rebase: bump github.com/aws/aws-sdk-go from 1.44.271 to 1.44.276

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.271 to 1.44.276.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.271...v1.44.276)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2023-06-06 12:41:19 +00:00 committed by mergify[bot]
parent e4e373cd47
commit 64aa03826f
6 changed files with 292 additions and 91 deletions

2
go.mod
View File

@ -4,7 +4,7 @@ go 1.20
require ( require (
github.com/IBM/keyprotect-go-client v0.10.0 github.com/IBM/keyprotect-go-client v0.10.0
github.com/aws/aws-sdk-go v1.44.271 github.com/aws/aws-sdk-go v1.44.276
github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 github.com/aws/aws-sdk-go-v2/service/sts v1.19.0
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000 github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
// TODO: API for managing subvolume metadata and snapshot metadata requires `ceph_ci_untested` build-tag // TODO: API for managing subvolume metadata and snapshot metadata requires `ceph_ci_untested` build-tag

4
go.sum
View File

@ -154,8 +154,8 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.44.271 h1:aa+Nu2JcnFmW1TLIz/67SS7KPq1I1Adl4RmExSMjGVo= github.com/aws/aws-sdk-go v1.44.276 h1:ywPlx9C5Yc482dUgAZ9bHpQ6onVvJvYE9FJWsNDCEy0=
github.com/aws/aws-sdk-go v1.44.271/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go v1.44.276/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY= github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY=
github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4=

View File

@ -4092,6 +4092,9 @@ var awsPartition = partition{
endpointKey{ endpointKey{
Region: "ap-southeast-3", Region: "ap-southeast-3",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "ap-southeast-4",
}: endpoint{},
endpointKey{ endpointKey{
Region: "ca-central-1", Region: "ca-central-1",
}: endpoint{}, }: endpoint{},
@ -24403,6 +24406,12 @@ var awsPartition = partition{
endpointKey{ endpointKey{
Region: "ap-northeast-1", Region: "ap-northeast-1",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "ap-northeast-2",
}: endpoint{},
endpointKey{
Region: "ap-south-1",
}: endpoint{},
endpointKey{ endpointKey{
Region: "ap-southeast-1", Region: "ap-southeast-1",
}: endpoint{}, }: endpoint{},
@ -24427,6 +24436,9 @@ var awsPartition = partition{
endpointKey{ endpointKey{
Region: "us-east-2", Region: "us-east-2",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "us-west-1",
}: endpoint{},
endpointKey{ endpointKey{
Region: "us-west-2", Region: "us-west-2",
}: endpoint{}, }: endpoint{},
@ -28189,6 +28201,9 @@ var awsPartition = partition{
endpointKey{ endpointKey{
Region: "ap-south-1", Region: "ap-south-1",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "ap-south-2",
}: endpoint{},
endpointKey{ endpointKey{
Region: "ap-southeast-1", Region: "ap-southeast-1",
}: endpoint{}, }: endpoint{},
@ -28210,12 +28225,18 @@ var awsPartition = partition{
endpointKey{ endpointKey{
Region: "eu-central-1", Region: "eu-central-1",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "eu-central-2",
}: endpoint{},
endpointKey{ endpointKey{
Region: "eu-north-1", Region: "eu-north-1",
}: endpoint{}, }: endpoint{},
endpointKey{ endpointKey{
Region: "eu-south-1", Region: "eu-south-1",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "eu-south-2",
}: endpoint{},
endpointKey{ endpointKey{
Region: "eu-west-1", Region: "eu-west-1",
}: endpoint{}, }: endpoint{},
@ -36038,6 +36059,46 @@ var awsusgovPartition = partition{
}: endpoint{}, }: endpoint{},
}, },
}, },
"mgn": service{
Endpoints: serviceEndpoints{
endpointKey{
Region: "fips-us-gov-east-1",
}: endpoint{
Hostname: "mgn-fips.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-east-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-gov-west-1",
}: endpoint{
Hostname: "mgn-fips.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-west-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "us-gov-east-1",
}: endpoint{},
endpointKey{
Region: "us-gov-east-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "mgn-fips.us-gov-east-1.amazonaws.com",
},
endpointKey{
Region: "us-gov-west-1",
}: endpoint{},
endpointKey{
