rebase: bump github.com/aws/aws-sdk-go-v2/service/sts

Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.18.10 to 1.19.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.10...service/s3/v1.19.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2023-05-09 13:09:18 +00:00 committed by mergify[bot]
parent c63af2108e
commit 7740cd5c36
13 changed files with 106 additions and 84 deletions

2
go.mod
View File

@ -5,7 +5,7 @@ go 1.19
require (
github.com/IBM/keyprotect-go-client v0.10.0
github.com/aws/aws-sdk-go v1.44.259
github.com/aws/aws-sdk-go-v2/service/sts v1.18.10
github.com/aws/aws-sdk-go-v2/service/sts v1.19.0
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
// TODO: API for managing subvolume metadata and snapshot metadata requires `ceph_ci_untested` build-tag
github.com/ceph/go-ceph v0.21.0

4
go.sum
View File

@ -165,8 +165,8 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 h1:vFQlirhuM8lLlpI7im
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 h1:0iKliEXAcCa2qVtRs7Ot5hItA2MsufrphbRFlz1Owxo=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw=
github.com/aws/aws-sdk-go-v2/service/sts v1.18.10 h1:6UbNM/KJhMBfOI5+lpVcJ/8OA7cBSz0O6OX37SRKlSw=
github.com/aws/aws-sdk-go-v2/service/sts v1.18.10/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8=
github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 h1:2DQLAKDteoEDI8zpCzqBMaZlJuoE9iTYD0gFmXVax9E=
github.com/aws/aws-sdk-go-v2/service/sts v1.19.0/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8=
github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=

View File

@ -1,3 +1,11 @@
# v1.19.0 (2023-05-08)
* **Feature**: Documentation updates for AWS Security Token Service.
# v1.18.11 (2023-05-04)
* No change notes available for this release.
# v1.18.10 (2023-04-24)
* **Dependency Update**: Updated to the latest SDK module versions

View File

@ -34,19 +34,18 @@ import (
// the account that owns the role. You cannot use session policies to grant more
// permissions than those allowed by the identity-based policy of the role that is
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. When you create a role, you create two policies: A role
// trust policy that specifies who can assume the role and a permissions policy
// in the IAM User Guide. When you create a role, you create two policies: a role
// trust policy that specifies who can assume the role, and a permissions policy
// that specifies what can be done with the role. You specify the trusted principal
// who is allowed to assume the role in the role trust policy. To assume a role
// that is allowed to assume the role in the role trust policy. To assume a role
// from a different account, your Amazon Web Services account must be trusted by
// the role. The trust relationship is defined in the role's trust policy when the
// role is created. That trust policy states which accounts are allowed to delegate
// that access to users in the account. A user who wants to access a role in a
// different account must also have permissions that are delegated from the user
// account administrator. The administrator must attach a policy that allows the
// user to call AssumeRole for the ARN of the role in the other account. To allow
// a user to assume a role in the same account, you can do either of the following:
//
// different account must also have permissions that are delegated from the account
// administrator. The administrator must attach a policy that allows the user to
// call AssumeRole for the ARN of the role in the other account. To allow a user
// to assume a role in the same account, you can do either of the following:
// - Attach a policy to the user that allows the user to call AssumeRole (as long
// as the role's trust policy trusts the account).
// - Add the user as a principal directly in the role's trust policy.

View File

@ -229,8 +229,8 @@ type AssumeRoleWithSAMLOutput struct {
// - The Amazon Web Services account ID.
// - The friendly name (the last part of the ARN) of the SAML provider in IAM.
// The combination of NameQualifier and Subject can be used to uniquely identify a
// federated user. The following pseudocode shows how the hash value is calculated:
// BASE64 ( SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP" ) )
// user. The following pseudocode shows how the hash value is calculated: BASE64 (
// SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP" ) )
NameQualifier *string
// A percentage value that indicates the packed size of the session policies and

View File

@ -20,19 +20,17 @@ import (
// and the Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
// to uniquely identify a user. You can also supply the user with a consistent
// identity throughout the lifetime of an application. To learn more about Amazon
// Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840)
// in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito
// Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664)
// in the Amazon Web Services SDK for iOS Developer Guide. Calling
// AssumeRoleWithWebIdentity does not require the use of Amazon Web Services
// security credentials. Therefore, you can distribute an application (for example,
// on mobile devices) that requests temporary security credentials without
// including long-term Amazon Web Services credentials in the application. You also
// don't need to deploy server-based proxy services that use long-term Amazon Web
// Services credentials. Instead, the identity of the caller is validated by using
// a token from the web identity provider. For a comparison of
// AssumeRoleWithWebIdentity with the other API operations that produce temporary
// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
// in Amazon Cognito Developer Guide. Calling AssumeRoleWithWebIdentity does not
// require the use of Amazon Web Services security credentials. Therefore, you can
// distribute an application (for example, on mobile devices) that requests
// temporary security credentials without including long-term Amazon Web Services
// credentials in the application. You also don't need to deploy server-based proxy
// services that use long-term Amazon Web Services credentials. Instead, the
// identity of the caller is validated by using a token from the web identity
// provider. For a comparison of AssumeRoleWithWebIdentity with the other API
// operations that produce temporary credentials, see Requesting Temporary
// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. The temporary security credentials returned by this API
// consist of an access key ID, a secret access key, and a security token.

