STS operations. If the account
|
// Amazon Web Services account to which the keys belong. Access key IDs beginning
|
||||||
// in the response belongs to you, you can sign in as the root user and review your
|
// with AKIA are long-term credentials for an IAM user or the Amazon Web Services
|
||||||
// root user access keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
|
// account root user. Access key IDs beginning with ASIA are temporary credentials
|
||||||
// to learn which IAM user owns the keys. To learn who requested the temporary
|
// that are created using STS operations. If the account in the response belongs to
|
||||||
// credentials for an ASIA access key, view the STS events in your CloudTrail logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
|
// you, you can sign in as the root user and review your root user access keys.
|
||||||
// in the IAM User Guide. This operation does not indicate the state of the access
|
// Then, you can pull a [credentials report]to learn which IAM user owns the keys. To learn who
|
||||||
// key. The key might be active, inactive, or deleted. Active keys might not have
|
// requested the temporary credentials for an ASIA access key, view the STS events
|
||||||
// permissions to perform an operation. Providing a deleted access key might return
|
// in your [CloudTrail logs]in the IAM User Guide.
|
||||||
// an error that the key doesn't exist.
|
//
|
||||||
|
// This operation does not indicate the state of the access key. The key might be
|
||||||
|
// active, inactive, or deleted. Active keys might not have permissions to perform
|
||||||
|
// an operation. Providing a deleted access key might return an error that the key
|
||||||
|
// doesn't exist.
|
||||||
|
//
|
||||||
|
// [credentials report]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html
|
||||||
|
// [CloudTrail logs]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
|
||||||
|
// [Managing Access Keys for IAM Users]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html
|
||||||
func (c *Client) GetAccessKeyInfo(ctx context.Context, params *GetAccessKeyInfoInput, optFns ...func(*Options)) (*GetAccessKeyInfoOutput, error) {
|
func (c *Client) GetAccessKeyInfo(ctx context.Context, params *GetAccessKeyInfoInput, optFns ...func(*Options)) (*GetAccessKeyInfoOutput, error) {
|
||||||
if params == nil {
|
if params == nil {
|
||||||
params = &GetAccessKeyInfoInput{}
|
params = &GetAccessKeyInfoInput{}
|
||||||
@ -44,9 +52,10 @@ func (c *Client) GetAccessKeyInfo(ctx context.Context, params *GetAccessKeyInfoI
|
|||||||
|
|
||||||
type GetAccessKeyInfoInput struct {
|
type GetAccessKeyInfoInput struct {
|
||||||
|
|
||||||
// The identifier of an access key. This parameter allows (through its regex
|
// The identifier of an access key.
|
||||||
// pattern) a string of characters that can consist of any upper- or lowercase
|
//
|
||||||
// letter or digit.
|
// This parameter allows (through its regex pattern) a string of characters that
|
||||||
|
// can consist of any upper- or lowercase letter or digit.
|
||||||
//
|
//
|
||||||
// This member is required.
|
// This member is required.
|
||||||
AccessKeyId *string
|
AccessKeyId *string
|
||||||
@ -120,6 +129,12 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack
|
|||||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
if err = addOpGetAccessKeyInfoValidationMiddleware(stack); err != nil {
|
if err = addOpGetAccessKeyInfoValidationMiddleware(stack); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
32
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go
generated
vendored
32
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go
generated
vendored
@ -12,13 +12,15 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// Returns details about the IAM user or role whose credentials are used to call
|
// Returns details about the IAM user or role whose credentials are used to call
|
||||||
// the operation. No permissions are required to perform this operation. If an
|
// the operation.
|
||||||
// administrator attaches a policy to your identity that explicitly denies access
|
//
|
||||||
// to the sts:GetCallerIdentity action, you can still perform this operation.
|
// No permissions are required to perform this operation. If an administrator
|
||||||
// Permissions are not required because the same information is returned when
|
// attaches a policy to your identity that explicitly denies access to the
|
||||||
// access is denied. To view an example response, see I Am Not Authorized to
|
// sts:GetCallerIdentity action, you can still perform this operation. Permissions
|
||||||
// Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
|
// are not required because the same information is returned when access is denied.
|
||||||
// in the IAM User Guide.
|
// To view an example response, see [I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice]in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// [I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice]: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa
|
||||||
func (c *Client) GetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*Options)) (*GetCallerIdentityOutput, error) {
|
func (c *Client) GetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*Options)) (*GetCallerIdentityOutput, error) {
|
||||||
if params == nil {
|
if params == nil {
|
||||||
params = &GetCallerIdentityInput{}
|
params = &GetCallerIdentityInput{}
|
||||||
@ -38,8 +40,8 @@ type GetCallerIdentityInput struct {
|
|||||||
noSmithyDocumentSerde
|
noSmithyDocumentSerde
|
||||||
}
|
}
|
||||||
|
|
||||||
// Contains the response to a successful GetCallerIdentity request, including
|
// Contains the response to a successful GetCallerIdentity request, including information about the
|
||||||
// information about the entity making the request.
|
// entity making the request.
|
||||||
type GetCallerIdentityOutput struct {
|
type GetCallerIdentityOutput struct {
|
||||||
|
|
||||||
// The Amazon Web Services account ID number of the account that owns or contains
|
// The Amazon Web Services account ID number of the account that owns or contains
|
||||||
@ -51,8 +53,10 @@ type GetCallerIdentityOutput struct {
|
|||||||
|
|
||||||
// The unique identifier of the calling entity. The exact value depends on the
|
// The unique identifier of the calling entity. The exact value depends on the
|
||||||
// type of entity that is making the call. The values returned are those listed in
|
// type of entity that is making the call. The values returned are those listed in
|
||||||
// the aws:userid column in the Principal table (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable)
|
// the aws:userid column in the [Principal table]found on the Policy Variables reference page in
|
||||||
// found on the Policy Variables reference page in the IAM User Guide.
|
// the IAM User Guide.
|
||||||
|
//
|
||||||
|
// [Principal table]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable
|
||||||
UserId *string
|
UserId *string
|
||||||
|
|
||||||
// Metadata pertaining to the operation's result.
|
// Metadata pertaining to the operation's result.
|
||||||
@ -116,6 +120,12 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac
|
|||||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetCallerIdentity(options.Region), middleware.Before); err != nil {
|
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetCallerIdentity(options.Region), middleware.Before); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
323
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go
generated
vendored
323
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go
generated
vendored
@ -14,74 +14,100 @@ import (
|
|||||||
// Returns a set of temporary security credentials (consisting of an access key
|
// Returns a set of temporary security credentials (consisting of an access key
|
||||||
// ID, a secret access key, and a security token) for a user. A typical use is in a
|
// ID, a secret access key, and a security token) for a user. A typical use is in a
|
||||||
// proxy application that gets temporary security credentials on behalf of
|
// proxy application that gets temporary security credentials on behalf of
|
||||||
// distributed applications inside a corporate network. You must call the
|
// distributed applications inside a corporate network.
|
||||||
// GetFederationToken operation using the long-term security credentials of an IAM
|
//
|
||||||
// user. As a result, this call is appropriate in contexts where those credentials
|
// You must call the GetFederationToken operation using the long-term security
|
||||||
// can be safeguarded, usually in a server-based application. For a comparison of
|
// credentials of an IAM user. As a result, this call is appropriate in contexts
|
||||||
// GetFederationToken with the other API operations that produce temporary
|
// where those credentials can be safeguarded, usually in a server-based
|
||||||
// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
// application. For a comparison of GetFederationToken with the other API
|
||||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
// operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide.
|
||||||
// in the IAM User Guide. Although it is possible to call GetFederationToken using
|
//
|
||||||
// the security credentials of an Amazon Web Services account root user rather than
|
// Although it is possible to call GetFederationToken using the security
|
||||||
// an IAM user that you create for the purpose of a proxy application, we do not
|
// credentials of an Amazon Web Services account root user rather than an IAM user
|
||||||
// recommend it. For more information, see Safeguard your root user credentials
|
// that you create for the purpose of a proxy application, we do not recommend it.
|
||||||
// and don't use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
|
// For more information, see [Safeguard your root user credentials and don't use them for everyday tasks]in the IAM User Guide.
|
||||||
// in the IAM User Guide. You can create a mobile-based or browser-based app that
|
//
|
||||||
// can authenticate users using a web identity provider like Login with Amazon,
|
// You can create a mobile-based or browser-based app that can authenticate users
|
||||||
// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
|
// using a web identity provider like Login with Amazon, Facebook, Google, or an
|
||||||
// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
|
// OpenID Connect-compatible identity provider. In this case, we recommend that you
|
||||||
// or AssumeRoleWithWebIdentity . For more information, see Federation Through a
|
// use [Amazon Cognito]or AssumeRoleWithWebIdentity . For more information, see [Federation Through a Web-based Identity Provider] in the IAM User
|
||||||
// Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
|
// Guide.
|
||||||
// in the IAM User Guide. Session duration The temporary credentials are valid for
|
//
|
||||||
// the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600
|
// # Session duration
|
||||||
// seconds (36 hours). The default session duration is 43,200 seconds (12 hours).
|
//
|
||||||
// Temporary credentials obtained by using the root user credentials have a maximum
|
// The temporary credentials are valid for the specified duration, from 900
|
||||||
// duration of 3,600 seconds (1 hour). Permissions You can use the temporary
|
// seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
|
||||||
// credentials created by GetFederationToken in any Amazon Web Services service
|
// session duration is 43,200 seconds (12 hours). Temporary credentials obtained by
|
||||||
// with the following exceptions:
|
// using the root user credentials have a maximum duration of 3,600 seconds (1
|
||||||
|
// hour).
|
||||||
|
//
|
||||||
|
// # Permissions
|
||||||
|
//
|
||||||
|
// You can use the temporary credentials created by GetFederationToken in any
|
||||||
|
// Amazon Web Services service with the following exceptions:
|
||||||
|
//
|
||||||
// - You cannot call any IAM operations using the CLI or the Amazon Web Services
|
// - You cannot call any IAM operations using the CLI or the Amazon Web Services
|
||||||
// API. This limitation does not apply to console sessions.
|
// API. This limitation does not apply to console sessions.
|
||||||
|
//
|
||||||
// - You cannot call any STS operations except GetCallerIdentity .
|
// - You cannot call any STS operations except GetCallerIdentity .
|
||||||
//
|
//
|
||||||
// You can use temporary credentials for single sign-on (SSO) to the console. You
|
// You can use temporary credentials for single sign-on (SSO) to the console.
|
||||||
// must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
//
|
||||||
// to this operation. You can pass a single JSON policy document to use as an
|
// You must pass an inline or managed [session policy] to this operation. You can pass a single
|
||||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
// JSON policy document to use as an inline session policy. You can also specify up
|
||||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
// to 10 managed policy Amazon Resource Names (ARNs) to use as managed session
|
||||||
// use for both inline and managed session policies can't exceed 2,048 characters.
|
// policies. The plaintext that you use for both inline and managed session
|
||||||
|
// policies can't exceed 2,048 characters.
|
||||||
|
//
|
||||||
// Though the session policy parameters are optional, if you do not pass a policy,
|
// Though the session policy parameters are optional, if you do not pass a policy,
|
||||||
// then the resulting federated user session has no permissions. When you pass
|
// then the resulting federated user session has no permissions. When you pass
|
||||||
// session policies, the session permissions are the intersection of the IAM user
|
// session policies, the session permissions are the intersection of the IAM user
|
||||||
// policies and the session policies that you pass. This gives you a way to further
|
// policies and the session policies that you pass. This gives you a way to further
|
||||||
// restrict the permissions for a federated user. You cannot use session policies
|
// restrict the permissions for a federated user. You cannot use session policies
|
||||||
// to grant more permissions than those that are defined in the permissions policy
|
// to grant more permissions than those that are defined in the permissions policy
|
||||||
// of the IAM user. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
// of the IAM user. For more information, see [Session Policies]in the IAM User Guide. For
|
||||||
// in the IAM User Guide. For information about using GetFederationToken to create
|
// information about using GetFederationToken to create temporary security
|
||||||
// temporary security credentials, see GetFederationToken—Federation Through a
|
// credentials, see [GetFederationToken—Federation Through a Custom Identity Broker].
|
||||||
// Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken)
|
//
|
||||||
// . You can use the credentials to access a resource that has a resource-based
|
// You can use the credentials to access a resource that has a resource-based
|
||||||
// policy. If that policy specifically references the federated user session in the
|
// policy. If that policy specifically references the federated user session in the
|
||||||
// Principal element of the policy, the session has the permissions allowed by the
|
// Principal element of the policy, the session has the permissions allowed by the
|
||||||
// policy. These permissions are granted in addition to the permissions granted by
|
// policy. These permissions are granted in addition to the permissions granted by
|
||||||
// the session policies. Tags (Optional) You can pass tag key-value pairs to your
|
// the session policies.
|
||||||
// session. These are called session tags. For more information about session tags,
|
//
|
||||||
// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
// # Tags
|
||||||
// in the IAM User Guide. You can create a mobile-based or browser-based app that
|
//
|
||||||
// can authenticate users using a web identity provider like Login with Amazon,
|
// (Optional) You can pass tag key-value pairs to your session. These are called
|
||||||
// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
|
// session tags. For more information about session tags, see [Passing Session Tags in STS]in the IAM User
|
||||||
// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
|
// Guide.
|
||||||
// or AssumeRoleWithWebIdentity . For more information, see Federation Through a
|
//
|
||||||
// Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
|
// You can create a mobile-based or browser-based app that can authenticate users
|
||||||
// in the IAM User Guide. An administrator must grant you the permissions necessary
|
// using a web identity provider like Login with Amazon, Facebook, Google, or an
|
||||||
// to pass session tags. The administrator can also create granular permissions to
|
// OpenID Connect-compatible identity provider. In this case, we recommend that you
|
||||||
// allow you to pass only specific session tags. For more information, see
|
// use [Amazon Cognito]or AssumeRoleWithWebIdentity . For more information, see [Federation Through a Web-based Identity Provider] in the IAM User
|
||||||
// Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
// Guide.
|
||||||
// in the IAM User Guide. Tag key–value pairs are not case sensitive, but case is
|
//
|
||||||
// preserved. This means that you cannot have separate Department and department
|
// An administrator must grant you the permissions necessary to pass session tags.
|
||||||
// tag keys. Assume that the user that you are federating has the Department =
|
// The administrator can also create granular permissions to allow you to pass only
|
||||||
// Marketing tag and you pass the department = engineering session tag. Department
|
// specific session tags. For more information, see [Tutorial: Using Tags for Attribute-Based Access Control]in the IAM User Guide.
|
||||||
// and department are not saved as separate tags, and the session tag passed in
|
//
|
||||||
// the request takes precedence over the user tag.
|
// Tag key–value pairs are not case sensitive, but case is preserved. This means
|
||||||
|
// that you cannot have separate Department and department tag keys. Assume that
|
||||||
|
// the user that you are federating has the Department = Marketing tag and you
|
||||||
|
// pass the department = engineering session tag. Department and department are
|
||||||
|
// not saved as separate tags, and the session tag passed in the request takes
|
||||||
|
// precedence over the user tag.
|
||||||
|
//
|
||||||
|
// [Federation Through a Web-based Identity Provider]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
|
||||||
|
// [session policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
// [Amazon Cognito]: http://aws.amazon.com/cognito/
|
||||||
|
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
||||||
|
// [GetFederationToken—Federation Through a Custom Identity Broker]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken
|
||||||
|
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
||||||
|
// [Safeguard your root user credentials and don't use them for everyday tasks]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials
|
||||||
|
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
||||||
|
// [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
|
||||||
func (c *Client) GetFederationToken(ctx context.Context, params *GetFederationTokenInput, optFns ...func(*Options)) (*GetFederationTokenOutput, error) {
|
func (c *Client) GetFederationToken(ctx context.Context, params *GetFederationTokenInput, optFns ...func(*Options)) (*GetFederationTokenOutput, error) {
|
||||||
if params == nil {
|
if params == nil {
|
||||||
params = &GetFederationTokenInput{}
|
params = &GetFederationTokenInput{}
|
||||||
@ -102,10 +128,11 @@ type GetFederationTokenInput struct {
|
|||||||
// The name of the federated user. The name is used as an identifier for the
|
// The name of the federated user. The name is used as an identifier for the
|
||||||
// temporary security credentials (such as Bob ). For example, you can reference
|
// temporary security credentials (such as Bob ). For example, you can reference
|
||||||
// the federated user name in a resource-based policy, such as in an Amazon S3
|
// the federated user name in a resource-based policy, such as in an Amazon S3
|
||||||
// bucket policy. The regex used to validate this parameter is a string of
|
// bucket policy.
|
||||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
//
|
||||||
// spaces. You can also include underscores or any of the following characters:
|
// The regex used to validate this parameter is a string of characters consisting
|
||||||
// =,.@-
|
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||||
|
// include underscores or any of the following characters: =,.@-
|
||||||
//
|
//
|
||||||
// This member is required.
|
// This member is required.
|
||||||
Name *string
|
Name *string
|
||||||
@ -119,99 +146,127 @@ type GetFederationTokenInput struct {
|
|||||||
DurationSeconds *int32
|
DurationSeconds *int32
|
||||||
|
|
||||||
// An IAM policy in JSON format that you want to use as an inline session policy.
|
// An IAM policy in JSON format that you want to use as an inline session policy.
|
||||||
// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
//
|
||||||
// to this operation. You can pass a single JSON policy document to use as an
|
// You must pass an inline or managed [session policy] to this operation. You can pass a single
|
||||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
// JSON policy document to use as an inline session policy. You can also specify up
|
||||||
// Resource Names (ARNs) to use as managed session policies. This parameter is
|
// to 10 managed policy Amazon Resource Names (ARNs) to use as managed session
|
||||||
// optional. However, if you do not pass any session policies, then the resulting
|
// policies.
|
||||||
// federated user session has no permissions. When you pass session policies, the
|
//
|
||||||
// session permissions are the intersection of the IAM user policies and the
|
// This parameter is optional. However, if you do not pass any session policies,
|
||||||
// session policies that you pass. This gives you a way to further restrict the
|
// then the resulting federated user session has no permissions.
|
||||||
// permissions for a federated user. You cannot use session policies to grant more
|
//
|
||||||
// permissions than those that are defined in the permissions policy of the IAM
|
// When you pass session policies, the session permissions are the intersection of
|
||||||
// user. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
// the IAM user policies and the session policies that you pass. This gives you a
|
||||||
// in the IAM User Guide. The resulting credentials can be used to access a
|
// way to further restrict the permissions for a federated user. You cannot use
|
||||||
// resource that has a resource-based policy. If that policy specifically
|
// session policies to grant more permissions than those that are defined in the
|
||||||
// references the federated user session in the Principal element of the policy,
|
// permissions policy of the IAM user. For more information, see [Session Policies]in the IAM User
|
||||||
// the session has the permissions allowed by the policy. These permissions are
|
// Guide.
|
||||||
// granted in addition to the permissions that are granted by the session policies.
|
//
|
||||||
|
// The resulting credentials can be used to access a resource that has a
|
||||||
|
// resource-based policy. If that policy specifically references the federated user
|
||||||
|
// session in the Principal element of the policy, the session has the permissions
|
||||||
|
// allowed by the policy. These permissions are granted in addition to the
|
||||||
|
// permissions that are granted by the session policies.
|
||||||
|
//
|
||||||
// The plaintext that you use for both inline and managed session policies can't
|
// The plaintext that you use for both inline and managed session policies can't
|
||||||
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
|
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
|
||||||
// from the space character to the end of the valid character list (\u0020 through
|
// from the space character to the end of the valid character list (\u0020 through
|
||||||
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
|
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
|
||||||
// return (\u000D) characters. An Amazon Web Services conversion compresses the
|
// return (\u000D) characters.
|
||||||
// passed inline session policy, managed policy ARNs, and session tags into a
|
//
|
||||||
// packed binary format that has a separate limit. Your request can fail for this
|
|
||||||
// limit even if your plaintext meets the other requirements. The PackedPolicySize
|
|
||||||
// response element indicates by percentage how close the policies and tags for
|
|
||||||
// your request are to the upper size limit.
|
|
||||||
Policy *string
|
|
||||||
|
|
||||||
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
|
|
||||||
// use as a managed session policy. The policies must exist in the same account as
|
|
||||||
// the IAM user that is requesting federated access. You must pass an inline or
|
|
||||||
// managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
|
||||||
// to this operation. You can pass a single JSON policy document to use as an
|
|
||||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
|
||||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
|
||||||
// use for both inline and managed session policies can't exceed 2,048 characters.
|
|
||||||
// You can provide up to 10 managed policy ARNs. For more information about ARNs,
|
|
||||||
// see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
|
||||||
// in the Amazon Web Services General Reference. This parameter is optional.
|
|
||||||
// However, if you do not pass any session policies, then the resulting federated
|
|
||||||
// user session has no permissions. When you pass session policies, the session
|
|
||||||
// permissions are the intersection of the IAM user policies and the session
|
|
||||||
// policies that you pass. This gives you a way to further restrict the permissions
|
|
||||||
// for a federated user. You cannot use session policies to grant more permissions
|
|
||||||
// than those that are defined in the permissions policy of the IAM user. For more
|
|
||||||
// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
|
||||||
// in the IAM User Guide. The resulting credentials can be used to access a
|
|
||||||
// resource that has a resource-based policy. If that policy specifically
|
|
||||||
// references the federated user session in the Principal element of the policy,
|
|
||||||
// the session has the permissions allowed by the policy. These permissions are
|
|
||||||
// granted in addition to the permissions that are granted by the session policies.