Region: "us-gov-west-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "mgn-fips.us-gov-west-1.amazonaws.com",
},
},
},
"models.lex": service{ "models.lex": service{
Defaults: endpointDefaults{ Defaults: endpointDefaults{
defaultKey{}: endpoint{ defaultKey{}: endpoint{
@ -38326,6 +38387,15 @@ var awsusgovPartition = partition{
}, },
"workspaces": service{ "workspaces": service{
Endpoints: serviceEndpoints{ Endpoints: serviceEndpoints{
endpointKey{
Region: "fips-us-gov-east-1",
}: endpoint{
Hostname: "workspaces-fips.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-east-1",
},
Deprecated: boxedTrue,
},
endpointKey{ endpointKey{
Region: "fips-us-gov-west-1", Region: "fips-us-gov-west-1",
}: endpoint{ }: endpoint{
@ -38338,6 +38408,12 @@ var awsusgovPartition = partition{
endpointKey{ endpointKey{
Region: "us-gov-east-1", Region: "us-gov-east-1",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "us-gov-east-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "workspaces-fips.us-gov-east-1.amazonaws.com",
},
endpointKey{ endpointKey{
Region: "us-gov-west-1", Region: "us-gov-west-1",
}: endpoint{}, }: endpoint{},
@ -39076,6 +39152,9 @@ var awsisoPartition = partition{
endpointKey{ endpointKey{
Region: "us-iso-east-1", Region: "us-iso-east-1",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "us-iso-west-1",
}: endpoint{},
}, },
}, },
"runtime.sagemaker": service{ "runtime.sagemaker": service{
@ -39229,6 +39308,9 @@ var awsisoPartition = partition{
endpointKey{ endpointKey{
Region: "us-iso-east-1", Region: "us-iso-east-1",
}: endpoint{}, }: endpoint{},
endpointKey{
Region: "us-iso-west-1",
}: endpoint{},
}, },
}, },
"transcribe": service{ "transcribe": service{

View File

@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go" const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK // SDKVersion is the version of this SDK
const SDKVersion = "1.44.271" const SDKVersion = "1.44.276"

View File

@ -1108,13 +1108,6 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out
// use HMAC keys to generate (GenerateMac) and verify (VerifyMac) HMAC codes // use HMAC keys to generate (GenerateMac) and verify (VerifyMac) HMAC codes
// for messages up to 4096 bytes. // for messages up to 4096 bytes.
// //
// HMAC KMS keys are not supported in all Amazon Web Services Regions. If you
// try to create an HMAC KMS key in an Amazon Web Services Region in which HMAC
// keys are not supported, the CreateKey operation returns an UnsupportedOperationException.
// For a list of Regions in which HMAC KMS keys are supported, see HMAC keys
// in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html)
// in the Key Management Service Developer Guide.
//
// # Multi-Region primary keys // # Multi-Region primary keys
// //
// # Imported key material // # Imported key material
@ -1140,18 +1133,20 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out
// keys, see Multi-Region keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) // keys, see Multi-Region keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html)
// in the Key Management Service Developer Guide. // in the Key Management Service Developer Guide.
// //
// To import your own key material into a KMS key, begin by creating a symmetric // To import your own key material into a KMS key, begin by creating a KMS key
// encryption KMS key with no key material. To do this, use the Origin parameter // with no key material. To do this, use the Origin parameter of CreateKey with
// of CreateKey with a value of EXTERNAL. Next, use GetParametersForImport operation // a value of EXTERNAL. Next, use GetParametersForImport operation to get a
// to get a public key and import token, and use the public key to encrypt your // public key and import token. Use the wrapping public key to encrypt your
// key material. Then, use ImportKeyMaterial with your import token to import // key material. Then, use ImportKeyMaterial with your import token to import
// the key material. For step-by-step instructions, see Importing Key Material // the key material. For step-by-step instructions, see Importing Key Material
// (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html)
// in the Key Management Service Developer Guide . // in the Key Management Service Developer Guide .