View File

@ -12,11 +12,11 @@ import (
// Returns details about the IAM user or role whose credentials are used to call
// the operation. No permissions are required to perform this operation. If an
// administrator adds a policy to your IAM user or role that explicitly denies
// access to the sts:GetCallerIdentity action, you can still perform this
// operation. Permissions are not required because the same information is returned
// when an IAM user or role is denied access. To view an example response, see I
// Am Not Authorized to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
// administrator attaches a policy to your identity that explicitly denies access
// to the sts:GetCallerIdentity action, you can still perform this operation.
// Permissions are not required because the same information is returned when
// access is denied. To view an example response, see I Am Not Authorized to
// Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
// in the IAM User Guide.
func (c *Client) GetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*Options)) (*GetCallerIdentityOutput, error) {
if params == nil {

View File

@ -12,34 +12,33 @@ import (
)
// Returns a set of temporary security credentials (consisting of an access key
// ID, a secret access key, and a security token) for a federated user. A typical
// use is in a proxy application that gets temporary security credentials on behalf
// of distributed applications inside a corporate network. You must call the
// ID, a secret access key, and a security token) for a user. A typical use is in a
// proxy application that gets temporary security credentials on behalf of
// distributed applications inside a corporate network. You must call the
// GetFederationToken operation using the long-term security credentials of an IAM
// user. As a result, this call is appropriate in contexts where those credentials
// can be safely stored, usually in a server-based application. For a comparison of
// can be safeguarded, usually in a server-based application. For a comparison of
// GetFederationToken with the other API operations that produce temporary
// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. Although it is possible to call GetFederationToken using
// the security credentials of an Amazon Web Services account root user rather than
// an IAM user that you create for the purpose of a proxy application, we do not
// recommend it. For more information, see Safeguard your root user credentials
// and don't use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
// in the IAM User Guide. You can create a mobile-based or browser-based app that
// can authenticate users using a web identity provider like Login with Amazon,
// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
// or AssumeRoleWithWebIdentity . For more information, see Federation Through a
// Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
// in the IAM User Guide. You can also call GetFederationToken using the security
// credentials of an Amazon Web Services account root user, but we do not recommend
// it. Instead, we recommend that you create an IAM user for the purpose of the
// proxy application. Then attach a policy to the IAM user that limits federated
// users to only the actions and resources that they need to access. For more
// information, see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
// in the IAM User Guide. Session duration The temporary credentials are valid for
// the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600
// seconds (36 hours). The default session duration is 43,200 seconds (12 hours).
// Temporary credentials obtained by using the Amazon Web Services account root
// user credentials have a maximum duration of 3,600 seconds (1 hour). Permissions
// You can use the temporary credentials created by GetFederationToken in any
// Amazon Web Services service with the following exceptions:
// Temporary credentials obtained by using the root user credentials have a maximum
// duration of 3,600 seconds (1 hour). Permissions You can use the temporary
// credentials created by GetFederationToken in any Amazon Web Services service
// with the following exceptions:
// - You cannot call any IAM operations using the CLI or the Amazon Web Services
// API. This limitation does not apply to console sessions.
// - You cannot call any STS operations except GetCallerIdentity .
@ -114,10 +113,9 @@ type GetFederationTokenInput struct {
// The duration, in seconds, that the session should last. Acceptable durations
// for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds
// (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained
// using Amazon Web Services account root user credentials are restricted to a
// maximum of 3,600 seconds (one hour). If the specified duration is longer than
// one hour, the session obtained by using root user credentials defaults to one
// hour.
// using root user credentials are restricted to a maximum of 3,600 seconds (one
// hour). If the specified duration is longer than one hour, the session obtained
// by using root user credentials defaults to one hour.
DurationSeconds *int32
// An IAM policy in JSON format that you want to use as an inline session policy.