|
|
||||||
// An Amazon Web Services conversion compresses the passed inline session policy,
|
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||||
// managed policy ARNs, and session tags into a packed binary format that has a
|
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||||
// separate limit. Your request can fail for this limit even if your plaintext
|
// separate limit. Your request can fail for this limit even if your plaintext
|
||||||
// meets the other requirements. The PackedPolicySize response element indicates
|
// meets the other requirements. The PackedPolicySize response element indicates
|
||||||
// by percentage how close the policies and tags for your request are to the upper
|
// by percentage how close the policies and tags for your request are to the upper
|
||||||
// size limit.
|
// size limit.
|
||||||
|
//
|
||||||
|
// [session policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
Policy *string
|
||||||
|
|
||||||
|
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
|
||||||
|
// use as a managed session policy. The policies must exist in the same account as
|
||||||
|
// the IAM user that is requesting federated access.
|
||||||
|
//
|
||||||
|
// You must pass an inline or managed [session policy] to this operation. You can pass a single
|
||||||
|
// JSON policy document to use as an inline session policy. You can also specify up
|
||||||
|
// to 10 managed policy Amazon Resource Names (ARNs) to use as managed session
|
||||||
|
// policies. The plaintext that you use for both inline and managed session
|
||||||
|
// policies can't exceed 2,048 characters. You can provide up to 10 managed policy
|
||||||
|
// ARNs. For more information about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]in the Amazon Web Services General
|
||||||
|
// Reference.
|
||||||
|
//
|
||||||
|
// This parameter is optional. However, if you do not pass any session policies,
|
||||||
|
// then the resulting federated user session has no permissions.
|
||||||
|
//
|
||||||
|
// When you pass session policies, the session permissions are the intersection of
|
||||||
|
// the IAM user policies and the session policies that you pass. This gives you a
|
||||||
|
// way to further restrict the permissions for a federated user. You cannot use
|
||||||
|
// session policies to grant more permissions than those that are defined in the
|
||||||
|
// permissions policy of the IAM user. For more information, see [Session Policies]in the IAM User
|
||||||
|
// Guide.
|
||||||
|
//
|
||||||
|
// The resulting credentials can be used to access a resource that has a
|
||||||
|
// resource-based policy. If that policy specifically references the federated user
|
||||||
|
// session in the Principal element of the policy, the session has the permissions
|
||||||
|
// allowed by the policy. These permissions are granted in addition to the
|
||||||
|
// permissions that are granted by the session policies.
|
||||||
|
//
|
||||||
|
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||||
|
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||||
|
// separate limit. Your request can fail for this limit even if your plaintext
|
||||||
|
// meets the other requirements. The PackedPolicySize response element indicates
|
||||||
|
// by percentage how close the policies and tags for your request are to the upper
|
||||||
|
// size limit.
|
||||||
|
//
|
||||||
|
// [session policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||||
|
// [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
||||||
PolicyArns []types.PolicyDescriptorType
|
PolicyArns []types.PolicyDescriptorType
|
||||||
|
|
||||||
// A list of session tags. Each session tag consists of a key name and an
|
// A list of session tags. Each session tag consists of a key name and an
|
||||||
// associated value. For more information about session tags, see Passing Session
|
// associated value. For more information about session tags, see [Passing Session Tags in STS]in the IAM User
|
||||||
// Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
// Guide.
|
||||||
// in the IAM User Guide. This parameter is optional. You can pass up to 50 session
|
//
|
||||||
// tags. The plaintext session tag keys can’t exceed 128 characters and the values
|
// This parameter is optional. You can pass up to 50 session tags. The plaintext
|
||||||
// can’t exceed 256 characters. For these and additional limits, see IAM and STS
|
// session tag keys can’t exceed 128 characters and the values can’t exceed 256
|
||||||
// Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
// characters. For these and additional limits, see [IAM and STS Character Limits]in the IAM User Guide.
|
||||||
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
|
//
|
||||||
// inline session policy, managed policy ARNs, and session tags into a packed
|
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||||
// binary format that has a separate limit. Your request can fail for this limit
|
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||||
// even if your plaintext meets the other requirements. The PackedPolicySize
|
// separate limit. Your request can fail for this limit even if your plaintext
|
||||||
// response element indicates by percentage how close the policies and tags for
|
// meets the other requirements. The PackedPolicySize response element indicates
|
||||||
// your request are to the upper size limit. You can pass a session tag with the
|
// by percentage how close the policies and tags for your request are to the upper
|
||||||
// same key as a tag that is already attached to the user you are federating. When
|
// size limit.
|
||||||
// you do, session tags override a user tag with the same key. Tag key–value pairs
|
//
|
||||||
// are not case sensitive, but case is preserved. This means that you cannot have
|
// You can pass a session tag with the same key as a tag that is already attached
|
||||||
// separate Department and department tag keys. Assume that the role has the
|
// to the user you are federating. When you do, session tags override a user tag
|
||||||
// Department = Marketing tag and you pass the department = engineering session
|
// with the same key.
|
||||||
// tag. Department and department are not saved as separate tags, and the session
|
//
|
||||||
// tag passed in the request takes precedence over the role tag.
|
// Tag key–value pairs are not case sensitive, but case is preserved. This means
|
||||||
|
// that you cannot have separate Department and department tag keys. Assume that
|
||||||
|
// the role has the Department = Marketing tag and you pass the department =
|
||||||
|
// engineering session tag. Department and department are not saved as separate
|
||||||
|
// tags, and the session tag passed in the request takes precedence over the role
|
||||||
|
// tag.
|
||||||
|
//
|
||||||
|
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
||||||
|
// [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
||||||
Tags []types.Tag
|
Tags []types.Tag
|
||||||
|
|
||||||
noSmithyDocumentSerde
|
noSmithyDocumentSerde
|
||||||
}
|
}
|
||||||
|
|
||||||
// Contains the response to a successful GetFederationToken request, including
|
// Contains the response to a successful GetFederationToken request, including temporary Amazon Web
|
||||||
// temporary Amazon Web Services credentials that can be used to make Amazon Web
|
// Services credentials that can be used to make Amazon Web Services requests.
|
||||||
// Services requests.
|
|
||||||
type GetFederationTokenOutput struct {
|
type GetFederationTokenOutput struct {
|
||||||
|
|
||||||
// The temporary security credentials, which include an access key ID, a secret
|
// The temporary security credentials, which include an access key ID, a secret
|
||||||
// access key, and a security (or session) token. The size of the security token
|
// access key, and a security (or session) token.
|
||||||
// that STS API operations return is not fixed. We strongly recommend that you make
|
//
|
||||||
// no assumptions about the maximum size.
|
// The size of the security token that STS API operations return is not fixed. We
|
||||||
|
// strongly recommend that you make no assumptions about the maximum size.
|
||||||
Credentials *types.Credentials
|
Credentials *types.Credentials
|
||||||
|
|
||||||
// Identifiers for the federated user associated with the credentials (such as
|
// Identifiers for the federated user associated with the credentials (such as
|
||||||
@ -287,6 +342,12 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta
|
|||||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
if err = addOpGetFederationTokenValidationMiddleware(stack); err != nil {
|
if err = addOpGetFederationTokenValidationMiddleware(stack); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
110
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go
generated
vendored
110
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go
generated
vendored
@ -15,43 +15,58 @@ import (
|
|||||||
// IAM user. The credentials consist of an access key ID, a secret access key, and
|
// IAM user. The credentials consist of an access key ID, a secret access key, and
|
||||||
// a security token. Typically, you use GetSessionToken if you want to use MFA to
|
// a security token. Typically, you use GetSessionToken if you want to use MFA to
|
||||||
// protect programmatic calls to specific Amazon Web Services API operations like
|
// protect programmatic calls to specific Amazon Web Services API operations like
|
||||||
// Amazon EC2 StopInstances . MFA-enabled IAM users must call GetSessionToken and
|
// Amazon EC2 StopInstances .
|
||||||
// submit an MFA code that is associated with their MFA device. Using the temporary
|
//
|
||||||
// security credentials that the call returns, IAM users can then make programmatic
|
// MFA-enabled IAM users must call GetSessionToken and submit an MFA code that is
|
||||||
// calls to API operations that require MFA authentication. An incorrect MFA code
|
// associated with their MFA device. Using the temporary security credentials that
|
||||||
// causes the API to return an access denied error. For a comparison of
|
// the call returns, IAM users can then make programmatic calls to API operations
|
||||||
// GetSessionToken with the other API operations that produce temporary
|
// that require MFA authentication. An incorrect MFA code causes the API to return
|
||||||
// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
// an access denied error. For a comparison of GetSessionToken with the other API
|
||||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
// operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide.
|
||||||
// in the IAM User Guide. No permissions are required for users to perform this
|
//
|
||||||
// operation. The purpose of the sts:GetSessionToken operation is to authenticate
|
// No permissions are required for users to perform this operation. The purpose of
|
||||||
// the user using MFA. You cannot use policies to control authentication
|
// the sts:GetSessionToken operation is to authenticate the user using MFA. You
|
||||||
// operations. For more information, see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
|
// cannot use policies to control authentication operations. For more information,
|
||||||
// in the IAM User Guide. Session Duration The GetSessionToken operation must be
|
// see [Permissions for GetSessionToken]in the IAM User Guide.
|
||||||
// called by using the long-term Amazon Web Services security credentials of an IAM
|
//
|
||||||
// user. Credentials that are created by IAM users are valid for the duration that
|
// # Session Duration
|
||||||
// you specify. This duration can range from 900 seconds (15 minutes) up to a
|
//
|
||||||
// maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12
|
// The GetSessionToken operation must be called by using the long-term Amazon Web
|
||||||
// hours). Credentials based on account credentials can range from 900 seconds (15
|
// Services security credentials of an IAM user. Credentials that are created by
|
||||||
// minutes) up to 3,600 seconds (1 hour), with a default of 1 hour. Permissions The
|
// IAM users are valid for the duration that you specify. This duration can range
|
||||||
// temporary security credentials created by GetSessionToken can be used to make
|
// from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours),
|
||||||
// API calls to any Amazon Web Services service with the following exceptions:
|
// with a default of 43,200 seconds (12 hours). Credentials based on account
|
||||||
|
// credentials can range from 900 seconds (15 minutes) up to 3,600 seconds (1
|
||||||
|
// hour), with a default of 1 hour.
|
||||||
|
//
|
||||||
|
// # Permissions
|
||||||
|
//
|
||||||
|
// The temporary security credentials created by GetSessionToken can be used to
|
||||||
|
// make API calls to any Amazon Web Services service with the following exceptions:
|
||||||
|
//
|
||||||
// - You cannot call any IAM API operations unless MFA authentication
|
// - You cannot call any IAM API operations unless MFA authentication
|
||||||
// information is included in the request.
|
// information is included in the request.
|
||||||
|
//
|
||||||
// - You cannot call any STS API except AssumeRole or GetCallerIdentity .
|
// - You cannot call any STS API except AssumeRole or GetCallerIdentity .
|
||||||
//
|
//
|
||||||
// The credentials that GetSessionToken returns are based on permissions
|
// The credentials that GetSessionToken returns are based on permissions
|
||||||
// associated with the IAM user whose credentials were used to call the operation.
|
// associated with the IAM user whose credentials were used to call the operation.
|
||||||
// The temporary credentials have the same permissions as the IAM user. Although it
|
// The temporary credentials have the same permissions as the IAM user.
|
||||||
// is possible to call GetSessionToken using the security credentials of an Amazon
|
//
|
||||||
// Web Services account root user rather than an IAM user, we do not recommend it.
|
// Although it is possible to call GetSessionToken using the security credentials
|
||||||
// If GetSessionToken is called using root user credentials, the temporary
|
// of an Amazon Web Services account root user rather than an IAM user, we do not
|
||||||
// credentials have root user permissions. For more information, see Safeguard
|
// recommend it. If GetSessionToken is called using root user credentials, the
|
||||||
// your root user credentials and don't use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
|
// temporary credentials have root user permissions. For more information, see [Safeguard your root user credentials and don't use them for everyday tasks]in
|
||||||
// in the IAM User Guide For more information about using GetSessionToken to
|
// the IAM User Guide
|
||||||
// create temporary credentials, see Temporary Credentials for Users in Untrusted
|
//
|
||||||
// Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
|
// For more information about using GetSessionToken to create temporary
|
||||||
// in the IAM User Guide.
|
// credentials, see [Temporary Credentials for Users in Untrusted Environments]in the IAM User Guide.
|
||||||
|
//
|
||||||
|
// [Permissions for GetSessionToken]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html
|
||||||
|
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
||||||
|
// [Temporary Credentials for Users in Untrusted Environments]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken
|
||||||
|
// [Safeguard your root user credentials and don't use them for everyday tasks]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials
|
||||||
|
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
||||||
func (c *Client) GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error) {
|
func (c *Client) GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error) {
|
||||||
if params == nil {
|
if params == nil {
|
||||||
params = &GetSessionTokenInput{}
|
params = &GetSessionTokenInput{}
|
||||||
@ -83,10 +98,11 @@ type GetSessionTokenInput struct {
|
|||||||
// number for a hardware device (such as GAHT12345678 ) or an Amazon Resource Name
|
// number for a hardware device (such as GAHT12345678 ) or an Amazon Resource Name
|
||||||
// (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user ). You
|
// (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user ). You
|
||||||
// can find the device for an IAM user by going to the Amazon Web Services
|
// can find the device for an IAM user by going to the Amazon Web Services
|
||||||
// Management Console and viewing the user's security credentials. The regex used
|
// Management Console and viewing the user's security credentials.
|
||||||
// to validate this parameter is a string of characters consisting of upper- and
|
//
|
||||||
// lower-case alphanumeric characters with no spaces. You can also include
|
// The regex used to validate this parameter is a string of characters consisting
|
||||||
// underscores or any of the following characters: =,.@:/-
|
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||||
|
// include underscores or any of the following characters: =,.@:/-
|
||||||
SerialNumber *string
|
SerialNumber *string
|
||||||
|
|
||||||
// The value provided by the MFA device, if MFA is required. If any policy
|
// The value provided by the MFA device, if MFA is required. If any policy
|
||||||
@ -94,22 +110,24 @@ type GetSessionTokenInput struct {
|
|||||||
// authentication is required, the user must provide a code when requesting a set
|
// authentication is required, the user must provide a code when requesting a set
|
||||||
// of temporary security credentials. A user who fails to provide the code receives
|
// of temporary security credentials. A user who fails to provide the code receives
|
||||||
// an "access denied" response when requesting resources that require MFA
|
// an "access denied" response when requesting resources that require MFA
|
||||||
// authentication. The format for this parameter, as described by its regex
|
// authentication.
|
||||||
// pattern, is a sequence of six numeric digits.
|
//
|
||||||
|
// The format for this parameter, as described by its regex pattern, is a sequence
|
||||||
|
// of six numeric digits.
|
||||||
TokenCode *string
|
TokenCode *string
|
||||||
|
|
||||||
noSmithyDocumentSerde
|
noSmithyDocumentSerde
|
||||||
}
|
}
|
||||||
|
|
||||||
// Contains the response to a successful GetSessionToken request, including
|
// Contains the response to a successful GetSessionToken request, including temporary Amazon Web
|
||||||
// temporary Amazon Web Services credentials that can be used to make Amazon Web
|
// Services credentials that can be used to make Amazon Web Services requests.
|
||||||
// Services requests.
|
|
||||||
type GetSessionTokenOutput struct {
|
type GetSessionTokenOutput struct {
|
||||||
|
|
||||||
// The temporary security credentials, which include an access key ID, a secret
|
// The temporary security credentials, which include an access key ID, a secret
|
||||||
// access key, and a security (or session) token. The size of the security token
|
// access key, and a security (or session) token.
|
||||||
// that STS API operations return is not fixed. We strongly recommend that you make
|
//
|
||||||
// no assumptions about the maximum size.
|
// The size of the security token that STS API operations return is not fixed. We
|
||||||
|
// strongly recommend that you make no assumptions about the maximum size.
|
||||||
Credentials *types.Credentials
|
Credentials *types.Credentials
|
||||||
|
|
||||||
// Metadata pertaining to the operation's result.
|
// Metadata pertaining to the operation's result.
|
||||||
@ -173,6 +191,12 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack,
|
|||||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetSessionToken(options.Region), middleware.Before); err != nil {
|
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetSessionToken(options.Region), middleware.Before); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
8
vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go
generated
vendored
8
vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go
generated
vendored
@ -12,7 +12,7 @@ import (
|
|||||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||||
)
|
)
|
||||||
|
|
||||||
func bindAuthParamsRegion(params *AuthResolverParameters, _ interface{}, options Options) {
|
func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) {
|
||||||
params.Region = options.Region
|
params.Region = options.Region
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -90,12 +90,12 @@ type AuthResolverParameters struct {
|
|||||||
Region string
|
Region string
|
||||||
}
|
}
|
||||||
|
|
||||||
func bindAuthResolverParams(operation string, input interface{}, options Options) *AuthResolverParameters {
|
func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) *AuthResolverParameters {
|
||||||
params := &AuthResolverParameters{
|
params := &AuthResolverParameters{
|
||||||
Operation: operation,
|
Operation: operation,
|
||||||
}
|
}
|
||||||
|
|
||||||
bindAuthParamsRegion(params, input, options)
|
bindAuthParamsRegion(ctx, params, input, options)
|
||||||
|
|
||||||
return params
|
return params
|
||||||
}
|
}
|
||||||
@ -157,7 +157,7 @@ func (*resolveAuthSchemeMiddleware) ID() string {
|
|||||||
func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
|
func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
|
||||||
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
|
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
|
||||||
) {
|
) {
|
||||||
params := bindAuthResolverParams(m.operation, getOperationInput(ctx), m.options)
|
params := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options)
|
||||||
options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params)
|
options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return out, metadata, fmt.Errorf("resolve auth scheme: %w", err)
|
return out, metadata, fmt.Errorf("resolve auth scheme: %w", err)
|
||||||
|
9
vendor/github.com/aws/aws-sdk-go-v2/service/sts/deserializers.go
generated
vendored
9
vendor/github.com/aws/aws-sdk-go-v2/service/sts/deserializers.go
generated
vendored
@ -20,8 +20,17 @@ import (
|
|||||||
"io"
|
"io"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func deserializeS3Expires(v string) (*time.Time, error) {
|
||||||
|
t, err := smithytime.ParseHTTPDate(v)
|
||||||
|
if err != nil {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
return &t, nil
|
||||||
|
}
|
||||||
|
|
||||||
type awsAwsquery_deserializeOpAssumeRole struct {
|
type awsAwsquery_deserializeOpAssumeRole struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
12
vendor/github.com/aws/aws-sdk-go-v2/service/sts/doc.go
generated
vendored
12
vendor/github.com/aws/aws-sdk-go-v2/service/sts/doc.go
generated
vendored
@ -3,9 +3,11 @@
|
|||||||
// Package sts provides the API client, operations, and parameter types for AWS
|
// Package sts provides the API client, operations, and parameter types for AWS
|
||||||
// Security Token Service.
|
// Security Token Service.
|
||||||
//
|
//
|
||||||
// Security Token Service Security Token Service (STS) enables you to request
|
// # Security Token Service
|
||||||
// temporary, limited-privilege credentials for users. This guide provides
|
//
|
||||||
// descriptions of the STS API. For more information about using this service, see
|
// Security Token Service (STS) enables you to request temporary,
|
||||||
// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
|
// limited-privilege credentials for users. This guide provides descriptions of the
|
||||||
// .
|
// STS API. For more information about using this service, see [Temporary Security Credentials].
|
||||||
|
//
|
||||||
|
// [Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html
|
||||||
package sts
|
package sts
|
||||||
|
8
vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go
generated
vendored
8
vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go
generated
vendored
@ -1045,7 +1045,7 @@ type endpointParamsBinder interface {
|
|||||||
bindEndpointParams(*EndpointParameters)
|
bindEndpointParams(*EndpointParameters)
|
||||||
}
|
}
|
||||||
|
|
||||||
func bindEndpointParams(input interface{}, options Options) *EndpointParameters {
|
func bindEndpointParams(ctx context.Context, input interface{}, options Options) *EndpointParameters {
|
||||||
params := &EndpointParameters{}
|
params := &EndpointParameters{}
|
||||||
|
|
||||||
params.Region = bindRegion(options.Region)
|
params.Region = bindRegion(options.Region)
|
||||||
@ -1075,6 +1075,10 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
|
|||||||
return next.HandleFinalize(ctx, in)
|
return next.HandleFinalize(ctx, in)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if err := checkAccountID(getIdentity(ctx), m.options.AccountIDEndpointMode); err != nil {
|
||||||
|
return out, metadata, fmt.Errorf("invalid accountID set: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
req, ok := in.Request.(*smithyhttp.Request)
|
req, ok := in.Request.(*smithyhttp.Request)
|
||||||
if !ok {
|
if !ok {
|
||||||
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
|
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
|
||||||
@ -1084,7 +1088,7 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
|
|||||||
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
|
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
|
||||||
}
|
}
|
||||||
|
|
||||||
params := bindEndpointParams(getOperationInput(ctx), m.options)
|
params := bindEndpointParams(ctx, getOperationInput(ctx), m.options)
|
||||||
endpt, err := m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
|
endpt, err := m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
|
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
|
||||||
|
3
vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json
generated
vendored
3
vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json
generated
vendored
@ -5,8 +5,7 @@
|
|||||||
"github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
|
"github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
|
||||||
"github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding": "v1.0.5",
|
"github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding": "v1.0.5",
|
||||||
"github.com/aws/aws-sdk-go-v2/service/internal/presigned-url": "v1.0.7",
|
"github.com/aws/aws-sdk-go-v2/service/internal/presigned-url": "v1.0.7",
|
||||||
"github.com/aws/smithy-go": "v1.4.0",
|
"github.com/aws/smithy-go": "v1.4.0"
|
||||||
"github.com/google/go-cmp": "v0.5.4"
|
|
||||||
},
|
},
|
||||||
"files": [
|
"files": [
|
||||||
"api_client.go",
|
"api_client.go",
|
||||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
|||||||
package sts
|
package sts
|
||||||
|
|
||||||
// goModuleVersion is the tagged release for this module
|
// goModuleVersion is the tagged release for this module
|
||||||
const goModuleVersion = "1.28.1"
|
const goModuleVersion = "1.29.1"
|
||||||
|
34
vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go
generated
vendored
34
vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go
generated
vendored
@ -24,6 +24,9 @@ type Options struct {
|
|||||||
// modify this list for per operation behavior.