// //
// This feature supports only symmetric encryption KMS keys, including multi-Region // You can import key material into KMS keys of all supported KMS key types:
// symmetric encryption KMS keys. You cannot import key material into any other // symmetric encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys,
// type of KMS key. // and asymmetric signing KMS keys. You can also create multi-Region keys with
// imported key material. However, you can't import key material into a KMS
// key in a custom key store.
// //
// To create a multi-Region primary key with imported key material, use the // To create a multi-Region primary key with imported key material, use the
// Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion // Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion
@ -1944,18 +1939,16 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI
// DeleteImportedKeyMaterial API operation for AWS Key Management Service. // DeleteImportedKeyMaterial API operation for AWS Key Management Service.
// //
// Deletes key material that you previously imported. This operation makes the // Deletes key material that was previously imported. This operation makes the
// specified KMS key unusable. For more information about importing key material // specified KMS key temporarily unusable. To restore the usability of the KMS
// into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // key, reimport the same key material. For more information about importing
// key material into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html)
// in the Key Management Service Developer Guide. // in the Key Management Service Developer Guide.
// //
// When the specified KMS key is in the PendingDeletion state, this operation // When the specified KMS key is in the PendingDeletion state, this operation
// does not change the KMS key's state. Otherwise, it changes the KMS key's // does not change the KMS key's state. Otherwise, it changes the KMS key's
// state to PendingImport. // state to PendingImport.
// //
// After you delete key material, you can use ImportKeyMaterial to reimport
// the same key material into the KMS key.
//
// The KMS key that you use for this operation must be in a compatible key state. // The KMS key that you use for this operation must be in a compatible key state.
// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide. // in the Key Management Service Developer Guide.
@ -4769,27 +4762,56 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput)
// GetParametersForImport API operation for AWS Key Management Service. // GetParametersForImport API operation for AWS Key Management Service.
// //
// Returns the items you need to import key material into a symmetric encryption // Returns the public key and an import token you need to import or reimport
// KMS key. For more information about importing key material into KMS, see // key material for a KMS key.
// Importing key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) //
// By default, KMS keys are created with key material that KMS generates. This
// operation supports Importing key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
// an advanced feature that lets you generate and import the cryptographic key
// material for a KMS key. For more information about importing key material
// into KMS, see Importing key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html)
// in the Key Management Service Developer Guide. // in the Key Management Service Developer Guide.
// //
// This operation returns a public key and an import token. Use the public key // Before calling GetParametersForImport, use the CreateKey operation with an
// to encrypt the symmetric key material. Store the import token to send with // Origin value of EXTERNAL to create a KMS key with no key material. You can
// a subsequent ImportKeyMaterial request. // import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric
// encryption KMS key, or asymmetric signing KMS key. You can also import key
// material into a multi-Region key (kms/latest/developerguide/multi-region-keys-overview.html)
// of any supported type. However, you can't import key material into a KMS
// key in a custom key store (kms/latest/developerguide/custom-key-store-overview.html).
// You can also use GetParametersForImport to get a public key and import token
// to reimport the original key material (kms/latest/developerguide/importing-keys.html#reimport-key-material)
// into a KMS key whose key material expired or was deleted.
// //
// You must specify the key ID of the symmetric encryption KMS key into which // GetParametersForImport returns the items that you need to import your key
// you will import key material. The KMS key Origin must be EXTERNAL. You must // material.
// also specify the wrapping algorithm and type of wrapping key (public key)
// that you will use to encrypt the key material. You cannot perform this operation
// on an asymmetric KMS key, an HMAC KMS key, or on any KMS key in a different
// Amazon Web Services account.
// //
// To import key material, you must use the public key and import token from // - The public key (or "wrapping key") of an RSA key pair that KMS generates.
