rebase: bump github.com/aws/aws-sdk-go from 1.38.63 to 1.40.34

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.38.63 to 1.40.34.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.38.63...v1.40.34)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2021-09-01 13:20:44 +00:00 committed by mergify[bot]
parent fb000647b5
commit 8fc7db8d80
63 changed files with 8039 additions and 3185 deletions

2
go.mod
View File

@ -3,7 +3,7 @@ module github.com/ceph/ceph-csi
go 1.16 go 1.16
require ( require (
github.com/aws/aws-sdk-go v1.38.63 github.com/aws/aws-sdk-go v1.40.34
github.com/ceph/go-ceph v0.11.0 github.com/ceph/go-ceph v0.11.0
github.com/container-storage-interface/spec v1.5.0 github.com/container-storage-interface/spec v1.5.0
github.com/csi-addons/replication-lib-utils v0.2.0 github.com/csi-addons/replication-lib-utils v0.2.0

7
go.sum
View File

@ -133,8 +133,8 @@ github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k=
github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
github.com/aws/aws-sdk-go v1.38.63 h1:BqPxe0sujTRTbir6OWj0f1VmeJcAIv7ZhTCAhaU1zmE= github.com/aws/aws-sdk-go v1.40.34 h1:SBYmodndE2d4AYucuuJnOXk4MD1SFbucoIdpwKVKeSA=
github.com/aws/aws-sdk-go v1.38.63/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.40.34/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
@ -1157,8 +1157,9 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
golang.org/x/net v0.0.0-20210520170846-37e1c6afe023 h1:ADo5wSpq2gqaCGQWzk7S5vd//0iyyLeAratkEoG5dLE=
golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q=
golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190130055435-99b60b757ec1/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190130055435-99b60b757ec1/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

View File

@ -50,9 +50,19 @@ func prettify(v reflect.Value, indent int, buf *bytes.Buffer) {
for i, n := range names { for i, n := range names {
val := v.FieldByName(n) val := v.FieldByName(n)
ft, ok := v.Type().FieldByName(n)
if !ok {
panic(fmt.Sprintf("expected to find field %v on type %v, but was not found", n, v.Type()))
}
buf.WriteString(strings.Repeat(" ", indent+2)) buf.WriteString(strings.Repeat(" ", indent+2))
buf.WriteString(n + ": ") buf.WriteString(n + ": ")
prettify(val, indent+2, buf)
if tag := ft.Tag.Get("sensitive"); tag == "true" {
buf.WriteString("<sensitive>")
} else {
prettify(val, indent+2, buf)
}
if i < len(names)-1 { if i < len(names)-1 {
buf.WriteString(",\n") buf.WriteString(",\n")

View File

@ -8,6 +8,8 @@ import (
) )
// StringValue returns the string representation of a value. // StringValue returns the string representation of a value.
//
// Deprecated: Use Prettify instead.
func StringValue(i interface{}) string { func StringValue(i interface{}) string {
var buf bytes.Buffer var buf bytes.Buffer
stringValue(reflect.ValueOf(i), 0, &buf) stringValue(reflect.ValueOf(i), 0, &buf)

View File

@ -1,3 +1,4 @@
//go:build !go1.9
// +build !go1.9 // +build !go1.9
package aws package aws

View File

@ -1,3 +1,4 @@
//go:build go1.9
// +build go1.9 // +build go1.9
package aws package aws

View File

@ -1,3 +1,4 @@
//go:build !go1.7
// +build !go1.7 // +build !go1.7
package aws package aws

View File

@ -1,3 +1,4 @@
//go:build go1.7
// +build go1.7 // +build go1.7
package aws package aws

View File

@ -1,3 +1,4 @@
//go:build !go1.7
// +build !go1.7 // +build !go1.7
package credentials package credentials

View File

@ -1,3 +1,4 @@
//go:build go1.7
// +build go1.7 // +build go1.7
package credentials package credentials

View File

@ -1,3 +1,4 @@
//go:build !go1.9
// +build !go1.9 // +build !go1.9
package credentials package credentials