|
// modify this list for per operation behavior.
|
||||||
APIOptions []func(*middleware.Stack) error
|
APIOptions []func(*middleware.Stack) error
|
||||||
|
|
||||||
|
// Indicates how aws account ID is applied in endpoint2.0 routing
|
||||||
|
AccountIDEndpointMode aws.AccountIDEndpointMode
|
||||||
|
|
||||||
// The optional application specific identifier appended to the User-Agent header.
|
// The optional application specific identifier appended to the User-Agent header.
|
||||||
AppID string
|
AppID string
|
||||||
|
|
||||||
@ -50,8 +53,10 @@ type Options struct {
|
|||||||
// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
|
// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
|
||||||
// value for this field will likely prevent you from using any endpoint-related
|
// value for this field will likely prevent you from using any endpoint-related
|
||||||
// service features released after the introduction of EndpointResolverV2 and
|
// service features released after the introduction of EndpointResolverV2 and
|
||||||
// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
|
// BaseEndpoint.
|
||||||
// endpoint, set the client option BaseEndpoint instead.
|
//
|
||||||
|
// To migrate an EndpointResolver implementation that uses a custom endpoint, set
|
||||||
|
// the client option BaseEndpoint instead.
|
||||||
EndpointResolver EndpointResolver
|
EndpointResolver EndpointResolver
|
||||||
|
|
||||||
// Resolves the endpoint used for a particular service operation. This should be
|
// Resolves the endpoint used for a particular service operation. This should be
|
||||||
@ -70,17 +75,20 @@ type Options struct {
|
|||||||
// RetryMaxAttempts specifies the maximum number attempts an API client will call
|
// RetryMaxAttempts specifies the maximum number attempts an API client will call
|
||||||
// an operation that fails with a retryable error. A value of 0 is ignored, and
|
// an operation that fails with a retryable error. A value of 0 is ignored, and
|
||||||
// will not be used to configure the API client created default retryer, or modify
|
// will not be used to configure the API client created default retryer, or modify
|
||||||
// per operation call's retry max attempts. If specified in an operation call's
|
// per operation call's retry max attempts.
|
||||||
// functional options with a value that is different than the constructed client's
|
//
|
||||||
// Options, the Client's Retryer will be wrapped to use the operation's specific
|
// If specified in an operation call's functional options with a value that is
|
||||||
// RetryMaxAttempts value.
|
// different than the constructed client's Options, the Client's Retryer will be
|
||||||
|
// wrapped to use the operation's specific RetryMaxAttempts value.
|
||||||
RetryMaxAttempts int
|
RetryMaxAttempts int
|
||||||
|
|
||||||
// RetryMode specifies the retry mode the API client will be created with, if
|
// RetryMode specifies the retry mode the API client will be created with, if
|
||||||
// Retryer option is not also specified. When creating a new API Clients this
|
// Retryer option is not also specified.
|
||||||
// member will only be used if the Retryer Options member is nil. This value will
|
//
|
||||||
// be ignored if Retryer is not nil. Currently does not support per operation call
|
// When creating a new API Clients this member will only be used if the Retryer
|
||||||
// overrides, may in the future.
|
// Options member is nil. This value will be ignored if Retryer is not nil.
|
||||||
|
//
|
||||||
|
// Currently does not support per operation call overrides, may in the future.
|
||||||
RetryMode aws.RetryMode
|
RetryMode aws.RetryMode
|
||||||
|
|
||||||
// Retryer guides how HTTP requests should be retried in case of recoverable
|
// Retryer guides how HTTP requests should be retried in case of recoverable
|
||||||
@ -97,8 +105,9 @@ type Options struct {
|
|||||||
|
|
||||||
// The initial DefaultsMode used when the client options were constructed. If the
|
// The initial DefaultsMode used when the client options were constructed. If the
|
||||||
// DefaultsMode was set to aws.DefaultsModeAuto this will store what the resolved
|
// DefaultsMode was set to aws.DefaultsModeAuto this will store what the resolved
|
||||||
// value was at that point in time. Currently does not support per operation call
|
// value was at that point in time.
|
||||||
// overrides, may in the future.
|
//
|
||||||
|
// Currently does not support per operation call overrides, may in the future.
|
||||||
resolvedDefaultsMode aws.DefaultsMode
|
resolvedDefaultsMode aws.DefaultsMode
|
||||||
|
|
||||||
// The HTTP client to invoke API calls with. Defaults to client's default HTTP
|
// The HTTP client to invoke API calls with. Defaults to client's default HTTP
|
||||||
@ -143,6 +152,7 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
|
|||||||
// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
|
// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
|
||||||
// this field will likely prevent you from using any endpoint-related service
|
// this field will likely prevent you from using any endpoint-related service
|
||||||
// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
|
// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
|
||||||
|
//
|
||||||
// To migrate an EndpointResolver implementation that uses a custom endpoint, set
|
// To migrate an EndpointResolver implementation that uses a custom endpoint, set
|
||||||
// the client option BaseEndpoint instead.
|
// the client option BaseEndpoint instead.
|
||||||
func WithEndpointResolver(v EndpointResolver) func(*Options) {
|
func WithEndpointResolver(v EndpointResolver) func(*Options) {
|
||||||
|
26
vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/errors.go
generated
vendored
26
vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/errors.go
generated
vendored
@ -65,9 +65,10 @@ func (e *IDPCommunicationErrorException) ErrorCode() string {
|
|||||||
func (e *IDPCommunicationErrorException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
|
func (e *IDPCommunicationErrorException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
|
||||||
|
|
||||||
// The identity provider (IdP) reported that authentication failed. This might be
|
// The identity provider (IdP) reported that authentication failed. This might be
|
||||||
// because the claim is invalid. If this error is returned for the
|
// because the claim is invalid.
|
||||||
// AssumeRoleWithWebIdentity operation, it can also mean that the claim has expired
|
//
|
||||||
// or has been explicitly revoked.
|
// If this error is returned for the AssumeRoleWithWebIdentity operation, it can
|
||||||
|
// also mean that the claim has expired or has been explicitly revoked.
|
||||||
type IDPRejectedClaimException struct {
|
type IDPRejectedClaimException struct {
|
||||||
Message *string
|
Message *string
|
||||||
|
|
||||||
@ -183,11 +184,13 @@ func (e *MalformedPolicyDocumentException) ErrorFault() smithy.ErrorFault { retu
|
|||||||
// compresses the session policy document, session policy ARNs, and session tags
|
// compresses the session policy document, session policy ARNs, and session tags
|
||||||
// into a packed binary format that has a separate limit. The error message
|
// into a packed binary format that has a separate limit. The error message
|
||||||
// indicates by percentage how close the policies and tags are to the upper size
|
// indicates by percentage how close the policies and tags are to the upper size
|
||||||
// limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
// limit. For more information, see [Passing Session Tags in STS]in the IAM User Guide.
|
||||||
// in the IAM User Guide. You could receive this error even though you meet other
|
//
|
||||||
// defined session policy and session tag limits. For more information, see IAM
|
// You could receive this error even though you meet other defined session policy
|
||||||
// and STS Entity Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
|
// and session tag limits. For more information, see [IAM and STS Entity Character Limits]in the IAM User Guide.
|
||||||
// in the IAM User Guide.
|
//
|
||||||
|
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
||||||
|
// [IAM and STS Entity Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length
|
||||||
type PackedPolicyTooLargeException struct {
|
type PackedPolicyTooLargeException struct {
|
||||||
Message *string
|
Message *string
|
||||||
|
|
||||||
@ -215,9 +218,10 @@ func (e *PackedPolicyTooLargeException) ErrorFault() smithy.ErrorFault { return
|
|||||||
|
|
||||||
// STS is not activated in the requested region for the account that is being
|
// STS is not activated in the requested region for the account that is being
|
||||||
// asked to generate credentials. The account administrator must use the IAM
|
// asked to generate credentials. The account administrator must use the IAM
|
||||||
// console to activate STS in that region. For more information, see Activating
|
// console to activate STS in that region. For more information, see [Activating and Deactivating Amazon Web Services STS in an Amazon Web Services Region]in the IAM
|
||||||
// and Deactivating Amazon Web Services STS in an Amazon Web Services Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
|
// User Guide.
|
||||||
// in the IAM User Guide.
|
//
|
||||||
|
// [Activating and Deactivating Amazon Web Services STS in an Amazon Web Services Region]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
|
||||||
type RegionDisabledException struct {
|
type RegionDisabledException struct {
|
||||||
Message *string
|
Message *string
|
||||||
|
|
||||||
|
50
vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go
generated
vendored
50
vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go
generated
vendored
@ -11,10 +11,11 @@ import (
|
|||||||
// returns.
|
// returns.
|
||||||
type AssumedRoleUser struct {
|
type AssumedRoleUser struct {
|
||||||
|
|
||||||
// The ARN of the temporary security credentials that are returned from the
|
// The ARN of the temporary security credentials that are returned from the AssumeRole
|
||||||
// AssumeRole action. For more information about ARNs and how to use them in
|
// action. For more information about ARNs and how to use them in policies, see [IAM Identifiers]in
|
||||||
// policies, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
|
// the IAM User Guide.
|
||||||
// in the IAM User Guide.
|
//
|
||||||
|
// [IAM Identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
|
||||||
//
|
//
|
||||||
// This member is required.
|
// This member is required.
|
||||||
Arn *string
|
Arn *string
|
||||||
@ -61,8 +62,9 @@ type FederatedUser struct {
|
|||||||
|
|
||||||
// The ARN that specifies the federated user that is associated with the
|
// The ARN that specifies the federated user that is associated with the
|
||||||
// credentials. For more information about ARNs and how to use them in policies,
|
// credentials. For more information about ARNs and how to use them in policies,
|
||||||
// see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
|
// see [IAM Identifiers]in the IAM User Guide.
|
||||||
// in the IAM User Guide.
|
//
|
||||||
|
// [IAM Identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
|
||||||
//
|
//
|
||||||
// This member is required.
|
// This member is required.
|
||||||
Arn *string
|
Arn *string
|
||||||
@ -81,9 +83,10 @@ type FederatedUser struct {
|
|||||||
type PolicyDescriptorType struct {
|
type PolicyDescriptorType struct {
|
||||||
|
|
||||||
// The Amazon Resource Name (ARN) of the IAM managed policy to use as a session
|
// The Amazon Resource Name (ARN) of the IAM managed policy to use as a session
|
||||||
// policy for the role. For more information about ARNs, see Amazon Resource Names
|
// policy for the role. For more information about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]in the Amazon Web
|
||||||
// (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
// Services General Reference.
|
||||||
// in the Amazon Web Services General Reference.
|
//
|
||||||
|
// [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
||||||
Arn *string
|
Arn *string
|
||||||
|
|
||||||
noSmithyDocumentSerde
|
noSmithyDocumentSerde
|
||||||
@ -107,23 +110,30 @@ type ProvidedContext struct {
|
|||||||
|
|
||||||
// You can pass custom key-value pair attributes when you assume a role or
|
// You can pass custom key-value pair attributes when you assume a role or
|
||||||
// federate a user. These are called session tags. You can then use the session
|
// federate a user. These are called session tags. You can then use the session
|
||||||
// tags to control access to resources. For more information, see Tagging Amazon
|
// tags to control access to resources. For more information, see [Tagging Amazon Web Services STS Sessions]in the IAM User
|
||||||
// Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
// Guide.
|
||||||
// in the IAM User Guide.
|
//
|
||||||
|
// [Tagging Amazon Web Services STS Sessions]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
||||||
type Tag struct {
|
type Tag struct {
|
||||||
|
|
||||||
// The key for a session tag. You can pass up to 50 session tags. The plain text
|
// The key for a session tag.
|
||||||
// session tag keys can’t exceed 128 characters. For these and additional limits,
|
//
|
||||||
// see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
// You can pass up to 50 session tags. The plain text session tag keys can’t
|
||||||
// in the IAM User Guide.
|
// exceed 128 characters. For these and additional limits, see [IAM and STS Character Limits]in the IAM User
|
||||||
|
// Guide.
|
||||||
|
//
|
||||||
|
// [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
||||||
//
|
//
|
||||||
// This member is required.
|
// This member is required.
|
||||||
Key *string
|
Key *string
|
||||||
|
|
||||||
// The value for a session tag. You can pass up to 50 session tags. The plain text
|
// The value for a session tag.
|
||||||
// session tag values can’t exceed 256 characters. For these and additional limits,
|
//
|
||||||
// see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
// You can pass up to 50 session tags. The plain text session tag values can’t
|
||||||
// in the IAM User Guide.
|
// exceed 256 characters. For these and additional limits, see [IAM and STS Character Limits]in the IAM User
|
||||||
|
// Guide.
|
||||||
|
//
|
||||||
|
// [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
||||||
//
|
//
|
||||||
// This member is required.
|
// This member is required.
|
||||||
Value *string
|
Value *string
|
||||||
|
585
vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
generated
vendored
585
vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
generated
vendored
@ -1079,6 +1079,9 @@ var awsPartition = partition{
|
|||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ap-southeast-2",
|
Region: "ap-southeast-2",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ca-central-1",
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-central-1",
|
Region: "eu-central-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
@ -1091,6 +1094,9 @@ var awsPartition = partition{
|
|||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-west-3",
|
Region: "eu-west-3",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "sa-east-1",
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "us-east-1",
|
Region: "us-east-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
@ -4583,91 +4589,6 @@ var awsPartition = partition{
|
|||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"backupstorage": service{
|
|
||||||
Endpoints: serviceEndpoints{
|
|
||||||
endpointKey{
|
|
||||||
Region: "af-south-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "ap-east-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "ap-northeast-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "ap-northeast-2",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "ap-northeast-3",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "ap-south-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "ap-south-2",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "ap-southeast-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "ap-southeast-2",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "ap-southeast-3",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "ap-southeast-4",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "ca-central-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "eu-central-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "eu-central-2",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "eu-north-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "eu-south-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "eu-south-2",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "eu-west-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "eu-west-2",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "eu-west-3",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "me-central-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "me-south-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "sa-east-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "us-east-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "us-east-2",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "us-west-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "us-west-2",
|
|
||||||
}: endpoint{},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"batch": service{
|
"batch": service{
|
||||||
Defaults: endpointDefaults{
|
Defaults: endpointDefaults{
|
||||||
defaultKey{}: endpoint{},
|
defaultKey{}: endpoint{},
|
||||||
@ -4873,6 +4794,14 @@ var awsPartition = partition{
|
|||||||
Region: "ap-southeast-2",
|
Region: "ap-southeast-2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "bedrock-ca-central-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "bedrock.ca-central-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "ca-central-1",
|
||||||
|
},
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "bedrock-eu-central-1",
|
Region: "bedrock-eu-central-1",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
@ -4889,6 +4818,14 @@ var awsPartition = partition{
|
|||||||
Region: "eu-west-1",
|
Region: "eu-west-1",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "bedrock-eu-west-2",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "bedrock.eu-west-2.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "eu-west-2",
|
||||||
|
},
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "bedrock-eu-west-3",
|
Region: "bedrock-eu-west-3",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
@ -4897,6 +4834,14 @@ var awsPartition = partition{
|
|||||||
Region: "eu-west-3",
|
Region: "eu-west-3",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "bedrock-fips-ca-central-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "bedrock-fips.ca-central-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "ca-central-1",
|
||||||
|
},
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "bedrock-fips-us-east-1",
|
Region: "bedrock-fips-us-east-1",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
@ -4945,6 +4890,14 @@ var awsPartition = partition{
|
|||||||
Region: "ap-southeast-2",
|
Region: "ap-southeast-2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "bedrock-runtime-ca-central-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "bedrock-runtime.ca-central-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "ca-central-1",
|
||||||
|
},
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "bedrock-runtime-eu-central-1",
|
Region: "bedrock-runtime-eu-central-1",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
@ -4961,6 +4914,14 @@ var awsPartition = partition{
|
|||||||
Region: "eu-west-1",
|
Region: "eu-west-1",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "bedrock-runtime-eu-west-2",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "bedrock-runtime.eu-west-2.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "eu-west-2",
|
||||||
|
},
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "bedrock-runtime-eu-west-3",
|
Region: "bedrock-runtime-eu-west-3",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
@ -4969,6 +4930,14 @@ var awsPartition = partition{
|
|||||||
Region: "eu-west-3",
|
Region: "eu-west-3",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "bedrock-runtime-fips-ca-central-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "bedrock-runtime-fips.ca-central-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "ca-central-1",
|
||||||
|
},
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "bedrock-runtime-fips-us-east-1",
|
Region: "bedrock-runtime-fips-us-east-1",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
@ -4985,6 +4954,14 @@ var awsPartition = partition{
|
|||||||
Region: "us-west-2",
|
Region: "us-west-2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "bedrock-runtime-sa-east-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "bedrock-runtime.sa-east-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "sa-east-1",
|
||||||
|
},
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "bedrock-runtime-us-east-1",
|
Region: "bedrock-runtime-us-east-1",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
@ -5001,6 +4978,14 @@ var awsPartition = partition{
|
|||||||
Region: "us-west-2",
|
Region: "us-west-2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "bedrock-sa-east-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "bedrock.sa-east-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "sa-east-1",
|
||||||
|
},
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "bedrock-us-east-1",
|
Region: "bedrock-us-east-1",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
@ -5017,15 +5002,24 @@ var awsPartition = partition{
|
|||||||
Region: "us-west-2",
|
Region: "us-west-2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ca-central-1",
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-central-1",
|
Region: "eu-central-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-west-1",
|
Region: "eu-west-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "eu-west-2",
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-west-3",
|
Region: "eu-west-3",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "sa-east-1",
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "us-east-1",
|
Region: "us-east-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
@ -5083,6 +5077,12 @@ var awsPartition = partition{
|
|||||||
},
|
},
|
||||||
"cases": service{
|
"cases": service{
|
||||||
Endpoints: serviceEndpoints{
|
Endpoints: serviceEndpoints{
|
||||||
|
endpointKey{
|
||||||
|
Region: "ap-northeast-1",
|
||||||
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ap-northeast-2",
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ap-southeast-1",
|
Region: "ap-southeast-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
@ -5297,69 +5297,157 @@ var awsPartition = partition{
|
|||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "af-south-1",
|
Region: "af-south-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "af-south-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ap-east-1",
|
Region: "ap-east-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ap-east-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ap-northeast-1",
|
Region: "ap-northeast-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ap-northeast-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ap-northeast-2",
|
Region: "ap-northeast-2",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ap-northeast-2",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ap-northeast-3",
|
Region: "ap-northeast-3",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ap-northeast-3",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ap-south-1",
|
Region: "ap-south-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ap-south-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ap-southeast-1",
|
Region: "ap-southeast-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ap-southeast-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ap-southeast-2",
|
Region: "ap-southeast-2",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ap-southeast-2",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ca-central-1",
|
Region: "ca-central-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ca-central-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-central-1",
|
Region: "eu-central-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "eu-central-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-north-1",
|
Region: "eu-north-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "eu-north-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-south-1",
|
Region: "eu-south-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "eu-south-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-west-1",
|
Region: "eu-west-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "eu-west-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-west-2",
|
Region: "eu-west-2",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "eu-west-2",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-west-3",
|
Region: "eu-west-3",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "eu-west-3",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "il-central-1",
|
Region: "il-central-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "il-central-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "me-south-1",
|