View File

@ -15,45 +15,42 @@ import (
// IAM user. The credentials consist of an access key ID, a secret access key, and
// a security token. Typically, you use GetSessionToken if you want to use MFA to
// protect programmatic calls to specific Amazon Web Services API operations like
// Amazon EC2 StopInstances . MFA-enabled IAM users would need to call
// GetSessionToken and submit an MFA code that is associated with their MFA device.
// Using the temporary security credentials that are returned from the call, IAM
// users can then make programmatic calls to API operations that require MFA
// authentication. If you do not supply a correct MFA code, then the API returns an
// access denied error. For a comparison of GetSessionToken with the other API
// operations that produce temporary credentials, see Requesting Temporary
// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// Amazon EC2 StopInstances . MFA-enabled IAM users must call GetSessionToken and
// submit an MFA code that is associated with their MFA device. Using the temporary
// security credentials that the call returns, IAM users can then make programmatic
// calls to API operations that require MFA authentication. An incorrect MFA code
// causes the API to return an access denied error. For a comparison of
// GetSessionToken with the other API operations that produce temporary
// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. No permissions are required for users to perform this
// operation. The purpose of the sts:GetSessionToken operation is to authenticate
// the user using MFA. You cannot use policies to control authentication
// operations. For more information, see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
// in the IAM User Guide. Session Duration The GetSessionToken operation must be
// called by using the long-term Amazon Web Services security credentials of the
// Amazon Web Services account root user or an IAM user. Credentials that are
// created by IAM users are valid for the duration that you specify. This duration
// can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
// hours), with a default of 43,200 seconds (12 hours). Credentials based on
// account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds
// (1 hour), with a default of 1 hour. Permissions The temporary security
// credentials created by GetSessionToken can be used to make API calls to any
// Amazon Web Services service with the following exceptions:
// called by using the long-term Amazon Web Services security credentials of an IAM
// user. Credentials that are created by IAM users are valid for the duration that
// you specify. This duration can range from 900 seconds (15 minutes) up to a
// maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12
// hours). Credentials based on account credentials can range from 900 seconds (15
// minutes) up to 3,600 seconds (1 hour), with a default of 1 hour. Permissions The
// temporary security credentials created by GetSessionToken can be used to make
// API calls to any Amazon Web Services service with the following exceptions:
// - You cannot call any IAM API operations unless MFA authentication
// information is included in the request.
// - You cannot call any STS API except AssumeRole or GetCallerIdentity .
//
// We recommend that you do not call GetSessionToken with Amazon Web Services
// account root user credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
// by creating one or more IAM users, giving them the necessary permissions, and
// using IAM users for everyday interaction with Amazon Web Services. The
// credentials that are returned by GetSessionToken are based on permissions
// associated with the user whose credentials were used to call the operation. If
// GetSessionToken is called using Amazon Web Services account root user
// credentials, the temporary credentials have root user permissions. Similarly, if
// GetSessionToken is called using the credentials of an IAM user, the temporary
// credentials have the same permissions as the IAM user. For more information
// about using GetSessionToken to create temporary credentials, go to Temporary
// Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
// The credentials that GetSessionToken returns are based on permissions
// associated with the IAM user whose credentials were used to call the operation.
// The temporary credentials have the same permissions as the IAM user. Although it
// is possible to call GetSessionToken using the security credentials of an Amazon
// Web Services account root user rather than an IAM user, we do not recommend it.
// If GetSessionToken is called using root user credentials, the temporary
// credentials have root user permissions. For more information, see Safeguard
// your root user credentials and don't use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
// in the IAM User Guide For more information about using GetSessionToken to
// create temporary credentials, see Temporary Credentials for Users in Untrusted
// Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
// in the IAM User Guide.
func (c *Client) GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error) {
if params == nil {

View File

@ -4,9 +4,8 @@
// Security Token Service.
//
// Security Token Service Security Token Service (STS) enables you to request
// temporary, limited-privilege credentials for Identity and Access Management
// (IAM) users or for users that you authenticate (federated users). This guide
// provides descriptions of the STS API. For more information about using this
// service, see Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
// temporary, limited-privilege credentials for users. This guide provides
// descriptions of the STS API. For more information about using this service, see
// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
// .
package sts

View File

@ -3,4 +3,4 @@
package sts
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.18.10"
const goModuleVersion = "1.19.0"

View File

@ -89,6 +89,7 @@ var partitionRegexp = struct {
AwsCn *regexp.Regexp
AwsIso *regexp.Regexp
AwsIsoB *regexp.Regexp
AwsIsoE *regexp.Regexp
AwsUsGov *regexp.Regexp
}{
@ -96,6 +97,7 @@ var partitionRegexp = struct {
AwsCn: regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
AwsIso: regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
AwsIsoB: regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
AwsIsoE: regexp.MustCompile("^eu\\-isoe\\-\\w+\\-\\d+$"),
AwsUsGov: regexp.MustCompile("^us\\-gov\\-\\w+\\-\\d+$"),
}
@ -384,6 +386,27 @@ var defaultPartitions = endpoints.Partitions{
}: endpoints.Endpoint{},
},
},
{
ID: "aws-iso-e",
Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
{
Variant: endpoints.FIPSVariant,
}: {
Hostname: "sts-fips.{region}.cloud.adc-e.uk",
Protocols: []string{"https"},
SignatureVersions: []string{"v4"},
},
{
Variant: 0,
}: {
Hostname: "sts.{region}.cloud.adc-e.uk",
Protocols: []string{"https"},
SignatureVersions: []string{"v4"},
},
},
RegionRegex: partitionRegexp.AwsIsoE,
IsRegionalized: true,
},
{
ID: "aws-us-gov",
Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{

2
vendor/modules.txt vendored
View File

@ -82,7 +82,7 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27
## explicit; go 1.15
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
# github.com/aws/aws-sdk-go-v2/service/sts v1.18.10
# github.com/aws/aws-sdk-go-v2/service/sts v1.19.0
## explicit; go 1.15
github.com/aws/aws-sdk-go-v2/service/sts
github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints