Merge pull request #93 from ceph/devel

Sync rhs/ceph-csi:devel with ceph/ceph-csi:devel

README.md

@@ -1,6 +1,7 @@
 # Ceph CSI
 
 [![GitHub release](https://img.shields.io/github/release/ceph/ceph-csi/all.svg)](https://github.com/ceph/ceph-csi/releases)
+[![Mergify Status](https://img.shields.io/endpoint.svg?url=https://api.mergify.com/v1/badges/ceph/ceph-csi&style=flat)](https://mergify.com)
 [![Go Report
 Card](https://goreportcard.com/badge/github.com/ceph/ceph-csi)](https://goreportcard.com/report/github.com/ceph/ceph-csi)
 [![TODOs](https://badgen.net/https/api.tickgit.com/badgen/github.com/ceph/ceph-csi/devel)](https://www.tickgit.com/browse?repo=github.com/ceph/ceph-csi&branch=devel)

deploy/nfs/kubernetes/csi-nodeplugin-rbac.yaml

@@ -3,25 +3,3 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: nfs-csi-nodeplugin
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: nfs-csi-nodeplugin
-rules:
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get"]
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: nfs-csi-nodeplugin
-subjects:
-  - kind: ServiceAccount
-    name: nfs-csi-nodeplugin
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: nfs-csi-nodeplugin
-  apiGroup: rbac.authorization.k8s.io

go.mod

@@ -4,7 +4,7 @@ go 1.17
 
 require (
 	github.com/IBM/keyprotect-go-client v0.7.0
-	github.com/aws/aws-sdk-go v1.43.41
+	github.com/aws/aws-sdk-go v1.44.5
 	github.com/aws/aws-sdk-go-v2/service/sts v1.16.4
 	github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
 	// TODO: API for managing NFS-exports requires `ceph_ci_untested` build-tag

go.sum

@@ -138,8 +138,8 @@ github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k=
 github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.43.41 h1:HaazVplP8/t6SOfybQlNUmjAxLWDKdLdX8BSEHFlJdY=
+github.com/aws/aws-sdk-go v1.44.5 h1:T4mckpWUfplPG4GA3FDWDCM1QaCzisjGzzeCVBhHKwQ=
-github.com/aws/aws-sdk-go v1.43.41/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.5/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go-v2 v1.16.3 h1:0W1TSJ7O6OzwuEvIXAtJGvOeQ0SGAhcpxPN2/NK5EhM=
 github.com/aws/aws-sdk-go-v2 v1.16.3/go.mod h1:ytwTPBG6fXTZLxxeeCCWj2/EMYp/xDUgX+OET6TLNNU=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.10 h1:uFWgo6mGJI1n17nbcvSc6fxVuR3xLNqvXt12JCnEcT8=

scripts/utils.sh

@@ -1,4 +1,4 @@
-#!/bin/bash -E
+#!/bin/bash
 
 KUBECTL_RETRY=5
 KUBECTL_RETRY_DELAY=10
@@ -27,14 +27,20 @@ kubectl_retry() {
 
     while ! ( kubectl "${action}" "${@}" 2>"${stderr}" 1>>"${stdout}" )
     do
+        # write logs to stderr and empty stderr (only)
+        cat "${stdout}" > /dev/stderr
+        cat "${stderr}" > /dev/stderr
+        echo "$(date): 'kubectl_retry ${action} ${*}' try #${retries} failed, checking errors" > /dev/stderr
+
         # in case of a failure when running "create", ignore errors with "AlreadyExists"
         if [ "${action}" == 'create' ]
         then
             # count lines in stderr that do not have "AlreadyExists" or "Warning"
-            ret=$(grep -cvw -e 'AlreadyExists' -e '^Warning:' "${stderr}")
+            ret=$(grep -cvw -e 'AlreadyExists' -e '^Warning:' "${stderr}" || true)
             if [ "${ret}" -eq 0 ]
             then
                 # Success! stderr is empty after removing all "AlreadyExists" lines.
+                echo "$(date): 'kubectl_retry ${action} ${*}' succeeded without unknown errors" > /dev/stderr
                 break
             fi
         fi
@@ -43,10 +49,11 @@ kubectl_retry() {
         if [ "${action}" == 'delete' ]
         then
             # count lines in stderr that do not have "NotFound" or "Warning"
-            ret=$(grep -cvw -e 'NotFound' -e '^Warning:' "${stderr}")
+            ret=$(grep -cvw -e 'NotFound' -e '^Warning:' "${stderr}" || true)
             if [ "${ret}" -eq 0 ]
             then
                 # Success! stderr is empty after removing all "NotFound" lines.
+                echo "$(date): 'kubectl_retry ${action} ${*}' succeeded without unknown errors" > /dev/stderr
                 break
             fi
         fi
@@ -54,24 +61,23 @@ kubectl_retry() {
         retries=$((retries+1))
         if [ ${retries} -eq ${KUBECTL_RETRY} ]
         then
+            echo "$(date): 'kubectl_retry ${action} ${*}' failed, no more retries left (${retries}/${KUBECTL_RETRY})" > /dev/stderr
             ret=1
             break
         fi
 