Region: "me-south-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "me-south-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "sa-east-1",
|
Region: "sa-east-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "sa-east-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "us-east-1",
|
Region: "us-east-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-east-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "us-east-2",
|
Region: "us-east-2",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-east-2",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "us-west-1",
|
Region: "us-west-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-west-1",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "us-west-2",
|
Region: "us-west-2",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-west-2",
|
||||||
|
Variant: dualStackVariant,
|
||||||
|
}: endpoint{},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"cloudcontrolapi": service{
|
"cloudcontrolapi": service{
|
||||||
@ -9264,9 +9352,21 @@ var awsPartition = partition{
|
|||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ca-central-1",
|
Region: "ca-central-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ca-central-1",
|
||||||
|
Variant: fipsVariant,
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "directconnect-fips.ca-central-1.amazonaws.com",
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ca-west-1",
|
Region: "ca-west-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ca-west-1",
|
||||||
|
Variant: fipsVariant,
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "directconnect-fips.ca-west-1.amazonaws.com",
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-central-1",
|
Region: "eu-central-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
@ -9291,6 +9391,24 @@ var awsPartition = partition{
|
|||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-west-3",
|
Region: "eu-west-3",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "fips-ca-central-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "directconnect-fips.ca-central-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "ca-central-1",
|
||||||
|
},
|
||||||
|
Deprecated: boxedTrue,
|
||||||
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "fips-ca-west-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "directconnect-fips.ca-west-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "ca-west-1",
|
||||||
|
},
|
||||||
|
Deprecated: boxedTrue,
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "fips-us-east-1",
|
Region: "fips-us-east-1",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
@ -15561,6 +15679,9 @@ var awsPartition = partition{
|
|||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ca-central-1",
|
Region: "ca-central-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ca-west-1",
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-central-1",
|
Region: "eu-central-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
@ -17465,12 +17586,27 @@ var awsPartition = partition{
|
|||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ca-central-1",
|
Region: "ca-central-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ca-central-1",
|
||||||
|
Variant: fipsVariant,
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "kendra-fips.ca-central-1.amazonaws.com",
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-west-1",
|
Region: "eu-west-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-west-2",
|
Region: "eu-west-2",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "fips-ca-central-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "kendra-fips.ca-central-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "ca-central-1",
|
||||||
|
},
|
||||||
|
Deprecated: boxedTrue,
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "fips-us-east-1",
|
Region: "fips-us-east-1",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
@ -21684,6 +21820,9 @@ var awsPartition = partition{
|
|||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "ca-central-1",
|
Region: "ca-central-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ca-west-1",
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-central-1",
|
Region: "eu-central-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
@ -25241,6 +25380,9 @@ var awsPartition = partition{
|
|||||||
},
|
},
|
||||||
Deprecated: boxedTrue,
|
Deprecated: boxedTrue,
|
||||||
},
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "me-central-1",
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "sa-east-1",
|
Region: "sa-east-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
@ -31870,6 +32012,24 @@ var awsPartition = partition{
|
|||||||
},
|
},
|
||||||
Deprecated: boxedTrue,
|
Deprecated: boxedTrue,
|
||||||
},
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ca-west-1",
|
||||||
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ca-west-1",
|
||||||
|
Variant: fipsVariant,
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "storagegateway-fips.ca-west-1.amazonaws.com",
|
||||||
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "ca-west-1-fips",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "storagegateway-fips.ca-west-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "ca-west-1",
|
||||||
|
},
|
||||||
|
Deprecated: boxedTrue,
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-central-1",
|
Region: "eu-central-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
@ -33793,6 +33953,9 @@ var awsPartition = partition{
|
|||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "eu-west-2",
|
Region: "eu-west-2",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "eu-west-3",
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "sa-east-1",
|
Region: "sa-east-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
@ -33802,6 +33965,9 @@ var awsPartition = partition{
|
|||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "us-east-2",
|
Region: "us-east-2",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-west-1",
|
||||||
|
}: endpoint{},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "us-west-2",
|
Region: "us-west-2",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
@ -36138,16 +36304,6 @@ var awscnPartition = partition{
|
|||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"backupstorage": service{
|
|
||||||
Endpoints: serviceEndpoints{
|
|
||||||
endpointKey{
|
|
||||||
Region: "cn-north-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "cn-northwest-1",
|
|
||||||
}: endpoint{},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"batch": service{
|
"batch": service{
|
||||||
Endpoints: serviceEndpoints{
|
Endpoints: serviceEndpoints{
|
||||||
endpointKey{
|
endpointKey{
|
||||||
@ -38917,16 +39073,6 @@ var awsusgovPartition = partition{
|
|||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"backupstorage": service{
|
|
||||||
Endpoints: serviceEndpoints{
|
|
||||||
endpointKey{
|
|
||||||
Region: "us-gov-east-1",
|
|
||||||
}: endpoint{},
|
|
||||||
endpointKey{
|
|
||||||
Region: "us-gov-west-1",
|
|
||||||
}: endpoint{},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"batch": service{
|
"batch": service{
|
||||||
Defaults: endpointDefaults{
|
Defaults: endpointDefaults{
|
||||||
defaultKey{}: endpoint{},
|
defaultKey{}: endpoint{},
|
||||||
@ -38977,6 +39123,22 @@ var awsusgovPartition = partition{
|
|||||||
},
|
},
|
||||||
"bedrock": service{
|
"bedrock": service{
|
||||||
Endpoints: serviceEndpoints{
|
Endpoints: serviceEndpoints{
|
||||||
|
endpointKey{
|
||||||
|
Region: "bedrock-fips-us-gov-west-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "bedrock-fips.us-gov-west-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "us-gov-west-1",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "bedrock-runtime-fips-us-gov-west-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "bedrock-runtime-fips.us-gov-west-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "us-gov-west-1",
|
||||||
|
},
|
||||||
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "bedrock-runtime-us-gov-west-1",
|
Region: "bedrock-runtime-us-gov-west-1",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
@ -41821,6 +41983,62 @@ var awsusgovPartition = partition{
|
|||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
"kinesisvideo": service{
|
||||||
|
Endpoints: serviceEndpoints{
|
||||||
|
endpointKey{
|
||||||
|
Region: "fips-us-gov-east-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "kinesisvideo-fips.us-gov-east-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "us-gov-east-1",
|
||||||
|
},
|
||||||
|
Deprecated: boxedTrue,
|
||||||
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "fips-us-gov-west-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "kinesisvideo-fips.us-gov-west-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "us-gov-west-1",
|
||||||
|
},
|
||||||
|
Deprecated: boxedTrue,
|
||||||
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-gov-east-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "kinesisvideo-fips.us-gov-east-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "us-gov-east-1",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-gov-east-1",
|
||||||
|
Variant: fipsVariant,
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "kinesisvideo-fips.us-gov-east-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "us-gov-east-1",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-gov-west-1",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "kinesisvideo-fips.us-gov-west-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "us-gov-west-1",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-gov-west-1",
|
||||||
|
Variant: fipsVariant,
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "kinesisvideo-fips.us-gov-west-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "us-gov-west-1",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
"kms": service{
|
"kms": service{
|
||||||
Endpoints: serviceEndpoints{
|
Endpoints: serviceEndpoints{
|
||||||
endpointKey{
|
endpointKey{
|
||||||
@ -43562,6 +43780,46 @@ var awsusgovPartition = partition{
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
"securitylake": service{
|
||||||
|
Endpoints: serviceEndpoints{
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-gov-east-1",
|
||||||
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-gov-east-1",
|
||||||
|
Variant: fipsVariant,
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "securitylake.us-gov-east-1.amazonaws.com",
|
||||||
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-gov-east-1-fips",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "securitylake.us-gov-east-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "us-gov-east-1",
|
||||||
|
},
|
||||||
|
Deprecated: boxedTrue,
|
||||||
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-gov-west-1",
|
||||||
|
}: endpoint{},
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-gov-west-1",
|
||||||
|
Variant: fipsVariant,
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "securitylake.us-gov-west-1.amazonaws.com",
|
||||||
|
},
|
||||||
|
endpointKey{
|
||||||
|
Region: "us-gov-west-1-fips",
|
||||||
|
}: endpoint{
|
||||||
|
Hostname: "securitylake.us-gov-west-1.amazonaws.com",
|
||||||
|
CredentialScope: credentialScope{
|
||||||
|
Region: "us-gov-west-1",
|
||||||
|
},
|
||||||
|
Deprecated: boxedTrue,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
"serverlessrepo": service{
|
"serverlessrepo": service{
|
||||||
Defaults: endpointDefaults{
|
Defaults: endpointDefaults{
|
||||||
defaultKey{}: endpoint{
|
defaultKey{}: endpoint{
|
||||||
@ -45743,42 +46001,12 @@ var awsisoPartition = partition{
|
|||||||
},
|
},
|
||||||
"ram": service{
|
"ram": service{
|
||||||
Endpoints: serviceEndpoints{
|
Endpoints: serviceEndpoints{
|
||||||
endpointKey{
|
|
||||||
Region: "fips-us-iso-east-1",
|
|
||||||
}: endpoint{
|
|
||||||
Hostname: "ram-fips.us-iso-east-1.c2s.ic.gov",
|
|
||||||
CredentialScope: credentialScope{
|
|
||||||
Region: "us-iso-east-1",
|
|
||||||
},
|
|
||||||
Deprecated: boxedTrue,
|
|
||||||
},
|
|
||||||
endpointKey{
|
|
||||||
Region: "fips-us-iso-west-1",
|
|
||||||
}: endpoint{
|
|
||||||
Hostname: "ram-fips.us-iso-west-1.c2s.ic.gov",
|
|
||||||
CredentialScope: credentialScope{
|
|
||||||
Region: "us-iso-west-1",
|
|
||||||
},
|
|
||||||
Deprecated: boxedTrue,
|
|
||||||
},
|
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "us-iso-east-1",
|
Region: "us-iso-east-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
endpointKey{
|
|
||||||
Region: "us-iso-east-1",
|
|
||||||
Variant: fipsVariant,
|
|
||||||
}: endpoint{
|
|
||||||
Hostname: "ram-fips.us-iso-east-1.c2s.ic.gov",
|
|
||||||
},
|
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "us-iso-west-1",
|
Region: "us-iso-west-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
endpointKey{
|
|
||||||
Region: "us-iso-west-1",
|
|
||||||
Variant: fipsVariant,
|
|
||||||
}: endpoint{
|
|
||||||
Hostname: "ram-fips.us-iso-west-1.c2s.ic.gov",
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"rbin": service{
|
"rbin": service{
|
||||||
@ -45823,37 +46051,10 @@ var awsisoPartition = partition{
|
|||||||
},
|
},
|
||||||
"rds": service{
|
"rds": service{
|
||||||
Endpoints: serviceEndpoints{
|
Endpoints: serviceEndpoints{
|
||||||
endpointKey{
|
|
||||||
Region: "rds-fips.us-iso-east-1",
|
|
||||||
}: endpoint{
|
|
||||||
Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov",
|
|
||||||
CredentialScope: credentialScope{
|
|
||||||
Region: "us-iso-east-1",
|
|
||||||
},
|
|
||||||
Deprecated: boxedTrue,
|
|
||||||
},
|
|
||||||
endpointKey{
|
|
||||||
Region: "rds-fips.us-iso-west-1",
|
|
||||||
}: endpoint{
|
|
||||||
Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov",
|
|
||||||
CredentialScope: credentialScope{
|
|
||||||
Region: "us-iso-west-1",
|
|
||||||
},
|
|
||||||
Deprecated: boxedTrue,
|
|
||||||
},
|
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "rds.us-iso-east-1",
|
Region: "rds.us-iso-east-1",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
CredentialScope: credentialScope{
|
Hostname: "rds.us-iso-east-1.c2s.ic.gov",
|
||||||
Region: "us-iso-east-1",
|
|
||||||
},
|
|
||||||
Deprecated: boxedTrue,
|
|
||||||
},
|
|
||||||
endpointKey{
|
|
||||||
Region: "rds.us-iso-east-1",
|
|
||||||
Variant: fipsVariant,
|
|
||||||
}: endpoint{
|
|
||||||
Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov",
|
|
||||||
CredentialScope: credentialScope{
|
CredentialScope: credentialScope{
|
||||||
Region: "us-iso-east-1",
|
Region: "us-iso-east-1",
|
||||||
},
|
},
|
||||||
@ -45862,16 +46063,7 @@ var awsisoPartition = partition{
|
|||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "rds.us-iso-west-1",
|
Region: "rds.us-iso-west-1",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
CredentialScope: credentialScope{
|
Hostname: "rds.us-iso-west-1.c2s.ic.gov",
|
||||||
Region: "us-iso-west-1",
|
|
||||||
},
|
|
||||||
Deprecated: boxedTrue,
|
|
||||||
},
|
|
||||||
endpointKey{
|
|
||||||
Region: "rds.us-iso-west-1",
|
|
||||||
Variant: fipsVariant,
|
|
||||||
}: endpoint{
|
|
||||||
Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov",
|
|
||||||
CredentialScope: credentialScope{
|
CredentialScope: credentialScope{
|
||||||
Region: "us-iso-west-1",
|
Region: "us-iso-west-1",
|
||||||
},
|
},
|
||||||
@ -45884,12 +46076,12 @@ var awsisoPartition = partition{
|
|||||||
Region: "us-iso-east-1",
|
Region: "us-iso-east-1",
|
||||||
Variant: fipsVariant,
|
Variant: fipsVariant,
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov",
|
Hostname: "rds.us-iso-east-1.c2s.ic.gov",
|
||||||
},
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "us-iso-east-1-fips",
|
Region: "us-iso-east-1-fips",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov",
|
Hostname: "rds.us-iso-east-1.c2s.ic.gov",
|
||||||
CredentialScope: credentialScope{
|
CredentialScope: credentialScope{
|
||||||
Region: "us-iso-east-1",
|
Region: "us-iso-east-1",
|
||||||
},
|
},
|
||||||
@ -45902,12 +46094,12 @@ var awsisoPartition = partition{
|
|||||||
Region: "us-iso-west-1",
|
Region: "us-iso-west-1",
|
||||||
Variant: fipsVariant,
|
Variant: fipsVariant,
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov",
|
Hostname: "rds.us-iso-west-1.c2s.ic.gov",
|
||||||
},
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "us-iso-west-1-fips",
|
Region: "us-iso-west-1-fips",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov",
|
Hostname: "rds.us-iso-west-1.c2s.ic.gov",
|
||||||
CredentialScope: credentialScope{
|
CredentialScope: credentialScope{
|
||||||
Region: "us-iso-west-1",
|
Region: "us-iso-west-1",
|
||||||
},
|
},
|
||||||
@ -46866,24 +47058,9 @@ var awsisobPartition = partition{
|
|||||||
},
|
},
|
||||||
"ram": service{
|
"ram": service{
|
||||||
Endpoints: serviceEndpoints{
|
Endpoints: serviceEndpoints{
|
||||||
endpointKey{
|
|
||||||
Region: "fips-us-isob-east-1",
|
|
||||||
}: endpoint{
|
|
||||||
Hostname: "ram-fips.us-isob-east-1.sc2s.sgov.gov",
|
|
||||||
CredentialScope: credentialScope{
|
|
||||||
Region: "us-isob-east-1",
|
|
||||||
},
|
|
||||||
Deprecated: boxedTrue,
|
|
||||||
},
|
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "us-isob-east-1",
|
Region: "us-isob-east-1",
|
||||||
}: endpoint{},
|
}: endpoint{},
|
||||||
endpointKey{
|
|
||||||
Region: "us-isob-east-1",
|
|
||||||
Variant: fipsVariant,
|
|
||||||
}: endpoint{
|
|
||||||
Hostname: "ram-fips.us-isob-east-1.sc2s.sgov.gov",
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"rbin": service{
|
"rbin": service{
|
||||||
@ -46910,28 +47087,10 @@ var awsisobPartition = partition{
|
|||||||
},
|
},
|
||||||
"rds": service{
|
"rds": service{
|
||||||
Endpoints: serviceEndpoints{
|
Endpoints: serviceEndpoints{
|
||||||
endpointKey{
|
|
||||||
Region: "rds-fips.us-isob-east-1",
|
|
||||||
}: endpoint{
|
|
||||||
Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov",
|
|
||||||
CredentialScope: credentialScope{
|
|
||||||
Region: "us-isob-east-1",
|
|
||||||
},
|
|
||||||
Deprecated: boxedTrue,
|
|
||||||
},
|
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "rds.us-isob-east-1",
|
Region: "rds.us-isob-east-1",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
CredentialScope: credentialScope{
|
Hostname: "rds.us-isob-east-1.sc2s.sgov.gov",
|
||||||
Region: "us-isob-east-1",
|
|
||||||
},
|
|
||||||
Deprecated: boxedTrue,
|
|
||||||
},
|
|
||||||
endpointKey{
|
|
||||||
Region: "rds.us-isob-east-1",
|
|
||||||
Variant: fipsVariant,
|
|
||||||
}: endpoint{
|
|
||||||
Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov",
|
|
||||||
CredentialScope: credentialScope{
|
CredentialScope: credentialScope{
|
||||||
Region: "us-isob-east-1",
|
Region: "us-isob-east-1",
|
||||||
},
|
},
|
||||||
@ -46944,12 +47103,12 @@ var awsisobPartition = partition{
|
|||||||
Region: "us-isob-east-1",
|
Region: "us-isob-east-1",
|
||||||
Variant: fipsVariant,
|
Variant: fipsVariant,
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov",
|
Hostname: "rds.us-isob-east-1.sc2s.sgov.gov",
|
||||||
},
|
},
|
||||||
endpointKey{
|
endpointKey{
|
||||||
Region: "us-isob-east-1-fips",
|
Region: "us-isob-east-1-fips",
|
||||||
}: endpoint{
|
}: endpoint{
|
||||||
Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov",
|
Hostname: "rds.us-isob-east-1.sc2s.sgov.gov",
|
||||||
CredentialScope: credentialScope{
|
CredentialScope: credentialScope{
|
||||||
Region: "us-isob-east-1",
|
Region: "us-isob-east-1",
|
||||||
},
|
},
|
||||||
|
2
vendor/github.com/aws/aws-sdk-go/aws/version.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go/aws/version.go
generated
vendored
@ -5,4 +5,4 @@ package aws
|
|||||||
const SDKName = "aws-sdk-go"
|
const SDKName = "aws-sdk-go"
|
||||||
|
|
||||||
// SDKVersion is the version of this SDK
|
// SDKVersion is the version of this SDK
|
||||||
const SDKVersion = "1.53.14"
|
const SDKVersion = "1.54.6"
|
||||||
|
659
vendor/github.com/aws/aws-sdk-go/service/kms/api.go
generated
vendored
659
vendor/github.com/aws/aws-sdk-go/service/kms/api.go
generated
vendored
@ -807,6 +807,7 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req
|
|||||||
// for Amazon VPC endpoint service connectivity for an external key store.
|
// for Amazon VPC endpoint service connectivity for an external key store.
|
||||||
//
|
//
|
||||||
// - XksProxyInvalidResponseException
|
// - XksProxyInvalidResponseException
|
||||||
|
//
|
||||||
// KMS cannot interpret the response it received from the external key store
|
// KMS cannot interpret the response it received from the external key store
|
||||||
// proxy. The problem might be a poorly constructed response, but it could also
|
// proxy. The problem might be a poorly constructed response, but it could also
|
||||||
// be a transient network issue. If you see this error repeatedly, report it
|
// be a transient network issue. If you see this error repeatedly, report it
|
||||||
@ -1107,11 +1108,15 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out
|
|||||||
// Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair,
|
// Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair,
|
||||||
// or an SM2 key pair (China Regions only). The private key in an asymmetric
|
// or an SM2 key pair (China Regions only). The private key in an asymmetric
|
||||||
// KMS key never leaves KMS unencrypted. However, you can use the GetPublicKey
|
// KMS key never leaves KMS unencrypted. However, you can use the GetPublicKey
|
||||||
// operation to download the public key so it can be used outside of KMS. KMS
|
// operation to download the public key so it can be used outside of KMS. Each
|
||||||
// keys with RSA or SM2 key pairs can be used to encrypt or decrypt data or
|
// KMS key can have only one key usage. KMS keys with RSA key pairs can be used
|
||||||
// sign and verify messages (but not both). KMS keys with ECC key pairs can
|
// to encrypt and decrypt data or sign and verify messages (but not both). KMS
|
||||||
// be used only to sign and verify messages. For information about asymmetric
|
// keys with NIST-recommended ECC key pairs can be used to sign and verify messages
|
||||||
// KMS keys, see Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
|
// or derive shared secrets (but not both). KMS keys with ECC_SECG_P256K1 can
|
||||||
|
// be used only to sign and verify messages. KMS keys with SM2 key pairs (China
|
||||||
|
// Regions only) can be used to either encrypt and decrypt data, sign and verify
|
||||||
|
// messages, or derive shared secrets (you must choose one key usage type).
|
||||||
|
// For information about asymmetric KMS keys, see Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
|
||||||
// in the Key Management Service Developer Guide.
|
// in the Key Management Service Developer Guide.
|
||||||
//
|
//
|
||||||
// # HMAC KMS key
|
// # HMAC KMS key
|
||||||
@ -1554,7 +1559,8 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output
|
|||||||
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
// of a KMS key, use the DescribeKey operation.
|
// of a KMS key, use the DescribeKey operation.
|
||||||
//
|
//
|
||||||
// To find the encryption or signing algorithms supported for a particular KMS
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
@ -2068,6 +2074,219 @@ func (c *KMS) DeleteImportedKeyMaterialWithContext(ctx aws.Context, input *Delet
|
|||||||
return out, req.Send()
|
return out, req.Send()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const opDeriveSharedSecret = "DeriveSharedSecret"
|
||||||
|
|
||||||
|
// DeriveSharedSecretRequest generates a "aws/request.Request" representing the
|
||||||
|
// client's request for the DeriveSharedSecret operation. The "output" return
|
||||||
|
// value will be populated with the request's response once the request completes
|
||||||
|
// successfully.
|
||||||
|
//
|
||||||
|
// Use "Send" method on the returned Request to send the API call to the service.
|
||||||
|
// the "output" return value is not valid until after Send returns without error.
|
||||||
|
//
|
||||||
|
// See DeriveSharedSecret for more information on using the DeriveSharedSecret
|
||||||
|
// API call, and error handling.
|
||||||
|
//
|
||||||
|
// This method is useful when you want to inject custom logic or configuration
|
||||||
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
||||||
|
//
|
||||||
|
// // Example sending a request using the DeriveSharedSecretRequest method.
|
||||||
|
// req, resp := client.DeriveSharedSecretRequest(params)
|
||||||
|
//
|
||||||
|
// err := req.Send()
|
||||||
|
// if err == nil { // resp is now filled
|
||||||
|
// fmt.Println(resp)
|
||||||
|
// }
|
||||||
|
//
|
||||||
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeriveSharedSecret
|
||||||
|
func (c *KMS) DeriveSharedSecretRequest(input *DeriveSharedSecretInput) (req *request.Request, output *DeriveSharedSecretOutput) {
|
||||||
|
op := &request.Operation{
|
||||||
|
Name: opDeriveSharedSecret,
|
||||||
|
HTTPMethod: "POST",
|
||||||
|
HTTPPath: "/",
|
||||||
|
}
|
||||||
|
|
||||||
|
if input == nil {
|
||||||
|
input = &DeriveSharedSecretInput{}
|
||||||
|
}
|
||||||
|
|
||||||
|
output = &DeriveSharedSecretOutput{}
|
||||||
|
req = c.newRequest(op, input, output)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeriveSharedSecret API operation for AWS Key Management Service.
|
||||||
|
//
|
||||||
|
// Derives a shared secret using a key agreement algorithm.
|
||||||
|
//
|
||||||
|
// You must use an asymmetric NIST-recommended elliptic curve (ECC) or SM2 (China
|
||||||
|
// Regions only) KMS key pair with a KeyUsage value of KEY_AGREEMENT to call
|
||||||
|
// DeriveSharedSecret.