View File

@ -1,3 +1,4 @@
//go:build go1.9
// +build go1.9 // +build go1.9
package credentials package credentials

View File

@ -1,3 +1,4 @@
//go:build !windows
// +build !windows // +build !windows
package ssocreds package ssocreds

View File

@ -13,7 +13,6 @@ package ec2metadata
import ( import (
"bytes" "bytes"
"errors"
"io" "io"
"net/http" "net/http"
"net/url" "net/url"
@ -234,7 +233,8 @@ func unmarshalError(r *request.Request) {
// Response body format is not consistent between metadata endpoints. // Response body format is not consistent between metadata endpoints.
// Grab the error message as a string and include that as the source error // Grab the error message as a string and include that as the source error
r.Error = awserr.NewRequestFailure(awserr.New("EC2MetadataError", "failed to make EC2Metadata request", errors.New(b.String())), r.Error = awserr.NewRequestFailure(
awserr.New("EC2MetadataError", "failed to make EC2Metadata request\n"+b.String(), nil),
r.HTTPResponse.StatusCode, r.RequestID) r.HTTPResponse.StatusCode, r.RequestID)
} }

View File

@ -81,7 +81,6 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol
// Customization // Customization
for i := 0; i < len(ps); i++ { for i := 0; i < len(ps); i++ {
p := &ps[i] p := &ps[i]
custAddEC2Metadata(p)
custAddS3DualStack(p) custAddS3DualStack(p)
custRegionalS3(p) custRegionalS3(p)
custRmIotDataService(p) custRmIotDataService(p)
@ -140,19 +139,6 @@ func custAddDualstack(p *partition, svcName string) {
p.Services[svcName] = s p.Services[svcName] = s
} }
func custAddEC2Metadata(p *partition) {
p.Services["ec2metadata"] = service{
IsRegionalized: boxedFalse,
PartitionEndpoint: "aws-global",
Endpoints: endpoints{
"aws-global": endpoint{
Hostname: "169.254.169.254/latest",
Protocols: []string{"http"},
},
},
}
}
func custRmIotDataService(p *partition) { func custRmIotDataService(p *partition) {
delete(p.Services, "data.iot") delete(p.Services, "data.iot")
} }