-	# write logs to stderr and empty stderr (only)
+        # empty stderr for the next loop
-	cat "${stdout}" > /dev/stderr
+        true > "${stderr}"
-	cat "${stderr}" > /dev/stderr
+        echo "$(date): 'kubectl_retry ${action} ${*}' failed (${retries}/${KUBECTL_RETRY}), will retry in ${KUBECTL_RETRY_DELAY} seconds" > /dev/stderr
-	true > "${stderr}"
-	echo "$(date): 'kubectl_retry ${*}' failed (${retries}/${KUBECTL_RETRY}), will retry in ${KUBECTL_RETRY_DELAY} seconds" > /dev/stderr
 
         sleep ${KUBECTL_RETRY_DELAY}
 
-	# reset ret so that a next working kubectl does not cause a non-zero
+        # reset ret so that a next working kubectl does not cause a non-zero
-	# return of the function
+        # return of the function
         ret=0
     done
 
-    echo "$(date): 'kubectl_retry ${*}' done (ret=${ret})" > /dev/stderr
+    echo "$(date): 'kubectl_retry ${action} ${*}' done (ret=${ret})" > /dev/stderr
 
     # write output so that calling functions can consume it
     cat "${stdout}" > /dev/stdout

vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go

@@ -5673,6 +5673,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@@ -11227,6 +11230,28 @@ var awsPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"iottwinmaker": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
 		"iotwireless": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -11296,6 +11321,19 @@ var awsPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"ivschat": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
 		"kafka": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -13098,6 +13136,52 @@ var awsPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"media-pipelines-chime": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "media-pipelines-chime-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-1-fips",
+				}: endpoint{
+					Hostname: "media-pipelines-chime-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "media-pipelines-chime-fips.us-west-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2-fips",
+				}: endpoint{
+					Hostname: "media-pipelines-chime-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+			},
+		},
 		"mediaconnect": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -14460,6 +14544,9 @@ var awsPartition = partition{
 		},
 		"nimble": service{
 			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-2",
 				}: endpoint{},
@@ -15370,6 +15457,12 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "qldb-fips.ca-central-1.amazonaws.com",
+				},
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
@@ -15379,6 +15472,15 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-west-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "qldb-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
 				endpointKey{
 					Region: "fips-us-east-1",
 				}: endpoint{
@@ -16611,6 +16713,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@@ -29902,6 +30007,13 @@ var awsisobPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"ram": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
 		"rds": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{

vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go

@@ -330,6 +330,9 @@ func MakeAddToUserAgentFreeFormHandler(s string) func(*Request) {
 // WithSetRequestHeaders updates the operation request's HTTP header to contain
 // the header key value pairs provided. If the header key already exists in the
 // request's HTTP header set, the existing value(s) will be replaced.
+//
+// Header keys added will be added as canonical format with title casing
+// applied via http.Header.Set method.
 func WithSetRequestHeaders(h map[string]string) Option {
 	return withRequestHeader(h).SetRequestHeaders
 }
@@ -338,6 +341,6 @@ type withRequestHeader map[string]string
 
 func (h withRequestHeader) SetRequestHeaders(r *Request) {
 	for k, v := range h {
-		r.HTTPRequest.Header[k] = []string{v}
+		r.HTTPRequest.Header.Set(k, v)
 	}
 }

vendor/github.com/aws/aws-sdk-go/aws/version.go

@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.43.41"
+const SDKVersion = "1.44.5"

vendor/github.com/aws/aws-sdk-go/service/ec2/api.go

@@ -5615,11 +5615,12 @@ func (c *EC2) CreateKeyPairRequest(input *CreateKeyPairInput) (req *request.Requ
 