|
||||||
|
//
|
||||||
|
// DeriveSharedSecret uses the Elliptic Curve Cryptography Cofactor Diffie-Hellman
|
||||||
|
// Primitive (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf#page=60)
|
||||||
|
// (ECDH) to establish a key agreement between two peers by deriving a shared
|
||||||
|
// secret from their elliptic curve public-private key pairs. You can use the
|
||||||
|
// raw shared secret that DeriveSharedSecret returns to derive a symmetric key
|
||||||
|
// that can encrypt and decrypt data that is sent between the two peers, or
|
||||||
|
// that can generate and verify HMACs. KMS recommends that you follow NIST recommendations
|
||||||
|
// for key derivation (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf)
|
||||||
|
// when using the raw shared secret to derive a symmetric key.
|
||||||
|
//
|
||||||
|
// The following workflow demonstrates how to establish key agreement over an
|
||||||
|
// insecure communication channel using DeriveSharedSecret.
|
||||||
|
//
|
||||||
|
// Alice calls CreateKey to create an asymmetric KMS key pair with a KeyUsage
|
||||||
|
// value of KEY_AGREEMENT.
|
||||||
|
//
|
||||||
|
// The asymmetric KMS key must use a NIST-recommended elliptic curve (ECC) or
|
||||||
|
// SM2 (China Regions only) key spec.
|
||||||
|
//
|
||||||
|
// Bob creates an elliptic curve key pair.
|
||||||
|
//
|
||||||
|
// Bob can call CreateKey to create an asymmetric KMS key pair or generate a
|
||||||
|
// key pair outside of KMS. Bob's key pair must use the same NIST-recommended
|
||||||
|
// elliptic curve (ECC) or SM2 (China Regions ony) curve as Alice.
|
||||||
|
//
|
||||||
|
// Alice and Bob exchange their public keys through an insecure communication
|
||||||
|
// channel (like the internet).
|
||||||
|
//
|
||||||
|
// Use GetPublicKey to download the public key of your asymmetric KMS key pair.
|
||||||
|
//
|
||||||
|
// KMS strongly recommends verifying that the public key you receive came from
|
||||||
|
// the expected party before using it to derive a shared secret.
|
||||||
|
//
|
||||||
|
// Alice calls DeriveSharedSecret.
|
||||||
|
//
|
||||||
|
// KMS uses the private key from the KMS key pair generated in Step 1, Bob's
|
||||||
|
// public key, and the Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive
|
||||||
|
// to derive the shared secret. The private key in your KMS key pair never leaves
|
||||||
|
// KMS unencrypted. DeriveSharedSecret returns the raw shared secret.
|
||||||
|
//
|
||||||
|
// Bob uses the Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive
|
||||||
|
// to calculate the same raw secret using his private key and Alice's public
|
||||||
|
// key.
|
||||||
|
//
|
||||||
|
// To derive a shared secret you must provide a key agreement algorithm, the
|
||||||
|
// private key of the caller's asymmetric NIST-recommended elliptic curve or
|
||||||
|
// SM2 (China Regions only) KMS key pair, and the public key from your peer's
|
||||||
|
// NIST-recommended elliptic curve or SM2 (China Regions only) key pair. The
|
||||||
|
// public key can be from another asymmetric KMS key pair or from a key pair
|
||||||
|
// generated outside of KMS, but both key pairs must be on the same elliptic
|
||||||
|
// curve.
|
||||||
|
//
|
||||||
|
// The KMS key that you use for this operation must be in a compatible key state.
|
||||||
|
// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
|
||||||
|
// in the Key Management Service Developer Guide.
|
||||||
|
//
|
||||||
|
// Cross-account use: Yes. To perform this operation with a KMS key in a different
|
||||||
|
// Amazon Web Services account, specify the key ARN or alias ARN in the value
|
||||||
|
// of the KeyId parameter.
|
||||||
|
//
|
||||||
|
// Required permissions: kms:DeriveSharedSecret (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html)
|
||||||
|
// (key policy)
|
||||||
|
//
|
||||||
|
// Related operations:
|
||||||
|
//
|
||||||
|
// - CreateKey
|
||||||
|
//
|
||||||
|
// - GetPublicKey
|
||||||
|
//
|
||||||
|
// - DescribeKey
|
||||||
|
//
|
||||||
|
// Eventual consistency: The KMS API follows an eventual consistency model.
|
||||||
|
// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html).
|
||||||
|
//
|
||||||
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
||||||
|
// with awserr.Error's Code and Message methods to get detailed information about
|
||||||
|
// the error.
|
||||||
|
//
|
||||||
|
// See the AWS API reference guide for AWS Key Management Service's
|
||||||
|
// API operation DeriveSharedSecret for usage and error information.
|
||||||
|
//
|
||||||
|
// Returned Error Types:
|
||||||
|
//
|
||||||
|
// - NotFoundException
|
||||||
|
// The request was rejected because the specified entity or resource could not
|
||||||
|
// be found.
|
||||||
|
//
|
||||||
|
// - DisabledException
|
||||||
|
// The request was rejected because the specified KMS key is not enabled.
|
||||||
|
//
|
||||||
|
// - KeyUnavailableException
|
||||||
|
// The request was rejected because the specified KMS key was not available.
|
||||||
|
// You can retry the request.
|
||||||
|
//
|
||||||
|
// - DependencyTimeoutException
|
||||||
|
// The system timed out while trying to fulfill the request. You can retry the
|
||||||
|
// request.
|
||||||
|
//
|
||||||
|
// - InvalidGrantTokenException
|
||||||
|
// The request was rejected because the specified grant token is not valid.
|
||||||
|
//
|
||||||
|
// - InvalidKeyUsageException
|
||||||
|
// The request was rejected for one of the following reasons:
|
||||||
|
//
|
||||||
|
// - The KeyUsage value of the KMS key is incompatible with the API operation.
|
||||||
|
//
|
||||||
|
// - The encryption algorithm or signing algorithm specified for the operation
|
||||||
|
// is incompatible with the type of key material in the KMS key (KeySpec).
|
||||||
|
//
|
||||||
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
|
// of a KMS key, use the DescribeKey operation.
|
||||||
|
//
|
||||||
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
|
// key, use the DescribeKey operation.
|
||||||
|
//
|
||||||
|
// - InternalException
|
||||||
|
// The request was rejected because an internal exception occurred. The request
|
||||||
|
// can be retried.
|
||||||
|
//
|
||||||
|
// - InvalidStateException
|
||||||
|
// The request was rejected because the state of the specified resource is not
|
||||||
|
// valid for this request.
|
||||||
|
//
|
||||||
|
// This exceptions means one of the following:
|
||||||
|
//
|
||||||
|
// - The key state of the KMS key is not compatible with the operation. To
|
||||||
|
// find the key state, use the DescribeKey operation. For more information
|
||||||
|
// about which key states are compatible with each KMS operation, see Key
|
||||||
|
// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
|
||||||
|
// in the Key Management Service Developer Guide .
|
||||||
|
//
|
||||||
|
// - For cryptographic operations on KMS keys in custom key stores, this
|
||||||
|
// exception represents a general failure with many possible causes. To identify
|
||||||
|
// the cause, see the error message that accompanies the exception.
|
||||||
|
//
|
||||||
|
// - DryRunOperationException
|
||||||
|
// The request was rejected because the DryRun parameter was specified.
|
||||||
|
//
|
||||||
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeriveSharedSecret
|
||||||
|
func (c *KMS) DeriveSharedSecret(input *DeriveSharedSecretInput) (*DeriveSharedSecretOutput, error) {
|
||||||
|
req, out := c.DeriveSharedSecretRequest(input)
|
||||||
|
return out, req.Send()
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeriveSharedSecretWithContext is the same as DeriveSharedSecret with the addition of
|
||||||
|
// the ability to pass a context and additional request options.
|
||||||
|
//
|
||||||
|
// See DeriveSharedSecret for details on how to use this API operation.
|
||||||
|
//
|
||||||
|
// The context must be non-nil and will be used for request cancellation. If
|
||||||
|
// the context is nil a panic will occur. In the future the SDK may create
|
||||||
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
||||||
|
// for more information on using Contexts.
|
||||||
|
func (c *KMS) DeriveSharedSecretWithContext(ctx aws.Context, input *DeriveSharedSecretInput, opts ...request.Option) (*DeriveSharedSecretOutput, error) {
|
||||||
|
req, out := c.DeriveSharedSecretRequest(input)
|
||||||
|
req.SetContext(ctx)
|
||||||
|
req.ApplyOptions(opts...)
|
||||||
|
return out, req.Send()
|
||||||
|
}
|
||||||
|
|
||||||
const opDescribeCustomKeyStores = "DescribeCustomKeyStores"
|
const opDescribeCustomKeyStores = "DescribeCustomKeyStores"
|
||||||
|
|
||||||
// DescribeCustomKeyStoresRequest generates a "aws/request.Request" representing the
|
// DescribeCustomKeyStoresRequest generates a "aws/request.Request" representing the
|
||||||
@ -3326,7 +3545,8 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output
|
|||||||
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
// of a KMS key, use the DescribeKey operation.
|
// of a KMS key, use the DescribeKey operation.
|
||||||
//
|
//
|
||||||
// To find the encryption or signing algorithms supported for a particular KMS
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
@ -3554,7 +3774,8 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request.
|
|||||||
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
// of a KMS key, use the DescribeKey operation.
|
// of a KMS key, use the DescribeKey operation.
|
||||||
//
|
//
|
||||||
// To find the encryption or signing algorithms supported for a particular KMS
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
@ -3772,7 +3993,8 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req *
|
|||||||
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
// of a KMS key, use the DescribeKey operation.
|
// of a KMS key, use the DescribeKey operation.
|
||||||
//
|
//
|
||||||
// To find the encryption or signing algorithms supported for a particular KMS
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
@ -3969,7 +4191,8 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP
|
|||||||
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
// of a KMS key, use the DescribeKey operation.
|
// of a KMS key, use the DescribeKey operation.
|
||||||
//
|
//
|
||||||
// To find the encryption or signing algorithms supported for a particular KMS
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
@ -4178,7 +4401,8 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho
|
|||||||
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
// of a KMS key, use the DescribeKey operation.
|
// of a KMS key, use the DescribeKey operation.
|
||||||
//
|
//
|
||||||
// To find the encryption or signing algorithms supported for a particular KMS
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
@ -4343,7 +4567,8 @@ func (c *KMS) GenerateMacRequest(input *GenerateMacInput) (req *request.Request,
|
|||||||
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
// of a KMS key, use the DescribeKey operation.
|
// of a KMS key, use the DescribeKey operation.
|
||||||
//
|
//
|
||||||
// To find the encryption or signing algorithms supported for a particular KMS
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
@ -4911,9 +5136,9 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput)
|
|||||||
// GetParametersForImport returns the items that you need to import your key
|
// GetParametersForImport returns the items that you need to import your key
|
||||||
// material.
|
// material.
|
||||||
//
|
//
|
||||||
// - The public key (or "wrapping key") of an asymmetric key pair that KMS
|
// - The public key (or "wrapping key") of an RSA key pair that KMS generates.
|
||||||
// generates. You will use this public key to encrypt ("wrap") your key material
|
// You will use this public key to encrypt ("wrap") your key material while
|
||||||
// while it's in transit to KMS.
|
// it's in transit to KMS.
|
||||||
//
|
//
|
||||||
// - A import token that ensures that KMS can decrypt your key material and
|
// - A import token that ensures that KMS can decrypt your key material and
|
||||||
// associate it with the correct KMS key.
|
// associate it with the correct KMS key.
|
||||||
@ -5089,7 +5314,8 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques
|
|||||||
// The type of key material in the public key, such as RSA_4096 or ECC_NIST_P521.
|
// The type of key material in the public key, such as RSA_4096 or ECC_NIST_P521.
|
||||||
//
|
//
|
||||||
// - KeyUsage (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeyUsage):
|
// - KeyUsage (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeyUsage):
|
||||||
// Whether the key is used for encryption or signing.
|
// Whether the key is used for encryption, signing, or deriving a shared
|
||||||
|
// secret.
|
||||||
//
|
//
|
||||||
// - EncryptionAlgorithms (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-EncryptionAlgorithms)
|
// - EncryptionAlgorithms (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-EncryptionAlgorithms)
|
||||||
// or SigningAlgorithms (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-SigningAlgorithms):
|
// or SigningAlgorithms (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-SigningAlgorithms):
|
||||||
@ -5170,7 +5396,8 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques
|
|||||||
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
// of a KMS key, use the DescribeKey operation.
|
// of a KMS key, use the DescribeKey operation.
|
||||||
//
|
//
|
||||||
// To find the encryption or signing algorithms supported for a particular KMS
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
@ -7082,7 +7309,8 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out
|
|||||||
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
// of a KMS key, use the DescribeKey operation.
|
// of a KMS key, use the DescribeKey operation.
|
||||||
//
|
//
|
||||||
// To find the encryption or signing algorithms supported for a particular KMS
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
@ -8134,7 +8362,8 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO
|
|||||||
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
// of a KMS key, use the DescribeKey operation.
|
// of a KMS key, use the DescribeKey operation.
|
||||||
//
|
//
|
||||||
// To find the encryption or signing algorithms supported for a particular KMS
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
@ -8939,6 +9168,7 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req
|
|||||||
// for Amazon VPC endpoint service connectivity for an external key store.
|
// for Amazon VPC endpoint service connectivity for an external key store.
|
||||||
//
|
//
|
||||||
// - XksProxyInvalidResponseException
|
// - XksProxyInvalidResponseException
|
||||||
|
//
|
||||||
// KMS cannot interpret the response it received from the external key store
|
// KMS cannot interpret the response it received from the external key store
|
||||||
// proxy. The problem might be a poorly constructed response, but it could also
|
// proxy. The problem might be a poorly constructed response, but it could also
|
||||||
// be a transient network issue. If you see this error repeatedly, report it
|
// be a transient network issue. If you see this error repeatedly, report it
|
||||||
@ -9412,7 +9642,8 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V
|
|||||||
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
// of a KMS key, use the DescribeKey operation.
|
// of a KMS key, use the DescribeKey operation.
|
||||||
//
|
//
|
||||||
// To find the encryption or signing algorithms supported for a particular KMS
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
@ -9576,7 +9807,8 @@ func (c *KMS) VerifyMacRequest(input *VerifyMacInput) (req *request.Request, out
|
|||||||
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
// of a KMS key, use the DescribeKey operation.
|
// of a KMS key, use the DescribeKey operation.
|
||||||
//
|
//
|
||||||
// To find the encryption or signing algorithms supported for a particular KMS
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
@ -11140,15 +11372,18 @@ type CreateKeyInput struct {
|
|||||||
//
|
//
|
||||||
// * HMAC keys (symmetric) HMAC_224 HMAC_256 HMAC_384 HMAC_512
|
// * HMAC keys (symmetric) HMAC_224 HMAC_256 HMAC_384 HMAC_512
|
||||||
//
|
//
|
||||||
// * Asymmetric RSA key pairs RSA_2048 RSA_3072 RSA_4096
|
// * Asymmetric RSA key pairs (encryption and decryption -or- signing and
|
||||||
|
// verification) RSA_2048 RSA_3072 RSA_4096
|
||||||
//
|
//
|
||||||
// * Asymmetric NIST-recommended elliptic curve key pairs ECC_NIST_P256 (secp256r1)
|
// * Asymmetric NIST-recommended elliptic curve key pairs (signing and verification
|
||||||
// ECC_NIST_P384 (secp384r1) ECC_NIST_P521 (secp521r1)
|
// -or- deriving shared secrets) ECC_NIST_P256 (secp256r1) ECC_NIST_P384
|
||||||
|
// (secp384r1) ECC_NIST_P521 (secp521r1)
|
||||||
//
|
//
|
||||||
// * Other asymmetric elliptic curve key pairs ECC_SECG_P256K1 (secp256k1),
|
// * Other asymmetric elliptic curve key pairs (signing and verification)
|
||||||
// commonly used for cryptocurrencies.
|
// ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
|
||||||
//
|
//
|
||||||
// * SM2 key pairs (China Regions only) SM2
|
// * SM2 key pairs (encryption and decryption -or- signing and verification
|
||||||
|
// -or- deriving shared secrets) SM2 (China Regions only)
|
||||||
KeySpec *string `type:"string" enum:"KeySpec"`
|
KeySpec *string `type:"string" enum:"KeySpec"`
|
||||||
|
|
||||||
// Determines the cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
|
// Determines the cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
|
||||||
@ -11163,13 +11398,16 @@ type CreateKeyInput struct {
|
|||||||
//
|
//
|
||||||
// * For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.
|
// * For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.
|
||||||
//
|
//
|
||||||
// * For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT
|
// * For asymmetric KMS keys with RSA key pairs, specify ENCRYPT_DECRYPT
|
||||||
// or SIGN_VERIFY.
|
// or SIGN_VERIFY.
|
||||||
//
|
//
|
||||||
// * For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY.
|
// * For asymmetric KMS keys with NIST-recommended elliptic curve key pairs,
|
||||||
|
// specify SIGN_VERIFY or KEY_AGREEMENT.
|
||||||
//
|
//
|
||||||
// * For asymmetric KMS keys with SM2 key material (China Regions only),
|
// * For asymmetric KMS keys with ECC_SECG_P256K1 key pairs specify SIGN_VERIFY.
|
||||||
// specify ENCRYPT_DECRYPT or SIGN_VERIFY.
|
//
|
||||||
|
// * For asymmetric KMS keys with SM2 key pairs (China Regions only), specify
|
||||||
|
// ENCRYPT_DECRYPT, SIGN_VERIFY, or KEY_AGREEMENT.
|
||||||
KeyUsage *string `type:"string" enum:"KeyUsageType"`
|
KeyUsage *string `type:"string" enum:"KeyUsageType"`
|
||||||
|
|
||||||
// Creates a multi-Region primary key that you can replicate into other Amazon
|
// Creates a multi-Region primary key that you can replicate into other Amazon
|
||||||
@ -12555,6 +12793,282 @@ func (s *DependencyTimeoutException) RequestID() string {
|
|||||||
return s.RespMetadata.RequestID
|
return s.RespMetadata.RequestID
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type DeriveSharedSecretInput struct {
|
||||||
|
_ struct{} `type:"structure"`
|
||||||
|
|
||||||
|
// Checks if your request will succeed. DryRun is an optional parameter.
|
||||||
|
//
|
||||||
|
// To learn more about how to use this parameter, see Testing your KMS API calls
|
||||||
|
// (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html)
|
||||||
|
// in the Key Management Service Developer Guide.
|
||||||
|
DryRun *bool `type:"boolean"`
|
||||||
|
|
||||||
|
// A list of grant tokens.
|
||||||
|
//
|
||||||
|
// Use a grant token when your permission to call this operation comes from
|
||||||
|
// a new grant that has not yet achieved eventual consistency. For more information,
|
||||||
|
// see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token)
|
||||||
|
// and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token)
|
||||||
|
// in the Key Management Service Developer Guide.
|
||||||
|
GrantTokens []*string `type:"list"`
|
||||||
|
|
||||||
|
// Specifies the key agreement algorithm used to derive the shared secret. The
|
||||||
|
// only valid value is ECDH.
|
||||||
|
//
|
||||||
|
// KeyAgreementAlgorithm is a required field
|
||||||
|
KeyAgreementAlgorithm *string `type:"string" required:"true" enum:"KeyAgreementAlgorithmSpec"`
|
||||||
|
|
||||||
|
// Identifies an asymmetric NIST-recommended ECC or SM2 (China Regions only)
|
||||||
|
// KMS key. KMS uses the private key in the specified key pair to derive the
|
||||||
|
// shared secret. The key usage of the KMS key must be KEY_AGREEMENT. To find
|
||||||
|
// the KeyUsage of a KMS key, use the DescribeKey operation.
|
||||||
|
//
|
||||||
|
// To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
|
||||||
|
// When using an alias name, prefix it with "alias/". To specify a KMS key in
|
||||||
|
// a different Amazon Web Services account, you must use the key ARN or alias
|
||||||
|
// ARN.
|
||||||
|
//
|
||||||
|
// For example:
|
||||||
|
//
|
||||||
|
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
|
||||||
|
//
|
||||||
|
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
|
||||||
|
//
|
||||||
|
// * Alias name: alias/ExampleAlias
|
||||||
|
//
|
||||||
|
// * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
|
||||||
|
//
|
||||||
|
// To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
|
||||||
|
// To get the alias name and alias ARN, use ListAliases.
|
||||||
|
//
|
||||||
|
// KeyId is a required field
|
||||||
|
KeyId *string `min:"1" type:"string" required:"true"`
|
||||||
|
|
||||||
|
// Specifies the public key in your peer's NIST-recommended elliptic curve (ECC)
|
||||||
|
// or SM2 (China Regions only) key pair.
|
||||||
|
//
|
||||||
|
// The public key must be a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo
|
||||||
|
// (SPKI), as defined in RFC 5280 (https://tools.ietf.org/html/rfc5280).
|
||||||
|
//
|
||||||
|
// GetPublicKey returns the public key of an asymmetric KMS key pair in the
|
||||||
|
// required DER-encoded format.
|
||||||
|
//
|
||||||
|
// If you use Amazon Web Services CLI version 1 (https://docs.aws.amazon.com/cli/v1/userguide/cli-chap-welcome.html),
|
||||||
|
// you must provide the DER-encoded X.509 public key in a file. Otherwise, the
|
||||||
|
// Amazon Web Services CLI Base64-encodes the public key a second time, resulting
|
||||||
|
// in a ValidationException.
|
||||||
|
//
|
||||||
|
// You can specify the public key as binary data in a file using fileb (fileb://<path-to-file>)
|
||||||
|
// or in-line using a Base64 encoded string.
|
||||||
|
// PublicKey is automatically base64 encoded/decoded by the SDK.
|
||||||
|
//
|
||||||
|
// PublicKey is a required field
|
||||||
|
PublicKey []byte `min:"1" type:"blob" required:"true"`
|
||||||
|
|
||||||
|
// A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc)
|
||||||
|
// from an Amazon Web Services Nitro enclave and the encryption algorithm to
|
||||||
|
// use with the enclave's public key. The only valid encryption algorithm is
|
||||||
|
// RSAES_OAEP_SHA_256.
|
||||||
|
//
|
||||||
|
// This parameter only supports attestation documents for Amazon Web Services
|
||||||
|
// Nitro Enclaves. To call DeriveSharedSecret for an Amazon Web Services Nitro
|
||||||
|
// Enclaves, use the Amazon Web Services Nitro Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk)
|
||||||
|
// to generate the attestation document and then use the Recipient parameter
|
||||||
|
// from any Amazon Web Services SDK to provide the attestation document for
|
||||||
|
// the enclave.
|
||||||
|
//
|
||||||
|
// When you use this parameter, instead of returning a plaintext copy of the
|
||||||
|
// shared secret, KMS encrypts the plaintext shared secret under the public
|
||||||
|
// key in the attestation document, and returns the resulting ciphertext in
|
||||||
|
// the CiphertextForRecipient field in the response. This ciphertext can be
|
||||||
|
// decrypted only with the private key in the enclave. The CiphertextBlob field
|
||||||
|
// in the response contains the encrypted shared secret derived from the KMS
|
||||||
|
// key specified by the KeyId parameter and public key specified by the PublicKey
|
||||||
|
// parameter. The SharedSecret field in the response is null or empty.
|
||||||
|
//
|
||||||
|
// For information about the interaction between KMS and Amazon Web Services
|
||||||
|
// Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
|
||||||
|
// in the Key Management Service Developer Guide.
|
||||||
|
Recipient *RecipientInfo `type:"structure"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// String returns the string representation.
|
||||||
|
//
|
||||||
|
// API parameter values that are decorated as "sensitive" in the API will not
|
||||||
|
// be included in the string output. The member name will be present, but the
|
||||||
|
// value will be replaced with "sensitive".
|
||||||
|
func (s DeriveSharedSecretInput) String() string {
|
||||||
|
return awsutil.Prettify(s)
|
||||||
|
}
|
||||||
|
|
||||||
|
// GoString returns the string representation.
|
||||||
|
//
|
||||||
|
// API parameter values that are decorated as "sensitive" in the API will not
|
||||||
|
// be included in the string output. The member name will be present, but the
|
||||||
|
// value will be replaced with "sensitive".
|
||||||
|
func (s DeriveSharedSecretInput) GoString() string {
|
||||||
|
return s.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate inspects the fields of the type to determine if they are valid.
|
||||||
|
func (s *DeriveSharedSecretInput) Validate() error {
|
||||||
|
invalidParams := request.ErrInvalidParams{Context: "DeriveSharedSecretInput"}
|
||||||
|
if s.KeyAgreementAlgorithm == nil {
|
||||||
|
invalidParams.Add(request.NewErrParamRequired("KeyAgreementAlgorithm"))
|
||||||
|
}
|
||||||
|
if s.KeyId == nil {
|
||||||
|
invalidParams.Add(request.NewErrParamRequired("KeyId"))
|
||||||
|
}
|
||||||
|
if s.KeyId != nil && len(*s.KeyId) < 1 {
|
||||||
|
invalidParams.Add(request.NewErrParamMinLen("KeyId", 1))
|
||||||
|
}
|
||||||
|
if s.PublicKey == nil {
|
||||||
|
invalidParams.Add(request.NewErrParamRequired("PublicKey"))
|
||||||
|
}
|
||||||
|
if s.PublicKey != nil && len(s.PublicKey) < 1 {
|
||||||
|
invalidParams.Add(request.NewErrParamMinLen("PublicKey", 1))
|
||||||
|
}
|
||||||
|
if s.Recipient != nil {
|
||||||
|
if err := s.Recipient.Validate(); err != nil {
|
||||||
|
invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if invalidParams.Len() > 0 {
|
||||||
|
return invalidParams
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetDryRun sets the DryRun field's value.
|
||||||
|
func (s *DeriveSharedSecretInput) SetDryRun(v bool) *DeriveSharedSecretInput {
|
||||||
|
s.DryRun = &v
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetGrantTokens sets the GrantTokens field's value.
|
||||||
|
func (s *DeriveSharedSecretInput) SetGrantTokens(v []*string) *DeriveSharedSecretInput {
|
||||||
|
s.GrantTokens = v
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetKeyAgreementAlgorithm sets the KeyAgreementAlgorithm field's value.
|
||||||
|
func (s *DeriveSharedSecretInput) SetKeyAgreementAlgorithm(v string) *DeriveSharedSecretInput {
|
||||||
|
s.KeyAgreementAlgorithm = &v
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetKeyId sets the KeyId field's value.
|
||||||
|
func (s *DeriveSharedSecretInput) SetKeyId(v string) *DeriveSharedSecretInput {
|
||||||
|
s.KeyId = &v
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetPublicKey sets the PublicKey field's value.
|
||||||
|
func (s *DeriveSharedSecretInput) SetPublicKey(v []byte) *DeriveSharedSecretInput {
|
||||||
|
s.PublicKey = v
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetRecipient sets the Recipient field's value.
|
||||||
|
func (s *DeriveSharedSecretInput) SetRecipient(v *RecipientInfo) *DeriveSharedSecretInput {
|
||||||
|
s.Recipient = v
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
|
type DeriveSharedSecretOutput struct {
|
||||||
|
_ struct{} `type:"structure"`
|
||||||
|
|
||||||
|
// The plaintext shared secret encrypted with the public key in the attestation
|
||||||
|
// document.
|
||||||
|
//
|
||||||
|
// This field is included in the response only when the Recipient parameter
|
||||||
|
// in the request includes a valid attestation document from an Amazon Web Services
|
||||||
|
// Nitro enclave. For information about the interaction between KMS and Amazon
|
||||||
|
// Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses
|
||||||
|
// KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html)
|
||||||
|
// in the Key Management Service Developer Guide.
|
||||||
|
// CiphertextForRecipient is automatically base64 encoded/decoded by the SDK.
|
||||||
|
CiphertextForRecipient []byte `min:"1" type:"blob"`
|
||||||
|
|
||||||
|
// Identifies the key agreement algorithm used to derive the shared secret.
|
||||||
|
KeyAgreementAlgorithm *string `type:"string" enum:"KeyAgreementAlgorithmSpec"`
|
||||||
|
|
||||||
|
// Identifies the KMS key used to derive the shared secret.
|
||||||
|
KeyId *string `min:"1" type:"string"`
|
||||||
|
|
||||||
|
// The source of the key material for the specified KMS key.
|
||||||
|
//
|
||||||
|
// When this value is AWS_KMS, KMS created the key material. When this value
|
||||||
|
// is EXTERNAL, the key material was imported or the KMS key doesn't have any
|
||||||
|
// key material.
|
||||||
|
//
|
||||||
|
// The only valid values for DeriveSharedSecret are AWS_KMS and EXTERNAL. DeriveSharedSecret
|
||||||
|
// does not support KMS keys with a KeyOrigin value of AWS_CLOUDHSM or EXTERNAL_KEY_STORE.
|
||||||
|
KeyOrigin *string `type:"string" enum:"OriginType"`
|
||||||
|
|
||||||
|
// The raw secret derived from the specified key agreement algorithm, private
|
||||||
|
// key in the asymmetric KMS key, and your peer's public key.
|
||||||
|
//
|
||||||
|
// If the response includes the CiphertextForRecipient field, the SharedSecret
|
||||||
|
// field is null or empty.
|
||||||
|
//
|
||||||
|
// SharedSecret is a sensitive parameter and its value will be
|
||||||
|
// replaced with "sensitive" in string returned by DeriveSharedSecretOutput's
|
||||||
|
// String and GoString methods.
|
||||||
|
//
|
||||||
|
// SharedSecret is automatically base64 encoded/decoded by the SDK.
|
||||||
|
SharedSecret []byte `min:"1" type:"blob" sensitive:"true"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// String returns the string representation.
|
||||||
|
//
|
||||||
|
// API parameter values that are decorated as "sensitive" in the API will not
|
||||||
|
// be included in the string output. The member name will be present, but the
|
||||||
|
// value will be replaced with "sensitive".
|
||||||
|
func (s DeriveSharedSecretOutput) String() string {
|
||||||
|
return awsutil.Prettify(s)
|
||||||
|
}
|
||||||
|
|
||||||
|
// GoString returns the string representation.
|
||||||
|
//
|
||||||
|
// API parameter values that are decorated as "sensitive" in the API will not
|
||||||
|
// be included in the string output. The member name will be present, but the
|
||||||
|
// value will be replaced with "sensitive".
|
||||||
|
func (s DeriveSharedSecretOutput) GoString() string {
|
||||||
|
return s.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetCiphertextForRecipient sets the CiphertextForRecipient field's value.
|
||||||
|
func (s *DeriveSharedSecretOutput) SetCiphertextForRecipient(v []byte) *DeriveSharedSecretOutput {
|
||||||
|
s.CiphertextForRecipient = v
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetKeyAgreementAlgorithm sets the KeyAgreementAlgorithm field's value.
|
||||||
|
func (s *DeriveSharedSecretOutput) SetKeyAgreementAlgorithm(v string) *DeriveSharedSecretOutput {
|
||||||
|
s.KeyAgreementAlgorithm = &v
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetKeyId sets the KeyId field's value.
|
||||||
|
func (s *DeriveSharedSecretOutput) SetKeyId(v string) *DeriveSharedSecretOutput {
|
||||||
|
s.KeyId = &v
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetKeyOrigin sets the KeyOrigin field's value.
|
||||||
|
func (s *DeriveSharedSecretOutput) SetKeyOrigin(v string) *DeriveSharedSecretOutput {
|
||||||
|
s.KeyOrigin = &v
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetSharedSecret sets the SharedSecret field's value.
|
||||||
|
func (s *DeriveSharedSecretOutput) SetSharedSecret(v []byte) *DeriveSharedSecretOutput {
|
||||||
|
s.SharedSecret = v
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
type DescribeCustomKeyStoresInput struct {
|
type DescribeCustomKeyStoresInput struct {
|
||||||
_ struct{} `type:"structure"`
|
_ struct{} `type:"structure"`
|
||||||
|
|
||||||
@ -14006,9 +14520,11 @@ type GenerateDataKeyPairInput struct {
|
|||||||
// RSAES_OAEP_SHA_256.
|
// RSAES_OAEP_SHA_256.
|
||||||
//
|
//
|
||||||
// This parameter only supports attestation documents for Amazon Web Services
|
// This parameter only supports attestation documents for Amazon Web Services
|
||||||
// Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro
|
// Nitro Enclaves. To call DeriveSharedSecret for an Amazon Web Services Nitro
|
||||||
// Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk)
|
// Enclaves, use the Amazon Web Services Nitro Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk)
|
||||||
// or any Amazon Web Services SDK.
|
// to generate the attestation document and then use the Recipient parameter
|
||||||
|
// from any Amazon Web Services SDK to provide the attestation document for
|
||||||
|
// the enclave.
|
||||||
//
|
//
|
||||||
// When you use this parameter, instead of returning a plaintext copy of the
|
// When you use this parameter, instead of returning a plaintext copy of the
|
||||||
// private data key, KMS encrypts the plaintext private data key under the public
|
// private data key, KMS encrypts the plaintext private data key under the public
|
||||||
@ -15199,25 +15715,19 @@ type GetParametersForImportInput struct {
|
|||||||
// KeyId is a required field
|
// KeyId is a required field
|
||||||
KeyId *string `min:"1" type:"string" required:"true"`
|
KeyId *string `min:"1" type:"string" required:"true"`
|
||||||
|
|
||||||
// The algorithm you will use with the asymmetric public key (PublicKey) in
|
// The algorithm you will use with the RSA public key (PublicKey) in the response
|
||||||
// the response to protect your key material during import. For more information,
|
// to protect your key material during import. For more information, see Select
|
||||||
// see Select a wrapping algorithm (kms/latest/developerguide/importing-keys-get-public-key-and-token.html#select-wrapping-algorithm)
|
// a wrapping algorithm (kms/latest/developerguide/importing-keys-get-public-key-and-token.html#select-wrapping-algorithm)
|
||||||
// in the Key Management Service Developer Guide.
|
// in the Key Management Service Developer Guide.
|
||||||
//
|
//
|
||||||
// For RSA_AES wrapping algorithms, you encrypt your key material with an AES
|
// For RSA_AES wrapping algorithms, you encrypt your key material with an AES
|
||||||
// key that you generate, then encrypt your AES key with the RSA public key
|
// key that you generate, then encrypt your AES key with the RSA public key
|
||||||
// from KMS. For RSAES wrapping algorithms, you encrypt your key material directly
|
// from KMS. For RSAES wrapping algorithms, you encrypt your key material directly
|
||||||
// with the RSA public key from KMS. For SM2PKE wrapping algorithms, you encrypt
|
// with the RSA public key from KMS.
|
||||||
// your key material directly with the SM2 public key from KMS.
|
|
||||||
//
|
//
|
||||||
// The wrapping algorithms that you can use depend on the type of key material
|
// The wrapping algorithms that you can use depend on the type of key material
|
||||||
// that you are importing. To import an RSA private key, you must use an RSA_AES
|
// that you are importing. To import an RSA private key, you must use an RSA_AES
|
||||||
// wrapping algorithm, except in China Regions, where you must use the SM2PKE
|
// wrapping algorithm.
|
||||||
// wrapping algorithm to import an RSA private key.
|
|
||||||
//
|
|
||||||
// The SM2PKE wrapping algorithm is available only in China Regions. The RSA_AES_KEY_WRAP_SHA_256
|
|
||||||
// and RSA_AES_KEY_WRAP_SHA_1 wrapping algorithms are not supported in China
|
|
||||||
// Regions.
|
|
||||||
//
|
//
|
||||||
// * RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key
|
// * RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key
|
||||||
// material.
|
// material.
|
||||||
@ -15237,24 +15747,19 @@ type GetParametersForImportInput struct {
|
|||||||
// * RSAES_PKCS1_V1_5 (Deprecated) — As of October 10, 2023, KMS does not
|
// * RSAES_PKCS1_V1_5 (Deprecated) — As of October 10, 2023, KMS does not
|
||||||
// support the RSAES_PKCS1_V1_5 wrapping algorithm.
|
// support the RSAES_PKCS1_V1_5 wrapping algorithm.
|
||||||
//
|
//
|
||||||
// * SM2PKE (China Regions only) — supported for wrapping RSA, ECC, and
|
|
||||||
// SM2 key material.
|
|
||||||
//
|
|
||||||
// WrappingAlgorithm is a required field
|
// WrappingAlgorithm is a required field
|
||||||
WrappingAlgorithm *string `type:"string" required:"true" enum:"AlgorithmSpec"`
|
WrappingAlgorithm *string `type:"string" required:"true" enum:"AlgorithmSpec"`
|
||||||
|
|
||||||
// The type of public key to return in the response. You will use this wrapping
|
// The type of RSA public key to return in the response. You will use this wrapping
|
||||||
// key with the specified wrapping algorithm to protect your key material during
|
// key with the specified wrapping algorithm to protect your key material during
|
||||||
// import.
|
// import.
|
||||||
//
|
//
|
||||||
// Use the longest wrapping key that is practical.
|
// Use the longest RSA wrapping key that is practical.
|
||||||
//
|
//
|
||||||
// You cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private
|
// You cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private
|
||||||
// key. Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public
|
// key. Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public
|
||||||
// key.
|
// key.
|
||||||
//
|
//
|
||||||
// The SM2 wrapping key spec is available only in China Regions.
|
|
||||||
//
|
|
||||||
// WrappingKeySpec is a required field
|
// WrappingKeySpec is a required field
|
||||||
WrappingKeySpec *string `type:"string" required:"true" enum:"WrappingKeySpec"`
|
WrappingKeySpec *string `type:"string" required:"true" enum:"WrappingKeySpec"`
|
||||||
}
|
}
|
||||||
@ -15490,6 +15995,10 @@ type GetPublicKeyOutput struct {
|
|||||||
// is ENCRYPT_DECRYPT.
|
// is ENCRYPT_DECRYPT.
|
||||||
EncryptionAlgorithms []*string `type:"list" enum:"EncryptionAlgorithmSpec"`
|
EncryptionAlgorithms []*string `type:"list" enum:"EncryptionAlgorithmSpec"`
|
||||||
|
|
||||||
|
// The key agreement algorithm used to derive a shared secret. This field is
|
||||||
|
// present only when the KMS key has a KeyUsage value of KEY_AGREEMENT.
|
||||||
|
KeyAgreementAlgorithms []*string `type:"list" enum:"KeyAgreementAlgorithmSpec"`
|
||||||
|
|
||||||
// The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN))
|
// The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN))
|
||||||
// of the asymmetric KMS key from which the public key was downloaded.
|
// of the asymmetric KMS key from which the public key was downloaded.
|
||||||
KeyId *string `min:"1" type:"string"`
|
KeyId *string `min:"1" type:"string"`
|
||||||
@ -15497,11 +16006,11 @@ type GetPublicKeyOutput struct {
|
|||||||
// The type of the of the public key that was downloaded.
|
// The type of the of the public key that was downloaded.
|
||||||
KeySpec *string `type:"string" enum:"KeySpec"`
|
KeySpec *string `type:"string" enum:"KeySpec"`
|
||||||
|
|
||||||
// The permitted use of the public key. Valid values are ENCRYPT_DECRYPT or
|
// The permitted use of the public key. Valid values for asymmetric key pairs
|
||||||
// SIGN_VERIFY.
|
// are ENCRYPT_DECRYPT, SIGN_VERIFY, and KEY_AGREEMENT.
|
||||||
//
|
//
|
||||||
// This information is critical. If a public key with SIGN_VERIFY key usage
|
// This information is critical. For example, if a public key with SIGN_VERIFY
|
||||||
// encrypts data outside of KMS, the ciphertext cannot be decrypted.
|
// key usage encrypts data outside of KMS, the ciphertext cannot be decrypted.
|
||||||
KeyUsage *string `type:"string" enum:"KeyUsageType"`
|
KeyUsage *string `type:"string" enum:"KeyUsageType"`
|
||||||
|
|
||||||
// The exported public key.
|
// The exported public key.
|
||||||
@ -15550,6 +16059,12 @@ func (s *GetPublicKeyOutput) SetEncryptionAlgorithms(v []*string) *GetPublicKeyO
|
|||||||
return s
|
return s
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SetKeyAgreementAlgorithms sets the KeyAgreementAlgorithms field's value.
|
||||||
|
func (s *GetPublicKeyOutput) SetKeyAgreementAlgorithms(v []*string) *GetPublicKeyOutput {
|
||||||
|
s.KeyAgreementAlgorithms = v
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
// SetKeyId sets the KeyId field's value.
|
// SetKeyId sets the KeyId field's value.
|
||||||
func (s *GetPublicKeyOutput) SetKeyId(v string) *GetPublicKeyOutput {
|
func (s *GetPublicKeyOutput) SetKeyId(v string) *GetPublicKeyOutput {
|
||||||
s.KeyId = &v
|
s.KeyId = &v
|
||||||
@ -16603,7 +17118,8 @@ func (s *InvalidImportTokenException) RequestID() string {
|
|||||||
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
// of a KMS key, use the DescribeKey operation.
|
// of a KMS key, use the DescribeKey operation.
|
||||||
//
|
//
|
||||||
// To find the encryption or signing algorithms supported for a particular KMS
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
@ -17052,6 +17568,9 @@ type KeyMetadata struct {
|
|||||||
// only when Origin is EXTERNAL, otherwise this value is omitted.
|
// only when Origin is EXTERNAL, otherwise this value is omitted.
|
||||||
ExpirationModel *string `type:"string" enum:"ExpirationModelType"`
|
ExpirationModel *string `type:"string" enum:"ExpirationModelType"`
|
||||||
|
|
||||||
|
// The key agreement algorithm used to derive a shared secret.
|
||||||
|
KeyAgreementAlgorithms []*string `type:"list" enum:"KeyAgreementAlgorithmSpec"`
|
||||||
|
|
||||||
// The globally unique identifier for the KMS key.
|
// The globally unique identifier for the KMS key.
|
||||||
//
|
//
|
||||||
// KeyId is a required field
|
// KeyId is a required field
|
||||||
@ -17232,6 +17751,12 @@ func (s *KeyMetadata) SetExpirationModel(v string) *KeyMetadata {
|
|||||||
return s
|
return s
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SetKeyAgreementAlgorithms sets the KeyAgreementAlgorithms field's value.
|
||||||
|
func (s *KeyMetadata) SetKeyAgreementAlgorithms(v []*string) *KeyMetadata {
|
||||||
|
s.KeyAgreementAlgorithms = v
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
// SetKeyId sets the KeyId field's value.
|
// SetKeyId sets the KeyId field's value.