// the same response. These items are valid for 24 hours. The expiration date // You will use this public key to encrypt ("wrap") your key material while
// and time appear in the GetParametersForImport response. You cannot use an // it's in transit to KMS.
// expired token in an ImportKeyMaterial request. If your key and token expire, //
// send another GetParametersForImport request. // - A import token that ensures that KMS can decrypt your key material and
// associate it with the correct KMS key.
//
// The public key and its import token are permanently linked and must be used
// together. Each public key and import token set is valid for 24 hours. The
// expiration date and time appear in the ParametersValidTo field in the GetParametersForImport
// response. You cannot use an expired public key or import token in an ImportKeyMaterial
// request. If your key and token expire, send another GetParametersForImport
// request.
//
// GetParametersForImport requires the following information:
//
// - The key ID of the KMS key for which you are importing the key material.
//
// - The key spec of the public key ("wrapping key") that you will use to
// encrypt your key material during import.
//
// - The wrapping algorithm that you will use with the public key to encrypt
// your key material.
//
// You can use the same or a different public key spec and wrapping algorithm
// each time you import or reimport the same key material.
// //
// The KMS key that you use for this operation must be in a compatible key state. // The KMS key that you use for this operation must be in a compatible key state.
// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
@ -5109,44 +5131,83 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ
// ImportKeyMaterial API operation for AWS Key Management Service. // ImportKeyMaterial API operation for AWS Key Management Service.
// //
// Imports key material into an existing symmetric encryption KMS key that was // Imports or reimports key material into an existing KMS key that was created
// created without key material. After you successfully import key material // without key material. ImportKeyMaterial also sets the expiration model and
// into a KMS key, you can reimport the same key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material) // expiration date of the imported key material.
// into that KMS key, but you cannot import different key material.
// //
// You cannot perform this operation on an asymmetric KMS key, an HMAC KMS key, // By default, KMS keys are created with key material that KMS generates. This
// or on any KMS key in a different Amazon Web Services account. For more information // operation supports Importing key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
// about creating KMS keys with no key material and then importing key material, // an advanced feature that lets you generate and import the cryptographic key
// see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // material for a KMS key. For more information about importing key material
// into KMS, see Importing key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html)
// in the Key Management Service Developer Guide. // in the Key Management Service Developer Guide.
// //
// Before using this operation, call GetParametersForImport. Its response includes // After you successfully import key material into a KMS key, you can reimport
// a public key and an import token. Use the public key to encrypt the key material. // the same key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material)
// Then, submit the import token from the same GetParametersForImport response. // into that KMS key, but you cannot import different key material. You might
// reimport key material to replace key material that expired or key material
// that you deleted. You might also reimport key material to change the expiration
// model or expiration date of the key material. Before reimporting key material,
// if necessary, call DeleteImportedKeyMaterial to delete the current imported
// key material.
// //
// When calling this operation, you must specify the following values: // Each time you import key material into KMS, you can determine whether (ExpirationModel)
// and when (ValidTo) the key material expires. To change the expiration of
// your key material, you must import it again, either by calling ImportKeyMaterial
// or using the import features (kms/latest/developerguide/importing-keys-import-key-material.html#importing-keys-import-key-material-console)
// of the KMS console.
// //
// - The key ID or key ARN of a KMS key with no key material. Its Origin // Before calling ImportKeyMaterial:
// must be EXTERNAL. To create a KMS key with no key material, call CreateKey
// and set the value of its Origin parameter to EXTERNAL. To get the Origin
// of a KMS key, call DescribeKey.)
// //
// - The encrypted key material. To get the public key to encrypt the key // - Create or identify a KMS key with no key material. The KMS key must
// material, call GetParametersForImport. // have an Origin value of EXTERNAL, which indicates that the KMS key is
// designed for imported key material. To create an new KMS key for imported
// key material, call the CreateKey operation with an Origin value of EXTERNAL.