 // CreateKeyPair API operation for Amazon Elastic Compute Cloud.
 //
-// Creates an ED25519 or 2048-bit RSA key pair with the specified name. Amazon
+// Creates an ED25519 or 2048-bit RSA key pair with the specified name and in
-// EC2 stores the public key and displays the private key for you to save to
+// the specified PEM or PPK format. Amazon EC2 stores the public key and displays
-// a file. The private key is returned as an unencrypted PEM encoded PKCS#1
+// the private key for you to save to a file. The private key is returned as
-// private key. If a key with the specified name already exists, Amazon EC2
+// an unencrypted PEM encoded PKCS#1 private key or an unencrypted PPK formatted
-// returns an error.
+// private key for use with PuTTY. If a key with the specified name already
+// exists, Amazon EC2 returns an error.
 //
 // The key pair returned to you is available only in the Amazon Web Services
 // Region in which you create it. If you prefer, you can create your own key
@@ -45629,6 +45630,11 @@ func (c *EC2) RequestSpotFleetRequest(input *RequestSpotFleetInput) (req *reques
 // For more information, see Spot Fleet requests (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html)
 // in the Amazon EC2 User Guide for Linux Instances.
 //
+// We strongly discourage using the RequestSpotFleet API because it is a legacy
+// API with no planned investment. For options for requesting Spot Instances,
+// see Which is the best Spot request method to use? (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use)
+// in the Amazon EC2 User Guide for Linux Instances.
+//
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
@@ -45706,6 +45712,11 @@ func (c *EC2) RequestSpotInstancesRequest(input *RequestSpotInstancesInput) (req
 // For more information, see Spot Instance requests (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html)
 // in the Amazon EC2 User Guide for Linux Instances.
 //
+// We strongly discourage using the RequestSpotInstances API because it is a
+// legacy API with no planned investment. For options for requesting Spot Instances,
+// see Which is the best Spot request method to use? (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use)
+// in the Amazon EC2 User Guide for Linux Instances.
+//
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
@@ -63302,6 +63313,11 @@ type CreateKeyPairInput struct {
 	// it is UnauthorizedOperation.
 	DryRun *bool `locationName:"dryRun" type:"boolean"`
 
+	// The format of the key pair.
+	//
+	// Default: pem
+	KeyFormat *string `type:"string" enum:"KeyFormat"`
+
 	// A unique name for the key pair.
 	//
 	// Constraints: Up to 255 ASCII characters
@@ -63356,6 +63372,12 @@ func (s *CreateKeyPairInput) SetDryRun(v bool) *CreateKeyPairInput {
 	return s
 }
 
+// SetKeyFormat sets the KeyFormat field's value.
+func (s *CreateKeyPairInput) SetKeyFormat(v string) *CreateKeyPairInput {
+	s.KeyFormat = &v
+	return s
+}
+
 // SetKeyName sets the KeyName field's value.
 func (s *CreateKeyPairInput) SetKeyName(v string) *CreateKeyPairInput {
 	s.KeyName = &v
@@ -63378,7 +63400,11 @@ func (s *CreateKeyPairInput) SetTagSpecifications(v []*TagSpecification) *Create
 type CreateKeyPairOutput struct {
 	_ struct{} `type:"structure"`
 
-	// The SHA-1 digest of the DER encoded private key.
+	//    * For RSA key pairs, the key fingerprint is the SHA-1 digest of the DER
+	//    encoded private key.
+	//
+	//    * For ED25519 key pairs, the key fingerprint is the base64-encoded SHA-256
+	//    digest, which is the default for OpenSSH, starting with OpenSSH 6.8.
 	KeyFingerprint *string `locationName:"keyFingerprint" type:"string"`
 
 	// An unencrypted PEM encoded RSA or ED25519 private key.
@@ -84191,6 +84217,9 @@ type DescribeInstancesInput struct {
 	//
 	//    * block-device-mapping.volume-id - The volume ID of the EBS volume.
 	//
+	//    * capacity-reservation-id - The ID of the Capacity Reservation into which
+	//    the instance was launched.
+	//
 	//    * client-token - The idempotency token you provided when you launched
 	//    the instance.
 	//
@@ -85212,6 +85241,11 @@ type DescribeKeyPairsInput struct {
 	//    the filter value.
 	Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"`
 
+	// If true, the public key material is included in the response.
+	//
+	// Default: false
+	IncludePublicKey *bool `type:"boolean"`
+
 	// The key pair names.
 	//
 	// Default: Describes all of your key pairs.
@@ -85251,6 +85285,12 @@ func (s *DescribeKeyPairsInput) SetFilters(v []*Filter) *DescribeKeyPairsInput {
 	return s
 }
 