|
||||||
func (s *KeyMetadata) SetKeyId(v string) *KeyMetadata {
|
func (s *KeyMetadata) SetKeyId(v string) *KeyMetadata {
|
||||||
s.KeyId = &v
|
s.KeyId = &v
|
||||||
@ -23034,6 +23559,9 @@ const (
|
|||||||
|
|
||||||
// GrantOperationVerifyMac is a GrantOperation enum value
|
// GrantOperationVerifyMac is a GrantOperation enum value
|
||||||
GrantOperationVerifyMac = "VerifyMac"
|
GrantOperationVerifyMac = "VerifyMac"
|
||||||
|
|
||||||
|
// GrantOperationDeriveSharedSecret is a GrantOperation enum value
|
||||||
|
GrantOperationDeriveSharedSecret = "DeriveSharedSecret"
|
||||||
)
|
)
|
||||||
|
|
||||||
// GrantOperation_Values returns all elements of the GrantOperation enum
|
// GrantOperation_Values returns all elements of the GrantOperation enum
|
||||||
@ -23055,6 +23583,19 @@ func GrantOperation_Values() []string {
|
|||||||
GrantOperationGenerateDataKeyPairWithoutPlaintext,
|
GrantOperationGenerateDataKeyPairWithoutPlaintext,
|
||||||
GrantOperationGenerateMac,
|
GrantOperationGenerateMac,
|
||||||
GrantOperationVerifyMac,
|
GrantOperationVerifyMac,
|
||||||
|
GrantOperationDeriveSharedSecret,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
const (
|
||||||
|
// KeyAgreementAlgorithmSpecEcdh is a KeyAgreementAlgorithmSpec enum value
|
||||||
|
KeyAgreementAlgorithmSpecEcdh = "ECDH"
|
||||||
|
)
|
||||||
|
|
||||||
|
// KeyAgreementAlgorithmSpec_Values returns all elements of the KeyAgreementAlgorithmSpec enum
|
||||||
|
func KeyAgreementAlgorithmSpec_Values() []string {
|
||||||
|
return []string{
|
||||||
|
KeyAgreementAlgorithmSpecEcdh,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -23195,6 +23736,9 @@ const (
|
|||||||
|
|
||||||
// KeyUsageTypeGenerateVerifyMac is a KeyUsageType enum value
|
// KeyUsageTypeGenerateVerifyMac is a KeyUsageType enum value
|
||||||
KeyUsageTypeGenerateVerifyMac = "GENERATE_VERIFY_MAC"
|
KeyUsageTypeGenerateVerifyMac = "GENERATE_VERIFY_MAC"
|
||||||
|
|
||||||
|
// KeyUsageTypeKeyAgreement is a KeyUsageType enum value
|
||||||
|
KeyUsageTypeKeyAgreement = "KEY_AGREEMENT"
|
||||||
)
|
)
|
||||||
|
|
||||||
// KeyUsageType_Values returns all elements of the KeyUsageType enum
|
// KeyUsageType_Values returns all elements of the KeyUsageType enum
|
||||||
@ -23203,6 +23747,7 @@ func KeyUsageType_Values() []string {
|
|||||||
KeyUsageTypeSignVerify,
|
KeyUsageTypeSignVerify,
|
||||||
KeyUsageTypeEncryptDecrypt,
|
KeyUsageTypeEncryptDecrypt,
|
||||||
KeyUsageTypeGenerateVerifyMac,
|
KeyUsageTypeGenerateVerifyMac,
|
||||||
|
KeyUsageTypeKeyAgreement,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
4
vendor/github.com/aws/aws-sdk-go/service/kms/errors.go
generated
vendored
4
vendor/github.com/aws/aws-sdk-go/service/kms/errors.go
generated
vendored
@ -279,7 +279,8 @@ const (
|
|||||||
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
||||||
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
||||||
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
||||||
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key
|
||||||
|
// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage
|
||||||
// of a KMS key, use the DescribeKey operation.
|
// of a KMS key, use the DescribeKey operation.
|
||||||
//
|
//
|
||||||
// To find the encryption or signing algorithms supported for a particular KMS
|
// To find the encryption or signing algorithms supported for a particular KMS
|
||||||
@ -424,6 +425,7 @@ const (
|
|||||||
// ErrCodeXksProxyInvalidResponseException for service response error code
|
// ErrCodeXksProxyInvalidResponseException for service response error code
|
||||||
// "XksProxyInvalidResponseException".
|
// "XksProxyInvalidResponseException".
|
||||||
//
|
//
|
||||||
|
//
|
||||||
// KMS cannot interpret the response it received from the external key store
|
// KMS cannot interpret the response it received from the external key store
|
||||||
// proxy. The problem might be a poorly constructed response, but it could also
|
// proxy. The problem might be a poorly constructed response, but it could also
|
||||||
// be a transient network issue. If you see this error repeatedly, report it
|
// be a transient network issue. If you see this error repeatedly, report it
|
||||||
|
4
vendor/github.com/aws/smithy-go/CHANGELOG.md
generated
vendored
4
vendor/github.com/aws/smithy-go/CHANGELOG.md
generated
vendored
@ -1,3 +1,7 @@
|
|||||||
|
# Release (2024-03-29)
|
||||||
|
|
||||||
|
* No change notes available for this release.
|
||||||
|
|
||||||
# Release (2024-02-21)
|
# Release (2024-02-21)
|
||||||
|
|
||||||
## Module Highlights
|
## Module Highlights
|
||||||
|
2
vendor/github.com/aws/smithy-go/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/smithy-go/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
|||||||
package smithy
|
package smithy
|
||||||
|
|
||||||
// goModuleVersion is the tagged release for this module
|
// goModuleVersion is the tagged release for this module
|
||||||
const goModuleVersion = "1.20.1"
|
const goModuleVersion = "1.20.2"
|
||||||
|
133
vendor/github.com/go-jose/go-jose/v3/jwt/jwt.go
generated
vendored
133
vendor/github.com/go-jose/go-jose/v3/jwt/jwt.go
generated
vendored
@ -1,133 +0,0 @@
|
|||||||
/*-
|
|
||||||
* Copyright 2016 Zbigniew Mandziejewicz
|
|
||||||
* Copyright 2016 Square, Inc.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package jwt
|
|
||||||
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
"strings"
|
|
||||||
|
|
||||||
jose "github.com/go-jose/go-jose/v3"
|
|
||||||
"github.com/go-jose/go-jose/v3/json"
|
|
||||||
)
|
|
||||||
|
|
||||||
// JSONWebToken represents a JSON Web Token (as specified in RFC7519).
|
|
||||||
type JSONWebToken struct {
|
|
||||||
payload func(k interface{}) ([]byte, error)
|
|
||||||
unverifiedPayload func() []byte
|
|
||||||
Headers []jose.Header
|
|
||||||
}
|
|
||||||
|
|
||||||
type NestedJSONWebToken struct {
|
|
||||||
enc *jose.JSONWebEncryption
|
|
||||||
Headers []jose.Header
|
|
||||||
}
|
|
||||||
|
|
||||||
// Claims deserializes a JSONWebToken into dest using the provided key.
|
|
||||||
func (t *JSONWebToken) Claims(key interface{}, dest ...interface{}) error {
|
|
||||||
b, err := t.payload(key)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, d := range dest {
|
|
||||||
if err := json.Unmarshal(b, d); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// UnsafeClaimsWithoutVerification deserializes the claims of a
|
|
||||||
// JSONWebToken into the dests. For signed JWTs, the claims are not
|
|
||||||
// verified. This function won't work for encrypted JWTs.
|
|
||||||
func (t *JSONWebToken) UnsafeClaimsWithoutVerification(dest ...interface{}) error {
|
|
||||||
if t.unverifiedPayload == nil {
|
|
||||||
return fmt.Errorf("go-jose/go-jose: Cannot get unverified claims")
|
|
||||||
}
|
|
||||||
claims := t.unverifiedPayload()
|
|
||||||
for _, d := range dest {
|
|
||||||
if err := json.Unmarshal(claims, d); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (t *NestedJSONWebToken) Decrypt(decryptionKey interface{}) (*JSONWebToken, error) {
|
|
||||||
b, err := t.enc.Decrypt(decryptionKey)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
sig, err := ParseSigned(string(b))
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return sig, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// ParseSigned parses token from JWS form.
|
|
||||||
func ParseSigned(s string) (*JSONWebToken, error) {
|
|
||||||
sig, err := jose.ParseSigned(s)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
headers := make([]jose.Header, len(sig.Signatures))
|
|
||||||
for i, signature := range sig.Signatures {
|
|
||||||
headers[i] = signature.Header
|
|
||||||
}
|
|
||||||
|
|
||||||
return &JSONWebToken{
|
|
||||||
payload: sig.Verify,
|
|
||||||
unverifiedPayload: sig.UnsafePayloadWithoutVerification,
|
|
||||||
Headers: headers,
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// ParseEncrypted parses token from JWE form.
|
|
||||||
func ParseEncrypted(s string) (*JSONWebToken, error) {
|
|
||||||
enc, err := jose.ParseEncrypted(s)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return &JSONWebToken{
|
|
||||||
payload: enc.Decrypt,
|
|
||||||
Headers: []jose.Header{enc.Header},
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// ParseSignedAndEncrypted parses signed-then-encrypted token from JWE form.
|
|
||||||
func ParseSignedAndEncrypted(s string) (*NestedJSONWebToken, error) {
|
|
||||||
enc, err := jose.ParseEncrypted(s)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
contentType, _ := enc.Header.ExtraHeaders[jose.HeaderContentType].(string)
|
|
||||||
if strings.ToUpper(contentType) != "JWT" {
|
|
||||||
return nil, ErrInvalidContentType
|
|
||||||
}
|
|
||||||
|
|
||||||
return &NestedJSONWebToken{
|
|
||||||
enc: enc,
|
|
||||||
Headers: []jose.Header{enc.Header},
|
|
||||||
}, nil
|
|
||||||
}
|
|
@ -45,12 +45,6 @@ token".
|
|||||||
|
|
||||||
[1]: https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf
|
[1]: https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf
|
||||||
|
|
||||||
# v3.0.3
|
|
||||||
|
|
||||||
## Fixed
|
|
||||||
|
|
||||||
- Limit decompression output size to prevent a DoS. Backport from v4.0.1.
|
|
||||||
|
|
||||||
# v3.0.2
|
# v3.0.2
|
||||||
|
|
||||||
## Fixed
|
## Fixed
|
@ -1,17 +1,9 @@
|
|||||||
# Go JOSE
|
# Go JOSE
|
||||||
|
|
||||||
### Versions
|
[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4)
|
||||||
|
[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4/jwt.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4/jwt)
|
||||||
[Version 4](https://github.com/go-jose/go-jose)
|
[![license](https://img.shields.io/badge/license-apache_2.0-blue.svg?style=flat)](https://raw.githubusercontent.com/go-jose/go-jose/master/LICENSE)
|
||||||
([branch](https://github.com/go-jose/go-jose/),
|
[![test](https://img.shields.io/github/checks-status/go-jose/go-jose/v4)](https://github.com/go-jose/go-jose/actions)
|
||||||
[doc](https://pkg.go.dev/github.com/go-jose/go-jose/v4), [releases](https://github.com/go-jose/go-jose/releases)) is the current stable version:
|
|
||||||
|
|
||||||
import "github.com/go-jose/go-jose/v4"
|
|
||||||
|
|
||||||
The old [square/go-jose](https://github.com/square/go-jose) repo contains the prior v1 and v2 versions, which
|
|
||||||
are deprecated.
|
|
||||||
|
|
||||||
### Summary
|
|
||||||
|
|
||||||
Package jose aims to provide an implementation of the Javascript Object Signing
|
Package jose aims to provide an implementation of the Javascript Object Signing
|
||||||
and Encryption set of standards. This includes support for JSON Web Encryption,
|
and Encryption set of standards. This includes support for JSON Web Encryption,
|
||||||
@ -43,6 +35,20 @@ of [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/curren
|
|||||||
This is to avoid differences in interpretation of messages between go-jose and
|
This is to avoid differences in interpretation of messages between go-jose and
|
||||||
libraries in other languages.
|
libraries in other languages.
|
||||||
|
|
||||||
|
### Versions
|
||||||
|
|
||||||
|
[Version 4](https://github.com/go-jose/go-jose)
|
||||||
|
([branch](https://github.com/go-jose/go-jose/tree/main),
|
||||||
|
[doc](https://pkg.go.dev/github.com/go-jose/go-jose/v4), [releases](https://github.com/go-jose/go-jose/releases)) is the current stable version:
|
||||||
|
|
||||||
|
import "github.com/go-jose/go-jose/v4"
|
||||||
|
|
||||||
|
The old [square/go-jose](https://github.com/square/go-jose) repo contains the prior v1 and v2 versions, which
|
||||||
|
are still useable but not actively developed anymore.
|
||||||
|
|
||||||
|
Version 3, in this repo, is still receiving security fixes but not functionality
|
||||||
|
updates.
|
||||||
|
|
||||||
### Supported algorithms
|
### Supported algorithms
|
||||||
|
|
||||||
See below for a table of supported algorithms. Algorithm identifiers match
|
See below for a table of supported algorithms. Algorithm identifiers match
|
||||||
@ -98,11 +104,11 @@ allows attaching a key id.
|
|||||||
|
|
||||||
## Examples
|
## Examples
|
||||||
|
|
||||||
[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v3.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v3)
|
[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4)
|
||||||
[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v3/jwt.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v3/jwt)
|
[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4/jwt.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4/jwt)
|
||||||
|
|
||||||
Examples can be found in the Godoc
|
Examples can be found in the Godoc
|
||||||
reference for this package. The
|
reference for this package. The
|
||||||
[`jose-util`](https://github.com/go-jose/go-jose/tree/v3/jose-util)
|
[`jose-util`](https://github.com/go-jose/go-jose/tree/v4/jose-util)
|
||||||
subdirectory also contains a small command-line utility which might be useful
|
subdirectory also contains a small command-line utility which might be useful
|
||||||
as an example as well.
|
as an example as well.
|
@ -29,8 +29,8 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"math/big"
|
"math/big"
|
||||||
|
|
||||||
josecipher "github.com/go-jose/go-jose/v3/cipher"
|
josecipher "github.com/go-jose/go-jose/v4/cipher"
|
||||||
"github.com/go-jose/go-jose/v3/json"
|
"github.com/go-jose/go-jose/v4/json"
|
||||||
)
|
)
|
||||||
|
|
||||||
// A generic RSA-based encrypter/verifier
|
// A generic RSA-based encrypter/verifier
|
@ -22,7 +22,7 @@ import (
|
|||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"github.com/go-jose/go-jose/v3/json"
|
"github.com/go-jose/go-jose/v4/json"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Encrypter represents an encrypter which produces an encrypted JWE object.
|
// Encrypter represents an encrypter which produces an encrypted JWE object.
|
@ -27,7 +27,7 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
"unicode"
|
"unicode"
|
||||||
|
|
||||||
"github.com/go-jose/go-jose/v3/json"
|
"github.com/go-jose/go-jose/v4/json"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Helper function to serialize known-good objects.
|
// Helper function to serialize known-good objects.
|
||||||
@ -106,10 +106,7 @@ func inflate(input []byte) ([]byte, error) {
|
|||||||
output := new(bytes.Buffer)
|
output := new(bytes.Buffer)
|
||||||
reader := flate.NewReader(bytes.NewBuffer(input))
|
reader := flate.NewReader(bytes.NewBuffer(input))
|
||||||
|
|
||||||
maxCompressedSize := 10 * int64(len(input))
|
maxCompressedSize := max(250_000, 10*int64(len(input)))
|
||||||
if maxCompressedSize < 250000 {
|
|
||||||
maxCompressedSize = 250000
|
|
||||||
}
|
|
||||||
|
|
||||||
limit := maxCompressedSize + 1
|
limit := maxCompressedSize + 1
|
||||||
n, err := io.CopyN(output, reader, limit)
|
n, err := io.CopyN(output, reader, limit)
|
||||||
@ -167,7 +164,7 @@ func (b *byteBuffer) UnmarshalJSON(data []byte) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
decoded, err := base64URLDecode(encoded)
|
decoded, err := base64.RawURLEncoding.DecodeString(encoded)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -197,12 +194,6 @@ func (b byteBuffer) toInt() int {
|
|||||||
return int(b.bigInt().Int64())
|
return int(b.bigInt().Int64())
|
||||||
}
|
}
|
||||||
|
|
||||||
// base64URLDecode is implemented as defined in https://www.rfc-editor.org/rfc/rfc7515.html#appendix-C
|
|
||||||
func base64URLDecode(value string) ([]byte, error) {
|
|
||||||
value = strings.TrimRight(value, "=")
|
|
||||||
return base64.RawURLEncoding.DecodeString(value)
|
|
||||||
}
|
|
||||||
|
|
||||||
func base64EncodeLen(sl []byte) int {
|
func base64EncodeLen(sl []byte) int {
|
||||||
return base64.RawURLEncoding.EncodedLen(len(sl))
|
return base64.RawURLEncoding.EncodedLen(len(sl))
|
||||||
}
|
}
|
134
vendor/github.com/go-jose/go-jose/v3/jwe.go → vendor/github.com/go-jose/go-jose/v4/jwe.go
generated
vendored
134
vendor/github.com/go-jose/go-jose/v3/jwe.go → vendor/github.com/go-jose/go-jose/v4/jwe.go
generated
vendored
@ -18,10 +18,11 @@ package jose
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/go-jose/go-jose/v3/json"
|
"github.com/go-jose/go-jose/v4/json"
|
||||||
)
|
)
|
||||||
|
|
||||||
// rawJSONWebEncryption represents a raw JWE JSON object. Used for parsing/serializing.
|
// rawJSONWebEncryption represents a raw JWE JSON object. Used for parsing/serializing.
|
||||||
@ -104,29 +105,75 @@ func (obj JSONWebEncryption) computeAuthData() []byte {
|
|||||||
return output
|
return output
|
||||||
}
|
}
|
||||||
|
|
||||||
// ParseEncrypted parses an encrypted message in compact or JWE JSON Serialization format.
|
func containsKeyAlgorithm(haystack []KeyAlgorithm, needle KeyAlgorithm) bool {
|
||||||
func ParseEncrypted(input string) (*JSONWebEncryption, error) {
|
for _, algorithm := range haystack {
|
||||||
input = stripWhitespace(input)
|
if algorithm == needle {
|
||||||
if strings.HasPrefix(input, "{") {
|
return true
|
||||||
return parseEncryptedFull(input)
|
}
|
||||||
}
|
}
|
||||||
|
return false
|
||||||
return parseEncryptedCompact(input)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// parseEncryptedFull parses a message in compact format.
|
func containsContentEncryption(haystack []ContentEncryption, needle ContentEncryption) bool {
|
||||||
func parseEncryptedFull(input string) (*JSONWebEncryption, error) {
|
for _, algorithm := range haystack {
|
||||||
|
if algorithm == needle {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// ParseEncrypted parses an encrypted message in JWE Compact or JWE JSON Serialization.
|
||||||
|
//
|
||||||
|
// https://datatracker.ietf.org/doc/html/rfc7516#section-3.1
|
||||||
|
// https://datatracker.ietf.org/doc/html/rfc7516#section-3.2
|
||||||
|
//
|
||||||
|
// The keyAlgorithms and contentEncryption parameters are used to validate the "alg" and "enc"
|
||||||
|
// header parameters respectively. They must be nonempty, and each "alg" or "enc" header in
|
||||||
|
// parsed data must contain a value that is present in the corresponding parameter. That
|
||||||
|
// includes the protected and unprotected headers as well as all recipients. To accept
|
||||||
|
// multiple algorithms, pass a slice of all the algorithms you want to accept.
|
||||||
|
func ParseEncrypted(input string,
|
||||||
|
keyEncryptionAlgorithms []KeyAlgorithm,
|
||||||
|
contentEncryption []ContentEncryption,
|
||||||
|
) (*JSONWebEncryption, error) {
|
||||||
|
input = stripWhitespace(input)
|
||||||
|
if strings.HasPrefix(input, "{") {
|
||||||
|
return ParseEncryptedJSON(input, keyEncryptionAlgorithms, contentEncryption)
|
||||||
|
}
|
||||||
|
|
||||||
|
return ParseEncryptedCompact(input, keyEncryptionAlgorithms, contentEncryption)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ParseEncryptedJSON parses a message in JWE JSON Serialization.
|
||||||
|
//
|
||||||
|
// https://datatracker.ietf.org/doc/html/rfc7516#section-3.2
|
||||||
|
func ParseEncryptedJSON(
|
||||||
|
input string,
|
||||||
|
keyEncryptionAlgorithms []KeyAlgorithm,
|
||||||
|
contentEncryption []ContentEncryption,
|
||||||
|
) (*JSONWebEncryption, error) {
|
||||||
var parsed rawJSONWebEncryption
|
var parsed rawJSONWebEncryption
|
||||||
err := json.Unmarshal([]byte(input), &parsed)
|
err := json.Unmarshal([]byte(input), &parsed)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return parsed.sanitized()
|
return parsed.sanitized(keyEncryptionAlgorithms, contentEncryption)
|
||||||
}
|
}
|
||||||
|
|
||||||
// sanitized produces a cleaned-up JWE object from the raw JSON.
|
// sanitized produces a cleaned-up JWE object from the raw JSON.
|
||||||
func (parsed *rawJSONWebEncryption) sanitized() (*JSONWebEncryption, error) {
|
func (parsed *rawJSONWebEncryption) sanitized(
|
||||||
|
keyEncryptionAlgorithms []KeyAlgorithm,
|
||||||
|
contentEncryption []ContentEncryption,
|
||||||
|
) (*JSONWebEncryption, error) {
|
||||||
|
if len(keyEncryptionAlgorithms) == 0 {
|
||||||
|
return nil, errors.New("go-jose/go-jose: no key algorithms provided")
|
||||||
|
}
|
||||||
|
if len(contentEncryption) == 0 {
|
||||||
|
return nil, errors.New("go-jose/go-jose: no content encryption algorithms provided")
|
||||||
|
}
|
||||||
|
|
||||||
obj := &JSONWebEncryption{
|
obj := &JSONWebEncryption{
|
||||||
original: parsed,
|
original: parsed,
|
||||||
unprotected: parsed.Unprotected,
|
unprotected: parsed.Unprotected,
|
||||||
@ -170,7 +217,7 @@ func (parsed *rawJSONWebEncryption) sanitized() (*JSONWebEncryption, error) {
|
|||||||
} else {
|
} else {
|
||||||
obj.recipients = make([]recipientInfo, len(parsed.Recipients))
|
obj.recipients = make([]recipientInfo, len(parsed.Recipients))
|
||||||
for r := range parsed.Recipients {
|
for r := range parsed.Recipients {
|
||||||
encryptedKey, err := base64URLDecode(parsed.Recipients[r].EncryptedKey)
|
encryptedKey, err := base64.RawURLEncoding.DecodeString(parsed.Recipients[r].EncryptedKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -185,10 +232,31 @@ func (parsed *rawJSONWebEncryption) sanitized() (*JSONWebEncryption, error) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, recipient := range obj.recipients {
|
for i, recipient := range obj.recipients {
|
||||||
headers := obj.mergedHeaders(&recipient)
|
headers := obj.mergedHeaders(&recipient)
|
||||||
if headers.getAlgorithm() == "" || headers.getEncryption() == "" {
|
if headers.getAlgorithm() == "" {
|
||||||
return nil, fmt.Errorf("go-jose/go-jose: message is missing alg/enc headers")
|
return nil, fmt.Errorf(`go-jose/go-jose: recipient %d: missing header "alg"`, i)
|
||||||
|
}
|
||||||
|
if headers.getEncryption() == "" {
|
||||||
|
return nil, fmt.Errorf(`go-jose/go-jose: recipient %d: missing header "enc"`, i)
|
||||||
|
}
|
||||||
|
err := validateAlgEnc(headers, keyEncryptionAlgorithms, contentEncryption)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("go-jose/go-jose: recipient %d: %s", i, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if obj.protected != nil {
|
||||||
|
err := validateAlgEnc(*obj.protected, keyEncryptionAlgorithms, contentEncryption)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("go-jose/go-jose: protected header: %s", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if obj.unprotected != nil {
|
||||||
|
err := validateAlgEnc(*obj.unprotected, keyEncryptionAlgorithms, contentEncryption)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("go-jose/go-jose: unprotected header: %s", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -200,34 +268,52 @@ func (parsed *rawJSONWebEncryption) sanitized() (*JSONWebEncryption, error) {
|
|||||||
return obj, nil
|
return obj, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// parseEncryptedCompact parses a message in compact format.
|
func validateAlgEnc(headers rawHeader, keyAlgorithms []KeyAlgorithm, contentEncryption []ContentEncryption) error {
|
||||||
func parseEncryptedCompact(input string) (*JSONWebEncryption, error) {
|
alg := headers.getAlgorithm()
|
||||||
|
enc := headers.getEncryption()
|
||||||
|
if alg != "" && !containsKeyAlgorithm(keyAlgorithms, alg) {
|
||||||
|
return fmt.Errorf("unexpected key algorithm %q; expected %q", alg, keyAlgorithms)
|
||||||
|
}
|
||||||
|
if alg != "" && !containsContentEncryption(contentEncryption, enc) {
|
||||||
|
return fmt.Errorf("unexpected content encryption algorithm %q; expected %q", enc, contentEncryption)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ParseEncryptedCompact parses a message in JWE Compact Serialization.
|
||||||
|
//
|
||||||
|
// https://datatracker.ietf.org/doc/html/rfc7516#section-3.1
|
||||||
|
func ParseEncryptedCompact(
|
||||||
|
input string,
|
||||||
|
keyAlgorithms []KeyAlgorithm,
|
||||||
|
contentEncryption []ContentEncryption,
|
||||||
|
) (*JSONWebEncryption, error) {
|
||||||
parts := strings.Split(input, ".")
|
parts := strings.Split(input, ".")
|
||||||
if len(parts) != 5 {
|
if len(parts) != 5 {
|
||||||
return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
|
return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
|
||||||
}
|
}
|
||||||
|
|
||||||
rawProtected, err := base64URLDecode(parts[0])
|
rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
encryptedKey, err := base64URLDecode(parts[1])
|
encryptedKey, err := base64.RawURLEncoding.DecodeString(parts[1])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
iv, err := base64URLDecode(parts[2])
|
iv, err := base64.RawURLEncoding.DecodeString(parts[2])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
ciphertext, err := base64URLDecode(parts[3])
|
ciphertext, err := base64.RawURLEncoding.DecodeString(parts[3])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
tag, err := base64URLDecode(parts[4])
|
tag, err := base64.RawURLEncoding.DecodeString(parts[4])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -240,7 +326,7 @@ func parseEncryptedCompact(input string) (*JSONWebEncryption, error) {
|
|||||||
Tag: newBuffer(tag),
|
Tag: newBuffer(tag),
|
||||||
}
|
}
|
||||||
|
|
||||||
return raw.sanitized()
|
return raw.sanitized(keyAlgorithms, contentEncryption)
|
||||||
}
|
}
|
||||||
|
|
||||||
// CompactSerialize serializes an object using the compact serialization format.
|
// CompactSerialize serializes an object using the compact serialization format.
|
@ -35,7 +35,7 @@ import (
|
|||||||
"reflect"
|
"reflect"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/go-jose/go-jose/v3/json"
|
"github.com/go-jose/go-jose/v4/json"
|
||||||
)
|
)
|
||||||
|
|
||||||
// rawJSONWebKey represents a public or private key in JWK format, used for parsing/serializing.
|
// rawJSONWebKey represents a public or private key in JWK format, used for parsing/serializing.
|
||||||
@ -266,7 +266,7 @@ func (k *JSONWebKey) UnmarshalJSON(data []byte) (err error) {
|
|||||||
|
|
||||||
// x5t parameters are base64url-encoded SHA thumbprints
|
// x5t parameters are base64url-encoded SHA thumbprints
|
||||||
// See RFC 7517, Section 4.8, https://tools.ietf.org/html/rfc7517#section-4.8
|
// See RFC 7517, Section 4.8, https://tools.ietf.org/html/rfc7517#section-4.8
|
||||||
x5tSHA1bytes, err := base64URLDecode(raw.X5tSHA1)
|
x5tSHA1bytes, err := base64.RawURLEncoding.DecodeString(raw.X5tSHA1)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.New("go-jose/go-jose: invalid JWK, x5t header has invalid encoding")
|
return errors.New("go-jose/go-jose: invalid JWK, x5t header has invalid encoding")
|
||||||
}
|
}
|
||||||
@ -286,7 +286,7 @@ func (k *JSONWebKey) UnmarshalJSON(data []byte) (err error) {
|
|||||||
|
|
||||||
k.CertificateThumbprintSHA1 = x5tSHA1bytes
|
k.CertificateThumbprintSHA1 = x5tSHA1bytes
|
||||||
|
|
||||||
x5tSHA256bytes, err := base64URLDecode(raw.X5tSHA256)
|
x5tSHA256bytes, err := base64.RawURLEncoding.DecodeString(raw.X5tSHA256)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.New("go-jose/go-jose: invalid JWK, x5t#S256 header has invalid encoding")
|
return errors.New("go-jose/go-jose: invalid JWK, x5t#S256 header has invalid encoding")
|
||||||
}
|
}
|
@ -23,7 +23,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/go-jose/go-jose/v3/json"
|
"github.com/go-jose/go-jose/v4/json"
|
||||||
)
|
)
|
||||||
|
|
||||||
// rawJSONWebSignature represents a raw JWS JSON object. Used for parsing/serializing.
|
// rawJSONWebSignature represents a raw JWS JSON object. Used for parsing/serializing.
|
||||||
@ -75,22 +75,41 @@ type Signature struct {
|
|||||||
original *rawSignatureInfo
|
original *rawSignatureInfo
|
||||||
}
|
}
|
||||||
|
|
||||||
// ParseSigned parses a signed message in compact or JWS JSON Serialization format.
|
// ParseSigned parses a signed message in JWS Compact or JWS JSON Serialization.
|
||||||
func ParseSigned(signature string) (*JSONWebSignature, error) {
|
//
|
||||||
|
// https://datatracker.ietf.org/doc/html/rfc7515#section-7
|
||||||
|
func ParseSigned(
|
||||||
|
signature string,
|
||||||
|
signatureAlgorithms []SignatureAlgorithm,
|
||||||
|
) (*JSONWebSignature, error) {
|
||||||
signature = stripWhitespace(signature)
|
signature = stripWhitespace(signature)
|
||||||
if strings.HasPrefix(signature, "{") {
|
if strings.HasPrefix(signature, "{") {
|
||||||
return parseSignedFull(signature)
|
return ParseSignedJSON(signature, signatureAlgorithms)
|
||||||
}
|
}
|
||||||
|
|
||||||
return parseSignedCompact(signature, nil)
|
return parseSignedCompact(signature, nil, signatureAlgorithms)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ParseSignedCompact parses a message in JWS Compact Serialization.
|
||||||
|
//
|
||||||
|
// https://datatracker.ietf.org/doc/html/rfc7515#section-7.1
|
||||||
|
func ParseSignedCompact(
|
||||||
|
signature string,
|
||||||
|
signatureAlgorithms []SignatureAlgorithm,
|
||||||
|
) (*JSONWebSignature, error) {
|
||||||
|
return parseSignedCompact(signature, nil, signatureAlgorithms)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ParseDetached parses a signed message in compact serialization format with detached payload.
|
// ParseDetached parses a signed message in compact serialization format with detached payload.
|
||||||
func ParseDetached(signature string, payload []byte) (*JSONWebSignature, error) {
|
func ParseDetached(
|
||||||
|
signature string,
|
||||||
|
payload []byte,
|
||||||
|
signatureAlgorithms []SignatureAlgorithm,
|
||||||
|
) (*JSONWebSignature, error) {
|
||||||
if payload == nil {
|
if payload == nil {
|
||||||
return nil, errors.New("go-jose/go-jose: nil payload")
|
return nil, errors.New("go-jose/go-jose: nil payload")
|
||||||
}
|
}
|
||||||
return parseSignedCompact(stripWhitespace(signature), payload)
|
return parseSignedCompact(stripWhitespace(signature), payload, signatureAlgorithms)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get a header value
|
// Get a header value
|
||||||
@ -137,19 +156,36 @@ func (obj JSONWebSignature) computeAuthData(payload []byte, signature *Signature
|
|||||||
return authData.Bytes(), nil
|
return authData.Bytes(), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// parseSignedFull parses a message in full format.
|
// ParseSignedJSON parses a message in JWS JSON Serialization.
|
||||||
func parseSignedFull(input string) (*JSONWebSignature, error) {
|
//
|
||||||
|
// https://datatracker.ietf.org/doc/html/rfc7515#section-7.2
|
||||||
|
func ParseSignedJSON(
|
||||||
|
input string,
|
||||||
|
signatureAlgorithms []SignatureAlgorithm,
|
||||||
|
) (*JSONWebSignature, error) {
|
||||||
var parsed rawJSONWebSignature
|
var parsed rawJSONWebSignature
|
||||||
err := json.Unmarshal([]byte(input), &parsed)
|
err := json.Unmarshal([]byte(input), &parsed)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return parsed.sanitized()
|
return parsed.sanitized(signatureAlgorithms)
|
||||||
|
}
|
||||||
|
|
||||||
|
func containsSignatureAlgorithm(haystack []SignatureAlgorithm, needle SignatureAlgorithm) bool {
|
||||||
|
for _, algorithm := range haystack {
|
||||||
|
if algorithm == needle {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
// sanitized produces a cleaned-up JWS object from the raw JSON.
|
// sanitized produces a cleaned-up JWS object from the raw JSON.
|
||||||
func (parsed *rawJSONWebSignature) sanitized() (*JSONWebSignature, error) {
|
func (parsed *rawJSONWebSignature) sanitized(signatureAlgorithms []SignatureAlgorithm) (*JSONWebSignature, error) {
|
||||||
|
if len(signatureAlgorithms) == 0 {
|
||||||
|
return nil, errors.New("go-jose/go-jose: no signature algorithms specified")
|
||||||
|
}
|
||||||
if parsed.Payload == nil {
|
if parsed.Payload == nil {
|
||||||
return nil, fmt.Errorf("go-jose/go-jose: missing payload in JWS message")
|
return nil, fmt.Errorf("go-jose/go-jose: missing payload in JWS message")
|
||||||
}
|
}
|
||||||
@ -198,6 +234,12 @@ func (parsed *rawJSONWebSignature) sanitized() (*JSONWebSignature, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
alg := SignatureAlgorithm(signature.Header.Algorithm)
|
||||||
|
if !containsSignatureAlgorithm(signatureAlgorithms, alg) {
|
||||||
|
return nil, fmt.Errorf("go-jose/go-jose: unexpected signature algorithm %q; expected %q",
|
||||||
|
alg, signatureAlgorithms)
|
||||||
|
}
|
||||||
|
|
||||||
if signature.header != nil {
|
if signature.header != nil {
|
||||||
signature.Unprotected, err = signature.header.sanitized()
|
signature.Unprotected, err = signature.header.sanitized()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -241,6 +283,12 @@ func (parsed *rawJSONWebSignature) sanitized() (*JSONWebSignature, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
alg := SignatureAlgorithm(obj.Signatures[i].Header.Algorithm)
|
||||||
|
if !containsSignatureAlgorithm(signatureAlgorithms, alg) {
|
||||||
|
return nil, fmt.Errorf("go-jose/go-jose: unexpected signature algorithm %q; expected %q",
|
||||||
|
alg, signatureAlgorithms)
|
||||||
|
}
|
||||||
|
|
||||||
if obj.Signatures[i].header != nil {
|
if obj.Signatures[i].header != nil {
|
||||||
obj.Signatures[i].Unprotected, err = obj.Signatures[i].header.sanitized()
|
obj.Signatures[i].Unprotected, err = obj.Signatures[i].header.sanitized()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -274,7 +322,11 @@ func (parsed *rawJSONWebSignature) sanitized() (*JSONWebSignature, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// parseSignedCompact parses a message in compact format.
|
// parseSignedCompact parses a message in compact format.
|
||||||
func parseSignedCompact(input string, payload []byte) (*JSONWebSignature, error) {
|
func parseSignedCompact(
|
||||||
|
input string,
|
||||||
|
payload []byte,
|
||||||
|
signatureAlgorithms []SignatureAlgorithm,
|
||||||
|
) (*JSONWebSignature, error) {
|
||||||
parts := strings.Split(input, ".")
|
parts := strings.Split(input, ".")
|
||||||
if len(parts) != 3 {
|
if len(parts) != 3 {
|
||||||
return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
|
return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
|
||||||
@ -284,19 +336,19 @@ func parseSignedCompact(input string, payload []byte) (*JSONWebSignature, error)
|
|||||||
return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")
|
return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")
|
||||||
}
|
}
|
||||||
|
|
||||||
rawProtected, err := base64URLDecode(parts[0])
|
rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if payload == nil {
|
if payload == nil {
|
||||||
payload, err = base64URLDecode(parts[1])
|
payload, err = base64.RawURLEncoding.DecodeString(parts[1])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
signature, err := base64URLDecode(parts[2])
|
signature, err := base64.RawURLEncoding.DecodeString(parts[2])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -306,7 +358,7 @@ func parseSignedCompact(input string, payload []byte) (*JSONWebSignature, error)
|
|||||||
Protected: newBuffer(rawProtected),
|
Protected: newBuffer(rawProtected),
|
||||||
Signature: newBuffer(signature),
|
Signature: newBuffer(signature),
|
||||||
}
|
}
|
||||||
return raw.sanitized()
|
return raw.sanitized(signatureAlgorithms)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (obj JSONWebSignature) compactSerialize(detached bool) (string, error) {
|
func (obj JSONWebSignature) compactSerialize(detached bool) (string, error) {
|
@ -21,13 +21,13 @@ import (
|
|||||||
"bytes"
|
"bytes"
|
||||||
"reflect"
|
"reflect"
|
||||||
|
|
||||||
"github.com/go-jose/go-jose/v3/json"
|
"github.com/go-jose/go-jose/v4/json"
|
||||||
|
|
||||||
"github.com/go-jose/go-jose/v3"
|
"github.com/go-jose/go-jose/v4"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Builder is a utility for making JSON Web Tokens. Calls can be chained, and
|
// Builder is a utility for making JSON Web Tokens. Calls can be chained, and
|
||||||
// errors are accumulated until the final call to CompactSerialize/FullSerialize.
|
// errors are accumulated until the final call to Serialize.
|
||||||
type Builder interface {
|
type Builder interface {
|
||||||
// Claims encodes claims into JWE/JWS form. Multiple calls will merge claims
|
// Claims encodes claims into JWE/JWS form. Multiple calls will merge claims
|
||||||
// into single JSON object. If you are passing private claims, make sure to set
|
// into single JSON object. If you are passing private claims, make sure to set
|
||||||
@ -36,15 +36,13 @@ type Builder interface {
|
|||||||
Claims(i interface{}) Builder
|
Claims(i interface{}) Builder
|
||||||
// Token builds a JSONWebToken from provided data.
|
// Token builds a JSONWebToken from provided data.
|
||||||
Token() (*JSONWebToken, error)
|
Token() (*JSONWebToken, error)
|
||||||
// FullSerialize serializes a token using the JWS/JWE JSON Serialization format.
|
// Serialize serializes a token.
|
||||||
FullSerialize() (string, error)
|
Serialize() (string, error)
|
||||||
// CompactSerialize serializes a token using the compact serialization format.
|
|
||||||
CompactSerialize() (string, error)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// NestedBuilder is a utility for making Signed-Then-Encrypted JSON Web Tokens.
|
// NestedBuilder is a utility for making Signed-Then-Encrypted JSON Web Tokens.
|
||||||
// Calls can be chained, and errors are accumulated until final call to
|
// Calls can be chained, and errors are accumulated until final call to
|
||||||
// CompactSerialize/FullSerialize.
|
// Serialize.
|
||||||
type NestedBuilder interface {
|
type NestedBuilder interface {
|
||||||
// Claims encodes claims into JWE/JWS form. Multiple calls will merge claims
|
// Claims encodes claims into JWE/JWS form. Multiple calls will merge claims
|
||||||
// into single JSON object. If you are passing private claims, make sure to set
|
// into single JSON object. If you are passing private claims, make sure to set
|
||||||
@ -53,10 +51,8 @@ type NestedBuilder interface {
|
|||||||
Claims(i interface{}) NestedBuilder
|
Claims(i interface{}) NestedBuilder
|
||||||
// Token builds a NestedJSONWebToken from provided data.
|
// Token builds a NestedJSONWebToken from provided data.
|
||||||
Token() (*NestedJSONWebToken, error)
|
Token() (*NestedJSONWebToken, error)
|
||||||
// FullSerialize serializes a token using the JSON Serialization format.
|
// Serialize serializes a token.
|
||||||
FullSerialize() (string, error)
|
Serialize() (string, error)
|
||||||
// CompactSerialize serializes a token using the compact serialization format.
|
|
||||||
CompactSerialize() (string, error)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type builder struct {
|
type builder struct {
|
||||||
@ -194,7 +190,7 @@ func (b *signedBuilder) Token() (*JSONWebToken, error) {
|
|||||||
return b.builder.token(sig.Verify, h)
|
return b.builder.token(sig.Verify, h)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *signedBuilder) CompactSerialize() (string, error) {
|
func (b *signedBuilder) Serialize() (string, error) {
|
||||||
sig, err := b.sign()
|
sig, err := b.sign()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
@ -203,15 +199,6 @@ func (b *signedBuilder) CompactSerialize() (string, error) {
|
|||||||
return sig.CompactSerialize()
|
return sig.CompactSerialize()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *signedBuilder) FullSerialize() (string, error) {
|
|
||||||
sig, err := b.sign()
|
|
||||||
if err != nil {
|
|
||||||
return "", err
|
|
||||||
}
|
|
||||||
|
|
||||||
return sig.FullSerialize(), nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (b *signedBuilder) sign() (*jose.JSONWebSignature, error) {
|
func (b *signedBuilder) sign() (*jose.JSONWebSignature, error) {
|
||||||
if b.err != nil {
|
if b.err != nil {
|
||||||
return nil, b.err
|
return nil, b.err
|
||||||
@ -232,7 +219,7 @@ func (b *encryptedBuilder) Claims(i interface{}) Builder {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *encryptedBuilder) CompactSerialize() (string, error) {
|
func (b *encryptedBuilder) Serialize() (string, error) {
|
||||||
enc, err := b.encrypt()
|
enc, err := b.encrypt()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
@ -241,15 +228,6 @@ func (b *encryptedBuilder) CompactSerialize() (string, error) {
|
|||||||
return enc.CompactSerialize()
|
return enc.CompactSerialize()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *encryptedBuilder) FullSerialize() (string, error) {
|
|
||||||
enc, err := b.encrypt()
|
|
||||||
if err != nil {
|
|
||||||
return "", err
|
|
||||||
}
|
|
||||||
|
|
||||||
return enc.FullSerialize(), nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (b *encryptedBuilder) Token() (*JSONWebToken, error) {
|
func (b *encryptedBuilder) Token() (*JSONWebToken, error) {
|
||||||
enc, err := b.encrypt()
|
enc, err := b.encrypt()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -280,6 +258,8 @@ func (b *nestedBuilder) Claims(i interface{}) NestedBuilder {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Token produced a token suitable for serialization. It cannot be decrypted
|
||||||
|
// without serializing and then deserializing.
|
||||||
func (b *nestedBuilder) Token() (*NestedJSONWebToken, error) {
|
func (b *nestedBuilder) Token() (*NestedJSONWebToken, error) {
|
||||||
enc, err := b.signAndEncrypt()
|
enc, err := b.signAndEncrypt()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -287,12 +267,13 @@ func (b *nestedBuilder) Token() (*NestedJSONWebToken, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
return &NestedJSONWebToken{
|
return &NestedJSONWebToken{
|
||||||
enc: enc,
|
allowedSignatureAlgorithms: nil,
|
||||||
Headers: []jose.Header{enc.Header},
|
enc: enc,
|
||||||
|
Headers: []jose.Header{enc.Header},
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *nestedBuilder) CompactSerialize() (string, error) {
|
func (b *nestedBuilder) Serialize() (string, error) {
|
||||||
enc, err := b.signAndEncrypt()
|
enc, err := b.signAndEncrypt()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user