// You can create a symmetric encryption KMS key, HMAC KMS key, asymmetric
// encryption KMS key, or asymmetric signing KMS key. You can also import
// key material into a multi-Region key (kms/latest/developerguide/multi-region-keys-overview.html)
// of any supported type. However, you can't import key material into a KMS
// key in a custom key store (kms/latest/developerguide/custom-key-store-overview.html).
//
// - Use the DescribeKey operation to verify that the KeyState of the KMS
// key is PendingImport, which indicates that the KMS key has no key material.
// If you are reimporting the same key material into an existing KMS key,
// you might need to call the DeleteImportedKeyMaterial to delete its existing
// key material.
//
// - Call the GetParametersForImport operation to get a public key and import
// token set for importing key material.
//
// - Use the public key in the GetParametersForImport response to encrypt
// your key material.
//
// Then, in an ImportKeyMaterial request, you submit your encrypted key material
// and import token. When calling this operation, you must specify the following
// values:
//
// - The key ID or key ARN of the KMS key to associate with the imported
// key material. Its Origin must be EXTERNAL and its KeyState must be PendingImport.
// You cannot perform this operation on a KMS key in a custom key store (kms/latest/developerguide/custom-key-store-overview.html),
// or on a KMS key in a different Amazon Web Services account. To get the
// Origin and KeyState of a KMS key, call DescribeKey.
//
// - The encrypted key material.
// //
// - The import token that GetParametersForImport returned. You must use // - The import token that GetParametersForImport returned. You must use
// a public key and token from the same GetParametersForImport response. // a public key and token from the same GetParametersForImport response.
// //
// - Whether the key material expires (ExpirationModel) and, if so, when // - Whether the key material expires (ExpirationModel) and, if so, when
// (ValidTo). If you set an expiration date, on the specified date, KMS deletes // (ValidTo). For help with this choice, see Setting an expiration time (https://docs.aws.amazon.com/en_us/kms/latest/developerguide/importing-keys.html#importing-keys-expiration)
// the key material from the KMS key, making the KMS key unusable. To use // in the Key Management Service Developer Guide. If you set an expiration
// the KMS key in cryptographic operations again, you must reimport the same // date, KMS deletes the key material from the KMS key on the specified date,
// key material. The only way to change the expiration model or expiration // making the KMS key unusable. To use the KMS key in cryptographic operations
// date is by reimporting the same key material and specifying a new expiration // again, you must reimport the same key material. However, you can delete
// date. // and reimport the key material at any time, including before the key material
// expires. Each time you reimport, you can eliminate or reset the expiration
// time.
// //
// When this operation is successful, the key state of the KMS key changes from // When this operation is successful, the key state of the KMS key changes from
// PendingImport to Enabled, and you can use the KMS key. // PendingImport to Enabled, and you can use the KMS key in cryptographic operations.
// //
// If this operation fails, use the exception to help determine the problem. // If this operation fails, use the exception to help determine the problem.
// If the error is related to the key material, the import token, or wrapping // If the error is related to the key material, the import token, or wrapping
@ -7266,8 +7327,10 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req *
// //
// Deleting a KMS key is a destructive and potentially dangerous operation. // Deleting a KMS key is a destructive and potentially dangerous operation.
// When a KMS key is deleted, all data that was encrypted under the KMS key // When a KMS key is deleted, all data that was encrypted under the KMS key
// is unrecoverable. (The only exception is a multi-Region replica key.) To // is unrecoverable. (The only exception is a multi-Region replica key (kms/latest/developerguide/multi-region-keys-delete.html),
// prevent the use of a KMS key without deleting it, use DisableKey. // or an asymmetric or HMAC KMS key with imported key material[BUGBUG-link to
// importing-keys-managing.html#import-delete-key.) To prevent the use of a
// KMS key without deleting it, use DisableKey.