View File

@ -32,7 +32,6 @@ const (
EuWest1RegionID = "eu-west-1" // Europe (Ireland). EuWest1RegionID = "eu-west-1" // Europe (Ireland).
EuWest2RegionID = "eu-west-2" // Europe (London). EuWest2RegionID = "eu-west-2" // Europe (London).
EuWest3RegionID = "eu-west-3" // Europe (Paris). EuWest3RegionID = "eu-west-3" // Europe (Paris).
InAmazon1RegionID = "in-amazon-1" // India (Begumpet).
MeSouth1RegionID = "me-south-1" // Middle East (Bahrain). MeSouth1RegionID = "me-south-1" // Middle East (Bahrain).
SaEast1RegionID = "sa-east-1" // South America (Sao Paulo). SaEast1RegionID = "sa-east-1" // South America (Sao Paulo).
UsEast1RegionID = "us-east-1" // US East (N. Virginia). UsEast1RegionID = "us-east-1" // US East (N. Virginia).
@ -101,7 +100,7 @@ var awsPartition = partition{
DNSSuffix: "amazonaws.com", DNSSuffix: "amazonaws.com",
RegionRegex: regionRegex{ RegionRegex: regionRegex{
Regexp: func() *regexp.Regexp { Regexp: func() *regexp.Regexp {
reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af|in)\\-\\w+\\-\\d+$") reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$")
return reg return reg
}(), }(),
}, },
@ -156,9 +155,6 @@ var awsPartition = partition{
"eu-west-3": region{ "eu-west-3": region{
Description: "Europe (Paris)", Description: "Europe (Paris)",
}, },
"in-amazon-1": region{
Description: "India (Begumpet)",
},
"me-south-1": region{ "me-south-1": region{
Description: "Middle East (Bahrain)", Description: "Middle East (Bahrain)",
}, },
@ -369,6 +365,30 @@ var awsPartition = partition{
"us-west-2": endpoint{}, "us-west-2": endpoint{},
}, },
}, },
"amplify": service{
Endpoints: endpoints{
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
"me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
"amplifybackend": service{ "amplifybackend": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -652,9 +672,33 @@ var awsPartition = partition{
"eu-north-1": endpoint{}, "eu-north-1": endpoint{},
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{}, "eu-west-2": endpoint{},
"us-east-1": endpoint{}, "fips-ca-central-1": endpoint{
"us-east-2": endpoint{}, Hostname: "api.fleethub.iot-fips.ca-central-1.amazonaws.com",
"us-west-2": endpoint{}, CredentialScope: credentialScope{
Region: "ca-central-1",
},
},
"fips-us-east-1": endpoint{
Hostname: "api.fleethub.iot-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
"fips-us-east-2": endpoint{
Hostname: "api.fleethub.iot-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
},
"fips-us-west-2": endpoint{
Hostname: "api.fleethub.iot-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-2": endpoint{},
}, },
}, },
"api.mediatailor": service{ "api.mediatailor": service{
@ -771,6 +815,7 @@ var awsPartition = partition{
"appflow": service{ "appflow": service{
Endpoints: endpoints{ Endpoints: endpoints{
"af-south-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
@ -866,6 +911,7 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
"eu-central-1": endpoint{}, "eu-central-1": endpoint{},
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"fips": endpoint{ "fips": endpoint{
Hostname: "appstream2-fips.us-west-2.amazonaws.com", Hostname: "appstream2-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{ CredentialScope: credentialScope{
@ -882,6 +928,7 @@ var awsPartition = partition{
"ap-east-1": endpoint{}, "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-northeast-3": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
@ -900,6 +947,18 @@ var awsPartition = partition{
"us-west-2": endpoint{}, "us-west-2": endpoint{},
}, },
}, },
"aps": service{
Defaults: endpoint{
Protocols: []string{"https"},
},
Endpoints: endpoints{
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-2": endpoint{},
},
},
"athena": service{ "athena": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -907,6 +966,7 @@ var awsPartition = partition{
"ap-east-1": endpoint{}, "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-northeast-3": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
@ -986,6 +1046,7 @@ var awsPartition = partition{
"ap-east-1": endpoint{}, "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-northeast-3": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
@ -1357,6 +1418,7 @@ var awsPartition = partition{
"ap-east-1": endpoint{}, "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-northeast-3": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
@ -1837,6 +1899,59 @@ var awsPartition = partition{
"us-east-1": endpoint{}, "us-east-1": endpoint{},
}, },
}, },
"data.jobs.iot": service{
Endpoints: endpoints{
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
"fips-ca-central-1": endpoint{
Hostname: "data.jobs.iot-fips.ca-central-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "ca-central-1",
},
},
"fips-us-east-1": endpoint{
Hostname: "data.jobs.iot-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
"fips-us-east-2": endpoint{
Hostname: "data.jobs.iot-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
},
"fips-us-west-1": endpoint{
Hostname: "data.jobs.iot-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-1",
},
},
"fips-us-west-2": endpoint{
Hostname: "data.jobs.iot-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
"me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
"data.mediastore": service{ "data.mediastore": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -1884,6 +1999,7 @@ var awsPartition = partition{
"ap-east-1": endpoint{}, "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-northeast-3": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
@ -2146,6 +2262,7 @@ var awsPartition = partition{
"ap-east-1": endpoint{}, "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-northeast-3": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
@ -2373,17 +2490,6 @@ var awsPartition = partition{
"us-west-2": endpoint{}, "us-west-2": endpoint{},
}, },
}, },
"ec2metadata": service{
PartitionEndpoint: "aws-global",
IsRegionalized: boxedFalse,
Endpoints: endpoints{
"aws-global": endpoint{
Hostname: "169.254.169.254/latest",
Protocols: []string{"http"},
},
},
},
"ecs": service{ "ecs": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -2873,11 +2979,41 @@ var awsPartition = partition{
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{}, "eu-west-2": endpoint{},
"eu-west-3": endpoint{}, "eu-west-3": endpoint{},
"sa-east-1": endpoint{}, "fips-ca-central-1": endpoint{
"us-east-1": endpoint{}, Hostname: "emr-containers-fips.ca-central-1.amazonaws.com",
"us-east-2": endpoint{}, CredentialScope: credentialScope{
"us-west-1": endpoint{}, Region: "ca-central-1",
"us-west-2": endpoint{}, },
},
"fips-us-east-1": endpoint{
Hostname: "emr-containers-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
"fips-us-east-2": endpoint{
Hostname: "emr-containers-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
},
"fips-us-west-1": endpoint{
Hostname: "emr-containers-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-1",
},
},
"fips-us-west-2": endpoint{
Hostname: "emr-containers-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
}, },
}, },
"entitlement.marketplace": service{ "entitlement.marketplace": service{
@ -3051,6 +3187,7 @@ var awsPartition = partition{
"ap-east-1": endpoint{}, "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-northeast-3": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
@ -3249,6 +3386,17 @@ var awsPartition = partition{
"us-west-2": endpoint{}, "us-west-2": endpoint{},
}, },
}, },
"frauddetector": service{
Endpoints: endpoints{
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"eu-west-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-2": endpoint{},
},
},
"fsx": service{ "fsx": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -3256,6 +3404,7 @@ var awsPartition = partition{
"ap-east-1": endpoint{}, "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-northeast-3": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
@ -3559,6 +3708,8 @@ var awsPartition = partition{
}, },
Endpoints: endpoints{ Endpoints: endpoints{
"us-east-1": endpoint{}, "us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-2": endpoint{},
}, },
}, },
"honeycode": service{ "honeycode": service{
@ -3586,6 +3737,18 @@ var awsPartition = partition{
}, },
}, },
}, },
"identity-chime": service{
Endpoints: endpoints{
"us-east-1": endpoint{},
"us-east-1-fips": endpoint{
Hostname: "identity-chime-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
},
},
"identitystore": service{ "identitystore": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -3679,18 +3842,49 @@ var awsPartition = partition{
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{}, "eu-west-2": endpoint{},
"eu-west-3": endpoint{}, "eu-west-3": endpoint{},
"me-south-1": endpoint{}, "fips-ca-central-1": endpoint{
"sa-east-1": endpoint{}, Hostname: "iot-fips.ca-central-1.amazonaws.com",
"us-east-1": endpoint{}, CredentialScope: credentialScope{
"us-east-2": endpoint{}, Service: "execute-api",
"us-west-1": endpoint{}, },
"us-west-2": endpoint{}, },
"fips-us-east-1": endpoint{
Hostname: "iot-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Service: "execute-api",
},
},
"fips-us-east-2": endpoint{
Hostname: "iot-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Service: "execute-api",
},
},
"fips-us-west-1": endpoint{
Hostname: "iot-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Service: "execute-api",
},
},
"fips-us-west-2": endpoint{
Hostname: "iot-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Service: "execute-api",