+// SetIncludePublicKey sets the IncludePublicKey field's value.
+func (s *DescribeKeyPairsInput) SetIncludePublicKey(v bool) *DescribeKeyPairsInput {
+	s.IncludePublicKey = &v
+	return s
+}
+
 // SetKeyNames sets the KeyNames field's value.
 func (s *DescribeKeyPairsInput) SetKeyNames(v []*string) *DescribeKeyPairsInput {
 	s.KeyNames = v
@@ -91428,7 +91468,7 @@ type DescribeSpotInstanceRequestsInput struct {
 	//    * state - The state of the Spot Instance request (open | active | closed
 	//    | cancelled | failed). Spot request status information can help you track
 	//    your Amazon EC2 Spot Instance requests. For more information, see Spot
-	//    request status (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-bid-status.html)
+	//    request status (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-request-status.html)
 	//    in the Amazon EC2 User Guide for Linux Instances.
 	//
 	//    * status-code - The short code describing the most recent evaluation of
@@ -112750,7 +112790,11 @@ func (s *ImportKeyPairInput) SetTagSpecifications(v []*TagSpecification) *Import
 type ImportKeyPairOutput struct {
 	_ struct{} `type:"structure"`
 
-	// The MD5 public key fingerprint as specified in section 4 of RFC 4716.
+	//    * For RSA key pairs, the key fingerprint is the MD5 public key fingerprint
+	//    as specified in section 4 of RFC 4716.
+	//
+	//    * For ED25519 key pairs, the key fingerprint is the base64-encoded SHA-256
+	//    digest, which is the default for OpenSSH, starting with OpenSSH 6.8 (http://www.openssh.com/txt/release-6.8).
 	KeyFingerprint *string `locationName:"keyFingerprint" type:"string"`
 
 	// The key pair name that you provided.
@@ -119355,6 +119399,15 @@ func (s *Ipv6Range) SetDescription(v string) *Ipv6Range {
 type KeyPairInfo struct {
 	_ struct{} `type:"structure"`
 
+	// If you used Amazon EC2 to create the key pair, this is the date and time
+	// when the key was created, in ISO 8601 date-time format (https://www.iso.org/iso-8601-date-and-time-format.html),
+	// in the UTC time zone.
+	//
+	// If you imported an existing key pair to Amazon EC2, this is the date and
+	// time the key was imported, in ISO 8601 date-time format (https://www.iso.org/iso-8601-date-and-time-format.html),
+	// in the UTC time zone.
+	CreateTime *time.Time `locationName:"createTime" type:"timestamp"`
+
 	// If you used CreateKeyPair to create the key pair:
 	//
 	//    * For RSA key pairs, the key fingerprint is the SHA-1 digest of the DER
@@ -119381,6 +119434,9 @@ type KeyPairInfo struct {
 	// The type of key pair.
 	KeyType *string `locationName:"keyType" type:"string" enum:"KeyType"`
 
+	// The public key material.
+	PublicKey *string `locationName:"publicKey" type:"string"`
+
 	// Any tags applied to the key pair.
 	Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"`
 }
@@ -119403,6 +119459,12 @@ func (s KeyPairInfo) GoString() string {
 	return s.String()
 }
 
+// SetCreateTime sets the CreateTime field's value.
+func (s *KeyPairInfo) SetCreateTime(v time.Time) *KeyPairInfo {
+	s.CreateTime = &v
+	return s
+}
+
 // SetKeyFingerprint sets the KeyFingerprint field's value.
 func (s *KeyPairInfo) SetKeyFingerprint(v string) *KeyPairInfo {
 	s.KeyFingerprint = &v
@@ -119427,6 +119489,12 @@ func (s *KeyPairInfo) SetKeyType(v string) *KeyPairInfo {
 	return s
 }
 
+// SetPublicKey sets the PublicKey field's value.
+func (s *KeyPairInfo) SetPublicKey(v string) *KeyPairInfo {
+	s.PublicKey = &v
+	return s
+}
+
 // SetTags sets the Tags field's value.
 func (s *KeyPairInfo) SetTags(v []*Tag) *KeyPairInfo {
 	s.Tags = v
@@ -119603,7 +119671,7 @@ type LaunchSpecification struct {
 	// The ID of the AMI.
 	ImageId *string `locationName:"imageId" type:"string"`
 
-	// The instance type.
+	// The instance type. Only one instance type can be specified.
 	InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"`
 
 	// The ID of the kernel.
@@ -128488,11 +128556,11 @@ type ModifySubnetAttributeInput struct {
 	// in the specified subnet should be assigned a public IPv4 address.
 	MapPublicIpOnLaunch *AttributeBooleanValue `type:"structure"`
 
-	// The type of hostnames to assign to instances in the subnet at launch. For
+	// The type of hostname to assign to instances in the subnet at launch. For
-	// IPv4 only subnets, an instance DNS name must be based on the instance IPv4
+	// IPv4-only and dual-stack (IPv4 and IPv6) subnets, an instance DNS name can
-	// address. For IPv6 only subnets, an instance DNS name must be based on the
+	// be based on the instance IPv4 address (ip-name) or the instance ID (resource-name).
-	// instance ID. For dual-stack subnets, you can specify whether DNS names use
+	// For IPv6 only subnets, an instance DNS name must be based on the instance
-	// the instance IPv4 address or the instance ID.
+	// ID (resource-name).
 	PrivateDnsHostnameTypeOnLaunch *string `type:"string" enum:"HostnameType"`
 
 	// The ID of the subnet.
@@ -141059,7 +141127,7 @@ type RequestSpotLaunchSpecification struct {
 	// The ID of the AMI.
 	ImageId *string `locationName:"imageId" type:"string"`
 
-	// The instance type.
+	// The instance type. Only one instance type can be specified.
 	InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"`
 
 	// The ID of the kernel.
@@ -145089,7 +145157,11 @@ type RunInstancesInput struct {
 	// If you are using a command line tool, base64-encoding is performed for you,
 	// and you can load the text from a file. Otherwise, you must provide base64-encoded
 	// text. User data is limited to 16 KB.
-	UserData *string `type:"string"`
+	//
+	// UserData is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by RunInstancesInput's
+	// String and GoString methods.
+	UserData *string `type:"string" sensitive:"true"`
 }
 
 // String returns the string representation.
@@ -150089,8 +150161,9 @@ type SpotInstanceRequest struct {
 	// The maximum price per hour that you are willing to pay for a Spot Instance.
 	SpotPrice *string `locationName:"spotPrice" type:"string"`
 
-	// The state of the Spot Instance request. Spot status information helps track
+	// The state of the Spot Instance request. Spot request status information helps
-	// your Spot Instance requests. For more information, see Spot status (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-bid-status.html)
+	// track your Spot Instance requests. For more information, see Spot request
+	// status (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-request-status.html)
 	// in the Amazon EC2 User Guide for Linux Instances.
 	State *string `locationName:"state" type:"string" enum:"SpotInstanceState"`
 
@@ -150297,7 +150370,8 @@ func (s *SpotInstanceStateFault) SetMessage(v string) *SpotInstanceStateFault {
 type SpotInstanceStatus struct {
 	_ struct{} `type:"structure"`
 
-	// The status code. For a list of status codes, see Spot status codes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-bid-status.html#spot-instance-bid-status-understand)
+	// The status code. For a list of status codes, see Spot request status codes
+	// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-request-status.html#spot-instance-request-status-understand)
 	// in the Amazon EC2 User Guide for Linux Instances.
 	Code *string `locationName:"code" type:"string"`
 
@@ -165511,6 +165585,22 @@ func Ipv6SupportValue_Values() []string {
 	}
 }
 
+const (
+	// KeyFormatPem is a KeyFormat enum value
+	KeyFormatPem = "pem"
+
+	// KeyFormatPpk is a KeyFormat enum value
+	KeyFormatPpk = "ppk"
+)
+
+// KeyFormat_Values returns all elements of the KeyFormat enum
+func KeyFormat_Values() []string {
+	return []string{
+		KeyFormatPem,
+		KeyFormatPpk,
+	}
+}
+
 const (
 	// KeyTypeRsa is a KeyType enum value
 	KeyTypeRsa = "rsa"

vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go

@@ -906,6 +906,57 @@ func (c *EC2) WaitUntilNatGatewayAvailableWithContext(ctx aws.Context, input *De
 	return w.WaitWithContext(ctx)
 }
 