// //
// You can schedule the deletion of a multi-Region primary key and its replica // You can schedule the deletion of a multi-Region primary key and its replica
// keys at any time. However, KMS will not delete a multi-Region primary key // keys at any time. However, KMS will not delete a multi-Region primary key
@ -14217,8 +14280,11 @@ func (s *GetKeyRotationStatusOutput) SetKeyRotationEnabled(v bool) *GetKeyRotati
type GetParametersForImportInput struct { type GetParametersForImportInput struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// The identifier of the symmetric encryption KMS key into which you will import // The identifier of the KMS key that will be associated with the imported key
// key material. The Origin of the KMS key must be EXTERNAL. // material. The Origin of the KMS key must be EXTERNAL.
//
// All KMS key types are supported, including multi-Region keys. However, you
// cannot import key material into a KMS key in a custom key store.
// //
// Specify the key ID or key ARN of the KMS key. // Specify the key ID or key ARN of the KMS key.
// //
@ -14233,22 +14299,50 @@ type GetParametersForImportInput struct {
// KeyId is a required field // KeyId is a required field
KeyId *string `min:"1" type:"string" required:"true"` KeyId *string `min:"1" type:"string" required:"true"`
// The algorithm you will use to encrypt the key material before using the ImportKeyMaterial // The algorithm you will use with the RSA public key (PublicKey) in the response
// operation to import it. For more information, see Encrypt the key material // to protect your key material during import. For more information, see Select
// (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html) // a wrapping algorithm (kms/latest/developerguide/importing-keys-get-public-key-and-token.html#select-wrapping-algorithm)
// in the Key Management Service Developer Guide. // in the Key Management Service Developer Guide.
// //
// The RSAES_PKCS1_V1_5 wrapping algorithm is deprecated. We recommend that // For RSA_AES wrapping algorithms, you encrypt your key material with an AES
// you begin using a different wrapping algorithm immediately. KMS will end // key that you generate, then encrypt your AES key with the RSA public key
// support for RSAES_PKCS1_V1_5 by October 1, 2023 pursuant to cryptographic // from KMS. For RSAES wrapping algorithms, you encrypt your key material directly
// key management guidance (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf) // with the RSA public key from KMS.
// from the National Institute of Standards and Technology (NIST). //
// The wrapping algorithms that you can use depend on the type of key material
// that you are importing. To import an RSA private key, you must use an RSA_AES
// wrapping algorithm.
//
// * RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key
// material.
//
// * RSA_AES_KEY_WRAP_SHA_1 — Supported for wrapping RSA and ECC key material.
//
// * RSAES_OAEP_SHA_256 — Supported for all types of key material, except
// RSA key material (private key). You cannot use the RSAES_OAEP_SHA_256
// wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521
// key material.
//
// * RSAES_OAEP_SHA_1 — Supported for all types of key material, except
// RSA key material (private key). You cannot use the RSAES_OAEP_SHA_1 wrapping
// algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key
// material.
//
// * RSAES_PKCS1_V1_5 (Deprecated) — Supported only for symmetric encryption
// key material (and only in legacy mode).
// //
// WrappingAlgorithm is a required field // WrappingAlgorithm is a required field
WrappingAlgorithm *string `type:"string" required:"true" enum:"AlgorithmSpec"` WrappingAlgorithm *string `type:"string" required:"true" enum:"AlgorithmSpec"`
// The type of wrapping key (public key) to return in the response. Only 2048-bit // The type of RSA public key to return in the response. You will use this wrapping
// RSA public keys are supported. // key with the specified wrapping algorithm to protect your key material during
// import.
//
// Use the longest RSA wrapping key that is practical.
//
// You cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private
// key. Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public
// key.
// //
// WrappingKeySpec is a required field // WrappingKeySpec is a required field
WrappingKeySpec *string `type:"string" required:"true" enum:"WrappingKeySpec"` WrappingKeySpec *string `type:"string" required:"true" enum:"WrappingKeySpec"`
@ -14761,7 +14855,7 @@ type ImportKeyMaterialInput struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// The encrypted key material to import. The key material must be encrypted // The encrypted key material to import. The key material must be encrypted
// with the public wrapping key that GetParametersForImport returned, using // under the public wrapping key that GetParametersForImport returned, using
// the wrapping algorithm that you specified in the same GetParametersForImport // the wrapping algorithm that you specified in the same GetParametersForImport
// request. // request.
