diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 353d810e5..b4fc5449d 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -8,6 +8,7 @@ on: jobs: commitlint: name: commitlint + if: ${{ github.actor != 'dependabot[bot]' }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 diff --git a/.mergify.yml b/.mergify.yml index 1eb195bec..6f6e40144 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -26,6 +26,7 @@ pull_request_rules: - name: ask to resolve conflict conditions: - conflict + - author!=dependabot[bot] actions: comment: # yamllint disable-line rule:truthy diff --git a/README.md b/README.md index f5989a4b1..b84a0e9ae 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Card](https://goreportcard.com/badge/github.com/ceph/ceph-csi)](https://goreport - [Ceph CSI](#ceph-csi) - [Overview](#overview) - [Project status](#project-status) - - [Supported CO platforms](#supported-co-platforms) + - [Known to work CO platforms](#known-to-work-co-platforms) - [Support Matrix](#support-matrix) - [Ceph-CSI features and available versions](#ceph-csi-features-and-available-versions) - [CSI spec and Kubernetes version compatibility](#csi-spec-and-kubernetes-version-compatibility) @@ -47,11 +47,18 @@ NOTE: Status: **GA** -## Supported CO platforms +## Known to work CO platforms Ceph CSI drivers are currently developed and tested **exclusively** on Kubernetes -environments. There is work in progress to make this CO independent and thus -support other orchestration environments in the future. +environments. + +| Ceph CSI Version | Container Orchestrator Name | Version Tested| +| -----------------| --------------------------- | --------------| +| v3.4.0 | Kubernetes | v1.20, v1.21, v1.22| +| v3.3.0 | Kubernetes | v1.20, v1.21, v1.22| + +There is work in progress to make this CO independent and thus +support other orchestration environments (Nomad, Mesos..etc) in the future. NOTE: diff --git a/build.env b/build.env index 83c716e4b..eec8bb332 100644 --- a/build.env +++ b/build.env @@ -39,7 +39,7 @@ SNAPSHOT_VERSION=v4.0.0 HELM_VERSION=v3.1.2 # minikube settings -MINIKUBE_VERSION=v1.22.0 +MINIKUBE_VERSION=v1.23.0 VM_DRIVER=none CHANGE_MINIKUBE_NONE_USER=true diff --git a/charts/ceph-csi-cephfs/templates/ceph-conf.yaml b/charts/ceph-csi-cephfs/templates/ceph-conf.yaml new file mode 100644 index 000000000..25c773bca --- /dev/null +++ b/charts/ceph-csi-cephfs/templates/ceph-conf.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ceph-config + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + ceph.conf: | +{{ tpl .Values.cephconf . | indent 4 }} + keyring: "" diff --git a/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml b/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml index 9d518d962..8a4c43c05 100644 --- a/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml +++ b/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml @@ -118,6 +118,8 @@ spec: - mountPath: /lib/modules name: lib-modules readOnly: true + - name: ceph-config + mountPath: /etc/ceph/ - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ - name: keys-tmp-dir @@ -182,6 +184,9 @@ spec: - name: host-dev hostPath: path: /dev + - name: ceph-config + configMap: + name: ceph-config - name: ceph-csi-config configMap: name: {{ .Values.configMapName | quote }} diff --git a/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml b/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml index c8ba5e2a4..053f5dd3e 100644 --- a/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml +++ b/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml @@ -173,6 +173,8 @@ spec: readOnly: true - name: host-dev mountPath: /dev + - name: ceph-config + mountPath: /etc/ceph/ - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ - name: keys-tmp-dir @@ -217,6 +219,9 @@ spec: - name: host-dev hostPath: path: /dev + - name: ceph-config + configMap: + name: ceph-config - name: ceph-csi-config configMap: name: {{ .Values.configMapName | quote }} diff --git a/charts/ceph-csi-cephfs/values.yaml b/charts/ceph-csi-cephfs/values.yaml index effca9b49..d01274b98 100644 --- a/charts/ceph-csi-cephfs/values.yaml +++ b/charts/ceph-csi-cephfs/values.yaml @@ -275,6 +275,26 @@ secret: adminID: adminKey: <Ceph auth key corresponding to ID above> +# This is a sample configmap that helps define a Ceph configuration as required +# by the CSI plugins. +# Sample ceph.conf available at +# https://github.com/ceph/ceph/blob/master/src/sample.ceph.conf Detailed +# documentation is available at +# https://docs.ceph.com/en/latest/rados/configuration/ceph-conf/ +cephconf: | + [global] + auth_cluster_required = cephx + auth_service_required = cephx + auth_client_required = cephx + + # Workaround for http://tracker.ceph.com/issues/23446 + fuse_set_user_groups = false + + # ceph-fuse which uses libfuse2 by default has write buffer size of 2KiB + # adding 'fuse_big_writes = true' option by default to override this limit + # see https://github.com/ceph/ceph-csi/issues/1928 + fuse_big_writes = true + ######################################################### # Variables for 'internal' use please use with caution! # ######################################################### diff --git a/charts/ceph-csi-rbd/templates/ceph-conf.yaml b/charts/ceph-csi-rbd/templates/ceph-conf.yaml new file mode 100644 index 000000000..a9a6f0026 --- /dev/null +++ b/charts/ceph-csi-rbd/templates/ceph-conf.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ceph-config + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-rbd.name" . }} + chart: {{ include "ceph-csi-rbd.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + ceph.conf: | +{{ tpl .Values.cephconf . | indent 4 }} + keyring: "" diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml index 003fbf5ec..76b45bf38 100644 --- a/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml +++ b/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml @@ -114,6 +114,8 @@ spec: readOnly: true - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ + - name: ceph-config + mountPath: /etc/ceph/ - name: ceph-csi-encryption-kms-config mountPath: /etc/ceph-csi-encryption-kms-config/ - name: plugin-dir @@ -190,6 +192,9 @@ spec: - name: lib-modules hostPath: path: /lib/modules + - name: ceph-config + configMap: + name: ceph-config - name: ceph-csi-config configMap: name: {{ .Values.configMapName | quote }} diff --git a/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml b/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml index a92e17368..d4b2426f6 100644 --- a/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml +++ b/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml @@ -181,6 +181,8 @@ spec: readOnly: true - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ + - name: ceph-config + mountPath: /etc/ceph/ - name: ceph-csi-encryption-kms-config mountPath: /etc/ceph-csi-encryption-kms-config/ - name: keys-tmp-dir @@ -213,6 +215,8 @@ spec: mountPath: /etc/ceph-csi-config/ - name: keys-tmp-dir mountPath: /tmp/csi/keys + - name: ceph-config + mountPath: /etc/ceph/ resources: {{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} {{- end }} @@ -254,6 +258,9 @@ spec: - name: lib-modules hostPath: path: /lib/modules + - name: ceph-config + configMap: + name: ceph-config - name: ceph-csi-config configMap: name: {{ .Values.configMapName | quote }} diff --git a/charts/ceph-csi-rbd/values.yaml b/charts/ceph-csi-rbd/values.yaml index 8a00d96d9..1e967cc20 100644 --- a/charts/ceph-csi-rbd/values.yaml +++ b/charts/ceph-csi-rbd/values.yaml @@ -372,6 +372,26 @@ secret: # Encryption passphrase encryptionPassphrase: test_passphrase +# This is a sample configmap that helps define a Ceph configuration as required +# by the CSI plugins. +# Sample ceph.conf available at +# https://github.com/ceph/ceph/blob/master/src/sample.ceph.conf Detailed +# documentation is available at +# https://docs.ceph.com/en/latest/rados/configuration/ceph-conf/ +cephconf: | + [global] + auth_cluster_required = cephx + auth_service_required = cephx + auth_client_required = cephx + + # Workaround for http://tracker.ceph.com/issues/23446 + fuse_set_user_groups = false + + # ceph-fuse which uses libfuse2 by default has write buffer size of 2KiB + # adding 'fuse_big_writes = true' option by default to override this limit + # see https://github.com/ceph/ceph-csi/issues/1928 + fuse_big_writes = true + ######################################################### # Variables for 'internal' use please use with caution! # ######################################################### diff --git a/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml b/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml index 3434f9d7e..a3d12ae72 100644 --- a/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml +++ b/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml @@ -143,6 +143,8 @@ spec: readOnly: true - name: host-dev mountPath: /dev + - name: ceph-config + mountPath: /etc/ceph/ - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ - name: keys-tmp-dir @@ -181,6 +183,9 @@ spec: - name: host-dev hostPath: path: /dev + - name: ceph-config + configMap: + name: ceph-config - name: ceph-csi-config configMap: name: ceph-csi-config diff --git a/deploy/cephfs/kubernetes/csi-cephfsplugin.yaml b/deploy/cephfs/kubernetes/csi-cephfsplugin.yaml index e182beb38..d0f2c6364 100644 --- a/deploy/cephfs/kubernetes/csi-cephfsplugin.yaml +++ b/deploy/cephfs/kubernetes/csi-cephfsplugin.yaml @@ -94,6 +94,8 @@ spec: mountPath: /dev - name: host-mount mountPath: /run/mount + - name: ceph-config + mountPath: /etc/ceph/ - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ - name: keys-tmp-dir @@ -152,6 +154,9 @@ spec: - name: host-mount hostPath: path: /run/mount + - name: ceph-config + configMap: + name: ceph-config - name: ceph-csi-config configMap: name: ceph-csi-config diff --git a/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml b/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml index e887e89b1..a1fcd2948 100644 --- a/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml +++ b/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml @@ -164,6 +164,8 @@ spec: mountPath: /etc/ceph-csi-encryption-kms-config/ - name: keys-tmp-dir mountPath: /tmp/csi/keys + - name: ceph-config + mountPath: /etc/ceph/ - name: csi-rbdplugin-controller securityContext: privileged: true @@ -187,6 +189,8 @@ spec: mountPath: /etc/ceph-csi-config/ - name: keys-tmp-dir mountPath: /tmp/csi/keys + - name: ceph-config + mountPath: /etc/ceph/ - name: liveness-prometheus image: quay.io/cephcsi/cephcsi:canary args: @@ -221,6 +225,9 @@ spec: emptyDir: { medium: "Memory" } + - name: ceph-config + configMap: + name: ceph-config - name: ceph-csi-config configMap: name: ceph-csi-config diff --git a/deploy/rbd/kubernetes/csi-rbdplugin.yaml b/deploy/rbd/kubernetes/csi-rbdplugin.yaml index 7b7e7aa3f..999444170 100644 --- a/deploy/rbd/kubernetes/csi-rbdplugin.yaml +++ b/deploy/rbd/kubernetes/csi-rbdplugin.yaml @@ -113,6 +113,8 @@ spec: mountPath: /tmp/csi/keys - name: ceph-logdir mountPath: /var/log/ceph + - name: ceph-config + mountPath: /etc/ceph/ - name: liveness-prometheus securityContext: privileged: true @@ -171,6 +173,9 @@ spec: - name: lib-modules hostPath: path: /lib/modules + - name: ceph-config + configMap: + name: ceph-config - name: ceph-csi-config configMap: name: ceph-csi-config diff --git a/docs/ceph-csi-upgrade.md b/docs/ceph-csi-upgrade.md index ba41c9fb3..0bc8b5905 100644 --- a/docs/ceph-csi-upgrade.md +++ b/docs/ceph-csi-upgrade.md @@ -4,11 +4,6 @@ - [Pre-upgrade considerations](#pre-upgrade-considerations) - [Snapshot-controller and snapshot crd](#snapshot-controller-and-snapshot-crd) - [Snapshot API version support matrix](#snapshot-api-version-support-matrix) - - [Upgrading from v1.2 to v2.0](#upgrading-from-v12-to-v20) - - [Upgrading from v2.0 to v2.1](#upgrading-from-v20-to-v21) - - [Upgrading from v2.1 to v3.0](#upgrading-from-v21-to-v30) - - [Upgrading from v3.0 to v3.1](#upgrading-from-v30-to-v31) - - [Upgrading from v3.1 to v3.2](#upgrading-from-v31-to-v32) - [Upgrading from v3.2 to v3.3](#upgrading-from-v32-to-v33) - [Upgrading from v3.3 to v3.4](#upgrading-from-v33-to-v34) - [Upgrading CephFS](#upgrading-cephfs) @@ -65,34 +60,6 @@ controller and snapshot CRD. more info can be found **Note:** We recommend to use {sidecar, controller, crds} of same version -## Upgrading from v1.2 to v2.0 - -Refer -[upgrade-from-v1.2-v2.0](https://github.com/ceph/ceph-csi/blob/v2.0.1/docs/ceph-csi-upgrade.md) -to upgrade from cephcsi v1.2 to v2.0 - -## Upgrading from v2.0 to v2.1 - -Refer -[upgrade-from-v2.0-v2.1](https://github.com/ceph/ceph-csi/blob/v2.1.2/docs/ceph-csi-upgrade.md) -to upgrade from cephcsi v2.0 to v2.1 - -## Upgrading from v2.1 to v3.0 - -Refer -[upgrade-from-v2.1-v3.0](https://github.com/ceph/ceph-csi/blob/v3.0.0/docs/ceph-csi-upgrade.md) -to upgrade from cephcsi v2.1 to v3.0 - -## Upgrading from v3.0 to v3.1 - -Refer [upgrade-from-v3.0-v3.1](https://github.com/ceph/ceph-csi/blob/v3.1.2/docs/ceph-csi-upgrade.md) -to upgrade from cephcsi v3.0 to v3.1 - -## Upgrading from v3.1 to v3.2 - -Refer [upgrade-from-v3.1-v3.2](https://github.com/ceph/ceph-csi/blob/v3.2.1/docs/ceph-csi-upgrade.md) -to upgrade from cephcsi v3.1 to v3.2 - ## Upgrading from v3.2 to v3.3 Refer [upgrade-from-v3.2-v3.3](https://github.com/ceph/ceph-csi/blob/v3.3.1/docs/ceph-csi-upgrade.md) diff --git a/docs/deploy-cephfs.md b/docs/deploy-cephfs.md index 78ad23bb7..833d604ca 100644 --- a/docs/deploy-cephfs.md +++ b/docs/deploy-cephfs.md @@ -157,6 +157,12 @@ within the Ceph CSI plugin pods. To add a specific Ceph clusters configuration details, refer to [Creating CSI configuration](../examples/README.md#creating-csi-configuration) for more information. +**Deploy Ceph configuration ConfigMap for CSI pods:** + +```bash +kubectl create -f ../example/ceph-config.yaml +``` + **Deploy CSI sidecar containers:** ```bash diff --git a/docs/deploy-rbd.md b/docs/deploy-rbd.md index b17996e15..b80a5aa28 100644 --- a/docs/deploy-rbd.md +++ b/docs/deploy-rbd.md @@ -126,6 +126,12 @@ details, refer to [Creating CSI configuration for RBD based provisioning](../examples/README.md#creating-csi-configuration-for-rbd-based-provisioning) for more information. +**Deploy Ceph configuration ConfigMap for CSI pods:** + +```bash +kubectl create -f ../example/ceph-config.yaml +``` + **Deploy CSI sidecar containers:** ```bash diff --git a/e2e/cephfs.go b/e2e/cephfs.go index d8271e7c1..cb01f988a 100644 --- a/e2e/cephfs.go +++ b/e2e/cephfs.go @@ -28,7 +28,7 @@ var ( cephfsDeamonSetName = "csi-cephfsplugin" cephfsContainerName = "csi-cephfsplugin" cephfsDirPath = "../deploy/cephfs/kubernetes/" - cephfsExamplePath = "../examples/cephfs/" + cephfsExamplePath = examplePath + "cephfs/" subvolumegroup = "e2e" fileSystemName = "myfs" ) @@ -76,6 +76,19 @@ func createORDeleteCephfsResources(action kubectlAction) { e2elog.Failf("failed to %s CSIDriver object with error %v", action, err) } } + cephConf, err := ioutil.ReadFile(examplePath + cephConfconfigMap) + if err != nil { + // createORDeleteCephfsResources is used for upgrade testing as cephConfConfigmap is + // newly added, discarding file not found error. + if !os.IsNotExist(err) { + e2elog.Failf("failed to read content from %s with error %v", examplePath+cephConfconfigMap, err) + } + } else { + err = retryKubectlInput(cephCSINamespace, action, string(cephConf), deployTimeout) + if err != nil { + e2elog.Failf("failed to %s ceph-conf configmap object with error %v", action, err) + } + } data, err := replaceNamespaceInTemplate(cephfsDirPath + cephfsProvisioner) if err != nil { e2elog.Failf("failed to read content from %s with error %v", cephfsDirPath+cephfsProvisioner, err) diff --git a/e2e/rbd.go b/e2e/rbd.go index 649d7ed0b..61d6412c0 100644 --- a/e2e/rbd.go +++ b/e2e/rbd.go @@ -28,9 +28,11 @@ var ( rbdNodePluginRBAC = "csi-nodeplugin-rbac.yaml" rbdNodePluginPSP = "csi-nodeplugin-psp.yaml" configMap = "csi-config-map.yaml" + cephConfconfigMap = "ceph-conf.yaml" csiDriverObject = "csidriver.yaml" rbdDirPath = "../deploy/rbd/kubernetes/" - rbdExamplePath = "../examples/rbd/" + examplePath = "../examples/" + rbdExamplePath = examplePath + "/rbd/" rbdDeploymentName = "csi-rbdplugin-provisioner" rbdDaemonsetName = "csi-rbdplugin" defaultRBDPool = "replicapool" @@ -102,6 +104,19 @@ func createORDeleteRbdResources(action kubectlAction) { e2elog.Failf("failed to %s CSIDriver object with error %v", action, err) } } + cephConf, err := ioutil.ReadFile(examplePath + cephConfconfigMap) + if err != nil { + // createORDeleteRbdResources is used for upgrade testing as cephConf Configmap is + // newly added, discarding file not found error. + if !os.IsNotExist(err) { + e2elog.Failf("failed to read content from %s with error %v", examplePath+cephConfconfigMap, err) + } + } else { + err = retryKubectlInput(cephCSINamespace, action, string(cephConf), deployTimeout) + if err != nil { + e2elog.Failf("failed to %s ceph-conf configmap object with error %v", action, err) + } + } data, err := replaceNamespaceInTemplate(rbdDirPath + rbdProvisioner) if err != nil { e2elog.Failf("failed to read content from %s with error %v", rbdDirPath+rbdProvisioner, err) diff --git a/examples/ceph-conf.yaml b/examples/ceph-conf.yaml new file mode 100644 index 000000000..8ef1b96f7 --- /dev/null +++ b/examples/ceph-conf.yaml @@ -0,0 +1,28 @@ +--- +# This is a sample configmap that helps define a Ceph configuration as required +# by the CSI plugins. + +# Sample ceph.conf available at +# https://github.com/ceph/ceph/blob/master/src/sample.ceph.conf Detailed +# documentation is available at +# https://docs.ceph.com/en/latest/rados/configuration/ceph-conf/ +apiVersion: v1 +kind: ConfigMap +data: + ceph.conf: | + [global] + auth_cluster_required = cephx + auth_service_required = cephx + auth_client_required = cephx + + # Workaround for http://tracker.ceph.com/issues/23446 + fuse_set_user_groups = false + + # ceph-fuse which uses libfuse2 by default has write buffer size of 2KiB + # adding 'fuse_big_writes = true' option by default to override this limit + # see https://github.com/ceph/ceph-csi/issues/1928 + fuse_big_writes = true + # keyring is a required key and its value should be empty + keyring: | +metadata: + name: ceph-config diff --git a/go.mod b/go.mod index 0f873f295..d432e7e0a 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/ceph/ceph-csi go 1.16 require ( - github.com/aws/aws-sdk-go v1.38.63 + github.com/aws/aws-sdk-go v1.40.34 github.com/ceph/go-ceph v0.11.0 github.com/container-storage-interface/spec v1.5.0 github.com/csi-addons/replication-lib-utils v0.2.0 @@ -11,27 +11,28 @@ require ( github.com/golang/protobuf v1.5.2 github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 + github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/hashicorp/vault/api v1.0.5-0.20200902155336-f9d5ce5a171a github.com/kubernetes-csi/csi-lib-utils v0.10.0 github.com/kubernetes-csi/external-snapshotter/client/v4 v4.2.0 github.com/libopenstorage/secrets v0.0.0-20210709082113-dde442ea20ec github.com/onsi/ginkgo v1.16.4 - github.com/onsi/gomega v1.13.0 + github.com/onsi/gomega v1.16.0 github.com/pborman/uuid v1.2.1 github.com/prometheus/client_golang v1.11.0 github.com/stretchr/testify v1.7.0 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e - golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 - google.golang.org/grpc v1.38.0 - k8s.io/api v0.22.0 - k8s.io/apimachinery v0.22.0 + golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 + google.golang.org/grpc v1.40.0 + k8s.io/api v0.22.1 + k8s.io/apimachinery v0.22.1 k8s.io/client-go v12.0.0+incompatible - k8s.io/cloud-provider v1.22.0 - k8s.io/klog/v2 v2.9.0 - k8s.io/kubernetes v1.22.0 - k8s.io/mount-utils v0.22.0 - k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9 - sigs.k8s.io/controller-runtime v0.9.2 + k8s.io/cloud-provider v1.22.1 + k8s.io/klog/v2 v2.10.0 + k8s.io/kubernetes v1.22.1 + k8s.io/mount-utils v0.22.1 + k8s.io/utils v0.0.0-20210802155522-efc7438f0176 + sigs.k8s.io/controller-runtime v0.10.0 ) replace ( @@ -41,35 +42,34 @@ replace ( github.com/hashicorp/vault/sdk => github.com/hashicorp/vault/sdk v0.1.14-0.20201116234512-b4d4137dfe8b github.com/portworx/sched-ops => github.com/portworx/sched-ops v0.20.4-openstorage-rc3 gomodules.xyz/jsonpatch/v2 => github.com/gomodules/jsonpatch/v2 v2.2.0 - google.golang.org/grpc => google.golang.org/grpc v1.35.0 // // k8s.io/kubernetes depends on these k8s.io packages, but unversioned // - k8s.io/api => k8s.io/api v0.22.0 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.22.0 - k8s.io/apimachinery => k8s.io/apimachinery v0.22.0 - k8s.io/apiserver => k8s.io/apiserver v0.22.0 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.22.0 - k8s.io/client-go => k8s.io/client-go v0.22.0 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.22.0 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.22.0 - k8s.io/code-generator => k8s.io/code-generator v0.22.0 - k8s.io/component-base => k8s.io/component-base v0.22.0 - k8s.io/component-helpers => k8s.io/component-helpers v0.22.0 - k8s.io/controller-manager => k8s.io/controller-manager v0.22.0 - k8s.io/cri-api => k8s.io/cri-api v0.22.0 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.22.0 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.22.0 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.22.0 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.22.0 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.22.0 - k8s.io/kubectl => k8s.io/kubectl v0.22.0 - k8s.io/kubelet => k8s.io/kubelet v0.22.0 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.22.0 - k8s.io/metrics => k8s.io/metrics v0.22.0 - k8s.io/mount-utils => k8s.io/mount-utils v0.22.0 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.22.0 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.22.0 + k8s.io/api => k8s.io/api v0.22.1 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.22.1 + k8s.io/apimachinery => k8s.io/apimachinery v0.22.1 + k8s.io/apiserver => k8s.io/apiserver v0.22.1 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.22.1 + k8s.io/client-go => k8s.io/client-go v0.22.1 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.22.1 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.22.1 + k8s.io/code-generator => k8s.io/code-generator v0.22.1 + k8s.io/component-base => k8s.io/component-base v0.22.1 + k8s.io/component-helpers => k8s.io/component-helpers v0.22.1 + k8s.io/controller-manager => k8s.io/controller-manager v0.22.1 + k8s.io/cri-api => k8s.io/cri-api v0.22.1 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.22.1 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.22.1 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.22.1 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.22.1 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.22.1 + k8s.io/kubectl => k8s.io/kubectl v0.22.1 + k8s.io/kubelet => k8s.io/kubelet v0.22.1 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.22.1 + k8s.io/metrics => k8s.io/metrics v0.22.1 + k8s.io/mount-utils => k8s.io/mount-utils v0.22.1 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.22.1 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.22.1 ) // This tag doesn't exist, but is imported by github.com/portworx/sched-ops. diff --git a/go.sum b/go.sum index 8f48998fa..78a89b70f 100644 --- a/go.sum +++ b/go.sum @@ -133,11 +133,12 @@ github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= -github.com/aws/aws-sdk-go v1.38.63 h1:BqPxe0sujTRTbir6OWj0f1VmeJcAIv7ZhTCAhaU1zmE= -github.com/aws/aws-sdk-go v1.38.63/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/aws/aws-sdk-go v1.40.34 h1:SBYmodndE2d4AYucuuJnOXk4MD1SFbucoIdpwKVKeSA= +github.com/aws/aws-sdk-go v1.40.34/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= -github.com/benbjohnson/clock v1.0.3 h1:vkLuvpK4fmtSCuo60+yC63p7y0BmQ8gm5ZXGuBCJyXg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= +github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= +github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -176,10 +177,13 @@ github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJ github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudfoundry-community/go-cfclient v0.0.0-20190201205600-f136f9222381/go.mod h1:e5+USP2j8Le2M0Jo3qKPFnNhuo1wueU4nWHCXBOfQ14= github.com/cloudfoundry/gofileutils v0.0.0-20170111115228-4d0c80011a0f/go.mod h1:Zv7xtAh/T/tmfZlxpESaWWiWOdiJz2GfbBYxImuI6T4= github.com/clusterhq/flocker-go v0.0.0-20160920122132-2b8b7259d313/go.mod h1:P1wt9Z3DP8O6W3rvwCt0REIlshg1InHImaLW0t3ObY0= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/cockroachdb/cockroach-go v0.0.0-20181001143604-e0a95dfd547c/go.mod h1:XGLbWH/ujMcbPbhZq52Nv6UrCghb1yGn//133kEsvDk= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= @@ -269,7 +273,12 @@ github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/El github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2/go.mod h1:gNh8nYJoAm43RfaxurUnxr+N1PwuFV3ZMl/efxlIlY8= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/euank/go-kmsg-parser v2.0.0+incompatible/go.mod h1:MhmAMZ8V4CYH4ybgdRwPr2TU5ThnS43puaKEMpja1uw= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= @@ -367,6 +376,8 @@ github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4er github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= @@ -755,7 +766,6 @@ github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E= github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= @@ -765,8 +775,9 @@ github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.13.0 h1:7lLHu94wT9Ij0o6EWWclhu0aOh32VxhkwEJvzuWPeak= -github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY= +github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= +github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c= +github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -1030,8 +1041,9 @@ go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.17.0 h1:MTjgFu6ZLKvY6Pvaqk97GlxNBuMpV4Hy/3P6tRGlI2U= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= +go.uber.org/zap v1.19.0 h1:mZQZefskPPCMIBCSEH0v2/iUqqLrYtaeqwD6FUGUnFE= +go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180820150726-614d502a4dac/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -1072,6 +1084,8 @@ golang.org/x/exp v0.0.0-20210220032938-85be41e4509f/go.mod h1:I6l2HNBLBZEcrOoCpy golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1143,8 +1157,9 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= -golang.org/x/net v0.0.0-20210520170846-37e1c6afe023 h1:ADo5wSpq2gqaCGQWzk7S5vd//0iyyLeAratkEoG5dLE= golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= +golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190130055435-99b60b757ec1/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1168,6 +1183,7 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1242,8 +1258,9 @@ golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 h1:RqytpXGR1iVNX7psjB3ff8y7sNFinVFvkx1c8SjBkio= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 h1:c8PlLMqBbOHoqtjteWm5/kbe6rNY2pbRfbIMVnepueo= +golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE= @@ -1266,14 +1283,15 @@ golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210611083556-38a9dc6acbc6/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs= golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181219222714-6e267b5cc78e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -1411,8 +1429,32 @@ google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c h1:wtujag7C+4D6KMoulW9YauvK2lgdvCMS260jsqqBXr0= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/grpc v1.35.0 h1:TwIQcH3es+MojMVojxxfQ3l3OF2KzlRxML2xZq0kRo8= +google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= +google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= +google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= +google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.40.0 h1:AGJ0Ih4mHjSeibYkFGh1dD9KJ/eOtZ93I6hoHhukQ5Q= +google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= @@ -1471,6 +1513,7 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= +honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20180920025451-e3ad64cb4ed3/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -1479,28 +1522,28 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.22.0 h1:elCpMZ9UE8dLdYxr55E06TmSeji9I3KH494qH70/y+c= -k8s.io/api v0.22.0/go.mod h1:0AoXXqst47OI/L0oGKq9DG61dvGRPXs7X4/B7KyjBCU= -k8s.io/apiextensions-apiserver v0.22.0 h1:QTuZIQggaE7N8FTjur+1zxLmEPziphK7nNm8t+VNO3g= -k8s.io/apiextensions-apiserver v0.22.0/go.mod h1:+9w/QQC/lwH2qTbpqndXXjwBgidlSmytvIUww16UACE= -k8s.io/apimachinery v0.22.0 h1:CqH/BdNAzZl+sr3tc0D3VsK3u6ARVSo3GWyLmfIjbP0= -k8s.io/apimachinery v0.22.0/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= -k8s.io/apiserver v0.22.0 h1:KZh2asnRBjawLLfPOi6qiD+A2jaNt31HCnZG6AX3Qcs= -k8s.io/apiserver v0.22.0/go.mod h1:04kaIEzIQrTGJ5syLppQWvpkLJXQtJECHmae+ZGc/nc= -k8s.io/cli-runtime v0.22.0/go.mod h1:An6zELQ7udUI0GaXvkuMqyopPA14dIgNqpH8cZu1vig= -k8s.io/client-go v0.22.0 h1:sD6o9O6tCwUKCENw8v+HFsuAbq2jCu8cWC61/ydwA50= -k8s.io/client-go v0.22.0/go.mod h1:GUjIuXR5PiEv/RVK5OODUsm6eZk7wtSWZSaSJbpFdGg= -k8s.io/cloud-provider v0.22.0 h1:eK0swLQ1TZCLefRbgwEo/ZS4ZDo6FkOJDkDIBITshyw= -k8s.io/cloud-provider v0.22.0/go.mod h1:UsQNOxrStwOXoDfVNgEbKgcQt2BYuHGKobixm0zKTis= -k8s.io/cluster-bootstrap v0.22.0/go.mod h1:VeZXiGfH+yfnC2KtvkSwNTAqahg6yiCV/szbWpoI+3k= -k8s.io/code-generator v0.22.0/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o= -k8s.io/component-base v0.22.0 h1:ZTmX8hUqH9T9gc0mM42O+KDgtwTYbVTt2MwmLP0eK8A= -k8s.io/component-base v0.22.0/go.mod h1:SXj6Z+V6P6GsBhHZVbWCw9hFjUdUYnJerlhhPnYCBCg= -k8s.io/component-helpers v0.22.0 h1:OoTOtxTkg/T16FRS1K/WfABzxliTCq3RTbFHMBSod/o= -k8s.io/component-helpers v0.22.0/go.mod h1:YNIbQI59ayNiU8JHlPIxVkOUYycbKhk5Niy0pcyJOEY= -k8s.io/controller-manager v0.22.0/go.mod h1:KCFcmFIjh512sVIm1EhAPJ+4miASDvbZA5eO/2nbr2M= -k8s.io/cri-api v0.22.0/go.mod h1:mj5DGUtElRyErU5AZ8EM0ahxbElYsaLAMTPhLPQ40Eg= -k8s.io/csi-translation-lib v0.22.0/go.mod h1:wb6bRqDth2jcHfty7mLdQc7nfknHhIkAlAZgSgplXhc= +k8s.io/api v0.22.1 h1:ISu3tD/jRhYfSW8jI/Q1e+lRxkR7w9UwQEZ7FgslrwY= +k8s.io/api v0.22.1/go.mod h1:bh13rkTp3F1XEaLGykbyRD2QaTTzPm0e/BMd8ptFONY= +k8s.io/apiextensions-apiserver v0.22.1 h1:YSJYzlFNFSfUle+yeEXX0lSQyLEoxoPJySRupepb0gE= +k8s.io/apiextensions-apiserver v0.22.1/go.mod h1:HeGmorjtRmRLE+Q8dJu6AYRoZccvCMsghwS8XTUYb2c= +k8s.io/apimachinery v0.22.1 h1:DTARnyzmdHMz7bFWFDDm22AM4pLWTQECMpRTFu2d2OM= +k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= +k8s.io/apiserver v0.22.1 h1:Ul9Iv8OMB2s45h2tl5XWPpAZo1VPIJ/6N+MESeed7L8= +k8s.io/apiserver v0.22.1/go.mod h1:2mcM6dzSt+XndzVQJX21Gx0/Klo7Aen7i0Ai6tIa400= +k8s.io/cli-runtime v0.22.1/go.mod h1:YqwGrlXeEk15Yn3em2xzr435UGwbrCw5x+COQoTYfoo= +k8s.io/client-go v0.22.1 h1:jW0ZSHi8wW260FvcXHkIa0NLxFBQszTlhiAVsU5mopw= +k8s.io/client-go v0.22.1/go.mod h1:BquC5A4UOo4qVDUtoc04/+Nxp1MeHcVc1HJm1KmG8kk= +k8s.io/cloud-provider v0.22.1 h1:bxNgHd0chiPpXQ8jzibRrbwuCRPrTgQiFSLbgVebzHs= +k8s.io/cloud-provider v0.22.1/go.mod h1:Dm3xJ4j3l88rZ0LBCRLrt7V9Pz0avRAzZSU6ENwYnrw= +k8s.io/cluster-bootstrap v0.22.1/go.mod h1:dSWw6aox00AA9YCdRDY+ca7TVtoXRzuLpDxhV6HPevk= +k8s.io/code-generator v0.22.1/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o= +k8s.io/component-base v0.22.1 h1:SFqIXsEN3v3Kkr1bS6rstrs1wd45StJqbtgbQ4nRQdo= +k8s.io/component-base v0.22.1/go.mod h1:0D+Bl8rrnsPN9v0dyYvkqFfBeAd4u7n77ze+p8CMiPo= +k8s.io/component-helpers v0.22.1 h1:f8pdhKNQbsCMQa6E9ipVlO8G6WFXnKbEDVcWB8n/HkA= +k8s.io/component-helpers v0.22.1/go.mod h1:QvBcDbX+qU5I2tMZABBF5fRwAlQwiv771IGBHK9WYh4= +k8s.io/controller-manager v0.22.1/go.mod h1:HN5qzvZs8A4fd/xuqDZwqe+Nsz249a2Kbq/YqZ903n8= +k8s.io/cri-api v0.22.1/go.mod h1:mj5DGUtElRyErU5AZ8EM0ahxbElYsaLAMTPhLPQ40Eg= +k8s.io/csi-translation-lib v0.22.1/go.mod h1:3MuSQekn6WWgWJk5vgufqoTjB4jqBEe04TtimXjubcE= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog v0.3.0 h1:0VPpR+sizsiivjIfIAQH/rl8tan6jvWkS7lU+0di3lE= @@ -1508,33 +1551,34 @@ k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.9.0 h1:D7HV+n1V57XeZ0m6tdRkfknthUaM06VFbWldOFh8kzM= k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= -k8s.io/kube-aggregator v0.22.0/go.mod h1:zHTepg0Q4tKzru7Pwg1QYHWrU/wrvIXM8hUdDAH66qg= -k8s.io/kube-controller-manager v0.22.0/go.mod h1:E/EYMoCj8bbPRmu19JF4B9QLyQL8Tywg+9Q/rg+F80U= +k8s.io/klog/v2 v2.10.0 h1:R2HDMDJsHVTHA2n4RjwbeYXdOcBymXdX/JRb1v0VGhE= +k8s.io/klog/v2 v2.10.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= +k8s.io/kube-aggregator v0.22.1/go.mod h1:VbmI+8fUeCPkzSvarWTrlIGEgUGEGI/66SFajDQ0Pdc= +k8s.io/kube-controller-manager v0.22.1/go.mod h1:TUXvgmBcDmpYyzDBW+naL0Ljo7IADv6HkYbxg0MLdJY= k8s.io/kube-openapi v0.0.0-20180731170545-e3762e86a74c/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e h1:KLHHjkdQFomZy8+06csTWZ0m1343QqxZhR2LJ1OxCYM= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/kube-proxy v0.22.0/go.mod h1:2ckKSCr8kZ0kNNCgxM7lt0g5CAaY767djotK4AEFPmI= -k8s.io/kube-scheduler v0.22.0/go.mod h1:n6tdYAiaoqXGLazCwIpOEg42qby0VMDs1KmN4DjQf50= -k8s.io/kubectl v0.22.0 h1:EBb7xLUaidG/YXAI5AXam3lK2VlnoFShhlMjnJVTbGA= -k8s.io/kubectl v0.22.0/go.mod h1:eeuP92uZbVL2UnOaf0nj9OjtI0hi/nekHU+0isURer0= -k8s.io/kubelet v0.22.0 h1:cVu1RWuikW9dMJSXDG2f6k81u7NuURrnzphgY/tQxZE= -k8s.io/kubelet v0.22.0/go.mod h1:CMdsuh9OFgbpeE+n46GpVMDecLlI0HxSRHMoNrTmJk4= -k8s.io/kubernetes v1.22.0 h1:zROjVlA1qSthvMnP7XeCzkRaqkE28CY3w+PM8qC0ZaA= -k8s.io/kubernetes v1.22.0/go.mod h1:IGQZrV02n2IBp52+/YwLVMurCEQPKXJ/k8hU3mqEOuA= -k8s.io/legacy-cloud-providers v0.22.0/go.mod h1:2tKlbeA9r0OYnBHyqHcnO1EoAeqYXw2IZH99DYwwErM= -k8s.io/metrics v0.22.0/go.mod h1:eYnwafAUNLLpVmY/msoq0RKIKH5C4TzfjKnMZ0Xrt3A= -k8s.io/mount-utils v0.22.0 h1:yNUW+1HO+ZhYDEZ7a/14Un7nqW8Md4zeuLnenGCGDi4= -k8s.io/mount-utils v0.22.0/go.mod h1:gUi5ht+05KHYc/vJ9q9wbvG3MCYBeOsB5FdTyM60Pzo= -k8s.io/pod-security-admission v0.22.0/go.mod h1:xKTKO4nzxLDROM+RRndSU7kCZc2XcBYRKLYS+gYuqfo= -k8s.io/sample-apiserver v0.22.0/go.mod h1:Bkl0f9E1Moxwjvqct7kzDlTvNUTavsworU5FTPlVooA= +k8s.io/kube-proxy v0.22.1/go.mod h1:Rj3/mSZuSKfDY7XVbDgb12UwiQHy265LOwpK/yR2rtc= +k8s.io/kube-scheduler v0.22.1/go.mod h1:32YH9ef2m03E5LfD/H8TMTSppWq3Hav8LON9e+NGC3k= +k8s.io/kubectl v0.22.1 h1:kpXO+ajPNTzAVLDM9pAzCsWH9MtCMr92zpcvXMt7P6E= +k8s.io/kubectl v0.22.1/go.mod h1:mjAOgEbMNMtZWxnfM6jd+nPjPsaoLqO5xanc78WcSbw= +k8s.io/kubelet v0.22.1 h1:ssJ3DxLXtuC3lG4Gif8h1krw5ahSi1fNnzfyZW+Cn/Y= +k8s.io/kubelet v0.22.1/go.mod h1:rZuP1msr5NH7IGApW60DYFR3Cs3On4ftWLMJRfg+iU4= +k8s.io/kubernetes v1.22.1 h1:xE8OqErmoV/e67JV6/zExQA5sLTb44iW9fprXS2lL7I= +k8s.io/kubernetes v1.22.1/go.mod h1:IGQZrV02n2IBp52+/YwLVMurCEQPKXJ/k8hU3mqEOuA= +k8s.io/legacy-cloud-providers v0.22.1/go.mod h1:5ejdiQhOxTigKFrFcMvulMCyxxffmkZpk/WMgnknkwI= +k8s.io/metrics v0.22.1/go.mod h1:i/ZNap89UkV1gLa26dn7fhKAdheJaKy+moOqJbiif7E= +k8s.io/mount-utils v0.22.1 h1:3xMxnOKobldBJMLAEpsC9Y3Drw1aaXz/fhTtYes4VTE= +k8s.io/mount-utils v0.22.1/go.mod h1:gUi5ht+05KHYc/vJ9q9wbvG3MCYBeOsB5FdTyM60Pzo= +k8s.io/pod-security-admission v0.22.1/go.mod h1:JHgUW6u0VaFaRv2dWh/VYmKL5Hd8ZQCSVuegofSx+rY= +k8s.io/sample-apiserver v0.22.1/go.mod h1:1HfRH0fcTF33VZnwAN7fdq/vA+aF1iAhKCWdzKAX7iI= k8s.io/system-validators v1.5.0/go.mod h1:bPldcLgkIUK22ALflnsXk8pvkTEndYdNuaHH6gRrl0Q= k8s.io/utils v0.0.0-20190506122338-8fab8cb257d5/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210527160623-6fdb442a123b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9 h1:imL9YgXQ9p7xmPzHFm/vVd/cF78jad+n4wK1ABwYtMM= k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20210802155522-efc7438f0176 h1:Mx0aa+SUAcNRQbs5jUzV8lkDlGFU8laZsY9jrcVX5SY= +k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= layeh.com/radius v0.0.0-20190322222518-890bc1058917/go.mod h1:fywZKyu//X7iRzaxLgPWsvc0L26IUpVvE/aeIL2JtIQ= modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= @@ -1548,8 +1592,8 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22 h1:fmRfl9WJ4ApJn7LxNuED4m0t18qivVQOxP6aAYG9J6c= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/controller-runtime v0.2.2/go.mod h1:9dyohw3ZtoXQuV1e766PHUn+cmrRCIcBh6XIMFNMZ+I= -sigs.k8s.io/controller-runtime v0.9.2 h1:MnCAsopQno6+hI9SgJHKddzXpmv2wtouZz6931Eax+Q= -sigs.k8s.io/controller-runtime v0.9.2/go.mod h1:TxzMCHyEUpaeuOiZx/bIdc2T81vfs/aKdvJt9wuu0zk= +sigs.k8s.io/controller-runtime v0.10.0 h1:HgyZmMpjUOrtkaFtCnfxsR1bGRuFoAczSNbn2MoKj5U= +sigs.k8s.io/controller-runtime v0.10.0/go.mod h1:GCdh6kqV6IY4LK0JLwX0Zm6g233RtVGdb/f0+KSfprg= sigs.k8s.io/kustomize/api v0.8.11/go.mod h1:a77Ls36JdfCWojpUqR6m60pdGY1AYFix4AH83nJtY1g= sigs.k8s.io/kustomize/cmd/config v0.9.13/go.mod h1:7547FLF8W/lTaDf0BDqFTbZxM9zqwEJqCKN9sSR0xSs= sigs.k8s.io/kustomize/kustomize/v4 v4.2.0/go.mod h1:MOkR6fmhwG7hEDRXBYELTi5GSFcLwfqwzTRHW3kv5go= diff --git a/internal/cephfs/cephfs_util.go b/internal/cephfs/cephfs_util.go index 23aba68c7..f13b57f07 100644 --- a/internal/cephfs/cephfs_util.go +++ b/internal/cephfs/cephfs_util.go @@ -20,6 +20,7 @@ import ( "context" "fmt" + cerrors "github.com/ceph/ceph-csi/internal/cephfs/errors" "github.com/ceph/ceph-csi/internal/util" "github.com/ceph/ceph-csi/internal/util/log" ) @@ -47,7 +48,7 @@ func (vo *volumeOptions) getFscID(ctx context.Context) (int64, error) { log.ErrorLog(ctx, "failed to list volume %s", vo.FsName) - return 0, ErrVolumeNotFound + return 0, cerrors.ErrVolumeNotFound } func (vo *volumeOptions) getMetadataPool(ctx context.Context) (string, error) { diff --git a/internal/cephfs/clone.go b/internal/cephfs/clone.go index 304c5cdf7..522f0eaf6 100644 --- a/internal/cephfs/clone.go +++ b/internal/cephfs/clone.go @@ -20,6 +20,7 @@ import ( "context" "errors" + cerrors "github.com/ceph/ceph-csi/internal/cephfs/errors" "github.com/ceph/ceph-csi/internal/util/log" ) @@ -48,13 +49,13 @@ func (cs cephFSCloneState) toError() error { case cephFSCloneComplete: return nil case cephFSCloneError: - return ErrInvalidClone + return cerrors.ErrInvalidClone case cephFSCloneInprogress: - return ErrCloneInProgress + return cerrors.ErrCloneInProgress case cephFSClonePending: - return ErrClonePending + return cerrors.ErrClonePending case cephFSCloneFailed: - return ErrCloneFailed + return cerrors.ErrCloneFailed } return nil @@ -90,7 +91,7 @@ func createCloneFromSubvolume(ctx context.Context, volID, cloneID volumeID, volO // In case the snap is already unprotected we get ErrSnapProtectionExist error code // in that case we are safe and we could discard this error and we are good to go // ahead with deletion - if !errors.Is(err, ErrSnapProtectionExist) { + if !errors.Is(err, cerrors.ErrSnapProtectionExist) { log.ErrorLog(ctx, "failed to unprotect snapshot %s %v", snapshotID, err) } } @@ -137,7 +138,7 @@ func createCloneFromSubvolume(ctx context.Context, volID, cloneID volumeID, volO // In case the snap is already unprotected we get ErrSnapProtectionExist error code // in that case we are safe and we could discard this error and we are good to go // ahead with deletion - if !errors.Is(err, ErrSnapProtectionExist) { + if !errors.Is(err, cerrors.ErrSnapProtectionExist) { log.ErrorLog(ctx, "failed to unprotect snapshot %s %v", snapshotID, err) return err @@ -161,7 +162,7 @@ func cleanupCloneFromSubvolumeSnapshot( snapShotID := cloneID snapInfo, err := parentVolOpt.getSnapshotInfo(ctx, snapShotID, volID) if err != nil { - if errors.Is(err, ErrSnapNotFound) { + if errors.Is(err, cerrors.ErrSnapNotFound) { return nil } @@ -189,7 +190,7 @@ func cleanupCloneFromSubvolumeSnapshot( // isCloneRetryError returns true if the clone error is pending,in-progress // error. func isCloneRetryError(err error) bool { - return errors.Is(err, ErrCloneInProgress) || errors.Is(err, ErrClonePending) + return errors.Is(err, cerrors.ErrCloneInProgress) || errors.Is(err, cerrors.ErrClonePending) } func createCloneFromSnapshot( diff --git a/internal/cephfs/clone_test.go b/internal/cephfs/clone_test.go index a5c88e467..a69327a28 100644 --- a/internal/cephfs/clone_test.go +++ b/internal/cephfs/clone_test.go @@ -19,6 +19,8 @@ package cephfs import ( "testing" + cerrors "github.com/ceph/ceph-csi/internal/cephfs/errors" + "github.com/stretchr/testify/assert" ) @@ -26,10 +28,10 @@ func TestCloneStateToError(t *testing.T) { t.Parallel() errorState := make(map[cephFSCloneState]error) errorState[cephFSCloneComplete] = nil - errorState[cephFSCloneError] = ErrInvalidClone - errorState[cephFSCloneInprogress] = ErrCloneInProgress - errorState[cephFSClonePending] = ErrClonePending - errorState[cephFSCloneFailed] = ErrCloneFailed + errorState[cephFSCloneError] = cerrors.ErrInvalidClone + errorState[cephFSCloneInprogress] = cerrors.ErrCloneInProgress + errorState[cephFSClonePending] = cerrors.ErrClonePending + errorState[cephFSCloneFailed] = cerrors.ErrCloneFailed for state, err := range errorState { assert.Equal(t, state.toError(), err) diff --git a/internal/cephfs/controllerserver.go b/internal/cephfs/controllerserver.go index 2860b8c93..6d32837f7 100644 --- a/internal/cephfs/controllerserver.go +++ b/internal/cephfs/controllerserver.go @@ -21,6 +21,7 @@ import ( "errors" "fmt" + cerrors "github.com/ceph/ceph-csi/internal/cephfs/errors" csicommon "github.com/ceph/ceph-csi/internal/csi-common" "github.com/ceph/ceph-csi/internal/util" "github.com/ceph/ceph-csi/internal/util/log" @@ -119,7 +120,7 @@ func checkContentSource( snapshotID := req.VolumeContentSource.GetSnapshot().GetSnapshotId() volOpt, _, sid, err := newSnapshotOptionsFromID(ctx, snapshotID, cr) if err != nil { - if errors.Is(err, ErrSnapNotFound) { + if errors.Is(err, cerrors.ErrSnapNotFound) { return nil, nil, nil, status.Error(codes.NotFound, err.Error()) } @@ -132,7 +133,7 @@ func checkContentSource( volID := req.VolumeContentSource.GetVolume().GetVolumeId() parentVol, pvID, err := newVolumeOptionsFromVolID(ctx, volID, nil, req.Secrets) if err != nil { - if !errors.Is(err, ErrVolumeNotFound) { + if !errors.Is(err, cerrors.ErrVolumeNotFound) { return nil, nil, nil, status.Error(codes.NotFound, err.Error()) } @@ -146,7 +147,7 @@ func checkContentSource( } // CreateVolume creates a reservation and the volume in backend, if it is not already present. -// nolint:gocognit,gocyclo,nestif,cyclop // TODO: reduce complexity +// nolint:gocyclo,cyclop // TODO: reduce complexity func (cs *ControllerServer) CreateVolume( ctx context.Context, req *csi.CreateVolumeRequest) (*csi.CreateVolumeResponse, error) { @@ -187,7 +188,6 @@ func (cs *ControllerServer) CreateVolume( if req.GetCapacityRange() != nil { volOptions.Size = util.RoundOffBytes(req.GetCapacityRange().GetRequiredBytes()) } - // TODO need to add check for 0 volume size parentVol, pvID, sID, err := checkContentSource(ctx, req, cr) if err != nil { @@ -208,31 +208,6 @@ func (cs *ControllerServer) CreateVolume( // TODO return error message if requested vol size greater than found volume return error if vID != nil { - if sID != nil || pvID != nil { - // while cloning the volume the size is not populated properly to the new volume now. - // it will be fixed in cephfs soon with the parentvolume size. Till then by below - // resize we are making sure we return or satisfy the requested size by setting the size - // explicitly - err = volOptions.resizeVolume(ctx, volumeID(vID.FsSubvolName), volOptions.Size) - if err != nil { - purgeErr := volOptions.purgeVolume(ctx, volumeID(vID.FsSubvolName), false) - if purgeErr != nil { - log.ErrorLog(ctx, "failed to delete volume %s: %v", requestName, purgeErr) - // All errors other than ErrVolumeNotFound should return an error back to the caller - if !errors.Is(purgeErr, ErrVolumeNotFound) { - return nil, status.Error(codes.Internal, purgeErr.Error()) - } - } - errUndo := undoVolReservation(ctx, volOptions, *vID, secret) - if errUndo != nil { - log.WarningLog(ctx, "failed undoing reservation of volume: %s (%s)", - requestName, errUndo) - } - log.ErrorLog(ctx, "failed to expand volume %s: %v", volumeID(vID.FsSubvolName), err) - - return nil, status.Error(codes.Internal, err.Error()) - } - } volumeContext := req.GetParameters() volumeContext["subvolumeName"] = vID.FsSubvolName volumeContext["subvolumePath"] = volOptions.RootPath @@ -288,7 +263,7 @@ func (cs *ControllerServer) CreateVolume( if purgeErr != nil { log.ErrorLog(ctx, "failed to delete volume %s: %v", vID.FsSubvolName, purgeErr) // All errors other than ErrVolumeNotFound should return an error back to the caller - if !errors.Is(purgeErr, ErrVolumeNotFound) { + if !errors.Is(purgeErr, cerrors.ErrVolumeNotFound) { // If the subvolume deletion is failed, we should not cleanup // the OMAP entry it will stale subvolume in cluster. // set err=nil so that when we get the request again we can get @@ -375,7 +350,7 @@ func (cs *ControllerServer) DeleteVolume( log.ErrorLog(ctx, "Error returned from newVolumeOptionsFromVolID: %v", err) // All errors other than ErrVolumeNotFound should return an error back to the caller - if !errors.Is(err, ErrVolumeNotFound) { + if !errors.Is(err, cerrors.ErrVolumeNotFound) { return nil, status.Error(codes.Internal, err.Error()) } @@ -413,11 +388,11 @@ func (cs *ControllerServer) DeleteVolume( if err = volOptions.purgeVolume(ctx, volumeID(vID.FsSubvolName), false); err != nil { log.ErrorLog(ctx, "failed to delete volume %s: %v", volID, err) - if errors.Is(err, ErrVolumeHasSnapshots) { + if errors.Is(err, cerrors.ErrVolumeHasSnapshots) { return nil, status.Error(codes.FailedPrecondition, err.Error()) } - if !errors.Is(err, ErrVolumeNotFound) { + if !errors.Is(err, cerrors.ErrVolumeNotFound) { return nil, status.Error(codes.Internal, err.Error()) } } @@ -554,7 +529,7 @@ func (cs *ControllerServer) CreateSnapshot( return nil, status.Error(codes.NotFound, err.Error()) } - if errors.Is(err, ErrVolumeNotFound) { + if errors.Is(err, cerrors.ErrVolumeNotFound) { return nil, status.Error(codes.NotFound, err.Error()) } @@ -598,7 +573,7 @@ func (cs *ControllerServer) CreateSnapshot( // Check error code value against ErrInvalidCommand to understand the cluster // support it or not, It's safe to evaluate as the filtering // is already done from getSubVolumeInfo() and send out the error here. - if errors.Is(err, ErrInvalidCommand) { + if errors.Is(err, cerrors.ErrInvalidCommand) { return nil, status.Error( codes.FailedPrecondition, "subvolume info command not supported in current ceph cluster") @@ -775,7 +750,7 @@ func (cs *ControllerServer) DeleteSnapshot( // or partially complete (snap and snapOMap are garbage collected already), hence return // success as deletion is complete return &csi.DeleteSnapshotResponse{}, nil - case errors.Is(err, ErrSnapNotFound): + case errors.Is(err, cerrors.ErrSnapNotFound): err = undoSnapReservation(ctx, volOpt, *sid, sid.FsSnapshotName, cr) if err != nil { log.ErrorLog(ctx, "failed to remove reservation for snapname (%s) with backing snap (%s) (%s)", @@ -785,7 +760,7 @@ func (cs *ControllerServer) DeleteSnapshot( } return &csi.DeleteSnapshotResponse{}, nil - case errors.Is(err, ErrVolumeNotFound): + case errors.Is(err, cerrors.ErrVolumeNotFound): // if the error is ErrVolumeNotFound, the subvolume is already deleted // from backend, Hence undo the omap entries and return success log.ErrorLog(ctx, "Volume not present") diff --git a/internal/cephfs/errors.go b/internal/cephfs/errors/errors.go similarity index 65% rename from internal/cephfs/errors.go rename to internal/cephfs/errors/errors.go index 2c617e43f..58fd15bb7 100644 --- a/internal/cephfs/errors.go +++ b/internal/cephfs/errors/errors.go @@ -14,51 +14,51 @@ See the License for the specific language governing permissions and limitations under the License. */ -package cephfs +package errors import ( - "errors" + coreError "errors" ) // Error strings for comparison with CLI errors. const ( - // volumeNotEmpty is returned when the volume is not empty. - volumeNotEmpty = "Directory not empty" + // VolumeNotEmpty is returned when the volume is not empty. + VolumeNotEmpty = "Directory not empty" ) var ( // ErrCloneInProgress is returned when snapshot clone state is `in progress`. - ErrCloneInProgress = errors.New("clone from snapshot is already in progress") + ErrCloneInProgress = coreError.New("clone from snapshot is already in progress") // ErrClonePending is returned when snapshot clone state is `pending`. - ErrClonePending = errors.New("clone from snapshot is pending") + ErrClonePending = coreError.New("clone from snapshot is pending") // ErrInvalidClone is returned when the clone state is invalid. - ErrInvalidClone = errors.New("invalid clone state") + ErrInvalidClone = coreError.New("invalid clone state") // ErrCloneFailed is returned when the clone state is failed. - ErrCloneFailed = errors.New("clone from snapshot failed") + ErrCloneFailed = coreError.New("clone from snapshot failed") // ErrInvalidVolID is returned when a CSI passed VolumeID is not conformant to any known volume ID // formats. - ErrInvalidVolID = errors.New("invalid VolumeID") + ErrInvalidVolID = coreError.New("invalid VolumeID") // ErrNonStaticVolume is returned when a volume is detected as not being // statically provisioned. - ErrNonStaticVolume = errors.New("volume not static") + ErrNonStaticVolume = coreError.New("volume not static") // ErrSnapProtectionExist is returned when the snapshot is already protected. - ErrSnapProtectionExist = errors.New("snapshot protection already exists") + ErrSnapProtectionExist = coreError.New("snapshot protection already exists") // ErrSnapNotFound is returned when snap name passed is not found in the list // of snapshots for the given image. - ErrSnapNotFound = errors.New("snapshot not found") + ErrSnapNotFound = coreError.New("snapshot not found") // ErrVolumeNotFound is returned when a subvolume is not found in CephFS. - ErrVolumeNotFound = errors.New("volume not found") + ErrVolumeNotFound = coreError.New("volume not found") // ErrInvalidCommand is returned when a command is not known to the cluster. - ErrInvalidCommand = errors.New("invalid command") + ErrInvalidCommand = coreError.New("invalid command") // ErrVolumeHasSnapshots is returned when a subvolume has snapshots. - ErrVolumeHasSnapshots = errors.New("volume has snapshots") + ErrVolumeHasSnapshots = coreError.New("volume has snapshots") ) diff --git a/internal/cephfs/fsjournal.go b/internal/cephfs/fsjournal.go index a30969571..43712186b 100644 --- a/internal/cephfs/fsjournal.go +++ b/internal/cephfs/fsjournal.go @@ -21,6 +21,7 @@ import ( "errors" "fmt" + cerrors "github.com/ceph/ceph-csi/internal/cephfs/errors" "github.com/ceph/ceph-csi/internal/util" "github.com/ceph/ceph-csi/internal/util/log" @@ -86,7 +87,7 @@ func checkVolExists(ctx context.Context, if sID != nil || pvID != nil { cloneState, cloneStateErr := volOptions.getCloneState(ctx, volumeID(vid.FsSubvolName)) if cloneStateErr != nil { - if errors.Is(cloneStateErr, ErrVolumeNotFound) { + if errors.Is(cloneStateErr, cerrors.ErrVolumeNotFound) { if pvID != nil { err = cleanupCloneFromSubvolumeSnapshot( ctx, volumeID(pvID.FsSubvolName), @@ -105,10 +106,10 @@ func checkVolExists(ctx context.Context, return nil, err } if cloneState == cephFSCloneInprogress { - return nil, ErrCloneInProgress + return nil, cerrors.ErrCloneInProgress } if cloneState == cephFSClonePending { - return nil, ErrClonePending + return nil, cerrors.ErrClonePending } if cloneState == cephFSCloneFailed { err = volOptions.purgeVolume(ctx, volumeID(vid.FsSubvolName), true) @@ -137,7 +138,7 @@ func checkVolExists(ctx context.Context, } volOptions.RootPath, err = volOptions.getVolumeRootPathCeph(ctx, volumeID(vid.FsSubvolName)) if err != nil { - if errors.Is(err, ErrVolumeNotFound) { + if errors.Is(err, cerrors.ErrVolumeNotFound) { // If the subvolume is not present, cleanup the stale snapshot // created for clone. if parentVolOpt != nil && pvID != nil { @@ -379,7 +380,7 @@ func checkSnapExists( sid.FsSnapshotName = snapData.ImageAttributes.ImageName snapInfo, err := volOptions.getSnapshotInfo(ctx, volumeID(snapID), volumeID(parentSubVolName)) if err != nil { - if errors.Is(err, ErrSnapNotFound) { + if errors.Is(err, cerrors.ErrSnapNotFound) { err = j.UndoReservation(ctx, volOptions.MetadataPool, volOptions.MetadataPool, snapID, snap.RequestName) diff --git a/internal/cephfs/nodeserver.go b/internal/cephfs/nodeserver.go index 4d2498532..9f47d28ee 100644 --- a/internal/cephfs/nodeserver.go +++ b/internal/cephfs/nodeserver.go @@ -23,6 +23,7 @@ import ( "os" "strings" + cerrors "github.com/ceph/ceph-csi/internal/cephfs/errors" csicommon "github.com/ceph/ceph-csi/internal/csi-common" "github.com/ceph/ceph-csi/internal/util" "github.com/ceph/ceph-csi/internal/util/log" @@ -90,14 +91,14 @@ func (ns *NodeServer) NodeStageVolume( volOptions, _, err := newVolumeOptionsFromVolID(ctx, string(volID), req.GetVolumeContext(), req.GetSecrets()) if err != nil { - if !errors.Is(err, ErrInvalidVolID) { + if !errors.Is(err, cerrors.ErrInvalidVolID) { return nil, status.Error(codes.Internal, err.Error()) } // gets mon IPs from the supplied cluster info volOptions, _, err = newVolumeOptionsFromStaticVolume(string(volID), req.GetVolumeContext()) if err != nil { - if !errors.Is(err, ErrNonStaticVolume) { + if !errors.Is(err, cerrors.ErrNonStaticVolume) { return nil, status.Error(codes.Internal, err.Error()) } diff --git a/internal/cephfs/snapshot.go b/internal/cephfs/snapshot.go index ed392b673..0f2509695 100644 --- a/internal/cephfs/snapshot.go +++ b/internal/cephfs/snapshot.go @@ -21,6 +21,7 @@ import ( "errors" "time" + cerrors "github.com/ceph/ceph-csi/internal/cephfs/errors" "github.com/ceph/ceph-csi/internal/util/log" "github.com/ceph/go-ceph/cephfs/admin" @@ -105,7 +106,7 @@ func (vo *volumeOptions) getSnapshotInfo(ctx context.Context, snapID, volID volu info, err := fsa.SubVolumeSnapshotInfo(vo.FsName, vo.SubvolumeGroup, string(volID), string(snapID)) if err != nil { if errors.Is(err, rados.ErrNotFound) { - return snap, ErrSnapNotFound + return snap, cerrors.ErrSnapNotFound } log.ErrorLog( ctx, @@ -221,7 +222,7 @@ func (vo *volumeOptions) cloneSnapshot( vo.FsName, err) if errors.Is(err, rados.ErrNotFound) { - return ErrVolumeNotFound + return cerrors.ErrVolumeNotFound } return err diff --git a/internal/cephfs/volume.go b/internal/cephfs/volume.go index cfa8b84e3..75488333d 100644 --- a/internal/cephfs/volume.go +++ b/internal/cephfs/volume.go @@ -23,6 +23,7 @@ import ( "path" "strings" + cerrors "github.com/ceph/ceph-csi/internal/cephfs/errors" "github.com/ceph/ceph-csi/internal/util" "github.com/ceph/ceph-csi/internal/util/log" @@ -68,7 +69,7 @@ func (vo *volumeOptions) getVolumeRootPathCeph(ctx context.Context, volID volume if err != nil { log.ErrorLog(ctx, "failed to get the rootpath for the vol %s: %s", string(volID), err) if errors.Is(err, rados.ErrNotFound) { - return "", util.JoinErrors(ErrVolumeNotFound, err) + return "", util.JoinErrors(cerrors.ErrVolumeNotFound, err) } return "", err @@ -89,12 +90,12 @@ func (vo *volumeOptions) getSubVolumeInfo(ctx context.Context, volID volumeID) ( if err != nil { log.ErrorLog(ctx, "failed to get subvolume info for the vol %s: %s", string(volID), err) if errors.Is(err, rados.ErrNotFound) { - return nil, ErrVolumeNotFound + return nil, cerrors.ErrVolumeNotFound } // In case the error is invalid command return error to the caller. var invalid fsAdmin.NotImplementedError if errors.As(err, &invalid) { - return nil, ErrInvalidCommand + return nil, cerrors.ErrInvalidCommand } return nil, err @@ -249,11 +250,11 @@ func (vo *volumeOptions) purgeVolume(ctx context.Context, volID volumeID, force err = fsa.RemoveSubVolumeWithFlags(vo.FsName, vo.SubvolumeGroup, string(volID), opt) if err != nil { log.ErrorLog(ctx, "failed to purge subvolume %s in fs %s: %s", string(volID), vo.FsName, err) - if strings.Contains(err.Error(), volumeNotEmpty) { - return util.JoinErrors(ErrVolumeHasSnapshots, err) + if strings.Contains(err.Error(), cerrors.VolumeNotEmpty) { + return util.JoinErrors(cerrors.ErrVolumeHasSnapshots, err) } if errors.Is(err, rados.ErrNotFound) { - return util.JoinErrors(ErrVolumeNotFound, err) + return util.JoinErrors(cerrors.ErrVolumeNotFound, err) } return err diff --git a/internal/cephfs/volumeoptions.go b/internal/cephfs/volumeoptions.go index d07131c08..3a44cae22 100644 --- a/internal/cephfs/volumeoptions.go +++ b/internal/cephfs/volumeoptions.go @@ -25,6 +25,7 @@ import ( "github.com/container-storage-interface/spec/lib/go/csi" + cerrors "github.com/ceph/ceph-csi/internal/cephfs/errors" "github.com/ceph/ceph-csi/internal/util" ) @@ -273,7 +274,7 @@ func newVolumeOptionsFromVolID( if err != nil { err = fmt.Errorf("error decoding volume ID (%s): %w", volID, err) - return nil, nil, util.JoinErrors(ErrInvalidVolID, err) + return nil, nil, util.JoinErrors(cerrors.ErrInvalidVolID, err) } volOptions.ClusterID = vi.ClusterID vid.VolumeID = volID @@ -360,7 +361,7 @@ func newVolumeOptionsFromVolID( volOptions.Features = info.Features } - if errors.Is(err, ErrInvalidCommand) { + if errors.Is(err, cerrors.ErrInvalidCommand) { volOptions.RootPath, err = volOptions.getVolumeRootPathCeph(ctx, volumeID(vid.FsSubvolName)) } @@ -444,7 +445,7 @@ func newVolumeOptionsFromStaticVolume( val, ok := options["staticVolume"] if !ok { - return nil, nil, ErrNonStaticVolume + return nil, nil, cerrors.ErrNonStaticVolume } if staticVol, err = strconv.ParseBool(val); err != nil { @@ -452,7 +453,7 @@ func newVolumeOptionsFromStaticVolume( } if !staticVol { - return nil, nil, ErrNonStaticVolume + return nil, nil, cerrors.ErrNonStaticVolume } // Volume is static, and ProvisionVolume carries bool stating if it was provisioned, hence @@ -512,7 +513,7 @@ func newSnapshotOptionsFromID( // Decode the snapID first, to detect pre-provisioned snapshot before other errors err := vi.DecomposeCSIID(snapID) if err != nil { - return &volOptions, nil, &sid, ErrInvalidVolID + return &volOptions, nil, &sid, cerrors.ErrInvalidVolID } volOptions.ClusterID = vi.ClusterID sid.SnapshotID = snapID diff --git a/internal/kms/aws_metadata.go b/internal/kms/aws_metadata.go index a281b219f..6cfc4d89e 100644 --- a/internal/kms/aws_metadata.go +++ b/internal/kms/aws_metadata.go @@ -125,7 +125,12 @@ func initAWSMetadataKMS(args ProviderInitArgs) (EncryptionKMS, error) { } func (kms *AWSMetadataKMS) getSecrets() (map[string]interface{}, error) { - c := k8s.NewK8sClient() + c, err := k8s.NewK8sClient() + if err != nil { + return nil, fmt.Errorf("failed to connect to Kubernetes to "+ + "get Secret %s/%s: %w", kms.namespace, kms.secretName, err) + } + secret, err := c.CoreV1().Secrets(kms.namespace).Get(context.TODO(), kms.secretName, metav1.GetOptions{}) if err != nil { diff --git a/internal/kms/kms.go b/internal/kms/kms.go index 5fd7d3dcb..01ea68edc 100644 --- a/internal/kms/kms.go +++ b/internal/kms/kms.go @@ -154,7 +154,12 @@ func getKMSConfigMap() (map[string]interface{}, error) { } cmName := getKMSConfigMapName() - c := k8s.NewK8sClient() + c, err := k8s.NewK8sClient() + if err != nil { + return nil, fmt.Errorf("can not get ConfigMap %q, failed to "+ + "connect to Kubernetes: %w", cmName, err) + } + cm, err := c.CoreV1().ConfigMaps(ns).Get(context.Background(), cmName, metav1.GetOptions{}) if err != nil { diff --git a/internal/kms/secretskms.go b/internal/kms/secretskms.go index cac5838fb..541a0d466 100644 --- a/internal/kms/secretskms.go +++ b/internal/kms/secretskms.go @@ -159,7 +159,12 @@ func (kms SecretsMetadataKMS) fetchEncryptionPassphrase( secretNamespace = defaultNamespace } - c := k8s.NewK8sClient() + c, err := k8s.NewK8sClient() + if err != nil { + return "", fmt.Errorf("can not get Secret %s/%s, failed to "+ + "connect to Kubernetes: %w", secretNamespace, secretName, err) + } + secret, err := c.CoreV1().Secrets(secretNamespace).Get(context.TODO(), secretName, metav1.GetOptions{}) if err != nil { diff --git a/internal/kms/vault_sa.go b/internal/kms/vault_sa.go index 11ec2a3b5..aec648022 100644 --- a/internal/kms/vault_sa.go +++ b/internal/kms/vault_sa.go @@ -260,7 +260,12 @@ func (kms *VaultTenantSA) setServiceAccountName(config map[string]interface{}) e // getServiceAccount returns the Tenants ServiceAccount with the name // configured in the VaultTenantSA. func (kms *VaultTenantSA) getServiceAccount() (*corev1.ServiceAccount, error) { - c := kms.getK8sClient() + c, err := kms.getK8sClient() + if err != nil { + return nil, fmt.Errorf("can not get ServiceAccount %s/%s, "+ + "failed to connect to Kubernetes: %w", kms.Tenant, kms.tenantSAName, err) + } + sa, err := c.CoreV1().ServiceAccounts(kms.Tenant).Get(context.TODO(), kms.tenantSAName, metav1.GetOptions{}) if err != nil { @@ -279,7 +284,13 @@ func (kms *VaultTenantSA) getToken() (string, error) { return "", err } - c := kms.getK8sClient() + c, err := kms.getK8sClient() + if err != nil { + return "", fmt.Errorf("can not get ServiceAccount %s/%s, failed "+ + "to connect to Kubernetes: %w", kms.Tenant, + kms.tenantSAName, err) + } + for _, secretRef := range sa.Secrets { secret, err := c.CoreV1().Secrets(kms.Tenant).Get(context.TODO(), secretRef.Name, metav1.GetOptions{}) if err != nil { diff --git a/internal/kms/vault_tokens.go b/internal/kms/vault_tokens.go index bae918aa9..46d7f1a50 100644 --- a/internal/kms/vault_tokens.go +++ b/internal/kms/vault_tokens.go @@ -438,12 +438,16 @@ func (vtc *vaultTenantConnection) initCertificates(config map[string]interface{} return nil } -func (vtc *vaultTenantConnection) getK8sClient() *kubernetes.Clientset { +func (vtc *vaultTenantConnection) getK8sClient() (*kubernetes.Clientset, error) { if vtc.client == nil { - vtc.client = k8s.NewK8sClient() + client, err := k8s.NewK8sClient() + if err != nil { + return nil, err + } + vtc.client = client } - return vtc.client + return vtc.client, nil } // FetchDEK returns passphrase from Vault. The passphrase is stored in a @@ -493,7 +497,11 @@ func (vtc *vaultTenantConnection) RemoveDEK(key string) error { } func (kms *VaultTokensKMS) getToken() (string, error) { - c := kms.getK8sClient() + c, err := kms.getK8sClient() + if err != nil { + return "", err + } + secret, err := c.CoreV1().Secrets(kms.Tenant).Get(context.TODO(), kms.TokenName, metav1.GetOptions{}) if err != nil { return "", err @@ -508,7 +516,11 @@ func (kms *VaultTokensKMS) getToken() (string, error) { } func (vtc *vaultTenantConnection) getCertificate(tenant, secretName, key string) (string, error) { - c := vtc.getK8sClient() + c, err := vtc.getK8sClient() + if err != nil { + return "", err + } + secret, err := c.CoreV1().Secrets(tenant).Get(context.TODO(), secretName, metav1.GetOptions{}) if err != nil { return "", err @@ -551,7 +563,11 @@ func (vtc *vaultTenantConnection) parseTenantConfig() (map[string]interface{}, e } // fetch the ConfigMap from the tenants namespace - c := vtc.getK8sClient() + c, err := vtc.getK8sClient() + if err != nil { + return nil, err + } + cm, err := c.CoreV1().ConfigMaps(vtc.Tenant).Get(context.TODO(), vtc.ConfigName, metav1.GetOptions{}) if apierrs.IsNotFound(err) { diff --git a/internal/rbd/controllerserver.go b/internal/rbd/controllerserver.go index 2f5b8e6c4..121215103 100644 --- a/internal/rbd/controllerserver.go +++ b/internal/rbd/controllerserver.go @@ -743,9 +743,56 @@ func checkContentSource( return nil, nil, status.Errorf(codes.InvalidArgument, "not a proper volume source") } +// checkErrAndUndoReserve work on error from genVolFromVolID() and undo omap reserve. +// Even-though volumeID is part of rbdVolume struct we take it as an arg here, the main reason +// being, the volume id is getting filled from `genVolFromVolID->generateVolumeFromVolumeID` call path, +// and this function is operating on the error case/scenario of above call chain, so we can not rely +// on the 'rbdvol->rbdimage->voldID' field. + +func (cs *ControllerServer) checkErrAndUndoReserve( + ctx context.Context, + err error, + volumeID string, + rbdVol *rbdVolume, cr *util.Credentials) (*csi.DeleteVolumeResponse, error) { + if errors.Is(err, util.ErrPoolNotFound) { + log.WarningLog(ctx, "failed to get backend volume for %s: %v", volumeID, err) + + return &csi.DeleteVolumeResponse{}, nil + } + + // if error is ErrKeyNotFound, then a previous attempt at deletion was complete + // or partially complete (image and imageOMap are garbage collected already), hence return + // success as deletion is complete + if errors.Is(err, util.ErrKeyNotFound) { + log.WarningLog(ctx, "failed to volume options for %s: %v", volumeID, err) + + return &csi.DeleteVolumeResponse{}, nil + } + + // All errors other than ErrImageNotFound should return an error back to the caller + if !errors.Is(err, ErrImageNotFound) { + return nil, status.Error(codes.Internal, err.Error()) + } + + // If error is ErrImageNotFound then we failed to find the image, but found the imageOMap + // to lead us to the image, hence the imageOMap needs to be garbage collected, by calling + // unreserve for the same + if acquired := cs.VolumeLocks.TryAcquire(rbdVol.RequestName); !acquired { + log.ErrorLog(ctx, util.VolumeOperationAlreadyExistsFmt, rbdVol.RequestName) + + return nil, status.Errorf(codes.Aborted, util.VolumeOperationAlreadyExistsFmt, rbdVol.RequestName) + } + defer cs.VolumeLocks.Release(rbdVol.RequestName) + + if err = undoVolReservation(ctx, rbdVol, cr); err != nil { + return nil, status.Error(codes.Internal, err.Error()) + } + + return &csi.DeleteVolumeResponse{}, nil +} + // DeleteVolume deletes the volume in backend and removes the volume metadata -// from store -// TODO: make this function less complex. +// from store. func (cs *ControllerServer) DeleteVolume( ctx context.Context, req *csi.DeleteVolumeRequest) (*csi.DeleteVolumeResponse, error) { @@ -786,41 +833,7 @@ func (cs *ControllerServer) DeleteVolume( rbdVol, err := genVolFromVolID(ctx, volumeID, cr, req.GetSecrets()) defer rbdVol.Destroy() if err != nil { - if errors.Is(err, util.ErrPoolNotFound) { - log.WarningLog(ctx, "failed to get backend volume for %s: %v", volumeID, err) - - return &csi.DeleteVolumeResponse{}, nil - } - - // if error is ErrKeyNotFound, then a previous attempt at deletion was complete - // or partially complete (image and imageOMap are garbage collected already), hence return - // success as deletion is complete - if errors.Is(err, util.ErrKeyNotFound) { - log.WarningLog(ctx, "Failed to volume options for %s: %v", volumeID, err) - - return &csi.DeleteVolumeResponse{}, nil - } - - // All errors other than ErrImageNotFound should return an error back to the caller - if !errors.Is(err, ErrImageNotFound) { - return nil, status.Error(codes.Internal, err.Error()) - } - - // If error is ErrImageNotFound then we failed to find the image, but found the imageOMap - // to lead us to the image, hence the imageOMap needs to be garbage collected, by calling - // unreserve for the same - if acquired := cs.VolumeLocks.TryAcquire(rbdVol.RequestName); !acquired { - log.ErrorLog(ctx, util.VolumeOperationAlreadyExistsFmt, rbdVol.RequestName) - - return nil, status.Errorf(codes.Aborted, util.VolumeOperationAlreadyExistsFmt, rbdVol.RequestName) - } - defer cs.VolumeLocks.Release(rbdVol.RequestName) - - if err = undoVolReservation(ctx, rbdVol, cr); err != nil { - return nil, status.Error(codes.Internal, err.Error()) - } - - return &csi.DeleteVolumeResponse{}, nil + return cs.checkErrAndUndoReserve(ctx, err, volumeID, rbdVol, cr) } // lock out parallel create requests against the same volume name as we diff --git a/internal/rbd/nodeserver.go b/internal/rbd/nodeserver.go index b9b41f519..a9023354a 100644 --- a/internal/rbd/nodeserver.go +++ b/internal/rbd/nodeserver.go @@ -149,28 +149,14 @@ func healerStageTransaction(ctx context.Context, cr *util.Credentials, volOps *r return nil } -// NodeStageVolume mounts the volume to a staging path on the node. -// Implementation notes: -// - stagingTargetPath is the directory passed in the request where the volume needs to be staged -// - We stage the volume into a directory, named after the VolumeID inside stagingTargetPath if -// it is a file system -// - We stage the volume into a file, named after the VolumeID inside stagingTargetPath if it is -// a block volume -// - Order of operation execution: (useful for defer stacking and when Unstaging to ensure steps -// are done in reverse, this is done in undoStagingTransaction) -// - Stash image metadata under staging path -// - Map the image (creates a device) -// - Create the staging file/directory under staging path -// - Stage the device (mount the device mapped for image) -// TODO: make this function less complex. -// nolint:gocyclo,cyclop // reduce complexity -func (ns *NodeServer) NodeStageVolume( +// populateRbdVol update the fields in rbdVolume struct based on the request it received. +func populateRbdVol( ctx context.Context, - req *csi.NodeStageVolumeRequest) (*csi.NodeStageVolumeResponse, error) { - if err := util.ValidateNodeStageVolumeRequest(req); err != nil { - return nil, err - } - + req *csi.NodeStageVolumeRequest, + cr *util.Credentials) (*rbdVolume, error) { + var err error + var j *journal.Connection + volID := req.GetVolumeId() isBlock := req.GetVolumeCapability().GetBlock() != nil disableInUseChecks := false // MULTI_NODE_MULTI_WRITER is supported by default for Block access type volumes @@ -192,6 +178,77 @@ func (ns *NodeServer) NodeStageVolume( disableInUseChecks = true } + rv, err := genVolFromVolumeOptions(ctx, req.GetVolumeContext(), req.GetSecrets(), disableInUseChecks) + if err != nil { + return nil, status.Error(codes.Internal, err.Error()) + } + + rv.ThickProvision = isThickProvisionRequest(req.GetVolumeContext()) + isStaticVol := isStaticVolume(req.GetVolumeContext()) + // get rbd image name from the volume journal + // for static volumes, the image name is actually the volume ID itself + if isStaticVol { + rv.RbdImageName = volID + } else { + var vi util.CSIIdentifier + var imageAttributes *journal.ImageAttributes + err = vi.DecomposeCSIID(volID) + if err != nil { + err = fmt.Errorf("error decoding volume ID (%s): %w", volID, err) + + return nil, status.Error(codes.Internal, err.Error()) + } + + j, err = volJournal.Connect(rv.Monitors, rv.RadosNamespace, cr) + if err != nil { + log.ErrorLog(ctx, "failed to establish cluster connection: %v", err) + + return nil, status.Error(codes.Internal, err.Error()) + } + defer j.Destroy() + + imageAttributes, err = j.GetImageAttributes( + ctx, rv.Pool, vi.ObjectUUID, false) + if err != nil { + err = fmt.Errorf("error fetching image attributes for volume ID (%s): %w", volID, err) + + return nil, status.Error(codes.Internal, err.Error()) + } + rv.RbdImageName = imageAttributes.ImageName + } + + rv.VolID = volID + rv.MapOptions = req.GetVolumeContext()["mapOptions"] + rv.UnmapOptions = req.GetVolumeContext()["unmapOptions"] + rv.Mounter = req.GetVolumeContext()["mounter"] + rv.LogDir = req.GetVolumeContext()["cephLogDir"] + if rv.LogDir == "" { + rv.LogDir = defaultLogDir + } + + return rv, err +} + +// NodeStageVolume mounts the volume to a staging path on the node. +// Implementation notes: +// - stagingTargetPath is the directory passed in the request where the volume needs to be staged +// - We stage the volume into a directory, named after the VolumeID inside stagingTargetPath if +// it is a file system +// - We stage the volume into a file, named after the VolumeID inside stagingTargetPath if it is +// a block volume +// - Order of operation execution: (useful for defer stacking and when Unstaging to ensure steps +// are done in reverse, this is done in undoStagingTransaction) +// - Stash image metadata under staging path +// - Map the image (creates a device) +// - Create the staging file/directory under staging path +// - Stage the device (mount the device mapped for image) +func (ns *NodeServer) NodeStageVolume( + ctx context.Context, + req *csi.NodeStageVolumeRequest) (*csi.NodeStageVolumeResponse, error) { + if err := util.ValidateNodeStageVolumeRequest(req); err != nil { + return nil, err + } + volID := req.GetVolumeId() cr, err := util.NewUserCredentials(req.GetSecrets()) @@ -232,64 +289,21 @@ func (ns *NodeServer) NodeStageVolume( return nil, status.Error(codes.InvalidArgument, "missing required parameter imageFeatures") } - volOptions, err := genVolFromVolumeOptions(ctx, req.GetVolumeContext(), req.GetSecrets(), disableInUseChecks) + rv, err := populateRbdVol(ctx, req, cr) if err != nil { - return nil, status.Error(codes.Internal, err.Error()) + return nil, err } - volOptions.ThickProvision = isThickProvisionRequest(req.GetVolumeContext()) - - // get rbd image name from the volume journal - // for static volumes, the image name is actually the volume ID itself - if isStaticVol { - volOptions.RbdImageName = volID - } else { - var vi util.CSIIdentifier - var imageAttributes *journal.ImageAttributes - err = vi.DecomposeCSIID(volID) - if err != nil { - err = fmt.Errorf("error decoding volume ID (%s): %w", volID, err) - - return nil, status.Error(codes.Internal, err.Error()) - } - - j, connErr := volJournal.Connect(volOptions.Monitors, volOptions.RadosNamespace, cr) - if connErr != nil { - log.ErrorLog(ctx, "failed to establish cluster connection: %v", connErr) - - return nil, status.Error(codes.Internal, connErr.Error()) - } - defer j.Destroy() - - imageAttributes, err = j.GetImageAttributes( - ctx, volOptions.Pool, vi.ObjectUUID, false) - if err != nil { - err = fmt.Errorf("error fetching image attributes for volume ID (%s): %w", volID, err) - - return nil, status.Error(codes.Internal, err.Error()) - } - volOptions.RbdImageName = imageAttributes.ImageName - } - - volOptions.VolID = volID - volOptions.MapOptions = req.GetVolumeContext()["mapOptions"] - volOptions.UnmapOptions = req.GetVolumeContext()["unmapOptions"] - volOptions.Mounter = req.GetVolumeContext()["mounter"] - volOptions.LogDir = req.GetVolumeContext()["cephLogDir"] - if volOptions.LogDir == "" { - volOptions.LogDir = defaultLogDir - } - - err = volOptions.Connect(cr) + err = rv.Connect(cr) if err != nil { - log.ErrorLog(ctx, "failed to connect to volume %s: %v", volOptions, err) + log.ErrorLog(ctx, "failed to connect to volume %s: %v", rv, err) return nil, status.Error(codes.Internal, err.Error()) } - defer volOptions.Destroy() + defer rv.Destroy() if isHealer { - err = healerStageTransaction(ctx, cr, volOptions, stagingParentPath) + err = healerStageTransaction(ctx, cr, rv, stagingParentPath) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } @@ -300,19 +314,19 @@ func (ns *NodeServer) NodeStageVolume( transaction := stageTransaction{} // Stash image details prior to mapping the image (useful during Unstage as it has no // voloptions passed to the RPC as per the CSI spec) - err = stashRBDImageMetadata(volOptions, stagingParentPath) + err = stashRBDImageMetadata(rv, stagingParentPath) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } defer func() { if err != nil { - ns.undoStagingTransaction(ctx, req, transaction, volOptions) + ns.undoStagingTransaction(ctx, req, transaction, rv) } }() // perform the actual staging and if this fails, have undoStagingTransaction // cleans up for us - transaction, err = ns.stageTransaction(ctx, req, volOptions, isStaticVol) + transaction, err = ns.stageTransaction(ctx, req, rv, isStaticVol) if err != nil { return nil, status.Error(codes.Internal, err.Error()) } diff --git a/internal/rbd/rbd_attach.go b/internal/rbd/rbd_attach.go index d5b4c6062..350e57393 100644 --- a/internal/rbd/rbd_attach.go +++ b/internal/rbd/rbd_attach.go @@ -243,19 +243,11 @@ func attachRBDImage(ctx context.Context, volOptions *rbdVolume, device string, c return devicePath, err } -func appendDeviceTypeAndOptions(cmdArgs []string, isNbd, isThick bool, userOptions string) []string { - accessType := accessTypeKRbd - if isNbd { - accessType = accessTypeNbd - } +func appendNbdDeviceTypeAndOptions(cmdArgs []string, isThick bool, userOptions string) []string { + cmdArgs = append(cmdArgs, "--device-type", accessTypeNbd) - cmdArgs = append(cmdArgs, "--device-type", accessType) - if !isNbd { - // Enable mapping and unmapping images from a non-initial network - // namespace (e.g. for Multus CNI). The network namespace must be - // owned by the initial user namespace. - cmdArgs = append(cmdArgs, "--options", "noudev") - } else { + isUnmap := CheckSliceContains(cmdArgs, "unmap") + if !isUnmap { if !strings.Contains(userOptions, useNbdNetlink) { cmdArgs = append(cmdArgs, "--options", useNbdNetlink) } @@ -265,12 +257,40 @@ func appendDeviceTypeAndOptions(cmdArgs []string, isNbd, isThick bool, userOptio if !strings.Contains(userOptions, setNbdIOTimeout) { cmdArgs = append(cmdArgs, "--options", fmt.Sprintf("%s=%d", setNbdIOTimeout, defaultNbdIOTimeout)) } + + if isThick { + // When an image is thick-provisioned, any discard/unmap/trim + // requests should not free extents. + cmdArgs = append(cmdArgs, "--options", "notrim") + } } - if isThick { - // When an image is thick-provisioned, any discard/unmap/trim - // requests should not free extents. - cmdArgs = append(cmdArgs, "--options", "notrim") + + if userOptions != "" { + // userOptions is appended after, possibly overriding the above + // default options. + cmdArgs = append(cmdArgs, "--options", userOptions) } + + return cmdArgs +} + +func appendKRbdDeviceTypeAndOptions(cmdArgs []string, isThick bool, userOptions string) []string { + cmdArgs = append(cmdArgs, "--device-type", accessTypeKRbd) + + isUnmap := CheckSliceContains(cmdArgs, "unmap") + if !isUnmap { + if isThick { + // When an image is thick-provisioned, any discard/unmap/trim + // requests should not free extents. + cmdArgs = append(cmdArgs, "--options", "notrim") + } + } + + // Enable mapping and unmapping images from a non-initial network + // namespace (e.g. for Multus CNI). The network namespace must be + // owned by the initial user namespace. + cmdArgs = append(cmdArgs, "--options", "noudev") + if userOptions != "" { // userOptions is appended after, possibly overriding the above // default options. @@ -338,7 +358,11 @@ func createPath(ctx context.Context, volOpt *rbdVolume, device string, cr *util. mapArgs = appendRbdNbdCliOptions(mapArgs, volOpt.MapOptions) } else { mapArgs = append(mapArgs, "map", imagePath) - mapArgs = appendDeviceTypeAndOptions(mapArgs, isNbd, isThick, volOpt.MapOptions) + if isNbd { + mapArgs = appendNbdDeviceTypeAndOptions(mapArgs, isThick, volOpt.MapOptions) + } else { + mapArgs = appendKRbdDeviceTypeAndOptions(mapArgs, isThick, volOpt.MapOptions) + } } if volOpt.readOnly { @@ -443,7 +467,11 @@ func detachRBDImageOrDeviceSpec( } unmapArgs := []string{"unmap", dArgs.imageOrDeviceSpec} - unmapArgs = appendDeviceTypeAndOptions(unmapArgs, dArgs.isNbd, false, dArgs.unmapOptions) + if dArgs.isNbd { + unmapArgs = appendNbdDeviceTypeAndOptions(unmapArgs, false, dArgs.unmapOptions) + } else { + unmapArgs = appendKRbdDeviceTypeAndOptions(unmapArgs, false, dArgs.unmapOptions) + } _, stderr, err := util.ExecCommand(ctx, rbd, unmapArgs...) if err != nil { diff --git a/internal/rbd/rbd_healer.go b/internal/rbd/rbd_healer.go index c785d4cf5..dedd5a678 100644 --- a/internal/rbd/rbd_healer.go +++ b/internal/rbd/rbd_healer.go @@ -129,7 +129,13 @@ func callNodeStageVolume(ns *NodeServer, c *k8s.Clientset, pv *v1.PersistentVolu // runVolumeHealer heal the volumes attached on a node. func runVolumeHealer(ns *NodeServer, conf *util.Config) error { - c := kubeclient.NewK8sClient() + c, err := kubeclient.NewK8sClient() + if err != nil { + log.ErrorLogMsg("failed to connect to Kubernetes: %v", err) + + return err + } + val, err := c.StorageV1().VolumeAttachments().List(context.TODO(), metav1.ListOptions{}) if err != nil { log.ErrorLogMsg("list volumeAttachments failed, err: %v", err) diff --git a/internal/rbd/rbd_util.go b/internal/rbd/rbd_util.go index d11169fcc..2b57aff60 100644 --- a/internal/rbd/rbd_util.go +++ b/internal/rbd/rbd_util.go @@ -1064,7 +1064,11 @@ func genVolFromVolID( // be the same in the PV.Spec.CSI.VolumeHandle. Check the PV annotation for // the new volumeHandle. If the new volumeHandle is found, generate the RBD // volume structure from the new volumeHandle. - c := k8s.NewK8sClient() + c, cErr := k8s.NewK8sClient() + if cErr != nil { + return vol, cErr + } + listOpt := metav1.ListOptions{ LabelSelector: PVReplicatedLabelKey, } @@ -2007,3 +2011,14 @@ func getCephClientLogFileName(id, logDir, prefix string) string { return fmt.Sprintf("%s/%s-%s.log", logDir, prefix, id) } + +// CheckSliceContains checks the slice for string. +func CheckSliceContains(options []string, opt string) bool { + for _, o := range options { + if o == opt { + return true + } + } + + return false +} diff --git a/internal/rbd/replicationcontrollerserver.go b/internal/rbd/replicationcontrollerserver.go index a72348ae8..e0389c6d3 100644 --- a/internal/rbd/replicationcontrollerserver.go +++ b/internal/rbd/replicationcontrollerserver.go @@ -324,8 +324,7 @@ func (rs *ReplicationServer) DisableVolumeReplication(ctx context.Context, case librbd.MirrorImageEnabled: return disableVolumeReplication(rbdVol, mirroringInfo, force) default: - // TODO: use string instead of int for returning valid error message - return nil, status.Errorf(codes.InvalidArgument, "image is in %d Mode", mirroringInfo.State) + return nil, status.Errorf(codes.InvalidArgument, "image is in %s Mode", mirroringInfo.State) } return &replication.DisableVolumeReplicationResponse{}, nil diff --git a/internal/util/cephconf.go b/internal/util/cephconf.go index 66ba11a9b..e8e3e26fa 100644 --- a/internal/util/cephconf.go +++ b/internal/util/cephconf.go @@ -50,11 +50,16 @@ func createCephConfigRoot() error { // WriteCephConfig writes out a basic ceph.conf file, making it easy to use // ceph related CLIs. func WriteCephConfig() error { - if err := createCephConfigRoot(); err != nil { + var err error + if err = createCephConfigRoot(); err != nil { return err } - err := ioutil.WriteFile(CephConfigPath, cephConfig, 0o600) + // create config file if it does not exist to support backward compatibility + if _, err = os.Stat(CephConfigPath); os.IsNotExist(err) { + err = ioutil.WriteFile(CephConfigPath, cephConfig, 0o600) + } + if err != nil { return err } @@ -71,7 +76,11 @@ if any ceph commands fails it will log below error message */ // createKeyRingFile creates the keyring files to fix above error message logging. func createKeyRingFile() error { - _, err := os.Create(keyRing) + var err error + // create keyring file if it does not exist to support backward compatibility + if _, err = os.Stat(keyRing); os.IsNotExist(err) { + _, err = os.Create(keyRing) + } return err } diff --git a/internal/util/k8s/client.go b/internal/util/k8s/client.go index d17c19fad..684fd7090 100644 --- a/internal/util/k8s/client.go +++ b/internal/util/k8s/client.go @@ -17,35 +17,34 @@ limitations under the License. package k8s import ( + "fmt" "os" - "github.com/ceph/ceph-csi/internal/util/log" - "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" ) // NewK8sClient create kubernetes client. -func NewK8sClient() *kubernetes.Clientset { +func NewK8sClient() (*kubernetes.Clientset, error) { var cfg *rest.Config var err error cPath := os.Getenv("KUBERNETES_CONFIG_PATH") if cPath != "" { cfg, err = clientcmd.BuildConfigFromFlags("", cPath) if err != nil { - log.FatalLogMsg("Failed to get cluster config with error: %v\n", err) + return nil, fmt.Errorf("failed to get cluster config from %q: %w", cPath, err) } } else { cfg, err = rest.InClusterConfig() if err != nil { - log.FatalLogMsg("Failed to get cluster config with error: %v\n", err) + return nil, fmt.Errorf("failed to get cluster config: %w", err) } } client, err := kubernetes.NewForConfig(cfg) if err != nil { - log.FatalLogMsg("Failed to create client with error: %v\n", err) + return nil, fmt.Errorf("failed to create client: %w", err) } - return client + return client, nil } diff --git a/internal/util/topology.go b/internal/util/topology.go index 6a2b6c2d5..51b61fbe4 100644 --- a/internal/util/topology.go +++ b/internal/util/topology.go @@ -35,7 +35,12 @@ const ( ) func k8sGetNodeLabels(nodeName string) (map[string]string, error) { - client := k8s.NewK8sClient() + client, err := k8s.NewK8sClient() + if err != nil { + return nil, fmt.Errorf("can not get node %q information, failed "+ + "to connect to Kubernetes: %w", nodeName, err) + } + node, err := client.CoreV1().Nodes().Get(context.TODO(), nodeName, metav1.GetOptions{}) if err != nil { return nil, fmt.Errorf("failed to get node %q information: %w", nodeName, err) diff --git a/scripts/install-helm.sh b/scripts/install-helm.sh index f60fa405b..e405d747f 100755 --- a/scripts/install-helm.sh +++ b/scripts/install-helm.sh @@ -173,9 +173,11 @@ install_cephcsi_helm_charts() { check_deployment_status app=ceph-csi-cephfs ${NAMESPACE} check_daemonset_status app=ceph-csi-cephfs ${NAMESPACE} - # deleting configmap as a workaround to avoid configmap already present + # deleting configmaps as a workaround to avoid configmap already present # issue when installing ceph-csi-rbd kubectl_retry delete cm ceph-csi-config --namespace ${NAMESPACE} + kubectl_retry delete cm ceph-config --namespace ${NAMESPACE} + # shellcheck disable=SC2086 "${HELM}" install --namespace ${NAMESPACE} --set provisioner.fullnameOverride=csi-rbdplugin-provisioner --set nodeplugin.fullnameOverride=csi-rbdplugin --set configMapName=ceph-csi-config --set provisioner.podSecurityPolicy.enabled=true --set nodeplugin.podSecurityPolicy.enabled=true --set provisioner.replicaCount=1 ${SET_SC_TEMPLATE_VALUES} ${RBD_SECRET_TEMPLATE_VALUES} ${RBD_CHART_NAME} "${SCRIPT_DIR}"/../charts/ceph-csi-rbd --set topology.enabled=true --set topology.domainLabels="{${NODE_LABEL_REGION},${NODE_LABEL_ZONE}}" --set provisioner.maxSnapshotsOnImage=3 --set provisioner.minSnapshotsOnImage=2 diff --git a/scripts/minikube.sh b/scripts/minikube.sh index de72c6dd2..abcd0796b 100755 --- a/scripts/minikube.sh +++ b/scripts/minikube.sh @@ -154,6 +154,8 @@ MINIKUBE_WAIT=${MINIKUBE_WAIT:-"all"} CPUS=${CPUS:-"$(nproc)"} VM_DRIVER=${VM_DRIVER:-"virtualbox"} CNI=${CNI:-"bridge"} +NUM_DISKS=${NUM_DISKS:-"1"} +DISK_SIZE=${DISK_SIZE:-"32g"} #configure image repo CEPHCSI_IMAGE_REPO=${CEPHCSI_IMAGE_REPO:-"quay.io/cephcsi"} K8S_IMAGE_REPO=${K8S_IMAGE_REPO:-"k8s.gcr.io/sig-storage"} @@ -162,6 +164,14 @@ if [[ "${VM_DRIVER}" == "kvm2" ]]; then # use vda1 instead of sda1 when running with the libvirt driver DISK="vda1" fi + +if [[ "${VM_DRIVER}" == "kvm2" ]] || [[ "${VM_DRIVER}" == "hyperkit" ]]; then + # adding extra disks is only supported on kvm2 and hyperkit + DISK_CONFIG=${DISK_CONFIG:-" --extra-disks=${NUM_DISKS} --disk-size=${DISK_SIZE} "} +else + DISK_CONFIG="" +fi + #configure csi sidecar version CSI_ATTACHER_VERSION=${CSI_ATTACHER_VERSION:-"v3.2.1"} CSI_SNAPSHOTTER_VERSION=${CSI_SNAPSHOTTER_VERSION:-"v4.1.1"} @@ -216,16 +226,16 @@ up) if minikube_supports_psp; then enable_psp # shellcheck disable=SC2086 - ${minikube} start --force --memory="${MEMORY}" --cpus="${CPUS}" -b kubeadm --kubernetes-version="${KUBE_VERSION}" --driver="${VM_DRIVER}" --feature-gates="${K8S_FEATURE_GATES}" --cni="${CNI}" ${EXTRA_CONFIG} ${EXTRA_CONFIG_PSP} --wait-timeout="${MINIKUBE_WAIT_TIMEOUT}" --wait="${MINIKUBE_WAIT}" --delete-on-failure + ${minikube} start --force --memory="${MEMORY}" --cpus="${CPUS}" -b kubeadm --kubernetes-version="${KUBE_VERSION}" --driver="${VM_DRIVER}" --feature-gates="${K8S_FEATURE_GATES}" --cni="${CNI}" ${EXTRA_CONFIG} ${EXTRA_CONFIG_PSP} --wait-timeout="${MINIKUBE_WAIT_TIMEOUT}" --wait="${MINIKUBE_WAIT}" --delete-on-failure "${DISK_CONFIG}" else # This is a workaround to fix psp issues in minikube >1.6.2 and <1.11.0 # shellcheck disable=SC2086 - ${minikube} start --force --memory="${MEMORY}" --cpus="${CPUS}" -b kubeadm --kubernetes-version="${KUBE_VERSION}" --driver="${VM_DRIVER}" --feature-gates="${K8S_FEATURE_GATES}" --cni="${CNI}" ${EXTRA_CONFIG} --wait-timeout="${MINIKUBE_WAIT_TIMEOUT}" --wait="${MINIKUBE_WAIT}" --delete-on-failure + ${minikube} start --force --memory="${MEMORY}" --cpus="${CPUS}" -b kubeadm --kubernetes-version="${KUBE_VERSION}" --driver="${VM_DRIVER}" --feature-gates="${K8S_FEATURE_GATES}" --cni="${CNI}" ${EXTRA_CONFIG} --wait-timeout="${MINIKUBE_WAIT_TIMEOUT}" --wait="${MINIKUBE_WAIT}" --delete-on-failure "${DISK_CONFIG}" DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" ${minikube} kubectl -- apply -f "$DIR"/psp.yaml ${minikube} stop # shellcheck disable=SC2086 - ${minikube} start --force --memory="${MEMORY}" --cpus="${CPUS}" -b kubeadm --kubernetes-version="${KUBE_VERSION}" --driver="${VM_DRIVER}" --feature-gates="${K8S_FEATURE_GATES}" --cni="${CNI}" ${EXTRA_CONFIG} ${EXTRA_CONFIG_PSP} --wait-timeout="${MINIKUBE_WAIT_TIMEOUT}" --wait="${MINIKUBE_WAIT}" + ${minikube} start --force --memory="${MEMORY}" --cpus="${CPUS}" -b kubeadm --kubernetes-version="${KUBE_VERSION}" --driver="${VM_DRIVER}" --feature-gates="${K8S_FEATURE_GATES}" --cni="${CNI}" ${EXTRA_CONFIG} ${EXTRA_CONFIG_PSP} --wait-timeout="${MINIKUBE_WAIT_TIMEOUT}" --wait="${MINIKUBE_WAIT}" "${DISK_CONFIG}" fi # create a link so the default dataDirHostPath will work for this diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go index 710eb432f..11d4240d6 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go @@ -50,9 +50,19 @@ func prettify(v reflect.Value, indent int, buf *bytes.Buffer) { for i, n := range names { val := v.FieldByName(n) + ft, ok := v.Type().FieldByName(n) + if !ok { + panic(fmt.Sprintf("expected to find field %v on type %v, but was not found", n, v.Type())) + } + buf.WriteString(strings.Repeat(" ", indent+2)) buf.WriteString(n + ": ") - prettify(val, indent+2, buf) + + if tag := ft.Tag.Get("sensitive"); tag == "true" { + buf.WriteString("<sensitive>") + } else { + prettify(val, indent+2, buf) + } if i < len(names)-1 { buf.WriteString(",\n") diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go index 645df2450..3f7cffd95 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go @@ -8,6 +8,8 @@ import ( ) // StringValue returns the string representation of a value. +// +// Deprecated: Use Prettify instead. func StringValue(i interface{}) string { var buf bytes.Buffer stringValue(reflect.ValueOf(i), 0, &buf) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go index 2866f9a7f..89aad2c67 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go @@ -1,3 +1,4 @@ +//go:build !go1.9 // +build !go1.9 package aws diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go index 3718b26e1..6ee9ddd18 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go @@ -1,3 +1,4 @@ +//go:build go1.9 // +build go1.9 package aws diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go index 2f9446333..313218190 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go @@ -1,3 +1,4 @@ +//go:build !go1.7 // +build !go1.7 package aws diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go index 9c29f29af..9975d561b 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go @@ -1,3 +1,4 @@ +//go:build go1.7 // +build go1.7 package aws diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go index 5852b2648..6e3406b1f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go @@ -1,3 +1,4 @@ +//go:build !go1.7 // +build !go1.7 package credentials diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go index 388b21541..a68df0ee7 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go @@ -1,3 +1,4 @@ +//go:build go1.7 // +build go1.7 package credentials diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go index 8152a864a..0345fab2d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go @@ -1,3 +1,4 @@ +//go:build !go1.9 // +build !go1.9 package credentials diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go index 4356edb3d..79018aba7 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go @@ -1,3 +1,4 @@ +//go:build go1.9 // +build go1.9 package credentials diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go index ceca7dcee..d4df39a7a 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package ssocreds diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go index 8f35b3464..df63bade1 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go @@ -13,7 +13,6 @@ package ec2metadata import ( "bytes" - "errors" "io" "net/http" "net/url" @@ -234,7 +233,8 @@ func unmarshalError(r *request.Request) { // Response body format is not consistent between metadata endpoints. // Grab the error message as a string and include that as the source error - r.Error = awserr.NewRequestFailure(awserr.New("EC2MetadataError", "failed to make EC2Metadata request", errors.New(b.String())), + r.Error = awserr.NewRequestFailure( + awserr.New("EC2MetadataError", "failed to make EC2Metadata request\n"+b.String(), nil), r.HTTPResponse.StatusCode, r.RequestID) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go index 654fb1ad5..b98ea8698 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go @@ -81,7 +81,6 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol // Customization for i := 0; i < len(ps); i++ { p := &ps[i] - custAddEC2Metadata(p) custAddS3DualStack(p) custRegionalS3(p) custRmIotDataService(p) @@ -140,19 +139,6 @@ func custAddDualstack(p *partition, svcName string) { p.Services[svcName] = s } -func custAddEC2Metadata(p *partition) { - p.Services["ec2metadata"] = service{ - IsRegionalized: boxedFalse, - PartitionEndpoint: "aws-global", - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, - }, - } -} - func custRmIotDataService(p *partition) { delete(p.Services, "data.iot") } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index fc4988738..9b8acb6b1 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -32,7 +32,6 @@ const ( EuWest1RegionID = "eu-west-1" // Europe (Ireland). EuWest2RegionID = "eu-west-2" // Europe (London). EuWest3RegionID = "eu-west-3" // Europe (Paris). - InAmazon1RegionID = "in-amazon-1" // India (Begumpet). MeSouth1RegionID = "me-south-1" // Middle East (Bahrain). SaEast1RegionID = "sa-east-1" // South America (Sao Paulo). UsEast1RegionID = "us-east-1" // US East (N. Virginia). @@ -101,7 +100,7 @@ var awsPartition = partition{ DNSSuffix: "amazonaws.com", RegionRegex: regionRegex{ Regexp: func() *regexp.Regexp { - reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af|in)\\-\\w+\\-\\d+$") + reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$") return reg }(), }, @@ -156,9 +155,6 @@ var awsPartition = partition{ "eu-west-3": region{ Description: "Europe (Paris)", }, - "in-amazon-1": region{ - Description: "India (Begumpet)", - }, "me-south-1": region{ Description: "Middle East (Bahrain)", }, @@ -369,6 +365,30 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "amplify": service{ + + Endpoints: endpoints{ + "ap-east-1": endpoint{}, + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, + "eu-south-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "amplifybackend": service{ Endpoints: endpoints{ @@ -652,9 +672,33 @@ var awsPartition = partition{ "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, + "fips-ca-central-1": endpoint{ + Hostname: "api.fleethub.iot-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + "fips-us-east-1": endpoint{ + Hostname: "api.fleethub.iot-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "api.fleethub.iot-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "api.fleethub.iot-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, }, }, "api.mediatailor": service{ @@ -771,6 +815,7 @@ var awsPartition = partition{ "appflow": service{ Endpoints: endpoints{ + "af-south-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -866,6 +911,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, "fips": endpoint{ Hostname: "appstream2-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ @@ -882,6 +928,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -900,6 +947,18 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "aps": service{ + Defaults: endpoint{ + Protocols: []string{"https"}, + }, + Endpoints: endpoints{ + "eu-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "athena": service{ Endpoints: endpoints{ @@ -907,6 +966,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -986,6 +1046,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -1357,6 +1418,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -1837,6 +1899,59 @@ var awsPartition = partition{ "us-east-1": endpoint{}, }, }, + "data.jobs.iot": service{ + + Endpoints: endpoints{ + "ap-east-1": endpoint{}, + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "fips-ca-central-1": endpoint{ + Hostname: "data.jobs.iot-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + "fips-us-east-1": endpoint{ + Hostname: "data.jobs.iot-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "data.jobs.iot-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-us-west-1": endpoint{ + Hostname: "data.jobs.iot-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "data.jobs.iot-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "data.mediastore": service{ Endpoints: endpoints{ @@ -1884,6 +1999,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -2146,6 +2262,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -2373,17 +2490,6 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, - "ec2metadata": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, - }, - }, "ecs": service{ Endpoints: endpoints{ @@ -2873,11 +2979,41 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "fips-ca-central-1": endpoint{ + Hostname: "emr-containers-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + "fips-us-east-1": endpoint{ + Hostname: "emr-containers-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "emr-containers-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-us-west-1": endpoint{ + Hostname: "emr-containers-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "emr-containers-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "entitlement.marketplace": service{ @@ -3051,6 +3187,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -3249,6 +3386,17 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "frauddetector": service{ + + Endpoints: endpoints{ + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "fsx": service{ Endpoints: endpoints{ @@ -3256,6 +3404,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -3559,6 +3708,8 @@ var awsPartition = partition{ }, Endpoints: endpoints{ "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, }, }, "honeycode": service{ @@ -3586,6 +3737,18 @@ var awsPartition = partition{ }, }, }, + "identity-chime": service{ + + Endpoints: endpoints{ + "us-east-1": endpoint{}, + "us-east-1-fips": endpoint{ + Hostname: "identity-chime-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + }, + }, "identitystore": service{ Endpoints: endpoints{ @@ -3679,18 +3842,49 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "fips-ca-central-1": endpoint{ + Hostname: "iot-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Service: "execute-api", + }, + }, + "fips-us-east-1": endpoint{ + Hostname: "iot-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Service: "execute-api", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "iot-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Service: "execute-api", + }, + }, + "fips-us-west-1": endpoint{ + Hostname: "iot-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Service: "execute-api", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "iot-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Service: "execute-api", + }, + }, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "iotanalytics": service{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-south-1": endpoint{}, "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, @@ -3794,12 +3988,42 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "fips-ca-central-1": endpoint{ + Hostname: "api.tunneling.iot-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + "fips-us-east-1": endpoint{ + Hostname: "api.tunneling.iot-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "api.tunneling.iot-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-us-west-1": endpoint{ + Hostname: "api.tunneling.iot-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "api.tunneling.iot-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "iotthingsgraph": service{ @@ -3820,6 +4044,18 @@ var awsPartition = partition{ "iotwireless": service{ Endpoints: endpoints{ + "ap-northeast-1": endpoint{ + Hostname: "api.iotwireless.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + "ap-southeast-2": endpoint{ + Hostname: "api.iotwireless.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, "eu-west-1": endpoint{ Hostname: "api.iotwireless.eu-west-1.amazonaws.com", CredentialScope: credentialScope{ @@ -3832,6 +4068,12 @@ var awsPartition = partition{ Region: "us-east-1", }, }, + "us-west-2": endpoint{ + Hostname: "api.iotwireless.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, }, }, "kafka": service{ @@ -4433,6 +4675,7 @@ var awsPartition = partition{ "eu-west-3": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, + "us-east-2": endpoint{}, "us-west-1": endpoint{}, "us-west-2": endpoint{}, }, @@ -4451,6 +4694,18 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "messaging-chime": service{ + + Endpoints: endpoints{ + "us-east-1": endpoint{}, + "us-east-1-fips": endpoint{ + Hostname: "messaging-chime-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + }, + }, "metering.marketplace": service{ Defaults: endpoint{ CredentialScope: credentialScope{ @@ -4815,6 +5070,12 @@ var awsPartition = partition{ Region: "eu-west-2", }, }, + "eu-west-3": endpoint{ + Hostname: "oidc.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, "us-east-1": endpoint{ Hostname: "oidc.us-east-1.amazonaws.com", CredentialScope: credentialScope{ @@ -4895,6 +5156,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -5141,6 +5403,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, "fips-us-east-1": endpoint{ Hostname: "qldb-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ @@ -5463,6 +5726,17 @@ var awsPartition = partition{ }, }, }, + "route53-recovery-control-config": service{ + + Endpoints: endpoints{ + "aws-global": endpoint{ + Hostname: "route53-recovery-control-config.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, "route53domains": service{ Endpoints: endpoints{ @@ -6303,6 +6577,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, "fips-us-east-1": endpoint{ Hostname: "session.qldb-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ @@ -6738,6 +7013,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -6851,15 +7127,9 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, - "in-amazon-1": endpoint{ - Hostname: "sts.ap-south-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ap-south-1", - }, - }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, "us-east-1-fips": endpoint{ Hostname: "sts-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ @@ -7751,9 +8021,17 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "data.jobs.iot": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, "dax": service{ Endpoints: endpoints{ + "cn-north-1": endpoint{}, "cn-northwest-1": endpoint{}, }, }, @@ -7814,17 +8092,6 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, - "ec2metadata": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, - }, - }, "ecs": service{ Endpoints: endpoints{ @@ -7892,6 +8159,13 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "emr-containers": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, "es": service{ Endpoints: endpoints{ @@ -7913,6 +8187,15 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "fms": service{ + Defaults: endpoint{ + Protocols: []string{"https"}, + }, + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, "fsx": service{ Endpoints: endpoints{ @@ -7923,7 +8206,8 @@ var awscnPartition = partition{ "gamelift": service{ Endpoints: endpoints{ - "cn-north-1": endpoint{}, + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, }, }, "glacier": service{ @@ -8108,6 +8392,12 @@ var awscnPartition = partition{ "neptune": service{ Endpoints: endpoints{ + "cn-north-1": endpoint{ + Hostname: "rds.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, "cn-northwest-1": endpoint{ Hostname: "rds.cn-northwest-1.amazonaws.com.cn", CredentialScope: credentialScope{ @@ -8415,6 +8705,13 @@ var awscnPartition = partition{ }, }, }, + "transcribestreaming": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, "transfer": service{ Endpoints: endpoints{ @@ -8936,6 +9233,25 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "data.jobs.iot": service{ + + Endpoints: endpoints{ + "fips-us-gov-east-1": endpoint{ + Hostname: "data.jobs.iot-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + "fips-us-gov-west-1": endpoint{ + Hostname: "data.jobs.iot-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, "datasync": service{ Endpoints: endpoints{ @@ -9058,17 +9374,6 @@ var awsusgovPartition = partition{ }, }, }, - "ec2metadata": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, - }, - }, "ecs": service{ Endpoints: endpoints{ @@ -9454,6 +9759,18 @@ var awsusgovPartition = partition{ }, }, Endpoints: endpoints{ + "fips-us-gov-east-1": endpoint{ + Hostname: "iot-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Service: "execute-api", + }, + }, + "fips-us-gov-west-1": endpoint{ + Hostname: "iot-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Service: "execute-api", + }, + }, "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, @@ -9461,6 +9778,18 @@ var awsusgovPartition = partition{ "iotsecuredtunneling": service{ Endpoints: endpoints{ + "fips-us-gov-east-1": endpoint{ + Hostname: "api.tunneling.iot-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + "fips-us-gov-west-1": endpoint{ + Hostname: "api.tunneling.iot-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, @@ -9633,6 +9962,25 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "mq": service{ + + Endpoints: endpoints{ + "fips-us-gov-east-1": endpoint{ + Hostname: "mq-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + "fips-us-gov-west-1": endpoint{ + Hostname: "mq-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, "neptune": service{ Endpoints: endpoints{ @@ -10522,17 +10870,6 @@ var awsisoPartition = partition{ "us-iso-east-1": endpoint{}, }, }, - "ec2metadata": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, - }, - }, "ecs": service{ Endpoints: endpoints{ @@ -10642,6 +10979,12 @@ var awsisoPartition = partition{ "us-iso-east-1": endpoint{}, }, }, + "license-manager": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, "logs": service{ Endpoints: endpoints{ @@ -10703,6 +11046,12 @@ var awsisoPartition = partition{ }, }, }, + "route53resolver": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, "runtime.sagemaker": service{ Endpoints: endpoints{ @@ -10923,6 +11272,12 @@ var awsisobPartition = partition{ "us-isob-east-1": endpoint{}, }, }, + "ds": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, "dynamodb": service{ Defaults: endpoint{ Protocols: []string{"http", "https"}, @@ -10939,17 +11294,6 @@ var awsisobPartition = partition{ "us-isob-east-1": endpoint{}, }, }, - "ec2metadata": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, - }, - }, "ecs": service{ Endpoints: endpoints{ @@ -11155,6 +11499,12 @@ var awsisobPartition = partition{ }, "swf": service{ + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "tagging": service{ + Endpoints: endpoints{ "us-isob-east-1": endpoint{}, }, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go index ca956e5f1..8e8636f5f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go @@ -48,6 +48,9 @@ type Options struct { // This option is ignored if StrictMatching is enabled. ResolveUnknownService bool + // Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6) + EC2MetadataEndpointMode EC2IMDSEndpointModeState + // STS Regional Endpoint flag helps with resolving the STS endpoint STSRegionalEndpoint STSRegionalEndpoint @@ -55,6 +58,33 @@ type Options struct { S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint } +// EC2IMDSEndpointModeState is an enum configuration variable describing the client endpoint mode. +type EC2IMDSEndpointModeState uint + +// Enumeration values for EC2IMDSEndpointModeState +const ( + EC2IMDSEndpointModeStateUnset EC2IMDSEndpointModeState = iota + EC2IMDSEndpointModeStateIPv4 + EC2IMDSEndpointModeStateIPv6 +) + +// SetFromString sets the EC2IMDSEndpointModeState based on the provided string value. Unknown values will default to EC2IMDSEndpointModeStateUnset +func (e *EC2IMDSEndpointModeState) SetFromString(v string) error { + v = strings.TrimSpace(v) + + switch { + case len(v) == 0: + *e = EC2IMDSEndpointModeStateUnset + case strings.EqualFold(v, "IPv6"): + *e = EC2IMDSEndpointModeStateIPv6 + case strings.EqualFold(v, "IPv4"): + *e = EC2IMDSEndpointModeStateIPv4 + default: + return fmt.Errorf("unknown EC2 IMDS endpoint mode, must be either IPv6 or IPv4") + } + return nil +} + // STSRegionalEndpoint is an enum for the states of the STS Regional Endpoint // options. type STSRegionalEndpoint int @@ -247,7 +277,7 @@ func RegionsForService(ps []Partition, partitionID, serviceID string) (map[strin if p.ID() != partitionID { continue } - if _, ok := p.p.Services[serviceID]; !ok { + if _, ok := p.p.Services[serviceID]; !(ok || serviceID == Ec2metadataServiceID) { break } @@ -333,6 +363,7 @@ func (p Partition) Regions() map[string]Region { // enumerating over the services in a partition. func (p Partition) Services() map[string]Service { ss := make(map[string]Service, len(p.p.Services)) + for id := range p.p.Services { ss[id] = Service{ id: id, @@ -340,6 +371,15 @@ func (p Partition) Services() map[string]Service { } } + // Since we have removed the customization that injected this into the model + // we still need to pretend that this is a modeled service. + if _, ok := ss[Ec2metadataServiceID]; !ok { + ss[Ec2metadataServiceID] = Service{ + id: Ec2metadataServiceID, + p: p.p, + } + } + return ss } @@ -400,7 +440,18 @@ func (s Service) ResolveEndpoint(region string, opts ...func(*Options)) (Resolve // an URL that can be resolved to a instance of a service. func (s Service) Regions() map[string]Region { rs := map[string]Region{} - for id := range s.p.Services[s.id].Endpoints { + + service, ok := s.p.Services[s.id] + + // Since ec2metadata customization has been removed we need to check + // if it was defined in non-standard endpoints.json file. If it's not + // then we can return the empty map as there is no regional-endpoints for IMDS. + // Otherwise, we iterate need to iterate the non-standard model. + if s.id == Ec2metadataServiceID && !ok { + return rs + } + + for id := range service.Endpoints { if r, ok := s.p.Regions[id]; ok { rs[id] = Region{ id: id, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go index aaff68260..c6c6a0338 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go @@ -7,6 +7,11 @@ import ( "strings" ) +const ( + ec2MetadataEndpointIPv6 = "http://[fd00:ec2::254]/latest" + ec2MetadataEndpointIPv4 = "http://169.254.169.254/latest" +) + var regionValidationRegex = regexp.MustCompile(`^[[:alnum:]]([[:alnum:]\-]*[[:alnum:]])?$`) type partitions []partition @@ -102,6 +107,12 @@ func (p partition) EndpointFor(service, region string, opts ...func(*Options)) ( opt.Set(opts...) s, hasService := p.Services[service] + + if service == Ec2metadataServiceID && !hasService { + endpoint := getEC2MetadataEndpoint(p.ID, service, opt.EC2MetadataEndpointMode) + return endpoint, nil + } + if len(service) == 0 || !(hasService || opt.ResolveUnknownService) { // Only return error if the resolver will not fallback to creating // endpoint based on service endpoint ID passed in. @@ -129,6 +140,31 @@ func (p partition) EndpointFor(service, region string, opts ...func(*Options)) ( return e.resolve(service, p.ID, region, p.DNSSuffix, defs, opt) } +func getEC2MetadataEndpoint(partitionID, service string, mode EC2IMDSEndpointModeState) ResolvedEndpoint { + switch mode { + case EC2IMDSEndpointModeStateIPv6: + return ResolvedEndpoint{ + URL: ec2MetadataEndpointIPv6, + PartitionID: partitionID, + SigningRegion: "aws-global", + SigningName: service, + SigningNameDerived: true, + SigningMethod: "v4", + } + case EC2IMDSEndpointModeStateIPv4: + fallthrough + default: + return ResolvedEndpoint{ + URL: ec2MetadataEndpointIPv4, + PartitionID: partitionID, + SigningRegion: "aws-global", + SigningName: service, + SigningNameDerived: true, + SigningMethod: "v4", + } + } +} + func serviceList(ss services) []string { list := make([]string, 0, len(ss)) for k := range ss { diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go index 0fdfcc56e..db6efd605 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go @@ -1,3 +1,4 @@ +//go:build codegen // +build codegen package endpoints diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go index e36e468b7..5921b8ff2 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go @@ -1,3 +1,4 @@ +//go:build !go1.8 // +build !go1.8 package request diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go index de1292f45..ea643c9c4 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go @@ -1,3 +1,4 @@ +//go:build go1.8 // +build go1.8 package request diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go index a7365cd1e..d8c505302 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go @@ -1,3 +1,4 @@ +//go:build go1.7 // +build go1.7 package request diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go index 307fa0705..49a243ef2 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go @@ -1,3 +1,4 @@ +//go:build !go1.7 // +build !go1.7 package request diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go index 593aedc42..4390ad52f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go @@ -1,3 +1,4 @@ +//go:build go1.13 // +build go1.13 package session diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go index 1bf31cf8e..668565bea 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go @@ -1,3 +1,4 @@ +//go:build !go1.13 && go1.7 // +build !go1.13,go1.7 package session diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go index 253d7bc9d..e101aa6b6 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go @@ -1,3 +1,4 @@ +//go:build !go1.6 && go1.5 // +build !go1.6,go1.5 package session diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go index db2406054..b5fcbe0d1 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go @@ -1,3 +1,4 @@ +//go:build !go1.7 && go1.6 // +build !go1.7,go1.6 package session diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go index 9419b518d..43b56863e 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go @@ -283,7 +283,7 @@ component must be enclosed in square brackets. The custom EC2 IMDS endpoint can also be specified via the Session options. sess, err := session.NewSessionWithOptions(session.Options{ - EC2IMDSEndpoint: "http://[::1]", + EC2MetadataEndpoint: "http://[::1]", }) */ package session diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go index 3cd5d4b5a..fffe2f350 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go @@ -161,10 +161,15 @@ type envConfig struct { // AWS_S3_USE_ARN_REGION=true S3UseARNRegion bool - // Specifies the alternative endpoint to use for EC2 IMDS. + // Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode. // // AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1] EC2IMDSEndpoint string + + // Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6) + // + // AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6 + EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState } var ( @@ -231,6 +236,9 @@ var ( ec2IMDSEndpointEnvKey = []string{ "AWS_EC2_METADATA_SERVICE_ENDPOINT", } + ec2IMDSEndpointModeEnvKey = []string{ + "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE", + } useCABundleKey = []string{ "AWS_CA_BUNDLE", } @@ -364,6 +372,9 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) { } setFromEnvVal(&cfg.EC2IMDSEndpoint, ec2IMDSEndpointEnvKey) + if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil { + return envConfig{}, err + } return cfg, nil } @@ -376,3 +387,17 @@ func setFromEnvVal(dst *string, keys []string) { } } } + +func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error { + for _, k := range keys { + value := os.Getenv(k) + if len(value) == 0 { + continue + } + if err := mode.SetFromString(value); err != nil { + return fmt.Errorf("invalid value for environment variable, %s=%s, %v", k, value, err) + } + return nil + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go index 038ae222f..4b2e057e9 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go @@ -283,8 +283,8 @@ type Options struct { Handlers request.Handlers // Allows specifying a custom endpoint to be used by the EC2 IMDS client - // when making requests to the EC2 IMDS API. The must endpoint value must - // include protocol prefix. + // when making requests to the EC2 IMDS API. The endpoint value should + // include the URI scheme. If the scheme is not present it will be defaulted to http. // // If unset, will the EC2 IMDS client will use its default endpoint. // @@ -298,6 +298,11 @@ type Options struct { // // AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1] EC2IMDSEndpoint string + + // Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6) + // + // AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6 + EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState } // NewSessionWithOptions returns a new Session created from SDK defaults, config files, @@ -375,19 +380,23 @@ func Must(sess *Session, err error) *Session { // Wraps the endpoint resolver with a resolver that will return a custom // endpoint for EC2 IMDS. -func wrapEC2IMDSEndpoint(resolver endpoints.Resolver, endpoint string) endpoints.Resolver { +func wrapEC2IMDSEndpoint(resolver endpoints.Resolver, endpoint string, mode endpoints.EC2IMDSEndpointModeState) endpoints.Resolver { return endpoints.ResolverFunc( func(service, region string, opts ...func(*endpoints.Options)) ( endpoints.ResolvedEndpoint, error, ) { - if service == ec2MetadataServiceID { + if service == ec2MetadataServiceID && len(endpoint) > 0 { return endpoints.ResolvedEndpoint{ URL: endpoint, SigningName: ec2MetadataServiceID, SigningRegion: region, }, nil + } else if service == ec2MetadataServiceID { + opts = append(opts, func(o *endpoints.Options) { + o.EC2MetadataEndpointMode = mode + }) } - return resolver.EndpointFor(service, region) + return resolver.EndpointFor(service, region, opts...) }) } @@ -404,8 +413,8 @@ func deprecatedNewSession(envCfg envConfig, cfgs ...*aws.Config) *Session { cfg.EndpointResolver = endpoints.DefaultResolver() } - if len(envCfg.EC2IMDSEndpoint) != 0 { - cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, envCfg.EC2IMDSEndpoint) + if !(len(envCfg.EC2IMDSEndpoint) == 0 && envCfg.EC2IMDSEndpointMode == endpoints.EC2IMDSEndpointModeStateUnset) { + cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, envCfg.EC2IMDSEndpoint, envCfg.EC2IMDSEndpointMode) } cfg.Credentials = defaults.CredChain(cfg, handlers) @@ -737,12 +746,32 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, endpoints.LegacyS3UsEast1Endpoint, }) - ec2IMDSEndpoint := sessOpts.EC2IMDSEndpoint - if len(ec2IMDSEndpoint) == 0 { - ec2IMDSEndpoint = envCfg.EC2IMDSEndpoint + var ec2IMDSEndpoint string + for _, v := range []string{ + sessOpts.EC2IMDSEndpoint, + envCfg.EC2IMDSEndpoint, + sharedCfg.EC2IMDSEndpoint, + } { + if len(v) != 0 { + ec2IMDSEndpoint = v + break + } } - if len(ec2IMDSEndpoint) != 0 { - cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint) + + var endpointMode endpoints.EC2IMDSEndpointModeState + for _, v := range []endpoints.EC2IMDSEndpointModeState{ + sessOpts.EC2IMDSEndpointMode, + envCfg.EC2IMDSEndpointMode, + sharedCfg.EC2IMDSEndpointMode, + } { + if v != endpoints.EC2IMDSEndpointModeStateUnset { + endpointMode = v + break + } + } + + if len(ec2IMDSEndpoint) != 0 || endpointMode != endpoints.EC2IMDSEndpointModeStateUnset { + cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode) } // Configure credentials if not already set by the user when creating the diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go index 42b16a7db..6830ece70 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go @@ -66,6 +66,12 @@ const ( // S3 ARN Region Usage s3UseARNRegionKey = "s3_use_arn_region" + + // EC2 IMDS Endpoint Mode + ec2MetadataServiceEndpointModeKey = "ec2_metadata_service_endpoint_mode" + + // EC2 IMDS Endpoint + ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint" ) // sharedConfig represents the configuration fields of the SDK config files. @@ -145,6 +151,16 @@ type sharedConfig struct { // // s3_use_arn_region=true S3UseARNRegion bool + + // Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6) + // + // ec2_metadata_service_endpoint_mode=IPv6 + EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState + + // Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode. + // + // ec2_metadata_service_endpoint=http://fd00:ec2::254 + EC2IMDSEndpoint string } type sharedConfigFile struct { @@ -334,6 +350,12 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e updateString(&cfg.SSORegion, section, ssoRegionKey) updateString(&cfg.SSORoleName, section, ssoRoleNameKey) updateString(&cfg.SSOStartURL, section, ssoStartURL) + + if err := updateEC2MetadataServiceEndpointMode(&cfg.EC2IMDSEndpointMode, section, ec2MetadataServiceEndpointModeKey); err != nil { + return fmt.Errorf("failed to load %s from shared config, %s, %v", + ec2MetadataServiceEndpointModeKey, file.Filename, err) + } + updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey) } updateString(&cfg.CredentialProcess, section, credentialProcessKey) @@ -364,6 +386,14 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e return nil } +func updateEC2MetadataServiceEndpointMode(endpointMode *endpoints.EC2IMDSEndpointModeState, section ini.Section, key string) error { + if !section.Has(key) { + return nil + } + value := section.String(key) + return endpointMode.SetFromString(value) +} + func (cfg *sharedConfig) validateCredentialsConfig(profile string) error { if err := cfg.validateCredentialsRequireARN(profile); err != nil { return err diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go index 07ea799fb..993753831 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go @@ -34,23 +34,23 @@ func (m mapRule) IsValid(value string) bool { return ok } -// whitelist is a generic rule for whitelisting -type whitelist struct { +// allowList is a generic rule for allow listing +type allowList struct { rule } -// IsValid for whitelist checks if the value is within the whitelist -func (w whitelist) IsValid(value string) bool { +// IsValid for allow list checks if the value is within the allow list +func (w allowList) IsValid(value string) bool { return w.rule.IsValid(value) } -// blacklist is a generic rule for blacklisting -type blacklist struct { +// excludeList is a generic rule for exclude listing +type excludeList struct { rule } -// IsValid for whitelist checks if the value is within the whitelist -func (b blacklist) IsValid(value string) bool { +// IsValid for exclude list checks if the value is within the exclude list +func (b excludeList) IsValid(value string) bool { return !b.rule.IsValid(value) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go index f35fc860b..cf672b6ac 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go @@ -1,3 +1,4 @@ +//go:build !go1.7 // +build !go1.7 package v4 diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go index fed5c859c..21fe74e6f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go @@ -1,3 +1,4 @@ +//go:build go1.7 // +build go1.7 package v4 diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go index bd082e9d1..7711ec737 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go @@ -1,3 +1,4 @@ +//go:build go1.5 // +build go1.5 package v4 diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go index 1737c2686..d4653031f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go @@ -90,7 +90,7 @@ const ( ) var ignoredHeaders = rules{ - blacklist{ + excludeList{ mapRule{ authorizationHeader: struct{}{}, "User-Agent": struct{}{}, @@ -99,9 +99,9 @@ var ignoredHeaders = rules{ }, } -// requiredSignedHeaders is a whitelist for build canonical headers. +// requiredSignedHeaders is a allow list for build canonical headers. var requiredSignedHeaders = rules{ - whitelist{ + allowList{ mapRule{ "Cache-Control": struct{}{}, "Content-Disposition": struct{}{}, @@ -145,12 +145,13 @@ var requiredSignedHeaders = rules{ }, }, patterns{"X-Amz-Meta-"}, + patterns{"X-Amz-Object-Lock-"}, } -// allowedHoisting is a whitelist for build query headers. The boolean value +// allowedHoisting is a allow list for build query headers. The boolean value // represents whether or not it is a pattern. var allowedQueryHoisting = inclusiveRules{ - blacklist{requiredSignedHeaders}, + excludeList{requiredSignedHeaders}, patterns{"X-Amz-"}, } @@ -417,7 +418,7 @@ var SignRequestHandler = request.NamedHandler{ // request handler should only be used with the SDK's built in service client's // API operation requests. // -// This function should not be used on its on its own, but in conjunction with +// This function should not be used on its own, but in conjunction with // an AWS service client's API operation call. To sign a standalone request // not created by a service client's API operation method use the "Sign" or // "Presign" functions of the "Signer" type. diff --git a/vendor/github.com/aws/aws-sdk-go/aws/url.go b/vendor/github.com/aws/aws-sdk-go/aws/url.go index 6192b2455..fed561bd5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/url.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/url.go @@ -1,3 +1,4 @@ +//go:build go1.8 // +build go1.8 package aws diff --git a/vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go index 0210d2720..95282db03 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go @@ -1,3 +1,4 @@ +//go:build !go1.8 // +build !go1.8 package aws diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index f31a01db9..8b03158df 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.38.63" +const SDKVersion = "1.40.34" diff --git a/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go b/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go index 876dcb3fd..365345353 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go @@ -1,3 +1,4 @@ +//go:build !go1.7 // +build !go1.7 package context diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go index 25ce0fe13..1e55bbd07 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go @@ -13,17 +13,30 @@ // } // // Below is the BNF that describes this parser -// Grammar: -// stmt -> value stmt' -// stmt' -> epsilon | op stmt -// value -> number | string | boolean | quoted_string +// Grammar: +// stmt -> section | stmt' +// stmt' -> epsilon | expr +// expr -> value (stmt)* | equal_expr (stmt)* +// equal_expr -> value ( ':' | '=' ) equal_expr' +// equal_expr' -> number | string | quoted_string +// quoted_string -> " quoted_string' +// quoted_string' -> string quoted_string_end +// quoted_string_end -> " // -// section -> [ section' -// section' -> value section_close -// section_close -> ] +// section -> [ section' +// section' -> section_value section_close +// section_value -> number | string_subset | boolean | quoted_string_subset +// quoted_string_subset -> " quoted_string_subset' +// quoted_string_subset' -> string_subset quoted_string_end +// quoted_string_subset -> " +// section_close -> ] // -// SkipState will skip (NL WS)+ +// value -> number | string_subset | boolean +// string -> ? UTF-8 Code-Points except '\n' (U+000A) and '\r\n' (U+000D U+000A) ? +// string_subset -> ? Code-points excepted by <string> grammar except ':' (U+003A), '=' (U+003D), '[' (U+005B), and ']' (U+005D) ? // -// comment -> # comment' | ; comment' -// comment' -> epsilon | value +// SkipState will skip (NL WS)+ +// +// comment -> # comment' | ; comment' +// comment' -> epsilon | value package ini diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go index 8d462f77e..6e545b63b 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go @@ -1,3 +1,4 @@ +//go:build gofuzz // +build gofuzz package ini diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go index 55fa73ebc..0ba319491 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go @@ -5,9 +5,12 @@ import ( "io" ) +// ParseState represents the current state of the parser. +type ParseState uint + // State enums for the parse table const ( - InvalidState = iota + InvalidState ParseState = iota // stmt -> value stmt' StatementState // stmt' -> MarkComplete | op stmt @@ -36,8 +39,8 @@ const ( ) // parseTable is a state machine to dictate the grammar above. -var parseTable = map[ASTKind]map[TokenType]int{ - ASTKindStart: map[TokenType]int{ +var parseTable = map[ASTKind]map[TokenType]ParseState{ + ASTKindStart: { TokenLit: StatementState, TokenSep: OpenScopeState, TokenWS: SkipTokenState, @@ -45,7 +48,7 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: TerminalState, }, - ASTKindCommentStatement: map[TokenType]int{ + ASTKindCommentStatement: { TokenLit: StatementState, TokenSep: OpenScopeState, TokenWS: SkipTokenState, @@ -53,7 +56,7 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: MarkCompleteState, }, - ASTKindExpr: map[TokenType]int{ + ASTKindExpr: { TokenOp: StatementPrimeState, TokenLit: ValueState, TokenSep: OpenScopeState, @@ -62,13 +65,15 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: MarkCompleteState, }, - ASTKindEqualExpr: map[TokenType]int{ - TokenLit: ValueState, - TokenWS: SkipTokenState, - TokenNL: SkipState, - TokenNone: SkipState, + ASTKindEqualExpr: { + TokenLit: ValueState, + TokenSep: ValueState, + TokenOp: ValueState, + TokenWS: SkipTokenState, + TokenNL: SkipState, + TokenNone: SkipState, }, - ASTKindStatement: map[TokenType]int{ + ASTKindStatement: { TokenLit: SectionState, TokenSep: CloseScopeState, TokenWS: SkipTokenState, @@ -76,9 +81,9 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: MarkCompleteState, }, - ASTKindExprStatement: map[TokenType]int{ + ASTKindExprStatement: { TokenLit: ValueState, - TokenSep: OpenScopeState, + TokenSep: ValueState, TokenOp: ValueState, TokenWS: ValueState, TokenNL: MarkCompleteState, @@ -86,14 +91,14 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenNone: TerminalState, TokenComma: SkipState, }, - ASTKindSectionStatement: map[TokenType]int{ + ASTKindSectionStatement: { TokenLit: SectionState, TokenOp: SectionState, TokenSep: CloseScopeState, TokenWS: SectionState, TokenNL: SkipTokenState, }, - ASTKindCompletedSectionStatement: map[TokenType]int{ + ASTKindCompletedSectionStatement: { TokenWS: SkipTokenState, TokenNL: SkipTokenState, TokenLit: StatementState, @@ -101,7 +106,7 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: MarkCompleteState, }, - ASTKindSkipStatement: map[TokenType]int{ + ASTKindSkipStatement: { TokenLit: StatementState, TokenSep: OpenScopeState, TokenWS: SkipTokenState, @@ -205,18 +210,6 @@ loop: case ValueState: // ValueState requires the previous state to either be an equal expression // or an expression statement. - // - // This grammar occurs when the RHS is a number, word, or quoted string. - // equal_expr -> lit op equal_expr' - // equal_expr' -> number | string | quoted_string - // quoted_string -> " quoted_string' - // quoted_string' -> string quoted_string_end - // quoted_string_end -> " - // - // otherwise - // expr_stmt -> equal_expr (expr_stmt')* - // expr_stmt' -> ws S | op S | MarkComplete - // S -> equal_expr' expr_stmt' switch k.Kind { case ASTKindEqualExpr: // assigning a value to some key @@ -243,7 +236,7 @@ loop: } children[len(children)-1] = rhs - k.SetChildren(children) + root.SetChildren(children) stack.Push(k) } diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go index 94841c324..081cf4334 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go @@ -50,7 +50,10 @@ func (v *DefaultVisitor) VisitExpr(expr AST) error { rhs := children[1] - if rhs.Root.Type() != TokenLit { + // The right-hand value side the equality expression is allowed to contain '[', ']', ':', '=' in the values. + // If the token is not either a literal or one of the token types that identifies those four additional + // tokens then error. + if !(rhs.Root.Type() == TokenLit || rhs.Root.Type() == TokenOp || rhs.Root.Type() == TokenSep) { return NewParseError("unexpected token type") } diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go index 5aa9137e0..037a998c4 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go @@ -1,3 +1,4 @@ +//go:build !go1.7 // +build !go1.7 package sdkio diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go index e5f005613..65e7c60c4 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go @@ -1,3 +1,4 @@ +//go:build go1.7 // +build go1.7 package sdkio diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go index 44898eed0..a84528783 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go @@ -1,3 +1,4 @@ +//go:build go1.10 // +build go1.10 package sdkmath diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go index 810ec7f08..a3ae3e5db 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go @@ -1,3 +1,4 @@ +//go:build !go1.10 // +build !go1.10 package sdkmath diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go index f4651da2d..4bae66cee 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go @@ -1,3 +1,4 @@ +//go:build go1.6 // +build go1.6 package sdkrand diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go index b1d93a33d..3a6ab8825 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go @@ -1,3 +1,4 @@ +//go:build !go1.6 // +build !go1.6 package sdkrand diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go index 1301b149d..fb35fee5f 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go @@ -98,7 +98,7 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo // Support the ability to customize values to be marshaled as a // blob even though they were modeled as a string. Required for S3 - // API operations like SSECustomerKey is modeled as stirng but + // API operations like SSECustomerKey is modeled as string but // required to be base64 encoded in request. if field.Tag.Get("marshal-as") == "blob" { m = m.Convert(byteSliceType) diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go index 98f4caed9..d9a4e7649 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go @@ -1,6 +1,8 @@ package protocol import ( + "bytes" + "fmt" "math" "strconv" "time" @@ -19,13 +21,16 @@ const ( // Output time is intended to not contain decimals const ( // RFC 7231#section-7.1.1.1 timetamp format. e.g Tue, 29 Apr 2014 18:30:38 GMT - RFC822TimeFormat = "Mon, 2 Jan 2006 15:04:05 GMT" + RFC822TimeFormat = "Mon, 2 Jan 2006 15:04:05 GMT" + rfc822TimeFormatSingleDigitDay = "Mon, _2 Jan 2006 15:04:05 GMT" + rfc822TimeFormatSingleDigitDayTwoDigitYear = "Mon, _2 Jan 06 15:04:05 GMT" // This format is used for output time without seconds precision RFC822OutputTimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT" // RFC3339 a subset of the ISO8601 timestamp format. e.g 2014-04-29T18:30:38Z - ISO8601TimeFormat = "2006-01-02T15:04:05.999999999Z" + ISO8601TimeFormat = "2006-01-02T15:04:05.999999999Z" + iso8601TimeFormatNoZ = "2006-01-02T15:04:05.999999999" // This format is used for output time with fractional second precision up to milliseconds ISO8601OutputTimeFormat = "2006-01-02T15:04:05.999999999Z" @@ -67,10 +72,21 @@ func FormatTime(name string, t time.Time) string { // the time if it was able to be parsed, and fails otherwise. func ParseTime(formatName, value string) (time.Time, error) { switch formatName { - case RFC822TimeFormatName: - return time.Parse(RFC822TimeFormat, value) - case ISO8601TimeFormatName: - return time.Parse(ISO8601TimeFormat, value) + case RFC822TimeFormatName: // Smithy HTTPDate format + return tryParse(value, + RFC822TimeFormat, + rfc822TimeFormatSingleDigitDay, + rfc822TimeFormatSingleDigitDayTwoDigitYear, + time.RFC850, + time.ANSIC, + ) + case ISO8601TimeFormatName: // Smithy DateTime format + return tryParse(value, + ISO8601TimeFormat, + iso8601TimeFormatNoZ, + time.RFC3339Nano, + time.RFC3339, + ) case UnixTimeFormatName: v, err := strconv.ParseFloat(value, 64) _, dec := math.Modf(v) @@ -83,3 +99,36 @@ func ParseTime(formatName, value string) (time.Time, error) { panic("unknown timestamp format name, " + formatName) } } + +func tryParse(v string, formats ...string) (time.Time, error) { + var errs parseErrors + for _, f := range formats { + t, err := time.Parse(f, v) + if err != nil { + errs = append(errs, parseError{ + Format: f, + Err: err, + }) + continue + } + return t, nil + } + + return time.Time{}, fmt.Errorf("unable to parse time string, %v", errs) +} + +type parseErrors []parseError + +func (es parseErrors) Error() string { + var s bytes.Buffer + for _, e := range es { + fmt.Fprintf(&s, "\n * %q: %v", e.Format, e.Err) + } + + return "parse errors:" + s.String() +} + +type parseError struct { + Format string + Err error +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index 425ed0792..a18c8b80c 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -604,10 +604,11 @@ func (c *EC2) AllocateAddressRequest(input *AllocateAddressInput) (req *request. // AllocateAddress API operation for Amazon Elastic Compute Cloud. // -// Allocates an Elastic IP address to your account. After you allocate the Elastic -// IP address you can associate it with an instance or network interface. After -// you release an Elastic IP address, it is released to the IP address pool -// and can be allocated to a different account. +// Allocates an Elastic IP address to your Amazon Web Services account. After +// you allocate the Elastic IP address you can associate it with an instance +// or network interface. After you release an Elastic IP address, it is released +// to the IP address pool and can be allocated to a different Amazon Web Services +// account. // // You can allocate an Elastic IP address from an address pool owned by Amazon // Web Services or from an address pool created from a public IPv4 address range @@ -618,9 +619,9 @@ func (c *EC2) AllocateAddressRequest(input *AllocateAddressInput) (req *request. // // [EC2-VPC] If you release an Elastic IP address, you might be able to recover // it. You cannot recover an Elastic IP address that you released after it is -// allocated to another account. You cannot recover an Elastic IP address for -// EC2-Classic. To attempt to recover an Elastic IP address that you released, -// specify it in this operation. +// allocated to another Amazon Web Services account. You cannot recover an Elastic +// IP address for EC2-Classic. To attempt to recover an Elastic IP address that +// you released, specify it in this operation. // // An Elastic IP address is for use either in the EC2-Classic platform or in // a VPC. By default, you can allocate 5 Elastic IP addresses for EC2-Classic @@ -869,6 +870,12 @@ func (c *EC2) AssignIpv6AddressesRequest(input *AssignIpv6AddressesInput) (req * // You must specify either the IPv6 addresses or the IPv6 address count in the // request. // +// You can optionally use Prefix Delegation on the network interface. You must +// specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix Delegation +// count. For information, see Assigning prefixes to Amazon EC2 network interfaces +// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) +// in the Amazon Elastic Compute Cloud User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -962,6 +969,12 @@ func (c *EC2) AssignPrivateIpAddressesRequest(input *AssignPrivateIpAddressesInp // // You must specify either the IP addresses or the IP address count in the request. // +// You can optionally use Prefix Delegation on the network interface. You must +// specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix Delegation +// count. For information, see Assigning prefixes to Amazon EC2 network interfaces +// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) +// in the Amazon Elastic Compute Cloud User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1234,7 +1247,7 @@ func (c *EC2) AssociateDhcpOptionsRequest(input *AssociateDhcpOptionsInput) (req // its DHCP lease. You can explicitly renew the lease using the operating system // on the instance. // -// For more information, see DHCP Options Sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) +// For more information, see DHCP options sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1309,25 +1322,25 @@ func (c *EC2) AssociateEnclaveCertificateIamRoleRequest(input *AssociateEnclaveC // AssociateEnclaveCertificateIamRole API operation for Amazon Elastic Compute Cloud. // -// Associates an AWS Identity and Access Management (IAM) role with an AWS Certificate +// Associates an Identity and Access Management (IAM) role with an Certificate // Manager (ACM) certificate. This enables the certificate to be used by the // ACM for Nitro Enclaves application inside an enclave. For more information, -// see AWS Certificate Manager for Nitro Enclaves (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html) -// in the AWS Nitro Enclaves User Guide. +// see Certificate Manager for Nitro Enclaves (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html) +// in the Amazon Web Services Nitro Enclaves User Guide. // // When the IAM role is associated with the ACM certificate, the certificate, // certificate chain, and encrypted private key are placed in an Amazon S3 bucket // that only the associated IAM role can access. The private key of the certificate -// is encrypted with an AWS-managed KMS customer master (CMK) that has an attached -// attestation-based CMK policy. +// is encrypted with an Amazon Web Services managed key that has an attached +// attestation-based key policy. // // To enable the IAM role to access the Amazon S3 object, you must grant it // permission to call s3:GetObject on the Amazon S3 bucket returned by the command. -// To enable the IAM role to access the AWS KMS CMK, you must grant it permission -// to call kms:Decrypt on the AWS KMS CMK returned by the command. For more -// information, see Grant the role permission to access the certificate and -// encryption key (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy) -// in the AWS Nitro Enclaves User Guide. +// To enable the IAM role to access the KMS key, you must grant it permission +// to call kms:Decrypt on the KMS key returned by the command. For more information, +// see Grant the role permission to access the certificate and encryption key +// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy) +// in the Amazon Web Services Nitro Enclaves User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1432,6 +1445,85 @@ func (c *EC2) AssociateIamInstanceProfileWithContext(ctx aws.Context, input *Ass return out, req.Send() } +const opAssociateInstanceEventWindow = "AssociateInstanceEventWindow" + +// AssociateInstanceEventWindowRequest generates a "aws/request.Request" representing the +// client's request for the AssociateInstanceEventWindow operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AssociateInstanceEventWindow for more information on using the AssociateInstanceEventWindow +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the AssociateInstanceEventWindowRequest method. +// req, resp := client.AssociateInstanceEventWindowRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateInstanceEventWindow +func (c *EC2) AssociateInstanceEventWindowRequest(input *AssociateInstanceEventWindowInput) (req *request.Request, output *AssociateInstanceEventWindowOutput) { + op := &request.Operation{ + Name: opAssociateInstanceEventWindow, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AssociateInstanceEventWindowInput{} + } + + output = &AssociateInstanceEventWindowOutput{} + req = c.newRequest(op, input, output) + return +} + +// AssociateInstanceEventWindow API operation for Amazon Elastic Compute Cloud. +// +// Associates one or more targets with an event window. Only one type of target +// (instance IDs, Dedicated Host IDs, or tags) can be specified with an event +// window. +// +// For more information, see Define event windows for scheduled events (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation AssociateInstanceEventWindow for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateInstanceEventWindow +func (c *EC2) AssociateInstanceEventWindow(input *AssociateInstanceEventWindowInput) (*AssociateInstanceEventWindowOutput, error) { + req, out := c.AssociateInstanceEventWindowRequest(input) + return out, req.Send() +} + +// AssociateInstanceEventWindowWithContext is the same as AssociateInstanceEventWindow with the addition of +// the ability to pass a context and additional request options. +// +// See AssociateInstanceEventWindow for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) AssociateInstanceEventWindowWithContext(ctx aws.Context, input *AssociateInstanceEventWindowInput, opts ...request.Option) (*AssociateInstanceEventWindowOutput, error) { + req, out := c.AssociateInstanceEventWindowRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opAssociateRouteTable = "AssociateRouteTable" // AssociateRouteTableRequest generates a "aws/request.Request" representing the @@ -1483,7 +1575,7 @@ func (c *EC2) AssociateRouteTableRequest(input *AssociateRouteTableInput) (req * // in order to disassociate the route table later. A route table can be associated // with multiple subnets. // -// For more information, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) +// For more information, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1788,6 +1880,10 @@ func (c *EC2) AssociateTrunkInterfaceRequest(input *AssociateTrunkInterfaceInput // AssociateTrunkInterface API operation for Amazon Elastic Compute Cloud. // +// +// This API action is currently in limited preview only. If you are interested +// in using this feature, contact your account manager. +// // Associates a branch network interface with a trunk network interface. // // Before you create the association, run the create-network-interface (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html) @@ -1795,9 +1891,6 @@ func (c *EC2) AssociateTrunkInterfaceRequest(input *AssociateTrunkInterfaceInput // interface for each branch network interface that you want to associate with // the trunk network interface. // -// For more information, see Network interface trunking (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/eni-trunking.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1880,7 +1973,7 @@ func (c *EC2) AssociateVpcCidrBlockRequest(input *AssociateVpcCidrBlockInput) (r // an IPv6 pool, or an Amazon-provided IPv6 CIDR block. // // For more information about associating CIDR blocks with your VPC and applicable -// restrictions, see VPC and Subnet Sizing (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing) +// restrictions, see VPC and subnet sizing (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2200,13 +2293,14 @@ func (c *EC2) AttachVolumeRequest(input *AttachVolumeInput) (req *request.Reques // in the Amazon Elastic Compute Cloud User Guide. // // After you attach an EBS volume, you must make it available. For more information, -// see Making an EBS volume available for use (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.html). +// see Make an EBS volume available for use (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.html). // -// If a volume has an AWS Marketplace product code: +// If a volume has an Amazon Web Services Marketplace product code: // // * The volume can be attached only to a stopped instance. // -// * AWS Marketplace product codes are copied from the volume to the instance. +// * Amazon Web Services Marketplace product codes are copied from the volume +// to the instance. // // * You must be subscribed to the product. // @@ -2214,7 +2308,7 @@ func (c *EC2) AttachVolumeRequest(input *AttachVolumeInput) (req *request.Reques // the product. For example, you can't detach a volume from a Windows instance // and attach it to a Linux instance. // -// For more information, see Attaching Amazon EBS volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-attaching-volume.html) +// For more information, see Attach an Amazon EBS volume to an instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-attaching-volume.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2439,18 +2533,17 @@ func (c *EC2) AuthorizeSecurityGroupEgressRequest(input *AuthorizeSecurityGroupE output = &AuthorizeSecurityGroupEgressOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(ec2query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // AuthorizeSecurityGroupEgress API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Adds the specified egress rules to a security group for use with -// a VPC. +// [VPC only] Adds the specified outbound (egress) rules to a security group +// for use with a VPC. // // An outbound rule permits instances to send traffic to the specified IPv4 -// or IPv6 CIDR address ranges, or to the instances associated with the specified -// destination security groups. +// or IPv6 CIDR address ranges, or to the instances that are associated with +// the specified destination security groups. // // You specify a protocol for each rule (for example, TCP). For the TCP and // UDP protocols, you must also specify the destination port or port range. @@ -2460,8 +2553,7 @@ func (c *EC2) AuthorizeSecurityGroupEgressRequest(input *AuthorizeSecurityGroupE // Rule changes are propagated to affected instances as quickly as possible. // However, a small delay might occur. // -// For more information about VPC security group limits, see Amazon VPC Limits -// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). +// For information about VPC security group quotas, see Amazon VPC quotas (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2530,17 +2622,16 @@ func (c *EC2) AuthorizeSecurityGroupIngressRequest(input *AuthorizeSecurityGroup output = &AuthorizeSecurityGroupIngressOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(ec2query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // AuthorizeSecurityGroupIngress API operation for Amazon Elastic Compute Cloud. // -// Adds the specified ingress rules to a security group. +// Adds the specified inbound (ingress) rules to a security group. // // An inbound rule permits instances to receive traffic from the specified IPv4 -// or IPv6 CIDR address ranges, or from the instances associated with the specified -// destination security groups. +// or IPv6 CIDR address range, or from the instances that are associated with +// the specified destination security groups. // // You specify a protocol for each rule (for example, TCP). For TCP and UDP, // you must also specify the destination port or port range. For ICMP/ICMPv6, @@ -2550,7 +2641,7 @@ func (c *EC2) AuthorizeSecurityGroupIngressRequest(input *AuthorizeSecurityGroup // Rule changes are propagated to instances within the security group as quickly // as possible. However, a small delay might occur. // -// For more information about VPC security group limits, see Amazon VPC Limits +// For more information about VPC security group quotas, see Amazon VPC quotas // (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3587,10 +3678,10 @@ func (c *EC2) CopySnapshotRequest(input *CopySnapshotInput) (req *request.Reques // When copying snapshots to a Region, copies of encrypted EBS snapshots remain // encrypted. Copies of unencrypted snapshots remain unencrypted, unless you // enable encryption for the snapshot copy operation. By default, encrypted -// snapshot copies use the default AWS Key Management Service (AWS KMS) customer -// master key (CMK); however, you can specify a different CMK. To copy an encrypted -// snapshot that has been shared from another account, you must have permissions -// for the CMK used to encrypt the snapshot. +// snapshot copies use the default Key Management Service (KMS) KMS key; however, +// you can specify a different KMS key. To copy an encrypted snapshot that has +// been shared from another account, you must have permissions for the KMS key +// used to encrypt the snapshot. // // Snapshots copied to an Outpost are encrypted by default using the default // encryption key for the Region, or a different key that you specify in the @@ -3601,7 +3692,7 @@ func (c *EC2) CopySnapshotRequest(input *CopySnapshotInput) (req *request.Reques // Snapshots created by copying another snapshot have an arbitrary volume ID // that should not be used for any purpose. // -// For more information, see Copying an Amazon EBS snapshot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-copy-snapshot.html) +// For more information, see Copy an Amazon EBS snapshot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-copy-snapshot.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3775,7 +3866,7 @@ func (c *EC2) CreateCarrierGatewayRequest(input *CreateCarrierGatewayInput) (req // // Creates a carrier gateway. For more information about carrier gateways, see // Carrier gateways (https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html#wavelength-carrier-gateway) -// in the AWS Wavelength Developer Guide. +// in the Amazon Web Services Wavelength Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4107,7 +4198,7 @@ func (c *EC2) CreateDefaultSubnetRequest(input *CreateDefaultSubnetInput) (req * // // Creates a default subnet with a size /20 IPv4 CIDR block in the specified // Availability Zone in your default VPC. You can have only one default subnet -// per Availability Zone. For more information, see Creating a Default Subnet +// per Availability Zone. For more information, see Creating a default subnet // (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html#create-default-subnet) // in the Amazon Virtual Private Cloud User Guide. // @@ -4185,7 +4276,7 @@ func (c *EC2) CreateDefaultVpcRequest(input *CreateDefaultVpcInput) (req *reques // // Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet // in each Availability Zone. For more information about the components of a -// default VPC, see Default VPC and Default Subnets (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html) +// default VPC, see Default VPC and default subnets (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html) // in the Amazon Virtual Private Cloud User Guide. You cannot specify the components // of the default VPC yourself. // @@ -4306,7 +4397,7 @@ func (c *EC2) CreateDhcpOptionsRequest(input *CreateDhcpOptionsInput) (req *requ // only a DNS server that we provide (AmazonProvidedDNS). If you create a set // of options, and if your VPC has an internet gateway, make sure to set the // domain-name-servers option either to AmazonProvidedDNS or to a domain name -// server of your choice. For more information, see DHCP Options Sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) +// server of your choice. For more information, see DHCP options sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4543,7 +4634,7 @@ func (c *EC2) CreateFlowLogsRequest(input *CreateFlowLogsInput) (req *request.Re // // Flow log data for a monitored network interface is recorded as flow log records, // which are log events consisting of fields that describe the traffic flow. -// For more information, see Flow Log Records (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records) +// For more information, see Flow log records (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records) // in the Amazon Virtual Private Cloud User Guide. // // When publishing to CloudWatch Logs, flow log records are published to a log @@ -4747,6 +4838,103 @@ func (c *EC2) CreateImageWithContext(ctx aws.Context, input *CreateImageInput, o return out, req.Send() } +const opCreateInstanceEventWindow = "CreateInstanceEventWindow" + +// CreateInstanceEventWindowRequest generates a "aws/request.Request" representing the +// client's request for the CreateInstanceEventWindow operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateInstanceEventWindow for more information on using the CreateInstanceEventWindow +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateInstanceEventWindowRequest method. +// req, resp := client.CreateInstanceEventWindowRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateInstanceEventWindow +func (c *EC2) CreateInstanceEventWindowRequest(input *CreateInstanceEventWindowInput) (req *request.Request, output *CreateInstanceEventWindowOutput) { + op := &request.Operation{ + Name: opCreateInstanceEventWindow, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateInstanceEventWindowInput{} + } + + output = &CreateInstanceEventWindowOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateInstanceEventWindow API operation for Amazon Elastic Compute Cloud. +// +// Creates an event window in which scheduled events for the associated Amazon +// EC2 instances can run. +// +// You can define either a set of time ranges or a cron expression when creating +// the event window, but not both. All event window times are in UTC. +// +// You can create up to 200 event windows per Amazon Web Services Region. +// +// When you create the event window, targets (instance IDs, Dedicated Host IDs, +// or tags) are not yet associated with it. To ensure that the event window +// can be used, you must associate one or more targets with it by using the +// AssociateInstanceEventWindow API. +// +// Event windows are applicable only for scheduled events that stop, reboot, +// or terminate instances. +// +// Event windows are not applicable for: +// +// * Expedited scheduled events and network maintenance events. +// +// * Unscheduled maintenance such as AutoRecovery and unplanned reboots. +// +// For more information, see Define event windows for scheduled events (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateInstanceEventWindow for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateInstanceEventWindow +func (c *EC2) CreateInstanceEventWindow(input *CreateInstanceEventWindowInput) (*CreateInstanceEventWindowOutput, error) { + req, out := c.CreateInstanceEventWindowRequest(input) + return out, req.Send() +} + +// CreateInstanceEventWindowWithContext is the same as CreateInstanceEventWindow with the addition of +// the ability to pass a context and additional request options. +// +// See CreateInstanceEventWindow for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateInstanceEventWindowWithContext(ctx aws.Context, input *CreateInstanceEventWindowInput, opts ...request.Option) (*CreateInstanceEventWindowOutput, error) { + req, out := c.CreateInstanceEventWindowRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateInstanceExportTask = "CreateInstanceExportTask" // CreateInstanceExportTaskRequest generates a "aws/request.Request" representing the @@ -4948,18 +5136,19 @@ func (c *EC2) CreateKeyPairRequest(input *CreateKeyPairInput) (req *request.Requ // CreateKeyPair API operation for Amazon Elastic Compute Cloud. // -// Creates a 2048-bit RSA key pair with the specified name. Amazon EC2 stores -// the public key and displays the private key for you to save to a file. The -// private key is returned as an unencrypted PEM encoded PKCS#1 private key. -// If a key with the specified name already exists, Amazon EC2 returns an error. +// Creates an ED25519 or 2048-bit RSA key pair with the specified name. Amazon +// EC2 stores the public key and displays the private key for you to save to +// a file. The private key is returned as an unencrypted PEM encoded PKCS#1 +// private key. If a key with the specified name already exists, Amazon EC2 +// returns an error. // -// You can have up to five thousand key pairs per Region. +// The key pair returned to you is available only in the Amazon Web Services +// Region in which you create it. If you prefer, you can create your own key +// pair using a third-party tool and upload it to any Region using ImportKeyPair. // -// The key pair returned to you is available only in the Region in which you -// create it. If you prefer, you can create your own key pair using a third-party -// tool and upload it to any Region using ImportKeyPair. +// You can have up to 5,000 key pairs per Amazon Web Services Region. // -// For more information, see Key Pairs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) +// For more information, see Amazon EC2 key pairs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5434,7 +5623,7 @@ func (c *EC2) CreateNatGatewayRequest(input *CreateNatGatewayInput) (req *reques // IPv4 addresses, preserving private IPv4 addresses, and communicating between // overlapping networks. // -// For more information, see NAT Gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) +// For more information, see NAT gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5837,8 +6026,8 @@ func (c *EC2) CreateNetworkInterfacePermissionRequest(input *CreateNetworkInterf // Grants an Amazon Web Services-authorized account permission to attach the // specified network interface to an instance in their account. // -// You can grant permission to a single account only, and only one account at -// a time. +// You can grant permission to a single Amazon Web Services account only, and +// only one account at a time. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6001,7 +6190,7 @@ func (c *EC2) CreateReplaceRootVolumeTaskRequest(input *CreateReplaceRootVolumeT // volume can either be restored to its initial launch state, or it can be restored // using a specific snapshot. // -// For more information, see Replace a root volume (https://docs.aws.amazon.com/) +// For more information, see Replace a root volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -6272,7 +6461,7 @@ func (c *EC2) CreateRouteRequest(input *CreateRouteInput) (req *request.Request, // route in the list covers a smaller number of IP addresses and is therefore // more specific, so we use that route to determine where to target the traffic. // -// For more information about route tables, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) +// For more information about route tables, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -6350,7 +6539,7 @@ func (c *EC2) CreateRouteTableRequest(input *CreateRouteTableInput) (req *reques // Creates a route table for the specified VPC. After you create a route table, // you can add routes and associate the table with a subnet. // -// For more information, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) +// For more information, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -6428,9 +6617,9 @@ func (c *EC2) CreateSecurityGroupRequest(input *CreateSecurityGroupInput) (req * // Creates a security group. // // A security group acts as a virtual firewall for your instance to control -// inbound and outbound traffic. For more information, see Amazon EC2 Security -// Groups (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) -// in the Amazon Elastic Compute Cloud User Guide and Security Groups for Your +// inbound and outbound traffic. For more information, see Amazon EC2 security +// groups (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) +// in the Amazon Elastic Compute Cloud User Guide and Security groups for your // VPC (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html) // in the Amazon Virtual Private Cloud User Guide. // @@ -6534,28 +6723,29 @@ func (c *EC2) CreateSnapshotRequest(input *CreateSnapshotInput) (req *request.Re // an Outpost, the snapshot can be stored on the same Outpost as the volume, // or in the Region for that Outpost. // -// When a snapshot is created, any AWS Marketplace product codes that are associated -// with the source volume are propagated to the snapshot. +// When a snapshot is created, any Amazon Web Services Marketplace product codes +// that are associated with the source volume are propagated to the snapshot. // // You can take a snapshot of an attached volume that is in use. However, snapshots -// only capture data that has been written to your EBS volume at the time the -// snapshot command is issued; this might exclude any data that has been cached -// by any applications or the operating system. If you can pause any file systems -// on the volume long enough to take a snapshot, your snapshot should be complete. -// However, if you cannot pause all file writes to the volume, you should unmount -// the volume from within the instance, issue the snapshot command, and then -// remount the volume to ensure a consistent and complete snapshot. You may -// remount and use your volume while the snapshot status is pending. +// only capture data that has been written to your Amazon EBS volume at the +// time the snapshot command is issued; this might exclude any data that has +// been cached by any applications or the operating system. If you can pause +// any file systems on the volume long enough to take a snapshot, your snapshot +// should be complete. However, if you cannot pause all file writes to the volume, +// you should unmount the volume from within the instance, issue the snapshot +// command, and then remount the volume to ensure a consistent and complete +// snapshot. You may remount and use your volume while the snapshot status is +// pending. // -// To create a snapshot for EBS volumes that serve as root devices, you should -// stop the instance before taking the snapshot. +// To create a snapshot for Amazon EBS volumes that serve as root devices, you +// should stop the instance before taking the snapshot. // // Snapshots that are taken from encrypted volumes are automatically encrypted. // Volumes that are created from encrypted snapshots are also automatically // encrypted. Your encrypted volumes and any associated snapshots always remain // protected. // -// You can tag your snapshots during creation. For more information, see Tagging +// You can tag your snapshots during creation. For more information, see Tag // your Amazon EC2 resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) // in the Amazon Elastic Compute Cloud User Guide. // @@ -6719,8 +6909,8 @@ func (c *EC2) CreateSpotDatafeedSubscriptionRequest(input *CreateSpotDatafeedSub // CreateSpotDatafeedSubscription API operation for Amazon Elastic Compute Cloud. // // Creates a data feed for Spot Instances, enabling you to view Spot Instance -// usage logs. You can create one data feed per AWS account. For more information, -// see Spot Instance data feed (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html) +// usage logs. You can create one data feed per Amazon Web Services account. +// For more information, see Spot Instance data feed (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html) // in the Amazon EC2 User Guide for Linux Instances. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -6886,8 +7076,8 @@ func (c *EC2) CreateSubnetRequest(input *CreateSubnetInput) (req *request.Reques // If you've associated an IPv6 CIDR block with your VPC, you can create a subnet // with an IPv6 CIDR block that uses a /64 prefix length. // -// AWS reserves both the first four and the last IPv4 address in each subnet's -// CIDR block. They're not available for use. +// Amazon Web Services reserves both the first four and the last IPv4 address +// in each subnet's CIDR block. They're not available for use. // // If you add more than one subnet to a VPC, they're set up in a star topology // with a logical router in the middle. @@ -6896,7 +7086,7 @@ func (c *EC2) CreateSubnetRequest(input *CreateSubnetInput) (req *request.Reques // It's therefore possible to have a subnet with no running instances (they're // all stopped), but no remaining IP addresses available. // -// For more information about subnets, see Your VPC and Subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) +// For more information about subnets, see Your VPC and subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -6927,6 +7117,82 @@ func (c *EC2) CreateSubnetWithContext(ctx aws.Context, input *CreateSubnetInput, return out, req.Send() } +const opCreateSubnetCidrReservation = "CreateSubnetCidrReservation" + +// CreateSubnetCidrReservationRequest generates a "aws/request.Request" representing the +// client's request for the CreateSubnetCidrReservation operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateSubnetCidrReservation for more information on using the CreateSubnetCidrReservation +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateSubnetCidrReservationRequest method. +// req, resp := client.CreateSubnetCidrReservationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSubnetCidrReservation +func (c *EC2) CreateSubnetCidrReservationRequest(input *CreateSubnetCidrReservationInput) (req *request.Request, output *CreateSubnetCidrReservationOutput) { + op := &request.Operation{ + Name: opCreateSubnetCidrReservation, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateSubnetCidrReservationInput{} + } + + output = &CreateSubnetCidrReservationOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateSubnetCidrReservation API operation for Amazon Elastic Compute Cloud. +// +// Creates a subnet CIDR reservation. For information about subnet CIDR reservations, +// see Subnet CIDR reservations (https://docs.aws.amazon.com/vpc/latest/userguide/subnet-cidr-reservation.html) +// in the Amazon Virtual Private Cloud User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateSubnetCidrReservation for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSubnetCidrReservation +func (c *EC2) CreateSubnetCidrReservation(input *CreateSubnetCidrReservationInput) (*CreateSubnetCidrReservationOutput, error) { + req, out := c.CreateSubnetCidrReservationRequest(input) + return out, req.Send() +} + +// CreateSubnetCidrReservationWithContext is the same as CreateSubnetCidrReservation with the addition of +// the ability to pass a context and additional request options. +// +// See CreateSubnetCidrReservation for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateSubnetCidrReservationWithContext(ctx aws.Context, input *CreateSubnetCidrReservationInput, opts ...request.Option) (*CreateSubnetCidrReservationOutput, error) { + req, out := c.CreateSubnetCidrReservationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateTags = "CreateTags" // CreateTagsRequest generates a "aws/request.Request" representing the @@ -7482,8 +7748,8 @@ func (c *EC2) CreateTransitGatewayConnectRequest(input *CreateTransitGatewayConn // A Connect attachment is a GRE-based tunnel attachment that you can use to // establish a connection between a transit gateway and an appliance. // -// A Connect attachment uses an existing VPC or AWS Direct Connect attachment -// as the underlying transport mechanism. +// A Connect attachment uses an existing VPC or Amazon Web Services Direct Connect +// attachment as the underlying transport mechanism. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7719,7 +7985,7 @@ func (c *EC2) CreateTransitGatewayPeeringAttachmentRequest(input *CreateTransitG // Requests a transit gateway peering attachment between the specified transit // gateway (requester) and a peer transit gateway (accepter). The transit gateways // must be in different Regions. The peer transit gateway can be in your account -// or a different AWS account. +// or a different Amazon Web Services account. // // After you create the peering attachment, the owner of the accepter transit // gateway must accept the attachment request. @@ -8104,8 +8370,8 @@ func (c *EC2) CreateVolumeRequest(input *CreateVolumeInput) (req *request.Reques // Zone. // // You can create a new empty volume or restore a volume from an EBS snapshot. -// Any AWS Marketplace product codes from the snapshot are propagated to the -// volume. +// Any Amazon Web Services Marketplace product codes from the snapshot are propagated +// to the volume. // // You can create encrypted volumes. Encrypted volumes must be attached to instances // that support Amazon EBS encryption. Volumes that are created from encrypted @@ -8113,11 +8379,11 @@ func (c *EC2) CreateVolumeRequest(input *CreateVolumeInput) (req *request.Reques // EBS encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) // in the Amazon Elastic Compute Cloud User Guide. // -// You can tag your volumes during creation. For more information, see Tagging -// your Amazon EC2 resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) +// You can tag your volumes during creation. For more information, see Tag your +// Amazon EC2 resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) // in the Amazon Elastic Compute Cloud User Guide. // -// For more information, see Creating an Amazon EBS volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-volume.html) +// For more information, see Create an Amazon EBS volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-volume.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -8195,7 +8461,7 @@ func (c *EC2) CreateVpcRequest(input *CreateVpcInput) (req *request.Request, out // Creates a VPC with the specified IPv4 CIDR block. The smallest VPC you can // create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 // netmask (65,536 IPv4 addresses). For more information about how large to -// make your VPC, see Your VPC and Subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) +// make your VPC, see Your VPC and subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) // in the Amazon Virtual Private Cloud User Guide. // // You can optionally request an IPv6 CIDR block for the VPC. You can request @@ -8205,7 +8471,7 @@ func (c *EC2) CreateVpcRequest(input *CreateVpcInput) (req *request.Request, out // // By default, each instance you launch in the VPC has the default DHCP options, // which include only a default DNS server that we provide (AmazonProvidedDNS). -// For more information, see DHCP Options Sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) +// For more information, see DHCP options sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) // in the Amazon Virtual Private Cloud User Guide. // // You can specify the instance tenancy value for the VPC when you create it. @@ -8554,9 +8820,9 @@ func (c *EC2) CreateVpcPeeringConnectionRequest(input *CreateVpcPeeringConnectio // // Requests a VPC peering connection between two VPCs: a requester VPC that // you own and an accepter VPC with which to create the connection. The accepter -// VPC can belong to another AWS account and can be in a different Region to -// the requester VPC. The requester VPC and accepter VPC cannot have overlapping -// CIDR blocks. +// VPC can belong to another Amazon Web Services account and can be in a different +// Region to the requester VPC. The requester VPC and accepter VPC cannot have +// overlapping CIDR blocks. // // Limitations and rules apply to a VPC peering connection. For more information, // see the limitations (https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations) @@ -9554,6 +9820,83 @@ func (c *EC2) DeleteFpgaImageWithContext(ctx aws.Context, input *DeleteFpgaImage return out, req.Send() } +const opDeleteInstanceEventWindow = "DeleteInstanceEventWindow" + +// DeleteInstanceEventWindowRequest generates a "aws/request.Request" representing the +// client's request for the DeleteInstanceEventWindow operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteInstanceEventWindow for more information on using the DeleteInstanceEventWindow +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteInstanceEventWindowRequest method. +// req, resp := client.DeleteInstanceEventWindowRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteInstanceEventWindow +func (c *EC2) DeleteInstanceEventWindowRequest(input *DeleteInstanceEventWindowInput) (req *request.Request, output *DeleteInstanceEventWindowOutput) { + op := &request.Operation{ + Name: opDeleteInstanceEventWindow, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteInstanceEventWindowInput{} + } + + output = &DeleteInstanceEventWindowOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteInstanceEventWindow API operation for Amazon Elastic Compute Cloud. +// +// Deletes the specified event window. +// +// For more information, see Define event windows for scheduled events (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteInstanceEventWindow for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteInstanceEventWindow +func (c *EC2) DeleteInstanceEventWindow(input *DeleteInstanceEventWindowInput) (*DeleteInstanceEventWindowOutput, error) { + req, out := c.DeleteInstanceEventWindowRequest(input) + return out, req.Send() +} + +// DeleteInstanceEventWindowWithContext is the same as DeleteInstanceEventWindow with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteInstanceEventWindow for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteInstanceEventWindowWithContext(ctx aws.Context, input *DeleteInstanceEventWindowInput, opts ...request.Option) (*DeleteInstanceEventWindowOutput, error) { + req, out := c.DeleteInstanceEventWindowRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteInternetGateway = "DeleteInternetGateway" // DeleteInternetGatewayRequest generates a "aws/request.Request" representing the @@ -11051,7 +11394,7 @@ func (c *EC2) DeleteSnapshotRequest(input *DeleteSnapshotInput) (req *request.Re // a registered AMI. You must first de-register the AMI before you can delete // the snapshot. // -// For more information, see Deleting an Amazon EBS snapshot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-snapshot.html) +// For more information, see Delete an Amazon EBS snapshot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-snapshot.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -11233,6 +11576,80 @@ func (c *EC2) DeleteSubnetWithContext(ctx aws.Context, input *DeleteSubnetInput, return out, req.Send() } +const opDeleteSubnetCidrReservation = "DeleteSubnetCidrReservation" + +// DeleteSubnetCidrReservationRequest generates a "aws/request.Request" representing the +// client's request for the DeleteSubnetCidrReservation operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteSubnetCidrReservation for more information on using the DeleteSubnetCidrReservation +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteSubnetCidrReservationRequest method. +// req, resp := client.DeleteSubnetCidrReservationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteSubnetCidrReservation +func (c *EC2) DeleteSubnetCidrReservationRequest(input *DeleteSubnetCidrReservationInput) (req *request.Request, output *DeleteSubnetCidrReservationOutput) { + op := &request.Operation{ + Name: opDeleteSubnetCidrReservation, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteSubnetCidrReservationInput{} + } + + output = &DeleteSubnetCidrReservationOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteSubnetCidrReservation API operation for Amazon Elastic Compute Cloud. +// +// Deletes a subnet CIDR reservation. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteSubnetCidrReservation for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteSubnetCidrReservation +func (c *EC2) DeleteSubnetCidrReservation(input *DeleteSubnetCidrReservationInput) (*DeleteSubnetCidrReservationOutput, error) { + req, out := c.DeleteSubnetCidrReservationRequest(input) + return out, req.Send() +} + +// DeleteSubnetCidrReservationWithContext is the same as DeleteSubnetCidrReservation with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteSubnetCidrReservation for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteSubnetCidrReservationWithContext(ctx aws.Context, input *DeleteSubnetCidrReservationInput, opts ...request.Option) (*DeleteSubnetCidrReservationOutput, error) { + req, out := c.DeleteSubnetCidrReservationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteTags = "DeleteTags" // DeleteTagsRequest generates a "aws/request.Request" representing the @@ -12334,7 +12751,7 @@ func (c *EC2) DeleteVolumeRequest(input *DeleteVolumeInput) (req *request.Reques // // The volume can remain in the deleting state for several minutes. // -// For more information, see Deleting an Amazon EBS volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-volume.html) +// For more information, see Delete an Amazon EBS volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-volume.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -13217,6 +13634,8 @@ func (c *EC2) DeregisterInstanceEventNotificationAttributesRequest(input *Deregi // DeregisterInstanceEventNotificationAttributes API operation for Amazon Elastic Compute Cloud. // +// c +// // Deregisters tag keys to prevent tags that have the specified tag keys from // being included in scheduled event notifications for resources in the Region. // @@ -14136,7 +14555,8 @@ func (c *EC2) DescribeCapacityReservationsRequest(input *DescribeCapacityReserva // DescribeCapacityReservations API operation for Amazon Elastic Compute Cloud. // // Describes one or more of your Capacity Reservations. The results describe -// only the Capacity Reservations in the AWS Region that you're currently using. +// only the Capacity Reservations in the Amazon Web Services Region that you're +// currently using. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -15486,7 +15906,7 @@ func (c *EC2) DescribeDhcpOptionsRequest(input *DescribeDhcpOptionsInput) (req * // // Describes one or more of your DHCP options sets. // -// For more information, see DHCP Options Sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) +// For more information, see DHCP options sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -18205,6 +18625,148 @@ func (c *EC2) DescribeInstanceEventNotificationAttributesWithContext(ctx aws.Con return out, req.Send() } +const opDescribeInstanceEventWindows = "DescribeInstanceEventWindows" + +// DescribeInstanceEventWindowsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeInstanceEventWindows operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeInstanceEventWindows for more information on using the DescribeInstanceEventWindows +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeInstanceEventWindowsRequest method. +// req, resp := client.DescribeInstanceEventWindowsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceEventWindows +func (c *EC2) DescribeInstanceEventWindowsRequest(input *DescribeInstanceEventWindowsInput) (req *request.Request, output *DescribeInstanceEventWindowsOutput) { + op := &request.Operation{ + Name: opDescribeInstanceEventWindows, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeInstanceEventWindowsInput{} + } + + output = &DescribeInstanceEventWindowsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeInstanceEventWindows API operation for Amazon Elastic Compute Cloud. +// +// Describes the specified event windows or all event windows. +// +// If you specify event window IDs, the output includes information for only +// the specified event windows. If you specify filters, the output includes +// information for only those event windows that meet the filter criteria. If +// you do not specify event windows IDs or filters, the output includes information +// for all event windows, which can affect performance. We recommend that you +// use pagination to ensure that the operation returns quickly and successfully. +// +// For more information, see Define event windows for scheduled events (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeInstanceEventWindows for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceEventWindows +func (c *EC2) DescribeInstanceEventWindows(input *DescribeInstanceEventWindowsInput) (*DescribeInstanceEventWindowsOutput, error) { + req, out := c.DescribeInstanceEventWindowsRequest(input) + return out, req.Send() +} + +// DescribeInstanceEventWindowsWithContext is the same as DescribeInstanceEventWindows with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeInstanceEventWindows for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeInstanceEventWindowsWithContext(ctx aws.Context, input *DescribeInstanceEventWindowsInput, opts ...request.Option) (*DescribeInstanceEventWindowsOutput, error) { + req, out := c.DescribeInstanceEventWindowsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeInstanceEventWindowsPages iterates over the pages of a DescribeInstanceEventWindows operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeInstanceEventWindows method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeInstanceEventWindows operation. +// pageNum := 0 +// err := client.DescribeInstanceEventWindowsPages(params, +// func(page *ec2.DescribeInstanceEventWindowsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeInstanceEventWindowsPages(input *DescribeInstanceEventWindowsInput, fn func(*DescribeInstanceEventWindowsOutput, bool) bool) error { + return c.DescribeInstanceEventWindowsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeInstanceEventWindowsPagesWithContext same as DescribeInstanceEventWindowsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeInstanceEventWindowsPagesWithContext(ctx aws.Context, input *DescribeInstanceEventWindowsInput, fn func(*DescribeInstanceEventWindowsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeInstanceEventWindowsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeInstanceEventWindowsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeInstanceEventWindowsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeInstanceStatus = "DescribeInstanceStatus" // DescribeInstanceStatusRequest generates a "aws/request.Request" representing the @@ -19086,7 +19648,7 @@ func (c *EC2) DescribeKeyPairsRequest(input *DescribeKeyPairsInput) (req *reques // // Describes the specified key pairs or all of your key pairs. // -// For more information about key pairs, see Key Pairs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) +// For more information about key pairs, see Amazon EC2 key pairs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -21941,8 +22503,8 @@ func (c *EC2) DescribeReplaceRootVolumeTasksRequest(input *DescribeReplaceRootVo // DescribeReplaceRootVolumeTasks API operation for Amazon Elastic Compute Cloud. // // Describes a root volume replacement task. For more information, see Replace -// a root volume (https://docs.aws.amazon.com/) in the Amazon Elastic Compute -// Cloud User Guide. +// a root volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root) +// in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -22534,7 +23096,7 @@ func (c *EC2) DescribeRouteTablesRequest(input *DescribeRouteTablesInput) (req * // with the main route table. This command does not return the subnet ID for // implicit associations. // -// For more information, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) +// For more information, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -22964,6 +23526,138 @@ func (c *EC2) DescribeSecurityGroupReferencesWithContext(ctx aws.Context, input return out, req.Send() } +const opDescribeSecurityGroupRules = "DescribeSecurityGroupRules" + +// DescribeSecurityGroupRulesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeSecurityGroupRules operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeSecurityGroupRules for more information on using the DescribeSecurityGroupRules +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeSecurityGroupRulesRequest method. +// req, resp := client.DescribeSecurityGroupRulesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSecurityGroupRules +func (c *EC2) DescribeSecurityGroupRulesRequest(input *DescribeSecurityGroupRulesInput) (req *request.Request, output *DescribeSecurityGroupRulesOutput) { + op := &request.Operation{ + Name: opDescribeSecurityGroupRules, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeSecurityGroupRulesInput{} + } + + output = &DescribeSecurityGroupRulesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeSecurityGroupRules API operation for Amazon Elastic Compute Cloud. +// +// Describes one or more of your security group rules. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeSecurityGroupRules for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSecurityGroupRules +func (c *EC2) DescribeSecurityGroupRules(input *DescribeSecurityGroupRulesInput) (*DescribeSecurityGroupRulesOutput, error) { + req, out := c.DescribeSecurityGroupRulesRequest(input) + return out, req.Send() +} + +// DescribeSecurityGroupRulesWithContext is the same as DescribeSecurityGroupRules with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeSecurityGroupRules for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeSecurityGroupRulesWithContext(ctx aws.Context, input *DescribeSecurityGroupRulesInput, opts ...request.Option) (*DescribeSecurityGroupRulesOutput, error) { + req, out := c.DescribeSecurityGroupRulesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeSecurityGroupRulesPages iterates over the pages of a DescribeSecurityGroupRules operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeSecurityGroupRules method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeSecurityGroupRules operation. +// pageNum := 0 +// err := client.DescribeSecurityGroupRulesPages(params, +// func(page *ec2.DescribeSecurityGroupRulesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeSecurityGroupRulesPages(input *DescribeSecurityGroupRulesInput, fn func(*DescribeSecurityGroupRulesOutput, bool) bool) error { + return c.DescribeSecurityGroupRulesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeSecurityGroupRulesPagesWithContext same as DescribeSecurityGroupRulesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeSecurityGroupRulesPagesWithContext(ctx aws.Context, input *DescribeSecurityGroupRulesInput, fn func(*DescribeSecurityGroupRulesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeSecurityGroupRulesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeSecurityGroupRulesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeSecurityGroupRulesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeSecurityGroups = "DescribeSecurityGroups" // DescribeSecurityGroupsRequest generates a "aws/request.Request" representing the @@ -23017,9 +23711,9 @@ func (c *EC2) DescribeSecurityGroupsRequest(input *DescribeSecurityGroupsInput) // Describes the specified security groups or all of your security groups. // // A security group is for use with instances either in the EC2-Classic platform -// or in a specific VPC. For more information, see Amazon EC2 Security Groups +// or in a specific VPC. For more information, see Amazon EC2 security groups // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) -// in the Amazon Elastic Compute Cloud User Guide and Security Groups for Your +// in the Amazon Elastic Compute Cloud User Guide and Security groups for your // VPC (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html) // in the Amazon Virtual Private Cloud User Guide. // @@ -23235,25 +23929,25 @@ func (c *EC2) DescribeSnapshotsRequest(input *DescribeSnapshotsInput) (req *requ // snapshots available to you. // // The snapshots available to you include public snapshots, private snapshots -// that you own, and private snapshots owned by other AWS accounts for which -// you have explicit create volume permissions. +// that you own, and private snapshots owned by other Amazon Web Services accounts +// for which you have explicit create volume permissions. // // The create volume permissions fall into the following categories: // // * public: The owner of the snapshot granted create volume permissions -// for the snapshot to the all group. All AWS accounts have create volume -// permissions for these snapshots. +// for the snapshot to the all group. All Amazon Web Services accounts have +// create volume permissions for these snapshots. // // * explicit: The owner of the snapshot granted create volume permissions -// to a specific AWS account. +// to a specific Amazon Web Services account. // -// * implicit: An AWS account has implicit create volume permissions for -// all snapshots it owns. +// * implicit: An Amazon Web Services account has implicit create volume +// permissions for all snapshots it owns. // // The list of snapshots returned can be filtered by specifying snapshot IDs, -// snapshot owners, or AWS accounts with create volume permissions. If no options -// are specified, Amazon EC2 returns all snapshots for which you have create -// volume permissions. +// snapshot owners, or Amazon Web Services accounts with create volume permissions. +// If no options are specified, Amazon EC2 returns all snapshots for which you +// have create volume permissions. // // If you specify one or more snapshot IDs, only snapshots that have the specified // IDs are returned. If you specify an invalid snapshot ID, an error is returned. @@ -23262,13 +23956,14 @@ func (c *EC2) DescribeSnapshotsRequest(input *DescribeSnapshotsInput) (req *requ // // If you specify one or more snapshot owners using the OwnerIds option, only // snapshots from the specified owners and for which you have access are returned. -// The results can include the AWS account IDs of the specified owners, amazon -// for snapshots owned by Amazon, or self for snapshots that you own. +// The results can include the Amazon Web Services account IDs of the specified +// owners, amazon for snapshots owned by Amazon, or self for snapshots that +// you own. // // If you specify a list of restorable users, only snapshots with create snapshot -// permissions for those users are returned. You can specify AWS account IDs -// (if you own the snapshots), self for snapshots for which you own or have -// explicit permissions, or all for public snapshots. +// permissions for those users are returned. You can specify Amazon Web Services +// account IDs (if you own the snapshots), self for snapshots for which you +// own or have explicit permissions, or all for public snapshots. // // If you are describing a long list of snapshots, we recommend that you paginate // the output to make the list more manageable. The MaxResults parameter sets @@ -24348,7 +25043,7 @@ func (c *EC2) DescribeSubnetsRequest(input *DescribeSubnetsInput) (req *request. // // Describes one or more of your subnets. // -// For more information, see Your VPC and Subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) +// For more information, see Your VPC and subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -26056,6 +26751,12 @@ func (c *EC2) DescribeTrunkInterfaceAssociationsRequest(input *DescribeTrunkInte Name: opDescribeTrunkInterfaceAssociations, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { @@ -26069,6 +26770,10 @@ func (c *EC2) DescribeTrunkInterfaceAssociationsRequest(input *DescribeTrunkInte // DescribeTrunkInterfaceAssociations API operation for Amazon Elastic Compute Cloud. // +// +// This API action is currently in limited preview only. If you are interested +// in using this feature, contact your account manager. +// // Describes one or more network interface trunk associations. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -26099,6 +26804,58 @@ func (c *EC2) DescribeTrunkInterfaceAssociationsWithContext(ctx aws.Context, inp return out, req.Send() } +// DescribeTrunkInterfaceAssociationsPages iterates over the pages of a DescribeTrunkInterfaceAssociations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeTrunkInterfaceAssociations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeTrunkInterfaceAssociations operation. +// pageNum := 0 +// err := client.DescribeTrunkInterfaceAssociationsPages(params, +// func(page *ec2.DescribeTrunkInterfaceAssociationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeTrunkInterfaceAssociationsPages(input *DescribeTrunkInterfaceAssociationsInput, fn func(*DescribeTrunkInterfaceAssociationsOutput, bool) bool) error { + return c.DescribeTrunkInterfaceAssociationsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeTrunkInterfaceAssociationsPagesWithContext same as DescribeTrunkInterfaceAssociationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTrunkInterfaceAssociationsPagesWithContext(ctx aws.Context, input *DescribeTrunkInterfaceAssociationsInput, fn func(*DescribeTrunkInterfaceAssociationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTrunkInterfaceAssociationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTrunkInterfaceAssociationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeTrunkInterfaceAssociationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeVolumeAttribute = "DescribeVolumeAttribute" // DescribeVolumeAttributeRequest generates a "aws/request.Request" representing the @@ -26244,7 +27001,7 @@ func (c *EC2) DescribeVolumeStatusRequest(input *DescribeVolumeStatusInput) (req // status of the volume is ok. If the check fails, the overall status is impaired. // If the status is insufficient-data, then the checks might still be taking // place on your volume at the time. We recommend that you retry the request. -// For more information about volume status, see Monitoring the status of your +// For more information about volume status, see Monitor the status of your // volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-status.html) // in the Amazon Elastic Compute Cloud User Guide. // @@ -26546,7 +27303,7 @@ func (c *EC2) DescribeVolumesModificationsRequest(input *DescribeVolumesModifica // You can also use CloudWatch Events to check the status of a modification // to an EBS volume. For information about CloudWatch Events, see the Amazon // CloudWatch Events User Guide (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/). -// For more information, see Monitoring volume modifications (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.html#monitoring_mods) +// For more information, see Monitor the progress of volume modifications (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-modifications.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -28359,10 +29116,10 @@ func (c *EC2) DetachVolumeRequest(input *DetachVolumeInput) (req *request.Reques // while the instance is running. To detach the root volume, stop the instance // first. // -// When a volume with an AWS Marketplace product code is detached from an instance, -// the product code is no longer associated with the instance. +// When a volume with an Amazon Web Services Marketplace product code is detached +// from an instance, the product code is no longer associated with the instance. // -// For more information, see Detaching an Amazon EBS volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html) +// For more information, see Detach an Amazon EBS volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -29305,13 +30062,12 @@ func (c *EC2) DisassociateEnclaveCertificateIamRoleRequest(input *DisassociateEn // DisassociateEnclaveCertificateIamRole API operation for Amazon Elastic Compute Cloud. // -// Disassociates an IAM role from an AWS Certificate Manager (ACM) certificate. +// Disassociates an IAM role from an Certificate Manager (ACM) certificate. // Disassociating an IAM role from an ACM certificate removes the Amazon S3 // object that contains the certificate, certificate chain, and encrypted private // key from the Amazon S3 bucket. It also revokes the IAM role's permission -// to use the AWS Key Management Service (KMS) customer master key (CMK) used -// to encrypt the private key. This effectively revokes the role's permission -// to use the certificate. +// to use the KMS key used to encrypt the private key. This effectively revokes +// the role's permission to use the certificate. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -29417,6 +30173,83 @@ func (c *EC2) DisassociateIamInstanceProfileWithContext(ctx aws.Context, input * return out, req.Send() } +const opDisassociateInstanceEventWindow = "DisassociateInstanceEventWindow" + +// DisassociateInstanceEventWindowRequest generates a "aws/request.Request" representing the +// client's request for the DisassociateInstanceEventWindow operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisassociateInstanceEventWindow for more information on using the DisassociateInstanceEventWindow +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DisassociateInstanceEventWindowRequest method. +// req, resp := client.DisassociateInstanceEventWindowRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateInstanceEventWindow +func (c *EC2) DisassociateInstanceEventWindowRequest(input *DisassociateInstanceEventWindowInput) (req *request.Request, output *DisassociateInstanceEventWindowOutput) { + op := &request.Operation{ + Name: opDisassociateInstanceEventWindow, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisassociateInstanceEventWindowInput{} + } + + output = &DisassociateInstanceEventWindowOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisassociateInstanceEventWindow API operation for Amazon Elastic Compute Cloud. +// +// Disassociates one or more targets from an event window. +// +// For more information, see Define event windows for scheduled events (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisassociateInstanceEventWindow for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateInstanceEventWindow +func (c *EC2) DisassociateInstanceEventWindow(input *DisassociateInstanceEventWindowInput) (*DisassociateInstanceEventWindowOutput, error) { + req, out := c.DisassociateInstanceEventWindowRequest(input) + return out, req.Send() +} + +// DisassociateInstanceEventWindowWithContext is the same as DisassociateInstanceEventWindow with the addition of +// the ability to pass a context and additional request options. +// +// See DisassociateInstanceEventWindow for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisassociateInstanceEventWindowWithContext(ctx aws.Context, input *DisassociateInstanceEventWindowInput, opts ...request.Option) (*DisassociateInstanceEventWindowOutput, error) { + req, out := c.DisassociateInstanceEventWindowRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisassociateRouteTable = "DisassociateRouteTable" // DisassociateRouteTableRequest generates a "aws/request.Request" representing the @@ -29466,7 +30299,7 @@ func (c *EC2) DisassociateRouteTableRequest(input *DisassociateRouteTableInput) // // After you perform this action, the subnet no longer uses the routes in the // route table. Instead, it uses the routes in the VPC's main route table. For -// more information about route tables, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) +// more information about route tables, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -29765,6 +30598,10 @@ func (c *EC2) DisassociateTrunkInterfaceRequest(input *DisassociateTrunkInterfac // DisassociateTrunkInterface API operation for Amazon Elastic Compute Cloud. // +// +// This API action is currently in limited preview only. If you are interested +// in using this feature, contact your account manager. +// // Removes an association between a branch network interface with a trunk network // interface. // @@ -29923,12 +30760,12 @@ func (c *EC2) EnableEbsEncryptionByDefaultRequest(input *EnableEbsEncryptionByDe // Enables EBS encryption by default for your account in the current Region. // // After you enable encryption by default, the EBS volumes that you create are -// always encrypted, either using the default CMK or the CMK that you specified -// when you created each volume. For more information, see Amazon EBS encryption -// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) +// always encrypted, either using the default KMS key or the KMS key that you +// specified when you created each volume. For more information, see Amazon +// EBS encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) // in the Amazon Elastic Compute Cloud User Guide. // -// You can specify the default CMK for encryption by default using ModifyEbsDefaultKmsKeyId +// You can specify the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId // or ResetEbsDefaultKmsKeyId. // // Enabling encryption by default has no effect on the encryption status of @@ -30944,11 +31781,10 @@ func (c *EC2) GetAssociatedEnclaveCertificateIamRolesRequest(input *GetAssociate // GetAssociatedEnclaveCertificateIamRoles API operation for Amazon Elastic Compute Cloud. // -// Returns the IAM roles that are associated with the specified AWS Certificate -// Manager (ACM) certificate. It also returns the name of the Amazon S3 bucket -// and the Amazon S3 object key where the certificate, certificate chain, and -// encrypted private key bundle are stored, and the ARN of the AWS Key Management -// Service (KMS) customer master key (CMK) that's used to encrypt the private +// Returns the IAM roles that are associated with the specified ACM (ACM) certificate. +// It also returns the name of the Amazon S3 bucket and the Amazon S3 object +// key where the certificate, certificate chain, and encrypted private key bundle +// are stored, and the ARN of the KMS key that's used to encrypt the private // key. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -31158,8 +31994,8 @@ func (c *EC2) GetCapacityReservationUsageRequest(input *GetCapacityReservationUs // // Gets usage information about a Capacity Reservation. If the Capacity Reservation // is shared, it shows usage information for the Capacity Reservation owner -// and each AWS account that is currently using the shared capacity. If the -// Capacity Reservation is not shared, it shows only the Capacity Reservation +// and each Amazon Web Services account that is currently using the shared capacity. +// If the Capacity Reservation is not shared, it shows only the Capacity Reservation // owner's usage. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -31552,9 +32388,9 @@ func (c *EC2) GetEbsDefaultKmsKeyIdRequest(input *GetEbsDefaultKmsKeyIdInput) (r // GetEbsDefaultKmsKeyId API operation for Amazon Elastic Compute Cloud. // -// Describes the default customer master key (CMK) for EBS encryption by default -// for your account in this Region. You can change the default CMK for encryption -// by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId. +// Describes the default KMS key for EBS encryption by default for your account +// in this Region. You can change the default KMS key for encryption by default +// using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId. // // For more information, see Amazon EBS encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) // in the Amazon Elastic Compute Cloud User Guide. @@ -32555,6 +33391,80 @@ func (c *EC2) GetSerialConsoleAccessStatusWithContext(ctx aws.Context, input *Ge return out, req.Send() } +const opGetSubnetCidrReservations = "GetSubnetCidrReservations" + +// GetSubnetCidrReservationsRequest generates a "aws/request.Request" representing the +// client's request for the GetSubnetCidrReservations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetSubnetCidrReservations for more information on using the GetSubnetCidrReservations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetSubnetCidrReservationsRequest method. +// req, resp := client.GetSubnetCidrReservationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetSubnetCidrReservations +func (c *EC2) GetSubnetCidrReservationsRequest(input *GetSubnetCidrReservationsInput) (req *request.Request, output *GetSubnetCidrReservationsOutput) { + op := &request.Operation{ + Name: opGetSubnetCidrReservations, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetSubnetCidrReservationsInput{} + } + + output = &GetSubnetCidrReservationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetSubnetCidrReservations API operation for Amazon Elastic Compute Cloud. +// +// Gets information about the subnet CIDR reservations. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetSubnetCidrReservations for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetSubnetCidrReservations +func (c *EC2) GetSubnetCidrReservations(input *GetSubnetCidrReservationsInput) (*GetSubnetCidrReservationsOutput, error) { + req, out := c.GetSubnetCidrReservationsRequest(input) + return out, req.Send() +} + +// GetSubnetCidrReservationsWithContext is the same as GetSubnetCidrReservations with the addition of +// the ability to pass a context and additional request options. +// +// See GetSubnetCidrReservations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetSubnetCidrReservationsWithContext(ctx aws.Context, input *GetSubnetCidrReservationsInput, opts ...request.Option) (*GetSubnetCidrReservationsOutput, error) { + req, out := c.GetSubnetCidrReservationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetTransitGatewayAttachmentPropagations = "GetTransitGatewayAttachmentPropagations" // GetTransitGatewayAttachmentPropagationsRequest generates a "aws/request.Request" representing the @@ -33426,9 +34336,9 @@ func (c *EC2) ImportInstanceRequest(input *ImportInstanceInput) (req *request.Re // This API action supports only single-volume VMs. To import multi-volume VMs, // use ImportImage instead. // -// This API action is not supported by the AWS Command Line Interface (AWS CLI). -// For information about using the Amazon EC2 CLI, which is deprecated, see -// Importing a VM to Amazon EC2 (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#UsingVirtualMachinesinAmazonEC2) +// This API action is not supported by the Command Line Interface (CLI). For +// information about using the Amazon EC2 CLI, which is deprecated, see Importing +// a VM to Amazon EC2 (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#UsingVirtualMachinesinAmazonEC2) // in the Amazon EC2 CLI Reference PDF file. // // For information about the import manifest referenced by this API action, @@ -33506,13 +34416,14 @@ func (c *EC2) ImportKeyPairRequest(input *ImportKeyPairInput) (req *request.Requ // ImportKeyPair API operation for Amazon Elastic Compute Cloud. // -// Imports the public key from an RSA key pair that you created with a third-party -// tool. Compare this with CreateKeyPair, in which AWS creates the key pair -// and gives the keys to you (AWS keeps a copy of the public key). With ImportKeyPair, -// you create the key pair and give AWS just the public key. The private key -// is never transferred between you and AWS. +// Imports the public key from an RSA or ED25519 key pair that you created with +// a third-party tool. Compare this with CreateKeyPair, in which Amazon Web +// Services creates the key pair and gives the keys to you (Amazon Web Services +// keeps a copy of the public key). With ImportKeyPair, you create the key pair +// and give Amazon Web Services just the public key. The private key is never +// transferred between you and Amazon Web Services. // -// For more information about key pairs, see Key Pairs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) +// For more information about key pairs, see Amazon EC2 key pairs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -33671,9 +34582,9 @@ func (c *EC2) ImportVolumeRequest(input *ImportVolumeInput) (req *request.Reques // use ImportImage instead. To import a disk to a snapshot, use ImportSnapshot // instead. // -// This API action is not supported by the AWS Command Line Interface (AWS CLI). -// For information about using the Amazon EC2 CLI, which is deprecated, see -// Importing Disks to Amazon EBS (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#importing-your-volumes-into-amazon-ebs) +// This API action is not supported by the Command Line Interface (CLI). For +// information about using the Amazon EC2 CLI, which is deprecated, see Importing +// Disks to Amazon EBS (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#importing-your-volumes-into-amazon-ebs) // in the Amazon EC2 CLI Reference PDF file. // // For information about the import manifest referenced by this API action, @@ -34059,16 +34970,16 @@ func (c *EC2) ModifyDefaultCreditSpecificationRequest(input *ModifyDefaultCredit // ModifyDefaultCreditSpecification API operation for Amazon Elastic Compute Cloud. // // Modifies the default credit option for CPU usage of burstable performance -// instances. The default credit option is set at the account level per AWS -// Region, and is specified per instance family. All new burstable performance -// instances in the account launch using the default credit option. +// instances. The default credit option is set at the account level per Amazon +// Web Services Region, and is specified per instance family. All new burstable +// performance instances in the account launch using the default credit option. // // ModifyDefaultCreditSpecification is an asynchronous operation, which works -// at an AWS Region level and modifies the credit option for each Availability -// Zone. All zones in a Region are updated within five minutes. But if instances -// are launched during this operation, they might not get the new credit option -// until the zone is updated. To verify whether the update has occurred, you -// can call GetDefaultCreditSpecification and check DefaultCreditSpecification +// at an Amazon Web Services Region level and modifies the credit option for +// each Availability Zone. All zones in a Region are updated within five minutes. +// But if instances are launched during this operation, they might not get the +// new credit option until the zone is updated. To verify whether the update +// has occurred, you can call GetDefaultCreditSpecification and check DefaultCreditSpecification // for updates. // // For more information, see Burstable performance instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) @@ -34146,17 +35057,18 @@ func (c *EC2) ModifyEbsDefaultKmsKeyIdRequest(input *ModifyEbsDefaultKmsKeyIdInp // ModifyEbsDefaultKmsKeyId API operation for Amazon Elastic Compute Cloud. // -// Changes the default customer master key (CMK) for EBS encryption by default -// for your account in this Region. +// Changes the default KMS key for EBS encryption by default for your account +// in this Region. // -// AWS creates a unique AWS managed CMK in each Region for use with encryption -// by default. If you change the default CMK to a symmetric customer managed -// CMK, it is used instead of the AWS managed CMK. To reset the default CMK -// to the AWS managed CMK for EBS, use ResetEbsDefaultKmsKeyId. Amazon EBS does -// not support asymmetric CMKs. +// Amazon Web Services creates a unique Amazon Web Services managed KMS key +// in each Region for use with encryption by default. If you change the default +// KMS key to a symmetric customer managed KMS key, it is used instead of the +// Amazon Web Services managed KMS key. To reset the default KMS key to the +// Amazon Web Services managed KMS key for EBS, use ResetEbsDefaultKmsKeyId. +// Amazon EBS does not support asymmetric KMS keys. // -// If you delete or disable the customer managed CMK that you specified for -// use with encryption by default, your instances will fail to launch. +// If you delete or disable the customer managed KMS key that you specified +// for use with encryption by default, your instances will fail to launch. // // For more information, see Amazon EBS encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) // in the Amazon Elastic Compute Cloud User Guide. @@ -35043,6 +35955,92 @@ func (c *EC2) ModifyInstanceEventStartTimeWithContext(ctx aws.Context, input *Mo return out, req.Send() } +const opModifyInstanceEventWindow = "ModifyInstanceEventWindow" + +// ModifyInstanceEventWindowRequest generates a "aws/request.Request" representing the +// client's request for the ModifyInstanceEventWindow operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyInstanceEventWindow for more information on using the ModifyInstanceEventWindow +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifyInstanceEventWindowRequest method. +// req, resp := client.ModifyInstanceEventWindowRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyInstanceEventWindow +func (c *EC2) ModifyInstanceEventWindowRequest(input *ModifyInstanceEventWindowInput) (req *request.Request, output *ModifyInstanceEventWindowOutput) { + op := &request.Operation{ + Name: opModifyInstanceEventWindow, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyInstanceEventWindowInput{} + } + + output = &ModifyInstanceEventWindowOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyInstanceEventWindow API operation for Amazon Elastic Compute Cloud. +// +// Modifies the specified event window. +// +// You can define either a set of time ranges or a cron expression when modifying +// the event window, but not both. +// +// To modify the targets associated with the event window, use the AssociateInstanceEventWindow +// and DisassociateInstanceEventWindow API. +// +// If Amazon Web Services has already scheduled an event, modifying an event +// window won't change the time of the scheduled event. +// +// For more information, see Define event windows for scheduled events (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/event-windows.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyInstanceEventWindow for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyInstanceEventWindow +func (c *EC2) ModifyInstanceEventWindow(input *ModifyInstanceEventWindowInput) (*ModifyInstanceEventWindowOutput, error) { + req, out := c.ModifyInstanceEventWindowRequest(input) + return out, req.Send() +} + +// ModifyInstanceEventWindowWithContext is the same as ModifyInstanceEventWindow with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyInstanceEventWindow for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyInstanceEventWindowWithContext(ctx aws.Context, input *ModifyInstanceEventWindowInput, opts ...request.Option) (*ModifyInstanceEventWindowOutput, error) { + req, out := c.ModifyInstanceEventWindowRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyInstanceMetadataOptions = "ModifyInstanceMetadataOptions" // ModifyInstanceMetadataOptionsRequest generates a "aws/request.Request" representing the @@ -35532,6 +36530,80 @@ func (c *EC2) ModifyReservedInstancesWithContext(ctx aws.Context, input *ModifyR return out, req.Send() } +const opModifySecurityGroupRules = "ModifySecurityGroupRules" + +// ModifySecurityGroupRulesRequest generates a "aws/request.Request" representing the +// client's request for the ModifySecurityGroupRules operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifySecurityGroupRules for more information on using the ModifySecurityGroupRules +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifySecurityGroupRulesRequest method. +// req, resp := client.ModifySecurityGroupRulesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifySecurityGroupRules +func (c *EC2) ModifySecurityGroupRulesRequest(input *ModifySecurityGroupRulesInput) (req *request.Request, output *ModifySecurityGroupRulesOutput) { + op := &request.Operation{ + Name: opModifySecurityGroupRules, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifySecurityGroupRulesInput{} + } + + output = &ModifySecurityGroupRulesOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifySecurityGroupRules API operation for Amazon Elastic Compute Cloud. +// +// Modifies the rules of a security group. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifySecurityGroupRules for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifySecurityGroupRules +func (c *EC2) ModifySecurityGroupRules(input *ModifySecurityGroupRulesInput) (*ModifySecurityGroupRulesOutput, error) { + req, out := c.ModifySecurityGroupRulesRequest(input) + return out, req.Send() +} + +// ModifySecurityGroupRulesWithContext is the same as ModifySecurityGroupRules with the addition of +// the ability to pass a context and additional request options. +// +// See ModifySecurityGroupRules for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifySecurityGroupRulesWithContext(ctx aws.Context, input *ModifySecurityGroupRulesInput, opts ...request.Option) (*ModifySecurityGroupRulesOutput, error) { + req, out := c.ModifySecurityGroupRulesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifySnapshotAttribute = "ModifySnapshotAttribute" // ModifySnapshotAttributeRequest generates a "aws/request.Request" representing the @@ -35578,16 +36650,17 @@ func (c *EC2) ModifySnapshotAttributeRequest(input *ModifySnapshotAttributeInput // ModifySnapshotAttribute API operation for Amazon Elastic Compute Cloud. // // Adds or removes permission settings for the specified snapshot. You may add -// or remove specified AWS account IDs from a snapshot's list of create volume -// permissions, but you cannot do both in a single operation. If you need to -// both add and remove account IDs for a snapshot, you must use multiple operations. -// You can make up to 500 modifications to a snapshot in a single operation. +// or remove specified Amazon Web Services account IDs from a snapshot's list +// of create volume permissions, but you cannot do both in a single operation. +// If you need to both add and remove account IDs for a snapshot, you must use +// multiple operations. You can make up to 500 modifications to a snapshot in +// a single operation. // -// Encrypted snapshots and snapshots with AWS Marketplace product codes cannot -// be made public. Snapshots encrypted with your default CMK cannot be shared -// with other accounts. +// Encrypted snapshots and snapshots with Amazon Web Services Marketplace product +// codes cannot be made public. Snapshots encrypted with your default KMS key +// cannot be shared with other accounts. // -// For more information about modifying snapshot permissions, see Sharing snapshots +// For more information about modifying snapshot permissions, see Share a snapshot // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html) // in the Amazon Elastic Compute Cloud User Guide. // @@ -36305,34 +37378,28 @@ func (c *EC2) ModifyVolumeRequest(input *ModifyVolumeInput) (req *request.Reques // size, volume type, and IOPS capacity. If your EBS volume is attached to a // current-generation EC2 instance type, you might be able to apply these changes // without stopping the instance or detaching the volume from it. For more information -// about modifying an EBS volume running Linux, see Modifying the size, IOPS, -// or type of an EBS volume on Linux (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.html). -// For more information about modifying an EBS volume running Windows, see Modifying -// the size, IOPS, or type of an EBS volume on Windows (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-expand-volume.html). +// about modifying EBS volumes, see Amazon EBS Elastic Volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modify-volume.html) +// (Linux instances) or Amazon EBS Elastic Volumes (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-modify-volume.html) +// (Windows instances). // // When you complete a resize operation on your volume, you need to extend the // volume's file-system size to take advantage of the new storage capacity. -// For information about extending a Linux file system, see Extending a Linux -// file system (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.html#recognize-expanded-volume-linux). -// For information about extending a Windows file system, see Extending a Windows -// file system (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-expand-volume.html#recognize-expanded-volume-windows). +// For more information, see Extend a Linux file system (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.html#recognize-expanded-volume-linux) +// or Extend a Windows file system (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-expand-volume.html#recognize-expanded-volume-windows). // // You can use CloudWatch Events to check the status of a modification to an // EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch // Events User Guide (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/). // You can also track the status of a modification using DescribeVolumesModifications. -// For information about tracking status changes using either method, see Monitoring -// volume modifications (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.html#monitoring_mods). +// For information about tracking status changes using either method, see Monitor +// the progress of volume modifications (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-modifications.html). // // With previous-generation instance types, resizing an EBS volume might require // detaching and reattaching the volume or stopping and restarting the instance. -// For more information, see Amazon EBS Elastic Volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modify-volume.html) -// (Linux) or Amazon EBS Elastic Volumes (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-modify-volume.html) -// (Windows). // -// If you reach the maximum volume modification rate per volume limit, you will -// need to wait at least six hours before applying further modifications to -// the affected EBS volume. +// If you reach the maximum volume modification rate per volume limit, you must +// wait at least six hours before applying further modifications to the affected +// EBS volume. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -36894,16 +37961,17 @@ func (c *EC2) ModifyVpcPeeringConnectionOptionsRequest(input *ModifyVpcPeeringCo // * Enable/disable the ability to resolve public DNS hostnames to private // IP addresses when queried from instances in the peer VPC. // -// If the peered VPCs are in the same AWS account, you can enable DNS resolution -// for queries from the local VPC. This ensures that queries from the local -// VPC resolve to private IP addresses in the peer VPC. This option is not available -// if the peered VPCs are in different AWS accounts or different Regions. For -// peered VPCs in different AWS accounts, each AWS account owner must initiate -// a separate request to modify the peering connection options. For inter-region -// peering connections, you must use the Region for the requester VPC to modify -// the requester VPC peering options and the Region for the accepter VPC to -// modify the accepter VPC peering options. To verify which VPCs are the accepter -// and the requester for a VPC peering connection, use the DescribeVpcPeeringConnections +// If the peered VPCs are in the same Amazon Web Services account, you can enable +// DNS resolution for queries from the local VPC. This ensures that queries +// from the local VPC resolve to private IP addresses in the peer VPC. This +// option is not available if the peered VPCs are in different different Amazon +// Web Services accounts or different Regions. For peered VPCs in different +// Amazon Web Services accounts, each Amazon Web Services account owner must +// initiate a separate request to modify the peering connection options. For +// inter-region peering connections, you must use the Region for the requester +// VPC to modify the requester VPC peering options and the Region for the accepter +// VPC to modify the accepter VPC peering options. To verify which VPCs are +// the accepter and the requester for a VPC peering connection, use the DescribeVpcPeeringConnections // command. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -38747,7 +39815,7 @@ func (c *EC2) ReleaseAddressRequest(input *ReleaseAddressInput) (req *request.Re // Be sure to update your DNS records and any servers or devices that communicate // with the address. If you attempt to release an Elastic IP address that you // already released, you'll get an AuthFailure error if the address is already -// allocated to another account. +// allocated to another Amazon Web Services account. // // [EC2-VPC] After you release an Elastic IP address for use in a VPC, you might // be able to recover it. For more information, see AllocateAddress. @@ -39149,7 +40217,7 @@ func (c *EC2) ReplaceRouteRequest(input *ReplaceRouteInput) (req *request.Reques // instance, NAT gateway, VPC peering connection, network interface, egress-only // internet gateway, or transit gateway. // -// For more information, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) +// For more information, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -39227,7 +40295,7 @@ func (c *EC2) ReplaceRouteTableAssociationRequest(input *ReplaceRouteTableAssoci // Changes the route table associated with a given subnet, internet gateway, // or virtual private gateway in a VPC. After the operation completes, the subnet // or gateway uses the routes in the new route table. For more information about -// route tables, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) +// route tables, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // // You can also use this operation to change which table is the main route table @@ -39711,12 +40779,13 @@ func (c *EC2) ResetEbsDefaultKmsKeyIdRequest(input *ResetEbsDefaultKmsKeyIdInput // ResetEbsDefaultKmsKeyId API operation for Amazon Elastic Compute Cloud. // -// Resets the default customer master key (CMK) for EBS encryption for your -// account in this Region to the AWS managed CMK for EBS. +// Resets the default KMS key for EBS encryption for your account in this Region +// to the Amazon Web Services managed KMS key for EBS. // -// After resetting the default CMK to the AWS managed CMK, you can continue -// to encrypt by a customer managed CMK by specifying it when you create the -// volume. For more information, see Amazon EBS encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) +// After resetting the default KMS key to the Amazon Web Services managed KMS +// key, you can continue to encrypt by a customer managed KMS key by specifying +// it when you create the volume. For more information, see Amazon EBS encryption +// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -40105,7 +41174,7 @@ func (c *EC2) ResetSnapshotAttributeRequest(input *ResetSnapshotAttributeInput) // // Resets permission settings for the specified snapshot. // -// For more information about modifying snapshot permissions, see Sharing snapshots +// For more information about modifying snapshot permissions, see Share a snapshot // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html) // in the Amazon Elastic Compute Cloud User Guide. // @@ -40407,23 +41476,25 @@ func (c *EC2) RevokeSecurityGroupEgressRequest(input *RevokeSecurityGroupEgressI // RevokeSecurityGroupEgress API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Removes the specified egress rules from a security group for EC2-VPC. -// This action does not apply to security groups for use in EC2-Classic. To -// remove a rule, the values that you specify (for example, ports) must match -// the existing rule's values exactly. +// [VPC only] Removes the specified outbound (egress) rules from a security +// group for EC2-VPC. This action does not apply to security groups for use +// in EC2-Classic. +// +// You can specify rules using either rule IDs or security group rule properties. +// If you use rule properties, the values that you specify (for example, ports) +// must match the existing rule's values exactly. Each rule has a protocol, +// from and to ports, and destination (CIDR range, security group, or prefix +// list). For the TCP and UDP protocols, you must also specify the destination +// port or range of ports. For the ICMP protocol, you must also specify the +// ICMP type and code. If the security group rule has a description, you do +// not need to specify the description to revoke the rule. // // [Default VPC] If the values you specify do not match the existing rule's // values, no error is returned, and the output describes the security group // rules that were not revoked. // -// AWS recommends that you use DescribeSecurityGroups to verify that the rule -// has been removed. -// -// Each rule consists of the protocol and the IPv4 or IPv6 CIDR range or source -// security group. For the TCP and UDP protocols, you must also specify the -// destination port or range of ports. For the ICMP protocol, you must also -// specify the ICMP type and code. If the security group rule has a description, -// you do not have to specify the description to revoke the rule. +// Amazon Web Services recommends that you describe the security group to verify +// that the rules were removed. // // Rule changes are propagated to instances within the security group as quickly // as possible. However, a small delay might occur. @@ -40500,22 +41571,23 @@ func (c *EC2) RevokeSecurityGroupIngressRequest(input *RevokeSecurityGroupIngres // RevokeSecurityGroupIngress API operation for Amazon Elastic Compute Cloud. // -// Removes the specified ingress rules from a security group. To remove a rule, -// the values that you specify (for example, ports) must match the existing -// rule's values exactly. +// Removes the specified inbound (ingress) rules from a security group. // -// [EC2-Classic , default VPC] If the values you specify do not match the existing +// You can specify rules using either rule IDs or security group rule properties. +// If you use rule properties, the values that you specify (for example, ports) +// must match the existing rule's values exactly. Each rule has a protocol, +// from and to ports, and source (CIDR range, security group, or prefix list). +// For the TCP and UDP protocols, you must also specify the destination port +// or range of ports. For the ICMP protocol, you must also specify the ICMP +// type and code. If the security group rule has a description, you do not need +// to specify the description to revoke the rule. +// +// [EC2-Classic, default VPC] If the values you specify do not match the existing // rule's values, no error is returned, and the output describes the security // group rules that were not revoked. // -// AWS recommends that you use DescribeSecurityGroups to verify that the rule -// has been removed. -// -// Each rule consists of the protocol and the CIDR range or source security -// group. For the TCP and UDP protocols, you must also specify the destination -// port or range of ports. For the ICMP protocol, you must also specify the -// ICMP type and code. If the security group rule has a description, you do -// not have to specify the description to revoke the rule. +// Amazon Web Services recommends that you describe the security group to verify +// that the rules were removed. // // Rule changes are propagated to instances within the security group as quickly // as possible. However, a small delay might occur. @@ -41239,11 +42311,7 @@ func (c *EC2) StartInstancesRequest(input *StartInstancesInput) (req *request.Re // released and you are not billed for instance usage. However, your root partition // Amazon EBS volume remains and continues to persist your data, and you are // charged for Amazon EBS volume usage. You can restart your instance at any -// time. Every time you start your Windows instance, Amazon EC2 charges you -// for a full instance hour. If you stop and restart your Windows instance, -// a new instance hour begins and Amazon EC2 charges you for another full instance -// hour even if you are still within the same 60-minute period when it was stopped. -// Every time you start your Linux instance, Amazon EC2 charges a one-minute +// time. Every time you start your instance, Amazon EC2 charges a one-minute // minimum for instance usage, and thereafter charges per second for instance // usage. // @@ -41497,12 +42565,8 @@ func (c *EC2) StopInstancesRequest(input *StopInstancesInput) (req *request.Requ // We don't charge usage for a stopped instance, or data transfer fees; however, // your root partition Amazon EBS volume remains and continues to persist your // data, and you are charged for Amazon EBS volume usage. Every time you start -// your Windows instance, Amazon EC2 charges you for a full instance hour. If -// you stop and restart your Windows instance, a new instance hour begins and -// Amazon EC2 charges you for another full instance hour even if you are still -// within the same 60-minute period when it was stopped. Every time you start -// your Linux instance, Amazon EC2 charges a one-minute minimum for instance -// usage, and thereafter charges per second for instance usage. +// your instance, Amazon EC2 charges a one-minute minimum for instance usage, +// and thereafter charges per second for instance usage. // // You can't stop or hibernate instance store-backed instances. You can't use // the Stop action to hibernate Spot Instances, but you can specify that Amazon @@ -41686,6 +42750,36 @@ func (c *EC2) TerminateInstancesRequest(input *TerminateInstancesInput) (req *re // If you specify multiple instances and the request fails (for example, because // of a single incorrect instance ID), none of the instances are terminated. // +// If you terminate multiple instances across multiple Availability Zones, and +// one or more of the specified instances are enabled for termination protection, +// the request fails with the following results: +// +// * The specified instances that are in the same Availability Zone as the +// protected instance are not terminated. +// +// * The specified instances that are in different Availability Zones, where +// no other specified instances are protected, are successfully terminated. +// +// For example, say you have the following instances: +// +// * Instance A: us-east-1a; Not protected +// +// * Instance B: us-east-1a; Not protected +// +// * Instance C: us-east-1b; Protected +// +// * Instance D: us-east-1b; not protected +// +// If you attempt to terminate all of these instances in the same request, the +// request reports failure with the following results: +// +// * Instance A and Instance B are successfully terminated because none of +// the specified instances in us-east-1a are enabled for termination protection. +// +// * Instance C and Instance D fail to terminate because at least one of +// the specified instances in us-east-1b (Instance C) is enabled for termination +// protection. +// // Terminated instances remain visible after termination (for approximately // one hour). // @@ -41778,7 +42872,8 @@ func (c *EC2) UnassignIpv6AddressesRequest(input *UnassignIpv6AddressesInput) (r // UnassignIpv6Addresses API operation for Amazon Elastic Compute Cloud. // -// Unassigns one or more IPv6 addresses from a network interface. +// Unassigns one or more IPv6 addresses IPv4 Prefix Delegation prefixes from +// a network interface. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -41853,7 +42948,8 @@ func (c *EC2) UnassignPrivateIpAddressesRequest(input *UnassignPrivateIpAddresse // UnassignPrivateIpAddresses API operation for Amazon Elastic Compute Cloud. // -// Unassigns one or more secondary private IP addresses from a network interface. +// Unassigns one or more secondary private IP addresses, or IPv4 Prefix Delegation +// prefixes from a network interface. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -42005,11 +43101,8 @@ func (c *EC2) UpdateSecurityGroupRuleDescriptionsEgressRequest(input *UpdateSecu // // [VPC only] Updates the description of an egress (outbound) security group // rule. You can replace an existing description, or add a description to a -// rule that did not have one previously. -// -// You specify the description as part of the IP permissions structure. You -// can remove a description for a security group rule by omitting the description -// parameter in the request. +// rule that did not have one previously. You can remove a description for a +// security group rule by omitting the description parameter in the request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -42085,11 +43178,8 @@ func (c *EC2) UpdateSecurityGroupRuleDescriptionsIngressRequest(input *UpdateSec // // Updates the description of an ingress (inbound) security group rule. You // can replace an existing description, or add a description to a rule that -// did not have one previously. -// -// You specify the description as part of the IP permissions structure. You -// can remove a description for a security group rule by omitting the description -// parameter in the request. +// did not have one previously. You can remove a description for a security +// group rule by omitting the description parameter in the request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -42859,7 +43949,7 @@ type Address struct { // The ID of the network interface. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` - // The ID of the account that owns the network interface. + // The ID of the Amazon Web Services account that owns the network interface. NetworkInterfaceOwnerId *string `locationName:"networkInterfaceOwnerId" type:"string"` // The private IP address associated with the Elastic IP address. @@ -43758,7 +44848,7 @@ type AnalysisRouteTableRoute struct { // The destination IPv4 address, in CIDR notation. DestinationCidr *string `locationName:"destinationCidr" type:"string"` - // The prefix of the AWS service. + // The prefix of the Amazon Web Service. DestinationPrefixListId *string `locationName:"destinationPrefixListId" type:"string"` // The ID of an egress-only internet gateway. @@ -44052,6 +45142,15 @@ type AssignIpv6AddressesInput struct { // You can't use this option if you're specifying a number of IPv6 addresses. Ipv6Addresses []*string `locationName:"ipv6Addresses" locationNameList:"item" type:"list"` + // The number of IPv6 prefixes that Amazon Web Services automatically assigns + // to the network interface. You cannot use this option if you use the Ipv6Prefixes + // option. + Ipv6PrefixCount *int64 `type:"integer"` + + // One or more IPv6 prefixes assigned to the network interface. You cannot use + // this option if you use the Ipv6PrefixCount option. + Ipv6Prefixes []*string `locationName:"Ipv6Prefix" locationNameList:"item" type:"list"` + // The ID of the network interface. // // NetworkInterfaceId is a required field @@ -44093,6 +45192,18 @@ func (s *AssignIpv6AddressesInput) SetIpv6Addresses(v []*string) *AssignIpv6Addr return s } +// SetIpv6PrefixCount sets the Ipv6PrefixCount field's value. +func (s *AssignIpv6AddressesInput) SetIpv6PrefixCount(v int64) *AssignIpv6AddressesInput { + s.Ipv6PrefixCount = &v + return s +} + +// SetIpv6Prefixes sets the Ipv6Prefixes field's value. +func (s *AssignIpv6AddressesInput) SetIpv6Prefixes(v []*string) *AssignIpv6AddressesInput { + s.Ipv6Prefixes = v + return s +} + // SetNetworkInterfaceId sets the NetworkInterfaceId field's value. func (s *AssignIpv6AddressesInput) SetNetworkInterfaceId(v string) *AssignIpv6AddressesInput { s.NetworkInterfaceId = &v @@ -44106,6 +45217,9 @@ type AssignIpv6AddressesOutput struct { // that were assigned to the network interface before the request are not included. AssignedIpv6Addresses []*string `locationName:"assignedIpv6Addresses" locationNameList:"item" type:"list"` + // The IPv6 prefixes that are assigned to the network interface. + AssignedIpv6Prefixes []*string `locationName:"assignedIpv6PrefixSet" locationNameList:"item" type:"list"` + // The ID of the network interface. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` } @@ -44126,6 +45240,12 @@ func (s *AssignIpv6AddressesOutput) SetAssignedIpv6Addresses(v []*string) *Assig return s } +// SetAssignedIpv6Prefixes sets the AssignedIpv6Prefixes field's value. +func (s *AssignIpv6AddressesOutput) SetAssignedIpv6Prefixes(v []*string) *AssignIpv6AddressesOutput { + s.AssignedIpv6Prefixes = v + return s +} + // SetNetworkInterfaceId sets the NetworkInterfaceId field's value. func (s *AssignIpv6AddressesOutput) SetNetworkInterfaceId(v string) *AssignIpv6AddressesOutput { s.NetworkInterfaceId = &v @@ -44140,6 +45260,15 @@ type AssignPrivateIpAddressesInput struct { // network interface or instance to be reassigned to the specified network interface. AllowReassignment *bool `locationName:"allowReassignment" type:"boolean"` + // The number of IPv4 prefixes that Amazon Web Services automatically assigns + // to the network interface. You cannot use this option if you use the Ipv4 + // Prefixes option. + Ipv4PrefixCount *int64 `type:"integer"` + + // One or more IPv4 prefixes assigned to the network interface. You cannot use + // this option if you use the Ipv4PrefixCount option. + Ipv4Prefixes []*string `locationName:"Ipv4Prefix" locationNameList:"item" type:"list"` + // The ID of the network interface. // // NetworkInterfaceId is a required field @@ -44187,6 +45316,18 @@ func (s *AssignPrivateIpAddressesInput) SetAllowReassignment(v bool) *AssignPriv return s } +// SetIpv4PrefixCount sets the Ipv4PrefixCount field's value. +func (s *AssignPrivateIpAddressesInput) SetIpv4PrefixCount(v int64) *AssignPrivateIpAddressesInput { + s.Ipv4PrefixCount = &v + return s +} + +// SetIpv4Prefixes sets the Ipv4Prefixes field's value. +func (s *AssignPrivateIpAddressesInput) SetIpv4Prefixes(v []*string) *AssignPrivateIpAddressesInput { + s.Ipv4Prefixes = v + return s +} + // SetNetworkInterfaceId sets the NetworkInterfaceId field's value. func (s *AssignPrivateIpAddressesInput) SetNetworkInterfaceId(v string) *AssignPrivateIpAddressesInput { s.NetworkInterfaceId = &v @@ -44208,6 +45349,9 @@ func (s *AssignPrivateIpAddressesInput) SetSecondaryPrivateIpAddressCount(v int6 type AssignPrivateIpAddressesOutput struct { _ struct{} `type:"structure"` + // The IPv4 prefixes that are assigned to the network interface. + AssignedIpv4Prefixes []*Ipv4PrefixSpecification `locationName:"assignedIpv4PrefixSet" locationNameList:"item" type:"list"` + // The private IP addresses assigned to the network interface. AssignedPrivateIpAddresses []*AssignedPrivateIpAddress `locationName:"assignedPrivateIpAddressesSet" locationNameList:"item" type:"list"` @@ -44225,6 +45369,12 @@ func (s AssignPrivateIpAddressesOutput) GoString() string { return s.String() } +// SetAssignedIpv4Prefixes sets the AssignedIpv4Prefixes field's value. +func (s *AssignPrivateIpAddressesOutput) SetAssignedIpv4Prefixes(v []*Ipv4PrefixSpecification) *AssignPrivateIpAddressesOutput { + s.AssignedIpv4Prefixes = v + return s +} + // SetAssignedPrivateIpAddresses sets the AssignedPrivateIpAddresses field's value. func (s *AssignPrivateIpAddressesOutput) SetAssignedPrivateIpAddresses(v []*AssignedPrivateIpAddress) *AssignPrivateIpAddressesOutput { s.AssignedPrivateIpAddresses = v @@ -44636,7 +45786,7 @@ type AssociateEnclaveCertificateIamRoleOutput struct { // private key bundle are stored. The object key is formatted as follows: role_arn/certificate_arn. CertificateS3ObjectKey *string `locationName:"certificateS3ObjectKey" type:"string"` - // The ID of the AWS KMS CMK used to encrypt the private key of the certificate. + // The ID of the KMS key used to encrypt the private key of the certificate. EncryptionKmsKeyId *string `locationName:"encryptionKmsKeyId" type:"string"` } @@ -44743,6 +45893,93 @@ func (s *AssociateIamInstanceProfileOutput) SetIamInstanceProfileAssociation(v * return s } +type AssociateInstanceEventWindowInput struct { + _ struct{} `type:"structure"` + + // One or more targets associated with the specified event window. + // + // AssociationTarget is a required field + AssociationTarget *InstanceEventWindowAssociationRequest `type:"structure" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the event window. + // + // InstanceEventWindowId is a required field + InstanceEventWindowId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s AssociateInstanceEventWindowInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AssociateInstanceEventWindowInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AssociateInstanceEventWindowInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AssociateInstanceEventWindowInput"} + if s.AssociationTarget == nil { + invalidParams.Add(request.NewErrParamRequired("AssociationTarget")) + } + if s.InstanceEventWindowId == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceEventWindowId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAssociationTarget sets the AssociationTarget field's value. +func (s *AssociateInstanceEventWindowInput) SetAssociationTarget(v *InstanceEventWindowAssociationRequest) *AssociateInstanceEventWindowInput { + s.AssociationTarget = v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *AssociateInstanceEventWindowInput) SetDryRun(v bool) *AssociateInstanceEventWindowInput { + s.DryRun = &v + return s +} + +// SetInstanceEventWindowId sets the InstanceEventWindowId field's value. +func (s *AssociateInstanceEventWindowInput) SetInstanceEventWindowId(v string) *AssociateInstanceEventWindowInput { + s.InstanceEventWindowId = &v + return s +} + +type AssociateInstanceEventWindowOutput struct { + _ struct{} `type:"structure"` + + // Information about the event window. + InstanceEventWindow *InstanceEventWindow `locationName:"instanceEventWindow" type:"structure"` +} + +// String returns the string representation +func (s AssociateInstanceEventWindowOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AssociateInstanceEventWindowOutput) GoString() string { + return s.String() +} + +// SetInstanceEventWindow sets the InstanceEventWindow field's value. +func (s *AssociateInstanceEventWindowOutput) SetInstanceEventWindow(v *InstanceEventWindow) *AssociateInstanceEventWindowOutput { + s.InstanceEventWindow = v + return s +} + type AssociateRouteTableInput struct { _ struct{} `type:"structure"` @@ -46298,6 +47535,9 @@ type AuthorizeSecurityGroupEgressInput struct { // group. SourceSecurityGroupOwnerId *string `locationName:"sourceSecurityGroupOwnerId" type:"string"` + // The tags applied to the security group rule. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + // Not supported. Use a set of IP permissions to specify the port. ToPort *int64 `locationName:"toPort" type:"integer"` } @@ -46373,6 +47613,12 @@ func (s *AuthorizeSecurityGroupEgressInput) SetSourceSecurityGroupOwnerId(v stri return s } +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *AuthorizeSecurityGroupEgressInput) SetTagSpecifications(v []*TagSpecification) *AuthorizeSecurityGroupEgressInput { + s.TagSpecifications = v + return s +} + // SetToPort sets the ToPort field's value. func (s *AuthorizeSecurityGroupEgressInput) SetToPort(v int64) *AuthorizeSecurityGroupEgressInput { s.ToPort = &v @@ -46381,6 +47627,12 @@ func (s *AuthorizeSecurityGroupEgressInput) SetToPort(v int64) *AuthorizeSecurit type AuthorizeSecurityGroupEgressOutput struct { _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, returns an error. + Return *bool `locationName:"return" type:"boolean"` + + // Information about the outbound (egress) security group rules that were added. + SecurityGroupRules []*SecurityGroupRule `locationName:"securityGroupRuleSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -46393,6 +47645,18 @@ func (s AuthorizeSecurityGroupEgressOutput) GoString() string { return s.String() } +// SetReturn sets the Return field's value. +func (s *AuthorizeSecurityGroupEgressOutput) SetReturn(v bool) *AuthorizeSecurityGroupEgressOutput { + s.Return = &v + return s +} + +// SetSecurityGroupRules sets the SecurityGroupRules field's value. +func (s *AuthorizeSecurityGroupEgressOutput) SetSecurityGroupRules(v []*SecurityGroupRule) *AuthorizeSecurityGroupEgressOutput { + s.SecurityGroupRules = v + return s +} + type AuthorizeSecurityGroupIngressInput struct { _ struct{} `type:"structure"` @@ -46450,14 +47714,18 @@ type AuthorizeSecurityGroupIngressInput struct { // be in the same VPC. SourceSecurityGroupName *string `type:"string"` - // [nondefault VPC] The AWS account ID for the source security group, if the - // source security group is in a different account. You can't specify this parameter - // in combination with the following parameters: the CIDR IP address range, - // the IP protocol, the start of the port range, and the end of the port range. - // Creates rules that grant full ICMP, UDP, and TCP access. To create a rule - // with a specific IP protocol and port range, use a set of IP permissions instead. + // [nondefault VPC] The Amazon Web Services account ID for the source security + // group, if the source security group is in a different account. You can't + // specify this parameter in combination with the following parameters: the + // CIDR IP address range, the IP protocol, the start of the port range, and + // the end of the port range. Creates rules that grant full ICMP, UDP, and TCP + // access. To create a rule with a specific IP protocol and port range, use + // a set of IP permissions instead. SourceSecurityGroupOwnerId *string `type:"string"` + // [VPC Only] The tags applied to the security group rule. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + // The end of port range for the TCP and UDP protocols, or an ICMP code number. // For the ICMP code number, use -1 to specify all codes. If you specify all // ICMP types, you must specify all codes. @@ -46531,6 +47799,12 @@ func (s *AuthorizeSecurityGroupIngressInput) SetSourceSecurityGroupOwnerId(v str return s } +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *AuthorizeSecurityGroupIngressInput) SetTagSpecifications(v []*TagSpecification) *AuthorizeSecurityGroupIngressInput { + s.TagSpecifications = v + return s +} + // SetToPort sets the ToPort field's value. func (s *AuthorizeSecurityGroupIngressInput) SetToPort(v int64) *AuthorizeSecurityGroupIngressInput { s.ToPort = &v @@ -46539,6 +47813,12 @@ func (s *AuthorizeSecurityGroupIngressInput) SetToPort(v int64) *AuthorizeSecuri type AuthorizeSecurityGroupIngressOutput struct { _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, returns an error. + Return *bool `locationName:"return" type:"boolean"` + + // Information about the inbound (ingress) security group rules that were added. + SecurityGroupRules []*SecurityGroupRule `locationName:"securityGroupRuleSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -46551,6 +47831,18 @@ func (s AuthorizeSecurityGroupIngressOutput) GoString() string { return s.String() } +// SetReturn sets the Return field's value. +func (s *AuthorizeSecurityGroupIngressOutput) SetReturn(v bool) *AuthorizeSecurityGroupIngressOutput { + s.Return = &v + return s +} + +// SetSecurityGroupRules sets the SecurityGroupRules field's value. +func (s *AuthorizeSecurityGroupIngressOutput) SetSecurityGroupRules(v []*SecurityGroupRule) *AuthorizeSecurityGroupIngressOutput { + s.SecurityGroupRules = v + return s +} + // Describes Availability Zones, Local Zones, and Wavelength Zones. type AvailabilityZone struct { _ struct{} `type:"structure"` @@ -46761,7 +48053,8 @@ func (s *BlobAttributeValue) SetValue(v []byte) *BlobAttributeValue { return s } -// Describes a block device mapping. +// Describes a block device mapping, which defines the EBS volumes and instance +// store volumes to attach to an instance at launch. type BlockDeviceMapping struct { _ struct{} `type:"structure"` @@ -46773,6 +48066,8 @@ type BlockDeviceMapping struct { Ebs *EbsBlockDevice `locationName:"ebs" type:"structure"` // To omit the device from the block device mapping, specify an empty string. + // When this property is specified, the device is removed from the block device + // mapping regardless of the assigned value. NoDevice *string `locationName:"noDevice" type:"string"` // The virtual device name (ephemeralN). Instance store volumes are numbered @@ -47906,7 +49201,7 @@ type CapacityReservation struct { // was created. OutpostArn *string `locationName:"outpostArn" type:"string"` - // The ID of the AWS account that owns the Capacity Reservation. + // The ID of the Amazon Web Services account that owns the Capacity Reservation. OwnerId *string `locationName:"ownerId" type:"string"` // The date and time at which the Capacity Reservation was started. @@ -47940,10 +49235,10 @@ type CapacityReservation struct { // can have one of the following tenancy settings: // // * default - The Capacity Reservation is created on hardware that is shared - // with other AWS accounts. + // with other Amazon Web Services accounts. // // * dedicated - The Capacity Reservation is created on single-tenant hardware - // that is dedicated to a single AWS account. + // that is dedicated to a single Amazon Web Services account. Tenancy *string `locationName:"tenancy" type:"string" enum:"CapacityReservationTenancy"` // The total number of instances for which the Capacity Reservation reserves @@ -48088,7 +49383,7 @@ type CapacityReservationGroup struct { // The ARN of the resource group. GroupArn *string `locationName:"groupArn" type:"string"` - // The ID of the AWS account that owns the resource group. + // The ID of the Amazon Web Services account that owns the resource group. OwnerId *string `locationName:"ownerId" type:"string"` } @@ -48373,7 +49668,7 @@ type CarrierGateway struct { // The ID of the carrier gateway. CarrierGatewayId *string `locationName:"carrierGatewayId" type:"string"` - // The AWS account ID of the owner of the carrier gateway. + // The Amazon Web Services account ID of the owner of the carrier gateway. OwnerId *string `locationName:"ownerId" type:"string"` // The state of the carrier gateway. @@ -48476,8 +49771,8 @@ func (s *CertificateAuthenticationRequest) SetClientRootCertificateChainArn(v st } // Provides authorization for Amazon to bring a specific IP address range to -// a specific account using bring your own IP addresses (BYOIP). For more information, -// see Configuring your BYOIP address range (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#prepare-for-byoip) +// a specific Amazon Web Services account using bring your own IP addresses +// (BYOIP). For more information, see Configuring your BYOIP address range (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#prepare-for-byoip) // in the Amazon Elastic Compute Cloud User Guide. type CidrAuthorizationContext struct { _ struct{} `type:"structure"` @@ -49767,8 +51062,8 @@ func (s *ConfirmProductInstanceInput) SetProductCode(v string) *ConfirmProductIn type ConfirmProductInstanceOutput struct { _ struct{} `type:"structure"` - // The AWS account ID of the instance owner. This is only present if the product - // code is attached to the instance. + // The Amazon Web Services account ID of the instance owner. This is only present + // if the product code is attached to the instance. OwnerId *string `locationName:"ownerId" type:"string"` // The return value of the request. Returns true if the specified product code @@ -50353,13 +51648,13 @@ type CopySnapshotInput struct { Description *string `type:"string"` // The Amazon Resource Name (ARN) of the Outpost to which to copy the snapshot. - // Only specify this parameter when copying a snapshot from an AWS Region to - // an Outpost. The snapshot must be in the Region for the destination Outpost. - // You cannot copy a snapshot from an Outpost to a Region, from one Outpost - // to another, or within the same Outpost. + // Only specify this parameter when copying a snapshot from an Amazon Web Services + // Region to an Outpost. The snapshot must be in the Region for the destination + // Outpost. You cannot copy a snapshot from an Outpost to a Region, from one + // Outpost to another, or within the same Outpost. // - // For more information, see Copying snapshots from an AWS Region to an Outpost - // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#copy-snapshots) + // For more information, see Copy snapshots from an Amazon Web Services Region + // to an Outpost (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#copy-snapshots) // in the Amazon Elastic Compute Cloud User Guide. DestinationOutpostArn *string `type:"string"` @@ -50368,9 +51663,9 @@ type CopySnapshotInput struct { // Region in a PresignedUrl parameter, where it is required. // // The snapshot copy is sent to the regional endpoint that you sent the HTTP - // request to (for example, ec2.us-east-1.amazonaws.com). With the AWS CLI, - // this is specified using the --region parameter or the default Region in your - // AWS configuration file. + // request to (for example, ec2.us-east-1.amazonaws.com). With the CLI, this + // is specified using the --region parameter or the default Region in your Amazon + // Web Services configuration file. DestinationRegion *string `locationName:"destinationRegion" type:"string"` // Checks whether you have the required permissions for the action, without @@ -50387,12 +51682,11 @@ type CopySnapshotInput struct { // in the Amazon Elastic Compute Cloud User Guide. Encrypted *bool `locationName:"encrypted" type:"boolean"` - // The identifier of the AWS Key Management Service (AWS KMS) customer master - // key (CMK) to use for Amazon EBS encryption. If this parameter is not specified, - // your AWS managed CMK for EBS is used. If KmsKeyId is specified, the encrypted - // state must be true. + // The identifier of the Key Management Service (KMS) KMS key to use for Amazon + // EBS encryption. If this parameter is not specified, your KMS key for Amazon + // EBS is used. If KmsKeyId is specified, the encrypted state must be true. // - // You can specify the CMK using any of the following: + // You can specify the KMS key using any of the following: // // * Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab. // @@ -50402,9 +51696,9 @@ type CopySnapshotInput struct { // // * Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // - // AWS authenticates the CMK asynchronously. Therefore, if you specify an ID, - // alias, or ARN that is not valid, the action can appear to complete, but eventually - // fails. + // Amazon Web Services authenticates the KMS key asynchronously. Therefore, + // if you specify an ID, alias, or ARN that is not valid, the action can appear + // to complete, but eventually fails. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` // When you copy an encrypted source snapshot using the Amazon EC2 Query API, @@ -50413,10 +51707,11 @@ type CopySnapshotInput struct { // // The PresignedUrl should use the snapshot source endpoint, the CopySnapshot // action, and include the SourceRegion, SourceSnapshotId, and DestinationRegion - // parameters. The PresignedUrl must be signed using AWS Signature Version 4. - // Because EBS snapshots are stored in Amazon S3, the signing algorithm for - // this parameter uses the same logic that is described in Authenticating Requests: - // Using Query Parameters (AWS Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) + // parameters. The PresignedUrl must be signed using Amazon Web Services Signature + // Version 4. Because EBS snapshots are stored in Amazon S3, the signing algorithm + // for this parameter uses the same logic that is described in Authenticating + // Requests: Using Query Parameters (Amazon Web Services Signature Version 4) + // (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) // in the Amazon Simple Storage Service API Reference. An invalid or improperly // signed PresignedUrl will cause the copy operation to fail asynchronously, // and the snapshot will move to an error state. @@ -50679,6 +51974,8 @@ type CreateCapacityReservationInput struct { // The number of instances for which to reserve capacity. // + // Valid range: 1 - 1000 + // // InstanceCount is a required field InstanceCount *int64 `type:"integer" required:"true"` @@ -50721,10 +52018,10 @@ type CreateCapacityReservationInput struct { // can have one of the following tenancy settings: // // * default - The Capacity Reservation is created on hardware that is shared - // with other AWS accounts. + // with other Amazon Web Services accounts. // // * dedicated - The Capacity Reservation is created on single-tenant hardware - // that is dedicated to a single AWS account. + // that is dedicated to a single Amazon Web Services account. Tenancy *string `type:"string" enum:"CapacityReservationTenancy"` } @@ -50874,7 +52171,7 @@ type CreateCarrierGatewayInput struct { _ struct{} `type:"structure"` // Unique, case-sensitive identifier that you provide to ensure the idempotency - // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html). + // of the request. For more information, see How to ensure idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` // Checks whether you have the required permissions for the action, without @@ -51700,7 +52997,7 @@ type CreateEgressOnlyInternetGatewayInput struct { _ struct{} `type:"structure"` // Unique, case-sensitive identifier that you provide to ensure the idempotency - // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html). + // of the request. For more information, see How to ensure idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html). ClientToken *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -51861,6 +53158,9 @@ type CreateFleetInput struct { // of the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string"` + // Reserved. + Context *string `type:"string"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, @@ -51889,10 +53189,15 @@ type CreateFleetInput struct { // Describes the configuration of Spot Instances in an EC2 Fleet. SpotOptions *SpotOptionsRequest `type:"structure"` - // The key-value pair for tagging the EC2 Fleet request on creation. The value - // for ResourceType must be fleet, otherwise the fleet request fails. To tag - // instances at launch, specify the tags in the launch template (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#create-launch-template). - // For information about tagging after launch, see Tagging your resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-resources). + // The key-value pair for tagging the EC2 Fleet request on creation. For more + // information, see Tagging your resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-resources). + // + // If the fleet type is instant, specify a resource type of fleet to tag the + // fleet or instance to tag the instances at launch. + // + // If the fleet type is maintain or request, specify a resource type of fleet + // to tag the fleet. You cannot specify a resource type of instance. To tag + // instances at launch, specify the tags in a launch template (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#create-launch-template). TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` // The number of units to request. @@ -51904,7 +53209,7 @@ type CreateFleetInput struct { // expires. TerminateInstancesWithExpiration *bool `type:"boolean"` - // The type of request. The default value is maintain. + // The fleet type. The default value is maintain. // // * maintain - The EC2 Fleet places an asynchronous request for your desired // capacity, and continues to maintain your desired Spot capacity by replenishing @@ -51980,6 +53285,12 @@ func (s *CreateFleetInput) SetClientToken(v string) *CreateFleetInput { return s } +// SetContext sets the Context field's value. +func (s *CreateFleetInput) SetContext(v string) *CreateFleetInput { + s.Context = &v + return s +} + // SetDryRun sets the DryRun field's value. func (s *CreateFleetInput) SetDryRun(v bool) *CreateFleetInput { s.DryRun = &v @@ -52119,14 +53430,14 @@ type CreateFleetOutput struct { _ struct{} `type:"structure"` // Information about the instances that could not be launched by the fleet. - // Valid only when Type is set to instant. + // Supported only for fleets of type instant. Errors []*CreateFleetError `locationName:"errorSet" locationNameList:"item" type:"list"` // The ID of the EC2 Fleet. FleetId *string `locationName:"fleetId" type:"string"` - // Information about the instances that were launched by the fleet. Valid only - // when Type is set to instant. + // Information about the instances that were launched by the fleet. Supported + // only for fleets of type instant. Instances []*CreateFleetInstance `locationName:"fleetInstanceSet" locationNameList:"item" type:"list"` } @@ -52162,7 +53473,7 @@ type CreateFlowLogsInput struct { _ struct{} `type:"structure"` // Unique, case-sensitive identifier that you provide to ensure the idempotency - // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html). + // of the request. For more information, see How to ensure idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html). ClientToken *string `type:"string"` // The ARN for the IAM role that permits Amazon EC2 to publish flow logs to @@ -52208,12 +53519,12 @@ type CreateFlowLogsInput struct { LogDestinationType *string `type:"string" enum:"LogDestinationType"` // The fields to include in the flow log record, in the order in which they - // should appear. For a list of available fields, see Flow Log Records (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records). + // should appear. For a list of available fields, see Flow log records (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records). // If you omit this parameter, the flow log is created using the default format. // If you specify this parameter, you must specify at least one field. // // Specify the fields using the ${field-id} format, separated by spaces. For - // the AWS CLI, use single quotation marks (' ') to surround the parameter value. + // the CLI, use single quotation marks (' ') to surround the parameter value. LogFormat *string `type:"string"` // The name of a new or existing CloudWatch Logs log group where Amazon EC2 @@ -52674,6 +53985,113 @@ func (s *CreateImageOutput) SetImageId(v string) *CreateImageOutput { return s } +type CreateInstanceEventWindowInput struct { + _ struct{} `type:"structure"` + + // The cron expression for the event window, for example, * 0-4,20-23 * * 1,5. + // If you specify a cron expression, you can't specify a time range. + // + // Constraints: + // + // * Only hour and day of the week values are supported. + // + // * For day of the week values, you can specify either integers 0 through + // 6, or alternative single values SUN through SAT. + // + // * The minute, month, and year must be specified by *. + // + // * The hour value must be one or a multiple range, for example, 0-4 or + // 0-4,20-23. + // + // * Each hour range must be >= 2 hours, for example, 0-2 or 20-23. + // + // * The event window must be >= 4 hours. The combined total time ranges + // in the event window must be >= 4 hours. + // + // For more information about cron expressions, see cron (https://en.wikipedia.org/wiki/Cron) + // on the Wikipedia website. + CronExpression *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The name of the event window. + Name *string `type:"string"` + + // The tags to apply to the event window. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // The time range for the event window. If you specify a time range, you can't + // specify a cron expression. + TimeRanges []*InstanceEventWindowTimeRangeRequest `locationName:"TimeRange" type:"list"` +} + +// String returns the string representation +func (s CreateInstanceEventWindowInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateInstanceEventWindowInput) GoString() string { + return s.String() +} + +// SetCronExpression sets the CronExpression field's value. +func (s *CreateInstanceEventWindowInput) SetCronExpression(v string) *CreateInstanceEventWindowInput { + s.CronExpression = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateInstanceEventWindowInput) SetDryRun(v bool) *CreateInstanceEventWindowInput { + s.DryRun = &v + return s +} + +// SetName sets the Name field's value. +func (s *CreateInstanceEventWindowInput) SetName(v string) *CreateInstanceEventWindowInput { + s.Name = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateInstanceEventWindowInput) SetTagSpecifications(v []*TagSpecification) *CreateInstanceEventWindowInput { + s.TagSpecifications = v + return s +} + +// SetTimeRanges sets the TimeRanges field's value. +func (s *CreateInstanceEventWindowInput) SetTimeRanges(v []*InstanceEventWindowTimeRangeRequest) *CreateInstanceEventWindowInput { + s.TimeRanges = v + return s +} + +type CreateInstanceEventWindowOutput struct { + _ struct{} `type:"structure"` + + // Information about the event window. + InstanceEventWindow *InstanceEventWindow `locationName:"instanceEventWindow" type:"structure"` +} + +// String returns the string representation +func (s CreateInstanceEventWindowOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateInstanceEventWindowOutput) GoString() string { + return s.String() +} + +// SetInstanceEventWindow sets the InstanceEventWindow field's value. +func (s *CreateInstanceEventWindowOutput) SetInstanceEventWindow(v *InstanceEventWindow) *CreateInstanceEventWindowOutput { + s.InstanceEventWindow = v + return s +} + type CreateInstanceExportTaskInput struct { _ struct{} `type:"structure"` @@ -52856,6 +54274,12 @@ type CreateKeyPairInput struct { // KeyName is a required field KeyName *string `type:"string" required:"true"` + // The type of key pair. Note that ED25519 keys are not supported for Windows + // instances, EC2 Instance Connect, and EC2 Serial Console. + // + // Default: rsa + KeyType *string `type:"string" enum:"KeyType"` + // The tags to apply to the new key pair. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` } @@ -52895,6 +54319,12 @@ func (s *CreateKeyPairInput) SetKeyName(v string) *CreateKeyPairInput { return s } +// SetKeyType sets the KeyType field's value. +func (s *CreateKeyPairInput) SetKeyType(v string) *CreateKeyPairInput { + s.KeyType = &v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateKeyPairInput) SetTagSpecifications(v []*TagSpecification) *CreateKeyPairInput { s.TagSpecifications = v @@ -52908,7 +54338,7 @@ type CreateKeyPairOutput struct { // The SHA-1 digest of the DER encoded private key. KeyFingerprint *string `locationName:"keyFingerprint" type:"string"` - // An unencrypted PEM encoded RSA private key. + // An unencrypted PEM encoded RSA or ED25519 private key. KeyMaterial *string `locationName:"keyMaterial" type:"string" sensitive:"true"` // The name of the key pair. @@ -53596,7 +55026,7 @@ type CreateNatGatewayInput struct { AllocationId *string `type:"string"` // Unique, case-sensitive identifier that you provide to ensure the idempotency - // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // of the request. For more information, see How to ensure idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). // // Constraint: Maximum 64 ASCII characters. ClientToken *string `type:"string" idempotencyToken:"true"` @@ -53969,15 +55399,16 @@ type CreateNetworkInsightsPathInput struct { _ struct{} `type:"structure"` // Unique, case-sensitive identifier that you provide to ensure the idempotency - // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // of the request. For more information, see How to ensure idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // The AWS resource that is the destination of the path. + // The Amazon Web Services resource that is the destination of the path. // // Destination is a required field Destination *string `type:"string" required:"true"` - // The IP address of the AWS resource that is the destination of the path. + // The IP address of the Amazon Web Services resource that is the destination + // of the path. DestinationIp *string `type:"string"` // The destination port. @@ -53994,12 +55425,13 @@ type CreateNetworkInsightsPathInput struct { // Protocol is a required field Protocol *string `type:"string" required:"true" enum:"Protocol"` - // The AWS resource that is the source of the path. + // The Amazon Web Services resource that is the source of the path. // // Source is a required field Source *string `type:"string" required:"true"` - // The IP address of the AWS resource that is the source of the path. + // The IP address of the Amazon Web Services resource that is the source of + // the path. SourceIp *string `type:"string"` // The tags to add to the path. @@ -54143,6 +55575,15 @@ type CreateNetworkInterfaceInput struct { // the Amazon Elastic Compute Cloud User Guide. InterfaceType *string `type:"string" enum:"NetworkInterfaceCreationType"` + // The number of IPv4 prefixes that Amazon Web Services automatically assigns + // to the network interface. You cannot use this option if you use the Ipv4 + // Prefixes option. + Ipv4PrefixCount *int64 `type:"integer"` + + // One or more IPv4 prefixes assigned to the network interface. You cannot use + // this option if you use the Ipv4PrefixCount option. + Ipv4Prefixes []*Ipv4PrefixSpecificationRequest `locationName:"Ipv4Prefix" locationNameList:"item" type:"list"` + // The number of IPv6 addresses to assign to a network interface. Amazon EC2 // automatically selects the IPv6 addresses from the subnet range. You can't // use this option if specifying specific IPv6 addresses. If your subnet has @@ -54154,6 +55595,15 @@ type CreateNetworkInterfaceInput struct { // subnet. You can't use this option if you're specifying a number of IPv6 addresses. Ipv6Addresses []*InstanceIpv6Address `locationName:"ipv6Addresses" locationNameList:"item" type:"list"` + // The number of IPv6 prefixes that Amazon Web Services automatically assigns + // to the network interface. You cannot use this option if you use the Ipv6Prefixes + // option. + Ipv6PrefixCount *int64 `type:"integer"` + + // One or more IPv6 prefixes assigned to the network interface. You cannot use + // this option if you use the Ipv6PrefixCount option. + Ipv6Prefixes []*Ipv6PrefixSpecificationRequest `locationName:"Ipv6Prefix" locationNameList:"item" type:"list"` + // The primary private IPv4 address of the network interface. If you don't specify // an IPv4 address, Amazon EC2 selects one for you from the subnet's IPv4 CIDR // range. If you specify an IP address, you cannot indicate any IP addresses @@ -54237,6 +55687,18 @@ func (s *CreateNetworkInterfaceInput) SetInterfaceType(v string) *CreateNetworkI return s } +// SetIpv4PrefixCount sets the Ipv4PrefixCount field's value. +func (s *CreateNetworkInterfaceInput) SetIpv4PrefixCount(v int64) *CreateNetworkInterfaceInput { + s.Ipv4PrefixCount = &v + return s +} + +// SetIpv4Prefixes sets the Ipv4Prefixes field's value. +func (s *CreateNetworkInterfaceInput) SetIpv4Prefixes(v []*Ipv4PrefixSpecificationRequest) *CreateNetworkInterfaceInput { + s.Ipv4Prefixes = v + return s +} + // SetIpv6AddressCount sets the Ipv6AddressCount field's value. func (s *CreateNetworkInterfaceInput) SetIpv6AddressCount(v int64) *CreateNetworkInterfaceInput { s.Ipv6AddressCount = &v @@ -54249,6 +55711,18 @@ func (s *CreateNetworkInterfaceInput) SetIpv6Addresses(v []*InstanceIpv6Address) return s } +// SetIpv6PrefixCount sets the Ipv6PrefixCount field's value. +func (s *CreateNetworkInterfaceInput) SetIpv6PrefixCount(v int64) *CreateNetworkInterfaceInput { + s.Ipv6PrefixCount = &v + return s +} + +// SetIpv6Prefixes sets the Ipv6Prefixes field's value. +func (s *CreateNetworkInterfaceInput) SetIpv6Prefixes(v []*Ipv6PrefixSpecificationRequest) *CreateNetworkInterfaceInput { + s.Ipv6Prefixes = v + return s +} + // SetPrivateIpAddress sets the PrivateIpAddress field's value. func (s *CreateNetworkInterfaceInput) SetPrivateIpAddress(v string) *CreateNetworkInterfaceInput { s.PrivateIpAddress = &v @@ -54317,7 +55791,7 @@ func (s *CreateNetworkInterfaceOutput) SetNetworkInterface(v *NetworkInterface) type CreateNetworkInterfacePermissionInput struct { _ struct{} `type:"structure"` - // The account ID. + // The Amazon Web Services account ID. AwsAccountId *string `type:"string"` // The Amazon Web Service. Currently not supported. @@ -54514,7 +55988,7 @@ type CreateReplaceRootVolumeTaskInput struct { // Unique, case-sensitive identifier you provide to ensure the idempotency of // the request. If you do not specify a client token, a randomly generated token // is used for the request to ensure idempotency. For more information, see - // Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // Ensuring idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` // Checks whether you have the required permissions for the action, without @@ -55256,7 +56730,7 @@ type CreateSnapshotInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // The Amazon Resource Name (ARN) of the AWS Outpost on which to create a local + // The Amazon Resource Name (ARN) of the Outpost on which to create a local // snapshot. // // * To create a snapshot of a volume in a Region, omit this parameter. The @@ -55270,7 +56744,7 @@ type CreateSnapshotInput struct { // on an Outpost, specify the ARN of the destination Outpost. The snapshot // must be created on the same Outpost as the volume. // - // For more information, see Creating local snapshots from volumes on an Outpost + // For more information, see Create local snapshots from volumes on an Outpost // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#create-snapshot) // in the Amazon Elastic Compute Cloud User Guide. OutpostArn *string `type:"string"` @@ -55278,7 +56752,7 @@ type CreateSnapshotInput struct { // The tags to apply to the snapshot during creation. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` - // The ID of the EBS volume. + // The ID of the Amazon EBS volume. // // VolumeId is a required field VolumeId *string `type:"string" required:"true"` @@ -55357,8 +56831,8 @@ type CreateSnapshotsInput struct { // InstanceSpecification is a required field InstanceSpecification *InstanceSpecification `type:"structure" required:"true"` - // The Amazon Resource Name (ARN) of the AWS Outpost on which to create the - // local snapshots. + // The Amazon Resource Name (ARN) of the Outpost on which to create the local + // snapshots. // // * To create snapshots from an instance in a Region, omit this parameter. // The snapshots are created in the same Region as the instance. @@ -55371,7 +56845,7 @@ type CreateSnapshotsInput struct { // on an Outpost, specify the ARN of the destination Outpost. The snapshots // must be created on the same Outpost as the instance. // - // For more information, see Creating multi-volume local snapshots from instances + // For more information, see Create multi-volume local snapshots from instances // on an Outpost (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#create-multivol-snapshot) // in the Amazon Elastic Compute Cloud User Guide. OutpostArn *string `type:"string"` @@ -55647,13 +57121,144 @@ func (s *CreateStoreImageTaskOutput) SetObjectKey(v string) *CreateStoreImageTas return s } +type CreateSubnetCidrReservationInput struct { + _ struct{} `type:"structure"` + + // The IPv4 or IPV6 CIDR range to reserve. + // + // Cidr is a required field + Cidr *string `type:"string" required:"true"` + + // The description to assign to the subnet CIDR reservation. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The type of reservation. + // + // The following are valid values: + // + // * prefix: The Amazon EC2 Prefix Delegation feature assigns the IP addresses + // to network interfaces that are associated with an instance. For information + // about Prefix Delegation, see Prefix Delegation for Amazon EC2 network + // interfaces (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-delegation.html) + // in the Amazon Elastic Compute Cloud User Guide. + // + // * explicit: You manually assign the IP addresses to resources that reside + // in your subnet. + // + // ReservationType is a required field + ReservationType *string `type:"string" required:"true" enum:"SubnetCidrReservationType"` + + // The ID of the subnet. + // + // SubnetId is a required field + SubnetId *string `type:"string" required:"true"` + + // The tags to assign to the subnet CIDR reservation. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s CreateSubnetCidrReservationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateSubnetCidrReservationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateSubnetCidrReservationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateSubnetCidrReservationInput"} + if s.Cidr == nil { + invalidParams.Add(request.NewErrParamRequired("Cidr")) + } + if s.ReservationType == nil { + invalidParams.Add(request.NewErrParamRequired("ReservationType")) + } + if s.SubnetId == nil { + invalidParams.Add(request.NewErrParamRequired("SubnetId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCidr sets the Cidr field's value. +func (s *CreateSubnetCidrReservationInput) SetCidr(v string) *CreateSubnetCidrReservationInput { + s.Cidr = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateSubnetCidrReservationInput) SetDescription(v string) *CreateSubnetCidrReservationInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateSubnetCidrReservationInput) SetDryRun(v bool) *CreateSubnetCidrReservationInput { + s.DryRun = &v + return s +} + +// SetReservationType sets the ReservationType field's value. +func (s *CreateSubnetCidrReservationInput) SetReservationType(v string) *CreateSubnetCidrReservationInput { + s.ReservationType = &v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *CreateSubnetCidrReservationInput) SetSubnetId(v string) *CreateSubnetCidrReservationInput { + s.SubnetId = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateSubnetCidrReservationInput) SetTagSpecifications(v []*TagSpecification) *CreateSubnetCidrReservationInput { + s.TagSpecifications = v + return s +} + +type CreateSubnetCidrReservationOutput struct { + _ struct{} `type:"structure"` + + // Information about the created subnet CIDR reservation. + SubnetCidrReservation *SubnetCidrReservation `locationName:"subnetCidrReservation" type:"structure"` +} + +// String returns the string representation +func (s CreateSubnetCidrReservationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateSubnetCidrReservationOutput) GoString() string { + return s.String() +} + +// SetSubnetCidrReservation sets the SubnetCidrReservation field's value. +func (s *CreateSubnetCidrReservationOutput) SetSubnetCidrReservation(v *SubnetCidrReservation) *CreateSubnetCidrReservationOutput { + s.SubnetCidrReservation = v + return s +} + type CreateSubnetInput struct { _ struct{} `type:"structure"` // The Availability Zone or Local Zone for the subnet. // - // Default: AWS selects one for you. If you create more than one subnet in your - // VPC, we do not necessarily select a different zone for each subnet. + // Default: Amazon Web Services selects one for you. If you create more than + // one subnet in your VPC, we do not necessarily select a different zone for + // each subnet. // // To create a subnet in a Local Zone, set this value to the Local Zone ID, // for example us-west-2-lax-1a. For information about the Regions that support @@ -56477,7 +58082,7 @@ type CreateTransitGatewayConnectInput struct { TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` // The ID of the transit gateway attachment. You can specify a VPC attachment - // or a AWS Direct Connect attachment. + // or Amazon Web Services Direct Connect attachment. // // TransportTransitGatewayAttachmentId is a required field TransportTransitGatewayAttachmentId *string `type:"string" required:"true"` @@ -56957,7 +58562,7 @@ type CreateTransitGatewayPeeringAttachmentInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The AWS account ID of the owner of the peer transit gateway. + // The ID of the Amazon Web Services account that owns the peer transit gateway. // // PeerAccountId is a required field PeerAccountId *string `type:"string" required:"true"` @@ -57539,6 +59144,10 @@ type CreateVolumeInput struct { // AvailabilityZone is a required field AvailabilityZone *string `type:"string" required:"true"` + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, @@ -57568,21 +59177,20 @@ type CreateVolumeInput struct { // // * io2: 100-64,000 IOPS // - // For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built - // on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). - // Other instance families guarantee performance up to 32,000 IOPS. + // io1 and io2 volumes support up to 64,000 IOPS only on Instances built on + // the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). + // Other instance families support performance up to 32,000 IOPS. // // This parameter is required for io1 and io2 volumes. The default for gp3 volumes // is 3,000 IOPS. This parameter is not supported for gp2, st1, sc1, or standard // volumes. Iops *int64 `type:"integer"` - // The identifier of the AWS Key Management Service (AWS KMS) customer master - // key (CMK) to use for Amazon EBS encryption. If this parameter is not specified, - // your AWS managed CMK for EBS is used. If KmsKeyId is specified, the encrypted - // state must be true. + // The identifier of the Key Management Service (KMS) KMS key to use for Amazon + // EBS encryption. If this parameter is not specified, your KMS key for Amazon + // EBS is used. If KmsKeyId is specified, the encrypted state must be true. // - // You can specify the CMK using any of the following: + // You can specify the KMS key using any of the following: // // * Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab. // @@ -57592,9 +59200,9 @@ type CreateVolumeInput struct { // // * Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // - // AWS authenticates the CMK asynchronously. Therefore, if you specify an ID, - // alias, or ARN that is not valid, the action can appear to complete, but eventually - // fails. + // Amazon Web Services authenticates the KMS key asynchronously. Therefore, + // if you specify an ID, alias, or ARN that is not valid, the action can appear + // to complete, but eventually fails. KmsKeyId *string `type:"string"` // Indicates whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, @@ -57686,6 +59294,12 @@ func (s *CreateVolumeInput) SetAvailabilityZone(v string) *CreateVolumeInput { return s } +// SetClientToken sets the ClientToken field's value. +func (s *CreateVolumeInput) SetClientToken(v string) *CreateVolumeInput { + s.ClientToken = &v + return s +} + // SetDryRun sets the DryRun field's value. func (s *CreateVolumeInput) SetDryRun(v bool) *CreateVolumeInput { s.DryRun = &v @@ -57760,7 +59374,7 @@ type CreateVolumePermission struct { // The group to be added or removed. The possible value is all. Group *string `locationName:"group" type:"string" enum:"PermissionGroup"` - // The AWS account ID to be added or removed. + // The ID of the Amazon Web Services account to be added or removed. UserId *string `locationName:"userId" type:"string"` } @@ -57790,10 +59404,10 @@ func (s *CreateVolumePermission) SetUserId(v string) *CreateVolumePermission { type CreateVolumePermissionModifications struct { _ struct{} `type:"structure"` - // Adds the specified AWS account ID or group to the list. + // Adds the specified Amazon Web Services account ID or group to the list. Add []*CreateVolumePermission `locationNameList:"item" type:"list"` - // Removes the specified AWS account ID or group from the list. + // Removes the specified Amazon Web Services account ID or group from the list. Remove []*CreateVolumePermission `locationNameList:"item" type:"list"` } @@ -58410,9 +60024,9 @@ type CreateVpcPeeringConnectionInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // The AWS account ID of the owner of the accepter VPC. + // The Amazon Web Services account ID of the owner of the accepter VPC. // - // Default: Your AWS account ID + // Default: Your Amazon Web Services account ID PeerOwnerId *string `locationName:"peerOwnerId" type:"string"` // The Region code for the accepter VPC, if the accepter VPC is located in a @@ -59758,6 +61372,89 @@ func (s *DeleteFpgaImageOutput) SetReturn(v bool) *DeleteFpgaImageOutput { return s } +type DeleteInstanceEventWindowInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // Specify true to force delete the event window. Use the force delete parameter + // if the event window is currently associated with targets. + ForceDelete *bool `type:"boolean"` + + // The ID of the event window. + // + // InstanceEventWindowId is a required field + InstanceEventWindowId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteInstanceEventWindowInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteInstanceEventWindowInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteInstanceEventWindowInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteInstanceEventWindowInput"} + if s.InstanceEventWindowId == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceEventWindowId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteInstanceEventWindowInput) SetDryRun(v bool) *DeleteInstanceEventWindowInput { + s.DryRun = &v + return s +} + +// SetForceDelete sets the ForceDelete field's value. +func (s *DeleteInstanceEventWindowInput) SetForceDelete(v bool) *DeleteInstanceEventWindowInput { + s.ForceDelete = &v + return s +} + +// SetInstanceEventWindowId sets the InstanceEventWindowId field's value. +func (s *DeleteInstanceEventWindowInput) SetInstanceEventWindowId(v string) *DeleteInstanceEventWindowInput { + s.InstanceEventWindowId = &v + return s +} + +type DeleteInstanceEventWindowOutput struct { + _ struct{} `type:"structure"` + + // The state of the event window. + InstanceEventWindowState *InstanceEventWindowStateChange `locationName:"instanceEventWindowState" type:"structure"` +} + +// String returns the string representation +func (s DeleteInstanceEventWindowOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteInstanceEventWindowOutput) GoString() string { + return s.String() +} + +// SetInstanceEventWindowState sets the InstanceEventWindowState field's value. +func (s *DeleteInstanceEventWindowOutput) SetInstanceEventWindowState(v *InstanceEventWindowStateChange) *DeleteInstanceEventWindowOutput { + s.InstanceEventWindowState = v + return s +} + type DeleteInternetGatewayInput struct { _ struct{} `type:"structure"` @@ -61422,6 +63119,79 @@ func (s DeleteSpotDatafeedSubscriptionOutput) GoString() string { return s.String() } +type DeleteSubnetCidrReservationInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the subnet CIDR reservation. + // + // SubnetCidrReservationId is a required field + SubnetCidrReservationId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteSubnetCidrReservationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteSubnetCidrReservationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteSubnetCidrReservationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteSubnetCidrReservationInput"} + if s.SubnetCidrReservationId == nil { + invalidParams.Add(request.NewErrParamRequired("SubnetCidrReservationId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteSubnetCidrReservationInput) SetDryRun(v bool) *DeleteSubnetCidrReservationInput { + s.DryRun = &v + return s +} + +// SetSubnetCidrReservationId sets the SubnetCidrReservationId field's value. +func (s *DeleteSubnetCidrReservationInput) SetSubnetCidrReservationId(v string) *DeleteSubnetCidrReservationInput { + s.SubnetCidrReservationId = &v + return s +} + +type DeleteSubnetCidrReservationOutput struct { + _ struct{} `type:"structure"` + + // Information about the deleted subnet CIDR reservation. + DeletedSubnetCidrReservation *SubnetCidrReservation `locationName:"deletedSubnetCidrReservation" type:"structure"` +} + +// String returns the string representation +func (s DeleteSubnetCidrReservationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteSubnetCidrReservationOutput) GoString() string { + return s.String() +} + +// SetDeletedSubnetCidrReservation sets the DeletedSubnetCidrReservation field's value. +func (s *DeleteSubnetCidrReservationOutput) SetDeletedSubnetCidrReservation(v *SubnetCidrReservation) *DeleteSubnetCidrReservationOutput { + s.DeletedSubnetCidrReservation = v + return s +} + type DeleteSubnetInput struct { _ struct{} `type:"structure"` @@ -61510,7 +63280,8 @@ type DeleteTagsInput struct { // an empty string. // // If you omit this parameter, we delete all user-defined tags for the specified - // resources. We do not delete AWS-generated tags (tags that have the aws: prefix). + // resources. We do not delete Amazon Web Services-generated tags (tags that + // have the aws: prefix). Tags []*Tag `locationName:"tag" locationNameList:"item" type:"list"` } @@ -63748,7 +65519,8 @@ type DescribeAddressesInput struct { // * network-interface-id - [EC2-VPC] The ID of the network interface that // the address is associated with, if any. // - // * network-interface-owner-id - The account ID of the owner. + // * network-interface-owner-id - The Amazon Web Services account ID of the + // owner. // // * private-ip-address - [EC2-VPC] The private IP address associated with // the Elastic IP address. @@ -64214,7 +65986,8 @@ type DescribeCapacityReservationsInput struct { // * instance-type - The type of instance for which the Capacity Reservation // reserves capacity. // - // * owner-id - The ID of the AWS account that owns the Capacity Reservation. + // * owner-id - The ID of the Amazon Web Services account that owns the Capacity + // Reservation. // // * availability-zone-id - The Availability Zone ID of the Capacity Reservation. // @@ -64226,8 +65999,9 @@ type DescribeCapacityReservationsInput struct { // * tenancy - Indicates the tenancy of the Capacity Reservation. A Capacity // Reservation can have one of the following tenancy settings: default - // The Capacity Reservation is created on hardware that is shared with other - // AWS accounts. dedicated - The Capacity Reservation is created on single-tenant - // hardware that is dedicated to a single AWS account. + // Amazon Web Services accounts. dedicated - The Capacity Reservation is + // created on single-tenant hardware that is dedicated to a single Amazon + // Web Services account. // // * outpost-arn - The Amazon Resource Name (ARN) of the Outpost on which // the Capacity Reservation was created. @@ -64384,7 +66158,8 @@ type DescribeCarrierGatewaysInput struct { // * state - The state of the carrier gateway (pending | failed | available // | deleting | deleted). // - // * owner-id - The AWS account ID of the owner of the carrier gateway. + // * owner-id - The Amazon Web Services account ID of the owner of the carrier + // gateway. // // * tag:<key> - The key/value combination of a tag assigned to the resource. // Use the tag key in the filter name and the tag value as the filter value. @@ -65519,7 +67294,8 @@ type DescribeDhcpOptionsInput struct { // // * value - The value for one of the options. // - // * owner-id - The ID of the AWS account that owns the DHCP options set. + // * owner-id - The ID of the Amazon Web Services account that owns the DHCP + // options set. // // * tag:<key> - The key/value combination of a tag assigned to the resource. // Use the tag key in the filter name and the tag value as the filter value. @@ -66066,11 +67842,12 @@ type DescribeFastSnapshotRestoreSuccessItem struct { // The time at which fast snapshot restores entered the optimizing state. OptimizingTime *time.Time `locationName:"optimizingTime" type:"timestamp"` - // The AWS owner alias that enabled fast snapshot restores on the snapshot. - // This is intended for future use. + // The Amazon Web Services owner alias that enabled fast snapshot restores on + // the snapshot. This is intended for future use. OwnerAlias *string `locationName:"ownerAlias" type:"string"` - // The ID of the AWS account that enabled fast snapshot restores on the snapshot. + // The ID of the Amazon Web Services account that enabled fast snapshot restores + // on the snapshot. OwnerId *string `locationName:"ownerId" type:"string"` // The ID of the snapshot. @@ -66178,8 +67955,8 @@ type DescribeFastSnapshotRestoresInput struct { // // * availability-zone: The Availability Zone of the snapshot. // - // * owner-id: The ID of the AWS account that enabled fast snapshot restore - // on the snapshot. + // * owner-id: The ID of the Amazon Web Services account that enabled fast + // snapshot restore on the snapshot. // // * snapshot-id: The ID of the snapshot. // @@ -68327,8 +70104,8 @@ type DescribeInstanceAttributeOutput struct { // Indicates whether enhanced networking with ENA is enabled. EnaSupport *AttributeBooleanValue `locationName:"enaSupport" type:"structure"` - // To enable the instance for AWS Nitro Enclaves, set this parameter to true; - // otherwise, set it to false. + // To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter + // to true; otherwise, set it to false. EnclaveOptions *EnclaveOptions `locationName:"enclaveOptions" type:"structure"` // The security groups associated with the instance. @@ -68644,6 +70421,150 @@ func (s *DescribeInstanceEventNotificationAttributesOutput) SetInstanceTagAttrib return s } +// Describe instance event windows by InstanceEventWindow. +type DescribeInstanceEventWindowsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + // + // * dedicated-host-id - The event windows associated with the specified + // Dedicated Host ID. + // + // * event-window-name - The event windows associated with the specified + // names. + // + // * instance-id - The event windows associated with the specified instance + // ID. + // + // * instance-tag - The event windows associated with the specified tag and + // value. + // + // * instance-tag-key - The event windows associated with the specified tag + // key, regardless of the value. + // + // * instance-tag-value - The event windows associated with the specified + // tag value, regardless of the key. + // + // * tag:<key> - The key/value combination of a tag assigned to the event + // window. Use the tag key in the filter name and the tag value as the filter + // value. For example, to find all resources that have a tag with the key + // Owner and the value CMX, specify tag:Owner for the filter name and CMX + // for the filter value. + // + // * tag-key - The key of a tag assigned to the event window. Use this filter + // to find all event windows that have a tag with a specific key, regardless + // of the tag value. + // + // * tag-value - The value of a tag assigned to the event window. Use this + // filter to find all event windows that have a tag with a specific value, + // regardless of the tag key. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The IDs of the event windows. + InstanceEventWindowIds []*string `locationName:"InstanceEventWindowId" locationNameList:"InstanceEventWindowId" type:"list"` + + // The maximum number of results to return in a single call. To retrieve the + // remaining results, make another call with the returned NextToken value. This + // value can be between 20 and 500. You cannot specify this parameter and the + // event window IDs parameter in the same call. + MaxResults *int64 `min:"20" type:"integer"` + + // The token to request the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s DescribeInstanceEventWindowsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeInstanceEventWindowsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeInstanceEventWindowsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeInstanceEventWindowsInput"} + if s.MaxResults != nil && *s.MaxResults < 20 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 20)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeInstanceEventWindowsInput) SetDryRun(v bool) *DescribeInstanceEventWindowsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeInstanceEventWindowsInput) SetFilters(v []*Filter) *DescribeInstanceEventWindowsInput { + s.Filters = v + return s +} + +// SetInstanceEventWindowIds sets the InstanceEventWindowIds field's value. +func (s *DescribeInstanceEventWindowsInput) SetInstanceEventWindowIds(v []*string) *DescribeInstanceEventWindowsInput { + s.InstanceEventWindowIds = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeInstanceEventWindowsInput) SetMaxResults(v int64) *DescribeInstanceEventWindowsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeInstanceEventWindowsInput) SetNextToken(v string) *DescribeInstanceEventWindowsInput { + s.NextToken = &v + return s +} + +type DescribeInstanceEventWindowsOutput struct { + _ struct{} `type:"structure"` + + // Information about the event windows. + InstanceEventWindows []*InstanceEventWindow `locationName:"instanceEventWindowSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeInstanceEventWindowsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeInstanceEventWindowsOutput) GoString() string { + return s.String() +} + +// SetInstanceEventWindows sets the InstanceEventWindows field's value. +func (s *DescribeInstanceEventWindowsOutput) SetInstanceEventWindows(v []*InstanceEventWindow) *DescribeInstanceEventWindowsOutput { + s.InstanceEventWindows = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeInstanceEventWindowsOutput) SetNextToken(v string) *DescribeInstanceEventWindowsOutput { + s.NextToken = &v + return s +} + type DescribeInstanceStatusInput struct { _ struct{} `type:"structure"` @@ -69003,6 +70924,9 @@ type DescribeInstanceTypesInput struct { // * network-info.ena-support - Indicates whether Elastic Network Adapter // (ENA) is supported or required (required | supported | unsupported). // + // * network-info.encryption-in-transit-supported - Indicates whether the + // instance type automatically encrypts in-transit traffic between instances. + // // * network-info.ipv4-addresses-per-interface - The maximum number of private // IPv4 addresses per network interface. // @@ -69320,7 +71244,7 @@ type DescribeInstancesInput struct { // * network-interface.requester-id - The requester ID for the network interface. // // * network-interface.requester-managed - Indicates whether the network - // interface is being managed by AWS. + // interface is being managed by Amazon Web Services. // // * network-interface.status - The status of the network interface (available) // | in-use). @@ -69337,7 +71261,7 @@ type DescribeInstancesInput struct { // // * outpost-arn - The Amazon Resource Name (ARN) of the Outpost. // - // * owner-id - The AWS account ID of the instance owner. + // * owner-id - The Amazon Web Services account ID of the instance owner. // // * placement-group-name - The name of the placement group for the instance. // @@ -69362,7 +71286,8 @@ type DescribeInstancesInput struct { // Similar to the state-reason-code filter. // // * requester-id - The ID of the entity that launched the instance on your - // behalf (for example, AWS Management Console, Auto Scaling, and so on). + // behalf (for example, Amazon Web Services Management Console, Auto Scaling, + // and so on). // // * reservation-id - The ID of the instance's reservation. A reservation // ID is created any time you launch an instance. A reservation ID has a @@ -69514,7 +71439,8 @@ type DescribeInternetGatewaysInput struct { // // * internet-gateway-id - The ID of the Internet gateway. // - // * owner-id - The ID of the AWS account that owns the internet gateway. + // * owner-id - The ID of the Amazon Web Services account that owns the internet + // gateway. // // * tag:<key> - The key/value combination of a tag assigned to the resource. // Use the tag key in the filter name and the tag value as the filter value. @@ -69775,7 +71701,7 @@ type DescribeKeyPairsInput struct { // The key pair names. // - // Default: Describes all your key pairs. + // Default: Describes all of your key pairs. KeyNames []*string `locationName:"KeyName" locationNameList:"KeyName" type:"list"` // The IDs of the key pairs. @@ -71261,7 +73187,8 @@ type DescribeNetworkAclsInput struct { // // * network-acl-id - The ID of the network ACL. // - // * owner-id - The ID of the AWS account that owns the network ACL. + // * owner-id - The ID of the Amazon Web Services account that owns the network + // ACL. // // * tag:<key> - The key/value combination of a tag assigned to the resource. // Use the tag key in the filter name and the tag value as the filter value. @@ -71768,7 +73695,8 @@ type DescribeNetworkInterfacePermissionsInput struct { // * network-interface-permission.network-interface-id - The ID of the network // interface. // - // * network-interface-permission.aws-account-id - The account ID. + // * network-interface-permission.aws-account-id - The Amazon Web Services + // account ID. // // * network-interface-permission.aws-service - The Amazon Web Service. // @@ -71943,19 +73871,20 @@ type DescribeNetworkInterfacesInput struct { // // * network-interface-id - The ID of the network interface. // - // * owner-id - The account ID of the network interface owner. + // * owner-id - The Amazon Web Services account ID of the network interface + // owner. // // * private-ip-address - The private IPv4 address or addresses of the network // interface. // // * private-dns-name - The private DNS name of the network interface (IPv4). // - // * requester-id - The alias or account ID of the principal or service that - // created the network interface. + // * requester-id - The alias or Amazon Web Services account ID of the principal + // or service that created the network interface. // // * requester-managed - Indicates whether the network interface is being - // managed by an Amazon Web Service (for example, Management Console, Auto - // Scaling, and so on). + // managed by an Amazon Web Service (for example, Amazon Web Services Management + // Console, Auto Scaling, and so on). // // * source-dest-check - Indicates whether the network interface performs // source/destination checking. A value of true means checking is enabled, @@ -73015,8 +74944,8 @@ type DescribeReservedInstancesOfferingsInput struct { // // * marketplace - Set to true to show only Reserved Instance Marketplace // offerings. When this filter is not used, which is the default behavior, - // all offerings from both AWS and the Reserved Instance Marketplace are - // listed. + // all offerings from both Amazon Web Services and the Reserved Instance + // Marketplace are listed. // // * product-description - The Reserved Instance product platform description. // Instances that include (Amazon VPC) in the product platform description @@ -73277,7 +75206,8 @@ type DescribeRouteTablesInput struct { // table for the VPC (true | false). Route tables that do not have an association // ID are not returned in the response. // - // * owner-id - The ID of the AWS account that owns the route table. + // * owner-id - The ID of the Amazon Web Services account that owns the route + // table. // // * route-table-id - The ID of the route table. // @@ -73287,8 +75217,8 @@ type DescribeRouteTablesInput struct { // * route.destination-ipv6-cidr-block - The IPv6 CIDR range specified in // a route in the route table. // - // * route.destination-prefix-list-id - The ID (prefix) of the AWS service - // specified in a route in the table. + // * route.destination-prefix-list-id - The ID (prefix) of the Amazon Web + // Service specified in a route in the table. // // * route.egress-only-internet-gateway-id - The ID of an egress-only Internet // gateway specified in a route in the route table. @@ -73784,6 +75714,127 @@ func (s *DescribeSecurityGroupReferencesOutput) SetSecurityGroupReferenceSet(v [ return s } +type DescribeSecurityGroupRulesInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + // + // * group-id - The ID of the security group. + // + // * security-group-rule-id - The ID of the security group rule. + // + // * tag:<key> - The key/value combination of a tag assigned to the resource. + // Use the tag key in the filter name and the tag value as the filter value. + // For example, to find all resources that have a tag with the key Owner + // and the value TeamA, specify tag:Owner for the filter name and TeamA for + // the filter value. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return in a single call. To retrieve the + // remaining results, make another request with the returned NextToken value. + // This value can be between 5 and 1000. If this parameter is not specified, + // then all results are returned. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The IDs of the security group rules. + SecurityGroupRuleIds []*string `locationName:"SecurityGroupRuleId" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeSecurityGroupRulesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeSecurityGroupRulesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeSecurityGroupRulesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeSecurityGroupRulesInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeSecurityGroupRulesInput) SetDryRun(v bool) *DescribeSecurityGroupRulesInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeSecurityGroupRulesInput) SetFilters(v []*Filter) *DescribeSecurityGroupRulesInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeSecurityGroupRulesInput) SetMaxResults(v int64) *DescribeSecurityGroupRulesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeSecurityGroupRulesInput) SetNextToken(v string) *DescribeSecurityGroupRulesInput { + s.NextToken = &v + return s +} + +// SetSecurityGroupRuleIds sets the SecurityGroupRuleIds field's value. +func (s *DescribeSecurityGroupRulesInput) SetSecurityGroupRuleIds(v []*string) *DescribeSecurityGroupRulesInput { + s.SecurityGroupRuleIds = v + return s +} + +type DescribeSecurityGroupRulesOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Information about security group rules. + SecurityGroupRules []*SecurityGroupRule `locationName:"securityGroupRuleSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeSecurityGroupRulesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeSecurityGroupRulesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeSecurityGroupRulesOutput) SetNextToken(v string) *DescribeSecurityGroupRulesOutput { + s.NextToken = &v + return s +} + +// SetSecurityGroupRules sets the SecurityGroupRules field's value. +func (s *DescribeSecurityGroupRulesOutput) SetSecurityGroupRules(v []*SecurityGroupRule) *DescribeSecurityGroupRulesOutput { + s.SecurityGroupRules = v + return s +} + type DescribeSecurityGroupsInput struct { _ struct{} `type:"structure"` @@ -73823,8 +75874,8 @@ type DescribeSecurityGroupsInput struct { // * egress.ip-permission.to-port - For an outbound rule, the end of port // range for the TCP and UDP protocols, or an ICMP code. // - // * egress.ip-permission.user-id - The ID of an AWS account that has been - // referenced in an outbound security group rule. + // * egress.ip-permission.user-id - The ID of an Amazon Web Services account + // that has been referenced in an outbound security group rule. // // * group-id - The ID of the security group. // @@ -73854,10 +75905,11 @@ type DescribeSecurityGroupsInput struct { // * ip-permission.to-port - For an inbound rule, the end of port range for // the TCP and UDP protocols, or an ICMP code. // - // * ip-permission.user-id - The ID of an AWS account that has been referenced - // in an inbound security group rule. + // * ip-permission.user-id - The ID of an Amazon Web Services account that + // has been referenced in an inbound security group rule. // - // * owner-id - The AWS account ID of the owner of the security group. + // * owner-id - The Amazon Web Services account ID of the owner of the security + // group. // // * tag:<key> - The key/value combination of a tag assigned to the resource. // Use the tag key in the filter name and the tag value as the filter value. @@ -73875,7 +75927,7 @@ type DescribeSecurityGroupsInput struct { // The IDs of the security groups. Required for security groups in a nondefault // VPC. // - // Default: Describes all your security groups. + // Default: Describes all of your security groups. GroupIds []*string `locationName:"GroupId" locationNameList:"groupId" type:"list"` // [EC2-Classic and default VPC only] The names of the security groups. You @@ -73883,7 +75935,7 @@ type DescribeSecurityGroupsInput struct { // security groups in a nondefault VPC, use the group-name filter to describe // security groups by name. // - // Default: Describes all your security groups. + // Default: Describes all of your security groups. GroupNames []*string `locationName:"GroupName" locationNameList:"GroupName" type:"list"` // The maximum number of results to return in a single call. To retrieve the @@ -74110,11 +76162,12 @@ type DescribeSnapshotsInput struct { // * encrypted - Indicates whether the snapshot is encrypted (true | false) // // * owner-alias - The owner alias, from an Amazon-maintained list (amazon). - // This is not the user-configured AWS account alias set using the IAM console. - // We recommend that you use the related parameter instead of this filter. + // This is not the user-configured Amazon Web Services account alias set + // using the IAM console. We recommend that you use the related parameter + // instead of this filter. // - // * owner-id - The AWS account ID of the owner. We recommend that you use - // the related parameter instead of this filter. + // * owner-id - The Amazon Web Services account ID of the owner. We recommend + // that you use the related parameter instead of this filter. // // * progress - The progress of the snapshot, as a percentage (for example, // 80%). @@ -74159,10 +76212,11 @@ type DescribeSnapshotsInput struct { NextToken *string `type:"string"` // Scopes the results to snapshots with the specified owners. You can specify - // a combination of AWS account IDs, self, and amazon. + // a combination of Amazon Web Services account IDs, self, and amazon. OwnerIds []*string `locationName:"Owner" locationNameList:"Owner" type:"list"` - // The IDs of the AWS accounts that can create volumes from the snapshot. + // The IDs of the Amazon Web Services accounts that can create volumes from + // the snapshot. RestorableByUserIds []*string `locationName:"RestorableBy" type:"list"` // The snapshot IDs. @@ -75303,7 +77357,7 @@ type DescribeSubnetsInput struct { // // * outpost-arn - The Amazon Resource Name (ARN) of the Outpost. // - // * owner-id - The ID of the AWS account that owns the subnet. + // * owner-id - The ID of the Amazon Web Services account that owns the subnet. // // * state - The state of the subnet (pending | available). // @@ -75909,7 +77963,8 @@ type DescribeTransitGatewayAttachmentsInput struct { // // * resource-id - The ID of the resource. // - // * resource-owner-id - The ID of the AWS account that owns the resource. + // * resource-owner-id - The ID of the Amazon Web Services account that owns + // the resource. // // * resource-type - The resource type. Valid values are vpc | vpn | direct-connect-gateway // | peering | connect. @@ -75922,8 +77977,8 @@ type DescribeTransitGatewayAttachmentsInput struct { // // * transit-gateway-id - The ID of the transit gateway. // - // * transit-gateway-owner-id - The ID of the AWS account that owns the transit - // gateway. + // * transit-gateway-owner-id - The ID of the Amazon Web Services account + // that owns the transit gateway. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The maximum number of results to return with a single call. To retrieve the @@ -76391,10 +78446,10 @@ type DescribeTransitGatewayPeeringAttachmentsInput struct { // // * transit-gateway-attachment-id - The ID of the transit gateway attachment. // - // * local-owner-id - The ID of your AWS account. + // * local-owner-id - The ID of your Amazon Web Services account. // - // * remote-owner-id - The ID of the AWS account in the remote Region that - // owns the transit gateway. + // * remote-owner-id - The ID of the Amazon Web Services account in the remote + // Region that owns the transit gateway. // // * state - The state of the peering attachment. Valid values are available // | deleted | deleting | failed | failing | initiatingRequest | modifying @@ -76789,7 +78844,8 @@ type DescribeTransitGatewaysInput struct { // * options.vpn-ecmp-support - Indicates whether Equal Cost Multipath Protocol // support is enabled (enable | disable). // - // * owner-id - The ID of the AWS account that owns the transit gateway. + // * owner-id - The ID of the Amazon Web Services account that owns the transit + // gateway. // // * state - The state of the transit gateway (available | deleted | deleting // | modifying | pending). @@ -78512,8 +80568,8 @@ type DescribeVpcPeeringConnectionsInput struct { // // * accepter-vpc-info.cidr-block - The IPv4 CIDR block of the accepter VPC. // - // * accepter-vpc-info.owner-id - The AWS account ID of the owner of the - // accepter VPC. + // * accepter-vpc-info.owner-id - The ID of the Amazon Web Services account + // that owns the accepter VPC. // // * accepter-vpc-info.vpc-id - The ID of the accepter VPC. // @@ -78522,8 +80578,8 @@ type DescribeVpcPeeringConnectionsInput struct { // * requester-vpc-info.cidr-block - The IPv4 CIDR block of the requester's // VPC. // - // * requester-vpc-info.owner-id - The AWS account ID of the owner of the - // requester VPC. + // * requester-vpc-info.owner-id - The ID of the Amazon Web Services account + // that owns the requester VPC. // // * requester-vpc-info.vpc-id - The ID of the requester VPC. // @@ -78684,9 +80740,9 @@ type DescribeVpcsInput struct { // * ipv6-cidr-block-association.state - The state of an IPv6 CIDR block // associated with the VPC. // - // * isDefault - Indicates whether the VPC is the default VPC. + // * is-default - Indicates whether the VPC is the default VPC. // - // * owner-id - The ID of the AWS account that owns the VPC. + // * owner-id - The ID of the Amazon Web Services account that owns the VPC. // // * state - The state of the VPC (pending | available). // @@ -79471,7 +81527,7 @@ type DhcpOptions struct { // The ID of the set of DHCP options. DhcpOptionsId *string `locationName:"dhcpOptionsId" type:"string"` - // The ID of the AWS account that owns the DHCP options set. + // The ID of the Amazon Web Services account that owns the DHCP options set. OwnerId *string `locationName:"ownerId" type:"string"` // Any tags assigned to the DHCP options set. @@ -79732,11 +81788,12 @@ type DisableFastSnapshotRestoreSuccessItem struct { // The time at which fast snapshot restores entered the optimizing state. OptimizingTime *time.Time `locationName:"optimizingTime" type:"timestamp"` - // The AWS owner alias that enabled fast snapshot restores on the snapshot. - // This is intended for future use. + // The Amazon Web Services owner alias that enabled fast snapshot restores on + // the snapshot. This is intended for future use. OwnerAlias *string `locationName:"ownerAlias" type:"string"` - // The ID of the AWS account that enabled fast snapshot restores on the snapshot. + // The ID of the Amazon Web Services account that enabled fast snapshot restores + // on the snapshot. OwnerId *string `locationName:"ownerId" type:"string"` // The ID of the snapshot. @@ -80636,6 +82693,93 @@ func (s *DisassociateIamInstanceProfileOutput) SetIamInstanceProfileAssociation( return s } +type DisassociateInstanceEventWindowInput struct { + _ struct{} `type:"structure"` + + // One or more targets to disassociate from the specified event window. + // + // AssociationTarget is a required field + AssociationTarget *InstanceEventWindowDisassociationRequest `type:"structure" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the event window. + // + // InstanceEventWindowId is a required field + InstanceEventWindowId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DisassociateInstanceEventWindowInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisassociateInstanceEventWindowInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisassociateInstanceEventWindowInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisassociateInstanceEventWindowInput"} + if s.AssociationTarget == nil { + invalidParams.Add(request.NewErrParamRequired("AssociationTarget")) + } + if s.InstanceEventWindowId == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceEventWindowId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAssociationTarget sets the AssociationTarget field's value. +func (s *DisassociateInstanceEventWindowInput) SetAssociationTarget(v *InstanceEventWindowDisassociationRequest) *DisassociateInstanceEventWindowInput { + s.AssociationTarget = v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DisassociateInstanceEventWindowInput) SetDryRun(v bool) *DisassociateInstanceEventWindowInput { + s.DryRun = &v + return s +} + +// SetInstanceEventWindowId sets the InstanceEventWindowId field's value. +func (s *DisassociateInstanceEventWindowInput) SetInstanceEventWindowId(v string) *DisassociateInstanceEventWindowInput { + s.InstanceEventWindowId = &v + return s +} + +type DisassociateInstanceEventWindowOutput struct { + _ struct{} `type:"structure"` + + // Information about the event window. + InstanceEventWindow *InstanceEventWindow `locationName:"instanceEventWindow" type:"structure"` +} + +// String returns the string representation +func (s DisassociateInstanceEventWindowOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisassociateInstanceEventWindowOutput) GoString() string { + return s.String() +} + +// SetInstanceEventWindow sets the InstanceEventWindow field's value. +func (s *DisassociateInstanceEventWindowOutput) SetInstanceEventWindow(v *InstanceEventWindow) *DisassociateInstanceEventWindowOutput { + s.InstanceEventWindow = v + return s +} + type DisassociateRouteTableInput struct { _ struct{} `type:"structure"` @@ -80937,7 +83081,7 @@ func (s *DisassociateTransitGatewayRouteTableOutput) SetAssociation(v *TransitGa type DisassociateTrunkInterfaceInput struct { _ struct{} `type:"structure"` - // The ID ofthe association + // The ID of the association // // AssociationId is a required field AssociationId *string `type:"string" required:"true"` @@ -82376,11 +84520,12 @@ type EnableFastSnapshotRestoreSuccessItem struct { // The time at which fast snapshot restores entered the optimizing state. OptimizingTime *time.Time `locationName:"optimizingTime" type:"timestamp"` - // The AWS owner alias that enabled fast snapshot restores on the snapshot. - // This is intended for future use. + // The Amazon Web Services owner alias that enabled fast snapshot restores on + // the snapshot. This is intended for future use. OwnerAlias *string `locationName:"ownerAlias" type:"string"` - // The ID of the AWS account that enabled fast snapshot restores on the snapshot. + // The ID of the Amazon Web Services account that enabled fast snapshot restores + // on the snapshot. OwnerId *string `locationName:"ownerId" type:"string"` // The ID of the snapshot. @@ -82490,7 +84635,8 @@ type EnableFastSnapshotRestoresInput struct { DryRun *bool `type:"boolean"` // The IDs of one or more snapshots. For example, snap-1234567890abcdef0. You - // can specify a snapshot that was shared with you from another AWS account. + // can specify a snapshot that was shared with you from another Amazon Web Services + // account. // // SourceSnapshotIds is a required field SourceSnapshotIds []*string `locationName:"SourceSnapshotId" locationNameList:"SnapshotId" type:"list" required:"true"` @@ -83069,12 +85215,13 @@ func (s *EnableVpcClassicLinkOutput) SetReturn(v bool) *EnableVpcClassicLinkOutp return s } -// Indicates whether the instance is enabled for AWS Nitro Enclaves. +// Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. type EnclaveOptions struct { _ struct{} `type:"structure"` - // If this parameter is set to true, the instance is enabled for AWS Nitro Enclaves; - // otherwise, it is not enabled for AWS Nitro Enclaves. + // If this parameter is set to true, the instance is enabled for Amazon Web + // Services Nitro Enclaves; otherwise, it is not enabled for Amazon Web Services + // Nitro Enclaves. Enabled *bool `locationName:"enabled" type:"boolean"` } @@ -83094,13 +85241,14 @@ func (s *EnclaveOptions) SetEnabled(v bool) *EnclaveOptions { return s } -// Indicates whether the instance is enabled for AWS Nitro Enclaves. For more -// information, see What is AWS Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) -// in the AWS Nitro Enclaves User Guide. +// Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. +// For more information, see What is Amazon Web Services Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) +// in the Amazon Web Services Nitro Enclaves User Guide. type EnclaveOptionsRequest struct { _ struct{} `type:"structure"` - // To enable the instance for AWS Nitro Enclaves, set this parameter to true. + // To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter + // to true. Enabled *bool `type:"boolean"` } @@ -83164,7 +85312,7 @@ type EventInformation struct { // * modify_in_progress - A request to modify the EC2 Fleet or Spot Fleet // request was accepted and is in progress. // - // * modify_successful - The EC2 Fleet or Spot Fleet request was modified. + // * modify_succeeded - The EC2 Fleet or Spot Fleet request was modified. // // * price_update - The price for a launch configuration was adjusted because // it was too high. This change is permanent. @@ -83836,7 +85984,8 @@ type ExportImageInput struct { RoleName *string `type:"string"` // Information about the destination Amazon S3 bucket. The bucket must exist - // and grant WRITE and READ_ACP permissions to the AWS account vm-import-export@amazon.com. + // and grant WRITE and READ_ACP permissions to the Amazon Web Services account + // vm-import-export@amazon.com. // // S3ExportLocation is a required field S3ExportLocation *ExportTaskS3LocationRequest `type:"structure" required:"true"` @@ -84292,7 +86441,8 @@ type ExportToS3Task struct { DiskImageFormat *string `locationName:"diskImageFormat" type:"string" enum:"DiskImageFormat"` // The Amazon S3 bucket for the destination image. The destination bucket must - // exist and grant WRITE and READ_ACP permissions to the AWS account vm-import-export@amazon.com. + // exist and grant WRITE and READ_ACP permissions to the Amazon Web Services + // account vm-import-export@amazon.com. S3Bucket *string `locationName:"s3Bucket" type:"string"` // The encryption key for your S3 bucket. @@ -84345,7 +86495,8 @@ type ExportToS3TaskSpecification struct { DiskImageFormat *string `locationName:"diskImageFormat" type:"string" enum:"DiskImageFormat"` // The Amazon S3 bucket for the destination image. The destination bucket must - // exist and grant WRITE and READ_ACP permissions to the AWS account vm-import-export@amazon.com. + // exist and grant WRITE and READ_ACP permissions to the Amazon Web Services + // account vm-import-export@amazon.com. S3Bucket *string `locationName:"s3Bucket" type:"string"` // The image is written to a single object in the Amazon S3 bucket at the S3 @@ -84660,6 +86811,9 @@ type FleetData struct { // Constraints: Maximum 64 ASCII characters ClientToken *string `locationName:"clientToken" type:"string"` + // Reserved. + Context *string `locationName:"context" type:"string"` + // The creation date and time of the EC2 Fleet. CreateTime *time.Time `locationName:"createTime" type:"timestamp"` @@ -84760,6 +86914,12 @@ func (s *FleetData) SetClientToken(v string) *FleetData { return s } +// SetContext sets the Context field's value. +func (s *FleetData) SetContext(v string) *FleetData { + s.Context = &v + return s +} + // SetCreateTime sets the CreateTime field's value. func (s *FleetData) SetCreateTime(v time.Time) *FleetData { s.CreateTime = &v @@ -86691,7 +88851,7 @@ func (s *GetEbsDefaultKmsKeyIdInput) SetDryRun(v bool) *GetEbsDefaultKmsKeyIdInp type GetEbsDefaultKmsKeyIdOutput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the default CMK for encryption by default. + // The Amazon Resource Name (ARN) of the default KMS key for encryption by default. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` } @@ -87682,6 +89842,143 @@ func (s *GetSerialConsoleAccessStatusOutput) SetSerialConsoleAccessEnabled(v boo return s } +type GetSubnetCidrReservationsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + // + // * reservationType - The type of reservation (prefix | explicit). + // + // * subnet-id - The ID of the subnet. + // + // * tag:<key> - The key/value combination of a tag assigned to the resource. + // Use the tag key in the filter name and the tag value as the filter value. + // For example, to find all resources that have a tag with the key Owner + // and the value TeamA, specify tag:Owner for the filter name and TeamA for + // the filter value. + // + // * tag-key - The key of a tag assigned to the resource. Use this filter + // to find all resources assigned a tag with a specific key, regardless of + // the tag value. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The ID of the subnet. + // + // SubnetId is a required field + SubnetId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s GetSubnetCidrReservationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetSubnetCidrReservationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetSubnetCidrReservationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetSubnetCidrReservationsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + if s.SubnetId == nil { + invalidParams.Add(request.NewErrParamRequired("SubnetId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetSubnetCidrReservationsInput) SetDryRun(v bool) *GetSubnetCidrReservationsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *GetSubnetCidrReservationsInput) SetFilters(v []*Filter) *GetSubnetCidrReservationsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *GetSubnetCidrReservationsInput) SetMaxResults(v int64) *GetSubnetCidrReservationsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetSubnetCidrReservationsInput) SetNextToken(v string) *GetSubnetCidrReservationsInput { + s.NextToken = &v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *GetSubnetCidrReservationsInput) SetSubnetId(v string) *GetSubnetCidrReservationsInput { + s.SubnetId = &v + return s +} + +type GetSubnetCidrReservationsOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Information about the IPv4 subnet CIDR reservations. + SubnetIpv4CidrReservations []*SubnetCidrReservation `locationName:"subnetIpv4CidrReservationSet" locationNameList:"item" type:"list"` + + // Information about the IPv6 subnet CIDR reservations. + SubnetIpv6CidrReservations []*SubnetCidrReservation `locationName:"subnetIpv6CidrReservationSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s GetSubnetCidrReservationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetSubnetCidrReservationsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *GetSubnetCidrReservationsOutput) SetNextToken(v string) *GetSubnetCidrReservationsOutput { + s.NextToken = &v + return s +} + +// SetSubnetIpv4CidrReservations sets the SubnetIpv4CidrReservations field's value. +func (s *GetSubnetCidrReservationsOutput) SetSubnetIpv4CidrReservations(v []*SubnetCidrReservation) *GetSubnetCidrReservationsOutput { + s.SubnetIpv4CidrReservations = v + return s +} + +// SetSubnetIpv6CidrReservations sets the SubnetIpv6CidrReservations field's value. +func (s *GetSubnetCidrReservationsOutput) SetSubnetIpv6CidrReservations(v []*SubnetCidrReservation) *GetSubnetCidrReservationsOutput { + s.SubnetIpv6CidrReservations = v + return s +} + type GetTransitGatewayAttachmentPropagationsInput struct { _ struct{} `type:"structure"` @@ -88634,7 +90931,7 @@ type Host struct { // is true, the host is in a host resource group; otherwise, it is not. MemberOfServiceLinkedResourceGroup *bool `locationName:"memberOfServiceLinkedResourceGroup" type:"boolean"` - // The ID of the AWS account that owns the Dedicated Host. + // The ID of the Amazon Web Services account that owns the Dedicated Host. OwnerId *string `locationName:"ownerId" type:"string"` // The time that the Dedicated Host was released. @@ -88769,7 +91066,7 @@ type HostInstance struct { // The instance type (for example, m3.medium) of the running instance. InstanceType *string `locationName:"instanceType" type:"string"` - // The ID of the AWS account that owns the instance. + // The ID of the Amazon Web Services account that owns the instance. OwnerId *string `locationName:"ownerId" type:"string"` } @@ -89792,6 +92089,9 @@ type ImportImageInput struct { // Valid values: i386 | x86_64 | arm64 Architecture *string `type:"string"` + // The boot mode of the virtual machine. + BootMode *string `type:"string" enum:"BootModeValues"` + // The client-specific data. ClientData *ClientData `type:"structure"` @@ -89811,9 +92111,8 @@ type ImportImageInput struct { DryRun *bool `type:"boolean"` // Specifies whether the destination AMI of the imported image should be encrypted. - // The default CMK for EBS is used unless you specify a non-default AWS Key - // Management Service (AWS KMS) CMK using KmsKeyId. For more information, see - // Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) + // The default KMS key for EBS is used unless you specify a non-default KMS + // key using KmsKeyId. For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) // in the Amazon Elastic Compute Cloud User Guide. Encrypted *bool `type:"boolean"` @@ -89822,35 +92121,36 @@ type ImportImageInput struct { // Valid values: xen Hypervisor *string `type:"string"` - // An identifier for the symmetric AWS Key Management Service (AWS KMS) customer - // master key (CMK) to use when creating the encrypted AMI. This parameter is - // only required if you want to use a non-default CMK; if this parameter is - // not specified, the default CMK for EBS is used. If a KmsKeyId is specified, - // the Encrypted flag must also be set. + // An identifier for the symmetric KMS key to use when creating the encrypted + // AMI. This parameter is only required if you want to use a non-default KMS + // key; if this parameter is not specified, the default KMS key for EBS is used. + // If a KmsKeyId is specified, the Encrypted flag must also be set. // - // The CMK identifier may be provided in any of the following formats: + // The KMS key identifier may be provided in any of the following formats: // // * Key ID // // * Key alias. The alias ARN contains the arn:aws:kms namespace, followed - // by the Region of the CMK, the AWS account ID of the CMK owner, the alias - // namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // by the Region of the key, the Amazon Web Services account ID of the key + // owner, the alias namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed - // by the Region of the CMK, the AWS account ID of the CMK owner, the key - // namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. + // by the Region of the key, the Amazon Web Services account ID of the key + // owner, the key namespace, and then the key ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. // // * ARN using key alias. The alias ARN contains the arn:aws:kms namespace, - // followed by the Region of the CMK, the AWS account ID of the CMK owner, - // the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // followed by the Region of the key, the Amazon Web Services account ID + // of the key owner, the alias namespace, and then the key alias. For example, + // arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // - // AWS parses KmsKeyId asynchronously, meaning that the action you call may - // appear to complete even though you provided an invalid identifier. This action - // will eventually report failure. + // Amazon Web Services parses KmsKeyId asynchronously, meaning that the action + // you call may appear to complete even though you provided an invalid identifier. + // This action will eventually report failure. // - // The specified CMK must exist in the Region that the AMI is being copied to. + // The specified KMS key must exist in the Region that the AMI is being copied + // to. // - // Amazon EBS does not support asymmetric CMKs. + // Amazon EBS does not support asymmetric KMS keys. KmsKeyId *string `type:"string"` // The ARNs of the license configurations. @@ -89860,12 +92160,12 @@ type ImportImageInput struct { // // By default, we detect the source-system operating system (OS) and apply the // appropriate license. Specify AWS to replace the source-system license with - // an AWS license, if appropriate. Specify BYOL to retain the source-system - // license, if appropriate. + // an Amazon Web Services license, if appropriate. Specify BYOL to retain the + // source-system license, if appropriate. // // To use BYOL, you must have existing licenses with rights to use these licenses - // in a third party cloud, such as AWS. For more information, see Prerequisites - // (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html#prerequisites-image) + // in a third party cloud, such as Amazon Web Services. For more information, + // see Prerequisites (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html#prerequisites-image) // in the VM Import/Export User Guide. LicenseType *string `type:"string"` @@ -89879,6 +92179,11 @@ type ImportImageInput struct { // The tags to apply to the import image task during creation. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // The usage operation value. For more information, see AMI billing information + // fields (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/billing-info-fields.html) + // in the Amazon Elastic Compute Cloud User Guide. + UsageOperation *string `type:"string"` } // String returns the string representation @@ -89897,6 +92202,12 @@ func (s *ImportImageInput) SetArchitecture(v string) *ImportImageInput { return s } +// SetBootMode sets the BootMode field's value. +func (s *ImportImageInput) SetBootMode(v string) *ImportImageInput { + s.BootMode = &v + return s +} + // SetClientData sets the ClientData field's value. func (s *ImportImageInput) SetClientData(v *ClientData) *ImportImageInput { s.ClientData = v @@ -89975,6 +92286,12 @@ func (s *ImportImageInput) SetTagSpecifications(v []*TagSpecification) *ImportIm return s } +// SetUsageOperation sets the UsageOperation field's value. +func (s *ImportImageInput) SetUsageOperation(v string) *ImportImageInput { + s.UsageOperation = &v + return s +} + // The request information of license configurations. type ImportImageLicenseConfigurationRequest struct { _ struct{} `type:"structure"` @@ -90044,8 +92361,8 @@ type ImportImageOutput struct { // The task ID of the import image task. ImportTaskId *string `locationName:"importTaskId" type:"string"` - // The identifier for the symmetric AWS Key Management Service (AWS KMS) customer - // master key (CMK) that was used to create the encrypted AMI. + // The identifier for the symmetric KMS key that was used to create the encrypted + // AMI. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` // The ARNs of the license configurations. @@ -90071,6 +92388,9 @@ type ImportImageOutput struct { // Any tags assigned to the import image task. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The usage operation value. + UsageOperation *string `locationName:"usageOperation" type:"string"` } // String returns the string representation @@ -90173,6 +92493,12 @@ func (s *ImportImageOutput) SetTags(v []*Tag) *ImportImageOutput { return s } +// SetUsageOperation sets the UsageOperation field's value. +func (s *ImportImageOutput) SetUsageOperation(v string) *ImportImageOutput { + s.UsageOperation = &v + return s +} + // Describes an import image task. type ImportImageTask struct { _ struct{} `type:"structure"` @@ -90182,6 +92508,9 @@ type ImportImageTask struct { // Valid values: i386 | x86_64 | arm64 Architecture *string `locationName:"architecture" type:"string"` + // The boot mode of the virtual machine. + BootMode *string `locationName:"bootMode" type:"string" enum:"BootModeValues"` + // A description of the import task. Description *string `locationName:"description" type:"string"` @@ -90199,8 +92528,7 @@ type ImportImageTask struct { // The ID of the import image task. ImportTaskId *string `locationName:"importTaskId" type:"string"` - // The identifier for the AWS Key Management Service (AWS KMS) customer master - // key (CMK) that was used to create the encrypted image. + // The identifier for the KMS key that was used to create the encrypted image. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` // The ARNs of the license configurations that are associated with the import @@ -90227,6 +92555,9 @@ type ImportImageTask struct { // The tags for the import image task. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The usage operation value. + UsageOperation *string `locationName:"usageOperation" type:"string"` } // String returns the string representation @@ -90245,6 +92576,12 @@ func (s *ImportImageTask) SetArchitecture(v string) *ImportImageTask { return s } +// SetBootMode sets the BootMode field's value. +func (s *ImportImageTask) SetBootMode(v string) *ImportImageTask { + s.BootMode = &v + return s +} + // SetDescription sets the Description field's value. func (s *ImportImageTask) SetDescription(v string) *ImportImageTask { s.Description = &v @@ -90329,6 +92666,12 @@ func (s *ImportImageTask) SetTags(v []*Tag) *ImportImageTask { return s } +// SetUsageOperation sets the UsageOperation field's value. +func (s *ImportImageTask) SetUsageOperation(v string) *ImportImageTask { + s.UsageOperation = &v + return s +} + type ImportInstanceInput struct { _ struct{} `type:"structure"` @@ -90767,7 +93110,7 @@ type ImportKeyPairOutput struct { // The MD5 public key fingerprint as specified in section 4 of RFC 4716. KeyFingerprint *string `locationName:"keyFingerprint" type:"string"` - // The key pair name you provided. + // The key pair name that you provided. KeyName *string `locationName:"keyName" type:"string"` // The ID of the resulting key pair. @@ -90833,42 +93176,41 @@ type ImportSnapshotInput struct { DryRun *bool `type:"boolean"` // Specifies whether the destination snapshot of the imported image should be - // encrypted. The default CMK for EBS is used unless you specify a non-default - // AWS Key Management Service (AWS KMS) CMK using KmsKeyId. For more information, - // see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) + // encrypted. The default KMS key for EBS is used unless you specify a non-default + // KMS key using KmsKeyId. For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) // in the Amazon Elastic Compute Cloud User Guide. Encrypted *bool `type:"boolean"` - // An identifier for the symmetric AWS Key Management Service (AWS KMS) customer - // master key (CMK) to use when creating the encrypted snapshot. This parameter - // is only required if you want to use a non-default CMK; if this parameter - // is not specified, the default CMK for EBS is used. If a KmsKeyId is specified, - // the Encrypted flag must also be set. + // An identifier for the symmetric KMS key to use when creating the encrypted + // snapshot. This parameter is only required if you want to use a non-default + // KMS key; if this parameter is not specified, the default KMS key for EBS + // is used. If a KmsKeyId is specified, the Encrypted flag must also be set. // - // The CMK identifier may be provided in any of the following formats: + // The KMS key identifier may be provided in any of the following formats: // // * Key ID // // * Key alias. The alias ARN contains the arn:aws:kms namespace, followed - // by the Region of the CMK, the AWS account ID of the CMK owner, the alias - // namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // by the Region of the key, the Amazon Web Services account ID of the key + // owner, the alias namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed - // by the Region of the CMK, the AWS account ID of the CMK owner, the key - // namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. + // by the Region of the key, the Amazon Web Services account ID of the key + // owner, the key namespace, and then the key ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. // // * ARN using key alias. The alias ARN contains the arn:aws:kms namespace, - // followed by the Region of the CMK, the AWS account ID of the CMK owner, - // the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // followed by the Region of the key, the Amazon Web Services account ID + // of the key owner, the alias namespace, and then the key alias. For example, + // arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // - // AWS parses KmsKeyId asynchronously, meaning that the action you call may - // appear to complete even though you provided an invalid identifier. This action - // will eventually report failure. + // Amazon Web Services parses KmsKeyId asynchronously, meaning that the action + // you call may appear to complete even though you provided an invalid identifier. + // This action will eventually report failure. // - // The specified CMK must exist in the Region that the snapshot is being copied - // to. + // The specified KMS key must exist in the Region that the snapshot is being + // copied to. // - // Amazon EBS does not support asymmetric CMKs. + // Amazon EBS does not support asymmetric KMS keys. KmsKeyId *string `type:"string"` // The name of the role to use when not using the default role, 'vmimport'. @@ -91335,7 +93677,7 @@ type Instance struct { // Specifies whether enhanced networking with ENA is enabled. EnaSupport *bool `locationName:"enaSupport" type:"boolean"` - // Indicates whether the instance is enabled for AWS Nitro Enclaves. + // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. EnclaveOptions *EnclaveOptions `locationName:"enclaveOptions" type:"structure"` // Indicates whether the instance is enabled for hibernation. @@ -92000,6 +94342,352 @@ func (s *InstanceCreditSpecificationRequest) SetInstanceId(v string) *InstanceCr return s } +// The event window. +type InstanceEventWindow struct { + _ struct{} `type:"structure"` + + // One or more targets associated with the event window. + AssociationTarget *InstanceEventWindowAssociationTarget `locationName:"associationTarget" type:"structure"` + + // The cron expression defined for the event window. + CronExpression *string `locationName:"cronExpression" type:"string"` + + // The ID of the event window. + InstanceEventWindowId *string `locationName:"instanceEventWindowId" type:"string"` + + // The name of the event window. + Name *string `locationName:"name" type:"string"` + + // The current state of the event window. + State *string `locationName:"state" type:"string" enum:"InstanceEventWindowState"` + + // The instance tags associated with the event window. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // One or more time ranges defined for the event window. + TimeRanges []*InstanceEventWindowTimeRange `locationName:"timeRangeSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s InstanceEventWindow) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceEventWindow) GoString() string { + return s.String() +} + +// SetAssociationTarget sets the AssociationTarget field's value. +func (s *InstanceEventWindow) SetAssociationTarget(v *InstanceEventWindowAssociationTarget) *InstanceEventWindow { + s.AssociationTarget = v + return s +} + +// SetCronExpression sets the CronExpression field's value. +func (s *InstanceEventWindow) SetCronExpression(v string) *InstanceEventWindow { + s.CronExpression = &v + return s +} + +// SetInstanceEventWindowId sets the InstanceEventWindowId field's value. +func (s *InstanceEventWindow) SetInstanceEventWindowId(v string) *InstanceEventWindow { + s.InstanceEventWindowId = &v + return s +} + +// SetName sets the Name field's value. +func (s *InstanceEventWindow) SetName(v string) *InstanceEventWindow { + s.Name = &v + return s +} + +// SetState sets the State field's value. +func (s *InstanceEventWindow) SetState(v string) *InstanceEventWindow { + s.State = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *InstanceEventWindow) SetTags(v []*Tag) *InstanceEventWindow { + s.Tags = v + return s +} + +// SetTimeRanges sets the TimeRanges field's value. +func (s *InstanceEventWindow) SetTimeRanges(v []*InstanceEventWindowTimeRange) *InstanceEventWindow { + s.TimeRanges = v + return s +} + +// One or more targets associated with the specified event window. Only one +// type of target (instance ID, instance tag, or Dedicated Host ID) can be associated +// with an event window. +type InstanceEventWindowAssociationRequest struct { + _ struct{} `type:"structure"` + + // The IDs of the Dedicated Hosts to associate with the event window. + DedicatedHostIds []*string `locationName:"DedicatedHostId" locationNameList:"item" type:"list"` + + // The IDs of the instances to associate with the event window. If the instance + // is on a Dedicated Host, you can't specify the Instance ID parameter; you + // must use the Dedicated Host ID parameter. + InstanceIds []*string `locationName:"InstanceId" locationNameList:"item" type:"list"` + + // The instance tags to associate with the event window. Any instances associated + // with the tags will be associated with the event window. + InstanceTags []*Tag `locationName:"InstanceTag" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s InstanceEventWindowAssociationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceEventWindowAssociationRequest) GoString() string { + return s.String() +} + +// SetDedicatedHostIds sets the DedicatedHostIds field's value. +func (s *InstanceEventWindowAssociationRequest) SetDedicatedHostIds(v []*string) *InstanceEventWindowAssociationRequest { + s.DedicatedHostIds = v + return s +} + +// SetInstanceIds sets the InstanceIds field's value. +func (s *InstanceEventWindowAssociationRequest) SetInstanceIds(v []*string) *InstanceEventWindowAssociationRequest { + s.InstanceIds = v + return s +} + +// SetInstanceTags sets the InstanceTags field's value. +func (s *InstanceEventWindowAssociationRequest) SetInstanceTags(v []*Tag) *InstanceEventWindowAssociationRequest { + s.InstanceTags = v + return s +} + +// One or more targets associated with the event window. +type InstanceEventWindowAssociationTarget struct { + _ struct{} `type:"structure"` + + // The IDs of the Dedicated Hosts associated with the event window. + DedicatedHostIds []*string `locationName:"dedicatedHostIdSet" locationNameList:"item" type:"list"` + + // The IDs of the instances associated with the event window. + InstanceIds []*string `locationName:"instanceIdSet" locationNameList:"item" type:"list"` + + // The instance tags associated with the event window. Any instances associated + // with the tags will be associated with the event window. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s InstanceEventWindowAssociationTarget) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceEventWindowAssociationTarget) GoString() string { + return s.String() +} + +// SetDedicatedHostIds sets the DedicatedHostIds field's value. +func (s *InstanceEventWindowAssociationTarget) SetDedicatedHostIds(v []*string) *InstanceEventWindowAssociationTarget { + s.DedicatedHostIds = v + return s +} + +// SetInstanceIds sets the InstanceIds field's value. +func (s *InstanceEventWindowAssociationTarget) SetInstanceIds(v []*string) *InstanceEventWindowAssociationTarget { + s.InstanceIds = v + return s +} + +// SetTags sets the Tags field's value. +func (s *InstanceEventWindowAssociationTarget) SetTags(v []*Tag) *InstanceEventWindowAssociationTarget { + s.Tags = v + return s +} + +// The targets to disassociate from the specified event window. +type InstanceEventWindowDisassociationRequest struct { + _ struct{} `type:"structure"` + + // The IDs of the Dedicated Hosts to disassociate from the event window. + DedicatedHostIds []*string `locationName:"DedicatedHostId" locationNameList:"item" type:"list"` + + // The IDs of the instances to disassociate from the event window. + InstanceIds []*string `locationName:"InstanceId" locationNameList:"item" type:"list"` + + // The instance tags to disassociate from the event window. Any instances associated + // with the tags will be disassociated from the event window. + InstanceTags []*Tag `locationName:"InstanceTag" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s InstanceEventWindowDisassociationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceEventWindowDisassociationRequest) GoString() string { + return s.String() +} + +// SetDedicatedHostIds sets the DedicatedHostIds field's value. +func (s *InstanceEventWindowDisassociationRequest) SetDedicatedHostIds(v []*string) *InstanceEventWindowDisassociationRequest { + s.DedicatedHostIds = v + return s +} + +// SetInstanceIds sets the InstanceIds field's value. +func (s *InstanceEventWindowDisassociationRequest) SetInstanceIds(v []*string) *InstanceEventWindowDisassociationRequest { + s.InstanceIds = v + return s +} + +// SetInstanceTags sets the InstanceTags field's value. +func (s *InstanceEventWindowDisassociationRequest) SetInstanceTags(v []*Tag) *InstanceEventWindowDisassociationRequest { + s.InstanceTags = v + return s +} + +// The state of the event window. +type InstanceEventWindowStateChange struct { + _ struct{} `type:"structure"` + + // The ID of the event window. + InstanceEventWindowId *string `locationName:"instanceEventWindowId" type:"string"` + + // The current state of the event window. + State *string `locationName:"state" type:"string" enum:"InstanceEventWindowState"` +} + +// String returns the string representation +func (s InstanceEventWindowStateChange) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceEventWindowStateChange) GoString() string { + return s.String() +} + +// SetInstanceEventWindowId sets the InstanceEventWindowId field's value. +func (s *InstanceEventWindowStateChange) SetInstanceEventWindowId(v string) *InstanceEventWindowStateChange { + s.InstanceEventWindowId = &v + return s +} + +// SetState sets the State field's value. +func (s *InstanceEventWindowStateChange) SetState(v string) *InstanceEventWindowStateChange { + s.State = &v + return s +} + +// The start day and time and the end day and time of the time range, in UTC. +type InstanceEventWindowTimeRange struct { + _ struct{} `type:"structure"` + + // The hour when the time range ends. + EndHour *int64 `locationName:"endHour" type:"integer"` + + // The day on which the time range ends. + EndWeekDay *string `locationName:"endWeekDay" type:"string" enum:"WeekDay"` + + // The hour when the time range begins. + StartHour *int64 `locationName:"startHour" type:"integer"` + + // The day on which the time range begins. + StartWeekDay *string `locationName:"startWeekDay" type:"string" enum:"WeekDay"` +} + +// String returns the string representation +func (s InstanceEventWindowTimeRange) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceEventWindowTimeRange) GoString() string { + return s.String() +} + +// SetEndHour sets the EndHour field's value. +func (s *InstanceEventWindowTimeRange) SetEndHour(v int64) *InstanceEventWindowTimeRange { + s.EndHour = &v + return s +} + +// SetEndWeekDay sets the EndWeekDay field's value. +func (s *InstanceEventWindowTimeRange) SetEndWeekDay(v string) *InstanceEventWindowTimeRange { + s.EndWeekDay = &v + return s +} + +// SetStartHour sets the StartHour field's value. +func (s *InstanceEventWindowTimeRange) SetStartHour(v int64) *InstanceEventWindowTimeRange { + s.StartHour = &v + return s +} + +// SetStartWeekDay sets the StartWeekDay field's value. +func (s *InstanceEventWindowTimeRange) SetStartWeekDay(v string) *InstanceEventWindowTimeRange { + s.StartWeekDay = &v + return s +} + +// The start day and time and the end day and time of the time range, in UTC. +type InstanceEventWindowTimeRangeRequest struct { + _ struct{} `type:"structure"` + + // The hour when the time range ends. + EndHour *int64 `type:"integer"` + + // The day on which the time range ends. + EndWeekDay *string `type:"string" enum:"WeekDay"` + + // The hour when the time range begins. + StartHour *int64 `type:"integer"` + + // The day on which the time range begins. + StartWeekDay *string `type:"string" enum:"WeekDay"` +} + +// String returns the string representation +func (s InstanceEventWindowTimeRangeRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceEventWindowTimeRangeRequest) GoString() string { + return s.String() +} + +// SetEndHour sets the EndHour field's value. +func (s *InstanceEventWindowTimeRangeRequest) SetEndHour(v int64) *InstanceEventWindowTimeRangeRequest { + s.EndHour = &v + return s +} + +// SetEndWeekDay sets the EndWeekDay field's value. +func (s *InstanceEventWindowTimeRangeRequest) SetEndWeekDay(v string) *InstanceEventWindowTimeRangeRequest { + s.EndWeekDay = &v + return s +} + +// SetStartHour sets the StartHour field's value. +func (s *InstanceEventWindowTimeRangeRequest) SetStartHour(v int64) *InstanceEventWindowTimeRangeRequest { + s.StartHour = &v + return s +} + +// SetStartWeekDay sets the StartWeekDay field's value. +func (s *InstanceEventWindowTimeRangeRequest) SetStartWeekDay(v string) *InstanceEventWindowTimeRangeRequest { + s.StartWeekDay = &v + return s +} + // Describes an instance to export. type InstanceExportDetails struct { _ struct{} `type:"structure"` @@ -92068,6 +94756,30 @@ func (s *InstanceFamilyCreditSpecification) SetInstanceFamily(v string) *Instanc return s } +// Information about an IPv4 prefix. +type InstanceIpv4Prefix struct { + _ struct{} `type:"structure"` + + // One or more IPv4 prefixes assigned to the network interface. + Ipv4Prefix *string `locationName:"ipv4Prefix" type:"string"` +} + +// String returns the string representation +func (s InstanceIpv4Prefix) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceIpv4Prefix) GoString() string { + return s.String() +} + +// SetIpv4Prefix sets the Ipv4Prefix field's value. +func (s *InstanceIpv4Prefix) SetIpv4Prefix(v string) *InstanceIpv4Prefix { + s.Ipv4Prefix = &v + return s +} + // Describes an IPv6 address. type InstanceIpv6Address struct { _ struct{} `type:"structure"` @@ -92116,6 +94828,30 @@ func (s *InstanceIpv6AddressRequest) SetIpv6Address(v string) *InstanceIpv6Addre return s } +// Information about an IPv6 prefix. +type InstanceIpv6Prefix struct { + _ struct{} `type:"structure"` + + // One or more IPv6 prefixes assigned to the network interface. + Ipv6Prefix *string `locationName:"ipv6Prefix" type:"string"` +} + +// String returns the string representation +func (s InstanceIpv6Prefix) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceIpv6Prefix) GoString() string { + return s.String() +} + +// SetIpv6Prefix sets the Ipv6Prefix field's value. +func (s *InstanceIpv6Prefix) SetIpv6Prefix(v string) *InstanceIpv6Prefix { + s.Ipv6Prefix = &v + return s +} + // Describes the market (purchasing) option for the instances. type InstanceMarketOptionsRequest struct { _ struct{} `type:"structure"` @@ -92160,6 +94896,9 @@ type InstanceMetadataOptionsRequest struct { // metadata. HttpEndpoint *string `type:"string" enum:"InstanceMetadataEndpointState"` + // Enables or disables the IPv6 endpoint for the instance metadata service. + HttpProtocolIpv6 *string `type:"string" enum:"InstanceMetadataProtocolState"` + // The desired HTTP PUT response hop limit for instance metadata requests. The // larger the number, the further instance metadata requests can travel. // @@ -92200,6 +94939,12 @@ func (s *InstanceMetadataOptionsRequest) SetHttpEndpoint(v string) *InstanceMeta return s } +// SetHttpProtocolIpv6 sets the HttpProtocolIpv6 field's value. +func (s *InstanceMetadataOptionsRequest) SetHttpProtocolIpv6(v string) *InstanceMetadataOptionsRequest { + s.HttpProtocolIpv6 = &v + return s +} + // SetHttpPutResponseHopLimit sets the HttpPutResponseHopLimit field's value. func (s *InstanceMetadataOptionsRequest) SetHttpPutResponseHopLimit(v int64) *InstanceMetadataOptionsRequest { s.HttpPutResponseHopLimit = &v @@ -92223,6 +94968,10 @@ type InstanceMetadataOptionsResponse struct { // metadata. HttpEndpoint *string `locationName:"httpEndpoint" type:"string" enum:"InstanceMetadataEndpointState"` + // Whether or not the IPv6 endpoint for the instance metadata service is enabled + // or disabled. + HttpProtocolIpv6 *string `locationName:"httpProtocolIpv6" type:"string" enum:"InstanceMetadataProtocolState"` + // The desired HTTP PUT response hop limit for instance metadata requests. The // larger the number, the further instance metadata requests can travel. // @@ -92271,6 +95020,12 @@ func (s *InstanceMetadataOptionsResponse) SetHttpEndpoint(v string) *InstanceMet return s } +// SetHttpProtocolIpv6 sets the HttpProtocolIpv6 field's value. +func (s *InstanceMetadataOptionsResponse) SetHttpProtocolIpv6(v string) *InstanceMetadataOptionsResponse { + s.HttpProtocolIpv6 = &v + return s +} + // SetHttpPutResponseHopLimit sets the HttpPutResponseHopLimit field's value. func (s *InstanceMetadataOptionsResponse) SetHttpPutResponseHopLimit(v int64) *InstanceMetadataOptionsResponse { s.HttpPutResponseHopLimit = &v @@ -92344,16 +95099,22 @@ type InstanceNetworkInterface struct { // Valid values: interface | efa | trunk InterfaceType *string `locationName:"interfaceType" type:"string"` + // The IPv4 delegated prefixes that are assigned to the network interface. + Ipv4Prefixes []*InstanceIpv4Prefix `locationName:"ipv4PrefixSet" locationNameList:"item" type:"list"` + // One or more IPv6 addresses associated with the network interface. Ipv6Addresses []*InstanceIpv6Address `locationName:"ipv6AddressesSet" locationNameList:"item" type:"list"` + // The IPv6 delegated prefixes that are assigned to the network interface. + Ipv6Prefixes []*InstanceIpv6Prefix `locationName:"ipv6PrefixSet" locationNameList:"item" type:"list"` + // The MAC address. MacAddress *string `locationName:"macAddress" type:"string"` // The ID of the network interface. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` - // The ID of the account that created the network interface. + // The ID of the Amazon Web Services account that created the network interface. OwnerId *string `locationName:"ownerId" type:"string"` // The private DNS name. @@ -92418,12 +95179,24 @@ func (s *InstanceNetworkInterface) SetInterfaceType(v string) *InstanceNetworkIn return s } +// SetIpv4Prefixes sets the Ipv4Prefixes field's value. +func (s *InstanceNetworkInterface) SetIpv4Prefixes(v []*InstanceIpv4Prefix) *InstanceNetworkInterface { + s.Ipv4Prefixes = v + return s +} + // SetIpv6Addresses sets the Ipv6Addresses field's value. func (s *InstanceNetworkInterface) SetIpv6Addresses(v []*InstanceIpv6Address) *InstanceNetworkInterface { s.Ipv6Addresses = v return s } +// SetIpv6Prefixes sets the Ipv6Prefixes field's value. +func (s *InstanceNetworkInterface) SetIpv6Prefixes(v []*InstanceIpv6Prefix) *InstanceNetworkInterface { + s.Ipv6Prefixes = v + return s +} + // SetMacAddress sets the MacAddress field's value. func (s *InstanceNetworkInterface) SetMacAddress(v string) *InstanceNetworkInterface { s.MacAddress = &v @@ -92652,6 +95425,14 @@ type InstanceNetworkInterfaceSpecification struct { // Valid values: interface | efa InterfaceType *string `type:"string"` + // The number of IPv4 delegated prefixes to be automatically assigned to the + // network interface. You cannot use this option if you use the Ipv4Prefix option. + Ipv4PrefixCount *int64 `type:"integer"` + + // One or more IPv4 delegated prefixes to be assigned to the network interface. + // You cannot use this option if you use the Ipv4PrefixCount option. + Ipv4Prefixes []*Ipv4PrefixSpecificationRequest `locationName:"Ipv4Prefix" locationNameList:"item" type:"list"` + // A number of IPv6 addresses to assign to the network interface. Amazon EC2 // chooses the IPv6 addresses from the range of the subnet. You cannot specify // this option and the option to assign specific IPv6 addresses in the same @@ -92665,9 +95446,22 @@ type InstanceNetworkInterfaceSpecification struct { // number of instances to launch. Ipv6Addresses []*InstanceIpv6Address `locationName:"ipv6AddressesSet" queryName:"Ipv6Addresses" locationNameList:"item" type:"list"` + // The number of IPv6 delegated prefixes to be automatically assigned to the + // network interface. You cannot use this option if you use the Ipv6Prefix option. + Ipv6PrefixCount *int64 `type:"integer"` + + // One or more IPv6 delegated prefixes to be assigned to the network interface. + // You cannot use this option if you use the Ipv6PrefixCount option. + Ipv6Prefixes []*Ipv6PrefixSpecificationRequest `locationName:"Ipv6Prefix" locationNameList:"item" type:"list"` + // The index of the network card. Some instance types support multiple network // cards. The primary network interface must be assigned to network card index // 0. The default is network card index 0. + // + // If you are using RequestSpotInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html) + // to create Spot Instances, omit this parameter because you can’t specify + // the network card index when using this API. To specify the network card index, + // use RunInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html). NetworkCardIndex *int64 `type:"integer"` // The ID of the network interface. @@ -92753,6 +95547,18 @@ func (s *InstanceNetworkInterfaceSpecification) SetInterfaceType(v string) *Inst return s } +// SetIpv4PrefixCount sets the Ipv4PrefixCount field's value. +func (s *InstanceNetworkInterfaceSpecification) SetIpv4PrefixCount(v int64) *InstanceNetworkInterfaceSpecification { + s.Ipv4PrefixCount = &v + return s +} + +// SetIpv4Prefixes sets the Ipv4Prefixes field's value. +func (s *InstanceNetworkInterfaceSpecification) SetIpv4Prefixes(v []*Ipv4PrefixSpecificationRequest) *InstanceNetworkInterfaceSpecification { + s.Ipv4Prefixes = v + return s +} + // SetIpv6AddressCount sets the Ipv6AddressCount field's value. func (s *InstanceNetworkInterfaceSpecification) SetIpv6AddressCount(v int64) *InstanceNetworkInterfaceSpecification { s.Ipv6AddressCount = &v @@ -92765,6 +95571,18 @@ func (s *InstanceNetworkInterfaceSpecification) SetIpv6Addresses(v []*InstanceIp return s } +// SetIpv6PrefixCount sets the Ipv6PrefixCount field's value. +func (s *InstanceNetworkInterfaceSpecification) SetIpv6PrefixCount(v int64) *InstanceNetworkInterfaceSpecification { + s.Ipv6PrefixCount = &v + return s +} + +// SetIpv6Prefixes sets the Ipv6Prefixes field's value. +func (s *InstanceNetworkInterfaceSpecification) SetIpv6Prefixes(v []*Ipv6PrefixSpecificationRequest) *InstanceNetworkInterfaceSpecification { + s.Ipv6Prefixes = v + return s +} + // SetNetworkCardIndex sets the NetworkCardIndex field's value. func (s *InstanceNetworkInterfaceSpecification) SetNetworkCardIndex(v int64) *InstanceNetworkInterfaceSpecification { s.NetworkCardIndex = &v @@ -93577,10 +96395,12 @@ func (s *InstanceTypeOffering) SetLocationType(v string) *InstanceTypeOffering { type InstanceUsage struct { _ struct{} `type:"structure"` - // The ID of the AWS account that is making use of the Capacity Reservation. + // The ID of the Amazon Web Services account that is making use of the Capacity + // Reservation. AccountId *string `locationName:"accountId" type:"string"` - // The number of instances the AWS account currently has in the Capacity Reservation. + // The number of instances the Amazon Web Services account currently has in + // the Capacity Reservation. UsedInstanceCount *int64 `locationName:"usedInstanceCount" type:"integer"` } @@ -93663,7 +96483,7 @@ type InternetGateway struct { // The ID of the internet gateway. InternetGatewayId *string `locationName:"internetGatewayId" type:"string"` - // The ID of the AWS account that owns the internet gateway. + // The ID of the Amazon Web Services account that owns the internet gateway. OwnerId *string `locationName:"ownerId" type:"string"` // Any tags assigned to the internet gateway. @@ -93773,7 +96593,7 @@ type IpPermission struct { // types, you must specify all codes. ToPort *int64 `locationName:"toPort" type:"integer"` - // The security group and AWS account ID pairs. + // The security group and Amazon Web Services account ID pairs. UserIdGroupPairs []*UserIdGroupPair `locationName:"groups" locationNameList:"item" type:"list"` } @@ -93867,6 +96687,82 @@ func (s *IpRange) SetDescription(v string) *IpRange { return s } +// Describes an IPv4 prefix. +type Ipv4PrefixSpecification struct { + _ struct{} `type:"structure"` + + // The IPv4 prefix. For information, see Assigning prefixes to Amazon EC2 network + // interfaces (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) + // in the Amazon Elastic Compute Cloud User Guide. + Ipv4Prefix *string `locationName:"ipv4Prefix" type:"string"` +} + +// String returns the string representation +func (s Ipv4PrefixSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Ipv4PrefixSpecification) GoString() string { + return s.String() +} + +// SetIpv4Prefix sets the Ipv4Prefix field's value. +func (s *Ipv4PrefixSpecification) SetIpv4Prefix(v string) *Ipv4PrefixSpecification { + s.Ipv4Prefix = &v + return s +} + +// Describes the IPv4 prefix option for a network interface. +type Ipv4PrefixSpecificationRequest struct { + _ struct{} `type:"structure"` + + // The IPv4 prefix. For information, see Assigning prefixes to Amazon EC2 network + // interfaces (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) + // in the Amazon Elastic Compute Cloud User Guide. + Ipv4Prefix *string `type:"string"` +} + +// String returns the string representation +func (s Ipv4PrefixSpecificationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Ipv4PrefixSpecificationRequest) GoString() string { + return s.String() +} + +// SetIpv4Prefix sets the Ipv4Prefix field's value. +func (s *Ipv4PrefixSpecificationRequest) SetIpv4Prefix(v string) *Ipv4PrefixSpecificationRequest { + s.Ipv4Prefix = &v + return s +} + +// Information about the IPv4 delegated prefixes assigned to a network interface. +type Ipv4PrefixSpecificationResponse struct { + _ struct{} `type:"structure"` + + // One or more IPv4 delegated prefixes assigned to the network interface. + Ipv4Prefix *string `locationName:"ipv4Prefix" type:"string"` +} + +// String returns the string representation +func (s Ipv4PrefixSpecificationResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Ipv4PrefixSpecificationResponse) GoString() string { + return s.String() +} + +// SetIpv4Prefix sets the Ipv4Prefix field's value. +func (s *Ipv4PrefixSpecificationResponse) SetIpv4Prefix(v string) *Ipv4PrefixSpecificationResponse { + s.Ipv4Prefix = &v + return s +} + // Describes an IPv6 CIDR block association. type Ipv6CidrAssociation struct { _ struct{} `type:"structure"` @@ -93975,6 +96871,78 @@ func (s *Ipv6Pool) SetTags(v []*Tag) *Ipv6Pool { return s } +// Describes the IPv6 prefix. +type Ipv6PrefixSpecification struct { + _ struct{} `type:"structure"` + + // The IPv6 prefix. + Ipv6Prefix *string `locationName:"ipv6Prefix" type:"string"` +} + +// String returns the string representation +func (s Ipv6PrefixSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Ipv6PrefixSpecification) GoString() string { + return s.String() +} + +// SetIpv6Prefix sets the Ipv6Prefix field's value. +func (s *Ipv6PrefixSpecification) SetIpv6Prefix(v string) *Ipv6PrefixSpecification { + s.Ipv6Prefix = &v + return s +} + +// Describes the IPv4 prefix option for a network interface. +type Ipv6PrefixSpecificationRequest struct { + _ struct{} `type:"structure"` + + // The IPv6 prefix. + Ipv6Prefix *string `type:"string"` +} + +// String returns the string representation +func (s Ipv6PrefixSpecificationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Ipv6PrefixSpecificationRequest) GoString() string { + return s.String() +} + +// SetIpv6Prefix sets the Ipv6Prefix field's value. +func (s *Ipv6PrefixSpecificationRequest) SetIpv6Prefix(v string) *Ipv6PrefixSpecificationRequest { + s.Ipv6Prefix = &v + return s +} + +// Information about the IPv6 delegated prefixes assigned to a network interface. +type Ipv6PrefixSpecificationResponse struct { + _ struct{} `type:"structure"` + + // One or more IPv6 delegated prefixes assigned to the network interface. + Ipv6Prefix *string `locationName:"ipv6Prefix" type:"string"` +} + +// String returns the string representation +func (s Ipv6PrefixSpecificationResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Ipv6PrefixSpecificationResponse) GoString() string { + return s.String() +} + +// SetIpv6Prefix sets the Ipv6Prefix field's value. +func (s *Ipv6PrefixSpecificationResponse) SetIpv6Prefix(v string) *Ipv6PrefixSpecificationResponse { + s.Ipv6Prefix = &v + return s +} + // [EC2-VPC only] Describes an IPv6 range. type Ipv6Range struct { _ struct{} `type:"structure"` @@ -94017,10 +96985,21 @@ func (s *Ipv6Range) SetDescription(v string) *Ipv6Range { type KeyPairInfo struct { _ struct{} `type:"structure"` - // If you used CreateKeyPair to create the key pair, this is the SHA-1 digest - // of the DER encoded private key. If you used ImportKeyPair to provide AWS - // the public key, this is the MD5 public key fingerprint as specified in section - // 4 of RFC4716. + // If you used CreateKeyPair to create the key pair: + // + // * For RSA key pairs, the key fingerprint is the SHA-1 digest of the DER + // encoded private key. + // + // * For ED25519 key pairs, the key fingerprint is the base64-encoded SHA-256 + // digest, which is the default for OpenSSH, starting with OpenSSH 6.8 (http://www.openssh.com/txt/release-6.8). + // + // If you used ImportKeyPair to provide Amazon Web Services the public key: + // + // * For RSA key pairs, the key fingerprint is the MD5 public key fingerprint + // as specified in section 4 of RFC4716. + // + // * For ED25519 key pairs, the key fingerprint is the base64-encoded SHA-256 + // digest, which is the default for OpenSSH, starting with OpenSSH 6.8 (http://www.openssh.com/txt/release-6.8). KeyFingerprint *string `locationName:"keyFingerprint" type:"string"` // The name of the key pair. @@ -94029,6 +97008,9 @@ type KeyPairInfo struct { // The ID of the key pair. KeyPairId *string `locationName:"keyPairId" type:"string"` + // The type of key pair. + KeyType *string `locationName:"keyType" type:"string" enum:"KeyType"` + // Any tags applied to the key pair. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` } @@ -94061,6 +97043,12 @@ func (s *KeyPairInfo) SetKeyPairId(v string) *KeyPairInfo { return s } +// SetKeyType sets the KeyType field's value. +func (s *KeyPairInfo) SetKeyType(v string) *KeyPairInfo { + s.KeyType = &v + return s +} + // SetTags sets the Tags field's value. func (s *KeyPairInfo) SetTags(v []*Tag) *KeyPairInfo { s.Tags = v @@ -94764,7 +97752,7 @@ type LaunchTemplateEbsBlockDevice struct { // The number of I/O operations per second (IOPS) that the volume supports. Iops *int64 `locationName:"iops" type:"integer"` - // The ARN of the AWS Key Management Service (AWS KMS) CMK used for encryption. + // The ARN of the Key Management Service (KMS) CMK used for encryption. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` // The ID of the snapshot. @@ -94871,8 +97859,7 @@ type LaunchTemplateEbsBlockDeviceRequest struct { // is not supported for gp2, st1, sc1, or standard volumes. Iops *int64 `type:"integer"` - // The ARN of the symmetric AWS Key Management Service (AWS KMS) CMK used for - // encryption. + // The ARN of the symmetric Key Management Service (KMS) CMK used for encryption. KmsKeyId *string `type:"string"` // The ID of the snapshot. @@ -95049,12 +98036,13 @@ func (s *LaunchTemplateElasticInferenceAcceleratorResponse) SetType(v string) *L return s } -// Indicates whether the instance is enabled for AWS Nitro Enclaves. +// Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. type LaunchTemplateEnclaveOptions struct { _ struct{} `type:"structure"` - // If this parameter is set to true, the instance is enabled for AWS Nitro Enclaves; - // otherwise, it is not enabled for AWS Nitro Enclaves. + // If this parameter is set to true, the instance is enabled for Amazon Web + // Services Nitro Enclaves; otherwise, it is not enabled for Amazon Web Services + // Nitro Enclaves. Enabled *bool `locationName:"enabled" type:"boolean"` } @@ -95074,13 +98062,14 @@ func (s *LaunchTemplateEnclaveOptions) SetEnabled(v bool) *LaunchTemplateEnclave return s } -// Indicates whether the instance is enabled for AWS Nitro Enclaves. For more -// information, see What is AWS Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) -// in the AWS Nitro Enclaves User Guide. +// Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. +// For more information, see What is Amazon Web Services Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) +// in the Amazon Web Services Nitro Enclaves User Guide. type LaunchTemplateEnclaveOptionsRequest struct { _ struct{} `type:"structure"` - // To enable the instance for AWS Nitro Enclaves, set this parameter to true. + // To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter + // to true. Enabled *bool `type:"boolean"` } @@ -95438,7 +98427,7 @@ type LaunchTemplateInstanceNetworkInterfaceSpecification struct { // Use this option when you launch an instance in a Wavelength Zone and want // to associate a Carrier IP address with the network interface. For more information // about Carrier IP addresses, see Carrier IP addresses (https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html#provider-owned-ip) - // in the AWS Wavelength Developer Guide. + // in the Wavelength Developer Guide. AssociateCarrierIpAddress *bool `locationName:"associateCarrierIpAddress" type:"boolean"` // Indicates whether to associate a public IPv4 address with eth0 for a new @@ -95460,12 +98449,26 @@ type LaunchTemplateInstanceNetworkInterfaceSpecification struct { // The type of network interface. InterfaceType *string `locationName:"interfaceType" type:"string"` + // The number of IPv4 delegated prefixes that AWS automatically assigned to + // the network interface. + Ipv4PrefixCount *int64 `locationName:"ipv4PrefixCount" type:"integer"` + + // One or more IPv4 delegated prefixes assigned to the network interface. + Ipv4Prefixes []*Ipv4PrefixSpecificationResponse `locationName:"ipv4PrefixSet" locationNameList:"item" type:"list"` + // The number of IPv6 addresses for the network interface. Ipv6AddressCount *int64 `locationName:"ipv6AddressCount" type:"integer"` // The IPv6 addresses for the network interface. Ipv6Addresses []*InstanceIpv6Address `locationName:"ipv6AddressesSet" locationNameList:"item" type:"list"` + // The number of IPv6 delegated prefixes that AWS automatically assigned to + // the network interface. + Ipv6PrefixCount *int64 `locationName:"ipv6PrefixCount" type:"integer"` + + // One or more IPv6 delegated prefixes assigned to the network interface. + Ipv6Prefixes []*Ipv6PrefixSpecificationResponse `locationName:"ipv6PrefixSet" locationNameList:"item" type:"list"` + // The index of the network card. NetworkCardIndex *int64 `locationName:"networkCardIndex" type:"integer"` @@ -95537,6 +98540,18 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetInterfaceType(v return s } +// SetIpv4PrefixCount sets the Ipv4PrefixCount field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetIpv4PrefixCount(v int64) *LaunchTemplateInstanceNetworkInterfaceSpecification { + s.Ipv4PrefixCount = &v + return s +} + +// SetIpv4Prefixes sets the Ipv4Prefixes field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetIpv4Prefixes(v []*Ipv4PrefixSpecificationResponse) *LaunchTemplateInstanceNetworkInterfaceSpecification { + s.Ipv4Prefixes = v + return s +} + // SetIpv6AddressCount sets the Ipv6AddressCount field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetIpv6AddressCount(v int64) *LaunchTemplateInstanceNetworkInterfaceSpecification { s.Ipv6AddressCount = &v @@ -95549,6 +98564,18 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetIpv6Addresses(v return s } +// SetIpv6PrefixCount sets the Ipv6PrefixCount field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetIpv6PrefixCount(v int64) *LaunchTemplateInstanceNetworkInterfaceSpecification { + s.Ipv6PrefixCount = &v + return s +} + +// SetIpv6Prefixes sets the Ipv6Prefixes field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetIpv6Prefixes(v []*Ipv6PrefixSpecificationResponse) *LaunchTemplateInstanceNetworkInterfaceSpecification { + s.Ipv6Prefixes = v + return s +} + // SetNetworkCardIndex sets the NetworkCardIndex field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetNetworkCardIndex(v int64) *LaunchTemplateInstanceNetworkInterfaceSpecification { s.NetworkCardIndex = &v @@ -95594,7 +98621,7 @@ type LaunchTemplateInstanceNetworkInterfaceSpecificationRequest struct { // Use this option when you launch an instance in a Wavelength Zone and want // to associate a Carrier IP address with the network interface. For more information // about Carrier IP addresses, see Carrier IP addresses (https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html#provider-owned-ip) - // in the AWS Wavelength Developer Guide. + // in the Wavelength Developer Guide. AssociateCarrierIpAddress *bool `type:"boolean"` // Associates a public IPv4 address with eth0 for a new network interface. @@ -95621,6 +98648,14 @@ type LaunchTemplateInstanceNetworkInterfaceSpecificationRequest struct { // Valid values: interface | efa InterfaceType *string `type:"string"` + // The number of IPv4 delegated prefixes to be automatically assigned to the + // network interface. You cannot use this option if you use the Ipv4Prefix option. + Ipv4PrefixCount *int64 `type:"integer"` + + // One or more IPv4 delegated prefixes to be assigned to the network interface. + // You cannot use this option if you use the Ipv4PrefixCount option. + Ipv4Prefixes []*Ipv4PrefixSpecificationRequest `locationName:"Ipv4Prefix" locationNameList:"item" type:"list"` + // The number of IPv6 addresses to assign to a network interface. Amazon EC2 // automatically selects the IPv6 addresses from the subnet range. You can't // use this option if specifying specific IPv6 addresses. @@ -95630,6 +98665,14 @@ type LaunchTemplateInstanceNetworkInterfaceSpecificationRequest struct { // subnet. You can't use this option if you're specifying a number of IPv6 addresses. Ipv6Addresses []*InstanceIpv6AddressRequest `locationNameList:"InstanceIpv6Address" type:"list"` + // The number of IPv6 delegated prefixes to be automatically assigned to the + // network interface. You cannot use this option if you use the Ipv6Prefix option. + Ipv6PrefixCount *int64 `type:"integer"` + + // One or more IPv6 delegated prefixes to be assigned to the network interface. + // You cannot use this option if you use the Ipv6PrefixCount option. + Ipv6Prefixes []*Ipv6PrefixSpecificationRequest `locationName:"Ipv6Prefix" locationNameList:"item" type:"list"` + // The index of the network card. Some instance types support multiple network // cards. The primary network interface must be assigned to network card index // 0. The default is network card index 0. @@ -95703,6 +98746,18 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetInterfac return s } +// SetIpv4PrefixCount sets the Ipv4PrefixCount field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetIpv4PrefixCount(v int64) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { + s.Ipv4PrefixCount = &v + return s +} + +// SetIpv4Prefixes sets the Ipv4Prefixes field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetIpv4Prefixes(v []*Ipv4PrefixSpecificationRequest) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { + s.Ipv4Prefixes = v + return s +} + // SetIpv6AddressCount sets the Ipv6AddressCount field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetIpv6AddressCount(v int64) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { s.Ipv6AddressCount = &v @@ -95715,6 +98770,18 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetIpv6Addr return s } +// SetIpv6PrefixCount sets the Ipv6PrefixCount field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetIpv6PrefixCount(v int64) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { + s.Ipv6PrefixCount = &v + return s +} + +// SetIpv6Prefixes sets the Ipv6Prefixes field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetIpv6Prefixes(v []*Ipv6PrefixSpecificationRequest) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { + s.Ipv6Prefixes = v + return s +} + // SetNetworkCardIndex sets the NetworkCardIndex field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetNetworkCardIndex(v int64) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { s.NetworkCardIndex = &v @@ -97535,6 +100602,8 @@ type ModifyCapacityReservationInput struct { EndDateType *string `type:"string" enum:"EndDateType"` // The number of instances for which to reserve capacity. + // + // Valid range: 1 - 1000 InstanceCount *int64 `type:"integer"` } @@ -97902,12 +100971,11 @@ type ModifyEbsDefaultKmsKeyIdInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The identifier of the AWS Key Management Service (AWS KMS) customer master - // key (CMK) to use for Amazon EBS encryption. If this parameter is not specified, - // your AWS managed CMK for EBS is used. If KmsKeyId is specified, the encrypted - // state must be true. + // The identifier of the Key Management Service (KMS) KMS key to use for Amazon + // EBS encryption. If this parameter is not specified, your KMS key for Amazon + // EBS is used. If KmsKeyId is specified, the encrypted state must be true. // - // You can specify the CMK using any of the following: + // You can specify the KMS key using any of the following: // // * Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab. // @@ -97917,11 +100985,11 @@ type ModifyEbsDefaultKmsKeyIdInput struct { // // * Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // - // AWS authenticates the CMK asynchronously. Therefore, if you specify an ID, - // alias, or ARN that is not valid, the action can appear to complete, but eventually - // fails. + // Amazon Web Services authenticates the KMS key asynchronously. Therefore, + // if you specify an ID, alias, or ARN that is not valid, the action can appear + // to complete, but eventually fails. // - // Amazon EBS does not support asymmetric CMKs. + // Amazon EBS does not support asymmetric KMS keys. // // KmsKeyId is a required field KmsKeyId *string `type:"string" required:"true"` @@ -97965,7 +101033,7 @@ func (s *ModifyEbsDefaultKmsKeyIdInput) SetKmsKeyId(v string) *ModifyEbsDefaultK type ModifyEbsDefaultKmsKeyIdOutput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the default CMK for encryption by default. + // The Amazon Resource Name (ARN) of the default KMS key for encryption by default. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` } @@ -97988,6 +101056,9 @@ func (s *ModifyEbsDefaultKmsKeyIdOutput) SetKmsKeyId(v string) *ModifyEbsDefault type ModifyFleetInput struct { _ struct{} `type:"structure"` + // Reserved. + Context *string `type:"string"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, @@ -98049,6 +101120,12 @@ func (s *ModifyFleetInput) Validate() error { return nil } +// SetContext sets the Context field's value. +func (s *ModifyFleetInput) SetContext(v string) *ModifyFleetInput { + s.Context = &v + return s +} + // SetDryRun sets the DryRun field's value. func (s *ModifyFleetInput) SetDryRun(v bool) *ModifyFleetInput { s.DryRun = &v @@ -98771,9 +101848,9 @@ type ModifyInstanceAttributeInput struct { SriovNetSupport *AttributeValue `locationName:"sriovNetSupport" type:"structure"` // Changes the instance's user data to the specified value. If you are using - // an AWS SDK or command line tool, base64-encoding is performed for you, and - // you can load the text from a file. Otherwise, you must provide base64-encoded - // text. + // an Amazon Web Services SDK or command line tool, base64-encoding is performed + // for you, and you can load the text from a file. Otherwise, you must provide + // base64-encoded text. UserData *BlobAttributeValue `locationName:"userData" type:"structure"` // A new value for the attribute. Use only with the kernel, ramdisk, userData, @@ -99197,6 +102274,126 @@ func (s *ModifyInstanceEventStartTimeOutput) SetEvent(v *InstanceStatusEvent) *M return s } +type ModifyInstanceEventWindowInput struct { + _ struct{} `type:"structure"` + + // The cron expression of the event window, for example, * 0-4,20-23 * * 1,5. + // + // Constraints: + // + // * Only hour and day of the week values are supported. + // + // * For day of the week values, you can specify either integers 0 through + // 6, or alternative single values SUN through SAT. + // + // * The minute, month, and year must be specified by *. + // + // * The hour value must be one or a multiple range, for example, 0-4 or + // 0-4,20-23. + // + // * Each hour range must be >= 2 hours, for example, 0-2 or 20-23. + // + // * The event window must be >= 4 hours. The combined total time ranges + // in the event window must be >= 4 hours. + // + // For more information about cron expressions, see cron (https://en.wikipedia.org/wiki/Cron) + // on the Wikipedia website. + CronExpression *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the event window. + // + // InstanceEventWindowId is a required field + InstanceEventWindowId *string `type:"string" required:"true"` + + // The name of the event window. + Name *string `type:"string"` + + // The time ranges of the event window. + TimeRanges []*InstanceEventWindowTimeRangeRequest `locationName:"TimeRange" type:"list"` +} + +// String returns the string representation +func (s ModifyInstanceEventWindowInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyInstanceEventWindowInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyInstanceEventWindowInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyInstanceEventWindowInput"} + if s.InstanceEventWindowId == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceEventWindowId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCronExpression sets the CronExpression field's value. +func (s *ModifyInstanceEventWindowInput) SetCronExpression(v string) *ModifyInstanceEventWindowInput { + s.CronExpression = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyInstanceEventWindowInput) SetDryRun(v bool) *ModifyInstanceEventWindowInput { + s.DryRun = &v + return s +} + +// SetInstanceEventWindowId sets the InstanceEventWindowId field's value. +func (s *ModifyInstanceEventWindowInput) SetInstanceEventWindowId(v string) *ModifyInstanceEventWindowInput { + s.InstanceEventWindowId = &v + return s +} + +// SetName sets the Name field's value. +func (s *ModifyInstanceEventWindowInput) SetName(v string) *ModifyInstanceEventWindowInput { + s.Name = &v + return s +} + +// SetTimeRanges sets the TimeRanges field's value. +func (s *ModifyInstanceEventWindowInput) SetTimeRanges(v []*InstanceEventWindowTimeRangeRequest) *ModifyInstanceEventWindowInput { + s.TimeRanges = v + return s +} + +type ModifyInstanceEventWindowOutput struct { + _ struct{} `type:"structure"` + + // Information about the event window. + InstanceEventWindow *InstanceEventWindow `locationName:"instanceEventWindow" type:"structure"` +} + +// String returns the string representation +func (s ModifyInstanceEventWindowOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyInstanceEventWindowOutput) GoString() string { + return s.String() +} + +// SetInstanceEventWindow sets the InstanceEventWindow field's value. +func (s *ModifyInstanceEventWindowOutput) SetInstanceEventWindow(v *InstanceEventWindow) *ModifyInstanceEventWindowOutput { + s.InstanceEventWindow = v + return s +} + type ModifyInstanceMetadataOptionsInput struct { _ struct{} `type:"structure"` @@ -99213,6 +102410,9 @@ type ModifyInstanceMetadataOptionsInput struct { // metadata. HttpEndpoint *string `type:"string" enum:"InstanceMetadataEndpointState"` + // Enables or disables the IPv6 endpoint for the instance metadata service. + HttpProtocolIpv6 *string `type:"string" enum:"InstanceMetadataProtocolState"` + // The desired HTTP PUT response hop limit for instance metadata requests. The // larger the number, the further instance metadata requests can travel. If // no parameter is specified, the existing state is maintained. @@ -99276,6 +102476,12 @@ func (s *ModifyInstanceMetadataOptionsInput) SetHttpEndpoint(v string) *ModifyIn return s } +// SetHttpProtocolIpv6 sets the HttpProtocolIpv6 field's value. +func (s *ModifyInstanceMetadataOptionsInput) SetHttpProtocolIpv6(v string) *ModifyInstanceMetadataOptionsInput { + s.HttpProtocolIpv6 = &v + return s +} + // SetHttpPutResponseHopLimit sets the HttpPutResponseHopLimit field's value. func (s *ModifyInstanceMetadataOptionsInput) SetHttpPutResponseHopLimit(v int64) *ModifyInstanceMetadataOptionsInput { s.HttpPutResponseHopLimit = &v @@ -99564,6 +102770,11 @@ type ModifyManagedPrefixListInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // The maximum number of entries for the prefix list. You cannot modify the + // entries of a prefix list and modify the size of a prefix list at the same + // time. + MaxEntries *int64 `type:"integer"` + // The ID of the prefix list. // // PrefixListId is a required field @@ -99637,6 +102848,12 @@ func (s *ModifyManagedPrefixListInput) SetDryRun(v bool) *ModifyManagedPrefixLis return s } +// SetMaxEntries sets the MaxEntries field's value. +func (s *ModifyManagedPrefixListInput) SetMaxEntries(v int64) *ModifyManagedPrefixListInput { + s.MaxEntries = &v + return s +} + // SetPrefixListId sets the PrefixListId field's value. func (s *ModifyManagedPrefixListInput) SetPrefixListId(v string) *ModifyManagedPrefixListInput { s.PrefixListId = &v @@ -99875,6 +103092,93 @@ func (s *ModifyReservedInstancesOutput) SetReservedInstancesModificationId(v str return s } +type ModifySecurityGroupRulesInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the security group. + // + // GroupId is a required field + GroupId *string `type:"string" required:"true"` + + // Information about the security group properties to update. + // + // SecurityGroupRules is a required field + SecurityGroupRules []*SecurityGroupRuleUpdate `locationName:"SecurityGroupRule" locationNameList:"item" type:"list" required:"true"` +} + +// String returns the string representation +func (s ModifySecurityGroupRulesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifySecurityGroupRulesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifySecurityGroupRulesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifySecurityGroupRulesInput"} + if s.GroupId == nil { + invalidParams.Add(request.NewErrParamRequired("GroupId")) + } + if s.SecurityGroupRules == nil { + invalidParams.Add(request.NewErrParamRequired("SecurityGroupRules")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifySecurityGroupRulesInput) SetDryRun(v bool) *ModifySecurityGroupRulesInput { + s.DryRun = &v + return s +} + +// SetGroupId sets the GroupId field's value. +func (s *ModifySecurityGroupRulesInput) SetGroupId(v string) *ModifySecurityGroupRulesInput { + s.GroupId = &v + return s +} + +// SetSecurityGroupRules sets the SecurityGroupRules field's value. +func (s *ModifySecurityGroupRulesInput) SetSecurityGroupRules(v []*SecurityGroupRuleUpdate) *ModifySecurityGroupRulesInput { + s.SecurityGroupRules = v + return s +} + +type ModifySecurityGroupRulesOutput struct { + _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, returns an error. + Return *bool `locationName:"return" type:"boolean"` +} + +// String returns the string representation +func (s ModifySecurityGroupRulesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifySecurityGroupRulesOutput) GoString() string { + return s.String() +} + +// SetReturn sets the Return field's value. +func (s *ModifySecurityGroupRulesOutput) SetReturn(v bool) *ModifySecurityGroupRulesOutput { + s.Return = &v + return s +} + type ModifySnapshotAttributeInput struct { _ struct{} `type:"structure"` @@ -99989,6 +103293,9 @@ func (s ModifySnapshotAttributeOutput) GoString() string { type ModifySpotFleetRequestInput struct { _ struct{} `type:"structure"` + // Reserved. + Context *string `type:"string"` + // Indicates whether running Spot Instances should be terminated if the target // capacity of the Spot Fleet request is decreased below the current size of // the Spot Fleet. @@ -100045,6 +103352,12 @@ func (s *ModifySpotFleetRequestInput) Validate() error { return nil } +// SetContext sets the Context field's value. +func (s *ModifySpotFleetRequestInput) SetContext(v string) *ModifySpotFleetRequestInput { + s.Context = &v + return s +} + // SetExcessCapacityTerminationPolicy sets the ExcessCapacityTerminationPolicy field's value. func (s *ModifySpotFleetRequestInput) SetExcessCapacityTerminationPolicy(v string) *ModifySpotFleetRequestInput { s.ExcessCapacityTerminationPolicy = &v @@ -100917,8 +104230,6 @@ type ModifyTransitGatewayVpcAttachmentInput struct { DryRun *bool `type:"boolean"` // The new VPC attachment options. - // - // You cannot modify the IPv6 options. Options *ModifyTransitGatewayVpcAttachmentRequestOptions `type:"structure"` // The IDs of one or more subnets to remove. @@ -101143,8 +104454,8 @@ type ModifyVolumeInput struct { // // * io2: 100-64,000 IOPS // - // Default: If no IOPS value is specified, the existing value is retained, unless - // a volume type is modified that supports different values. + // Default: The existing value is retained if you keep the same volume type. + // If you change the volume type to io1, io2, or gp3, the default is 3,000. Iops *int64 `type:"integer"` // Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, @@ -101167,13 +104478,14 @@ type ModifyVolumeInput struct { // // * standard: 1-1,024 // - // Default: If no size is specified, the existing size is retained. + // Default: The existing size is retained. Size *int64 `type:"integer"` // The target throughput of the volume, in MiB/s. This parameter is valid only // for gp3 volumes. The maximum value is 1,000. // - // Default: If no throughput value is specified, the existing value is retained. + // Default: The existing value is retained if the source and target volume type + // is gp3. Otherwise, the default value is 125. // // Valid Range: Minimum value of 125. Maximum value of 1000. Throughput *int64 `type:"integer"` @@ -101187,7 +104499,7 @@ type ModifyVolumeInput struct { // EBS volume types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) // in the Amazon Elastic Compute Cloud User Guide. // - // Default: If no type is specified, the existing type is retained. + // Default: The existing type is retained. VolumeType *string `type:"string" enum:"VolumeType"` } @@ -103153,7 +106465,7 @@ type NetworkAcl struct { // The ID of the network ACL. NetworkAclId *string `locationName:"networkAclId" type:"string"` - // The ID of the AWS account that owns the network ACL. + // The ID of the Amazon Web Services account that owns the network ACL. OwnerId *string `locationName:"ownerId" type:"string"` // Any tags assigned to the network ACL. @@ -103404,6 +106716,10 @@ type NetworkInfo struct { // Indicates whether Elastic Network Adapter (ENA) is supported. EnaSupport *string `locationName:"enaSupport" type:"string" enum:"EnaSupport"` + // Indicates whether the instance type automatically encrypts in-transit traffic + // between instances. + EncryptionInTransitSupported *bool `locationName:"encryptionInTransitSupported" type:"boolean"` + // The maximum number of IPv4 addresses per network interface. Ipv4AddressesPerInterface *int64 `locationName:"ipv4AddressesPerInterface" type:"integer"` @@ -103461,6 +106777,12 @@ func (s *NetworkInfo) SetEnaSupport(v string) *NetworkInfo { return s } +// SetEncryptionInTransitSupported sets the EncryptionInTransitSupported field's value. +func (s *NetworkInfo) SetEncryptionInTransitSupported(v bool) *NetworkInfo { + s.EncryptionInTransitSupported = &v + return s +} + // SetIpv4AddressesPerInterface sets the Ipv4AddressesPerInterface field's value. func (s *NetworkInfo) SetIpv4AddressesPerInterface(v int64) *NetworkInfo { s.Ipv4AddressesPerInterface = &v @@ -103514,7 +106836,8 @@ type NetworkInsightsAnalysis struct { // codes (https://docs.aws.amazon.com/vpc/latest/reachability/explanation-codes.html). Explanations []*Explanation `locationName:"explanationSet" locationNameList:"item" type:"list"` - // The Amazon Resource Names (ARN) of the AWS resources that the path must traverse. + // The Amazon Resource Names (ARN) of the Amazon Web Services resources that + // the path must traverse. FilterInArns []*string `locationName:"filterInArnSet" locationNameList:"item" type:"list"` // The components in the path from source to destination. @@ -103643,10 +106966,11 @@ type NetworkInsightsPath struct { // The time stamp when the path was created. CreatedDate *time.Time `locationName:"createdDate" type:"timestamp"` - // The AWS resource that is the destination of the path. + // The Amazon Web Services resource that is the destination of the path. Destination *string `locationName:"destination" type:"string"` - // The IP address of the AWS resource that is the destination of the path. + // The IP address of the Amazon Web Services resource that is the destination + // of the path. DestinationIp *string `locationName:"destinationIp" type:"string"` // The destination port. @@ -103661,10 +106985,11 @@ type NetworkInsightsPath struct { // The protocol. Protocol *string `locationName:"protocol" type:"string" enum:"Protocol"` - // The AWS resource that is the source of the path. + // The Amazon Web Services resource that is the source of the path. Source *string `locationName:"source" type:"string"` - // The IP address of the AWS resource that is the source of the path. + // The IP address of the Amazon Web Services resource that is the source of + // the path. SourceIp *string `locationName:"sourceIp" type:"string"` // The tags associated with the path. @@ -103764,9 +107089,15 @@ type NetworkInterface struct { // The type of network interface. InterfaceType *string `locationName:"interfaceType" type:"string" enum:"NetworkInterfaceType"` + // The IPv4 prefixes that are assigned to the network interface. + Ipv4Prefixes []*Ipv4PrefixSpecification `locationName:"ipv4PrefixSet" locationNameList:"item" type:"list"` + // The IPv6 addresses associated with the network interface. Ipv6Addresses []*NetworkInterfaceIpv6Address `locationName:"ipv6AddressesSet" locationNameList:"item" type:"list"` + // The IPv6 prefixes that are assigned to the network interface. + Ipv6Prefixes []*Ipv6PrefixSpecification `locationName:"ipv6PrefixSet" locationNameList:"item" type:"list"` + // The MAC address. MacAddress *string `locationName:"macAddress" type:"string"` @@ -103776,7 +107107,7 @@ type NetworkInterface struct { // The Amazon Resource Name (ARN) of the Outpost. OutpostArn *string `locationName:"outpostArn" type:"string"` - // The account ID of the owner of the network interface. + // The Amazon Web Services account ID of the owner of the network interface. OwnerId *string `locationName:"ownerId" type:"string"` // The private DNS name. @@ -103788,8 +107119,8 @@ type NetworkInterface struct { // The private IPv4 addresses associated with the network interface. PrivateIpAddresses []*NetworkInterfacePrivateIpAddress `locationName:"privateIpAddressesSet" locationNameList:"item" type:"list"` - // The alias or account ID of the principal or service that created the network - // interface. + // The alias or Amazon Web Services account ID of the principal or service that + // created the network interface. RequesterId *string `locationName:"requesterId" type:"string"` // Indicates whether the network interface is being managed by Amazon Web Services. @@ -103857,12 +107188,24 @@ func (s *NetworkInterface) SetInterfaceType(v string) *NetworkInterface { return s } +// SetIpv4Prefixes sets the Ipv4Prefixes field's value. +func (s *NetworkInterface) SetIpv4Prefixes(v []*Ipv4PrefixSpecification) *NetworkInterface { + s.Ipv4Prefixes = v + return s +} + // SetIpv6Addresses sets the Ipv6Addresses field's value. func (s *NetworkInterface) SetIpv6Addresses(v []*NetworkInterfaceIpv6Address) *NetworkInterface { s.Ipv6Addresses = v return s } +// SetIpv6Prefixes sets the Ipv6Prefixes field's value. +func (s *NetworkInterface) SetIpv6Prefixes(v []*Ipv6PrefixSpecification) *NetworkInterface { + s.Ipv6Prefixes = v + return s +} + // SetMacAddress sets the MacAddress field's value. func (s *NetworkInterface) SetMacAddress(v string) *NetworkInterface { s.MacAddress = &v @@ -104049,7 +107392,7 @@ type NetworkInterfaceAttachment struct { // The ID of the instance. InstanceId *string `locationName:"instanceId" type:"string"` - // The account ID of the owner of the instance. + // The Amazon Web Services account ID of the owner of the instance. InstanceOwnerId *string `locationName:"instanceOwnerId" type:"string"` // The index of the network card. @@ -104178,7 +107521,7 @@ func (s *NetworkInterfaceIpv6Address) SetIpv6Address(v string) *NetworkInterface type NetworkInterfacePermission struct { _ struct{} `type:"structure"` - // The account ID. + // The Amazon Web Services account ID. AwsAccountId *string `locationName:"awsAccountId" type:"string"` // The Amazon Web Service. @@ -104810,7 +108153,7 @@ func (s *PeeringConnectionOptionsRequest) SetAllowEgressFromLocalVpcToRemoteClas type PeeringTgwInfo struct { _ struct{} `type:"structure"` - // The AWS account ID of the owner of the transit gateway. + // The ID of the Amazon Web Services account that owns the transit gateway. OwnerId *string `locationName:"ownerId" type:"string"` // The Region of the transit gateway. @@ -105974,6 +109317,9 @@ type ProvisionByoipCidrInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // Reserved. + MultiRegion *bool `type:"boolean"` + // The tags to apply to the address pool. PoolTagSpecifications []*TagSpecification `locationName:"PoolTagSpecification" locationNameList:"item" type:"list"` @@ -106036,6 +109382,12 @@ func (s *ProvisionByoipCidrInput) SetDryRun(v bool) *ProvisionByoipCidrInput { return s } +// SetMultiRegion sets the MultiRegion field's value. +func (s *ProvisionByoipCidrInput) SetMultiRegion(v bool) *ProvisionByoipCidrInput { + s.MultiRegion = &v + return s +} + // SetPoolTagSpecifications sets the PoolTagSpecifications field's value. func (s *ProvisionByoipCidrInput) SetPoolTagSpecifications(v []*TagSpecification) *ProvisionByoipCidrInput { s.PoolTagSpecifications = v @@ -106704,7 +110056,10 @@ func (s *PurchaseReservedInstancesOfferingInput) SetReservedInstancesOfferingId( type PurchaseReservedInstancesOfferingOutput struct { _ struct{} `type:"structure"` - // The IDs of the purchased Reserved Instances. + // The IDs of the purchased Reserved Instances. If your purchase crosses into + // a discounted pricing tier, the final Reserved Instances IDs might change. + // For more information, see Crossing pricing tiers (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-reserved-instances-application.html#crossing-pricing-tiers) + // in the Amazon Elastic Compute Cloud User Guide. ReservedInstancesId *string `locationName:"reservedInstancesId" type:"string"` } @@ -106919,6 +110274,66 @@ func (s *RecurringCharge) SetFrequency(v string) *RecurringCharge { return s } +// Describes the security group that is referenced in the security group rule. +type ReferencedSecurityGroup struct { + _ struct{} `type:"structure"` + + // The ID of the security group. + GroupId *string `locationName:"groupId" type:"string"` + + // The status of a VPC peering connection, if applicable. + PeeringStatus *string `locationName:"peeringStatus" type:"string"` + + // The Amazon Web Services account ID. + UserId *string `locationName:"userId" type:"string"` + + // The ID of the VPC. + VpcId *string `locationName:"vpcId" type:"string"` + + // The ID of the VPC peering connection. + VpcPeeringConnectionId *string `locationName:"vpcPeeringConnectionId" type:"string"` +} + +// String returns the string representation +func (s ReferencedSecurityGroup) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ReferencedSecurityGroup) GoString() string { + return s.String() +} + +// SetGroupId sets the GroupId field's value. +func (s *ReferencedSecurityGroup) SetGroupId(v string) *ReferencedSecurityGroup { + s.GroupId = &v + return s +} + +// SetPeeringStatus sets the PeeringStatus field's value. +func (s *ReferencedSecurityGroup) SetPeeringStatus(v string) *ReferencedSecurityGroup { + s.PeeringStatus = &v + return s +} + +// SetUserId sets the UserId field's value. +func (s *ReferencedSecurityGroup) SetUserId(v string) *ReferencedSecurityGroup { + s.UserId = &v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *ReferencedSecurityGroup) SetVpcId(v string) *ReferencedSecurityGroup { + s.VpcId = &v + return s +} + +// SetVpcPeeringConnectionId sets the VpcPeeringConnectionId field's value. +func (s *ReferencedSecurityGroup) SetVpcPeeringConnectionId(v string) *ReferencedSecurityGroup { + s.VpcPeeringConnectionId = &v + return s +} + // Describes a Region. type Region struct { _ struct{} `type:"structure"` @@ -108989,16 +112404,17 @@ type RequestLaunchTemplateData struct { // The elastic inference accelerator for the instance. ElasticInferenceAccelerators []*LaunchTemplateElasticInferenceAccelerator `locationName:"ElasticInferenceAccelerator" locationNameList:"item" type:"list"` - // Indicates whether the instance is enabled for AWS Nitro Enclaves. For more - // information, see What is AWS Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) - // in the AWS Nitro Enclaves User Guide. + // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. + // For more information, see What is Amazon Web Services Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) + // in the Amazon Web Services Nitro Enclaves User Guide. // - // You can't enable AWS Nitro Enclaves and hibernation on the same instance. + // You can't enable Amazon Web Services Nitro Enclaves and hibernation on the + // same instance. EnclaveOptions *LaunchTemplateEnclaveOptionsRequest `type:"structure"` // Indicates whether an instance is enabled for hibernation. This parameter // is valid only if the instance meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites). - // For more information, see Hibernate Your Instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) + // For more information, see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) // in the Amazon Elastic Compute Cloud User Guide. HibernationOptions *LaunchTemplateHibernationOptionsRequest `type:"structure"` @@ -109039,7 +112455,7 @@ type RequestLaunchTemplateData struct { LicenseSpecifications []*LaunchTemplateLicenseConfigurationRequest `locationName:"LicenseSpecification" locationNameList:"item" type:"list"` // The metadata options for the instance. For more information, see Instance - // Metadata and User Data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) + // metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) // in the Amazon Elastic Compute Cloud User Guide. MetadataOptions *LaunchTemplateInstanceMetadataOptionsRequest `type:"structure"` @@ -109396,20 +112812,7 @@ type RequestSpotInstancesInput struct { // Default: Instances are launched in any available Availability Zone. AvailabilityZoneGroup *string `locationName:"availabilityZoneGroup" type:"string"` - // The required duration for the Spot Instances (also known as Spot blocks), - // in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, - // or 360). - // - // The duration period starts as soon as your Spot Instance receives its instance - // ID. At the end of the duration period, Amazon EC2 marks the Spot Instance - // for termination and provides a Spot Instance termination notice, which gives - // the instance a two-minute warning before it terminates. - // - // You can't specify an Availability Zone group or a launch group if you specify - // a duration. - // - // New accounts or accounts with no previous billing history with AWS are not - // eligible for Spot Instances with a defined duration (also known as Spot blocks). + // Deprecated. BlockDurationMinutes *int64 `locationName:"blockDurationMinutes" type:"integer"` // Unique, case-sensitive identifier that you provide to ensure the idempotency @@ -109807,11 +113210,11 @@ type Reservation struct { // The instances. Instances []*Instance `locationName:"instancesSet" locationNameList:"item" type:"list"` - // The ID of the AWS account that owns the reservation. + // The ID of the Amazon Web Services account that owns the reservation. OwnerId *string `locationName:"ownerId" type:"string"` // The ID of the requester that launched the instances on your behalf (for example, - // AWS Management Console or Auto Scaling). + // Amazon Web Services Management Console or Auto Scaling). RequesterId *string `locationName:"requesterId" type:"string"` // The ID of the reservation. @@ -110500,8 +113903,8 @@ type ReservedInstancesOffering struct { InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"` // Indicates whether the offering is available through the Reserved Instance - // Marketplace (resale) or AWS. If it's a Reserved Instance Marketplace offering, - // this is true. + // Marketplace (resale) or Amazon Web Services. If it's a Reserved Instance + // Marketplace offering, this is true. Marketplace *bool `locationName:"marketplace" type:"boolean"` // If convertible it can be exchanged for Reserved Instances of the same or @@ -110749,7 +114152,8 @@ func (s *ResetEbsDefaultKmsKeyIdInput) SetDryRun(v bool) *ResetEbsDefaultKmsKeyI type ResetEbsDefaultKmsKeyIdOutput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the default CMK for EBS encryption by default. + // The Amazon Resource Name (ARN) of the default KMS key for EBS encryption + // by default. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` } @@ -111210,7 +114614,7 @@ type ResponseLaunchTemplateData struct { CapacityReservationSpecification *LaunchTemplateCapacityReservationSpecificationResponse `locationName:"capacityReservationSpecification" type:"structure"` // The CPU options for the instance. For more information, see Optimizing CPU - // Options (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) + // options (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) // in the Amazon Elastic Compute Cloud User Guide. CpuOptions *LaunchTemplateCpuOptions `locationName:"cpuOptions" type:"structure"` @@ -111230,11 +114634,11 @@ type ResponseLaunchTemplateData struct { // The elastic inference accelerator for the instance. ElasticInferenceAccelerators []*LaunchTemplateElasticInferenceAcceleratorResponse `locationName:"elasticInferenceAcceleratorSet" locationNameList:"item" type:"list"` - // Indicates whether the instance is enabled for AWS Nitro Enclaves. + // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. EnclaveOptions *LaunchTemplateEnclaveOptions `locationName:"enclaveOptions" type:"structure"` // Indicates whether an instance is configured for hibernation. For more information, - // see Hibernate Your Instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) + // see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) // in the Amazon Elastic Compute Cloud User Guide. HibernationOptions *LaunchTemplateHibernationOptions `locationName:"hibernationOptions" type:"structure"` @@ -111264,7 +114668,7 @@ type ResponseLaunchTemplateData struct { LicenseSpecifications []*LaunchTemplateLicenseConfiguration `locationName:"licenseSet" locationNameList:"item" type:"list"` // The metadata options for the instance. For more information, see Instance - // Metadata and User Data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) + // metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) // in the Amazon Elastic Compute Cloud User Guide. MetadataOptions *LaunchTemplateInstanceMetadataOptions `locationName:"metadataOptions" type:"structure"` @@ -111782,6 +115186,9 @@ type RevokeSecurityGroupEgressInput struct { // number. IpProtocol *string `locationName:"ipProtocol" type:"string"` + // The IDs of the security group rules. + SecurityGroupRuleIds []*string `locationName:"SecurityGroupRuleId" locationNameList:"item" type:"list"` + // Not supported. Use a set of IP permissions to specify a destination security // group. SourceSecurityGroupName *string `locationName:"sourceSecurityGroupName" type:"string"` @@ -111853,6 +115260,12 @@ func (s *RevokeSecurityGroupEgressInput) SetIpProtocol(v string) *RevokeSecurity return s } +// SetSecurityGroupRuleIds sets the SecurityGroupRuleIds field's value. +func (s *RevokeSecurityGroupEgressInput) SetSecurityGroupRuleIds(v []*string) *RevokeSecurityGroupEgressInput { + s.SecurityGroupRuleIds = v + return s +} + // SetSourceSecurityGroupName sets the SourceSecurityGroupName field's value. func (s *RevokeSecurityGroupEgressInput) SetSourceSecurityGroupName(v string) *RevokeSecurityGroupEgressInput { s.SourceSecurityGroupName = &v @@ -111938,6 +115351,9 @@ type RevokeSecurityGroupIngressInput struct { // Use -1 to specify all. IpProtocol *string `type:"string"` + // The IDs of the security group rules. + SecurityGroupRuleIds []*string `locationName:"SecurityGroupRuleId" locationNameList:"item" type:"list"` + // [EC2-Classic, default VPC] The name of the source security group. You can't // specify this parameter in combination with the following parameters: the // CIDR IP address range, the start of the port range, the IP protocol, and @@ -111946,12 +115362,12 @@ type RevokeSecurityGroupIngressInput struct { // use a set of IP permissions instead. SourceSecurityGroupName *string `type:"string"` - // [EC2-Classic] The AWS account ID of the source security group, if the source - // security group is in a different account. You can't specify this parameter - // in combination with the following parameters: the CIDR IP address range, - // the IP protocol, the start of the port range, and the end of the port range. - // To revoke a specific rule for an IP protocol and port range, use a set of - // IP permissions instead. + // [EC2-Classic] The Amazon Web Services account ID of the source security group, + // if the source security group is in a different account. You can't specify + // this parameter in combination with the following parameters: the CIDR IP + // address range, the IP protocol, the start of the port range, and the end + // of the port range. To revoke a specific rule for an IP protocol and port + // range, use a set of IP permissions instead. SourceSecurityGroupOwnerId *string `type:"string"` // The end of port range for the TCP and UDP protocols, or an ICMP code number. @@ -112011,6 +115427,12 @@ func (s *RevokeSecurityGroupIngressInput) SetIpProtocol(v string) *RevokeSecurit return s } +// SetSecurityGroupRuleIds sets the SecurityGroupRuleIds field's value. +func (s *RevokeSecurityGroupIngressInput) SetSecurityGroupRuleIds(v []*string) *RevokeSecurityGroupIngressInput { + s.SecurityGroupRuleIds = v + return s +} + // SetSourceSecurityGroupName sets the SourceSecurityGroupName field's value. func (s *RevokeSecurityGroupIngressInput) SetSourceSecurityGroupName(v string) *RevokeSecurityGroupIngressInput { s.SourceSecurityGroupName = &v @@ -112075,7 +115497,7 @@ type Route struct { // The IPv6 CIDR block used for the destination match. DestinationIpv6CidrBlock *string `locationName:"destinationIpv6CidrBlock" type:"string"` - // The prefix of the AWS service. + // The prefix of the Amazon Web Service. DestinationPrefixListId *string `locationName:"destinationPrefixListId" type:"string"` // The ID of the egress-only internet gateway. @@ -112087,7 +115509,7 @@ type Route struct { // The ID of a NAT instance in your VPC. InstanceId *string `locationName:"instanceId" type:"string"` - // The AWS account ID of the owner of the instance. + // The ID of Amazon Web Services account that owns the instance. InstanceOwnerId *string `locationName:"instanceOwnerId" type:"string"` // The ID of the local gateway. @@ -112228,7 +115650,7 @@ type RouteTable struct { // The associations between the route table and one or more subnets or a gateway. Associations []*RouteTableAssociation `locationName:"associationSet" locationNameList:"item" type:"list"` - // The ID of the AWS account that owns the route table. + // The ID of the Amazon Web Services account that owns the route table. OwnerId *string `locationName:"ownerId" type:"string"` // Any virtual private gateway (VGW) propagating routes. @@ -112408,7 +115830,10 @@ type RunInstancesInput struct { // Reserved. AdditionalInfo *string `locationName:"additionalInfo" type:"string"` - // The block device mapping entries. + // The block device mapping, which defines the EBS volumes and instance store + // volumes to attach to the instance at launch. For more information, see Block + // device mappings (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) + // in the Amazon EC2 User Guide. BlockDeviceMappings []*BlockDeviceMapping `locationName:"BlockDeviceMapping" locationNameList:"BlockDeviceMapping" type:"list"` // Information about the Capacity Reservation targeting option. If you do not @@ -112477,18 +115902,20 @@ type RunInstancesInput struct { // You cannot specify accelerators from different generations in the same request. ElasticInferenceAccelerators []*ElasticInferenceAccelerator `locationName:"ElasticInferenceAccelerator" locationNameList:"item" type:"list"` - // Indicates whether the instance is enabled for AWS Nitro Enclaves. For more - // information, see What is AWS Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) - // in the AWS Nitro Enclaves User Guide. + // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. + // For more information, see What is Amazon Web Services Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) + // in the Amazon Web Services Nitro Enclaves User Guide. // - // You can't enable AWS Nitro Enclaves and hibernation on the same instance. + // You can't enable Amazon Web Services Nitro Enclaves and hibernation on the + // same instance. EnclaveOptions *EnclaveOptionsRequest `type:"structure"` // Indicates whether an instance is enabled for hibernation. For more information, // see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) // in the Amazon EC2 User Guide. // - // You can't enable hibernation and AWS Nitro Enclaves on the same instance. + // You can't enable hibernation and Amazon Web Services Nitro Enclaves on the + // same instance. HibernationOptions *HibernationOptionsRequest `type:"structure"` // The name or Amazon Resource Name (ARN) of an IAM instance profile. @@ -112610,8 +116037,8 @@ type RunInstancesInput struct { // The ID of the RAM disk to select. Some kernels require additional drivers // at launch. Check the kernel requirements for information about whether you - // need to specify a RAM disk. To find kernel requirements, go to the AWS Resource - // Center and search for the kernel ID. + // need to specify a RAM disk. To find kernel requirements, go to the Amazon + // Web Services Resource Center and search for the kernel ID. // // We recommend that you use PV-GRUB instead of kernels and RAM disks. For more // information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) @@ -114345,9 +117772,6 @@ type SearchTransitGatewayMulticastGroupsInput struct { // // * source-type - The source type. Valid values are igmp | static. // - // * state - The state of the subnet association. Valid values are associated - // | associated | disassociated | disassociating. - // // * subnet-id - The ID of the subnet. // // * transit-gateway-attachment-id - The id of the transit gateway attachment. @@ -114585,7 +118009,7 @@ func (s *SearchTransitGatewayRoutesOutput) SetRoutes(v []*TransitGatewayRoute) * return s } -// Describes a security group +// Describes a security group. type SecurityGroup struct { _ struct{} `type:"structure"` @@ -114604,7 +118028,7 @@ type SecurityGroup struct { // [VPC only] The outbound rules associated with the security group. IpPermissionsEgress []*IpPermission `locationName:"ipPermissionsEgress" locationNameList:"item" type:"list"` - // The AWS account ID of the owner of the security group. + // The Amazon Web Services account ID of the owner of the security group. OwnerId *string `locationName:"ownerId" type:"string"` // Any tags assigned to the security group. @@ -114747,6 +118171,325 @@ func (s *SecurityGroupReference) SetVpcPeeringConnectionId(v string) *SecurityGr return s } +// Describes a security group rule. +type SecurityGroupRule struct { + _ struct{} `type:"structure"` + + // The IPv4 CIDR range. + CidrIpv4 *string `locationName:"cidrIpv4" type:"string"` + + // The IPv6 CIDR range. + CidrIpv6 *string `locationName:"cidrIpv6" type:"string"` + + // The security group rule description. + Description *string `locationName:"description" type:"string"` + + // The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 + // type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 + // types, you must specify all codes. + FromPort *int64 `locationName:"fromPort" type:"integer"` + + // The ID of the security group. + GroupId *string `locationName:"groupId" type:"string"` + + // The ID of the Amazon Web Services account that owns the security group. + GroupOwnerId *string `locationName:"groupOwnerId" type:"string"` + + // The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers + // (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). + // + // Use -1 to specify all protocols. + IpProtocol *string `locationName:"ipProtocol" type:"string"` + + // Indicates whether the security group rule is an outbound rule. + IsEgress *bool `locationName:"isEgress" type:"boolean"` + + // The ID of the prefix list. + PrefixListId *string `locationName:"prefixListId" type:"string"` + + // Describes the security group that is referenced in the rule. + ReferencedGroupInfo *ReferencedSecurityGroup `locationName:"referencedGroupInfo" type:"structure"` + + // The ID of the security group rule. + SecurityGroupRuleId *string `locationName:"securityGroupRuleId" type:"string"` + + // The tags applied to the security group rule. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. + // A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 + // types, you must specify all codes. + ToPort *int64 `locationName:"toPort" type:"integer"` +} + +// String returns the string representation +func (s SecurityGroupRule) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SecurityGroupRule) GoString() string { + return s.String() +} + +// SetCidrIpv4 sets the CidrIpv4 field's value. +func (s *SecurityGroupRule) SetCidrIpv4(v string) *SecurityGroupRule { + s.CidrIpv4 = &v + return s +} + +// SetCidrIpv6 sets the CidrIpv6 field's value. +func (s *SecurityGroupRule) SetCidrIpv6(v string) *SecurityGroupRule { + s.CidrIpv6 = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *SecurityGroupRule) SetDescription(v string) *SecurityGroupRule { + s.Description = &v + return s +} + +// SetFromPort sets the FromPort field's value. +func (s *SecurityGroupRule) SetFromPort(v int64) *SecurityGroupRule { + s.FromPort = &v + return s +} + +// SetGroupId sets the GroupId field's value. +func (s *SecurityGroupRule) SetGroupId(v string) *SecurityGroupRule { + s.GroupId = &v + return s +} + +// SetGroupOwnerId sets the GroupOwnerId field's value. +func (s *SecurityGroupRule) SetGroupOwnerId(v string) *SecurityGroupRule { + s.GroupOwnerId = &v + return s +} + +// SetIpProtocol sets the IpProtocol field's value. +func (s *SecurityGroupRule) SetIpProtocol(v string) *SecurityGroupRule { + s.IpProtocol = &v + return s +} + +// SetIsEgress sets the IsEgress field's value. +func (s *SecurityGroupRule) SetIsEgress(v bool) *SecurityGroupRule { + s.IsEgress = &v + return s +} + +// SetPrefixListId sets the PrefixListId field's value. +func (s *SecurityGroupRule) SetPrefixListId(v string) *SecurityGroupRule { + s.PrefixListId = &v + return s +} + +// SetReferencedGroupInfo sets the ReferencedGroupInfo field's value. +func (s *SecurityGroupRule) SetReferencedGroupInfo(v *ReferencedSecurityGroup) *SecurityGroupRule { + s.ReferencedGroupInfo = v + return s +} + +// SetSecurityGroupRuleId sets the SecurityGroupRuleId field's value. +func (s *SecurityGroupRule) SetSecurityGroupRuleId(v string) *SecurityGroupRule { + s.SecurityGroupRuleId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *SecurityGroupRule) SetTags(v []*Tag) *SecurityGroupRule { + s.Tags = v + return s +} + +// SetToPort sets the ToPort field's value. +func (s *SecurityGroupRule) SetToPort(v int64) *SecurityGroupRule { + s.ToPort = &v + return s +} + +// Describes the description of a security group rule. +// +// You can use this when you want to update the security group rule description +// for either an inbound or outbound rule. +type SecurityGroupRuleDescription struct { + _ struct{} `type:"structure"` + + // The description of the security group rule. + Description *string `type:"string"` + + // The ID of the security group rule. + SecurityGroupRuleId *string `type:"string"` +} + +// String returns the string representation +func (s SecurityGroupRuleDescription) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SecurityGroupRuleDescription) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *SecurityGroupRuleDescription) SetDescription(v string) *SecurityGroupRuleDescription { + s.Description = &v + return s +} + +// SetSecurityGroupRuleId sets the SecurityGroupRuleId field's value. +func (s *SecurityGroupRuleDescription) SetSecurityGroupRuleId(v string) *SecurityGroupRuleDescription { + s.SecurityGroupRuleId = &v + return s +} + +// Describes a security group rule. +// +// You must specify exactly one of the following parameters, based on the rule +// type: +// +// * CidrIpv4 +// +// * CidrIpv6 +// +// * PrefixListId +// +// * ReferencedGroupId +// +// When you modify a rule, you cannot change the rule type. For example, if +// the rule uses an IPv4 address range, you must use CidrIpv4 to specify a new +// IPv4 address range. +type SecurityGroupRuleRequest struct { + _ struct{} `type:"structure"` + + // The IPv4 CIDR range. To specify a single IPv4 address, use the /32 prefix + // length. + CidrIpv4 *string `type:"string"` + + // The IPv6 CIDR range. To specify a single IPv6 address, use the /128 prefix + // length. + CidrIpv6 *string `type:"string"` + + // The description of the security group rule. + Description *string `type:"string"` + + // The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 + // type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 + // types, you must specify all codes. + FromPort *int64 `type:"integer"` + + // The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers + // (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). + // + // Use -1 to specify all protocols. + IpProtocol *string `type:"string"` + + // The ID of the prefix list. + PrefixListId *string `type:"string"` + + // The ID of the security group that is referenced in the security group rule. + ReferencedGroupId *string `type:"string"` + + // The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. + // A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 + // types, you must specify all codes. + ToPort *int64 `type:"integer"` +} + +// String returns the string representation +func (s SecurityGroupRuleRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SecurityGroupRuleRequest) GoString() string { + return s.String() +} + +// SetCidrIpv4 sets the CidrIpv4 field's value. +func (s *SecurityGroupRuleRequest) SetCidrIpv4(v string) *SecurityGroupRuleRequest { + s.CidrIpv4 = &v + return s +} + +// SetCidrIpv6 sets the CidrIpv6 field's value. +func (s *SecurityGroupRuleRequest) SetCidrIpv6(v string) *SecurityGroupRuleRequest { + s.CidrIpv6 = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *SecurityGroupRuleRequest) SetDescription(v string) *SecurityGroupRuleRequest { + s.Description = &v + return s +} + +// SetFromPort sets the FromPort field's value. +func (s *SecurityGroupRuleRequest) SetFromPort(v int64) *SecurityGroupRuleRequest { + s.FromPort = &v + return s +} + +// SetIpProtocol sets the IpProtocol field's value. +func (s *SecurityGroupRuleRequest) SetIpProtocol(v string) *SecurityGroupRuleRequest { + s.IpProtocol = &v + return s +} + +// SetPrefixListId sets the PrefixListId field's value. +func (s *SecurityGroupRuleRequest) SetPrefixListId(v string) *SecurityGroupRuleRequest { + s.PrefixListId = &v + return s +} + +// SetReferencedGroupId sets the ReferencedGroupId field's value. +func (s *SecurityGroupRuleRequest) SetReferencedGroupId(v string) *SecurityGroupRuleRequest { + s.ReferencedGroupId = &v + return s +} + +// SetToPort sets the ToPort field's value. +func (s *SecurityGroupRuleRequest) SetToPort(v int64) *SecurityGroupRuleRequest { + s.ToPort = &v + return s +} + +// Describes an update to a security group rule. +type SecurityGroupRuleUpdate struct { + _ struct{} `type:"structure"` + + // Information about the security group rule. + SecurityGroupRule *SecurityGroupRuleRequest `type:"structure"` + + // The ID of the security group rule. + SecurityGroupRuleId *string `type:"string"` +} + +// String returns the string representation +func (s SecurityGroupRuleUpdate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SecurityGroupRuleUpdate) GoString() string { + return s.String() +} + +// SetSecurityGroupRule sets the SecurityGroupRule field's value. +func (s *SecurityGroupRuleUpdate) SetSecurityGroupRule(v *SecurityGroupRuleRequest) *SecurityGroupRuleUpdate { + s.SecurityGroupRule = v + return s +} + +// SetSecurityGroupRuleId sets the SecurityGroupRuleId field's value. +func (s *SecurityGroupRuleUpdate) SetSecurityGroupRuleId(v string) *SecurityGroupRuleUpdate { + s.SecurityGroupRuleId = &v + return s +} + type SendDiagnosticInterruptInput struct { _ struct{} `type:"structure"` @@ -115213,21 +118956,21 @@ type Snapshot struct { // Indicates whether the snapshot is encrypted. Encrypted *bool `locationName:"encrypted" type:"boolean"` - // The Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) - // customer master key (CMK) that was used to protect the volume encryption - // key for the parent volume. + // The Amazon Resource Name (ARN) of the Key Management Service (KMS) KMS key + // that was used to protect the volume encryption key for the parent volume. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` - // The ARN of the AWS Outpost on which the snapshot is stored. For more information, - // see EBS Local Snapshot on Outposts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html) + // The ARN of the Outpost on which the snapshot is stored. For more information, + // see Amazon EBS local snapshots on Outposts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html) // in the Amazon Elastic Compute Cloud User Guide. OutpostArn *string `locationName:"outpostArn" type:"string"` - // The AWS owner alias, from an Amazon-maintained list (amazon). This is not - // the user-configured AWS account alias set using the IAM console. + // The Amazon Web Services owner alias, from an Amazon-maintained list (amazon). + // This is not the user-configured Amazon Web Services account alias set using + // the IAM console. OwnerAlias *string `locationName:"ownerAlias" type:"string"` - // The AWS account ID of the EBS snapshot owner. + // The ID of the Amazon Web Services account that owns the EBS snapshot. OwnerId *string `locationName:"ownerId" type:"string"` // The progress of the snapshot, as a percentage. @@ -115244,9 +118987,9 @@ type Snapshot struct { State *string `locationName:"status" type:"string" enum:"SnapshotState"` // Encrypted Amazon EBS snapshots are copied asynchronously. If a snapshot copy - // operation fails (for example, if the proper AWS Key Management Service (AWS - // KMS) permissions are not obtained) this field displays error state details - // to help you diagnose why the error occurred. This parameter is only returned + // operation fails (for example, if the proper Key Management Service (KMS) + // permissions are not obtained) this field displays error state details to + // help you diagnose why the error occurred. This parameter is only returned // by DescribeSnapshots. StateMessage *string `locationName:"statusMessage" type:"string"` @@ -115532,8 +119275,8 @@ type SnapshotInfo struct { // Indicates whether the snapshot is encrypted. Encrypted *bool `locationName:"encrypted" type:"boolean"` - // The ARN of the AWS Outpost on which the snapshot is stored. For more information, - // see EBS Local Snapshot on Outposts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html) + // The ARN of the Outpost on which the snapshot is stored. For more information, + // see Amazon EBS local snapshots on Outposts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html) // in the Amazon Elastic Compute Cloud User Guide. OutpostArn *string `locationName:"outpostArn" type:"string"` @@ -115655,8 +119398,7 @@ type SnapshotTaskDetail struct { // The format of the disk image from which the snapshot is created. Format *string `locationName:"format" type:"string"` - // The identifier for the AWS Key Management Service (AWS KMS) customer master - // key (CMK) that was used to create the encrypted snapshot. + // The identifier for the KMS key that was used to create the encrypted snapshot. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` // The percentage of completion for the import snapshot task. @@ -115800,7 +119542,7 @@ type SpotDatafeedSubscription struct { // The fault codes for the Spot Instance request, if any. Fault *SpotInstanceStateFault `locationName:"fault" type:"structure"` - // The AWS account ID of the account. + // The Amazon Web Services account ID of the account. OwnerId *string `locationName:"ownerId" type:"string"` // The prefix for the data feed files. @@ -115906,8 +119648,8 @@ type SpotFleetLaunchSpecification struct { // The ID of the RAM disk. Some kernels require additional drivers at launch. // Check the kernel requirements for information about whether you need to specify - // a RAM disk. To find kernel requirements, refer to the AWS Resource Center - // and search for the kernel ID. + // a RAM disk. To find kernel requirements, refer to the Amazon Web Services + // Resource Center and search for the kernel ID. RamdiskId *string `locationName:"ramdiskId" type:"string"` // One or more security groups. When requesting instances in a VPC, you must @@ -116190,6 +119932,9 @@ type SpotFleetRequestConfigData struct { // see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `locationName:"clientToken" type:"string"` + // Reserved. + Context *string `locationName:"context" type:"string"` + // Indicates whether running Spot Instances should be terminated if you decrease // the target capacity of the Spot Fleet request below the current size of the // Spot Fleet. @@ -116199,7 +119944,7 @@ type SpotFleetRequestConfigData struct { // capacity. You cannot set this value. FulfilledCapacity *float64 `locationName:"fulfilledCapacity" type:"double"` - // The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) + // The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) // role that grants the Spot Fleet the permission to request, launch, terminate, // and tag instances on your behalf. For more information, see Spot Fleet prerequisites // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html#spot-fleet-prerequisites) @@ -116218,6 +119963,15 @@ type SpotFleetRequestConfigData struct { // Valid only when Spot AllocationStrategy is set to lowest-price. Spot Fleet // selects the cheapest Spot pools and evenly allocates your target Spot capacity // across the number of Spot pools that you specify. + // + // Note that Spot Fleet attempts to draw Spot Instances from the number of pools + // that you specify on a best effort basis. If a pool runs out of Spot capacity + // before fulfilling your target capacity, Spot Fleet will continue to fulfill + // your request by drawing from the next cheapest pool. To ensure that your + // target capacity is met, you might receive Spot Instances from more than the + // number of pools that you specified. Similarly, if most of the pools have + // no Spot capacity, you might receive your full target capacity from fewer + // than the number of pools that you specified. InstancePoolsToUseCount *int64 `locationName:"instancePoolsToUseCount" type:"integer"` // The launch specifications for the Spot Fleet request. If you specify LaunchSpecifications, @@ -116386,6 +120140,12 @@ func (s *SpotFleetRequestConfigData) SetClientToken(v string) *SpotFleetRequestC return s } +// SetContext sets the Context field's value. +func (s *SpotFleetRequestConfigData) SetContext(v string) *SpotFleetRequestConfigData { + s.Context = &v + return s +} + // SetExcessCapacityTerminationPolicy sets the ExcessCapacityTerminationPolicy field's value. func (s *SpotFleetRequestConfigData) SetExcessCapacityTerminationPolicy(v string) *SpotFleetRequestConfigData { s.ExcessCapacityTerminationPolicy = &v @@ -116557,8 +120317,7 @@ func (s *SpotFleetTagSpecification) SetTags(v []*Tag) *SpotFleetTagSpecification type SpotInstanceRequest struct { _ struct{} `type:"structure"` - // If you specified a duration and your Spot Instance request was fulfilled, - // this is the fixed hourly price in effect for the Spot Instance while it runs. + // Deprecated. ActualBlockHourlyPrice *string `locationName:"actualBlockHourlyPrice" type:"string"` // The Availability Zone group. If you specify the same Availability Zone group @@ -116566,7 +120325,7 @@ type SpotInstanceRequest struct { // Availability Zone. AvailabilityZoneGroup *string `locationName:"availabilityZoneGroup" type:"string"` - // The duration for the Spot Instance, in minutes. + // Deprecated. BlockDurationMinutes *int64 `locationName:"blockDurationMinutes" type:"integer"` // The date and time when the Spot Instance request was created, in UTC format @@ -116864,20 +120623,7 @@ func (s *SpotMaintenanceStrategies) SetCapacityRebalance(v *SpotCapacityRebalanc type SpotMarketOptions struct { _ struct{} `type:"structure"` - // The required duration for the Spot Instances (also known as Spot blocks), - // in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, - // or 360). - // - // The duration period starts as soon as your Spot Instance receives its instance - // ID. At the end of the duration period, Amazon EC2 marks the Spot Instance - // for termination and provides a Spot Instance termination notice, which gives - // the instance a two-minute warning before it terminates. - // - // You can't specify an Availability Zone group or a launch group if you specify - // a duration. - // - // New accounts or accounts with no previous billing history with AWS are not - // eligible for Spot Instances with a defined duration (also known as Spot blocks). + // Deprecated. BlockDurationMinutes *int64 `type:"integer"` // The behavior when a Spot Instance is interrupted. The default is terminate. @@ -116977,6 +120723,15 @@ type SpotOptions struct { // Valid only when AllocationStrategy is set to lowest-price. EC2 Fleet selects // the cheapest Spot pools and evenly allocates your target Spot capacity across // the number of Spot pools that you specify. + // + // Note that EC2 Fleet attempts to draw Spot Instances from the number of pools + // that you specify on a best effort basis. If a pool runs out of Spot capacity + // before fulfilling your target capacity, EC2 Fleet will continue to fulfill + // your request by drawing from the next cheapest pool. To ensure that your + // target capacity is met, you might receive Spot Instances from more than the + // number of pools that you specified. Similarly, if most of the pools have + // no Spot capacity, you might receive your full target capacity from fewer + // than the number of pools that you specified. InstancePoolsToUseCount *int64 `locationName:"instancePoolsToUseCount" type:"integer"` // The strategies for managing your workloads on your Spot Instances that will @@ -117090,6 +120845,15 @@ type SpotOptionsRequest struct { // Valid only when Spot AllocationStrategy is set to lowest-price. EC2 Fleet // selects the cheapest Spot pools and evenly allocates your target Spot capacity // across the number of Spot pools that you specify. + // + // Note that EC2 Fleet attempts to draw Spot Instances from the number of pools + // that you specify on a best effort basis. If a pool runs out of Spot capacity + // before fulfilling your target capacity, EC2 Fleet will continue to fulfill + // your request by drawing from the next cheapest pool. To ensure that your + // target capacity is met, you might receive Spot Instances from more than the + // number of pools that you specified. Similarly, if most of the pools have + // no Spot capacity, you might receive your full target capacity from fewer + // than the number of pools that you specified. InstancePoolsToUseCount *int64 `type:"integer"` // The strategies for managing your Spot Instances that are at an elevated risk @@ -117506,7 +121270,7 @@ type StartNetworkInsightsAnalysisInput struct { _ struct{} `type:"structure"` // Unique, case-sensitive identifier that you provide to ensure the idempotency - // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // of the request. For more information, see How to ensure idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` // Checks whether you have the required permissions for the action, without @@ -118026,7 +121790,7 @@ type Subnet struct { // The Amazon Resource Name (ARN) of the Outpost. OutpostArn *string `locationName:"outpostArn" type:"string"` - // The ID of the AWS account that owns the subnet. + // The ID of the Amazon Web Services account that owns the subnet. OwnerId *string `locationName:"ownerId" type:"string"` // The current state of the subnet. @@ -118223,6 +121987,84 @@ func (s *SubnetCidrBlockState) SetStatusMessage(v string) *SubnetCidrBlockState return s } +// Describes a subnet CIDR reservation. +type SubnetCidrReservation struct { + _ struct{} `type:"structure"` + + // The CIDR that has been reserved. + Cidr *string `locationName:"cidr" type:"string"` + + // The description assigned to the subnet CIDR reservation. + Description *string `locationName:"description" type:"string"` + + // The ID of the account that owns the subnet CIDR reservation. + OwnerId *string `locationName:"ownerId" type:"string"` + + // The type of reservation. + ReservationType *string `locationName:"reservationType" type:"string" enum:"SubnetCidrReservationType"` + + // The ID of the subnet CIDR reservation. + SubnetCidrReservationId *string `locationName:"subnetCidrReservationId" type:"string"` + + // The ID of the subnet. + SubnetId *string `locationName:"subnetId" type:"string"` + + // The tags assigned to the subnet CIDR reservation. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s SubnetCidrReservation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SubnetCidrReservation) GoString() string { + return s.String() +} + +// SetCidr sets the Cidr field's value. +func (s *SubnetCidrReservation) SetCidr(v string) *SubnetCidrReservation { + s.Cidr = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *SubnetCidrReservation) SetDescription(v string) *SubnetCidrReservation { + s.Description = &v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *SubnetCidrReservation) SetOwnerId(v string) *SubnetCidrReservation { + s.OwnerId = &v + return s +} + +// SetReservationType sets the ReservationType field's value. +func (s *SubnetCidrReservation) SetReservationType(v string) *SubnetCidrReservation { + s.ReservationType = &v + return s +} + +// SetSubnetCidrReservationId sets the SubnetCidrReservationId field's value. +func (s *SubnetCidrReservation) SetSubnetCidrReservationId(v string) *SubnetCidrReservation { + s.SubnetCidrReservationId = &v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *SubnetCidrReservation) SetSubnetId(v string) *SubnetCidrReservation { + s.SubnetId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *SubnetCidrReservation) SetTags(v []*Tag) *SubnetCidrReservation { + s.Tags = v + return s +} + // Describes an IPv6 CIDR block associated with a subnet. type SubnetIpv6CidrBlockAssociation struct { _ struct{} `type:"structure"` @@ -118413,15 +122255,16 @@ type TagSpecification struct { // | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway // | elastic-ip | elastic-gpu | export-image-task | export-instance-task | fleet // | fpga-image | host-reservation | image| import-image-task | import-snapshot-task - // | instance | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | - // launch-template | local-gateway-route-table-vpc-association | placement-group - // | prefix-list | natgateway | network-acl | network-interface | reserved-instances - // |route-table | security-group| snapshot | spot-fleet-request | spot-instances-request - // | snapshot | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target - // | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain - // | transit-gateway-route-table | volume |vpc | vpc-peering-connection | vpc-endpoint - // (for interface and gateway endpoints) | vpc-endpoint-service (for AWS PrivateLink) - // | vpc-flow-log | vpn-connection | vpn-gateway. + // | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 + // | key-pair | launch-template | local-gateway-route-table-vpc-association + // | placement-group | prefix-list | natgateway | network-acl | network-interface + // | reserved-instances |route-table | security-group| snapshot | spot-fleet-request + // | spot-instances-request | snapshot | subnet | traffic-mirror-filter | traffic-mirror-session + // | traffic-mirror-target | transit-gateway | transit-gateway-attachment | + // transit-gateway-multicast-domain | transit-gateway-route-table | volume |vpc + // | vpc-peering-connection | vpc-endpoint (for interface and gateway endpoints) + // | vpc-endpoint-service (for Amazon Web Services PrivateLink) | vpc-flow-log + // | vpn-connection | vpn-gateway. // // To tag a resource after it has been created, see CreateTags (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). ResourceType *string `locationName:"resourceType" type:"string" enum:"ResourceType"` @@ -119537,7 +123380,7 @@ type TransitGateway struct { // The transit gateway options. Options *TransitGatewayOptions `locationName:"options" type:"structure"` - // The ID of the AWS account ID that owns the transit gateway. + // The ID of the Amazon Web Services account that owns the transit gateway. OwnerId *string `locationName:"ownerId" type:"string"` // The state of the transit gateway. @@ -119685,7 +123528,7 @@ type TransitGatewayAttachment struct { // The ID of the resource. ResourceId *string `locationName:"resourceId" type:"string"` - // The ID of the AWS account that owns the resource. + // The ID of the Amazon Web Services account that owns the resource. ResourceOwnerId *string `locationName:"resourceOwnerId" type:"string"` // The resource type. Note that the tgw-peering resource type has been deprecated. @@ -119703,7 +123546,7 @@ type TransitGatewayAttachment struct { // The ID of the transit gateway. TransitGatewayId *string `locationName:"transitGatewayId" type:"string"` - // The ID of the AWS account that owns the transit gateway. + // The ID of the Amazon Web Services account that owns the transit gateway. TransitGatewayOwnerId *string `locationName:"transitGatewayOwnerId" type:"string"` } @@ -120252,7 +124095,8 @@ type TransitGatewayMulticastDomain struct { // The options for the transit gateway multicast domain. Options *TransitGatewayMulticastDomainOptions `locationName:"options" type:"structure"` - // The ID of the AWS account that owns the transit gateway multiicast domain. + // The ID of the Amazon Web Services account that owns the transit gateway multicast + // domain. OwnerId *string `locationName:"ownerId" type:"string"` // The state of the transit gateway multicast domain. @@ -120336,8 +124180,8 @@ type TransitGatewayMulticastDomainAssociation struct { // The ID of the resource. ResourceId *string `locationName:"resourceId" type:"string"` - // The ID of the AWS account that owns the transit gateway multicast domain - // association resource. + // The ID of the Amazon Web Services account that owns the transit gateway multicast + // domain association resource. ResourceOwnerId *string `locationName:"resourceOwnerId" type:"string"` // The type of resource, for example a VPC attachment. @@ -120397,7 +124241,7 @@ type TransitGatewayMulticastDomainAssociations struct { // The ID of the resource. ResourceId *string `locationName:"resourceId" type:"string"` - // The ID of the AWS account that owns the resource. + // The ID of the Amazon Web Services account that owns the resource. ResourceOwnerId *string `locationName:"resourceOwnerId" type:"string"` // The type of resource, for example a VPC attachment. @@ -120526,8 +124370,8 @@ type TransitGatewayMulticastGroup struct { // The ID of the resource. ResourceId *string `locationName:"resourceId" type:"string"` - // The ID of the AWS account that owns the transit gateway multicast domain - // group resource. + // The ID of the Amazon Web Services account that owns the transit gateway multicast + // domain group resource. ResourceOwnerId *string `locationName:"resourceOwnerId" type:"string"` // The type of resource, for example a VPC attachment. @@ -121470,7 +125314,7 @@ type TransitGatewayVpcAttachment struct { // The ID of the VPC. VpcId *string `locationName:"vpcId" type:"string"` - // The ID of the AWS account that owns the VPC. + // The ID of the Amazon Web Services account that owns the VPC. VpcOwnerId *string `locationName:"vpcOwnerId" type:"string"` } @@ -121580,6 +125424,10 @@ func (s *TransitGatewayVpcAttachmentOptions) SetIpv6Support(v string) *TransitGa return s } +// +// Currently available in limited preview only. If you are interested in using +// this feature, contact your account manager. +// // Information about an association between a branch network interface with // a trunk network interface. type TrunkInterfaceAssociation struct { @@ -121597,7 +125445,7 @@ type TrunkInterfaceAssociation struct { // The interface protocol. Valid values are VLAN and GRE. InterfaceProtocol *string `locationName:"interfaceProtocol" type:"string" enum:"InterfaceProtocolType"` - // The tags. + // The tags for the trunk interface association. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` // The ID of the trunk network interface. @@ -121854,9 +125702,10 @@ type UnassignIpv6AddressesInput struct { _ struct{} `type:"structure"` // The IPv6 addresses to unassign from the network interface. - // - // Ipv6Addresses is a required field - Ipv6Addresses []*string `locationName:"ipv6Addresses" locationNameList:"item" type:"list" required:"true"` + Ipv6Addresses []*string `locationName:"ipv6Addresses" locationNameList:"item" type:"list"` + + // One or more IPv6 prefixes to unassign from the network interface. + Ipv6Prefixes []*string `locationName:"Ipv6Prefix" locationNameList:"item" type:"list"` // The ID of the network interface. // @@ -121877,9 +125726,6 @@ func (s UnassignIpv6AddressesInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *UnassignIpv6AddressesInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "UnassignIpv6AddressesInput"} - if s.Ipv6Addresses == nil { - invalidParams.Add(request.NewErrParamRequired("Ipv6Addresses")) - } if s.NetworkInterfaceId == nil { invalidParams.Add(request.NewErrParamRequired("NetworkInterfaceId")) } @@ -121896,6 +125742,12 @@ func (s *UnassignIpv6AddressesInput) SetIpv6Addresses(v []*string) *UnassignIpv6 return s } +// SetIpv6Prefixes sets the Ipv6Prefixes field's value. +func (s *UnassignIpv6AddressesInput) SetIpv6Prefixes(v []*string) *UnassignIpv6AddressesInput { + s.Ipv6Prefixes = v + return s +} + // SetNetworkInterfaceId sets the NetworkInterfaceId field's value. func (s *UnassignIpv6AddressesInput) SetNetworkInterfaceId(v string) *UnassignIpv6AddressesInput { s.NetworkInterfaceId = &v @@ -121910,6 +125762,9 @@ type UnassignIpv6AddressesOutput struct { // The IPv6 addresses that have been unassigned from the network interface. UnassignedIpv6Addresses []*string `locationName:"unassignedIpv6Addresses" locationNameList:"item" type:"list"` + + // The IPv4 prefixes that have been unassigned from the network interface. + UnassignedIpv6Prefixes []*string `locationName:"unassignedIpv6PrefixSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -121934,10 +125789,19 @@ func (s *UnassignIpv6AddressesOutput) SetUnassignedIpv6Addresses(v []*string) *U return s } +// SetUnassignedIpv6Prefixes sets the UnassignedIpv6Prefixes field's value. +func (s *UnassignIpv6AddressesOutput) SetUnassignedIpv6Prefixes(v []*string) *UnassignIpv6AddressesOutput { + s.UnassignedIpv6Prefixes = v + return s +} + // Contains the parameters for UnassignPrivateIpAddresses. type UnassignPrivateIpAddressesInput struct { _ struct{} `type:"structure"` + // The IPv4 prefixes to unassign from the network interface. + Ipv4Prefixes []*string `locationName:"Ipv4Prefix" locationNameList:"item" type:"list"` + // The ID of the network interface. // // NetworkInterfaceId is a required field @@ -121945,9 +125809,7 @@ type UnassignPrivateIpAddressesInput struct { // The secondary private IP addresses to unassign from the network interface. // You can specify this option multiple times to unassign more than one IP address. - // - // PrivateIpAddresses is a required field - PrivateIpAddresses []*string `locationName:"privateIpAddress" locationNameList:"PrivateIpAddress" type:"list" required:"true"` + PrivateIpAddresses []*string `locationName:"privateIpAddress" locationNameList:"PrivateIpAddress" type:"list"` } // String returns the string representation @@ -121966,9 +125828,6 @@ func (s *UnassignPrivateIpAddressesInput) Validate() error { if s.NetworkInterfaceId == nil { invalidParams.Add(request.NewErrParamRequired("NetworkInterfaceId")) } - if s.PrivateIpAddresses == nil { - invalidParams.Add(request.NewErrParamRequired("PrivateIpAddresses")) - } if invalidParams.Len() > 0 { return invalidParams @@ -121976,6 +125835,12 @@ func (s *UnassignPrivateIpAddressesInput) Validate() error { return nil } +// SetIpv4Prefixes sets the Ipv4Prefixes field's value. +func (s *UnassignPrivateIpAddressesInput) SetIpv4Prefixes(v []*string) *UnassignPrivateIpAddressesInput { + s.Ipv4Prefixes = v + return s +} + // SetNetworkInterfaceId sets the NetworkInterfaceId field's value. func (s *UnassignPrivateIpAddressesInput) SetNetworkInterfaceId(v string) *UnassignPrivateIpAddressesInput { s.NetworkInterfaceId = &v @@ -122178,7 +126043,7 @@ func (s *UnsuccessfulItem) SetResourceId(v string) *UnsuccessfulItem { } // Information about the error that occurred. For more information about errors, -// see Error Codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html). +// see Error codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html). type UnsuccessfulItemError struct { _ struct{} `type:"structure"` @@ -122229,10 +126094,13 @@ type UpdateSecurityGroupRuleDescriptionsEgressInput struct { // security group ID or the security group name in the request. GroupName *string `type:"string"` - // The IP permissions for the security group rule. - // - // IpPermissions is a required field - IpPermissions []*IpPermission `locationNameList:"item" type:"list" required:"true"` + // The IP permissions for the security group rule. You must specify either the + // IP permissions or the description. + IpPermissions []*IpPermission `locationNameList:"item" type:"list"` + + // The description for the egress security group rules. You must specify either + // the description or the IP permissions. + SecurityGroupRuleDescriptions []*SecurityGroupRuleDescription `locationName:"SecurityGroupRuleDescription" locationNameList:"item" type:"list"` } // String returns the string representation @@ -122245,19 +126113,6 @@ func (s UpdateSecurityGroupRuleDescriptionsEgressInput) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *UpdateSecurityGroupRuleDescriptionsEgressInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "UpdateSecurityGroupRuleDescriptionsEgressInput"} - if s.IpPermissions == nil { - invalidParams.Add(request.NewErrParamRequired("IpPermissions")) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - // SetDryRun sets the DryRun field's value. func (s *UpdateSecurityGroupRuleDescriptionsEgressInput) SetDryRun(v bool) *UpdateSecurityGroupRuleDescriptionsEgressInput { s.DryRun = &v @@ -122282,6 +126137,12 @@ func (s *UpdateSecurityGroupRuleDescriptionsEgressInput) SetIpPermissions(v []*I return s } +// SetSecurityGroupRuleDescriptions sets the SecurityGroupRuleDescriptions field's value. +func (s *UpdateSecurityGroupRuleDescriptionsEgressInput) SetSecurityGroupRuleDescriptions(v []*SecurityGroupRuleDescription) *UpdateSecurityGroupRuleDescriptionsEgressInput { + s.SecurityGroupRuleDescriptions = v + return s +} + type UpdateSecurityGroupRuleDescriptionsEgressOutput struct { _ struct{} `type:"structure"` @@ -122323,10 +126184,13 @@ type UpdateSecurityGroupRuleDescriptionsIngressInput struct { // either the security group ID or the security group name in the request. GroupName *string `type:"string"` - // The IP permissions for the security group rule. - // - // IpPermissions is a required field - IpPermissions []*IpPermission `locationNameList:"item" type:"list" required:"true"` + // The IP permissions for the security group rule. You must specify either IP + // permissions or a description. + IpPermissions []*IpPermission `locationNameList:"item" type:"list"` + + // [VPC only] The description for the ingress security group rules. You must + // specify either a description or IP permissions. + SecurityGroupRuleDescriptions []*SecurityGroupRuleDescription `locationName:"SecurityGroupRuleDescription" locationNameList:"item" type:"list"` } // String returns the string representation @@ -122339,19 +126203,6 @@ func (s UpdateSecurityGroupRuleDescriptionsIngressInput) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *UpdateSecurityGroupRuleDescriptionsIngressInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "UpdateSecurityGroupRuleDescriptionsIngressInput"} - if s.IpPermissions == nil { - invalidParams.Add(request.NewErrParamRequired("IpPermissions")) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - // SetDryRun sets the DryRun field's value. func (s *UpdateSecurityGroupRuleDescriptionsIngressInput) SetDryRun(v bool) *UpdateSecurityGroupRuleDescriptionsIngressInput { s.DryRun = &v @@ -122376,6 +126227,12 @@ func (s *UpdateSecurityGroupRuleDescriptionsIngressInput) SetIpPermissions(v []* return s } +// SetSecurityGroupRuleDescriptions sets the SecurityGroupRuleDescriptions field's value. +func (s *UpdateSecurityGroupRuleDescriptionsIngressInput) SetSecurityGroupRuleDescriptions(v []*SecurityGroupRuleDescription) *UpdateSecurityGroupRuleDescriptionsIngressInput { + s.SecurityGroupRuleDescriptions = v + return s +} + type UpdateSecurityGroupRuleDescriptionsIngressOutput struct { _ struct{} `type:"structure"` @@ -122469,9 +126326,9 @@ func (s *UserBucketDetails) SetS3Key(v string) *UserBucketDetails { type UserData struct { _ struct{} `type:"structure" sensitive:"true"` - // The user data. If you are using an AWS SDK or command line tool, Base64-encoding - // is performed for you, and you can load the text from a file. Otherwise, you - // must provide Base64-encoded text. + // The user data. If you are using an Amazon Web Services SDK or command line + // tool, Base64-encoding is performed for you, and you can load the text from + // a file. Otherwise, you must provide Base64-encoded text. Data *string `locationName:"data" type:"string"` } @@ -122491,7 +126348,7 @@ func (s *UserData) SetData(v string) *UserData { return s } -// Describes a security group and AWS account ID pair. +// Describes a security group and Amazon Web Services account ID pair. type UserIdGroupPair struct { _ struct{} `type:"structure"` @@ -122516,14 +126373,14 @@ type UserIdGroupPair struct { // The status of a VPC peering connection, if applicable. PeeringStatus *string `locationName:"peeringStatus" type:"string"` - // The ID of an AWS account. + // The ID of an Amazon Web Services account. // // For a referenced security group in another VPC, the account ID of the referenced // security group is returned in the response. If the referenced security group // is deleted, this value is not returned. // // [EC2-Classic] Required when adding or removing rules that reference a security - // group in another AWS account. + // group in another Amazon Web Services account. UserId *string `locationName:"userId" type:"string"` // The ID of the VPC for the referenced security group, if applicable. @@ -122805,9 +126662,8 @@ type Volume struct { // rate at which the volume accumulates I/O credits for bursting. Iops *int64 `locationName:"iops" type:"integer"` - // The Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) - // customer master key (CMK) that was used to protect the volume encryption - // key for the volume. + // The Amazon Resource Name (ARN) of the Key Management Service (KMS) KMS key + // that was used to protect the volume encryption key for the volume. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` // Indicates whether Amazon EBS Multi-Attach is enabled. @@ -123533,7 +127389,7 @@ type Vpc struct { // Indicates whether the VPC is the default VPC. IsDefault *bool `locationName:"isDefault" type:"boolean"` - // The ID of the AWS account that owns the VPC. + // The ID of the Amazon Web Services account that owns the VPC. OwnerId *string `locationName:"ownerId" type:"string"` // The current state of the VPC. @@ -124246,7 +128102,7 @@ type VpcPeeringConnectionVpcInfo struct { // The IPv6 CIDR block for the VPC. Ipv6CidrBlockSet []*Ipv6CidrBlock `locationName:"ipv6CidrBlockSet" locationNameList:"item" type:"list"` - // The AWS account ID of the VPC owner. + // The ID of the Amazon Web Services account that owns the VPC. OwnerId *string `locationName:"ownerId" type:"string"` // Information about the VPC peering connection options for the accepter or @@ -127055,6 +130911,30 @@ func InstanceAttributeName_Values() []string { } } +const ( + // InstanceEventWindowStateCreating is a InstanceEventWindowState enum value + InstanceEventWindowStateCreating = "creating" + + // InstanceEventWindowStateDeleting is a InstanceEventWindowState enum value + InstanceEventWindowStateDeleting = "deleting" + + // InstanceEventWindowStateActive is a InstanceEventWindowState enum value + InstanceEventWindowStateActive = "active" + + // InstanceEventWindowStateDeleted is a InstanceEventWindowState enum value + InstanceEventWindowStateDeleted = "deleted" +) + +// InstanceEventWindowState_Values returns all elements of the InstanceEventWindowState enum +func InstanceEventWindowState_Values() []string { + return []string{ + InstanceEventWindowStateCreating, + InstanceEventWindowStateDeleting, + InstanceEventWindowStateActive, + InstanceEventWindowStateDeleted, + } +} + const ( // InstanceHealthStatusHealthy is a InstanceHealthStatus enum value InstanceHealthStatusHealthy = "healthy" @@ -127171,6 +131051,22 @@ func InstanceMetadataOptionsState_Values() []string { } } +const ( + // InstanceMetadataProtocolStateDisabled is a InstanceMetadataProtocolState enum value + InstanceMetadataProtocolStateDisabled = "disabled" + + // InstanceMetadataProtocolStateEnabled is a InstanceMetadataProtocolState enum value + InstanceMetadataProtocolStateEnabled = "enabled" +) + +// InstanceMetadataProtocolState_Values returns all elements of the InstanceMetadataProtocolState enum +func InstanceMetadataProtocolState_Values() []string { + return []string{ + InstanceMetadataProtocolStateDisabled, + InstanceMetadataProtocolStateEnabled, + } +} + const ( // InstanceStateNamePending is a InstanceStateName enum value InstanceStateNamePending = "pending" @@ -127909,6 +131805,12 @@ const ( // InstanceTypeG3sXlarge is a InstanceType enum value InstanceTypeG3sXlarge = "g3s.xlarge" + // InstanceTypeG4adXlarge is a InstanceType enum value + InstanceTypeG4adXlarge = "g4ad.xlarge" + + // InstanceTypeG4ad2xlarge is a InstanceType enum value + InstanceTypeG4ad2xlarge = "g4ad.2xlarge" + // InstanceTypeG4ad4xlarge is a InstanceType enum value InstanceTypeG4ad4xlarge = "g4ad.4xlarge" @@ -128392,6 +132294,33 @@ const ( // InstanceTypeM6gd16xlarge is a InstanceType enum value InstanceTypeM6gd16xlarge = "m6gd.16xlarge" + // InstanceTypeM6iLarge is a InstanceType enum value + InstanceTypeM6iLarge = "m6i.large" + + // InstanceTypeM6iXlarge is a InstanceType enum value + InstanceTypeM6iXlarge = "m6i.xlarge" + + // InstanceTypeM6i2xlarge is a InstanceType enum value + InstanceTypeM6i2xlarge = "m6i.2xlarge" + + // InstanceTypeM6i4xlarge is a InstanceType enum value + InstanceTypeM6i4xlarge = "m6i.4xlarge" + + // InstanceTypeM6i8xlarge is a InstanceType enum value + InstanceTypeM6i8xlarge = "m6i.8xlarge" + + // InstanceTypeM6i12xlarge is a InstanceType enum value + InstanceTypeM6i12xlarge = "m6i.12xlarge" + + // InstanceTypeM6i16xlarge is a InstanceType enum value + InstanceTypeM6i16xlarge = "m6i.16xlarge" + + // InstanceTypeM6i24xlarge is a InstanceType enum value + InstanceTypeM6i24xlarge = "m6i.24xlarge" + + // InstanceTypeM6i32xlarge is a InstanceType enum value + InstanceTypeM6i32xlarge = "m6i.32xlarge" + // InstanceTypeMac1Metal is a InstanceType enum value InstanceTypeMac1Metal = "mac1.metal" @@ -128661,6 +132590,8 @@ func InstanceType_Values() []string { InstanceTypeG38xlarge, InstanceTypeG316xlarge, InstanceTypeG3sXlarge, + InstanceTypeG4adXlarge, + InstanceTypeG4ad2xlarge, InstanceTypeG4ad4xlarge, InstanceTypeG4ad8xlarge, InstanceTypeG4ad16xlarge, @@ -128822,6 +132753,15 @@ func InstanceType_Values() []string { InstanceTypeM6gd8xlarge, InstanceTypeM6gd12xlarge, InstanceTypeM6gd16xlarge, + InstanceTypeM6iLarge, + InstanceTypeM6iXlarge, + InstanceTypeM6i2xlarge, + InstanceTypeM6i4xlarge, + InstanceTypeM6i8xlarge, + InstanceTypeM6i12xlarge, + InstanceTypeM6i16xlarge, + InstanceTypeM6i24xlarge, + InstanceTypeM6i32xlarge, InstanceTypeMac1Metal, InstanceTypeX2gdMedium, InstanceTypeX2gdLarge, @@ -128899,6 +132839,22 @@ func Ipv6SupportValue_Values() []string { } } +const ( + // KeyTypeRsa is a KeyType enum value + KeyTypeRsa = "rsa" + + // KeyTypeEd25519 is a KeyType enum value + KeyTypeEd25519 = "ed25519" +) + +// KeyType_Values returns all elements of the KeyType enum +func KeyType_Values() []string { + return []string{ + KeyTypeRsa, + KeyTypeEd25519, + } +} + const ( // LaunchTemplateErrorCodeLaunchTemplateIdDoesNotExist is a LaunchTemplateErrorCode enum value LaunchTemplateErrorCodeLaunchTemplateIdDoesNotExist = "launchTemplateIdDoesNotExist" @@ -129968,6 +133924,9 @@ const ( // ResourceTypeInstance is a ResourceType enum value ResourceTypeInstance = "instance" + // ResourceTypeInstanceEventWindow is a ResourceType enum value + ResourceTypeInstanceEventWindow = "instance-event-window" + // ResourceTypeInternetGateway is a ResourceType enum value ResourceTypeInternetGateway = "internet-gateway" @@ -130007,6 +133966,9 @@ const ( // ResourceTypeSecurityGroup is a ResourceType enum value ResourceTypeSecurityGroup = "security-group" + // ResourceTypeSecurityGroupRule is a ResourceType enum value + ResourceTypeSecurityGroupRule = "security-group-rule" + // ResourceTypeSnapshot is a ResourceType enum value ResourceTypeSnapshot = "snapshot" @@ -130081,6 +134043,7 @@ func ResourceType_Values() []string { ResourceTypeImportImageTask, ResourceTypeImportSnapshotTask, ResourceTypeInstance, + ResourceTypeInstanceEventWindow, ResourceTypeInternetGateway, ResourceTypeKeyPair, ResourceTypeLaunchTemplate, @@ -130094,6 +134057,7 @@ func ResourceType_Values() []string { ResourceTypeReservedInstances, ResourceTypeRouteTable, ResourceTypeSecurityGroup, + ResourceTypeSecurityGroupRule, ResourceTypeSnapshot, ResourceTypeSpotFleetRequest, ResourceTypeSpotInstancesRequest, @@ -130575,6 +134539,22 @@ func SubnetCidrBlockStateCode_Values() []string { } } +const ( + // SubnetCidrReservationTypePrefix is a SubnetCidrReservationType enum value + SubnetCidrReservationTypePrefix = "prefix" + + // SubnetCidrReservationTypeExplicit is a SubnetCidrReservationType enum value + SubnetCidrReservationTypeExplicit = "explicit" +) + +// SubnetCidrReservationType_Values returns all elements of the SubnetCidrReservationType enum +func SubnetCidrReservationType_Values() []string { + return []string{ + SubnetCidrReservationTypePrefix, + SubnetCidrReservationTypeExplicit, + } +} + const ( // SubnetStatePending is a SubnetState enum value SubnetStatePending = "pending" @@ -131610,3 +135590,39 @@ func VpnStaticRouteSource_Values() []string { VpnStaticRouteSourceStatic, } } + +const ( + // WeekDaySunday is a WeekDay enum value + WeekDaySunday = "sunday" + + // WeekDayMonday is a WeekDay enum value + WeekDayMonday = "monday" + + // WeekDayTuesday is a WeekDay enum value + WeekDayTuesday = "tuesday" + + // WeekDayWednesday is a WeekDay enum value + WeekDayWednesday = "wednesday" + + // WeekDayThursday is a WeekDay enum value + WeekDayThursday = "thursday" + + // WeekDayFriday is a WeekDay enum value + WeekDayFriday = "friday" + + // WeekDaySaturday is a WeekDay enum value + WeekDaySaturday = "saturday" +) + +// WeekDay_Values returns all elements of the WeekDay enum +func WeekDay_Values() []string { + return []string{ + WeekDaySunday, + WeekDayMonday, + WeekDayTuesday, + WeekDayWednesday, + WeekDayThursday, + WeekDayFriday, + WeekDaySaturday, + } +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go index 1f3b5eae7..1d827662d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go @@ -57,19 +57,19 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // CancelKeyDeletion API operation for AWS Key Management Service. // -// Cancels the deletion of a customer master key (CMK). When this operation -// succeeds, the key state of the CMK is Disabled. To enable the CMK, use EnableKey. +// Cancels the deletion of a KMS key. When this operation succeeds, the key +// state of the KMS key is Disabled. To enable the KMS key, use EnableKey. // -// For more information about scheduling and canceling deletion of a CMK, see -// Deleting Customer Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) -// in the AWS Key Management Service Developer Guide. +// For more information about scheduling and canceling deletion of a KMS key, +// see Deleting KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) +// in the Key Management Service Developer Guide. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:CancelKeyDeletion (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -104,9 +104,9 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion func (c *KMS) CancelKeyDeletion(input *CancelKeyDeletionInput) (*CancelKeyDeletionOutput, error) { @@ -176,19 +176,19 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // ConnectCustomKeyStore API operation for AWS Key Management Service. // // Connects or reconnects a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// to its associated AWS CloudHSM cluster. +// to its associated CloudHSM cluster. // -// The custom key store must be connected before you can create customer master -// keys (CMKs) in the key store or use the CMKs it contains. You can disconnect -// and reconnect a custom key store at any time. +// The custom key store must be connected before you can create KMS keys in +// the key store or use the KMS keys it contains. You can disconnect and reconnect +// a custom key store at any time. // -// To connect a custom key store, its associated AWS CloudHSM cluster must have +// To connect a custom key store, its associated CloudHSM cluster must have // at least one active HSM. To get the number of active HSMs in a cluster, use // the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. To add HSMs to the cluster, use the CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. Also, the kmsuser crypto user (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) -// (CU) must not be logged into the cluster. This prevents AWS KMS from using -// this account to log in. +// (CU) must not be logged into the cluster. This prevents KMS from using this +// account to log in. // // The connection process can take an extended amount of time to complete; up // to 20 minutes. This operation starts the connection process, but it does @@ -198,10 +198,10 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // the connection state of the custom key store, use the DescribeCustomKeyStores // operation. // -// During the connection process, AWS KMS finds the AWS CloudHSM cluster that -// is associated with the custom key store, creates the connection infrastructure, -// connects to the cluster, logs into the AWS CloudHSM client as the kmsuser -// CU, and rotates its password. +// During the connection process, KMS finds the CloudHSM cluster that is associated +// with the custom key store, creates the connection infrastructure, connects +// to the cluster, logs into the CloudHSM client as the kmsuser CU, and rotates +// its password. // // The ConnectCustomKeyStore operation might fail for various reasons. To find // the reason, use the DescribeCustomKeyStores operation and see the ConnectionErrorCode @@ -213,10 +213,10 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // // If you are having trouble connecting or disconnecting a custom key store, // see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a custom key -// store in a different AWS account. +// store in a different Amazon Web Services account. // // Required permissions: kms:ConnectCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (IAM policy) @@ -242,11 +242,11 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // // Returned Error Types: // * CloudHsmClusterNotActiveException -// The request was rejected because the AWS CloudHSM cluster that is associated +// The request was rejected because the CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) -// in the AWS CloudHSM User Guide. +// in the CloudHSM User Guide. // // * CustomKeyStoreInvalidStateException // The request was rejected because of the ConnectionState of the custom key @@ -268,7 +268,7 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // for all other ConnectionState values. // // * CustomKeyStoreNotFoundException -// The request was rejected because AWS KMS cannot find a custom key store with +// The request was rejected because KMS cannot find a custom key store with // the specified key store name or ID. // // * InternalException @@ -276,8 +276,8 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // can be retried. // // * CloudHsmClusterInvalidConfigurationException -// The request was rejected because the associated AWS CloudHSM cluster did -// not meet the configuration requirements for a custom key store. +// The request was rejected because the associated CloudHSM cluster did not +// meet the configuration requirements for a custom key store. // // * The cluster must be configured with private subnets in at least two // different Availability Zones in the Region. @@ -292,20 +292,19 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // operation. // // * The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey -// operations, the AWS CloudHSM cluster must have at least two active HSMs, -// each in a different Availability Zone. For the ConnectCustomKeyStore operation, -// the AWS CloudHSM must contain at least one active HSM. +// operations, the CloudHSM cluster must have at least two active HSMs, each +// in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the CloudHSM must contain at least one active HSM. // -// For information about the requirements for an AWS CloudHSM cluster that is -// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) -// in the AWS Key Management Service Developer Guide. For information about -// creating a private subnet for an AWS CloudHSM cluster, see Create a Private -// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) -// in the AWS CloudHSM User Guide. For information about cluster security groups, +// For information about the requirements for an CloudHSM cluster that is associated +// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the Key Management Service Developer Guide. For information about creating +// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// in the AWS CloudHSM User Guide . +// in the CloudHSM User Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConnectCustomKeyStore func (c *KMS) ConnectCustomKeyStore(input *ConnectCustomKeyStoreInput) (*ConnectCustomKeyStoreOutput, error) { @@ -374,37 +373,37 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // CreateAlias API operation for AWS Key Management Service. // -// Creates a friendly name for a customer master key (CMK). +// Creates a friendly name for a KMS key. // // Adding, deleting, or updating an alias can allow or deny permission to the -// CMK. For details, see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) -// in the AWS Key Management Service Developer Guide. +// KMS key. For details, see Using ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the Key Management Service Developer Guide. // -// You can use an alias to identify a CMK in the AWS KMS console, in the DescribeKey +// You can use an alias to identify a KMS key in the KMS console, in the DescribeKey // operation and in cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), -// such as Encrypt and GenerateDataKey. You can also change the CMK that's associated -// with the alias (UpdateAlias) or delete the alias (DeleteAlias) at any time. -// These operations don't affect the underlying CMK. +// such as Encrypt and GenerateDataKey. You can also change the KMS key that's +// associated with the alias (UpdateAlias) or delete the alias (DeleteAlias) +// at any time. These operations don't affect the underlying KMS key. // -// You can associate the alias with any customer managed CMK in the same AWS -// Region. Each alias is associated with only one CMK at a time, but a CMK can -// have multiple aliases. A valid CMK is required. You can't create an alias -// without a CMK. +// You can associate the alias with any customer managed key in the same Amazon +// Web Services Region. Each alias is associated with only one KMS key at a +// time, but a KMS key can have multiple aliases. A valid KMS key is required. +// You can't create an alias without a KMS key. // // The alias must be unique in the account and Region, but you can have aliases // with the same name in different Regions. For detailed information about aliases, // see Using aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // This operation does not return a response. To get the alias that you created, // use the ListAliases operation. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on an alias in a -// different AWS account. +// different Amazon Web Services account. // // Required permissions // @@ -412,10 +411,10 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // on the alias (IAM policy). // // * kms:CreateAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) -// on the CMK (key policy). +// on the KMS key (key policy). // // For details, see Controlling access to aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // Related operations: // @@ -455,15 +454,15 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // * LimitExceededException // The request was rejected because a quota was exceeded. For more information, // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias func (c *KMS) CreateAlias(input *CreateAliasInput) (*CreateAliasOutput, error) { @@ -532,31 +531,31 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // CreateCustomKeyStore API operation for AWS Key Management Service. // // Creates a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// that is associated with an AWS CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html) +// that is associated with an CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html) // that you own and manage. // // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in AWS KMS, which combines the convenience and extensive integration -// of AWS KMS with the isolation and control of a single-tenant key store. +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a single-tenant key store. // // Before you create the custom key store, you must assemble the required elements, -// including an AWS CloudHSM cluster that fulfills the requirements for a custom +// including an CloudHSM cluster that fulfills the requirements for a custom // key store. For details about the required elements, see Assemble the Prerequisites // (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // When the operation completes successfully, it returns the ID of the new custom // key store. Before you can use your new custom key store, you need to use -// the ConnectCustomKeyStore operation to connect the new key store to its AWS -// CloudHSM cluster. Even if you are not going to use your custom key store -// immediately, you might want to connect it to verify that all settings are -// correct and then disconnect it until you are ready to use it. +// the ConnectCustomKeyStore operation to connect the new key store to its CloudHSM +// cluster. Even if you are not going to use your custom key store immediately, +// you might want to connect it to verify that all settings are correct and +// then disconnect it until you are ready to use it. // // For help with failures, see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a custom key -// store in a different AWS account. +// store in a different Amazon Web Services account. // // Required permissions: kms:CreateCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (IAM policy). @@ -582,10 +581,10 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // // Returned Error Types: // * CloudHsmClusterInUseException -// The request was rejected because the specified AWS CloudHSM cluster is already +// The request was rejected because the specified CloudHSM cluster is already // associated with a custom key store or it shares a backup history with a cluster // that is associated with a custom key store. Each custom key store must be -// associated with a different AWS CloudHSM cluster. +// associated with a different CloudHSM cluster. // // Clusters that share a backup history have the same cluster certificate. To // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) @@ -597,32 +596,31 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // key store name that is unique in the account. // // * CloudHsmClusterNotFoundException -// The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster -// with the specified cluster ID. Retry the request with a different cluster -// ID. +// The request was rejected because KMS cannot find the CloudHSM cluster with +// the specified cluster ID. Retry the request with a different cluster ID. // // * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // // * CloudHsmClusterNotActiveException -// The request was rejected because the AWS CloudHSM cluster that is associated +// The request was rejected because the CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) -// in the AWS CloudHSM User Guide. +// in the CloudHSM User Guide. // // * IncorrectTrustAnchorException // The request was rejected because the trust anchor certificate in the request -// is not the trust anchor certificate for the specified AWS CloudHSM cluster. +// is not the trust anchor certificate for the specified CloudHSM cluster. // // When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create the trust anchor certificate and save it in the customerCA.crt // file. // // * CloudHsmClusterInvalidConfigurationException -// The request was rejected because the associated AWS CloudHSM cluster did -// not meet the configuration requirements for a custom key store. +// The request was rejected because the associated CloudHSM cluster did not +// meet the configuration requirements for a custom key store. // // * The cluster must be configured with private subnets in at least two // different Availability Zones in the Region. @@ -637,20 +635,19 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // operation. // // * The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey -// operations, the AWS CloudHSM cluster must have at least two active HSMs, -// each in a different Availability Zone. For the ConnectCustomKeyStore operation, -// the AWS CloudHSM must contain at least one active HSM. +// operations, the CloudHSM cluster must have at least two active HSMs, each +// in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the CloudHSM must contain at least one active HSM. // -// For information about the requirements for an AWS CloudHSM cluster that is -// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) -// in the AWS Key Management Service Developer Guide. For information about -// creating a private subnet for an AWS CloudHSM cluster, see Create a Private -// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) -// in the AWS CloudHSM User Guide. For information about cluster security groups, +// For information about the requirements for an CloudHSM cluster that is associated +// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the Key Management Service Developer Guide. For information about creating +// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// in the AWS CloudHSM User Guide . +// in the CloudHSM User Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore func (c *KMS) CreateCustomKeyStore(input *CreateCustomKeyStoreInput) (*CreateCustomKeyStoreOutput, error) { @@ -718,49 +715,44 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // CreateGrant API operation for AWS Key Management Service. // -// Adds a grant to a customer master key (CMK). +// Adds a grant to a KMS key. // -// A grant is a policy instrument that allows AWS principals to use AWS KMS -// customer master keys (CMKs) in cryptographic operations. It also can allow -// them to view a CMK (DescribeKey) and create and manage grants. When authorizing -// access to a CMK, grants are considered along with key policies and IAM policies. +// A grant is a policy instrument that allows Amazon Web Services principals +// to use KMS keys in cryptographic operations. It also can allow them to view +// a KMS key (DescribeKey) and create and manage grants. When authorizing access +// to a KMS key, grants are considered along with key policies and IAM policies. // Grants are often used for temporary permissions because you can create one, // use its permissions, and delete it without changing your key policies or // IAM policies. // // For detailed information about grants, including grant terminology, see Using // grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) -// in the AWS Key Management Service Developer Guide . For examples of working -// with grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). +// in the Key Management Service Developer Guide . For examples of working with +// grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). // // The CreateGrant operation returns a GrantToken and a GrantId. // // * When you create, retire, or revoke a grant, there might be a brief delay, // usually less than five minutes, until the grant is available throughout -// AWS KMS. This state is known as eventual consistency. Once the grant has -// achieved eventual consistency, the grantee principal can use the permissions -// in the grant without identifying the grant. However, to use the permissions +// KMS. This state is known as eventual consistency. Once the grant has achieved +// eventual consistency, the grantee principal can use the permissions in +// the grant without identifying the grant. However, to use the permissions // in the grant immediately, use the GrantToken that CreateGrant returns. -// For details, see Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html) -// in the AWS Key Management Service Developer Guide . +// For details, see Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) +// in the Key Management Service Developer Guide . // // * The CreateGrant operation also returns a GrantId. You can use the GrantId // and a key identifier to identify the grant in the RetireGrant and RevokeGrant // operations. To find the grant ID, use the ListGrants or ListRetirableGrants // operations. // -// For information about symmetric and asymmetric CMKs, see Using Symmetric -// and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) -// in the AWS Key Management Service Developer Guide. For more information about -// grants, see Grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) -// in the AWS Key Management Service Developer Guide . +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. -// -// Cross-account use: Yes. To perform this operation on a CMK in a different -// AWS account, specify the key ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation on a KMS key in a different +// Amazon Web Services account, specify the key ARN in the value of the KeyId +// parameter. // // Required permissions: kms:CreateGrant (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -788,7 +780,7 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // be found. // // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can @@ -808,15 +800,15 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // * LimitExceededException // The request was rejected because a quota was exceeded. For more information, // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant func (c *KMS) CreateGrant(input *CreateGrantInput) (*CreateGrantOutput, error) { @@ -884,106 +876,111 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // CreateKey API operation for AWS Key Management Service. // -// Creates a unique customer managed customer master key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master-keys) -// (CMK) in your AWS account and Region. +// Creates a unique customer managed KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms-keys) +// in your Amazon Web Services account and Region. // -// You can use the CreateKey operation to create symmetric or asymmetric CMKs. +// KMS is replacing the term customer master key (CMK) with KMS key and KMS +// key. The concept has not changed. To prevent breaking changes, KMS is keeping +// some variations of this term. // -// * Symmetric CMKs contain a 256-bit symmetric key that never leaves AWS -// KMS unencrypted. To use the CMK, you must call AWS KMS. You can use a -// symmetric CMK to encrypt and decrypt small amounts of data, but they are -// typically used to generate data keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) +// You can use the CreateKey operation to create symmetric or asymmetric KMS +// keys. +// +// * Symmetric KMS keys contain a 256-bit symmetric key that never leaves +// KMS unencrypted. To use the KMS key, you must call KMS. You can use a +// symmetric KMS key to encrypt and decrypt small amounts of data, but they +// are typically used to generate data keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) // and data keys pairs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-key-pairs). // For details, see GenerateDataKey and GenerateDataKeyPair. // -// * Asymmetric CMKs can contain an RSA key pair or an Elliptic Curve (ECC) -// key pair. The private key in an asymmetric CMK never leaves AWS KMS unencrypted. -// However, you can use the GetPublicKey operation to download the public -// key so it can be used outside of AWS KMS. CMKs with RSA key pairs can -// be used to encrypt or decrypt data or sign and verify messages (but not -// both). CMKs with ECC key pairs can be used only to sign and verify messages. +// * Asymmetric KMS keys can contain an RSA key pair or an Elliptic Curve +// (ECC) key pair. The private key in an asymmetric KMS key never leaves +// KMS unencrypted. However, you can use the GetPublicKey operation to download +// the public key so it can be used outside of KMS. KMS keys with RSA key +// pairs can be used to encrypt or decrypt data or sign and verify messages +// (but not both). KMS keys with ECC key pairs can be used only to sign and +// verify messages. // -// For information about symmetric and asymmetric CMKs, see Using Symmetric -// and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) -// in the AWS Key Management Service Developer Guide. +// For information about symmetric and asymmetric KMS keys, see Using Symmetric +// and Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the Key Management Service Developer Guide. // -// To create different types of CMKs, use the following guidance: +// To create different types of KMS keys, use the following guidance: // -// Asymmetric CMKs +// Asymmetric KMS keys // -// To create an asymmetric CMK, use the CustomerMasterKeySpec parameter to specify -// the type of key material in the CMK. Then, use the KeyUsage parameter to -// determine whether the CMK will be used to encrypt and decrypt or sign and -// verify. You can't change these properties after the CMK is created. +// To create an asymmetric KMS key, use the KeySpec parameter to specify the +// type of key material in the KMS key. Then, use the KeyUsage parameter to +// determine whether the KMS key will be used to encrypt and decrypt or sign +// and verify. You can't change these properties after the KMS key is created. // -// Symmetric CMKs +// Symmetric KMS keys // -// When creating a symmetric CMK, you don't need to specify the CustomerMasterKeySpec -// or KeyUsage parameters. The default value for CustomerMasterKeySpec, SYMMETRIC_DEFAULT, +// When creating a symmetric KMS key, you don't need to specify the KeySpec +// or KeyUsage parameters. The default value for KeySpec, SYMMETRIC_DEFAULT, // and the default value for KeyUsage, ENCRYPT_DECRYPT, are the only valid values -// for symmetric CMKs. +// for symmetric KMS keys. // // Multi-Region primary keys // // Imported key material // -// To create a multi-Region primary key in the local AWS Region, use the MultiRegion -// parameter with a value of True. To create a multi-Region replica key, that -// is, a CMK with the same key ID and key material as a primary key, but in -// a different AWS Region, use the ReplicateKey operation. To change a replica -// key to a primary key, and its primary key to a replica key, use the UpdatePrimaryRegion -// operation. +// To create a multi-Region primary key in the local Amazon Web Services Region, +// use the MultiRegion parameter with a value of True. To create a multi-Region +// replica key, that is, a KMS key with the same key ID and key material as +// a primary key, but in a different Amazon Web Services Region, use the ReplicateKey +// operation. To change a replica key to a primary key, and its primary key +// to a replica key, use the UpdatePrimaryRegion operation. // -// This operation supports multi-Region keys, an AWS KMS feature that lets you -// create multiple interoperable CMKs in different AWS Regions. Because these -// CMKs have the same key ID, key material, and other metadata, you can use -// them to encrypt data in one AWS Region and decrypt it in a different AWS -// Region without making a cross-Region call or exposing the plaintext data. -// For more information about multi-Region keys, see Using multi-Region keys -// (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) -// in the AWS Key Management Service Developer Guide. +// This operation supports multi-Region keys, an KMS feature that lets you create +// multiple interoperable KMS keys in different Amazon Web Services Regions. +// Because these KMS keys have the same key ID, key material, and other metadata, +// you can use them interchangeably to encrypt data in one Amazon Web Services +// Region and decrypt it in a different Amazon Web Services Region without re-encrypting +// the data or making a cross-Region call. For more information about multi-Region +// keys, see Using multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) +// in the Key Management Service Developer Guide. // // You can create symmetric and asymmetric multi-Region keys and multi-Region // keys with imported key material. You cannot create multi-Region keys in a // custom key store. // -// To import your own key material, begin by creating a symmetric CMK with no -// key material. To do this, use the Origin parameter of CreateKey with a value -// of EXTERNAL. Next, use GetParametersForImport operation to get a public key -// and import token, and use the public key to encrypt your key material. Then, -// use ImportKeyMaterial with your import token to import the key material. +// To import your own key material, begin by creating a symmetric KMS key with +// no key material. To do this, use the Origin parameter of CreateKey with a +// value of EXTERNAL. Next, use GetParametersForImport operation to get a public +// key and import token, and use the public key to encrypt your key material. +// Then, use ImportKeyMaterial with your import token to import the key material. // For step-by-step instructions, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) -// in the AWS Key Management Service Developer Guide . You cannot import the -// key material into an asymmetric CMK. +// in the Key Management Service Developer Guide . You cannot import the key +// material into an asymmetric KMS key. // // To create a multi-Region primary key with imported key material, use the // Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion // parameter with a value of True. To create replicas of the multi-Region primary // key, use the ReplicateKey operation. For more information about multi-Region // keys, see Using multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // Custom key store // -// To create a symmetric CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), +// To create a symmetric KMS key in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // use the CustomKeyStoreId parameter to specify the custom key store. You must -// also use the Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM +// also use the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM // cluster that is associated with the custom key store must have at least two -// active HSMs in different Availability Zones in the AWS Region. +// active HSMs in different Availability Zones in the Amazon Web Services Region. // -// You cannot create an asymmetric CMK or a multi-Region CMK in a custom key -// store. For information about custom key stores in AWS KMS see Using Custom -// Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// in the AWS Key Management Service Developer Guide . +// You cannot create an asymmetric KMS key in a custom key store. For information +// about custom key stores in KMS see Using Custom Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// in the Key Management Service Developer Guide . // -// Cross-account use: No. You cannot use this operation to create a CMK in a -// different AWS account. +// Cross-account use: No. You cannot use this operation to create a KMS key +// in a different Amazon Web Services account. // // Required permissions: kms:CreateKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (IAM policy). To use the Tags parameter, kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (IAM policy). For examples and information about related permissions, see -// Allow a user to create CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-create-key) -// in the AWS Key Management Service Developer Guide. +// Allow a user to create KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-create-key) +// in the Key Management Service Developer Guide. // // Related operations: // @@ -1024,13 +1021,13 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // * LimitExceededException // The request was rejected because a quota was exceeded. For more information, // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // * TagException // The request was rejected because one or more tags are not valid. // // * CustomKeyStoreNotFoundException -// The request was rejected because AWS KMS cannot find a custom key store with +// The request was rejected because KMS cannot find a custom key store with // the specified key store name or ID. // // * CustomKeyStoreInvalidStateException @@ -1053,8 +1050,8 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // for all other ConnectionState values. // // * CloudHsmClusterInvalidConfigurationException -// The request was rejected because the associated AWS CloudHSM cluster did -// not meet the configuration requirements for a custom key store. +// The request was rejected because the associated CloudHSM cluster did not +// meet the configuration requirements for a custom key store. // // * The cluster must be configured with private subnets in at least two // different Availability Zones in the Region. @@ -1069,20 +1066,19 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // operation. // // * The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey -// operations, the AWS CloudHSM cluster must have at least two active HSMs, -// each in a different Availability Zone. For the ConnectCustomKeyStore operation, -// the AWS CloudHSM must contain at least one active HSM. +// operations, the CloudHSM cluster must have at least two active HSMs, each +// in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the CloudHSM must contain at least one active HSM. // -// For information about the requirements for an AWS CloudHSM cluster that is -// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) -// in the AWS Key Management Service Developer Guide. For information about -// creating a private subnet for an AWS CloudHSM cluster, see Create a Private -// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) -// in the AWS CloudHSM User Guide. For information about cluster security groups, +// For information about the requirements for an CloudHSM cluster that is associated +// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the Key Management Service Developer Guide. For information about creating +// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// in the AWS CloudHSM User Guide . +// in the CloudHSM User Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey func (c *KMS) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) { @@ -1150,8 +1146,8 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // Decrypt API operation for AWS Key Management Service. // -// Decrypts ciphertext that was encrypted by a AWS KMS customer master key (CMK) -// using any of the following operations: +// Decrypts ciphertext that was encrypted by a KMS key using any of the following +// operations: // // * Encrypt // @@ -1164,46 +1160,52 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // * GenerateDataKeyPairWithoutPlaintext // // You can use this operation to decrypt ciphertext that was encrypted under -// a symmetric or asymmetric CMK. When the CMK is asymmetric, you must specify -// the CMK and the encryption algorithm that was used to encrypt the ciphertext. -// For information about symmetric and asymmetric CMKs, see Using Symmetric -// and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) -// in the AWS Key Management Service Developer Guide. +// a symmetric or asymmetric KMS key. When the KMS key is asymmetric, you must +// specify the KMS key and the encryption algorithm that was used to encrypt +// the ciphertext. For information about symmetric and asymmetric KMS keys, +// see Using Symmetric and Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the Key Management Service Developer Guide. // // The Decrypt operation also decrypts ciphertext that was encrypted outside -// of AWS KMS by the public key in an AWS KMS asymmetric CMK. However, it cannot -// decrypt ciphertext produced by other libraries, such as the AWS Encryption -// SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) +// of KMS by the public key in an KMS asymmetric KMS key. However, it cannot +// decrypt ciphertext produced by other libraries, such as the Amazon Web Services +// Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) // or Amazon S3 client-side encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html). -// These libraries return a ciphertext format that is incompatible with AWS -// KMS. +// These libraries return a ciphertext format that is incompatible with KMS. // -// If the ciphertext was encrypted under a symmetric CMK, the KeyId parameter -// is optional. AWS KMS can get this information from metadata that it adds -// to the symmetric ciphertext blob. This feature adds durability to your implementation +// If the ciphertext was encrypted under a symmetric KMS key, the KeyId parameter +// is optional. KMS can get this information from metadata that it adds to the +// symmetric ciphertext blob. This feature adds durability to your implementation // by ensuring that authorized users can decrypt ciphertext decades after it -// was encrypted, even if they've lost track of the CMK ID. However, specifying -// the CMK is always recommended as a best practice. When you use the KeyId -// parameter to specify a CMK, AWS KMS only uses the CMK you specify. If the -// ciphertext was encrypted under a different CMK, the Decrypt operation fails. -// This practice ensures that you use the CMK that you intend. +// was encrypted, even if they've lost track of the key ID. However, specifying +// the KMS key is always recommended as a best practice. When you use the KeyId +// parameter to specify a KMS key, KMS only uses the KMS key you specify. If +// the ciphertext was encrypted under a different KMS key, the Decrypt operation +// fails. This practice ensures that you use the KMS key that you intend. // // Whenever possible, use key policies to give users permission to call the -// Decrypt operation on a particular CMK, instead of using IAM policies. Otherwise, -// you might create an IAM user policy that gives the user Decrypt permission -// on all CMKs. This user could decrypt ciphertext that was encrypted by CMKs -// in other accounts if the key policy for the cross-account CMK permits it. -// If you must use an IAM policy for Decrypt permissions, limit the user to -// particular CMKs or particular trusted accounts. For details, see Best practices -// for IAM policies (https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices) -// in the AWS Key Management Service Developer Guide. +// Decrypt operation on a particular KMS key, instead of using IAM policies. +// Otherwise, you might create an IAM user policy that gives the user Decrypt +// permission on all KMS keys. This user could decrypt ciphertext that was encrypted +// by KMS keys in other accounts if the key policy for the cross-account KMS +// key permits it. If you must use an IAM policy for Decrypt permissions, limit +// the user to particular KMS keys or particular trusted accounts. For details, +// see Best practices for IAM policies (https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices) +// in the Key Management Service Developer Guide. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Applications in Amazon Web Services Nitro Enclaves can call this operation +// by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c). +// For information about the supporting parameters, see How Amazon Web Services +// Nitro Enclaves use KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: Yes. You can decrypt a ciphertext using a CMK in a different -// AWS account. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. // // Required permissions: kms:Decrypt (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -1231,7 +1233,7 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // be found. // // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * InvalidCiphertextException // From the Decrypt or ReEncrypt operation, the request was rejected because @@ -1239,32 +1241,33 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // the ciphertext, such as the encryption context, is corrupted, missing, or // otherwise invalid. // -// From the ImportKeyMaterial operation, the request was rejected because AWS -// KMS could not decrypt the encrypted (wrapped) key material. +// From the ImportKeyMaterial operation, the request was rejected because KMS +// could not decrypt the encrypted (wrapped) key material. // // * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // // * IncorrectKeyException -// The request was rejected because the specified CMK cannot decrypt the data. -// The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request -// must identify the same CMK that was used to encrypt the ciphertext. +// The request was rejected because the specified KMS key cannot decrypt the +// data. The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request +// must identify the same KMS key that was used to encrypt the ciphertext. // // * InvalidKeyUsageException // The request was rejected for one of the following reasons: // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// * The KeyUsage value of the KMS key is incompatible with the API operation. // // * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// is incompatible with the type of key material in the KMS key (KeySpec). // // For encrypting, decrypting, re-encrypting, and generating data keys, the // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey +// operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // // * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can @@ -1281,9 +1284,9 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt func (c *KMS) Decrypt(input *DecryptInput) (*DecryptOutput, error) { @@ -1355,20 +1358,20 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // Deletes the specified alias. // // Adding, deleting, or updating an alias can allow or deny permission to the -// CMK. For details, see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) -// in the AWS Key Management Service Developer Guide. +// KMS key. For details, see Using ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the Key Management Service Developer Guide. // -// Because an alias is not a property of a CMK, you can delete and change the -// aliases of a CMK without affecting the CMK. Also, aliases do not appear in -// the response from the DescribeKey operation. To get the aliases of all CMKs, -// use the ListAliases operation. +// Because an alias is not a property of a KMS key, you can delete and change +// the aliases of a KMS key without affecting the KMS key. Also, aliases do +// not appear in the response from the DescribeKey operation. To get the aliases +// of all KMS keys, use the ListAliases operation. // -// Each CMK can have multiple aliases. To change the alias of a CMK, use DeleteAlias -// to delete the current alias and CreateAlias to create a new alias. To associate -// an existing alias with a different customer master key (CMK), call UpdateAlias. +// Each KMS key can have multiple aliases. To change the alias of a KMS key, +// use DeleteAlias to delete the current alias and CreateAlias to create a new +// alias. To associate an existing alias with a different KMS key, call UpdateAlias. // // Cross-account use: No. You cannot perform this operation on an alias in a -// different AWS account. +// different Amazon Web Services account. // // Required permissions // @@ -1376,10 +1379,10 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // on the alias (IAM policy). // // * kms:DeleteAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) -// on the CMK (key policy). +// on the KMS key (key policy). // // For details, see Controlling access to aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // Related operations: // @@ -1413,9 +1416,9 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias func (c *KMS) DeleteAlias(input *DeleteAliasInput) (*DeleteAliasOutput, error) { @@ -1485,37 +1488,35 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // DeleteCustomKeyStore API operation for AWS Key Management Service. // // Deletes a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// This operation does not delete the AWS CloudHSM cluster that is associated -// with the custom key store, or affect any users or keys in the cluster. +// This operation does not delete the CloudHSM cluster that is associated with +// the custom key store, or affect any users or keys in the cluster. // -// The custom key store that you delete cannot contain any AWS KMS customer -// master keys (CMKs) (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys). +// The custom key store that you delete cannot contain any KMS KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys). // Before deleting the key store, verify that you will never need to use any -// of the CMKs in the key store for any cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). -// Then, use ScheduleKeyDeletion to delete the AWS KMS customer master keys -// (CMKs) from the key store. When the scheduled waiting period expires, the -// ScheduleKeyDeletion operation deletes the CMKs. Then it makes a best effort -// to delete the key material from the associated cluster. However, you might -// need to manually delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) +// of the KMS keys in the key store for any cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). +// Then, use ScheduleKeyDeletion to delete the KMS keys from the key store. +// When the scheduled waiting period expires, the ScheduleKeyDeletion operation +// deletes the KMS keys. Then it makes a best effort to delete the key material +// from the associated cluster. However, you might need to manually delete the +// orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) // from the cluster and its backups. // -// After all CMKs are deleted from AWS KMS, use DisconnectCustomKeyStore to -// disconnect the key store from AWS KMS. Then, you can delete the custom key -// store. +// After all KMS keys are deleted from KMS, use DisconnectCustomKeyStore to +// disconnect the key store from KMS. Then, you can delete the custom key store. // // Instead of deleting the custom key store, consider using DisconnectCustomKeyStore -// to disconnect it from AWS KMS. While the key store is disconnected, you cannot -// create or use the CMKs in the key store. But, you do not need to delete CMKs -// and you can reconnect a disconnected custom key store at any time. +// to disconnect it from KMS. While the key store is disconnected, you cannot +// create or use the KMS keys in the key store. But, you do not need to delete +// KMS keys and you can reconnect a disconnected custom key store at any time. // // If the operation succeeds, it returns a JSON object with no properties. // // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in AWS KMS, which combines the convenience and extensive integration -// of AWS KMS with the isolation and control of a single-tenant key store. +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a single-tenant key store. // // Cross-account use: No. You cannot perform this operation on a custom key -// store in a different AWS account. +// store in a different Amazon Web Services account. // // Required permissions: kms:DeleteCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (IAM policy) @@ -1541,10 +1542,10 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // // Returned Error Types: // * CustomKeyStoreHasCMKsException -// The request was rejected because the custom key store contains AWS KMS customer -// master keys (CMKs). After verifying that you do not need to use the CMKs, -// use the ScheduleKeyDeletion operation to delete the CMKs. After they are -// deleted, you can delete the custom key store. +// The request was rejected because the custom key store contains KMS keys. +// After verifying that you do not need to use the KMS keys, use the ScheduleKeyDeletion +// operation to delete the KMS keys. After they are deleted, you can delete +// the custom key store. // // * CustomKeyStoreInvalidStateException // The request was rejected because of the ConnectionState of the custom key @@ -1566,7 +1567,7 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // for all other ConnectionState values. // // * CustomKeyStoreNotFoundException -// The request was rejected because AWS KMS cannot find a custom key store with +// The request was rejected because KMS cannot find a custom key store with // the specified key store name or ID. // // * InternalException @@ -1641,22 +1642,23 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // DeleteImportedKeyMaterial API operation for AWS Key Management Service. // // Deletes key material that you previously imported. This operation makes the -// specified customer master key (CMK) unusable. For more information about -// importing key material into AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) -// in the AWS Key Management Service Developer Guide. +// specified KMS key unusable. For more information about importing key material +// into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// in the Key Management Service Developer Guide. // -// When the specified CMK is in the PendingDeletion state, this operation does -// not change the CMK's state. Otherwise, it changes the CMK's state to PendingImport. +// When the specified KMS key is in the PendingDeletion state, this operation +// does not change the KMS key's state. Otherwise, it changes the KMS key's +// state to PendingImport. // // After you delete key material, you can use ImportKeyMaterial to reimport -// the same key material into the CMK. +// the same key material into the KMS key. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:DeleteImportedKeyMaterial (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -1699,9 +1701,9 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial func (c *KMS) DeleteImportedKeyMaterial(input *DeleteImportedKeyMaterialInput) (*DeleteImportedKeyMaterialOutput, error) { @@ -1773,32 +1775,32 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput // in the account and Region. // // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in AWS KMS, which combines the convenience and extensive integration -// of AWS KMS with the isolation and control of a single-tenant key store. +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a single-tenant key store. // // By default, this operation returns information about all custom key stores // in the account and Region. To get only information about a particular custom // key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter // (but not both). // -// To determine whether the custom key store is connected to its AWS CloudHSM -// cluster, use the ConnectionState element in the response. If an attempt to -// connect the custom key store failed, the ConnectionState value is FAILED -// and the ConnectionErrorCode element in the response indicates the cause of -// the failure. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry. +// To determine whether the custom key store is connected to its CloudHSM cluster, +// use the ConnectionState element in the response. If an attempt to connect +// the custom key store failed, the ConnectionState value is FAILED and the +// ConnectionErrorCode element in the response indicates the cause of the failure. +// For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry. // // Custom key stores have a DISCONNECTED connection state if the key store has // never been connected or you use the DisconnectCustomKeyStore operation to // disconnect it. If your custom key store state is CONNECTED but you are having -// trouble using it, make sure that its associated AWS CloudHSM cluster is active +// trouble using it, make sure that its associated CloudHSM cluster is active // and contains the minimum number of HSMs required for the operation, if any. // // For help repairing your custom key store, see the Troubleshooting Custom // Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) -// topic in the AWS Key Management Service Developer Guide. +// topic in the Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a custom key -// store in a different AWS account. +// store in a different Amazon Web Services account. // // Required permissions: kms:DescribeCustomKeyStores (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (IAM policy) @@ -1824,7 +1826,7 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput // // Returned Error Types: // * CustomKeyStoreNotFoundException -// The request was rejected because AWS KMS cannot find a custom key store with +// The request was rejected because KMS cannot find a custom key store with // the specified key store name or ID. // // * InvalidMarkerException @@ -1901,41 +1903,45 @@ func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, // DescribeKey API operation for AWS Key Management Service. // -// Provides detailed information about a customer master key (CMK). You can -// run DescribeKey on a customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) -// or an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). +// Provides detailed information about a KMS key. You can run DescribeKey on +// a customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) +// or an Amazon Web Services managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). // // This detailed information includes the key ARN, creation date (and deletion // date, if applicable), the key state, and the origin and expiration date (if -// any) of the key material. For CMKs in custom key stores, it includes information -// about the custom key store, such as the key store ID and the AWS CloudHSM -// cluster ID. It includes fields, like KeySpec, that help you distinguish symmetric -// from asymmetric CMKs. It also provides information that is particularly important -// to asymmetric CMKs, such as the key usage (encryption or signing) and the -// encryption algorithms or signing algorithms that the CMK supports. +// any) of the key material. It includes fields, like KeySpec, that help you +// distinguish symmetric from asymmetric KMS keys. It also provides information +// that is particularly important to asymmetric keys, such as the key usage +// (encryption or signing) and the encryption algorithms or signing algorithms +// that the KMS key supports. For KMS keys in custom key stores, it includes +// information about the custom key store, such as the key store ID and the +// CloudHSM cluster ID. For multi-Region keys, it displays the primary key and +// all related replica keys. // // DescribeKey does not return the following information: // -// * Aliases associated with the CMK. To get this information, use ListAliases. +// * Aliases associated with the KMS key. To get this information, use ListAliases. // -// * Whether automatic key rotation is enabled on the CMK. To get this information, -// use GetKeyRotationStatus. Also, some key states prevent a CMK from being -// automatically rotated. For details, see How Automatic Key Rotation Works -// (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-how-it-works) -// in AWS Key Management Service Developer Guide. +// * Whether automatic key rotation is enabled on the KMS key. To get this +// information, use GetKeyRotationStatus. Also, some key states prevent a +// KMS key from being automatically rotated. For details, see How Automatic +// Key Rotation Works (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-how-it-works) +// in Key Management Service Developer Guide. // -// * Tags on the CMK. To get this information, use ListResourceTags. +// * Tags on the KMS key. To get this information, use ListResourceTags. // -// * Key policies and grants on the CMK. To get this information, use GetKeyPolicy -// and ListGrants. +// * Key policies and grants on the KMS key. To get this information, use +// GetKeyPolicy and ListGrants. // -// If you call the DescribeKey operation on a predefined AWS alias, that is, -// an AWS alias with no key ID, AWS KMS creates an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys). -// Then, it associates the alias with the new CMK, and returns the KeyId and -// Arn of the new CMK in the response. +// If you call the DescribeKey operation on a predefined Amazon Web Services +// alias, that is, an Amazon Web Services alias with no key ID, KMS creates +// an Amazon Web Services managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). +// Then, it associates the alias with the new KMS key, and returns the KeyId +// and Arn of the new KMS key in the response. // -// Cross-account use: Yes. To perform this operation with a CMK in a different -// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. // // Required permissions: kms:DescribeKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -2047,19 +2053,19 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // DisableKey API operation for AWS Key Management Service. // -// Sets the state of a customer master key (CMK) to disabled. This change temporarily -// prevents use of the CMK for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). +// Sets the state of a KMS key to disabled. This change temporarily prevents +// use of the KMS key for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). // -// For more information about how key state affects the use of a CMK, see Key -// state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:DisableKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -2094,9 +2100,9 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey func (c *KMS) DisableKey(input *DisableKeyInput) (*DisableKeyOutput, error) { @@ -2166,21 +2172,21 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // DisableKeyRotation API operation for AWS Key Management Service. // // Disables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) -// for the specified symmetric customer master key (CMK). +// for the specified symmetric KMS key. // -// You cannot enable automatic rotation of asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks), -// CMKs with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), -// or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks), +// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // To enable or disable automatic rotation of a set of related multi-Region // keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-replica-key), // set the property on the primary key. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:DisableKeyRotation (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -2204,7 +2210,7 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // be found. // // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, @@ -2222,9 +2228,9 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // * UnsupportedOperationException // The request was rejected because a specified parameter is not supported or @@ -2298,14 +2304,14 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // DisconnectCustomKeyStore API operation for AWS Key Management Service. // // Disconnects the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// from its associated AWS CloudHSM cluster. While a custom key store is disconnected, -// you can manage the custom key store and its customer master keys (CMKs), -// but you cannot create or use CMKs in the custom key store. You can reconnect -// the custom key store at any time. +// from its associated CloudHSM cluster. While a custom key store is disconnected, +// you can manage the custom key store and its KMS keys, but you cannot create +// or use KMS keys in the custom key store. You can reconnect the custom key +// store at any time. // -// While a custom key store is disconnected, all attempts to create customer -// master keys (CMKs) in the custom key store or to use existing CMKs in cryptographic -// operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) +// While a custom key store is disconnected, all attempts to create KMS keys +// in the custom key store or to use existing KMS keys in cryptographic operations +// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) // will fail. This action can prevent users from storing and accessing sensitive // data. // @@ -2316,11 +2322,11 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // If the operation succeeds, it returns a JSON object with no properties. // // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in AWS KMS, which combines the convenience and extensive integration -// of AWS KMS with the isolation and control of a single-tenant key store. +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a single-tenant key store. // // Cross-account use: No. You cannot perform this operation on a custom key -// store in a different AWS account. +// store in a different Amazon Web Services account. // // Required permissions: kms:DisconnectCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (IAM policy) @@ -2365,7 +2371,7 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // for all other ConnectionState values. // // * CustomKeyStoreNotFoundException -// The request was rejected because AWS KMS cannot find a custom key store with +// The request was rejected because KMS cannot find a custom key store with // the specified key store name or ID. // // * InternalException @@ -2439,15 +2445,15 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // EnableKey API operation for AWS Key Management Service. // -// Sets the key state of a customer master key (CMK) to enabled. This allows -// you to use the CMK for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). +// Sets the key state of a KMS key to enabled. This allows you to use the KMS +// key for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:EnableKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -2481,15 +2487,15 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // * LimitExceededException // The request was rejected because a quota was exceeded. For more information, // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey func (c *KMS) EnableKey(input *EnableKeyInput) (*EnableKeyOutput, error) { @@ -2559,21 +2565,21 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // EnableKeyRotation API operation for AWS Key Management Service. // // Enables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) -// for the specified symmetric customer master key (CMK). +// for the specified symmetric KMS key. // -// You cannot enable automatic rotation of asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks), -// CMKs with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), -// or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks), +// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // To enable or disable automatic rotation of a set of related multi-Region // keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-replica-key), // set the property on the primary key. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:EnableKeyRotation (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -2597,7 +2603,7 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // be found. // // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, @@ -2615,9 +2621,9 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // * UnsupportedOperationException // The request was rejected because a specified parameter is not supported or @@ -2689,55 +2695,56 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // Encrypt API operation for AWS Key Management Service. // -// Encrypts plaintext into ciphertext by using a customer master key (CMK). -// The Encrypt operation has two primary use cases: +// Encrypts plaintext into ciphertext by using a KMS key. The Encrypt operation +// has two primary use cases: // // * You can encrypt small amounts of arbitrary data, such as a personal // identifier or database password, or other sensitive information. // -// * You can use the Encrypt operation to move encrypted data from one AWS -// Region to another. For example, in Region A, generate a data key and use -// the plaintext key to encrypt your data. Then, in Region A, use the Encrypt -// operation to encrypt the plaintext data key under a CMK in Region B. Now, -// you can move the encrypted data and the encrypted data key to Region B. -// When necessary, you can decrypt the encrypted data key and the encrypted -// data entirely within in Region B. +// * You can use the Encrypt operation to move encrypted data from one Amazon +// Web Services Region to another. For example, in Region A, generate a data +// key and use the plaintext key to encrypt your data. Then, in Region A, +// use the Encrypt operation to encrypt the plaintext data key under a KMS +// key in Region B. Now, you can move the encrypted data and the encrypted +// data key to Region B. When necessary, you can decrypt the encrypted data +// key and the encrypted data entirely within in Region B. // // You don't need to use the Encrypt operation to encrypt a data key. The GenerateDataKey // and GenerateDataKeyPair operations return a plaintext data key and an encrypted // copy of that data key. // -// When you encrypt data, you must specify a symmetric or asymmetric CMK to -// use in the encryption operation. The CMK must have a KeyUsage value of ENCRYPT_DECRYPT. -// To find the KeyUsage of a CMK, use the DescribeKey operation. +// When you encrypt data, you must specify a symmetric or asymmetric KMS key +// to use in the encryption operation. The KMS key must have a KeyUsage value +// of ENCRYPT_DECRYPT. To find the KeyUsage of a KMS key, use the DescribeKey +// operation. // -// If you use a symmetric CMK, you can use an encryption context to add additional -// security to your encryption operation. If you specify an EncryptionContext +// If you use a symmetric KMS key, you can use an encryption context to add +// additional security to your encryption operation. If you specify an EncryptionContext // when encrypting data, you must specify the same encryption context (a case-sensitive // exact match) when decrypting the data. Otherwise, the request to decrypt // fails with an InvalidCiphertextException. For more information, see Encryption // Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // -// If you specify an asymmetric CMK, you must also specify the encryption algorithm. -// The algorithm must be compatible with the CMK type. +// If you specify an asymmetric KMS key, you must also specify the encryption +// algorithm. The algorithm must be compatible with the KMS key type. // -// When you use an asymmetric CMK to encrypt or reencrypt data, be sure to record -// the CMK and encryption algorithm that you choose. You will be required to -// provide the same CMK and encryption algorithm when you decrypt the data. -// If the CMK and algorithm do not match the values used to encrypt the data, -// the decrypt operation fails. +// When you use an asymmetric KMS key to encrypt or reencrypt data, be sure +// to record the KMS key and encryption algorithm that you choose. You will +// be required to provide the same KMS key and encryption algorithm when you +// decrypt the data. If the KMS key and algorithm do not match the values used +// to encrypt the data, the decrypt operation fails. // -// You are not required to supply the CMK ID and encryption algorithm when you -// decrypt with symmetric CMKs because AWS KMS stores this information in the -// ciphertext blob. AWS KMS cannot store metadata in ciphertext generated with -// asymmetric keys. The standard format for asymmetric key ciphertext does not -// include configurable fields. +// You are not required to supply the key ID and encryption algorithm when you +// decrypt with symmetric KMS keys because KMS stores this information in the +// ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric +// keys. The standard format for asymmetric key ciphertext does not include +// configurable fields. // // The maximum size of the data that you can encrypt varies with the type of -// CMK and the encryption algorithm that you choose. +// KMS key and the encryption algorithm that you choose. // -// * Symmetric CMKs SYMMETRIC_DEFAULT: 4096 bytes +// * Symmetric KMS keys SYMMETRIC_DEFAULT: 4096 bytes // // * RSA_2048 RSAES_OAEP_SHA_1: 214 bytes RSAES_OAEP_SHA_256: 190 bytes // @@ -2745,12 +2752,13 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // // * RSA_4096 RSAES_OAEP_SHA_1: 470 bytes RSAES_OAEP_SHA_256: 446 bytes // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: Yes. To perform this operation with a CMK in a different -// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. // // Required permissions: kms:Encrypt (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -2776,11 +2784,11 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // be found. // // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // // * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can @@ -2789,17 +2797,18 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // * InvalidKeyUsageException // The request was rejected for one of the following reasons: // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// * The KeyUsage value of the KMS key is incompatible with the API operation. // // * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// is incompatible with the type of key material in the KMS key (KeySpec). // // For encrypting, decrypting, re-encrypting, and generating data keys, the // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey +// operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // // * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. @@ -2812,9 +2821,9 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt func (c *KMS) Encrypt(input *EncryptInput) (*EncryptOutput, error) { @@ -2884,18 +2893,18 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // // Generates a unique symmetric data key for client-side encryption. This operation // returns a plaintext copy of the data key and a copy that is encrypted under -// a customer master key (CMK) that you specify. You can use the plaintext key -// to encrypt your data outside of AWS KMS and store the encrypted data key -// with the encrypted data. +// a KMS key that you specify. You can use the plaintext key to encrypt your +// data outside of KMS and store the encrypted data key with the encrypted data. // // GenerateDataKey returns a unique data key for each request. The bytes in -// the plaintext key are not related to the caller or the CMK. +// the plaintext key are not related to the caller or the KMS key. // -// To generate a data key, specify the symmetric CMK that will be used to encrypt -// the data key. You cannot use an asymmetric CMK to generate data keys. To -// get the type of your CMK, use the DescribeKey operation. You must also specify -// the length of the data key. Use either the KeySpec or NumberOfBytes parameters -// (but not both). For 128-bit and 256-bit data keys, use the KeySpec parameter. +// To generate a data key, specify the symmetric KMS key that will be used to +// encrypt the data key. You cannot use an asymmetric KMS key to generate data +// keys. To get the type of your KMS key, use the DescribeKey operation. You +// must also specify the length of the data key. Use either the KeySpec or NumberOfBytes +// parameters (but not both). For 128-bit and 256-bit data keys, use the KeySpec +// parameter. // // To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. // To generate an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext @@ -2906,41 +2915,48 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // the same encryption context (a case-sensitive exact match) when decrypting // the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Applications in Amazon Web Services Nitro Enclaves can call this operation +// by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c). +// For information about the supporting parameters, see How Amazon Web Services +// Nitro Enclaves use KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // // How to use your data key // // We recommend that you use the following pattern to encrypt data locally in // your application. You can write your own code or use a client-side encryption -// library, such as the AWS Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/), +// library, such as the Amazon Web Services Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/), // the Amazon DynamoDB Encryption Client (https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/), // or Amazon S3 client-side encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html) // to do these tasks for you. // -// To encrypt data outside of AWS KMS: +// To encrypt data outside of KMS: // // Use the GenerateDataKey operation to get a data key. // // Use the plaintext data key (in the Plaintext field of the response) to encrypt -// your data outside of AWS KMS. Then erase the plaintext data key from memory. +// your data outside of KMS. Then erase the plaintext data key from memory. // // Store the encrypted data key (in the CiphertextBlob field of the response) // with the encrypted data. // -// To decrypt data outside of AWS KMS: +// To decrypt data outside of KMS: // // Use the Decrypt operation to decrypt the encrypted data key. The operation // returns a plaintext copy of the data key. // -// Use the plaintext data key to decrypt data outside of AWS KMS, then erase -// the plaintext data key from memory. +// Use the plaintext data key to decrypt data outside of KMS, then erase the +// plaintext data key from memory. // -// Cross-account use: Yes. To perform this operation with a CMK in a different -// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. // // Required permissions: kms:GenerateDataKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -2970,11 +2986,11 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // be found. // // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // // * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can @@ -2983,17 +2999,18 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // * InvalidKeyUsageException // The request was rejected for one of the following reasons: // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// * The KeyUsage value of the KMS key is incompatible with the API operation. // // * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// is incompatible with the type of key material in the KMS key (KeySpec). // // For encrypting, decrypting, re-encrypting, and generating data keys, the // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey +// operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // // * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. @@ -3006,9 +3023,9 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey func (c *KMS) GenerateDataKey(input *GenerateDataKeyInput) (*GenerateDataKeyOutput, error) { @@ -3078,22 +3095,24 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // // Generates a unique asymmetric data key pair. The GenerateDataKeyPair operation // returns a plaintext public key, a plaintext private key, and a copy of the -// private key that is encrypted under the symmetric CMK you specify. You can -// use the data key pair to perform asymmetric cryptography outside of AWS KMS. -// -// GenerateDataKeyPair returns a unique data key pair for each request. The -// bytes in the keys are not related to the caller or the CMK that is used to -// encrypt the private key. +// private key that is encrypted under the symmetric KMS key you specify. You +// can use the data key pair to perform asymmetric cryptography and implement +// digital signatures outside of KMS. // // You can use the public key that GenerateDataKeyPair returns to encrypt data -// or verify a signature outside of AWS KMS. Then, store the encrypted private -// key with the data. When you are ready to decrypt data or sign a message, -// you can use the Decrypt operation to decrypt the encrypted private key. +// or verify a signature outside of KMS. Then, store the encrypted private key +// with the data. When you are ready to decrypt data or sign a message, you +// can use the Decrypt operation to decrypt the encrypted private key. // -// To generate a data key pair, you must specify a symmetric customer master -// key (CMK) to encrypt the private key in a data key pair. You cannot use an -// asymmetric CMK or a CMK in a custom key store. To get the type and origin -// of your CMK, use the DescribeKey operation. +// To generate a data key pair, you must specify a symmetric KMS key to encrypt +// the private key in a data key pair. You cannot use an asymmetric KMS key +// or a KMS key in a custom key store. To get the type and origin of your KMS +// key, use the DescribeKey operation. +// +// Use the KeyPairSpec parameter to choose an RSA or Elliptic Curve (ECC) data +// key pair. KMS recommends that your use ECC key pairs for signing, and use +// RSA key pairs for either encryption or signing, but not both. However, KMS +// cannot enforce any restrictions on the use of data key pairs outside of KMS. // // If you are using the data key pair to encrypt data, or for any operation // where you don't immediately need a private key, consider using the GenerateDataKeyPairWithoutPlaintext @@ -3103,19 +3122,26 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // to decrypt the data or sign a message, use the Decrypt operation to decrypt // the encrypted private key in the data key pair. // +// GenerateDataKeyPair returns a unique data key pair for each request. The +// bytes in the keys are not related to the caller or the KMS key that is used +// to encrypt the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, +// as specified in RFC 5280 (https://tools.ietf.org/html/rfc5280). The private +// key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC 5958 (https://tools.ietf.org/html/rfc5958). +// // You can use the optional encryption context to add additional security to // the encryption operation. If you specify an EncryptionContext, you must specify // the same encryption context (a case-sensitive exact match) when decrypting // the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: Yes. To perform this operation with a CMK in a different -// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. // // Required permissions: kms:GenerateDataKeyPair (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -3145,11 +3171,11 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // be found. // // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // // * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can @@ -3158,17 +3184,18 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // * InvalidKeyUsageException // The request was rejected for one of the following reasons: // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// * The KeyUsage value of the KMS key is incompatible with the API operation. // // * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// is incompatible with the type of key material in the KMS key (KeySpec). // // For encrypting, decrypting, re-encrypting, and generating data keys, the // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey +// operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // // * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. @@ -3181,9 +3208,9 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // * UnsupportedOperationException // The request was rejected because a specified parameter is not supported or @@ -3257,37 +3284,43 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP // // Generates a unique asymmetric data key pair. The GenerateDataKeyPairWithoutPlaintext // operation returns a plaintext public key and a copy of the private key that -// is encrypted under the symmetric CMK you specify. Unlike GenerateDataKeyPair, +// is encrypted under the symmetric KMS key you specify. Unlike GenerateDataKeyPair, // this operation does not return a plaintext private key. // -// To generate a data key pair, you must specify a symmetric customer master -// key (CMK) to encrypt the private key in the data key pair. You cannot use -// an asymmetric CMK or a CMK in a custom key store. To get the type and origin -// of your CMK, use the KeySpec field in the DescribeKey response. -// // You can use the public key that GenerateDataKeyPairWithoutPlaintext returns -// to encrypt data or verify a signature outside of AWS KMS. Then, store the -// encrypted private key with the data. When you are ready to decrypt data or -// sign a message, you can use the Decrypt operation to decrypt the encrypted -// private key. +// to encrypt data or verify a signature outside of KMS. Then, store the encrypted +// private key with the data. When you are ready to decrypt data or sign a message, +// you can use the Decrypt operation to decrypt the encrypted private key. +// +// To generate a data key pair, you must specify a symmetric KMS key to encrypt +// the private key in a data key pair. You cannot use an asymmetric KMS key +// or a KMS key in a custom key store. To get the type and origin of your KMS +// key, use the DescribeKey operation. +// +// Use the KeyPairSpec parameter to choose an RSA or Elliptic Curve (ECC) data +// key pair. KMS recommends that your use ECC key pairs for signing, and use +// RSA key pairs for either encryption or signing, but not both. However, KMS +// cannot enforce any restrictions on the use of data key pairs outside of KMS. // // GenerateDataKeyPairWithoutPlaintext returns a unique data key pair for each -// request. The bytes in the key are not related to the caller or CMK that is -// used to encrypt the private key. +// request. The bytes in the key are not related to the caller or KMS key that +// is used to encrypt the private key. The public key is a DER-encoded X.509 +// SubjectPublicKeyInfo, as specified in RFC 5280 (https://tools.ietf.org/html/rfc5280). // // You can use the optional encryption context to add additional security to // the encryption operation. If you specify an EncryptionContext, you must specify // the same encryption context (a case-sensitive exact match) when decrypting // the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: Yes. To perform this operation with a CMK in a different -// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. // // Required permissions: kms:GenerateDataKeyPairWithoutPlaintext (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -3317,11 +3350,11 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP // be found. // // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // // * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can @@ -3330,17 +3363,18 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP // * InvalidKeyUsageException // The request was rejected for one of the following reasons: // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// * The KeyUsage value of the KMS key is incompatible with the API operation. // // * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// is incompatible with the type of key material in the KMS key (KeySpec). // // For encrypting, decrypting, re-encrypting, and generating data keys, the // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey +// operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // // * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. @@ -3353,9 +3387,9 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // * UnsupportedOperationException // The request was rejected because a specified parameter is not supported or @@ -3428,8 +3462,8 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // GenerateDataKeyWithoutPlaintext API operation for AWS Key Management Service. // // Generates a unique symmetric data key. This operation returns a data key -// that is encrypted under a customer master key (CMK) that you specify. To -// request an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext +// that is encrypted under a KMS key that you specify. To request an asymmetric +// data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext // operations. // // GenerateDataKeyWithoutPlaintext is identical to the GenerateDataKey operation @@ -3448,13 +3482,12 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // never sees the plaintext data key. // // GenerateDataKeyWithoutPlaintext returns a unique data key for each request. -// The bytes in the keys are not related to the caller or CMK that is used to -// encrypt the private key. +// The bytes in the keys are not related to the caller or KMS key that is used +// to encrypt the private key. // -// To generate a data key, you must specify the symmetric customer master key -// (CMK) that is used to encrypt the data key. You cannot use an asymmetric -// CMK to generate a data key. To get the type of your CMK, use the DescribeKey -// operation. +// To generate a data key, you must specify the symmetric KMS key that is used +// to encrypt the data key. You cannot use an asymmetric KMS key to generate +// a data key. To get the type of your KMS key, use the DescribeKey operation. // // If the operation succeeds, you will find the encrypted copy of the data key // in the CiphertextBlob field. @@ -3464,14 +3497,15 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // the same encryption context (a case-sensitive exact match) when decrypting // the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: Yes. To perform this operation with a CMK in a different -// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. // // Required permissions: kms:GenerateDataKeyWithoutPlaintext (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -3501,11 +3535,11 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // be found. // // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // // * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can @@ -3514,17 +3548,18 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // * InvalidKeyUsageException // The request was rejected for one of the following reasons: // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// * The KeyUsage value of the KMS key is incompatible with the API operation. // // * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// is incompatible with the type of key material in the KMS key (KeySpec). // // For encrypting, decrypting, re-encrypting, and generating data keys, the // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey +// operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // // * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. @@ -3537,9 +3572,9 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext func (c *KMS) GenerateDataKeyWithoutPlaintext(input *GenerateDataKeyWithoutPlaintextInput) (*GenerateDataKeyWithoutPlaintextOutput, error) { @@ -3609,13 +3644,19 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // // Returns a random byte string that is cryptographically secure. // -// By default, the random byte string is generated in AWS KMS. To generate the -// byte string in the AWS CloudHSM cluster that is associated with a custom -// key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), +// By default, the random byte string is generated in KMS. To generate the byte +// string in the CloudHSM cluster that is associated with a custom key store +// (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // specify the custom key store ID. // -// For more information about entropy and random number generation, see AWS -// Key Management Service Cryptographic Details (https://docs.aws.amazon.com/kms/latest/cryptographic-details/). +// Applications in Amazon Web Services Nitro Enclaves can call this operation +// by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c). +// For information about the supporting parameters, see How Amazon Web Services +// Nitro Enclaves use KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide. +// +// For more information about entropy and random number generation, see Key +// Management Service Cryptographic Details (https://docs.aws.amazon.com/kms/latest/cryptographic-details/). // // Required permissions: kms:GenerateRandom (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (IAM policy) @@ -3637,7 +3678,7 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // can be retried. // // * CustomKeyStoreNotFoundException -// The request was rejected because AWS KMS cannot find a custom key store with +// The request was rejected because KMS cannot find a custom key store with // the specified key store name or ID. // // * CustomKeyStoreInvalidStateException @@ -3725,10 +3766,10 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques // GetKeyPolicy API operation for AWS Key Management Service. // -// Gets a key policy attached to the specified customer master key (CMK). +// Gets a key policy attached to the specified KMS key. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:GetKeyPolicy (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -3763,9 +3804,9 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy func (c *KMS) GetKeyPolicy(input *GetKeyPolicyInput) (*GetKeyPolicyOutput, error) { @@ -3835,30 +3876,31 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // // Gets a Boolean value that indicates whether automatic rotation of the key // material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) -// is enabled for the specified customer master key (CMK). +// is enabled for the specified KMS key. // -// You cannot enable automatic rotation of asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks), -// CMKs with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), -// or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks), +// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // To enable or disable automatic rotation of a set of related multi-Region // keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-replica-key), -// set the property on the primary key. The key rotation status for these CMKs -// is always false. +// set the property on the primary key. The key rotation status for these KMS +// keys is always false. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // // * Disabled: The key rotation status does not change when you disable a -// CMK. However, while the CMK is disabled, AWS KMS does not rotate the backing -// key. +// KMS key. However, while the KMS key is disabled, KMS does not rotate the +// key material. // -// * Pending deletion: While a CMK is pending deletion, its key rotation -// status is false and AWS KMS does not rotate the backing key. If you cancel +// * Pending deletion: While a KMS key is pending deletion, its key rotation +// status is false and KMS does not rotate the key material. If you cancel // the deletion, the original key rotation status is restored. // -// Cross-account use: Yes. To perform this operation on a CMK in a different -// AWS account, specify the key ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation on a KMS key in a different +// Amazon Web Services account, specify the key ARN in the value of the KeyId +// parameter. // // Required permissions: kms:GetKeyRotationStatus (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -3897,9 +3939,9 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // * UnsupportedOperationException // The request was rejected because a specified parameter is not supported or @@ -3972,19 +4014,20 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // GetParametersForImport API operation for AWS Key Management Service. // // Returns the items you need to import key material into a symmetric, customer -// managed customer master key (CMK). For more information about importing key -// material into AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) -// in the AWS Key Management Service Developer Guide. +// managed KMS key. For more information about importing key material into KMS, +// see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// in the Key Management Service Developer Guide. // // This operation returns a public key and an import token. Use the public key // to encrypt the symmetric key material. Store the import token to send with // a subsequent ImportKeyMaterial request. // -// You must specify the key ID of the symmetric CMK into which you will import -// key material. This CMK's Origin must be EXTERNAL. You must also specify the -// wrapping algorithm and type of wrapping key (public key) that you will use -// to encrypt the key material. You cannot perform this operation on an asymmetric -// CMK or on any CMK in a different AWS account. +// You must specify the key ID of the symmetric KMS key into which you will +// import key material. This KMS key's Origin must be EXTERNAL. You must also +// specify the wrapping algorithm and type of wrapping key (public key) that +// you will use to encrypt the key material. You cannot perform this operation +// on an asymmetric KMS key or on any KMS key in a different Amazon Web Services +// account. // // To import key material, you must use the public key and import token from // the same response. These items are valid for 24 hours. The expiration date @@ -3992,12 +4035,12 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // expired token in an ImportKeyMaterial request. If your key and token expire, // send another GetParametersForImport request. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:GetParametersForImport (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -4040,9 +4083,9 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport func (c *KMS) GetParametersForImport(input *GetParametersForImportInput) (*GetParametersForImportOutput, error) { @@ -4110,27 +4153,26 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // GetPublicKey API operation for AWS Key Management Service. // -// Returns the public key of an asymmetric CMK. Unlike the private key of a -// asymmetric CMK, which never leaves AWS KMS unencrypted, callers with kms:GetPublicKey -// permission can download the public key of an asymmetric CMK. You can share -// the public key to allow others to encrypt messages and verify signatures -// outside of AWS KMS. For information about symmetric and asymmetric CMKs, -// see Using Symmetric and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) -// in the AWS Key Management Service Developer Guide. +// Returns the public key of an asymmetric KMS key. Unlike the private key of +// a asymmetric KMS key, which never leaves KMS unencrypted, callers with kms:GetPublicKey +// permission can download the public key of an asymmetric KMS key. You can +// share the public key to allow others to encrypt messages and verify signatures +// outside of KMS. For information about symmetric and asymmetric KMS keys, +// see Using Symmetric and Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the Key Management Service Developer Guide. // // You do not need to download the public key. Instead, you can use the public -// key within AWS KMS by calling the Encrypt, ReEncrypt, or Verify operations -// with the identifier of an asymmetric CMK. When you use the public key within -// AWS KMS, you benefit from the authentication, authorization, and logging -// that are part of every AWS KMS operation. You also reduce of risk of encrypting -// data that cannot be decrypted. These features are not effective outside of -// AWS KMS. For details, see Special Considerations for Downloading Public Keys -// (https://docs.aws.amazon.com/kms/latest/developerguide/download-public-key.html#download-public-key-considerations). +// key within KMS by calling the Encrypt, ReEncrypt, or Verify operations with +// the identifier of an asymmetric KMS key. When you use the public key within +// KMS, you benefit from the authentication, authorization, and logging that +// are part of every KMS operation. You also reduce of risk of encrypting data +// that cannot be decrypted. These features are not effective outside of KMS. +// For details, see Special Considerations for Downloading Public Keys (https://docs.aws.amazon.com/kms/latest/developerguide/download-public-key.html#download-public-key-considerations). // -// To help you use the public key safely outside of AWS KMS, GetPublicKey returns +// To help you use the public key safely outside of KMS, GetPublicKey returns // important information about the public key in the response, including: // -// * CustomerMasterKeySpec (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-CustomerMasterKeySpec): +// * KeySpec (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeySpec): // The type of key material in the public key, such as RSA_4096 or ECC_NIST_P521. // // * KeyUsage (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeyUsage): @@ -4141,19 +4183,20 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // A list of the encryption algorithms or the signing algorithms for the // key. // -// Although AWS KMS cannot enforce these restrictions on external operations, -// it is crucial that you use this information to prevent the public key from -// being used improperly. For example, you can prevent a public signing key -// from being used encrypt data, or prevent a public key from being used with -// an encryption algorithm that is not supported by AWS KMS. You can also avoid -// errors, such as using the wrong signing algorithm in a verification operation. +// Although KMS cannot enforce these restrictions on external operations, it +// is crucial that you use this information to prevent the public key from being +// used improperly. For example, you can prevent a public signing key from being +// used encrypt data, or prevent a public key from being used with an encryption +// algorithm that is not supported by KMS. You can also avoid errors, such as +// using the wrong signing algorithm in a verification operation. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: Yes. To perform this operation with a CMK in a different -// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. // // Required permissions: kms:GetPublicKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -4173,11 +4216,11 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // be found. // // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // // * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can @@ -4197,17 +4240,18 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // * InvalidKeyUsageException // The request was rejected for one of the following reasons: // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// * The KeyUsage value of the KMS key is incompatible with the API operation. // // * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// is incompatible with the type of key material in the KMS key (KeySpec). // // For encrypting, decrypting, re-encrypting, and generating data keys, the // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey +// operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // // * InternalException // The request was rejected because an internal exception occurred. The request @@ -4217,9 +4261,9 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetPublicKey func (c *KMS) GetPublicKey(input *GetPublicKeyInput) (*GetPublicKeyOutput, error) { @@ -4288,15 +4332,16 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // ImportKeyMaterial API operation for AWS Key Management Service. // -// Imports key material into an existing symmetric AWS KMS customer master key -// (CMK) that was created without key material. After you successfully import -// key material into a CMK, you can reimport the same key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material) -// into that CMK, but you cannot import different key material. +// Imports key material into an existing symmetric KMS KMS key that was created +// without key material. After you successfully import key material into a KMS +// key, you can reimport the same key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material) +// into that KMS key, but you cannot import different key material. // -// You cannot perform this operation on an asymmetric CMK or on any CMK in a -// different AWS account. For more information about creating CMKs with no key -// material and then importing key material, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) -// in the AWS Key Management Service Developer Guide. +// You cannot perform this operation on an asymmetric KMS key or on any KMS +// key in a different Amazon Web Services account. For more information about +// creating KMS keys with no key material and then importing key material, see +// Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// in the Key Management Service Developer Guide. // // Before using this operation, call GetParametersForImport. Its response includes // a public key and an import token. Use the public key to encrypt the key material. @@ -4304,10 +4349,10 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // // When calling this operation, you must specify the following values: // -// * The key ID or key ARN of a CMK with no key material. Its Origin must -// be EXTERNAL. To create a CMK with no key material, call CreateKey and -// set the value of its Origin parameter to EXTERNAL. To get the Origin of -// a CMK, call DescribeKey.) +// * The key ID or key ARN of a KMS key with no key material. Its Origin +// must be EXTERNAL. To create a KMS key with no key material, call CreateKey +// and set the value of its Origin parameter to EXTERNAL. To get the Origin +// of a KMS key, call DescribeKey.) // // * The encrypted key material. To get the public key to encrypt the key // material, call GetParametersForImport. @@ -4316,27 +4361,27 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // a public key and token from the same GetParametersForImport response. // // * Whether the key material expires and if so, when. If you set an expiration -// date, AWS KMS deletes the key material from the CMK on the specified date, -// and the CMK becomes unusable. To use the CMK again, you must reimport +// date, KMS deletes the key material from the KMS key on the specified date, +// and the KMS key becomes unusable. To use the KMS key again, you must reimport // the same key material. The only way to change an expiration date is by // reimporting the same key material and specifying a new expiration date. // -// When this operation is successful, the key state of the CMK changes from -// PendingImport to Enabled, and you can use the CMK. +// When this operation is successful, the key state of the KMS key changes from +// PendingImport to Enabled, and you can use the KMS key. // // If this operation fails, use the exception to help determine the problem. // If the error is related to the key material, the import token, or wrapping // key, use GetParametersForImport to get a new public key and import token -// for the CMK and repeat the import procedure. For help, see How To Import +// for the KMS key and repeat the import procedure. For help, see How To Import // Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#importing-keys-overview) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:ImportKeyMaterial (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -4379,9 +4424,9 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // * InvalidCiphertextException // From the Decrypt or ReEncrypt operation, the request was rejected because @@ -4389,13 +4434,13 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // the ciphertext, such as the encryption context, is corrupted, missing, or // otherwise invalid. // -// From the ImportKeyMaterial operation, the request was rejected because AWS -// KMS could not decrypt the encrypted (wrapped) key material. +// From the ImportKeyMaterial operation, the request was rejected because KMS +// could not decrypt the encrypted (wrapped) key material. // // * IncorrectKeyMaterialException // The request was rejected because the key material in the request is, expired, // invalid, or is not the same key material that was previously imported into -// this customer master key (CMK). +// this KMS key. // // * ExpiredImportTokenException // The request was rejected because the specified import token is expired. Use @@ -4404,7 +4449,7 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // // * InvalidImportTokenException // The request was rejected because the provided import token is invalid or -// is associated with a different customer master key (CMK). +// is associated with a different KMS key. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterial func (c *KMS) ImportKeyMaterial(input *ImportKeyMaterialInput) (*ImportKeyMaterialOutput, error) { @@ -4478,30 +4523,33 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, // ListAliases API operation for AWS Key Management Service. // -// Gets a list of aliases in the caller's AWS account and region. For more information -// about aliases, see CreateAlias. +// Gets a list of aliases in the caller's Amazon Web Services account and region. +// For more information about aliases, see CreateAlias. // // By default, the ListAliases operation returns all aliases in the account -// and region. To get only the aliases associated with a particular customer -// master key (CMK), use the KeyId parameter. +// and region. To get only the aliases associated with a particular KMS key, +// use the KeyId parameter. // // The ListAliases response can include aliases that you created and associated -// with your customer managed CMKs, and aliases that AWS created and associated -// with AWS managed CMKs in your account. You can recognize AWS aliases because -// their names have the format aws/<service-name>, such as aws/dynamodb. +// with your customer managed keys, and aliases that Amazon Web Services created +// and associated with Amazon Web Services managed keys in your account. You +// can recognize Amazon Web Services aliases because their names have the format +// aws/<service-name>, such as aws/dynamodb. // // The response might also include aliases that have no TargetKeyId field. These -// are predefined aliases that AWS has created but has not yet associated with -// a CMK. Aliases that AWS creates in your account, including predefined aliases, -// do not count against your AWS KMS aliases quota (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit). +// are predefined aliases that Amazon Web Services has created but has not yet +// associated with a KMS key. Aliases that Amazon Web Services creates in your +// account, including predefined aliases, do not count against your KMS aliases +// quota (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit). // -// Cross-account use: No. ListAliases does not return aliases in other AWS accounts. +// Cross-account use: No. ListAliases does not return aliases in other Amazon +// Web Services accounts. // // Required permissions: kms:ListAliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (IAM policy) // // For details, see Controlling access to aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // Related operations: // @@ -4663,19 +4711,25 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // ListGrants API operation for AWS Key Management Service. // -// Gets a list of all grants for the specified customer master key (CMK). +// Gets a list of all grants for the specified KMS key. // -// You must specify the CMK in all requests. You can filter the grant list by -// grant ID or grantee principal. +// You must specify the KMS key in all requests. You can filter the grant list +// by grant ID or grantee principal. +// +// For detailed information about grants, including grant terminology, see Using +// grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the Key Management Service Developer Guide . For examples of working with +// grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). // // The GranteePrincipal field in the ListGrants response usually contains the // user or role designated as the grantee principal in the grant. However, when -// the grantee principal in the grant is an AWS service, the GranteePrincipal -// field contains the service principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services), +// the grantee principal in the grant is an Amazon Web Services service, the +// GranteePrincipal field contains the service principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services), // which might represent several different grantee principals. // -// Cross-account use: Yes. To perform this operation on a CMK in a different -// AWS account, specify the key ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation on a KMS key in a different +// Amazon Web Services account, specify the key ARN in the value of the KeyId +// parameter. // // Required permissions: kms:ListGrants (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -4725,9 +4779,9 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants func (c *KMS) ListGrants(input *ListGrantsInput) (*ListGrantsResponse, error) { @@ -4853,12 +4907,12 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. // ListKeyPolicies API operation for AWS Key Management Service. // -// Gets the names of the key policies that are attached to a customer master -// key (CMK). This operation is designed to get policy names that you can use -// in a GetKeyPolicy operation. However, the only valid policy name is default. +// Gets the names of the key policies that are attached to a KMS key. This operation +// is designed to get policy names that you can use in a GetKeyPolicy operation. +// However, the only valid policy name is default. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:ListKeyPolicies (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -4897,9 +4951,9 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies func (c *KMS) ListKeyPolicies(input *ListKeyPoliciesInput) (*ListKeyPoliciesOutput, error) { @@ -5025,11 +5079,11 @@ func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, outpu // ListKeys API operation for AWS Key Management Service. // -// Gets a list of all customer master keys (CMKs) in the caller's AWS account -// and Region. +// Gets a list of all KMS keys in the caller's Amazon Web Services account and +// Region. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:ListKeys (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (IAM policy) @@ -5182,15 +5236,15 @@ func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *reques // ListResourceTags API operation for AWS Key Management Service. // -// Returns all tags on the specified customer master key (CMK). +// Returns all tags on the specified KMS key. // // For general information about tags, including the format and syntax, see -// Tagging AWS resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) +// Tagging Amazon Web Services resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) // in the Amazon Web Services General Reference. For information about using -// tags in AWS KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). +// tags in KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:ListResourceTags (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -5295,24 +5349,28 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req * // ListRetirableGrants API operation for AWS Key Management Service. // -// Returns information about all grants in the AWS account and Region that have -// the specified retiring principal. For more information about grants, see -// Grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) -// in the AWS Key Management Service Developer Guide . +// Returns information about all grants in the Amazon Web Services account and +// Region that have the specified retiring principal. // -// You can specify any principal in your AWS account. The grants that are returned -// include grants for CMKs in your AWS account and other AWS accounts. +// You can specify any principal in your Amazon Web Services account. The grants +// that are returned include grants for KMS keys in your Amazon Web Services +// account and other Amazon Web Services accounts. You might use this operation +// to determine which grants you may retire. To retire a grant, use the RetireGrant +// operation. // -// You might use this operation to determine which grants you may retire. To -// retire a grant, use the RetireGrant operation. +// For detailed information about grants, including grant terminology, see Using +// grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the Key Management Service Developer Guide . For examples of working with +// grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). // -// Cross-account use: You must specify a principal in your AWS account. However, -// this operation can return grants in any AWS account. You do not need kms:ListRetirableGrants -// permission (or any other additional permission) in any AWS account other -// than your own. +// Cross-account use: You must specify a principal in your Amazon Web Services +// account. However, this operation can return grants in any Amazon Web Services +// account. You do not need kms:ListRetirableGrants permission (or any other +// additional permission) in any Amazon Web Services account other than your +// own. // // Required permissions: kms:ListRetirableGrants (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) -// (IAM policy) in your AWS account. +// (IAM policy) in your Amazon Web Services account. // // Related operations: // @@ -5419,17 +5477,18 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // PutKeyPolicy API operation for AWS Key Management Service. // -// Attaches a key policy to the specified customer master key (CMK). +// Attaches a key policy to the specified KMS key. // // For more information about key policies, see Key Policies (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) -// in the AWS Key Management Service Developer Guide. For help writing and formatting +// in the Key Management Service Developer Guide. For help writing and formatting // a JSON policy document, see the IAM JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) -// in the IAM User Guide . For examples of adding a key policy in multiple programming -// languages, see Setting a key policy (https://docs.aws.amazon.com/kms/latest/developerguide/programming-key-policies.html#put-policy) -// in the AWS Key Management Service Developer Guide. +// in the Identity and Access Management User Guide . For examples of adding +// a key policy in multiple programming languages, see Setting a key policy +// (https://docs.aws.amazon.com/kms/latest/developerguide/programming-key-policies.html#put-policy) +// in the Key Management Service Developer Guide. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:PutKeyPolicy (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -5471,15 +5530,15 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // * LimitExceededException // The request was rejected because a quota was exceeded. For more information, // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy func (c *KMS) PutKeyPolicy(input *PutKeyPolicyInput) (*PutKeyPolicyOutput, error) { @@ -5547,80 +5606,80 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // ReEncrypt API operation for AWS Key Management Service. // -// Decrypts ciphertext and then reencrypts it entirely within AWS KMS. You can -// use this operation to change the customer master key (CMK) under which data -// is encrypted, such as when you manually rotate (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually) -// a CMK or change the CMK that protects a ciphertext. You can also use it to -// reencrypt ciphertext under the same CMK, such as to change the encryption -// context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) +// Decrypts ciphertext and then reencrypts it entirely within KMS. You can use +// this operation to change the KMS key under which data is encrypted, such +// as when you manually rotate (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually) +// a KMS key or change the KMS key that protects a ciphertext. You can also +// use it to reencrypt ciphertext under the same KMS key, such as to change +// the encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) // of a ciphertext. // // The ReEncrypt operation can decrypt ciphertext that was encrypted by using -// an AWS KMS CMK in an AWS KMS operation, such as Encrypt or GenerateDataKey. -// It can also decrypt ciphertext that was encrypted by using the public key -// of an asymmetric CMK (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks) -// outside of AWS KMS. However, it cannot decrypt ciphertext produced by other -// libraries, such as the AWS Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) +// an KMS KMS key in an KMS operation, such as Encrypt or GenerateDataKey. It +// can also decrypt ciphertext that was encrypted by using the public key of +// an asymmetric KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks) +// outside of KMS. However, it cannot decrypt ciphertext produced by other libraries, +// such as the Amazon Web Services Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) // or Amazon S3 client-side encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html). -// These libraries return a ciphertext format that is incompatible with AWS -// KMS. +// These libraries return a ciphertext format that is incompatible with KMS. // // When you use the ReEncrypt operation, you need to provide information for // the decrypt operation and the subsequent encrypt operation. // -// * If your ciphertext was encrypted under an asymmetric CMK, you must use -// the SourceKeyId parameter to identify the CMK that encrypted the ciphertext. -// You must also supply the encryption algorithm that was used. This information -// is required to decrypt the data. +// * If your ciphertext was encrypted under an asymmetric KMS key, you must +// use the SourceKeyId parameter to identify the KMS key that encrypted the +// ciphertext. You must also supply the encryption algorithm that was used. +// This information is required to decrypt the data. // -// * If your ciphertext was encrypted under a symmetric CMK, the SourceKeyId -// parameter is optional. AWS KMS can get this information from metadata -// that it adds to the symmetric ciphertext blob. This feature adds durability +// * If your ciphertext was encrypted under a symmetric KMS key, the SourceKeyId +// parameter is optional. KMS can get this information from metadata that +// it adds to the symmetric ciphertext blob. This feature adds durability // to your implementation by ensuring that authorized users can decrypt ciphertext -// decades after it was encrypted, even if they've lost track of the CMK -// ID. However, specifying the source CMK is always recommended as a best -// practice. When you use the SourceKeyId parameter to specify a CMK, AWS -// KMS uses only the CMK you specify. If the ciphertext was encrypted under -// a different CMK, the ReEncrypt operation fails. This practice ensures -// that you use the CMK that you intend. +// decades after it was encrypted, even if they've lost track of the key +// ID. However, specifying the source KMS key is always recommended as a +// best practice. When you use the SourceKeyId parameter to specify a KMS +// key, KMS uses only the KMS key you specify. If the ciphertext was encrypted +// under a different KMS key, the ReEncrypt operation fails. This practice +// ensures that you use the KMS key that you intend. // // * To reencrypt the data, you must use the DestinationKeyId parameter specify -// the CMK that re-encrypts the data after it is decrypted. You can select -// a symmetric or asymmetric CMK. If the destination CMK is an asymmetric -// CMK, you must also provide the encryption algorithm. The algorithm that -// you choose must be compatible with the CMK. When you use an asymmetric -// CMK to encrypt or reencrypt data, be sure to record the CMK and encryption -// algorithm that you choose. You will be required to provide the same CMK -// and encryption algorithm when you decrypt the data. If the CMK and algorithm -// do not match the values used to encrypt the data, the decrypt operation -// fails. You are not required to supply the CMK ID and encryption algorithm -// when you decrypt with symmetric CMKs because AWS KMS stores this information -// in the ciphertext blob. AWS KMS cannot store metadata in ciphertext generated -// with asymmetric keys. The standard format for asymmetric key ciphertext -// does not include configurable fields. +// the KMS key that re-encrypts the data after it is decrypted. You can select +// a symmetric or asymmetric KMS key. If the destination KMS key is an asymmetric +// KMS key, you must also provide the encryption algorithm. The algorithm +// that you choose must be compatible with the KMS key. When you use an asymmetric +// KMS key to encrypt or reencrypt data, be sure to record the KMS key and +// encryption algorithm that you choose. You will be required to provide +// the same KMS key and encryption algorithm when you decrypt the data. If +// the KMS key and algorithm do not match the values used to encrypt the +// data, the decrypt operation fails. You are not required to supply the +// key ID and encryption algorithm when you decrypt with symmetric KMS keys +// because KMS stores this information in the ciphertext blob. KMS cannot +// store metadata in ciphertext generated with asymmetric keys. The standard +// format for asymmetric key ciphertext does not include configurable fields. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: Yes. The source CMK and destination CMK can be in different -// AWS accounts. Either or both CMKs can be in a different account than the -// caller. +// Cross-account use: Yes. The source KMS key and destination KMS key can be +// in different Amazon Web Services accounts. Either or both KMS keys can be +// in a different account than the caller. To specify a KMS key in a different +// account, you must use its key ARN or alias ARN. // // Required permissions: // // * kms:ReEncryptFrom (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) -// permission on the source CMK (key policy) +// permission on the source KMS key (key policy) // // * kms:ReEncryptTo (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) -// permission on the destination CMK (key policy) +// permission on the destination KMS key (key policy) // -// To permit reencryption from or to a CMK, include the "kms:ReEncrypt*" permission -// in your key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html). +// To permit reencryption from or to a KMS key, include the "kms:ReEncrypt*" +// permission in your key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html). // This permission is automatically included in the key policy when you use -// the console to create a CMK. But you must include it manually when you create -// a CMK programmatically or when you use the PutKeyPolicy operation to set -// a key policy. +// the console to create a KMS key. But you must include it manually when you +// create a KMS key programmatically or when you use the PutKeyPolicy operation +// to set a key policy. // // Related operations: // @@ -5645,7 +5704,7 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // be found. // // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * InvalidCiphertextException // From the Decrypt or ReEncrypt operation, the request was rejected because @@ -5653,17 +5712,17 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // the ciphertext, such as the encryption context, is corrupted, missing, or // otherwise invalid. // -// From the ImportKeyMaterial operation, the request was rejected because AWS -// KMS could not decrypt the encrypted (wrapped) key material. +// From the ImportKeyMaterial operation, the request was rejected because KMS +// could not decrypt the encrypted (wrapped) key material. // // * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // // * IncorrectKeyException -// The request was rejected because the specified CMK cannot decrypt the data. -// The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request -// must identify the same CMK that was used to encrypt the ciphertext. +// The request was rejected because the specified KMS key cannot decrypt the +// data. The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request +// must identify the same KMS key that was used to encrypt the ciphertext. // // * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can @@ -5672,17 +5731,18 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // * InvalidKeyUsageException // The request was rejected for one of the following reasons: // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// * The KeyUsage value of the KMS key is incompatible with the API operation. // // * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// is incompatible with the type of key material in the KMS key (KeySpec). // // For encrypting, decrypting, re-encrypting, and generating data keys, the // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey +// operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // // * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. @@ -5695,9 +5755,9 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt func (c *KMS) ReEncrypt(input *ReEncryptInput) (*ReEncryptOutput, error) { @@ -5767,33 +5827,34 @@ func (c *KMS) ReplicateKeyRequest(input *ReplicateKeyInput) (req *request.Reques // // Replicates a multi-Region key into the specified Region. This operation creates // a multi-Region replica key based on a multi-Region primary key in a different -// Region of the same AWS partition. You can create multiple replicas of a primary -// key, but each must be in a different Region. To create a multi-Region primary -// key, use the CreateKey operation. +// Region of the same Amazon Web Services partition. You can create multiple +// replicas of a primary key, but each must be in a different Region. To create +// a multi-Region primary key, use the CreateKey operation. // -// This operation supports multi-Region keys, an AWS KMS feature that lets you -// create multiple interoperable CMKs in different AWS Regions. Because these -// CMKs have the same key ID, key material, and other metadata, you can use -// them to encrypt data in one AWS Region and decrypt it in a different AWS -// Region without making a cross-Region call or exposing the plaintext data. -// For more information about multi-Region keys, see Using multi-Region keys -// (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) -// in the AWS Key Management Service Developer Guide. +// This operation supports multi-Region keys, an KMS feature that lets you create +// multiple interoperable KMS keys in different Amazon Web Services Regions. +// Because these KMS keys have the same key ID, key material, and other metadata, +// you can use them interchangeably to encrypt data in one Amazon Web Services +// Region and decrypt it in a different Amazon Web Services Region without re-encrypting +// the data or making a cross-Region call. For more information about multi-Region +// keys, see Using multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) +// in the Key Management Service Developer Guide. // -// A replica key is a fully-functional CMK that can be used independently of -// its primary and peer replica keys. A primary key and its replica keys share -// properties that make them interoperable. They have the same key ID (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id) +// A replica key is a fully-functional KMS key that can be used independently +// of its primary and peer replica keys. A primary key and its replica keys +// share properties that make them interoperable. They have the same key ID +// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id) // and key material. They also have the same key spec (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-spec), // key usage (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-usage), // key material origin (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin), // and automatic key rotation status (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html). -// AWS KMS automatically synchronizes these shared properties among related -// multi-Region keys. All other properties of a replica key can differ, including -// its key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html), +// KMS automatically synchronizes these shared properties among related multi-Region +// keys. All other properties of a replica key can differ, including its key +// policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html), // tags (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html), // aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html), // and key state (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). -// AWS KMS pricing and quotas for CMKs apply to each primary key and replica +// KMS pricing and quotas for KMS keys apply to each primary key and replica // key. // // When this operation completes, the new replica key has a transient key state @@ -5803,31 +5864,31 @@ func (c *KMS) ReplicateKeyRequest(input *ReplicateKeyInput) (req *request.Reques // it in cryptographic operations. If you are creating and using the replica // key programmatically, retry on KMSInvalidStateException or call DescribeKey // to check its KeyState value before using it. For details about the Creating -// key state, see Key state: Effect on your CMK (kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// key state, see Key state: Effect on your KMS key (kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// The AWS CloudTrail log of a ReplicateKey operation records a ReplicateKey -// operation in the primary key's Region and a CreateKey operation in the replica -// key's Region. +// The CloudTrail log of a ReplicateKey operation records a ReplicateKey operation +// in the primary key's Region and a CreateKey operation in the replica key's +// Region. // // If you replicate a multi-Region primary key with imported key material, the // replica key is created with no key material. You must import the same key // material that you imported into the primary key. For details, see Importing // key material into multi-Region keys (kms/latest/developerguide/multi-region-keys-import.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // To convert a replica key to a primary key, use the UpdatePrimaryRegion operation. // // ReplicateKey uses different default values for the KeyPolicy and Tags parameters -// than those used in the AWS KMS console. For details, see the parameter descriptions. +// than those used in the KMS console. For details, see the parameter descriptions. // -// Cross-account use: No. You cannot use this operation to create a CMK in a -// different AWS account. +// Cross-account use: No. You cannot use this operation to create a replica +// key in a different Amazon Web Services account. // // Required permissions: // -// * kms:ReplicateKey on the primary CMK (in the primary CMK's Region). Include -// this permission in the primary CMK's key policy. +// * kms:ReplicateKey on the primary key (in the primary key's Region). Include +// this permission in the primary key's key policy. // // * kms:CreateKey in an IAM policy in the replica Region. // @@ -5853,7 +5914,7 @@ func (c *KMS) ReplicateKeyRequest(input *ReplicateKeyInput) (req *request.Reques // exists. // // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, @@ -5863,9 +5924,9 @@ func (c *KMS) ReplicateKeyRequest(input *ReplicateKeyInput) (req *request.Reques // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // * InternalException // The request was rejected because an internal exception occurred. The request @@ -5874,7 +5935,7 @@ func (c *KMS) ReplicateKeyRequest(input *ReplicateKeyInput) (req *request.Reques // * LimitExceededException // The request was rejected because a quota was exceeded. For more information, // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // * MalformedPolicyDocumentException // The request was rejected because the specified policy is not syntactically @@ -5960,27 +6021,27 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, // // Deletes a grant. Typically, you retire a grant when you no longer need its // permissions. To identify the grant to retire, use a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token), -// or both the grant ID and a key identifier (key ID or key ARN) of the customer -// master key (CMK). The CreateGrant operation returns both values. +// or both the grant ID and a key identifier (key ID or key ARN) of the KMS +// key. The CreateGrant operation returns both values. // // This operation can be called by the retiring principal for a grant, by the // grantee principal if the grant allows the RetireGrant operation, and by the -// AWS account (root user) in which the grant is created. It can also be called -// by principals to whom permission for retiring a grant is delegated. For details, -// see Retiring and revoking grants (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete) -// in the AWS Key Management Service Developer Guide. +// Amazon Web Services account (root user) in which the grant is created. It +// can also be called by principals to whom permission for retiring a grant +// is delegated. For details, see Retiring and revoking grants (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete) +// in the Key Management Service Developer Guide. // // For detailed information about grants, including grant terminology, see Using // grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) -// in the AWS Key Management Service Developer Guide . For examples of working -// with grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). +// in the Key Management Service Developer Guide . For examples of working with +// grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). // -// Cross-account use: Yes. You can retire a grant on a CMK in a different AWS -// account. +// Cross-account use: Yes. You can retire a grant on a KMS key in a different +// Amazon Web Services account. // // Required permissions::Permission to retire a grant is determined primarily // by the grant. For details, see Retiring and revoking grants (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // Related operations: // @@ -6026,9 +6087,9 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant func (c *KMS) RetireGrant(input *RetireGrantInput) (*RetireGrantOutput, error) { @@ -6100,16 +6161,22 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, // Deletes the specified grant. You revoke a grant to terminate the permissions // that the grant allows. For more information, see Retiring and revoking grants // (https://docs.aws.amazon.com/kms/latest/developerguide/managing-grants.html#grant-delete) -// in the AWS Key Management Service Developer Guide . +// in the Key Management Service Developer Guide . // // When you create, retire, or revoke a grant, there might be a brief delay, -// usually less than five minutes, until the grant is available throughout AWS -// KMS. This state is known as eventual consistency. For details, see Eventual -// consistency (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency) -// in the AWS Key Management Service Developer Guide . +// usually less than five minutes, until the grant is available throughout KMS. +// This state is known as eventual consistency. For details, see Eventual consistency +// (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency) +// in the Key Management Service Developer Guide . // -// Cross-account use: Yes. To perform this operation on a CMK in a different -// AWS account, specify the key ARN in the value of the KeyId parameter. +// For detailed information about grants, including grant terminology, see Using +// grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the Key Management Service Developer Guide . For examples of working with +// grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). +// +// Cross-account use: Yes. To perform this operation on a KMS key in a different +// Amazon Web Services account, specify the key ARN in the value of the KeyId +// parameter. // // Required permissions: kms:RevokeGrant (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy). @@ -6155,9 +6222,9 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant func (c *KMS) RevokeGrant(input *RevokeGrantInput) (*RevokeGrantOutput, error) { @@ -6225,49 +6292,49 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // ScheduleKeyDeletion API operation for AWS Key Management Service. // -// Schedules the deletion of a customer master key (CMK). By default, AWS KMS -// applies a waiting period of 30 days, but you can specify a waiting period -// of 7-30 days. When this operation is successful, the key state of the CMK -// changes to PendingDeletion and the key can't be used in any cryptographic -// operations. It remains in this state for the duration of the waiting period. -// Before the waiting period ends, you can use CancelKeyDeletion to cancel the -// deletion of the CMK. After the waiting period ends, AWS KMS deletes the CMK, -// its key material, and all AWS KMS data associated with it, including all -// aliases that refer to it. +// Schedules the deletion of a KMS key. By default, KMS applies a waiting period +// of 30 days, but you can specify a waiting period of 7-30 days. When this +// operation is successful, the key state of the KMS key changes to PendingDeletion +// and the key can't be used in any cryptographic operations. It remains in +// this state for the duration of the waiting period. Before the waiting period +// ends, you can use CancelKeyDeletion to cancel the deletion of the KMS key. +// After the waiting period ends, KMS deletes the KMS key, its key material, +// and all KMS data associated with it, including all aliases that refer to +// it. // -// Deleting a CMK is a destructive and potentially dangerous operation. When -// a CMK is deleted, all data that was encrypted under the CMK is unrecoverable. -// (The only exception is a multi-Region replica key.) To prevent the use of -// a CMK without deleting it, use DisableKey. +// Deleting a KMS key is a destructive and potentially dangerous operation. +// When a KMS key is deleted, all data that was encrypted under the KMS key +// is unrecoverable. (The only exception is a multi-Region replica key.) To +// prevent the use of a KMS key without deleting it, use DisableKey. // -// If you schedule deletion of a CMK from a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), -// when the waiting period expires, ScheduleKeyDeletion deletes the CMK from -// AWS KMS. Then AWS KMS makes a best effort to delete the key material from -// the associated AWS CloudHSM cluster. However, you might need to manually -// delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) +// If you schedule deletion of a KMS key from a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), +// when the waiting period expires, ScheduleKeyDeletion deletes the KMS key +// from KMS. Then KMS makes a best effort to delete the key material from the +// associated CloudHSM cluster. However, you might need to manually delete the +// orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) // from the cluster and its backups. // // You can schedule the deletion of a multi-Region primary key and its replica -// keys at any time. However, AWS KMS will not delete a multi-Region primary -// key with existing replica keys. If you schedule the deletion of a primary -// key with replicas, its key state changes to PendingReplicaDeletion and it -// cannot be replicated or used in cryptographic operations. This status can -// continue indefinitely. When the last of its replicas keys is deleted (not -// just scheduled), the key state of the primary key changes to PendingDeletion -// and its waiting period (PendingWindowInDays) begins. For details, see Deleting -// multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html) -// in the AWS Key Management Service Developer Guide. +// keys at any time. However, KMS will not delete a multi-Region primary key +// with existing replica keys. If you schedule the deletion of a primary key +// with replicas, its key state changes to PendingReplicaDeletion and it cannot +// be replicated or used in cryptographic operations. This status can continue +// indefinitely. When the last of its replicas keys is deleted (not just scheduled), +// the key state of the primary key changes to PendingDeletion and its waiting +// period (PendingWindowInDays) begins. For details, see Deleting multi-Region +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html) +// in the Key Management Service Developer Guide. // -// For more information about scheduling a CMK for deletion, see Deleting Customer -// Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) -// in the AWS Key Management Service Developer Guide. +// For more information about scheduling a KMS key for deletion, see Deleting +// KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) +// in the Key Management Service Developer Guide. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:ScheduleKeyDeletion (key policy) // @@ -6305,9 +6372,9 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion func (c *KMS) ScheduleKeyDeletion(input *ScheduleKeyDeletionInput) (*ScheduleKeyDeletionOutput, error) { @@ -6377,23 +6444,24 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // // Creates a digital signature (https://en.wikipedia.org/wiki/Digital_signature) // for a message or message digest by using the private key in an asymmetric -// CMK. To verify the signature, use the Verify operation, or use the public -// key in the same asymmetric CMK outside of AWS KMS. For information about -// symmetric and asymmetric CMKs, see Using Symmetric and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) -// in the AWS Key Management Service Developer Guide. +// KMS key. To verify the signature, use the Verify operation, or use the public +// key in the same asymmetric KMS key outside of KMS. For information about +// symmetric and asymmetric KMS keys, see Using Symmetric and Asymmetric KMS +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the Key Management Service Developer Guide. // // Digital signatures are generated and verified by using asymmetric key pair, -// such as an RSA or ECC pair that is represented by an asymmetric customer -// master key (CMK). The key owner (or an authorized user) uses their private -// key to sign a message. Anyone with the public key can verify that the message -// was signed with that particular private key and that the message hasn't changed -// since it was signed. +// such as an RSA or ECC pair that is represented by an asymmetric KMS key. +// The key owner (or an authorized user) uses their private key to sign a message. +// Anyone with the public key can verify that the message was signed with that +// particular private key and that the message hasn't changed since it was signed. // // To use the Sign operation, provide the following information: // -// * Use the KeyId parameter to identify an asymmetric CMK with a KeyUsage -// value of SIGN_VERIFY. To get the KeyUsage value of a CMK, use the DescribeKey -// operation. The caller must have kms:Sign permission on the CMK. +// * Use the KeyId parameter to identify an asymmetric KMS key with a KeyUsage +// value of SIGN_VERIFY. To get the KeyUsage value of a KMS key, use the +// DescribeKey operation. The caller must have kms:Sign permission on the +// KMS key. // // * Use the Message parameter to specify the message or message digest to // sign. You can submit messages of up to 4096 bytes. To sign a larger message, @@ -6401,21 +6469,22 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // in the Message parameter. To indicate whether the message is a full message // or a digest, use the MessageType parameter. // -// * Choose a signing algorithm that is compatible with the CMK. +// * Choose a signing algorithm that is compatible with the KMS key. // -// When signing a message, be sure to record the CMK and the signing algorithm. +// When signing a message, be sure to record the KMS key and the signing algorithm. // This information is required to verify the signature. // // To verify the signature that this operation generates, use the Verify operation. // Or use the GetPublicKey operation to download the public key and then use -// the public key to verify the signature outside of AWS KMS. +// the public key to verify the signature outside of KMS. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: Yes. To perform this operation with a CMK in a different -// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. // // Required permissions: kms:Sign (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -6435,11 +6504,11 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // be found. // // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // // * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can @@ -6448,17 +6517,18 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // * InvalidKeyUsageException // The request was rejected for one of the following reasons: // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// * The KeyUsage value of the KMS key is incompatible with the API operation. // // * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// is incompatible with the type of key material in the KMS key (KeySpec). // // For encrypting, decrypting, re-encrypting, and generating data keys, the // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey +// operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // // * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. @@ -6471,9 +6541,9 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Sign func (c *KMS) Sign(input *SignInput) (*SignOutput, error) { @@ -6542,37 +6612,37 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // TagResource API operation for AWS Key Management Service. // -// Adds or edits tags on a customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). +// Adds or edits tags on a customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). // -// Tagging or untagging a CMK can allow or deny permission to the CMK. For details, -// see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) -// in the AWS Key Management Service Developer Guide. +// Tagging or untagging a KMS key can allow or deny permission to the KMS key. +// For details, see Using ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the Key Management Service Developer Guide. // // Each tag consists of a tag key and a tag value, both of which are case-sensitive // strings. The tag value can be an empty (null) string. To add a tag, specify // a new tag key and a tag value. To edit a tag, specify an existing tag key // and a new tag value. // -// You can use this operation to tag a customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk), -// but you cannot tag an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk), -// an AWS owned CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk), +// You can use this operation to tag a customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk), +// but you cannot tag an Amazon Web Services managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk), +// an Amazon Web Services owned key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk), // a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#keystore-concept), // or an alias (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#alias-concept). // -// You can also add tags to a CMK while creating it (CreateKey) or replicating +// You can also add tags to a KMS key while creating it (CreateKey) or replicating // it (ReplicateKey). // -// For information about using tags in AWS KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). +// For information about using tags in KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). // For general information about tags, including the format and syntax, see -// Tagging AWS resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) +// Tagging Amazon Web Services resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) // in the Amazon Web Services General Reference. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -6611,14 +6681,14 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // * LimitExceededException // The request was rejected because a quota was exceeded. For more information, // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // * TagException // The request was rejected because one or more tags are not valid. @@ -6690,29 +6760,29 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // UntagResource API operation for AWS Key Management Service. // -// Deletes tags from a customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). -// To delete a tag, specify the tag key and the CMK. +// Deletes tags from a customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). +// To delete a tag, specify the tag key and the KMS key. // -// Tagging or untagging a CMK can allow or deny permission to the CMK. For details, -// see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) -// in the AWS Key Management Service Developer Guide. +// Tagging or untagging a KMS key can allow or deny permission to the KMS key. +// For details, see Using ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the Key Management Service Developer Guide. // // When it succeeds, the UntagResource operation doesn't return any output. -// Also, if the specified tag key isn't found on the CMK, it doesn't throw an -// exception or return a response. To confirm that the operation worked, use -// the ListResourceTags operation. +// Also, if the specified tag key isn't found on the KMS key, it doesn't throw +// an exception or return a response. To confirm that the operation worked, +// use the ListResourceTags operation. // -// For information about using tags in AWS KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). +// For information about using tags in KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). // For general information about tags, including the format and syntax, see -// Tagging AWS resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) +// Tagging Amazon Web Services resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) // in the Amazon Web Services General Reference. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:UntagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -6751,9 +6821,9 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // * TagException // The request was rejected because one or more tags are not valid. @@ -6825,35 +6895,35 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // UpdateAlias API operation for AWS Key Management Service. // -// Associates an existing AWS KMS alias with a different customer master key -// (CMK). Each alias is associated with only one CMK at a time, although a CMK -// can have multiple aliases. The alias and the CMK must be in the same AWS +// Associates an existing KMS alias with a different KMS key. Each alias is +// associated with only one KMS key at a time, although a KMS key can have multiple +// aliases. The alias and the KMS key must be in the same Amazon Web Services // account and Region. // // Adding, deleting, or updating an alias can allow or deny permission to the -// CMK. For details, see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) -// in the AWS Key Management Service Developer Guide. +// KMS key. For details, see Using ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the Key Management Service Developer Guide. // -// The current and new CMK must be the same type (both symmetric or both asymmetric), -// and they must have the same key usage (ENCRYPT_DECRYPT or SIGN_VERIFY). This -// restriction prevents errors in code that uses aliases. If you must assign -// an alias to a different type of CMK, use DeleteAlias to delete the old alias -// and CreateAlias to create a new alias. +// The current and new KMS key must be the same type (both symmetric or both +// asymmetric), and they must have the same key usage (ENCRYPT_DECRYPT or SIGN_VERIFY). +// This restriction prevents errors in code that uses aliases. If you must assign +// an alias to a different type of KMS key, use DeleteAlias to delete the old +// alias and CreateAlias to create a new alias. // // You cannot use UpdateAlias to change an alias name. To change an alias name, // use DeleteAlias to delete the old alias and CreateAlias to create a new alias. // -// Because an alias is not a property of a CMK, you can create, update, and -// delete the aliases of a CMK without affecting the CMK. Also, aliases do not -// appear in the response from the DescribeKey operation. To get the aliases -// of all CMKs in the account, use the ListAliases operation. +// Because an alias is not a property of a KMS key, you can create, update, +// and delete the aliases of a KMS key without affecting the KMS key. Also, +// aliases do not appear in the response from the DescribeKey operation. To +// get the aliases of all KMS keys in the account, use the ListAliases operation. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions // @@ -6861,13 +6931,13 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // on the alias (IAM policy). // // * kms:UpdateAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) -// on the current CMK (key policy). +// on the current KMS key (key policy). // // * kms:UpdateAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) -// on the new CMK (key policy). +// on the new KMS key (key policy). // // For details, see Controlling access to aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // Related operations: // @@ -6900,15 +6970,15 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // * LimitExceededException // The request was rejected because a quota was exceeded. For more information, // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // // * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias func (c *KMS) UpdateAlias(input *UpdateAliasInput) (*UpdateAliasOutput, error) { @@ -6992,28 +7062,28 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // * Use the NewCustomKeyStoreName parameter to change the friendly name // of the custom key store to the value that you specify. // -// * Use the KeyStorePassword parameter tell AWS KMS the current password -// of the kmsuser crypto user (CU) (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) -// in the associated AWS CloudHSM cluster. You can use this parameter to -// fix connection failures (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-password) -// that occur when AWS KMS cannot log into the associated cluster because -// the kmsuser password has changed. This value does not change the password -// in the AWS CloudHSM cluster. +// * Use the KeyStorePassword parameter tell KMS the current password of +// the kmsuser crypto user (CU) (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) +// in the associated CloudHSM cluster. You can use this parameter to fix +// connection failures (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-password) +// that occur when KMS cannot log into the associated cluster because the +// kmsuser password has changed. This value does not change the password +// in the CloudHSM cluster. // // * Use the CloudHsmClusterId parameter to associate the custom key store -// with a different, but related, AWS CloudHSM cluster. You can use this -// parameter to repair a custom key store if its AWS CloudHSM cluster becomes -// corrupted or is deleted, or when you need to create or restore a cluster -// from a backup. +// with a different, but related, CloudHSM cluster. You can use this parameter +// to repair a custom key store if its CloudHSM cluster becomes corrupted +// or is deleted, or when you need to create or restore a cluster from a +// backup. // // If the operation succeeds, it returns a JSON object with no properties. // // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in AWS KMS, which combines the convenience and extensive integration -// of AWS KMS with the isolation and control of a single-tenant key store. +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a single-tenant key store. // // Cross-account use: No. You cannot perform this operation on a custom key -// store in a different AWS account. +// store in a different Amazon Web Services account. // // Required permissions: kms:UpdateCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (IAM policy) @@ -7039,7 +7109,7 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // // Returned Error Types: // * CustomKeyStoreNotFoundException -// The request was rejected because AWS KMS cannot find a custom key store with +// The request was rejected because KMS cannot find a custom key store with // the specified key store name or ID. // // * CustomKeyStoreNameInUseException @@ -7048,14 +7118,13 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // key store name that is unique in the account. // // * CloudHsmClusterNotFoundException -// The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster -// with the specified cluster ID. Retry the request with a different cluster -// ID. +// The request was rejected because KMS cannot find the CloudHSM cluster with +// the specified cluster ID. Retry the request with a different cluster ID. // // * CloudHsmClusterNotRelatedException -// The request was rejected because the specified AWS CloudHSM cluster has a -// different cluster certificate than the original cluster. You cannot use the -// operation to specify an unrelated cluster. +// The request was rejected because the specified CloudHSM cluster has a different +// cluster certificate than the original cluster. You cannot use the operation +// to specify an unrelated cluster. // // Specify a cluster that shares a backup history with the original cluster. // This includes clusters that were created from a backup of the current cluster, @@ -7090,15 +7159,15 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // can be retried. // // * CloudHsmClusterNotActiveException -// The request was rejected because the AWS CloudHSM cluster that is associated +// The request was rejected because the CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) -// in the AWS CloudHSM User Guide. +// in the CloudHSM User Guide. // // * CloudHsmClusterInvalidConfigurationException -// The request was rejected because the associated AWS CloudHSM cluster did -// not meet the configuration requirements for a custom key store. +// The request was rejected because the associated CloudHSM cluster did not +// meet the configuration requirements for a custom key store. // // * The cluster must be configured with private subnets in at least two // different Availability Zones in the Region. @@ -7113,20 +7182,19 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // operation. // // * The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey -// operations, the AWS CloudHSM cluster must have at least two active HSMs, -// each in a different Availability Zone. For the ConnectCustomKeyStore operation, -// the AWS CloudHSM must contain at least one active HSM. +// operations, the CloudHSM cluster must have at least two active HSMs, each +// in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the CloudHSM must contain at least one active HSM. // -// For information about the requirements for an AWS CloudHSM cluster that is -// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) -// in the AWS Key Management Service Developer Guide. For information about -// creating a private subnet for an AWS CloudHSM cluster, see Create a Private -// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) -// in the AWS CloudHSM User Guide. For information about cluster security groups, +// For information about the requirements for an CloudHSM cluster that is associated +// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the Key Management Service Developer Guide. For information about creating +// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// in the AWS CloudHSM User Guide . +// in the CloudHSM User Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore func (c *KMS) UpdateCustomKeyStore(input *UpdateCustomKeyStoreInput) (*UpdateCustomKeyStoreOutput, error) { @@ -7195,15 +7263,15 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // UpdateKeyDescription API operation for AWS Key Management Service. // -// Updates the description of a customer master key (CMK). To see the description -// of a CMK, use DescribeKey. +// Updates the description of a KMS key. To see the description of a KMS key, +// use DescribeKey. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: No. You cannot perform this operation on a CMK in a different -// AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // // Required permissions: kms:UpdateKeyDescription (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -7242,9 +7310,9 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription func (c *KMS) UpdateKeyDescription(input *UpdateKeyDescriptionInput) (*UpdateKeyDescriptionOutput, error) { @@ -7320,16 +7388,17 @@ func (c *KMS) UpdatePrimaryRegionRequest(input *UpdatePrimaryRegionInput) (req * // you have a primary key in us-east-1 and a replica key in eu-west-2. If you // run UpdatePrimaryRegion with a PrimaryRegion value of eu-west-2, the primary // key is now the key in eu-west-2, and the key in us-east-1 becomes a replica -// key. For details, see +// key. For details, see Updating the primary Region (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-update) +// in the Key Management Service Developer Guide. // -// This operation supports multi-Region keys, an AWS KMS feature that lets you -// create multiple interoperable CMKs in different AWS Regions. Because these -// CMKs have the same key ID, key material, and other metadata, you can use -// them to encrypt data in one AWS Region and decrypt it in a different AWS -// Region without making a cross-Region call or exposing the plaintext data. -// For more information about multi-Region keys, see Using multi-Region keys -// (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) -// in the AWS Key Management Service Developer Guide. +// This operation supports multi-Region keys, an KMS feature that lets you create +// multiple interoperable KMS keys in different Amazon Web Services Regions. +// Because these KMS keys have the same key ID, key material, and other metadata, +// you can use them interchangeably to encrypt data in one Amazon Web Services +// Region and decrypt it in a different Amazon Web Services Region without re-encrypting +// the data or making a cross-Region call. For more information about multi-Region +// keys, see Using multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) +// in the Key Management Service Developer Guide. // // The primary key of a multi-Region key is the source for properties that are // always shared by primary and replica keys, including the key material, key @@ -7340,13 +7409,13 @@ func (c *KMS) UpdatePrimaryRegionRequest(input *UpdatePrimaryRegionInput) (req * // and automatic key rotation (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html). // It's the only key that can be replicated. You cannot delete the primary key // (https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) -// until all replicas are deleted. +// until all replica keys are deleted. // // The key ID and primary Region that you specify uniquely identify the replica // key that will become the primary key. The primary Region must already have -// a replica key. This operation does not create a CMK in the specified Region. -// To find the replica keys, use the DescribeKey operation on the primary key -// or any replica key. To create a replica key, use the ReplicateKey operation. +// a replica key. This operation does not create a KMS key in the specified +// Region. To find the replica keys, use the DescribeKey operation on the primary +// key or any replica key. To create a replica key, use the ReplicateKey operation. // // You can run this operation while using the affected multi-Region keys in // cryptographic operations. This operation should not delay, interrupt, or @@ -7360,21 +7429,22 @@ func (c *KMS) UpdatePrimaryRegionRequest(input *UpdatePrimaryRegionInput) (req * // state is Updating, you can use the keys in cryptographic operations, but // you cannot replicate the new primary key or perform certain management operations, // such as enabling or disabling these keys. For details about the Updating -// key state, see Key state: Effect on your CMK (kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// key state, see Key state: Effect on your KMS key (kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // // This operation does not return any output. To verify that primary key is // changed, use the DescribeKey operation. // -// Cross-account use: No. You cannot use this operation in a different AWS account. +// Cross-account use: No. You cannot use this operation in a different Amazon +// Web Services account. // // Required permissions: // -// * kms:UpdatePrimaryRegion on the current primary CMK (in the primary CMK's -// Region). Include this permission primary CMK's key policy. +// * kms:UpdatePrimaryRegion on the current primary key (in the primary key's +// Region). Include this permission primary key's key policy. // -// * kms:UpdatePrimaryRegion on the current replica CMK (in the replica CMK's -// Region). Include this permission in the replica CMK's key policy. +// * kms:UpdatePrimaryRegion on the current replica key (in the replica key's +// Region). Include this permission in the replica key's key policy. // // Related operations // @@ -7391,7 +7461,7 @@ func (c *KMS) UpdatePrimaryRegionRequest(input *UpdatePrimaryRegionInput) (req * // // Returned Error Types: // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, @@ -7401,9 +7471,9 @@ func (c *KMS) UpdatePrimaryRegionRequest(input *UpdatePrimaryRegionInput) (req * // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // * InternalException // The request was rejected because an internal exception occurred. The request @@ -7486,36 +7556,37 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // Verifies a digital signature that was generated by the Sign operation. // // Verification confirms that an authorized user signed the message with the -// specified CMK and signing algorithm, and the message hasn't changed since +// specified KMS key and signing algorithm, and the message hasn't changed since // it was signed. If the signature is verified, the value of the SignatureValid // field in the response is True. If the signature verification fails, the Verify // operation fails with an KMSInvalidSignatureException exception. // // A digital signature is generated by using the private key in an asymmetric -// CMK. The signature is verified by using the public key in the same asymmetric -// CMK. For information about symmetric and asymmetric CMKs, see Using Symmetric -// and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) -// in the AWS Key Management Service Developer Guide. +// KMS key. The signature is verified by using the public key in the same asymmetric +// KMS key. For information about symmetric and asymmetric KMS keys, see Using +// Symmetric and Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the Key Management Service Developer Guide. // // To verify a digital signature, you can use the Verify operation. Specify -// the same asymmetric CMK, message, and signing algorithm that were used to -// produce the signature. +// the same asymmetric KMS key, message, and signing algorithm that were used +// to produce the signature. // // You can also verify the digital signature by using the public key of the -// CMK outside of AWS KMS. Use the GetPublicKey operation to download the public -// key in the asymmetric CMK and then use the public key to verify the signature -// outside of AWS KMS. The advantage of using the Verify operation is that it -// is performed within AWS KMS. As a result, it's easy to call, the operation -// is performed within the FIPS boundary, it is logged in AWS CloudTrail, and -// you can use key policy and IAM policy to determine who is authorized to use -// the CMK to verify signatures. +// KMS key outside of KMS. Use the GetPublicKey operation to download the public +// key in the asymmetric KMS key and then use the public key to verify the signature +// outside of KMS. The advantage of using the Verify operation is that it is +// performed within KMS. As a result, it's easy to call, the operation is performed +// within the FIPS boundary, it is logged in CloudTrail, and you can use key +// policy and IAM policy to determine who is authorized to use the KMS key to +// verify signatures. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Cross-account use: Yes. To perform this operation with a CMK in a different -// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. // // Required permissions: kms:Verify (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -7535,11 +7606,11 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // be found. // // * DisabledException -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. // // * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // // * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can @@ -7548,17 +7619,18 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // * InvalidKeyUsageException // The request was rejected for one of the following reasons: // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// * The KeyUsage value of the KMS key is incompatible with the API operation. // // * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// is incompatible with the type of key material in the KMS key (KeySpec). // // For encrypting, decrypting, re-encrypting, and generating data keys, the // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey +// operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // // * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. @@ -7571,14 +7643,14 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // // * KMSInvalidSignatureException // The request was rejected because the signature verification failed. Signature // verification fails when it cannot confirm that signature was produced by -// signing the specified message with the specified CMK and signing algorithm. +// signing the specified message with the specified KMS key and signing algorithm. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Verify func (c *KMS) Verify(input *VerifyInput) (*VerifyOutput, error) { @@ -7616,11 +7688,12 @@ type AliasListEntry struct { // Region. Formatted as Unix time. CreationDate *time.Time `type:"timestamp"` - // Date and time that the alias was most recently associated with a CMK in the - // account and Region. Formatted as Unix time. + // Date and time that the alias was most recently associated with a KMS key + // in the account and Region. Formatted as Unix time. LastUpdatedDate *time.Time `type:"timestamp"` - // String that contains the key identifier of the CMK associated with the alias. + // String that contains the key identifier of the KMS key associated with the + // alias. TargetKeyId *string `min:"1" type:"string"` } @@ -7724,9 +7797,9 @@ func (s *AlreadyExistsException) RequestID() string { type CancelKeyDeletionInput struct { _ struct{} `type:"structure"` - // Identifies the customer master key (CMK) whose deletion is being canceled. + // Identifies the KMS key whose deletion is being canceled. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -7734,7 +7807,7 @@ type CancelKeyDeletionInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -7776,7 +7849,7 @@ type CancelKeyDeletionOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK whose deletion is canceled. + // of the KMS key whose deletion is canceled. KeyId *string `min:"1" type:"string"` } @@ -7796,10 +7869,10 @@ func (s *CancelKeyDeletionOutput) SetKeyId(v string) *CancelKeyDeletionOutput { return s } -// The request was rejected because the specified AWS CloudHSM cluster is already +// The request was rejected because the specified CloudHSM cluster is already // associated with a custom key store or it shares a backup history with a cluster // that is associated with a custom key store. Each custom key store must be -// associated with a different AWS CloudHSM cluster. +// associated with a different CloudHSM cluster. // // Clusters that share a backup history have the same cluster certificate. To // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) @@ -7859,8 +7932,8 @@ func (s *CloudHsmClusterInUseException) RequestID() string { return s.RespMetadata.RequestID } -// The request was rejected because the associated AWS CloudHSM cluster did -// not meet the configuration requirements for a custom key store. +// The request was rejected because the associated CloudHSM cluster did not +// meet the configuration requirements for a custom key store. // // * The cluster must be configured with private subnets in at least two // different Availability Zones in the Region. @@ -7875,20 +7948,19 @@ func (s *CloudHsmClusterInUseException) RequestID() string { // operation. // // * The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey -// operations, the AWS CloudHSM cluster must have at least two active HSMs, -// each in a different Availability Zone. For the ConnectCustomKeyStore operation, -// the AWS CloudHSM must contain at least one active HSM. +// operations, the CloudHSM cluster must have at least two active HSMs, each +// in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the CloudHSM must contain at least one active HSM. // -// For information about the requirements for an AWS CloudHSM cluster that is -// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) -// in the AWS Key Management Service Developer Guide. For information about -// creating a private subnet for an AWS CloudHSM cluster, see Create a Private -// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) -// in the AWS CloudHSM User Guide. For information about cluster security groups, +// For information about the requirements for an CloudHSM cluster that is associated +// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the Key Management Service Developer Guide. For information about creating +// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// in the AWS CloudHSM User Guide . +// in the CloudHSM User Guide . type CloudHsmClusterInvalidConfigurationException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -7944,11 +8016,11 @@ func (s *CloudHsmClusterInvalidConfigurationException) RequestID() string { return s.RespMetadata.RequestID } -// The request was rejected because the AWS CloudHSM cluster that is associated +// The request was rejected because the CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) -// in the AWS CloudHSM User Guide. +// in the CloudHSM User Guide. type CloudHsmClusterNotActiveException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -8004,9 +8076,8 @@ func (s *CloudHsmClusterNotActiveException) RequestID() string { return s.RespMetadata.RequestID } -// The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster -// with the specified cluster ID. Retry the request with a different cluster -// ID. +// The request was rejected because KMS cannot find the CloudHSM cluster with +// the specified cluster ID. Retry the request with a different cluster ID. type CloudHsmClusterNotFoundException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -8062,9 +8133,9 @@ func (s *CloudHsmClusterNotFoundException) RequestID() string { return s.RespMetadata.RequestID } -// The request was rejected because the specified AWS CloudHSM cluster has a -// different cluster certificate than the original cluster. You cannot use the -// operation to specify an unrelated cluster. +// The request was rejected because the specified CloudHSM cluster has a different +// cluster certificate than the original cluster. You cannot use the operation +// to specify an unrelated cluster. // // Specify a cluster that shares a backup history with the original cluster. // This includes clusters that were created from a backup of the current cluster, @@ -8194,21 +8265,21 @@ type CreateAliasInput struct { // The AliasName value must be string of 1-256 characters. It can contain only // alphanumeric characters, forward slashes (/), underscores (_), and dashes // (-). The alias name cannot begin with alias/aws/. The alias/aws/ prefix is - // reserved for AWS managed CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). + // reserved for Amazon Web Services managed keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). // // AliasName is a required field AliasName *string `min:"1" type:"string" required:"true"` - // Associates the alias with the specified customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). - // The CMK must be in the same AWS Region. + // Associates the alias with the specified customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). + // The KMS key must be in the same Amazon Web Services Region. // - // A valid CMK ID is required. If you supply a null or empty string value, this + // A valid key ID is required. If you supply a null or empty string value, this // operation returns an error. // // For help finding the key ID and ARN, see Finding the Key ID and ARN (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide . // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -8216,7 +8287,7 @@ type CreateAliasInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // TargetKeyId is a required field TargetKeyId *string `min:"1" type:"string" required:"true"` @@ -8283,28 +8354,28 @@ func (s CreateAliasOutput) GoString() string { type CreateCustomKeyStoreInput struct { _ struct{} `type:"structure"` - // Identifies the AWS CloudHSM cluster for the custom key store. Enter the cluster - // ID of any active AWS CloudHSM cluster that is not already associated with - // a custom key store. To find the cluster ID, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // Identifies the CloudHSM cluster for the custom key store. Enter the cluster + // ID of any active CloudHSM cluster that is not already associated with a custom + // key store. To find the cluster ID, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. // // CloudHsmClusterId is a required field CloudHsmClusterId *string `min:"19" type:"string" required:"true"` // Specifies a friendly name for the custom key store. The name must be unique - // in your AWS account. + // in your Amazon Web Services account. // // CustomKeyStoreName is a required field CustomKeyStoreName *string `min:"1" type:"string" required:"true"` // Enter the password of the kmsuser crypto user (CU) account (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) - // in the specified AWS CloudHSM cluster. AWS KMS logs into the cluster as this - // user to manage key material on your behalf. + // in the specified CloudHSM cluster. KMS logs into the cluster as this user + // to manage key material on your behalf. // // The password must be a string of 7 to 32 characters. Its value is case sensitive. // - // This parameter tells AWS KMS the kmsuser account password; it does not change - // the password in the AWS CloudHSM cluster. + // This parameter tells KMS the kmsuser account password; it does not change + // the password in the CloudHSM cluster. // // KeyStorePassword is a required field KeyStorePassword *string `min:"7" type:"string" required:"true" sensitive:"true"` @@ -8413,51 +8484,52 @@ type CreateGrantInput struct { // Specifies a grant constraint. // - // AWS KMS supports the EncryptionContextEquals and EncryptionContextSubset - // grant constraints. Each constraint value can include up to 8 encryption context + // KMS supports the EncryptionContextEquals and EncryptionContextSubset grant + // constraints. Each constraint value can include up to 8 encryption context // pairs. The encryption context value in each constraint cannot exceed 384 // characters. // - // These grant constraints allow a cryptographic operation (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) - // only when the encryption context in the request matches (EncryptionContextEquals) - // or includes (EncryptionContextSubset) the encryption context specified in - // this structure. For more information about encryption context, see Encryption - // Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide . For information about - // grant constraints, see Using grant constraints (https://docs.aws.amazon.com/kms/latest/developerguide/create-grant-overview.html#grant-constraints) - // in the AWS Key Management Service Developer Guide. + // These grant constraints allow the permissions in the grant only when the + // encryption context in the request matches (EncryptionContextEquals) or includes + // (EncryptionContextSubset) the encryption context specified in this structure. + // For information about grant constraints, see Using grant constraints (https://docs.aws.amazon.com/kms/latest/developerguide/create-grant-overview.html#grant-constraints) + // in the Key Management Service Developer Guide. For more information about + // encryption context, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Key Management Service Developer Guide . // // The encryption context grant constraints are supported only on operations // that include an encryption context. You cannot use an encryption context - // grant constraint for cryptographic operations with asymmetric CMKs or for - // management operations, such as DescribeKey or RetireGrant. + // grant constraint for cryptographic operations with asymmetric KMS keys or + // for management operations, such as DescribeKey or RetireGrant. Constraints *GrantConstraints `type:"structure"` // A list of grant tokens. // // Use a grant token when your permission to call this operation comes from // a new grant that has not yet achieved eventual consistency. For more information, - // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` // The identity that gets the permissions specified in the grant. // // To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM - // users, IAM roles, federated users, and assumed role users. For examples of - // the ARN syntax to use for specifying a principal, see AWS Identity and Access - // Management (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) - // in the Example ARNs section of the AWS General Reference. + // of an Amazon Web Services principal. Valid Amazon Web Services principals + // include Amazon Web Services accounts (root), IAM users, IAM roles, federated + // users, and assumed role users. For examples of the ARN syntax to use for + // specifying a principal, see Amazon Web Services Identity and Access Management + // (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) + // in the Example ARNs section of the Amazon Web Services General Reference. // // GranteePrincipal is a required field GranteePrincipal *string `min:"1" type:"string" required:"true"` - // Identifies the customer master key (CMK) for the grant. The grant gives principals - // permission to use this CMK. + // Identifies the KMS key for the grant. The grant gives principals permission + // to use this KMS key. // - // Specify the key ID or key ARN of the CMK. To specify a CMK in a different - // AWS account, you must use the key ARN. + // Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different + // Amazon Web Services account, you must use the key ARN. // // For example: // @@ -8465,7 +8537,7 @@ type CreateGrantInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -8486,25 +8558,31 @@ type CreateGrantInput struct { // A list of operations that the grant permits. // - // The operation must be supported on the CMK. For example, you cannot create - // a grant for a symmetric CMK that allows the Sign operation, or a grant for - // an asymmetric CMK that allows the GenerateDataKey operation. If you try, - // AWS KMS returns a ValidationError exception. For details, see Grant operations + // The operation must be supported on the KMS key. For example, you cannot create + // a grant for a symmetric KMS key that allows the Sign operation, or a grant + // for an asymmetric KMS key that allows the GenerateDataKey operation. If you + // try, KMS returns a ValidationError exception. For details, see Grant operations // (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. // // Operations is a required field Operations []*string `type:"list" required:"true"` - // The principal that is given permission to retire the grant by using RetireGrant - // operation. + // The principal that has permission to use the RetireGrant operation to retire + // the grant. // // To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM - // users, federated users, and assumed role users. For examples of the ARN syntax - // to use for specifying a principal, see AWS Identity and Access Management - // (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) - // in the Example ARNs section of the AWS General Reference. + // of an Amazon Web Services principal. Valid Amazon Web Services principals + // include Amazon Web Services accounts (root), IAM users, federated users, + // and assumed role users. For examples of the ARN syntax to use for specifying + // a principal, see Amazon Web Services Identity and Access Management (IAM) + // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) + // in the Example ARNs section of the Amazon Web Services General Reference. + // + // The grant determines the retiring principal. Other principals might have + // permission to retire the grant or revoke the grant. For details, see RevokeGrant + // and Retiring and revoking grants (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete) + // in the Key Management Service Developer Guide. RetiringPrincipal *string `min:"1" type:"string"` } @@ -8603,8 +8681,9 @@ type CreateGrantOutput struct { // // Use a grant token when your permission to call this operation comes from // a new grant that has not yet achieved eventual consistency. For more information, - // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantToken *string `min:"1" type:"string"` } @@ -8635,61 +8714,79 @@ type CreateKeyInput struct { // A flag to indicate whether to bypass the key policy lockout safety check. // - // Setting this value to true increases the risk that the CMK becomes unmanageable. + // Setting this value to true increases the risk that the KMS key becomes unmanageable. // Do not set this value to true indiscriminately. // // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section in the AWS Key Management Service Developer Guide . + // section in the Key Management Service Developer Guide . // // Use this parameter only when you include a policy in the request and you // intend to prevent the principal that is making the request from making a - // subsequent PutKeyPolicy request on the CMK. + // subsequent PutKeyPolicy request on the KMS key. // // The default value is false. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` - // Creates the CMK in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // and the key material in its associated AWS CloudHSM cluster. To create a - // CMK in a custom key store, you must also specify the Origin parameter with - // a value of AWS_CLOUDHSM. The AWS CloudHSM cluster that is associated with - // the custom key store must have at least two active HSMs, each in a different + // Creates the KMS key in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) + // and the key material in its associated CloudHSM cluster. To create a KMS + // key in a custom key store, you must also specify the Origin parameter with + // a value of AWS_CLOUDHSM. The CloudHSM cluster that is associated with the + // custom key store must have at least two active HSMs, each in a different // Availability Zone in the Region. // - // This parameter is valid only for symmetric CMKs and regional CMKs. You cannot - // create an asymmetric CMK or a multi-Region CMK in a custom key store. + // This parameter is valid only for symmetric KMS keys and regional KMS keys. + // You cannot create an asymmetric KMS key or a multi-Region key in a custom + // key store. // // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. // - // The response includes the custom key store ID and the ID of the AWS CloudHSM + // The response includes the custom key store ID and the ID of the CloudHSM // cluster. // // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // feature in AWS KMS, which combines the convenience and extensive integration - // of AWS KMS with the isolation and control of a single-tenant key store. + // feature in KMS, which combines the convenience and extensive integration + // of KMS with the isolation and control of a single-tenant key store. CustomKeyStoreId *string `min:"1" type:"string"` - // Specifies the type of CMK to create. The default value, SYMMETRIC_DEFAULT, - // creates a CMK with a 256-bit symmetric key for encryption and decryption. - // For help choosing a key spec for your CMK, see How to Choose Your CMK Configuration - // (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html) - // in the AWS Key Management Service Developer Guide. + // Instead, use the KeySpec parameter. // - // The CustomerMasterKeySpec determines whether the CMK contains a symmetric - // key or an asymmetric key pair. It also determines the encryption algorithms - // or signing algorithms that the CMK supports. You can't change the CustomerMasterKeySpec - // after the CMK is created. To further restrict the algorithms that can be - // used with the CMK, use a condition key in its key policy or IAM policy. For + // The KeySpec and CustomerMasterKeySpec parameters work the same way. Only + // the names differ. We recommend that you use KeySpec parameter in your code. + // However, to avoid breaking changes, KMS will support both parameters. + // + // Deprecated: This parameter has been deprecated. Instead, use the KeySpec parameter. + CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` + + // A description of the KMS key. + // + // Use a description that helps you decide whether the KMS key is appropriate + // for a task. The default value is an empty string (no description). + // + // To set or change the description after the key is created, use UpdateKeyDescription. + Description *string `type:"string"` + + // Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, + // creates a KMS key with a 256-bit symmetric key for encryption and decryption. + // For help choosing a key spec for your KMS key, see How to Choose Your KMS + // key Configuration (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html) + // in the Key Management Service Developer Guide . + // + // The KeySpec determines whether the KMS key contains a symmetric key or an + // asymmetric key pair. It also determines the encryption algorithms or signing + // algorithms that the KMS key supports. You can't change the KeySpec after + // the KMS key is created. To further restrict the algorithms that can be used + // with the KMS key, use a condition key in its key policy or IAM policy. For // more information, see kms:EncryptionAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm) // or kms:Signing Algorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide . // - // AWS services that are integrated with AWS KMS (http://aws.amazon.com/kms/features/#AWS_Service_Integration) - // use symmetric CMKs to protect your data. These services do not support asymmetric - // CMKs. For help determining whether a CMK is symmetric or asymmetric, see - // Identifying Symmetric and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html) - // in the AWS Key Management Service Developer Guide. + // Amazon Web Services services that are integrated with KMS (http://aws.amazon.com/kms/features/#AWS_Service_Integration) + // use symmetric KMS keys to protect your data. These services do not support + // asymmetric KMS keys. For help determining whether a KMS key is symmetric + // or asymmetric, see Identifying Symmetric and Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html) + // in the Key Management Service Developer Guide. // - // AWS KMS supports the following key specs for CMKs: + // KMS supports the following key specs for KMS keys: // // * Symmetric key (default) SYMMETRIC_DEFAULT (AES-256-GCM) // @@ -8700,118 +8797,115 @@ type CreateKeyInput struct { // // * Other asymmetric elliptic curve key pairs ECC_SECG_P256K1 (secp256k1), // commonly used for cryptocurrencies. - CustomerMasterKeySpec *string `type:"string" enum:"CustomerMasterKeySpec"` - - // A description of the CMK. - // - // Use a description that helps you decide whether the CMK is appropriate for - // a task. The default value is an empty string (no description). - Description *string `type:"string"` + KeySpec *string `type:"string" enum:"KeySpec"` // Determines the cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) - // for which you can use the CMK. The default value is ENCRYPT_DECRYPT. This - // parameter is required only for asymmetric CMKs. You can't change the KeyUsage - // value after the CMK is created. + // for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. + // This parameter is required only for asymmetric KMS keys. You can't change + // the KeyUsage value after the KMS key is created. // // Select only one valid value. // - // * For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT. + // * For symmetric KMS keys, omit the parameter or specify ENCRYPT_DECRYPT. // - // * For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or - // SIGN_VERIFY. + // * For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT + // or SIGN_VERIFY. // - // * For asymmetric CMKs with ECC key material, specify SIGN_VERIFY. + // * For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY. KeyUsage *string `type:"string" enum:"KeyUsageType"` - // Creates a multi-Region primary key that you can replicate into other AWS - // Regions. You cannot change this value after you create the CMK. + // Creates a multi-Region primary key that you can replicate into other Amazon + // Web Services Regions. You cannot change this value after you create the KMS + // key. // - // For a multi-Region key, set this parameter to True. For a single-Region CMK, - // omit this parameter or set it to False. The default value is False. + // For a multi-Region key, set this parameter to True. For a single-Region KMS + // key, omit this parameter or set it to False. The default value is False. // - // This operation supports multi-Region keys, an AWS KMS feature that lets you - // create multiple interoperable CMKs in different AWS Regions. Because these - // CMKs have the same key ID, key material, and other metadata, you can use - // them to encrypt data in one AWS Region and decrypt it in a different AWS - // Region without making a cross-Region call or exposing the plaintext data. - // For more information about multi-Region keys, see Using multi-Region keys - // (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) - // in the AWS Key Management Service Developer Guide. + // This operation supports multi-Region keys, an KMS feature that lets you create + // multiple interoperable KMS keys in different Amazon Web Services Regions. + // Because these KMS keys have the same key ID, key material, and other metadata, + // you can use them interchangeably to encrypt data in one Amazon Web Services + // Region and decrypt it in a different Amazon Web Services Region without re-encrypting + // the data or making a cross-Region call. For more information about multi-Region + // keys, see Using multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) + // in the Key Management Service Developer Guide. // // This value creates a primary key, not a replica. To create a replica key, // use the ReplicateKey operation. // - // You can create a symmetric or asymmetric multi-Region CMK, and you can create - // a multi-Region CMK with imported key material. However, you cannot create - // a multi-Region CMK in a custom key store. + // You can create a symmetric or asymmetric multi-Region key, and you can create + // a multi-Region key with imported key material. However, you cannot create + // a multi-Region key in a custom key store. MultiRegion *bool `type:"boolean"` - // The source of the key material for the CMK. You cannot change the origin - // after you create the CMK. The default is AWS_KMS, which means that AWS KMS + // The source of the key material for the KMS key. You cannot change the origin + // after you create the KMS key. The default is AWS_KMS, which means that KMS // creates the key material. // - // To create a CMK with no key material (for imported key material), set the - // value to EXTERNAL. For more information about importing key material into - // AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) - // in the AWS Key Management Service Developer Guide. This value is valid only - // for symmetric CMKs. + // To create a KMS key with no key material (for imported key material), set + // the value to EXTERNAL. For more information about importing key material + // into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) + // in the Key Management Service Developer Guide. This value is valid only for + // symmetric KMS keys. // - // To create a CMK in an AWS KMS custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // and create its key material in the associated AWS CloudHSM cluster, set this + // To create a KMS key in an KMS custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) + // and create its key material in the associated CloudHSM cluster, set this // value to AWS_CLOUDHSM. You must also use the CustomKeyStoreId parameter to - // identify the custom key store. This value is valid only for symmetric CMKs. + // identify the custom key store. This value is valid only for symmetric KMS + // keys. Origin *string `type:"string" enum:"OriginType"` - // The key policy to attach to the CMK. + // The key policy to attach to the KMS key. // // If you provide a key policy, it must meet the following criteria: // // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy // must allow the principal that is making the CreateKey request to make - // a subsequent PutKeyPolicy request on the CMK. This reduces the risk that - // the CMK becomes unmanageable. For more information, refer to the scenario - // in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section of the AWS Key Management Service Developer Guide . + // a subsequent PutKeyPolicy request on the KMS key. This reduces the risk + // that the KMS key becomes unmanageable. For more information, refer to + // the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) + // section of the Key Management Service Developer Guide . // // * Each statement in the key policy must contain one or more principals. - // The principals in the key policy must exist and be visible to AWS KMS. - // When you create a new AWS principal (for example, an IAM user or role), - // you might need to enforce a delay before including the new principal in - // a key policy because the new principal might not be immediately visible - // to AWS KMS. For more information, see Changes that I make are not always - // immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) - // in the AWS Identity and Access Management User Guide. + // The principals in the key policy must exist and be visible to KMS. When + // you create a new Amazon Web Services principal (for example, an IAM user + // or role), you might need to enforce a delay before including the new principal + // in a key policy because the new principal might not be immediately visible + // to KMS. For more information, see Changes that I make are not always immediately + // visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) + // in the Amazon Web Services Identity and Access Management User Guide. // - // If you do not provide a key policy, AWS KMS attaches a default key policy - // to the CMK. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) - // in the AWS Key Management Service Developer Guide. + // If you do not provide a key policy, KMS attaches a default key policy to + // the KMS key. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) + // in the Key Management Service Developer Guide. // // The key policy size quota is 32 kilobytes (32768 bytes). // // For help writing and formatting a JSON policy document, see the IAM JSON // Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) - // in the IAM User Guide . + // in the Identity and Access Management User Guide . Policy *string `min:"1" type:"string"` - // Assigns one or more tags to the CMK. Use this parameter to tag the CMK when - // it is created. To tag an existing CMK, use the TagResource operation. + // Assigns one or more tags to the KMS key. Use this parameter to tag the KMS + // key when it is created. To tag an existing KMS key, use the TagResource operation. // - // Tagging or untagging a CMK can allow or deny permission to the CMK. For details, - // see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) - // in the AWS Key Management Service Developer Guide. + // Tagging or untagging a KMS key can allow or deny permission to the KMS key. + // For details, see Using ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // in the Key Management Service Developer Guide. // // To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // permission in an IAM policy. // // Each tag consists of a tag key and a tag value. Both the tag key and the // tag value are required, but the tag value can be an empty (null) string. - // You cannot have more than one tag on a CMK with the same tag key. If you - // specify an existing tag key with a different tag value, AWS KMS replaces + // You cannot have more than one tag on a KMS key with the same tag key. If + // you specify an existing tag key with a different tag value, KMS replaces // the current tag value with the specified one. // - // When you assign tags to an AWS resource, AWS generates a cost allocation - // report with usage and costs aggregated by tags. Tags can also be used to - // control access to a CMK. For details, see Tagging Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). + // When you add tags to an Amazon Web Services resource, Amazon Web Services + // generates a cost allocation report with usage and costs aggregated by tags. + // Tags can also be used to control access to a KMS key. For details, see Tagging + // Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). Tags []*Tag `type:"list"` } @@ -8875,6 +8969,12 @@ func (s *CreateKeyInput) SetDescription(v string) *CreateKeyInput { return s } +// SetKeySpec sets the KeySpec field's value. +func (s *CreateKeyInput) SetKeySpec(v string) *CreateKeyInput { + s.KeySpec = &v + return s +} + // SetKeyUsage sets the KeyUsage field's value. func (s *CreateKeyInput) SetKeyUsage(v string) *CreateKeyInput { s.KeyUsage = &v @@ -8908,7 +9008,7 @@ func (s *CreateKeyInput) SetTags(v []*Tag) *CreateKeyInput { type CreateKeyOutput struct { _ struct{} `type:"structure"` - // Metadata associated with the CMK. + // Metadata associated with the KMS key. KeyMetadata *KeyMetadata `type:"structure"` } @@ -8928,10 +9028,10 @@ func (s *CreateKeyOutput) SetKeyMetadata(v *KeyMetadata) *CreateKeyOutput { return s } -// The request was rejected because the custom key store contains AWS KMS customer -// master keys (CMKs). After verifying that you do not need to use the CMKs, -// use the ScheduleKeyDeletion operation to delete the CMKs. After they are -// deleted, you can delete the custom key store. +// The request was rejected because the custom key store contains KMS keys. +// After verifying that you do not need to use the KMS keys, use the ScheduleKeyDeletion +// operation to delete the KMS keys. After they are deleted, you can delete +// the custom key store. type CustomKeyStoreHasCMKsException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -9117,7 +9217,7 @@ func (s *CustomKeyStoreNameInUseException) RequestID() string { return s.RespMetadata.RequestID } -// The request was rejected because AWS KMS cannot find a custom key store with +// The request was rejected because KMS cannot find a custom key store with // the specified key store name or ID. type CustomKeyStoreNotFoundException struct { _ struct{} `type:"structure"` @@ -9179,84 +9279,83 @@ func (s *CustomKeyStoreNotFoundException) RequestID() string { type CustomKeyStoresListEntry struct { _ struct{} `type:"structure"` - // A unique identifier for the AWS CloudHSM cluster that is associated with - // the custom key store. + // A unique identifier for the CloudHSM cluster that is associated with the + // custom key store. CloudHsmClusterId *string `min:"19" type:"string"` // Describes the connection error. This field appears in the response only when // the ConnectionState is FAILED. For help resolving these errors, see How to // Fix a Connection Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) - // in AWS Key Management Service Developer Guide. + // in Key Management Service Developer Guide. // // Valid values are: // - // * CLUSTER_NOT_FOUND - AWS KMS cannot find the AWS CloudHSM cluster with - // the specified cluster ID. + // * CLUSTER_NOT_FOUND - KMS cannot find the CloudHSM cluster with the specified + // cluster ID. // - // * INSUFFICIENT_CLOUDHSM_HSMS - The associated AWS CloudHSM cluster does - // not contain any active HSMs. To connect a custom key store to its AWS - // CloudHSM cluster, the cluster must contain at least one active HSM. + // * INSUFFICIENT_CLOUDHSM_HSMS - The associated CloudHSM cluster does not + // contain any active HSMs. To connect a custom key store to its CloudHSM + // cluster, the cluster must contain at least one active HSM. // - // * INTERNAL_ERROR - AWS KMS could not complete the request due to an internal + // * INTERNAL_ERROR - KMS could not complete the request due to an internal // error. Retry the request. For ConnectCustomKeyStore requests, disconnect // the custom key store before trying to connect again. // - // * INVALID_CREDENTIALS - AWS KMS does not have the correct password for - // the kmsuser crypto user in the AWS CloudHSM cluster. Before you can connect - // your custom key store to its AWS CloudHSM cluster, you must change the - // kmsuser account password and update the key store password value for the - // custom key store. + // * INVALID_CREDENTIALS - KMS does not have the correct password for the + // kmsuser crypto user in the CloudHSM cluster. Before you can connect your + // custom key store to its CloudHSM cluster, you must change the kmsuser + // account password and update the key store password value for the custom + // key store. // - // * NETWORK_ERRORS - Network errors are preventing AWS KMS from connecting - // to the custom key store. + // * NETWORK_ERRORS - Network errors are preventing KMS from connecting to + // the custom key store. // - // * SUBNET_NOT_FOUND - A subnet in the AWS CloudHSM cluster configuration - // was deleted. If AWS KMS cannot find all of the subnets in the cluster - // configuration, attempts to connect the custom key store to the AWS CloudHSM - // cluster fail. To fix this error, create a cluster from a recent backup - // and associate it with your custom key store. (This process creates a new - // cluster configuration with a VPC and private subnets.) For details, see - // How to Fix a Connection Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) - // in the AWS Key Management Service Developer Guide. + // * SUBNET_NOT_FOUND - A subnet in the CloudHSM cluster configuration was + // deleted. If KMS cannot find all of the subnets in the cluster configuration, + // attempts to connect the custom key store to the CloudHSM cluster fail. + // To fix this error, create a cluster from a recent backup and associate + // it with your custom key store. (This process creates a new cluster configuration + // with a VPC and private subnets.) For details, see How to Fix a Connection + // Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) + // in the Key Management Service Developer Guide. // // * USER_LOCKED_OUT - The kmsuser CU account is locked out of the associated - // AWS CloudHSM cluster due to too many failed password attempts. Before - // you can connect your custom key store to its AWS CloudHSM cluster, you - // must change the kmsuser account password and update the key store password - // value for the custom key store. + // CloudHSM cluster due to too many failed password attempts. Before you + // can connect your custom key store to its CloudHSM cluster, you must change + // the kmsuser account password and update the key store password value for + // the custom key store. // // * USER_LOGGED_IN - The kmsuser CU account is logged into the the associated - // AWS CloudHSM cluster. This prevents AWS KMS from rotating the kmsuser - // account password and logging into the cluster. Before you can connect - // your custom key store to its AWS CloudHSM cluster, you must log the kmsuser - // CU out of the cluster. If you changed the kmsuser password to log into - // the cluster, you must also and update the key store password value for - // the custom key store. For help, see How to Log Out and Reconnect (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2) - // in the AWS Key Management Service Developer Guide. + // CloudHSM cluster. This prevents KMS from rotating the kmsuser account + // password and logging into the cluster. Before you can connect your custom + // key store to its CloudHSM cluster, you must log the kmsuser CU out of + // the cluster. If you changed the kmsuser password to log into the cluster, + // you must also and update the key store password value for the custom key + // store. For help, see How to Log Out and Reconnect (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2) + // in the Key Management Service Developer Guide. // - // * USER_NOT_FOUND - AWS KMS cannot find a kmsuser CU account in the associated - // AWS CloudHSM cluster. Before you can connect your custom key store to - // its AWS CloudHSM cluster, you must create a kmsuser CU account in the - // cluster, and then update the key store password value for the custom key - // store. + // * USER_NOT_FOUND - KMS cannot find a kmsuser CU account in the associated + // CloudHSM cluster. Before you can connect your custom key store to its + // CloudHSM cluster, you must create a kmsuser CU account in the cluster, + // and then update the key store password value for the custom key store. ConnectionErrorCode *string `type:"string" enum:"ConnectionErrorCodeType"` - // Indicates whether the custom key store is connected to its AWS CloudHSM cluster. + // Indicates whether the custom key store is connected to its CloudHSM cluster. // - // You can create and use CMKs in your custom key stores only when its connection + // You can create and use KMS keys in your custom key stores only when its connection // state is CONNECTED. // // The value is DISCONNECTED if the key store has never been connected or you // use the DisconnectCustomKeyStore operation to disconnect it. If the value // is CONNECTED but you are having trouble using the custom key store, make - // sure that its associated AWS CloudHSM cluster is active and contains at least + // sure that its associated CloudHSM cluster is active and contains at least // one active HSM. // // A value of FAILED indicates that an attempt to connect was unsuccessful. // The ConnectionErrorCode field in the response indicates the cause of the // failure. For help resolving a connection failure, see Troubleshooting a Custom // Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. ConnectionState *string `type:"string" enum:"ConnectionStateType"` // The date and time when the custom key store was created. @@ -9268,8 +9367,8 @@ type CustomKeyStoresListEntry struct { // The user-specified friendly name for the custom key store. CustomKeyStoreName *string `min:"1" type:"string"` - // The trust anchor certificate of the associated AWS CloudHSM cluster. When - // you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), + // The trust anchor certificate of the associated CloudHSM cluster. When you + // initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create this certificate and save it in the customerCA.crt file. TrustAnchorCertificate *string `min:"1" type:"string"` } @@ -9341,47 +9440,47 @@ type DecryptInput struct { // a different algorithm, the Decrypt operation fails. // // This parameter is required only when the ciphertext was encrypted under an - // asymmetric CMK. The default value, SYMMETRIC_DEFAULT, represents the only - // supported algorithm that is valid for symmetric CMKs. + // asymmetric KMS key. The default value, SYMMETRIC_DEFAULT, represents the + // only supported algorithm that is valid for symmetric KMS keys. EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // Specifies the encryption context to use when decrypting the data. An encryption // context is valid only for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) - // with a symmetric CMK. The standard asymmetric encryption algorithms that - // AWS KMS uses do not support an encryption context. + // with a symmetric KMS key. The standard asymmetric encryption algorithms that + // KMS uses do not support an encryption context. // // An encryption context is a collection of non-secret key-value pairs that // represents additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // when encrypting with a symmetric KMS key, but it is highly recommended. // // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // // Use a grant token when your permission to call this operation comes from - // a newly created grant that has not yet achieved eventual consistency. Use - // a grant token when your permission to call this operation comes from a new - // grant that has not yet achieved eventual consistency. For more information, - // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Specifies the customer master key (CMK) that AWS KMS uses to decrypt the - // ciphertext. Enter a key ID of the CMK that was used to encrypt the ciphertext. + // Specifies the KMS key that KMS uses to decrypt the ciphertext. Enter a key + // ID of the KMS key that was used to encrypt the ciphertext. // // This parameter is required only when the ciphertext was encrypted under an - // asymmetric CMK. If you used a symmetric CMK, AWS KMS can get the CMK from - // metadata that it adds to the symmetric ciphertext blob. However, it is always - // recommended as a best practice. This practice ensures that you use the CMK - // that you intend. + // asymmetric KMS key. If you used a symmetric KMS key, KMS can get the KMS + // key from metadata that it adds to the symmetric ciphertext blob. However, + // it is always recommended as a best practice. This practice ensures that you + // use the KMS key that you intend. // - // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When - // using an alias name, prefix it with "alias/". To specify a CMK in a different - // AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -9393,8 +9492,8 @@ type DecryptInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. KeyId *string `min:"1" type:"string"` } @@ -9464,11 +9563,11 @@ type DecryptOutput struct { EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK that was used to decrypt the ciphertext. + // of the KMS key that was used to decrypt the ciphertext. KeyId *string `min:"1" type:"string"` - // Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not Base64-encoded. + // Decrypted plaintext data. When you use the HTTP API or the Amazon Web Services + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` @@ -9617,10 +9716,10 @@ func (s DeleteCustomKeyStoreOutput) GoString() string { type DeleteImportedKeyMaterialInput struct { _ struct{} `type:"structure"` - // Identifies the CMK from which you are deleting imported key material. The - // Origin of the CMK must be EXTERNAL. + // Identifies the KMS key from which you are deleting imported key material. + // The Origin of the KMS key must be EXTERNAL. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -9628,7 +9727,7 @@ type DeleteImportedKeyMaterialInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -9759,7 +9858,7 @@ type DescribeCustomKeyStoresInput struct { CustomKeyStoreName *string `min:"1" type:"string"` // Use this parameter to specify the maximum number of items to return. When - // this value is present, AWS KMS does not return more than the specified number + // this value is present, KMS does not return more than the specified number // of items, but it might return fewer. Limit *int64 `min:"1" type:"integer"` @@ -9877,19 +9976,22 @@ type DescribeKeyInput struct { // // Use a grant token when your permission to call this operation comes from // a new grant that has not yet achieved eventual consistency. For more information, - // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Describes the specified customer master key (CMK). + // Describes the specified KMS key. // - // If you specify a predefined AWS alias (an AWS alias with no key ID), KMS - // associates the alias with an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) + // If you specify a predefined Amazon Web Services alias (an Amazon Web Services + // alias with no key ID), KMS associates the alias with an Amazon Web Services + // managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html##aws-managed-cmk) // and returns its KeyId and Arn in the response. // - // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When - // using an alias name, prefix it with "alias/". To specify a CMK in a different - // AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -9901,8 +10003,8 @@ type DescribeKeyInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -9972,9 +10074,9 @@ func (s *DescribeKeyOutput) SetKeyMetadata(v *KeyMetadata) *DescribeKeyOutput { type DisableKeyInput struct { _ struct{} `type:"structure"` - // Identifies the customer master key (CMK) to disable. + // Identifies the KMS key to disable. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -9982,7 +10084,7 @@ type DisableKeyInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -10037,12 +10139,12 @@ func (s DisableKeyOutput) GoString() string { type DisableKeyRotationInput struct { _ struct{} `type:"structure"` - // Identifies a symmetric customer master key (CMK). You cannot enable or disable - // automatic rotation of asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html#asymmetric-cmks), - // CMKs with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), - // or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). + // Identifies a symmetric KMS key. You cannot enable or disable automatic rotation + // of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html#asymmetric-cmks), + // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), + // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -10050,7 +10152,7 @@ type DisableKeyRotationInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -10102,7 +10204,7 @@ func (s DisableKeyRotationOutput) GoString() string { return s.String() } -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. type DisabledException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -10217,9 +10319,9 @@ func (s DisconnectCustomKeyStoreOutput) GoString() string { type EnableKeyInput struct { _ struct{} `type:"structure"` - // Identifies the customer master key (CMK) to enable. + // Identifies the KMS key to enable. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -10227,7 +10329,7 @@ type EnableKeyInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -10282,15 +10384,15 @@ func (s EnableKeyOutput) GoString() string { type EnableKeyRotationInput struct { _ struct{} `type:"structure"` - // Identifies a symmetric customer master key (CMK). You cannot enable automatic - // rotation of asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks), - // CMKs with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), - // or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). + // Identifies a symmetric KMS key. You cannot enable automatic rotation of asymmetric + // KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks), + // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), + // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // To enable or disable automatic rotation of a set of related multi-Region // keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-replica-key), // set the property on the primary key. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -10298,7 +10400,7 @@ type EnableKeyRotationInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -10353,42 +10455,44 @@ func (s EnableKeyRotationOutput) GoString() string { type EncryptInput struct { _ struct{} `type:"structure"` - // Specifies the encryption algorithm that AWS KMS will use to encrypt the plaintext - // message. The algorithm must be compatible with the CMK that you specify. + // Specifies the encryption algorithm that KMS will use to encrypt the plaintext + // message. The algorithm must be compatible with the KMS key that you specify. // - // This parameter is required only for asymmetric CMKs. The default value, SYMMETRIC_DEFAULT, - // is the algorithm used for symmetric CMKs. If you are using an asymmetric - // CMK, we recommend RSAES_OAEP_SHA_256. + // This parameter is required only for asymmetric KMS keys. The default value, + // SYMMETRIC_DEFAULT, is the algorithm used for symmetric KMS keys. If you are + // using an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256. EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // Specifies the encryption context that will be used to encrypt the data. An // encryption context is valid only for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) - // with a symmetric CMK. The standard asymmetric encryption algorithms that - // AWS KMS uses do not support an encryption context. + // with a symmetric KMS key. The standard asymmetric encryption algorithms that + // KMS uses do not support an encryption context. // // An encryption context is a collection of non-secret key-value pairs that // represents additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // when encrypting with a symmetric KMS key, but it is highly recommended. // // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // // Use a grant token when your permission to call this operation comes from // a new grant that has not yet achieved eventual consistency. For more information, - // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Identifies the customer master key (CMK) to use in the encryption operation. + // Identifies the KMS key to use in the encryption operation. // - // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When - // using an alias name, prefix it with "alias/". To specify a CMK in a different - // AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -10400,8 +10504,8 @@ type EncryptInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -10479,8 +10583,8 @@ func (s *EncryptInput) SetPlaintext(v []byte) *EncryptInput { type EncryptOutput struct { _ struct{} `type:"structure"` - // The encrypted plaintext. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not Base64-encoded. + // The encrypted plaintext. When you use the HTTP API or the Amazon Web Services + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` @@ -10489,7 +10593,7 @@ type EncryptOutput struct { EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK that was used to encrypt the plaintext. + // of the KMS key that was used to encrypt the plaintext. KeyId *string `min:"1" type:"string"` } @@ -10589,25 +10693,27 @@ type GenerateDataKeyInput struct { // represents additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // when encrypting with a symmetric KMS key, but it is highly recommended. // // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // // Use a grant token when your permission to call this operation comes from // a new grant that has not yet achieved eventual consistency. For more information, - // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Identifies the symmetric CMK that encrypts the data key. + // Identifies the symmetric KMS key that encrypts the data key. // - // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When - // using an alias name, prefix it with "alias/". To specify a CMK in a different - // AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -10619,8 +10725,8 @@ type GenerateDataKeyInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -10703,20 +10809,20 @@ func (s *GenerateDataKeyInput) SetNumberOfBytes(v int64) *GenerateDataKeyInput { type GenerateDataKeyOutput struct { _ struct{} `type:"structure"` - // The encrypted copy of the data key. When you use the HTTP API or the AWS - // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. + // The encrypted copy of the data key. When you use the HTTP API or the Amazon + // Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK that encrypted the data key. + // of the KMS key that encrypted the data key. KeyId *string `min:"1" type:"string"` - // The plaintext data key. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not Base64-encoded. Use this data key - // to encrypt your data outside of KMS. Then, remove it from memory as soon - // as possible. + // The plaintext data key. When you use the HTTP API or the Amazon Web Services + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. Use + // this data key to encrypt your data outside of KMS. Then, remove it from memory + // as soon as possible. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` @@ -10760,27 +10866,30 @@ type GenerateDataKeyPairInput struct { // represents additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // when encrypting with a symmetric KMS key, but it is highly recommended. // // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // // Use a grant token when your permission to call this operation comes from // a new grant that has not yet achieved eventual consistency. For more information, - // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Specifies the symmetric CMK that encrypts the private key in the data key - // pair. You cannot specify an asymmetric CMK or a CMK in a custom key store. - // To get the type and origin of your CMK, use the DescribeKey operation. + // Specifies the symmetric KMS key that encrypts the private key in the data + // key pair. You cannot specify an asymmetric KMS key or a KMS key in a custom + // key store. To get the type and origin of your KMS key, use the DescribeKey + // operation. // - // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When - // using an alias name, prefix it with "alias/". To specify a CMK in a different - // AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -10792,18 +10901,18 @@ type GenerateDataKeyPairInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Determines the type of data key pair that is generated. // - // The AWS KMS rule that restricts the use of asymmetric RSA CMKs to encrypt + // The KMS rule that restricts the use of asymmetric RSA KMS keys to encrypt // and decrypt or to sign and verify (but not both), and the rule that permits - // you to use ECC CMKs only to sign and verify, are not effective outside of - // AWS KMS. + // you to use ECC KMS keys only to sign and verify, are not effective on data + // key pairs, which are used outside of KMS. // // KeyPairSpec is a required field KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"` @@ -10866,20 +10975,20 @@ type GenerateDataKeyPairOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK that encrypted the private key. + // of the KMS key that encrypted the private key. KeyId *string `min:"1" type:"string"` // The type of data key pair that was generated. KeyPairSpec *string `type:"string" enum:"DataKeyPairSpec"` - // The encrypted copy of the private key. When you use the HTTP API or the AWS - // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. + // The encrypted copy of the private key. When you use the HTTP API or the Amazon + // Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // // PrivateKeyCiphertextBlob is automatically base64 encoded/decoded by the SDK. PrivateKeyCiphertextBlob []byte `min:"1" type:"blob"` - // The plaintext copy of the private key. When you use the HTTP API or the AWS - // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. + // The plaintext copy of the private key. When you use the HTTP API or the Amazon + // Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // // PrivateKeyPlaintext is automatically base64 encoded/decoded by the SDK. PrivateKeyPlaintext []byte `min:"1" type:"blob" sensitive:"true"` @@ -10940,28 +11049,30 @@ type GenerateDataKeyPairWithoutPlaintextInput struct { // represents additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // when encrypting with a symmetric KMS key, but it is highly recommended. // // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // // Use a grant token when your permission to call this operation comes from // a new grant that has not yet achieved eventual consistency. For more information, - // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Specifies the CMK that encrypts the private key in the data key pair. You - // must specify a symmetric CMK. You cannot use an asymmetric CMK or a CMK in - // a custom key store. To get the type and origin of your CMK, use the DescribeKey - // operation. + // Specifies the KMS key that encrypts the private key in the data key pair. + // You must specify a symmetric KMS key. You cannot use an asymmetric KMS key + // or a KMS key in a custom key store. To get the type and origin of your KMS + // key, use the DescribeKey operation. // - // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When - // using an alias name, prefix it with "alias/". To specify a CMK in a different - // AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -10973,18 +11084,18 @@ type GenerateDataKeyPairWithoutPlaintextInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Determines the type of data key pair that is generated. // - // The AWS KMS rule that restricts the use of asymmetric RSA CMKs to encrypt + // The KMS rule that restricts the use of asymmetric RSA KMS keys to encrypt // and decrypt or to sign and verify (but not both), and the rule that permits - // you to use ECC CMKs only to sign and verify, are not effective outside of - // AWS KMS. + // you to use ECC KMS keys only to sign and verify, are not effective on data + // key pairs, which are used outside of KMS. // // KeyPairSpec is a required field KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"` @@ -11047,14 +11158,14 @@ type GenerateDataKeyPairWithoutPlaintextOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK that encrypted the private key. + // of the KMS key that encrypted the private key. KeyId *string `min:"1" type:"string"` // The type of data key pair that was generated. KeyPairSpec *string `type:"string" enum:"DataKeyPairSpec"` - // The encrypted copy of the private key. When you use the HTTP API or the AWS - // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. + // The encrypted copy of the private key. When you use the HTTP API or the Amazon + // Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // // PrivateKeyCiphertextBlob is automatically base64 encoded/decoded by the SDK. PrivateKeyCiphertextBlob []byte `min:"1" type:"blob"` @@ -11109,26 +11220,27 @@ type GenerateDataKeyWithoutPlaintextInput struct { // represents additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // when encrypting with a symmetric KMS key, but it is highly recommended. // // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // // Use a grant token when your permission to call this operation comes from // a new grant that has not yet achieved eventual consistency. For more information, - // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // The identifier of the symmetric customer master key (CMK) that encrypts the - // data key. + // The identifier of the symmetric KMS key that encrypts the data key. // - // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When - // using an alias name, prefix it with "alias/". To specify a CMK in a different - // AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -11140,8 +11252,8 @@ type GenerateDataKeyWithoutPlaintextInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -11219,14 +11331,14 @@ func (s *GenerateDataKeyWithoutPlaintextInput) SetNumberOfBytes(v int64) *Genera type GenerateDataKeyWithoutPlaintextOutput struct { _ struct{} `type:"structure"` - // The encrypted data key. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not Base64-encoded. + // The encrypted data key. When you use the HTTP API or the Amazon Web Services + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK that encrypted the data key. + // of the KMS key that encrypted the data key. KeyId *string `min:"1" type:"string"` } @@ -11255,7 +11367,7 @@ func (s *GenerateDataKeyWithoutPlaintextOutput) SetKeyId(v string) *GenerateData type GenerateRandomInput struct { _ struct{} `type:"structure"` - // Generates the random byte string in the AWS CloudHSM cluster that is associated + // Generates the random byte string in the CloudHSM cluster that is associated // with the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. CustomKeyStoreId *string `min:"1" type:"string"` @@ -11305,8 +11417,8 @@ func (s *GenerateRandomInput) SetNumberOfBytes(v int64) *GenerateRandomInput { type GenerateRandomOutput struct { _ struct{} `type:"structure"` - // The random byte string. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not Base64-encoded. + // The random byte string. When you use the HTTP API or the Amazon Web Services + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` @@ -11331,9 +11443,9 @@ func (s *GenerateRandomOutput) SetPlaintext(v []byte) *GenerateRandomOutput { type GetKeyPolicyInput struct { _ struct{} `type:"structure"` - // Gets the key policy for the specified customer master key (CMK). + // Gets the key policy for the specified KMS key. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -11341,7 +11453,7 @@ type GetKeyPolicyInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -11423,10 +11535,10 @@ func (s *GetKeyPolicyOutput) SetPolicy(v string) *GetKeyPolicyOutput { type GetKeyRotationStatusInput struct { _ struct{} `type:"structure"` - // Gets the rotation status for the specified customer master key (CMK). + // Gets the rotation status for the specified KMS key. // - // Specify the key ID or key ARN of the CMK. To specify a CMK in a different - // AWS account, you must use the key ARN. + // Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different + // Amazon Web Services account, you must use the key ARN. // // For example: // @@ -11434,7 +11546,7 @@ type GetKeyRotationStatusInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -11498,10 +11610,10 @@ func (s *GetKeyRotationStatusOutput) SetKeyRotationEnabled(v bool) *GetKeyRotati type GetParametersForImportInput struct { _ struct{} `type:"structure"` - // The identifier of the symmetric CMK into which you will import key material. - // The Origin of the CMK must be EXTERNAL. + // The identifier of the symmetric KMS key into which you will import key material. + // The Origin of the KMS key must be EXTERNAL. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -11509,7 +11621,7 @@ type GetParametersForImportInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -11517,7 +11629,7 @@ type GetParametersForImportInput struct { // The algorithm you will use to encrypt the key material before importing it // with ImportKeyMaterial. For more information, see Encrypt the Key Material // (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. // // WrappingAlgorithm is a required field WrappingAlgorithm *string `type:"string" required:"true" enum:"AlgorithmSpec"` @@ -11588,8 +11700,8 @@ type GetParametersForImportOutput struct { ImportToken []byte `min:"1" type:"blob"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK to use in a subsequent ImportKeyMaterial request. This is the - // same CMK specified in the GetParametersForImport request. + // of the KMS key to use in a subsequent ImportKeyMaterial request. This is + // the same KMS key specified in the GetParametersForImport request. KeyId *string `min:"1" type:"string"` // The time at which the import token and public key are no longer valid. After @@ -11645,15 +11757,17 @@ type GetPublicKeyInput struct { // // Use a grant token when your permission to call this operation comes from // a new grant that has not yet achieved eventual consistency. For more information, - // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Identifies the asymmetric CMK that includes the public key. + // Identifies the asymmetric KMS key that includes the public key. // - // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When - // using an alias name, prefix it with "alias/". To specify a CMK in a different - // AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -11665,8 +11779,8 @@ type GetPublicKeyInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -11713,41 +11827,49 @@ func (s *GetPublicKeyInput) SetKeyId(v string) *GetPublicKeyInput { type GetPublicKeyOutput struct { _ struct{} `type:"structure"` - // The type of the of the public key that was downloaded. - CustomerMasterKeySpec *string `type:"string" enum:"CustomerMasterKeySpec"` - - // The encryption algorithms that AWS KMS supports for this key. + // Instead, use the KeySpec field in the GetPublicKey response. // - // This information is critical. If a public key encrypts data outside of AWS - // KMS by using an unsupported encryption algorithm, the ciphertext cannot be - // decrypted. + // The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend + // that you use the KeySpec field in your code. However, to avoid breaking changes, + // KMS will support both fields. + // + // Deprecated: This field has been deprecated. Instead, use the KeySpec field. + CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` + + // The encryption algorithms that KMS supports for this key. + // + // This information is critical. If a public key encrypts data outside of KMS + // by using an unsupported encryption algorithm, the ciphertext cannot be decrypted. // // This field appears in the response only when the KeyUsage of the public key // is ENCRYPT_DECRYPT. EncryptionAlgorithms []*string `type:"list"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the asymmetric CMK from which the public key was downloaded. + // of the asymmetric KMS key from which the public key was downloaded. KeyId *string `min:"1" type:"string"` + // The type of the of the public key that was downloaded. + KeySpec *string `type:"string" enum:"KeySpec"` + // The permitted use of the public key. Valid values are ENCRYPT_DECRYPT or // SIGN_VERIFY. // // This information is critical. If a public key with SIGN_VERIFY key usage - // encrypts data outside of AWS KMS, the ciphertext cannot be decrypted. + // encrypts data outside of KMS, the ciphertext cannot be decrypted. KeyUsage *string `type:"string" enum:"KeyUsageType"` // The exported public key. // // The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo // (SPKI), as defined in RFC 5280 (https://tools.ietf.org/html/rfc5280). When - // you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, - // it is not Base64-encoded. + // you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. + // Otherwise, it is not Base64-encoded. // // PublicKey is automatically base64 encoded/decoded by the SDK. PublicKey []byte `min:"1" type:"blob"` - // The signing algorithms that AWS KMS supports for this key. + // The signing algorithms that KMS supports for this key. // // This field appears in the response only when the KeyUsage of the public key // is SIGN_VERIFY. @@ -11782,6 +11904,12 @@ func (s *GetPublicKeyOutput) SetKeyId(v string) *GetPublicKeyOutput { return s } +// SetKeySpec sets the KeySpec field's value. +func (s *GetPublicKeyOutput) SetKeySpec(v string) *GetPublicKeyOutput { + s.KeySpec = &v + return s +} + // SetKeyUsage sets the KeyUsage field's value. func (s *GetPublicKeyOutput) SetKeyUsage(v string) *GetPublicKeyOutput { s.KeyUsage = &v @@ -11804,11 +11932,11 @@ func (s *GetPublicKeyOutput) SetSigningAlgorithms(v []*string) *GetPublicKeyOutp // in the grant only when the operation request includes the specified encryption // context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). // -// AWS KMS applies the grant constraints only to cryptographic operations that -// support an encryption context, that is, all cryptographic operations with -// a symmetric CMK (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks). +// KMS applies the grant constraints only to cryptographic operations that support +// an encryption context, that is, all cryptographic operations with a symmetric +// KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks). // Grant constraints are not applied to operations that do not support an encryption -// context, such as cryptographic operations with asymmetric CMKs and management +// context, such as cryptographic operations with asymmetric KMS keys and management // operations, such as DescribeKey or RetireGrant. // // In a cryptographic operation, the encryption context in the decryption operation @@ -11822,7 +11950,7 @@ func (s *GetPublicKeyOutput) SetSigningAlgorithms(v []*string) *GetPublicKeyOutp // only by case. To require a fully case-sensitive encryption context, use the // kms:EncryptionContext: and kms:EncryptionContextKeys conditions in an IAM // or key policy. For details, see kms:EncryptionContext: (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context) -// in the AWS Key Management Service Developer Guide . +// in the Key Management Service Developer Guide . type GrantConstraints struct { _ struct{} `type:"structure"` @@ -11880,16 +12008,15 @@ type GrantListEntry struct { // // The GranteePrincipal field in the ListGrants response usually contains the // user or role designated as the grantee principal in the grant. However, when - // the grantee principal in the grant is an AWS service, the GranteePrincipal - // field contains the service principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services), + // the grantee principal in the grant is an Amazon Web Services service, the + // GranteePrincipal field contains the service principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services), // which might represent several different grantee principals. GranteePrincipal *string `min:"1" type:"string"` - // The AWS account under which the grant was issued. + // The Amazon Web Services account under which the grant was issued. IssuingAccount *string `min:"1" type:"string"` - // The unique identifier for the customer master key (CMK) to which the grant - // applies. + // The unique identifier for the KMS key to which the grant applies. KeyId *string `min:"1" type:"string"` // The friendly name that identifies the grant. If a name was provided in the @@ -11994,11 +12121,11 @@ type ImportKeyMaterialInput struct { // ImportToken is a required field ImportToken []byte `min:"1" type:"blob" required:"true"` - // The identifier of the symmetric CMK that receives the imported key material. - // The CMK's Origin must be EXTERNAL. This must be the same CMK specified in - // the KeyID parameter of the corresponding GetParametersForImport request. + // The identifier of the symmetric KMS key that receives the imported key material. + // The KMS key's Origin must be EXTERNAL. This must be the same KMS key specified + // in the KeyID parameter of the corresponding GetParametersForImport request. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -12006,13 +12133,13 @@ type ImportKeyMaterialInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // The time at which the imported key material expires. When the key material - // expires, AWS KMS deletes the key material and the CMK becomes unusable. You + // expires, KMS deletes the key material and the KMS key becomes unusable. You // must omit this parameter when the ExpirationModel parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE. // Otherwise it is required. ValidTo *time.Time `type:"timestamp"` @@ -12100,9 +12227,9 @@ func (s ImportKeyMaterialOutput) GoString() string { return s.String() } -// The request was rejected because the specified CMK cannot decrypt the data. -// The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request -// must identify the same CMK that was used to encrypt the ciphertext. +// The request was rejected because the specified KMS key cannot decrypt the +// data. The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request +// must identify the same KMS key that was used to encrypt the ciphertext. type IncorrectKeyException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -12160,7 +12287,7 @@ func (s *IncorrectKeyException) RequestID() string { // The request was rejected because the key material in the request is, expired, // invalid, or is not the same key material that was previously imported into -// this customer master key (CMK). +// this KMS key. type IncorrectKeyMaterialException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -12217,7 +12344,7 @@ func (s *IncorrectKeyMaterialException) RequestID() string { } // The request was rejected because the trust anchor certificate in the request -// is not the trust anchor certificate for the specified AWS CloudHSM cluster. +// is not the trust anchor certificate for the specified CloudHSM cluster. // // When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create the trust anchor certificate and save it in the customerCA.crt @@ -12452,8 +12579,8 @@ func (s *InvalidArnException) RequestID() string { // the ciphertext, such as the encryption context, is corrupted, missing, or // otherwise invalid. // -// From the ImportKeyMaterial operation, the request was rejected because AWS -// KMS could not decrypt the encrypted (wrapped) key material. +// From the ImportKeyMaterial operation, the request was rejected because KMS +// could not decrypt the encrypted (wrapped) key material. type InvalidCiphertextException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -12622,7 +12749,7 @@ func (s *InvalidGrantTokenException) RequestID() string { } // The request was rejected because the provided import token is invalid or -// is associated with a different customer master key (CMK). +// is associated with a different KMS key. type InvalidImportTokenException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -12680,17 +12807,18 @@ func (s *InvalidImportTokenException) RequestID() string { // The request was rejected for one of the following reasons: // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// * The KeyUsage value of the KMS key is incompatible with the API operation. // // * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// is incompatible with the type of key material in the KMS key (KeySpec). // // For encrypting, decrypting, re-encrypting, and generating data keys, the // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey +// operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. type InvalidKeyUsageException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -12806,9 +12934,9 @@ func (s *InvalidMarkerException) RequestID() string { // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// For more information about how key state affects the use of a KMS key, see +// Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . type InvalidStateException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -12866,7 +12994,7 @@ func (s *InvalidStateException) RequestID() string { // The request was rejected because the signature verification failed. Signature // verification fails when it cannot confirm that signature was produced by -// signing the specified message with the specified CMK and signing algorithm. +// signing the specified message with the specified KMS key and signing algorithm. type KMSInvalidSignatureException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -12955,125 +13083,134 @@ func (s *KeyListEntry) SetKeyId(v string) *KeyListEntry { return s } -// Contains metadata about a customer master key (CMK). +// Contains metadata about a KMS key. // // This data type is used as a response element for the CreateKey and DescribeKey // operations. type KeyMetadata struct { _ struct{} `type:"structure"` - // The twelve-digit account ID of the AWS account that owns the CMK. + // The twelve-digit account ID of the Amazon Web Services account that owns + // the KMS key. AWSAccountId *string `type:"string"` - // The Amazon Resource Name (ARN) of the CMK. For examples, see AWS Key Management - // Service (AWS KMS) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms) - // in the Example ARNs section of the AWS General Reference. + // The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management + // Service (KMS) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms) + // in the Example ARNs section of the Amazon Web Services General Reference. Arn *string `min:"20" type:"string"` - // The cluster ID of the AWS CloudHSM cluster that contains the key material - // for the CMK. When you create a CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), - // AWS KMS creates the key material for the CMK in the associated AWS CloudHSM - // cluster. This value is present only when the CMK is created in a custom key - // store. + // The cluster ID of the CloudHSM cluster that contains the key material for + // the KMS key. When you create a KMS key in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), + // KMS creates the key material for the KMS key in the associated CloudHSM cluster. + // This value is present only when the KMS key is created in a custom key store. CloudHsmClusterId *string `min:"19" type:"string"` - // The date and time when the CMK was created. + // The date and time when the KMS key was created. CreationDate *time.Time `type:"timestamp"` // A unique identifier for the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // that contains the CMK. This value is present only when the CMK is created - // in a custom key store. + // that contains the KMS key. This value is present only when the KMS key is + // created in a custom key store. CustomKeyStoreId *string `min:"1" type:"string"` - // Describes the type of key material in the CMK. - CustomerMasterKeySpec *string `type:"string" enum:"CustomerMasterKeySpec"` + // Instead, use the KeySpec field. + // + // The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend + // that you use the KeySpec field in your code. However, to avoid breaking changes, + // KMS will support both fields. + // + // Deprecated: This field has been deprecated. Instead, use the KeySpec field. + CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` - // The date and time after which AWS KMS deletes this CMK. This value is present - // only when the CMK is scheduled for deletion, that is, when its KeyState is - // PendingDeletion. + // The date and time after which KMS deletes this KMS key. This value is present + // only when the KMS key is scheduled for deletion, that is, when its KeyState + // is PendingDeletion. // // When the primary key in a multi-Region key is scheduled for deletion but // still has replica keys, its key state is PendingReplicaDeletion and the length // of its waiting period is displayed in the PendingDeletionWindowInDays field. DeletionDate *time.Time `type:"timestamp"` - // The description of the CMK. + // The description of the KMS key. Description *string `type:"string"` - // Specifies whether the CMK is enabled. When KeyState is Enabled this value + // Specifies whether the KMS key is enabled. When KeyState is Enabled this value // is true, otherwise it is false. Enabled *bool `type:"boolean"` - // The encryption algorithms that the CMK supports. You cannot use the CMK with - // other encryption algorithms within AWS KMS. + // The encryption algorithms that the KMS key supports. You cannot use the KMS + // key with other encryption algorithms within KMS. // - // This value is present only when the KeyUsage of the CMK is ENCRYPT_DECRYPT. + // This value is present only when the KeyUsage of the KMS key is ENCRYPT_DECRYPT. EncryptionAlgorithms []*string `type:"list"` - // Specifies whether the CMK's key material expires. This value is present only - // when Origin is EXTERNAL, otherwise this value is omitted. + // Specifies whether the KMS key's key material expires. This value is present + // only when Origin is EXTERNAL, otherwise this value is omitted. ExpirationModel *string `type:"string" enum:"ExpirationModelType"` - // The globally unique identifier for the CMK. + // The globally unique identifier for the KMS key. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The manager of the CMK. CMKs in your AWS account are either customer managed - // or AWS managed. For more information about the difference, see Customer Master - // Keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) - // in the AWS Key Management Service Developer Guide. + // The manager of the KMS key. KMS keys in your Amazon Web Services account + // are either customer managed or Amazon Web Services managed. For more information + // about the difference, see KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) + // in the Key Management Service Developer Guide. KeyManager *string `type:"string" enum:"KeyManagerType"` - // The current status of the CMK. + // Describes the type of key material in the KMS key. + KeySpec *string `type:"string" enum:"KeySpec"` + + // The current status of the KMS key. // - // For more information about how key state affects the use of a CMK, see Key - // state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) - // in the AWS Key Management Service Developer Guide. + // For more information about how key state affects the use of a KMS key, see + // Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) + // in the Key Management Service Developer Guide. KeyState *string `type:"string" enum:"KeyState"` // The cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) - // for which you can use the CMK. + // for which you can use the KMS key. KeyUsage *string `type:"string" enum:"KeyUsageType"` - // Indicates whether the CMK is a multi-Region (True) or regional (False) key. - // This value is True for multi-Region primary and replica CMKs and False for - // regional CMKs. + // Indicates whether the KMS key is a multi-Region (True) or regional (False) + // key. This value is True for multi-Region primary and replica keys and False + // for regional KMS keys. // // For more information about multi-Region keys, see Using multi-Region keys // (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. MultiRegion *bool `type:"boolean"` - // Lists the primary and replica CMKs in same multi-Region CMK. This field is + // Lists the primary and replica keys in same multi-Region key. This field is // present only when the value of the MultiRegion field is True. // - // For more information about any listed CMK, use the DescribeKey operation. + // For more information about any listed KMS key, use the DescribeKey operation. // - // * MultiRegionKeyType indicates whether the CMK is a PRIMARY or REPLICA + // * MultiRegionKeyType indicates whether the KMS key is a PRIMARY or REPLICA // key. // // * PrimaryKey displays the key ARN and Region of the primary key. This - // field displays the current CMK if it is the primary key. + // field displays the current KMS key if it is the primary key. // // * ReplicaKeys displays the key ARNs and Regions of all replica keys. This - // field includes the current CMK if it is a replica key. + // field includes the current KMS key if it is a replica key. MultiRegionConfiguration *MultiRegionConfiguration `type:"structure"` - // The source of the CMK's key material. When this value is AWS_KMS, AWS KMS - // created the key material. When this value is EXTERNAL, the key material was - // imported from your existing key management infrastructure or the CMK lacks - // key material. When this value is AWS_CLOUDHSM, the key material was created - // in the AWS CloudHSM cluster associated with a custom key store. + // The source of the key material for the KMS key. When this value is AWS_KMS, + // KMS created the key material. When this value is EXTERNAL, the key material + // was imported or the KMS key doesn't have any key material. When this value + // is AWS_CLOUDHSM, the key material was created in the CloudHSM cluster associated + // with a custom key store. Origin *string `type:"string" enum:"OriginType"` // The waiting period before the primary key in a multi-Region key is deleted. // This waiting period begins when the last of its replica keys is deleted. - // This value is present only when the KeyState of the CMK is PendingReplicaDeletion. - // That indicates that the CMK is the primary key in a multi-Region key, it - // is scheduled for deletion, and it still has existing replica keys. + // This value is present only when the KeyState of the KMS key is PendingReplicaDeletion. + // That indicates that the KMS key is the primary key in a multi-Region key, + // it is scheduled for deletion, and it still has existing replica keys. // - // When a regional CMK or a replica key in a multi-Region key is scheduled for + // When a single-Region KMS key or a multi-Region replica key is scheduled for // deletion, its deletion date is displayed in the DeletionDate field. However, // when the primary key in a multi-Region key is scheduled for deletion, its // waiting period doesn't begin until all of its replica keys are deleted. This @@ -13082,15 +13219,15 @@ type KeyMetadata struct { // to PendingDeletion and the deletion date appears in the DeletionDate field. PendingDeletionWindowInDays *int64 `min:"1" type:"integer"` - // The signing algorithms that the CMK supports. You cannot use the CMK with - // other signing algorithms within AWS KMS. + // The signing algorithms that the KMS key supports. You cannot use the KMS + // key with other signing algorithms within KMS. // - // This field appears only when the KeyUsage of the CMK is SIGN_VERIFY. + // This field appears only when the KeyUsage of the KMS key is SIGN_VERIFY. SigningAlgorithms []*string `type:"list"` // The time at which the imported key material expires. When the key material - // expires, AWS KMS deletes the key material and the CMK becomes unusable. This - // value is present only for CMKs whose Origin is EXTERNAL and whose ExpirationModel + // expires, KMS deletes the key material and the KMS key becomes unusable. This + // value is present only for KMS keys whose Origin is EXTERNAL and whose ExpirationModel // is KEY_MATERIAL_EXPIRES, otherwise this value is omitted. ValidTo *time.Time `type:"timestamp"` } @@ -13183,6 +13320,12 @@ func (s *KeyMetadata) SetKeyManager(v string) *KeyMetadata { return s } +// SetKeySpec sets the KeySpec field's value. +func (s *KeyMetadata) SetKeySpec(v string) *KeyMetadata { + s.KeySpec = &v + return s +} + // SetKeyState sets the KeyState field's value. func (s *KeyMetadata) SetKeyState(v string) *KeyMetadata { s.KeyState = &v @@ -13231,8 +13374,8 @@ func (s *KeyMetadata) SetValidTo(v time.Time) *KeyMetadata { return s } -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// The request was rejected because the specified KMS key was not available. +// You can retry the request. type KeyUnavailableException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -13290,7 +13433,7 @@ func (s *KeyUnavailableException) RequestID() string { // The request was rejected because a quota was exceeded. For more information, // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. type LimitExceededException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -13349,13 +13492,13 @@ func (s *LimitExceededException) RequestID() string { type ListAliasesInput struct { _ struct{} `type:"structure"` - // Lists only aliases that are associated with the specified CMK. Enter a CMK - // in your AWS account. + // Lists only aliases that are associated with the specified KMS key. Enter + // a KMS key in your Amazon Web Services account. // // This parameter is optional. If you omit it, ListAliases returns all aliases // in the account and Region. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -13363,11 +13506,11 @@ type ListAliasesInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. KeyId *string `min:"1" type:"string"` // Use this parameter to specify the maximum number of items to return. When - // this value is present, AWS KMS does not return more than the specified number + // this value is present, KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and @@ -13483,11 +13626,10 @@ type ListGrantsInput struct { // for the grant. GranteePrincipal *string `min:"1" type:"string"` - // Returns only grants for the specified customer master key (CMK). This parameter - // is required. + // Returns only grants for the specified KMS key. This parameter is required. // - // Specify the key ID or key ARN of the CMK. To specify a CMK in a different - // AWS account, you must use the key ARN. + // Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different + // Amazon Web Services account, you must use the key ARN. // // For example: // @@ -13495,13 +13637,13 @@ type ListGrantsInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Use this parameter to specify the maximum number of items to return. When - // this value is present, AWS KMS does not return more than the specified number + // this value is present, KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and @@ -13630,9 +13772,9 @@ func (s *ListGrantsResponse) SetTruncated(v bool) *ListGrantsResponse { type ListKeyPoliciesInput struct { _ struct{} `type:"structure"` - // Gets the names of key policies for the specified customer master key (CMK). + // Gets the names of key policies for the specified KMS key. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -13640,13 +13782,13 @@ type ListKeyPoliciesInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Use this parameter to specify the maximum number of items to return. When - // this value is present, AWS KMS does not return more than the specified number + // this value is present, KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and @@ -13760,7 +13902,7 @@ type ListKeysInput struct { _ struct{} `type:"structure"` // Use this parameter to specify the maximum number of items to return. When - // this value is present, AWS KMS does not return more than the specified number + // this value is present, KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and @@ -13814,7 +13956,7 @@ func (s *ListKeysInput) SetMarker(v string) *ListKeysInput { type ListKeysOutput struct { _ struct{} `type:"structure"` - // A list of customer master keys (CMKs). + // A list of KMS keys. Keys []*KeyListEntry `type:"list"` // When Truncated is true, this element is present and contains the value to @@ -13859,9 +14001,9 @@ func (s *ListKeysOutput) SetTruncated(v bool) *ListKeysOutput { type ListResourceTagsInput struct { _ struct{} `type:"structure"` - // Gets tags on the specified customer master key (CMK). + // Gets tags on the specified KMS key. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -13869,13 +14011,13 @@ type ListResourceTagsInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Use this parameter to specify the maximum number of items to return. When - // this value is present, AWS KMS does not return more than the specified number + // this value is present, KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and @@ -13952,9 +14094,9 @@ type ListResourceTagsOutput struct { // A list of tags. Each tag consists of a tag key and a tag value. // - // Tagging or untagging a CMK can allow or deny permission to the CMK. For details, - // see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) - // in the AWS Key Management Service Developer Guide. + // Tagging or untagging a KMS key can allow or deny permission to the KMS key. + // For details, see Using ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // in the Key Management Service Developer Guide. Tags []*Tag `type:"list"` // A flag that indicates whether there are more items in the list. When this @@ -13996,7 +14138,7 @@ type ListRetirableGrantsInput struct { _ struct{} `type:"structure"` // Use this parameter to specify the maximum number of items to return. When - // this value is present, AWS KMS does not return more than the specified number + // this value is present, KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and @@ -14009,13 +14151,13 @@ type ListRetirableGrantsInput struct { Marker *string `min:"1" type:"string"` // The retiring principal for which to list grants. Enter a principal in your - // AWS account. + // Amazon Web Services account. // // To specify the retiring principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM - // users, federated users, and assumed role users. For examples of the ARN syntax - // for specifying a principal, see AWS Identity and Access Management (IAM) - // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) + // of an Amazon Web Services principal. Valid Amazon Web Services principals + // include Amazon Web Services accounts (root), IAM users, federated users, + // and assumed role users. For examples of the ARN syntax for specifying a principal, + // see Amazon Web Services Identity and Access Management (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) // in the Example ARNs section of the Amazon Web Services General Reference. // // RetiringPrincipal is a required field @@ -14129,22 +14271,22 @@ func (s *MalformedPolicyDocumentException) RequestID() string { return s.RespMetadata.RequestID } -// Describes the configuration of this multi-Region CMK. This field appears -// only when the CMK is a primary or replica of a multi-Region CMK. +// Describes the configuration of this multi-Region key. This field appears +// only when the KMS key is a primary or replica of a multi-Region key. // -// For more information about any listed CMK, use the DescribeKey operation. +// For more information about any listed KMS key, use the DescribeKey operation. type MultiRegionConfiguration struct { _ struct{} `type:"structure"` - // Indicates whether the CMK is a PRIMARY or REPLICA key. + // Indicates whether the KMS key is a PRIMARY or REPLICA key. MultiRegionKeyType *string `type:"string" enum:"MultiRegionKeyType"` // Displays the key ARN and Region of the primary key. This field includes the - // current CMK if it is the primary key. + // current KMS key if it is the primary key. PrimaryKey *MultiRegionKey `type:"structure"` // displays the key ARNs and Regions of all replica keys. This field includes - // the current CMK if it is a replica key. + // the current KMS key if it is a replica key. ReplicaKeys []*MultiRegionKey `type:"list"` } @@ -14183,7 +14325,8 @@ type MultiRegionKey struct { // Displays the key ARN of a primary or replica key of a multi-Region key. Arn *string `min:"20" type:"string"` - // Displays the AWS Region of a primary or replica key in a multi-Region key. + // Displays the Amazon Web Services Region of a primary or replica key in a + // multi-Region key. Region *string `min:"1" type:"string"` } @@ -14271,21 +14414,22 @@ type PutKeyPolicyInput struct { // A flag to indicate whether to bypass the key policy lockout safety check. // - // Setting this value to true increases the risk that the CMK becomes unmanageable. + // Setting this value to true increases the risk that the KMS key becomes unmanageable. // Do not set this value to true indiscriminately. // // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section in the AWS Key Management Service Developer Guide. + // section in the Key Management Service Developer Guide. // // Use this parameter only when you intend to prevent the principal that is - // making the request from making a subsequent PutKeyPolicy request on the CMK. + // making the request from making a subsequent PutKeyPolicy request on the KMS + // key. // // The default value is false. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` - // Sets the key policy on the specified customer master key (CMK). + // Sets the key policy on the specified KMS key. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -14293,34 +14437,34 @@ type PutKeyPolicyInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The key policy to attach to the CMK. + // The key policy to attach to the KMS key. // // The key policy must meet the following criteria: // // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy // must allow the principal that is making the PutKeyPolicy request to make - // a subsequent PutKeyPolicy request on the CMK. This reduces the risk that - // the CMK becomes unmanageable. For more information, refer to the scenario - // in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section of the AWS Key Management Service Developer Guide. + // a subsequent PutKeyPolicy request on the KMS key. This reduces the risk + // that the KMS key becomes unmanageable. For more information, refer to + // the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) + // section of the Key Management Service Developer Guide. // // * Each statement in the key policy must contain one or more principals. - // The principals in the key policy must exist and be visible to AWS KMS. - // When you create a new AWS principal (for example, an IAM user or role), - // you might need to enforce a delay before including the new principal in - // a key policy because the new principal might not be immediately visible - // to AWS KMS. For more information, see Changes that I make are not always - // immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) - // in the AWS Identity and Access Management User Guide. + // The principals in the key policy must exist and be visible to KMS. When + // you create a new Amazon Web Services principal (for example, an IAM user + // or role), you might need to enforce a delay before including the new principal + // in a key policy because the new principal might not be immediately visible + // to KMS. For more information, see Changes that I make are not always immediately + // visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) + // in the Amazon Web Services Identity and Access Management User Guide. // // The key policy cannot exceed 32 kilobytes (32768 bytes). For more information, // see Resource Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. // // Policy is a required field Policy *string `min:"1" type:"string" required:"true"` @@ -14417,37 +14561,38 @@ type ReEncryptInput struct { // CiphertextBlob is a required field CiphertextBlob []byte `min:"1" type:"blob" required:"true"` - // Specifies the encryption algorithm that AWS KMS will use to reecrypt the - // data after it has decrypted it. The default value, SYMMETRIC_DEFAULT, represents - // the encryption algorithm used for symmetric CMKs. + // Specifies the encryption algorithm that KMS will use to reecrypt the data + // after it has decrypted it. The default value, SYMMETRIC_DEFAULT, represents + // the encryption algorithm used for symmetric KMS keys. // - // This parameter is required only when the destination CMK is an asymmetric - // CMK. + // This parameter is required only when the destination KMS key is an asymmetric + // KMS key. DestinationEncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // Specifies that encryption context to use when the reencrypting the data. // - // A destination encryption context is valid only when the destination CMK is - // a symmetric CMK. The standard ciphertext format for asymmetric CMKs does - // not include fields for metadata. + // A destination encryption context is valid only when the destination KMS key + // is a symmetric KMS key. The standard ciphertext format for asymmetric KMS + // keys does not include fields for metadata. // // An encryption context is a collection of non-secret key-value pairs that // represents additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // when encrypting with a symmetric KMS key, but it is highly recommended. // // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. DestinationEncryptionContext map[string]*string `type:"map"` - // A unique identifier for the CMK that is used to reencrypt the data. Specify - // a symmetric or asymmetric CMK with a KeyUsage value of ENCRYPT_DECRYPT. To - // find the KeyUsage value of a CMK, use the DescribeKey operation. + // A unique identifier for the KMS key that is used to reencrypt the data. Specify + // a symmetric or asymmetric KMS key with a KeyUsage value of ENCRYPT_DECRYPT. + // To find the KeyUsage value of a KMS key, use the DescribeKey operation. // - // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When - // using an alias name, prefix it with "alias/". To specify a CMK in a different - // AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -14459,8 +14604,8 @@ type ReEncryptInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // DestinationKeyId is a required field DestinationKeyId *string `min:"1" type:"string" required:"true"` @@ -14469,19 +14614,20 @@ type ReEncryptInput struct { // // Use a grant token when your permission to call this operation comes from // a new grant that has not yet achieved eventual consistency. For more information, - // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Specifies the encryption algorithm that AWS KMS will use to decrypt the ciphertext + // Specifies the encryption algorithm that KMS will use to decrypt the ciphertext // before it is reencrypted. The default value, SYMMETRIC_DEFAULT, represents - // the algorithm used for symmetric CMKs. + // the algorithm used for symmetric KMS keys. // // Specify the same algorithm that was used to encrypt the ciphertext. If you // specify a different algorithm, the decrypt attempt fails. // // This parameter is required only when the ciphertext was encrypted under an - // asymmetric CMK. + // asymmetric KMS key. SourceEncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // Specifies the encryption context to use to decrypt the ciphertext. Enter @@ -14491,25 +14637,26 @@ type ReEncryptInput struct { // represents additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // when encrypting with a symmetric KMS key, but it is highly recommended. // // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. SourceEncryptionContext map[string]*string `type:"map"` - // Specifies the customer master key (CMK) that AWS KMS will use to decrypt - // the ciphertext before it is re-encrypted. Enter a key ID of the CMK that - // was used to encrypt the ciphertext. + // Specifies the KMS key that KMS will use to decrypt the ciphertext before + // it is re-encrypted. Enter a key ID of the KMS key that was used to encrypt + // the ciphertext. // // This parameter is required only when the ciphertext was encrypted under an - // asymmetric CMK. If you used a symmetric CMK, AWS KMS can get the CMK from - // metadata that it adds to the symmetric ciphertext blob. However, it is always - // recommended as a best practice. This practice ensures that you use the CMK - // that you intend. + // asymmetric KMS key. If you used a symmetric KMS key, KMS can get the KMS + // key from metadata that it adds to the symmetric ciphertext blob. However, + // it is always recommended as a best practice. This practice ensures that you + // use the KMS key that you intend. // - // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When - // using an alias name, prefix it with "alias/". To specify a CMK in a different - // AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -14521,8 +14668,8 @@ type ReEncryptInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. SourceKeyId *string `min:"1" type:"string"` } @@ -14612,8 +14759,8 @@ func (s *ReEncryptInput) SetSourceKeyId(v string) *ReEncryptInput { type ReEncryptOutput struct { _ struct{} `type:"structure"` - // The reencrypted data. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not Base64-encoded. + // The reencrypted data. When you use the HTTP API or the Amazon Web Services + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` @@ -14622,14 +14769,14 @@ type ReEncryptOutput struct { DestinationEncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK that was used to reencrypt the data. + // of the KMS key that was used to reencrypt the data. KeyId *string `min:"1" type:"string"` // The encryption algorithm that was used to decrypt the ciphertext before it // was reencrypted. SourceEncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` - // Unique identifier of the CMK used to originally encrypt the data. + // Unique identifier of the KMS key used to originally encrypt the data. SourceKeyId *string `min:"1" type:"string"` } @@ -14678,29 +14825,28 @@ type ReplicateKeyInput struct { // A flag to indicate whether to bypass the key policy lockout safety check. // - // Setting this value to true increases the risk that the CMK becomes unmanageable. + // Setting this value to true increases the risk that the KMS key becomes unmanageable. // Do not set this value to true indiscriminately. // // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section in the AWS Key Management Service Developer Guide. + // section in the Key Management Service Developer Guide. // // Use this parameter only when you intend to prevent the principal that is - // making the request from making a subsequent PutKeyPolicy request on the CMK. + // making the request from making a subsequent PutKeyPolicy request on the KMS + // key. // // The default value is false. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` - // A description of the CMK. Use a description that helps you decide whether - // the CMK is appropriate for a task. The default value is an empty string (no - // description). + // A description of the KMS key. The default value is an empty string (no description). // // The description is not a shared property of multi-Region keys. You can specify // the same description or a different description for each key in a set of - // related multi-Region keys. AWS KMS does not synchronize this property. + // related multi-Region keys. KMS does not synchronize this property. Description *string `type:"string"` // Identifies the multi-Region primary key that is being replicated. To determine - // whether a CMK is a multi-Region primary key, use the DescribeKey operation + // whether a KMS key is a multi-Region primary key, use the DescribeKey operation // to check the value of the MultiRegionKeyType property. // // Specify the key ID or key ARN of a multi-Region primary key. @@ -14711,52 +14857,54 @@ type ReplicateKeyInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The key policy to attach to the CMK. This parameter is optional. If you do - // not provide a key policy, AWS KMS attaches the default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) - // to the CMK. + // The key policy to attach to the KMS key. This parameter is optional. If you + // do not provide a key policy, KMS attaches the default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) + // to the KMS key. // // The key policy is not a shared property of multi-Region keys. You can specify // the same key policy or a different key policy for each key in a set of related - // multi-Region keys. AWS KMS does not synchronize this property. + // multi-Region keys. KMS does not synchronize this property. // // If you provide a key policy, it must meet the following criteria: // // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy - // must give the caller kms:PutKeyPolicy permission on the replica CMK. This - // reduces the risk that the CMK becomes unmanageable. For more information, + // must give the caller kms:PutKeyPolicy permission on the replica key. This + // reduces the risk that the KMS key becomes unmanageable. For more information, // refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section of the AWS Key Management Service Developer Guide . + // section of the Key Management Service Developer Guide . // // * Each statement in the key policy must contain one or more principals. - // The principals in the key policy must exist and be visible to AWS KMS. - // When you create a new AWS principal (for example, an IAM user or role), - // you might need to enforce a delay before including the new principal in - // a key policy because the new principal might not be immediately visible - // to AWS KMS. For more information, see Changes that I make are not always - // immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) - // in the AWS Identity and Access Management User Guide. + // The principals in the key policy must exist and be visible to KMS. When + // you create a new Amazon Web Services principal (for example, an IAM user + // or role), you might need to enforce a delay before including the new principal + // in a key policy because the new principal might not be immediately visible + // to KMS. For more information, see Changes that I make are not always immediately + // visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) + // in the Identity and Access Management User Guide . // // * The key policy size quota is 32 kilobytes (32768 bytes). Policy *string `min:"1" type:"string"` - // The Region ID of the AWS Region for this replica key. + // The Region ID of the Amazon Web Services Region for this replica key. // - // Enter the Region ID, such as us-east-1 or ap-southeast-2. For a list of AWS - // Regions in which AWS KMS is supported, see AWS KMS service endpoints (https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region) - // in the Amazon Web Services General Reference. + // Enter the Region ID, such as us-east-1 or ap-southeast-2. For a list of Amazon + // Web Services Regions in which KMS is supported, see KMS service endpoints + // (https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region) in the + // Amazon Web Services General Reference. // - // The replica must be in a different AWS Region than its primary key and other - // replicas of that primary key, but in the same AWS partition. AWS KMS must - // be available in the replica Region. If the Region is not enabled by default, - // the AWS account must be enabled in the Region. + // The replica must be in a different Amazon Web Services Region than its primary + // key and other replicas of that primary key, but in the same Amazon Web Services + // partition. KMS must be available in the replica Region. If the Region is + // not enabled by default, the Amazon Web Services account must be enabled in + // the Region. // - // For information about AWS partitions, see Amazon Resource Names (ARNs) in - // the Amazon Web Services General Reference. (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // For information about Amazon Web Services partitions, see Amazon Resource + // Names (ARNs) in the Amazon Web Services General Reference. (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // For information about enabling and disabling Regions, see Enabling a Region // (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable) // and Disabling a Region (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-disable) @@ -14766,28 +14914,30 @@ type ReplicateKeyInput struct { ReplicaRegion *string `min:"1" type:"string" required:"true"` // Assigns one or more tags to the replica key. Use this parameter to tag the - // CMK when it is created. To tag an existing CMK, use the TagResource operation. + // KMS key when it is created. To tag an existing KMS key, use the TagResource + // operation. // - // Tagging or untagging a CMK can allow or deny permission to the CMK. For details, - // see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) - // in the AWS Key Management Service Developer Guide. + // Tagging or untagging a KMS key can allow or deny permission to the KMS key. + // For details, see Using ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // in the Key Management Service Developer Guide. // // To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // permission in an IAM policy. // // Tags are not a shared property of multi-Region keys. You can specify the // same tags or different tags for each key in a set of related multi-Region - // keys. AWS KMS does not synchronize this property. + // keys. KMS does not synchronize this property. // // Each tag consists of a tag key and a tag value. Both the tag key and the // tag value are required, but the tag value can be an empty (null) string. - // You cannot have more than one tag on a CMK with the same tag key. If you - // specify an existing tag key with a different tag value, AWS KMS replaces + // You cannot have more than one tag on a KMS key with the same tag key. If + // you specify an existing tag key with a different tag value, KMS replaces // the current tag value with the specified one. // - // When you assign tags to an AWS resource, AWS generates a cost allocation - // report with usage and costs aggregated by tags. Tags can also be used to - // control access to a CMK. For details, see Tagging Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). + // When you add tags to an Amazon Web Services resource, Amazon Web Services + // generates a cost allocation report with usage and costs aggregated by tags. + // Tags can also be used to control access to a KMS key. For details, see Tagging + // Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). Tags []*Tag `type:"list"` } @@ -14875,11 +15025,11 @@ func (s *ReplicateKeyInput) SetTags(v []*Tag) *ReplicateKeyInput { type ReplicateKeyOutput struct { _ struct{} `type:"structure"` - // Displays details about the new replica CMK, including its Amazon Resource + // Displays details about the new replica key, including its Amazon Resource // Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) // and key state (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). - // It also includes the ARN and AWS Region of its primary key and other replica - // keys. + // It also includes the ARN and Amazon Web Services Region of its primary key + // and other replica keys. ReplicaKeyMetadata *KeyMetadata `type:"structure"` // The key policy of the new replica key. The value is a key policy document @@ -14934,11 +15084,11 @@ type RetireGrantInput struct { // Only the CreateGrant operation returns a grant token. For details, see Grant // token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) // and Eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. GrantToken *string `min:"1" type:"string"` - // The key ARN CMK associated with the grant. To find the key ARN, use the ListKeys - // operation. + // The key ARN KMS key associated with the grant. To find the key ARN, use the + // ListKeys operation. // // For example: arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab KeyId *string `min:"1" type:"string"` @@ -15014,11 +15164,11 @@ type RevokeGrantInput struct { // GrantId is a required field GrantId *string `min:"1" type:"string" required:"true"` - // A unique identifier for the customer master key (CMK) associated with the - // grant. To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // A unique identifier for the KMS key associated with the grant. To get the + // key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // - // Specify the key ID or key ARN of the CMK. To specify a CMK in a different - // AWS account, you must use the key ARN. + // Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different + // Amazon Web Services account, you must use the key ARN. // // For example: // @@ -15026,7 +15176,7 @@ type RevokeGrantInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -15093,9 +15243,9 @@ func (s RevokeGrantOutput) GoString() string { type ScheduleKeyDeletionInput struct { _ struct{} `type:"structure"` - // The unique identifier of the customer master key (CMK) to delete. + // The unique identifier of the KMS key to delete. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -15103,15 +15253,15 @@ type ScheduleKeyDeletionInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // The waiting period, specified in number of days. After the waiting period - // ends, AWS KMS deletes the customer master key (CMK). + // ends, KMS deletes the KMS key. // - // If the CMK is a multi-Region primary key with replicas, the waiting period + // If the KMS key is a multi-Region primary key with replicas, the waiting period // begins when the last of its replica keys is deleted. Otherwise, the waiting // period begins immediately. // @@ -15164,27 +15314,27 @@ func (s *ScheduleKeyDeletionInput) SetPendingWindowInDays(v int64) *ScheduleKeyD type ScheduleKeyDeletionOutput struct { _ struct{} `type:"structure"` - // The date and time after which AWS KMS deletes the customer master key (CMK). + // The date and time after which KMS deletes the KMS key. // - // If the CMK is a multi-Region primary key with replica keys, this field does - // not appear. The deletion date for the primary key isn't known until its last - // replica key is deleted. + // If the KMS key is a multi-Region primary key with replica keys, this field + // does not appear. The deletion date for the primary key isn't known until + // its last replica key is deleted. DeletionDate *time.Time `type:"timestamp"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK whose deletion is scheduled. + // of the KMS key whose deletion is scheduled. KeyId *string `min:"1" type:"string"` - // The current status of the CMK. + // The current status of the KMS key. // - // For more information about how key state affects the use of a CMK, see Key - // state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) - // in the AWS Key Management Service Developer Guide. + // For more information about how key state affects the use of a KMS key, see + // Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) + // in the Key Management Service Developer Guide. KeyState *string `type:"string" enum:"KeyState"` - // The waiting period before the CMK is deleted. + // The waiting period before the KMS key is deleted. // - // If the CMK is a multi-Region primary key with replicas, the waiting period + // If the KMS key is a multi-Region primary key with replicas, the waiting period // begins when the last of its replica keys is deleted. Otherwise, the waiting // period begins immediately. PendingWindowInDays *int64 `min:"1" type:"integer"` @@ -15231,17 +15381,19 @@ type SignInput struct { // // Use a grant token when your permission to call this operation comes from // a new grant that has not yet achieved eventual consistency. For more information, - // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Identifies an asymmetric CMK. AWS KMS uses the private key in the asymmetric - // CMK to sign the message. The KeyUsage type of the CMK must be SIGN_VERIFY. - // To find the KeyUsage of a CMK, use the DescribeKey operation. + // Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric + // KMS key to sign the message. The KeyUsage type of the KMS key must be SIGN_VERIFY. + // To find the KeyUsage of a KMS key, use the DescribeKey operation. // - // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When - // using an alias name, prefix it with "alias/". To specify a CMK in a different - // AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -15253,8 +15405,8 @@ type SignInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -15262,23 +15414,23 @@ type SignInput struct { // Specifies the message or message digest to sign. Messages can be 0-4096 bytes. // To sign a larger message, provide the message digest. // - // If you provide a message, AWS KMS generates a hash digest of the message - // and then signs it. + // If you provide a message, KMS generates a hash digest of the message and + // then signs it. // // Message is automatically base64 encoded/decoded by the SDK. // // Message is a required field Message []byte `min:"1" type:"blob" required:"true" sensitive:"true"` - // Tells AWS KMS whether the value of the Message parameter is a message or - // message digest. The default value, RAW, indicates a message. To indicate - // a message digest, enter DIGEST. + // Tells KMS whether the value of the Message parameter is a message or message + // digest. The default value, RAW, indicates a message. To indicate a message + // digest, enter DIGEST. MessageType *string `type:"string" enum:"MessageType"` // Specifies the signing algorithm to use when signing the message. // // Choose an algorithm that is compatible with the type and size of the specified - // asymmetric CMK. + // asymmetric KMS key. // // SigningAlgorithm is a required field SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithmSpec"` @@ -15353,7 +15505,7 @@ type SignOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the asymmetric CMK that was used to sign the message. + // of the asymmetric KMS key that was used to sign the message. KeyId *string `min:"1" type:"string"` // The cryptographic signature that was generated for the message. @@ -15367,8 +15519,8 @@ type SignOutput struct { // This is the most commonly used signature format and is appropriate for // most uses. // - // When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, - // it is not Base64-encoded. + // When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. + // Otherwise, it is not Base64-encoded. // // Signature is automatically base64 encoded/decoded by the SDK. Signature []byte `min:"1" type:"blob"` @@ -15410,7 +15562,7 @@ func (s *SignOutput) SetSigningAlgorithm(v string) *SignOutput { // // For information about the rules that apply to tag keys and tag values, see // User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) -// in the AWS Billing and Cost Management User Guide. +// in the Amazon Web Services Billing and Cost Management User Guide. type Tag struct { _ struct{} `type:"structure"` @@ -15525,9 +15677,9 @@ func (s *TagException) RequestID() string { type TagResourceInput struct { _ struct{} `type:"structure"` - // Identifies a customer managed CMK in the account and Region. + // Identifies a customer managed key in the account and Region. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -15535,7 +15687,7 @@ type TagResourceInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -15545,8 +15697,8 @@ type TagResourceInput struct { // Each tag consists of a tag key and a tag value. The tag value can be an empty // (null) string. // - // You cannot have more than one tag on a CMK with the same tag key. If you - // specify an existing tag key with a different tag value, AWS KMS replaces + // You cannot have more than one tag on a KMS key with the same tag key. If + // you specify an existing tag key with a different tag value, KMS replaces // the current tag value with the specified one. // // Tags is a required field @@ -15678,9 +15830,9 @@ func (s *UnsupportedOperationException) RequestID() string { type UntagResourceInput struct { _ struct{} `type:"structure"` - // Identifies the CMK from which you are removing tags. + // Identifies the KMS key from which you are removing tags. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -15688,7 +15840,7 @@ type UntagResourceInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -15757,22 +15909,23 @@ func (s UntagResourceOutput) GoString() string { type UpdateAliasInput struct { _ struct{} `type:"structure"` - // Identifies the alias that is changing its CMK. This value must begin with - // alias/ followed by the alias name, such as alias/ExampleAlias. You cannot + // Identifies the alias that is changing its KMS key. This value must begin + // with alias/ followed by the alias name, such as alias/ExampleAlias. You cannot // use UpdateAlias to change the alias name. // // AliasName is a required field AliasName *string `min:"1" type:"string" required:"true"` - // Identifies the customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) + // Identifies the customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) // to associate with the alias. You don't have permission to associate an alias - // with an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). + // with an Amazon Web Services managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). // - // The CMK must be in the same AWS account and Region as the alias. Also, the - // new target CMK must be the same type as the current target CMK (both symmetric - // or both asymmetric) and they must have the same key usage. + // The KMS key must be in the same Amazon Web Services account and Region as + // the alias. Also, the new target KMS key must be the same type as the current + // target KMS key (both symmetric or both asymmetric) and they must have the + // same key usage. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -15780,9 +15933,9 @@ type UpdateAliasInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // - // To verify that the alias is mapped to the correct CMK, use ListAliases. + // To verify that the alias is mapped to the correct KMS key, use ListAliases. // // TargetKeyId is a required field TargetKeyId *string `min:"1" type:"string" required:"true"` @@ -15849,7 +16002,7 @@ func (s UpdateAliasOutput) GoString() string { type UpdateCustomKeyStoreInput struct { _ struct{} `type:"structure"` - // Associates the custom key store with a related AWS CloudHSM cluster. + // Associates the custom key store with a related CloudHSM cluster. // // Enter the cluster ID of the cluster that you used to create the custom key // store or a cluster that shares a backup history and has the same cluster @@ -15868,16 +16021,16 @@ type UpdateCustomKeyStoreInput struct { // CustomKeyStoreId is a required field CustomKeyStoreId *string `min:"1" type:"string" required:"true"` - // Enter the current password of the kmsuser crypto user (CU) in the AWS CloudHSM + // Enter the current password of the kmsuser crypto user (CU) in the CloudHSM // cluster that is associated with the custom key store. // - // This parameter tells AWS KMS the current password of the kmsuser crypto user - // (CU). It does not set or change the password of any users in the AWS CloudHSM + // This parameter tells KMS the current password of the kmsuser crypto user + // (CU). It does not set or change the password of any users in the CloudHSM // cluster. KeyStorePassword *string `min:"7" type:"string" sensitive:"true"` // Changes the friendly name of the custom key store to the value that you specify. - // The custom key store name must be unique in the AWS account. + // The custom key store name must be unique in the Amazon Web Services account. NewCustomKeyStoreName *string `min:"1" type:"string"` } @@ -15957,14 +16110,14 @@ func (s UpdateCustomKeyStoreOutput) GoString() string { type UpdateKeyDescriptionInput struct { _ struct{} `type:"structure"` - // New description for the CMK. + // New description for the KMS key. // // Description is a required field Description *string `type:"string" required:"true"` - // Updates the description of the specified customer master key (CMK). + // Updates the description of the specified KMS key. // - // Specify the key ID or key ARN of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -15972,7 +16125,7 @@ type UpdateKeyDescriptionInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -16036,8 +16189,8 @@ func (s UpdateKeyDescriptionOutput) GoString() string { type UpdatePrimaryRegionInput struct { _ struct{} `type:"structure"` - // Identifies the current primary key. When the operation completes, this CMK - // will be a replica key. + // Identifies the current primary key. When the operation completes, this KMS + // key will be a replica key. // // Specify the key ID or key ARN of a multi-Region primary key. // @@ -16047,13 +16200,14 @@ type UpdatePrimaryRegionInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The AWS Region of the new primary key. Enter the Region ID, such as us-east-1 - // or ap-southeast-2. There must be an existing replica key in this Region. + // The Amazon Web Services Region of the new primary key. Enter the Region ID, + // such as us-east-1 or ap-southeast-2. There must be an existing replica key + // in this Region. // // When the operation completes, the multi-Region key in this Region will be // the primary key. @@ -16127,17 +16281,19 @@ type VerifyInput struct { // // Use a grant token when your permission to call this operation comes from // a new grant that has not yet achieved eventual consistency. For more information, - // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Identifies the asymmetric CMK that will be used to verify the signature. - // This must be the same CMK that was used to generate the signature. If you - // specify a different CMK, the signature verification fails. + // Identifies the asymmetric KMS key that will be used to verify the signature. + // This must be the same KMS key that was used to generate the signature. If + // you specify a different KMS key, the signature verification fails. // - // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When - // using an alias name, prefix it with "alias/". To specify a CMK in a different - // AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -16149,8 +16305,8 @@ type VerifyInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -16168,9 +16324,9 @@ type VerifyInput struct { // Message is a required field Message []byte `min:"1" type:"blob" required:"true" sensitive:"true"` - // Tells AWS KMS whether the value of the Message parameter is a message or - // message digest. The default value, RAW, indicates a message. To indicate - // a message digest, enter DIGEST. + // Tells KMS whether the value of the Message parameter is a message or message + // digest. The default value, RAW, indicates a message. To indicate a message + // digest, enter DIGEST. // // Use the DIGEST value only when the value of the Message parameter is a message // digest. If you use the DIGEST value with a raw message, the security of the @@ -16272,7 +16428,7 @@ type VerifyOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the asymmetric CMK that was used to verify the signature. + // of the asymmetric KMS key that was used to verify the signature. KeyId *string `min:"1" type:"string"` // A Boolean value that indicates whether the signature was verified. A value @@ -16613,6 +16769,46 @@ func KeyManagerType_Values() []string { } } +const ( + // KeySpecRsa2048 is a KeySpec enum value + KeySpecRsa2048 = "RSA_2048" + + // KeySpecRsa3072 is a KeySpec enum value + KeySpecRsa3072 = "RSA_3072" + + // KeySpecRsa4096 is a KeySpec enum value + KeySpecRsa4096 = "RSA_4096" + + // KeySpecEccNistP256 is a KeySpec enum value + KeySpecEccNistP256 = "ECC_NIST_P256" + + // KeySpecEccNistP384 is a KeySpec enum value + KeySpecEccNistP384 = "ECC_NIST_P384" + + // KeySpecEccNistP521 is a KeySpec enum value + KeySpecEccNistP521 = "ECC_NIST_P521" + + // KeySpecEccSecgP256k1 is a KeySpec enum value + KeySpecEccSecgP256k1 = "ECC_SECG_P256K1" + + // KeySpecSymmetricDefault is a KeySpec enum value + KeySpecSymmetricDefault = "SYMMETRIC_DEFAULT" +) + +// KeySpec_Values returns all elements of the KeySpec enum +func KeySpec_Values() []string { + return []string{ + KeySpecRsa2048, + KeySpecRsa3072, + KeySpecRsa4096, + KeySpecEccNistP256, + KeySpecEccNistP384, + KeySpecEccNistP521, + KeySpecEccSecgP256k1, + KeySpecSymmetricDefault, + } +} + const ( // KeyStateCreating is a KeyState enum value KeyStateCreating = "Creating" diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go index c4c212502..64050c225 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go @@ -3,21 +3,26 @@ // Package kms provides the client and types for making API // requests to AWS Key Management Service. // -// AWS Key Management Service (AWS KMS) is an encryption and key management -// web service. This guide describes the AWS KMS operations that you can call -// programmatically. For general information about AWS KMS, see the AWS Key -// Management Service Developer Guide (https://docs.aws.amazon.com/kms/latest/developerguide/). +// Key Management Service (KMS) is an encryption and key management web service. +// This guide describes the KMS operations that you can call programmatically. +// For general information about KMS, see the Key Management Service Developer +// Guide (https://docs.aws.amazon.com/kms/latest/developerguide/). // -// AWS provides SDKs that consist of libraries and sample code for various programming -// languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs -// provide a convenient way to create programmatic access to AWS KMS and other -// AWS services. For example, the SDKs take care of tasks such as signing requests -// (see below), managing errors, and retrying requests automatically. For more -// information about the AWS SDKs, including how to download and install them, -// see Tools for Amazon Web Services (http://aws.amazon.com/tools/). +// KMS is replacing the term customer master key (CMK) with KMS key and KMS +// key. The concept has not changed. To prevent breaking changes, KMS is keeping +// some variations of this term. // -// We recommend that you use the AWS SDKs to make programmatic API calls to -// AWS KMS. +// Amazon Web Services provides SDKs that consist of libraries and sample code +// for various programming languages and platforms (Java, Ruby, .Net, macOS, +// Android, etc.). The SDKs provide a convenient way to create programmatic +// access to KMS and other Amazon Web Services services. For example, the SDKs +// take care of tasks such as signing requests (see below), managing errors, +// and retrying requests automatically. For more information about the Amazon +// Web Services SDKs, including how to download and install them, see Tools +// for Amazon Web Services (http://aws.amazon.com/tools/). +// +// We recommend that you use the Amazon Web Services SDKs to make programmatic +// API calls to KMS. // // Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS // 1.2. Clients must also support cipher suites with Perfect Forward Secrecy @@ -28,30 +33,31 @@ // Signing Requests // // Requests must be signed by using an access key ID and a secret access key. -// We strongly recommend that you do not use your AWS account (root) access -// key ID and secret key for everyday work with AWS KMS. Instead, use the access -// key ID and secret access key for an IAM user. You can also use the AWS Security -// Token Service to generate temporary security credentials that you can use -// to sign requests. +// We strongly recommend that you do not use your Amazon Web Services account +// (root) access key ID and secret key for everyday work with KMS. Instead, +// use the access key ID and secret access key for an IAM user. You can also +// use the Amazon Web Services Security Token Service to generate temporary +// security credentials that you can use to sign requests. // -// All AWS KMS operations require Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). +// All KMS operations require Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). // // Logging API Requests // -// AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related -// events for your AWS account and delivers them to an Amazon S3 bucket that -// you specify. By using the information collected by CloudTrail, you can determine -// what requests were made to AWS KMS, who made the request, when it was made, -// and so on. To learn more about CloudTrail, including how to turn it on and -// find your log files, see the AWS CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). +// KMS supports CloudTrail, a service that logs Amazon Web Services API calls +// and related events for your Amazon Web Services account and delivers them +// to an Amazon S3 bucket that you specify. By using the information collected +// by CloudTrail, you can determine what requests were made to KMS, who made +// the request, when it was made, and so on. To learn more about CloudTrail, +// including how to turn it on and find your log files, see the CloudTrail User +// Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). // // Additional Resources // // For more information about credentials and request signing, see the following: // -// * AWS Security Credentials (https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) +// * Amazon Web Services Security Credentials (https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) // - This topic provides general information about the types of credentials -// used for accessing AWS. +// used to access Amazon Web Services. // // * Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) // - This section of the IAM User Guide describes how to create and use temporary diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go index 911bf576e..7f5a1f0ba 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go @@ -18,10 +18,10 @@ const ( // ErrCodeCloudHsmClusterInUseException for service response error code // "CloudHsmClusterInUseException". // - // The request was rejected because the specified AWS CloudHSM cluster is already + // The request was rejected because the specified CloudHSM cluster is already // associated with a custom key store or it shares a backup history with a cluster // that is associated with a custom key store. Each custom key store must be - // associated with a different AWS CloudHSM cluster. + // associated with a different CloudHSM cluster. // // Clusters that share a backup history have the same cluster certificate. To // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) @@ -31,8 +31,8 @@ const ( // ErrCodeCloudHsmClusterInvalidConfigurationException for service response error code // "CloudHsmClusterInvalidConfigurationException". // - // The request was rejected because the associated AWS CloudHSM cluster did - // not meet the configuration requirements for a custom key store. + // The request was rejected because the associated CloudHSM cluster did not + // meet the configuration requirements for a custom key store. // // * The cluster must be configured with private subnets in at least two // different Availability Zones in the Region. @@ -47,46 +47,44 @@ const ( // operation. // // * The cluster must contain at least as many HSMs as the operation requires. - // To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) + // To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey - // operations, the AWS CloudHSM cluster must have at least two active HSMs, - // each in a different Availability Zone. For the ConnectCustomKeyStore operation, - // the AWS CloudHSM must contain at least one active HSM. + // operations, the CloudHSM cluster must have at least two active HSMs, each + // in a different Availability Zone. For the ConnectCustomKeyStore operation, + // the CloudHSM must contain at least one active HSM. // - // For information about the requirements for an AWS CloudHSM cluster that is - // associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) - // in the AWS Key Management Service Developer Guide. For information about - // creating a private subnet for an AWS CloudHSM cluster, see Create a Private - // Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) - // in the AWS CloudHSM User Guide. For information about cluster security groups, + // For information about the requirements for an CloudHSM cluster that is associated + // with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) + // in the Key Management Service Developer Guide. For information about creating + // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) + // in the CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) - // in the AWS CloudHSM User Guide . + // in the CloudHSM User Guide . ErrCodeCloudHsmClusterInvalidConfigurationException = "CloudHsmClusterInvalidConfigurationException" // ErrCodeCloudHsmClusterNotActiveException for service response error code // "CloudHsmClusterNotActiveException". // - // The request was rejected because the AWS CloudHSM cluster that is associated + // The request was rejected because the CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) - // in the AWS CloudHSM User Guide. + // in the CloudHSM User Guide. ErrCodeCloudHsmClusterNotActiveException = "CloudHsmClusterNotActiveException" // ErrCodeCloudHsmClusterNotFoundException for service response error code // "CloudHsmClusterNotFoundException". // - // The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster - // with the specified cluster ID. Retry the request with a different cluster - // ID. + // The request was rejected because KMS cannot find the CloudHSM cluster with + // the specified cluster ID. Retry the request with a different cluster ID. ErrCodeCloudHsmClusterNotFoundException = "CloudHsmClusterNotFoundException" // ErrCodeCloudHsmClusterNotRelatedException for service response error code // "CloudHsmClusterNotRelatedException". // - // The request was rejected because the specified AWS CloudHSM cluster has a - // different cluster certificate than the original cluster. You cannot use the - // operation to specify an unrelated cluster. + // The request was rejected because the specified CloudHSM cluster has a different + // cluster certificate than the original cluster. You cannot use the operation + // to specify an unrelated cluster. // // Specify a cluster that shares a backup history with the original cluster. // This includes clusters that were created from a backup of the current cluster, @@ -101,10 +99,10 @@ const ( // ErrCodeCustomKeyStoreHasCMKsException for service response error code // "CustomKeyStoreHasCMKsException". // - // The request was rejected because the custom key store contains AWS KMS customer - // master keys (CMKs). After verifying that you do not need to use the CMKs, - // use the ScheduleKeyDeletion operation to delete the CMKs. After they are - // deleted, you can delete the custom key store. + // The request was rejected because the custom key store contains KMS keys. + // After verifying that you do not need to use the KMS keys, use the ScheduleKeyDeletion + // operation to delete the KMS keys. After they are deleted, you can delete + // the custom key store. ErrCodeCustomKeyStoreHasCMKsException = "CustomKeyStoreHasCMKsException" // ErrCodeCustomKeyStoreInvalidStateException for service response error code @@ -140,7 +138,7 @@ const ( // ErrCodeCustomKeyStoreNotFoundException for service response error code // "CustomKeyStoreNotFoundException". // - // The request was rejected because AWS KMS cannot find a custom key store with + // The request was rejected because KMS cannot find a custom key store with // the specified key store name or ID. ErrCodeCustomKeyStoreNotFoundException = "CustomKeyStoreNotFoundException" @@ -154,7 +152,7 @@ const ( // ErrCodeDisabledException for service response error code // "DisabledException". // - // The request was rejected because the specified CMK is not enabled. + // The request was rejected because the specified KMS key is not enabled. ErrCodeDisabledException = "DisabledException" // ErrCodeExpiredImportTokenException for service response error code @@ -168,9 +166,9 @@ const ( // ErrCodeIncorrectKeyException for service response error code // "IncorrectKeyException". // - // The request was rejected because the specified CMK cannot decrypt the data. - // The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request - // must identify the same CMK that was used to encrypt the ciphertext. + // The request was rejected because the specified KMS key cannot decrypt the + // data. The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request + // must identify the same KMS key that was used to encrypt the ciphertext. ErrCodeIncorrectKeyException = "IncorrectKeyException" // ErrCodeIncorrectKeyMaterialException for service response error code @@ -178,14 +176,14 @@ const ( // // The request was rejected because the key material in the request is, expired, // invalid, or is not the same key material that was previously imported into - // this customer master key (CMK). + // this KMS key. ErrCodeIncorrectKeyMaterialException = "IncorrectKeyMaterialException" // ErrCodeIncorrectTrustAnchorException for service response error code // "IncorrectTrustAnchorException". // // The request was rejected because the trust anchor certificate in the request - // is not the trust anchor certificate for the specified AWS CloudHSM cluster. + // is not the trust anchor certificate for the specified CloudHSM cluster. // // When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create the trust anchor certificate and save it in the customerCA.crt @@ -220,8 +218,8 @@ const ( // the ciphertext, such as the encryption context, is corrupted, missing, or // otherwise invalid. // - // From the ImportKeyMaterial operation, the request was rejected because AWS - // KMS could not decrypt the encrypted (wrapped) key material. + // From the ImportKeyMaterial operation, the request was rejected because KMS + // could not decrypt the encrypted (wrapped) key material. ErrCodeInvalidCiphertextException = "InvalidCiphertextException" // ErrCodeInvalidGrantIdException for service response error code @@ -240,7 +238,7 @@ const ( // "InvalidImportTokenException". // // The request was rejected because the provided import token is invalid or - // is associated with a different customer master key (CMK). + // is associated with a different KMS key. ErrCodeInvalidImportTokenException = "InvalidImportTokenException" // ErrCodeInvalidKeyUsageException for service response error code @@ -248,17 +246,18 @@ const ( // // The request was rejected for one of the following reasons: // - // * The KeyUsage value of the CMK is incompatible with the API operation. + // * The KeyUsage value of the KMS key is incompatible with the API operation. // // * The encryption algorithm or signing algorithm specified for the operation - // is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). + // is incompatible with the type of key material in the KMS key (KeySpec). // // For encrypting, decrypting, re-encrypting, and generating data keys, the // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage - // must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. + // must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey + // operation. // - // To find the encryption or signing algorithms supported for a particular CMK, - // use the DescribeKey operation. + // To find the encryption or signing algorithms supported for a particular KMS + // key, use the DescribeKey operation. ErrCodeInvalidKeyUsageException = "InvalidKeyUsageException" // ErrCodeInvalidMarkerException for service response error code @@ -274,9 +273,9 @@ const ( // The request was rejected because the state of the specified resource is not // valid for this request. // - // For more information about how key state affects the use of a CMK, see How - // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) - // in the AWS Key Management Service Developer Guide . + // For more information about how key state affects the use of a KMS key, see + // Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) + // in the Key Management Service Developer Guide . ErrCodeInvalidStateException = "KMSInvalidStateException" // ErrCodeKMSInvalidSignatureException for service response error code @@ -284,14 +283,14 @@ const ( // // The request was rejected because the signature verification failed. Signature // verification fails when it cannot confirm that signature was produced by - // signing the specified message with the specified CMK and signing algorithm. + // signing the specified message with the specified KMS key and signing algorithm. ErrCodeKMSInvalidSignatureException = "KMSInvalidSignatureException" // ErrCodeKeyUnavailableException for service response error code // "KeyUnavailableException". // - // The request was rejected because the specified CMK was not available. You - // can retry the request. + // The request was rejected because the specified KMS key was not available. + // You can retry the request. ErrCodeKeyUnavailableException = "KeyUnavailableException" // ErrCodeLimitExceededException for service response error code @@ -299,7 +298,7 @@ const ( // // The request was rejected because a quota was exceeded. For more information, // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. ErrCodeLimitExceededException = "LimitExceededException" // ErrCodeMalformedPolicyDocumentException for service response error code diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index 17c463788..3cffd533d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go @@ -57,19 +57,20 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // AssumeRole API operation for AWS Security Token Service. // // Returns a set of temporary security credentials that you can use to access -// AWS resources that you might not normally have access to. These temporary -// credentials consist of an access key ID, a secret access key, and a security -// token. Typically, you use AssumeRole within your account or for cross-account -// access. For a comparison of AssumeRole with other API operations that produce -// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// Amazon Web Services resources that you might not normally have access to. +// These temporary credentials consist of an access key ID, a secret access +// key, and a security token. Typically, you use AssumeRole within your account +// or for cross-account access. For a comparison of AssumeRole with other API +// operations that produce temporary credentials, see Requesting Temporary Security +// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // Permissions // // The temporary security credentials created by AssumeRole can be used to make -// API calls to any AWS service with the following exception: You cannot call -// the AWS STS GetFederationToken or GetSessionToken API operations. +// API calls to any Amazon Web Services service with the following exception: +// You cannot call the STS GetFederationToken or GetSessionToken API operations. // // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an @@ -79,15 +80,15 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and // the session policies. You can use the role's temporary credentials in subsequent -// AWS API calls to access resources in the account that owns the role. You -// cannot use session policies to grant more permissions than those allowed -// by the identity-based policy of the role that is being assumed. For more -// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// Amazon Web Services API calls to access resources in the account that owns +// the role. You cannot use session policies to grant more permissions than +// those allowed by the identity-based policy of the role that is being assumed. +// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // -// To assume a role from a different account, your AWS account must be trusted -// by the role. The trust relationship is defined in the role's trust policy -// when the role is created. That trust policy states which accounts are allowed +// To assume a role from a different account, your account must be trusted by +// the role. The trust relationship is defined in the role's trust policy when +// the role is created. That trust policy states which accounts are allowed // to delegate that access to users in the account. // // A user who wants to access a role in a different account must also have permissions @@ -129,12 +130,12 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // // (Optional) You can include multi-factor authentication (MFA) information // when you call AssumeRole. This is useful for cross-account scenarios to ensure -// that the user that assumes the role has been authenticated with an AWS MFA -// device. In that scenario, the trust policy of the role being assumed includes -// a condition that tests for MFA authentication. If the caller does not include -// valid MFA information, the request to assume the role is denied. The condition -// in a trust policy that tests for MFA authentication might look like the following -// example. +// that the user that assumes the role has been authenticated with an Amazon +// Web Services MFA device. In that scenario, the trust policy of the role being +// assumed includes a condition that tests for MFA authentication. If the caller +// does not include valid MFA information, the request to assume the role is +// denied. The condition in a trust policy that tests for MFA authentication +// might look like the following example. // // "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}} // @@ -160,11 +161,11 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" // The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -176,7 +177,8 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // * ErrCodeExpiredTokenException "ExpiredTokenException" @@ -252,16 +254,17 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // // Returns a set of temporary security credentials for users who have been authenticated // via a SAML authentication response. This operation provides a mechanism for -// tying an enterprise identity store or directory to role-based AWS access -// without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML -// with the other API operations that produce temporary credentials, see Requesting -// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// tying an enterprise identity store or directory to role-based Amazon Web +// Services access without user-specific credentials or configuration. For a +// comparison of AssumeRoleWithSAML with the other API operations that produce +// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // The temporary security credentials returned by this operation consist of // an access key ID, a secret access key, and a security token. Applications -// can use these temporary security credentials to sign calls to AWS services. +// can use these temporary security credentials to sign calls to Amazon Web +// Services services. // // Session Duration // @@ -281,19 +284,19 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // in the IAM User Guide. // // Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining) -// limits your AWS CLI or AWS API role session to a maximum of one hour. When -// you use the AssumeRole API operation to assume a role, you can specify the -// duration of your role session with the DurationSeconds parameter. You can -// specify a parameter value of up to 43200 seconds (12 hours), depending on -// the maximum session duration setting for your role. However, if you assume +// limits your CLI or Amazon Web Services API role session to a maximum of one +// hour. When you use the AssumeRole API operation to assume a role, you can +// specify the duration of your role session with the DurationSeconds parameter. +// You can specify a parameter value of up to 43200 seconds (12 hours), depending +// on the maximum session duration setting for your role. However, if you assume // a role using role chaining and provide a DurationSeconds parameter value // greater than one hour, the operation fails. // // Permissions // // The temporary security credentials created by AssumeRoleWithSAML can be used -// to make API calls to any AWS service with the following exception: you cannot -// call the STS GetFederationToken or GetSessionToken API operations. +// to make API calls to any Amazon Web Services service with the following exception: +// you cannot call the STS GetFederationToken or GetSessionToken API operations. // // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an @@ -303,18 +306,19 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and // the session policies. You can use the role's temporary credentials in subsequent -// AWS API calls to access resources in the account that owns the role. You -// cannot use session policies to grant more permissions than those allowed -// by the identity-based policy of the role that is being assumed. For more -// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// Amazon Web Services API calls to access resources in the account that owns +// the role. You cannot use session policies to grant more permissions than +// those allowed by the identity-based policy of the role that is being assumed. +// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // -// Calling AssumeRoleWithSAML does not require the use of AWS security credentials. -// The identity of the caller is validated by using keys in the metadata document -// that is uploaded for the SAML provider entity for your identity provider. +// Calling AssumeRoleWithSAML does not require the use of Amazon Web Services +// security credentials. The identity of the caller is validated by using keys +// in the metadata document that is uploaded for the SAML provider entity for +// your identity provider. // -// Calling AssumeRoleWithSAML can result in an entry in your AWS CloudTrail -// logs. The entry includes the value in the NameID element of the SAML assertion. +// Calling AssumeRoleWithSAML can result in an entry in your CloudTrail logs. +// The entry includes the value in the NameID element of the SAML assertion. // We recommend that you use a NameIDType that is not associated with any personally // identifiable information (PII). For example, you could instead use the persistent // identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent). @@ -332,11 +336,11 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // -// An AWS conversion compresses the passed session policies and session tags -// into a packed binary format that has a separate limit. Your request can fail -// for this limit even if your plaintext meets the other requirements. The PackedPolicySize -// response element indicates by percentage how close the policies and tags -// for your request are to the upper size limit. +// An Amazon Web Services conversion compresses the passed session policies +// and session tags into a packed binary format that has a separate limit. Your +// request can fail for this limit even if your plaintext meets the other requirements. +// The PackedPolicySize response element indicates by percentage how close the +// policies and tags for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is attached to // the role. When you do, session tags override the role's tags with the same @@ -356,10 +360,11 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // SAML Configuration // // Before your application can call AssumeRoleWithSAML, you must configure your -// SAML identity provider (IdP) to issue the claims required by AWS. Additionally, -// you must use AWS Identity and Access Management (IAM) to create a SAML provider -// entity in your AWS account that represents your identity provider. You must -// also create an IAM role that specifies this SAML provider in its trust policy. +// SAML identity provider (IdP) to issue the claims required by Amazon Web Services. +// Additionally, you must use Identity and Access Management (IAM) to create +// a SAML provider entity in your Amazon Web Services account that represents +// your identity provider. You must also create an IAM role that specifies this +// SAML provider in its trust policy. // // For more information, see the following resources: // @@ -389,11 +394,11 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" // The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -409,8 +414,9 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // can also mean that the claim has expired or has been explicitly revoked. // // * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken" -// The web identity token that was passed could not be validated by AWS. Get -// a new identity token from the identity provider and then retry the request. +// The web identity token that was passed could not be validated by Amazon Web +// Services. Get a new identity token from the identity provider and then retry +// the request. // // * ErrCodeExpiredTokenException "ExpiredTokenException" // The web identity token that was passed is expired or is not valid. Get a @@ -420,7 +426,8 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML @@ -496,30 +503,33 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // Connect-compatible identity provider. // // For mobile applications, we recommend that you use Amazon Cognito. You can -// use Amazon Cognito with the AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) -// and the AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/) -// to uniquely identify a user. You can also supply the user with a consistent -// identity throughout the lifetime of an application. +// use Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide +// (http://aws.amazon.com/sdkforios/) and the Amazon Web Services SDK for Android +// Developer Guide (http://aws.amazon.com/sdkforandroid/) to uniquely identify +// a user. You can also supply the user with a consistent identity throughout +// the lifetime of an application. // // To learn more about Amazon Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840) -// in AWS SDK for Android Developer Guide and Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664) -// in the AWS SDK for iOS Developer Guide. +// in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito +// Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664) +// in the Amazon Web Services SDK for iOS Developer Guide. // -// Calling AssumeRoleWithWebIdentity does not require the use of AWS security -// credentials. Therefore, you can distribute an application (for example, on -// mobile devices) that requests temporary security credentials without including -// long-term AWS credentials in the application. You also don't need to deploy -// server-based proxy services that use long-term AWS credentials. Instead, -// the identity of the caller is validated by using a token from the web identity -// provider. For a comparison of AssumeRoleWithWebIdentity with the other API -// operations that produce temporary credentials, see Requesting Temporary Security -// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web +// Services security credentials. Therefore, you can distribute an application +// (for example, on mobile devices) that requests temporary security credentials +// without including long-term Amazon Web Services credentials in the application. +// You also don't need to deploy server-based proxy services that use long-term +// Amazon Web Services credentials. Instead, the identity of the caller is validated +// by using a token from the web identity provider. For a comparison of AssumeRoleWithWebIdentity +// with the other API operations that produce temporary credentials, see Requesting +// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // The temporary security credentials returned by this API consist of an access // key ID, a secret access key, and a security token. Applications can use these -// temporary security credentials to sign calls to AWS service API operations. +// temporary security credentials to sign calls to Amazon Web Services service +// API operations. // // Session Duration // @@ -539,8 +549,9 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // Permissions // // The temporary security credentials created by AssumeRoleWithWebIdentity can -// be used to make API calls to any AWS service with the following exception: -// you cannot call the STS GetFederationToken or GetSessionToken API operations. +// be used to make API calls to any Amazon Web Services service with the following +// exception: you cannot call the STS GetFederationToken or GetSessionToken +// API operations. // // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an @@ -550,10 +561,10 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and // the session policies. You can use the role's temporary credentials in subsequent -// AWS API calls to access resources in the account that owns the role. You -// cannot use session policies to grant more permissions than those allowed -// by the identity-based policy of the role that is being assumed. For more -// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// Amazon Web Services API calls to access resources in the account that owns +// the role. You cannot use session policies to grant more permissions than +// those allowed by the identity-based policy of the role that is being assumed. +// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // // Tags @@ -569,11 +580,11 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // -// An AWS conversion compresses the passed session policies and session tags -// into a packed binary format that has a separate limit. Your request can fail -// for this limit even if your plaintext meets the other requirements. The PackedPolicySize -// response element indicates by percentage how close the policies and tags -// for your request are to the upper size limit. +// An Amazon Web Services conversion compresses the passed session policies +// and session tags into a packed binary format that has a separate limit. Your +// request can fail for this limit even if your plaintext meets the other requirements. +// The PackedPolicySize response element indicates by percentage how close the +// policies and tags for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is attached to // the role. When you do, the session tag overrides the role tag with the same @@ -598,7 +609,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // the identity provider that is associated with the identity token. In other // words, the identity provider must be specified in the role's trust policy. // -// Calling AssumeRoleWithWebIdentity can result in an entry in your AWS CloudTrail +// Calling AssumeRoleWithWebIdentity can result in an entry in your CloudTrail // logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims) // of the provided web identity token. We recommend that you avoid using any // personally identifiable information (PII) in this field. For example, you @@ -614,10 +625,10 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // * Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/). // Walk through the process of authenticating through Login with Amazon, // Facebook, or Google, getting temporary security credentials, and then -// using those credentials to make a request to AWS. +// using those credentials to make a request to Amazon Web Services. // -// * AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and -// AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/). +// * Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) +// and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/). // These toolkits contain sample apps that show how to invoke the identity // providers. The toolkits then show how to use the information from these // providers to get and use temporary security credentials. @@ -641,11 +652,11 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" // The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -668,8 +679,9 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // error persists, the identity provider might be down or not responding. // // * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken" -// The web identity token that was passed could not be validated by AWS. Get -// a new identity token from the identity provider and then retry the request. +// The web identity token that was passed could not be validated by Amazon Web +// Services. Get a new identity token from the identity provider and then retry +// the request. // // * ErrCodeExpiredTokenException "ExpiredTokenException" // The web identity token that was passed is expired or is not valid. Get a @@ -679,7 +691,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity @@ -749,16 +762,18 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag // DecodeAuthorizationMessage API operation for AWS Security Token Service. // // Decodes additional information about the authorization status of a request -// from an encoded message returned in response to an AWS request. +// from an encoded message returned in response to an Amazon Web Services request. // // For example, if a user is not authorized to perform an operation that he // or she has requested, the request returns a Client.UnauthorizedOperation -// response (an HTTP 403 response). Some AWS operations additionally return -// an encoded message that can provide details about this authorization failure. +// response (an HTTP 403 response). Some Amazon Web Services operations additionally +// return an encoded message that can provide details about this authorization +// failure. // -// Only certain AWS operations return an encoded authorization message. The -// documentation for an individual operation indicates whether that operation -// returns an encoded message in addition to returning an HTTP code. +// Only certain Amazon Web Services operations return an encoded authorization +// message. The documentation for an individual operation indicates whether +// that operation returns an encoded message in addition to returning an HTTP +// code. // // The message is encoded because the details of the authorization status can // constitute privileged information that the user who requested the operation @@ -869,12 +884,12 @@ func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *reques // in the IAM User Guide. // // When you pass an access key ID to this operation, it returns the ID of the -// AWS account to which the keys belong. Access key IDs beginning with AKIA -// are long-term credentials for an IAM user or the AWS account root user. Access -// key IDs beginning with ASIA are temporary credentials that are created using -// STS operations. If the account in the response belongs to you, you can sign -// in as the root user and review your root user access keys. Then, you can -// pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html) +// Amazon Web Services account to which the keys belong. Access key IDs beginning +// with AKIA are long-term credentials for an IAM user or the Amazon Web Services +// account root user. Access key IDs beginning with ASIA are temporary credentials +// that are created using STS operations. If the account in the response belongs +// to you, you can sign in as the root user and review your root user access +// keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html) // to learn which IAM user owns the keys. To learn who requested the temporary // credentials for an ASIA access key, view the STS events in your CloudTrail // logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) @@ -1050,7 +1065,7 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // For a comparison of GetFederationToken with the other API operations that // produce temporary credentials, see Requesting Temporary Security Credentials // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // You can create a mobile-based or browser-based app that can authenticate @@ -1062,11 +1077,11 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // in the IAM User Guide. // // You can also call GetFederationToken using the security credentials of an -// AWS account root user, but we do not recommend it. Instead, we recommend -// that you create an IAM user for the purpose of the proxy application. Then -// attach a policy to the IAM user that limits federated users to only the actions -// and resources that they need to access. For more information, see IAM Best -// Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) +// Amazon Web Services account root user, but we do not recommend it. Instead, +// we recommend that you create an IAM user for the purpose of the proxy application. +// Then attach a policy to the IAM user that limits federated users to only +// the actions and resources that they need to access. For more information, +// see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) // in the IAM User Guide. // // Session duration @@ -1074,15 +1089,16 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // The temporary credentials are valid for the specified duration, from 900 // seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default // session duration is 43,200 seconds (12 hours). Temporary credentials that -// are obtained by using AWS account root user credentials have a maximum duration -// of 3,600 seconds (1 hour). +// are obtained by using Amazon Web Services account root user credentials have +// a maximum duration of 3,600 seconds (1 hour). // // Permissions // // You can use the temporary credentials created by GetFederationToken in any -// AWS service except the following: +// Amazon Web Services service except the following: // -// * You cannot call any IAM operations using the AWS CLI or the AWS API. +// * You cannot call any IAM operations using the CLI or the Amazon Web Services +// API. // // * You cannot call any STS operations except GetCallerIdentity. // @@ -1126,11 +1142,11 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // in the IAM User Guide. // // You can also call GetFederationToken using the security credentials of an -// AWS account root user, but we do not recommend it. Instead, we recommend -// that you create an IAM user for the purpose of the proxy application. Then -// attach a policy to the IAM user that limits federated users to only the actions -// and resources that they need to access. For more information, see IAM Best -// Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) +// Amazon Web Services account root user, but we do not recommend it. Instead, +// we recommend that you create an IAM user for the purpose of the proxy application. +// Then attach a policy to the IAM user that limits federated users to only +// the actions and resources that they need to access. For more information, +// see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) // in the IAM User Guide. // // Session duration @@ -1138,15 +1154,16 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // The temporary credentials are valid for the specified duration, from 900 // seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default // session duration is 43,200 seconds (12 hours). Temporary credentials that -// are obtained by using AWS account root user credentials have a maximum duration -// of 3,600 seconds (1 hour). +// are obtained by using Amazon Web Services account root user credentials have +// a maximum duration of 3,600 seconds (1 hour). // // Permissions // // You can use the temporary credentials created by GetFederationToken in any -// AWS service except the following: +// Amazon Web Services service except the following: // -// * You cannot call any IAM operations using the AWS CLI or the AWS API. +// * You cannot call any IAM operations using the CLI or the Amazon Web Services +// API. // // * You cannot call any STS operations except GetCallerIdentity. // @@ -1208,11 +1225,11 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" // The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -1224,7 +1241,8 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken @@ -1293,51 +1311,53 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // GetSessionToken API operation for AWS Security Token Service. // -// Returns a set of temporary credentials for an AWS account or IAM user. The -// credentials consist of an access key ID, a secret access key, and a security -// token. Typically, you use GetSessionToken if you want to use MFA to protect -// programmatic calls to specific AWS API operations like Amazon EC2 StopInstances. -// MFA-enabled IAM users would need to call GetSessionToken and submit an MFA -// code that is associated with their MFA device. Using the temporary security -// credentials that are returned from the call, IAM users can then make programmatic -// calls to API operations that require MFA authentication. If you do not supply -// a correct MFA code, then the API returns an access denied error. For a comparison -// of GetSessionToken with the other API operations that produce temporary credentials, -// see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// Returns a set of temporary credentials for an Amazon Web Services account +// or IAM user. The credentials consist of an access key ID, a secret access +// key, and a security token. Typically, you use GetSessionToken if you want +// to use MFA to protect programmatic calls to specific Amazon Web Services +// API operations like Amazon EC2 StopInstances. MFA-enabled IAM users would +// need to call GetSessionToken and submit an MFA code that is associated with +// their MFA device. Using the temporary security credentials that are returned +// from the call, IAM users can then make programmatic calls to API operations +// that require MFA authentication. If you do not supply a correct MFA code, +// then the API returns an access denied error. For a comparison of GetSessionToken +// with the other API operations that produce temporary credentials, see Requesting +// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // Session Duration // -// The GetSessionToken operation must be called by using the long-term AWS security -// credentials of the AWS account root user or an IAM user. Credentials that -// are created by IAM users are valid for the duration that you specify. This -// duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 -// seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials -// based on account credentials can range from 900 seconds (15 minutes) up to -// 3,600 seconds (1 hour), with a default of 1 hour. +// The GetSessionToken operation must be called by using the long-term Amazon +// Web Services security credentials of the Amazon Web Services account root +// user or an IAM user. Credentials that are created by IAM users are valid +// for the duration that you specify. This duration can range from 900 seconds +// (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default +// of 43,200 seconds (12 hours). Credentials based on account credentials can +// range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a +// default of 1 hour. // // Permissions // // The temporary security credentials created by GetSessionToken can be used -// to make API calls to any AWS service with the following exceptions: +// to make API calls to any Amazon Web Services service with the following exceptions: // // * You cannot call any IAM API operations unless MFA authentication information // is included in the request. // // * You cannot call any STS API except AssumeRole or GetCallerIdentity. // -// We recommend that you do not call GetSessionToken with AWS account root user -// credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) +// We recommend that you do not call GetSessionToken with Amazon Web Services +// account root user credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) // by creating one or more IAM users, giving them the necessary permissions, -// and using IAM users for everyday interaction with AWS. +// and using IAM users for everyday interaction with Amazon Web Services. // // The credentials that are returned by GetSessionToken are based on permissions // associated with the user whose credentials were used to call the operation. -// If GetSessionToken is called using AWS account root user credentials, the -// temporary credentials have root user permissions. Similarly, if GetSessionToken -// is called using the credentials of an IAM user, the temporary credentials -// have the same permissions as the IAM user. +// If GetSessionToken is called using Amazon Web Services account root user +// credentials, the temporary credentials have root user permissions. Similarly, +// if GetSessionToken is called using the credentials of an IAM user, the temporary +// credentials have the same permissions as the IAM user. // // For more information about using GetSessionToken to create temporary credentials, // go to Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) @@ -1355,7 +1375,8 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken @@ -1401,7 +1422,7 @@ type AssumeRoleInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` @@ -1413,8 +1434,8 @@ type AssumeRoleInput struct { // of the trusting account might send an external ID to the administrator of // the trusted account. That way, only someone with the ID can assume the role, // rather than everyone in the account. For more information about the external - // ID, see How to Use an External ID When Granting Access to Your AWS Resources - // to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) + // ID, see How to Use an External ID When Granting Access to Your Amazon Web + // Services Resources to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) // in the IAM User Guide. // // The regex used to validate this parameter is a string of characters consisting @@ -1427,10 +1448,11 @@ type AssumeRoleInput struct { // This parameter is optional. Passing policies to this operation returns new // temporary credentials. The resulting session's permissions are the intersection // of the role's identity-based policy and the session policies. You can use - // the role's temporary credentials in subsequent AWS API calls to access resources - // in the account that owns the role. You cannot use session policies to grant - // more permissions than those allowed by the identity-based policy of the role - // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // the role's temporary credentials in subsequent Amazon Web Services API calls + // to access resources in the account that owns the role. You cannot use session + // policies to grant more permissions than those allowed by the identity-based + // policy of the role that is being assumed. For more information, see Session + // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // // The plaintext that you use for both inline and managed session policies can't @@ -1439,11 +1461,11 @@ type AssumeRoleInput struct { // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -1453,22 +1475,22 @@ type AssumeRoleInput struct { // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plaintext that you use for both inline and managed session policies // can't exceed 2,048 characters. For more information about ARNs, see Amazon - // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based // policy and the session policies. You can use the role's temporary credentials - // in subsequent AWS API calls to access resources in the account that owns - // the role. You cannot use session policies to grant more permissions than - // those allowed by the identity-based policy of the role that is being assumed. - // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in subsequent Amazon Web Services API calls to access resources in the account + // that owns the role. You cannot use session policies to grant more permissions + // than those allowed by the identity-based policy of the role that is being + // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` @@ -1485,7 +1507,7 @@ type AssumeRoleInput struct { // account that owns the role. The role session name is also used in the ARN // of the assumed role principal. This means that subsequent cross-account API // requests that use the temporary security credentials will expose the role - // session name to the external account in their AWS CloudTrail logs. + // session name to the external account in their CloudTrail logs. // // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can @@ -1510,23 +1532,23 @@ type AssumeRoleInput struct { // // You can require users to specify a source identity when they assume a role. // You do this by using the sts:SourceIdentity condition key in a role trust - // policy. You can use source identity information in AWS CloudTrail logs to - // determine who took actions with a role. You can use the aws:SourceIdentity - // condition key to further control access to AWS resources based on the value - // of source identity. For more information about using source identity, see - // Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // policy. You can use source identity information in CloudTrail logs to determine + // who took actions with a role. You can use the aws:SourceIdentity condition + // key to further control access to Amazon Web Services resources based on the + // value of source identity. For more information about using source identity, + // see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) // in the IAM User Guide. // // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can // also include underscores or any of the following characters: =,.