+// WaitUntilNatGatewayDeleted uses the Amazon EC2 API operation
+// DescribeNatGateways to wait for a condition to be met before returning.
+// If the condition is not met within the max attempt window, an error will
+// be returned.
+func (c *EC2) WaitUntilNatGatewayDeleted(input *DescribeNatGatewaysInput) error {
+	return c.WaitUntilNatGatewayDeletedWithContext(aws.BackgroundContext(), input)
+}
+
+// WaitUntilNatGatewayDeletedWithContext is an extended version of WaitUntilNatGatewayDeleted.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *EC2) WaitUntilNatGatewayDeletedWithContext(ctx aws.Context, input *DescribeNatGatewaysInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilNatGatewayDeleted",
+		MaxAttempts: 40,
+		Delay:       request.ConstantWaiterDelay(15 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
+			{
+				State:   request.SuccessWaiterState,
+				Matcher: request.PathAllWaiterMatch, Argument: "NatGateways[].State",
+				Expected: "deleted",
+			},
+			{
+				State:    request.SuccessWaiterState,
+				Matcher:  request.ErrorWaiterMatch,
+				Expected: "NatGatewayNotFound",
+			},
+		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *DescribeNatGatewaysInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.DescribeNatGatewaysRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
+
+	return w.WaitWithContext(ctx)
+}
+
 // WaitUntilNetworkInterfaceAvailable uses the Amazon EC2 API operation
 // DescribeNetworkInterfaces to wait for a condition to be met before returning.
 // If the condition is not met within the max attempt window, an error will

vendor/github.com/aws/aws-sdk-go/service/kms/doc.go

@@ -24,6 +24,12 @@
 // We recommend that you use the Amazon Web Services SDKs to make programmatic
 // API calls to KMS.
 //
+// If you need to use FIPS 140-2 validated cryptographic modules when communicating
+// with Amazon Web Services, use the FIPS endpoint in your preferred Amazon
+// Web Services Region. For more information about the available FIPS endpoints,
+// see Service endpoints (https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region)
+// in the Key Management Service topic of the Amazon Web Services General Reference.
+//
 // Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS
 // 1.2. Clients must also support cipher suites with Perfect Forward Secrecy
 // (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral

vendor/github.com/aws/aws-sdk-go/service/kms/errors.go

@@ -252,9 +252,10 @@ const (
 	//    is incompatible with the type of key material in the KMS key (KeySpec).
 	//
 	// For encrypting, decrypting, re-encrypting, and generating data keys, the
-	// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage
+	// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
-	// must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey
+	// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
-	// operation.
+	// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
+	// of a KMS key, use the DescribeKey operation.
 	//
 	// To find the encryption or signing algorithms supported for a particular KMS
 	// key, use the DescribeKey operation.
@@ -274,10 +275,18 @@ const (
 	// valid for this request.
 	//
 	// For more information about how key state affects the use of a KMS key, see
-	// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
+	// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
 	// in the Key Management Service Developer Guide .
 	ErrCodeInvalidStateException = "KMSInvalidStateException"
 
+	// ErrCodeKMSInvalidMacException for service response error code
+	// "KMSInvalidMacException".
+	//
+	// The request was rejected because the HMAC verification failed. HMAC verification
+	// fails when the HMAC computed by using the specified message, HMAC KMS key,
+	// and MAC algorithm does not match the HMAC specified in the request.
+	ErrCodeKMSInvalidMacException = "KMSInvalidMacException"
+
 	// ErrCodeKMSInvalidSignatureException for service response error code
 	// "KMSInvalidSignatureException".
 	//
@@ -356,6 +365,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
 	"InvalidKeyUsageException":                     newErrorInvalidKeyUsageException,
 	"InvalidMarkerException":                       newErrorInvalidMarkerException,
 	"KMSInvalidStateException":                     newErrorInvalidStateException,
+	"KMSInvalidMacException":                       newErrorKMSInvalidMacException,
 	"KMSInvalidSignatureException":                 newErrorKMSInvalidSignatureException,
 	"KeyUnavailableException":                      newErrorKeyUnavailableException,
 	"LimitExceededException":                       newErrorLimitExceededException,

vendor/modules.txt

@@ -8,7 +8,7 @@ github.com/armon/go-metrics
 # github.com/armon/go-radix v1.0.0
 ## explicit
 github.com/armon/go-radix
-# github.com/aws/aws-sdk-go v1.43.41
+# github.com/aws/aws-sdk-go v1.44.5
 ## explicit; go 1.11
 github.com/aws/aws-sdk-go/aws
 github.com/aws/aws-sdk-go/aws/awserr