// EncryptedKeyMaterial is automatically base64 encoded/decoded by the SDK. // EncryptedKeyMaterial is automatically base64 encoded/decoded by the SDK.
@ -14770,14 +14864,16 @@ type ImportKeyMaterialInput struct {
EncryptedKeyMaterial []byte `min:"1" type:"blob" required:"true"` EncryptedKeyMaterial []byte `min:"1" type:"blob" required:"true"`
// Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES. // Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES.
// For help with this choice, see Setting an expiration time (https://docs.aws.amazon.com/en_us/kms/latest/developerguide/importing-keys.html#importing-keys-expiration)
// in the Key Management Service Developer Guide.
// //
// When the value of ExpirationModel is KEY_MATERIAL_EXPIRES, you must specify // When the value of ExpirationModel is KEY_MATERIAL_EXPIRES, you must specify
// a value for the ValidTo parameter. When value is KEY_MATERIAL_DOES_NOT_EXPIRE, // a value for the ValidTo parameter. When value is KEY_MATERIAL_DOES_NOT_EXPIRE,
// you must omit the ValidTo parameter. // you must omit the ValidTo parameter.
// //
// You cannot change the ExpirationModel or ValidTo values for the current import // You cannot change the ExpirationModel or ValidTo values for the current import
// after the request completes. To change either value, you must delete (DeleteImportedKeyMaterial) // after the request completes. To change either value, you must reimport the
// and reimport the key material. // key material.
ExpirationModel *string `type:"string" enum:"ExpirationModelType"` ExpirationModel *string `type:"string" enum:"ExpirationModelType"`
// The import token that you received in the response to a previous GetParametersForImport // The import token that you received in the response to a previous GetParametersForImport
@ -14788,12 +14884,16 @@ type ImportKeyMaterialInput struct {
// ImportToken is a required field // ImportToken is a required field
ImportToken []byte `min:"1" type:"blob" required:"true"` ImportToken []byte `min:"1" type:"blob" required:"true"`
// The identifier of the symmetric encryption KMS key that receives the imported // The identifier of the KMS key that will be associated with the imported key
// key material. This must be the same KMS key specified in the KeyID parameter // material. This must be the same KMS key specified in the KeyID parameter
// of the corresponding GetParametersForImport request. The Origin of the KMS // of the corresponding GetParametersForImport request. The Origin of the KMS
// key must be EXTERNAL. You cannot perform this operation on an asymmetric // key must be EXTERNAL and its KeyState must be PendingImport.
// KMS key, an HMAC KMS key, a KMS key in a custom key store, or on a KMS key //
// in a different Amazon Web Services account // The KMS key can be a symmetric encryption KMS key, HMAC KMS key, asymmetric
// encryption KMS key, or asymmetric signing KMS key, including a multi-Region
// key (kms/latest/developerguide/multi-region-keys-overview.html) of any supported
// type. You cannot perform this operation on a KMS key in a custom key store,
// or on a KMS key in a different Amazon Web Services account.
// //
// Specify the key ID or key ARN of the KMS key. // Specify the key ID or key ARN of the KMS key.
// //
@ -18513,7 +18613,10 @@ type ScheduleKeyDeletionInput struct {
// waiting period begins immediately. // waiting period begins immediately.
// //
// This value is optional. If you include a value, it must be between 7 and // This value is optional. If you include a value, it must be between 7 and
// 30, inclusive. If you do not include a value, it defaults to 30. // 30, inclusive. If you do not include a value, it defaults to 30. You can
// use the kms:ScheduleKeyDeletionPendingWindowInDays (https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-pending-deletion-window)
// condition key to further constrain the values that principals can specify
// in the PendingWindowInDays parameter.
PendingWindowInDays *int64 `min:"1" type:"integer"` PendingWindowInDays *int64 `min:"1" type:"integer"`
} }
@ -18818,7 +18921,7 @@ type SignOutput struct {
// this value is defined by PKCS #1 in RFC 8017 (https://tools.ietf.org/html/rfc8017). // this value is defined by PKCS #1 in RFC 8017 (https://tools.ietf.org/html/rfc8017).