@-. You cannot - // use a value that begins with the text aws:. This prefix is reserved for AWS - // internal use. + // use a value that begins with the text aws:. This prefix is reserved for Amazon + // Web Services internal use. SourceIdentity *string `min:"2" type:"string"` // A list of session tags that you want to pass. Each session tag consists of // a key name and an associated value. For more information about session tags, - // see Tagging AWS STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) + // see Tagging STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // This parameter is optional. You can pass up to 50 session tags. The plaintext @@ -1535,11 +1557,11 @@ type AssumeRoleInput struct { // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is already attached // to the role. When you do, session tags override a role tag with the same @@ -1554,7 +1576,7 @@ type AssumeRoleInput struct { // Additionally, if you used temporary credentials to perform this operation, // the new session inherits any transitive session tags from the calling session. // If you pass a session tag with the same key as an inherited tag, the operation - // fails. To view the inherited tags for a session, see the AWS CloudTrail logs. + // fails. To view the inherited tags for a session, see the CloudTrail logs. // For more information, see Viewing Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs) // in the IAM User Guide. Tags []*Tag `type:"list"` @@ -1720,7 +1742,8 @@ func (s *AssumeRoleInput) SetTransitiveTagKeys(v []*string) *AssumeRoleInput { } // Contains the response to a successful AssumeRole request, including temporary -// AWS credentials that can be used to make AWS requests. +// Amazon Web Services credentials that can be used to make Amazon Web Services +// requests. type AssumeRoleOutput struct { _ struct{} `type:"structure"` @@ -1749,11 +1772,11 @@ type AssumeRoleOutput struct { // // You can require users to specify a source identity when they assume a role. // You do this by using the sts:SourceIdentity condition key in a role trust - // policy. You can use source identity information in AWS CloudTrail logs to - // determine who took actions with a role. You can use the aws:SourceIdentity - // condition key to further control access to AWS resources based on the value - // of source identity. For more information about using source identity, see - // Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // policy. You can use source identity information in CloudTrail logs to determine + // who took actions with a role. You can use the aws:SourceIdentity condition + // key to further control access to Amazon Web Services resources based on the + // value of source identity. For more information about using source identity, + // see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) // in the IAM User Guide. // // The regex used to validate this parameter is a string of characters consisting @@ -1819,7 +1842,7 @@ type AssumeRoleWithSAMLInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` @@ -1828,10 +1851,11 @@ type AssumeRoleWithSAMLInput struct { // This parameter is optional. Passing policies to this operation returns new // temporary credentials. The resulting session's permissions are the intersection // of the role's identity-based policy and the session policies. You can use - // the role's temporary credentials in subsequent AWS API calls to access resources - // in the account that owns the role. You cannot use session policies to grant - // more permissions than those allowed by the identity-based policy of the role - // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // the role's temporary credentials in subsequent Amazon Web Services API calls + // to access resources in the account that owns the role. You cannot use session + // policies to grant more permissions than those allowed by the identity-based + // policy of the role that is being assumed. For more information, see Session + // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // // The plaintext that you use for both inline and managed session policies can't @@ -1840,11 +1864,11 @@ type AssumeRoleWithSAMLInput struct { // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -1854,22 +1878,22 @@ type AssumeRoleWithSAMLInput struct { // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plaintext that you use for both inline and managed session policies // can't exceed 2,048 characters. For more information about ARNs, see Amazon - // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based // policy and the session policies. You can use the role's temporary credentials - // in subsequent AWS API calls to access resources in the account that owns - // the role. You cannot use session policies to grant more permissions than - // those allowed by the identity-based policy of the role that is being assumed. - // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in subsequent Amazon Web Services API calls to access resources in the account + // that owns the role. You cannot use session policies to grant more permissions + // than those allowed by the identity-based policy of the role that is being + // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` @@ -1984,7 +2008,8 @@ func (s *AssumeRoleWithSAMLInput) SetSAMLAssertion(v string) *AssumeRoleWithSAML } // Contains the response to a successful AssumeRoleWithSAML request, including -// temporary AWS credentials that can be used to make AWS requests. +// temporary Amazon Web Services credentials that can be used to make Amazon +// Web Services requests. type AssumeRoleWithSAMLOutput struct { _ struct{} `type:"structure"` @@ -2010,7 +2035,7 @@ type AssumeRoleWithSAMLOutput struct { // // * The Issuer response value. // - // * The AWS account ID. + // * The Amazon Web Services account ID. // // * The friendly name (the last part of the ARN) of the SAML provider in // IAM. @@ -2148,7 +2173,7 @@ type AssumeRoleWithWebIdentityInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` @@ -2157,10 +2182,11 @@ type AssumeRoleWithWebIdentityInput struct { // This parameter is optional. Passing policies to this operation returns new // temporary credentials. The resulting session's permissions are the intersection // of the role's identity-based policy and the session policies. You can use - // the role's temporary credentials in subsequent AWS API calls to access resources - // in the account that owns the role. You cannot use session policies to grant - // more permissions than those allowed by the identity-based policy of the role - // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // the role's temporary credentials in subsequent Amazon Web Services API calls + // to access resources in the account that owns the role. You cannot use session + // policies to grant more permissions than those allowed by the identity-based + // policy of the role that is being assumed. For more information, see Session + // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // // The plaintext that you use for both inline and managed session policies can't @@ -2169,11 +2195,11 @@ type AssumeRoleWithWebIdentityInput struct { // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -2183,22 +2209,22 @@ type AssumeRoleWithWebIdentityInput struct { // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plaintext that you use for both inline and managed session policies // can't exceed 2,048 characters. For more information about ARNs, see Amazon - // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based // policy and the session policies. You can use the role's temporary credentials - // in subsequent AWS API calls to access resources in the account that owns - // the role. You cannot use session policies to grant more permissions than - // those allowed by the identity-based policy of the role that is being assumed. - // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in subsequent Amazon Web Services API calls to access resources in the account + // that owns the role. You cannot use session policies to grant more permissions + // than those allowed by the identity-based policy of the role that is being + // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` @@ -2338,7 +2364,8 @@ func (s *AssumeRoleWithWebIdentityInput) SetWebIdentityToken(v string) *AssumeRo } // Contains the response to a successful AssumeRoleWithWebIdentity request, -// including temporary AWS credentials that can be used to make AWS requests. +// including temporary Amazon Web Services credentials that can be used to make +// Amazon Web Services requests. type AssumeRoleWithWebIdentityOutput struct { _ struct{} `type:"structure"` @@ -2471,8 +2498,8 @@ type AssumedRoleUser struct { Arn *string `min:"20" type:"string" required:"true"` // A unique identifier that contains the role ID and the role session name of - // the role that is being assumed. The role ID is generated by AWS when the - // role is created. + // the role that is being assumed. The role ID is generated by Amazon Web Services + // when the role is created. // // AssumedRoleId is a required field AssumedRoleId *string `min:"2" type:"string" required:"true"` @@ -2500,7 +2527,7 @@ func (s *AssumedRoleUser) SetAssumedRoleId(v string) *AssumedRoleUser { return s } -// AWS credentials for API authentication. +// Amazon Web Services credentials for API authentication. type Credentials struct { _ struct{} `type:"structure"` @@ -2601,8 +2628,8 @@ func (s *DecodeAuthorizationMessageInput) SetEncodedMessage(v string) *DecodeAut } // A document that contains additional information about the authorization status -// of a request from an encoded message that is returned in response to an AWS -// request. +// of a request from an encoded message that is returned in response to an Amazon +// Web Services request. type DecodeAuthorizationMessageOutput struct { _ struct{} `type:"structure"` @@ -2714,7 +2741,7 @@ func (s *GetAccessKeyInfoInput) SetAccessKeyId(v string) *GetAccessKeyInfoInput type GetAccessKeyInfoOutput struct { _ struct{} `type:"structure"` - // The number used to identify the AWS account. + // The number used to identify the Amazon Web Services account. Account *string `type:"string"` } @@ -2753,11 +2780,11 @@ func (s GetCallerIdentityInput) GoString() string { type GetCallerIdentityOutput struct { _ struct{} `type:"structure"` - // The AWS account ID number of the account that owns or contains the calling - // entity. + // The Amazon Web Services account ID number of the account that owns or contains + // the calling entity. Account *string `type:"string"` - // The AWS ARN associated with the calling entity. + // The Amazon Web Services ARN associated with the calling entity. Arn *string `min:"20" type:"string"` // The unique identifier of the calling entity. The exact value depends on the @@ -2801,9 +2828,10 @@ type GetFederationTokenInput struct { // The duration, in seconds, that the session should last. Acceptable durations // for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds // (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained - // using AWS account root user credentials are restricted to a maximum of 3,600 - // seconds (one hour). If the specified duration is longer than one hour, the - // session obtained by using root user credentials defaults to one hour. + // using Amazon Web Services account root user credentials are restricted to + // a maximum of 3,600 seconds (one hour). If the specified duration is longer + // than one hour, the session obtained by using root user credentials defaults + // to one hour. DurationSeconds *int64 `min:"900" type:"integer"` // The name of the federated user. The name is used as an identifier for the @@ -2848,11 +2876,11 @@ type GetFederationTokenInput struct { // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -2865,8 +2893,8 @@ type GetFederationTokenInput struct { // use as managed session policies. The plaintext that you use for both inline // and managed session policies can't exceed 2,048 characters. You can provide // up to 10 managed policy ARNs. For more information about ARNs, see Amazon - // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. // // This parameter is optional. However, if you do not pass any session policies, // then the resulting federated user session has no permissions. @@ -2885,11 +2913,11 @@ type GetFederationTokenInput struct { // by the policy. These permissions are granted in addition to the permissions // that are granted by the session policies. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. PolicyArns []*PolicyDescriptorType `type:"list"` // A list of session tags. Each session tag consists of a key name and an associated @@ -2903,11 +2931,11 @@ type GetFederationTokenInput struct { // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is already attached // to the user you are federating. When you do, session tags override a user @@ -3004,7 +3032,8 @@ func (s *GetFederationTokenInput) SetTags(v []*Tag) *GetFederationTokenInput { } // Contains the response to a successful GetFederationToken request, including -// temporary AWS credentials that can be used to make AWS requests. +// temporary Amazon Web Services credentials that can be used to make Amazon +// Web Services requests. type GetFederationTokenOutput struct { _ struct{} `type:"structure"` @@ -3062,9 +3091,9 @@ type GetSessionTokenInput struct { // The duration, in seconds, that the credentials should remain valid. Acceptable // durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 // seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions - // for AWS account owners are restricted to a maximum of 3,600 seconds (one - // hour). If the duration is longer than one hour, the session for AWS account - // owners defaults to one hour. + // for Amazon Web Services account owners are restricted to a maximum of 3,600 + // seconds (one hour). If the duration is longer than one hour, the session + // for Amazon Web Services account owners defaults to one hour. DurationSeconds *int64 `min:"900" type:"integer"` // The identification number of the MFA device that is associated with the IAM @@ -3072,7 +3101,7 @@ type GetSessionTokenInput struct { // user has a policy that requires MFA authentication. The value is either the // serial number for a hardware device (such as GAHT12345678) or an Amazon Resource // Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). - // You can find the device for an IAM user by going to the AWS Management Console + // You can find the device for an IAM user by going to the Management Console // and viewing the user's security credentials. // // The regex used to validate this parameter is a string of characters consisting @@ -3139,7 +3168,8 @@ func (s *GetSessionTokenInput) SetTokenCode(v string) *GetSessionTokenInput { } // Contains the response to a successful GetSessionToken request, including -// temporary AWS credentials that can be used to make AWS requests. +// temporary Amazon Web Services credentials that can be used to make Amazon +// Web Services requests. type GetSessionTokenOutput struct { _ struct{} `type:"structure"` @@ -3174,8 +3204,8 @@ type PolicyDescriptorType struct { // The Amazon Resource Name (ARN) of the IAM managed policy to use as a session // policy for the role. For more information about ARNs, see Amazon Resource - // Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. Arn *string `locationName:"arn" min:"20" type:"string"` } @@ -3210,9 +3240,9 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType { // You can pass custom key-value pair attributes when you assume a role or federate // a user. These are called session tags. You can then use the session tags -// to control access to resources. For more information, see Tagging AWS STS -// Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) -// in the IAM User Guide. +// to control access to resources. For more information, see Tagging STS Sessions +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in +// the IAM User Guide. type Tag struct { _ struct{} `type:"structure"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go index cb1debbaa..2d98d9235 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go @@ -3,11 +3,11 @@ // Package sts provides the client and types for making API // requests to AWS Security Token Service. // -// AWS Security Token Service (STS) enables you to request temporary, limited-privilege -// credentials for AWS Identity and Access Management (IAM) users or for users -// that you authenticate (federated users). This guide provides descriptions -// of the STS API. For more information about using this service, see Temporary -// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). +// Security Token Service (STS) enables you to request temporary, limited-privilege +// credentials for Identity and Access Management (IAM) users or for users that +// you authenticate (federated users). This guide provides descriptions of the +// STS API. For more information about using this service, see Temporary Security +// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). // // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service. // diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go index a233f542e..7897d70c8 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go @@ -42,8 +42,9 @@ const ( // ErrCodeInvalidIdentityTokenException for service response error code // "InvalidIdentityToken". // - // The web identity token that was passed could not be validated by AWS. Get - // a new identity token from the identity provider and then retry the request. + // The web identity token that was passed could not be validated by Amazon Web + // Services. Get a new identity token from the identity provider and then retry + // the request. ErrCodeInvalidIdentityTokenException = "InvalidIdentityToken" // ErrCodeMalformedPolicyDocumentException for service response error code @@ -57,11 +58,11 @@ const ( // "PackedPolicyTooLarge". // // The request was rejected because the total packed size of the session policies - // and session tags combined was too large. An AWS conversion compresses the - // session policy document, session policy ARNs, and session tags into a packed - // binary format that has a separate limit. The error message indicates by percentage - // how close the policies and tags are to the upper size limit. For more information, - // see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) + // and session tags combined was too large. An Amazon Web Services conversion + // compresses the session policy document, session policy ARNs, and session + // tags into a packed binary format that has a separate limit. The error message + // indicates by percentage how close the policies and tags are to the upper + // size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -76,7 +77,8 @@ const ( // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating - // and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) + // and Deactivating Amazon Web Services STS in an Amazon Web Services Region + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. ErrCodeRegionDisabledException = "RegionDisabledException" ) diff --git a/vendor/github.com/onsi/gomega/CHANGELOG.md b/vendor/github.com/onsi/gomega/CHANGELOG.md index 4783c0d43..18190e8b9 100644 --- a/vendor/github.com/onsi/gomega/CHANGELOG.md +++ b/vendor/github.com/onsi/gomega/CHANGELOG.md @@ -1,3 +1,37 @@ +## 1.16.0 + +### Features +- feat: HaveHTTPStatus multiple expected values (#465) [aa69f1b] +- feat: HaveHTTPHeaderWithValue() matcher (#463) [dd83a96] +- feat: HaveHTTPBody matcher (#462) [504e1f2] +- feat: formatter for HTTP responses (#461) [e5b3157] + +## 1.15.0 + +### Fixes +The previous version (1.14.0) introduced a change to allow `Eventually` and `Consistently` to support functions that make assertions. This was accomplished by overriding the global fail handler when running the callbacks passed to `Eventually/Consistently` in order to capture any resulting errors. Issue #457 uncovered a flaw with this approach: when multiple `Eventually`s are running concurrently they race when overriding the singleton global fail handler. + +1.15.0 resolves this by requiring users who want to make assertions in `Eventually/Consistently` call backs to explicitly pass in a function that takes a `Gomega` as an argument. The passed-in `Gomega` instance can be used to make assertions. Any failures will cause `Eventually` to retry the callback. This cleaner interface avoids the issue of swapping out globals but comes at the cost of changing the contract introduced in v1.14.0. As such 1.15.0 introduces a breaking change with respect to 1.14.0 - however we expect that adoption of this feature in 1.14.0 remains limited. + +In addition, 1.15.0 cleans up some of Gomega's internals. Most users shouldn't notice any differences stemming from the refactoring that was made. + +## 1.14.0 + +### Features +- gmeasure.SamplingConfig now suppers a MinSamplingInterval [e94dbca] +- Eventually and Consistently support functions that make assertions [2f04e6e] + - Eventually and Consistently now allow their passed-in functions to make assertions. + These assertions must pass or the function is considered to have failed and is retried. + - Eventually and Consistently can now take functions with no return values. These implicitly return nil + if they contain no failed assertion. Otherwise they return an error wrapping the first assertion failure. This allows + these functions to be used with the Succeed() matcher. + - Introduce InterceptGomegaFailure - an analogue to InterceptGomegaFailures - that captures the first assertion failure + and halts execution in its passed-in callback. + +### Fixes +- Call Verify GHTTPWithGomega receiver funcs (#454) [496e6fd] +- Build a binary with an expected name (#446) [7356360] + ## 1.13.0 ### Features diff --git a/vendor/github.com/onsi/gomega/README.md b/vendor/github.com/onsi/gomega/README.md index 76aa6b558..d45a8c4e5 100644 --- a/vendor/github.com/onsi/gomega/README.md +++ b/vendor/github.com/onsi/gomega/README.md @@ -1,6 +1,6 @@ ![Gomega: Ginkgo's Preferred Matcher Library](http://onsi.github.io/gomega/images/gomega.png) -[![Build Status](https://travis-ci.org/onsi/gomega.svg?branch=master)](https://travis-ci.org/onsi/gomega) +[![test](https://github.com/onsi/gomega/actions/workflows/test.yml/badge.svg)](https://github.com/onsi/gomega/actions/workflows/test.yml) Jump straight to the [docs](http://onsi.github.io/gomega/) to learn about Gomega, including a list of [all available matchers](http://onsi.github.io/gomega/#provided-matchers). diff --git a/vendor/github.com/onsi/gomega/env.go b/vendor/github.com/onsi/gomega/env.go deleted file mode 100644 index 62fd885a9..000000000 --- a/vendor/github.com/onsi/gomega/env.go +++ /dev/null @@ -1,40 +0,0 @@ -package gomega - -import ( - "os" - - "github.com/onsi/gomega/internal/defaults" -) - -const ( - ConsistentlyDurationEnvVarName = "GOMEGA_DEFAULT_CONSISTENTLY_DURATION" - ConsistentlyPollingIntervalEnvVarName = "GOMEGA_DEFAULT_CONSISTENTLY_POLLING_INTERVAL" - EventuallyTimeoutEnvVarName = "GOMEGA_DEFAULT_EVENTUALLY_TIMEOUT" - EventuallyPollingIntervalEnvVarName = "GOMEGA_DEFAULT_EVENTUALLY_POLLING_INTERVAL" -) - -func init() { - defaults.SetDurationFromEnv( - os.Getenv, - SetDefaultConsistentlyDuration, - ConsistentlyDurationEnvVarName, - ) - - defaults.SetDurationFromEnv( - os.Getenv, - SetDefaultConsistentlyPollingInterval, - ConsistentlyPollingIntervalEnvVarName, - ) - - defaults.SetDurationFromEnv( - os.Getenv, - SetDefaultEventuallyTimeout, - EventuallyTimeoutEnvVarName, - ) - - defaults.SetDurationFromEnv( - os.Getenv, - SetDefaultEventuallyPollingInterval, - EventuallyPollingIntervalEnvVarName, - ) -} diff --git a/vendor/github.com/onsi/gomega/go.mod b/vendor/github.com/onsi/gomega/go.mod index f74d9ea10..7fea4ac07 100644 --- a/vendor/github.com/onsi/gomega/go.mod +++ b/vendor/github.com/onsi/gomega/go.mod @@ -1,10 +1,10 @@ module github.com/onsi/gomega -go 1.14 +go 1.16 require ( github.com/golang/protobuf v1.5.2 - github.com/onsi/ginkgo v1.16.2 + github.com/onsi/ginkgo v1.16.4 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781 gopkg.in/yaml.v2 v2.4.0 ) diff --git a/vendor/github.com/onsi/gomega/go.sum b/vendor/github.com/onsi/gomega/go.sum index 1ae731a5c..56f1b44e2 100644 --- a/vendor/github.com/onsi/gomega/go.sum +++ b/vendor/github.com/onsi/gomega/go.sum @@ -1,8 +1,10 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= @@ -19,23 +21,30 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.16.2 h1:HFB2fbVIlhIfCfOW81bZFbiC/RvnpXSdhbF2/DJr134= -github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E= +github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= +github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/yuin/goldmark v1.2.1 h1:ruQGxdhGHe7FWOJPT0mKs5+pD2Xs1Bm/kdGlHO04FmM= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -46,6 +55,7 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781 h1:DzZ89McO9/gWPsQXS/FVKAlG0 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 h1:SQFwaSi55rU7vdNs9Yr0Z324VNlrF+0wMqRXT4St8ck= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -59,6 +69,7 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da h1:b3NXsE2LusjYGGjL5bxEVZZORm/YEFFrWFjR8eFrw/c= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -66,6 +77,7 @@ golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e h1:4nW4NLDYnU28ojHaHO8OVxFHk/aQ33U01a9cjED+pzE= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -83,6 +95,7 @@ google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/l google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= diff --git a/vendor/github.com/onsi/gomega/gomega_dsl.go b/vendor/github.com/onsi/gomega/gomega_dsl.go index a05b34b27..84775142c 100644 --- a/vendor/github.com/onsi/gomega/gomega_dsl.go +++ b/vendor/github.com/onsi/gomega/gomega_dsl.go @@ -14,101 +14,148 @@ Gomega is MIT-Licensed package gomega import ( + "errors" "fmt" - "reflect" "time" - "github.com/onsi/gomega/internal/assertion" - "github.com/onsi/gomega/internal/asyncassertion" - "github.com/onsi/gomega/internal/testingtsupport" + "github.com/onsi/gomega/internal" "github.com/onsi/gomega/types" ) -const GOMEGA_VERSION = "1.13.0" +const GOMEGA_VERSION = "1.16.0" -const nilFailHandlerPanic = `You are trying to make an assertion, but Gomega's fail handler is nil. +const nilGomegaPanic = `You are trying to make an assertion, but haven't registered Gomega's fail handler. If you're using Ginkgo then you probably forgot to put your assertion in an It(). Alternatively, you may have forgotten to register a fail handler with RegisterFailHandler() or RegisterTestingT(). Depending on your vendoring solution you may be inadvertently importing gomega and subpackages (e.g. ghhtp, gexec,...) from different locations. ` -var globalFailWrapper *types.GomegaFailWrapper +// Gomega describes the essential Gomega DSL. This interface allows libraries +// to abstract between the standard package-level function implementations +// and alternatives like *WithT. +// +// The types in the top-level DSL have gotten a bit messy due to earlier depracations that avoid stuttering +// and due to an accidental use of a concrete type (*WithT) in an earlier release. +// +// As of 1.15 both the WithT and Ginkgo variants of Gomega are implemented by the same underlying object +// however one (the Ginkgo variant) is exported as an interface (types.Gomega) whereas the other (the withT variant) +// is shared as a concrete type (*WithT, which is aliased to *internal.Gomega). 1.15 did not clean this mess up to ensure +// that declarations of *WithT in existing code are not broken by the upgrade to 1.15. +type Gomega = types.Gomega -var defaultEventuallyTimeout = time.Second -var defaultEventuallyPollingInterval = 10 * time.Millisecond -var defaultConsistentlyDuration = 100 * time.Millisecond -var defaultConsistentlyPollingInterval = 10 * time.Millisecond +// DefaultGomega supplies the standard package-level implementation +var Default = Gomega(internal.NewGomega(internal.FetchDefaultDurationBundle())) + +// NewGomega returns an instance of Gomega wired into the passed-in fail handler. +// You generally don't need to use this when using Ginkgo - RegisterFailHandler will wire up the global gomega +// However creating a NewGomega with a custom fail handler can be useful in contexts where you want to use Gomega's +// rich ecosystem of matchers without causing a test to fail. For example, to aggregate a series of potential failures +// or for use in a non-test setting. +func NewGomega(fail types.GomegaFailHandler) Gomega { + return internal.NewGomega(Default.(*internal.Gomega).DurationBundle).ConfigureWithFailHandler(fail) +} + +// WithT wraps a *testing.T and provides `Expect`, `Eventually`, and `Consistently` methods. This allows you to leverage +// Gomega's rich ecosystem of matchers in standard `testing` test suites. +// +// Use `NewWithT` to instantiate a `WithT` +// +// As of 1.15 both the WithT and Ginkgo variants of Gomega are implemented by the same underlying object +// however one (the Ginkgo variant) is exported as an interface (types.Gomega) whereas the other (the withT variant) +// is shared as a concrete type (*WithT, which is aliased to *internal.Gomega). 1.15 did not clean this mess up to ensure +// that declarations of *WithT in existing code are not broken by the upgrade to 1.15. +type WithT = internal.Gomega + +// GomegaWithT is deprecated in favor of gomega.WithT, which does not stutter. +type GomegaWithT = WithT + +// NewWithT takes a *testing.T and returngs a `gomega.WithT` allowing you to use `Expect`, `Eventually`, and `Consistently` along with +// Gomega's rich ecosystem of matchers in standard `testing` test suits. +// +// func TestFarmHasCow(t *testing.T) { +// g := gomega.NewWithT(t) +// +// f := farm.New([]string{"Cow", "Horse"}) +// g.Expect(f.HasCow()).To(BeTrue(), "Farm should have cow") +// } +func NewWithT(t types.GomegaTestingT) *WithT { + return internal.NewGomega(Default.(*internal.Gomega).DurationBundle).ConfigureWithT(t) +} + +// NewGomegaWithT is deprecated in favor of gomega.NewWithT, which does not stutter. +var NewGomegaWithT = NewWithT // RegisterFailHandler connects Ginkgo to Gomega. When a matcher fails // the fail handler passed into RegisterFailHandler is called. -func RegisterFailHandler(handler types.GomegaFailHandler) { - RegisterFailHandlerWithT(testingtsupport.EmptyTWithHelper{}, handler) +func RegisterFailHandler(fail types.GomegaFailHandler) { + Default.(*internal.Gomega).ConfigureWithFailHandler(fail) } -// RegisterFailHandlerWithT ensures that the given types.TWithHelper and fail handler -// are used globally. -func RegisterFailHandlerWithT(t types.TWithHelper, handler types.GomegaFailHandler) { - if handler == nil { - globalFailWrapper = nil - return - } - - globalFailWrapper = &types.GomegaFailWrapper{ - Fail: handler, - TWithHelper: t, - } +// RegisterFailHandlerWithT is deprecated and will be removed in a future release. +// users should use RegisterFailHandler, or RegisterTestingT +func RegisterFailHandlerWithT(_ types.GomegaTestingT, fail types.GomegaFailHandler) { + fmt.Println("RegisterFailHandlerWithT is deprecated. Please use RegisterFailHandler or RegisterTestingT instead.") + Default.(*internal.Gomega).ConfigureWithFailHandler(fail) } // RegisterTestingT connects Gomega to Golang's XUnit style -// Testing.T tests. It is now deprecated and you should use NewWithT() instead. -// -// Legacy Documentation: -// -// You'll need to call this at the top of each XUnit style test: -// -// func TestFarmHasCow(t *testing.T) { -// RegisterTestingT(t) -// -// f := farm.New([]string{"Cow", "Horse"}) -// Expect(f.HasCow()).To(BeTrue(), "Farm should have cow") -// } -// -// Note that this *testing.T is registered *globally* by Gomega (this is why you don't have to -// pass `t` down to the matcher itself). This means that you cannot run the XUnit style tests -// in parallel as the global fail handler cannot point to more than one testing.T at a time. -// -// NewWithT() does not have this limitation -// -// (As an aside: Ginkgo gets around this limitation by running parallel tests in different *processes*). +// Testing.T tests. It is now deprecated and you should use NewWithT() instead to get a fresh instance of Gomega for each test. func RegisterTestingT(t types.GomegaTestingT) { - tWithHelper, hasHelper := t.(types.TWithHelper) - if !hasHelper { - RegisterFailHandler(testingtsupport.BuildTestingTGomegaFailWrapper(t).Fail) - return - } - RegisterFailHandlerWithT(tWithHelper, testingtsupport.BuildTestingTGomegaFailWrapper(t).Fail) + Default.(*internal.Gomega).ConfigureWithT(t) } // InterceptGomegaFailures runs a given callback and returns an array of // failure messages generated by any Gomega assertions within the callback. -// -// This is accomplished by temporarily replacing the *global* fail handler -// with a fail handler that simply annotates failures. The original fail handler -// is reset when InterceptGomegaFailures returns. +// Exeuction continues after the first failure allowing users to collect all failures +// in the callback. // // This is most useful when testing custom matchers, but can also be used to check // on a value using a Gomega assertion without causing a test failure. func InterceptGomegaFailures(f func()) []string { - originalHandler := globalFailWrapper.Fail + originalHandler := Default.(*internal.Gomega).Fail failures := []string{} - RegisterFailHandler(func(message string, callerSkip ...int) { + Default.(*internal.Gomega).Fail = func(message string, callerSkip ...int) { failures = append(failures, message) - }) + } + defer func() { + Default.(*internal.Gomega).Fail = originalHandler + }() f() - RegisterFailHandler(originalHandler) return failures } +// InterceptGomegaFailure runs a given callback and returns the first +// failure message generated by any Gomega assertions within the callback, wrapped in an error. +// +// The callback ceases execution as soon as the first failed assertion occurs, however Gomega +// does not register a failure with the FailHandler registered via RegisterFailHandler - it is up +// to the user to decide what to do with the returned error +func InterceptGomegaFailure(f func()) (err error) { + originalHandler := Default.(*internal.Gomega).Fail + Default.(*internal.Gomega).Fail = func(message string, callerSkip ...int) { + err = errors.New(message) + panic("stop execution") + } + + defer func() { + Default.(*internal.Gomega).Fail = originalHandler + if e := recover(); e != nil { + if err == nil { + panic(e) + } + } + }() + + f() + return err +} + +func ensureDefaultGomegaIsConfigured() { + if !Default.(*internal.Gomega).IsConfigured() { + panic(nilGomegaPanic) + } +} + // Ω wraps an actual value allowing assertions to be made on it: // Ω("foo").Should(Equal("foo")) // @@ -127,7 +174,8 @@ func InterceptGomegaFailures(f func()) []string { // // Ω and Expect are identical func Ω(actual interface{}, extra ...interface{}) Assertion { - return ExpectWithOffset(0, actual, extra...) + ensureDefaultGomegaIsConfigured() + return Default.Ω(actual, extra...) } // Expect wraps an actual value allowing assertions to be made on it: @@ -148,7 +196,8 @@ func Ω(actual interface{}, extra ...interface{}) Assertion { // // Expect and Ω are identical func Expect(actual interface{}, extra ...interface{}) Assertion { - return ExpectWithOffset(0, actual, extra...) + ensureDefaultGomegaIsConfigured() + return Default.Expect(actual, extra...) } // ExpectWithOffset wraps an actual value allowing assertions to be made on it: @@ -161,133 +210,156 @@ func Expect(actual interface{}, extra ...interface{}) Assertion { // error message to refer to the calling line in the test (as opposed to the line in the helper function) // set the first argument of `ExpectWithOffset` appropriately. func ExpectWithOffset(offset int, actual interface{}, extra ...interface{}) Assertion { - if globalFailWrapper == nil { - panic(nilFailHandlerPanic) - } - return assertion.New(actual, globalFailWrapper, offset, extra...) + ensureDefaultGomegaIsConfigured() + return Default.ExpectWithOffset(offset, actual, extra...) } -// Eventually wraps an actual value allowing assertions to be made on it. -// The assertion is tried periodically until it passes or a timeout occurs. -// -// Both the timeout and polling interval are configurable as optional arguments: -// The first optional argument is the timeout -// The second optional argument is the polling interval -// -// Both intervals can either be specified as time.Duration, parsable duration strings or as floats/integers. In the -// last case they are interpreted as seconds. -// -// If Eventually is passed an actual that is a function taking no arguments and returning at least one value, -// then Eventually will call the function periodically and try the matcher against the function's first return value. -// -// Example: -// -// Eventually(func() int { -// return thingImPolling.Count() -// }).Should(BeNumerically(">=", 17)) -// -// Note that this example could be rewritten: -// -// Eventually(thingImPolling.Count).Should(BeNumerically(">=", 17)) -// -// If the function returns more than one value, then Eventually will pass the first value to the matcher and -// assert that all other values are nil/zero. -// This allows you to pass Eventually a function that returns a value and an error - a common pattern in Go. -// -// For example, consider a method that returns a value and an error: -// func FetchFromDB() (string, error) -// -// Then -// Eventually(FetchFromDB).Should(Equal("hasselhoff")) -// -// Will pass only if the the returned error is nil and the returned string passes the matcher. -// -// Eventually's default timeout is 1 second, and its default polling interval is 10ms +/* +Eventually enables making assertions on asynchronous behavior. + +Eventually checks that an assertion *eventually* passes. Eventually blocks when called and attempts an assertion periodically until it passes or a timeout occurs. Both the timeout and polling interval are configurable as optional arguments. +The first optional argument is the timeout (which defaults to 1s), the second is the polling interval (which defaults to 10ms). Both intervals can be specified as time.Duration, parsable duration strings or floats/integers (in which case they are interpreted as seconds). + +Eventually works with any Gomega compatible matcher and supports making assertions against three categories of actual value: + +**Category 1: Making Eventually assertions on values** + +There are several examples of values that can change over time. These can be passed in to Eventually and will be passed to the matcher repeatedly until a match occurs. For example: + + c := make(chan bool) + go DoStuff(c) + Eventually(c, "50ms").Should(BeClosed()) + +will poll the channel repeatedly until it is closed. In this example `Eventually` will block until either the specified timeout of 50ms has elapsed or the channel is closed, whichever comes first. + +Several Gomega libraries allow you to use Eventually in this way. For example, the gomega/gexec package allows you to block until a *gexec.Session exits successfuly via: + + Eventually(session).Should(gexec.Exit(0)) + +And the gomega/gbytes package allows you to monitor a streaming *gbytes.Buffer until a given string is seen: + + Eventually(buffer).Should(gbytes.Say("hello there")) + +In these examples, both `session` and `buffer` are designed to be thread-safe when polled by the `Exit` and `Say` matchers. This is not true in general of most raw values, so while it is tempting to do something like: + + // THIS IS NOT THREAD-SAFE + var s *string + go mutateStringEventually(s) + Eventually(s).Should(Equal("I've changed")) + +this will trigger Go's race detector as the goroutine polling via Eventually will race over the value of s with the goroutine mutating the string. For cases like this you can use channels or introduce your own locking around s by passing Eventually a function. + +**Category 2: Make Eventually assertions on functions** + +Eventually can be passed functions that **take no arguments** and **return at least one value**. When configured this way, Eventually will poll the function repeatedly and pass the first returned value to the matcher. + +For example: + + Eventually(func() int { + return client.FetchCount() + }).Should(BeNumerically(">=", 17)) + + will repeatedly poll client.FetchCount until the BeNumerically matcher is satisfied. (Note that this example could have been written as Eventually(client.FetchCount).Should(BeNumerically(">=", 17))) + +If multple values are returned by the function, Eventually will pass the first value to the matcher and require that all others are zero-valued. This allows you to pass Eventually a function that returns a value and an error - a common patternin Go. + +For example, consider a method that returns a value and an error: + func FetchFromDB() (string, error) + +Then + Eventually(FetchFromDB).Should(Equal("got it")) + +will pass only if and when the returned error is nil *and* the returned string satisfies the matcher. + +It is important to note that the function passed into Eventually is invoked *synchronously* when polled. Eventually does not (in fact, it cannot) kill the function if it takes longer to return than Eventually's configured timeout. You should design your functions with this in mind. + +**Category 3: Making assertions _in_ the function passed into Eventually** + +When testing complex systems it can be valuable to assert that a _set_ of assertions passes Eventually. Eventually supports this by accepting functions that take a single Gomega argument and return zero or more values. + +Here's an example that makes some asssertions and returns a value and error: + + Eventually(func(g Gomega) (Widget, error) { + ids, err := client.FetchIDs() + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(ids).To(ContainElement(1138)) + return client.FetchWidget(1138) + }).Should(Equal(expectedWidget)) + +will pass only if all the assertions in the polled function pass and the return value satisfied the matcher. + +Eventually also supports a special case polling function that takes a single Gomega argument and returns no values. Eventually assumes such a function is making assertions and is designed to work with the Succeed matcher to validate that all assertions have passed. +For example: + + Eventually(func(g Gomega) { + model, err := client.Find(1138) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(model.Reticulate()).To(Succeed()) + g.Expect(model.IsReticulated()).To(BeTrue()) + g.Expect(model.Save()).To(Succeed()) + }).Should(Succeed()) + +will rerun the function until all assertions pass. +*/ func Eventually(actual interface{}, intervals ...interface{}) AsyncAssertion { - return EventuallyWithOffset(0, actual, intervals...) + ensureDefaultGomegaIsConfigured() + return Default.Eventually(actual, intervals...) } // EventuallyWithOffset operates like Eventually but takes an additional // initial argument to indicate an offset in the call stack. This is useful when building helper // functions that contain matchers. To learn more, read about `ExpectWithOffset`. func EventuallyWithOffset(offset int, actual interface{}, intervals ...interface{}) AsyncAssertion { - if globalFailWrapper == nil { - panic(nilFailHandlerPanic) - } - timeoutInterval := defaultEventuallyTimeout - pollingInterval := defaultEventuallyPollingInterval - if len(intervals) > 0 { - timeoutInterval = toDuration(intervals[0]) - } - if len(intervals) > 1 { - pollingInterval = toDuration(intervals[1]) - } - return asyncassertion.New(asyncassertion.AsyncAssertionTypeEventually, actual, globalFailWrapper, timeoutInterval, pollingInterval, offset) + ensureDefaultGomegaIsConfigured() + return Default.EventuallyWithOffset(offset, actual, intervals...) } -// Consistently wraps an actual value allowing assertions to be made on it. -// The assertion is tried periodically and is required to pass for a period of time. -// -// Both the total time and polling interval are configurable as optional arguments: -// The first optional argument is the duration that Consistently will run for -// The second optional argument is the polling interval -// -// Both intervals can either be specified as time.Duration, parsable duration strings or as floats/integers. In the -// last case they are interpreted as seconds. -// -// If Consistently is passed an actual that is a function taking no arguments and returning at least one value, -// then Consistently will call the function periodically and try the matcher against the function's first return value. -// -// If the function returns more than one value, then Consistently will pass the first value to the matcher and -// assert that all other values are nil/zero. -// This allows you to pass Consistently a function that returns a value and an error - a common pattern in Go. -// -// Consistently is useful in cases where you want to assert that something *does not happen* over a period of time. -// For example, you want to assert that a goroutine does *not* send data down a channel. In this case, you could: -// -// Consistently(channel).ShouldNot(Receive()) -// -// Consistently's default duration is 100ms, and its default polling interval is 10ms +/* +Consistently, like Eventually, enables making assertions on asynchronous behavior. + +Consistently blocks when called for a specified duration. During that duration Consistently repeatedly polls its matcher and ensures that it is satisfied. If the matcher is consistently satisfied, then Consistently will pass. Otherwise Consistently will fail. + +Both the total waiting duration and the polling interval are configurable as optional arguments. The first optional arugment is the duration that Consistently will run for (defaults to 100ms), and the second argument is the polling interval (defaults to 10ms). As with Eventually, these intervals can be passed in as time.Duration, parsable duration strings or an integer or float number of seconds. + +Consistently accepts the same three categories of actual as Eventually, check the Eventually docs to learn more. + +Consistently is useful in cases where you want to assert that something *does not happen* for a period of time. For example, you may want to assert that a goroutine does *not* send data down a channel. In this case you could write: + + Consistently(channel, "200ms").ShouldNot(Receive()) + +This will block for 200 milliseconds and repeatedly check the channel and ensure nothing has been received. +*/ func Consistently(actual interface{}, intervals ...interface{}) AsyncAssertion { - return ConsistentlyWithOffset(0, actual, intervals...) + ensureDefaultGomegaIsConfigured() + return Default.Consistently(actual, intervals...) } // ConsistentlyWithOffset operates like Consistently but takes an additional // initial argument to indicate an offset in the call stack. This is useful when building helper // functions that contain matchers. To learn more, read about `ExpectWithOffset`. func ConsistentlyWithOffset(offset int, actual interface{}, intervals ...interface{}) AsyncAssertion { - if globalFailWrapper == nil { - panic(nilFailHandlerPanic) - } - timeoutInterval := defaultConsistentlyDuration - pollingInterval := defaultConsistentlyPollingInterval - if len(intervals) > 0 { - timeoutInterval = toDuration(intervals[0]) - } - if len(intervals) > 1 { - pollingInterval = toDuration(intervals[1]) - } - return asyncassertion.New(asyncassertion.AsyncAssertionTypeConsistently, actual, globalFailWrapper, timeoutInterval, pollingInterval, offset) + ensureDefaultGomegaIsConfigured() + return Default.ConsistentlyWithOffset(offset, actual, intervals...) } // SetDefaultEventuallyTimeout sets the default timeout duration for Eventually. Eventually will repeatedly poll your condition until it succeeds, or until this timeout elapses. func SetDefaultEventuallyTimeout(t time.Duration) { - defaultEventuallyTimeout = t + Default.SetDefaultEventuallyTimeout(t) } // SetDefaultEventuallyPollingInterval sets the default polling interval for Eventually. func SetDefaultEventuallyPollingInterval(t time.Duration) { - defaultEventuallyPollingInterval = t + Default.SetDefaultEventuallyPollingInterval(t) } // SetDefaultConsistentlyDuration sets the default duration for Consistently. Consistently will verify that your condition is satisfied for this long. func SetDefaultConsistentlyDuration(t time.Duration) { - defaultConsistentlyDuration = t + Default.SetDefaultConsistentlyDuration(t) } // SetDefaultConsistentlyPollingInterval sets the default polling interval for Consistently. func SetDefaultConsistentlyPollingInterval(t time.Duration) { - defaultConsistentlyPollingInterval = t + Default.SetDefaultConsistentlyPollingInterval(t) } // AsyncAssertion is returned by Eventually and Consistently and polls the actual value passed into Eventually against @@ -305,13 +377,10 @@ func SetDefaultConsistentlyPollingInterval(t time.Duration) { // // Eventually(myChannel).Should(Receive(), "Something should have come down the pipe.") // Consistently(myChannel).ShouldNot(Receive(), func() string { return "Nothing should have come down the pipe." }) -type AsyncAssertion interface { - Should(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool - ShouldNot(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool -} +type AsyncAssertion = types.AsyncAssertion // GomegaAsyncAssertion is deprecated in favor of AsyncAssertion, which does not stutter. -type GomegaAsyncAssertion = AsyncAssertion +type GomegaAsyncAssertion = types.AsyncAssertion // Assertion is returned by Ω and Expect and compares the actual value to the matcher // passed to the Should/ShouldNot and To/ToNot/NotTo methods. @@ -330,149 +399,10 @@ type GomegaAsyncAssertion = AsyncAssertion // Example: // // Ω(farm.HasCow()).Should(BeTrue(), "Farm %v should have a cow", farm) -type Assertion interface { - Should(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool - ShouldNot(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool - - To(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool - ToNot(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool - NotTo(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool -} +type Assertion = types.Assertion // GomegaAssertion is deprecated in favor of Assertion, which does not stutter. -type GomegaAssertion = Assertion +type GomegaAssertion = types.Assertion // OmegaMatcher is deprecated in favor of the better-named and better-organized types.GomegaMatcher but sticks around to support existing code that uses it -type OmegaMatcher types.GomegaMatcher - -// WithT wraps a *testing.T and provides `Expect`, `Eventually`, and `Consistently` methods. This allows you to leverage -// Gomega's rich ecosystem of matchers in standard `testing` test suites. -// -// Use `NewWithT` to instantiate a `WithT` -type WithT struct { - t types.GomegaTestingT -} - -// GomegaWithT is deprecated in favor of gomega.WithT, which does not stutter. -type GomegaWithT = WithT - -// NewWithT takes a *testing.T and returngs a `gomega.WithT` allowing you to use `Expect`, `Eventually`, and `Consistently` along with -// Gomega's rich ecosystem of matchers in standard `testing` test suits. -// -// func TestFarmHasCow(t *testing.T) { -// g := gomega.NewWithT(t) -// -// f := farm.New([]string{"Cow", "Horse"}) -// g.Expect(f.HasCow()).To(BeTrue(), "Farm should have cow") -// } -func NewWithT(t types.GomegaTestingT) *WithT { - return &WithT{ - t: t, - } -} - -// NewGomegaWithT is deprecated in favor of gomega.NewWithT, which does not stutter. -func NewGomegaWithT(t types.GomegaTestingT) *GomegaWithT { - return NewWithT(t) -} - -// ExpectWithOffset is used to make assertions. See documentation for ExpectWithOffset. -func (g *WithT) ExpectWithOffset(offset int, actual interface{}, extra ...interface{}) Assertion { - return assertion.New(actual, testingtsupport.BuildTestingTGomegaFailWrapper(g.t), offset, extra...) -} - -// EventuallyWithOffset is used to make asynchronous assertions. See documentation for EventuallyWithOffset. -func (g *WithT) EventuallyWithOffset(offset int, actual interface{}, intervals ...interface{}) AsyncAssertion { - timeoutInterval := defaultEventuallyTimeout - pollingInterval := defaultEventuallyPollingInterval - if len(intervals) > 0 { - timeoutInterval = toDuration(intervals[0]) - } - if len(intervals) > 1 { - pollingInterval = toDuration(intervals[1]) - } - return asyncassertion.New(asyncassertion.AsyncAssertionTypeEventually, actual, testingtsupport.BuildTestingTGomegaFailWrapper(g.t), timeoutInterval, pollingInterval, offset) -} - -// ConsistentlyWithOffset is used to make asynchronous assertions. See documentation for ConsistentlyWithOffset. -func (g *WithT) ConsistentlyWithOffset(offset int, actual interface{}, intervals ...interface{}) AsyncAssertion { - timeoutInterval := defaultConsistentlyDuration - pollingInterval := defaultConsistentlyPollingInterval - if len(intervals) > 0 { - timeoutInterval = toDuration(intervals[0]) - } - if len(intervals) > 1 { - pollingInterval = toDuration(intervals[1]) - } - return asyncassertion.New(asyncassertion.AsyncAssertionTypeConsistently, actual, testingtsupport.BuildTestingTGomegaFailWrapper(g.t), timeoutInterval, pollingInterval, offset) -} - -// Expect is used to make assertions. See documentation for Expect. -func (g *WithT) Expect(actual interface{}, extra ...interface{}) Assertion { - return g.ExpectWithOffset(0, actual, extra...) -} - -// Eventually is used to make asynchronous assertions. See documentation for Eventually. -func (g *WithT) Eventually(actual interface{}, intervals ...interface{}) AsyncAssertion { - return g.EventuallyWithOffset(0, actual, intervals...) -} - -// Consistently is used to make asynchronous assertions. See documentation for Consistently. -func (g *WithT) Consistently(actual interface{}, intervals ...interface{}) AsyncAssertion { - return g.ConsistentlyWithOffset(0, actual, intervals...) -} - -func toDuration(input interface{}) time.Duration { - duration, ok := input.(time.Duration) - if ok { - return duration - } - - value := reflect.ValueOf(input) - kind := reflect.TypeOf(input).Kind() - - if reflect.Int <= kind && kind <= reflect.Int64 { - return time.Duration(value.Int()) * time.Second - } else if reflect.Uint <= kind && kind <= reflect.Uint64 { - return time.Duration(value.Uint()) * time.Second - } else if reflect.Float32 <= kind && kind <= reflect.Float64 { - return time.Duration(value.Float() * float64(time.Second)) - } else if reflect.String == kind { - duration, err := time.ParseDuration(value.String()) - if err != nil { - panic(fmt.Sprintf("%#v is not a valid parsable duration string.", input)) - } - return duration - } - - panic(fmt.Sprintf("%v is not a valid interval. Must be time.Duration, parsable duration string or a number.", input)) -} - -// Gomega describes the essential Gomega DSL. This interface allows libraries -// to abstract between the standard package-level function implementations -// and alternatives like *WithT. -type Gomega interface { - Expect(actual interface{}, extra ...interface{}) Assertion - Eventually(actual interface{}, intervals ...interface{}) AsyncAssertion - Consistently(actual interface{}, intervals ...interface{}) AsyncAssertion -} - -type globalFailHandlerGomega struct{} - -// DefaultGomega supplies the standard package-level implementation -var Default Gomega = globalFailHandlerGomega{} - -// Expect is used to make assertions. See documentation for Expect. -func (globalFailHandlerGomega) Expect(actual interface{}, extra ...interface{}) Assertion { - return Expect(actual, extra...) -} - -// Eventually is used to make asynchronous assertions. See documentation for Eventually. -func (globalFailHandlerGomega) Eventually(actual interface{}, extra ...interface{}) AsyncAssertion { - return Eventually(actual, extra...) -} - -// Consistently is used to make asynchronous assertions. See documentation for Consistently. -func (globalFailHandlerGomega) Consistently(actual interface{}, extra ...interface{}) AsyncAssertion { - return Consistently(actual, extra...) -} +type OmegaMatcher = types.GomegaMatcher diff --git a/vendor/github.com/onsi/gomega/internal/assertion/assertion.go b/vendor/github.com/onsi/gomega/internal/assertion.go similarity index 80% rename from vendor/github.com/onsi/gomega/internal/assertion/assertion.go rename to vendor/github.com/onsi/gomega/internal/assertion.go index a248298f4..36b0e8345 100644 --- a/vendor/github.com/onsi/gomega/internal/assertion/assertion.go +++ b/vendor/github.com/onsi/gomega/internal/assertion.go @@ -1,4 +1,4 @@ -package assertion +package internal import ( "fmt" @@ -9,42 +9,42 @@ import ( type Assertion struct { actualInput interface{} - failWrapper *types.GomegaFailWrapper offset int extra []interface{} + g *Gomega } -func New(actualInput interface{}, failWrapper *types.GomegaFailWrapper, offset int, extra ...interface{}) *Assertion { +func NewAssertion(actualInput interface{}, g *Gomega, offset int, extra ...interface{}) *Assertion { return &Assertion{ actualInput: actualInput, - failWrapper: failWrapper, offset: offset, extra: extra, + g: g, } } func (assertion *Assertion) Should(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool { - assertion.failWrapper.TWithHelper.Helper() + assertion.g.THelper() return assertion.vetExtras(optionalDescription...) && assertion.match(matcher, true, optionalDescription...) } func (assertion *Assertion) ShouldNot(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool { - assertion.failWrapper.TWithHelper.Helper() + assertion.g.THelper() return assertion.vetExtras(optionalDescription...) && assertion.match(matcher, false, optionalDescription...) } func (assertion *Assertion) To(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool { - assertion.failWrapper.TWithHelper.Helper() + assertion.g.THelper() return assertion.vetExtras(optionalDescription...) && assertion.match(matcher, true, optionalDescription...) } func (assertion *Assertion) ToNot(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool { - assertion.failWrapper.TWithHelper.Helper() + assertion.g.THelper() return assertion.vetExtras(optionalDescription...) && assertion.match(matcher, false, optionalDescription...) } func (assertion *Assertion) NotTo(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool { - assertion.failWrapper.TWithHelper.Helper() + assertion.g.THelper() return assertion.vetExtras(optionalDescription...) && assertion.match(matcher, false, optionalDescription...) } @@ -62,10 +62,10 @@ func (assertion *Assertion) buildDescription(optionalDescription ...interface{}) func (assertion *Assertion) match(matcher types.GomegaMatcher, desiredMatch bool, optionalDescription ...interface{}) bool { matches, err := matcher.Match(assertion.actualInput) - assertion.failWrapper.TWithHelper.Helper() + assertion.g.THelper() if err != nil { description := assertion.buildDescription(optionalDescription...) - assertion.failWrapper.Fail(description+err.Error(), 2+assertion.offset) + assertion.g.Fail(description+err.Error(), 2+assertion.offset) return false } if matches != desiredMatch { @@ -76,7 +76,7 @@ func (assertion *Assertion) match(matcher types.GomegaMatcher, desiredMatch bool message = matcher.NegatedFailureMessage(assertion.actualInput) } description := assertion.buildDescription(optionalDescription...) - assertion.failWrapper.Fail(description+message, 2+assertion.offset) + assertion.g.Fail(description+message, 2+assertion.offset) return false } @@ -90,8 +90,8 @@ func (assertion *Assertion) vetExtras(optionalDescription ...interface{}) bool { } description := assertion.buildDescription(optionalDescription...) - assertion.failWrapper.TWithHelper.Helper() - assertion.failWrapper.Fail(description+message, 2+assertion.offset) + assertion.g.THelper() + assertion.g.Fail(description+message, 2+assertion.offset) return false } diff --git a/vendor/github.com/onsi/gomega/internal/asyncassertion/async_assertion.go b/vendor/github.com/onsi/gomega/internal/async_assertion.go similarity index 51% rename from vendor/github.com/onsi/gomega/internal/asyncassertion/async_assertion.go rename to vendor/github.com/onsi/gomega/internal/async_assertion.go index 5204836bf..ae20c14b8 100644 --- a/vendor/github.com/onsi/gomega/internal/asyncassertion/async_assertion.go +++ b/vendor/github.com/onsi/gomega/internal/async_assertion.go @@ -1,14 +1,12 @@ -// untested sections: 2 - -package asyncassertion +package internal import ( "errors" "fmt" "reflect" + "runtime" "time" - "github.com/onsi/gomega/internal/oraclematcher" "github.com/onsi/gomega/types" ) @@ -20,39 +18,82 @@ const ( ) type AsyncAssertion struct { - asyncType AsyncAssertionType - actualInput interface{} + asyncType AsyncAssertionType + + actualIsFunc bool + actualValue interface{} + actualFunc func() ([]reflect.Value, error) + timeoutInterval time.Duration pollingInterval time.Duration - failWrapper *types.GomegaFailWrapper offset int + g *Gomega } -func New(asyncType AsyncAssertionType, actualInput interface{}, failWrapper *types.GomegaFailWrapper, timeoutInterval time.Duration, pollingInterval time.Duration, offset int) *AsyncAssertion { - actualType := reflect.TypeOf(actualInput) - if actualType.Kind() == reflect.Func { - if actualType.NumIn() != 0 || actualType.NumOut() == 0 { - panic("Expected a function with no arguments and one or more return values.") - } - } - - return &AsyncAssertion{ +func NewAsyncAssertion(asyncType AsyncAssertionType, actualInput interface{}, g *Gomega, timeoutInterval time.Duration, pollingInterval time.Duration, offset int) *AsyncAssertion { + out := &AsyncAssertion{ asyncType: asyncType, - actualInput: actualInput, - failWrapper: failWrapper, timeoutInterval: timeoutInterval, pollingInterval: pollingInterval, offset: offset, + g: g, } + + switch actualType := reflect.TypeOf(actualInput); { + case actualType.Kind() != reflect.Func: + out.actualValue = actualInput + case actualType.NumIn() == 0 && actualType.NumOut() > 0: + out.actualIsFunc = true + out.actualFunc = func() ([]reflect.Value, error) { + return reflect.ValueOf(actualInput).Call([]reflect.Value{}), nil + } + case actualType.NumIn() == 1 && actualType.In(0).Implements(reflect.TypeOf((*types.Gomega)(nil)).Elem()): + out.actualIsFunc = true + out.actualFunc = func() (values []reflect.Value, err error) { + var assertionFailure error + assertionCapturingGomega := NewGomega(g.DurationBundle).ConfigureWithFailHandler(func(message string, callerSkip ...int) { + skip := 0 + if len(callerSkip) > 0 { + skip = callerSkip[0] + } + _, file, line, _ := runtime.Caller(skip + 1) + assertionFailure = fmt.Errorf("Assertion in callback at %s:%d failed:\n%s", file, line, message) + panic("stop execution") + }) + + defer func() { + if actualType.NumOut() == 0 { + if assertionFailure == nil { + values = []reflect.Value{reflect.Zero(reflect.TypeOf((*error)(nil)).Elem())} + } else { + values = []reflect.Value{reflect.ValueOf(assertionFailure)} + } + } else { + err = assertionFailure + } + if e := recover(); e != nil && assertionFailure == nil { + panic(e) + } + }() + + values = reflect.ValueOf(actualInput).Call([]reflect.Value{reflect.ValueOf(assertionCapturingGomega)}) + return + } + default: + msg := fmt.Sprintf("The function passed to Gomega's async assertions should either take no arguments and return values, or take a single Gomega interface that it can use to make assertions within the body of the function. When taking a Gomega interface the function can optionally return values or return nothing. The function you passed takes %d arguments and returns %d values.", actualType.NumIn(), actualType.NumOut()) + g.Fail(msg, offset+4) + } + + return out } func (assertion *AsyncAssertion) Should(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool { - assertion.failWrapper.TWithHelper.Helper() + assertion.g.THelper() return assertion.match(matcher, true, optionalDescription...) } func (assertion *AsyncAssertion) ShouldNot(matcher types.GomegaMatcher, optionalDescription ...interface{}) bool { - assertion.failWrapper.TWithHelper.Helper() + assertion.g.THelper() return assertion.match(matcher, false, optionalDescription...) } @@ -68,38 +109,32 @@ func (assertion *AsyncAssertion) buildDescription(optionalDescription ...interfa return fmt.Sprintf(optionalDescription[0].(string), optionalDescription[1:]...) + "\n" } -func (assertion *AsyncAssertion) actualInputIsAFunction() bool { - actualType := reflect.TypeOf(assertion.actualInput) - return actualType.Kind() == reflect.Func && actualType.NumIn() == 0 && actualType.NumOut() > 0 -} - func (assertion *AsyncAssertion) pollActual() (interface{}, error) { - if assertion.actualInputIsAFunction() { - values := reflect.ValueOf(assertion.actualInput).Call([]reflect.Value{}) - - extras := []interface{}{} - for _, value := range values[1:] { - extras = append(extras, value.Interface()) - } - - success, message := vetExtras(extras) - - if !success { - return nil, errors.New(message) - } - - return values[0].Interface(), nil + if !assertion.actualIsFunc { + return assertion.actualValue, nil } - return assertion.actualInput, nil + values, err := assertion.actualFunc() + if err != nil { + return nil, err + } + extras := []interface{}{} + for _, value := range values[1:] { + extras = append(extras, value.Interface()) + } + success, message := vetExtras(extras) + if !success { + return nil, errors.New(message) + } + + return values[0].Interface(), nil } func (assertion *AsyncAssertion) matcherMayChange(matcher types.GomegaMatcher, value interface{}) bool { - if assertion.actualInputIsAFunction() { + if assertion.actualIsFunc { return true } - - return oraclematcher.MatchMayChangeInTheFuture(matcher, value) + return types.MatchMayChangeInTheFuture(matcher, value) } func (assertion *AsyncAssertion) match(matcher types.GomegaMatcher, desiredMatch bool, optionalDescription ...interface{}) bool { @@ -115,7 +150,7 @@ func (assertion *AsyncAssertion) match(matcher types.GomegaMatcher, desiredMatch matches, err = matcher.Match(value) } - assertion.failWrapper.TWithHelper.Helper() + assertion.g.THelper() fail := func(preamble string) { errMsg := "" @@ -129,9 +164,9 @@ func (assertion *AsyncAssertion) match(matcher types.GomegaMatcher, desiredMatch message = matcher.NegatedFailureMessage(value) } } - assertion.failWrapper.TWithHelper.Helper() + assertion.g.THelper() description := assertion.buildDescription(optionalDescription...) - assertion.failWrapper.Fail(fmt.Sprintf("%s after %.3fs.\n%s%s%s", preamble, time.Since(timer).Seconds(), description, message, errMsg), 3+assertion.offset) + assertion.g.Fail(fmt.Sprintf("%s after %.3fs.\n%s%s%s", preamble, time.Since(timer).Seconds(), description, message, errMsg), 3+assertion.offset) } if assertion.asyncType == AsyncAssertionTypeEventually { @@ -183,16 +218,3 @@ func (assertion *AsyncAssertion) match(matcher types.GomegaMatcher, desiredMatch return false } - -func vetExtras(extras []interface{}) (bool, string) { - for i, extra := range extras { - if extra != nil { - zeroValue := reflect.Zero(reflect.TypeOf(extra)).Interface() - if !reflect.DeepEqual(zeroValue, extra) { - message := fmt.Sprintf("Unexpected non-nil/non-zero extra argument at index %d:\n\t<%T>: %#v", i+1, extra, extra) - return false, message - } - } - } - return true, "" -} diff --git a/vendor/github.com/onsi/gomega/internal/defaults/env.go b/vendor/github.com/onsi/gomega/internal/defaults/env.go deleted file mode 100644 index bc29c63d5..000000000 --- a/vendor/github.com/onsi/gomega/internal/defaults/env.go +++ /dev/null @@ -1,22 +0,0 @@ -package defaults - -import ( - "fmt" - "time" -) - -func SetDurationFromEnv(getDurationFromEnv func(string) string, varSetter func(time.Duration), name string) { - durationFromEnv := getDurationFromEnv(name) - - if len(durationFromEnv) == 0 { - return - } - - duration, err := time.ParseDuration(durationFromEnv) - - if err != nil { - panic(fmt.Sprintf("Expected a duration when using %s! Parse error %v", name, err)) - } - - varSetter(duration) -} diff --git a/vendor/github.com/onsi/gomega/internal/duration_bundle.go b/vendor/github.com/onsi/gomega/internal/duration_bundle.go new file mode 100644 index 000000000..af8d989fa --- /dev/null +++ b/vendor/github.com/onsi/gomega/internal/duration_bundle.go @@ -0,0 +1,71 @@ +package internal + +import ( + "fmt" + "os" + "reflect" + "time" +) + +type DurationBundle struct { + EventuallyTimeout time.Duration + EventuallyPollingInterval time.Duration + ConsistentlyDuration time.Duration + ConsistentlyPollingInterval time.Duration +} + +const ( + EventuallyTimeoutEnvVarName = "GOMEGA_DEFAULT_EVENTUALLY_TIMEOUT" + EventuallyPollingIntervalEnvVarName = "GOMEGA_DEFAULT_EVENTUALLY_POLLING_INTERVAL" + + ConsistentlyDurationEnvVarName = "GOMEGA_DEFAULT_CONSISTENTLY_DURATION" + ConsistentlyPollingIntervalEnvVarName = "GOMEGA_DEFAULT_CONSISTENTLY_POLLING_INTERVAL" +) + +func FetchDefaultDurationBundle() DurationBundle { + return DurationBundle{ + EventuallyTimeout: durationFromEnv(EventuallyTimeoutEnvVarName, time.Second), + EventuallyPollingInterval: durationFromEnv(EventuallyPollingIntervalEnvVarName, 10*time.Millisecond), + + ConsistentlyDuration: durationFromEnv(ConsistentlyDurationEnvVarName, 100*time.Millisecond), + ConsistentlyPollingInterval: durationFromEnv(ConsistentlyPollingIntervalEnvVarName, 10*time.Millisecond), + } +} + +func durationFromEnv(key string, defaultDuration time.Duration) time.Duration { + value := os.Getenv(key) + if value == "" { + return defaultDuration + } + duration, err := time.ParseDuration(value) + if err != nil { + panic(fmt.Sprintf("Expected a duration when using %s! Parse error %v", key, err)) + } + return duration +} + +func toDuration(input interface{}) time.Duration { + duration, ok := input.(time.Duration) + if ok { + return duration + } + + value := reflect.ValueOf(input) + kind := reflect.TypeOf(input).Kind() + + if reflect.Int <= kind && kind <= reflect.Int64 { + return time.Duration(value.Int()) * time.Second + } else if reflect.Uint <= kind && kind <= reflect.Uint64 { + return time.Duration(value.Uint()) * time.Second + } else if reflect.Float32 <= kind && kind <= reflect.Float64 { + return time.Duration(value.Float() * float64(time.Second)) + } else if reflect.String == kind { + duration, err := time.ParseDuration(value.String()) + if err != nil { + panic(fmt.Sprintf("%#v is not a valid parsable duration string.", input)) + } + return duration + } + + panic(fmt.Sprintf("%v is not a valid interval. Must be time.Duration, parsable duration string or a number.", input)) +} diff --git a/vendor/github.com/onsi/gomega/internal/gomega.go b/vendor/github.com/onsi/gomega/internal/gomega.go new file mode 100644 index 000000000..f5b5c6b7a --- /dev/null +++ b/vendor/github.com/onsi/gomega/internal/gomega.go @@ -0,0 +1,102 @@ +package internal + +import ( + "time" + + "github.com/onsi/gomega/types" +) + +type Gomega struct { + Fail types.GomegaFailHandler + THelper func() + DurationBundle DurationBundle +} + +func NewGomega(bundle DurationBundle) *Gomega { + return &Gomega{ + Fail: nil, + THelper: nil, + DurationBundle: bundle, + } +} + +func (g *Gomega) IsConfigured() bool { + return g.Fail != nil && g.THelper != nil +} + +func (g *Gomega) ConfigureWithFailHandler(fail types.GomegaFailHandler) *Gomega { + g.Fail = fail + g.THelper = func() {} + return g +} + +func (g *Gomega) ConfigureWithT(t types.GomegaTestingT) *Gomega { + g.Fail = func(message string, _ ...int) { + t.Helper() + t.Fatalf("\n%s", message) + } + g.THelper = t.Helper + return g +} + +func (g *Gomega) Ω(atual interface{}, extra ...interface{}) types.Assertion { + return g.ExpectWithOffset(0, atual, extra...) +} + +func (g *Gomega) Expect(atual interface{}, extra ...interface{}) types.Assertion { + return g.ExpectWithOffset(0, atual, extra...) +} + +func (g *Gomega) ExpectWithOffset(offset int, actual interface{}, extra ...interface{}) types.Assertion { + return NewAssertion(actual, g, offset, extra...) +} + +func (g *Gomega) Eventually(actual interface{}, intervals ...interface{}) types.AsyncAssertion { + return g.EventuallyWithOffset(0, actual, intervals...) +} + +func (g *Gomega) EventuallyWithOffset(offset int, actual interface{}, intervals ...interface{}) types.AsyncAssertion { + timeoutInterval := g.DurationBundle.EventuallyTimeout + pollingInterval := g.DurationBundle.EventuallyPollingInterval + if len(intervals) > 0 { + timeoutInterval = toDuration(intervals[0]) + } + if len(intervals) > 1 { + pollingInterval = toDuration(intervals[1]) + } + + return NewAsyncAssertion(AsyncAssertionTypeEventually, actual, g, timeoutInterval, pollingInterval, offset) +} + +func (g *Gomega) Consistently(actual interface{}, intervals ...interface{}) types.AsyncAssertion { + return g.ConsistentlyWithOffset(0, actual, intervals...) +} + +func (g *Gomega) ConsistentlyWithOffset(offset int, actual interface{}, intervals ...interface{}) types.AsyncAssertion { + timeoutInterval := g.DurationBundle.ConsistentlyDuration + pollingInterval := g.DurationBundle.ConsistentlyPollingInterval + if len(intervals) > 0 { + timeoutInterval = toDuration(intervals[0]) + } + if len(intervals) > 1 { + pollingInterval = toDuration(intervals[1]) + } + + return NewAsyncAssertion(AsyncAssertionTypeConsistently, actual, g, timeoutInterval, pollingInterval, offset) +} + +func (g *Gomega) SetDefaultEventuallyTimeout(t time.Duration) { + g.DurationBundle.EventuallyTimeout = t +} + +func (g *Gomega) SetDefaultEventuallyPollingInterval(t time.Duration) { + g.DurationBundle.EventuallyPollingInterval = t +} + +func (g *Gomega) SetDefaultConsistentlyDuration(t time.Duration) { + g.DurationBundle.ConsistentlyDuration = t +} + +func (g *Gomega) SetDefaultConsistentlyPollingInterval(t time.Duration) { + g.DurationBundle.ConsistentlyPollingInterval = t +} diff --git a/vendor/github.com/onsi/gomega/internal/oraclematcher/oracle_matcher.go b/vendor/github.com/onsi/gomega/internal/oraclematcher/oracle_matcher.go deleted file mode 100644 index 66cad88a1..000000000 --- a/vendor/github.com/onsi/gomega/internal/oraclematcher/oracle_matcher.go +++ /dev/null @@ -1,25 +0,0 @@ -package oraclematcher - -import "github.com/onsi/gomega/types" - -/* -GomegaMatchers that also match the OracleMatcher interface can convey information about -whether or not their result will change upon future attempts. - -This allows `Eventually` and `Consistently` to short circuit if success becomes impossible. - -For example, a process' exit code can never change. So, gexec's Exit matcher returns `true` -for `MatchMayChangeInTheFuture` until the process exits, at which point it returns `false` forevermore. -*/ -type OracleMatcher interface { - MatchMayChangeInTheFuture(actual interface{}) bool -} - -func MatchMayChangeInTheFuture(matcher types.GomegaMatcher, value interface{}) bool { - oracleMatcher, ok := matcher.(OracleMatcher) - if !ok { - return true - } - - return oracleMatcher.MatchMayChangeInTheFuture(value) -} diff --git a/vendor/github.com/onsi/gomega/internal/testingtsupport/testing_t_support.go b/vendor/github.com/onsi/gomega/internal/testingtsupport/testing_t_support.go deleted file mode 100644 index bb27032f6..000000000 --- a/vendor/github.com/onsi/gomega/internal/testingtsupport/testing_t_support.go +++ /dev/null @@ -1,60 +0,0 @@ -package testingtsupport - -import ( - "regexp" - "runtime/debug" - "strings" - - "github.com/onsi/gomega/types" -) - -var StackTracePruneRE = regexp.MustCompile(`\/gomega\/|\/ginkgo\/|\/pkg\/testing\/|\/pkg\/runtime\/`) - -type EmptyTWithHelper struct{} - -func (e EmptyTWithHelper) Helper() {} - -type gomegaTestingT interface { - Fatalf(format string, args ...interface{}) -} - -func BuildTestingTGomegaFailWrapper(t gomegaTestingT) *types.GomegaFailWrapper { - tWithHelper, hasHelper := t.(types.TWithHelper) - if !hasHelper { - tWithHelper = EmptyTWithHelper{} - } - - fail := func(message string, callerSkip ...int) { - if hasHelper { - tWithHelper.Helper() - t.Fatalf("\n%s", message) - } else { - skip := 2 - if len(callerSkip) > 0 { - skip += callerSkip[0] - } - stackTrace := pruneStack(string(debug.Stack()), skip) - t.Fatalf("\n%s\n%s\n", stackTrace, message) - } - } - - return &types.GomegaFailWrapper{ - Fail: fail, - TWithHelper: tWithHelper, - } -} - -func pruneStack(fullStackTrace string, skip int) string { - stack := strings.Split(fullStackTrace, "\n")[1:] - if len(stack) > 2*skip { - stack = stack[2*skip:] - } - prunedStack := []string{} - for i := 0; i < len(stack)/2; i++ { - if !StackTracePruneRE.Match([]byte(stack[i*2])) { - prunedStack = append(prunedStack, stack[i*2]) - prunedStack = append(prunedStack, stack[i*2+1]) - } - } - return strings.Join(prunedStack, "\n") -} diff --git a/vendor/github.com/onsi/gomega/matchers.go b/vendor/github.com/onsi/gomega/matchers.go index 667160ade..223f6ef53 100644 --- a/vendor/github.com/onsi/gomega/matchers.go +++ b/vendor/github.com/onsi/gomega/matchers.go @@ -423,10 +423,29 @@ func BeADirectory() types.GomegaMatcher { //Expected must be either an int or a string. // Expect(resp).Should(HaveHTTPStatus(http.StatusOK)) // asserts that resp.StatusCode == 200 // Expect(resp).Should(HaveHTTPStatus("404 Not Found")) // asserts that resp.Status == "404 Not Found" -func HaveHTTPStatus(expected interface{}) types.GomegaMatcher { +// Expect(resp).Should(HaveHTTPStatus(http.StatusOK, http.StatusNoContent)) // asserts that resp.StatusCode == 200 || resp.StatusCode == 204 +func HaveHTTPStatus(expected ...interface{}) types.GomegaMatcher { return &matchers.HaveHTTPStatusMatcher{Expected: expected} } +// HaveHTTPHeaderWithValue succeeds if the header is found and the value matches. +// Actual must be either a *http.Response or *httptest.ResponseRecorder. +// Expected must be a string header name, followed by a header value which +// can be a string, or another matcher. +func HaveHTTPHeaderWithValue(header string, value interface{}) types.GomegaMatcher { + return &matchers.HaveHTTPHeaderWithValueMatcher{ + Header: header, + Value: value, + } +} + +// HaveHTTPBody matches if the body matches. +// Actual must be either a *http.Response or *httptest.ResponseRecorder. +// Expected must be either a string, []byte, or other matcher +func HaveHTTPBody(expected interface{}) types.GomegaMatcher { + return &matchers.HaveHTTPBodyMatcher{Expected: expected} +} + //And succeeds only if all of the given matchers succeed. //The matchers are tried in order, and will fail-fast if one doesn't succeed. // Expect("hi").To(And(HaveLen(2), Equal("hi")) diff --git a/vendor/github.com/onsi/gomega/matchers/and.go b/vendor/github.com/onsi/gomega/matchers/and.go index d83a29164..6bd826adc 100644 --- a/vendor/github.com/onsi/gomega/matchers/and.go +++ b/vendor/github.com/onsi/gomega/matchers/and.go @@ -4,7 +4,6 @@ import ( "fmt" "github.com/onsi/gomega/format" - "github.com/onsi/gomega/internal/oraclematcher" "github.com/onsi/gomega/types" ) @@ -52,12 +51,12 @@ func (m *AndMatcher) MatchMayChangeInTheFuture(actual interface{}) bool { if m.firstFailedMatcher == nil { // so all matchers succeeded.. Any one of them changing would change the result. for _, matcher := range m.Matchers { - if oraclematcher.MatchMayChangeInTheFuture(matcher, actual) { + if types.MatchMayChangeInTheFuture(matcher, actual) { return true } } return false // none of were going to change } // one of the matchers failed.. it must be able to change in order to affect the result - return oraclematcher.MatchMayChangeInTheFuture(m.firstFailedMatcher, actual) + return types.MatchMayChangeInTheFuture(m.firstFailedMatcher, actual) } diff --git a/vendor/github.com/onsi/gomega/matchers/have_http_body_matcher.go b/vendor/github.com/onsi/gomega/matchers/have_http_body_matcher.go new file mode 100644 index 000000000..66cbb254a --- /dev/null +++ b/vendor/github.com/onsi/gomega/matchers/have_http_body_matcher.go @@ -0,0 +1,101 @@ +package matchers + +import ( + "fmt" + "io/ioutil" + "net/http" + "net/http/httptest" + + "github.com/onsi/gomega/format" + "github.com/onsi/gomega/types" +) + +type HaveHTTPBodyMatcher struct { + Expected interface{} + cachedBody []byte +} + +func (matcher *HaveHTTPBodyMatcher) Match(actual interface{}) (bool, error) { + body, err := matcher.body(actual) + if err != nil { + return false, err + } + + switch e := matcher.Expected.(type) { + case string: + return (&EqualMatcher{Expected: e}).Match(string(body)) + case []byte: + return (&EqualMatcher{Expected: e}).Match(body) + case types.GomegaMatcher: + return e.Match(body) + default: + return false, fmt.Errorf("HaveHTTPBody matcher expects string, []byte, or GomegaMatcher. Got:\n%s", format.Object(matcher.Expected, 1)) + } +} + +func (matcher *HaveHTTPBodyMatcher) FailureMessage(actual interface{}) (message string) { + body, err := matcher.body(actual) + if err != nil { + return fmt.Sprintf("failed to read body: %s", err) + } + + switch e := matcher.Expected.(type) { + case string: + return (&EqualMatcher{Expected: e}).FailureMessage(string(body)) + case []byte: + return (&EqualMatcher{Expected: e}).FailureMessage(body) + case types.GomegaMatcher: + return e.FailureMessage(body) + default: + return fmt.Sprintf("HaveHTTPBody matcher expects string, []byte, or GomegaMatcher. Got:\n%s", format.Object(matcher.Expected, 1)) + } +} + +func (matcher *HaveHTTPBodyMatcher) NegatedFailureMessage(actual interface{}) (message string) { + body, err := matcher.body(actual) + if err != nil { + return fmt.Sprintf("failed to read body: %s", err) + } + + switch e := matcher.Expected.(type) { + case string: + return (&EqualMatcher{Expected: e}).NegatedFailureMessage(string(body)) + case []byte: + return (&EqualMatcher{Expected: e}).NegatedFailureMessage(body) + case types.GomegaMatcher: + return e.NegatedFailureMessage(body) + default: + return fmt.Sprintf("HaveHTTPBody matcher expects string, []byte, or GomegaMatcher. Got:\n%s", format.Object(matcher.Expected, 1)) + } +} + +// body returns the body. It is cached because once we read it in Match() +// the Reader is closed and it is not readable again in FailureMessage() +// or NegatedFailureMessage() +func (matcher *HaveHTTPBodyMatcher) body(actual interface{}) ([]byte, error) { + if matcher.cachedBody != nil { + return matcher.cachedBody, nil + } + + body := func(a *http.Response) ([]byte, error) { + if a.Body != nil { + defer a.Body.Close() + var err error + matcher.cachedBody, err = ioutil.ReadAll(a.Body) + if err != nil { + return nil, fmt.Errorf("error reading response body: %w", err) + } + } + return matcher.cachedBody, nil + } + + switch a := actual.(type) { + case *http.Response: + return body(a) + case *httptest.ResponseRecorder: + return body(a.Result()) + default: + return nil, fmt.Errorf("HaveHTTPBody matcher expects *http.Response or *httptest.ResponseRecorder. Got:\n%s", format.Object(actual, 1)) + } + +} diff --git a/vendor/github.com/onsi/gomega/matchers/have_http_header_with_value_matcher.go b/vendor/github.com/onsi/gomega/matchers/have_http_header_with_value_matcher.go new file mode 100644 index 000000000..c256f452e --- /dev/null +++ b/vendor/github.com/onsi/gomega/matchers/have_http_header_with_value_matcher.go @@ -0,0 +1,81 @@ +package matchers + +import ( + "fmt" + "net/http" + "net/http/httptest" + + "github.com/onsi/gomega/format" + "github.com/onsi/gomega/types" +) + +type HaveHTTPHeaderWithValueMatcher struct { + Header string + Value interface{} +} + +func (matcher *HaveHTTPHeaderWithValueMatcher) Match(actual interface{}) (success bool, err error) { + headerValue, err := matcher.extractHeader(actual) + if err != nil { + return false, err + } + + headerMatcher, err := matcher.getSubMatcher() + if err != nil { + return false, err + } + + return headerMatcher.Match(headerValue) +} + +func (matcher *HaveHTTPHeaderWithValueMatcher) FailureMessage(actual interface{}) string { + headerValue, err := matcher.extractHeader(actual) + if err != nil { + panic(err) // protected by Match() + } + + headerMatcher, err := matcher.getSubMatcher() + if err != nil { + panic(err) // protected by Match() + } + + diff := format.IndentString(headerMatcher.FailureMessage(headerValue), 1) + return fmt.Sprintf("HTTP header %q:\n%s", matcher.Header, diff) +} + +func (matcher *HaveHTTPHeaderWithValueMatcher) NegatedFailureMessage(actual interface{}) (message string) { + headerValue, err := matcher.extractHeader(actual) + if err != nil { + panic(err) // protected by Match() + } + + headerMatcher, err := matcher.getSubMatcher() + if err != nil { + panic(err) // protected by Match() + } + + diff := format.IndentString(headerMatcher.NegatedFailureMessage(headerValue), 1) + return fmt.Sprintf("HTTP header %q:\n%s", matcher.Header, diff) +} + +func (matcher *HaveHTTPHeaderWithValueMatcher) getSubMatcher() (types.GomegaMatcher, error) { + switch m := matcher.Value.(type) { + case string: + return &EqualMatcher{Expected: matcher.Value}, nil + case types.GomegaMatcher: + return m, nil + default: + return nil, fmt.Errorf("HaveHTTPHeaderWithValue matcher must be passed a string or a GomegaMatcher. Got:\n%s", format.Object(matcher.Value, 1)) + } +} + +func (matcher *HaveHTTPHeaderWithValueMatcher) extractHeader(actual interface{}) (string, error) { + switch r := actual.(type) { + case *http.Response: + return r.Header.Get(matcher.Header), nil + case *httptest.ResponseRecorder: + return r.Result().Header.Get(matcher.Header), nil + default: + return "", fmt.Errorf("HaveHTTPHeaderWithValue matcher expects *http.Response or *httptest.ResponseRecorder. Got:\n%s", format.Object(actual, 1)) + } +} diff --git a/vendor/github.com/onsi/gomega/matchers/have_http_status_matcher.go b/vendor/github.com/onsi/gomega/matchers/have_http_status_matcher.go index 3ce4800b7..70f54899a 100644 --- a/vendor/github.com/onsi/gomega/matchers/have_http_status_matcher.go +++ b/vendor/github.com/onsi/gomega/matchers/have_http_status_matcher.go @@ -2,14 +2,17 @@ package matchers import ( "fmt" + "io/ioutil" "net/http" "net/http/httptest" + "reflect" + "strings" "github.com/onsi/gomega/format" ) type HaveHTTPStatusMatcher struct { - Expected interface{} + Expected []interface{} } func (matcher *HaveHTTPStatusMatcher) Match(actual interface{}) (success bool, err error) { @@ -23,20 +26,71 @@ func (matcher *HaveHTTPStatusMatcher) Match(actual interface{}) (success bool, e return false, fmt.Errorf("HaveHTTPStatus matcher expects *http.Response or *httptest.ResponseRecorder. Got:\n%s", format.Object(actual, 1)) } - switch e := matcher.Expected.(type) { - case int: - return resp.StatusCode == e, nil - case string: - return resp.Status == e, nil + if len(matcher.Expected) == 0 { + return false, fmt.Errorf("HaveHTTPStatus matcher must be passed an int or a string. Got nothing") } - return false, fmt.Errorf("HaveHTTPStatus matcher must be passed an int or a string. Got:\n%s", format.Object(matcher.Expected, 1)) + for _, expected := range matcher.Expected { + switch e := expected.(type) { + case int: + if resp.StatusCode == e { + return true, nil + } + case string: + if resp.Status == e { + return true, nil + } + default: + return false, fmt.Errorf("HaveHTTPStatus matcher must be passed int or string types. Got:\n%s", format.Object(expected, 1)) + } + } + + return false, nil } func (matcher *HaveHTTPStatusMatcher) FailureMessage(actual interface{}) (message string) { - return format.Message(actual, "to have HTTP status", matcher.Expected) + return fmt.Sprintf("Expected\n%s\n%s\n%s", formatHttpResponse(actual), "to have HTTP status", matcher.expectedString()) } func (matcher *HaveHTTPStatusMatcher) NegatedFailureMessage(actual interface{}) (message string) { - return format.Message(actual, "not to have HTTP status", matcher.Expected) + return fmt.Sprintf("Expected\n%s\n%s\n%s", formatHttpResponse(actual), "not to have HTTP status", matcher.expectedString()) +} + +func (matcher *HaveHTTPStatusMatcher) expectedString() string { + var lines []string + for _, expected := range matcher.Expected { + lines = append(lines, format.Object(expected, 1)) + } + return strings.Join(lines, "\n") +} + +func formatHttpResponse(input interface{}) string { + var resp *http.Response + switch r := input.(type) { + case *http.Response: + resp = r + case *httptest.ResponseRecorder: + resp = r.Result() + default: + return "cannot format invalid HTTP response" + } + + body := "<nil>" + if resp.Body != nil { + defer resp.Body.Close() + data, err := ioutil.ReadAll(resp.Body) + if err != nil { + data = []byte("<error reading body>") + } + body = format.Object(string(data), 0) + } + + var s strings.Builder + s.WriteString(fmt.Sprintf("%s<%s>: {\n", format.Indent, reflect.TypeOf(input))) + s.WriteString(fmt.Sprintf("%s%sStatus: %s\n", format.Indent, format.Indent, format.Object(resp.Status, 0))) + s.WriteString(fmt.Sprintf("%s%sStatusCode: %s\n", format.Indent, format.Indent, format.Object(resp.StatusCode, 0))) + s.WriteString(fmt.Sprintf("%s%sBody: %s\n", format.Indent, format.Indent, body)) + s.WriteString(fmt.Sprintf("%s}", format.Indent)) + + return s.String() } diff --git a/vendor/github.com/onsi/gomega/matchers/not.go b/vendor/github.com/onsi/gomega/matchers/not.go index 2c91670bd..78b71910d 100644 --- a/vendor/github.com/onsi/gomega/matchers/not.go +++ b/vendor/github.com/onsi/gomega/matchers/not.go @@ -1,7 +1,6 @@ package matchers import ( - "github.com/onsi/gomega/internal/oraclematcher" "github.com/onsi/gomega/types" ) @@ -26,5 +25,5 @@ func (m *NotMatcher) NegatedFailureMessage(actual interface{}) (message string) } func (m *NotMatcher) MatchMayChangeInTheFuture(actual interface{}) bool { - return oraclematcher.MatchMayChangeInTheFuture(m.Matcher, actual) // just return m.Matcher's value + return types.MatchMayChangeInTheFuture(m.Matcher, actual) // just return m.Matcher's value } diff --git a/vendor/github.com/onsi/gomega/matchers/or.go b/vendor/github.com/onsi/gomega/matchers/or.go index 3bf799800..841ae26ab 100644 --- a/vendor/github.com/onsi/gomega/matchers/or.go +++ b/vendor/github.com/onsi/gomega/matchers/or.go @@ -4,7 +4,6 @@ import ( "fmt" "github.com/onsi/gomega/format" - "github.com/onsi/gomega/internal/oraclematcher" "github.com/onsi/gomega/types" ) @@ -54,11 +53,11 @@ func (m *OrMatcher) MatchMayChangeInTheFuture(actual interface{}) bool { if m.firstSuccessfulMatcher != nil { // one of the matchers succeeded.. it must be able to change in order to affect the result - return oraclematcher.MatchMayChangeInTheFuture(m.firstSuccessfulMatcher, actual) + return types.MatchMayChangeInTheFuture(m.firstSuccessfulMatcher, actual) } else { // so all matchers failed.. Any one of them changing would change the result. for _, matcher := range m.Matchers { - if oraclematcher.MatchMayChangeInTheFuture(matcher, actual) { + if types.MatchMayChangeInTheFuture(matcher, actual) { return true } } diff --git a/vendor/github.com/onsi/gomega/matchers/with_transform.go b/vendor/github.com/onsi/gomega/matchers/with_transform.go index f3dec9101..8a06bd384 100644 --- a/vendor/github.com/onsi/gomega/matchers/with_transform.go +++ b/vendor/github.com/onsi/gomega/matchers/with_transform.go @@ -4,7 +4,6 @@ import ( "fmt" "reflect" - "github.com/onsi/gomega/internal/oraclematcher" "github.com/onsi/gomega/types" ) @@ -77,5 +76,5 @@ func (m *WithTransformMatcher) MatchMayChangeInTheFuture(_ interface{}) bool { // Querying the next matcher is fine if the transformer always will return the same value. // But if the transformer is non-deterministic and returns a different value each time, then there // is no point in querying the next matcher, since it can only comment on the last transformed value. - return oraclematcher.MatchMayChangeInTheFuture(m.Matcher, m.transformedValue) + return types.MatchMayChangeInTheFuture(m.Matcher, m.transformedValue) } diff --git a/vendor/github.com/onsi/gomega/types/types.go b/vendor/github.com/onsi/gomega/types/types.go index ac59a3a5a..c75fcb3cc 100644 --- a/vendor/github.com/onsi/gomega/types/types.go +++ b/vendor/github.com/onsi/gomega/types/types.go @@ -1,21 +1,35 @@ package types -type TWithHelper interface { - Helper() -} +import ( + "time" +) type GomegaFailHandler func(message string, callerSkip ...int) -type GomegaFailWrapper struct { - Fail GomegaFailHandler - TWithHelper TWithHelper -} - //A simple *testing.T interface wrapper type GomegaTestingT interface { + Helper() Fatalf(format string, args ...interface{}) } +// Gomega represents an object that can perform synchronous and assynchronous assertions with Gomega matchers +type Gomega interface { + Ω(actual interface{}, extra ...interface{}) Assertion + Expect(actual interface{}, extra ...interface{}) Assertion + ExpectWithOffset(offset int, actual interface{}, extra ...interface{}) Assertion + + Eventually(actual interface{}, intervals ...interface{}) AsyncAssertion + EventuallyWithOffset(offset int, actual interface{}, intervals ...interface{}) AsyncAssertion + + Consistently(actual interface{}, intervals ...interface{}) AsyncAssertion + ConsistentlyWithOffset(offset int, actual interface{}, intervals ...interface{}) AsyncAssertion + + SetDefaultEventuallyTimeout(time.Duration) + SetDefaultEventuallyPollingInterval(time.Duration) + SetDefaultConsistentlyDuration(time.Duration) + SetDefaultConsistentlyPollingInterval(time.Duration) +} + //All Gomega matchers must implement the GomegaMatcher interface // //For details on writing custom matchers, check out: http://onsi.github.io/gomega/#adding-your-own-matchers @@ -24,3 +38,42 @@ type GomegaMatcher interface { FailureMessage(actual interface{}) (message string) NegatedFailureMessage(actual interface{}) (message string) } + +/* +GomegaMatchers that also match the OracleMatcher interface can convey information about +whether or not their result will change upon future attempts. + +This allows `Eventually` and `Consistently` to short circuit if success becomes impossible. + +For example, a process' exit code can never change. So, gexec's Exit matcher returns `true` +for `MatchMayChangeInTheFuture` until the process exits, at which point it returns `false` forevermore. +*/ +type OracleMatcher interface { + MatchMayChangeInTheFuture(actual interface{}) bool +} + +func MatchMayChangeInTheFuture(matcher GomegaMatcher, value interface{}) bool { + oracleMatcher, ok := matcher.(OracleMatcher) + if !ok { + return true + } + + return oracleMatcher.MatchMayChangeInTheFuture(value) +} + +// AsyncAssertions are returned by Eventually and Consistently and enable matchers to be polled repeatedly to ensure +// they are eventually satisfied +type AsyncAssertion interface { + Should(matcher GomegaMatcher, optionalDescription ...interface{}) bool + ShouldNot(matcher GomegaMatcher, optionalDescription ...interface{}) bool +} + +// Assertions are returned by Ω and Expect and enable assertions against Gomega matchers +type Assertion interface { + Should(matcher GomegaMatcher, optionalDescription ...interface{}) bool + ShouldNot(matcher GomegaMatcher, optionalDescription ...interface{}) bool + + To(matcher GomegaMatcher, optionalDescription ...interface{}) bool + ToNot(matcher GomegaMatcher, optionalDescription ...interface{}) bool + NotTo(matcher GomegaMatcher, optionalDescription ...interface{}) bool +} diff --git a/vendor/golang.org/x/net/http2/ascii.go b/vendor/golang.org/x/net/http2/ascii.go index 0c58d727c..17caa2058 100644 --- a/vendor/golang.org/x/net/http2/ascii.go +++ b/vendor/golang.org/x/net/http2/ascii.go @@ -6,6 +6,10 @@ package http2 import "strings" +// The HTTP protocols are defined in terms of ASCII, not Unicode. This file +// contains helper functions which may use Unicode-aware functions which would +// otherwise be unsafe and could introduce vulnerabilities if used improperly. + // asciiEqualFold is strings.EqualFold, ASCII only. It reports whether s and t // are equal, ASCII-case-insensitively. func asciiEqualFold(s, t string) bool { diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go index 09bc70533..0ccbe9b4c 100644 --- a/vendor/golang.org/x/net/http2/server.go +++ b/vendor/golang.org/x/net/http2/server.go @@ -259,16 +259,12 @@ func ConfigureServer(s *http.Server, conf *Server) error { s.TLSConfig.PreferServerCipherSuites = true - haveNPN := false - for _, p := range s.TLSConfig.NextProtos { - if p == NextProtoTLS { - haveNPN = true - break - } - } - if !haveNPN { + if !strSliceContains(s.TLSConfig.NextProtos, NextProtoTLS) { s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, NextProtoTLS) } + if !strSliceContains(s.TLSConfig.NextProtos, "http/1.1") { + s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, "http/1.1") + } if s.TLSNextProto == nil { s.TLSNextProto = map[string]func(*http.Server, *tls.Conn, http.Handler){} diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index 7bd4b9c19..b97adff7d 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -264,9 +264,8 @@ type ClientConn struct { peerMaxHeaderListSize uint64 initialWindowSize uint32 - hbuf bytes.Buffer // HPACK encoder writes into this - henc *hpack.Encoder - freeBuf [][]byte + hbuf bytes.Buffer // HPACK encoder writes into this + henc *hpack.Encoder wmu sync.Mutex // held while writing; acquire AFTER mu if holding both werr error // first write error that has occurred @@ -913,46 +912,6 @@ func (cc *ClientConn) closeForLostPing() error { return cc.closeForError(err) } -const maxAllocFrameSize = 512 << 10 - -// frameBuffer returns a scratch buffer suitable for writing DATA frames. -// They're capped at the min of the peer's max frame size or 512KB -// (kinda arbitrarily), but definitely capped so we don't allocate 4GB -// bufers. -func (cc *ClientConn) frameScratchBuffer() []byte { - cc.mu.Lock() - size := cc.maxFrameSize - if size > maxAllocFrameSize { - size = maxAllocFrameSize - } - for i, buf := range cc.freeBuf { - if len(buf) >= int(size) { - cc.freeBuf[i] = nil - cc.mu.Unlock() - return buf[:size] - } - } - cc.mu.Unlock() - return make([]byte, size) -} - -func (cc *ClientConn) putFrameScratchBuffer(buf []byte) { - cc.mu.Lock() - defer cc.mu.Unlock() - const maxBufs = 4 // arbitrary; 4 concurrent requests per conn? investigate. - if len(cc.freeBuf) < maxBufs { - cc.freeBuf = append(cc.freeBuf, buf) - return - } - for i, old := range cc.freeBuf { - if old == nil { - cc.freeBuf[i] = buf - return - } - } - // forget about it. -} - // errRequestCanceled is a copy of net/http's errRequestCanceled because it's not // exported. At least they'll be DeepEqual for h1-vs-h2 comparisons tests. var errRequestCanceled = errors.New("net/http: request canceled") @@ -1295,11 +1254,35 @@ var ( errReqBodyTooLong = errors.New("http2: request body larger than specified content length") ) +// frameScratchBufferLen returns the length of a buffer to use for +// outgoing request bodies to read/write to/from. +// +// It returns max(1, min(peer's advertised max frame size, +// Request.ContentLength+1, 512KB)). +func (cs *clientStream) frameScratchBufferLen(maxFrameSize int) int { + const max = 512 << 10 + n := int64(maxFrameSize) + if n > max { + n = max + } + if cl := actualContentLength(cs.req); cl != -1 && cl+1 < n { + // Add an extra byte past the declared content-length to + // give the caller's Request.Body io.Reader a chance to + // give us more bytes than they declared, so we can catch it + // early. + n = cl + 1 + } + if n < 1 { + return 1 + } + return int(n) // doesn't truncate; max is 512K +} + +var bufPool sync.Pool // of *[]byte + func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (err error) { cc := cs.cc sentEnd := false // whether we sent the final DATA frame w/ END_STREAM - buf := cc.frameScratchBuffer() - defer cc.putFrameScratchBuffer(buf) defer func() { traceWroteRequest(cs.trace, err) @@ -1318,9 +1301,24 @@ func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) ( remainLen := actualContentLength(req) hasContentLen := remainLen != -1 + cc.mu.Lock() + maxFrameSize := int(cc.maxFrameSize) + cc.mu.Unlock() + + // Scratch buffer for reading into & writing from. + scratchLen := cs.frameScratchBufferLen(maxFrameSize) + var buf []byte + if bp, ok := bufPool.Get().(*[]byte); ok && len(*bp) >= scratchLen { + defer bufPool.Put(bp) + buf = *bp + } else { + buf = make([]byte, scratchLen) + defer bufPool.Put(&buf) + } + var sawEOF bool for !sawEOF { - n, err := body.Read(buf[:len(buf)-1]) + n, err := body.Read(buf[:len(buf)]) if hasContentLen { remainLen -= int64(n) if remainLen == 0 && err == nil { @@ -1331,8 +1329,9 @@ func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) ( // to send the END_STREAM bit early, double-check that we're actually // at EOF. Subsequent reads should return (0, EOF) at this point. // If either value is different, we return an error in one of two ways below. + var scratch [1]byte var n1 int - n1, err = body.Read(buf[n:]) + n1, err = body.Read(scratch[:]) remainLen -= int64(n1) } if remainLen < 0 { @@ -1402,10 +1401,6 @@ func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) ( } } - cc.mu.Lock() - maxFrameSize := int(cc.maxFrameSize) - cc.mu.Unlock() - cc.wmu.Lock() defer cc.wmu.Unlock() diff --git a/vendor/golang.org/x/sys/unix/ifreq_linux.go b/vendor/golang.org/x/sys/unix/ifreq_linux.go new file mode 100644 index 000000000..fd3eeccc3 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/ifreq_linux.go @@ -0,0 +1,109 @@ +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build linux +// +build linux + +package unix + +import ( + "bytes" + "unsafe" +) + +// Helpers for dealing with ifreq since it contains a union and thus requires a +// lot of unsafe.Pointer casts to use properly. + +// An Ifreq is a type-safe wrapper around the raw ifreq struct. An Ifreq +// contains an interface name and a union of arbitrary data which can be +// accessed using the Ifreq's methods. To create an Ifreq, use the NewIfreq +// function. +// +// Use the Name method to access the stored interface name. The union data +// fields can be get and set using the following methods: +// - Uint16/SetUint16: flags +// - Uint32/SetUint32: ifindex, metric, mtu +type Ifreq struct{ raw ifreq } + +// NewIfreq creates an Ifreq with the input network interface name after +// validating the name does not exceed IFNAMSIZ-1 (trailing NULL required) +// bytes. +func NewIfreq(name string) (*Ifreq, error) { + // Leave room for terminating NULL byte. + if len(name) >= IFNAMSIZ { + return nil, EINVAL + } + + var ifr ifreq + copy(ifr.Ifrn[:], name) + + return &Ifreq{raw: ifr}, nil +} + +// TODO(mdlayher): get/set methods for sockaddr, char array, etc. + +// Name returns the interface name associated with the Ifreq. +func (ifr *Ifreq) Name() string { + // BytePtrToString requires a NULL terminator or the program may crash. If + // one is not present, just return the empty string. + if !bytes.Contains(ifr.raw.Ifrn[:], []byte{0x00}) { + return "" + } + + return BytePtrToString(&ifr.raw.Ifrn[0]) +} + +// Uint16 returns the Ifreq union data as a C short/Go uint16 value. +func (ifr *Ifreq) Uint16() uint16 { + return *(*uint16)(unsafe.Pointer(&ifr.raw.Ifru[:2][0])) +} + +// SetUint16 sets a C short/Go uint16 value as the Ifreq's union data. +func (ifr *Ifreq) SetUint16(v uint16) { + ifr.clear() + *(*uint16)(unsafe.Pointer(&ifr.raw.Ifru[:2][0])) = v +} + +// Uint32 returns the Ifreq union data as a C int/Go uint32 value. +func (ifr *Ifreq) Uint32() uint32 { + return *(*uint32)(unsafe.Pointer(&ifr.raw.Ifru[:4][0])) +} + +// SetUint32 sets a C int/Go uint32 value as the Ifreq's union data. +func (ifr *Ifreq) SetUint32(v uint32) { + ifr.clear() + *(*uint32)(unsafe.Pointer(&ifr.raw.Ifru[:4][0])) = v +} + +// clear zeroes the ifreq's union field to prevent trailing garbage data from +// being sent to the kernel if an ifreq is reused. +func (ifr *Ifreq) clear() { + for i := range ifr.raw.Ifru { + ifr.raw.Ifru[i] = 0 + } +} + +// TODO(mdlayher): export as IfreqData? For now we can provide helpers such as +// IoctlGetEthtoolDrvinfo which use these APIs under the hood. + +// An ifreqData is an Ifreq which carries pointer data. To produce an ifreqData, +// use the Ifreq.withData method. +type ifreqData struct { + name [IFNAMSIZ]byte + // A type separate from ifreq is required in order to comply with the + // unsafe.Pointer rules since the "pointer-ness" of data would not be + // preserved if it were cast into the byte array of a raw ifreq. + data unsafe.Pointer + // Pad to the same size as ifreq. + _ [len(ifreq{}.Ifru) - SizeofPtr]byte +} + +// withData produces an ifreqData with the pointer p set for ioctls which require +// arbitrary pointer data. +func (ifr Ifreq) withData(p unsafe.Pointer) ifreqData { + return ifreqData{ + name: ifr.raw.Ifrn, + data: p, + } +} diff --git a/vendor/golang.org/x/sys/unix/ioctl_linux.go b/vendor/golang.org/x/sys/unix/ioctl_linux.go index 48773f730..1dadead21 100644 --- a/vendor/golang.org/x/sys/unix/ioctl_linux.go +++ b/vendor/golang.org/x/sys/unix/ioctl_linux.go @@ -5,7 +5,6 @@ package unix import ( - "runtime" "unsafe" ) @@ -22,56 +21,42 @@ func IoctlRetInt(fd int, req uint) (int, error) { func IoctlGetUint32(fd int, req uint) (uint32, error) { var value uint32 - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return value, err } func IoctlGetRTCTime(fd int) (*RTCTime, error) { var value RTCTime - err := ioctl(fd, RTC_RD_TIME, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, RTC_RD_TIME, unsafe.Pointer(&value)) return &value, err } func IoctlSetRTCTime(fd int, value *RTCTime) error { - err := ioctl(fd, RTC_SET_TIME, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(fd, RTC_SET_TIME, unsafe.Pointer(value)) } func IoctlGetRTCWkAlrm(fd int) (*RTCWkAlrm, error) { var value RTCWkAlrm - err := ioctl(fd, RTC_WKALM_RD, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, RTC_WKALM_RD, unsafe.Pointer(&value)) return &value, err } func IoctlSetRTCWkAlrm(fd int, value *RTCWkAlrm) error { - err := ioctl(fd, RTC_WKALM_SET, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err -} - -type ifreqEthtool struct { - name [IFNAMSIZ]byte - data unsafe.Pointer + return ioctlPtr(fd, RTC_WKALM_SET, unsafe.Pointer(value)) } // IoctlGetEthtoolDrvinfo fetches ethtool driver information for the network // device specified by ifname. func IoctlGetEthtoolDrvinfo(fd int, ifname string) (*EthtoolDrvinfo, error) { - // Leave room for terminating NULL byte. - if len(ifname) >= IFNAMSIZ { - return nil, EINVAL + ifr, err := NewIfreq(ifname) + if err != nil { + return nil, err } - value := EthtoolDrvinfo{ - Cmd: ETHTOOL_GDRVINFO, - } - ifreq := ifreqEthtool{ - data: unsafe.Pointer(&value), - } - copy(ifreq.name[:], ifname) - err := ioctl(fd, SIOCETHTOOL, uintptr(unsafe.Pointer(&ifreq))) - runtime.KeepAlive(ifreq) + value := EthtoolDrvinfo{Cmd: ETHTOOL_GDRVINFO} + ifrd := ifr.withData(unsafe.Pointer(&value)) + + err = ioctlIfreqData(fd, SIOCETHTOOL, &ifrd) return &value, err } @@ -80,7 +65,7 @@ func IoctlGetEthtoolDrvinfo(fd int, ifname string) (*EthtoolDrvinfo, error) { // https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html. func IoctlGetWatchdogInfo(fd int) (*WatchdogInfo, error) { var value WatchdogInfo - err := ioctl(fd, WDIOC_GETSUPPORT, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, WDIOC_GETSUPPORT, unsafe.Pointer(&value)) return &value, err } @@ -88,6 +73,7 @@ func IoctlGetWatchdogInfo(fd int) (*WatchdogInfo, error) { // more information, see: // https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html. func IoctlWatchdogKeepalive(fd int) error { + // arg is ignored and not a pointer, so ioctl is fine instead of ioctlPtr. return ioctl(fd, WDIOC_KEEPALIVE, 0) } @@ -95,9 +81,7 @@ func IoctlWatchdogKeepalive(fd int) error { // range of data conveyed in value to the file associated with the file // descriptor destFd. See the ioctl_ficlonerange(2) man page for details. func IoctlFileCloneRange(destFd int, value *FileCloneRange) error { - err := ioctl(destFd, FICLONERANGE, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(destFd, FICLONERANGE, unsafe.Pointer(value)) } // IoctlFileClone performs an FICLONE ioctl operation to clone the entire file @@ -148,7 +132,7 @@ func IoctlFileDedupeRange(srcFd int, value *FileDedupeRange) error { rawinfo.Reserved = value.Info[i].Reserved } - err := ioctl(srcFd, FIDEDUPERANGE, uintptr(unsafe.Pointer(&buf[0]))) + err := ioctlPtr(srcFd, FIDEDUPERANGE, unsafe.Pointer(&buf[0])) // Output for i := range value.Info { @@ -166,31 +150,47 @@ func IoctlFileDedupeRange(srcFd int, value *FileDedupeRange) error { } func IoctlHIDGetDesc(fd int, value *HIDRawReportDescriptor) error { - err := ioctl(fd, HIDIOCGRDESC, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(fd, HIDIOCGRDESC, unsafe.Pointer(value)) } func IoctlHIDGetRawInfo(fd int) (*HIDRawDevInfo, error) { var value HIDRawDevInfo - err := ioctl(fd, HIDIOCGRAWINFO, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, HIDIOCGRAWINFO, unsafe.Pointer(&value)) return &value, err } func IoctlHIDGetRawName(fd int) (string, error) { var value [_HIDIOCGRAWNAME_LEN]byte - err := ioctl(fd, _HIDIOCGRAWNAME, uintptr(unsafe.Pointer(&value[0]))) + err := ioctlPtr(fd, _HIDIOCGRAWNAME, unsafe.Pointer(&value[0])) return ByteSliceToString(value[:]), err } func IoctlHIDGetRawPhys(fd int) (string, error) { var value [_HIDIOCGRAWPHYS_LEN]byte - err := ioctl(fd, _HIDIOCGRAWPHYS, uintptr(unsafe.Pointer(&value[0]))) + err := ioctlPtr(fd, _HIDIOCGRAWPHYS, unsafe.Pointer(&value[0])) return ByteSliceToString(value[:]), err } func IoctlHIDGetRawUniq(fd int) (string, error) { var value [_HIDIOCGRAWUNIQ_LEN]byte - err := ioctl(fd, _HIDIOCGRAWUNIQ, uintptr(unsafe.Pointer(&value[0]))) + err := ioctlPtr(fd, _HIDIOCGRAWUNIQ, unsafe.Pointer(&value[0])) return ByteSliceToString(value[:]), err } + +// IoctlIfreq performs an ioctl using an Ifreq structure for input and/or +// output. See the netdevice(7) man page for details. +func IoctlIfreq(fd int, req uint, value *Ifreq) error { + // It is possible we will add more fields to *Ifreq itself later to prevent + // misuse, so pass the raw *ifreq directly. + return ioctlPtr(fd, req, unsafe.Pointer(&value.raw)) +} + +// TODO(mdlayher): export if and when IfreqData is exported. + +// ioctlIfreqData performs an ioctl using an ifreqData structure for input +// and/or output. See the netdevice(7) man page for details. +func ioctlIfreqData(fd int, req uint, value *ifreqData) error { + // The memory layout of IfreqData (type-safe) and ifreq (not type-safe) are + // identical so pass *IfreqData directly. + return ioctlPtr(fd, req, unsafe.Pointer(value)) +} diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 6e6afcaa1..2ed4b6d92 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -217,8 +217,6 @@ struct ltchars { #include <linux/genetlink.h> #include <linux/hdreg.h> #include <linux/hidraw.h> -#include <linux/icmp.h> -#include <linux/icmpv6.h> #include <linux/if.h> #include <linux/if_addr.h> #include <linux/if_alg.h> diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 41b91fdfb..43569fe7c 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -66,11 +66,18 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { return fchmodat(dirfd, path, mode) } -//sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL -// ioctl itself should not be exposed directly, but additional get/set -// functions for specific types are permissible. -// These are defined in ioctl.go and ioctl_linux.go. +// ioctl itself should not be exposed directly, but additional get/set functions +// for specific types are permissible. These are defined in ioctl.go and +// ioctl_linux.go. +// +// The third argument to ioctl is often a pointer but sometimes an integer. +// Callers should use ioctlPtr when the third argument is a pointer and ioctl +// when the third argument is an integer. +// +// TODO: some existing code incorrectly uses ioctl when it should use ioctlPtr. //sys Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) @@ -1859,7 +1866,7 @@ func Getpgrp() (pid int) { //sys Nanosleep(time *Timespec, leftover *Timespec) (err error) //sys PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) //sys PivotRoot(newroot string, putold string) (err error) = SYS_PIVOT_ROOT -//sysnb prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) = SYS_PRLIMIT64 +//sysnb Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) = SYS_PRLIMIT64 //sys Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) //sys Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) = SYS_PSELECT6 //sys read(fd int, p []byte) (n int, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_386.go index b430536c8..91317d749 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go @@ -105,7 +105,7 @@ const rlimInf32 = ^uint32(0) const rlimInf64 = ^uint64(0) func Getrlimit(resource int, rlim *Rlimit) (err error) { - err = prlimit(0, resource, nil, rlim) + err = Prlimit(0, resource, nil, rlim) if err != ENOSYS { return err } @@ -133,7 +133,7 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { //sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT func Setrlimit(resource int, rlim *Rlimit) (err error) { - err = prlimit(0, resource, rlim, nil) + err = Prlimit(0, resource, rlim, nil) if err != ENOSYS { return err } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go index 39a864d4e..b961a620e 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go @@ -184,7 +184,7 @@ const rlimInf32 = ^uint32(0) const rlimInf64 = ^uint64(0) func Getrlimit(resource int, rlim *Rlimit) (err error) { - err = prlimit(0, resource, nil, rlim) + err = Prlimit(0, resource, nil, rlim) if err != ENOSYS { return err } @@ -212,7 +212,7 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { //sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT func Setrlimit(resource int, rlim *Rlimit) (err error) { - err = prlimit(0, resource, rlim, nil) + err = Prlimit(0, resource, rlim, nil) if err != ENOSYS { return err } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go index 7f27ebf2f..4b977ba44 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go @@ -171,7 +171,7 @@ func Pipe2(p []int, flags int) (err error) { // Getrlimit prefers the prlimit64 system call. See issue 38604. func Getrlimit(resource int, rlim *Rlimit) error { - err := prlimit(0, resource, nil, rlim) + err := Prlimit(0, resource, nil, rlim) if err != ENOSYS { return err } @@ -180,7 +180,7 @@ func Getrlimit(resource int, rlim *Rlimit) error { // Setrlimit prefers the prlimit64 system call. See issue 38604. func Setrlimit(resource int, rlim *Rlimit) error { - err := prlimit(0, resource, rlim, nil) + err := Prlimit(0, resource, rlim, nil) if err != ENOSYS { return err } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go index 3a5621e37..21d74e2fb 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go @@ -157,7 +157,7 @@ type rlimit32 struct { //sysnb getrlimit(resource int, rlim *rlimit32) (err error) = SYS_GETRLIMIT func Getrlimit(resource int, rlim *Rlimit) (err error) { - err = prlimit(0, resource, nil, rlim) + err = Prlimit(0, resource, nil, rlim) if err != ENOSYS { return err } @@ -185,7 +185,7 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { //sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT func Setrlimit(resource int, rlim *Rlimit) (err error) { - err = prlimit(0, resource, rlim, nil) + err = Prlimit(0, resource, rlim, nil) if err != ENOSYS { return err } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go index cf0d36f76..e475d0966 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go @@ -143,7 +143,7 @@ const rlimInf32 = ^uint32(0) const rlimInf64 = ^uint64(0) func Getrlimit(resource int, rlim *Rlimit) (err error) { - err = prlimit(0, resource, nil, rlim) + err = Prlimit(0, resource, nil, rlim) if err != ENOSYS { return err } @@ -171,7 +171,7 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { //sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT func Setrlimit(resource int, rlim *Rlimit) (err error) { - err = prlimit(0, resource, rlim, nil) + err = Prlimit(0, resource, rlim, nil) if err != ENOSYS { return err } diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index 77fcde7c1..d2a6495c7 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -13,7 +13,10 @@ package unix import ( + "fmt" + "os" "runtime" + "sync" "syscall" "unsafe" ) @@ -744,3 +747,240 @@ func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, e func Munmap(b []byte) (err error) { return mapper.Munmap(b) } + +// Event Ports + +type fileObjCookie struct { + fobj *fileObj + cookie interface{} +} + +// EventPort provides a safe abstraction on top of Solaris/illumos Event Ports. +type EventPort struct { + port int + mu sync.Mutex + fds map[uintptr]interface{} + paths map[string]*fileObjCookie +} + +// PortEvent is an abstraction of the port_event C struct. +// Compare Source against PORT_SOURCE_FILE or PORT_SOURCE_FD +// to see if Path or Fd was the event source. The other will be +// uninitialized. +type PortEvent struct { + Cookie interface{} + Events int32 + Fd uintptr + Path string + Source uint16 + fobj *fileObj +} + +// NewEventPort creates a new EventPort including the +// underlying call to port_create(3c). +func NewEventPort() (*EventPort, error) { + port, err := port_create() + if err != nil { + return nil, err + } + e := &EventPort{ + port: port, + fds: make(map[uintptr]interface{}), + paths: make(map[string]*fileObjCookie), + } + return e, nil +} + +//sys port_create() (n int, err error) +//sys port_associate(port int, source int, object uintptr, events int, user *byte) (n int, err error) +//sys port_dissociate(port int, source int, object uintptr) (n int, err error) +//sys port_get(port int, pe *portEvent, timeout *Timespec) (n int, err error) +//sys port_getn(port int, pe *portEvent, max uint32, nget *uint32, timeout *Timespec) (n int, err error) + +// Close closes the event port. +func (e *EventPort) Close() error { + e.mu.Lock() + defer e.mu.Unlock() + e.fds = nil + e.paths = nil + return Close(e.port) +} + +// PathIsWatched checks to see if path is associated with this EventPort. +func (e *EventPort) PathIsWatched(path string) bool { + e.mu.Lock() + defer e.mu.Unlock() + _, found := e.paths[path] + return found +} + +// FdIsWatched checks to see if fd is associated with this EventPort. +func (e *EventPort) FdIsWatched(fd uintptr) bool { + e.mu.Lock() + defer e.mu.Unlock() + _, found := e.fds[fd] + return found +} + +// AssociatePath wraps port_associate(3c) for a filesystem path including +// creating the necessary file_obj from the provided stat information. +func (e *EventPort) AssociatePath(path string, stat os.FileInfo, events int, cookie interface{}) error { + e.mu.Lock() + defer e.mu.Unlock() + if _, found := e.paths[path]; found { + return fmt.Errorf("%v is already associated with this Event Port", path) + } + fobj, err := createFileObj(path, stat) + if err != nil { + return err + } + fCookie := &fileObjCookie{fobj, cookie} + _, err = port_associate(e.port, PORT_SOURCE_FILE, uintptr(unsafe.Pointer(fobj)), events, (*byte)(unsafe.Pointer(&fCookie.cookie))) + if err != nil { + return err + } + e.paths[path] = fCookie + return nil +} + +// DissociatePath wraps port_dissociate(3c) for a filesystem path. +func (e *EventPort) DissociatePath(path string) error { + e.mu.Lock() + defer e.mu.Unlock() + f, ok := e.paths[path] + if !ok { + return fmt.Errorf("%v is not associated with this Event Port", path) + } + _, err := port_dissociate(e.port, PORT_SOURCE_FILE, uintptr(unsafe.Pointer(f.fobj))) + if err != nil { + return err + } + delete(e.paths, path) + return nil +} + +// AssociateFd wraps calls to port_associate(3c) on file descriptors. +func (e *EventPort) AssociateFd(fd uintptr, events int, cookie interface{}) error { + e.mu.Lock() + defer e.mu.Unlock() + if _, found := e.fds[fd]; found { + return fmt.Errorf("%v is already associated with this Event Port", fd) + } + pcookie := &cookie + _, err := port_associate(e.port, PORT_SOURCE_FD, fd, events, (*byte)(unsafe.Pointer(pcookie))) + if err != nil { + return err + } + e.fds[fd] = pcookie + return nil +} + +// DissociateFd wraps calls to port_dissociate(3c) on file descriptors. +func (e *EventPort) DissociateFd(fd uintptr) error { + e.mu.Lock() + defer e.mu.Unlock() + _, ok := e.fds[fd] + if !ok { + return fmt.Errorf("%v is not associated with this Event Port", fd) + } + _, err := port_dissociate(e.port, PORT_SOURCE_FD, fd) + if err != nil { + return err + } + delete(e.fds, fd) + return nil +} + +func createFileObj(name string, stat os.FileInfo) (*fileObj, error) { + fobj := new(fileObj) + bs, err := ByteSliceFromString(name) + if err != nil { + return nil, err + } + fobj.Name = (*int8)(unsafe.Pointer(&bs[0])) + s := stat.Sys().(*syscall.Stat_t) + fobj.Atim.Sec = s.Atim.Sec + fobj.Atim.Nsec = s.Atim.Nsec + fobj.Mtim.Sec = s.Mtim.Sec + fobj.Mtim.Nsec = s.Mtim.Nsec + fobj.Ctim.Sec = s.Ctim.Sec + fobj.Ctim.Nsec = s.Ctim.Nsec + return fobj, nil +} + +// GetOne wraps port_get(3c) and returns a single PortEvent. +func (e *EventPort) GetOne(t *Timespec) (*PortEvent, error) { + pe := new(portEvent) + _, err := port_get(e.port, pe, t) + if err != nil { + return nil, err + } + p := new(PortEvent) + p.Events = pe.Events + p.Source = pe.Source + e.mu.Lock() + defer e.mu.Unlock() + switch pe.Source { + case PORT_SOURCE_FD: + p.Fd = uintptr(pe.Object) + cookie := (*interface{})(unsafe.Pointer(pe.User)) + p.Cookie = *cookie + delete(e.fds, p.Fd) + case PORT_SOURCE_FILE: + p.fobj = (*fileObj)(unsafe.Pointer(uintptr(pe.Object))) + p.Path = BytePtrToString((*byte)(unsafe.Pointer(p.fobj.Name))) + cookie := (*interface{})(unsafe.Pointer(pe.User)) + p.Cookie = *cookie + delete(e.paths, p.Path) + } + return p, nil +} + +// Pending wraps port_getn(3c) and returns how many events are pending. +func (e *EventPort) Pending() (int, error) { + var n uint32 = 0 + _, err := port_getn(e.port, nil, 0, &n, nil) + return int(n), err +} + +// Get wraps port_getn(3c) and fills a slice of PortEvent. +// It will block until either min events have been received +// or the timeout has been exceeded. It will return how many +// events were actually received along with any error information. +func (e *EventPort) Get(s []PortEvent, min int, timeout *Timespec) (int, error) { + if min == 0 { + return 0, fmt.Errorf("need to request at least one event or use Pending() instead") + } + if len(s) < min { + return 0, fmt.Errorf("len(s) (%d) is less than min events requested (%d)", len(s), min) + } + got := uint32(min) + max := uint32(len(s)) + var err error + ps := make([]portEvent, max, max) + _, err = port_getn(e.port, &ps[0], max, &got, timeout) + // got will be trustworthy with ETIME, but not any other error. + if err != nil && err != ETIME { + return 0, err + } + e.mu.Lock() + defer e.mu.Unlock() + for i := 0; i < int(got); i++ { + s[i].Events = ps[i].Events + s[i].Source = ps[i].Source + switch ps[i].Source { + case PORT_SOURCE_FD: + s[i].Fd = uintptr(ps[i].Object) + cookie := (*interface{})(unsafe.Pointer(ps[i].User)) + s[i].Cookie = *cookie + delete(e.fds, s[i].Fd) + case PORT_SOURCE_FILE: + s[i].fobj = (*fileObj)(unsafe.Pointer(uintptr(ps[i].Object))) + s[i].Path = BytePtrToString((*byte)(unsafe.Pointer(s[i].fobj.Name))) + cookie := (*interface{})(unsafe.Pointer(ps[i].User)) + s[i].Cookie = *cookie + delete(e.paths, s[i].Path) + } + } + return int(got), err +} diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go index a7618ceb5..cf296a243 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -313,6 +313,10 @@ func Recvfrom(fd int, p []byte, flags int) (n int, from Sockaddr, err error) { return } +func Send(s int, buf []byte, flags int) (err error) { + return sendto(s, buf, flags, nil, 0) +} + func Sendto(fd int, p []byte, flags int, to Sockaddr) (err error) { ptr, n, err := to.sockaddr() if err != nil { diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index 52f5bbc14..5ed10c4a0 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -228,6 +228,8 @@ const ( BPF_OR = 0x40 BPF_PSEUDO_BTF_ID = 0x3 BPF_PSEUDO_CALL = 0x1 + BPF_PSEUDO_FUNC = 0x4 + BPF_PSEUDO_KFUNC_CALL = 0x2 BPF_PSEUDO_MAP_FD = 0x1 BPF_PSEUDO_MAP_VALUE = 0x2 BPF_RET = 0x6 @@ -475,6 +477,8 @@ const ( DM_LIST_VERSIONS = 0xc138fd0d DM_MAX_TYPE_NAME = 0x10 DM_NAME_LEN = 0x80 + DM_NAME_LIST_FLAG_DOESNT_HAVE_UUID = 0x2 + DM_NAME_LIST_FLAG_HAS_UUID = 0x1 DM_NOFLUSH_FLAG = 0x800 DM_PERSISTENT_DEV_FLAG = 0x8 DM_QUERY_INACTIVE_TABLE_FLAG = 0x1000 @@ -494,9 +498,9 @@ const ( DM_UUID_FLAG = 0x4000 DM_UUID_LEN = 0x81 DM_VERSION = 0xc138fd00 - DM_VERSION_EXTRA = "-ioctl (2021-02-01)" + DM_VERSION_EXTRA = "-ioctl (2021-03-22)" DM_VERSION_MAJOR = 0x4 - DM_VERSION_MINOR = 0x2c + DM_VERSION_MINOR = 0x2d DM_VERSION_PATCHLEVEL = 0x0 DT_BLK = 0x6 DT_CHR = 0x2 @@ -981,12 +985,6 @@ const ( HPFS_SUPER_MAGIC = 0xf995e849 HUGETLBFS_MAGIC = 0x958458f6 IBSHIFT = 0x10 - ICMPV6_FILTER = 0x1 - ICMPV6_FILTER_BLOCK = 0x1 - ICMPV6_FILTER_BLOCKOTHERS = 0x3 - ICMPV6_FILTER_PASS = 0x2 - ICMPV6_FILTER_PASSONLY = 0x4 - ICMP_FILTER = 0x1 ICRNL = 0x100 IFA_F_DADFAILED = 0x8 IFA_F_DEPRECATED = 0x20 @@ -1257,6 +1255,7 @@ const ( KEXEC_ARCH_PARISC = 0xf0000 KEXEC_ARCH_PPC = 0x140000 KEXEC_ARCH_PPC64 = 0x150000 + KEXEC_ARCH_RISCV = 0xf30000 KEXEC_ARCH_S390 = 0x160000 KEXEC_ARCH_SH = 0x2a0000 KEXEC_ARCH_X86_64 = 0x3e0000 @@ -1756,14 +1755,19 @@ const ( PERF_ATTR_SIZE_VER4 = 0x68 PERF_ATTR_SIZE_VER5 = 0x70 PERF_ATTR_SIZE_VER6 = 0x78 + PERF_ATTR_SIZE_VER7 = 0x80 PERF_AUX_FLAG_COLLISION = 0x8 + PERF_AUX_FLAG_CORESIGHT_FORMAT_CORESIGHT = 0x0 + PERF_AUX_FLAG_CORESIGHT_FORMAT_RAW = 0x100 PERF_AUX_FLAG_OVERWRITE = 0x2 PERF_AUX_FLAG_PARTIAL = 0x4 + PERF_AUX_FLAG_PMU_FORMAT_TYPE_MASK = 0xff00 PERF_AUX_FLAG_TRUNCATED = 0x1 PERF_FLAG_FD_CLOEXEC = 0x8 PERF_FLAG_FD_NO_GROUP = 0x1 PERF_FLAG_FD_OUTPUT = 0x2 PERF_FLAG_PID_CGROUP = 0x4 + PERF_HW_EVENT_MASK = 0xffffffff PERF_MAX_CONTEXTS_PER_STACK = 0x8 PERF_MAX_STACK_DEPTH = 0x7f PERF_MEM_BLK_ADDR = 0x4 @@ -1822,6 +1826,7 @@ const ( PERF_MEM_TLB_OS = 0x40 PERF_MEM_TLB_SHIFT = 0x1a PERF_MEM_TLB_WK = 0x20 + PERF_PMU_TYPE_SHIFT = 0x20 PERF_RECORD_KSYMBOL_FLAGS_UNREGISTER = 0x1 PERF_RECORD_MISC_COMM_EXEC = 0x2000 PERF_RECORD_MISC_CPUMODE_MASK = 0x7 @@ -1921,7 +1926,9 @@ const ( PR_PAC_APGAKEY = 0x10 PR_PAC_APIAKEY = 0x1 PR_PAC_APIBKEY = 0x2 + PR_PAC_GET_ENABLED_KEYS = 0x3d PR_PAC_RESET_KEYS = 0x36 + PR_PAC_SET_ENABLED_KEYS = 0x3c PR_SET_CHILD_SUBREAPER = 0x24 PR_SET_DUMPABLE = 0x4 PR_SET_ENDIAN = 0x14 @@ -2003,6 +2010,7 @@ const ( PTRACE_GETREGSET = 0x4204 PTRACE_GETSIGINFO = 0x4202 PTRACE_GETSIGMASK = 0x420a + PTRACE_GET_RSEQ_CONFIGURATION = 0x420f PTRACE_GET_SYSCALL_INFO = 0x420e PTRACE_INTERRUPT = 0x4207 PTRACE_KILL = 0x8 @@ -2163,6 +2171,7 @@ const ( RTM_DELNEIGH = 0x1d RTM_DELNETCONF = 0x51 RTM_DELNEXTHOP = 0x69 + RTM_DELNEXTHOPBUCKET = 0x75 RTM_DELNSID = 0x59 RTM_DELQDISC = 0x25 RTM_DELROUTE = 0x19 @@ -2193,6 +2202,7 @@ const ( RTM_GETNEIGHTBL = 0x42 RTM_GETNETCONF = 0x52 RTM_GETNEXTHOP = 0x6a + RTM_GETNEXTHOPBUCKET = 0x76 RTM_GETNSID = 0x5a RTM_GETQDISC = 0x26 RTM_GETROUTE = 0x1a @@ -2201,7 +2211,7 @@ const ( RTM_GETTCLASS = 0x2a RTM_GETTFILTER = 0x2e RTM_GETVLAN = 0x72 - RTM_MAX = 0x73 + RTM_MAX = 0x77 RTM_NEWACTION = 0x30 RTM_NEWADDR = 0x14 RTM_NEWADDRLABEL = 0x48 @@ -2215,6 +2225,7 @@ const ( RTM_NEWNEIGHTBL = 0x40 RTM_NEWNETCONF = 0x50 RTM_NEWNEXTHOP = 0x68 + RTM_NEWNEXTHOPBUCKET = 0x74 RTM_NEWNSID = 0x58 RTM_NEWNVLAN = 0x70 RTM_NEWPREFIX = 0x34 @@ -2224,8 +2235,8 @@ const ( RTM_NEWSTATS = 0x5c RTM_NEWTCLASS = 0x28 RTM_NEWTFILTER = 0x2c - RTM_NR_FAMILIES = 0x19 - RTM_NR_MSGTYPES = 0x64 + RTM_NR_FAMILIES = 0x1a + RTM_NR_MSGTYPES = 0x68 RTM_SETDCB = 0x4f RTM_SETLINK = 0x13 RTM_SETNEIGHTBL = 0x43 @@ -2253,6 +2264,7 @@ const ( RTPROT_MROUTED = 0x11 RTPROT_MRT = 0xa RTPROT_NTK = 0xf + RTPROT_OPENR = 0x63 RTPROT_OSPF = 0xbc RTPROT_RA = 0x9 RTPROT_REDIRECT = 0x1 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 09fc559ed..cca248d1d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -147,6 +147,7 @@ const ( NS_GET_USERNS = 0xb701 OLCUC = 0x2 ONLCR = 0x4 + OTPERASE = 0x400c4d19 OTPGETREGIONCOUNT = 0x40044d0e OTPGETREGIONINFO = 0x400c4d0f OTPLOCK = 0x800c4d10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 75730cc22..9521a4804 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -147,6 +147,7 @@ const ( NS_GET_USERNS = 0xb701 OLCUC = 0x2 ONLCR = 0x4 + OTPERASE = 0x400c4d19 OTPGETREGIONCOUNT = 0x40044d0e OTPGETREGIONINFO = 0x400c4d0f OTPLOCK = 0x800c4d10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 127cf17ad..ddb40a40d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -145,6 +145,7 @@ const ( NS_GET_USERNS = 0xb701 OLCUC = 0x2 ONLCR = 0x4 + OTPERASE = 0x400c4d19 OTPGETREGIONCOUNT = 0x40044d0e OTPGETREGIONINFO = 0x400c4d0f OTPLOCK = 0x800c4d10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 957ca1ff1..3df31e0d4 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -148,6 +148,7 @@ const ( NS_GET_USERNS = 0xb701 OLCUC = 0x2 ONLCR = 0x4 + OTPERASE = 0x400c4d19 OTPGETREGIONCOUNT = 0x40044d0e OTPGETREGIONINFO = 0x400c4d0f OTPLOCK = 0x800c4d10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 314a2054f..179c7d68d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -145,6 +145,7 @@ const ( NS_GET_USERNS = 0x2000b701 OLCUC = 0x2 ONLCR = 0x4 + OTPERASE = 0x800c4d19 OTPGETREGIONCOUNT = 0x80044d0e OTPGETREGIONINFO = 0x800c4d0f OTPLOCK = 0x400c4d10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 457e8de97..84ab15a85 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -145,6 +145,7 @@ const ( NS_GET_USERNS = 0x2000b701 OLCUC = 0x2 ONLCR = 0x4 + OTPERASE = 0x800c4d19 OTPGETREGIONCOUNT = 0x80044d0e OTPGETREGIONINFO = 0x800c4d0f OTPLOCK = 0x400c4d10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 33cd28f6b..6aa064da5 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -145,6 +145,7 @@ const ( NS_GET_USERNS = 0x2000b701 OLCUC = 0x2 ONLCR = 0x4 + OTPERASE = 0x800c4d19 OTPGETREGIONCOUNT = 0x80044d0e OTPGETREGIONINFO = 0x800c4d0f OTPLOCK = 0x400c4d10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 0e085ba14..960650f2b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -145,6 +145,7 @@ const ( NS_GET_USERNS = 0x2000b701 OLCUC = 0x2 ONLCR = 0x4 + OTPERASE = 0x800c4d19 OTPGETREGIONCOUNT = 0x80044d0e OTPGETREGIONINFO = 0x800c4d0f OTPLOCK = 0x400c4d10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 1b5928cff..7365221d0 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -147,6 +147,7 @@ const ( NS_GET_USERNS = 0x2000b701 OLCUC = 0x4 ONLCR = 0x2 + OTPERASE = 0x800c4d19 OTPGETREGIONCOUNT = 0x80044d0e OTPGETREGIONINFO = 0x800c4d0f OTPLOCK = 0x400c4d10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index f3a41d6ec..5967db35c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -147,6 +147,7 @@ const ( NS_GET_USERNS = 0x2000b701 OLCUC = 0x4 ONLCR = 0x2 + OTPERASE = 0x800c4d19 OTPGETREGIONCOUNT = 0x80044d0e OTPGETREGIONINFO = 0x800c4d0f OTPLOCK = 0x400c4d10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 6a5a555d5..f88869849 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -147,6 +147,7 @@ const ( NS_GET_USERNS = 0x2000b701 OLCUC = 0x4 ONLCR = 0x2 + OTPERASE = 0x800c4d19 OTPGETREGIONCOUNT = 0x80044d0e OTPGETREGIONINFO = 0x800c4d0f OTPLOCK = 0x400c4d10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index a4da67edb..8048706f3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -145,6 +145,7 @@ const ( NS_GET_USERNS = 0xb701 OLCUC = 0x2 ONLCR = 0x4 + OTPERASE = 0x400c4d19 OTPGETREGIONCOUNT = 0x40044d0e OTPGETREGIONINFO = 0x400c4d0f OTPLOCK = 0x800c4d10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index a7028e0ef..fb7859417 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -145,6 +145,7 @@ const ( NS_GET_USERNS = 0xb701 OLCUC = 0x2 ONLCR = 0x4 + OTPERASE = 0x400c4d19 OTPGETREGIONCOUNT = 0x40044d0e OTPGETREGIONINFO = 0x400c4d0f OTPLOCK = 0x800c4d10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index ed3b3286c..81e18d23f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -150,6 +150,7 @@ const ( NS_GET_USERNS = 0x2000b701 OLCUC = 0x2 ONLCR = 0x4 + OTPERASE = 0x800c4d19 OTPGETREGIONCOUNT = 0x80044d0e OTPGETREGIONINFO = 0x800c4d0f OTPLOCK = 0x400c4d10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go index 593cc0fef..6d56edc05 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go @@ -1020,7 +1020,10 @@ const ( RLIMIT_CPU = 0x0 RLIMIT_DATA = 0x2 RLIMIT_FSIZE = 0x1 + RLIMIT_MEMLOCK = 0x6 RLIMIT_NOFILE = 0x8 + RLIMIT_NPROC = 0x7 + RLIMIT_RSS = 0x5 RLIMIT_STACK = 0x3 RLIM_INFINITY = 0x7fffffffffffffff RTAX_AUTHOR = 0x6 diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go index a4e4c2231..aef6c0856 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go @@ -1020,7 +1020,10 @@ const ( RLIMIT_CPU = 0x0 RLIMIT_DATA = 0x2 RLIMIT_FSIZE = 0x1 + RLIMIT_MEMLOCK = 0x6 RLIMIT_NOFILE = 0x8 + RLIMIT_NPROC = 0x7 + RLIMIT_RSS = 0x5 RLIMIT_STACK = 0x3 RLIM_INFINITY = 0x7fffffffffffffff RTAX_AUTHOR = 0x6 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 7305cc915..2dbe3da7a 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -48,6 +48,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(oldpath) @@ -1201,7 +1211,7 @@ func PivotRoot(newroot string, putold string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) { +func Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) { _, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0) if e1 != 0 { err = errnoErr(e1) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index 4e18d5c99..b5f926cee 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -141,6 +141,11 @@ import ( //go:cgo_import_dynamic libc_getpeername getpeername "libsocket.so" //go:cgo_import_dynamic libc_setsockopt setsockopt "libsocket.so" //go:cgo_import_dynamic libc_recvfrom recvfrom "libsocket.so" +//go:cgo_import_dynamic libc_port_create port_create "libc.so" +//go:cgo_import_dynamic libc_port_associate port_associate "libc.so" +//go:cgo_import_dynamic libc_port_dissociate port_dissociate "libc.so" +//go:cgo_import_dynamic libc_port_get port_get "libc.so" +//go:cgo_import_dynamic libc_port_getn port_getn "libc.so" //go:linkname procpipe libc_pipe //go:linkname procpipe2 libc_pipe2 @@ -272,6 +277,11 @@ import ( //go:linkname procgetpeername libc_getpeername //go:linkname procsetsockopt libc_setsockopt //go:linkname procrecvfrom libc_recvfrom +//go:linkname procport_create libc_port_create +//go:linkname procport_associate libc_port_associate +//go:linkname procport_dissociate libc_port_dissociate +//go:linkname procport_get libc_port_get +//go:linkname procport_getn libc_port_getn var ( procpipe, @@ -403,7 +413,12 @@ var ( proc__xnet_getsockopt, procgetpeername, procsetsockopt, - procrecvfrom syscallFunc + procrecvfrom, + procport_create, + procport_associate, + procport_dissociate, + procport_get, + procport_getn syscallFunc ) // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT @@ -1981,3 +1996,58 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func port_create() (n int, err error) { + r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_create)), 0, 0, 0, 0, 0, 0, 0) + n = int(r0) + if e1 != 0 { + err = e1 + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func port_associate(port int, source int, object uintptr, events int, user *byte) (n int, err error) { + r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_associate)), 5, uintptr(port), uintptr(source), uintptr(object), uintptr(events), uintptr(unsafe.Pointer(user)), 0) + n = int(r0) + if e1 != 0 { + err = e1 + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func port_dissociate(port int, source int, object uintptr) (n int, err error) { + r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_dissociate)), 3, uintptr(port), uintptr(source), uintptr(object), 0, 0, 0) + n = int(r0) + if e1 != 0 { + err = e1 + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func port_get(port int, pe *portEvent, timeout *Timespec) (n int, err error) { + r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_get)), 3, uintptr(port), uintptr(unsafe.Pointer(pe)), uintptr(unsafe.Pointer(timeout)), 0, 0, 0) + n = int(r0) + if e1 != 0 { + err = e1 + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func port_getn(port int, pe *portEvent, max uint32, nget *uint32, timeout *Timespec) (n int, err error) { + r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_getn)), 5, uintptr(port), uintptr(unsafe.Pointer(pe)), uintptr(max), uintptr(unsafe.Pointer(nget)), uintptr(unsafe.Pointer(timeout)), 0) + n = int(r0) + if e1 != 0 { + err = e1 + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go index fbc59b7fd..eb3afe678 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go @@ -439,4 +439,7 @@ const ( SYS_PROCESS_MADVISE = 440 SYS_EPOLL_PWAIT2 = 441 SYS_MOUNT_SETATTR = 442 + SYS_LANDLOCK_CREATE_RULESET = 444 + SYS_LANDLOCK_ADD_RULE = 445 + SYS_LANDLOCK_RESTRICT_SELF = 446 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go index 04d16d771..8e7e3aedc 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go @@ -7,358 +7,361 @@ package unix const ( - SYS_READ = 0 - SYS_WRITE = 1 - SYS_OPEN = 2 - SYS_CLOSE = 3 - SYS_STAT = 4 - SYS_FSTAT = 5 - SYS_LSTAT = 6 - SYS_POLL = 7 - SYS_LSEEK = 8 - SYS_MMAP = 9 - SYS_MPROTECT = 10 - SYS_MUNMAP = 11 - SYS_BRK = 12 - SYS_RT_SIGACTION = 13 - SYS_RT_SIGPROCMASK = 14 - SYS_RT_SIGRETURN = 15 - SYS_IOCTL = 16 - SYS_PREAD64 = 17 - SYS_PWRITE64 = 18 - SYS_READV = 19 - SYS_WRITEV = 20 - SYS_ACCESS = 21 - SYS_PIPE = 22 - SYS_SELECT = 23 - SYS_SCHED_YIELD = 24 - SYS_MREMAP = 25 - SYS_MSYNC = 26 - SYS_MINCORE = 27 - SYS_MADVISE = 28 - SYS_SHMGET = 29 - SYS_SHMAT = 30 - SYS_SHMCTL = 31 - SYS_DUP = 32 - SYS_DUP2 = 33 - SYS_PAUSE = 34 - SYS_NANOSLEEP = 35 - SYS_GETITIMER = 36 - SYS_ALARM = 37 - SYS_SETITIMER = 38 - SYS_GETPID = 39 - SYS_SENDFILE = 40 - SYS_SOCKET = 41 - SYS_CONNECT = 42 - SYS_ACCEPT = 43 - SYS_SENDTO = 44 - SYS_RECVFROM = 45 - SYS_SENDMSG = 46 - SYS_RECVMSG = 47 - SYS_SHUTDOWN = 48 - SYS_BIND = 49 - SYS_LISTEN = 50 - SYS_GETSOCKNAME = 51 - SYS_GETPEERNAME = 52 - SYS_SOCKETPAIR = 53 - SYS_SETSOCKOPT = 54 - SYS_GETSOCKOPT = 55 - SYS_CLONE = 56 - SYS_FORK = 57 - SYS_VFORK = 58 - SYS_EXECVE = 59 - SYS_EXIT = 60 - SYS_WAIT4 = 61 - SYS_KILL = 62 - SYS_UNAME = 63 - SYS_SEMGET = 64 - SYS_SEMOP = 65 - SYS_SEMCTL = 66 - SYS_SHMDT = 67 - SYS_MSGGET = 68 - SYS_MSGSND = 69 - SYS_MSGRCV = 70 - SYS_MSGCTL = 71 - SYS_FCNTL = 72 - SYS_FLOCK = 73 - SYS_FSYNC = 74 - SYS_FDATASYNC = 75 - SYS_TRUNCATE = 76 - SYS_FTRUNCATE = 77 - SYS_GETDENTS = 78 - SYS_GETCWD = 79 - SYS_CHDIR = 80 - SYS_FCHDIR = 81 - SYS_RENAME = 82 - SYS_MKDIR = 83 - SYS_RMDIR = 84 - SYS_CREAT = 85 - SYS_LINK = 86 - SYS_UNLINK = 87 - SYS_SYMLINK = 88 - SYS_READLINK = 89 - SYS_CHMOD = 90 - SYS_FCHMOD = 91 - SYS_CHOWN = 92 - SYS_FCHOWN = 93 - SYS_LCHOWN = 94 - SYS_UMASK = 95 - SYS_GETTIMEOFDAY = 96 - SYS_GETRLIMIT = 97 - SYS_GETRUSAGE = 98 - SYS_SYSINFO = 99 - SYS_TIMES = 100 - SYS_PTRACE = 101 - SYS_GETUID = 102 - SYS_SYSLOG = 103 - SYS_GETGID = 104 - SYS_SETUID = 105 - SYS_SETGID = 106 - SYS_GETEUID = 107 - SYS_GETEGID = 108 - SYS_SETPGID = 109 - SYS_GETPPID = 110 - SYS_GETPGRP = 111 - SYS_SETSID = 112 - SYS_SETREUID = 113 - SYS_SETREGID = 114 - SYS_GETGROUPS = 115 - SYS_SETGROUPS = 116 - SYS_SETRESUID = 117 - SYS_GETRESUID = 118 - SYS_SETRESGID = 119 - SYS_GETRESGID = 120 - SYS_GETPGID = 121 - SYS_SETFSUID = 122 - SYS_SETFSGID = 123 - SYS_GETSID = 124 - SYS_CAPGET = 125 - SYS_CAPSET = 126 - SYS_RT_SIGPENDING = 127 - SYS_RT_SIGTIMEDWAIT = 128 - SYS_RT_SIGQUEUEINFO = 129 - SYS_RT_SIGSUSPEND = 130 - SYS_SIGALTSTACK = 131 - SYS_UTIME = 132 - SYS_MKNOD = 133 - SYS_USELIB = 134 - SYS_PERSONALITY = 135 - SYS_USTAT = 136 - SYS_STATFS = 137 - SYS_FSTATFS = 138 - SYS_SYSFS = 139 - SYS_GETPRIORITY = 140 - SYS_SETPRIORITY = 141 - SYS_SCHED_SETPARAM = 142 - SYS_SCHED_GETPARAM = 143 - SYS_SCHED_SETSCHEDULER = 144 - SYS_SCHED_GETSCHEDULER = 145 - SYS_SCHED_GET_PRIORITY_MAX = 146 - SYS_SCHED_GET_PRIORITY_MIN = 147 - SYS_SCHED_RR_GET_INTERVAL = 148 - SYS_MLOCK = 149 - SYS_MUNLOCK = 150 - SYS_MLOCKALL = 151 - SYS_MUNLOCKALL = 152 - SYS_VHANGUP = 153 - SYS_MODIFY_LDT = 154 - SYS_PIVOT_ROOT = 155 - SYS__SYSCTL = 156 - SYS_PRCTL = 157 - SYS_ARCH_PRCTL = 158 - SYS_ADJTIMEX = 159 - SYS_SETRLIMIT = 160 - SYS_CHROOT = 161 - SYS_SYNC = 162 - SYS_ACCT = 163 - SYS_SETTIMEOFDAY = 164 - SYS_MOUNT = 165 - SYS_UMOUNT2 = 166 - SYS_SWAPON = 167 - SYS_SWAPOFF = 168 - SYS_REBOOT = 169 - SYS_SETHOSTNAME = 170 - SYS_SETDOMAINNAME = 171 - SYS_IOPL = 172 - SYS_IOPERM = 173 - SYS_CREATE_MODULE = 174 - SYS_INIT_MODULE = 175 - SYS_DELETE_MODULE = 176 - SYS_GET_KERNEL_SYMS = 177 - SYS_QUERY_MODULE = 178 - SYS_QUOTACTL = 179 - SYS_NFSSERVCTL = 180 - SYS_GETPMSG = 181 - SYS_PUTPMSG = 182 - SYS_AFS_SYSCALL = 183 - SYS_TUXCALL = 184 - SYS_SECURITY = 185 - SYS_GETTID = 186 - SYS_READAHEAD = 187 - SYS_SETXATTR = 188 - SYS_LSETXATTR = 189 - SYS_FSETXATTR = 190 - SYS_GETXATTR = 191 - SYS_LGETXATTR = 192 - SYS_FGETXATTR = 193 - SYS_LISTXATTR = 194 - SYS_LLISTXATTR = 195 - SYS_FLISTXATTR = 196 - SYS_REMOVEXATTR = 197 - SYS_LREMOVEXATTR = 198 - SYS_FREMOVEXATTR = 199 - SYS_TKILL = 200 - SYS_TIME = 201 - SYS_FUTEX = 202 - SYS_SCHED_SETAFFINITY = 203 - SYS_SCHED_GETAFFINITY = 204 - SYS_SET_THREAD_AREA = 205 - SYS_IO_SETUP = 206 - SYS_IO_DESTROY = 207 - SYS_IO_GETEVENTS = 208 - SYS_IO_SUBMIT = 209 - SYS_IO_CANCEL = 210 - SYS_GET_THREAD_AREA = 211 - SYS_LOOKUP_DCOOKIE = 212 - SYS_EPOLL_CREATE = 213 - SYS_EPOLL_CTL_OLD = 214 - SYS_EPOLL_WAIT_OLD = 215 - SYS_REMAP_FILE_PAGES = 216 - SYS_GETDENTS64 = 217 - SYS_SET_TID_ADDRESS = 218 - SYS_RESTART_SYSCALL = 219 - SYS_SEMTIMEDOP = 220 - SYS_FADVISE64 = 221 - SYS_TIMER_CREATE = 222 - SYS_TIMER_SETTIME = 223 - SYS_TIMER_GETTIME = 224 - SYS_TIMER_GETOVERRUN = 225 - SYS_TIMER_DELETE = 226 - SYS_CLOCK_SETTIME = 227 - SYS_CLOCK_GETTIME = 228 - SYS_CLOCK_GETRES = 229 - SYS_CLOCK_NANOSLEEP = 230 - SYS_EXIT_GROUP = 231 - SYS_EPOLL_WAIT = 232 - SYS_EPOLL_CTL = 233 - SYS_TGKILL = 234 - SYS_UTIMES = 235 - SYS_VSERVER = 236 - SYS_MBIND = 237 - SYS_SET_MEMPOLICY = 238 - SYS_GET_MEMPOLICY = 239 - SYS_MQ_OPEN = 240 - SYS_MQ_UNLINK = 241 - SYS_MQ_TIMEDSEND = 242 - SYS_MQ_TIMEDRECEIVE = 243 - SYS_MQ_NOTIFY = 244 - SYS_MQ_GETSETATTR = 245 - SYS_KEXEC_LOAD = 246 - SYS_WAITID = 247 - SYS_ADD_KEY = 248 - SYS_REQUEST_KEY = 249 - SYS_KEYCTL = 250 - SYS_IOPRIO_SET = 251 - SYS_IOPRIO_GET = 252 - SYS_INOTIFY_INIT = 253 - SYS_INOTIFY_ADD_WATCH = 254 - SYS_INOTIFY_RM_WATCH = 255 - SYS_MIGRATE_PAGES = 256 - SYS_OPENAT = 257 - SYS_MKDIRAT = 258 - SYS_MKNODAT = 259 - SYS_FCHOWNAT = 260 - SYS_FUTIMESAT = 261 - SYS_NEWFSTATAT = 262 - SYS_UNLINKAT = 263 - SYS_RENAMEAT = 264 - SYS_LINKAT = 265 - SYS_SYMLINKAT = 266 - SYS_READLINKAT = 267 - SYS_FCHMODAT = 268 - SYS_FACCESSAT = 269 - SYS_PSELECT6 = 270 - SYS_PPOLL = 271 - SYS_UNSHARE = 272 - SYS_SET_ROBUST_LIST = 273 - SYS_GET_ROBUST_LIST = 274 - SYS_SPLICE = 275 - SYS_TEE = 276 - SYS_SYNC_FILE_RANGE = 277 - SYS_VMSPLICE = 278 - SYS_MOVE_PAGES = 279 - SYS_UTIMENSAT = 280 - SYS_EPOLL_PWAIT = 281 - SYS_SIGNALFD = 282 - SYS_TIMERFD_CREATE = 283 - SYS_EVENTFD = 284 - SYS_FALLOCATE = 285 - SYS_TIMERFD_SETTIME = 286 - SYS_TIMERFD_GETTIME = 287 - SYS_ACCEPT4 = 288 - SYS_SIGNALFD4 = 289 - SYS_EVENTFD2 = 290 - SYS_EPOLL_CREATE1 = 291 - SYS_DUP3 = 292 - SYS_PIPE2 = 293 - SYS_INOTIFY_INIT1 = 294 - SYS_PREADV = 295 - SYS_PWRITEV = 296 - SYS_RT_TGSIGQUEUEINFO = 297 - SYS_PERF_EVENT_OPEN = 298 - SYS_RECVMMSG = 299 - SYS_FANOTIFY_INIT = 300 - SYS_FANOTIFY_MARK = 301 - SYS_PRLIMIT64 = 302 - SYS_NAME_TO_HANDLE_AT = 303 - SYS_OPEN_BY_HANDLE_AT = 304 - SYS_CLOCK_ADJTIME = 305 - SYS_SYNCFS = 306 - SYS_SENDMMSG = 307 - SYS_SETNS = 308 - SYS_GETCPU = 309 - SYS_PROCESS_VM_READV = 310 - SYS_PROCESS_VM_WRITEV = 311 - SYS_KCMP = 312 - SYS_FINIT_MODULE = 313 - SYS_SCHED_SETATTR = 314 - SYS_SCHED_GETATTR = 315 - SYS_RENAMEAT2 = 316 - SYS_SECCOMP = 317 - SYS_GETRANDOM = 318 - SYS_MEMFD_CREATE = 319 - SYS_KEXEC_FILE_LOAD = 320 - SYS_BPF = 321 - SYS_EXECVEAT = 322 - SYS_USERFAULTFD = 323 - SYS_MEMBARRIER = 324 - SYS_MLOCK2 = 325 - SYS_COPY_FILE_RANGE = 326 - SYS_PREADV2 = 327 - SYS_PWRITEV2 = 328 - SYS_PKEY_MPROTECT = 329 - SYS_PKEY_ALLOC = 330 - SYS_PKEY_FREE = 331 - SYS_STATX = 332 - SYS_IO_PGETEVENTS = 333 - SYS_RSEQ = 334 - SYS_PIDFD_SEND_SIGNAL = 424 - SYS_IO_URING_SETUP = 425 - SYS_IO_URING_ENTER = 426 - SYS_IO_URING_REGISTER = 427 - SYS_OPEN_TREE = 428 - SYS_MOVE_MOUNT = 429 - SYS_FSOPEN = 430 - SYS_FSCONFIG = 431 - SYS_FSMOUNT = 432 - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLONE3 = 435 - SYS_CLOSE_RANGE = 436 - SYS_OPENAT2 = 437 - SYS_PIDFD_GETFD = 438 - SYS_FACCESSAT2 = 439 - SYS_PROCESS_MADVISE = 440 - SYS_EPOLL_PWAIT2 = 441 - SYS_MOUNT_SETATTR = 442 + SYS_READ = 0 + SYS_WRITE = 1 + SYS_OPEN = 2 + SYS_CLOSE = 3 + SYS_STAT = 4 + SYS_FSTAT = 5 + SYS_LSTAT = 6 + SYS_POLL = 7 + SYS_LSEEK = 8 + SYS_MMAP = 9 + SYS_MPROTECT = 10 + SYS_MUNMAP = 11 + SYS_BRK = 12 + SYS_RT_SIGACTION = 13 + SYS_RT_SIGPROCMASK = 14 + SYS_RT_SIGRETURN = 15 + SYS_IOCTL = 16 + SYS_PREAD64 = 17 + SYS_PWRITE64 = 18 + SYS_READV = 19 + SYS_WRITEV = 20 + SYS_ACCESS = 21 + SYS_PIPE = 22 + SYS_SELECT = 23 + SYS_SCHED_YIELD = 24 + SYS_MREMAP = 25 + SYS_MSYNC = 26 + SYS_MINCORE = 27 + SYS_MADVISE = 28 + SYS_SHMGET = 29 + SYS_SHMAT = 30 + SYS_SHMCTL = 31 + SYS_DUP = 32 + SYS_DUP2 = 33 + SYS_PAUSE = 34 + SYS_NANOSLEEP = 35 + SYS_GETITIMER = 36 + SYS_ALARM = 37 + SYS_SETITIMER = 38 + SYS_GETPID = 39 + SYS_SENDFILE = 40 + SYS_SOCKET = 41 + SYS_CONNECT = 42 + SYS_ACCEPT = 43 + SYS_SENDTO = 44 + SYS_RECVFROM = 45 + SYS_SENDMSG = 46 + SYS_RECVMSG = 47 + SYS_SHUTDOWN = 48 + SYS_BIND = 49 + SYS_LISTEN = 50 + SYS_GETSOCKNAME = 51 + SYS_GETPEERNAME = 52 + SYS_SOCKETPAIR = 53 + SYS_SETSOCKOPT = 54 + SYS_GETSOCKOPT = 55 + SYS_CLONE = 56 + SYS_FORK = 57 + SYS_VFORK = 58 + SYS_EXECVE = 59 + SYS_EXIT = 60 + SYS_WAIT4 = 61 + SYS_KILL = 62 + SYS_UNAME = 63 + SYS_SEMGET = 64 + SYS_SEMOP = 65 + SYS_SEMCTL = 66 + SYS_SHMDT = 67 + SYS_MSGGET = 68 + SYS_MSGSND = 69 + SYS_MSGRCV = 70 + SYS_MSGCTL = 71 + SYS_FCNTL = 72 + SYS_FLOCK = 73 + SYS_FSYNC = 74 + SYS_FDATASYNC = 75 + SYS_TRUNCATE = 76 + SYS_FTRUNCATE = 77 + SYS_GETDENTS = 78 + SYS_GETCWD = 79 + SYS_CHDIR = 80 + SYS_FCHDIR = 81 + SYS_RENAME = 82 + SYS_MKDIR = 83 + SYS_RMDIR = 84 + SYS_CREAT = 85 + SYS_LINK = 86 + SYS_UNLINK = 87 + SYS_SYMLINK = 88 + SYS_READLINK = 89 + SYS_CHMOD = 90 + SYS_FCHMOD = 91 + SYS_CHOWN = 92 + SYS_FCHOWN = 93 + SYS_LCHOWN = 94 + SYS_UMASK = 95 + SYS_GETTIMEOFDAY = 96 + SYS_GETRLIMIT = 97 + SYS_GETRUSAGE = 98 + SYS_SYSINFO = 99 + SYS_TIMES = 100 + SYS_PTRACE = 101 + SYS_GETUID = 102 + SYS_SYSLOG = 103 + SYS_GETGID = 104 + SYS_SETUID = 105 + SYS_SETGID = 106 + SYS_GETEUID = 107 + SYS_GETEGID = 108 + SYS_SETPGID = 109 + SYS_GETPPID = 110 + SYS_GETPGRP = 111 + SYS_SETSID = 112 + SYS_SETREUID = 113 + SYS_SETREGID = 114 + SYS_GETGROUPS = 115 + SYS_SETGROUPS = 116 + SYS_SETRESUID = 117 + SYS_GETRESUID = 118 + SYS_SETRESGID = 119 + SYS_GETRESGID = 120 + SYS_GETPGID = 121 + SYS_SETFSUID = 122 + SYS_SETFSGID = 123 + SYS_GETSID = 124 + SYS_CAPGET = 125 + SYS_CAPSET = 126 + SYS_RT_SIGPENDING = 127 + SYS_RT_SIGTIMEDWAIT = 128 + SYS_RT_SIGQUEUEINFO = 129 + SYS_RT_SIGSUSPEND = 130 + SYS_SIGALTSTACK = 131 + SYS_UTIME = 132 + SYS_MKNOD = 133 + SYS_USELIB = 134 + SYS_PERSONALITY = 135 + SYS_USTAT = 136 + SYS_STATFS = 137 + SYS_FSTATFS = 138 + SYS_SYSFS = 139 + SYS_GETPRIORITY = 140 + SYS_SETPRIORITY = 141 + SYS_SCHED_SETPARAM = 142 + SYS_SCHED_GETPARAM = 143 + SYS_SCHED_SETSCHEDULER = 144 + SYS_SCHED_GETSCHEDULER = 145 + SYS_SCHED_GET_PRIORITY_MAX = 146 + SYS_SCHED_GET_PRIORITY_MIN = 147 + SYS_SCHED_RR_GET_INTERVAL = 148 + SYS_MLOCK = 149 + SYS_MUNLOCK = 150 + SYS_MLOCKALL = 151 + SYS_MUNLOCKALL = 152 + SYS_VHANGUP = 153 + SYS_MODIFY_LDT = 154 + SYS_PIVOT_ROOT = 155 + SYS__SYSCTL = 156 + SYS_PRCTL = 157 + SYS_ARCH_PRCTL = 158 + SYS_ADJTIMEX = 159 + SYS_SETRLIMIT = 160 + SYS_CHROOT = 161 + SYS_SYNC = 162 + SYS_ACCT = 163 + SYS_SETTIMEOFDAY = 164 + SYS_MOUNT = 165 + SYS_UMOUNT2 = 166 + SYS_SWAPON = 167 + SYS_SWAPOFF = 168 + SYS_REBOOT = 169 + SYS_SETHOSTNAME = 170 + SYS_SETDOMAINNAME = 171 + SYS_IOPL = 172 + SYS_IOPERM = 173 + SYS_CREATE_MODULE = 174 + SYS_INIT_MODULE = 175 + SYS_DELETE_MODULE = 176 + SYS_GET_KERNEL_SYMS = 177 + SYS_QUERY_MODULE = 178 + SYS_QUOTACTL = 179 + SYS_NFSSERVCTL = 180 + SYS_GETPMSG = 181 + SYS_PUTPMSG = 182 + SYS_AFS_SYSCALL = 183 + SYS_TUXCALL = 184 + SYS_SECURITY = 185 + SYS_GETTID = 186 + SYS_READAHEAD = 187 + SYS_SETXATTR = 188 + SYS_LSETXATTR = 189 + SYS_FSETXATTR = 190 + SYS_GETXATTR = 191 + SYS_LGETXATTR = 192 + SYS_FGETXATTR = 193 + SYS_LISTXATTR = 194 + SYS_LLISTXATTR = 195 + SYS_FLISTXATTR = 196 + SYS_REMOVEXATTR = 197 + SYS_LREMOVEXATTR = 198 + SYS_FREMOVEXATTR = 199 + SYS_TKILL = 200 + SYS_TIME = 201 + SYS_FUTEX = 202 + SYS_SCHED_SETAFFINITY = 203 + SYS_SCHED_GETAFFINITY = 204 + SYS_SET_THREAD_AREA = 205 + SYS_IO_SETUP = 206 + SYS_IO_DESTROY = 207 + SYS_IO_GETEVENTS = 208 + SYS_IO_SUBMIT = 209 + SYS_IO_CANCEL = 210 + SYS_GET_THREAD_AREA = 211 + SYS_LOOKUP_DCOOKIE = 212 + SYS_EPOLL_CREATE = 213 + SYS_EPOLL_CTL_OLD = 214 + SYS_EPOLL_WAIT_OLD = 215 + SYS_REMAP_FILE_PAGES = 216 + SYS_GETDENTS64 = 217 + SYS_SET_TID_ADDRESS = 218 + SYS_RESTART_SYSCALL = 219 + SYS_SEMTIMEDOP = 220 + SYS_FADVISE64 = 221 + SYS_TIMER_CREATE = 222 + SYS_TIMER_SETTIME = 223 + SYS_TIMER_GETTIME = 224 + SYS_TIMER_GETOVERRUN = 225 + SYS_TIMER_DELETE = 226 + SYS_CLOCK_SETTIME = 227 + SYS_CLOCK_GETTIME = 228 + SYS_CLOCK_GETRES = 229 + SYS_CLOCK_NANOSLEEP = 230 + SYS_EXIT_GROUP = 231 + SYS_EPOLL_WAIT = 232 + SYS_EPOLL_CTL = 233 + SYS_TGKILL = 234 + SYS_UTIMES = 235 + SYS_VSERVER = 236 + SYS_MBIND = 237 + SYS_SET_MEMPOLICY = 238 + SYS_GET_MEMPOLICY = 239 + SYS_MQ_OPEN = 240 + SYS_MQ_UNLINK = 241 + SYS_MQ_TIMEDSEND = 242 + SYS_MQ_TIMEDRECEIVE = 243 + SYS_MQ_NOTIFY = 244 + SYS_MQ_GETSETATTR = 245 + SYS_KEXEC_LOAD = 246 + SYS_WAITID = 247 + SYS_ADD_KEY = 248 + SYS_REQUEST_KEY = 249 + SYS_KEYCTL = 250 + SYS_IOPRIO_SET = 251 + SYS_IOPRIO_GET = 252 + SYS_INOTIFY_INIT = 253 + SYS_INOTIFY_ADD_WATCH = 254 + SYS_INOTIFY_RM_WATCH = 255 + SYS_MIGRATE_PAGES = 256 + SYS_OPENAT = 257 + SYS_MKDIRAT = 258 + SYS_MKNODAT = 259 + SYS_FCHOWNAT = 260 + SYS_FUTIMESAT = 261 + SYS_NEWFSTATAT = 262 + SYS_UNLINKAT = 263 + SYS_RENAMEAT = 264 + SYS_LINKAT = 265 + SYS_SYMLINKAT = 266 + SYS_READLINKAT = 267 + SYS_FCHMODAT = 268 + SYS_FACCESSAT = 269 + SYS_PSELECT6 = 270 + SYS_PPOLL = 271 + SYS_UNSHARE = 272 + SYS_SET_ROBUST_LIST = 273 + SYS_GET_ROBUST_LIST = 274 + SYS_SPLICE = 275 + SYS_TEE = 276 + SYS_SYNC_FILE_RANGE = 277 + SYS_VMSPLICE = 278 + SYS_MOVE_PAGES = 279 + SYS_UTIMENSAT = 280 + SYS_EPOLL_PWAIT = 281 + SYS_SIGNALFD = 282 + SYS_TIMERFD_CREATE = 283 + SYS_EVENTFD = 284 + SYS_FALLOCATE = 285 + SYS_TIMERFD_SETTIME = 286 + SYS_TIMERFD_GETTIME = 287 + SYS_ACCEPT4 = 288 + SYS_SIGNALFD4 = 289 + SYS_EVENTFD2 = 290 + SYS_EPOLL_CREATE1 = 291 + SYS_DUP3 = 292 + SYS_PIPE2 = 293 + SYS_INOTIFY_INIT1 = 294 + SYS_PREADV = 295 + SYS_PWRITEV = 296 + SYS_RT_TGSIGQUEUEINFO = 297 + SYS_PERF_EVENT_OPEN = 298 + SYS_RECVMMSG = 299 + SYS_FANOTIFY_INIT = 300 + SYS_FANOTIFY_MARK = 301 + SYS_PRLIMIT64 = 302 + SYS_NAME_TO_HANDLE_AT = 303 + SYS_OPEN_BY_HANDLE_AT = 304 + SYS_CLOCK_ADJTIME = 305 + SYS_SYNCFS = 306 + SYS_SENDMMSG = 307 + SYS_SETNS = 308 + SYS_GETCPU = 309 + SYS_PROCESS_VM_READV = 310 + SYS_PROCESS_VM_WRITEV = 311 + SYS_KCMP = 312 + SYS_FINIT_MODULE = 313 + SYS_SCHED_SETATTR = 314 + SYS_SCHED_GETATTR = 315 + SYS_RENAMEAT2 = 316 + SYS_SECCOMP = 317 + SYS_GETRANDOM = 318 + SYS_MEMFD_CREATE = 319 + SYS_KEXEC_FILE_LOAD = 320 + SYS_BPF = 321 + SYS_EXECVEAT = 322 + SYS_USERFAULTFD = 323 + SYS_MEMBARRIER = 324 + SYS_MLOCK2 = 325 + SYS_COPY_FILE_RANGE = 326 + SYS_PREADV2 = 327 + SYS_PWRITEV2 = 328 + SYS_PKEY_MPROTECT = 329 + SYS_PKEY_ALLOC = 330 + SYS_PKEY_FREE = 331 + SYS_STATX = 332 + SYS_IO_PGETEVENTS = 333 + SYS_RSEQ = 334 + SYS_PIDFD_SEND_SIGNAL = 424 + SYS_IO_URING_SETUP = 425 + SYS_IO_URING_ENTER = 426 + SYS_IO_URING_REGISTER = 427 + SYS_OPEN_TREE = 428 + SYS_MOVE_MOUNT = 429 + SYS_FSOPEN = 430 + SYS_FSCONFIG = 431 + SYS_FSMOUNT = 432 + SYS_FSPICK = 433 + SYS_PIDFD_OPEN = 434 + SYS_CLONE3 = 435 + SYS_CLOSE_RANGE = 436 + SYS_OPENAT2 = 437 + SYS_PIDFD_GETFD = 438 + SYS_FACCESSAT2 = 439 + SYS_PROCESS_MADVISE = 440 + SYS_EPOLL_PWAIT2 = 441 + SYS_MOUNT_SETATTR = 442 + SYS_LANDLOCK_CREATE_RULESET = 444 + SYS_LANDLOCK_ADD_RULE = 445 + SYS_LANDLOCK_RESTRICT_SELF = 446 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go index 3b1c10513..0e6ebfef0 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go @@ -403,4 +403,7 @@ const ( SYS_PROCESS_MADVISE = 440 SYS_EPOLL_PWAIT2 = 441 SYS_MOUNT_SETATTR = 442 + SYS_LANDLOCK_CREATE_RULESET = 444 + SYS_LANDLOCK_ADD_RULE = 445 + SYS_LANDLOCK_RESTRICT_SELF = 446 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go index 3198adcf7..cd2a3ef41 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go @@ -7,303 +7,306 @@ package unix const ( - SYS_IO_SETUP = 0 - SYS_IO_DESTROY = 1 - SYS_IO_SUBMIT = 2 - SYS_IO_CANCEL = 3 - SYS_IO_GETEVENTS = 4 - SYS_SETXATTR = 5 - SYS_LSETXATTR = 6 - SYS_FSETXATTR = 7 - SYS_GETXATTR = 8 - SYS_LGETXATTR = 9 - SYS_FGETXATTR = 10 - SYS_LISTXATTR = 11 - SYS_LLISTXATTR = 12 - SYS_FLISTXATTR = 13 - SYS_REMOVEXATTR = 14 - SYS_LREMOVEXATTR = 15 - SYS_FREMOVEXATTR = 16 - SYS_GETCWD = 17 - SYS_LOOKUP_DCOOKIE = 18 - SYS_EVENTFD2 = 19 - SYS_EPOLL_CREATE1 = 20 - SYS_EPOLL_CTL = 21 - SYS_EPOLL_PWAIT = 22 - SYS_DUP = 23 - SYS_DUP3 = 24 - SYS_FCNTL = 25 - SYS_INOTIFY_INIT1 = 26 - SYS_INOTIFY_ADD_WATCH = 27 - SYS_INOTIFY_RM_WATCH = 28 - SYS_IOCTL = 29 - SYS_IOPRIO_SET = 30 - SYS_IOPRIO_GET = 31 - SYS_FLOCK = 32 - SYS_MKNODAT = 33 - SYS_MKDIRAT = 34 - SYS_UNLINKAT = 35 - SYS_SYMLINKAT = 36 - SYS_LINKAT = 37 - SYS_RENAMEAT = 38 - SYS_UMOUNT2 = 39 - SYS_MOUNT = 40 - SYS_PIVOT_ROOT = 41 - SYS_NFSSERVCTL = 42 - SYS_STATFS = 43 - SYS_FSTATFS = 44 - SYS_TRUNCATE = 45 - SYS_FTRUNCATE = 46 - SYS_FALLOCATE = 47 - SYS_FACCESSAT = 48 - SYS_CHDIR = 49 - SYS_FCHDIR = 50 - SYS_CHROOT = 51 - SYS_FCHMOD = 52 - SYS_FCHMODAT = 53 - SYS_FCHOWNAT = 54 - SYS_FCHOWN = 55 - SYS_OPENAT = 56 - SYS_CLOSE = 57 - SYS_VHANGUP = 58 - SYS_PIPE2 = 59 - SYS_QUOTACTL = 60 - SYS_GETDENTS64 = 61 - SYS_LSEEK = 62 - SYS_READ = 63 - SYS_WRITE = 64 - SYS_READV = 65 - SYS_WRITEV = 66 - SYS_PREAD64 = 67 - SYS_PWRITE64 = 68 - SYS_PREADV = 69 - SYS_PWRITEV = 70 - SYS_SENDFILE = 71 - SYS_PSELECT6 = 72 - SYS_PPOLL = 73 - SYS_SIGNALFD4 = 74 - SYS_VMSPLICE = 75 - SYS_SPLICE = 76 - SYS_TEE = 77 - SYS_READLINKAT = 78 - SYS_FSTATAT = 79 - SYS_FSTAT = 80 - SYS_SYNC = 81 - SYS_FSYNC = 82 - SYS_FDATASYNC = 83 - SYS_SYNC_FILE_RANGE = 84 - SYS_TIMERFD_CREATE = 85 - SYS_TIMERFD_SETTIME = 86 - SYS_TIMERFD_GETTIME = 87 - SYS_UTIMENSAT = 88 - SYS_ACCT = 89 - SYS_CAPGET = 90 - SYS_CAPSET = 91 - SYS_PERSONALITY = 92 - SYS_EXIT = 93 - SYS_EXIT_GROUP = 94 - SYS_WAITID = 95 - SYS_SET_TID_ADDRESS = 96 - SYS_UNSHARE = 97 - SYS_FUTEX = 98 - SYS_SET_ROBUST_LIST = 99 - SYS_GET_ROBUST_LIST = 100 - SYS_NANOSLEEP = 101 - SYS_GETITIMER = 102 - SYS_SETITIMER = 103 - SYS_KEXEC_LOAD = 104 - SYS_INIT_MODULE = 105 - SYS_DELETE_MODULE = 106 - SYS_TIMER_CREATE = 107 - SYS_TIMER_GETTIME = 108 - SYS_TIMER_GETOVERRUN = 109 - SYS_TIMER_SETTIME = 110 - SYS_TIMER_DELETE = 111 - SYS_CLOCK_SETTIME = 112 - SYS_CLOCK_GETTIME = 113 - SYS_CLOCK_GETRES = 114 - SYS_CLOCK_NANOSLEEP = 115 - SYS_SYSLOG = 116 - SYS_PTRACE = 117 - SYS_SCHED_SETPARAM = 118 - SYS_SCHED_SETSCHEDULER = 119 - SYS_SCHED_GETSCHEDULER = 120 - SYS_SCHED_GETPARAM = 121 - SYS_SCHED_SETAFFINITY = 122 - SYS_SCHED_GETAFFINITY = 123 - SYS_SCHED_YIELD = 124 - SYS_SCHED_GET_PRIORITY_MAX = 125 - SYS_SCHED_GET_PRIORITY_MIN = 126 - SYS_SCHED_RR_GET_INTERVAL = 127 - SYS_RESTART_SYSCALL = 128 - SYS_KILL = 129 - SYS_TKILL = 130 - SYS_TGKILL = 131 - SYS_SIGALTSTACK = 132 - SYS_RT_SIGSUSPEND = 133 - SYS_RT_SIGACTION = 134 - SYS_RT_SIGPROCMASK = 135 - SYS_RT_SIGPENDING = 136 - SYS_RT_SIGTIMEDWAIT = 137 - SYS_RT_SIGQUEUEINFO = 138 - SYS_RT_SIGRETURN = 139 - SYS_SETPRIORITY = 140 - SYS_GETPRIORITY = 141 - SYS_REBOOT = 142 - SYS_SETREGID = 143 - SYS_SETGID = 144 - SYS_SETREUID = 145 - SYS_SETUID = 146 - SYS_SETRESUID = 147 - SYS_GETRESUID = 148 - SYS_SETRESGID = 149 - SYS_GETRESGID = 150 - SYS_SETFSUID = 151 - SYS_SETFSGID = 152 - SYS_TIMES = 153 - SYS_SETPGID = 154 - SYS_GETPGID = 155 - SYS_GETSID = 156 - SYS_SETSID = 157 - SYS_GETGROUPS = 158 - SYS_SETGROUPS = 159 - SYS_UNAME = 160 - SYS_SETHOSTNAME = 161 - SYS_SETDOMAINNAME = 162 - SYS_GETRLIMIT = 163 - SYS_SETRLIMIT = 164 - SYS_GETRUSAGE = 165 - SYS_UMASK = 166 - SYS_PRCTL = 167 - SYS_GETCPU = 168 - SYS_GETTIMEOFDAY = 169 - SYS_SETTIMEOFDAY = 170 - SYS_ADJTIMEX = 171 - SYS_GETPID = 172 - SYS_GETPPID = 173 - SYS_GETUID = 174 - SYS_GETEUID = 175 - SYS_GETGID = 176 - SYS_GETEGID = 177 - SYS_GETTID = 178 - SYS_SYSINFO = 179 - SYS_MQ_OPEN = 180 - SYS_MQ_UNLINK = 181 - SYS_MQ_TIMEDSEND = 182 - SYS_MQ_TIMEDRECEIVE = 183 - SYS_MQ_NOTIFY = 184 - SYS_MQ_GETSETATTR = 185 - SYS_MSGGET = 186 - SYS_MSGCTL = 187 - SYS_MSGRCV = 188 - SYS_MSGSND = 189 - SYS_SEMGET = 190 - SYS_SEMCTL = 191 - SYS_SEMTIMEDOP = 192 - SYS_SEMOP = 193 - SYS_SHMGET = 194 - SYS_SHMCTL = 195 - SYS_SHMAT = 196 - SYS_SHMDT = 197 - SYS_SOCKET = 198 - SYS_SOCKETPAIR = 199 - SYS_BIND = 200 - SYS_LISTEN = 201 - SYS_ACCEPT = 202 - SYS_CONNECT = 203 - SYS_GETSOCKNAME = 204 - SYS_GETPEERNAME = 205 - SYS_SENDTO = 206 - SYS_RECVFROM = 207 - SYS_SETSOCKOPT = 208 - SYS_GETSOCKOPT = 209 - SYS_SHUTDOWN = 210 - SYS_SENDMSG = 211 - SYS_RECVMSG = 212 - SYS_READAHEAD = 213 - SYS_BRK = 214 - SYS_MUNMAP = 215 - SYS_MREMAP = 216 - SYS_ADD_KEY = 217 - SYS_REQUEST_KEY = 218 - SYS_KEYCTL = 219 - SYS_CLONE = 220 - SYS_EXECVE = 221 - SYS_MMAP = 222 - SYS_FADVISE64 = 223 - SYS_SWAPON = 224 - SYS_SWAPOFF = 225 - SYS_MPROTECT = 226 - SYS_MSYNC = 227 - SYS_MLOCK = 228 - SYS_MUNLOCK = 229 - SYS_MLOCKALL = 230 - SYS_MUNLOCKALL = 231 - SYS_MINCORE = 232 - SYS_MADVISE = 233 - SYS_REMAP_FILE_PAGES = 234 - SYS_MBIND = 235 - SYS_GET_MEMPOLICY = 236 - SYS_SET_MEMPOLICY = 237 - SYS_MIGRATE_PAGES = 238 - SYS_MOVE_PAGES = 239 - SYS_RT_TGSIGQUEUEINFO = 240 - SYS_PERF_EVENT_OPEN = 241 - SYS_ACCEPT4 = 242 - SYS_RECVMMSG = 243 - SYS_ARCH_SPECIFIC_SYSCALL = 244 - SYS_WAIT4 = 260 - SYS_PRLIMIT64 = 261 - SYS_FANOTIFY_INIT = 262 - SYS_FANOTIFY_MARK = 263 - SYS_NAME_TO_HANDLE_AT = 264 - SYS_OPEN_BY_HANDLE_AT = 265 - SYS_CLOCK_ADJTIME = 266 - SYS_SYNCFS = 267 - SYS_SETNS = 268 - SYS_SENDMMSG = 269 - SYS_PROCESS_VM_READV = 270 - SYS_PROCESS_VM_WRITEV = 271 - SYS_KCMP = 272 - SYS_FINIT_MODULE = 273 - SYS_SCHED_SETATTR = 274 - SYS_SCHED_GETATTR = 275 - SYS_RENAMEAT2 = 276 - SYS_SECCOMP = 277 - SYS_GETRANDOM = 278 - SYS_MEMFD_CREATE = 279 - SYS_BPF = 280 - SYS_EXECVEAT = 281 - SYS_USERFAULTFD = 282 - SYS_MEMBARRIER = 283 - SYS_MLOCK2 = 284 - SYS_COPY_FILE_RANGE = 285 - SYS_PREADV2 = 286 - SYS_PWRITEV2 = 287 - SYS_PKEY_MPROTECT = 288 - SYS_PKEY_ALLOC = 289 - SYS_PKEY_FREE = 290 - SYS_STATX = 291 - SYS_IO_PGETEVENTS = 292 - SYS_RSEQ = 293 - SYS_KEXEC_FILE_LOAD = 294 - SYS_PIDFD_SEND_SIGNAL = 424 - SYS_IO_URING_SETUP = 425 - SYS_IO_URING_ENTER = 426 - SYS_IO_URING_REGISTER = 427 - SYS_OPEN_TREE = 428 - SYS_MOVE_MOUNT = 429 - SYS_FSOPEN = 430 - SYS_FSCONFIG = 431 - SYS_FSMOUNT = 432 - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLONE3 = 435 - SYS_CLOSE_RANGE = 436 - SYS_OPENAT2 = 437 - SYS_PIDFD_GETFD = 438 - SYS_FACCESSAT2 = 439 - SYS_PROCESS_MADVISE = 440 - SYS_EPOLL_PWAIT2 = 441 - SYS_MOUNT_SETATTR = 442 + SYS_IO_SETUP = 0 + SYS_IO_DESTROY = 1 + SYS_IO_SUBMIT = 2 + SYS_IO_CANCEL = 3 + SYS_IO_GETEVENTS = 4 + SYS_SETXATTR = 5 + SYS_LSETXATTR = 6 + SYS_FSETXATTR = 7 + SYS_GETXATTR = 8 + SYS_LGETXATTR = 9 + SYS_FGETXATTR = 10 + SYS_LISTXATTR = 11 + SYS_LLISTXATTR = 12 + SYS_FLISTXATTR = 13 + SYS_REMOVEXATTR = 14 + SYS_LREMOVEXATTR = 15 + SYS_FREMOVEXATTR = 16 + SYS_GETCWD = 17 + SYS_LOOKUP_DCOOKIE = 18 + SYS_EVENTFD2 = 19 + SYS_EPOLL_CREATE1 = 20 + SYS_EPOLL_CTL = 21 + SYS_EPOLL_PWAIT = 22 + SYS_DUP = 23 + SYS_DUP3 = 24 + SYS_FCNTL = 25 + SYS_INOTIFY_INIT1 = 26 + SYS_INOTIFY_ADD_WATCH = 27 + SYS_INOTIFY_RM_WATCH = 28 + SYS_IOCTL = 29 + SYS_IOPRIO_SET = 30 + SYS_IOPRIO_GET = 31 + SYS_FLOCK = 32 + SYS_MKNODAT = 33 + SYS_MKDIRAT = 34 + SYS_UNLINKAT = 35 + SYS_SYMLINKAT = 36 + SYS_LINKAT = 37 + SYS_RENAMEAT = 38 + SYS_UMOUNT2 = 39 + SYS_MOUNT = 40 + SYS_PIVOT_ROOT = 41 + SYS_NFSSERVCTL = 42 + SYS_STATFS = 43 + SYS_FSTATFS = 44 + SYS_TRUNCATE = 45 + SYS_FTRUNCATE = 46 + SYS_FALLOCATE = 47 + SYS_FACCESSAT = 48 + SYS_CHDIR = 49 + SYS_FCHDIR = 50 + SYS_CHROOT = 51 + SYS_FCHMOD = 52 + SYS_FCHMODAT = 53 + SYS_FCHOWNAT = 54 + SYS_FCHOWN = 55 + SYS_OPENAT = 56 + SYS_CLOSE = 57 + SYS_VHANGUP = 58 + SYS_PIPE2 = 59 + SYS_QUOTACTL = 60 + SYS_GETDENTS64 = 61 + SYS_LSEEK = 62 + SYS_READ = 63 + SYS_WRITE = 64 + SYS_READV = 65 + SYS_WRITEV = 66 + SYS_PREAD64 = 67 + SYS_PWRITE64 = 68 + SYS_PREADV = 69 + SYS_PWRITEV = 70 + SYS_SENDFILE = 71 + SYS_PSELECT6 = 72 + SYS_PPOLL = 73 + SYS_SIGNALFD4 = 74 + SYS_VMSPLICE = 75 + SYS_SPLICE = 76 + SYS_TEE = 77 + SYS_READLINKAT = 78 + SYS_FSTATAT = 79 + SYS_FSTAT = 80 + SYS_SYNC = 81 + SYS_FSYNC = 82 + SYS_FDATASYNC = 83 + SYS_SYNC_FILE_RANGE = 84 + SYS_TIMERFD_CREATE = 85 + SYS_TIMERFD_SETTIME = 86 + SYS_TIMERFD_GETTIME = 87 + SYS_UTIMENSAT = 88 + SYS_ACCT = 89 + SYS_CAPGET = 90 + SYS_CAPSET = 91 + SYS_PERSONALITY = 92 + SYS_EXIT = 93 + SYS_EXIT_GROUP = 94 + SYS_WAITID = 95 + SYS_SET_TID_ADDRESS = 96 + SYS_UNSHARE = 97 + SYS_FUTEX = 98 + SYS_SET_ROBUST_LIST = 99 + SYS_GET_ROBUST_LIST = 100 + SYS_NANOSLEEP = 101 + SYS_GETITIMER = 102 + SYS_SETITIMER = 103 + SYS_KEXEC_LOAD = 104 + SYS_INIT_MODULE = 105 + SYS_DELETE_MODULE = 106 + SYS_TIMER_CREATE = 107 + SYS_TIMER_GETTIME = 108 + SYS_TIMER_GETOVERRUN = 109 + SYS_TIMER_SETTIME = 110 + SYS_TIMER_DELETE = 111 + SYS_CLOCK_SETTIME = 112 + SYS_CLOCK_GETTIME = 113 + SYS_CLOCK_GETRES = 114 + SYS_CLOCK_NANOSLEEP = 115 + SYS_SYSLOG = 116 + SYS_PTRACE = 117 + SYS_SCHED_SETPARAM = 118 + SYS_SCHED_SETSCHEDULER = 119 + SYS_SCHED_GETSCHEDULER = 120 + SYS_SCHED_GETPARAM = 121 + SYS_SCHED_SETAFFINITY = 122 + SYS_SCHED_GETAFFINITY = 123 + SYS_SCHED_YIELD = 124 + SYS_SCHED_GET_PRIORITY_MAX = 125 + SYS_SCHED_GET_PRIORITY_MIN = 126 + SYS_SCHED_RR_GET_INTERVAL = 127 + SYS_RESTART_SYSCALL = 128 + SYS_KILL = 129 + SYS_TKILL = 130 + SYS_TGKILL = 131 + SYS_SIGALTSTACK = 132 + SYS_RT_SIGSUSPEND = 133 + SYS_RT_SIGACTION = 134 + SYS_RT_SIGPROCMASK = 135 + SYS_RT_SIGPENDING = 136 + SYS_RT_SIGTIMEDWAIT = 137 + SYS_RT_SIGQUEUEINFO = 138 + SYS_RT_SIGRETURN = 139 + SYS_SETPRIORITY = 140 + SYS_GETPRIORITY = 141 + SYS_REBOOT = 142 + SYS_SETREGID = 143 + SYS_SETGID = 144 + SYS_SETREUID = 145 + SYS_SETUID = 146 + SYS_SETRESUID = 147 + SYS_GETRESUID = 148 + SYS_SETRESGID = 149 + SYS_GETRESGID = 150 + SYS_SETFSUID = 151 + SYS_SETFSGID = 152 + SYS_TIMES = 153 + SYS_SETPGID = 154 + SYS_GETPGID = 155 + SYS_GETSID = 156 + SYS_SETSID = 157 + SYS_GETGROUPS = 158 + SYS_SETGROUPS = 159 + SYS_UNAME = 160 + SYS_SETHOSTNAME = 161 + SYS_SETDOMAINNAME = 162 + SYS_GETRLIMIT = 163 + SYS_SETRLIMIT = 164 + SYS_GETRUSAGE = 165 + SYS_UMASK = 166 + SYS_PRCTL = 167 + SYS_GETCPU = 168 + SYS_GETTIMEOFDAY = 169 + SYS_SETTIMEOFDAY = 170 + SYS_ADJTIMEX = 171 + SYS_GETPID = 172 + SYS_GETPPID = 173 + SYS_GETUID = 174 + SYS_GETEUID = 175 + SYS_GETGID = 176 + SYS_GETEGID = 177 + SYS_GETTID = 178 + SYS_SYSINFO = 179 + SYS_MQ_OPEN = 180 + SYS_MQ_UNLINK = 181 + SYS_MQ_TIMEDSEND = 182 + SYS_MQ_TIMEDRECEIVE = 183 + SYS_MQ_NOTIFY = 184 + SYS_MQ_GETSETATTR = 185 + SYS_MSGGET = 186 + SYS_MSGCTL = 187 + SYS_MSGRCV = 188 + SYS_MSGSND = 189 + SYS_SEMGET = 190 + SYS_SEMCTL = 191 + SYS_SEMTIMEDOP = 192 + SYS_SEMOP = 193 + SYS_SHMGET = 194 + SYS_SHMCTL = 195 + SYS_SHMAT = 196 + SYS_SHMDT = 197 + SYS_SOCKET = 198 + SYS_SOCKETPAIR = 199 + SYS_BIND = 200 + SYS_LISTEN = 201 + SYS_ACCEPT = 202 + SYS_CONNECT = 203 + SYS_GETSOCKNAME = 204 + SYS_GETPEERNAME = 205 + SYS_SENDTO = 206 + SYS_RECVFROM = 207 + SYS_SETSOCKOPT = 208 + SYS_GETSOCKOPT = 209 + SYS_SHUTDOWN = 210 + SYS_SENDMSG = 211 + SYS_RECVMSG = 212 + SYS_READAHEAD = 213 + SYS_BRK = 214 + SYS_MUNMAP = 215 + SYS_MREMAP = 216 + SYS_ADD_KEY = 217 + SYS_REQUEST_KEY = 218 + SYS_KEYCTL = 219 + SYS_CLONE = 220 + SYS_EXECVE = 221 + SYS_MMAP = 222 + SYS_FADVISE64 = 223 + SYS_SWAPON = 224 + SYS_SWAPOFF = 225 + SYS_MPROTECT = 226 + SYS_MSYNC = 227 + SYS_MLOCK = 228 + SYS_MUNLOCK = 229 + SYS_MLOCKALL = 230 + SYS_MUNLOCKALL = 231 + SYS_MINCORE = 232 + SYS_MADVISE = 233 + SYS_REMAP_FILE_PAGES = 234 + SYS_MBIND = 235 + SYS_GET_MEMPOLICY = 236 + SYS_SET_MEMPOLICY = 237 + SYS_MIGRATE_PAGES = 238 + SYS_MOVE_PAGES = 239 + SYS_RT_TGSIGQUEUEINFO = 240 + SYS_PERF_EVENT_OPEN = 241 + SYS_ACCEPT4 = 242 + SYS_RECVMMSG = 243 + SYS_ARCH_SPECIFIC_SYSCALL = 244 + SYS_WAIT4 = 260 + SYS_PRLIMIT64 = 261 + SYS_FANOTIFY_INIT = 262 + SYS_FANOTIFY_MARK = 263 + SYS_NAME_TO_HANDLE_AT = 264 + SYS_OPEN_BY_HANDLE_AT = 265 + SYS_CLOCK_ADJTIME = 266 + SYS_SYNCFS = 267 + SYS_SETNS = 268 + SYS_SENDMMSG = 269 + SYS_PROCESS_VM_READV = 270 + SYS_PROCESS_VM_WRITEV = 271 + SYS_KCMP = 272 + SYS_FINIT_MODULE = 273 + SYS_SCHED_SETATTR = 274 + SYS_SCHED_GETATTR = 275 + SYS_RENAMEAT2 = 276 + SYS_SECCOMP = 277 + SYS_GETRANDOM = 278 + SYS_MEMFD_CREATE = 279 + SYS_BPF = 280 + SYS_EXECVEAT = 281 + SYS_USERFAULTFD = 282 + SYS_MEMBARRIER = 283 + SYS_MLOCK2 = 284 + SYS_COPY_FILE_RANGE = 285 + SYS_PREADV2 = 286 + SYS_PWRITEV2 = 287 + SYS_PKEY_MPROTECT = 288 + SYS_PKEY_ALLOC = 289 + SYS_PKEY_FREE = 290 + SYS_STATX = 291 + SYS_IO_PGETEVENTS = 292 + SYS_RSEQ = 293 + SYS_KEXEC_FILE_LOAD = 294 + SYS_PIDFD_SEND_SIGNAL = 424 + SYS_IO_URING_SETUP = 425 + SYS_IO_URING_ENTER = 426 + SYS_IO_URING_REGISTER = 427 + SYS_OPEN_TREE = 428 + SYS_MOVE_MOUNT = 429 + SYS_FSOPEN = 430 + SYS_FSCONFIG = 431 + SYS_FSMOUNT = 432 + SYS_FSPICK = 433 + SYS_PIDFD_OPEN = 434 + SYS_CLONE3 = 435 + SYS_CLOSE_RANGE = 436 + SYS_OPENAT2 = 437 + SYS_PIDFD_GETFD = 438 + SYS_FACCESSAT2 = 439 + SYS_PROCESS_MADVISE = 440 + SYS_EPOLL_PWAIT2 = 441 + SYS_MOUNT_SETATTR = 442 + SYS_LANDLOCK_CREATE_RULESET = 444 + SYS_LANDLOCK_ADD_RULE = 445 + SYS_LANDLOCK_RESTRICT_SELF = 446 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go index c877ec6e6..773640b83 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go @@ -424,4 +424,7 @@ const ( SYS_PROCESS_MADVISE = 4440 SYS_EPOLL_PWAIT2 = 4441 SYS_MOUNT_SETATTR = 4442 + SYS_LANDLOCK_CREATE_RULESET = 4444 + SYS_LANDLOCK_ADD_RULE = 4445 + SYS_LANDLOCK_RESTRICT_SELF = 4446 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go index b5f290372..86a41e568 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go @@ -7,351 +7,354 @@ package unix const ( - SYS_READ = 5000 - SYS_WRITE = 5001 - SYS_OPEN = 5002 - SYS_CLOSE = 5003 - SYS_STAT = 5004 - SYS_FSTAT = 5005 - SYS_LSTAT = 5006 - SYS_POLL = 5007 - SYS_LSEEK = 5008 - SYS_MMAP = 5009 - SYS_MPROTECT = 5010 - SYS_MUNMAP = 5011 - SYS_BRK = 5012 - SYS_RT_SIGACTION = 5013 - SYS_RT_SIGPROCMASK = 5014 - SYS_IOCTL = 5015 - SYS_PREAD64 = 5016 - SYS_PWRITE64 = 5017 - SYS_READV = 5018 - SYS_WRITEV = 5019 - SYS_ACCESS = 5020 - SYS_PIPE = 5021 - SYS__NEWSELECT = 5022 - SYS_SCHED_YIELD = 5023 - SYS_MREMAP = 5024 - SYS_MSYNC = 5025 - SYS_MINCORE = 5026 - SYS_MADVISE = 5027 - SYS_SHMGET = 5028 - SYS_SHMAT = 5029 - SYS_SHMCTL = 5030 - SYS_DUP = 5031 - SYS_DUP2 = 5032 - SYS_PAUSE = 5033 - SYS_NANOSLEEP = 5034 - SYS_GETITIMER = 5035 - SYS_SETITIMER = 5036 - SYS_ALARM = 5037 - SYS_GETPID = 5038 - SYS_SENDFILE = 5039 - SYS_SOCKET = 5040 - SYS_CONNECT = 5041 - SYS_ACCEPT = 5042 - SYS_SENDTO = 5043 - SYS_RECVFROM = 5044 - SYS_SENDMSG = 5045 - SYS_RECVMSG = 5046 - SYS_SHUTDOWN = 5047 - SYS_BIND = 5048 - SYS_LISTEN = 5049 - SYS_GETSOCKNAME = 5050 - SYS_GETPEERNAME = 5051 - SYS_SOCKETPAIR = 5052 - SYS_SETSOCKOPT = 5053 - SYS_GETSOCKOPT = 5054 - SYS_CLONE = 5055 - SYS_FORK = 5056 - SYS_EXECVE = 5057 - SYS_EXIT = 5058 - SYS_WAIT4 = 5059 - SYS_KILL = 5060 - SYS_UNAME = 5061 - SYS_SEMGET = 5062 - SYS_SEMOP = 5063 - SYS_SEMCTL = 5064 - SYS_SHMDT = 5065 - SYS_MSGGET = 5066 - SYS_MSGSND = 5067 - SYS_MSGRCV = 5068 - SYS_MSGCTL = 5069 - SYS_FCNTL = 5070 - SYS_FLOCK = 5071 - SYS_FSYNC = 5072 - SYS_FDATASYNC = 5073 - SYS_TRUNCATE = 5074 - SYS_FTRUNCATE = 5075 - SYS_GETDENTS = 5076 - SYS_GETCWD = 5077 - SYS_CHDIR = 5078 - SYS_FCHDIR = 5079 - SYS_RENAME = 5080 - SYS_MKDIR = 5081 - SYS_RMDIR = 5082 - SYS_CREAT = 5083 - SYS_LINK = 5084 - SYS_UNLINK = 5085 - SYS_SYMLINK = 5086 - SYS_READLINK = 5087 - SYS_CHMOD = 5088 - SYS_FCHMOD = 5089 - SYS_CHOWN = 5090 - SYS_FCHOWN = 5091 - SYS_LCHOWN = 5092 - SYS_UMASK = 5093 - SYS_GETTIMEOFDAY = 5094 - SYS_GETRLIMIT = 5095 - SYS_GETRUSAGE = 5096 - SYS_SYSINFO = 5097 - SYS_TIMES = 5098 - SYS_PTRACE = 5099 - SYS_GETUID = 5100 - SYS_SYSLOG = 5101 - SYS_GETGID = 5102 - SYS_SETUID = 5103 - SYS_SETGID = 5104 - SYS_GETEUID = 5105 - SYS_GETEGID = 5106 - SYS_SETPGID = 5107 - SYS_GETPPID = 5108 - SYS_GETPGRP = 5109 - SYS_SETSID = 5110 - SYS_SETREUID = 5111 - SYS_SETREGID = 5112 - SYS_GETGROUPS = 5113 - SYS_SETGROUPS = 5114 - SYS_SETRESUID = 5115 - SYS_GETRESUID = 5116 - SYS_SETRESGID = 5117 - SYS_GETRESGID = 5118 - SYS_GETPGID = 5119 - SYS_SETFSUID = 5120 - SYS_SETFSGID = 5121 - SYS_GETSID = 5122 - SYS_CAPGET = 5123 - SYS_CAPSET = 5124 - SYS_RT_SIGPENDING = 5125 - SYS_RT_SIGTIMEDWAIT = 5126 - SYS_RT_SIGQUEUEINFO = 5127 - SYS_RT_SIGSUSPEND = 5128 - SYS_SIGALTSTACK = 5129 - SYS_UTIME = 5130 - SYS_MKNOD = 5131 - SYS_PERSONALITY = 5132 - SYS_USTAT = 5133 - SYS_STATFS = 5134 - SYS_FSTATFS = 5135 - SYS_SYSFS = 5136 - SYS_GETPRIORITY = 5137 - SYS_SETPRIORITY = 5138 - SYS_SCHED_SETPARAM = 5139 - SYS_SCHED_GETPARAM = 5140 - SYS_SCHED_SETSCHEDULER = 5141 - SYS_SCHED_GETSCHEDULER = 5142 - SYS_SCHED_GET_PRIORITY_MAX = 5143 - SYS_SCHED_GET_PRIORITY_MIN = 5144 - SYS_SCHED_RR_GET_INTERVAL = 5145 - SYS_MLOCK = 5146 - SYS_MUNLOCK = 5147 - SYS_MLOCKALL = 5148 - SYS_MUNLOCKALL = 5149 - SYS_VHANGUP = 5150 - SYS_PIVOT_ROOT = 5151 - SYS__SYSCTL = 5152 - SYS_PRCTL = 5153 - SYS_ADJTIMEX = 5154 - SYS_SETRLIMIT = 5155 - SYS_CHROOT = 5156 - SYS_SYNC = 5157 - SYS_ACCT = 5158 - SYS_SETTIMEOFDAY = 5159 - SYS_MOUNT = 5160 - SYS_UMOUNT2 = 5161 - SYS_SWAPON = 5162 - SYS_SWAPOFF = 5163 - SYS_REBOOT = 5164 - SYS_SETHOSTNAME = 5165 - SYS_SETDOMAINNAME = 5166 - SYS_CREATE_MODULE = 5167 - SYS_INIT_MODULE = 5168 - SYS_DELETE_MODULE = 5169 - SYS_GET_KERNEL_SYMS = 5170 - SYS_QUERY_MODULE = 5171 - SYS_QUOTACTL = 5172 - SYS_NFSSERVCTL = 5173 - SYS_GETPMSG = 5174 - SYS_PUTPMSG = 5175 - SYS_AFS_SYSCALL = 5176 - SYS_RESERVED177 = 5177 - SYS_GETTID = 5178 - SYS_READAHEAD = 5179 - SYS_SETXATTR = 5180 - SYS_LSETXATTR = 5181 - SYS_FSETXATTR = 5182 - SYS_GETXATTR = 5183 - SYS_LGETXATTR = 5184 - SYS_FGETXATTR = 5185 - SYS_LISTXATTR = 5186 - SYS_LLISTXATTR = 5187 - SYS_FLISTXATTR = 5188 - SYS_REMOVEXATTR = 5189 - SYS_LREMOVEXATTR = 5190 - SYS_FREMOVEXATTR = 5191 - SYS_TKILL = 5192 - SYS_RESERVED193 = 5193 - SYS_FUTEX = 5194 - SYS_SCHED_SETAFFINITY = 5195 - SYS_SCHED_GETAFFINITY = 5196 - SYS_CACHEFLUSH = 5197 - SYS_CACHECTL = 5198 - SYS_SYSMIPS = 5199 - SYS_IO_SETUP = 5200 - SYS_IO_DESTROY = 5201 - SYS_IO_GETEVENTS = 5202 - SYS_IO_SUBMIT = 5203 - SYS_IO_CANCEL = 5204 - SYS_EXIT_GROUP = 5205 - SYS_LOOKUP_DCOOKIE = 5206 - SYS_EPOLL_CREATE = 5207 - SYS_EPOLL_CTL = 5208 - SYS_EPOLL_WAIT = 5209 - SYS_REMAP_FILE_PAGES = 5210 - SYS_RT_SIGRETURN = 5211 - SYS_SET_TID_ADDRESS = 5212 - SYS_RESTART_SYSCALL = 5213 - SYS_SEMTIMEDOP = 5214 - SYS_FADVISE64 = 5215 - SYS_TIMER_CREATE = 5216 - SYS_TIMER_SETTIME = 5217 - SYS_TIMER_GETTIME = 5218 - SYS_TIMER_GETOVERRUN = 5219 - SYS_TIMER_DELETE = 5220 - SYS_CLOCK_SETTIME = 5221 - SYS_CLOCK_GETTIME = 5222 - SYS_CLOCK_GETRES = 5223 - SYS_CLOCK_NANOSLEEP = 5224 - SYS_TGKILL = 5225 - SYS_UTIMES = 5226 - SYS_MBIND = 5227 - SYS_GET_MEMPOLICY = 5228 - SYS_SET_MEMPOLICY = 5229 - SYS_MQ_OPEN = 5230 - SYS_MQ_UNLINK = 5231 - SYS_MQ_TIMEDSEND = 5232 - SYS_MQ_TIMEDRECEIVE = 5233 - SYS_MQ_NOTIFY = 5234 - SYS_MQ_GETSETATTR = 5235 - SYS_VSERVER = 5236 - SYS_WAITID = 5237 - SYS_ADD_KEY = 5239 - SYS_REQUEST_KEY = 5240 - SYS_KEYCTL = 5241 - SYS_SET_THREAD_AREA = 5242 - SYS_INOTIFY_INIT = 5243 - SYS_INOTIFY_ADD_WATCH = 5244 - SYS_INOTIFY_RM_WATCH = 5245 - SYS_MIGRATE_PAGES = 5246 - SYS_OPENAT = 5247 - SYS_MKDIRAT = 5248 - SYS_MKNODAT = 5249 - SYS_FCHOWNAT = 5250 - SYS_FUTIMESAT = 5251 - SYS_NEWFSTATAT = 5252 - SYS_UNLINKAT = 5253 - SYS_RENAMEAT = 5254 - SYS_LINKAT = 5255 - SYS_SYMLINKAT = 5256 - SYS_READLINKAT = 5257 - SYS_FCHMODAT = 5258 - SYS_FACCESSAT = 5259 - SYS_PSELECT6 = 5260 - SYS_PPOLL = 5261 - SYS_UNSHARE = 5262 - SYS_SPLICE = 5263 - SYS_SYNC_FILE_RANGE = 5264 - SYS_TEE = 5265 - SYS_VMSPLICE = 5266 - SYS_MOVE_PAGES = 5267 - SYS_SET_ROBUST_LIST = 5268 - SYS_GET_ROBUST_LIST = 5269 - SYS_KEXEC_LOAD = 5270 - SYS_GETCPU = 5271 - SYS_EPOLL_PWAIT = 5272 - SYS_IOPRIO_SET = 5273 - SYS_IOPRIO_GET = 5274 - SYS_UTIMENSAT = 5275 - SYS_SIGNALFD = 5276 - SYS_TIMERFD = 5277 - SYS_EVENTFD = 5278 - SYS_FALLOCATE = 5279 - SYS_TIMERFD_CREATE = 5280 - SYS_TIMERFD_GETTIME = 5281 - SYS_TIMERFD_SETTIME = 5282 - SYS_SIGNALFD4 = 5283 - SYS_EVENTFD2 = 5284 - SYS_EPOLL_CREATE1 = 5285 - SYS_DUP3 = 5286 - SYS_PIPE2 = 5287 - SYS_INOTIFY_INIT1 = 5288 - SYS_PREADV = 5289 - SYS_PWRITEV = 5290 - SYS_RT_TGSIGQUEUEINFO = 5291 - SYS_PERF_EVENT_OPEN = 5292 - SYS_ACCEPT4 = 5293 - SYS_RECVMMSG = 5294 - SYS_FANOTIFY_INIT = 5295 - SYS_FANOTIFY_MARK = 5296 - SYS_PRLIMIT64 = 5297 - SYS_NAME_TO_HANDLE_AT = 5298 - SYS_OPEN_BY_HANDLE_AT = 5299 - SYS_CLOCK_ADJTIME = 5300 - SYS_SYNCFS = 5301 - SYS_SENDMMSG = 5302 - SYS_SETNS = 5303 - SYS_PROCESS_VM_READV = 5304 - SYS_PROCESS_VM_WRITEV = 5305 - SYS_KCMP = 5306 - SYS_FINIT_MODULE = 5307 - SYS_GETDENTS64 = 5308 - SYS_SCHED_SETATTR = 5309 - SYS_SCHED_GETATTR = 5310 - SYS_RENAMEAT2 = 5311 - SYS_SECCOMP = 5312 - SYS_GETRANDOM = 5313 - SYS_MEMFD_CREATE = 5314 - SYS_BPF = 5315 - SYS_EXECVEAT = 5316 - SYS_USERFAULTFD = 5317 - SYS_MEMBARRIER = 5318 - SYS_MLOCK2 = 5319 - SYS_COPY_FILE_RANGE = 5320 - SYS_PREADV2 = 5321 - SYS_PWRITEV2 = 5322 - SYS_PKEY_MPROTECT = 5323 - SYS_PKEY_ALLOC = 5324 - SYS_PKEY_FREE = 5325 - SYS_STATX = 5326 - SYS_RSEQ = 5327 - SYS_IO_PGETEVENTS = 5328 - SYS_PIDFD_SEND_SIGNAL = 5424 - SYS_IO_URING_SETUP = 5425 - SYS_IO_URING_ENTER = 5426 - SYS_IO_URING_REGISTER = 5427 - SYS_OPEN_TREE = 5428 - SYS_MOVE_MOUNT = 5429 - SYS_FSOPEN = 5430 - SYS_FSCONFIG = 5431 - SYS_FSMOUNT = 5432 - SYS_FSPICK = 5433 - SYS_PIDFD_OPEN = 5434 - SYS_CLONE3 = 5435 - SYS_CLOSE_RANGE = 5436 - SYS_OPENAT2 = 5437 - SYS_PIDFD_GETFD = 5438 - SYS_FACCESSAT2 = 5439 - SYS_PROCESS_MADVISE = 5440 - SYS_EPOLL_PWAIT2 = 5441 - SYS_MOUNT_SETATTR = 5442 + SYS_READ = 5000 + SYS_WRITE = 5001 + SYS_OPEN = 5002 + SYS_CLOSE = 5003 + SYS_STAT = 5004 + SYS_FSTAT = 5005 + SYS_LSTAT = 5006 + SYS_POLL = 5007 + SYS_LSEEK = 5008 + SYS_MMAP = 5009 + SYS_MPROTECT = 5010 + SYS_MUNMAP = 5011 + SYS_BRK = 5012 + SYS_RT_SIGACTION = 5013 + SYS_RT_SIGPROCMASK = 5014 + SYS_IOCTL = 5015 + SYS_PREAD64 = 5016 + SYS_PWRITE64 = 5017 + SYS_READV = 5018 + SYS_WRITEV = 5019 + SYS_ACCESS = 5020 + SYS_PIPE = 5021 + SYS__NEWSELECT = 5022 + SYS_SCHED_YIELD = 5023 + SYS_MREMAP = 5024 + SYS_MSYNC = 5025 + SYS_MINCORE = 5026 + SYS_MADVISE = 5027 + SYS_SHMGET = 5028 + SYS_SHMAT = 5029 + SYS_SHMCTL = 5030 + SYS_DUP = 5031 + SYS_DUP2 = 5032 + SYS_PAUSE = 5033 + SYS_NANOSLEEP = 5034 + SYS_GETITIMER = 5035 + SYS_SETITIMER = 5036 + SYS_ALARM = 5037 + SYS_GETPID = 5038 + SYS_SENDFILE = 5039 + SYS_SOCKET = 5040 + SYS_CONNECT = 5041 + SYS_ACCEPT = 5042 + SYS_SENDTO = 5043 + SYS_RECVFROM = 5044 + SYS_SENDMSG = 5045 + SYS_RECVMSG = 5046 + SYS_SHUTDOWN = 5047 + SYS_BIND = 5048 + SYS_LISTEN = 5049 + SYS_GETSOCKNAME = 5050 + SYS_GETPEERNAME = 5051 + SYS_SOCKETPAIR = 5052 + SYS_SETSOCKOPT = 5053 + SYS_GETSOCKOPT = 5054 + SYS_CLONE = 5055 + SYS_FORK = 5056 + SYS_EXECVE = 5057 + SYS_EXIT = 5058 + SYS_WAIT4 = 5059 + SYS_KILL = 5060 + SYS_UNAME = 5061 + SYS_SEMGET = 5062 + SYS_SEMOP = 5063 + SYS_SEMCTL = 5064 + SYS_SHMDT = 5065 + SYS_MSGGET = 5066 + SYS_MSGSND = 5067 + SYS_MSGRCV = 5068 + SYS_MSGCTL = 5069 + SYS_FCNTL = 5070 + SYS_FLOCK = 5071 + SYS_FSYNC = 5072 + SYS_FDATASYNC = 5073 + SYS_TRUNCATE = 5074 + SYS_FTRUNCATE = 5075 + SYS_GETDENTS = 5076 + SYS_GETCWD = 5077 + SYS_CHDIR = 5078 + SYS_FCHDIR = 5079 + SYS_RENAME = 5080 + SYS_MKDIR = 5081 + SYS_RMDIR = 5082 + SYS_CREAT = 5083 + SYS_LINK = 5084 + SYS_UNLINK = 5085 + SYS_SYMLINK = 5086 + SYS_READLINK = 5087 + SYS_CHMOD = 5088 + SYS_FCHMOD = 5089 + SYS_CHOWN = 5090 + SYS_FCHOWN = 5091 + SYS_LCHOWN = 5092 + SYS_UMASK = 5093 + SYS_GETTIMEOFDAY = 5094 + SYS_GETRLIMIT = 5095 + SYS_GETRUSAGE = 5096 + SYS_SYSINFO = 5097 + SYS_TIMES = 5098 + SYS_PTRACE = 5099 + SYS_GETUID = 5100 + SYS_SYSLOG = 5101 + SYS_GETGID = 5102 + SYS_SETUID = 5103 + SYS_SETGID = 5104 + SYS_GETEUID = 5105 + SYS_GETEGID = 5106 + SYS_SETPGID = 5107 + SYS_GETPPID = 5108 + SYS_GETPGRP = 5109 + SYS_SETSID = 5110 + SYS_SETREUID = 5111 + SYS_SETREGID = 5112 + SYS_GETGROUPS = 5113 + SYS_SETGROUPS = 5114 + SYS_SETRESUID = 5115 + SYS_GETRESUID = 5116 + SYS_SETRESGID = 5117 + SYS_GETRESGID = 5118 + SYS_GETPGID = 5119 + SYS_SETFSUID = 5120 + SYS_SETFSGID = 5121 + SYS_GETSID = 5122 + SYS_CAPGET = 5123 + SYS_CAPSET = 5124 + SYS_RT_SIGPENDING = 5125 + SYS_RT_SIGTIMEDWAIT = 5126 + SYS_RT_SIGQUEUEINFO = 5127 + SYS_RT_SIGSUSPEND = 5128 + SYS_SIGALTSTACK = 5129 + SYS_UTIME = 5130 + SYS_MKNOD = 5131 + SYS_PERSONALITY = 5132 + SYS_USTAT = 5133 + SYS_STATFS = 5134 + SYS_FSTATFS = 5135 + SYS_SYSFS = 5136 + SYS_GETPRIORITY = 5137 + SYS_SETPRIORITY = 5138 + SYS_SCHED_SETPARAM = 5139 + SYS_SCHED_GETPARAM = 5140 + SYS_SCHED_SETSCHEDULER = 5141 + SYS_SCHED_GETSCHEDULER = 5142 + SYS_SCHED_GET_PRIORITY_MAX = 5143 + SYS_SCHED_GET_PRIORITY_MIN = 5144 + SYS_SCHED_RR_GET_INTERVAL = 5145 + SYS_MLOCK = 5146 + SYS_MUNLOCK = 5147 + SYS_MLOCKALL = 5148 + SYS_MUNLOCKALL = 5149 + SYS_VHANGUP = 5150 + SYS_PIVOT_ROOT = 5151 + SYS__SYSCTL = 5152 + SYS_PRCTL = 5153 + SYS_ADJTIMEX = 5154 + SYS_SETRLIMIT = 5155 + SYS_CHROOT = 5156 + SYS_SYNC = 5157 + SYS_ACCT = 5158 + SYS_SETTIMEOFDAY = 5159 + SYS_MOUNT = 5160 + SYS_UMOUNT2 = 5161 + SYS_SWAPON = 5162 + SYS_SWAPOFF = 5163 + SYS_REBOOT = 5164 + SYS_SETHOSTNAME = 5165 + SYS_SETDOMAINNAME = 5166 + SYS_CREATE_MODULE = 5167 + SYS_INIT_MODULE = 5168 + SYS_DELETE_MODULE = 5169 + SYS_GET_KERNEL_SYMS = 5170 + SYS_QUERY_MODULE = 5171 + SYS_QUOTACTL = 5172 + SYS_NFSSERVCTL = 5173 + SYS_GETPMSG = 5174 + SYS_PUTPMSG = 5175 + SYS_AFS_SYSCALL = 5176 + SYS_RESERVED177 = 5177 + SYS_GETTID = 5178 + SYS_READAHEAD = 5179 + SYS_SETXATTR = 5180 + SYS_LSETXATTR = 5181 + SYS_FSETXATTR = 5182 + SYS_GETXATTR = 5183 + SYS_LGETXATTR = 5184 + SYS_FGETXATTR = 5185 + SYS_LISTXATTR = 5186 + SYS_LLISTXATTR = 5187 + SYS_FLISTXATTR = 5188 + SYS_REMOVEXATTR = 5189 + SYS_LREMOVEXATTR = 5190 + SYS_FREMOVEXATTR = 5191 + SYS_TKILL = 5192 + SYS_RESERVED193 = 5193 + SYS_FUTEX = 5194 + SYS_SCHED_SETAFFINITY = 5195 + SYS_SCHED_GETAFFINITY = 5196 + SYS_CACHEFLUSH = 5197 + SYS_CACHECTL = 5198 + SYS_SYSMIPS = 5199 + SYS_IO_SETUP = 5200 + SYS_IO_DESTROY = 5201 + SYS_IO_GETEVENTS = 5202 + SYS_IO_SUBMIT = 5203 + SYS_IO_CANCEL = 5204 + SYS_EXIT_GROUP = 5205 + SYS_LOOKUP_DCOOKIE = 5206 + SYS_EPOLL_CREATE = 5207 + SYS_EPOLL_CTL = 5208 + SYS_EPOLL_WAIT = 5209 + SYS_REMAP_FILE_PAGES = 5210 + SYS_RT_SIGRETURN = 5211 + SYS_SET_TID_ADDRESS = 5212 + SYS_RESTART_SYSCALL = 5213 + SYS_SEMTIMEDOP = 5214 + SYS_FADVISE64 = 5215 + SYS_TIMER_CREATE = 5216 + SYS_TIMER_SETTIME = 5217 + SYS_TIMER_GETTIME = 5218 + SYS_TIMER_GETOVERRUN = 5219 + SYS_TIMER_DELETE = 5220 + SYS_CLOCK_SETTIME = 5221 + SYS_CLOCK_GETTIME = 5222 + SYS_CLOCK_GETRES = 5223 + SYS_CLOCK_NANOSLEEP = 5224 + SYS_TGKILL = 5225 + SYS_UTIMES = 5226 + SYS_MBIND = 5227 + SYS_GET_MEMPOLICY = 5228 + SYS_SET_MEMPOLICY = 5229 + SYS_MQ_OPEN = 5230 + SYS_MQ_UNLINK = 5231 + SYS_MQ_TIMEDSEND = 5232 + SYS_MQ_TIMEDRECEIVE = 5233 + SYS_MQ_NOTIFY = 5234 + SYS_MQ_GETSETATTR = 5235 + SYS_VSERVER = 5236 + SYS_WAITID = 5237 + SYS_ADD_KEY = 5239 + SYS_REQUEST_KEY = 5240 + SYS_KEYCTL = 5241 + SYS_SET_THREAD_AREA = 5242 + SYS_INOTIFY_INIT = 5243 + SYS_INOTIFY_ADD_WATCH = 5244 + SYS_INOTIFY_RM_WATCH = 5245 + SYS_MIGRATE_PAGES = 5246 + SYS_OPENAT = 5247 + SYS_MKDIRAT = 5248 + SYS_MKNODAT = 5249 + SYS_FCHOWNAT = 5250 + SYS_FUTIMESAT = 5251 + SYS_NEWFSTATAT = 5252 + SYS_UNLINKAT = 5253 + SYS_RENAMEAT = 5254 + SYS_LINKAT = 5255 + SYS_SYMLINKAT = 5256 + SYS_READLINKAT = 5257 + SYS_FCHMODAT = 5258 + SYS_FACCESSAT = 5259 + SYS_PSELECT6 = 5260 + SYS_PPOLL = 5261 + SYS_UNSHARE = 5262 + SYS_SPLICE = 5263 + SYS_SYNC_FILE_RANGE = 5264 + SYS_TEE = 5265 + SYS_VMSPLICE = 5266 + SYS_MOVE_PAGES = 5267 + SYS_SET_ROBUST_LIST = 5268 + SYS_GET_ROBUST_LIST = 5269 + SYS_KEXEC_LOAD = 5270 + SYS_GETCPU = 5271 + SYS_EPOLL_PWAIT = 5272 + SYS_IOPRIO_SET = 5273 + SYS_IOPRIO_GET = 5274 + SYS_UTIMENSAT = 5275 + SYS_SIGNALFD = 5276 + SYS_TIMERFD = 5277 + SYS_EVENTFD = 5278 + SYS_FALLOCATE = 5279 + SYS_TIMERFD_CREATE = 5280 + SYS_TIMERFD_GETTIME = 5281 + SYS_TIMERFD_SETTIME = 5282 + SYS_SIGNALFD4 = 5283 + SYS_EVENTFD2 = 5284 + SYS_EPOLL_CREATE1 = 5285 + SYS_DUP3 = 5286 + SYS_PIPE2 = 5287 + SYS_INOTIFY_INIT1 = 5288 + SYS_PREADV = 5289 + SYS_PWRITEV = 5290 + SYS_RT_TGSIGQUEUEINFO = 5291 + SYS_PERF_EVENT_OPEN = 5292 + SYS_ACCEPT4 = 5293 + SYS_RECVMMSG = 5294 + SYS_FANOTIFY_INIT = 5295 + SYS_FANOTIFY_MARK = 5296 + SYS_PRLIMIT64 = 5297 + SYS_NAME_TO_HANDLE_AT = 5298 + SYS_OPEN_BY_HANDLE_AT = 5299 + SYS_CLOCK_ADJTIME = 5300 + SYS_SYNCFS = 5301 + SYS_SENDMMSG = 5302 + SYS_SETNS = 5303 + SYS_PROCESS_VM_READV = 5304 + SYS_PROCESS_VM_WRITEV = 5305 + SYS_KCMP = 5306 + SYS_FINIT_MODULE = 5307 + SYS_GETDENTS64 = 5308 + SYS_SCHED_SETATTR = 5309 + SYS_SCHED_GETATTR = 5310 + SYS_RENAMEAT2 = 5311 + SYS_SECCOMP = 5312 + SYS_GETRANDOM = 5313 + SYS_MEMFD_CREATE = 5314 + SYS_BPF = 5315 + SYS_EXECVEAT = 5316 + SYS_USERFAULTFD = 5317 + SYS_MEMBARRIER = 5318 + SYS_MLOCK2 = 5319 + SYS_COPY_FILE_RANGE = 5320 + SYS_PREADV2 = 5321 + SYS_PWRITEV2 = 5322 + SYS_PKEY_MPROTECT = 5323 + SYS_PKEY_ALLOC = 5324 + SYS_PKEY_FREE = 5325 + SYS_STATX = 5326 + SYS_RSEQ = 5327 + SYS_IO_PGETEVENTS = 5328 + SYS_PIDFD_SEND_SIGNAL = 5424 + SYS_IO_URING_SETUP = 5425 + SYS_IO_URING_ENTER = 5426 + SYS_IO_URING_REGISTER = 5427 + SYS_OPEN_TREE = 5428 + SYS_MOVE_MOUNT = 5429 + SYS_FSOPEN = 5430 + SYS_FSCONFIG = 5431 + SYS_FSMOUNT = 5432 + SYS_FSPICK = 5433 + SYS_PIDFD_OPEN = 5434 + SYS_CLONE3 = 5435 + SYS_CLOSE_RANGE = 5436 + SYS_OPENAT2 = 5437 + SYS_PIDFD_GETFD = 5438 + SYS_FACCESSAT2 = 5439 + SYS_PROCESS_MADVISE = 5440 + SYS_EPOLL_PWAIT2 = 5441 + SYS_MOUNT_SETATTR = 5442 + SYS_LANDLOCK_CREATE_RULESET = 5444 + SYS_LANDLOCK_ADD_RULE = 5445 + SYS_LANDLOCK_RESTRICT_SELF = 5446 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go index 46077689a..77f5728da 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go @@ -7,351 +7,354 @@ package unix const ( - SYS_READ = 5000 - SYS_WRITE = 5001 - SYS_OPEN = 5002 - SYS_CLOSE = 5003 - SYS_STAT = 5004 - SYS_FSTAT = 5005 - SYS_LSTAT = 5006 - SYS_POLL = 5007 - SYS_LSEEK = 5008 - SYS_MMAP = 5009 - SYS_MPROTECT = 5010 - SYS_MUNMAP = 5011 - SYS_BRK = 5012 - SYS_RT_SIGACTION = 5013 - SYS_RT_SIGPROCMASK = 5014 - SYS_IOCTL = 5015 - SYS_PREAD64 = 5016 - SYS_PWRITE64 = 5017 - SYS_READV = 5018 - SYS_WRITEV = 5019 - SYS_ACCESS = 5020 - SYS_PIPE = 5021 - SYS__NEWSELECT = 5022 - SYS_SCHED_YIELD = 5023 - SYS_MREMAP = 5024 - SYS_MSYNC = 5025 - SYS_MINCORE = 5026 - SYS_MADVISE = 5027 - SYS_SHMGET = 5028 - SYS_SHMAT = 5029 - SYS_SHMCTL = 5030 - SYS_DUP = 5031 - SYS_DUP2 = 5032 - SYS_PAUSE = 5033 - SYS_NANOSLEEP = 5034 - SYS_GETITIMER = 5035 - SYS_SETITIMER = 5036 - SYS_ALARM = 5037 - SYS_GETPID = 5038 - SYS_SENDFILE = 5039 - SYS_SOCKET = 5040 - SYS_CONNECT = 5041 - SYS_ACCEPT = 5042 - SYS_SENDTO = 5043 - SYS_RECVFROM = 5044 - SYS_SENDMSG = 5045 - SYS_RECVMSG = 5046 - SYS_SHUTDOWN = 5047 - SYS_BIND = 5048 - SYS_LISTEN = 5049 - SYS_GETSOCKNAME = 5050 - SYS_GETPEERNAME = 5051 - SYS_SOCKETPAIR = 5052 - SYS_SETSOCKOPT = 5053 - SYS_GETSOCKOPT = 5054 - SYS_CLONE = 5055 - SYS_FORK = 5056 - SYS_EXECVE = 5057 - SYS_EXIT = 5058 - SYS_WAIT4 = 5059 - SYS_KILL = 5060 - SYS_UNAME = 5061 - SYS_SEMGET = 5062 - SYS_SEMOP = 5063 - SYS_SEMCTL = 5064 - SYS_SHMDT = 5065 - SYS_MSGGET = 5066 - SYS_MSGSND = 5067 - SYS_MSGRCV = 5068 - SYS_MSGCTL = 5069 - SYS_FCNTL = 5070 - SYS_FLOCK = 5071 - SYS_FSYNC = 5072 - SYS_FDATASYNC = 5073 - SYS_TRUNCATE = 5074 - SYS_FTRUNCATE = 5075 - SYS_GETDENTS = 5076 - SYS_GETCWD = 5077 - SYS_CHDIR = 5078 - SYS_FCHDIR = 5079 - SYS_RENAME = 5080 - SYS_MKDIR = 5081 - SYS_RMDIR = 5082 - SYS_CREAT = 5083 - SYS_LINK = 5084 - SYS_UNLINK = 5085 - SYS_SYMLINK = 5086 - SYS_READLINK = 5087 - SYS_CHMOD = 5088 - SYS_FCHMOD = 5089 - SYS_CHOWN = 5090 - SYS_FCHOWN = 5091 - SYS_LCHOWN = 5092 - SYS_UMASK = 5093 - SYS_GETTIMEOFDAY = 5094 - SYS_GETRLIMIT = 5095 - SYS_GETRUSAGE = 5096 - SYS_SYSINFO = 5097 - SYS_TIMES = 5098 - SYS_PTRACE = 5099 - SYS_GETUID = 5100 - SYS_SYSLOG = 5101 - SYS_GETGID = 5102 - SYS_SETUID = 5103 - SYS_SETGID = 5104 - SYS_GETEUID = 5105 - SYS_GETEGID = 5106 - SYS_SETPGID = 5107 - SYS_GETPPID = 5108 - SYS_GETPGRP = 5109 - SYS_SETSID = 5110 - SYS_SETREUID = 5111 - SYS_SETREGID = 5112 - SYS_GETGROUPS = 5113 - SYS_SETGROUPS = 5114 - SYS_SETRESUID = 5115 - SYS_GETRESUID = 5116 - SYS_SETRESGID = 5117 - SYS_GETRESGID = 5118 - SYS_GETPGID = 5119 - SYS_SETFSUID = 5120 - SYS_SETFSGID = 5121 - SYS_GETSID = 5122 - SYS_CAPGET = 5123 - SYS_CAPSET = 5124 - SYS_RT_SIGPENDING = 5125 - SYS_RT_SIGTIMEDWAIT = 5126 - SYS_RT_SIGQUEUEINFO = 5127 - SYS_RT_SIGSUSPEND = 5128 - SYS_SIGALTSTACK = 5129 - SYS_UTIME = 5130 - SYS_MKNOD = 5131 - SYS_PERSONALITY = 5132 - SYS_USTAT = 5133 - SYS_STATFS = 5134 - SYS_FSTATFS = 5135 - SYS_SYSFS = 5136 - SYS_GETPRIORITY = 5137 - SYS_SETPRIORITY = 5138 - SYS_SCHED_SETPARAM = 5139 - SYS_SCHED_GETPARAM = 5140 - SYS_SCHED_SETSCHEDULER = 5141 - SYS_SCHED_GETSCHEDULER = 5142 - SYS_SCHED_GET_PRIORITY_MAX = 5143 - SYS_SCHED_GET_PRIORITY_MIN = 5144 - SYS_SCHED_RR_GET_INTERVAL = 5145 - SYS_MLOCK = 5146 - SYS_MUNLOCK = 5147 - SYS_MLOCKALL = 5148 - SYS_MUNLOCKALL = 5149 - SYS_VHANGUP = 5150 - SYS_PIVOT_ROOT = 5151 - SYS__SYSCTL = 5152 - SYS_PRCTL = 5153 - SYS_ADJTIMEX = 5154 - SYS_SETRLIMIT = 5155 - SYS_CHROOT = 5156 - SYS_SYNC = 5157 - SYS_ACCT = 5158 - SYS_SETTIMEOFDAY = 5159 - SYS_MOUNT = 5160 - SYS_UMOUNT2 = 5161 - SYS_SWAPON = 5162 - SYS_SWAPOFF = 5163 - SYS_REBOOT = 5164 - SYS_SETHOSTNAME = 5165 - SYS_SETDOMAINNAME = 5166 - SYS_CREATE_MODULE = 5167 - SYS_INIT_MODULE = 5168 - SYS_DELETE_MODULE = 5169 - SYS_GET_KERNEL_SYMS = 5170 - SYS_QUERY_MODULE = 5171 - SYS_QUOTACTL = 5172 - SYS_NFSSERVCTL = 5173 - SYS_GETPMSG = 5174 - SYS_PUTPMSG = 5175 - SYS_AFS_SYSCALL = 5176 - SYS_RESERVED177 = 5177 - SYS_GETTID = 5178 - SYS_READAHEAD = 5179 - SYS_SETXATTR = 5180 - SYS_LSETXATTR = 5181 - SYS_FSETXATTR = 5182 - SYS_GETXATTR = 5183 - SYS_LGETXATTR = 5184 - SYS_FGETXATTR = 5185 - SYS_LISTXATTR = 5186 - SYS_LLISTXATTR = 5187 - SYS_FLISTXATTR = 5188 - SYS_REMOVEXATTR = 5189 - SYS_LREMOVEXATTR = 5190 - SYS_FREMOVEXATTR = 5191 - SYS_TKILL = 5192 - SYS_RESERVED193 = 5193 - SYS_FUTEX = 5194 - SYS_SCHED_SETAFFINITY = 5195 - SYS_SCHED_GETAFFINITY = 5196 - SYS_CACHEFLUSH = 5197 - SYS_CACHECTL = 5198 - SYS_SYSMIPS = 5199 - SYS_IO_SETUP = 5200 - SYS_IO_DESTROY = 5201 - SYS_IO_GETEVENTS = 5202 - SYS_IO_SUBMIT = 5203 - SYS_IO_CANCEL = 5204 - SYS_EXIT_GROUP = 5205 - SYS_LOOKUP_DCOOKIE = 5206 - SYS_EPOLL_CREATE = 5207 - SYS_EPOLL_CTL = 5208 - SYS_EPOLL_WAIT = 5209 - SYS_REMAP_FILE_PAGES = 5210 - SYS_RT_SIGRETURN = 5211 - SYS_SET_TID_ADDRESS = 5212 - SYS_RESTART_SYSCALL = 5213 - SYS_SEMTIMEDOP = 5214 - SYS_FADVISE64 = 5215 - SYS_TIMER_CREATE = 5216 - SYS_TIMER_SETTIME = 5217 - SYS_TIMER_GETTIME = 5218 - SYS_TIMER_GETOVERRUN = 5219 - SYS_TIMER_DELETE = 5220 - SYS_CLOCK_SETTIME = 5221 - SYS_CLOCK_GETTIME = 5222 - SYS_CLOCK_GETRES = 5223 - SYS_CLOCK_NANOSLEEP = 5224 - SYS_TGKILL = 5225 - SYS_UTIMES = 5226 - SYS_MBIND = 5227 - SYS_GET_MEMPOLICY = 5228 - SYS_SET_MEMPOLICY = 5229 - SYS_MQ_OPEN = 5230 - SYS_MQ_UNLINK = 5231 - SYS_MQ_TIMEDSEND = 5232 - SYS_MQ_TIMEDRECEIVE = 5233 - SYS_MQ_NOTIFY = 5234 - SYS_MQ_GETSETATTR = 5235 - SYS_VSERVER = 5236 - SYS_WAITID = 5237 - SYS_ADD_KEY = 5239 - SYS_REQUEST_KEY = 5240 - SYS_KEYCTL = 5241 - SYS_SET_THREAD_AREA = 5242 - SYS_INOTIFY_INIT = 5243 - SYS_INOTIFY_ADD_WATCH = 5244 - SYS_INOTIFY_RM_WATCH = 5245 - SYS_MIGRATE_PAGES = 5246 - SYS_OPENAT = 5247 - SYS_MKDIRAT = 5248 - SYS_MKNODAT = 5249 - SYS_FCHOWNAT = 5250 - SYS_FUTIMESAT = 5251 - SYS_NEWFSTATAT = 5252 - SYS_UNLINKAT = 5253 - SYS_RENAMEAT = 5254 - SYS_LINKAT = 5255 - SYS_SYMLINKAT = 5256 - SYS_READLINKAT = 5257 - SYS_FCHMODAT = 5258 - SYS_FACCESSAT = 5259 - SYS_PSELECT6 = 5260 - SYS_PPOLL = 5261 - SYS_UNSHARE = 5262 - SYS_SPLICE = 5263 - SYS_SYNC_FILE_RANGE = 5264 - SYS_TEE = 5265 - SYS_VMSPLICE = 5266 - SYS_MOVE_PAGES = 5267 - SYS_SET_ROBUST_LIST = 5268 - SYS_GET_ROBUST_LIST = 5269 - SYS_KEXEC_LOAD = 5270 - SYS_GETCPU = 5271 - SYS_EPOLL_PWAIT = 5272 - SYS_IOPRIO_SET = 5273 - SYS_IOPRIO_GET = 5274 - SYS_UTIMENSAT = 5275 - SYS_SIGNALFD = 5276 - SYS_TIMERFD = 5277 - SYS_EVENTFD = 5278 - SYS_FALLOCATE = 5279 - SYS_TIMERFD_CREATE = 5280 - SYS_TIMERFD_GETTIME = 5281 - SYS_TIMERFD_SETTIME = 5282 - SYS_SIGNALFD4 = 5283 - SYS_EVENTFD2 = 5284 - SYS_EPOLL_CREATE1 = 5285 - SYS_DUP3 = 5286 - SYS_PIPE2 = 5287 - SYS_INOTIFY_INIT1 = 5288 - SYS_PREADV = 5289 - SYS_PWRITEV = 5290 - SYS_RT_TGSIGQUEUEINFO = 5291 - SYS_PERF_EVENT_OPEN = 5292 - SYS_ACCEPT4 = 5293 - SYS_RECVMMSG = 5294 - SYS_FANOTIFY_INIT = 5295 - SYS_FANOTIFY_MARK = 5296 - SYS_PRLIMIT64 = 5297 - SYS_NAME_TO_HANDLE_AT = 5298 - SYS_OPEN_BY_HANDLE_AT = 5299 - SYS_CLOCK_ADJTIME = 5300 - SYS_SYNCFS = 5301 - SYS_SENDMMSG = 5302 - SYS_SETNS = 5303 - SYS_PROCESS_VM_READV = 5304 - SYS_PROCESS_VM_WRITEV = 5305 - SYS_KCMP = 5306 - SYS_FINIT_MODULE = 5307 - SYS_GETDENTS64 = 5308 - SYS_SCHED_SETATTR = 5309 - SYS_SCHED_GETATTR = 5310 - SYS_RENAMEAT2 = 5311 - SYS_SECCOMP = 5312 - SYS_GETRANDOM = 5313 - SYS_MEMFD_CREATE = 5314 - SYS_BPF = 5315 - SYS_EXECVEAT = 5316 - SYS_USERFAULTFD = 5317 - SYS_MEMBARRIER = 5318 - SYS_MLOCK2 = 5319 - SYS_COPY_FILE_RANGE = 5320 - SYS_PREADV2 = 5321 - SYS_PWRITEV2 = 5322 - SYS_PKEY_MPROTECT = 5323 - SYS_PKEY_ALLOC = 5324 - SYS_PKEY_FREE = 5325 - SYS_STATX = 5326 - SYS_RSEQ = 5327 - SYS_IO_PGETEVENTS = 5328 - SYS_PIDFD_SEND_SIGNAL = 5424 - SYS_IO_URING_SETUP = 5425 - SYS_IO_URING_ENTER = 5426 - SYS_IO_URING_REGISTER = 5427 - SYS_OPEN_TREE = 5428 - SYS_MOVE_MOUNT = 5429 - SYS_FSOPEN = 5430 - SYS_FSCONFIG = 5431 - SYS_FSMOUNT = 5432 - SYS_FSPICK = 5433 - SYS_PIDFD_OPEN = 5434 - SYS_CLONE3 = 5435 - SYS_CLOSE_RANGE = 5436 - SYS_OPENAT2 = 5437 - SYS_PIDFD_GETFD = 5438 - SYS_FACCESSAT2 = 5439 - SYS_PROCESS_MADVISE = 5440 - SYS_EPOLL_PWAIT2 = 5441 - SYS_MOUNT_SETATTR = 5442 + SYS_READ = 5000 + SYS_WRITE = 5001 + SYS_OPEN = 5002 + SYS_CLOSE = 5003 + SYS_STAT = 5004 + SYS_FSTAT = 5005 + SYS_LSTAT = 5006 + SYS_POLL = 5007 + SYS_LSEEK = 5008 + SYS_MMAP = 5009 + SYS_MPROTECT = 5010 + SYS_MUNMAP = 5011 + SYS_BRK = 5012 + SYS_RT_SIGACTION = 5013 + SYS_RT_SIGPROCMASK = 5014 + SYS_IOCTL = 5015 + SYS_PREAD64 = 5016 + SYS_PWRITE64 = 5017 + SYS_READV = 5018 + SYS_WRITEV = 5019 + SYS_ACCESS = 5020 + SYS_PIPE = 5021 + SYS__NEWSELECT = 5022 + SYS_SCHED_YIELD = 5023 + SYS_MREMAP = 5024 + SYS_MSYNC = 5025 + SYS_MINCORE = 5026 + SYS_MADVISE = 5027 + SYS_SHMGET = 5028 + SYS_SHMAT = 5029 + SYS_SHMCTL = 5030 + SYS_DUP = 5031 + SYS_DUP2 = 5032 + SYS_PAUSE = 5033 + SYS_NANOSLEEP = 5034 + SYS_GETITIMER = 5035 + SYS_SETITIMER = 5036 + SYS_ALARM = 5037 + SYS_GETPID = 5038 + SYS_SENDFILE = 5039 + SYS_SOCKET = 5040 + SYS_CONNECT = 5041 + SYS_ACCEPT = 5042 + SYS_SENDTO = 5043 + SYS_RECVFROM = 5044 + SYS_SENDMSG = 5045 + SYS_RECVMSG = 5046 + SYS_SHUTDOWN = 5047 + SYS_BIND = 5048 + SYS_LISTEN = 5049 + SYS_GETSOCKNAME = 5050 + SYS_GETPEERNAME = 5051 + SYS_SOCKETPAIR = 5052 + SYS_SETSOCKOPT = 5053 + SYS_GETSOCKOPT = 5054 + SYS_CLONE = 5055 + SYS_FORK = 5056 + SYS_EXECVE = 5057 + SYS_EXIT = 5058 + SYS_WAIT4 = 5059 + SYS_KILL = 5060 + SYS_UNAME = 5061 + SYS_SEMGET = 5062 + SYS_SEMOP = 5063 + SYS_SEMCTL = 5064 + SYS_SHMDT = 5065 + SYS_MSGGET = 5066 + SYS_MSGSND = 5067 + SYS_MSGRCV = 5068 + SYS_MSGCTL = 5069 + SYS_FCNTL = 5070 + SYS_FLOCK = 5071 + SYS_FSYNC = 5072 + SYS_FDATASYNC = 5073 + SYS_TRUNCATE = 5074 + SYS_FTRUNCATE = 5075 + SYS_GETDENTS = 5076 + SYS_GETCWD = 5077 + SYS_CHDIR = 5078 + SYS_FCHDIR = 5079 + SYS_RENAME = 5080 + SYS_MKDIR = 5081 + SYS_RMDIR = 5082 + SYS_CREAT = 5083 + SYS_LINK = 5084 + SYS_UNLINK = 5085 + SYS_SYMLINK = 5086 + SYS_READLINK = 5087 + SYS_CHMOD = 5088 + SYS_FCHMOD = 5089 + SYS_CHOWN = 5090 + SYS_FCHOWN = 5091 + SYS_LCHOWN = 5092 + SYS_UMASK = 5093 + SYS_GETTIMEOFDAY = 5094 + SYS_GETRLIMIT = 5095 + SYS_GETRUSAGE = 5096 + SYS_SYSINFO = 5097 + SYS_TIMES = 5098 + SYS_PTRACE = 5099 + SYS_GETUID = 5100 + SYS_SYSLOG = 5101 + SYS_GETGID = 5102 + SYS_SETUID = 5103 + SYS_SETGID = 5104 + SYS_GETEUID = 5105 + SYS_GETEGID = 5106 + SYS_SETPGID = 5107 + SYS_GETPPID = 5108 + SYS_GETPGRP = 5109 + SYS_SETSID = 5110 + SYS_SETREUID = 5111 + SYS_SETREGID = 5112 + SYS_GETGROUPS = 5113 + SYS_SETGROUPS = 5114 + SYS_SETRESUID = 5115 + SYS_GETRESUID = 5116 + SYS_SETRESGID = 5117 + SYS_GETRESGID = 5118 + SYS_GETPGID = 5119 + SYS_SETFSUID = 5120 + SYS_SETFSGID = 5121 + SYS_GETSID = 5122 + SYS_CAPGET = 5123 + SYS_CAPSET = 5124 + SYS_RT_SIGPENDING = 5125 + SYS_RT_SIGTIMEDWAIT = 5126 + SYS_RT_SIGQUEUEINFO = 5127 + SYS_RT_SIGSUSPEND = 5128 + SYS_SIGALTSTACK = 5129 + SYS_UTIME = 5130 + SYS_MKNOD = 5131 + SYS_PERSONALITY = 5132 + SYS_USTAT = 5133 + SYS_STATFS = 5134 + SYS_FSTATFS = 5135 + SYS_SYSFS = 5136 + SYS_GETPRIORITY = 5137 + SYS_SETPRIORITY = 5138 + SYS_SCHED_SETPARAM = 5139 + SYS_SCHED_GETPARAM = 5140 + SYS_SCHED_SETSCHEDULER = 5141 + SYS_SCHED_GETSCHEDULER = 5142 + SYS_SCHED_GET_PRIORITY_MAX = 5143 + SYS_SCHED_GET_PRIORITY_MIN = 5144 + SYS_SCHED_RR_GET_INTERVAL = 5145 + SYS_MLOCK = 5146 + SYS_MUNLOCK = 5147 + SYS_MLOCKALL = 5148 + SYS_MUNLOCKALL = 5149 + SYS_VHANGUP = 5150 + SYS_PIVOT_ROOT = 5151 + SYS__SYSCTL = 5152 + SYS_PRCTL = 5153 + SYS_ADJTIMEX = 5154 + SYS_SETRLIMIT = 5155 + SYS_CHROOT = 5156 + SYS_SYNC = 5157 + SYS_ACCT = 5158 + SYS_SETTIMEOFDAY = 5159 + SYS_MOUNT = 5160 + SYS_UMOUNT2 = 5161 + SYS_SWAPON = 5162 + SYS_SWAPOFF = 5163 + SYS_REBOOT = 5164 + SYS_SETHOSTNAME = 5165 + SYS_SETDOMAINNAME = 5166 + SYS_CREATE_MODULE = 5167 + SYS_INIT_MODULE = 5168 + SYS_DELETE_MODULE = 5169 + SYS_GET_KERNEL_SYMS = 5170 + SYS_QUERY_MODULE = 5171 + SYS_QUOTACTL = 5172 + SYS_NFSSERVCTL = 5173 + SYS_GETPMSG = 5174 + SYS_PUTPMSG = 5175 + SYS_AFS_SYSCALL = 5176 + SYS_RESERVED177 = 5177 + SYS_GETTID = 5178 + SYS_READAHEAD = 5179 + SYS_SETXATTR = 5180 + SYS_LSETXATTR = 5181 + SYS_FSETXATTR = 5182 + SYS_GETXATTR = 5183 + SYS_LGETXATTR = 5184 + SYS_FGETXATTR = 5185 + SYS_LISTXATTR = 5186 + SYS_LLISTXATTR = 5187 + SYS_FLISTXATTR = 5188 + SYS_REMOVEXATTR = 5189 + SYS_LREMOVEXATTR = 5190 + SYS_FREMOVEXATTR = 5191 + SYS_TKILL = 5192 + SYS_RESERVED193 = 5193 + SYS_FUTEX = 5194 + SYS_SCHED_SETAFFINITY = 5195 + SYS_SCHED_GETAFFINITY = 5196 + SYS_CACHEFLUSH = 5197 + SYS_CACHECTL = 5198 + SYS_SYSMIPS = 5199 + SYS_IO_SETUP = 5200 + SYS_IO_DESTROY = 5201 + SYS_IO_GETEVENTS = 5202 + SYS_IO_SUBMIT = 5203 + SYS_IO_CANCEL = 5204 + SYS_EXIT_GROUP = 5205 + SYS_LOOKUP_DCOOKIE = 5206 + SYS_EPOLL_CREATE = 5207 + SYS_EPOLL_CTL = 5208 + SYS_EPOLL_WAIT = 5209 + SYS_REMAP_FILE_PAGES = 5210 + SYS_RT_SIGRETURN = 5211 + SYS_SET_TID_ADDRESS = 5212 + SYS_RESTART_SYSCALL = 5213 + SYS_SEMTIMEDOP = 5214 + SYS_FADVISE64 = 5215 + SYS_TIMER_CREATE = 5216 + SYS_TIMER_SETTIME = 5217 + SYS_TIMER_GETTIME = 5218 + SYS_TIMER_GETOVERRUN = 5219 + SYS_TIMER_DELETE = 5220 + SYS_CLOCK_SETTIME = 5221 + SYS_CLOCK_GETTIME = 5222 + SYS_CLOCK_GETRES = 5223 + SYS_CLOCK_NANOSLEEP = 5224 + SYS_TGKILL = 5225 + SYS_UTIMES = 5226 + SYS_MBIND = 5227 + SYS_GET_MEMPOLICY = 5228 + SYS_SET_MEMPOLICY = 5229 + SYS_MQ_OPEN = 5230 + SYS_MQ_UNLINK = 5231 + SYS_MQ_TIMEDSEND = 5232 + SYS_MQ_TIMEDRECEIVE = 5233 + SYS_MQ_NOTIFY = 5234 + SYS_MQ_GETSETATTR = 5235 + SYS_VSERVER = 5236 + SYS_WAITID = 5237 + SYS_ADD_KEY = 5239 + SYS_REQUEST_KEY = 5240 + SYS_KEYCTL = 5241 + SYS_SET_THREAD_AREA = 5242 + SYS_INOTIFY_INIT = 5243 + SYS_INOTIFY_ADD_WATCH = 5244 + SYS_INOTIFY_RM_WATCH = 5245 + SYS_MIGRATE_PAGES = 5246 + SYS_OPENAT = 5247 + SYS_MKDIRAT = 5248 + SYS_MKNODAT = 5249 + SYS_FCHOWNAT = 5250 + SYS_FUTIMESAT = 5251 + SYS_NEWFSTATAT = 5252 + SYS_UNLINKAT = 5253 + SYS_RENAMEAT = 5254 + SYS_LINKAT = 5255 + SYS_SYMLINKAT = 5256 + SYS_READLINKAT = 5257 + SYS_FCHMODAT = 5258 + SYS_FACCESSAT = 5259 + SYS_PSELECT6 = 5260 + SYS_PPOLL = 5261 + SYS_UNSHARE = 5262 + SYS_SPLICE = 5263 + SYS_SYNC_FILE_RANGE = 5264 + SYS_TEE = 5265 + SYS_VMSPLICE = 5266 + SYS_MOVE_PAGES = 5267 + SYS_SET_ROBUST_LIST = 5268 + SYS_GET_ROBUST_LIST = 5269 + SYS_KEXEC_LOAD = 5270 + SYS_GETCPU = 5271 + SYS_EPOLL_PWAIT = 5272 + SYS_IOPRIO_SET = 5273 + SYS_IOPRIO_GET = 5274 + SYS_UTIMENSAT = 5275 + SYS_SIGNALFD = 5276 + SYS_TIMERFD = 5277 + SYS_EVENTFD = 5278 + SYS_FALLOCATE = 5279 + SYS_TIMERFD_CREATE = 5280 + SYS_TIMERFD_GETTIME = 5281 + SYS_TIMERFD_SETTIME = 5282 + SYS_SIGNALFD4 = 5283 + SYS_EVENTFD2 = 5284 + SYS_EPOLL_CREATE1 = 5285 + SYS_DUP3 = 5286 + SYS_PIPE2 = 5287 + SYS_INOTIFY_INIT1 = 5288 + SYS_PREADV = 5289 + SYS_PWRITEV = 5290 + SYS_RT_TGSIGQUEUEINFO = 5291 + SYS_PERF_EVENT_OPEN = 5292 + SYS_ACCEPT4 = 5293 + SYS_RECVMMSG = 5294 + SYS_FANOTIFY_INIT = 5295 + SYS_FANOTIFY_MARK = 5296 + SYS_PRLIMIT64 = 5297 + SYS_NAME_TO_HANDLE_AT = 5298 + SYS_OPEN_BY_HANDLE_AT = 5299 + SYS_CLOCK_ADJTIME = 5300 + SYS_SYNCFS = 5301 + SYS_SENDMMSG = 5302 + SYS_SETNS = 5303 + SYS_PROCESS_VM_READV = 5304 + SYS_PROCESS_VM_WRITEV = 5305 + SYS_KCMP = 5306 + SYS_FINIT_MODULE = 5307 + SYS_GETDENTS64 = 5308 + SYS_SCHED_SETATTR = 5309 + SYS_SCHED_GETATTR = 5310 + SYS_RENAMEAT2 = 5311 + SYS_SECCOMP = 5312 + SYS_GETRANDOM = 5313 + SYS_MEMFD_CREATE = 5314 + SYS_BPF = 5315 + SYS_EXECVEAT = 5316 + SYS_USERFAULTFD = 5317 + SYS_MEMBARRIER = 5318 + SYS_MLOCK2 = 5319 + SYS_COPY_FILE_RANGE = 5320 + SYS_PREADV2 = 5321 + SYS_PWRITEV2 = 5322 + SYS_PKEY_MPROTECT = 5323 + SYS_PKEY_ALLOC = 5324 + SYS_PKEY_FREE = 5325 + SYS_STATX = 5326 + SYS_RSEQ = 5327 + SYS_IO_PGETEVENTS = 5328 + SYS_PIDFD_SEND_SIGNAL = 5424 + SYS_IO_URING_SETUP = 5425 + SYS_IO_URING_ENTER = 5426 + SYS_IO_URING_REGISTER = 5427 + SYS_OPEN_TREE = 5428 + SYS_MOVE_MOUNT = 5429 + SYS_FSOPEN = 5430 + SYS_FSCONFIG = 5431 + SYS_FSMOUNT = 5432 + SYS_FSPICK = 5433 + SYS_PIDFD_OPEN = 5434 + SYS_CLONE3 = 5435 + SYS_CLOSE_RANGE = 5436 + SYS_OPENAT2 = 5437 + SYS_PIDFD_GETFD = 5438 + SYS_FACCESSAT2 = 5439 + SYS_PROCESS_MADVISE = 5440 + SYS_EPOLL_PWAIT2 = 5441 + SYS_MOUNT_SETATTR = 5442 + SYS_LANDLOCK_CREATE_RULESET = 5444 + SYS_LANDLOCK_ADD_RULE = 5445 + SYS_LANDLOCK_RESTRICT_SELF = 5446 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go index 80e6696b3..dcd926513 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go @@ -424,4 +424,7 @@ const ( SYS_PROCESS_MADVISE = 4440 SYS_EPOLL_PWAIT2 = 4441 SYS_MOUNT_SETATTR = 4442 + SYS_LANDLOCK_CREATE_RULESET = 4444 + SYS_LANDLOCK_ADD_RULE = 4445 + SYS_LANDLOCK_RESTRICT_SELF = 4446 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go index b9d697ffb..d5ee2c935 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go @@ -431,4 +431,7 @@ const ( SYS_PROCESS_MADVISE = 440 SYS_EPOLL_PWAIT2 = 441 SYS_MOUNT_SETATTR = 442 + SYS_LANDLOCK_CREATE_RULESET = 444 + SYS_LANDLOCK_ADD_RULE = 445 + SYS_LANDLOCK_RESTRICT_SELF = 446 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go index 08edc54d3..fec32207c 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go @@ -7,400 +7,403 @@ package unix const ( - SYS_RESTART_SYSCALL = 0 - SYS_EXIT = 1 - SYS_FORK = 2 - SYS_READ = 3 - SYS_WRITE = 4 - SYS_OPEN = 5 - SYS_CLOSE = 6 - SYS_WAITPID = 7 - SYS_CREAT = 8 - SYS_LINK = 9 - SYS_UNLINK = 10 - SYS_EXECVE = 11 - SYS_CHDIR = 12 - SYS_TIME = 13 - SYS_MKNOD = 14 - SYS_CHMOD = 15 - SYS_LCHOWN = 16 - SYS_BREAK = 17 - SYS_OLDSTAT = 18 - SYS_LSEEK = 19 - SYS_GETPID = 20 - SYS_MOUNT = 21 - SYS_UMOUNT = 22 - SYS_SETUID = 23 - SYS_GETUID = 24 - SYS_STIME = 25 - SYS_PTRACE = 26 - SYS_ALARM = 27 - SYS_OLDFSTAT = 28 - SYS_PAUSE = 29 - SYS_UTIME = 30 - SYS_STTY = 31 - SYS_GTTY = 32 - SYS_ACCESS = 33 - SYS_NICE = 34 - SYS_FTIME = 35 - SYS_SYNC = 36 - SYS_KILL = 37 - SYS_RENAME = 38 - SYS_MKDIR = 39 - SYS_RMDIR = 40 - SYS_DUP = 41 - SYS_PIPE = 42 - SYS_TIMES = 43 - SYS_PROF = 44 - SYS_BRK = 45 - SYS_SETGID = 46 - SYS_GETGID = 47 - SYS_SIGNAL = 48 - SYS_GETEUID = 49 - SYS_GETEGID = 50 - SYS_ACCT = 51 - SYS_UMOUNT2 = 52 - SYS_LOCK = 53 - SYS_IOCTL = 54 - SYS_FCNTL = 55 - SYS_MPX = 56 - SYS_SETPGID = 57 - SYS_ULIMIT = 58 - SYS_OLDOLDUNAME = 59 - SYS_UMASK = 60 - SYS_CHROOT = 61 - SYS_USTAT = 62 - SYS_DUP2 = 63 - SYS_GETPPID = 64 - SYS_GETPGRP = 65 - SYS_SETSID = 66 - SYS_SIGACTION = 67 - SYS_SGETMASK = 68 - SYS_SSETMASK = 69 - SYS_SETREUID = 70 - SYS_SETREGID = 71 - SYS_SIGSUSPEND = 72 - SYS_SIGPENDING = 73 - SYS_SETHOSTNAME = 74 - SYS_SETRLIMIT = 75 - SYS_GETRLIMIT = 76 - SYS_GETRUSAGE = 77 - SYS_GETTIMEOFDAY = 78 - SYS_SETTIMEOFDAY = 79 - SYS_GETGROUPS = 80 - SYS_SETGROUPS = 81 - SYS_SELECT = 82 - SYS_SYMLINK = 83 - SYS_OLDLSTAT = 84 - SYS_READLINK = 85 - SYS_USELIB = 86 - SYS_SWAPON = 87 - SYS_REBOOT = 88 - SYS_READDIR = 89 - SYS_MMAP = 90 - SYS_MUNMAP = 91 - SYS_TRUNCATE = 92 - SYS_FTRUNCATE = 93 - SYS_FCHMOD = 94 - SYS_FCHOWN = 95 - SYS_GETPRIORITY = 96 - SYS_SETPRIORITY = 97 - SYS_PROFIL = 98 - SYS_STATFS = 99 - SYS_FSTATFS = 100 - SYS_IOPERM = 101 - SYS_SOCKETCALL = 102 - SYS_SYSLOG = 103 - SYS_SETITIMER = 104 - SYS_GETITIMER = 105 - SYS_STAT = 106 - SYS_LSTAT = 107 - SYS_FSTAT = 108 - SYS_OLDUNAME = 109 - SYS_IOPL = 110 - SYS_VHANGUP = 111 - SYS_IDLE = 112 - SYS_VM86 = 113 - SYS_WAIT4 = 114 - SYS_SWAPOFF = 115 - SYS_SYSINFO = 116 - SYS_IPC = 117 - SYS_FSYNC = 118 - SYS_SIGRETURN = 119 - SYS_CLONE = 120 - SYS_SETDOMAINNAME = 121 - SYS_UNAME = 122 - SYS_MODIFY_LDT = 123 - SYS_ADJTIMEX = 124 - SYS_MPROTECT = 125 - SYS_SIGPROCMASK = 126 - SYS_CREATE_MODULE = 127 - SYS_INIT_MODULE = 128 - SYS_DELETE_MODULE = 129 - SYS_GET_KERNEL_SYMS = 130 - SYS_QUOTACTL = 131 - SYS_GETPGID = 132 - SYS_FCHDIR = 133 - SYS_BDFLUSH = 134 - SYS_SYSFS = 135 - SYS_PERSONALITY = 136 - SYS_AFS_SYSCALL = 137 - SYS_SETFSUID = 138 - SYS_SETFSGID = 139 - SYS__LLSEEK = 140 - SYS_GETDENTS = 141 - SYS__NEWSELECT = 142 - SYS_FLOCK = 143 - SYS_MSYNC = 144 - SYS_READV = 145 - SYS_WRITEV = 146 - SYS_GETSID = 147 - SYS_FDATASYNC = 148 - SYS__SYSCTL = 149 - SYS_MLOCK = 150 - SYS_MUNLOCK = 151 - SYS_MLOCKALL = 152 - SYS_MUNLOCKALL = 153 - SYS_SCHED_SETPARAM = 154 - SYS_SCHED_GETPARAM = 155 - SYS_SCHED_SETSCHEDULER = 156 - SYS_SCHED_GETSCHEDULER = 157 - SYS_SCHED_YIELD = 158 - SYS_SCHED_GET_PRIORITY_MAX = 159 - SYS_SCHED_GET_PRIORITY_MIN = 160 - SYS_SCHED_RR_GET_INTERVAL = 161 - SYS_NANOSLEEP = 162 - SYS_MREMAP = 163 - SYS_SETRESUID = 164 - SYS_GETRESUID = 165 - SYS_QUERY_MODULE = 166 - SYS_POLL = 167 - SYS_NFSSERVCTL = 168 - SYS_SETRESGID = 169 - SYS_GETRESGID = 170 - SYS_PRCTL = 171 - SYS_RT_SIGRETURN = 172 - SYS_RT_SIGACTION = 173 - SYS_RT_SIGPROCMASK = 174 - SYS_RT_SIGPENDING = 175 - SYS_RT_SIGTIMEDWAIT = 176 - SYS_RT_SIGQUEUEINFO = 177 - SYS_RT_SIGSUSPEND = 178 - SYS_PREAD64 = 179 - SYS_PWRITE64 = 180 - SYS_CHOWN = 181 - SYS_GETCWD = 182 - SYS_CAPGET = 183 - SYS_CAPSET = 184 - SYS_SIGALTSTACK = 185 - SYS_SENDFILE = 186 - SYS_GETPMSG = 187 - SYS_PUTPMSG = 188 - SYS_VFORK = 189 - SYS_UGETRLIMIT = 190 - SYS_READAHEAD = 191 - SYS_PCICONFIG_READ = 198 - SYS_PCICONFIG_WRITE = 199 - SYS_PCICONFIG_IOBASE = 200 - SYS_MULTIPLEXER = 201 - SYS_GETDENTS64 = 202 - SYS_PIVOT_ROOT = 203 - SYS_MADVISE = 205 - SYS_MINCORE = 206 - SYS_GETTID = 207 - SYS_TKILL = 208 - SYS_SETXATTR = 209 - SYS_LSETXATTR = 210 - SYS_FSETXATTR = 211 - SYS_GETXATTR = 212 - SYS_LGETXATTR = 213 - SYS_FGETXATTR = 214 - SYS_LISTXATTR = 215 - SYS_LLISTXATTR = 216 - SYS_FLISTXATTR = 217 - SYS_REMOVEXATTR = 218 - SYS_LREMOVEXATTR = 219 - SYS_FREMOVEXATTR = 220 - SYS_FUTEX = 221 - SYS_SCHED_SETAFFINITY = 222 - SYS_SCHED_GETAFFINITY = 223 - SYS_TUXCALL = 225 - SYS_IO_SETUP = 227 - SYS_IO_DESTROY = 228 - SYS_IO_GETEVENTS = 229 - SYS_IO_SUBMIT = 230 - SYS_IO_CANCEL = 231 - SYS_SET_TID_ADDRESS = 232 - SYS_FADVISE64 = 233 - SYS_EXIT_GROUP = 234 - SYS_LOOKUP_DCOOKIE = 235 - SYS_EPOLL_CREATE = 236 - SYS_EPOLL_CTL = 237 - SYS_EPOLL_WAIT = 238 - SYS_REMAP_FILE_PAGES = 239 - SYS_TIMER_CREATE = 240 - SYS_TIMER_SETTIME = 241 - SYS_TIMER_GETTIME = 242 - SYS_TIMER_GETOVERRUN = 243 - SYS_TIMER_DELETE = 244 - SYS_CLOCK_SETTIME = 245 - SYS_CLOCK_GETTIME = 246 - SYS_CLOCK_GETRES = 247 - SYS_CLOCK_NANOSLEEP = 248 - SYS_SWAPCONTEXT = 249 - SYS_TGKILL = 250 - SYS_UTIMES = 251 - SYS_STATFS64 = 252 - SYS_FSTATFS64 = 253 - SYS_RTAS = 255 - SYS_SYS_DEBUG_SETCONTEXT = 256 - SYS_MIGRATE_PAGES = 258 - SYS_MBIND = 259 - SYS_GET_MEMPOLICY = 260 - SYS_SET_MEMPOLICY = 261 - SYS_MQ_OPEN = 262 - SYS_MQ_UNLINK = 263 - SYS_MQ_TIMEDSEND = 264 - SYS_MQ_TIMEDRECEIVE = 265 - SYS_MQ_NOTIFY = 266 - SYS_MQ_GETSETATTR = 267 - SYS_KEXEC_LOAD = 268 - SYS_ADD_KEY = 269 - SYS_REQUEST_KEY = 270 - SYS_KEYCTL = 271 - SYS_WAITID = 272 - SYS_IOPRIO_SET = 273 - SYS_IOPRIO_GET = 274 - SYS_INOTIFY_INIT = 275 - SYS_INOTIFY_ADD_WATCH = 276 - SYS_INOTIFY_RM_WATCH = 277 - SYS_SPU_RUN = 278 - SYS_SPU_CREATE = 279 - SYS_PSELECT6 = 280 - SYS_PPOLL = 281 - SYS_UNSHARE = 282 - SYS_SPLICE = 283 - SYS_TEE = 284 - SYS_VMSPLICE = 285 - SYS_OPENAT = 286 - SYS_MKDIRAT = 287 - SYS_MKNODAT = 288 - SYS_FCHOWNAT = 289 - SYS_FUTIMESAT = 290 - SYS_NEWFSTATAT = 291 - SYS_UNLINKAT = 292 - SYS_RENAMEAT = 293 - SYS_LINKAT = 294 - SYS_SYMLINKAT = 295 - SYS_READLINKAT = 296 - SYS_FCHMODAT = 297 - SYS_FACCESSAT = 298 - SYS_GET_ROBUST_LIST = 299 - SYS_SET_ROBUST_LIST = 300 - SYS_MOVE_PAGES = 301 - SYS_GETCPU = 302 - SYS_EPOLL_PWAIT = 303 - SYS_UTIMENSAT = 304 - SYS_SIGNALFD = 305 - SYS_TIMERFD_CREATE = 306 - SYS_EVENTFD = 307 - SYS_SYNC_FILE_RANGE2 = 308 - SYS_FALLOCATE = 309 - SYS_SUBPAGE_PROT = 310 - SYS_TIMERFD_SETTIME = 311 - SYS_TIMERFD_GETTIME = 312 - SYS_SIGNALFD4 = 313 - SYS_EVENTFD2 = 314 - SYS_EPOLL_CREATE1 = 315 - SYS_DUP3 = 316 - SYS_PIPE2 = 317 - SYS_INOTIFY_INIT1 = 318 - SYS_PERF_EVENT_OPEN = 319 - SYS_PREADV = 320 - SYS_PWRITEV = 321 - SYS_RT_TGSIGQUEUEINFO = 322 - SYS_FANOTIFY_INIT = 323 - SYS_FANOTIFY_MARK = 324 - SYS_PRLIMIT64 = 325 - SYS_SOCKET = 326 - SYS_BIND = 327 - SYS_CONNECT = 328 - SYS_LISTEN = 329 - SYS_ACCEPT = 330 - SYS_GETSOCKNAME = 331 - SYS_GETPEERNAME = 332 - SYS_SOCKETPAIR = 333 - SYS_SEND = 334 - SYS_SENDTO = 335 - SYS_RECV = 336 - SYS_RECVFROM = 337 - SYS_SHUTDOWN = 338 - SYS_SETSOCKOPT = 339 - SYS_GETSOCKOPT = 340 - SYS_SENDMSG = 341 - SYS_RECVMSG = 342 - SYS_RECVMMSG = 343 - SYS_ACCEPT4 = 344 - SYS_NAME_TO_HANDLE_AT = 345 - SYS_OPEN_BY_HANDLE_AT = 346 - SYS_CLOCK_ADJTIME = 347 - SYS_SYNCFS = 348 - SYS_SENDMMSG = 349 - SYS_SETNS = 350 - SYS_PROCESS_VM_READV = 351 - SYS_PROCESS_VM_WRITEV = 352 - SYS_FINIT_MODULE = 353 - SYS_KCMP = 354 - SYS_SCHED_SETATTR = 355 - SYS_SCHED_GETATTR = 356 - SYS_RENAMEAT2 = 357 - SYS_SECCOMP = 358 - SYS_GETRANDOM = 359 - SYS_MEMFD_CREATE = 360 - SYS_BPF = 361 - SYS_EXECVEAT = 362 - SYS_SWITCH_ENDIAN = 363 - SYS_USERFAULTFD = 364 - SYS_MEMBARRIER = 365 - SYS_MLOCK2 = 378 - SYS_COPY_FILE_RANGE = 379 - SYS_PREADV2 = 380 - SYS_PWRITEV2 = 381 - SYS_KEXEC_FILE_LOAD = 382 - SYS_STATX = 383 - SYS_PKEY_ALLOC = 384 - SYS_PKEY_FREE = 385 - SYS_PKEY_MPROTECT = 386 - SYS_RSEQ = 387 - SYS_IO_PGETEVENTS = 388 - SYS_SEMTIMEDOP = 392 - SYS_SEMGET = 393 - SYS_SEMCTL = 394 - SYS_SHMGET = 395 - SYS_SHMCTL = 396 - SYS_SHMAT = 397 - SYS_SHMDT = 398 - SYS_MSGGET = 399 - SYS_MSGSND = 400 - SYS_MSGRCV = 401 - SYS_MSGCTL = 402 - SYS_PIDFD_SEND_SIGNAL = 424 - SYS_IO_URING_SETUP = 425 - SYS_IO_URING_ENTER = 426 - SYS_IO_URING_REGISTER = 427 - SYS_OPEN_TREE = 428 - SYS_MOVE_MOUNT = 429 - SYS_FSOPEN = 430 - SYS_FSCONFIG = 431 - SYS_FSMOUNT = 432 - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLONE3 = 435 - SYS_CLOSE_RANGE = 436 - SYS_OPENAT2 = 437 - SYS_PIDFD_GETFD = 438 - SYS_FACCESSAT2 = 439 - SYS_PROCESS_MADVISE = 440 - SYS_EPOLL_PWAIT2 = 441 - SYS_MOUNT_SETATTR = 442 + SYS_RESTART_SYSCALL = 0 + SYS_EXIT = 1 + SYS_FORK = 2 + SYS_READ = 3 + SYS_WRITE = 4 + SYS_OPEN = 5 + SYS_CLOSE = 6 + SYS_WAITPID = 7 + SYS_CREAT = 8 + SYS_LINK = 9 + SYS_UNLINK = 10 + SYS_EXECVE = 11 + SYS_CHDIR = 12 + SYS_TIME = 13 + SYS_MKNOD = 14 + SYS_CHMOD = 15 + SYS_LCHOWN = 16 + SYS_BREAK = 17 + SYS_OLDSTAT = 18 + SYS_LSEEK = 19 + SYS_GETPID = 20 + SYS_MOUNT = 21 + SYS_UMOUNT = 22 + SYS_SETUID = 23 + SYS_GETUID = 24 + SYS_STIME = 25 + SYS_PTRACE = 26 + SYS_ALARM = 27 + SYS_OLDFSTAT = 28 + SYS_PAUSE = 29 + SYS_UTIME = 30 + SYS_STTY = 31 + SYS_GTTY = 32 + SYS_ACCESS = 33 + SYS_NICE = 34 + SYS_FTIME = 35 + SYS_SYNC = 36 + SYS_KILL = 37 + SYS_RENAME = 38 + SYS_MKDIR = 39 + SYS_RMDIR = 40 + SYS_DUP = 41 + SYS_PIPE = 42 + SYS_TIMES = 43 + SYS_PROF = 44 + SYS_BRK = 45 + SYS_SETGID = 46 + SYS_GETGID = 47 + SYS_SIGNAL = 48 + SYS_GETEUID = 49 + SYS_GETEGID = 50 + SYS_ACCT = 51 + SYS_UMOUNT2 = 52 + SYS_LOCK = 53 + SYS_IOCTL = 54 + SYS_FCNTL = 55 + SYS_MPX = 56 + SYS_SETPGID = 57 + SYS_ULIMIT = 58 + SYS_OLDOLDUNAME = 59 + SYS_UMASK = 60 + SYS_CHROOT = 61 + SYS_USTAT = 62 + SYS_DUP2 = 63 + SYS_GETPPID = 64 + SYS_GETPGRP = 65 + SYS_SETSID = 66 + SYS_SIGACTION = 67 + SYS_SGETMASK = 68 + SYS_SSETMASK = 69 + SYS_SETREUID = 70 + SYS_SETREGID = 71 + SYS_SIGSUSPEND = 72 + SYS_SIGPENDING = 73 + SYS_SETHOSTNAME = 74 + SYS_SETRLIMIT = 75 + SYS_GETRLIMIT = 76 + SYS_GETRUSAGE = 77 + SYS_GETTIMEOFDAY = 78 + SYS_SETTIMEOFDAY = 79 + SYS_GETGROUPS = 80 + SYS_SETGROUPS = 81 + SYS_SELECT = 82 + SYS_SYMLINK = 83 + SYS_OLDLSTAT = 84 + SYS_READLINK = 85 + SYS_USELIB = 86 + SYS_SWAPON = 87 + SYS_REBOOT = 88 + SYS_READDIR = 89 + SYS_MMAP = 90 + SYS_MUNMAP = 91 + SYS_TRUNCATE = 92 + SYS_FTRUNCATE = 93 + SYS_FCHMOD = 94 + SYS_FCHOWN = 95 + SYS_GETPRIORITY = 96 + SYS_SETPRIORITY = 97 + SYS_PROFIL = 98 + SYS_STATFS = 99 + SYS_FSTATFS = 100 + SYS_IOPERM = 101 + SYS_SOCKETCALL = 102 + SYS_SYSLOG = 103 + SYS_SETITIMER = 104 + SYS_GETITIMER = 105 + SYS_STAT = 106 + SYS_LSTAT = 107 + SYS_FSTAT = 108 + SYS_OLDUNAME = 109 + SYS_IOPL = 110 + SYS_VHANGUP = 111 + SYS_IDLE = 112 + SYS_VM86 = 113 + SYS_WAIT4 = 114 + SYS_SWAPOFF = 115 + SYS_SYSINFO = 116 + SYS_IPC = 117 + SYS_FSYNC = 118 + SYS_SIGRETURN = 119 + SYS_CLONE = 120 + SYS_SETDOMAINNAME = 121 + SYS_UNAME = 122 + SYS_MODIFY_LDT = 123 + SYS_ADJTIMEX = 124 + SYS_MPROTECT = 125 + SYS_SIGPROCMASK = 126 + SYS_CREATE_MODULE = 127 + SYS_INIT_MODULE = 128 + SYS_DELETE_MODULE = 129 + SYS_GET_KERNEL_SYMS = 130 + SYS_QUOTACTL = 131 + SYS_GETPGID = 132 + SYS_FCHDIR = 133 + SYS_BDFLUSH = 134 + SYS_SYSFS = 135 + SYS_PERSONALITY = 136 + SYS_AFS_SYSCALL = 137 + SYS_SETFSUID = 138 + SYS_SETFSGID = 139 + SYS__LLSEEK = 140 + SYS_GETDENTS = 141 + SYS__NEWSELECT = 142 + SYS_FLOCK = 143 + SYS_MSYNC = 144 + SYS_READV = 145 + SYS_WRITEV = 146 + SYS_GETSID = 147 + SYS_FDATASYNC = 148 + SYS__SYSCTL = 149 + SYS_MLOCK = 150 + SYS_MUNLOCK = 151 + SYS_MLOCKALL = 152 + SYS_MUNLOCKALL = 153 + SYS_SCHED_SETPARAM = 154 + SYS_SCHED_GETPARAM = 155 + SYS_SCHED_SETSCHEDULER = 156 + SYS_SCHED_GETSCHEDULER = 157 + SYS_SCHED_YIELD = 158 + SYS_SCHED_GET_PRIORITY_MAX = 159 + SYS_SCHED_GET_PRIORITY_MIN = 160 + SYS_SCHED_RR_GET_INTERVAL = 161 + SYS_NANOSLEEP = 162 + SYS_MREMAP = 163 + SYS_SETRESUID = 164 + SYS_GETRESUID = 165 + SYS_QUERY_MODULE = 166 + SYS_POLL = 167 + SYS_NFSSERVCTL = 168 + SYS_SETRESGID = 169 + SYS_GETRESGID = 170 + SYS_PRCTL = 171 + SYS_RT_SIGRETURN = 172 + SYS_RT_SIGACTION = 173 + SYS_RT_SIGPROCMASK = 174 + SYS_RT_SIGPENDING = 175 + SYS_RT_SIGTIMEDWAIT = 176 + SYS_RT_SIGQUEUEINFO = 177 + SYS_RT_SIGSUSPEND = 178 + SYS_PREAD64 = 179 + SYS_PWRITE64 = 180 + SYS_CHOWN = 181 + SYS_GETCWD = 182 + SYS_CAPGET = 183 + SYS_CAPSET = 184 + SYS_SIGALTSTACK = 185 + SYS_SENDFILE = 186 + SYS_GETPMSG = 187 + SYS_PUTPMSG = 188 + SYS_VFORK = 189 + SYS_UGETRLIMIT = 190 + SYS_READAHEAD = 191 + SYS_PCICONFIG_READ = 198 + SYS_PCICONFIG_WRITE = 199 + SYS_PCICONFIG_IOBASE = 200 + SYS_MULTIPLEXER = 201 + SYS_GETDENTS64 = 202 + SYS_PIVOT_ROOT = 203 + SYS_MADVISE = 205 + SYS_MINCORE = 206 + SYS_GETTID = 207 + SYS_TKILL = 208 + SYS_SETXATTR = 209 + SYS_LSETXATTR = 210 + SYS_FSETXATTR = 211 + SYS_GETXATTR = 212 + SYS_LGETXATTR = 213 + SYS_FGETXATTR = 214 + SYS_LISTXATTR = 215 + SYS_LLISTXATTR = 216 + SYS_FLISTXATTR = 217 + SYS_REMOVEXATTR = 218 + SYS_LREMOVEXATTR = 219 + SYS_FREMOVEXATTR = 220 + SYS_FUTEX = 221 + SYS_SCHED_SETAFFINITY = 222 + SYS_SCHED_GETAFFINITY = 223 + SYS_TUXCALL = 225 + SYS_IO_SETUP = 227 + SYS_IO_DESTROY = 228 + SYS_IO_GETEVENTS = 229 + SYS_IO_SUBMIT = 230 + SYS_IO_CANCEL = 231 + SYS_SET_TID_ADDRESS = 232 + SYS_FADVISE64 = 233 + SYS_EXIT_GROUP = 234 + SYS_LOOKUP_DCOOKIE = 235 + SYS_EPOLL_CREATE = 236 + SYS_EPOLL_CTL = 237 + SYS_EPOLL_WAIT = 238 + SYS_REMAP_FILE_PAGES = 239 + SYS_TIMER_CREATE = 240 + SYS_TIMER_SETTIME = 241 + SYS_TIMER_GETTIME = 242 + SYS_TIMER_GETOVERRUN = 243 + SYS_TIMER_DELETE = 244 + SYS_CLOCK_SETTIME = 245 + SYS_CLOCK_GETTIME = 246 + SYS_CLOCK_GETRES = 247 + SYS_CLOCK_NANOSLEEP = 248 + SYS_SWAPCONTEXT = 249 + SYS_TGKILL = 250 + SYS_UTIMES = 251 + SYS_STATFS64 = 252 + SYS_FSTATFS64 = 253 + SYS_RTAS = 255 + SYS_SYS_DEBUG_SETCONTEXT = 256 + SYS_MIGRATE_PAGES = 258 + SYS_MBIND = 259 + SYS_GET_MEMPOLICY = 260 + SYS_SET_MEMPOLICY = 261 + SYS_MQ_OPEN = 262 + SYS_MQ_UNLINK = 263 + SYS_MQ_TIMEDSEND = 264 + SYS_MQ_TIMEDRECEIVE = 265 + SYS_MQ_NOTIFY = 266 + SYS_MQ_GETSETATTR = 267 + SYS_KEXEC_LOAD = 268 + SYS_ADD_KEY = 269 + SYS_REQUEST_KEY = 270 + SYS_KEYCTL = 271 + SYS_WAITID = 272 + SYS_IOPRIO_SET = 273 + SYS_IOPRIO_GET = 274 + SYS_INOTIFY_INIT = 275 + SYS_INOTIFY_ADD_WATCH = 276 + SYS_INOTIFY_RM_WATCH = 277 + SYS_SPU_RUN = 278 + SYS_SPU_CREATE = 279 + SYS_PSELECT6 = 280 + SYS_PPOLL = 281 + SYS_UNSHARE = 282 + SYS_SPLICE = 283 + SYS_TEE = 284 + SYS_VMSPLICE = 285 + SYS_OPENAT = 286 + SYS_MKDIRAT = 287 + SYS_MKNODAT = 288 + SYS_FCHOWNAT = 289 + SYS_FUTIMESAT = 290 + SYS_NEWFSTATAT = 291 + SYS_UNLINKAT = 292 + SYS_RENAMEAT = 293 + SYS_LINKAT = 294 + SYS_SYMLINKAT = 295 + SYS_READLINKAT = 296 + SYS_FCHMODAT = 297 + SYS_FACCESSAT = 298 + SYS_GET_ROBUST_LIST = 299 + SYS_SET_ROBUST_LIST = 300 + SYS_MOVE_PAGES = 301 + SYS_GETCPU = 302 + SYS_EPOLL_PWAIT = 303 + SYS_UTIMENSAT = 304 + SYS_SIGNALFD = 305 + SYS_TIMERFD_CREATE = 306 + SYS_EVENTFD = 307 + SYS_SYNC_FILE_RANGE2 = 308 + SYS_FALLOCATE = 309 + SYS_SUBPAGE_PROT = 310 + SYS_TIMERFD_SETTIME = 311 + SYS_TIMERFD_GETTIME = 312 + SYS_SIGNALFD4 = 313 + SYS_EVENTFD2 = 314 + SYS_EPOLL_CREATE1 = 315 + SYS_DUP3 = 316 + SYS_PIPE2 = 317 + SYS_INOTIFY_INIT1 = 318 + SYS_PERF_EVENT_OPEN = 319 + SYS_PREADV = 320 + SYS_PWRITEV = 321 + SYS_RT_TGSIGQUEUEINFO = 322 + SYS_FANOTIFY_INIT = 323 + SYS_FANOTIFY_MARK = 324 + SYS_PRLIMIT64 = 325 + SYS_SOCKET = 326 + SYS_BIND = 327 + SYS_CONNECT = 328 + SYS_LISTEN = 329 + SYS_ACCEPT = 330 + SYS_GETSOCKNAME = 331 + SYS_GETPEERNAME = 332 + SYS_SOCKETPAIR = 333 + SYS_SEND = 334 + SYS_SENDTO = 335 + SYS_RECV = 336 + SYS_RECVFROM = 337 + SYS_SHUTDOWN = 338 + SYS_SETSOCKOPT = 339 + SYS_GETSOCKOPT = 340 + SYS_SENDMSG = 341 + SYS_RECVMSG = 342 + SYS_RECVMMSG = 343 + SYS_ACCEPT4 = 344 + SYS_NAME_TO_HANDLE_AT = 345 + SYS_OPEN_BY_HANDLE_AT = 346 + SYS_CLOCK_ADJTIME = 347 + SYS_SYNCFS = 348 + SYS_SENDMMSG = 349 + SYS_SETNS = 350 + SYS_PROCESS_VM_READV = 351 + SYS_PROCESS_VM_WRITEV = 352 + SYS_FINIT_MODULE = 353 + SYS_KCMP = 354 + SYS_SCHED_SETATTR = 355 + SYS_SCHED_GETATTR = 356 + SYS_RENAMEAT2 = 357 + SYS_SECCOMP = 358 + SYS_GETRANDOM = 359 + SYS_MEMFD_CREATE = 360 + SYS_BPF = 361 + SYS_EXECVEAT = 362 + SYS_SWITCH_ENDIAN = 363 + SYS_USERFAULTFD = 364 + SYS_MEMBARRIER = 365 + SYS_MLOCK2 = 378 + SYS_COPY_FILE_RANGE = 379 + SYS_PREADV2 = 380 + SYS_PWRITEV2 = 381 + SYS_KEXEC_FILE_LOAD = 382 + SYS_STATX = 383 + SYS_PKEY_ALLOC = 384 + SYS_PKEY_FREE = 385 + SYS_PKEY_MPROTECT = 386 + SYS_RSEQ = 387 + SYS_IO_PGETEVENTS = 388 + SYS_SEMTIMEDOP = 392 + SYS_SEMGET = 393 + SYS_SEMCTL = 394 + SYS_SHMGET = 395 + SYS_SHMCTL = 396 + SYS_SHMAT = 397 + SYS_SHMDT = 398 + SYS_MSGGET = 399 + SYS_MSGSND = 400 + SYS_MSGRCV = 401 + SYS_MSGCTL = 402 + SYS_PIDFD_SEND_SIGNAL = 424 + SYS_IO_URING_SETUP = 425 + SYS_IO_URING_ENTER = 426 + SYS_IO_URING_REGISTER = 427 + SYS_OPEN_TREE = 428 + SYS_MOVE_MOUNT = 429 + SYS_FSOPEN = 430 + SYS_FSCONFIG = 431 + SYS_FSMOUNT = 432 + SYS_FSPICK = 433 + SYS_PIDFD_OPEN = 434 + SYS_CLONE3 = 435 + SYS_CLOSE_RANGE = 436 + SYS_OPENAT2 = 437 + SYS_PIDFD_GETFD = 438 + SYS_FACCESSAT2 = 439 + SYS_PROCESS_MADVISE = 440 + SYS_EPOLL_PWAIT2 = 441 + SYS_MOUNT_SETATTR = 442 + SYS_LANDLOCK_CREATE_RULESET = 444 + SYS_LANDLOCK_ADD_RULE = 445 + SYS_LANDLOCK_RESTRICT_SELF = 446 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go index 33b33b083..53a89b206 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go @@ -7,400 +7,403 @@ package unix const ( - SYS_RESTART_SYSCALL = 0 - SYS_EXIT = 1 - SYS_FORK = 2 - SYS_READ = 3 - SYS_WRITE = 4 - SYS_OPEN = 5 - SYS_CLOSE = 6 - SYS_WAITPID = 7 - SYS_CREAT = 8 - SYS_LINK = 9 - SYS_UNLINK = 10 - SYS_EXECVE = 11 - SYS_CHDIR = 12 - SYS_TIME = 13 - SYS_MKNOD = 14 - SYS_CHMOD = 15 - SYS_LCHOWN = 16 - SYS_BREAK = 17 - SYS_OLDSTAT = 18 - SYS_LSEEK = 19 - SYS_GETPID = 20 - SYS_MOUNT = 21 - SYS_UMOUNT = 22 - SYS_SETUID = 23 - SYS_GETUID = 24 - SYS_STIME = 25 - SYS_PTRACE = 26 - SYS_ALARM = 27 - SYS_OLDFSTAT = 28 - SYS_PAUSE = 29 - SYS_UTIME = 30 - SYS_STTY = 31 - SYS_GTTY = 32 - SYS_ACCESS = 33 - SYS_NICE = 34 - SYS_FTIME = 35 - SYS_SYNC = 36 - SYS_KILL = 37 - SYS_RENAME = 38 - SYS_MKDIR = 39 - SYS_RMDIR = 40 - SYS_DUP = 41 - SYS_PIPE = 42 - SYS_TIMES = 43 - SYS_PROF = 44 - SYS_BRK = 45 - SYS_SETGID = 46 - SYS_GETGID = 47 - SYS_SIGNAL = 48 - SYS_GETEUID = 49 - SYS_GETEGID = 50 - SYS_ACCT = 51 - SYS_UMOUNT2 = 52 - SYS_LOCK = 53 - SYS_IOCTL = 54 - SYS_FCNTL = 55 - SYS_MPX = 56 - SYS_SETPGID = 57 - SYS_ULIMIT = 58 - SYS_OLDOLDUNAME = 59 - SYS_UMASK = 60 - SYS_CHROOT = 61 - SYS_USTAT = 62 - SYS_DUP2 = 63 - SYS_GETPPID = 64 - SYS_GETPGRP = 65 - SYS_SETSID = 66 - SYS_SIGACTION = 67 - SYS_SGETMASK = 68 - SYS_SSETMASK = 69 - SYS_SETREUID = 70 - SYS_SETREGID = 71 - SYS_SIGSUSPEND = 72 - SYS_SIGPENDING = 73 - SYS_SETHOSTNAME = 74 - SYS_SETRLIMIT = 75 - SYS_GETRLIMIT = 76 - SYS_GETRUSAGE = 77 - SYS_GETTIMEOFDAY = 78 - SYS_SETTIMEOFDAY = 79 - SYS_GETGROUPS = 80 - SYS_SETGROUPS = 81 - SYS_SELECT = 82 - SYS_SYMLINK = 83 - SYS_OLDLSTAT = 84 - SYS_READLINK = 85 - SYS_USELIB = 86 - SYS_SWAPON = 87 - SYS_REBOOT = 88 - SYS_READDIR = 89 - SYS_MMAP = 90 - SYS_MUNMAP = 91 - SYS_TRUNCATE = 92 - SYS_FTRUNCATE = 93 - SYS_FCHMOD = 94 - SYS_FCHOWN = 95 - SYS_GETPRIORITY = 96 - SYS_SETPRIORITY = 97 - SYS_PROFIL = 98 - SYS_STATFS = 99 - SYS_FSTATFS = 100 - SYS_IOPERM = 101 - SYS_SOCKETCALL = 102 - SYS_SYSLOG = 103 - SYS_SETITIMER = 104 - SYS_GETITIMER = 105 - SYS_STAT = 106 - SYS_LSTAT = 107 - SYS_FSTAT = 108 - SYS_OLDUNAME = 109 - SYS_IOPL = 110 - SYS_VHANGUP = 111 - SYS_IDLE = 112 - SYS_VM86 = 113 - SYS_WAIT4 = 114 - SYS_SWAPOFF = 115 - SYS_SYSINFO = 116 - SYS_IPC = 117 - SYS_FSYNC = 118 - SYS_SIGRETURN = 119 - SYS_CLONE = 120 - SYS_SETDOMAINNAME = 121 - SYS_UNAME = 122 - SYS_MODIFY_LDT = 123 - SYS_ADJTIMEX = 124 - SYS_MPROTECT = 125 - SYS_SIGPROCMASK = 126 - SYS_CREATE_MODULE = 127 - SYS_INIT_MODULE = 128 - SYS_DELETE_MODULE = 129 - SYS_GET_KERNEL_SYMS = 130 - SYS_QUOTACTL = 131 - SYS_GETPGID = 132 - SYS_FCHDIR = 133 - SYS_BDFLUSH = 134 - SYS_SYSFS = 135 - SYS_PERSONALITY = 136 - SYS_AFS_SYSCALL = 137 - SYS_SETFSUID = 138 - SYS_SETFSGID = 139 - SYS__LLSEEK = 140 - SYS_GETDENTS = 141 - SYS__NEWSELECT = 142 - SYS_FLOCK = 143 - SYS_MSYNC = 144 - SYS_READV = 145 - SYS_WRITEV = 146 - SYS_GETSID = 147 - SYS_FDATASYNC = 148 - SYS__SYSCTL = 149 - SYS_MLOCK = 150 - SYS_MUNLOCK = 151 - SYS_MLOCKALL = 152 - SYS_MUNLOCKALL = 153 - SYS_SCHED_SETPARAM = 154 - SYS_SCHED_GETPARAM = 155 - SYS_SCHED_SETSCHEDULER = 156 - SYS_SCHED_GETSCHEDULER = 157 - SYS_SCHED_YIELD = 158 - SYS_SCHED_GET_PRIORITY_MAX = 159 - SYS_SCHED_GET_PRIORITY_MIN = 160 - SYS_SCHED_RR_GET_INTERVAL = 161 - SYS_NANOSLEEP = 162 - SYS_MREMAP = 163 - SYS_SETRESUID = 164 - SYS_GETRESUID = 165 - SYS_QUERY_MODULE = 166 - SYS_POLL = 167 - SYS_NFSSERVCTL = 168 - SYS_SETRESGID = 169 - SYS_GETRESGID = 170 - SYS_PRCTL = 171 - SYS_RT_SIGRETURN = 172 - SYS_RT_SIGACTION = 173 - SYS_RT_SIGPROCMASK = 174 - SYS_RT_SIGPENDING = 175 - SYS_RT_SIGTIMEDWAIT = 176 - SYS_RT_SIGQUEUEINFO = 177 - SYS_RT_SIGSUSPEND = 178 - SYS_PREAD64 = 179 - SYS_PWRITE64 = 180 - SYS_CHOWN = 181 - SYS_GETCWD = 182 - SYS_CAPGET = 183 - SYS_CAPSET = 184 - SYS_SIGALTSTACK = 185 - SYS_SENDFILE = 186 - SYS_GETPMSG = 187 - SYS_PUTPMSG = 188 - SYS_VFORK = 189 - SYS_UGETRLIMIT = 190 - SYS_READAHEAD = 191 - SYS_PCICONFIG_READ = 198 - SYS_PCICONFIG_WRITE = 199 - SYS_PCICONFIG_IOBASE = 200 - SYS_MULTIPLEXER = 201 - SYS_GETDENTS64 = 202 - SYS_PIVOT_ROOT = 203 - SYS_MADVISE = 205 - SYS_MINCORE = 206 - SYS_GETTID = 207 - SYS_TKILL = 208 - SYS_SETXATTR = 209 - SYS_LSETXATTR = 210 - SYS_FSETXATTR = 211 - SYS_GETXATTR = 212 - SYS_LGETXATTR = 213 - SYS_FGETXATTR = 214 - SYS_LISTXATTR = 215 - SYS_LLISTXATTR = 216 - SYS_FLISTXATTR = 217 - SYS_REMOVEXATTR = 218 - SYS_LREMOVEXATTR = 219 - SYS_FREMOVEXATTR = 220 - SYS_FUTEX = 221 - SYS_SCHED_SETAFFINITY = 222 - SYS_SCHED_GETAFFINITY = 223 - SYS_TUXCALL = 225 - SYS_IO_SETUP = 227 - SYS_IO_DESTROY = 228 - SYS_IO_GETEVENTS = 229 - SYS_IO_SUBMIT = 230 - SYS_IO_CANCEL = 231 - SYS_SET_TID_ADDRESS = 232 - SYS_FADVISE64 = 233 - SYS_EXIT_GROUP = 234 - SYS_LOOKUP_DCOOKIE = 235 - SYS_EPOLL_CREATE = 236 - SYS_EPOLL_CTL = 237 - SYS_EPOLL_WAIT = 238 - SYS_REMAP_FILE_PAGES = 239 - SYS_TIMER_CREATE = 240 - SYS_TIMER_SETTIME = 241 - SYS_TIMER_GETTIME = 242 - SYS_TIMER_GETOVERRUN = 243 - SYS_TIMER_DELETE = 244 - SYS_CLOCK_SETTIME = 245 - SYS_CLOCK_GETTIME = 246 - SYS_CLOCK_GETRES = 247 - SYS_CLOCK_NANOSLEEP = 248 - SYS_SWAPCONTEXT = 249 - SYS_TGKILL = 250 - SYS_UTIMES = 251 - SYS_STATFS64 = 252 - SYS_FSTATFS64 = 253 - SYS_RTAS = 255 - SYS_SYS_DEBUG_SETCONTEXT = 256 - SYS_MIGRATE_PAGES = 258 - SYS_MBIND = 259 - SYS_GET_MEMPOLICY = 260 - SYS_SET_MEMPOLICY = 261 - SYS_MQ_OPEN = 262 - SYS_MQ_UNLINK = 263 - SYS_MQ_TIMEDSEND = 264 - SYS_MQ_TIMEDRECEIVE = 265 - SYS_MQ_NOTIFY = 266 - SYS_MQ_GETSETATTR = 267 - SYS_KEXEC_LOAD = 268 - SYS_ADD_KEY = 269 - SYS_REQUEST_KEY = 270 - SYS_KEYCTL = 271 - SYS_WAITID = 272 - SYS_IOPRIO_SET = 273 - SYS_IOPRIO_GET = 274 - SYS_INOTIFY_INIT = 275 - SYS_INOTIFY_ADD_WATCH = 276 - SYS_INOTIFY_RM_WATCH = 277 - SYS_SPU_RUN = 278 - SYS_SPU_CREATE = 279 - SYS_PSELECT6 = 280 - SYS_PPOLL = 281 - SYS_UNSHARE = 282 - SYS_SPLICE = 283 - SYS_TEE = 284 - SYS_VMSPLICE = 285 - SYS_OPENAT = 286 - SYS_MKDIRAT = 287 - SYS_MKNODAT = 288 - SYS_FCHOWNAT = 289 - SYS_FUTIMESAT = 290 - SYS_NEWFSTATAT = 291 - SYS_UNLINKAT = 292 - SYS_RENAMEAT = 293 - SYS_LINKAT = 294 - SYS_SYMLINKAT = 295 - SYS_READLINKAT = 296 - SYS_FCHMODAT = 297 - SYS_FACCESSAT = 298 - SYS_GET_ROBUST_LIST = 299 - SYS_SET_ROBUST_LIST = 300 - SYS_MOVE_PAGES = 301 - SYS_GETCPU = 302 - SYS_EPOLL_PWAIT = 303 - SYS_UTIMENSAT = 304 - SYS_SIGNALFD = 305 - SYS_TIMERFD_CREATE = 306 - SYS_EVENTFD = 307 - SYS_SYNC_FILE_RANGE2 = 308 - SYS_FALLOCATE = 309 - SYS_SUBPAGE_PROT = 310 - SYS_TIMERFD_SETTIME = 311 - SYS_TIMERFD_GETTIME = 312 - SYS_SIGNALFD4 = 313 - SYS_EVENTFD2 = 314 - SYS_EPOLL_CREATE1 = 315 - SYS_DUP3 = 316 - SYS_PIPE2 = 317 - SYS_INOTIFY_INIT1 = 318 - SYS_PERF_EVENT_OPEN = 319 - SYS_PREADV = 320 - SYS_PWRITEV = 321 - SYS_RT_TGSIGQUEUEINFO = 322 - SYS_FANOTIFY_INIT = 323 - SYS_FANOTIFY_MARK = 324 - SYS_PRLIMIT64 = 325 - SYS_SOCKET = 326 - SYS_BIND = 327 - SYS_CONNECT = 328 - SYS_LISTEN = 329 - SYS_ACCEPT = 330 - SYS_GETSOCKNAME = 331 - SYS_GETPEERNAME = 332 - SYS_SOCKETPAIR = 333 - SYS_SEND = 334 - SYS_SENDTO = 335 - SYS_RECV = 336 - SYS_RECVFROM = 337 - SYS_SHUTDOWN = 338 - SYS_SETSOCKOPT = 339 - SYS_GETSOCKOPT = 340 - SYS_SENDMSG = 341 - SYS_RECVMSG = 342 - SYS_RECVMMSG = 343 - SYS_ACCEPT4 = 344 - SYS_NAME_TO_HANDLE_AT = 345 - SYS_OPEN_BY_HANDLE_AT = 346 - SYS_CLOCK_ADJTIME = 347 - SYS_SYNCFS = 348 - SYS_SENDMMSG = 349 - SYS_SETNS = 350 - SYS_PROCESS_VM_READV = 351 - SYS_PROCESS_VM_WRITEV = 352 - SYS_FINIT_MODULE = 353 - SYS_KCMP = 354 - SYS_SCHED_SETATTR = 355 - SYS_SCHED_GETATTR = 356 - SYS_RENAMEAT2 = 357 - SYS_SECCOMP = 358 - SYS_GETRANDOM = 359 - SYS_MEMFD_CREATE = 360 - SYS_BPF = 361 - SYS_EXECVEAT = 362 - SYS_SWITCH_ENDIAN = 363 - SYS_USERFAULTFD = 364 - SYS_MEMBARRIER = 365 - SYS_MLOCK2 = 378 - SYS_COPY_FILE_RANGE = 379 - SYS_PREADV2 = 380 - SYS_PWRITEV2 = 381 - SYS_KEXEC_FILE_LOAD = 382 - SYS_STATX = 383 - SYS_PKEY_ALLOC = 384 - SYS_PKEY_FREE = 385 - SYS_PKEY_MPROTECT = 386 - SYS_RSEQ = 387 - SYS_IO_PGETEVENTS = 388 - SYS_SEMTIMEDOP = 392 - SYS_SEMGET = 393 - SYS_SEMCTL = 394 - SYS_SHMGET = 395 - SYS_SHMCTL = 396 - SYS_SHMAT = 397 - SYS_SHMDT = 398 - SYS_MSGGET = 399 - SYS_MSGSND = 400 - SYS_MSGRCV = 401 - SYS_MSGCTL = 402 - SYS_PIDFD_SEND_SIGNAL = 424 - SYS_IO_URING_SETUP = 425 - SYS_IO_URING_ENTER = 426 - SYS_IO_URING_REGISTER = 427 - SYS_OPEN_TREE = 428 - SYS_MOVE_MOUNT = 429 - SYS_FSOPEN = 430 - SYS_FSCONFIG = 431 - SYS_FSMOUNT = 432 - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLONE3 = 435 - SYS_CLOSE_RANGE = 436 - SYS_OPENAT2 = 437 - SYS_PIDFD_GETFD = 438 - SYS_FACCESSAT2 = 439 - SYS_PROCESS_MADVISE = 440 - SYS_EPOLL_PWAIT2 = 441 - SYS_MOUNT_SETATTR = 442 + SYS_RESTART_SYSCALL = 0 + SYS_EXIT = 1 + SYS_FORK = 2 + SYS_READ = 3 + SYS_WRITE = 4 + SYS_OPEN = 5 + SYS_CLOSE = 6 + SYS_WAITPID = 7 + SYS_CREAT = 8 + SYS_LINK = 9 + SYS_UNLINK = 10 + SYS_EXECVE = 11 + SYS_CHDIR = 12 + SYS_TIME = 13 + SYS_MKNOD = 14 + SYS_CHMOD = 15 + SYS_LCHOWN = 16 + SYS_BREAK = 17 + SYS_OLDSTAT = 18 + SYS_LSEEK = 19 + SYS_GETPID = 20 + SYS_MOUNT = 21 + SYS_UMOUNT = 22 + SYS_SETUID = 23 + SYS_GETUID = 24 + SYS_STIME = 25 + SYS_PTRACE = 26 + SYS_ALARM = 27 + SYS_OLDFSTAT = 28 + SYS_PAUSE = 29 + SYS_UTIME = 30 + SYS_STTY = 31 + SYS_GTTY = 32 + SYS_ACCESS = 33 + SYS_NICE = 34 + SYS_FTIME = 35 + SYS_SYNC = 36 + SYS_KILL = 37 + SYS_RENAME = 38 + SYS_MKDIR = 39 + SYS_RMDIR = 40 + SYS_DUP = 41 + SYS_PIPE = 42 + SYS_TIMES = 43 + SYS_PROF = 44 + SYS_BRK = 45 + SYS_SETGID = 46 + SYS_GETGID = 47 + SYS_SIGNAL = 48 + SYS_GETEUID = 49 + SYS_GETEGID = 50 + SYS_ACCT = 51 + SYS_UMOUNT2 = 52 + SYS_LOCK = 53 + SYS_IOCTL = 54 + SYS_FCNTL = 55 + SYS_MPX = 56 + SYS_SETPGID = 57 + SYS_ULIMIT = 58 + SYS_OLDOLDUNAME = 59 + SYS_UMASK = 60 + SYS_CHROOT = 61 + SYS_USTAT = 62 + SYS_DUP2 = 63 + SYS_GETPPID = 64 + SYS_GETPGRP = 65 + SYS_SETSID = 66 + SYS_SIGACTION = 67 + SYS_SGETMASK = 68 + SYS_SSETMASK = 69 + SYS_SETREUID = 70 + SYS_SETREGID = 71 + SYS_SIGSUSPEND = 72 + SYS_SIGPENDING = 73 + SYS_SETHOSTNAME = 74 + SYS_SETRLIMIT = 75 + SYS_GETRLIMIT = 76 + SYS_GETRUSAGE = 77 + SYS_GETTIMEOFDAY = 78 + SYS_SETTIMEOFDAY = 79 + SYS_GETGROUPS = 80 + SYS_SETGROUPS = 81 + SYS_SELECT = 82 + SYS_SYMLINK = 83 + SYS_OLDLSTAT = 84 + SYS_READLINK = 85 + SYS_USELIB = 86 + SYS_SWAPON = 87 + SYS_REBOOT = 88 + SYS_READDIR = 89 + SYS_MMAP = 90 + SYS_MUNMAP = 91 + SYS_TRUNCATE = 92 + SYS_FTRUNCATE = 93 + SYS_FCHMOD = 94 + SYS_FCHOWN = 95 + SYS_GETPRIORITY = 96 + SYS_SETPRIORITY = 97 + SYS_PROFIL = 98 + SYS_STATFS = 99 + SYS_FSTATFS = 100 + SYS_IOPERM = 101 + SYS_SOCKETCALL = 102 + SYS_SYSLOG = 103 + SYS_SETITIMER = 104 + SYS_GETITIMER = 105 + SYS_STAT = 106 + SYS_LSTAT = 107 + SYS_FSTAT = 108 + SYS_OLDUNAME = 109 + SYS_IOPL = 110 + SYS_VHANGUP = 111 + SYS_IDLE = 112 + SYS_VM86 = 113 + SYS_WAIT4 = 114 + SYS_SWAPOFF = 115 + SYS_SYSINFO = 116 + SYS_IPC = 117 + SYS_FSYNC = 118 + SYS_SIGRETURN = 119 + SYS_CLONE = 120 + SYS_SETDOMAINNAME = 121 + SYS_UNAME = 122 + SYS_MODIFY_LDT = 123 + SYS_ADJTIMEX = 124 + SYS_MPROTECT = 125 + SYS_SIGPROCMASK = 126 + SYS_CREATE_MODULE = 127 + SYS_INIT_MODULE = 128 + SYS_DELETE_MODULE = 129 + SYS_GET_KERNEL_SYMS = 130 + SYS_QUOTACTL = 131 + SYS_GETPGID = 132 + SYS_FCHDIR = 133 + SYS_BDFLUSH = 134 + SYS_SYSFS = 135 + SYS_PERSONALITY = 136 + SYS_AFS_SYSCALL = 137 + SYS_SETFSUID = 138 + SYS_SETFSGID = 139 + SYS__LLSEEK = 140 + SYS_GETDENTS = 141 + SYS__NEWSELECT = 142 + SYS_FLOCK = 143 + SYS_MSYNC = 144 + SYS_READV = 145 + SYS_WRITEV = 146 + SYS_GETSID = 147 + SYS_FDATASYNC = 148 + SYS__SYSCTL = 149 + SYS_MLOCK = 150 + SYS_MUNLOCK = 151 + SYS_MLOCKALL = 152 + SYS_MUNLOCKALL = 153 + SYS_SCHED_SETPARAM = 154 + SYS_SCHED_GETPARAM = 155 + SYS_SCHED_SETSCHEDULER = 156 + SYS_SCHED_GETSCHEDULER = 157 + SYS_SCHED_YIELD = 158 + SYS_SCHED_GET_PRIORITY_MAX = 159 + SYS_SCHED_GET_PRIORITY_MIN = 160 + SYS_SCHED_RR_GET_INTERVAL = 161 + SYS_NANOSLEEP = 162 + SYS_MREMAP = 163 + SYS_SETRESUID = 164 + SYS_GETRESUID = 165 + SYS_QUERY_MODULE = 166 + SYS_POLL = 167 + SYS_NFSSERVCTL = 168 + SYS_SETRESGID = 169 + SYS_GETRESGID = 170 + SYS_PRCTL = 171 + SYS_RT_SIGRETURN = 172 + SYS_RT_SIGACTION = 173 + SYS_RT_SIGPROCMASK = 174 + SYS_RT_SIGPENDING = 175 + SYS_RT_SIGTIMEDWAIT = 176 + SYS_RT_SIGQUEUEINFO = 177 + SYS_RT_SIGSUSPEND = 178 + SYS_PREAD64 = 179 + SYS_PWRITE64 = 180 + SYS_CHOWN = 181 + SYS_GETCWD = 182 + SYS_CAPGET = 183 + SYS_CAPSET = 184 + SYS_SIGALTSTACK = 185 + SYS_SENDFILE = 186 + SYS_GETPMSG = 187 + SYS_PUTPMSG = 188 + SYS_VFORK = 189 + SYS_UGETRLIMIT = 190 + SYS_READAHEAD = 191 + SYS_PCICONFIG_READ = 198 + SYS_PCICONFIG_WRITE = 199 + SYS_PCICONFIG_IOBASE = 200 + SYS_MULTIPLEXER = 201 + SYS_GETDENTS64 = 202 + SYS_PIVOT_ROOT = 203 + SYS_MADVISE = 205 + SYS_MINCORE = 206 + SYS_GETTID = 207 + SYS_TKILL = 208 + SYS_SETXATTR = 209 + SYS_LSETXATTR = 210 + SYS_FSETXATTR = 211 + SYS_GETXATTR = 212 + SYS_LGETXATTR = 213 + SYS_FGETXATTR = 214 + SYS_LISTXATTR = 215 + SYS_LLISTXATTR = 216 + SYS_FLISTXATTR = 217 + SYS_REMOVEXATTR = 218 + SYS_LREMOVEXATTR = 219 + SYS_FREMOVEXATTR = 220 + SYS_FUTEX = 221 + SYS_SCHED_SETAFFINITY = 222 + SYS_SCHED_GETAFFINITY = 223 + SYS_TUXCALL = 225 + SYS_IO_SETUP = 227 + SYS_IO_DESTROY = 228 + SYS_IO_GETEVENTS = 229 + SYS_IO_SUBMIT = 230 + SYS_IO_CANCEL = 231 + SYS_SET_TID_ADDRESS = 232 + SYS_FADVISE64 = 233 + SYS_EXIT_GROUP = 234 + SYS_LOOKUP_DCOOKIE = 235 + SYS_EPOLL_CREATE = 236 + SYS_EPOLL_CTL = 237 + SYS_EPOLL_WAIT = 238 + SYS_REMAP_FILE_PAGES = 239 + SYS_TIMER_CREATE = 240 + SYS_TIMER_SETTIME = 241 + SYS_TIMER_GETTIME = 242 + SYS_TIMER_GETOVERRUN = 243 + SYS_TIMER_DELETE = 244 + SYS_CLOCK_SETTIME = 245 + SYS_CLOCK_GETTIME = 246 + SYS_CLOCK_GETRES = 247 + SYS_CLOCK_NANOSLEEP = 248 + SYS_SWAPCONTEXT = 249 + SYS_TGKILL = 250 + SYS_UTIMES = 251 + SYS_STATFS64 = 252 + SYS_FSTATFS64 = 253 + SYS_RTAS = 255 + SYS_SYS_DEBUG_SETCONTEXT = 256 + SYS_MIGRATE_PAGES = 258 + SYS_MBIND = 259 + SYS_GET_MEMPOLICY = 260 + SYS_SET_MEMPOLICY = 261 + SYS_MQ_OPEN = 262 + SYS_MQ_UNLINK = 263 + SYS_MQ_TIMEDSEND = 264 + SYS_MQ_TIMEDRECEIVE = 265 + SYS_MQ_NOTIFY = 266 + SYS_MQ_GETSETATTR = 267 + SYS_KEXEC_LOAD = 268 + SYS_ADD_KEY = 269 + SYS_REQUEST_KEY = 270 + SYS_KEYCTL = 271 + SYS_WAITID = 272 + SYS_IOPRIO_SET = 273 + SYS_IOPRIO_GET = 274 + SYS_INOTIFY_INIT = 275 + SYS_INOTIFY_ADD_WATCH = 276 + SYS_INOTIFY_RM_WATCH = 277 + SYS_SPU_RUN = 278 + SYS_SPU_CREATE = 279 + SYS_PSELECT6 = 280 + SYS_PPOLL = 281 + SYS_UNSHARE = 282 + SYS_SPLICE = 283 + SYS_TEE = 284 + SYS_VMSPLICE = 285 + SYS_OPENAT = 286 + SYS_MKDIRAT = 287 + SYS_MKNODAT = 288 + SYS_FCHOWNAT = 289 + SYS_FUTIMESAT = 290 + SYS_NEWFSTATAT = 291 + SYS_UNLINKAT = 292 + SYS_RENAMEAT = 293 + SYS_LINKAT = 294 + SYS_SYMLINKAT = 295 + SYS_READLINKAT = 296 + SYS_FCHMODAT = 297 + SYS_FACCESSAT = 298 + SYS_GET_ROBUST_LIST = 299 + SYS_SET_ROBUST_LIST = 300 + SYS_MOVE_PAGES = 301 + SYS_GETCPU = 302 + SYS_EPOLL_PWAIT = 303 + SYS_UTIMENSAT = 304 + SYS_SIGNALFD = 305 + SYS_TIMERFD_CREATE = 306 + SYS_EVENTFD = 307 + SYS_SYNC_FILE_RANGE2 = 308 + SYS_FALLOCATE = 309 + SYS_SUBPAGE_PROT = 310 + SYS_TIMERFD_SETTIME = 311 + SYS_TIMERFD_GETTIME = 312 + SYS_SIGNALFD4 = 313 + SYS_EVENTFD2 = 314 + SYS_EPOLL_CREATE1 = 315 + SYS_DUP3 = 316 + SYS_PIPE2 = 317 + SYS_INOTIFY_INIT1 = 318 + SYS_PERF_EVENT_OPEN = 319 + SYS_PREADV = 320 + SYS_PWRITEV = 321 + SYS_RT_TGSIGQUEUEINFO = 322 + SYS_FANOTIFY_INIT = 323 + SYS_FANOTIFY_MARK = 324 + SYS_PRLIMIT64 = 325 + SYS_SOCKET = 326 + SYS_BIND = 327 + SYS_CONNECT = 328 + SYS_LISTEN = 329 + SYS_ACCEPT = 330 + SYS_GETSOCKNAME = 331 + SYS_GETPEERNAME = 332 + SYS_SOCKETPAIR = 333 + SYS_SEND = 334 + SYS_SENDTO = 335 + SYS_RECV = 336 + SYS_RECVFROM = 337 + SYS_SHUTDOWN = 338 + SYS_SETSOCKOPT = 339 + SYS_GETSOCKOPT = 340 + SYS_SENDMSG = 341 + SYS_RECVMSG = 342 + SYS_RECVMMSG = 343 + SYS_ACCEPT4 = 344 + SYS_NAME_TO_HANDLE_AT = 345 + SYS_OPEN_BY_HANDLE_AT = 346 + SYS_CLOCK_ADJTIME = 347 + SYS_SYNCFS = 348 + SYS_SENDMMSG = 349 + SYS_SETNS = 350 + SYS_PROCESS_VM_READV = 351 + SYS_PROCESS_VM_WRITEV = 352 + SYS_FINIT_MODULE = 353 + SYS_KCMP = 354 + SYS_SCHED_SETATTR = 355 + SYS_SCHED_GETATTR = 356 + SYS_RENAMEAT2 = 357 + SYS_SECCOMP = 358 + SYS_GETRANDOM = 359 + SYS_MEMFD_CREATE = 360 + SYS_BPF = 361 + SYS_EXECVEAT = 362 + SYS_SWITCH_ENDIAN = 363 + SYS_USERFAULTFD = 364 + SYS_MEMBARRIER = 365 + SYS_MLOCK2 = 378 + SYS_COPY_FILE_RANGE = 379 + SYS_PREADV2 = 380 + SYS_PWRITEV2 = 381 + SYS_KEXEC_FILE_LOAD = 382 + SYS_STATX = 383 + SYS_PKEY_ALLOC = 384 + SYS_PKEY_FREE = 385 + SYS_PKEY_MPROTECT = 386 + SYS_RSEQ = 387 + SYS_IO_PGETEVENTS = 388 + SYS_SEMTIMEDOP = 392 + SYS_SEMGET = 393 + SYS_SEMCTL = 394 + SYS_SHMGET = 395 + SYS_SHMCTL = 396 + SYS_SHMAT = 397 + SYS_SHMDT = 398 + SYS_MSGGET = 399 + SYS_MSGSND = 400 + SYS_MSGRCV = 401 + SYS_MSGCTL = 402 + SYS_PIDFD_SEND_SIGNAL = 424 + SYS_IO_URING_SETUP = 425 + SYS_IO_URING_ENTER = 426 + SYS_IO_URING_REGISTER = 427 + SYS_OPEN_TREE = 428 + SYS_MOVE_MOUNT = 429 + SYS_FSOPEN = 430 + SYS_FSCONFIG = 431 + SYS_FSMOUNT = 432 + SYS_FSPICK = 433 + SYS_PIDFD_OPEN = 434 + SYS_CLONE3 = 435 + SYS_CLOSE_RANGE = 436 + SYS_OPENAT2 = 437 + SYS_PIDFD_GETFD = 438 + SYS_FACCESSAT2 = 439 + SYS_PROCESS_MADVISE = 440 + SYS_EPOLL_PWAIT2 = 441 + SYS_MOUNT_SETATTR = 442 + SYS_LANDLOCK_CREATE_RULESET = 444 + SYS_LANDLOCK_ADD_RULE = 445 + SYS_LANDLOCK_RESTRICT_SELF = 446 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index 66c8a8e09..0db9fbba5 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -7,302 +7,305 @@ package unix const ( - SYS_IO_SETUP = 0 - SYS_IO_DESTROY = 1 - SYS_IO_SUBMIT = 2 - SYS_IO_CANCEL = 3 - SYS_IO_GETEVENTS = 4 - SYS_SETXATTR = 5 - SYS_LSETXATTR = 6 - SYS_FSETXATTR = 7 - SYS_GETXATTR = 8 - SYS_LGETXATTR = 9 - SYS_FGETXATTR = 10 - SYS_LISTXATTR = 11 - SYS_LLISTXATTR = 12 - SYS_FLISTXATTR = 13 - SYS_REMOVEXATTR = 14 - SYS_LREMOVEXATTR = 15 - SYS_FREMOVEXATTR = 16 - SYS_GETCWD = 17 - SYS_LOOKUP_DCOOKIE = 18 - SYS_EVENTFD2 = 19 - SYS_EPOLL_CREATE1 = 20 - SYS_EPOLL_CTL = 21 - SYS_EPOLL_PWAIT = 22 - SYS_DUP = 23 - SYS_DUP3 = 24 - SYS_FCNTL = 25 - SYS_INOTIFY_INIT1 = 26 - SYS_INOTIFY_ADD_WATCH = 27 - SYS_INOTIFY_RM_WATCH = 28 - SYS_IOCTL = 29 - SYS_IOPRIO_SET = 30 - SYS_IOPRIO_GET = 31 - SYS_FLOCK = 32 - SYS_MKNODAT = 33 - SYS_MKDIRAT = 34 - SYS_UNLINKAT = 35 - SYS_SYMLINKAT = 36 - SYS_LINKAT = 37 - SYS_UMOUNT2 = 39 - SYS_MOUNT = 40 - SYS_PIVOT_ROOT = 41 - SYS_NFSSERVCTL = 42 - SYS_STATFS = 43 - SYS_FSTATFS = 44 - SYS_TRUNCATE = 45 - SYS_FTRUNCATE = 46 - SYS_FALLOCATE = 47 - SYS_FACCESSAT = 48 - SYS_CHDIR = 49 - SYS_FCHDIR = 50 - SYS_CHROOT = 51 - SYS_FCHMOD = 52 - SYS_FCHMODAT = 53 - SYS_FCHOWNAT = 54 - SYS_FCHOWN = 55 - SYS_OPENAT = 56 - SYS_CLOSE = 57 - SYS_VHANGUP = 58 - SYS_PIPE2 = 59 - SYS_QUOTACTL = 60 - SYS_GETDENTS64 = 61 - SYS_LSEEK = 62 - SYS_READ = 63 - SYS_WRITE = 64 - SYS_READV = 65 - SYS_WRITEV = 66 - SYS_PREAD64 = 67 - SYS_PWRITE64 = 68 - SYS_PREADV = 69 - SYS_PWRITEV = 70 - SYS_SENDFILE = 71 - SYS_PSELECT6 = 72 - SYS_PPOLL = 73 - SYS_SIGNALFD4 = 74 - SYS_VMSPLICE = 75 - SYS_SPLICE = 76 - SYS_TEE = 77 - SYS_READLINKAT = 78 - SYS_FSTATAT = 79 - SYS_FSTAT = 80 - SYS_SYNC = 81 - SYS_FSYNC = 82 - SYS_FDATASYNC = 83 - SYS_SYNC_FILE_RANGE = 84 - SYS_TIMERFD_CREATE = 85 - SYS_TIMERFD_SETTIME = 86 - SYS_TIMERFD_GETTIME = 87 - SYS_UTIMENSAT = 88 - SYS_ACCT = 89 - SYS_CAPGET = 90 - SYS_CAPSET = 91 - SYS_PERSONALITY = 92 - SYS_EXIT = 93 - SYS_EXIT_GROUP = 94 - SYS_WAITID = 95 - SYS_SET_TID_ADDRESS = 96 - SYS_UNSHARE = 97 - SYS_FUTEX = 98 - SYS_SET_ROBUST_LIST = 99 - SYS_GET_ROBUST_LIST = 100 - SYS_NANOSLEEP = 101 - SYS_GETITIMER = 102 - SYS_SETITIMER = 103 - SYS_KEXEC_LOAD = 104 - SYS_INIT_MODULE = 105 - SYS_DELETE_MODULE = 106 - SYS_TIMER_CREATE = 107 - SYS_TIMER_GETTIME = 108 - SYS_TIMER_GETOVERRUN = 109 - SYS_TIMER_SETTIME = 110 - SYS_TIMER_DELETE = 111 - SYS_CLOCK_SETTIME = 112 - SYS_CLOCK_GETTIME = 113 - SYS_CLOCK_GETRES = 114 - SYS_CLOCK_NANOSLEEP = 115 - SYS_SYSLOG = 116 - SYS_PTRACE = 117 - SYS_SCHED_SETPARAM = 118 - SYS_SCHED_SETSCHEDULER = 119 - SYS_SCHED_GETSCHEDULER = 120 - SYS_SCHED_GETPARAM = 121 - SYS_SCHED_SETAFFINITY = 122 - SYS_SCHED_GETAFFINITY = 123 - SYS_SCHED_YIELD = 124 - SYS_SCHED_GET_PRIORITY_MAX = 125 - SYS_SCHED_GET_PRIORITY_MIN = 126 - SYS_SCHED_RR_GET_INTERVAL = 127 - SYS_RESTART_SYSCALL = 128 - SYS_KILL = 129 - SYS_TKILL = 130 - SYS_TGKILL = 131 - SYS_SIGALTSTACK = 132 - SYS_RT_SIGSUSPEND = 133 - SYS_RT_SIGACTION = 134 - SYS_RT_SIGPROCMASK = 135 - SYS_RT_SIGPENDING = 136 - SYS_RT_SIGTIMEDWAIT = 137 - SYS_RT_SIGQUEUEINFO = 138 - SYS_RT_SIGRETURN = 139 - SYS_SETPRIORITY = 140 - SYS_GETPRIORITY = 141 - SYS_REBOOT = 142 - SYS_SETREGID = 143 - SYS_SETGID = 144 - SYS_SETREUID = 145 - SYS_SETUID = 146 - SYS_SETRESUID = 147 - SYS_GETRESUID = 148 - SYS_SETRESGID = 149 - SYS_GETRESGID = 150 - SYS_SETFSUID = 151 - SYS_SETFSGID = 152 - SYS_TIMES = 153 - SYS_SETPGID = 154 - SYS_GETPGID = 155 - SYS_GETSID = 156 - SYS_SETSID = 157 - SYS_GETGROUPS = 158 - SYS_SETGROUPS = 159 - SYS_UNAME = 160 - SYS_SETHOSTNAME = 161 - SYS_SETDOMAINNAME = 162 - SYS_GETRLIMIT = 163 - SYS_SETRLIMIT = 164 - SYS_GETRUSAGE = 165 - SYS_UMASK = 166 - SYS_PRCTL = 167 - SYS_GETCPU = 168 - SYS_GETTIMEOFDAY = 169 - SYS_SETTIMEOFDAY = 170 - SYS_ADJTIMEX = 171 - SYS_GETPID = 172 - SYS_GETPPID = 173 - SYS_GETUID = 174 - SYS_GETEUID = 175 - SYS_GETGID = 176 - SYS_GETEGID = 177 - SYS_GETTID = 178 - SYS_SYSINFO = 179 - SYS_MQ_OPEN = 180 - SYS_MQ_UNLINK = 181 - SYS_MQ_TIMEDSEND = 182 - SYS_MQ_TIMEDRECEIVE = 183 - SYS_MQ_NOTIFY = 184 - SYS_MQ_GETSETATTR = 185 - SYS_MSGGET = 186 - SYS_MSGCTL = 187 - SYS_MSGRCV = 188 - SYS_MSGSND = 189 - SYS_SEMGET = 190 - SYS_SEMCTL = 191 - SYS_SEMTIMEDOP = 192 - SYS_SEMOP = 193 - SYS_SHMGET = 194 - SYS_SHMCTL = 195 - SYS_SHMAT = 196 - SYS_SHMDT = 197 - SYS_SOCKET = 198 - SYS_SOCKETPAIR = 199 - SYS_BIND = 200 - SYS_LISTEN = 201 - SYS_ACCEPT = 202 - SYS_CONNECT = 203 - SYS_GETSOCKNAME = 204 - SYS_GETPEERNAME = 205 - SYS_SENDTO = 206 - SYS_RECVFROM = 207 - SYS_SETSOCKOPT = 208 - SYS_GETSOCKOPT = 209 - SYS_SHUTDOWN = 210 - SYS_SENDMSG = 211 - SYS_RECVMSG = 212 - SYS_READAHEAD = 213 - SYS_BRK = 214 - SYS_MUNMAP = 215 - SYS_MREMAP = 216 - SYS_ADD_KEY = 217 - SYS_REQUEST_KEY = 218 - SYS_KEYCTL = 219 - SYS_CLONE = 220 - SYS_EXECVE = 221 - SYS_MMAP = 222 - SYS_FADVISE64 = 223 - SYS_SWAPON = 224 - SYS_SWAPOFF = 225 - SYS_MPROTECT = 226 - SYS_MSYNC = 227 - SYS_MLOCK = 228 - SYS_MUNLOCK = 229 - SYS_MLOCKALL = 230 - SYS_MUNLOCKALL = 231 - SYS_MINCORE = 232 - SYS_MADVISE = 233 - SYS_REMAP_FILE_PAGES = 234 - SYS_MBIND = 235 - SYS_GET_MEMPOLICY = 236 - SYS_SET_MEMPOLICY = 237 - SYS_MIGRATE_PAGES = 238 - SYS_MOVE_PAGES = 239 - SYS_RT_TGSIGQUEUEINFO = 240 - SYS_PERF_EVENT_OPEN = 241 - SYS_ACCEPT4 = 242 - SYS_RECVMMSG = 243 - SYS_ARCH_SPECIFIC_SYSCALL = 244 - SYS_WAIT4 = 260 - SYS_PRLIMIT64 = 261 - SYS_FANOTIFY_INIT = 262 - SYS_FANOTIFY_MARK = 263 - SYS_NAME_TO_HANDLE_AT = 264 - SYS_OPEN_BY_HANDLE_AT = 265 - SYS_CLOCK_ADJTIME = 266 - SYS_SYNCFS = 267 - SYS_SETNS = 268 - SYS_SENDMMSG = 269 - SYS_PROCESS_VM_READV = 270 - SYS_PROCESS_VM_WRITEV = 271 - SYS_KCMP = 272 - SYS_FINIT_MODULE = 273 - SYS_SCHED_SETATTR = 274 - SYS_SCHED_GETATTR = 275 - SYS_RENAMEAT2 = 276 - SYS_SECCOMP = 277 - SYS_GETRANDOM = 278 - SYS_MEMFD_CREATE = 279 - SYS_BPF = 280 - SYS_EXECVEAT = 281 - SYS_USERFAULTFD = 282 - SYS_MEMBARRIER = 283 - SYS_MLOCK2 = 284 - SYS_COPY_FILE_RANGE = 285 - SYS_PREADV2 = 286 - SYS_PWRITEV2 = 287 - SYS_PKEY_MPROTECT = 288 - SYS_PKEY_ALLOC = 289 - SYS_PKEY_FREE = 290 - SYS_STATX = 291 - SYS_IO_PGETEVENTS = 292 - SYS_RSEQ = 293 - SYS_KEXEC_FILE_LOAD = 294 - SYS_PIDFD_SEND_SIGNAL = 424 - SYS_IO_URING_SETUP = 425 - SYS_IO_URING_ENTER = 426 - SYS_IO_URING_REGISTER = 427 - SYS_OPEN_TREE = 428 - SYS_MOVE_MOUNT = 429 - SYS_FSOPEN = 430 - SYS_FSCONFIG = 431 - SYS_FSMOUNT = 432 - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLONE3 = 435 - SYS_CLOSE_RANGE = 436 - SYS_OPENAT2 = 437 - SYS_PIDFD_GETFD = 438 - SYS_FACCESSAT2 = 439 - SYS_PROCESS_MADVISE = 440 - SYS_EPOLL_PWAIT2 = 441 - SYS_MOUNT_SETATTR = 442 + SYS_IO_SETUP = 0 + SYS_IO_DESTROY = 1 + SYS_IO_SUBMIT = 2 + SYS_IO_CANCEL = 3 + SYS_IO_GETEVENTS = 4 + SYS_SETXATTR = 5 + SYS_LSETXATTR = 6 + SYS_FSETXATTR = 7 + SYS_GETXATTR = 8 + SYS_LGETXATTR = 9 + SYS_FGETXATTR = 10 + SYS_LISTXATTR = 11 + SYS_LLISTXATTR = 12 + SYS_FLISTXATTR = 13 + SYS_REMOVEXATTR = 14 + SYS_LREMOVEXATTR = 15 + SYS_FREMOVEXATTR = 16 + SYS_GETCWD = 17 + SYS_LOOKUP_DCOOKIE = 18 + SYS_EVENTFD2 = 19 + SYS_EPOLL_CREATE1 = 20 + SYS_EPOLL_CTL = 21 + SYS_EPOLL_PWAIT = 22 + SYS_DUP = 23 + SYS_DUP3 = 24 + SYS_FCNTL = 25 + SYS_INOTIFY_INIT1 = 26 + SYS_INOTIFY_ADD_WATCH = 27 + SYS_INOTIFY_RM_WATCH = 28 + SYS_IOCTL = 29 + SYS_IOPRIO_SET = 30 + SYS_IOPRIO_GET = 31 + SYS_FLOCK = 32 + SYS_MKNODAT = 33 + SYS_MKDIRAT = 34 + SYS_UNLINKAT = 35 + SYS_SYMLINKAT = 36 + SYS_LINKAT = 37 + SYS_UMOUNT2 = 39 + SYS_MOUNT = 40 + SYS_PIVOT_ROOT = 41 + SYS_NFSSERVCTL = 42 + SYS_STATFS = 43 + SYS_FSTATFS = 44 + SYS_TRUNCATE = 45 + SYS_FTRUNCATE = 46 + SYS_FALLOCATE = 47 + SYS_FACCESSAT = 48 + SYS_CHDIR = 49 + SYS_FCHDIR = 50 + SYS_CHROOT = 51 + SYS_FCHMOD = 52 + SYS_FCHMODAT = 53 + SYS_FCHOWNAT = 54 + SYS_FCHOWN = 55 + SYS_OPENAT = 56 + SYS_CLOSE = 57 + SYS_VHANGUP = 58 + SYS_PIPE2 = 59 + SYS_QUOTACTL = 60 + SYS_GETDENTS64 = 61 + SYS_LSEEK = 62 + SYS_READ = 63 + SYS_WRITE = 64 + SYS_READV = 65 + SYS_WRITEV = 66 + SYS_PREAD64 = 67 + SYS_PWRITE64 = 68 + SYS_PREADV = 69 + SYS_PWRITEV = 70 + SYS_SENDFILE = 71 + SYS_PSELECT6 = 72 + SYS_PPOLL = 73 + SYS_SIGNALFD4 = 74 + SYS_VMSPLICE = 75 + SYS_SPLICE = 76 + SYS_TEE = 77 + SYS_READLINKAT = 78 + SYS_FSTATAT = 79 + SYS_FSTAT = 80 + SYS_SYNC = 81 + SYS_FSYNC = 82 + SYS_FDATASYNC = 83 + SYS_SYNC_FILE_RANGE = 84 + SYS_TIMERFD_CREATE = 85 + SYS_TIMERFD_SETTIME = 86 + SYS_TIMERFD_GETTIME = 87 + SYS_UTIMENSAT = 88 + SYS_ACCT = 89 + SYS_CAPGET = 90 + SYS_CAPSET = 91 + SYS_PERSONALITY = 92 + SYS_EXIT = 93 + SYS_EXIT_GROUP = 94 + SYS_WAITID = 95 + SYS_SET_TID_ADDRESS = 96 + SYS_UNSHARE = 97 + SYS_FUTEX = 98 + SYS_SET_ROBUST_LIST = 99 + SYS_GET_ROBUST_LIST = 100 + SYS_NANOSLEEP = 101 + SYS_GETITIMER = 102 + SYS_SETITIMER = 103 + SYS_KEXEC_LOAD = 104 + SYS_INIT_MODULE = 105 + SYS_DELETE_MODULE = 106 + SYS_TIMER_CREATE = 107 + SYS_TIMER_GETTIME = 108 + SYS_TIMER_GETOVERRUN = 109 + SYS_TIMER_SETTIME = 110 + SYS_TIMER_DELETE = 111 + SYS_CLOCK_SETTIME = 112 + SYS_CLOCK_GETTIME = 113 + SYS_CLOCK_GETRES = 114 + SYS_CLOCK_NANOSLEEP = 115 + SYS_SYSLOG = 116 + SYS_PTRACE = 117 + SYS_SCHED_SETPARAM = 118 + SYS_SCHED_SETSCHEDULER = 119 + SYS_SCHED_GETSCHEDULER = 120 + SYS_SCHED_GETPARAM = 121 + SYS_SCHED_SETAFFINITY = 122 + SYS_SCHED_GETAFFINITY = 123 + SYS_SCHED_YIELD = 124 + SYS_SCHED_GET_PRIORITY_MAX = 125 + SYS_SCHED_GET_PRIORITY_MIN = 126 + SYS_SCHED_RR_GET_INTERVAL = 127 + SYS_RESTART_SYSCALL = 128 + SYS_KILL = 129 + SYS_TKILL = 130 + SYS_TGKILL = 131 + SYS_SIGALTSTACK = 132 + SYS_RT_SIGSUSPEND = 133 + SYS_RT_SIGACTION = 134 + SYS_RT_SIGPROCMASK = 135 + SYS_RT_SIGPENDING = 136 + SYS_RT_SIGTIMEDWAIT = 137 + SYS_RT_SIGQUEUEINFO = 138 + SYS_RT_SIGRETURN = 139 + SYS_SETPRIORITY = 140 + SYS_GETPRIORITY = 141 + SYS_REBOOT = 142 + SYS_SETREGID = 143 + SYS_SETGID = 144 + SYS_SETREUID = 145 + SYS_SETUID = 146 + SYS_SETRESUID = 147 + SYS_GETRESUID = 148 + SYS_SETRESGID = 149 + SYS_GETRESGID = 150 + SYS_SETFSUID = 151 + SYS_SETFSGID = 152 + SYS_TIMES = 153 + SYS_SETPGID = 154 + SYS_GETPGID = 155 + SYS_GETSID = 156 + SYS_SETSID = 157 + SYS_GETGROUPS = 158 + SYS_SETGROUPS = 159 + SYS_UNAME = 160 + SYS_SETHOSTNAME = 161 + SYS_SETDOMAINNAME = 162 + SYS_GETRLIMIT = 163 + SYS_SETRLIMIT = 164 + SYS_GETRUSAGE = 165 + SYS_UMASK = 166 + SYS_PRCTL = 167 + SYS_GETCPU = 168 + SYS_GETTIMEOFDAY = 169 + SYS_SETTIMEOFDAY = 170 + SYS_ADJTIMEX = 171 + SYS_GETPID = 172 + SYS_GETPPID = 173 + SYS_GETUID = 174 + SYS_GETEUID = 175 + SYS_GETGID = 176 + SYS_GETEGID = 177 + SYS_GETTID = 178 + SYS_SYSINFO = 179 + SYS_MQ_OPEN = 180 + SYS_MQ_UNLINK = 181 + SYS_MQ_TIMEDSEND = 182 + SYS_MQ_TIMEDRECEIVE = 183 + SYS_MQ_NOTIFY = 184 + SYS_MQ_GETSETATTR = 185 + SYS_MSGGET = 186 + SYS_MSGCTL = 187 + SYS_MSGRCV = 188 + SYS_MSGSND = 189 + SYS_SEMGET = 190 + SYS_SEMCTL = 191 + SYS_SEMTIMEDOP = 192 + SYS_SEMOP = 193 + SYS_SHMGET = 194 + SYS_SHMCTL = 195 + SYS_SHMAT = 196 + SYS_SHMDT = 197 + SYS_SOCKET = 198 + SYS_SOCKETPAIR = 199 + SYS_BIND = 200 + SYS_LISTEN = 201 + SYS_ACCEPT = 202 + SYS_CONNECT = 203 + SYS_GETSOCKNAME = 204 + SYS_GETPEERNAME = 205 + SYS_SENDTO = 206 + SYS_RECVFROM = 207 + SYS_SETSOCKOPT = 208 + SYS_GETSOCKOPT = 209 + SYS_SHUTDOWN = 210 + SYS_SENDMSG = 211 + SYS_RECVMSG = 212 + SYS_READAHEAD = 213 + SYS_BRK = 214 + SYS_MUNMAP = 215 + SYS_MREMAP = 216 + SYS_ADD_KEY = 217 + SYS_REQUEST_KEY = 218 + SYS_KEYCTL = 219 + SYS_CLONE = 220 + SYS_EXECVE = 221 + SYS_MMAP = 222 + SYS_FADVISE64 = 223 + SYS_SWAPON = 224 + SYS_SWAPOFF = 225 + SYS_MPROTECT = 226 + SYS_MSYNC = 227 + SYS_MLOCK = 228 + SYS_MUNLOCK = 229 + SYS_MLOCKALL = 230 + SYS_MUNLOCKALL = 231 + SYS_MINCORE = 232 + SYS_MADVISE = 233 + SYS_REMAP_FILE_PAGES = 234 + SYS_MBIND = 235 + SYS_GET_MEMPOLICY = 236 + SYS_SET_MEMPOLICY = 237 + SYS_MIGRATE_PAGES = 238 + SYS_MOVE_PAGES = 239 + SYS_RT_TGSIGQUEUEINFO = 240 + SYS_PERF_EVENT_OPEN = 241 + SYS_ACCEPT4 = 242 + SYS_RECVMMSG = 243 + SYS_ARCH_SPECIFIC_SYSCALL = 244 + SYS_WAIT4 = 260 + SYS_PRLIMIT64 = 261 + SYS_FANOTIFY_INIT = 262 + SYS_FANOTIFY_MARK = 263 + SYS_NAME_TO_HANDLE_AT = 264 + SYS_OPEN_BY_HANDLE_AT = 265 + SYS_CLOCK_ADJTIME = 266 + SYS_SYNCFS = 267 + SYS_SETNS = 268 + SYS_SENDMMSG = 269 + SYS_PROCESS_VM_READV = 270 + SYS_PROCESS_VM_WRITEV = 271 + SYS_KCMP = 272 + SYS_FINIT_MODULE = 273 + SYS_SCHED_SETATTR = 274 + SYS_SCHED_GETATTR = 275 + SYS_RENAMEAT2 = 276 + SYS_SECCOMP = 277 + SYS_GETRANDOM = 278 + SYS_MEMFD_CREATE = 279 + SYS_BPF = 280 + SYS_EXECVEAT = 281 + SYS_USERFAULTFD = 282 + SYS_MEMBARRIER = 283 + SYS_MLOCK2 = 284 + SYS_COPY_FILE_RANGE = 285 + SYS_PREADV2 = 286 + SYS_PWRITEV2 = 287 + SYS_PKEY_MPROTECT = 288 + SYS_PKEY_ALLOC = 289 + SYS_PKEY_FREE = 290 + SYS_STATX = 291 + SYS_IO_PGETEVENTS = 292 + SYS_RSEQ = 293 + SYS_KEXEC_FILE_LOAD = 294 + SYS_PIDFD_SEND_SIGNAL = 424 + SYS_IO_URING_SETUP = 425 + SYS_IO_URING_ENTER = 426 + SYS_IO_URING_REGISTER = 427 + SYS_OPEN_TREE = 428 + SYS_MOVE_MOUNT = 429 + SYS_FSOPEN = 430 + SYS_FSCONFIG = 431 + SYS_FSMOUNT = 432 + SYS_FSPICK = 433 + SYS_PIDFD_OPEN = 434 + SYS_CLONE3 = 435 + SYS_CLOSE_RANGE = 436 + SYS_OPENAT2 = 437 + SYS_PIDFD_GETFD = 438 + SYS_FACCESSAT2 = 439 + SYS_PROCESS_MADVISE = 440 + SYS_EPOLL_PWAIT2 = 441 + SYS_MOUNT_SETATTR = 442 + SYS_LANDLOCK_CREATE_RULESET = 444 + SYS_LANDLOCK_ADD_RULE = 445 + SYS_LANDLOCK_RESTRICT_SELF = 446 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index aea5760ce..378e6ec8b 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -7,365 +7,368 @@ package unix const ( - SYS_EXIT = 1 - SYS_FORK = 2 - SYS_READ = 3 - SYS_WRITE = 4 - SYS_OPEN = 5 - SYS_CLOSE = 6 - SYS_RESTART_SYSCALL = 7 - SYS_CREAT = 8 - SYS_LINK = 9 - SYS_UNLINK = 10 - SYS_EXECVE = 11 - SYS_CHDIR = 12 - SYS_MKNOD = 14 - SYS_CHMOD = 15 - SYS_LSEEK = 19 - SYS_GETPID = 20 - SYS_MOUNT = 21 - SYS_UMOUNT = 22 - SYS_PTRACE = 26 - SYS_ALARM = 27 - SYS_PAUSE = 29 - SYS_UTIME = 30 - SYS_ACCESS = 33 - SYS_NICE = 34 - SYS_SYNC = 36 - SYS_KILL = 37 - SYS_RENAME = 38 - SYS_MKDIR = 39 - SYS_RMDIR = 40 - SYS_DUP = 41 - SYS_PIPE = 42 - SYS_TIMES = 43 - SYS_BRK = 45 - SYS_SIGNAL = 48 - SYS_ACCT = 51 - SYS_UMOUNT2 = 52 - SYS_IOCTL = 54 - SYS_FCNTL = 55 - SYS_SETPGID = 57 - SYS_UMASK = 60 - SYS_CHROOT = 61 - SYS_USTAT = 62 - SYS_DUP2 = 63 - SYS_GETPPID = 64 - SYS_GETPGRP = 65 - SYS_SETSID = 66 - SYS_SIGACTION = 67 - SYS_SIGSUSPEND = 72 - SYS_SIGPENDING = 73 - SYS_SETHOSTNAME = 74 - SYS_SETRLIMIT = 75 - SYS_GETRUSAGE = 77 - SYS_GETTIMEOFDAY = 78 - SYS_SETTIMEOFDAY = 79 - SYS_SYMLINK = 83 - SYS_READLINK = 85 - SYS_USELIB = 86 - SYS_SWAPON = 87 - SYS_REBOOT = 88 - SYS_READDIR = 89 - SYS_MMAP = 90 - SYS_MUNMAP = 91 - SYS_TRUNCATE = 92 - SYS_FTRUNCATE = 93 - SYS_FCHMOD = 94 - SYS_GETPRIORITY = 96 - SYS_SETPRIORITY = 97 - SYS_STATFS = 99 - SYS_FSTATFS = 100 - SYS_SOCKETCALL = 102 - SYS_SYSLOG = 103 - SYS_SETITIMER = 104 - SYS_GETITIMER = 105 - SYS_STAT = 106 - SYS_LSTAT = 107 - SYS_FSTAT = 108 - SYS_LOOKUP_DCOOKIE = 110 - SYS_VHANGUP = 111 - SYS_IDLE = 112 - SYS_WAIT4 = 114 - SYS_SWAPOFF = 115 - SYS_SYSINFO = 116 - SYS_IPC = 117 - SYS_FSYNC = 118 - SYS_SIGRETURN = 119 - SYS_CLONE = 120 - SYS_SETDOMAINNAME = 121 - SYS_UNAME = 122 - SYS_ADJTIMEX = 124 - SYS_MPROTECT = 125 - SYS_SIGPROCMASK = 126 - SYS_CREATE_MODULE = 127 - SYS_INIT_MODULE = 128 - SYS_DELETE_MODULE = 129 - SYS_GET_KERNEL_SYMS = 130 - SYS_QUOTACTL = 131 - SYS_GETPGID = 132 - SYS_FCHDIR = 133 - SYS_BDFLUSH = 134 - SYS_SYSFS = 135 - SYS_PERSONALITY = 136 - SYS_AFS_SYSCALL = 137 - SYS_GETDENTS = 141 - SYS_SELECT = 142 - SYS_FLOCK = 143 - SYS_MSYNC = 144 - SYS_READV = 145 - SYS_WRITEV = 146 - SYS_GETSID = 147 - SYS_FDATASYNC = 148 - SYS__SYSCTL = 149 - SYS_MLOCK = 150 - SYS_MUNLOCK = 151 - SYS_MLOCKALL = 152 - SYS_MUNLOCKALL = 153 - SYS_SCHED_SETPARAM = 154 - SYS_SCHED_GETPARAM = 155 - SYS_SCHED_SETSCHEDULER = 156 - SYS_SCHED_GETSCHEDULER = 157 - SYS_SCHED_YIELD = 158 - SYS_SCHED_GET_PRIORITY_MAX = 159 - SYS_SCHED_GET_PRIORITY_MIN = 160 - SYS_SCHED_RR_GET_INTERVAL = 161 - SYS_NANOSLEEP = 162 - SYS_MREMAP = 163 - SYS_QUERY_MODULE = 167 - SYS_POLL = 168 - SYS_NFSSERVCTL = 169 - SYS_PRCTL = 172 - SYS_RT_SIGRETURN = 173 - SYS_RT_SIGACTION = 174 - SYS_RT_SIGPROCMASK = 175 - SYS_RT_SIGPENDING = 176 - SYS_RT_SIGTIMEDWAIT = 177 - SYS_RT_SIGQUEUEINFO = 178 - SYS_RT_SIGSUSPEND = 179 - SYS_PREAD64 = 180 - SYS_PWRITE64 = 181 - SYS_GETCWD = 183 - SYS_CAPGET = 184 - SYS_CAPSET = 185 - SYS_SIGALTSTACK = 186 - SYS_SENDFILE = 187 - SYS_GETPMSG = 188 - SYS_PUTPMSG = 189 - SYS_VFORK = 190 - SYS_GETRLIMIT = 191 - SYS_LCHOWN = 198 - SYS_GETUID = 199 - SYS_GETGID = 200 - SYS_GETEUID = 201 - SYS_GETEGID = 202 - SYS_SETREUID = 203 - SYS_SETREGID = 204 - SYS_GETGROUPS = 205 - SYS_SETGROUPS = 206 - SYS_FCHOWN = 207 - SYS_SETRESUID = 208 - SYS_GETRESUID = 209 - SYS_SETRESGID = 210 - SYS_GETRESGID = 211 - SYS_CHOWN = 212 - SYS_SETUID = 213 - SYS_SETGID = 214 - SYS_SETFSUID = 215 - SYS_SETFSGID = 216 - SYS_PIVOT_ROOT = 217 - SYS_MINCORE = 218 - SYS_MADVISE = 219 - SYS_GETDENTS64 = 220 - SYS_READAHEAD = 222 - SYS_SETXATTR = 224 - SYS_LSETXATTR = 225 - SYS_FSETXATTR = 226 - SYS_GETXATTR = 227 - SYS_LGETXATTR = 228 - SYS_FGETXATTR = 229 - SYS_LISTXATTR = 230 - SYS_LLISTXATTR = 231 - SYS_FLISTXATTR = 232 - SYS_REMOVEXATTR = 233 - SYS_LREMOVEXATTR = 234 - SYS_FREMOVEXATTR = 235 - SYS_GETTID = 236 - SYS_TKILL = 237 - SYS_FUTEX = 238 - SYS_SCHED_SETAFFINITY = 239 - SYS_SCHED_GETAFFINITY = 240 - SYS_TGKILL = 241 - SYS_IO_SETUP = 243 - SYS_IO_DESTROY = 244 - SYS_IO_GETEVENTS = 245 - SYS_IO_SUBMIT = 246 - SYS_IO_CANCEL = 247 - SYS_EXIT_GROUP = 248 - SYS_EPOLL_CREATE = 249 - SYS_EPOLL_CTL = 250 - SYS_EPOLL_WAIT = 251 - SYS_SET_TID_ADDRESS = 252 - SYS_FADVISE64 = 253 - SYS_TIMER_CREATE = 254 - SYS_TIMER_SETTIME = 255 - SYS_TIMER_GETTIME = 256 - SYS_TIMER_GETOVERRUN = 257 - SYS_TIMER_DELETE = 258 - SYS_CLOCK_SETTIME = 259 - SYS_CLOCK_GETTIME = 260 - SYS_CLOCK_GETRES = 261 - SYS_CLOCK_NANOSLEEP = 262 - SYS_STATFS64 = 265 - SYS_FSTATFS64 = 266 - SYS_REMAP_FILE_PAGES = 267 - SYS_MBIND = 268 - SYS_GET_MEMPOLICY = 269 - SYS_SET_MEMPOLICY = 270 - SYS_MQ_OPEN = 271 - SYS_MQ_UNLINK = 272 - SYS_MQ_TIMEDSEND = 273 - SYS_MQ_TIMEDRECEIVE = 274 - SYS_MQ_NOTIFY = 275 - SYS_MQ_GETSETATTR = 276 - SYS_KEXEC_LOAD = 277 - SYS_ADD_KEY = 278 - SYS_REQUEST_KEY = 279 - SYS_KEYCTL = 280 - SYS_WAITID = 281 - SYS_IOPRIO_SET = 282 - SYS_IOPRIO_GET = 283 - SYS_INOTIFY_INIT = 284 - SYS_INOTIFY_ADD_WATCH = 285 - SYS_INOTIFY_RM_WATCH = 286 - SYS_MIGRATE_PAGES = 287 - SYS_OPENAT = 288 - SYS_MKDIRAT = 289 - SYS_MKNODAT = 290 - SYS_FCHOWNAT = 291 - SYS_FUTIMESAT = 292 - SYS_NEWFSTATAT = 293 - SYS_UNLINKAT = 294 - SYS_RENAMEAT = 295 - SYS_LINKAT = 296 - SYS_SYMLINKAT = 297 - SYS_READLINKAT = 298 - SYS_FCHMODAT = 299 - SYS_FACCESSAT = 300 - SYS_PSELECT6 = 301 - SYS_PPOLL = 302 - SYS_UNSHARE = 303 - SYS_SET_ROBUST_LIST = 304 - SYS_GET_ROBUST_LIST = 305 - SYS_SPLICE = 306 - SYS_SYNC_FILE_RANGE = 307 - SYS_TEE = 308 - SYS_VMSPLICE = 309 - SYS_MOVE_PAGES = 310 - SYS_GETCPU = 311 - SYS_EPOLL_PWAIT = 312 - SYS_UTIMES = 313 - SYS_FALLOCATE = 314 - SYS_UTIMENSAT = 315 - SYS_SIGNALFD = 316 - SYS_TIMERFD = 317 - SYS_EVENTFD = 318 - SYS_TIMERFD_CREATE = 319 - SYS_TIMERFD_SETTIME = 320 - SYS_TIMERFD_GETTIME = 321 - SYS_SIGNALFD4 = 322 - SYS_EVENTFD2 = 323 - SYS_INOTIFY_INIT1 = 324 - SYS_PIPE2 = 325 - SYS_DUP3 = 326 - SYS_EPOLL_CREATE1 = 327 - SYS_PREADV = 328 - SYS_PWRITEV = 329 - SYS_RT_TGSIGQUEUEINFO = 330 - SYS_PERF_EVENT_OPEN = 331 - SYS_FANOTIFY_INIT = 332 - SYS_FANOTIFY_MARK = 333 - SYS_PRLIMIT64 = 334 - SYS_NAME_TO_HANDLE_AT = 335 - SYS_OPEN_BY_HANDLE_AT = 336 - SYS_CLOCK_ADJTIME = 337 - SYS_SYNCFS = 338 - SYS_SETNS = 339 - SYS_PROCESS_VM_READV = 340 - SYS_PROCESS_VM_WRITEV = 341 - SYS_S390_RUNTIME_INSTR = 342 - SYS_KCMP = 343 - SYS_FINIT_MODULE = 344 - SYS_SCHED_SETATTR = 345 - SYS_SCHED_GETATTR = 346 - SYS_RENAMEAT2 = 347 - SYS_SECCOMP = 348 - SYS_GETRANDOM = 349 - SYS_MEMFD_CREATE = 350 - SYS_BPF = 351 - SYS_S390_PCI_MMIO_WRITE = 352 - SYS_S390_PCI_MMIO_READ = 353 - SYS_EXECVEAT = 354 - SYS_USERFAULTFD = 355 - SYS_MEMBARRIER = 356 - SYS_RECVMMSG = 357 - SYS_SENDMMSG = 358 - SYS_SOCKET = 359 - SYS_SOCKETPAIR = 360 - SYS_BIND = 361 - SYS_CONNECT = 362 - SYS_LISTEN = 363 - SYS_ACCEPT4 = 364 - SYS_GETSOCKOPT = 365 - SYS_SETSOCKOPT = 366 - SYS_GETSOCKNAME = 367 - SYS_GETPEERNAME = 368 - SYS_SENDTO = 369 - SYS_SENDMSG = 370 - SYS_RECVFROM = 371 - SYS_RECVMSG = 372 - SYS_SHUTDOWN = 373 - SYS_MLOCK2 = 374 - SYS_COPY_FILE_RANGE = 375 - SYS_PREADV2 = 376 - SYS_PWRITEV2 = 377 - SYS_S390_GUARDED_STORAGE = 378 - SYS_STATX = 379 - SYS_S390_STHYI = 380 - SYS_KEXEC_FILE_LOAD = 381 - SYS_IO_PGETEVENTS = 382 - SYS_RSEQ = 383 - SYS_PKEY_MPROTECT = 384 - SYS_PKEY_ALLOC = 385 - SYS_PKEY_FREE = 386 - SYS_SEMTIMEDOP = 392 - SYS_SEMGET = 393 - SYS_SEMCTL = 394 - SYS_SHMGET = 395 - SYS_SHMCTL = 396 - SYS_SHMAT = 397 - SYS_SHMDT = 398 - SYS_MSGGET = 399 - SYS_MSGSND = 400 - SYS_MSGRCV = 401 - SYS_MSGCTL = 402 - SYS_PIDFD_SEND_SIGNAL = 424 - SYS_IO_URING_SETUP = 425 - SYS_IO_URING_ENTER = 426 - SYS_IO_URING_REGISTER = 427 - SYS_OPEN_TREE = 428 - SYS_MOVE_MOUNT = 429 - SYS_FSOPEN = 430 - SYS_FSCONFIG = 431 - SYS_FSMOUNT = 432 - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLONE3 = 435 - SYS_CLOSE_RANGE = 436 - SYS_OPENAT2 = 437 - SYS_PIDFD_GETFD = 438 - SYS_FACCESSAT2 = 439 - SYS_PROCESS_MADVISE = 440 - SYS_EPOLL_PWAIT2 = 441 - SYS_MOUNT_SETATTR = 442 + SYS_EXIT = 1 + SYS_FORK = 2 + SYS_READ = 3 + SYS_WRITE = 4 + SYS_OPEN = 5 + SYS_CLOSE = 6 + SYS_RESTART_SYSCALL = 7 + SYS_CREAT = 8 + SYS_LINK = 9 + SYS_UNLINK = 10 + SYS_EXECVE = 11 + SYS_CHDIR = 12 + SYS_MKNOD = 14 + SYS_CHMOD = 15 + SYS_LSEEK = 19 + SYS_GETPID = 20 + SYS_MOUNT = 21 + SYS_UMOUNT = 22 + SYS_PTRACE = 26 + SYS_ALARM = 27 + SYS_PAUSE = 29 + SYS_UTIME = 30 + SYS_ACCESS = 33 + SYS_NICE = 34 + SYS_SYNC = 36 + SYS_KILL = 37 + SYS_RENAME = 38 + SYS_MKDIR = 39 + SYS_RMDIR = 40 + SYS_DUP = 41 + SYS_PIPE = 42 + SYS_TIMES = 43 + SYS_BRK = 45 + SYS_SIGNAL = 48 + SYS_ACCT = 51 + SYS_UMOUNT2 = 52 + SYS_IOCTL = 54 + SYS_FCNTL = 55 + SYS_SETPGID = 57 + SYS_UMASK = 60 + SYS_CHROOT = 61 + SYS_USTAT = 62 + SYS_DUP2 = 63 + SYS_GETPPID = 64 + SYS_GETPGRP = 65 + SYS_SETSID = 66 + SYS_SIGACTION = 67 + SYS_SIGSUSPEND = 72 + SYS_SIGPENDING = 73 + SYS_SETHOSTNAME = 74 + SYS_SETRLIMIT = 75 + SYS_GETRUSAGE = 77 + SYS_GETTIMEOFDAY = 78 + SYS_SETTIMEOFDAY = 79 + SYS_SYMLINK = 83 + SYS_READLINK = 85 + SYS_USELIB = 86 + SYS_SWAPON = 87 + SYS_REBOOT = 88 + SYS_READDIR = 89 + SYS_MMAP = 90 + SYS_MUNMAP = 91 + SYS_TRUNCATE = 92 + SYS_FTRUNCATE = 93 + SYS_FCHMOD = 94 + SYS_GETPRIORITY = 96 + SYS_SETPRIORITY = 97 + SYS_STATFS = 99 + SYS_FSTATFS = 100 + SYS_SOCKETCALL = 102 + SYS_SYSLOG = 103 + SYS_SETITIMER = 104 + SYS_GETITIMER = 105 + SYS_STAT = 106 + SYS_LSTAT = 107 + SYS_FSTAT = 108 + SYS_LOOKUP_DCOOKIE = 110 + SYS_VHANGUP = 111 + SYS_IDLE = 112 + SYS_WAIT4 = 114 + SYS_SWAPOFF = 115 + SYS_SYSINFO = 116 + SYS_IPC = 117 + SYS_FSYNC = 118 + SYS_SIGRETURN = 119 + SYS_CLONE = 120 + SYS_SETDOMAINNAME = 121 + SYS_UNAME = 122 + SYS_ADJTIMEX = 124 + SYS_MPROTECT = 125 + SYS_SIGPROCMASK = 126 + SYS_CREATE_MODULE = 127 + SYS_INIT_MODULE = 128 + SYS_DELETE_MODULE = 129 + SYS_GET_KERNEL_SYMS = 130 + SYS_QUOTACTL = 131 + SYS_GETPGID = 132 + SYS_FCHDIR = 133 + SYS_BDFLUSH = 134 + SYS_SYSFS = 135 + SYS_PERSONALITY = 136 + SYS_AFS_SYSCALL = 137 + SYS_GETDENTS = 141 + SYS_SELECT = 142 + SYS_FLOCK = 143 + SYS_MSYNC = 144 + SYS_READV = 145 + SYS_WRITEV = 146 + SYS_GETSID = 147 + SYS_FDATASYNC = 148 + SYS__SYSCTL = 149 + SYS_MLOCK = 150 + SYS_MUNLOCK = 151 + SYS_MLOCKALL = 152 + SYS_MUNLOCKALL = 153 + SYS_SCHED_SETPARAM = 154 + SYS_SCHED_GETPARAM = 155 + SYS_SCHED_SETSCHEDULER = 156 + SYS_SCHED_GETSCHEDULER = 157 + SYS_SCHED_YIELD = 158 + SYS_SCHED_GET_PRIORITY_MAX = 159 + SYS_SCHED_GET_PRIORITY_MIN = 160 + SYS_SCHED_RR_GET_INTERVAL = 161 + SYS_NANOSLEEP = 162 + SYS_MREMAP = 163 + SYS_QUERY_MODULE = 167 + SYS_POLL = 168 + SYS_NFSSERVCTL = 169 + SYS_PRCTL = 172 + SYS_RT_SIGRETURN = 173 + SYS_RT_SIGACTION = 174 + SYS_RT_SIGPROCMASK = 175 + SYS_RT_SIGPENDING = 176 + SYS_RT_SIGTIMEDWAIT = 177 + SYS_RT_SIGQUEUEINFO = 178 + SYS_RT_SIGSUSPEND = 179 + SYS_PREAD64 = 180 + SYS_PWRITE64 = 181 + SYS_GETCWD = 183 + SYS_CAPGET = 184 + SYS_CAPSET = 185 + SYS_SIGALTSTACK = 186 + SYS_SENDFILE = 187 + SYS_GETPMSG = 188 + SYS_PUTPMSG = 189 + SYS_VFORK = 190 + SYS_GETRLIMIT = 191 + SYS_LCHOWN = 198 + SYS_GETUID = 199 + SYS_GETGID = 200 + SYS_GETEUID = 201 + SYS_GETEGID = 202 + SYS_SETREUID = 203 + SYS_SETREGID = 204 + SYS_GETGROUPS = 205 + SYS_SETGROUPS = 206 + SYS_FCHOWN = 207 + SYS_SETRESUID = 208 + SYS_GETRESUID = 209 + SYS_SETRESGID = 210 + SYS_GETRESGID = 211 + SYS_CHOWN = 212 + SYS_SETUID = 213 + SYS_SETGID = 214 + SYS_SETFSUID = 215 + SYS_SETFSGID = 216 + SYS_PIVOT_ROOT = 217 + SYS_MINCORE = 218 + SYS_MADVISE = 219 + SYS_GETDENTS64 = 220 + SYS_READAHEAD = 222 + SYS_SETXATTR = 224 + SYS_LSETXATTR = 225 + SYS_FSETXATTR = 226 + SYS_GETXATTR = 227 + SYS_LGETXATTR = 228 + SYS_FGETXATTR = 229 + SYS_LISTXATTR = 230 + SYS_LLISTXATTR = 231 + SYS_FLISTXATTR = 232 + SYS_REMOVEXATTR = 233 + SYS_LREMOVEXATTR = 234 + SYS_FREMOVEXATTR = 235 + SYS_GETTID = 236 + SYS_TKILL = 237 + SYS_FUTEX = 238 + SYS_SCHED_SETAFFINITY = 239 + SYS_SCHED_GETAFFINITY = 240 + SYS_TGKILL = 241 + SYS_IO_SETUP = 243 + SYS_IO_DESTROY = 244 + SYS_IO_GETEVENTS = 245 + SYS_IO_SUBMIT = 246 + SYS_IO_CANCEL = 247 + SYS_EXIT_GROUP = 248 + SYS_EPOLL_CREATE = 249 + SYS_EPOLL_CTL = 250 + SYS_EPOLL_WAIT = 251 + SYS_SET_TID_ADDRESS = 252 + SYS_FADVISE64 = 253 + SYS_TIMER_CREATE = 254 + SYS_TIMER_SETTIME = 255 + SYS_TIMER_GETTIME = 256 + SYS_TIMER_GETOVERRUN = 257 + SYS_TIMER_DELETE = 258 + SYS_CLOCK_SETTIME = 259 + SYS_CLOCK_GETTIME = 260 + SYS_CLOCK_GETRES = 261 + SYS_CLOCK_NANOSLEEP = 262 + SYS_STATFS64 = 265 + SYS_FSTATFS64 = 266 + SYS_REMAP_FILE_PAGES = 267 + SYS_MBIND = 268 + SYS_GET_MEMPOLICY = 269 + SYS_SET_MEMPOLICY = 270 + SYS_MQ_OPEN = 271 + SYS_MQ_UNLINK = 272 + SYS_MQ_TIMEDSEND = 273 + SYS_MQ_TIMEDRECEIVE = 274 + SYS_MQ_NOTIFY = 275 + SYS_MQ_GETSETATTR = 276 + SYS_KEXEC_LOAD = 277 + SYS_ADD_KEY = 278 + SYS_REQUEST_KEY = 279 + SYS_KEYCTL = 280 + SYS_WAITID = 281 + SYS_IOPRIO_SET = 282 + SYS_IOPRIO_GET = 283 + SYS_INOTIFY_INIT = 284 + SYS_INOTIFY_ADD_WATCH = 285 + SYS_INOTIFY_RM_WATCH = 286 + SYS_MIGRATE_PAGES = 287 + SYS_OPENAT = 288 + SYS_MKDIRAT = 289 + SYS_MKNODAT = 290 + SYS_FCHOWNAT = 291 + SYS_FUTIMESAT = 292 + SYS_NEWFSTATAT = 293 + SYS_UNLINKAT = 294 + SYS_RENAMEAT = 295 + SYS_LINKAT = 296 + SYS_SYMLINKAT = 297 + SYS_READLINKAT = 298 + SYS_FCHMODAT = 299 + SYS_FACCESSAT = 300 + SYS_PSELECT6 = 301 + SYS_PPOLL = 302 + SYS_UNSHARE = 303 + SYS_SET_ROBUST_LIST = 304 + SYS_GET_ROBUST_LIST = 305 + SYS_SPLICE = 306 + SYS_SYNC_FILE_RANGE = 307 + SYS_TEE = 308 + SYS_VMSPLICE = 309 + SYS_MOVE_PAGES = 310 + SYS_GETCPU = 311 + SYS_EPOLL_PWAIT = 312 + SYS_UTIMES = 313 + SYS_FALLOCATE = 314 + SYS_UTIMENSAT = 315 + SYS_SIGNALFD = 316 + SYS_TIMERFD = 317 + SYS_EVENTFD = 318 + SYS_TIMERFD_CREATE = 319 + SYS_TIMERFD_SETTIME = 320 + SYS_TIMERFD_GETTIME = 321 + SYS_SIGNALFD4 = 322 + SYS_EVENTFD2 = 323 + SYS_INOTIFY_INIT1 = 324 + SYS_PIPE2 = 325 + SYS_DUP3 = 326 + SYS_EPOLL_CREATE1 = 327 + SYS_PREADV = 328 + SYS_PWRITEV = 329 + SYS_RT_TGSIGQUEUEINFO = 330 + SYS_PERF_EVENT_OPEN = 331 + SYS_FANOTIFY_INIT = 332 + SYS_FANOTIFY_MARK = 333 + SYS_PRLIMIT64 = 334 + SYS_NAME_TO_HANDLE_AT = 335 + SYS_OPEN_BY_HANDLE_AT = 336 + SYS_CLOCK_ADJTIME = 337 + SYS_SYNCFS = 338 + SYS_SETNS = 339 + SYS_PROCESS_VM_READV = 340 + SYS_PROCESS_VM_WRITEV = 341 + SYS_S390_RUNTIME_INSTR = 342 + SYS_KCMP = 343 + SYS_FINIT_MODULE = 344 + SYS_SCHED_SETATTR = 345 + SYS_SCHED_GETATTR = 346 + SYS_RENAMEAT2 = 347 + SYS_SECCOMP = 348 + SYS_GETRANDOM = 349 + SYS_MEMFD_CREATE = 350 + SYS_BPF = 351 + SYS_S390_PCI_MMIO_WRITE = 352 + SYS_S390_PCI_MMIO_READ = 353 + SYS_EXECVEAT = 354 + SYS_USERFAULTFD = 355 + SYS_MEMBARRIER = 356 + SYS_RECVMMSG = 357 + SYS_SENDMMSG = 358 + SYS_SOCKET = 359 + SYS_SOCKETPAIR = 360 + SYS_BIND = 361 + SYS_CONNECT = 362 + SYS_LISTEN = 363 + SYS_ACCEPT4 = 364 + SYS_GETSOCKOPT = 365 + SYS_SETSOCKOPT = 366 + SYS_GETSOCKNAME = 367 + SYS_GETPEERNAME = 368 + SYS_SENDTO = 369 + SYS_SENDMSG = 370 + SYS_RECVFROM = 371 + SYS_RECVMSG = 372 + SYS_SHUTDOWN = 373 + SYS_MLOCK2 = 374 + SYS_COPY_FILE_RANGE = 375 + SYS_PREADV2 = 376 + SYS_PWRITEV2 = 377 + SYS_S390_GUARDED_STORAGE = 378 + SYS_STATX = 379 + SYS_S390_STHYI = 380 + SYS_KEXEC_FILE_LOAD = 381 + SYS_IO_PGETEVENTS = 382 + SYS_RSEQ = 383 + SYS_PKEY_MPROTECT = 384 + SYS_PKEY_ALLOC = 385 + SYS_PKEY_FREE = 386 + SYS_SEMTIMEDOP = 392 + SYS_SEMGET = 393 + SYS_SEMCTL = 394 + SYS_SHMGET = 395 + SYS_SHMCTL = 396 + SYS_SHMAT = 397 + SYS_SHMDT = 398 + SYS_MSGGET = 399 + SYS_MSGSND = 400 + SYS_MSGRCV = 401 + SYS_MSGCTL = 402 + SYS_PIDFD_SEND_SIGNAL = 424 + SYS_IO_URING_SETUP = 425 + SYS_IO_URING_ENTER = 426 + SYS_IO_URING_REGISTER = 427 + SYS_OPEN_TREE = 428 + SYS_MOVE_MOUNT = 429 + SYS_FSOPEN = 430 + SYS_FSCONFIG = 431 + SYS_FSMOUNT = 432 + SYS_FSPICK = 433 + SYS_PIDFD_OPEN = 434 + SYS_CLONE3 = 435 + SYS_CLOSE_RANGE = 436 + SYS_OPENAT2 = 437 + SYS_PIDFD_GETFD = 438 + SYS_FACCESSAT2 = 439 + SYS_PROCESS_MADVISE = 440 + SYS_EPOLL_PWAIT2 = 441 + SYS_MOUNT_SETATTR = 442 + SYS_LANDLOCK_CREATE_RULESET = 444 + SYS_LANDLOCK_ADD_RULE = 445 + SYS_LANDLOCK_RESTRICT_SELF = 446 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go index 488ca848d..58e72b0cb 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go @@ -7,379 +7,382 @@ package unix const ( - SYS_RESTART_SYSCALL = 0 - SYS_EXIT = 1 - SYS_FORK = 2 - SYS_READ = 3 - SYS_WRITE = 4 - SYS_OPEN = 5 - SYS_CLOSE = 6 - SYS_WAIT4 = 7 - SYS_CREAT = 8 - SYS_LINK = 9 - SYS_UNLINK = 10 - SYS_EXECV = 11 - SYS_CHDIR = 12 - SYS_CHOWN = 13 - SYS_MKNOD = 14 - SYS_CHMOD = 15 - SYS_LCHOWN = 16 - SYS_BRK = 17 - SYS_PERFCTR = 18 - SYS_LSEEK = 19 - SYS_GETPID = 20 - SYS_CAPGET = 21 - SYS_CAPSET = 22 - SYS_SETUID = 23 - SYS_GETUID = 24 - SYS_VMSPLICE = 25 - SYS_PTRACE = 26 - SYS_ALARM = 27 - SYS_SIGALTSTACK = 28 - SYS_PAUSE = 29 - SYS_UTIME = 30 - SYS_ACCESS = 33 - SYS_NICE = 34 - SYS_SYNC = 36 - SYS_KILL = 37 - SYS_STAT = 38 - SYS_SENDFILE = 39 - SYS_LSTAT = 40 - SYS_DUP = 41 - SYS_PIPE = 42 - SYS_TIMES = 43 - SYS_UMOUNT2 = 45 - SYS_SETGID = 46 - SYS_GETGID = 47 - SYS_SIGNAL = 48 - SYS_GETEUID = 49 - SYS_GETEGID = 50 - SYS_ACCT = 51 - SYS_MEMORY_ORDERING = 52 - SYS_IOCTL = 54 - SYS_REBOOT = 55 - SYS_SYMLINK = 57 - SYS_READLINK = 58 - SYS_EXECVE = 59 - SYS_UMASK = 60 - SYS_CHROOT = 61 - SYS_FSTAT = 62 - SYS_FSTAT64 = 63 - SYS_GETPAGESIZE = 64 - SYS_MSYNC = 65 - SYS_VFORK = 66 - SYS_PREAD64 = 67 - SYS_PWRITE64 = 68 - SYS_MMAP = 71 - SYS_MUNMAP = 73 - SYS_MPROTECT = 74 - SYS_MADVISE = 75 - SYS_VHANGUP = 76 - SYS_MINCORE = 78 - SYS_GETGROUPS = 79 - SYS_SETGROUPS = 80 - SYS_GETPGRP = 81 - SYS_SETITIMER = 83 - SYS_SWAPON = 85 - SYS_GETITIMER = 86 - SYS_SETHOSTNAME = 88 - SYS_DUP2 = 90 - SYS_FCNTL = 92 - SYS_SELECT = 93 - SYS_FSYNC = 95 - SYS_SETPRIORITY = 96 - SYS_SOCKET = 97 - SYS_CONNECT = 98 - SYS_ACCEPT = 99 - SYS_GETPRIORITY = 100 - SYS_RT_SIGRETURN = 101 - SYS_RT_SIGACTION = 102 - SYS_RT_SIGPROCMASK = 103 - SYS_RT_SIGPENDING = 104 - SYS_RT_SIGTIMEDWAIT = 105 - SYS_RT_SIGQUEUEINFO = 106 - SYS_RT_SIGSUSPEND = 107 - SYS_SETRESUID = 108 - SYS_GETRESUID = 109 - SYS_SETRESGID = 110 - SYS_GETRESGID = 111 - SYS_RECVMSG = 113 - SYS_SENDMSG = 114 - SYS_GETTIMEOFDAY = 116 - SYS_GETRUSAGE = 117 - SYS_GETSOCKOPT = 118 - SYS_GETCWD = 119 - SYS_READV = 120 - SYS_WRITEV = 121 - SYS_SETTIMEOFDAY = 122 - SYS_FCHOWN = 123 - SYS_FCHMOD = 124 - SYS_RECVFROM = 125 - SYS_SETREUID = 126 - SYS_SETREGID = 127 - SYS_RENAME = 128 - SYS_TRUNCATE = 129 - SYS_FTRUNCATE = 130 - SYS_FLOCK = 131 - SYS_LSTAT64 = 132 - SYS_SENDTO = 133 - SYS_SHUTDOWN = 134 - SYS_SOCKETPAIR = 135 - SYS_MKDIR = 136 - SYS_RMDIR = 137 - SYS_UTIMES = 138 - SYS_STAT64 = 139 - SYS_SENDFILE64 = 140 - SYS_GETPEERNAME = 141 - SYS_FUTEX = 142 - SYS_GETTID = 143 - SYS_GETRLIMIT = 144 - SYS_SETRLIMIT = 145 - SYS_PIVOT_ROOT = 146 - SYS_PRCTL = 147 - SYS_PCICONFIG_READ = 148 - SYS_PCICONFIG_WRITE = 149 - SYS_GETSOCKNAME = 150 - SYS_INOTIFY_INIT = 151 - SYS_INOTIFY_ADD_WATCH = 152 - SYS_POLL = 153 - SYS_GETDENTS64 = 154 - SYS_INOTIFY_RM_WATCH = 156 - SYS_STATFS = 157 - SYS_FSTATFS = 158 - SYS_UMOUNT = 159 - SYS_SCHED_SET_AFFINITY = 160 - SYS_SCHED_GET_AFFINITY = 161 - SYS_GETDOMAINNAME = 162 - SYS_SETDOMAINNAME = 163 - SYS_UTRAP_INSTALL = 164 - SYS_QUOTACTL = 165 - SYS_SET_TID_ADDRESS = 166 - SYS_MOUNT = 167 - SYS_USTAT = 168 - SYS_SETXATTR = 169 - SYS_LSETXATTR = 170 - SYS_FSETXATTR = 171 - SYS_GETXATTR = 172 - SYS_LGETXATTR = 173 - SYS_GETDENTS = 174 - SYS_SETSID = 175 - SYS_FCHDIR = 176 - SYS_FGETXATTR = 177 - SYS_LISTXATTR = 178 - SYS_LLISTXATTR = 179 - SYS_FLISTXATTR = 180 - SYS_REMOVEXATTR = 181 - SYS_LREMOVEXATTR = 182 - SYS_SIGPENDING = 183 - SYS_QUERY_MODULE = 184 - SYS_SETPGID = 185 - SYS_FREMOVEXATTR = 186 - SYS_TKILL = 187 - SYS_EXIT_GROUP = 188 - SYS_UNAME = 189 - SYS_INIT_MODULE = 190 - SYS_PERSONALITY = 191 - SYS_REMAP_FILE_PAGES = 192 - SYS_EPOLL_CREATE = 193 - SYS_EPOLL_CTL = 194 - SYS_EPOLL_WAIT = 195 - SYS_IOPRIO_SET = 196 - SYS_GETPPID = 197 - SYS_SIGACTION = 198 - SYS_SGETMASK = 199 - SYS_SSETMASK = 200 - SYS_SIGSUSPEND = 201 - SYS_OLDLSTAT = 202 - SYS_USELIB = 203 - SYS_READDIR = 204 - SYS_READAHEAD = 205 - SYS_SOCKETCALL = 206 - SYS_SYSLOG = 207 - SYS_LOOKUP_DCOOKIE = 208 - SYS_FADVISE64 = 209 - SYS_FADVISE64_64 = 210 - SYS_TGKILL = 211 - SYS_WAITPID = 212 - SYS_SWAPOFF = 213 - SYS_SYSINFO = 214 - SYS_IPC = 215 - SYS_SIGRETURN = 216 - SYS_CLONE = 217 - SYS_IOPRIO_GET = 218 - SYS_ADJTIMEX = 219 - SYS_SIGPROCMASK = 220 - SYS_CREATE_MODULE = 221 - SYS_DELETE_MODULE = 222 - SYS_GET_KERNEL_SYMS = 223 - SYS_GETPGID = 224 - SYS_BDFLUSH = 225 - SYS_SYSFS = 226 - SYS_AFS_SYSCALL = 227 - SYS_SETFSUID = 228 - SYS_SETFSGID = 229 - SYS__NEWSELECT = 230 - SYS_SPLICE = 232 - SYS_STIME = 233 - SYS_STATFS64 = 234 - SYS_FSTATFS64 = 235 - SYS__LLSEEK = 236 - SYS_MLOCK = 237 - SYS_MUNLOCK = 238 - SYS_MLOCKALL = 239 - SYS_MUNLOCKALL = 240 - SYS_SCHED_SETPARAM = 241 - SYS_SCHED_GETPARAM = 242 - SYS_SCHED_SETSCHEDULER = 243 - SYS_SCHED_GETSCHEDULER = 244 - SYS_SCHED_YIELD = 245 - SYS_SCHED_GET_PRIORITY_MAX = 246 - SYS_SCHED_GET_PRIORITY_MIN = 247 - SYS_SCHED_RR_GET_INTERVAL = 248 - SYS_NANOSLEEP = 249 - SYS_MREMAP = 250 - SYS__SYSCTL = 251 - SYS_GETSID = 252 - SYS_FDATASYNC = 253 - SYS_NFSSERVCTL = 254 - SYS_SYNC_FILE_RANGE = 255 - SYS_CLOCK_SETTIME = 256 - SYS_CLOCK_GETTIME = 257 - SYS_CLOCK_GETRES = 258 - SYS_CLOCK_NANOSLEEP = 259 - SYS_SCHED_GETAFFINITY = 260 - SYS_SCHED_SETAFFINITY = 261 - SYS_TIMER_SETTIME = 262 - SYS_TIMER_GETTIME = 263 - SYS_TIMER_GETOVERRUN = 264 - SYS_TIMER_DELETE = 265 - SYS_TIMER_CREATE = 266 - SYS_VSERVER = 267 - SYS_IO_SETUP = 268 - SYS_IO_DESTROY = 269 - SYS_IO_SUBMIT = 270 - SYS_IO_CANCEL = 271 - SYS_IO_GETEVENTS = 272 - SYS_MQ_OPEN = 273 - SYS_MQ_UNLINK = 274 - SYS_MQ_TIMEDSEND = 275 - SYS_MQ_TIMEDRECEIVE = 276 - SYS_MQ_NOTIFY = 277 - SYS_MQ_GETSETATTR = 278 - SYS_WAITID = 279 - SYS_TEE = 280 - SYS_ADD_KEY = 281 - SYS_REQUEST_KEY = 282 - SYS_KEYCTL = 283 - SYS_OPENAT = 284 - SYS_MKDIRAT = 285 - SYS_MKNODAT = 286 - SYS_FCHOWNAT = 287 - SYS_FUTIMESAT = 288 - SYS_FSTATAT64 = 289 - SYS_UNLINKAT = 290 - SYS_RENAMEAT = 291 - SYS_LINKAT = 292 - SYS_SYMLINKAT = 293 - SYS_READLINKAT = 294 - SYS_FCHMODAT = 295 - SYS_FACCESSAT = 296 - SYS_PSELECT6 = 297 - SYS_PPOLL = 298 - SYS_UNSHARE = 299 - SYS_SET_ROBUST_LIST = 300 - SYS_GET_ROBUST_LIST = 301 - SYS_MIGRATE_PAGES = 302 - SYS_MBIND = 303 - SYS_GET_MEMPOLICY = 304 - SYS_SET_MEMPOLICY = 305 - SYS_KEXEC_LOAD = 306 - SYS_MOVE_PAGES = 307 - SYS_GETCPU = 308 - SYS_EPOLL_PWAIT = 309 - SYS_UTIMENSAT = 310 - SYS_SIGNALFD = 311 - SYS_TIMERFD_CREATE = 312 - SYS_EVENTFD = 313 - SYS_FALLOCATE = 314 - SYS_TIMERFD_SETTIME = 315 - SYS_TIMERFD_GETTIME = 316 - SYS_SIGNALFD4 = 317 - SYS_EVENTFD2 = 318 - SYS_EPOLL_CREATE1 = 319 - SYS_DUP3 = 320 - SYS_PIPE2 = 321 - SYS_INOTIFY_INIT1 = 322 - SYS_ACCEPT4 = 323 - SYS_PREADV = 324 - SYS_PWRITEV = 325 - SYS_RT_TGSIGQUEUEINFO = 326 - SYS_PERF_EVENT_OPEN = 327 - SYS_RECVMMSG = 328 - SYS_FANOTIFY_INIT = 329 - SYS_FANOTIFY_MARK = 330 - SYS_PRLIMIT64 = 331 - SYS_NAME_TO_HANDLE_AT = 332 - SYS_OPEN_BY_HANDLE_AT = 333 - SYS_CLOCK_ADJTIME = 334 - SYS_SYNCFS = 335 - SYS_SENDMMSG = 336 - SYS_SETNS = 337 - SYS_PROCESS_VM_READV = 338 - SYS_PROCESS_VM_WRITEV = 339 - SYS_KERN_FEATURES = 340 - SYS_KCMP = 341 - SYS_FINIT_MODULE = 342 - SYS_SCHED_SETATTR = 343 - SYS_SCHED_GETATTR = 344 - SYS_RENAMEAT2 = 345 - SYS_SECCOMP = 346 - SYS_GETRANDOM = 347 - SYS_MEMFD_CREATE = 348 - SYS_BPF = 349 - SYS_EXECVEAT = 350 - SYS_MEMBARRIER = 351 - SYS_USERFAULTFD = 352 - SYS_BIND = 353 - SYS_LISTEN = 354 - SYS_SETSOCKOPT = 355 - SYS_MLOCK2 = 356 - SYS_COPY_FILE_RANGE = 357 - SYS_PREADV2 = 358 - SYS_PWRITEV2 = 359 - SYS_STATX = 360 - SYS_IO_PGETEVENTS = 361 - SYS_PKEY_MPROTECT = 362 - SYS_PKEY_ALLOC = 363 - SYS_PKEY_FREE = 364 - SYS_RSEQ = 365 - SYS_SEMTIMEDOP = 392 - SYS_SEMGET = 393 - SYS_SEMCTL = 394 - SYS_SHMGET = 395 - SYS_SHMCTL = 396 - SYS_SHMAT = 397 - SYS_SHMDT = 398 - SYS_MSGGET = 399 - SYS_MSGSND = 400 - SYS_MSGRCV = 401 - SYS_MSGCTL = 402 - SYS_PIDFD_SEND_SIGNAL = 424 - SYS_IO_URING_SETUP = 425 - SYS_IO_URING_ENTER = 426 - SYS_IO_URING_REGISTER = 427 - SYS_OPEN_TREE = 428 - SYS_MOVE_MOUNT = 429 - SYS_FSOPEN = 430 - SYS_FSCONFIG = 431 - SYS_FSMOUNT = 432 - SYS_FSPICK = 433 - SYS_PIDFD_OPEN = 434 - SYS_CLOSE_RANGE = 436 - SYS_OPENAT2 = 437 - SYS_PIDFD_GETFD = 438 - SYS_FACCESSAT2 = 439 - SYS_PROCESS_MADVISE = 440 - SYS_EPOLL_PWAIT2 = 441 - SYS_MOUNT_SETATTR = 442 + SYS_RESTART_SYSCALL = 0 + SYS_EXIT = 1 + SYS_FORK = 2 + SYS_READ = 3 + SYS_WRITE = 4 + SYS_OPEN = 5 + SYS_CLOSE = 6 + SYS_WAIT4 = 7 + SYS_CREAT = 8 + SYS_LINK = 9 + SYS_UNLINK = 10 + SYS_EXECV = 11 + SYS_CHDIR = 12 + SYS_CHOWN = 13 + SYS_MKNOD = 14 + SYS_CHMOD = 15 + SYS_LCHOWN = 16 + SYS_BRK = 17 + SYS_PERFCTR = 18 + SYS_LSEEK = 19 + SYS_GETPID = 20 + SYS_CAPGET = 21 + SYS_CAPSET = 22 + SYS_SETUID = 23 + SYS_GETUID = 24 + SYS_VMSPLICE = 25 + SYS_PTRACE = 26 + SYS_ALARM = 27 + SYS_SIGALTSTACK = 28 + SYS_PAUSE = 29 + SYS_UTIME = 30 + SYS_ACCESS = 33 + SYS_NICE = 34 + SYS_SYNC = 36 + SYS_KILL = 37 + SYS_STAT = 38 + SYS_SENDFILE = 39 + SYS_LSTAT = 40 + SYS_DUP = 41 + SYS_PIPE = 42 + SYS_TIMES = 43 + SYS_UMOUNT2 = 45 + SYS_SETGID = 46 + SYS_GETGID = 47 + SYS_SIGNAL = 48 + SYS_GETEUID = 49 + SYS_GETEGID = 50 + SYS_ACCT = 51 + SYS_MEMORY_ORDERING = 52 + SYS_IOCTL = 54 + SYS_REBOOT = 55 + SYS_SYMLINK = 57 + SYS_READLINK = 58 + SYS_EXECVE = 59 + SYS_UMASK = 60 + SYS_CHROOT = 61 + SYS_FSTAT = 62 + SYS_FSTAT64 = 63 + SYS_GETPAGESIZE = 64 + SYS_MSYNC = 65 + SYS_VFORK = 66 + SYS_PREAD64 = 67 + SYS_PWRITE64 = 68 + SYS_MMAP = 71 + SYS_MUNMAP = 73 + SYS_MPROTECT = 74 + SYS_MADVISE = 75 + SYS_VHANGUP = 76 + SYS_MINCORE = 78 + SYS_GETGROUPS = 79 + SYS_SETGROUPS = 80 + SYS_GETPGRP = 81 + SYS_SETITIMER = 83 + SYS_SWAPON = 85 + SYS_GETITIMER = 86 + SYS_SETHOSTNAME = 88 + SYS_DUP2 = 90 + SYS_FCNTL = 92 + SYS_SELECT = 93 + SYS_FSYNC = 95 + SYS_SETPRIORITY = 96 + SYS_SOCKET = 97 + SYS_CONNECT = 98 + SYS_ACCEPT = 99 + SYS_GETPRIORITY = 100 + SYS_RT_SIGRETURN = 101 + SYS_RT_SIGACTION = 102 + SYS_RT_SIGPROCMASK = 103 + SYS_RT_SIGPENDING = 104 + SYS_RT_SIGTIMEDWAIT = 105 + SYS_RT_SIGQUEUEINFO = 106 + SYS_RT_SIGSUSPEND = 107 + SYS_SETRESUID = 108 + SYS_GETRESUID = 109 + SYS_SETRESGID = 110 + SYS_GETRESGID = 111 + SYS_RECVMSG = 113 + SYS_SENDMSG = 114 + SYS_GETTIMEOFDAY = 116 + SYS_GETRUSAGE = 117 + SYS_GETSOCKOPT = 118 + SYS_GETCWD = 119 + SYS_READV = 120 + SYS_WRITEV = 121 + SYS_SETTIMEOFDAY = 122 + SYS_FCHOWN = 123 + SYS_FCHMOD = 124 + SYS_RECVFROM = 125 + SYS_SETREUID = 126 + SYS_SETREGID = 127 + SYS_RENAME = 128 + SYS_TRUNCATE = 129 + SYS_FTRUNCATE = 130 + SYS_FLOCK = 131 + SYS_LSTAT64 = 132 + SYS_SENDTO = 133 + SYS_SHUTDOWN = 134 + SYS_SOCKETPAIR = 135 + SYS_MKDIR = 136 + SYS_RMDIR = 137 + SYS_UTIMES = 138 + SYS_STAT64 = 139 + SYS_SENDFILE64 = 140 + SYS_GETPEERNAME = 141 + SYS_FUTEX = 142 + SYS_GETTID = 143 + SYS_GETRLIMIT = 144 + SYS_SETRLIMIT = 145 + SYS_PIVOT_ROOT = 146 + SYS_PRCTL = 147 + SYS_PCICONFIG_READ = 148 + SYS_PCICONFIG_WRITE = 149 + SYS_GETSOCKNAME = 150 + SYS_INOTIFY_INIT = 151 + SYS_INOTIFY_ADD_WATCH = 152 + SYS_POLL = 153 + SYS_GETDENTS64 = 154 + SYS_INOTIFY_RM_WATCH = 156 + SYS_STATFS = 157 + SYS_FSTATFS = 158 + SYS_UMOUNT = 159 + SYS_SCHED_SET_AFFINITY = 160 + SYS_SCHED_GET_AFFINITY = 161 + SYS_GETDOMAINNAME = 162 + SYS_SETDOMAINNAME = 163 + SYS_UTRAP_INSTALL = 164 + SYS_QUOTACTL = 165 + SYS_SET_TID_ADDRESS = 166 + SYS_MOUNT = 167 + SYS_USTAT = 168 + SYS_SETXATTR = 169 + SYS_LSETXATTR = 170 + SYS_FSETXATTR = 171 + SYS_GETXATTR = 172 + SYS_LGETXATTR = 173 + SYS_GETDENTS = 174 + SYS_SETSID = 175 + SYS_FCHDIR = 176 + SYS_FGETXATTR = 177 + SYS_LISTXATTR = 178 + SYS_LLISTXATTR = 179 + SYS_FLISTXATTR = 180 + SYS_REMOVEXATTR = 181 + SYS_LREMOVEXATTR = 182 + SYS_SIGPENDING = 183 + SYS_QUERY_MODULE = 184 + SYS_SETPGID = 185 + SYS_FREMOVEXATTR = 186 + SYS_TKILL = 187 + SYS_EXIT_GROUP = 188 + SYS_UNAME = 189 + SYS_INIT_MODULE = 190 + SYS_PERSONALITY = 191 + SYS_REMAP_FILE_PAGES = 192 + SYS_EPOLL_CREATE = 193 + SYS_EPOLL_CTL = 194 + SYS_EPOLL_WAIT = 195 + SYS_IOPRIO_SET = 196 + SYS_GETPPID = 197 + SYS_SIGACTION = 198 + SYS_SGETMASK = 199 + SYS_SSETMASK = 200 + SYS_SIGSUSPEND = 201 + SYS_OLDLSTAT = 202 + SYS_USELIB = 203 + SYS_READDIR = 204 + SYS_READAHEAD = 205 + SYS_SOCKETCALL = 206 + SYS_SYSLOG = 207 + SYS_LOOKUP_DCOOKIE = 208 + SYS_FADVISE64 = 209 + SYS_FADVISE64_64 = 210 + SYS_TGKILL = 211 + SYS_WAITPID = 212 + SYS_SWAPOFF = 213 + SYS_SYSINFO = 214 + SYS_IPC = 215 + SYS_SIGRETURN = 216 + SYS_CLONE = 217 + SYS_IOPRIO_GET = 218 + SYS_ADJTIMEX = 219 + SYS_SIGPROCMASK = 220 + SYS_CREATE_MODULE = 221 + SYS_DELETE_MODULE = 222 + SYS_GET_KERNEL_SYMS = 223 + SYS_GETPGID = 224 + SYS_BDFLUSH = 225 + SYS_SYSFS = 226 + SYS_AFS_SYSCALL = 227 + SYS_SETFSUID = 228 + SYS_SETFSGID = 229 + SYS__NEWSELECT = 230 + SYS_SPLICE = 232 + SYS_STIME = 233 + SYS_STATFS64 = 234 + SYS_FSTATFS64 = 235 + SYS__LLSEEK = 236 + SYS_MLOCK = 237 + SYS_MUNLOCK = 238 + SYS_MLOCKALL = 239 + SYS_MUNLOCKALL = 240 + SYS_SCHED_SETPARAM = 241 + SYS_SCHED_GETPARAM = 242 + SYS_SCHED_SETSCHEDULER = 243 + SYS_SCHED_GETSCHEDULER = 244 + SYS_SCHED_YIELD = 245 + SYS_SCHED_GET_PRIORITY_MAX = 246 + SYS_SCHED_GET_PRIORITY_MIN = 247 + SYS_SCHED_RR_GET_INTERVAL = 248 + SYS_NANOSLEEP = 249 + SYS_MREMAP = 250 + SYS__SYSCTL = 251 + SYS_GETSID = 252 + SYS_FDATASYNC = 253 + SYS_NFSSERVCTL = 254 + SYS_SYNC_FILE_RANGE = 255 + SYS_CLOCK_SETTIME = 256 + SYS_CLOCK_GETTIME = 257 + SYS_CLOCK_GETRES = 258 + SYS_CLOCK_NANOSLEEP = 259 + SYS_SCHED_GETAFFINITY = 260 + SYS_SCHED_SETAFFINITY = 261 + SYS_TIMER_SETTIME = 262 + SYS_TIMER_GETTIME = 263 + SYS_TIMER_GETOVERRUN = 264 + SYS_TIMER_DELETE = 265 + SYS_TIMER_CREATE = 266 + SYS_VSERVER = 267 + SYS_IO_SETUP = 268 + SYS_IO_DESTROY = 269 + SYS_IO_SUBMIT = 270 + SYS_IO_CANCEL = 271 + SYS_IO_GETEVENTS = 272 + SYS_MQ_OPEN = 273 + SYS_MQ_UNLINK = 274 + SYS_MQ_TIMEDSEND = 275 + SYS_MQ_TIMEDRECEIVE = 276 + SYS_MQ_NOTIFY = 277 + SYS_MQ_GETSETATTR = 278 + SYS_WAITID = 279 + SYS_TEE = 280 + SYS_ADD_KEY = 281 + SYS_REQUEST_KEY = 282 + SYS_KEYCTL = 283 + SYS_OPENAT = 284 + SYS_MKDIRAT = 285 + SYS_MKNODAT = 286 + SYS_FCHOWNAT = 287 + SYS_FUTIMESAT = 288 + SYS_FSTATAT64 = 289 + SYS_UNLINKAT = 290 + SYS_RENAMEAT = 291 + SYS_LINKAT = 292 + SYS_SYMLINKAT = 293 + SYS_READLINKAT = 294 + SYS_FCHMODAT = 295 + SYS_FACCESSAT = 296 + SYS_PSELECT6 = 297 + SYS_PPOLL = 298 + SYS_UNSHARE = 299 + SYS_SET_ROBUST_LIST = 300 + SYS_GET_ROBUST_LIST = 301 + SYS_MIGRATE_PAGES = 302 + SYS_MBIND = 303 + SYS_GET_MEMPOLICY = 304 + SYS_SET_MEMPOLICY = 305 + SYS_KEXEC_LOAD = 306 + SYS_MOVE_PAGES = 307 + SYS_GETCPU = 308 + SYS_EPOLL_PWAIT = 309 + SYS_UTIMENSAT = 310 + SYS_SIGNALFD = 311 + SYS_TIMERFD_CREATE = 312 + SYS_EVENTFD = 313 + SYS_FALLOCATE = 314 + SYS_TIMERFD_SETTIME = 315 + SYS_TIMERFD_GETTIME = 316 + SYS_SIGNALFD4 = 317 + SYS_EVENTFD2 = 318 + SYS_EPOLL_CREATE1 = 319 + SYS_DUP3 = 320 + SYS_PIPE2 = 321 + SYS_INOTIFY_INIT1 = 322 + SYS_ACCEPT4 = 323 + SYS_PREADV = 324 + SYS_PWRITEV = 325 + SYS_RT_TGSIGQUEUEINFO = 326 + SYS_PERF_EVENT_OPEN = 327 + SYS_RECVMMSG = 328 + SYS_FANOTIFY_INIT = 329 + SYS_FANOTIFY_MARK = 330 + SYS_PRLIMIT64 = 331 + SYS_NAME_TO_HANDLE_AT = 332 + SYS_OPEN_BY_HANDLE_AT = 333 + SYS_CLOCK_ADJTIME = 334 + SYS_SYNCFS = 335 + SYS_SENDMMSG = 336 + SYS_SETNS = 337 + SYS_PROCESS_VM_READV = 338 + SYS_PROCESS_VM_WRITEV = 339 + SYS_KERN_FEATURES = 340 + SYS_KCMP = 341 + SYS_FINIT_MODULE = 342 + SYS_SCHED_SETATTR = 343 + SYS_SCHED_GETATTR = 344 + SYS_RENAMEAT2 = 345 + SYS_SECCOMP = 346 + SYS_GETRANDOM = 347 + SYS_MEMFD_CREATE = 348 + SYS_BPF = 349 + SYS_EXECVEAT = 350 + SYS_MEMBARRIER = 351 + SYS_USERFAULTFD = 352 + SYS_BIND = 353 + SYS_LISTEN = 354 + SYS_SETSOCKOPT = 355 + SYS_MLOCK2 = 356 + SYS_COPY_FILE_RANGE = 357 + SYS_PREADV2 = 358 + SYS_PWRITEV2 = 359 + SYS_STATX = 360 + SYS_IO_PGETEVENTS = 361 + SYS_PKEY_MPROTECT = 362 + SYS_PKEY_ALLOC = 363 + SYS_PKEY_FREE = 364 + SYS_RSEQ = 365 + SYS_SEMTIMEDOP = 392 + SYS_SEMGET = 393 + SYS_SEMCTL = 394 + SYS_SHMGET = 395 + SYS_SHMCTL = 396 + SYS_SHMAT = 397 + SYS_SHMDT = 398 + SYS_MSGGET = 399 + SYS_MSGSND = 400 + SYS_MSGRCV = 401 + SYS_MSGCTL = 402 + SYS_PIDFD_SEND_SIGNAL = 424 + SYS_IO_URING_SETUP = 425 + SYS_IO_URING_ENTER = 426 + SYS_IO_URING_REGISTER = 427 + SYS_OPEN_TREE = 428 + SYS_MOVE_MOUNT = 429 + SYS_FSOPEN = 430 + SYS_FSCONFIG = 431 + SYS_FSMOUNT = 432 + SYS_FSPICK = 433 + SYS_PIDFD_OPEN = 434 + SYS_CLOSE_RANGE = 436 + SYS_OPENAT2 = 437 + SYS_PIDFD_GETFD = 438 + SYS_FACCESSAT2 = 439 + SYS_PROCESS_MADVISE = 440 + SYS_EPOLL_PWAIT2 = 441 + SYS_MOUNT_SETATTR = 442 + SYS_LANDLOCK_CREATE_RULESET = 444 + SYS_LANDLOCK_ADD_RULE = 445 + SYS_LANDLOCK_RESTRICT_SELF = 446 ) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 72887abe5..93a64c188 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -681,6 +681,16 @@ type NdMsg struct { Type uint8 } +const ( + ICMP_FILTER = 0x1 + + ICMPV6_FILTER = 0x1 + ICMPV6_FILTER_BLOCK = 0x1 + ICMPV6_FILTER_BLOCKOTHERS = 0x3 + ICMPV6_FILTER_PASS = 0x2 + ICMPV6_FILTER_PASSONLY = 0x4 +) + const ( SizeofSockFilter = 0x8 ) @@ -1001,7 +1011,7 @@ const ( PERF_COUNT_SW_EMULATION_FAULTS = 0x8 PERF_COUNT_SW_DUMMY = 0x9 PERF_COUNT_SW_BPF_OUTPUT = 0xa - PERF_COUNT_SW_MAX = 0xb + PERF_COUNT_SW_MAX = 0xc PERF_SAMPLE_IP = 0x1 PERF_SAMPLE_TID = 0x2 PERF_SAMPLE_TIME = 0x4 @@ -1773,6 +1783,8 @@ const ( NFPROTO_NUMPROTO = 0xd ) +const SO_ORIGINAL_DST = 0x50 + type Nfgenmsg struct { Nfgen_family uint8 Version uint8 @@ -3434,7 +3446,7 @@ const ( ETHTOOL_MSG_CABLE_TEST_ACT = 0x1a ETHTOOL_MSG_CABLE_TEST_TDR_ACT = 0x1b ETHTOOL_MSG_TUNNEL_INFO_GET = 0x1c - ETHTOOL_MSG_USER_MAX = 0x1c + ETHTOOL_MSG_USER_MAX = 0x20 ETHTOOL_MSG_KERNEL_NONE = 0x0 ETHTOOL_MSG_STRSET_GET_REPLY = 0x1 ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2 @@ -3465,7 +3477,7 @@ const ( ETHTOOL_MSG_CABLE_TEST_NTF = 0x1b ETHTOOL_MSG_CABLE_TEST_TDR_NTF = 0x1c ETHTOOL_MSG_TUNNEL_INFO_GET_REPLY = 0x1d - ETHTOOL_MSG_KERNEL_MAX = 0x1d + ETHTOOL_MSG_KERNEL_MAX = 0x21 ETHTOOL_A_HEADER_UNSPEC = 0x0 ETHTOOL_A_HEADER_DEV_INDEX = 0x1 ETHTOOL_A_HEADER_DEV_NAME = 0x2 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go index 235c62e46..72f2e96f3 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go @@ -170,6 +170,11 @@ type Cmsghdr struct { Type int32 } +type ifreq struct { + Ifrn [16]byte + Ifru [16]byte +} + const ( SizeofSockaddrNFCLLCP = 0x58 SizeofIovec = 0x8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go index 99b1e5b6a..d5f018d13 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go @@ -173,6 +173,11 @@ type Cmsghdr struct { Type int32 } +type ifreq struct { + Ifrn [16]byte + Ifru [24]byte +} + const ( SizeofSockaddrNFCLLCP = 0x60 SizeofIovec = 0x10 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go index cc8bba791..675446d93 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go @@ -176,6 +176,11 @@ type Cmsghdr struct { Type int32 } +type ifreq struct { + Ifrn [16]byte + Ifru [16]byte +} + const ( SizeofSockaddrNFCLLCP = 0x58 SizeofIovec = 0x8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go index fa8fe3a75..711d0711c 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go @@ -174,6 +174,11 @@ type Cmsghdr struct { Type int32 } +type ifreq struct { + Ifrn [16]byte + Ifru [24]byte +} + const ( SizeofSockaddrNFCLLCP = 0x60 SizeofIovec = 0x10 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go index e7fb8d9b7..c1131c741 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go @@ -175,6 +175,11 @@ type Cmsghdr struct { Type int32 } +type ifreq struct { + Ifrn [16]byte + Ifru [16]byte +} + const ( SizeofSockaddrNFCLLCP = 0x58 SizeofIovec = 0x8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go index 2fa61d593..91d5574ff 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go @@ -174,6 +174,11 @@ type Cmsghdr struct { Type int32 } +type ifreq struct { + Ifrn [16]byte + Ifru [24]byte +} + const ( SizeofSockaddrNFCLLCP = 0x60 SizeofIovec = 0x10 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go index 7f3639933..5d721497b 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go @@ -174,6 +174,11 @@ type Cmsghdr struct { Type int32 } +type ifreq struct { + Ifrn [16]byte + Ifru [24]byte +} + const ( SizeofSockaddrNFCLLCP = 0x60 SizeofIovec = 0x10 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go index f3c20cb86..a5addd06a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go @@ -175,6 +175,11 @@ type Cmsghdr struct { Type int32 } +type ifreq struct { + Ifrn [16]byte + Ifru [16]byte +} + const ( SizeofSockaddrNFCLLCP = 0x58 SizeofIovec = 0x8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go index 885d27950..bb6b03dfc 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go @@ -176,6 +176,11 @@ type Cmsghdr struct { Type int32 } +type ifreq struct { + Ifrn [16]byte + Ifru [16]byte +} + const ( SizeofSockaddrNFCLLCP = 0x58 SizeofIovec = 0x8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go index a94eb8e18..7637243b7 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go @@ -175,6 +175,11 @@ type Cmsghdr struct { Type int32 } +type ifreq struct { + Ifrn [16]byte + Ifru [24]byte +} + const ( SizeofSockaddrNFCLLCP = 0x60 SizeofIovec = 0x10 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go index 659e32ebd..a1a28e525 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go @@ -175,6 +175,11 @@ type Cmsghdr struct { Type int32 } +type ifreq struct { + Ifrn [16]byte + Ifru [24]byte +} + const ( SizeofSockaddrNFCLLCP = 0x60 SizeofIovec = 0x10 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index ab8ec604f..e0a8a1362 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -174,6 +174,11 @@ type Cmsghdr struct { Type int32 } +type ifreq struct { + Ifrn [16]byte + Ifru [24]byte +} + const ( SizeofSockaddrNFCLLCP = 0x60 SizeofIovec = 0x10 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go index 3ec08237f..21d6e56c7 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go @@ -173,6 +173,11 @@ type Cmsghdr struct { Type int32 } +type ifreq struct { + Ifrn [16]byte + Ifru [24]byte +} + const ( SizeofSockaddrNFCLLCP = 0x60 SizeofIovec = 0x10 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go index 23d474470..0531e98f6 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go @@ -177,6 +177,11 @@ type Cmsghdr struct { Type int32 } +type ifreq struct { + Ifrn [16]byte + Ifru [24]byte +} + const ( SizeofSockaddrNFCLLCP = 0x60 SizeofIovec = 0x10 diff --git a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go index 85effef9c..ad4aad279 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go @@ -440,3 +440,43 @@ const ( POLLWRBAND = 0x100 POLLWRNORM = 0x4 ) + +type fileObj struct { + Atim Timespec + Mtim Timespec + Ctim Timespec + Pad [3]uint64 + Name *int8 +} + +type portEvent struct { + Events int32 + Source uint16 + Pad uint16 + Object uint64 + User *byte +} + +const ( + PORT_SOURCE_AIO = 0x1 + PORT_SOURCE_TIMER = 0x2 + PORT_SOURCE_USER = 0x3 + PORT_SOURCE_FD = 0x4 + PORT_SOURCE_ALERT = 0x5 + PORT_SOURCE_MQ = 0x6 + PORT_SOURCE_FILE = 0x7 + PORT_ALERT_SET = 0x1 + PORT_ALERT_UPDATE = 0x2 + PORT_ALERT_INVALID = 0x3 + FILE_ACCESS = 0x1 + FILE_MODIFIED = 0x2 + FILE_ATTRIB = 0x4 + FILE_TRUNC = 0x100000 + FILE_NOFOLLOW = 0x10000000 + FILE_DELETE = 0x10 + FILE_RENAME_TO = 0x20 + FILE_RENAME_FROM = 0x40 + UNMOUNTED = 0x20000000 + MOUNTEDOVER = 0x40000000 + FILE_EXCEPTION = 0x60000070 +) diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 1f733398e..17f03312d 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -680,7 +680,7 @@ const ( WTD_CHOICE_CERT = 5 WTD_STATEACTION_IGNORE = 0x00000000 - WTD_STATEACTION_VERIFY = 0x00000010 + WTD_STATEACTION_VERIFY = 0x00000001 WTD_STATEACTION_CLOSE = 0x00000002 WTD_STATEACTION_AUTO_CACHE = 0x00000003 WTD_STATEACTION_AUTO_CACHE_FLUSH = 0x00000004 diff --git a/vendor/google.golang.org/grpc/.travis.yml b/vendor/google.golang.org/grpc/.travis.yml deleted file mode 100644 index 5847d94e5..000000000 --- a/vendor/google.golang.org/grpc/.travis.yml +++ /dev/null @@ -1,42 +0,0 @@ -language: go - -matrix: - include: - - go: 1.14.x - env: VET=1 GO111MODULE=on - - go: 1.14.x - env: RACE=1 GO111MODULE=on - - go: 1.14.x - env: RUN386=1 - - go: 1.14.x - env: GRPC_GO_RETRY=on - - go: 1.14.x - env: TESTEXTRAS=1 - - go: 1.13.x - env: GO111MODULE=on - - go: 1.12.x - env: GO111MODULE=on - - go: 1.11.x # Keep until interop tests no longer require Go1.11 - env: GO111MODULE=on - -go_import_path: google.golang.org/grpc - -before_install: - - if [[ "${GO111MODULE}" = "on" ]]; then mkdir "${HOME}/go"; export GOPATH="${HOME}/go"; fi - - if [[ -n "${RUN386}" ]]; then export GOARCH=386; fi - - if [[ "${TRAVIS_EVENT_TYPE}" = "cron" && -z "${RUN386}" ]]; then RACE=1; fi - - if [[ "${TRAVIS_EVENT_TYPE}" != "cron" ]]; then export VET_SKIP_PROTO=1; fi - -install: - - try3() { eval "$*" || eval "$*" || eval "$*"; } - - try3 'if [[ "${GO111MODULE}" = "on" ]]; then go mod download; else make testdeps; fi' - - if [[ -n "${GAE}" ]]; then source ./install_gae.sh; make testappenginedeps; fi - - if [[ -n "${VET}" ]]; then ./vet.sh -install; fi - -script: - - set -e - - if [[ -n "${TESTEXTRAS}" ]]; then examples/examples_test.sh; security/advancedtls/examples/examples_test.sh; interop/interop_test.sh; make testsubmodule; exit 0; fi - - if [[ -n "${VET}" ]]; then ./vet.sh; fi - - if [[ -n "${GAE}" ]]; then make testappengine; exit 0; fi - - if [[ -n "${RACE}" ]]; then make testrace; exit 0; fi - - make test diff --git a/vendor/google.golang.org/grpc/README.md b/vendor/google.golang.org/grpc/README.md index 3949a683f..0e6ae69a5 100644 --- a/vendor/google.golang.org/grpc/README.md +++ b/vendor/google.golang.org/grpc/README.md @@ -136,6 +136,6 @@ errors. [Go module]: https://github.com/golang/go/wiki/Modules [gRPC]: https://grpc.io [Go gRPC docs]: https://grpc.io/docs/languages/go -[Performance benchmark]: https://performance-dot-grpc-testing.appspot.com/explore?dashboard=5652536396611584&widget=490377658&container=1286539696 +[Performance benchmark]: https://performance-dot-grpc-testing.appspot.com/explore?dashboard=5180705743044608 [quick start]: https://grpc.io/docs/languages/go/quickstart [go-releases]: https://golang.org/doc/devel/release.html diff --git a/vendor/google.golang.org/grpc/balancer/balancer.go b/vendor/google.golang.org/grpc/balancer/balancer.go index 788759bde..ab531f4c0 100644 --- a/vendor/google.golang.org/grpc/balancer/balancer.go +++ b/vendor/google.golang.org/grpc/balancer/balancer.go @@ -101,6 +101,9 @@ type SubConn interface { // a new connection will be created. // // This will trigger a state transition for the SubConn. + // + // Deprecated: This method is now part of the ClientConn interface and will + // eventually be removed from here. UpdateAddresses([]resolver.Address) // Connect starts the connecting for this SubConn. Connect() @@ -143,6 +146,13 @@ type ClientConn interface { // RemoveSubConn removes the SubConn from ClientConn. // The SubConn will be shutdown. RemoveSubConn(SubConn) + // UpdateAddresses updates the addresses used in the passed in SubConn. + // gRPC checks if the currently connected address is still in the new list. + // If so, the connection will be kept. Else, the connection will be + // gracefully closed, and a new connection will be created. + // + // This will trigger a state transition for the SubConn. + UpdateAddresses(SubConn, []resolver.Address) // UpdateState notifies gRPC that the balancer's internal state has // changed. diff --git a/vendor/google.golang.org/grpc/balancer/base/balancer.go b/vendor/google.golang.org/grpc/balancer/base/balancer.go index e0d34288c..c883efa0b 100644 --- a/vendor/google.golang.org/grpc/balancer/base/balancer.go +++ b/vendor/google.golang.org/grpc/balancer/base/balancer.go @@ -22,6 +22,7 @@ import ( "errors" "fmt" + "google.golang.org/grpc/attributes" "google.golang.org/grpc/balancer" "google.golang.org/grpc/connectivity" "google.golang.org/grpc/grpclog" @@ -41,7 +42,7 @@ func (bb *baseBuilder) Build(cc balancer.ClientConn, opt balancer.BuildOptions) cc: cc, pickerBuilder: bb.pickerBuilder, - subConns: make(map[resolver.Address]balancer.SubConn), + subConns: make(map[resolver.Address]subConnInfo), scStates: make(map[balancer.SubConn]connectivity.State), csEvltr: &balancer.ConnectivityStateEvaluator{}, config: bb.config, @@ -57,6 +58,11 @@ func (bb *baseBuilder) Name() string { return bb.name } +type subConnInfo struct { + subConn balancer.SubConn + attrs *attributes.Attributes +} + type baseBalancer struct { cc balancer.ClientConn pickerBuilder PickerBuilder @@ -64,7 +70,7 @@ type baseBalancer struct { csEvltr *balancer.ConnectivityStateEvaluator state connectivity.State - subConns map[resolver.Address]balancer.SubConn // `attributes` is stripped from the keys of this map (the addresses) + subConns map[resolver.Address]subConnInfo // `attributes` is stripped from the keys of this map (the addresses) scStates map[balancer.SubConn]connectivity.State picker balancer.Picker config Config @@ -114,7 +120,7 @@ func (b *baseBalancer) UpdateClientConnState(s balancer.ClientConnState) error { aNoAttrs := a aNoAttrs.Attributes = nil addrsSet[aNoAttrs] = struct{}{} - if sc, ok := b.subConns[aNoAttrs]; !ok { + if scInfo, ok := b.subConns[aNoAttrs]; !ok { // a is a new address (not existing in b.subConns). // // When creating SubConn, the original address with attributes is @@ -125,7 +131,7 @@ func (b *baseBalancer) UpdateClientConnState(s balancer.ClientConnState) error { logger.Warningf("base.baseBalancer: failed to create new SubConn: %v", err) continue } - b.subConns[aNoAttrs] = sc + b.subConns[aNoAttrs] = subConnInfo{subConn: sc, attrs: a.Attributes} b.scStates[sc] = connectivity.Idle sc.Connect() } else { @@ -135,13 +141,15 @@ func (b *baseBalancer) UpdateClientConnState(s balancer.ClientConnState) error { // The SubConn does a reflect.DeepEqual of the new and old // addresses. So this is a noop if the current address is the same // as the old one (including attributes). - sc.UpdateAddresses([]resolver.Address{a}) + scInfo.attrs = a.Attributes + b.subConns[aNoAttrs] = scInfo + b.cc.UpdateAddresses(scInfo.subConn, []resolver.Address{a}) } } - for a, sc := range b.subConns { + for a, scInfo := range b.subConns { // a was removed by resolver. if _, ok := addrsSet[a]; !ok { - b.cc.RemoveSubConn(sc) + b.cc.RemoveSubConn(scInfo.subConn) delete(b.subConns, a) // Keep the state of this sc in b.scStates until sc's state becomes Shutdown. // The entry will be deleted in UpdateSubConnState. @@ -184,9 +192,10 @@ func (b *baseBalancer) regeneratePicker() { readySCs := make(map[balancer.SubConn]SubConnInfo) // Filter out all ready SCs from full subConn map. - for addr, sc := range b.subConns { - if st, ok := b.scStates[sc]; ok && st == connectivity.Ready { - readySCs[sc] = SubConnInfo{Address: addr} + for addr, scInfo := range b.subConns { + if st, ok := b.scStates[scInfo.subConn]; ok && st == connectivity.Ready { + addr.Attributes = scInfo.attrs + readySCs[scInfo.subConn] = SubConnInfo{Address: addr} } } b.picker = b.pickerBuilder.Build(PickerBuildInfo{ReadySCs: readySCs}) diff --git a/vendor/google.golang.org/grpc/balancer_conn_wrappers.go b/vendor/google.golang.org/grpc/balancer_conn_wrappers.go index 11e592aab..dd8397963 100644 --- a/vendor/google.golang.org/grpc/balancer_conn_wrappers.go +++ b/vendor/google.golang.org/grpc/balancer_conn_wrappers.go @@ -43,7 +43,8 @@ type ccBalancerWrapper struct { cc *ClientConn balancerMu sync.Mutex // synchronizes calls to the balancer balancer balancer.Balancer - scBuffer *buffer.Unbounded + updateCh *buffer.Unbounded + closed *grpcsync.Event done *grpcsync.Event mu sync.Mutex @@ -53,7 +54,8 @@ type ccBalancerWrapper struct { func newCCBalancerWrapper(cc *ClientConn, b balancer.Builder, bopts balancer.BuildOptions) *ccBalancerWrapper { ccb := &ccBalancerWrapper{ cc: cc, - scBuffer: buffer.NewUnbounded(), + updateCh: buffer.NewUnbounded(), + closed: grpcsync.NewEvent(), done: grpcsync.NewEvent(), subConns: make(map[*acBalancerWrapper]struct{}), } @@ -67,35 +69,53 @@ func newCCBalancerWrapper(cc *ClientConn, b balancer.Builder, bopts balancer.Bui func (ccb *ccBalancerWrapper) watcher() { for { select { - case t := <-ccb.scBuffer.Get(): - ccb.scBuffer.Load() - if ccb.done.HasFired() { + case t := <-ccb.updateCh.Get(): + ccb.updateCh.Load() + if ccb.closed.HasFired() { break } - ccb.balancerMu.Lock() - su := t.(*scStateUpdate) - ccb.balancer.UpdateSubConnState(su.sc, balancer.SubConnState{ConnectivityState: su.state, ConnectionError: su.err}) - ccb.balancerMu.Unlock() - case <-ccb.done.Done(): + switch u := t.(type) { + case *scStateUpdate: + ccb.balancerMu.Lock() + ccb.balancer.UpdateSubConnState(u.sc, balancer.SubConnState{ConnectivityState: u.state, ConnectionError: u.err}) + ccb.balancerMu.Unlock() + case *acBalancerWrapper: + ccb.mu.Lock() + if ccb.subConns != nil { + delete(ccb.subConns, u) + ccb.cc.removeAddrConn(u.getAddrConn(), errConnDrain) + } + ccb.mu.Unlock() + default: + logger.Errorf("ccBalancerWrapper.watcher: unknown update %+v, type %T", t, t) + } + case <-ccb.closed.Done(): } - if ccb.done.HasFired() { + if ccb.closed.HasFired() { + ccb.balancerMu.Lock() ccb.balancer.Close() + ccb.balancerMu.Unlock() ccb.mu.Lock() scs := ccb.subConns ccb.subConns = nil ccb.mu.Unlock() + ccb.UpdateState(balancer.State{ConnectivityState: connectivity.Connecting, Picker: nil}) + ccb.done.Fire() + // Fire done before removing the addr conns. We can safely unblock + // ccb.close and allow the removeAddrConns to happen + // asynchronously. for acbw := range scs { ccb.cc.removeAddrConn(acbw.getAddrConn(), errConnDrain) } - ccb.UpdateState(balancer.State{ConnectivityState: connectivity.Connecting, Picker: nil}) return } } } func (ccb *ccBalancerWrapper) close() { - ccb.done.Fire() + ccb.closed.Fire() + <-ccb.done.Done() } func (ccb *ccBalancerWrapper) handleSubConnStateChange(sc balancer.SubConn, s connectivity.State, err error) { @@ -109,7 +129,7 @@ func (ccb *ccBalancerWrapper) handleSubConnStateChange(sc balancer.SubConn, s co if sc == nil { return } - ccb.scBuffer.Put(&scStateUpdate{ + ccb.updateCh.Put(&scStateUpdate{ sc: sc, state: s, err: err, @@ -150,17 +170,18 @@ func (ccb *ccBalancerWrapper) NewSubConn(addrs []resolver.Address, opts balancer } func (ccb *ccBalancerWrapper) RemoveSubConn(sc balancer.SubConn) { + // The RemoveSubConn() is handled in the run() goroutine, to avoid deadlock + // during switchBalancer() if the old balancer calls RemoveSubConn() in its + // Close(). + ccb.updateCh.Put(sc) +} + +func (ccb *ccBalancerWrapper) UpdateAddresses(sc balancer.SubConn, addrs []resolver.Address) { acbw, ok := sc.(*acBalancerWrapper) if !ok { return } - ccb.mu.Lock() - defer ccb.mu.Unlock() - if ccb.subConns == nil { - return - } - delete(ccb.subConns, acbw) - ccb.cc.removeAddrConn(acbw.getAddrConn(), errConnDrain) + acbw.UpdateAddresses(addrs) } func (ccb *ccBalancerWrapper) UpdateState(s balancer.State) { @@ -197,7 +218,7 @@ func (acbw *acBalancerWrapper) UpdateAddresses(addrs []resolver.Address) { acbw.mu.Lock() defer acbw.mu.Unlock() if len(addrs) <= 0 { - acbw.ac.tearDown(errConnDrain) + acbw.ac.cc.removeAddrConn(acbw.ac, errConnDrain) return } if !acbw.ac.tryUpdateAddrs(addrs) { @@ -212,7 +233,7 @@ func (acbw *acBalancerWrapper) UpdateAddresses(addrs []resolver.Address) { acbw.ac.acbw = nil acbw.ac.mu.Unlock() acState := acbw.ac.getState() - acbw.ac.tearDown(errConnDrain) + acbw.ac.cc.removeAddrConn(acbw.ac, errConnDrain) if acState == connectivity.Shutdown { return diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go index 77a08fd33..b2bccfed1 100644 --- a/vendor/google.golang.org/grpc/clientconn.go +++ b/vendor/google.golang.org/grpc/clientconn.go @@ -143,6 +143,7 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn * firstResolveEvent: grpcsync.NewEvent(), } cc.retryThrottler.Store((*retryThrottler)(nil)) + cc.safeConfigSelector.UpdateConfigSelector(&defaultConfigSelector{nil}) cc.ctx, cc.cancel = context.WithCancel(context.Background()) for _, opt := range opts { @@ -710,7 +711,12 @@ func (cc *ClientConn) switchBalancer(name string) { return } if cc.balancerWrapper != nil { + // Don't hold cc.mu while closing the balancers. The balancers may call + // methods that require cc.mu (e.g. cc.NewSubConn()). Holding the mutex + // would cause a deadlock in that case. + cc.mu.Unlock() cc.balancerWrapper.close() + cc.mu.Lock() } builder := balancer.Get(name) @@ -1045,12 +1051,12 @@ func (cc *ClientConn) Close() error { cc.blockingpicker.close() - if rWrapper != nil { - rWrapper.close() - } if bWrapper != nil { bWrapper.close() } + if rWrapper != nil { + rWrapper.close() + } for ac := range conns { ac.tearDown(ErrClientConnClosing) @@ -1197,7 +1203,7 @@ func (ac *addrConn) resetTransport() { ac.mu.Lock() if ac.state == connectivity.Shutdown { ac.mu.Unlock() - newTr.Close() + newTr.Close(fmt.Errorf("reached connectivity state: SHUTDOWN")) return } ac.curAddr = addr @@ -1329,7 +1335,7 @@ func (ac *addrConn) createTransport(addr resolver.Address, copts transport.Conne select { case <-time.After(time.Until(connectDeadline)): // We didn't get the preface in time. - newTr.Close() + newTr.Close(fmt.Errorf("failed to receive server preface within timeout")) channelz.Warningf(logger, ac.channelzID, "grpc: addrConn.createTransport failed to connect to %v: didn't receive server preface in time. Reconnecting...", addr) return nil, nil, errors.New("timed out waiting for server handshake") case <-prefaceReceived: @@ -1423,33 +1429,20 @@ func (ac *addrConn) resetConnectBackoff() { ac.mu.Unlock() } -// getReadyTransport returns the transport if ac's state is READY. -// Otherwise it returns nil, false. -// If ac's state is IDLE, it will trigger ac to connect. -func (ac *addrConn) getReadyTransport() (transport.ClientTransport, bool) { +// getReadyTransport returns the transport if ac's state is READY or nil if not. +func (ac *addrConn) getReadyTransport() transport.ClientTransport { ac.mu.Lock() - if ac.state == connectivity.Ready && ac.transport != nil { - t := ac.transport - ac.mu.Unlock() - return t, true + defer ac.mu.Unlock() + if ac.state == connectivity.Ready { + return ac.transport } - var idle bool - if ac.state == connectivity.Idle { - idle = true - } - ac.mu.Unlock() - // Trigger idle ac to connect. - if idle { - ac.connect() - } - return nil, false + return nil } // tearDown starts to tear down the addrConn. -// TODO(zhaoq): Make this synchronous to avoid unbounded memory consumption in -// some edge cases (e.g., the caller opens and closes many addrConn's in a -// tight loop. -// tearDown doesn't remove ac from ac.cc.conns. +// +// Note that tearDown doesn't remove ac from ac.cc.conns, so the addrConn struct +// will leak. In most cases, call cc.removeAddrConn() instead. func (ac *addrConn) tearDown(err error) { ac.mu.Lock() if ac.state == connectivity.Shutdown { diff --git a/vendor/google.golang.org/grpc/credentials/credentials.go b/vendor/google.golang.org/grpc/credentials/credentials.go index e69562e78..7eee7e4ec 100644 --- a/vendor/google.golang.org/grpc/credentials/credentials.go +++ b/vendor/google.golang.org/grpc/credentials/credentials.go @@ -30,7 +30,7 @@ import ( "github.com/golang/protobuf/proto" "google.golang.org/grpc/attributes" - "google.golang.org/grpc/internal" + icredentials "google.golang.org/grpc/internal/credentials" ) // PerRPCCredentials defines the common interface for the credentials which need to @@ -188,15 +188,12 @@ type RequestInfo struct { AuthInfo AuthInfo } -// requestInfoKey is a struct to be used as the key when attaching a RequestInfo to a context object. -type requestInfoKey struct{} - // RequestInfoFromContext extracts the RequestInfo from the context if it exists. // // This API is experimental. func RequestInfoFromContext(ctx context.Context) (ri RequestInfo, ok bool) { - ri, ok = ctx.Value(requestInfoKey{}).(RequestInfo) - return + ri, ok = icredentials.RequestInfoFromContext(ctx).(RequestInfo) + return ri, ok } // ClientHandshakeInfo holds data to be passed to ClientHandshake. This makes @@ -211,16 +208,12 @@ type ClientHandshakeInfo struct { Attributes *attributes.Attributes } -// clientHandshakeInfoKey is a struct used as the key to store -// ClientHandshakeInfo in a context. -type clientHandshakeInfoKey struct{} - // ClientHandshakeInfoFromContext returns the ClientHandshakeInfo struct stored // in ctx. // // This API is experimental. func ClientHandshakeInfoFromContext(ctx context.Context) ClientHandshakeInfo { - chi, _ := ctx.Value(clientHandshakeInfoKey{}).(ClientHandshakeInfo) + chi, _ := icredentials.ClientHandshakeInfoFromContext(ctx).(ClientHandshakeInfo) return chi } @@ -249,15 +242,6 @@ func CheckSecurityLevel(ai AuthInfo, level SecurityLevel) error { return nil } -func init() { - internal.NewRequestInfoContext = func(ctx context.Context, ri RequestInfo) context.Context { - return context.WithValue(ctx, requestInfoKey{}, ri) - } - internal.NewClientHandshakeInfoContext = func(ctx context.Context, chi ClientHandshakeInfo) context.Context { - return context.WithValue(ctx, clientHandshakeInfoKey{}, chi) - } -} - // ChannelzSecurityInfo defines the interface that security protocols should implement // in order to provide security info to channelz. // diff --git a/vendor/google.golang.org/grpc/dialoptions.go b/vendor/google.golang.org/grpc/dialoptions.go index e7f86e6d7..7a497237b 100644 --- a/vendor/google.golang.org/grpc/dialoptions.go +++ b/vendor/google.golang.org/grpc/dialoptions.go @@ -66,11 +66,7 @@ type dialOptions struct { minConnectTimeout func() time.Duration defaultServiceConfig *ServiceConfig // defaultServiceConfig is parsed from defaultServiceConfigRawJSON. defaultServiceConfigRawJSON *string - // This is used by ccResolverWrapper to backoff between successive calls to - // resolver.ResolveNow(). The user will have no need to configure this, but - // we need to be able to configure this in tests. - resolveNowBackoff func(int) time.Duration - resolvers []resolver.Builder + resolvers []resolver.Builder } // DialOption configures how we set up the connection. @@ -596,7 +592,6 @@ func defaultDialOptions() dialOptions { ReadBufferSize: defaultReadBufSize, UseProxy: true, }, - resolveNowBackoff: internalbackoff.DefaultExponential.Backoff, } } @@ -611,16 +606,6 @@ func withMinConnectDeadline(f func() time.Duration) DialOption { }) } -// withResolveNowBackoff specifies the function that clientconn uses to backoff -// between successive calls to resolver.ResolveNow(). -// -// For testing purpose only. -func withResolveNowBackoff(f func(int) time.Duration) DialOption { - return newFuncDialOption(func(o *dialOptions) { - o.resolveNowBackoff = f - }) -} - // WithResolvers allows a list of resolver implementations to be registered // locally with the ClientConn without needing to be globally registered via // resolver.Register. They will be matched against the scheme used for the diff --git a/vendor/google.golang.org/grpc/encoding/proto/proto.go b/vendor/google.golang.org/grpc/encoding/proto/proto.go index e1230fdd3..3009b35af 100644 --- a/vendor/google.golang.org/grpc/encoding/proto/proto.go +++ b/vendor/google.golang.org/grpc/encoding/proto/proto.go @@ -21,6 +21,8 @@ package proto import ( + "fmt" + "github.com/golang/protobuf/proto" "google.golang.org/grpc/encoding" ) @@ -36,11 +38,19 @@ func init() { type codec struct{} func (codec) Marshal(v interface{}) ([]byte, error) { - return proto.Marshal(v.(proto.Message)) + vv, ok := v.(proto.Message) + if !ok { + return nil, fmt.Errorf("failed to marshal, message is %T, want proto.Message", v) + } + return proto.Marshal(vv) } func (codec) Unmarshal(data []byte, v interface{}) error { - return proto.Unmarshal(data, v.(proto.Message)) + vv, ok := v.(proto.Message) + if !ok { + return fmt.Errorf("failed to unmarshal, message is %T, want proto.Message", v) + } + return proto.Unmarshal(data, vv) } func (codec) Name() string { diff --git a/vendor/google.golang.org/grpc/go.mod b/vendor/google.golang.org/grpc/go.mod index cab74e557..2f2cf1eb7 100644 --- a/vendor/google.golang.org/grpc/go.mod +++ b/vendor/google.golang.org/grpc/go.mod @@ -3,15 +3,16 @@ module google.golang.org/grpc go 1.11 require ( + github.com/cespare/xxhash v1.1.0 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403 - github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad + github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b - github.com/golang/protobuf v1.4.2 + github.com/golang/protobuf v1.4.3 github.com/google/go-cmp v0.5.0 github.com/google/uuid v1.1.2 - golang.org/x/net v0.0.0-20190311183353-d8887717615a - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be - golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a + golang.org/x/net v0.0.0-20200822124328-c89045814202 + golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d + golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 google.golang.org/protobuf v1.25.0 ) diff --git a/vendor/google.golang.org/grpc/go.sum b/vendor/google.golang.org/grpc/go.sum index 77ee70b44..372b4ea3d 100644 --- a/vendor/google.golang.org/grpc/go.sum +++ b/vendor/google.golang.org/grpc/go.sum @@ -1,34 +1,46 @@ -cloud.google.com/go v0.26.0 h1:e0WKqKTd5BnrG8aKH3J3h+QvEIQtSUcf2n5UZ5ZgLtQ= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= +cloud.google.com/go v0.34.0 h1:eOI3/cP2VTU6uZLDYAoic+eyzzB9YyGmJ7eIjl8rOPg= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/census-instrumentation/opencensus-proto v0.2.1 h1:glEXhBS5PSLLv4IXzLA5yPRVX4bilULVyxxbrfOtDAk= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI= +github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403 h1:cqQfy1jclcSy/FwLjemeg3SR1yaINm74aQyupQ0Bl8M= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed h1:OZmjad4L3H8ncOIR8rnb5MREYqG8ixi5+WbeUsquF0c= +github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad h1:EmNYJhPYy0pOFjCx2PrgtaBXmee0iUX9hLlxE1xHOJE= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0 h1:dulLQAYQFYtG5MTplgNGHWuV2D+OBD+Z8lmDBmbLg+s= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -37,50 +49,66 @@ github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 h1:qLC7fQah7D6K1B0ujays3HV9gkFtllcxhzImRR7ArPQ= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M= +go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be h1:vEDujvNQGv4jgYKudGeI/+DAX4Jffq6hpD55MmoEvKs= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20200822124328-c89045814202 h1:VvcQYSHwXgi7W+TpUR6A9g6Up98WAHf3f/ulnJ62IyA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= +google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -93,7 +121,8 @@ google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.3 h1:fvjTMHxHEw/mxHbtzPi3JCcKXQRAnQTBRo6YCJSVHKI= +gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/vendor/google.golang.org/grpc/internal/binarylog/sink.go b/vendor/google.golang.org/grpc/internal/binarylog/sink.go index 7d7a3056b..c2fdd58b3 100644 --- a/vendor/google.golang.org/grpc/internal/binarylog/sink.go +++ b/vendor/google.golang.org/grpc/internal/binarylog/sink.go @@ -69,7 +69,8 @@ type writerSink struct { func (ws *writerSink) Write(e *pb.GrpcLogEntry) error { b, err := proto.Marshal(e) if err != nil { - grpclogLogger.Infof("binary logging: failed to marshal proto message: %v", err) + grpclogLogger.Errorf("binary logging: failed to marshal proto message: %v", err) + return err } hdr := make([]byte, 4) binary.BigEndian.PutUint32(hdr, uint32(len(b))) @@ -85,24 +86,27 @@ func (ws *writerSink) Write(e *pb.GrpcLogEntry) error { func (ws *writerSink) Close() error { return nil } type bufferedSink struct { - mu sync.Mutex - closer io.Closer - out Sink // out is built on buf. - buf *bufio.Writer // buf is kept for flush. + mu sync.Mutex + closer io.Closer + out Sink // out is built on buf. + buf *bufio.Writer // buf is kept for flush. + flusherStarted bool - writeStartOnce sync.Once - writeTicker *time.Ticker + writeTicker *time.Ticker + done chan struct{} } func (fs *bufferedSink) Write(e *pb.GrpcLogEntry) error { - // Start the write loop when Write is called. - fs.writeStartOnce.Do(fs.startFlushGoroutine) fs.mu.Lock() + defer fs.mu.Unlock() + if !fs.flusherStarted { + // Start the write loop when Write is called. + fs.startFlushGoroutine() + fs.flusherStarted = true + } if err := fs.out.Write(e); err != nil { - fs.mu.Unlock() return err } - fs.mu.Unlock() return nil } @@ -113,7 +117,12 @@ const ( func (fs *bufferedSink) startFlushGoroutine() { fs.writeTicker = time.NewTicker(bufFlushDuration) go func() { - for range fs.writeTicker.C { + for { + select { + case <-fs.done: + return + case <-fs.writeTicker.C: + } fs.mu.Lock() if err := fs.buf.Flush(); err != nil { grpclogLogger.Warningf("failed to flush to Sink: %v", err) @@ -124,10 +133,12 @@ func (fs *bufferedSink) startFlushGoroutine() { } func (fs *bufferedSink) Close() error { + fs.mu.Lock() + defer fs.mu.Unlock() if fs.writeTicker != nil { fs.writeTicker.Stop() } - fs.mu.Lock() + close(fs.done) if err := fs.buf.Flush(); err != nil { grpclogLogger.Warningf("failed to flush to Sink: %v", err) } @@ -137,7 +148,6 @@ func (fs *bufferedSink) Close() error { if err := fs.out.Close(); err != nil { grpclogLogger.Warningf("failed to close the Sink: %v", err) } - fs.mu.Unlock() return nil } @@ -155,5 +165,6 @@ func NewBufferedSink(o io.WriteCloser) Sink { closer: o, out: newWriterSink(bufW), buf: bufW, + done: make(chan struct{}), } } diff --git a/vendor/google.golang.org/grpc/internal/credentials/credentials.go b/vendor/google.golang.org/grpc/internal/credentials/credentials.go new file mode 100644 index 000000000..32c9b5903 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/credentials/credentials.go @@ -0,0 +1,49 @@ +/* + * Copyright 2021 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package credentials + +import ( + "context" +) + +// requestInfoKey is a struct to be used as the key to store RequestInfo in a +// context. +type requestInfoKey struct{} + +// NewRequestInfoContext creates a context with ri. +func NewRequestInfoContext(ctx context.Context, ri interface{}) context.Context { + return context.WithValue(ctx, requestInfoKey{}, ri) +} + +// RequestInfoFromContext extracts the RequestInfo from ctx. +func RequestInfoFromContext(ctx context.Context) interface{} { + return ctx.Value(requestInfoKey{}) +} + +// clientHandshakeInfoKey is a struct used as the key to store +// ClientHandshakeInfo in a context. +type clientHandshakeInfoKey struct{} + +// ClientHandshakeInfoFromContext extracts the ClientHandshakeInfo from ctx. +func ClientHandshakeInfoFromContext(ctx context.Context) interface{} { + return ctx.Value(clientHandshakeInfoKey{}) +} + +// NewClientHandshakeInfoContext creates a context with chi. +func NewClientHandshakeInfoContext(ctx context.Context, chi interface{}) context.Context { + return context.WithValue(ctx, clientHandshakeInfoKey{}, chi) +} diff --git a/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go b/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go index 200b115ca..740f83c2b 100644 --- a/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go +++ b/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go @@ -31,26 +31,37 @@ var ( mu sync.Mutex ) +// Int implements rand.Int on the grpcrand global source. +func Int() int { + mu.Lock() + defer mu.Unlock() + return r.Int() +} + // Int63n implements rand.Int63n on the grpcrand global source. func Int63n(n int64) int64 { mu.Lock() - res := r.Int63n(n) - mu.Unlock() - return res + defer mu.Unlock() + return r.Int63n(n) } // Intn implements rand.Intn on the grpcrand global source. func Intn(n int) int { mu.Lock() - res := r.Intn(n) - mu.Unlock() - return res + defer mu.Unlock() + return r.Intn(n) } // Float64 implements rand.Float64 on the grpcrand global source. func Float64() float64 { mu.Lock() - res := r.Float64() - mu.Unlock() - return res + defer mu.Unlock() + return r.Float64() +} + +// Uint64 implements rand.Uint64 on the grpcrand global source. +func Uint64() uint64 { + mu.Lock() + defer mu.Unlock() + return r.Uint64() } diff --git a/vendor/google.golang.org/grpc/internal/internal.go b/vendor/google.golang.org/grpc/internal/internal.go index 1e2834c70..1b596bf35 100644 --- a/vendor/google.golang.org/grpc/internal/internal.go +++ b/vendor/google.golang.org/grpc/internal/internal.go @@ -38,12 +38,6 @@ var ( // KeepaliveMinPingTime is the minimum ping interval. This must be 10s by // default, but tests may wish to set it lower for convenience. KeepaliveMinPingTime = 10 * time.Second - // NewRequestInfoContext creates a new context based on the argument context attaching - // the passed in RequestInfo to the new context. - NewRequestInfoContext interface{} // func(context.Context, credentials.RequestInfo) context.Context - // NewClientHandshakeInfoContext returns a copy of the input context with - // the passed in ClientHandshakeInfo struct added to it. - NewClientHandshakeInfoContext interface{} // func(context.Context, credentials.ClientHandshakeInfo) context.Context // ParseServiceConfigForTesting is for creating a fake // ClientConn for resolver testing only ParseServiceConfigForTesting interface{} // func(string) *serviceconfig.ParseResult @@ -65,6 +59,11 @@ var ( // gRPC server. An xDS-enabled server needs to know what type of credentials // is configured on the underlying gRPC server. This is set by server.go. GetServerCredentials interface{} // func (*grpc.Server) credentials.TransportCredentials + // DrainServerTransports initiates a graceful close of existing connections + // on a gRPC server accepted on the provided listener address. An + // xDS-enabled server invokes this method on a grpc.Server when a particular + // listener moves to "not-serving" mode. + DrainServerTransports interface{} // func(*grpc.Server, string) ) // HealthChecker defines the signature of the client-side LB channel health checking function. diff --git a/vendor/google.golang.org/grpc/internal/resolver/config_selector.go b/vendor/google.golang.org/grpc/internal/resolver/config_selector.go index e69900400..5e7f36703 100644 --- a/vendor/google.golang.org/grpc/internal/resolver/config_selector.go +++ b/vendor/google.golang.org/grpc/internal/resolver/config_selector.go @@ -24,6 +24,7 @@ import ( "sync" "google.golang.org/grpc/internal/serviceconfig" + "google.golang.org/grpc/metadata" "google.golang.org/grpc/resolver" ) @@ -51,6 +52,74 @@ type RPCConfig struct { Context context.Context MethodConfig serviceconfig.MethodConfig // configuration to use for this RPC OnCommitted func() // Called when the RPC has been committed (retries no longer possible) + Interceptor ClientInterceptor +} + +// ClientStream is the same as grpc.ClientStream, but defined here for circular +// dependency reasons. +type ClientStream interface { + // Header returns the header metadata received from the server if there + // is any. It blocks if the metadata is not ready to read. + Header() (metadata.MD, error) + // Trailer returns the trailer metadata from the server, if there is any. + // It must only be called after stream.CloseAndRecv has returned, or + // stream.Recv has returned a non-nil error (including io.EOF). + Trailer() metadata.MD + // CloseSend closes the send direction of the stream. It closes the stream + // when non-nil error is met. It is also not safe to call CloseSend + // concurrently with SendMsg. + CloseSend() error + // Context returns the context for this stream. + // + // It should not be called until after Header or RecvMsg has returned. Once + // called, subsequent client-side retries are disabled. + Context() context.Context + // SendMsg is generally called by generated code. On error, SendMsg aborts + // the stream. If the error was generated by the client, the status is + // returned directly; otherwise, io.EOF is returned and the status of + // the stream may be discovered using RecvMsg. + // + // SendMsg blocks until: + // - There is sufficient flow control to schedule m with the transport, or + // - The stream is done, or + // - The stream breaks. + // + // SendMsg does not wait until the message is received by the server. An + // untimely stream closure may result in lost messages. To ensure delivery, + // users should ensure the RPC completed successfully using RecvMsg. + // + // It is safe to have a goroutine calling SendMsg and another goroutine + // calling RecvMsg on the same stream at the same time, but it is not safe + // to call SendMsg on the same stream in different goroutines. It is also + // not safe to call CloseSend concurrently with SendMsg. + SendMsg(m interface{}) error + // RecvMsg blocks until it receives a message into m or the stream is + // done. It returns io.EOF when the stream completes successfully. On + // any other error, the stream is aborted and the error contains the RPC + // status. + // + // It is safe to have a goroutine calling SendMsg and another goroutine + // calling RecvMsg on the same stream at the same time, but it is not + // safe to call RecvMsg on the same stream in different goroutines. + RecvMsg(m interface{}) error +} + +// ClientInterceptor is an interceptor for gRPC client streams. +type ClientInterceptor interface { + // NewStream produces a ClientStream for an RPC which may optionally use + // the provided function to produce a stream for delegation. Note: + // RPCInfo.Context should not be used (will be nil). + // + // done is invoked when the RPC is finished using its connection, or could + // not be assigned a connection. RPC operations may still occur on + // ClientStream after done is called, since the interceptor is invoked by + // application-layer operations. done must never be nil when called. + NewStream(ctx context.Context, ri RPCInfo, done func(), newStream func(ctx context.Context, done func()) (ClientStream, error)) (ClientStream, error) +} + +// ServerInterceptor is unimplementable; do not use. +type ServerInterceptor interface { + notDefined() } type csKeyType string diff --git a/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go b/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go index 304235566..03825bbe7 100644 --- a/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go +++ b/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go @@ -34,6 +34,7 @@ import ( grpclbstate "google.golang.org/grpc/balancer/grpclb/state" "google.golang.org/grpc/grpclog" + "google.golang.org/grpc/internal/backoff" "google.golang.org/grpc/internal/envconfig" "google.golang.org/grpc/internal/grpcrand" "google.golang.org/grpc/resolver" @@ -46,6 +47,13 @@ var EnableSRVLookups = false var logger = grpclog.Component("dns") +// Globals to stub out in tests. TODO: Perhaps these two can be combined into a +// single variable for testing the resolver? +var ( + newTimer = time.NewTimer + newTimerDNSResRate = time.NewTimer +) + func init() { resolver.Register(NewBuilder()) } @@ -143,7 +151,6 @@ func (b *dnsBuilder) Build(target resolver.Target, cc resolver.ClientConn, opts d.wg.Add(1) go d.watcher() - d.ResolveNow(resolver.ResolveNowOptions{}) return d, nil } @@ -201,28 +208,38 @@ func (d *dnsResolver) Close() { func (d *dnsResolver) watcher() { defer d.wg.Done() + backoffIndex := 1 for { - select { - case <-d.ctx.Done(): - return - case <-d.rn: - } - state, err := d.lookup() if err != nil { + // Report error to the underlying grpc.ClientConn. d.cc.ReportError(err) } else { - d.cc.UpdateState(*state) + err = d.cc.UpdateState(*state) } - // Sleep to prevent excessive re-resolutions. Incoming resolution requests - // will be queued in d.rn. - t := time.NewTimer(minDNSResRate) + var timer *time.Timer + if err == nil { + // Success resolving, wait for the next ResolveNow. However, also wait 30 seconds at the very least + // to prevent constantly re-resolving. + backoffIndex = 1 + timer = newTimerDNSResRate(minDNSResRate) + select { + case <-d.ctx.Done(): + timer.Stop() + return + case <-d.rn: + } + } else { + // Poll on an error found in DNS Resolver or an error received from ClientConn. + timer = newTimer(backoff.DefaultExponential.Backoff(backoffIndex)) + backoffIndex++ + } select { - case <-t.C: case <-d.ctx.Done(): - t.Stop() + timer.Stop() return + case <-timer.C: } } } diff --git a/vendor/google.golang.org/grpc/internal/serviceconfig/serviceconfig.go b/vendor/google.golang.org/grpc/internal/serviceconfig/serviceconfig.go index bd4b8875f..c0634d152 100644 --- a/vendor/google.golang.org/grpc/internal/serviceconfig/serviceconfig.go +++ b/vendor/google.golang.org/grpc/internal/serviceconfig/serviceconfig.go @@ -46,6 +46,22 @@ type BalancerConfig struct { type intermediateBalancerConfig []map[string]json.RawMessage +// MarshalJSON implements the json.Marshaler interface. +// +// It marshals the balancer and config into a length-1 slice +// ([]map[string]config). +func (bc *BalancerConfig) MarshalJSON() ([]byte, error) { + if bc.Config == nil { + // If config is nil, return empty config `{}`. + return []byte(fmt.Sprintf(`[{%q: %v}]`, bc.Name, "{}")), nil + } + c, err := json.Marshal(bc.Config) + if err != nil { + return nil, err + } + return []byte(fmt.Sprintf(`[{%q: %s}]`, bc.Name, c)), nil +} + // UnmarshalJSON implements the json.Unmarshaler interface. // // ServiceConfig contains a list of loadBalancingConfigs, each with a name and diff --git a/vendor/google.golang.org/grpc/internal/status/status.go b/vendor/google.golang.org/grpc/internal/status/status.go index 710223b8d..e5c6513ed 100644 --- a/vendor/google.golang.org/grpc/internal/status/status.go +++ b/vendor/google.golang.org/grpc/internal/status/status.go @@ -97,7 +97,7 @@ func (s *Status) Err() error { if s.Code() == codes.OK { return nil } - return &Error{e: s.Proto()} + return &Error{s: s} } // WithDetails returns a new status with the provided details messages appended to the status. @@ -136,19 +136,23 @@ func (s *Status) Details() []interface{} { return details } +func (s *Status) String() string { + return fmt.Sprintf("rpc error: code = %s desc = %s", s.Code(), s.Message()) +} + // Error wraps a pointer of a status proto. It implements error and Status, // and a nil *Error should never be returned by this package. type Error struct { - e *spb.Status + s *Status } func (e *Error) Error() string { - return fmt.Sprintf("rpc error: code = %s desc = %s", codes.Code(e.e.GetCode()), e.e.GetMessage()) + return e.s.String() } // GRPCStatus returns the Status represented by se. func (e *Error) GRPCStatus() *Status { - return FromProto(e.e) + return e.s } // Is implements future error.Is functionality. @@ -158,5 +162,5 @@ func (e *Error) Is(target error) bool { if !ok { return false } - return proto.Equal(e.e, tse.e) + return proto.Equal(e.s.s, tse.s.s) } diff --git a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go index 40ef23923..45532f8ae 100644 --- a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go +++ b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go @@ -20,13 +20,17 @@ package transport import ( "bytes" + "errors" "fmt" "runtime" + "strconv" "sync" "sync/atomic" "golang.org/x/net/http2" "golang.org/x/net/http2/hpack" + "google.golang.org/grpc/internal/grpcutil" + "google.golang.org/grpc/status" ) var updateHeaderTblSize = func(e *hpack.Encoder, v uint32) { @@ -128,6 +132,14 @@ type cleanupStream struct { func (c *cleanupStream) isTransportResponseFrame() bool { return c.rst } // Results in a RST_STREAM +type earlyAbortStream struct { + streamID uint32 + contentSubtype string + status *status.Status +} + +func (*earlyAbortStream) isTransportResponseFrame() bool { return false } + type dataFrame struct { streamID uint32 endStream bool @@ -284,7 +296,7 @@ type controlBuffer struct { // closed and nilled when transportResponseFrames drops below the // threshold. Both fields are protected by mu. transportResponseFrames int - trfChan atomic.Value // *chan struct{} + trfChan atomic.Value // chan struct{} } func newControlBuffer(done <-chan struct{}) *controlBuffer { @@ -298,10 +310,10 @@ func newControlBuffer(done <-chan struct{}) *controlBuffer { // throttle blocks if there are too many incomingSettings/cleanupStreams in the // controlbuf. func (c *controlBuffer) throttle() { - ch, _ := c.trfChan.Load().(*chan struct{}) + ch, _ := c.trfChan.Load().(chan struct{}) if ch != nil { select { - case <-*ch: + case <-ch: case <-c.done: } } @@ -335,8 +347,7 @@ func (c *controlBuffer) executeAndPut(f func(it interface{}) bool, it cbItem) (b if c.transportResponseFrames == maxQueuedTransportResponseFrames { // We are adding the frame that puts us over the threshold; create // a throttling channel. - ch := make(chan struct{}) - c.trfChan.Store(&ch) + c.trfChan.Store(make(chan struct{})) } } c.mu.Unlock() @@ -377,9 +388,9 @@ func (c *controlBuffer) get(block bool) (interface{}, error) { if c.transportResponseFrames == maxQueuedTransportResponseFrames { // We are removing the frame that put us over the // threshold; close and clear the throttling channel. - ch := c.trfChan.Load().(*chan struct{}) - close(*ch) - c.trfChan.Store((*chan struct{})(nil)) + ch := c.trfChan.Load().(chan struct{}) + close(ch) + c.trfChan.Store((chan struct{})(nil)) } c.transportResponseFrames-- } @@ -395,7 +406,6 @@ func (c *controlBuffer) get(block bool) (interface{}, error) { select { case <-c.ch: case <-c.done: - c.finish() return nil, ErrConnClosing } } @@ -420,6 +430,14 @@ func (c *controlBuffer) finish() { hdr.onOrphaned(ErrConnClosing) } } + // In case throttle() is currently in flight, it needs to be unblocked. + // Otherwise, the transport may not close, since the transport is closed by + // the reader encountering the connection error. + ch, _ := c.trfChan.Load().(chan struct{}) + if ch != nil { + close(ch) + } + c.trfChan.Store((chan struct{})(nil)) c.mu.Unlock() } @@ -749,6 +767,24 @@ func (l *loopyWriter) cleanupStreamHandler(c *cleanupStream) error { return nil } +func (l *loopyWriter) earlyAbortStreamHandler(eas *earlyAbortStream) error { + if l.side == clientSide { + return errors.New("earlyAbortStream not handled on client") + } + + headerFields := []hpack.HeaderField{ + {Name: ":status", Value: "200"}, + {Name: "content-type", Value: grpcutil.ContentType(eas.contentSubtype)}, + {Name: "grpc-status", Value: strconv.Itoa(int(eas.status.Code()))}, + {Name: "grpc-message", Value: encodeGrpcMessage(eas.status.Message())}, + } + + if err := l.writeHeader(eas.streamID, true, headerFields, nil); err != nil { + return err + } + return nil +} + func (l *loopyWriter) incomingGoAwayHandler(*incomingGoAway) error { if l.side == clientSide { l.draining = true @@ -787,6 +823,8 @@ func (l *loopyWriter) handle(i interface{}) error { return l.registerStreamHandler(i) case *cleanupStream: return l.cleanupStreamHandler(i) + case *earlyAbortStream: + return l.earlyAbortStreamHandler(i) case *incomingGoAway: return l.incomingGoAwayHandler(i) case *dataFrame: diff --git a/vendor/google.golang.org/grpc/internal/transport/handler_server.go b/vendor/google.golang.org/grpc/internal/transport/handler_server.go index 05d3871e6..1c3459c2b 100644 --- a/vendor/google.golang.org/grpc/internal/transport/handler_server.go +++ b/vendor/google.golang.org/grpc/internal/transport/handler_server.go @@ -141,9 +141,8 @@ type serverHandlerTransport struct { stats stats.Handler } -func (ht *serverHandlerTransport) Close() error { +func (ht *serverHandlerTransport) Close() { ht.closeOnce.Do(ht.closeCloseChanOnce) - return nil } func (ht *serverHandlerTransport) closeCloseChanOnce() { close(ht.closedCh) } diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go index 8902b7f90..0cd6da1e7 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go @@ -24,6 +24,7 @@ import ( "io" "math" "net" + "net/http" "strconv" "strings" "sync" @@ -32,15 +33,14 @@ import ( "golang.org/x/net/http2" "golang.org/x/net/http2/hpack" - "google.golang.org/grpc/internal/grpcutil" - imetadata "google.golang.org/grpc/internal/metadata" - "google.golang.org/grpc/internal/transport/networktype" - "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" - "google.golang.org/grpc/internal" "google.golang.org/grpc/internal/channelz" + icredentials "google.golang.org/grpc/internal/credentials" + "google.golang.org/grpc/internal/grpcutil" + imetadata "google.golang.org/grpc/internal/metadata" "google.golang.org/grpc/internal/syscall" + "google.golang.org/grpc/internal/transport/networktype" "google.golang.org/grpc/keepalive" "google.golang.org/grpc/metadata" "google.golang.org/grpc/peer" @@ -116,6 +116,9 @@ type http2Client struct { // goAwayReason records the http2.ErrCode and debug data received with the // GoAway frame. goAwayReason GoAwayReason + // goAwayDebugMessage contains a detailed human readable string about a + // GoAway frame, useful for error messages. + goAwayDebugMessage string // A condition variable used to signal when the keepalive goroutine should // go dormant. The condition for dormancy is based on the number of active // streams and the `PermitWithoutStream` keepalive client parameter. And @@ -238,9 +241,16 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts // Attributes field of resolver.Address, which is shoved into connectCtx // and passed to the credential handshaker. This makes it possible for // address specific arbitrary data to reach the credential handshaker. - contextWithHandshakeInfo := internal.NewClientHandshakeInfoContext.(func(context.Context, credentials.ClientHandshakeInfo) context.Context) - connectCtx = contextWithHandshakeInfo(connectCtx, credentials.ClientHandshakeInfo{Attributes: addr.Attributes}) - conn, authInfo, err = transportCreds.ClientHandshake(connectCtx, addr.ServerName, conn) + connectCtx = icredentials.NewClientHandshakeInfoContext(connectCtx, credentials.ClientHandshakeInfo{Attributes: addr.Attributes}) + rawConn := conn + // Pull the deadline from the connectCtx, which will be used for + // timeouts in the authentication protocol handshake. Can ignore the + // boolean as the deadline will return the zero value, which will make + // the conn not timeout on I/O operations. + deadline, _ := connectCtx.Deadline() + rawConn.SetDeadline(deadline) + conn, authInfo, err = transportCreds.ClientHandshake(connectCtx, addr.ServerName, rawConn) + rawConn.SetDeadline(time.Time{}) if err != nil { return nil, connectionErrorf(isTemporary(err), err, "transport: authentication handshake failed: %v", err) } @@ -347,12 +357,14 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts // Send connection preface to server. n, err := t.conn.Write(clientPreface) if err != nil { - t.Close() - return nil, connectionErrorf(true, err, "transport: failed to write client preface: %v", err) + err = connectionErrorf(true, err, "transport: failed to write client preface: %v", err) + t.Close(err) + return nil, err } if n != len(clientPreface) { - t.Close() - return nil, connectionErrorf(true, err, "transport: preface mismatch, wrote %d bytes; want %d", n, len(clientPreface)) + err = connectionErrorf(true, nil, "transport: preface mismatch, wrote %d bytes; want %d", n, len(clientPreface)) + t.Close(err) + return nil, err } var ss []http2.Setting @@ -370,14 +382,16 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts } err = t.framer.fr.WriteSettings(ss...) if err != nil { - t.Close() - return nil, connectionErrorf(true, err, "transport: failed to write initial settings frame: %v", err) + err = connectionErrorf(true, err, "transport: failed to write initial settings frame: %v", err) + t.Close(err) + return nil, err } // Adjust the connection flow control window if needed. if delta := uint32(icwz - defaultWindowSize); delta > 0 { if err := t.framer.fr.WriteWindowUpdate(0, delta); err != nil { - t.Close() - return nil, connectionErrorf(true, err, "transport: failed to write window update: %v", err) + err = connectionErrorf(true, err, "transport: failed to write window update: %v", err) + t.Close(err) + return nil, err } } @@ -394,11 +408,10 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts logger.Errorf("transport: loopyWriter.run returning. Err: %v", err) } } - // If it's a connection error, let reader goroutine handle it - // since there might be data in the buffers. - if _, ok := err.(net.Error); !ok { - t.conn.Close() - } + // Do not close the transport. Let reader goroutine handle it since + // there might be data in the buffers. + t.conn.Close() + t.controlBuf.finish() close(t.writerDone) }() return t, nil @@ -414,6 +427,7 @@ func (t *http2Client) newStream(ctx context.Context, callHdr *CallHdr) *Stream { buf: newRecvBuffer(), headerChan: make(chan struct{}), contentSubtype: callHdr.ContentSubtype, + doneFunc: callHdr.DoneFunc, } s.wq = newWriteQuota(defaultWriteQuota, s.done) s.requestRead = func(n int) { @@ -453,7 +467,7 @@ func (t *http2Client) createHeaderFields(ctx context.Context, callHdr *CallHdr) Method: callHdr.Method, AuthInfo: t.authInfo, } - ctxWithRequestInfo := internal.NewRequestInfoContext.(func(context.Context, credentials.RequestInfo) context.Context)(ctx, ri) + ctxWithRequestInfo := icredentials.NewRequestInfoContext(ctx, ri) authData, err := t.getTrAuthData(ctxWithRequestInfo, aud) if err != nil { return nil, err @@ -602,26 +616,39 @@ func (t *http2Client) getCallAuthData(ctx context.Context, audience string, call return callAuthData, nil } -// PerformedIOError wraps an error to indicate IO may have been performed -// before the error occurred. -type PerformedIOError struct { +// NewStreamError wraps an error and reports additional information. +type NewStreamError struct { Err error + + DoNotRetry bool + PerformedIO bool } -// Error implements error. -func (p PerformedIOError) Error() string { - return p.Err.Error() +func (e NewStreamError) Error() string { + return e.Err.Error() } // NewStream creates a stream and registers it into the transport as "active" -// streams. +// streams. All non-nil errors returned will be *NewStreamError. func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (_ *Stream, err error) { + defer func() { + if err != nil { + nse, ok := err.(*NewStreamError) + if !ok { + nse = &NewStreamError{Err: err} + } + if len(t.perRPCCreds) > 0 || callHdr.Creds != nil { + // We may have performed I/O in the per-RPC creds callback, so do not + // allow transparent retry. + nse.PerformedIO = true + } + err = nse + } + }() ctx = peer.NewContext(ctx, t.getPeer()) headerFields, err := t.createHeaderFields(ctx, callHdr) if err != nil { - // We may have performed I/O in the per-RPC creds callback, so do not - // allow transparent retry. - return nil, PerformedIOError{err} + return nil, err } s := t.newStream(ctx, callHdr) cleanup := func(err error) { @@ -727,7 +754,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (_ *Strea break } if hdrListSizeErr != nil { - return nil, hdrListSizeErr + return nil, &NewStreamError{Err: hdrListSizeErr, DoNotRetry: true} } firstTry = false select { @@ -832,6 +859,9 @@ func (t *http2Client) closeStream(s *Stream, err error, rst bool, rstCode http2. t.controlBuf.executeAndPut(addBackStreamQuota, cleanup) // This will unblock write. close(s.done) + if s.doneFunc != nil { + s.doneFunc() + } } // Close kicks off the shutdown process of the transport. This should be called @@ -841,12 +871,12 @@ func (t *http2Client) closeStream(s *Stream, err error, rst bool, rstCode http2. // This method blocks until the addrConn that initiated this transport is // re-connected. This happens because t.onClose() begins reconnect logic at the // addrConn level and blocks until the addrConn is successfully connected. -func (t *http2Client) Close() error { +func (t *http2Client) Close(err error) { t.mu.Lock() // Make sure we only Close once. if t.state == closing { t.mu.Unlock() - return nil + return } // Call t.onClose before setting the state to closing to prevent the client // from attempting to create new streams ASAP. @@ -862,13 +892,25 @@ func (t *http2Client) Close() error { t.mu.Unlock() t.controlBuf.finish() t.cancel() - err := t.conn.Close() + t.conn.Close() if channelz.IsOn() { channelz.RemoveEntry(t.channelzID) } + // Append info about previous goaways if there were any, since this may be important + // for understanding the root cause for this connection to be closed. + _, goAwayDebugMessage := t.GetGoAwayReason() + + var st *status.Status + if len(goAwayDebugMessage) > 0 { + st = status.Newf(codes.Unavailable, "closing transport due to: %v, received prior goaway: %v", err, goAwayDebugMessage) + err = st.Err() + } else { + st = status.New(codes.Unavailable, err.Error()) + } + // Notify all active streams. for _, s := range streams { - t.closeStream(s, ErrConnClosing, false, http2.ErrCodeNo, status.New(codes.Unavailable, ErrConnClosing.Desc), nil, false) + t.closeStream(s, err, false, http2.ErrCodeNo, st, nil, false) } if t.statsHandler != nil { connEnd := &stats.ConnEnd{ @@ -876,7 +918,6 @@ func (t *http2Client) Close() error { } t.statsHandler.HandleConn(t.ctx, connEnd) } - return err } // GracefulClose sets the state to draining, which prevents new streams from @@ -895,7 +936,7 @@ func (t *http2Client) GracefulClose() { active := len(t.activeStreams) t.mu.Unlock() if active == 0 { - t.Close() + t.Close(ErrConnClosing) return } t.controlBuf.put(&incomingGoAway{}) @@ -1141,9 +1182,9 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) { } } id := f.LastStreamID - if id > 0 && id%2 != 1 { + if id > 0 && id%2 == 0 { t.mu.Unlock() - t.Close() + t.Close(connectionErrorf(true, nil, "received goaway with non-zero even-numbered numbered stream id: %v", id)) return } // A client can receive multiple GoAways from the server (see @@ -1161,7 +1202,7 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) { // If there are multiple GoAways the first one should always have an ID greater than the following ones. if id > t.prevGoAwayID { t.mu.Unlock() - t.Close() + t.Close(connectionErrorf(true, nil, "received goaway with stream id: %v, which exceeds stream id of previous goaway: %v", id, t.prevGoAwayID)) return } default: @@ -1191,7 +1232,7 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) { active := len(t.activeStreams) t.mu.Unlock() if active == 0 { - t.Close() + t.Close(connectionErrorf(true, nil, "received goaway and there are no active streams")) } } @@ -1207,12 +1248,17 @@ func (t *http2Client) setGoAwayReason(f *http2.GoAwayFrame) { t.goAwayReason = GoAwayTooManyPings } } + if len(f.DebugData()) == 0 { + t.goAwayDebugMessage = fmt.Sprintf("code: %s", f.ErrCode) + } else { + t.goAwayDebugMessage = fmt.Sprintf("code: %s, debug data: %q", f.ErrCode, string(f.DebugData())) + } } -func (t *http2Client) GetGoAwayReason() GoAwayReason { +func (t *http2Client) GetGoAwayReason() (GoAwayReason, string) { t.mu.Lock() defer t.mu.Unlock() - return t.goAwayReason + return t.goAwayReason, t.goAwayDebugMessage } func (t *http2Client) handleWindowUpdate(f *http2.WindowUpdateFrame) { @@ -1239,11 +1285,124 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) { return } - state := &decodeState{} - // Initialize isGRPC value to be !initialHeader, since if a gRPC Response-Headers has already been received, then it means that the peer is speaking gRPC and we are in gRPC mode. - state.data.isGRPC = !initialHeader - if h2code, err := state.decodeHeader(frame); err != nil { - t.closeStream(s, err, true, h2code, status.Convert(err), nil, endStream) + // frame.Truncated is set to true when framer detects that the current header + // list size hits MaxHeaderListSize limit. + if frame.Truncated { + se := status.New(codes.Internal, "peer header list size exceeded limit") + t.closeStream(s, se.Err(), true, http2.ErrCodeFrameSize, se, nil, endStream) + return + } + + var ( + // If a gRPC Response-Headers has already been received, then it means + // that the peer is speaking gRPC and we are in gRPC mode. + isGRPC = !initialHeader + mdata = make(map[string][]string) + contentTypeErr = "malformed header: missing HTTP content-type" + grpcMessage string + statusGen *status.Status + recvCompress string + httpStatusCode *int + httpStatusErr string + rawStatusCode = codes.Unknown + // headerError is set if an error is encountered while parsing the headers + headerError string + ) + + if initialHeader { + httpStatusErr = "malformed header: missing HTTP status" + } + + for _, hf := range frame.Fields { + switch hf.Name { + case "content-type": + if _, validContentType := grpcutil.ContentSubtype(hf.Value); !validContentType { + contentTypeErr = fmt.Sprintf("transport: received unexpected content-type %q", hf.Value) + break + } + contentTypeErr = "" + mdata[hf.Name] = append(mdata[hf.Name], hf.Value) + isGRPC = true + case "grpc-encoding": + recvCompress = hf.Value + case "grpc-status": + code, err := strconv.ParseInt(hf.Value, 10, 32) + if err != nil { + se := status.New(codes.Internal, fmt.Sprintf("transport: malformed grpc-status: %v", err)) + t.closeStream(s, se.Err(), true, http2.ErrCodeProtocol, se, nil, endStream) + return + } + rawStatusCode = codes.Code(uint32(code)) + case "grpc-message": + grpcMessage = decodeGrpcMessage(hf.Value) + case "grpc-status-details-bin": + var err error + statusGen, err = decodeGRPCStatusDetails(hf.Value) + if err != nil { + headerError = fmt.Sprintf("transport: malformed grpc-status-details-bin: %v", err) + } + case ":status": + if hf.Value == "200" { + httpStatusErr = "" + statusCode := 200 + httpStatusCode = &statusCode + break + } + + c, err := strconv.ParseInt(hf.Value, 10, 32) + if err != nil { + se := status.New(codes.Internal, fmt.Sprintf("transport: malformed http-status: %v", err)) + t.closeStream(s, se.Err(), true, http2.ErrCodeProtocol, se, nil, endStream) + return + } + statusCode := int(c) + httpStatusCode = &statusCode + + httpStatusErr = fmt.Sprintf( + "unexpected HTTP status code received from server: %d (%s)", + statusCode, + http.StatusText(statusCode), + ) + default: + if isReservedHeader(hf.Name) && !isWhitelistedHeader(hf.Name) { + break + } + v, err := decodeMetadataHeader(hf.Name, hf.Value) + if err != nil { + headerError = fmt.Sprintf("transport: malformed %s: %v", hf.Name, err) + logger.Warningf("Failed to decode metadata header (%q, %q): %v", hf.Name, hf.Value, err) + break + } + mdata[hf.Name] = append(mdata[hf.Name], v) + } + } + + if !isGRPC || httpStatusErr != "" { + var code = codes.Internal // when header does not include HTTP status, return INTERNAL + + if httpStatusCode != nil { + var ok bool + code, ok = HTTPStatusConvTab[*httpStatusCode] + if !ok { + code = codes.Unknown + } + } + var errs []string + if httpStatusErr != "" { + errs = append(errs, httpStatusErr) + } + if contentTypeErr != "" { + errs = append(errs, contentTypeErr) + } + // Verify the HTTP response is a 200. + se := status.New(code, strings.Join(errs, "; ")) + t.closeStream(s, se.Err(), true, http2.ErrCodeProtocol, se, nil, endStream) + return + } + + if headerError != "" { + se := status.New(codes.Internal, headerError) + t.closeStream(s, se.Err(), true, http2.ErrCodeProtocol, se, nil, endStream) return } @@ -1278,9 +1437,9 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) { // These values can be set without any synchronization because // stream goroutine will read it only after seeing a closed // headerChan which we'll close after setting this. - s.recvCompress = state.data.encoding - if len(state.data.mdata) > 0 { - s.header = state.data.mdata + s.recvCompress = recvCompress + if len(mdata) > 0 { + s.header = mdata } } else { // HEADERS frame block carries a Trailers-Only. @@ -1293,9 +1452,13 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) { return } + if statusGen == nil { + statusGen = status.New(rawStatusCode, grpcMessage) + } + // if client received END_STREAM from server while stream was still active, send RST_STREAM rst := s.getState() == streamActive - t.closeStream(s, io.EOF, rst, http2.ErrCodeNo, state.status(), state.data.mdata, true) + t.closeStream(s, io.EOF, rst, http2.ErrCodeNo, statusGen, mdata, true) } // reader runs as a separate goroutine in charge of reading data from network @@ -1309,7 +1472,8 @@ func (t *http2Client) reader() { // Check the validity of server preface. frame, err := t.framer.fr.ReadFrame() if err != nil { - t.Close() // this kicks off resetTransport, so must be last before return + err = connectionErrorf(true, err, "error reading server preface: %v", err) + t.Close(err) // this kicks off resetTransport, so must be last before return return } t.conn.SetReadDeadline(time.Time{}) // reset deadline once we get the settings frame (we didn't time out, yay!) @@ -1318,7 +1482,8 @@ func (t *http2Client) reader() { } sf, ok := frame.(*http2.SettingsFrame) if !ok { - t.Close() // this kicks off resetTransport, so must be last before return + // this kicks off resetTransport, so must be last before return + t.Close(connectionErrorf(true, nil, "initial http2 frame from server is not a settings frame: %T", frame)) return } t.onPrefaceReceipt() @@ -1354,7 +1519,7 @@ func (t *http2Client) reader() { continue } else { // Transport error. - t.Close() + t.Close(connectionErrorf(true, err, "error reading from server: %v", err)) return } } @@ -1413,7 +1578,7 @@ func (t *http2Client) keepalive() { continue } if outstandingPing && timeoutLeft <= 0 { - t.Close() + t.Close(connectionErrorf(true, nil, "keepalive ping failed to receive ACK within timeout")) return } t.mu.Lock() diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/vendor/google.golang.org/grpc/internal/transport/http2_server.go index 0cf1cc320..e3799d50a 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_server.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_server.go @@ -26,6 +26,7 @@ import ( "io" "math" "net" + "net/http" "strconv" "sync" "sync/atomic" @@ -101,11 +102,11 @@ type http2Server struct { mu sync.Mutex // guard the following - // drainChan is initialized when drain(...) is called the first time. + // drainChan is initialized when Drain() is called the first time. // After which the server writes out the first GoAway(with ID 2^31-1) frame. // Then an independent goroutine will be launched to later send the second GoAway. // During this time we don't want to write another first GoAway(with ID 2^31 -1) frame. - // Thus call to drain(...) will be a no-op if drainChan is already initialized since draining is + // Thus call to Drain() will be a no-op if drainChan is already initialized since draining is // already underway. drainChan chan struct{} state transportState @@ -124,9 +125,14 @@ type http2Server struct { connectionID uint64 } -// newHTTP2Server constructs a ServerTransport based on HTTP2. ConnectionError is -// returned if something goes wrong. -func newHTTP2Server(conn net.Conn, config *ServerConfig) (_ ServerTransport, err error) { +// NewServerTransport creates a http2 transport with conn and configuration +// options from config. +// +// It returns a non-nil transport and a nil error on success. On failure, it +// returns a non-nil transport and a nil-error. For a special case where the +// underlying conn gets closed before the client preface could be read, it +// returns a nil transport and a nil error. +func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport, err error) { writeBufSize := config.WriteBufferSize readBufSize := config.ReadBufferSize maxHeaderListSize := defaultServerMaxHeaderListSize @@ -265,6 +271,13 @@ func newHTTP2Server(conn net.Conn, config *ServerConfig) (_ ServerTransport, err // Check the validity of client preface. preface := make([]byte, len(clientPreface)) if _, err := io.ReadFull(t.conn, preface); err != nil { + // In deployments where a gRPC server runs behind a cloud load balancer + // which performs regular TCP level health checks, the connection is + // closed immediately by the latter. Skipping the error here will help + // reduce log clutter. + if err == io.EOF { + return nil, nil + } return nil, connectionErrorf(false, err, "transport: http2Server.HandleStreams failed to receive the preface from client: %v", err) } if !bytes.Equal(preface, clientPreface) { @@ -294,6 +307,7 @@ func newHTTP2Server(conn net.Conn, config *ServerConfig) (_ ServerTransport, err } } t.conn.Close() + t.controlBuf.finish() close(t.writerDone) }() go t.keepalive() @@ -303,37 +317,92 @@ func newHTTP2Server(conn net.Conn, config *ServerConfig) (_ ServerTransport, err // operateHeader takes action on the decoded headers. func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(*Stream), traceCtx func(context.Context, string) context.Context) (fatal bool) { streamID := frame.Header().StreamID - state := &decodeState{ - serverSide: true, - } - if h2code, err := state.decodeHeader(frame); err != nil { - if _, ok := status.FromError(err); ok { - t.controlBuf.put(&cleanupStream{ - streamID: streamID, - rst: true, - rstCode: h2code, - onWrite: func() {}, - }) - } + + // frame.Truncated is set to true when framer detects that the current header + // list size hits MaxHeaderListSize limit. + if frame.Truncated { + t.controlBuf.put(&cleanupStream{ + streamID: streamID, + rst: true, + rstCode: http2.ErrCodeFrameSize, + onWrite: func() {}, + }) return false } buf := newRecvBuffer() s := &Stream{ - id: streamID, - st: t, - buf: buf, - fc: &inFlow{limit: uint32(t.initialWindowSize)}, - recvCompress: state.data.encoding, - method: state.data.method, - contentSubtype: state.data.contentSubtype, + id: streamID, + st: t, + buf: buf, + fc: &inFlow{limit: uint32(t.initialWindowSize)}, } + + var ( + // If a gRPC Response-Headers has already been received, then it means + // that the peer is speaking gRPC and we are in gRPC mode. + isGRPC = false + mdata = make(map[string][]string) + httpMethod string + // headerError is set if an error is encountered while parsing the headers + headerError bool + + timeoutSet bool + timeout time.Duration + ) + + for _, hf := range frame.Fields { + switch hf.Name { + case "content-type": + contentSubtype, validContentType := grpcutil.ContentSubtype(hf.Value) + if !validContentType { + break + } + mdata[hf.Name] = append(mdata[hf.Name], hf.Value) + s.contentSubtype = contentSubtype + isGRPC = true + case "grpc-encoding": + s.recvCompress = hf.Value + case ":method": + httpMethod = hf.Value + case ":path": + s.method = hf.Value + case "grpc-timeout": + timeoutSet = true + var err error + if timeout, err = decodeTimeout(hf.Value); err != nil { + headerError = true + } + default: + if isReservedHeader(hf.Name) && !isWhitelistedHeader(hf.Name) { + break + } + v, err := decodeMetadataHeader(hf.Name, hf.Value) + if err != nil { + headerError = true + logger.Warningf("Failed to decode metadata header (%q, %q): %v", hf.Name, hf.Value, err) + break + } + mdata[hf.Name] = append(mdata[hf.Name], v) + } + } + + if !isGRPC || headerError { + t.controlBuf.put(&cleanupStream{ + streamID: streamID, + rst: true, + rstCode: http2.ErrCodeProtocol, + onWrite: func() {}, + }) + return false + } + if frame.StreamEnded() { // s is just created by the caller. No lock needed. s.state = streamReadDone } - if state.data.timeoutSet { - s.ctx, s.cancel = context.WithTimeout(t.ctx, state.data.timeout) + if timeoutSet { + s.ctx, s.cancel = context.WithTimeout(t.ctx, timeout) } else { s.ctx, s.cancel = context.WithCancel(t.ctx) } @@ -346,33 +415,13 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func( } s.ctx = peer.NewContext(s.ctx, pr) // Attach the received metadata to the context. - if len(state.data.mdata) > 0 { - s.ctx = metadata.NewIncomingContext(s.ctx, state.data.mdata) - } - if state.data.statsTags != nil { - s.ctx = stats.SetIncomingTags(s.ctx, state.data.statsTags) - } - if state.data.statsTrace != nil { - s.ctx = stats.SetIncomingTrace(s.ctx, state.data.statsTrace) - } - if t.inTapHandle != nil { - var err error - info := &tap.Info{ - FullMethodName: state.data.method, + if len(mdata) > 0 { + s.ctx = metadata.NewIncomingContext(s.ctx, mdata) + if statsTags := mdata["grpc-tags-bin"]; len(statsTags) > 0 { + s.ctx = stats.SetIncomingTags(s.ctx, []byte(statsTags[len(statsTags)-1])) } - s.ctx, err = t.inTapHandle(s.ctx, info) - if err != nil { - if logger.V(logLevel) { - logger.Warningf("transport: http2Server.operateHeaders got an error from InTapHandle: %v", err) - } - t.controlBuf.put(&cleanupStream{ - streamID: s.id, - rst: true, - rstCode: http2.ErrCodeRefusedStream, - onWrite: func() {}, - }) - s.cancel() - return false + if statsTrace := mdata["grpc-trace-bin"]; len(statsTrace) > 0 { + s.ctx = stats.SetIncomingTrace(s.ctx, []byte(statsTrace[len(statsTrace)-1])) } } t.mu.Lock() @@ -402,6 +451,39 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func( return true } t.maxStreamID = streamID + if httpMethod != http.MethodPost { + t.mu.Unlock() + if logger.V(logLevel) { + logger.Infof("transport: http2Server.operateHeaders parsed a :method field: %v which should be POST", httpMethod) + } + t.controlBuf.put(&cleanupStream{ + streamID: streamID, + rst: true, + rstCode: http2.ErrCodeProtocol, + onWrite: func() {}, + }) + s.cancel() + return false + } + if t.inTapHandle != nil { + var err error + if s.ctx, err = t.inTapHandle(s.ctx, &tap.Info{FullMethodName: s.method}); err != nil { + t.mu.Unlock() + if logger.V(logLevel) { + logger.Infof("transport: http2Server.operateHeaders got an error from InTapHandle: %v", err) + } + stat, ok := status.FromError(err) + if !ok { + stat = status.New(codes.PermissionDenied, err.Error()) + } + t.controlBuf.put(&earlyAbortStream{ + streamID: s.id, + contentSubtype: s.contentSubtype, + status: stat, + }) + return false + } + } t.activeStreams[streamID] = s if len(t.activeStreams) == 1 { t.idle = time.Time{} @@ -423,7 +505,7 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func( LocalAddr: t.localAddr, Compression: s.recvCompress, WireLength: int(frame.Header().Length), - Header: metadata.MD(state.data.mdata).Copy(), + Header: metadata.MD(mdata).Copy(), } t.stats.HandleRPC(s.ctx, inHeader) } @@ -990,12 +1072,12 @@ func (t *http2Server) keepalive() { if val <= 0 { // The connection has been idle for a duration of keepalive.MaxConnectionIdle or more. // Gracefully close the connection. - t.drain(http2.ErrCodeNo, []byte{}) + t.Drain() return } idleTimer.Reset(val) case <-ageTimer.C: - t.drain(http2.ErrCodeNo, []byte{}) + t.Drain() ageTimer.Reset(t.kp.MaxConnectionAgeGrace) select { case <-ageTimer.C: @@ -1049,11 +1131,11 @@ func (t *http2Server) keepalive() { // Close starts shutting down the http2Server transport. // TODO(zhaoq): Now the destruction is not blocked on any pending streams. This // could cause some resource issue. Revisit this later. -func (t *http2Server) Close() error { +func (t *http2Server) Close() { t.mu.Lock() if t.state == closing { t.mu.Unlock() - return errors.New("transport: Close() was already called") + return } t.state = closing streams := t.activeStreams @@ -1061,7 +1143,9 @@ func (t *http2Server) Close() error { t.mu.Unlock() t.controlBuf.finish() close(t.done) - err := t.conn.Close() + if err := t.conn.Close(); err != nil && logger.V(logLevel) { + logger.Infof("transport: error closing conn during Close: %v", err) + } if channelz.IsOn() { channelz.RemoveEntry(t.channelzID) } @@ -1073,7 +1157,6 @@ func (t *http2Server) Close() error { connEnd := &stats.ConnEnd{} t.stats.HandleConn(t.ctx, connEnd) } - return err } // deleteStream deletes the stream s from transport's active streams. @@ -1138,17 +1221,13 @@ func (t *http2Server) RemoteAddr() net.Addr { } func (t *http2Server) Drain() { - t.drain(http2.ErrCodeNo, []byte{}) -} - -func (t *http2Server) drain(code http2.ErrCode, debugData []byte) { t.mu.Lock() defer t.mu.Unlock() if t.drainChan != nil { return } t.drainChan = make(chan struct{}) - t.controlBuf.put(&goAway{code: code, debugData: debugData, headsUp: true}) + t.controlBuf.put(&goAway{code: http2.ErrCodeNo, debugData: []byte{}, headsUp: true}) } var goAwayPing = &ping{data: [8]byte{1, 6, 1, 8, 0, 3, 3, 9}} diff --git a/vendor/google.golang.org/grpc/internal/transport/http_util.go b/vendor/google.golang.org/grpc/internal/transport/http_util.go index 7e41d1183..d8247bcdf 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http_util.go +++ b/vendor/google.golang.org/grpc/internal/transport/http_util.go @@ -39,7 +39,6 @@ import ( spb "google.golang.org/genproto/googleapis/rpc/status" "google.golang.org/grpc/codes" "google.golang.org/grpc/grpclog" - "google.golang.org/grpc/internal/grpcutil" "google.golang.org/grpc/status" ) @@ -96,52 +95,6 @@ var ( logger = grpclog.Component("transport") ) -type parsedHeaderData struct { - encoding string - // statusGen caches the stream status received from the trailer the server - // sent. Client side only. Do not access directly. After all trailers are - // parsed, use the status method to retrieve the status. - statusGen *status.Status - // rawStatusCode and rawStatusMsg are set from the raw trailer fields and are not - // intended for direct access outside of parsing. - rawStatusCode *int - rawStatusMsg string - httpStatus *int - // Server side only fields. - timeoutSet bool - timeout time.Duration - method string - // key-value metadata map from the peer. - mdata map[string][]string - statsTags []byte - statsTrace []byte - contentSubtype string - - // isGRPC field indicates whether the peer is speaking gRPC (otherwise HTTP). - // - // We are in gRPC mode (peer speaking gRPC) if: - // * We are client side and have already received a HEADER frame that indicates gRPC peer. - // * The header contains valid a content-type, i.e. a string starts with "application/grpc" - // And we should handle error specific to gRPC. - // - // Otherwise (i.e. a content-type string starts without "application/grpc", or does not exist), we - // are in HTTP fallback mode, and should handle error specific to HTTP. - isGRPC bool - grpcErr error - httpErr error - contentTypeErr string -} - -// decodeState configures decoding criteria and records the decoded data. -type decodeState struct { - // whether decoding on server side or not - serverSide bool - - // Records the states during HPACK decoding. It will be filled with info parsed from HTTP HEADERS - // frame once decodeHeader function has been invoked and returned. - data parsedHeaderData -} - // isReservedHeader checks whether hdr belongs to HTTP2 headers // reserved by gRPC protocol. Any other headers are classified as the // user-specified metadata. @@ -179,14 +132,6 @@ func isWhitelistedHeader(hdr string) bool { } } -func (d *decodeState) status() *status.Status { - if d.data.statusGen == nil { - // No status-details were provided; generate status using code/msg. - d.data.statusGen = status.New(codes.Code(int32(*(d.data.rawStatusCode))), d.data.rawStatusMsg) - } - return d.data.statusGen -} - const binHdrSuffix = "-bin" func encodeBinHeader(v []byte) string { @@ -216,166 +161,16 @@ func decodeMetadataHeader(k, v string) (string, error) { return v, nil } -func (d *decodeState) decodeHeader(frame *http2.MetaHeadersFrame) (http2.ErrCode, error) { - // frame.Truncated is set to true when framer detects that the current header - // list size hits MaxHeaderListSize limit. - if frame.Truncated { - return http2.ErrCodeFrameSize, status.Error(codes.Internal, "peer header list size exceeded limit") +func decodeGRPCStatusDetails(rawDetails string) (*status.Status, error) { + v, err := decodeBinHeader(rawDetails) + if err != nil { + return nil, err } - - for _, hf := range frame.Fields { - d.processHeaderField(hf) - } - - if d.data.isGRPC { - if d.data.grpcErr != nil { - return http2.ErrCodeProtocol, d.data.grpcErr - } - if d.serverSide { - return http2.ErrCodeNo, nil - } - if d.data.rawStatusCode == nil && d.data.statusGen == nil { - // gRPC status doesn't exist. - // Set rawStatusCode to be unknown and return nil error. - // So that, if the stream has ended this Unknown status - // will be propagated to the user. - // Otherwise, it will be ignored. In which case, status from - // a later trailer, that has StreamEnded flag set, is propagated. - code := int(codes.Unknown) - d.data.rawStatusCode = &code - } - return http2.ErrCodeNo, nil - } - - // HTTP fallback mode - if d.data.httpErr != nil { - return http2.ErrCodeProtocol, d.data.httpErr - } - - var ( - code = codes.Internal // when header does not include HTTP status, return INTERNAL - ok bool - ) - - if d.data.httpStatus != nil { - code, ok = HTTPStatusConvTab[*(d.data.httpStatus)] - if !ok { - code = codes.Unknown - } - } - - return http2.ErrCodeProtocol, status.Error(code, d.constructHTTPErrMsg()) -} - -// constructErrMsg constructs error message to be returned in HTTP fallback mode. -// Format: HTTP status code and its corresponding message + content-type error message. -func (d *decodeState) constructHTTPErrMsg() string { - var errMsgs []string - - if d.data.httpStatus == nil { - errMsgs = append(errMsgs, "malformed header: missing HTTP status") - } else { - errMsgs = append(errMsgs, fmt.Sprintf("%s: HTTP status code %d", http.StatusText(*(d.data.httpStatus)), *d.data.httpStatus)) - } - - if d.data.contentTypeErr == "" { - errMsgs = append(errMsgs, "transport: missing content-type field") - } else { - errMsgs = append(errMsgs, d.data.contentTypeErr) - } - - return strings.Join(errMsgs, "; ") -} - -func (d *decodeState) addMetadata(k, v string) { - if d.data.mdata == nil { - d.data.mdata = make(map[string][]string) - } - d.data.mdata[k] = append(d.data.mdata[k], v) -} - -func (d *decodeState) processHeaderField(f hpack.HeaderField) { - switch f.Name { - case "content-type": - contentSubtype, validContentType := grpcutil.ContentSubtype(f.Value) - if !validContentType { - d.data.contentTypeErr = fmt.Sprintf("transport: received the unexpected content-type %q", f.Value) - return - } - d.data.contentSubtype = contentSubtype - // TODO: do we want to propagate the whole content-type in the metadata, - // or come up with a way to just propagate the content-subtype if it was set? - // ie {"content-type": "application/grpc+proto"} or {"content-subtype": "proto"} - // in the metadata? - d.addMetadata(f.Name, f.Value) - d.data.isGRPC = true - case "grpc-encoding": - d.data.encoding = f.Value - case "grpc-status": - code, err := strconv.Atoi(f.Value) - if err != nil { - d.data.grpcErr = status.Errorf(codes.Internal, "transport: malformed grpc-status: %v", err) - return - } - d.data.rawStatusCode = &code - case "grpc-message": - d.data.rawStatusMsg = decodeGrpcMessage(f.Value) - case "grpc-status-details-bin": - v, err := decodeBinHeader(f.Value) - if err != nil { - d.data.grpcErr = status.Errorf(codes.Internal, "transport: malformed grpc-status-details-bin: %v", err) - return - } - s := &spb.Status{} - if err := proto.Unmarshal(v, s); err != nil { - d.data.grpcErr = status.Errorf(codes.Internal, "transport: malformed grpc-status-details-bin: %v", err) - return - } - d.data.statusGen = status.FromProto(s) - case "grpc-timeout": - d.data.timeoutSet = true - var err error - if d.data.timeout, err = decodeTimeout(f.Value); err != nil { - d.data.grpcErr = status.Errorf(codes.Internal, "transport: malformed time-out: %v", err) - } - case ":path": - d.data.method = f.Value - case ":status": - code, err := strconv.Atoi(f.Value) - if err != nil { - d.data.httpErr = status.Errorf(codes.Internal, "transport: malformed http-status: %v", err) - return - } - d.data.httpStatus = &code - case "grpc-tags-bin": - v, err := decodeBinHeader(f.Value) - if err != nil { - d.data.grpcErr = status.Errorf(codes.Internal, "transport: malformed grpc-tags-bin: %v", err) - return - } - d.data.statsTags = v - d.addMetadata(f.Name, string(v)) - case "grpc-trace-bin": - v, err := decodeBinHeader(f.Value) - if err != nil { - d.data.grpcErr = status.Errorf(codes.Internal, "transport: malformed grpc-trace-bin: %v", err) - return - } - d.data.statsTrace = v - d.addMetadata(f.Name, string(v)) - default: - if isReservedHeader(f.Name) && !isWhitelistedHeader(f.Name) { - break - } - v, err := decodeMetadataHeader(f.Name, f.Value) - if err != nil { - if logger.V(logLevel) { - logger.Errorf("Failed to decode metadata header (%q, %q): %v", f.Name, f.Value, err) - } - return - } - d.addMetadata(f.Name, v) + st := &spb.Status{} + if err = proto.Unmarshal(v, st); err != nil { + return nil, err } + return status.FromProto(st), nil } type timeoutUnit uint8 diff --git a/vendor/google.golang.org/grpc/internal/transport/networktype/networktype.go b/vendor/google.golang.org/grpc/internal/transport/networktype/networktype.go index 96967428b..7bb53cff1 100644 --- a/vendor/google.golang.org/grpc/internal/transport/networktype/networktype.go +++ b/vendor/google.golang.org/grpc/internal/transport/networktype/networktype.go @@ -17,7 +17,7 @@ */ // Package networktype declares the network type to be used in the default -// dailer. Attribute of a resolver.Address. +// dialer. Attribute of a resolver.Address. package networktype import ( diff --git a/vendor/google.golang.org/grpc/internal/transport/transport.go b/vendor/google.golang.org/grpc/internal/transport/transport.go index 9c8f79cb4..141981264 100644 --- a/vendor/google.golang.org/grpc/internal/transport/transport.go +++ b/vendor/google.golang.org/grpc/internal/transport/transport.go @@ -241,6 +241,7 @@ type Stream struct { ctx context.Context // the associated context of the stream cancel context.CancelFunc // always nil for client side Stream done chan struct{} // closed at the end of stream to unblock writers. On the client side. + doneFunc func() // invoked at the end of stream on client side. ctxDone <-chan struct{} // same as done chan but for server side. Cache of ctx.Done() (for performance) method string // the associated RPC method of the stream recvCompress string @@ -531,12 +532,6 @@ type ServerConfig struct { HeaderTableSize *uint32 } -// NewServerTransport creates a ServerTransport with conn or non-nil error -// if it fails. -func NewServerTransport(protocol string, conn net.Conn, config *ServerConfig) (ServerTransport, error) { - return newHTTP2Server(conn, config) -} - // ConnectOptions covers all relevant options for communicating with the server. type ConnectOptions struct { // UserAgent is the application user agent. @@ -611,6 +606,8 @@ type CallHdr struct { ContentSubtype string PreviousAttempts int // value of grpc-previous-rpc-attempts header to set + + DoneFunc func() // called when the stream is finished } // ClientTransport is the common interface for all gRPC client-side transport @@ -619,7 +616,7 @@ type ClientTransport interface { // Close tears down this transport. Once it returns, the transport // should not be accessed any more. The caller must make sure this // is called only once. - Close() error + Close(err error) // GracefulClose starts to tear down the transport: the transport will stop // accepting new RPCs and NewStream will return error. Once all streams are @@ -653,8 +650,9 @@ type ClientTransport interface { // HTTP/2). GoAway() <-chan struct{} - // GetGoAwayReason returns the reason why GoAway frame was received. - GetGoAwayReason() GoAwayReason + // GetGoAwayReason returns the reason why GoAway frame was received, along + // with a human readable string with debug info. + GetGoAwayReason() (GoAwayReason, string) // RemoteAddr returns the remote network address. RemoteAddr() net.Addr @@ -690,7 +688,7 @@ type ServerTransport interface { // Close tears down the transport. Once it is called, the transport // should not be accessed any more. All the pending streams and their // handlers will be terminated asynchronously. - Close() error + Close() // RemoteAddr returns the remote network address. RemoteAddr() net.Addr diff --git a/vendor/google.golang.org/grpc/internal/xds_handshake_cluster.go b/vendor/google.golang.org/grpc/internal/xds_handshake_cluster.go new file mode 100644 index 000000000..3677c3f04 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/xds_handshake_cluster.go @@ -0,0 +1,40 @@ +/* + * Copyright 2021 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package internal + +import ( + "google.golang.org/grpc/attributes" + "google.golang.org/grpc/resolver" +) + +// handshakeClusterNameKey is the type used as the key to store cluster name in +// the Attributes field of resolver.Address. +type handshakeClusterNameKey struct{} + +// SetXDSHandshakeClusterName returns a copy of addr in which the Attributes field +// is updated with the cluster name. +func SetXDSHandshakeClusterName(addr resolver.Address, clusterName string) resolver.Address { + addr.Attributes = addr.Attributes.WithValues(handshakeClusterNameKey{}, clusterName) + return addr +} + +// GetXDSHandshakeClusterName returns cluster name stored in attr. +func GetXDSHandshakeClusterName(attr *attributes.Attributes) (string, bool) { + v := attr.Value(handshakeClusterNameKey{}) + name, ok := v.(string) + return name, ok +} diff --git a/vendor/google.golang.org/grpc/metadata/metadata.go b/vendor/google.golang.org/grpc/metadata/metadata.go index cf6d1b947..3604c7819 100644 --- a/vendor/google.golang.org/grpc/metadata/metadata.go +++ b/vendor/google.golang.org/grpc/metadata/metadata.go @@ -75,13 +75,9 @@ func Pairs(kv ...string) MD { panic(fmt.Sprintf("metadata: Pairs got the odd number of input pairs for metadata: %d", len(kv))) } md := MD{} - var key string - for i, s := range kv { - if i%2 == 0 { - key = strings.ToLower(s) - continue - } - md[key] = append(md[key], s) + for i := 0; i < len(kv); i += 2 { + key := strings.ToLower(kv[i]) + md[key] = append(md[key], kv[i+1]) } return md } @@ -97,12 +93,16 @@ func (md MD) Copy() MD { } // Get obtains the values for a given key. +// +// k is converted to lowercase before searching in md. func (md MD) Get(k string) []string { k = strings.ToLower(k) return md[k] } // Set sets the value of a given key with a slice of values. +// +// k is converted to lowercase before storing in md. func (md MD) Set(k string, vals ...string) { if len(vals) == 0 { return @@ -111,7 +111,10 @@ func (md MD) Set(k string, vals ...string) { md[k] = vals } -// Append adds the values to key k, not overwriting what was already stored at that key. +// Append adds the values to key k, not overwriting what was already stored at +// that key. +// +// k is converted to lowercase before storing in md. func (md MD) Append(k string, vals ...string) { if len(vals) == 0 { return @@ -120,9 +123,17 @@ func (md MD) Append(k string, vals ...string) { md[k] = append(md[k], vals...) } +// Delete removes the values for a given key k which is converted to lowercase +// before removing it from md. +func (md MD) Delete(k string) { + k = strings.ToLower(k) + delete(md, k) +} + // Join joins any number of mds into a single MD. -// The order of values for each key is determined by the order in which -// the mds containing those values are presented to Join. +// +// The order of values for each key is determined by the order in which the mds +// containing those values are presented to Join. func Join(mds ...MD) MD { out := MD{} for _, md := range mds { @@ -149,8 +160,8 @@ func NewOutgoingContext(ctx context.Context, md MD) context.Context { } // AppendToOutgoingContext returns a new context with the provided kv merged -// with any existing metadata in the context. Please refer to the -// documentation of Pairs for a description of kv. +// with any existing metadata in the context. Please refer to the documentation +// of Pairs for a description of kv. func AppendToOutgoingContext(ctx context.Context, kv ...string) context.Context { if len(kv)%2 == 1 { panic(fmt.Sprintf("metadata: AppendToOutgoingContext got an odd number of input pairs for metadata: %d", len(kv))) @@ -163,20 +174,34 @@ func AppendToOutgoingContext(ctx context.Context, kv ...string) context.Context return context.WithValue(ctx, mdOutgoingKey{}, rawMD{md: md.md, added: added}) } -// FromIncomingContext returns the incoming metadata in ctx if it exists. The -// returned MD should not be modified. Writing to it may cause races. -// Modification should be made to copies of the returned MD. -func FromIncomingContext(ctx context.Context) (md MD, ok bool) { - md, ok = ctx.Value(mdIncomingKey{}).(MD) - return +// FromIncomingContext returns the incoming metadata in ctx if it exists. +// +// All keys in the returned MD are lowercase. +func FromIncomingContext(ctx context.Context) (MD, bool) { + md, ok := ctx.Value(mdIncomingKey{}).(MD) + if !ok { + return nil, false + } + out := MD{} + for k, v := range md { + // We need to manually convert all keys to lower case, because MD is a + // map, and there's no guarantee that the MD attached to the context is + // created using our helper functions. + key := strings.ToLower(k) + out[key] = v + } + return out, true } -// FromOutgoingContextRaw returns the un-merged, intermediary contents -// of rawMD. Remember to perform strings.ToLower on the keys. The returned -// MD should not be modified. Writing to it may cause races. Modification -// should be made to copies of the returned MD. +// FromOutgoingContextRaw returns the un-merged, intermediary contents of rawMD. // -// This is intended for gRPC-internal use ONLY. +// Remember to perform strings.ToLower on the keys, for both the returned MD (MD +// is a map, there's no guarantee it's created using our helper functions) and +// the extra kv pairs (AppendToOutgoingContext doesn't turn them into +// lowercase). +// +// This is intended for gRPC-internal use ONLY. Users should use +// FromOutgoingContext instead. func FromOutgoingContextRaw(ctx context.Context) (MD, [][]string, bool) { raw, ok := ctx.Value(mdOutgoingKey{}).(rawMD) if !ok { @@ -186,21 +211,34 @@ func FromOutgoingContextRaw(ctx context.Context) (MD, [][]string, bool) { return raw.md, raw.added, true } -// FromOutgoingContext returns the outgoing metadata in ctx if it exists. The -// returned MD should not be modified. Writing to it may cause races. -// Modification should be made to copies of the returned MD. +// FromOutgoingContext returns the outgoing metadata in ctx if it exists. +// +// All keys in the returned MD are lowercase. func FromOutgoingContext(ctx context.Context) (MD, bool) { raw, ok := ctx.Value(mdOutgoingKey{}).(rawMD) if !ok { return nil, false } - mds := make([]MD, 0, len(raw.added)+1) - mds = append(mds, raw.md) - for _, vv := range raw.added { - mds = append(mds, Pairs(vv...)) + out := MD{} + for k, v := range raw.md { + // We need to manually convert all keys to lower case, because MD is a + // map, and there's no guarantee that the MD attached to the context is + // created using our helper functions. + key := strings.ToLower(k) + out[key] = v } - return Join(mds...), ok + for _, added := range raw.added { + if len(added)%2 == 1 { + panic(fmt.Sprintf("metadata: FromOutgoingContext got an odd number of input pairs for metadata: %d", len(added))) + } + + for i := 0; i < len(added); i += 2 { + key := strings.ToLower(added[i]) + out[key] = append(out[key], added[i+1]) + } + } + return out, ok } type rawMD struct { diff --git a/vendor/google.golang.org/grpc/picker_wrapper.go b/vendor/google.golang.org/grpc/picker_wrapper.go index a58174b6f..0878ada9d 100644 --- a/vendor/google.golang.org/grpc/picker_wrapper.go +++ b/vendor/google.golang.org/grpc/picker_wrapper.go @@ -147,7 +147,7 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer. logger.Error("subconn returned from pick is not *acBalancerWrapper") continue } - if t, ok := acw.getAddrConn().getReadyTransport(); ok { + if t := acw.getAddrConn().getReadyTransport(); t != nil { if channelz.IsOn() { return t, doneChannelzWrapper(acw, pickResult.Done), nil } diff --git a/vendor/google.golang.org/grpc/pickfirst.go b/vendor/google.golang.org/grpc/pickfirst.go index 56e33f6c7..b858c2a5e 100644 --- a/vendor/google.golang.org/grpc/pickfirst.go +++ b/vendor/google.golang.org/grpc/pickfirst.go @@ -84,7 +84,7 @@ func (b *pickfirstBalancer) UpdateClientConnState(cs balancer.ClientConnState) e b.cc.UpdateState(balancer.State{ConnectivityState: connectivity.Idle, Picker: &picker{result: balancer.PickResult{SubConn: b.sc}}}) b.sc.Connect() } else { - b.sc.UpdateAddresses(cs.ResolverState.Addresses) + b.cc.UpdateAddresses(b.sc, cs.ResolverState.Addresses) b.sc.Connect() } return nil diff --git a/vendor/google.golang.org/grpc/regenerate.sh b/vendor/google.golang.org/grpc/regenerate.sh index ed52187df..dfd3226a1 100644 --- a/vendor/google.golang.org/grpc/regenerate.sh +++ b/vendor/google.golang.org/grpc/regenerate.sh @@ -40,16 +40,14 @@ echo "go install cmd/protoc-gen-go-grpc" echo "git clone https://github.com/grpc/grpc-proto" git clone --quiet https://github.com/grpc/grpc-proto ${WORKDIR}/grpc-proto +echo "git clone https://github.com/protocolbuffers/protobuf" +git clone --quiet https://github.com/protocolbuffers/protobuf ${WORKDIR}/protobuf + # Pull in code.proto as a proto dependency mkdir -p ${WORKDIR}/googleapis/google/rpc echo "curl https://raw.githubusercontent.com/googleapis/googleapis/master/google/rpc/code.proto" curl --silent https://raw.githubusercontent.com/googleapis/googleapis/master/google/rpc/code.proto > ${WORKDIR}/googleapis/google/rpc/code.proto -# Pull in the MeshCA service proto. -mkdir -p ${WORKDIR}/istio/istio/google/security/meshca/v1 -echo "curl https://raw.githubusercontent.com/istio/istio/master/security/proto/providers/google/meshca.proto" -curl --silent https://raw.githubusercontent.com/istio/istio/master/security/proto/providers/google/meshca.proto > ${WORKDIR}/istio/istio/google/security/meshca/v1/meshca.proto - mkdir -p ${WORKDIR}/out # Generates sources without the embed requirement @@ -73,7 +71,6 @@ SOURCES=( ${WORKDIR}/grpc-proto/grpc/service_config/service_config.proto ${WORKDIR}/grpc-proto/grpc/testing/*.proto ${WORKDIR}/grpc-proto/grpc/core/*.proto - ${WORKDIR}/istio/istio/google/security/meshca/v1/meshca.proto ) # These options of the form 'Mfoo.proto=bar' instruct the codegen to use an @@ -87,6 +84,7 @@ for src in ${SOURCES[@]}; do -I"." \ -I${WORKDIR}/grpc-proto \ -I${WORKDIR}/googleapis \ + -I${WORKDIR}/protobuf/src \ -I${WORKDIR}/istio \ ${src} done @@ -97,6 +95,7 @@ for src in ${LEGACY_SOURCES[@]}; do -I"." \ -I${WORKDIR}/grpc-proto \ -I${WORKDIR}/googleapis \ + -I${WORKDIR}/protobuf/src \ -I${WORKDIR}/istio \ ${src} done @@ -117,8 +116,4 @@ mv ${WORKDIR}/out/grpc/service_config/service_config.pb.go internal/proto/grpc_s mv ${WORKDIR}/out/grpc/testing/*.pb.go interop/grpc_testing/ mv ${WORKDIR}/out/grpc/core/*.pb.go interop/grpc_testing/core/ -# istio/google/security/meshca/v1/meshca.proto does not have a go_package option. -mkdir -p ${WORKDIR}/out/google.golang.org/grpc/credentials/tls/certprovider/meshca/internal/v1/ -mv ${WORKDIR}/out/istio/google/security/meshca/v1/* ${WORKDIR}/out/google.golang.org/grpc/credentials/tls/certprovider/meshca/internal/v1/ - cp -R ${WORKDIR}/out/google.golang.org/grpc/* . diff --git a/vendor/google.golang.org/grpc/resolver/resolver.go b/vendor/google.golang.org/grpc/resolver/resolver.go index e9fa8e33d..6a9d234a5 100644 --- a/vendor/google.golang.org/grpc/resolver/resolver.go +++ b/vendor/google.golang.org/grpc/resolver/resolver.go @@ -181,7 +181,7 @@ type State struct { // gRPC to add new methods to this interface. type ClientConn interface { // UpdateState updates the state of the ClientConn appropriately. - UpdateState(State) + UpdateState(State) error // ReportError notifies the ClientConn that the Resolver encountered an // error. The ClientConn will notify the load balancer and begin calling // ResolveNow on the Resolver with exponential backoff. diff --git a/vendor/google.golang.org/grpc/resolver_conn_wrapper.go b/vendor/google.golang.org/grpc/resolver_conn_wrapper.go index f2d81968f..2c47cd54f 100644 --- a/vendor/google.golang.org/grpc/resolver_conn_wrapper.go +++ b/vendor/google.golang.org/grpc/resolver_conn_wrapper.go @@ -22,7 +22,6 @@ import ( "fmt" "strings" "sync" - "time" "google.golang.org/grpc/balancer" "google.golang.org/grpc/credentials" @@ -41,8 +40,7 @@ type ccResolverWrapper struct { done *grpcsync.Event curState resolver.State - pollingMu sync.Mutex - polling chan struct{} + incomingMu sync.Mutex // Synchronizes all the incoming calls. } // newCCResolverWrapper uses the resolver.Builder to build a Resolver and @@ -93,71 +91,37 @@ func (ccr *ccResolverWrapper) close() { ccr.resolverMu.Unlock() } -// poll begins or ends asynchronous polling of the resolver based on whether -// err is ErrBadResolverState. -func (ccr *ccResolverWrapper) poll(err error) { - ccr.pollingMu.Lock() - defer ccr.pollingMu.Unlock() - if err != balancer.ErrBadResolverState { - // stop polling - if ccr.polling != nil { - close(ccr.polling) - ccr.polling = nil - } - return - } - if ccr.polling != nil { - // already polling - return - } - p := make(chan struct{}) - ccr.polling = p - go func() { - for i := 0; ; i++ { - ccr.resolveNow(resolver.ResolveNowOptions{}) - t := time.NewTimer(ccr.cc.dopts.resolveNowBackoff(i)) - select { - case <-p: - t.Stop() - return - case <-ccr.done.Done(): - // Resolver has been closed. - t.Stop() - return - case <-t.C: - select { - case <-p: - return - default: - } - // Timer expired; re-resolve. - } - } - }() -} - -func (ccr *ccResolverWrapper) UpdateState(s resolver.State) { +func (ccr *ccResolverWrapper) UpdateState(s resolver.State) error { + ccr.incomingMu.Lock() + defer ccr.incomingMu.Unlock() if ccr.done.HasFired() { - return + return nil } channelz.Infof(logger, ccr.cc.channelzID, "ccResolverWrapper: sending update to cc: %v", s) if channelz.IsOn() { ccr.addChannelzTraceEvent(s) } ccr.curState = s - ccr.poll(ccr.cc.updateResolverState(ccr.curState, nil)) + if err := ccr.cc.updateResolverState(ccr.curState, nil); err == balancer.ErrBadResolverState { + return balancer.ErrBadResolverState + } + return nil } func (ccr *ccResolverWrapper) ReportError(err error) { + ccr.incomingMu.Lock() + defer ccr.incomingMu.Unlock() if ccr.done.HasFired() { return } channelz.Warningf(logger, ccr.cc.channelzID, "ccResolverWrapper: reporting error to cc: %v", err) - ccr.poll(ccr.cc.updateResolverState(resolver.State{}, err)) + ccr.cc.updateResolverState(resolver.State{}, err) } // NewAddress is called by the resolver implementation to send addresses to gRPC. func (ccr *ccResolverWrapper) NewAddress(addrs []resolver.Address) { + ccr.incomingMu.Lock() + defer ccr.incomingMu.Unlock() if ccr.done.HasFired() { return } @@ -166,12 +130,14 @@ func (ccr *ccResolverWrapper) NewAddress(addrs []resolver.Address) { ccr.addChannelzTraceEvent(resolver.State{Addresses: addrs, ServiceConfig: ccr.curState.ServiceConfig}) } ccr.curState.Addresses = addrs - ccr.poll(ccr.cc.updateResolverState(ccr.curState, nil)) + ccr.cc.updateResolverState(ccr.curState, nil) } // NewServiceConfig is called by the resolver implementation to send service // configs to gRPC. func (ccr *ccResolverWrapper) NewServiceConfig(sc string) { + ccr.incomingMu.Lock() + defer ccr.incomingMu.Unlock() if ccr.done.HasFired() { return } @@ -183,14 +149,13 @@ func (ccr *ccResolverWrapper) NewServiceConfig(sc string) { scpr := parseServiceConfig(sc) if scpr.Err != nil { channelz.Warningf(logger, ccr.cc.channelzID, "ccResolverWrapper: error parsing service config: %v", scpr.Err) - ccr.poll(balancer.ErrBadResolverState) return } if channelz.IsOn() { ccr.addChannelzTraceEvent(resolver.State{Addresses: ccr.curState.Addresses, ServiceConfig: scpr}) } ccr.curState.ServiceConfig = scpr - ccr.poll(ccr.cc.updateResolverState(ccr.curState, nil)) + ccr.cc.updateResolverState(ccr.curState, nil) } func (ccr *ccResolverWrapper) ParseServiceConfig(scJSON string) *serviceconfig.ParseResult { diff --git a/vendor/google.golang.org/grpc/rpc_util.go b/vendor/google.golang.org/grpc/rpc_util.go index ea5bb8d0c..87987a2e6 100644 --- a/vendor/google.golang.org/grpc/rpc_util.go +++ b/vendor/google.golang.org/grpc/rpc_util.go @@ -258,7 +258,8 @@ func (o PeerCallOption) after(c *callInfo, attempt *csAttempt) { } // WaitForReady configures the action to take when an RPC is attempted on broken -// connections or unreachable servers. If waitForReady is false, the RPC will fail +// connections or unreachable servers. If waitForReady is false and the +// connection is in the TRANSIENT_FAILURE state, the RPC will fail // immediately. Otherwise, the RPC client will block the call until a // connection is available (or the call is canceled or times out) and will // retry the call if it fails due to a transient error. gRPC will not retry if @@ -429,9 +430,10 @@ func (o ContentSubtypeCallOption) before(c *callInfo) error { } func (o ContentSubtypeCallOption) after(c *callInfo, attempt *csAttempt) {} -// ForceCodec returns a CallOption that will set the given Codec to be -// used for all request and response messages for a call. The result of calling -// String() will be used as the content-subtype in a case-insensitive manner. +// ForceCodec returns a CallOption that will set codec to be used for all +// request and response messages for a call. The result of calling Name() will +// be used as the content-subtype after converting to lowercase, unless +// CallContentSubtype is also used. // // See Content-Type on // https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests for @@ -827,33 +829,45 @@ func Errorf(c codes.Code, format string, a ...interface{}) error { // toRPCErr converts an error into an error from the status package. func toRPCErr(err error) error { - if err == nil || err == io.EOF { + switch err { + case nil, io.EOF: return err - } - if err == io.ErrUnexpectedEOF { + case context.DeadlineExceeded: + return status.Error(codes.DeadlineExceeded, err.Error()) + case context.Canceled: + return status.Error(codes.Canceled, err.Error()) + case io.ErrUnexpectedEOF: return status.Error(codes.Internal, err.Error()) } - if _, ok := status.FromError(err); ok { - return err - } + switch e := err.(type) { case transport.ConnectionError: return status.Error(codes.Unavailable, e.Desc) - default: - switch err { - case context.DeadlineExceeded: - return status.Error(codes.DeadlineExceeded, err.Error()) - case context.Canceled: - return status.Error(codes.Canceled, err.Error()) - } + case *transport.NewStreamError: + return toRPCErr(e.Err) } + + if _, ok := status.FromError(err); ok { + return err + } + return status.Error(codes.Unknown, err.Error()) } // setCallInfoCodec should only be called after CallOptions have been applied. func setCallInfoCodec(c *callInfo) error { if c.codec != nil { - // codec was already set by a CallOption; use it. + // codec was already set by a CallOption; use it, but set the content + // subtype if it is not set. + if c.contentSubtype == "" { + // c.codec is a baseCodec to hide the difference between grpc.Codec and + // encoding.Codec (Name vs. String method name). We only support + // setting content subtype from encoding.Codec to avoid a behavior + // change with the deprecated version. + if ec, ok := c.codec.(encoding.Codec); ok { + c.contentSubtype = strings.ToLower(ec.Name()) + } + } return nil } @@ -888,8 +902,7 @@ type channelzData struct { // buffer files to ensure compatibility with the gRPC version used. The latest // support package version is 7. // -// Older versions are kept for compatibility. They may be removed if -// compatibility cannot be maintained. +// Older versions are kept for compatibility. // // These constants should not be referenced from any other code. const ( diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go index 7a2aa28a1..0251f48da 100644 --- a/vendor/google.golang.org/grpc/server.go +++ b/vendor/google.golang.org/grpc/server.go @@ -57,12 +57,22 @@ import ( const ( defaultServerMaxReceiveMessageSize = 1024 * 1024 * 4 defaultServerMaxSendMessageSize = math.MaxInt32 + + // Server transports are tracked in a map which is keyed on listener + // address. For regular gRPC traffic, connections are accepted in Serve() + // through a call to Accept(), and we use the actual listener address as key + // when we add it to the map. But for connections received through + // ServeHTTP(), we do not have a listener and hence use this dummy value. + listenerAddressForServeHTTP = "listenerAddressForServeHTTP" ) func init() { internal.GetServerCredentials = func(srv *Server) credentials.TransportCredentials { return srv.opts.creds } + internal.DrainServerTransports = func(srv *Server, addr string) { + srv.drainServerTransports(addr) + } } var statusOK = status.New(codes.OK, "") @@ -107,9 +117,12 @@ type serverWorkerData struct { type Server struct { opts serverOptions - mu sync.Mutex // guards following - lis map[net.Listener]bool - conns map[transport.ServerTransport]bool + mu sync.Mutex // guards following + lis map[net.Listener]bool + // conns contains all active server transports. It is a map keyed on a + // listener address with the value being the set of active transports + // belonging to that listener. + conns map[string]map[transport.ServerTransport]bool serve bool drain bool cv *sync.Cond // signaled when connections close for GracefulStop @@ -266,6 +279,35 @@ func CustomCodec(codec Codec) ServerOption { }) } +// ForceServerCodec returns a ServerOption that sets a codec for message +// marshaling and unmarshaling. +// +// This will override any lookups by content-subtype for Codecs registered +// with RegisterCodec. +// +// See Content-Type on +// https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md#requests for +// more details. Also see the documentation on RegisterCodec and +// CallContentSubtype for more details on the interaction between encoding.Codec +// and content-subtype. +// +// This function is provided for advanced users; prefer to register codecs +// using encoding.RegisterCodec. +// The server will automatically use registered codecs based on the incoming +// requests' headers. See also +// https://github.com/grpc/grpc-go/blob/master/Documentation/encoding.md#using-a-codec. +// Will be supported throughout 1.x. +// +// Experimental +// +// Notice: This API is EXPERIMENTAL and may be changed or removed in a +// later release. +func ForceServerCodec(codec encoding.Codec) ServerOption { + return newFuncServerOption(func(o *serverOptions) { + o.codec = codec + }) +} + // RPCCompressor returns a ServerOption that sets a compressor for outbound // messages. For backward compatibility, all outbound messages will be sent // using this compressor, regardless of incoming message compression. By @@ -376,6 +418,11 @@ func ChainStreamInterceptor(interceptors ...StreamServerInterceptor) ServerOptio // InTapHandle returns a ServerOption that sets the tap handle for all the server // transport to be created. Only one can be installed. +// +// Experimental +// +// Notice: This API is EXPERIMENTAL and may be changed or removed in a +// later release. func InTapHandle(h tap.ServerInHandle) ServerOption { return newFuncServerOption(func(o *serverOptions) { if o.inTapHandle != nil { @@ -519,7 +566,7 @@ func NewServer(opt ...ServerOption) *Server { s := &Server{ lis: make(map[net.Listener]bool), opts: opts, - conns: make(map[transport.ServerTransport]bool), + conns: make(map[string]map[transport.ServerTransport]bool), services: make(map[string]*serviceInfo), quit: grpcsync.NewEvent(), done: grpcsync.NewEvent(), @@ -778,7 +825,7 @@ func (s *Server) Serve(lis net.Listener) error { // s.conns before this conn can be added. s.serveWG.Add(1) go func() { - s.handleRawConn(rawConn) + s.handleRawConn(lis.Addr().String(), rawConn) s.serveWG.Done() }() } @@ -786,7 +833,7 @@ func (s *Server) Serve(lis net.Listener) error { // handleRawConn forks a goroutine to handle a just-accepted connection that // has not had any I/O performed on it yet. -func (s *Server) handleRawConn(rawConn net.Conn) { +func (s *Server) handleRawConn(lisAddr string, rawConn net.Conn) { if s.quit.HasFired() { rawConn.Close() return @@ -797,10 +844,16 @@ func (s *Server) handleRawConn(rawConn net.Conn) { // ErrConnDispatched means that the connection was dispatched away from // gRPC; those connections should be left open. if err != credentials.ErrConnDispatched { - s.mu.Lock() - s.errorf("ServerHandshake(%q) failed: %v", rawConn.RemoteAddr(), err) - s.mu.Unlock() - channelz.Warningf(logger, s.channelzID, "grpc: Server.Serve failed to complete security handshake from %q: %v", rawConn.RemoteAddr(), err) + // In deployments where a gRPC server runs behind a cloud load + // balancer which performs regular TCP level health checks, the + // connection is closed immediately by the latter. Skipping the + // error here will help reduce log clutter. + if err != io.EOF { + s.mu.Lock() + s.errorf("ServerHandshake(%q) failed: %v", rawConn.RemoteAddr(), err) + s.mu.Unlock() + channelz.Warningf(logger, s.channelzID, "grpc: Server.Serve failed to complete security handshake from %q: %v", rawConn.RemoteAddr(), err) + } rawConn.Close() } rawConn.SetDeadline(time.Time{}) @@ -810,19 +863,29 @@ func (s *Server) handleRawConn(rawConn net.Conn) { // Finish handshaking (HTTP2) st := s.newHTTP2Transport(conn, authInfo) if st == nil { + conn.Close() return } rawConn.SetDeadline(time.Time{}) - if !s.addConn(st) { + if !s.addConn(lisAddr, st) { return } go func() { s.serveStreams(st) - s.removeConn(st) + s.removeConn(lisAddr, st) }() } +func (s *Server) drainServerTransports(addr string) { + s.mu.Lock() + conns := s.conns[addr] + for st := range conns { + st.Drain() + } + s.mu.Unlock() +} + // newHTTP2Transport sets up a http/2 transport (using the // gRPC http2 server transport in transport/http2_server.go). func (s *Server) newHTTP2Transport(c net.Conn, authInfo credentials.AuthInfo) transport.ServerTransport { @@ -841,7 +904,7 @@ func (s *Server) newHTTP2Transport(c net.Conn, authInfo credentials.AuthInfo) tr MaxHeaderListSize: s.opts.maxHeaderListSize, HeaderTableSize: s.opts.headerTableSize, } - st, err := transport.NewServerTransport("http2", c, config) + st, err := transport.NewServerTransport(c, config) if err != nil { s.mu.Lock() s.errorf("NewServerTransport(%q) failed: %v", c.RemoteAddr(), err) @@ -924,10 +987,10 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { http.Error(w, err.Error(), http.StatusInternalServerError) return } - if !s.addConn(st) { + if !s.addConn(listenerAddressForServeHTTP, st) { return } - defer s.removeConn(st) + defer s.removeConn(listenerAddressForServeHTTP, st) s.serveStreams(st) } @@ -955,7 +1018,7 @@ func (s *Server) traceInfo(st transport.ServerTransport, stream *transport.Strea return trInfo } -func (s *Server) addConn(st transport.ServerTransport) bool { +func (s *Server) addConn(addr string, st transport.ServerTransport) bool { s.mu.Lock() defer s.mu.Unlock() if s.conns == nil { @@ -967,15 +1030,28 @@ func (s *Server) addConn(st transport.ServerTransport) bool { // immediately. st.Drain() } - s.conns[st] = true + + if s.conns[addr] == nil { + // Create a map entry if this is the first connection on this listener. + s.conns[addr] = make(map[transport.ServerTransport]bool) + } + s.conns[addr][st] = true return true } -func (s *Server) removeConn(st transport.ServerTransport) { +func (s *Server) removeConn(addr string, st transport.ServerTransport) { s.mu.Lock() defer s.mu.Unlock() - if s.conns != nil { - delete(s.conns, st) + + conns := s.conns[addr] + if conns != nil { + delete(conns, st) + if len(conns) == 0 { + // If the last connection for this address is being removed, also + // remove the map entry corresponding to the address. This is used + // in GracefulStop() when waiting for all connections to be closed. + delete(s.conns, addr) + } s.cv.Broadcast() } } @@ -1040,22 +1116,24 @@ func chainUnaryServerInterceptors(s *Server) { } else if len(interceptors) == 1 { chainedInt = interceptors[0] } else { - chainedInt = func(ctx context.Context, req interface{}, info *UnaryServerInfo, handler UnaryHandler) (interface{}, error) { - return interceptors[0](ctx, req, info, getChainUnaryHandler(interceptors, 0, info, handler)) - } + chainedInt = chainUnaryInterceptors(interceptors) } s.opts.unaryInt = chainedInt } -// getChainUnaryHandler recursively generate the chained UnaryHandler -func getChainUnaryHandler(interceptors []UnaryServerInterceptor, curr int, info *UnaryServerInfo, finalHandler UnaryHandler) UnaryHandler { - if curr == len(interceptors)-1 { - return finalHandler - } - - return func(ctx context.Context, req interface{}) (interface{}, error) { - return interceptors[curr+1](ctx, req, info, getChainUnaryHandler(interceptors, curr+1, info, finalHandler)) +func chainUnaryInterceptors(interceptors []UnaryServerInterceptor) UnaryServerInterceptor { + return func(ctx context.Context, req interface{}, info *UnaryServerInfo, handler UnaryHandler) (interface{}, error) { + var i int + var next UnaryHandler + next = func(ctx context.Context, req interface{}) (interface{}, error) { + if i == len(interceptors)-1 { + return interceptors[i](ctx, req, info, handler) + } + i++ + return interceptors[i-1](ctx, req, info, next) + } + return next(ctx, req) } } @@ -1069,7 +1147,9 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport. if sh != nil { beginTime := time.Now() statsBegin = &stats.Begin{ - BeginTime: beginTime, + BeginTime: beginTime, + IsClientStream: false, + IsServerStream: false, } sh.HandleRPC(stream.Context(), statsBegin) } @@ -1321,22 +1401,24 @@ func chainStreamServerInterceptors(s *Server) { } else if len(interceptors) == 1 { chainedInt = interceptors[0] } else { - chainedInt = func(srv interface{}, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error { - return interceptors[0](srv, ss, info, getChainStreamHandler(interceptors, 0, info, handler)) - } + chainedInt = chainStreamInterceptors(interceptors) } s.opts.streamInt = chainedInt } -// getChainStreamHandler recursively generate the chained StreamHandler -func getChainStreamHandler(interceptors []StreamServerInterceptor, curr int, info *StreamServerInfo, finalHandler StreamHandler) StreamHandler { - if curr == len(interceptors)-1 { - return finalHandler - } - - return func(srv interface{}, ss ServerStream) error { - return interceptors[curr+1](srv, ss, info, getChainStreamHandler(interceptors, curr+1, info, finalHandler)) +func chainStreamInterceptors(interceptors []StreamServerInterceptor) StreamServerInterceptor { + return func(srv interface{}, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error { + var i int + var next StreamHandler + next = func(srv interface{}, ss ServerStream) error { + if i == len(interceptors)-1 { + return interceptors[i](srv, ss, info, handler) + } + i++ + return interceptors[i-1](srv, ss, info, next) + } + return next(srv, ss) } } @@ -1349,7 +1431,9 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp if sh != nil { beginTime := time.Now() statsBegin = &stats.Begin{ - BeginTime: beginTime, + BeginTime: beginTime, + IsClientStream: sd.ClientStreams, + IsServerStream: sd.ServerStreams, } sh.HandleRPC(stream.Context(), statsBegin) } @@ -1452,6 +1536,8 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp } } + ss.ctx = newContextWithRPCInfo(ss.ctx, false, ss.codec, ss.cp, ss.comp) + if trInfo != nil { trInfo.tr.LazyLog(&trInfo.firstLine, false) } @@ -1519,7 +1605,7 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str trInfo.tr.SetError() } errDesc := fmt.Sprintf("malformed method name: %q", stream.Method()) - if err := t.WriteStatus(stream, status.New(codes.ResourceExhausted, errDesc)); err != nil { + if err := t.WriteStatus(stream, status.New(codes.Unimplemented, errDesc)); err != nil { if trInfo != nil { trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true) trInfo.tr.SetError() @@ -1639,7 +1725,7 @@ func (s *Server) Stop() { s.mu.Lock() listeners := s.lis s.lis = nil - st := s.conns + conns := s.conns s.conns = nil // interrupt GracefulStop if Stop and GracefulStop are called concurrently. s.cv.Broadcast() @@ -1648,8 +1734,10 @@ func (s *Server) Stop() { for lis := range listeners { lis.Close() } - for c := range st { - c.Close() + for _, cs := range conns { + for st := range cs { + st.Close() + } } if s.opts.numServerWorkers > 0 { s.stopServerWorkers() @@ -1686,8 +1774,10 @@ func (s *Server) GracefulStop() { } s.lis = nil if !s.drain { - for st := range s.conns { - st.Drain() + for _, conns := range s.conns { + for st := range conns { + st.Drain() + } } s.drain = true } diff --git a/vendor/google.golang.org/grpc/stats/stats.go b/vendor/google.golang.org/grpc/stats/stats.go index 63e476ee7..a5ebeeb69 100644 --- a/vendor/google.golang.org/grpc/stats/stats.go +++ b/vendor/google.golang.org/grpc/stats/stats.go @@ -45,6 +45,10 @@ type Begin struct { BeginTime time.Time // FailFast indicates if this RPC is failfast. FailFast bool + // IsClientStream indicates whether the RPC is a client streaming RPC. + IsClientStream bool + // IsServerStream indicates whether the RPC is a server streaming RPC. + IsServerStream bool } // IsClient indicates if the stats information is from client side. diff --git a/vendor/google.golang.org/grpc/status/status.go b/vendor/google.golang.org/grpc/status/status.go index 01e182c30..54d187186 100644 --- a/vendor/google.golang.org/grpc/status/status.go +++ b/vendor/google.golang.org/grpc/status/status.go @@ -73,9 +73,11 @@ func FromProto(s *spb.Status) *Status { return status.FromProto(s) } -// FromError returns a Status representing err if it was produced from this -// package or has a method `GRPCStatus() *Status`. Otherwise, ok is false and a -// Status is returned with codes.Unknown and the original error message. +// FromError returns a Status representing err if it was produced by this +// package or has a method `GRPCStatus() *Status`. +// If err is nil, a Status is returned with codes.OK and no message. +// Otherwise, ok is false and a Status is returned with codes.Unknown and +// the original error message. func FromError(err error) (s *Status, ok bool) { if err == nil { return nil, true diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go index eda1248d6..e224af12d 100644 --- a/vendor/google.golang.org/grpc/stream.go +++ b/vendor/google.golang.org/grpc/stream.go @@ -52,14 +52,20 @@ import ( // of the RPC. type StreamHandler func(srv interface{}, stream ServerStream) error -// StreamDesc represents a streaming RPC service's method specification. +// StreamDesc represents a streaming RPC service's method specification. Used +// on the server when registering services and on the client when initiating +// new streams. type StreamDesc struct { - StreamName string - Handler StreamHandler + // StreamName and Handler are only used when registering handlers on a + // server. + StreamName string // the name of the method excluding the service + Handler StreamHandler // the handler called for the method - // At least one of these is true. - ServerStreams bool - ClientStreams bool + // ServerStreams and ClientStreams are used for registering handlers on a + // server as well as defining RPC behavior when passed to NewClientStream + // and ClientConn.NewStream. At least one must be true. + ServerStreams bool // indicates the server can perform streaming sends + ClientStreams bool // indicates the client can perform streaming sends } // Stream defines the common interface a client or server stream has to satisfy. @@ -166,7 +172,6 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth } }() } - c := defaultCallInfo() // Provide an opportunity for the first RPC to see the first service config // provided by the resolver. if err := cc.waitForResolvedAddrs(ctx); err != nil { @@ -175,18 +180,40 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth var mc serviceconfig.MethodConfig var onCommit func() - rpcConfig, err := cc.safeConfigSelector.SelectConfig(iresolver.RPCInfo{Context: ctx, Method: method}) - if err != nil { - return nil, status.Convert(err).Err() + var newStream = func(ctx context.Context, done func()) (iresolver.ClientStream, error) { + return newClientStreamWithParams(ctx, desc, cc, method, mc, onCommit, done, opts...) } + + rpcInfo := iresolver.RPCInfo{Context: ctx, Method: method} + rpcConfig, err := cc.safeConfigSelector.SelectConfig(rpcInfo) + if err != nil { + return nil, toRPCErr(err) + } + if rpcConfig != nil { if rpcConfig.Context != nil { ctx = rpcConfig.Context } mc = rpcConfig.MethodConfig onCommit = rpcConfig.OnCommitted + if rpcConfig.Interceptor != nil { + rpcInfo.Context = nil + ns := newStream + newStream = func(ctx context.Context, done func()) (iresolver.ClientStream, error) { + cs, err := rpcConfig.Interceptor.NewStream(ctx, rpcInfo, done, ns) + if err != nil { + return nil, toRPCErr(err) + } + return cs, nil + } + } } + return newStream(ctx, func() {}) +} + +func newClientStreamWithParams(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, mc serviceconfig.MethodConfig, onCommit, doneFunc func(), opts ...CallOption) (_ iresolver.ClientStream, err error) { + c := defaultCallInfo() if mc.WaitForReady != nil { c.failFast = !*mc.WaitForReady } @@ -223,6 +250,7 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth Host: cc.authority, Method: method, ContentSubtype: c.contentSubtype, + DoneFunc: doneFunc, } // Set our outgoing compression according to the UseCompressor CallOption, if @@ -267,9 +295,11 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth ctx = sh.TagRPC(ctx, &stats.RPCTagInfo{FullMethodName: method, FailFast: c.failFast}) beginTime = time.Now() begin := &stats.Begin{ - Client: true, - BeginTime: beginTime, - FailFast: c.failFast, + Client: true, + BeginTime: beginTime, + FailFast: c.failFast, + IsClientStream: desc.ClientStreams, + IsServerStream: desc.ServerStreams, } sh.HandleRPC(ctx, begin) } @@ -391,12 +421,9 @@ func (a *csAttempt) newStream() error { cs.callHdr.PreviousAttempts = cs.numRetries s, err := a.t.NewStream(cs.ctx, cs.callHdr) if err != nil { - if _, ok := err.(transport.PerformedIOError); ok { - // Return without converting to an RPC error so retry code can - // inspect. - return err - } - return toRPCErr(err) + // Return without converting to an RPC error so retry code can + // inspect. + return err } cs.attempt.s = s cs.attempt.p = &parser{r: s} @@ -495,19 +522,28 @@ func (cs *clientStream) commitAttempt() { // shouldRetry returns nil if the RPC should be retried; otherwise it returns // the error that should be returned by the operation. func (cs *clientStream) shouldRetry(err error) error { - unprocessed := false if cs.attempt.s == nil { - pioErr, ok := err.(transport.PerformedIOError) - if ok { - // Unwrap error. - err = toRPCErr(pioErr.Err) - } else { - unprocessed = true + // Error from NewClientStream. + nse, ok := err.(*transport.NewStreamError) + if !ok { + // Unexpected, but assume no I/O was performed and the RPC is not + // fatal, so retry indefinitely. + return nil } - if !ok && !cs.callInfo.failFast { - // In the event of a non-IO operation error from NewStream, we - // never attempted to write anything to the wire, so we can retry - // indefinitely for non-fail-fast RPCs. + + // Unwrap and convert error. + err = toRPCErr(nse.Err) + + // Never retry DoNotRetry errors, which indicate the RPC should not be + // retried due to max header list size violation, etc. + if nse.DoNotRetry { + return err + } + + // In the event of a non-IO operation error from NewStream, we never + // attempted to write anything to the wire, so we can retry + // indefinitely. + if !nse.PerformedIO { return nil } } @@ -516,6 +552,7 @@ func (cs *clientStream) shouldRetry(err error) error { return err } // Wait for the trailers. + unprocessed := false if cs.attempt.s != nil { <-cs.attempt.s.Done() unprocessed = cs.attempt.s.Unprocessed() @@ -604,7 +641,7 @@ func (cs *clientStream) shouldRetry(err error) error { // Returns nil if a retry was performed and succeeded; error otherwise. func (cs *clientStream) retryLocked(lastErr error) error { for { - cs.attempt.finish(lastErr) + cs.attempt.finish(toRPCErr(lastErr)) if err := cs.shouldRetry(lastErr); err != nil { cs.commitAttemptLocked() return err @@ -631,7 +668,11 @@ func (cs *clientStream) withRetry(op func(a *csAttempt) error, onSuccess func()) for { if cs.committed { cs.mu.Unlock() - return op(cs.attempt) + // toRPCErr is used in case the error from the attempt comes from + // NewClientStream, which intentionally doesn't return a status + // error to allow for further inspection; all other errors should + // already be status errors. + return toRPCErr(op(cs.attempt)) } a := cs.attempt cs.mu.Unlock() diff --git a/vendor/google.golang.org/grpc/tap/tap.go b/vendor/google.golang.org/grpc/tap/tap.go index caea1ebed..dbf34e6bb 100644 --- a/vendor/google.golang.org/grpc/tap/tap.go +++ b/vendor/google.golang.org/grpc/tap/tap.go @@ -37,16 +37,16 @@ type Info struct { // TODO: More to be added. } -// ServerInHandle defines the function which runs before a new stream is created -// on the server side. If it returns a non-nil error, the stream will not be -// created and a RST_STREAM will be sent back to the client with REFUSED_STREAM. -// The client will receive an RPC error "code = Unavailable, desc = stream -// terminated by RST_STREAM with error code: REFUSED_STREAM". +// ServerInHandle defines the function which runs before a new stream is +// created on the server side. If it returns a non-nil error, the stream will +// not be created and an error will be returned to the client. If the error +// returned is a status error, that status code and message will be used, +// otherwise PermissionDenied will be the code and err.Error() will be the +// message. // // It's intended to be used in situations where you don't want to waste the -// resources to accept the new stream (e.g. rate-limiting). And the content of -// the error will be ignored and won't be sent back to the client. For other -// general usages, please use interceptors. +// resources to accept the new stream (e.g. rate-limiting). For other general +// usages, please use interceptors. // // Note that it is executed in the per-connection I/O goroutine(s) instead of // per-RPC goroutine. Therefore, users should NOT have any diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go index 685b91c70..e3510e10f 100644 --- a/vendor/google.golang.org/grpc/version.go +++ b/vendor/google.golang.org/grpc/version.go @@ -19,4 +19,4 @@ package grpc // Version is the current grpc version. -const Version = "1.35.0" +const Version = "1.40.0" diff --git a/vendor/google.golang.org/grpc/vet.sh b/vendor/google.golang.org/grpc/vet.sh index b41df6dc8..5eaa8b05d 100644 --- a/vendor/google.golang.org/grpc/vet.sh +++ b/vendor/google.golang.org/grpc/vet.sh @@ -28,29 +28,18 @@ cleanup() { } trap cleanup EXIT -PATH="${GOPATH}/bin:${GOROOT}/bin:${PATH}" +PATH="${HOME}/go/bin:${GOROOT}/bin:${PATH}" +go version if [[ "$1" = "-install" ]]; then - # Check for module support - if go help mod >& /dev/null; then - # Install the pinned versions as defined in module tools. - pushd ./test/tools - go install \ - golang.org/x/lint/golint \ - golang.org/x/tools/cmd/goimports \ - honnef.co/go/tools/cmd/staticcheck \ - github.com/client9/misspell/cmd/misspell - popd - else - # Ye olde `go get` incantation. - # Note: this gets the latest version of all tools (vs. the pinned versions - # with Go modules). - go get -u \ - golang.org/x/lint/golint \ - golang.org/x/tools/cmd/goimports \ - honnef.co/go/tools/cmd/staticcheck \ - github.com/client9/misspell/cmd/misspell - fi + # Install the pinned versions as defined in module tools. + pushd ./test/tools + go install \ + golang.org/x/lint/golint \ + golang.org/x/tools/cmd/goimports \ + honnef.co/go/tools/cmd/staticcheck \ + github.com/client9/misspell/cmd/misspell + popd if [[ -z "${VET_SKIP_PROTO}" ]]; then if [[ "${TRAVIS}" = "true" ]]; then PROTOBUF_VERSION=3.14.0 @@ -104,12 +93,6 @@ git grep '"github.com/envoyproxy/go-control-plane/envoy' -- '*.go' ':(exclude)*. # TODO: Remove when we drop Go 1.10 support go list -f {{.Dir}} ./... | xargs go run test/go_vet/vet.go -# - gofmt, goimports, golint (with exceptions for generated code), go vet. -gofmt -s -d -l . 2>&1 | fail_on_output -goimports -l . 2>&1 | not grep -vE "\.pb\.go" -golint ./... 2>&1 | not grep -vE "\.pb\.go:" -go vet -all ./... - misspell -error . # - Check that generated proto files are up to date. @@ -119,12 +102,22 @@ if [[ -z "${VET_SKIP_PROTO}" ]]; then (git status; git --no-pager diff; exit 1) fi -# - Check that our modules are tidy. -if go help mod >& /dev/null; then - find . -name 'go.mod' | xargs -IXXX bash -c 'cd $(dirname XXX); go mod tidy' +# - gofmt, goimports, golint (with exceptions for generated code), go vet, +# go mod tidy. +# Perform these checks on each module inside gRPC. +for MOD_FILE in $(find . -name 'go.mod'); do + MOD_DIR=$(dirname ${MOD_FILE}) + pushd ${MOD_DIR} + go vet -all ./... | fail_on_output + gofmt -s -d -l . 2>&1 | fail_on_output + goimports -l . 2>&1 | not grep -vE "\.pb\.go" + golint ./... 2>&1 | not grep -vE "/testv3\.pb\.go:" + + go mod tidy git status --porcelain 2>&1 | fail_on_output || \ (git status; git --no-pager diff; exit 1) -fi + popd +done # - Collection of static analysis checks # @@ -141,8 +134,11 @@ not grep -Fv '.CredsBundle .NewAddress .NewServiceConfig .Type is deprecated: use Attributes +BuildVersion is deprecated balancer.ErrTransientFailure balancer.Picker +extDesc.Filename is deprecated +github.com/golang/protobuf/jsonpb is deprecated grpc.CallCustomCodec grpc.Code grpc.Compressor @@ -164,13 +160,7 @@ grpc.WithServiceConfig grpc.WithTimeout http.CloseNotifier info.SecurityVersion -resolver.Backend -resolver.GRPCLB -extDesc.Filename is deprecated -BuildVersion is deprecated -github.com/golang/protobuf/jsonpb is deprecated proto is deprecated -xxx_messageInfo_ proto.InternalMessageInfo is deprecated proto.EnumName is deprecated proto.ErrInternalBadWireType is deprecated @@ -184,7 +174,12 @@ proto.RegisterExtension is deprecated proto.RegisteredExtension is deprecated proto.RegisteredExtensions is deprecated proto.RegisterMapType is deprecated -proto.Unmarshaler is deprecated' "${SC_OUT}" +proto.Unmarshaler is deprecated +resolver.Backend +resolver.GRPCLB +Target is deprecated: Use the Target field in the BuildOptions instead. +xxx_messageInfo_ +' "${SC_OUT}" # - special golint on package comments. lint_package_comment_per_package() { diff --git a/vendor/k8s.io/cloud-provider/go.mod b/vendor/k8s.io/cloud-provider/go.mod index 239888651..e826b2793 100644 --- a/vendor/k8s.io/cloud-provider/go.mod +++ b/vendor/k8s.io/cloud-provider/go.mod @@ -9,21 +9,21 @@ require ( github.com/spf13/cobra v1.1.3 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.7.0 - k8s.io/api v0.22.0 - k8s.io/apimachinery v0.22.0 - k8s.io/apiserver v0.22.0 - k8s.io/client-go v0.22.0 - k8s.io/component-base v0.22.0 - k8s.io/controller-manager v0.22.0 + k8s.io/api v0.22.1 + k8s.io/apimachinery v0.22.1 + k8s.io/apiserver v0.22.1 + k8s.io/client-go v0.22.1 + k8s.io/component-base v0.22.1 + k8s.io/controller-manager v0.22.1 k8s.io/klog/v2 v2.9.0 k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9 ) replace ( - k8s.io/api => k8s.io/api v0.22.0 - k8s.io/apimachinery => k8s.io/apimachinery v0.22.0 - k8s.io/apiserver => k8s.io/apiserver v0.22.0 - k8s.io/client-go => k8s.io/client-go v0.22.0 - k8s.io/component-base => k8s.io/component-base v0.22.0 - k8s.io/controller-manager => k8s.io/controller-manager v0.22.0 + k8s.io/api => k8s.io/api v0.22.1 + k8s.io/apimachinery => k8s.io/apimachinery v0.22.1 + k8s.io/apiserver => k8s.io/apiserver v0.22.1 + k8s.io/client-go => k8s.io/client-go v0.22.1 + k8s.io/component-base => k8s.io/component-base v0.22.1 + k8s.io/controller-manager => k8s.io/controller-manager v0.22.1 ) diff --git a/vendor/k8s.io/cloud-provider/go.sum b/vendor/k8s.io/cloud-provider/go.sum index 495d6e0cc..0e3f40068 100644 --- a/vendor/k8s.io/cloud-provider/go.sum +++ b/vendor/k8s.io/cloud-provider/go.sum @@ -776,18 +776,18 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.22.0 h1:elCpMZ9UE8dLdYxr55E06TmSeji9I3KH494qH70/y+c= -k8s.io/api v0.22.0/go.mod h1:0AoXXqst47OI/L0oGKq9DG61dvGRPXs7X4/B7KyjBCU= -k8s.io/apimachinery v0.22.0 h1:CqH/BdNAzZl+sr3tc0D3VsK3u6ARVSo3GWyLmfIjbP0= -k8s.io/apimachinery v0.22.0/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= -k8s.io/apiserver v0.22.0 h1:KZh2asnRBjawLLfPOi6qiD+A2jaNt31HCnZG6AX3Qcs= -k8s.io/apiserver v0.22.0/go.mod h1:04kaIEzIQrTGJ5syLppQWvpkLJXQtJECHmae+ZGc/nc= -k8s.io/client-go v0.22.0 h1:sD6o9O6tCwUKCENw8v+HFsuAbq2jCu8cWC61/ydwA50= -k8s.io/client-go v0.22.0/go.mod h1:GUjIuXR5PiEv/RVK5OODUsm6eZk7wtSWZSaSJbpFdGg= -k8s.io/component-base v0.22.0 h1:ZTmX8hUqH9T9gc0mM42O+KDgtwTYbVTt2MwmLP0eK8A= -k8s.io/component-base v0.22.0/go.mod h1:SXj6Z+V6P6GsBhHZVbWCw9hFjUdUYnJerlhhPnYCBCg= -k8s.io/controller-manager v0.22.0 h1:zFQx0Ji0IMv7z0gYC0Ruy0YQxtf1Lo2TQo9UqWNcKME= -k8s.io/controller-manager v0.22.0/go.mod h1:KCFcmFIjh512sVIm1EhAPJ+4miASDvbZA5eO/2nbr2M= +k8s.io/api v0.22.1 h1:ISu3tD/jRhYfSW8jI/Q1e+lRxkR7w9UwQEZ7FgslrwY= +k8s.io/api v0.22.1/go.mod h1:bh13rkTp3F1XEaLGykbyRD2QaTTzPm0e/BMd8ptFONY= +k8s.io/apimachinery v0.22.1 h1:DTARnyzmdHMz7bFWFDDm22AM4pLWTQECMpRTFu2d2OM= +k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= +k8s.io/apiserver v0.22.1 h1:Ul9Iv8OMB2s45h2tl5XWPpAZo1VPIJ/6N+MESeed7L8= +k8s.io/apiserver v0.22.1/go.mod h1:2mcM6dzSt+XndzVQJX21Gx0/Klo7Aen7i0Ai6tIa400= +k8s.io/client-go v0.22.1 h1:jW0ZSHi8wW260FvcXHkIa0NLxFBQszTlhiAVsU5mopw= +k8s.io/client-go v0.22.1/go.mod h1:BquC5A4UOo4qVDUtoc04/+Nxp1MeHcVc1HJm1KmG8kk= +k8s.io/component-base v0.22.1 h1:SFqIXsEN3v3Kkr1bS6rstrs1wd45StJqbtgbQ4nRQdo= +k8s.io/component-base v0.22.1/go.mod h1:0D+Bl8rrnsPN9v0dyYvkqFfBeAd4u7n77ze+p8CMiPo= +k8s.io/controller-manager v0.22.1 h1:6yu4ApWEk7DxIc4Bp7Ibxq46vopV9+VVEjZTNE+1Qd0= +k8s.io/controller-manager v0.22.1/go.mod h1:HN5qzvZs8A4fd/xuqDZwqe+Nsz249a2Kbq/YqZ903n8= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.9.0 h1:D7HV+n1V57XeZ0m6tdRkfknthUaM06VFbWldOFh8kzM= diff --git a/vendor/k8s.io/klog/v2/OWNERS b/vendor/k8s.io/klog/v2/OWNERS index 380e514f2..f689c1641 100644 --- a/vendor/k8s.io/klog/v2/OWNERS +++ b/vendor/k8s.io/klog/v2/OWNERS @@ -15,5 +15,4 @@ approvers: - tallclair - piosz - brancz - - DirectXMan12 - lavalamp diff --git a/vendor/k8s.io/klog/v2/klog.go b/vendor/k8s.io/klog/v2/klog.go index 1e187f763..d24087def 100644 --- a/vendor/k8s.io/klog/v2/klog.go +++ b/vendor/k8s.io/klog/v2/klog.go @@ -1603,3 +1603,20 @@ func KRef(namespace, name string) ObjectRef { Namespace: namespace, } } + +// KObjs returns slice of ObjectRef from an slice of ObjectMeta +func KObjs(arg interface{}) []ObjectRef { + s := reflect.ValueOf(arg) + if s.Kind() != reflect.Slice { + return nil + } + objectRefs := make([]ObjectRef, 0, s.Len()) + for i := 0; i < s.Len(); i++ { + if v, ok := s.Index(i).Interface().(KMetadata); ok { + objectRefs = append(objectRefs, KObj(v)) + } else { + return nil + } + } + return objectRefs +} diff --git a/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_linux.go b/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_linux.go index 1140f75ce..84cdf5e10 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_linux.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/util/subpath/subpath_linux.go @@ -209,8 +209,9 @@ func doBindSubPath(mounter mount.Interface, subpath Subpath) (hostPath string, e // Do the bind mount options := []string{"bind"} + mountFlags := []string{"--no-canonicalize"} klog.V(5).Infof("bind mounting %q at %q", mountSource, bindPathTarget) - if err = mounter.MountSensitiveWithoutSystemd(mountSource, bindPathTarget, "" /*fstype*/, options, nil); err != nil { + if err = mounter.MountSensitiveWithoutSystemdWithMountFlags(mountSource, bindPathTarget, "" /*fstype*/, options, nil /* sensitiveOptions */, mountFlags); err != nil { return "", fmt.Errorf("error mounting %s: %s", subpath.Path, err) } success = true diff --git a/vendor/k8s.io/kubernetes/test/e2e/framework/metrics/metrics_grabber.go b/vendor/k8s.io/kubernetes/test/e2e/framework/metrics/metrics_grabber.go index 932e26c20..ba3f0e8e7 100644 --- a/vendor/k8s.io/kubernetes/test/e2e/framework/metrics/metrics_grabber.go +++ b/vendor/k8s.io/kubernetes/test/e2e/framework/metrics/metrics_grabber.go @@ -203,7 +203,7 @@ func (g *Grabber) GrabFromScheduler() (SchedulerMetrics, error) { var err error g.waitForSchedulerReadyOnce.Do(func() { - if readyErr := e2epod.WaitForPodsReady(g.client, metav1.NamespaceSystem, g.kubeScheduler, 0); readyErr != nil { + if readyErr := e2epod.WaitTimeoutForPodReadyInNamespace(g.client, g.kubeScheduler, metav1.NamespaceSystem, 5*time.Minute); readyErr != nil { err = fmt.Errorf("error waiting for kube-scheduler pod to be ready: %w", readyErr) } }) @@ -254,7 +254,7 @@ func (g *Grabber) GrabFromControllerManager() (ControllerManagerMetrics, error) var err error g.waitForControllerManagerReadyOnce.Do(func() { - if readyErr := e2epod.WaitForPodsReady(g.client, metav1.NamespaceSystem, g.kubeControllerManager, 0); readyErr != nil { + if readyErr := e2epod.WaitTimeoutForPodReadyInNamespace(g.client, g.kubeControllerManager, metav1.NamespaceSystem, 5*time.Minute); readyErr != nil { err = fmt.Errorf("error waiting for kube-controller-manager pod to be ready: %w", readyErr) } }) @@ -293,7 +293,7 @@ func (g *Grabber) GrabFromSnapshotController(podName string, port int) (Snapshot var err error g.waitForSnapshotControllerReadyOnce.Do(func() { - if readyErr := e2epod.WaitForPodsReady(g.client, metav1.NamespaceSystem, podName, 0); readyErr != nil { + if readyErr := e2epod.WaitTimeoutForPodReadyInNamespace(g.client, podName, metav1.NamespaceSystem, 5*time.Minute); readyErr != nil { err = fmt.Errorf("error waiting for volume-snapshot-controller pod to be ready: %w", readyErr) } }) diff --git a/vendor/k8s.io/kubernetes/test/e2e/framework/pod/wait.go b/vendor/k8s.io/kubernetes/test/e2e/framework/pod/wait.go index b5723035d..61ab7997c 100644 --- a/vendor/k8s.io/kubernetes/test/e2e/framework/pod/wait.go +++ b/vendor/k8s.io/kubernetes/test/e2e/framework/pod/wait.go @@ -513,24 +513,6 @@ func WaitForPodsWithLabelRunningReady(c clientset.Interface, ns string, label la return pods, err } -// WaitForPodsReady waits for the pods to become ready. -func WaitForPodsReady(c clientset.Interface, ns, name string, minReadySeconds int) error { - label := labels.SelectorFromSet(labels.Set(map[string]string{"name": name})) - options := metav1.ListOptions{LabelSelector: label.String()} - return wait.Poll(poll, 5*time.Minute, func() (bool, error) { - pods, err := c.CoreV1().Pods(ns).List(context.TODO(), options) - if err != nil { - return false, nil - } - for _, pod := range pods.Items { - if !podutils.IsPodAvailable(&pod, int32(minReadySeconds), metav1.Now()) { - return false, nil - } - } - return true, nil - }) -} - // WaitForNRestartablePods tries to list restarting pods using ps until it finds expect of them, // returning their names if it can do so before timeout. func WaitForNRestartablePods(ps *testutils.PodStore, expect int, timeout time.Duration) ([]string, error) { diff --git a/vendor/k8s.io/mount-utils/fake_mounter.go b/vendor/k8s.io/mount-utils/fake_mounter.go index 393ed043b..55ea5e298 100644 --- a/vendor/k8s.io/mount-utils/fake_mounter.go +++ b/vendor/k8s.io/mount-utils/fake_mounter.go @@ -136,6 +136,10 @@ func (f *FakeMounter) MountSensitiveWithoutSystemd(source string, target string, return f.MountSensitive(source, target, fstype, options, nil /* sensitiveOptions */) } +func (f *FakeMounter) MountSensitiveWithoutSystemdWithMountFlags(source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string) error { + return f.MountSensitive(source, target, fstype, options, nil /* sensitiveOptions */) +} + // Unmount records the unmount event and updates the in-memory mount points for FakeMounter func (f *FakeMounter) Unmount(target string) error { f.mutex.Lock() diff --git a/vendor/k8s.io/mount-utils/mount.go b/vendor/k8s.io/mount-utils/mount.go index 93b60d3f9..a882fcc73 100644 --- a/vendor/k8s.io/mount-utils/mount.go +++ b/vendor/k8s.io/mount-utils/mount.go @@ -49,6 +49,8 @@ type Interface interface { MountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string) error // MountSensitiveWithoutSystemd is the same as MountSensitive() but this method disable using systemd mount. MountSensitiveWithoutSystemd(source string, target string, fstype string, options []string, sensitiveOptions []string) error + // MountSensitiveWithoutSystemdWithMountFlags is the same as MountSensitiveWithoutSystemd() with additional mount flags + MountSensitiveWithoutSystemdWithMountFlags(source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string) error // Unmount unmounts given target. Unmount(target string) error // List returns a list of all mounted filesystems. This can be large. diff --git a/vendor/k8s.io/mount-utils/mount_linux.go b/vendor/k8s.io/mount-utils/mount_linux.go index 10a1c3f01..7097eae08 100644 --- a/vendor/k8s.io/mount-utils/mount_linux.go +++ b/vendor/k8s.io/mount-utils/mount_linux.go @@ -87,11 +87,11 @@ func (mounter *Mounter) MountSensitive(source string, target string, fstype stri mounterPath := "" bind, bindOpts, bindRemountOpts, bindRemountOptsSensitive := MakeBindOptsSensitive(options, sensitiveOptions) if bind { - err := mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindOpts, bindRemountOptsSensitive, true) + err := mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindOpts, bindRemountOptsSensitive, nil /* mountFlags */, true) if err != nil { return err } - return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive, true) + return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive, nil /* mountFlags */, true) } // The list of filesystems that require containerized mounter on GCI image cluster fsTypesNeedMounter := map[string]struct{}{ @@ -103,19 +103,24 @@ func (mounter *Mounter) MountSensitive(source string, target string, fstype stri if _, ok := fsTypesNeedMounter[fstype]; ok { mounterPath = mounter.mounterPath } - return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, options, sensitiveOptions, true) + return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, options, sensitiveOptions, nil /* mountFlags */, true) } // MountSensitiveWithoutSystemd is the same as MountSensitive() but disable using systemd mount. func (mounter *Mounter) MountSensitiveWithoutSystemd(source string, target string, fstype string, options []string, sensitiveOptions []string) error { + return mounter.MountSensitiveWithoutSystemdWithMountFlags(source, target, fstype, options, sensitiveOptions, nil /* mountFlags */) +} + +// MountSensitiveWithoutSystemdWithMountFlags is the same as MountSensitiveWithoutSystemd with additional mount flags. +func (mounter *Mounter) MountSensitiveWithoutSystemdWithMountFlags(source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string) error { mounterPath := "" bind, bindOpts, bindRemountOpts, bindRemountOptsSensitive := MakeBindOptsSensitive(options, sensitiveOptions) if bind { - err := mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindOpts, bindRemountOptsSensitive, false) + err := mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindOpts, bindRemountOptsSensitive, mountFlags, false) if err != nil { return err } - return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive, false) + return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, bindRemountOpts, bindRemountOptsSensitive, mountFlags, false) } // The list of filesystems that require containerized mounter on GCI image cluster fsTypesNeedMounter := map[string]struct{}{ @@ -127,14 +132,14 @@ func (mounter *Mounter) MountSensitiveWithoutSystemd(source string, target strin if _, ok := fsTypesNeedMounter[fstype]; ok { mounterPath = mounter.mounterPath } - return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, options, sensitiveOptions, false) + return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, options, sensitiveOptions, mountFlags, false) } // doMount runs the mount command. mounterPath is the path to mounter binary if containerized mounter is used. // sensitiveOptions is an extension of options except they will not be logged (because they may contain sensitive material) // systemdMountRequired is an extension of option to decide whether uses systemd mount. -func (mounter *Mounter) doMount(mounterPath string, mountCmd string, source string, target string, fstype string, options []string, sensitiveOptions []string, systemdMountRequired bool) error { - mountArgs, mountArgsLogStr := MakeMountArgsSensitive(source, target, fstype, options, sensitiveOptions) +func (mounter *Mounter) doMount(mounterPath string, mountCmd string, source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string, systemdMountRequired bool) error { + mountArgs, mountArgsLogStr := MakeMountArgsSensitiveWithMountFlags(source, target, fstype, options, sensitiveOptions, mountFlags) if len(mounterPath) > 0 { mountArgs = append([]string{mountCmd}, mountArgs...) mountArgsLogStr = mountCmd + " " + mountArgsLogStr @@ -217,10 +222,22 @@ func MakeMountArgs(source, target, fstype string, options []string) (mountArgs [ // MakeMountArgsSensitive makes the arguments to the mount(8) command. // sensitiveOptions is an extension of options except they will not be logged (because they may contain sensitive material) func MakeMountArgsSensitive(source, target, fstype string, options []string, sensitiveOptions []string) (mountArgs []string, mountArgsLogStr string) { + return MakeMountArgsSensitiveWithMountFlags(source, target, fstype, options, sensitiveOptions, nil /* mountFlags */) +} + +// MakeMountArgsSensitiveWithMountFlags makes the arguments to the mount(8) command. +// sensitiveOptions is an extension of options except they will not be logged (because they may contain sensitive material) +// mountFlags are additional mount flags that are not related with the fstype +// and mount options +func MakeMountArgsSensitiveWithMountFlags(source, target, fstype string, options []string, sensitiveOptions []string, mountFlags []string) (mountArgs []string, mountArgsLogStr string) { // Build mount command as follows: - // mount [-t $fstype] [-o $options] [$source] $target + // mount [$mountFlags] [-t $fstype] [-o $options] [$source] $target mountArgs = []string{} mountArgsLogStr = "" + + mountArgs = append(mountArgs, mountFlags...) + mountArgsLogStr += strings.Join(mountFlags, " ") + if len(fstype) > 0 { mountArgs = append(mountArgs, "-t", fstype) mountArgsLogStr += strings.Join(mountArgs, " ") diff --git a/vendor/k8s.io/mount-utils/mount_unsupported.go b/vendor/k8s.io/mount-utils/mount_unsupported.go index 0e8e683ae..d2aac9a74 100644 --- a/vendor/k8s.io/mount-utils/mount_unsupported.go +++ b/vendor/k8s.io/mount-utils/mount_unsupported.go @@ -53,6 +53,11 @@ func (mounter *Mounter) MountSensitiveWithoutSystemd(source string, target strin return errUnsupported } +// MountSensitiveWithoutSystemdWithMountFlags always returns an error on unsupported platforms +func (mounter *Mounter) MountSensitiveWithoutSystemdWithMountFlags(source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string) error { + return errUnsupported +} + // Unmount always returns an error on unsupported platforms func (mounter *Mounter) Unmount(target string) error { return errUnsupported diff --git a/vendor/k8s.io/mount-utils/mount_windows.go b/vendor/k8s.io/mount-utils/mount_windows.go index 3706b38fe..0d1e99fa5 100644 --- a/vendor/k8s.io/mount-utils/mount_windows.go +++ b/vendor/k8s.io/mount-utils/mount_windows.go @@ -64,6 +64,12 @@ func (mounter *Mounter) MountSensitiveWithoutSystemd(source string, target strin return mounter.MountSensitive(source, target, fstype, options, sensitiveOptions /* sensitiveOptions */) } +// MountSensitiveWithoutSystemdWithMountFlags is the same as MountSensitiveWithoutSystemd with additional mount flags +// Windows not supported systemd mount, this function degrades to MountSensitive(). +func (mounter *Mounter) MountSensitiveWithoutSystemdWithMountFlags(source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string) error { + return mounter.MountSensitive(source, target, fstype, options, sensitiveOptions /* sensitiveOptions */) +} + // MountSensitive is the same as Mount() but this method allows // sensitiveOptions to be passed in a separate parameter from the normal // mount options and ensures the sensitiveOptions are never logged. This diff --git a/vendor/k8s.io/utils/pointer/pointer.go b/vendor/k8s.io/utils/pointer/pointer.go index 1da6f6664..2cab2c580 100644 --- a/vendor/k8s.io/utils/pointer/pointer.go +++ b/vendor/k8s.io/utils/pointer/pointer.go @@ -46,6 +46,24 @@ func AllPtrFieldsNil(obj interface{}) bool { return true } +// Int returns a pointer to an int +func Int(i int) *int { + return &i +} + +var IntPtr = Int // for back-compat + +// IntDeref dereferences the int ptr and returns it if not nil, or else +// returns def. +func IntDeref(ptr *int, def int) int { + if ptr != nil { + return *ptr + } + return def +} + +var IntPtrDerefOr = IntDeref // for back-compat + // Int32 returns a pointer to an int32. func Int32(i int32) *int32 { return &i diff --git a/vendor/modules.txt b/vendor/modules.txt index 24feb43a8..b6982f5e4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,4 +1,4 @@ -# github.com/aws/aws-sdk-go v1.38.63 +# github.com/aws/aws-sdk-go v1.40.34 ## explicit github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/awserr @@ -145,6 +145,8 @@ github.com/hashicorp/go-retryablehttp github.com/hashicorp/go-rootcerts # github.com/hashicorp/go-sockaddr v1.0.2 github.com/hashicorp/go-sockaddr +# github.com/hashicorp/golang-lru v0.5.4 +## explicit # github.com/hashicorp/hcl v1.0.0 github.com/hashicorp/hcl github.com/hashicorp/hcl/hcl/ast @@ -238,15 +240,11 @@ github.com/onsi/ginkgo/reporters/stenographer github.com/onsi/ginkgo/reporters/stenographer/support/go-colorable github.com/onsi/ginkgo/reporters/stenographer/support/go-isatty github.com/onsi/ginkgo/types -# github.com/onsi/gomega v1.13.0 +# github.com/onsi/gomega v1.16.0 ## explicit github.com/onsi/gomega github.com/onsi/gomega/format -github.com/onsi/gomega/internal/assertion -github.com/onsi/gomega/internal/asyncassertion -github.com/onsi/gomega/internal/defaults -github.com/onsi/gomega/internal/oraclematcher -github.com/onsi/gomega/internal/testingtsupport +github.com/onsi/gomega/internal github.com/onsi/gomega/matchers github.com/onsi/gomega/matchers/support/goraph/bipartitegraph github.com/onsi/gomega/matchers/support/goraph/edge @@ -365,7 +363,7 @@ golang.org/x/crypto/poly1305 golang.org/x/crypto/scrypt golang.org/x/crypto/ssh golang.org/x/crypto/ssh/internal/bcrypt_pbkdf -# golang.org/x/net v0.0.0-20210520170846-37e1c6afe023 +# golang.org/x/net v0.0.0-20210614182718-04defd469f4e golang.org/x/net/context golang.org/x/net/context/ctxhttp golang.org/x/net/html @@ -380,7 +378,7 @@ golang.org/x/net/trace # golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5 golang.org/x/oauth2 golang.org/x/oauth2/internal -# golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 +# golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 ## explicit golang.org/x/sys/cpu golang.org/x/sys/internal/unsafeheader @@ -426,7 +424,7 @@ google.golang.org/appengine/urlfetch google.golang.org/genproto/googleapis/api/httpbody google.golang.org/genproto/googleapis/rpc/status google.golang.org/genproto/protobuf/field_mask -# google.golang.org/grpc v1.38.0 => google.golang.org/grpc v1.35.0 +# google.golang.org/grpc v1.40.0 ## explicit google.golang.org/grpc google.golang.org/grpc/attributes @@ -521,7 +519,7 @@ gopkg.in/tomb.v1 gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b gopkg.in/yaml.v3 -# k8s.io/api v0.22.0 => k8s.io/api v0.22.0 +# k8s.io/api v0.22.1 => k8s.io/api v0.22.1 ## explicit k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -568,7 +566,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.22.0 => k8s.io/apimachinery v0.22.0 +# k8s.io/apimachinery v0.22.1 => k8s.io/apimachinery v0.22.1 ## explicit k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -625,7 +623,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.22.0 => k8s.io/apiserver v0.22.0 +# k8s.io/apiserver v0.22.1 => k8s.io/apiserver v0.22.1 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/configuration k8s.io/apiserver/pkg/admission/initializer @@ -665,7 +663,7 @@ k8s.io/apiserver/pkg/util/feature k8s.io/apiserver/pkg/util/webhook k8s.io/apiserver/pkg/util/x509metrics k8s.io/apiserver/pkg/warning -# k8s.io/client-go v12.0.0+incompatible => k8s.io/client-go v0.22.0 +# k8s.io/client-go v12.0.0+incompatible => k8s.io/client-go v0.22.1 ## explicit k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1 @@ -900,12 +898,12 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v1.22.0 => k8s.io/cloud-provider v0.22.0 +# k8s.io/cloud-provider v1.22.1 => k8s.io/cloud-provider v0.22.1 ## explicit k8s.io/cloud-provider k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/helpers -# k8s.io/component-base v0.22.0 => k8s.io/component-base v0.22.0 +# k8s.io/component-base v0.22.1 => k8s.io/component-base v0.22.1 k8s.io/component-base/cli/flag k8s.io/component-base/config k8s.io/component-base/config/v1alpha1 @@ -915,20 +913,20 @@ k8s.io/component-base/metrics/legacyregistry k8s.io/component-base/metrics/testutil k8s.io/component-base/traces k8s.io/component-base/version -# k8s.io/component-helpers v0.22.0 => k8s.io/component-helpers v0.22.0 +# k8s.io/component-helpers v0.22.1 => k8s.io/component-helpers v0.22.1 k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity -# k8s.io/klog/v2 v2.9.0 +# k8s.io/klog/v2 v2.10.0 ## explicit k8s.io/klog/v2 # k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e k8s.io/kube-openapi/pkg/util/proto -# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.22.0 +# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.22.1 k8s.io/kubectl/pkg/scale k8s.io/kubectl/pkg/util/podutils -# k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.22.0 +# k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.22.1 k8s.io/kubelet/pkg/apis/stats/v1alpha1 -# k8s.io/kubernetes v1.22.0 +# k8s.io/kubernetes v1.22.1 ## explicit k8s.io/kubernetes/pkg/api/legacyscheme k8s.io/kubernetes/pkg/api/service @@ -990,10 +988,10 @@ k8s.io/kubernetes/test/e2e/storage/podlogs k8s.io/kubernetes/test/e2e/storage/utils k8s.io/kubernetes/test/utils k8s.io/kubernetes/test/utils/image -# k8s.io/mount-utils v0.22.0 => k8s.io/mount-utils v0.22.0 +# k8s.io/mount-utils v0.22.1 => k8s.io/mount-utils v0.22.1 ## explicit k8s.io/mount-utils -# k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9 +# k8s.io/utils v0.0.0-20210802155522-efc7438f0176 ## explicit k8s.io/utils/buffer k8s.io/utils/exec @@ -1012,7 +1010,7 @@ k8s.io/utils/trace # sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client -# sigs.k8s.io/controller-runtime v0.9.2 +# sigs.k8s.io/controller-runtime v0.10.0 ## explicit sigs.k8s.io/controller-runtime/pkg/cache sigs.k8s.io/controller-runtime/pkg/cache/internal @@ -1061,29 +1059,28 @@ sigs.k8s.io/yaml # github.com/hashicorp/vault/sdk => github.com/hashicorp/vault/sdk v0.1.14-0.20201116234512-b4d4137dfe8b # github.com/portworx/sched-ops => github.com/portworx/sched-ops v0.20.4-openstorage-rc3 # gomodules.xyz/jsonpatch/v2 => github.com/gomodules/jsonpatch/v2 v2.2.0 -# google.golang.org/grpc => google.golang.org/grpc v1.35.0 -# k8s.io/api => k8s.io/api v0.22.0 -# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.22.0 -# k8s.io/apimachinery => k8s.io/apimachinery v0.22.0 -# k8s.io/apiserver => k8s.io/apiserver v0.22.0 -# k8s.io/cli-runtime => k8s.io/cli-runtime v0.22.0 -# k8s.io/client-go => k8s.io/client-go v0.22.0 -# k8s.io/cloud-provider => k8s.io/cloud-provider v0.22.0 -# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.22.0 -# k8s.io/code-generator => k8s.io/code-generator v0.22.0 -# k8s.io/component-base => k8s.io/component-base v0.22.0 -# k8s.io/component-helpers => k8s.io/component-helpers v0.22.0 -# k8s.io/controller-manager => k8s.io/controller-manager v0.22.0 -# k8s.io/cri-api => k8s.io/cri-api v0.22.0 -# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.22.0 -# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.22.0 -# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.22.0 -# k8s.io/kube-proxy => k8s.io/kube-proxy v0.22.0 -# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.22.0 -# k8s.io/kubectl => k8s.io/kubectl v0.22.0 -# k8s.io/kubelet => k8s.io/kubelet v0.22.0 -# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.22.0 -# k8s.io/metrics => k8s.io/metrics v0.22.0 -# k8s.io/mount-utils => k8s.io/mount-utils v0.22.0 -# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.22.0 -# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.22.0 +# k8s.io/api => k8s.io/api v0.22.1 +# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.22.1 +# k8s.io/apimachinery => k8s.io/apimachinery v0.22.1 +# k8s.io/apiserver => k8s.io/apiserver v0.22.1 +# k8s.io/cli-runtime => k8s.io/cli-runtime v0.22.1 +# k8s.io/client-go => k8s.io/client-go v0.22.1 +# k8s.io/cloud-provider => k8s.io/cloud-provider v0.22.1 +# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.22.1 +# k8s.io/code-generator => k8s.io/code-generator v0.22.1 +# k8s.io/component-base => k8s.io/component-base v0.22.1 +# k8s.io/component-helpers => k8s.io/component-helpers v0.22.1 +# k8s.io/controller-manager => k8s.io/controller-manager v0.22.1 +# k8s.io/cri-api => k8s.io/cri-api v0.22.1 +# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.22.1 +# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.22.1 +# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.22.1 +# k8s.io/kube-proxy => k8s.io/kube-proxy v0.22.1 +# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.22.1 +# k8s.io/kubectl => k8s.io/kubectl v0.22.1 +# k8s.io/kubelet => k8s.io/kubelet v0.22.1 +# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.22.1 +# k8s.io/metrics => k8s.io/metrics v0.22.1 +# k8s.io/mount-utils => k8s.io/mount-utils v0.22.1 +# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.22.1 +# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.22.1 diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/cache/cache.go b/vendor/sigs.k8s.io/controller-runtime/pkg/cache/cache.go index 6862fd62b..f89800ca2 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/cache/cache.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/cache/cache.go @@ -113,6 +113,12 @@ type Options struct { // [1] https://pkg.go.dev/k8s.io/apimachinery/pkg/fields#Selector // [2] https://pkg.go.dev/k8s.io/apimachinery/pkg/fields#Set SelectorsByObject SelectorsByObject + + // UnsafeDisableDeepCopyByObject indicates not to deep copy objects during get or + // list objects per GVK at the specified object. + // Be very careful with this, when enabled you must DeepCopy any object before mutating it, + // otherwise you will mutate the object in the cache. + UnsafeDisableDeepCopyByObject DisableDeepCopyByObject } var defaultResyncTime = 10 * time.Hour @@ -127,7 +133,11 @@ func New(config *rest.Config, opts Options) (Cache, error) { if err != nil { return nil, err } - im := internal.NewInformersMap(config, opts.Scheme, opts.Mapper, *opts.Resync, opts.Namespace, selectorsByGVK) + disableDeepCopyByGVK, err := convertToDisableDeepCopyByGVK(opts.UnsafeDisableDeepCopyByObject, opts.Scheme) + if err != nil { + return nil, err + } + im := internal.NewInformersMap(config, opts.Scheme, opts.Mapper, *opts.Resync, opts.Namespace, selectorsByGVK, disableDeepCopyByGVK) return &informerCache{InformersMap: im}, nil } @@ -136,6 +146,8 @@ func New(config *rest.Config, opts Options) (Cache, error) { // SelectorsByObject // WARNING: if SelectorsByObject is specified. filtered out resources are not // returned. +// WARNING: if UnsafeDisableDeepCopy is enabled, you must DeepCopy any object +// returned from cache get/list before mutating it. func BuilderWithOptions(options Options) NewCacheFunc { return func(config *rest.Config, opts Options) (Cache, error) { if opts.Scheme == nil { @@ -151,6 +163,7 @@ func BuilderWithOptions(options Options) NewCacheFunc { opts.Namespace = options.Namespace } opts.SelectorsByObject = options.SelectorsByObject + opts.UnsafeDisableDeepCopyByObject = options.UnsafeDisableDeepCopyByObject return New(config, opts) } } @@ -189,3 +202,30 @@ func convertToSelectorsByGVK(selectorsByObject SelectorsByObject, scheme *runtim } return selectorsByGVK, nil } + +// DisableDeepCopyByObject associate a client.Object's GVK to disable DeepCopy during get or list from cache. +type DisableDeepCopyByObject map[client.Object]bool + +var _ client.Object = &ObjectAll{} + +// ObjectAll is the argument to represent all objects' types. +type ObjectAll struct { + client.Object +} + +func convertToDisableDeepCopyByGVK(disableDeepCopyByObject DisableDeepCopyByObject, scheme *runtime.Scheme) (internal.DisableDeepCopyByGVK, error) { + disableDeepCopyByGVK := internal.DisableDeepCopyByGVK{} + for obj, disable := range disableDeepCopyByObject { + switch obj.(type) { + case ObjectAll, *ObjectAll: + disableDeepCopyByGVK[internal.GroupVersionKindAll] = disable + default: + gvk, err := apiutil.GVKForObject(obj, scheme) + if err != nil { + return nil, err + } + disableDeepCopyByGVK[gvk] = disable + } + } + return disableDeepCopyByGVK, nil +} diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/cache_reader.go b/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/cache_reader.go index 5a495693e..b95af18d7 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/cache_reader.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/cache_reader.go @@ -46,6 +46,11 @@ type CacheReader struct { // scopeName is the scope of the resource (namespaced or cluster-scoped). scopeName apimeta.RESTScopeName + + // disableDeepCopy indicates not to deep copy objects during get or list objects. + // Be very careful with this, when enabled you must DeepCopy any object before mutating it, + // otherwise you will mutate the object in the cache. + disableDeepCopy bool } // Get checks the indexer for the object and writes a copy of it if found. @@ -76,9 +81,13 @@ func (c *CacheReader) Get(_ context.Context, key client.ObjectKey, out client.Ob return fmt.Errorf("cache contained %T, which is not an Object", obj) } - // deep copy to avoid mutating cache - // TODO(directxman12): revisit the decision to always deepcopy - obj = obj.(runtime.Object).DeepCopyObject() + if c.disableDeepCopy { + // skip deep copy which might be unsafe + // you must DeepCopy any object before mutating it outside + } else { + // deep copy to avoid mutating cache + obj = obj.(runtime.Object).DeepCopyObject() + } // Copy the value of the item in the cache to the returned value // TODO(directxman12): this is a terrible hack, pls fix (we should have deepcopyinto) @@ -88,7 +97,9 @@ func (c *CacheReader) Get(_ context.Context, key client.ObjectKey, out client.Ob return fmt.Errorf("cache had type %s, but %s was asked for", objVal.Type(), outVal.Type()) } reflect.Indirect(outVal).Set(reflect.Indirect(objVal)) - out.GetObjectKind().SetGroupVersionKind(c.groupVersionKind) + if !c.disableDeepCopy { + out.GetObjectKind().SetGroupVersionKind(c.groupVersionKind) + } return nil } @@ -129,10 +140,10 @@ func (c *CacheReader) List(_ context.Context, out client.ObjectList, opts ...cli limitSet := listOpts.Limit > 0 runtimeObjs := make([]runtime.Object, 0, len(objs)) - for i, item := range objs { + for _, item := range objs { // if the Limit option is set and the number of items // listed exceeds this limit, then stop reading. - if limitSet && int64(i) >= listOpts.Limit { + if limitSet && int64(len(runtimeObjs)) >= listOpts.Limit { break } obj, isObj := item.(runtime.Object) @@ -150,8 +161,15 @@ func (c *CacheReader) List(_ context.Context, out client.ObjectList, opts ...cli } } - outObj := obj.DeepCopyObject() - outObj.GetObjectKind().SetGroupVersionKind(c.groupVersionKind) + var outObj runtime.Object + if c.disableDeepCopy { + // skip deep copy which might be unsafe + // you must DeepCopy any object before mutating it outside + outObj = obj + } else { + outObj = obj.DeepCopyObject() + outObj.GetObjectKind().SetGroupVersionKind(c.groupVersionKind) + } runtimeObjs = append(runtimeObjs, outObj) } return apimeta.SetList(out, runtimeObjs) diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/deleg_map.go b/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/deleg_map.go index 841f1657e..9bfc8463f 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/deleg_map.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/deleg_map.go @@ -51,11 +51,12 @@ func NewInformersMap(config *rest.Config, resync time.Duration, namespace string, selectors SelectorsByGVK, + disableDeepCopy DisableDeepCopyByGVK, ) *InformersMap { return &InformersMap{ - structured: newStructuredInformersMap(config, scheme, mapper, resync, namespace, selectors), - unstructured: newUnstructuredInformersMap(config, scheme, mapper, resync, namespace, selectors), - metadata: newMetadataInformersMap(config, scheme, mapper, resync, namespace, selectors), + structured: newStructuredInformersMap(config, scheme, mapper, resync, namespace, selectors, disableDeepCopy), + unstructured: newUnstructuredInformersMap(config, scheme, mapper, resync, namespace, selectors, disableDeepCopy), + metadata: newMetadataInformersMap(config, scheme, mapper, resync, namespace, selectors, disableDeepCopy), Scheme: scheme, } @@ -107,18 +108,18 @@ func (m *InformersMap) Get(ctx context.Context, gvk schema.GroupVersionKind, obj // newStructuredInformersMap creates a new InformersMap for structured objects. func newStructuredInformersMap(config *rest.Config, scheme *runtime.Scheme, mapper meta.RESTMapper, resync time.Duration, - namespace string, selectors SelectorsByGVK) *specificInformersMap { - return newSpecificInformersMap(config, scheme, mapper, resync, namespace, selectors, createStructuredListWatch) + namespace string, selectors SelectorsByGVK, disableDeepCopy DisableDeepCopyByGVK) *specificInformersMap { + return newSpecificInformersMap(config, scheme, mapper, resync, namespace, selectors, disableDeepCopy, createStructuredListWatch) } // newUnstructuredInformersMap creates a new InformersMap for unstructured objects. func newUnstructuredInformersMap(config *rest.Config, scheme *runtime.Scheme, mapper meta.RESTMapper, resync time.Duration, - namespace string, selectors SelectorsByGVK) *specificInformersMap { - return newSpecificInformersMap(config, scheme, mapper, resync, namespace, selectors, createUnstructuredListWatch) + namespace string, selectors SelectorsByGVK, disableDeepCopy DisableDeepCopyByGVK) *specificInformersMap { + return newSpecificInformersMap(config, scheme, mapper, resync, namespace, selectors, disableDeepCopy, createUnstructuredListWatch) } // newMetadataInformersMap creates a new InformersMap for metadata-only objects. func newMetadataInformersMap(config *rest.Config, scheme *runtime.Scheme, mapper meta.RESTMapper, resync time.Duration, - namespace string, selectors SelectorsByGVK) *specificInformersMap { - return newSpecificInformersMap(config, scheme, mapper, resync, namespace, selectors, createMetadataListWatch) + namespace string, selectors SelectorsByGVK, disableDeepCopy DisableDeepCopyByGVK) *specificInformersMap { + return newSpecificInformersMap(config, scheme, mapper, resync, namespace, selectors, disableDeepCopy, createMetadataListWatch) } diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/disabledeepcopy.go b/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/disabledeepcopy.go new file mode 100644 index 000000000..54bd7eec9 --- /dev/null +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/disabledeepcopy.go @@ -0,0 +1,35 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package internal + +import "k8s.io/apimachinery/pkg/runtime/schema" + +// GroupVersionKindAll is the argument to represent all GroupVersionKind types. +var GroupVersionKindAll = schema.GroupVersionKind{} + +// DisableDeepCopyByGVK associate a GroupVersionKind to disable DeepCopy during get or list from cache. +type DisableDeepCopyByGVK map[schema.GroupVersionKind]bool + +// IsDisabled returns whether a GroupVersionKind is disabled DeepCopy. +func (disableByGVK DisableDeepCopyByGVK) IsDisabled(gvk schema.GroupVersionKind) bool { + if d, ok := disableByGVK[gvk]; ok { + return d + } else if d, ok = disableByGVK[GroupVersionKindAll]; ok { + return d + } + return false +} diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go b/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go index bef54d302..413b048f0 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go @@ -52,6 +52,7 @@ func newSpecificInformersMap(config *rest.Config, resync time.Duration, namespace string, selectors SelectorsByGVK, + disableDeepCopy DisableDeepCopyByGVK, createListWatcher createListWatcherFunc) *specificInformersMap { ip := &specificInformersMap{ config: config, @@ -65,6 +66,7 @@ func newSpecificInformersMap(config *rest.Config, createListWatcher: createListWatcher, namespace: namespace, selectors: selectors, + disableDeepCopy: disableDeepCopy, } return ip } @@ -129,6 +131,9 @@ type specificInformersMap struct { // selectors are the label or field selectors that will be added to the // ListWatch ListOptions. selectors SelectorsByGVK + + // disableDeepCopy indicates not to deep copy objects during get or list objects. + disableDeepCopy DisableDeepCopyByGVK } // Start calls Run on each of the informers and sets started to true. Blocks on the context. @@ -234,7 +239,12 @@ func (ip *specificInformersMap) addInformerToMap(gvk schema.GroupVersionKind, ob i := &MapEntry{ Informer: ni, - Reader: CacheReader{indexer: ni.GetIndexer(), groupVersionKind: gvk, scopeName: rm.Scope.Name()}, + Reader: CacheReader{ + indexer: ni.GetIndexer(), + groupVersionKind: gvk, + scopeName: rm.Scope.Name(), + disableDeepCopy: ip.disableDeepCopy.IsDisabled(gvk), + }, } ip.informersByGVK[gvk] = i @@ -274,8 +284,9 @@ func createStructuredListWatch(gvk schema.GroupVersionKind, ip *specificInformer ListFunc: func(opts metav1.ListOptions) (runtime.Object, error) { ip.selectors[gvk].ApplyToList(&opts) res := listObj.DeepCopyObject() - isNamespaceScoped := ip.namespace != "" && mapping.Scope.Name() != meta.RESTScopeNameRoot - err := client.Get().NamespaceIfScoped(ip.namespace, isNamespaceScoped).Resource(mapping.Resource.Resource).VersionedParams(&opts, ip.paramCodec).Do(ctx).Into(res) + namespace := restrictNamespaceBySelector(ip.namespace, ip.selectors[gvk]) + isNamespaceScoped := namespace != "" && mapping.Scope.Name() != meta.RESTScopeNameRoot + err := client.Get().NamespaceIfScoped(namespace, isNamespaceScoped).Resource(mapping.Resource.Resource).VersionedParams(&opts, ip.paramCodec).Do(ctx).Into(res) return res, err }, // Setup the watch function @@ -283,8 +294,9 @@ func createStructuredListWatch(gvk schema.GroupVersionKind, ip *specificInformer ip.selectors[gvk].ApplyToList(&opts) // Watch needs to be set to true separately opts.Watch = true - isNamespaceScoped := ip.namespace != "" && mapping.Scope.Name() != meta.RESTScopeNameRoot - return client.Get().NamespaceIfScoped(ip.namespace, isNamespaceScoped).Resource(mapping.Resource.Resource).VersionedParams(&opts, ip.paramCodec).Watch(ctx) + namespace := restrictNamespaceBySelector(ip.namespace, ip.selectors[gvk]) + isNamespaceScoped := namespace != "" && mapping.Scope.Name() != meta.RESTScopeNameRoot + return client.Get().NamespaceIfScoped(namespace, isNamespaceScoped).Resource(mapping.Resource.Resource).VersionedParams(&opts, ip.paramCodec).Watch(ctx) }, }, nil } @@ -313,8 +325,9 @@ func createUnstructuredListWatch(gvk schema.GroupVersionKind, ip *specificInform return &cache.ListWatch{ ListFunc: func(opts metav1.ListOptions) (runtime.Object, error) { ip.selectors[gvk].ApplyToList(&opts) - if ip.namespace != "" && mapping.Scope.Name() != meta.RESTScopeNameRoot { - return dynamicClient.Resource(mapping.Resource).Namespace(ip.namespace).List(ctx, opts) + namespace := restrictNamespaceBySelector(ip.namespace, ip.selectors[gvk]) + if namespace != "" && mapping.Scope.Name() != meta.RESTScopeNameRoot { + return dynamicClient.Resource(mapping.Resource).Namespace(namespace).List(ctx, opts) } return dynamicClient.Resource(mapping.Resource).List(ctx, opts) }, @@ -323,8 +336,9 @@ func createUnstructuredListWatch(gvk schema.GroupVersionKind, ip *specificInform ip.selectors[gvk].ApplyToList(&opts) // Watch needs to be set to true separately opts.Watch = true - if ip.namespace != "" && mapping.Scope.Name() != meta.RESTScopeNameRoot { - return dynamicClient.Resource(mapping.Resource).Namespace(ip.namespace).Watch(ctx, opts) + namespace := restrictNamespaceBySelector(ip.namespace, ip.selectors[gvk]) + if namespace != "" && mapping.Scope.Name() != meta.RESTScopeNameRoot { + return dynamicClient.Resource(mapping.Resource).Namespace(namespace).Watch(ctx, opts) } return dynamicClient.Resource(mapping.Resource).Watch(ctx, opts) }, @@ -358,8 +372,9 @@ func createMetadataListWatch(gvk schema.GroupVersionKind, ip *specificInformersM return &cache.ListWatch{ ListFunc: func(opts metav1.ListOptions) (runtime.Object, error) { ip.selectors[gvk].ApplyToList(&opts) - if ip.namespace != "" && mapping.Scope.Name() != meta.RESTScopeNameRoot { - return client.Resource(mapping.Resource).Namespace(ip.namespace).List(ctx, opts) + namespace := restrictNamespaceBySelector(ip.namespace, ip.selectors[gvk]) + if namespace != "" && mapping.Scope.Name() != meta.RESTScopeNameRoot { + return client.Resource(mapping.Resource).Namespace(namespace).List(ctx, opts) } return client.Resource(mapping.Resource).List(ctx, opts) }, @@ -368,8 +383,9 @@ func createMetadataListWatch(gvk schema.GroupVersionKind, ip *specificInformersM ip.selectors[gvk].ApplyToList(&opts) // Watch needs to be set to true separately opts.Watch = true - if ip.namespace != "" && mapping.Scope.Name() != meta.RESTScopeNameRoot { - return client.Resource(mapping.Resource).Namespace(ip.namespace).Watch(ctx, opts) + namespace := restrictNamespaceBySelector(ip.namespace, ip.selectors[gvk]) + if namespace != "" && mapping.Scope.Name() != meta.RESTScopeNameRoot { + return client.Resource(mapping.Resource).Namespace(namespace).Watch(ctx, opts) } return client.Resource(mapping.Resource).Watch(ctx, opts) }, @@ -386,3 +402,23 @@ func resyncPeriod(resync time.Duration) func() time.Duration { return time.Duration(float64(resync.Nanoseconds()) * factor) } } + +// restrictNamespaceBySelector returns either a global restriction for all ListWatches +// if not default/empty, or the namespace that a ListWatch for the specific resource +// is restricted to, based on a specified field selector for metadata.namespace field. +func restrictNamespaceBySelector(namespaceOpt string, s Selector) string { + if namespaceOpt != "" { + // namespace is already restricted + return namespaceOpt + } + fieldSelector := s.Field + if fieldSelector == nil || fieldSelector.Empty() { + return "" + } + // check whether a selector includes the namespace field + value, found := fieldSelector.RequiresExactMatch("metadata.namespace") + if found { + return value + } + return "" +} diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/client/apiutil/apimachinery.go b/vendor/sigs.k8s.io/controller-runtime/pkg/client/apiutil/apimachinery.go index 2611a20c6..e21eb2238 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/client/apiutil/apimachinery.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/client/apiutil/apimachinery.go @@ -21,6 +21,7 @@ package apiutil import ( "fmt" + "reflect" "sync" "k8s.io/apimachinery/pkg/api/meta" @@ -163,9 +164,35 @@ func createRestConfig(gvk schema.GroupVersionKind, isUnstructured bool, baseConf // Use our own custom serializer. cfg.NegotiatedSerializer = serializerWithDecodedGVK{serializer.WithoutConversionCodecFactory{CodecFactory: codecs}} } else { - cfg.NegotiatedSerializer = serializer.WithoutConversionCodecFactory{CodecFactory: codecs} + cfg.NegotiatedSerializer = serializerWithTargetZeroingDecode{NegotiatedSerializer: serializer.WithoutConversionCodecFactory{CodecFactory: codecs}} } } return cfg } + +type serializerWithTargetZeroingDecode struct { + runtime.NegotiatedSerializer +} + +func (s serializerWithTargetZeroingDecode) DecoderToVersion(serializer runtime.Decoder, r runtime.GroupVersioner) runtime.Decoder { + return targetZeroingDecoder{upstream: s.NegotiatedSerializer.DecoderToVersion(serializer, r)} +} + +type targetZeroingDecoder struct { + upstream runtime.Decoder +} + +func (t targetZeroingDecoder) Decode(data []byte, defaults *schema.GroupVersionKind, into runtime.Object) (runtime.Object, *schema.GroupVersionKind, error) { + zero(into) + return t.upstream.Decode(data, defaults, into) +} + +// zero zeros the value of a pointer. +func zero(x interface{}) { + if x == nil { + return + } + res := reflect.ValueOf(x).Elem() + res.Set(reflect.Zero(res.Type())) +} diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/client/namespaced_client.go b/vendor/sigs.k8s.io/controller-runtime/pkg/client/namespaced_client.go index d73cc5135..557598727 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/client/namespaced_client.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/client/namespaced_client.go @@ -18,14 +18,11 @@ package client import ( "context" - "errors" "fmt" "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/client/apiutil" + "sigs.k8s.io/controller-runtime/pkg/internal/objectutil" ) // NewNamespacedClient wraps an existing client enforcing the namespace value. @@ -55,49 +52,9 @@ func (n *namespacedClient) RESTMapper() meta.RESTMapper { return n.client.RESTMapper() } -// isNamespaced returns true if the object is namespace scoped. -// For unstructured objects the gvk is found from the object itself. -// TODO: this is repetitive code. Remove this and use ojectutil.IsNamespaced. -func isNamespaced(c Client, obj runtime.Object) (bool, error) { - var gvk schema.GroupVersionKind - var err error - - _, isUnstructured := obj.(*unstructured.Unstructured) - _, isUnstructuredList := obj.(*unstructured.UnstructuredList) - - isUnstructured = isUnstructured || isUnstructuredList - if isUnstructured { - gvk = obj.GetObjectKind().GroupVersionKind() - } else { - gvk, err = apiutil.GVKForObject(obj, c.Scheme()) - if err != nil { - return false, err - } - } - - gk := schema.GroupKind{ - Group: gvk.Group, - Kind: gvk.Kind, - } - restmapping, err := c.RESTMapper().RESTMapping(gk) - if err != nil { - return false, fmt.Errorf("failed to get restmapping: %w", err) - } - scope := restmapping.Scope.Name() - - if scope == "" { - return false, errors.New("scope cannot be identified, empty scope returned") - } - - if scope != meta.RESTScopeNameRoot { - return true, nil - } - return false, nil -} - // Create implements clinet.Client. func (n *namespacedClient) Create(ctx context.Context, obj Object, opts ...CreateOption) error { - isNamespaceScoped, err := isNamespaced(n.client, obj) + isNamespaceScoped, err := objectutil.IsAPINamespaced(obj, n.Scheme(), n.RESTMapper()) if err != nil { return fmt.Errorf("error finding the scope of the object: %v", err) } @@ -115,7 +72,7 @@ func (n *namespacedClient) Create(ctx context.Context, obj Object, opts ...Creat // Update implements client.Client. func (n *namespacedClient) Update(ctx context.Context, obj Object, opts ...UpdateOption) error { - isNamespaceScoped, err := isNamespaced(n.client, obj) + isNamespaceScoped, err := objectutil.IsAPINamespaced(obj, n.Scheme(), n.RESTMapper()) if err != nil { return fmt.Errorf("error finding the scope of the object: %v", err) } @@ -133,7 +90,7 @@ func (n *namespacedClient) Update(ctx context.Context, obj Object, opts ...Updat // Delete implements client.Client. func (n *namespacedClient) Delete(ctx context.Context, obj Object, opts ...DeleteOption) error { - isNamespaceScoped, err := isNamespaced(n.client, obj) + isNamespaceScoped, err := objectutil.IsAPINamespaced(obj, n.Scheme(), n.RESTMapper()) if err != nil { return fmt.Errorf("error finding the scope of the object: %v", err) } @@ -151,7 +108,7 @@ func (n *namespacedClient) Delete(ctx context.Context, obj Object, opts ...Delet // DeleteAllOf implements client.Client. func (n *namespacedClient) DeleteAllOf(ctx context.Context, obj Object, opts ...DeleteAllOfOption) error { - isNamespaceScoped, err := isNamespaced(n.client, obj) + isNamespaceScoped, err := objectutil.IsAPINamespaced(obj, n.Scheme(), n.RESTMapper()) if err != nil { return fmt.Errorf("error finding the scope of the object: %v", err) } @@ -164,7 +121,7 @@ func (n *namespacedClient) DeleteAllOf(ctx context.Context, obj Object, opts ... // Patch implements client.Client. func (n *namespacedClient) Patch(ctx context.Context, obj Object, patch Patch, opts ...PatchOption) error { - isNamespaceScoped, err := isNamespaced(n.client, obj) + isNamespaceScoped, err := objectutil.IsAPINamespaced(obj, n.Scheme(), n.RESTMapper()) if err != nil { return fmt.Errorf("error finding the scope of the object: %v", err) } @@ -182,7 +139,7 @@ func (n *namespacedClient) Patch(ctx context.Context, obj Object, patch Patch, o // Get implements client.Client. func (n *namespacedClient) Get(ctx context.Context, key ObjectKey, obj Object) error { - isNamespaceScoped, err := isNamespaced(n.client, obj) + isNamespaceScoped, err := objectutil.IsAPINamespaced(obj, n.Scheme(), n.RESTMapper()) if err != nil { return fmt.Errorf("error finding the scope of the object: %v", err) } @@ -219,7 +176,8 @@ type namespacedClientStatusWriter struct { // Update implements client.StatusWriter. func (nsw *namespacedClientStatusWriter) Update(ctx context.Context, obj Object, opts ...UpdateOption) error { - isNamespaceScoped, err := isNamespaced(nsw.namespacedclient, obj) + isNamespaceScoped, err := objectutil.IsAPINamespaced(obj, nsw.namespacedclient.Scheme(), nsw.namespacedclient.RESTMapper()) + if err != nil { return fmt.Errorf("error finding the scope of the object: %v", err) } @@ -237,7 +195,8 @@ func (nsw *namespacedClientStatusWriter) Update(ctx context.Context, obj Object, // Patch implements client.StatusWriter. func (nsw *namespacedClientStatusWriter) Patch(ctx context.Context, obj Object, patch Patch, opts ...PatchOption) error { - isNamespaceScoped, err := isNamespaced(nsw.namespacedclient, obj) + isNamespaceScoped, err := objectutil.IsAPINamespaced(obj, nsw.namespacedclient.Scheme(), nsw.namespacedclient.RESTMapper()) + if err != nil { return fmt.Errorf("error finding the scope of the object: %v", err) } diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/controller/controller.go b/vendor/sigs.k8s.io/controller-runtime/pkg/controller/controller.go index c9e07562a..88ba78671 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/controller/controller.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/controller/controller.go @@ -52,6 +52,9 @@ type Options struct { // CacheSyncTimeout refers to the time limit set to wait for syncing caches. // Defaults to 2 minutes if not set. CacheSyncTimeout time.Duration + + // RecoverPanic indicates whether the panic caused by reconcile should be recovered. + RecoverPanic bool } // Controller implements a Kubernetes API. A Controller manages a work queue fed reconcile.Requests @@ -133,5 +136,6 @@ func NewUnmanaged(name string, mgr manager.Manager, options Options) (Controller SetFields: mgr.SetFields, Name: name, Log: options.Log.WithName("controller").WithName(name), + RecoverPanic: options.RecoverPanic, }, nil } diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go b/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go index 224d300b8..87431a438 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go @@ -85,6 +85,9 @@ type Controller struct { // Log is used to log messages to users during reconciliation, or for example when a watch is started. Log logr.Logger + + // RecoverPanic indicates whether the panic caused by reconcile should be recovered. + RecoverPanic bool } // watchDescription contains all the information necessary to start a watch. @@ -95,7 +98,17 @@ type watchDescription struct { } // Reconcile implements reconcile.Reconciler. -func (c *Controller) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) { +func (c *Controller) Reconcile(ctx context.Context, req reconcile.Request) (_ reconcile.Result, err error) { + if c.RecoverPanic { + defer func() { + if r := recover(); r != nil { + for _, fn := range utilruntime.PanicHandlers { + fn(r) + } + err = fmt.Errorf("panic: %v [recovered]", r) + } + }() + } log := c.Log.WithValues("name", req.Name, "namespace", req.Namespace) ctx = logf.IntoContext(ctx, log) return c.Do.Reconcile(ctx, req) @@ -295,7 +308,7 @@ func (c *Controller) reconcileHandler(ctx context.Context, obj interface{}) { // RunInformersAndControllers the syncHandler, passing it the Namespace/Name string of the // resource to be synced. - result, err := c.Do.Reconcile(ctx, req) + result, err := c.Reconcile(ctx, req) switch { case err != nil: c.Queue.AddRateLimited(req) diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/internal/recorder/recorder.go b/vendor/sigs.k8s.io/controller-runtime/pkg/internal/recorder/recorder.go index cb8b7b6d6..46cc1714b 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/internal/recorder/recorder.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/internal/recorder/recorder.go @@ -24,8 +24,7 @@ import ( "github.com/go-logr/logr" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/kubernetes" - typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1" + corev1client "k8s.io/client-go/kubernetes/typed/core/v1" "k8s.io/client-go/rest" "k8s.io/client-go/tools/record" ) @@ -45,7 +44,7 @@ type Provider struct { scheme *runtime.Scheme // logger is the logger to use when logging diagnostic event info logger logr.Logger - evtClient typedcorev1.EventInterface + evtClient corev1client.EventInterface makeBroadcaster EventBroadcasterProducer broadcasterOnce sync.Once @@ -98,7 +97,7 @@ func (p *Provider) getBroadcaster() record.EventBroadcaster { p.broadcasterOnce.Do(func() { broadcaster, stop := p.makeBroadcaster() - broadcaster.StartRecordingToSink(&typedcorev1.EventSinkImpl{Interface: p.evtClient}) + broadcaster.StartRecordingToSink(&corev1client.EventSinkImpl{Interface: p.evtClient}) broadcaster.StartEventWatcher( func(e *corev1.Event) { p.logger.V(1).Info(e.Type, "object", e.InvolvedObject, "reason", e.Reason, "message", e.Message) @@ -112,12 +111,12 @@ func (p *Provider) getBroadcaster() record.EventBroadcaster { // NewProvider create a new Provider instance. func NewProvider(config *rest.Config, scheme *runtime.Scheme, logger logr.Logger, makeBroadcaster EventBroadcasterProducer) (*Provider, error) { - clientSet, err := kubernetes.NewForConfig(config) + corev1Client, err := corev1client.NewForConfig(config) if err != nil { - return nil, fmt.Errorf("failed to init clientSet: %w", err) + return nil, fmt.Errorf("failed to init client: %w", err) } - p := &Provider{scheme: scheme, logger: logger, makeBroadcaster: makeBroadcaster, evtClient: clientSet.CoreV1().Events("")} + p := &Provider{scheme: scheme, logger: logger, makeBroadcaster: makeBroadcaster, evtClient: corev1Client.Events("")} return p, nil } diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/leaderelection/leader_election.go b/vendor/sigs.k8s.io/controller-runtime/pkg/leaderelection/leader_election.go index 55fd22869..3dedd462f 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/leaderelection/leader_election.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/leaderelection/leader_election.go @@ -23,7 +23,8 @@ import ( "os" "k8s.io/apimachinery/pkg/util/uuid" - "k8s.io/client-go/kubernetes" + coordinationv1client "k8s.io/client-go/kubernetes/typed/coordination/v1" + corev1client "k8s.io/client-go/kubernetes/typed/core/v1" "k8s.io/client-go/rest" "k8s.io/client-go/tools/leaderelection/resourcelock" "sigs.k8s.io/controller-runtime/pkg/recorder" @@ -84,8 +85,14 @@ func NewResourceLock(config *rest.Config, recorderProvider recorder.Provider, op } id = id + "_" + string(uuid.NewUUID()) - // Construct client for leader election - client, err := kubernetes.NewForConfig(rest.AddUserAgent(config, "leader-election")) + // Construct clients for leader election + rest.AddUserAgent(config, "leader-election") + corev1Client, err := corev1client.NewForConfig(config) + if err != nil { + return nil, err + } + + coordinationClient, err := coordinationv1client.NewForConfig(config) if err != nil { return nil, err } @@ -93,8 +100,8 @@ func NewResourceLock(config *rest.Config, recorderProvider recorder.Provider, op return resourcelock.New(options.LeaderElectionResourceLock, options.LeaderElectionNamespace, options.LeaderElectionID, - client.CoreV1(), - client.CoordinationV1(), + corev1Client, + coordinationClient, resourcelock.ResourceLockConfig{ Identity: id, EventRecorder: recorderProvider.GetEventRecorderFor(id), diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/log/deleg.go b/vendor/sigs.k8s.io/controller-runtime/pkg/log/deleg.go index bbd9c9c75..9d73947da 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/log/deleg.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/log/deleg.go @@ -76,7 +76,7 @@ func (p *loggerPromise) V(l *DelegatingLogger, level int) *loggerPromise { // Fulfill instantiates the Logger with the provided logger. func (p *loggerPromise) Fulfill(parentLogger logr.Logger) { - var logger = parentLogger + logger := logr.WithCallDepth(parentLogger, 1) if p.name != nil { logger = logger.WithName(*p.name) } diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/manager/internal.go b/vendor/sigs.k8s.io/controller-runtime/pkg/manager/internal.go index 5f85e10c9..7c25bd3c6 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/manager/internal.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/manager/internal.go @@ -47,7 +47,7 @@ import ( ) const ( - // Values taken from: https://github.com/kubernetes/apiserver/blob/master/pkg/apis/config/v1alpha1/defaults.go + // Values taken from: https://github.com/kubernetes/component-base/blob/master/config/v1alpha1/defaults.go defaultLeaseDuration = 15 * time.Second defaultRenewDeadline = 10 * time.Second defaultRetryPeriod = 2 * time.Second diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/manager/manager.go b/vendor/sigs.k8s.io/controller-runtime/pkg/manager/manager.go index 903e3e47f..2d2733f0a 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/manager/manager.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/manager/manager.go @@ -37,9 +37,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/config" "sigs.k8s.io/controller-runtime/pkg/config/v1alpha1" "sigs.k8s.io/controller-runtime/pkg/healthz" - logf "sigs.k8s.io/controller-runtime/pkg/internal/log" intrec "sigs.k8s.io/controller-runtime/pkg/internal/recorder" "sigs.k8s.io/controller-runtime/pkg/leaderelection" + "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/metrics" "sigs.k8s.io/controller-runtime/pkg/recorder" "sigs.k8s.io/controller-runtime/pkg/runtime/inject" @@ -572,7 +572,7 @@ func setOptionsDefaults(options Options) Options { } if options.Logger == nil { - options.Logger = logf.RuntimeLog.WithName("manager") + options.Logger = log.Log } return options diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/metrics/client_go_adapter.go b/vendor/sigs.k8s.io/controller-runtime/pkg/metrics/client_go_adapter.go index 90754269d..d32ce2534 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/metrics/client_go_adapter.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/metrics/client_go_adapter.go @@ -52,7 +52,24 @@ const ( var ( // client metrics. - requestLatency = prometheus.NewHistogramVec(prometheus.HistogramOpts{ + + // RequestLatency reports the request latency in seconds per verb/URL. + // Deprecated: This metric is deprecated for removal in a future release: using the URL as a + // dimension results in cardinality explosion for some consumers. It was deprecated upstream + // in k8s v1.14 and hidden in v1.17 via https://github.com/kubernetes/kubernetes/pull/83836. + // It is not registered by default. To register: + // import ( + // clientmetrics "k8s.io/client-go/tools/metrics" + // clmetrics "sigs.k8s.io/controller-runtime/metrics" + // ) + // + // func init() { + // clmetrics.Registry.MustRegister(clmetrics.RequestLatency) + // clientmetrics.Register(clientmetrics.RegisterOpts{ + // RequestLatency: clmetrics.LatencyAdapter + // }) + // } + RequestLatency = prometheus.NewHistogramVec(prometheus.HistogramOpts{ Subsystem: RestClientSubsystem, Name: LatencyKey, Help: "Request latency in seconds. Broken down by verb and URL.", @@ -127,13 +144,11 @@ func init() { // registerClientMetrics sets up the client latency metrics from client-go. func registerClientMetrics() { // register the metrics with our registry - Registry.MustRegister(requestLatency) Registry.MustRegister(requestResult) // register the metrics with client-go clientmetrics.Register(clientmetrics.RegisterOpts{ - RequestLatency: &latencyAdapter{metric: requestLatency}, - RequestResult: &resultAdapter{metric: requestResult}, + RequestResult: &resultAdapter{metric: requestResult}, }) } @@ -159,11 +174,13 @@ func registerReflectorMetrics() { // copied (more-or-less directly) from k8s.io/kubernetes setup code // (which isn't anywhere in an easily-importable place). -type latencyAdapter struct { +// LatencyAdapter implements LatencyMetric. +type LatencyAdapter struct { metric *prometheus.HistogramVec } -func (l *latencyAdapter) Observe(_ context.Context, verb string, u url.URL, latency time.Duration) { +// Observe increments the request latency metric for the given verb/URL. +func (l *LatencyAdapter) Observe(_ context.Context, verb string, u url.URL, latency time.Duration) { l.metric.WithLabelValues(verb, u.String()).Observe(latency.Seconds()) } diff --git a/vendor/sigs.k8s.io/controller-runtime/pkg/webhook/server.go b/vendor/sigs.k8s.io/controller-runtime/pkg/webhook/server.go index 99b6ae9eb..d2338d0b7 100644 --- a/vendor/sigs.k8s.io/controller-runtime/pkg/webhook/server.go +++ b/vendor/sigs.k8s.io/controller-runtime/pkg/webhook/server.go @@ -28,10 +28,12 @@ import ( "path/filepath" "strconv" "sync" + "time" "k8s.io/apimachinery/pkg/runtime" kscheme "k8s.io/client-go/kubernetes/scheme" "sigs.k8s.io/controller-runtime/pkg/certwatcher" + "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/runtime/inject" "sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics" ) @@ -87,6 +89,10 @@ type Server struct { // defaultingOnce ensures that the default fields are only ever set once. defaultingOnce sync.Once + // started is set to true immediately before the server is started + // and thus can be used to check if the server has been started + started bool + // mu protects access to the webhook map & setFields for Start, Register, etc mu sync.Mutex } @@ -272,6 +278,9 @@ func (s *Server) Start(ctx context.Context) error { close(idleConnsClosed) }() + s.mu.Lock() + s.started = true + s.mu.Unlock() if err := srv.Serve(listener); err != nil && err != http.ErrServerClosed { return err } @@ -280,6 +289,34 @@ func (s *Server) Start(ctx context.Context) error { return nil } +// StartedChecker returns an healthz.Checker which is healthy after the +// server has been started. +func (s *Server) StartedChecker() healthz.Checker { + config := &tls.Config{ + InsecureSkipVerify: true, // nolint:gosec // config is used to connect to our own webhook port. + } + return func(req *http.Request) error { + s.mu.Lock() + defer s.mu.Unlock() + + if !s.started { + return fmt.Errorf("webhook server has not been started yet") + } + + d := &net.Dialer{Timeout: 10 * time.Second} + conn, err := tls.DialWithDialer(d, "tcp", net.JoinHostPort(s.Host, strconv.Itoa(s.Port)), config) + if err != nil { + return fmt.Errorf("webhook server is not reachable: %v", err) + } + + if err := conn.Close(); err != nil { + return fmt.Errorf("webhook server is not reachable: closing connection: %v", err) + } + + return nil + } +} + // InjectFunc injects the field setter into the server. func (s *Server) InjectFunc(f inject.Func) error { s.setFields = f