// //
// * When used with the ECDSA_SHA_256, ECDSA_SHA_384, or ECDSA_SHA_512 signing // * When used with the ECDSA_SHA_256, ECDSA_SHA_384, or ECDSA_SHA_512 signing
// algorithms, this value is a DER-encoded object as defined by ANS X9.622005 // algorithms, this value is a DER-encoded object as defined by ANSI X9.622005
// and RFC 3279 Section 2.2.3 (https://tools.ietf.org/html/rfc3279#section-2.2.3). // and RFC 3279 Section 2.2.3 (https://tools.ietf.org/html/rfc3279#section-2.2.3).
// This is the most commonly used signature format and is appropriate for // This is the most commonly used signature format and is appropriate for
// most uses. // most uses.
@ -21302,6 +21405,12 @@ const (
// AlgorithmSpecRsaesOaepSha256 is a AlgorithmSpec enum value // AlgorithmSpecRsaesOaepSha256 is a AlgorithmSpec enum value
AlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256" AlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256"
// AlgorithmSpecRsaAesKeyWrapSha1 is a AlgorithmSpec enum value
AlgorithmSpecRsaAesKeyWrapSha1 = "RSA_AES_KEY_WRAP_SHA_1"
// AlgorithmSpecRsaAesKeyWrapSha256 is a AlgorithmSpec enum value
AlgorithmSpecRsaAesKeyWrapSha256 = "RSA_AES_KEY_WRAP_SHA_256"
) )
// AlgorithmSpec_Values returns all elements of the AlgorithmSpec enum // AlgorithmSpec_Values returns all elements of the AlgorithmSpec enum
@ -21310,6 +21419,8 @@ func AlgorithmSpec_Values() []string {
AlgorithmSpecRsaesPkcs1V15, AlgorithmSpecRsaesPkcs1V15,
AlgorithmSpecRsaesOaepSha1, AlgorithmSpecRsaesOaepSha1,
AlgorithmSpecRsaesOaepSha256, AlgorithmSpecRsaesOaepSha256,
AlgorithmSpecRsaAesKeyWrapSha1,
AlgorithmSpecRsaAesKeyWrapSha256,
} }
} }
@ -21944,12 +22055,20 @@ func SigningAlgorithmSpec_Values() []string {
const ( const (
// WrappingKeySpecRsa2048 is a WrappingKeySpec enum value // WrappingKeySpecRsa2048 is a WrappingKeySpec enum value
WrappingKeySpecRsa2048 = "RSA_2048" WrappingKeySpecRsa2048 = "RSA_2048"
// WrappingKeySpecRsa3072 is a WrappingKeySpec enum value
WrappingKeySpecRsa3072 = "RSA_3072"
// WrappingKeySpecRsa4096 is a WrappingKeySpec enum value
WrappingKeySpecRsa4096 = "RSA_4096"
) )
// WrappingKeySpec_Values returns all elements of the WrappingKeySpec enum // WrappingKeySpec_Values returns all elements of the WrappingKeySpec enum
func WrappingKeySpec_Values() []string { func WrappingKeySpec_Values() []string {
return []string{ return []string{
WrappingKeySpecRsa2048, WrappingKeySpecRsa2048,
WrappingKeySpecRsa3072,
WrappingKeySpecRsa4096,
} }
} }

2
vendor/modules.txt vendored
View File

@ -20,7 +20,7 @@ github.com/armon/go-metrics
# github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a # github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
## explicit ## explicit
github.com/asaskevich/govalidator github.com/asaskevich/govalidator
# github.com/aws/aws-sdk-go v1.44.271 # github.com/aws/aws-sdk-go v1.44.276
## explicit; go 1.11 ## explicit; go 1.11
github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws
github.com/aws/aws-sdk-go/aws/awserr github.com/aws/aws-sdk-go/aws/awserr