},
},
"me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
}, },
}, },
"iotanalytics": service{ "iotanalytics": service{
Endpoints: endpoints{ Endpoints: endpoints{
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
"eu-central-1": endpoint{}, "eu-central-1": endpoint{},
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
@ -3794,12 +3988,42 @@ var awsPartition = partition{
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{}, "eu-west-2": endpoint{},
"eu-west-3": endpoint{}, "eu-west-3": endpoint{},
"me-south-1": endpoint{}, "fips-ca-central-1": endpoint{
"sa-east-1": endpoint{}, Hostname: "api.tunneling.iot-fips.ca-central-1.amazonaws.com",
"us-east-1": endpoint{}, CredentialScope: credentialScope{
"us-east-2": endpoint{}, Region: "ca-central-1",
"us-west-1": endpoint{}, },
"us-west-2": endpoint{}, },
"fips-us-east-1": endpoint{
Hostname: "api.tunneling.iot-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
"fips-us-east-2": endpoint{
Hostname: "api.tunneling.iot-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
},
"fips-us-west-1": endpoint{
Hostname: "api.tunneling.iot-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-1",
},
},
"fips-us-west-2": endpoint{
Hostname: "api.tunneling.iot-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
"me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
}, },
}, },
"iotthingsgraph": service{ "iotthingsgraph": service{
@ -3820,6 +4044,18 @@ var awsPartition = partition{
"iotwireless": service{ "iotwireless": service{
Endpoints: endpoints{ Endpoints: endpoints{
"ap-northeast-1": endpoint{
Hostname: "api.iotwireless.ap-northeast-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "ap-northeast-1",
},
},
"ap-southeast-2": endpoint{
Hostname: "api.iotwireless.ap-southeast-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "ap-southeast-2",
},
},
"eu-west-1": endpoint{ "eu-west-1": endpoint{
Hostname: "api.iotwireless.eu-west-1.amazonaws.com", Hostname: "api.iotwireless.eu-west-1.amazonaws.com",
CredentialScope: credentialScope{ CredentialScope: credentialScope{
@ -3832,6 +4068,12 @@ var awsPartition = partition{
Region: "us-east-1", Region: "us-east-1",
}, },
}, },
"us-west-2": endpoint{
Hostname: "api.iotwireless.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
}, },
}, },
"kafka": service{ "kafka": service{
@ -4433,6 +4675,7 @@ var awsPartition = partition{
"eu-west-3": endpoint{}, "eu-west-3": endpoint{},
"sa-east-1": endpoint{}, "sa-east-1": endpoint{},
"us-east-1": endpoint{}, "us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{}, "us-west-1": endpoint{},
"us-west-2": endpoint{}, "us-west-2": endpoint{},
}, },
@ -4451,6 +4694,18 @@ var awsPartition = partition{
"us-west-2": endpoint{}, "us-west-2": endpoint{},
}, },
}, },
"messaging-chime": service{
Endpoints: endpoints{
"us-east-1": endpoint{},
"us-east-1-fips": endpoint{
Hostname: "messaging-chime-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
},
},
"metering.marketplace": service{ "metering.marketplace": service{
Defaults: endpoint{ Defaults: endpoint{
CredentialScope: credentialScope{ CredentialScope: credentialScope{
@ -4815,6 +5070,12 @@ var awsPartition = partition{
Region: "eu-west-2", Region: "eu-west-2",
}, },
}, },
"eu-west-3": endpoint{
Hostname: "oidc.eu-west-3.amazonaws.com",
CredentialScope: credentialScope{
Region: "eu-west-3",
},
},
"us-east-1": endpoint{ "us-east-1": endpoint{
Hostname: "oidc.us-east-1.amazonaws.com", Hostname: "oidc.us-east-1.amazonaws.com",
CredentialScope: credentialScope{ CredentialScope: credentialScope{
@ -4895,6 +5156,7 @@ var awsPartition = partition{
"ap-east-1": endpoint{}, "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-northeast-3": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
@ -5141,6 +5403,7 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
"eu-central-1": endpoint{}, "eu-central-1": endpoint{},
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"fips-us-east-1": endpoint{ "fips-us-east-1": endpoint{
Hostname: "qldb-fips.us-east-1.amazonaws.com", Hostname: "qldb-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{ CredentialScope: credentialScope{
@ -5463,6 +5726,17 @@ var awsPartition = partition{
}, },
}, },
}, },
"route53-recovery-control-config": service{
Endpoints: endpoints{
"aws-global": endpoint{
Hostname: "route53-recovery-control-config.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
},
},
"route53domains": service{ "route53domains": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -6303,6 +6577,7 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
"eu-central-1": endpoint{}, "eu-central-1": endpoint{},
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"fips-us-east-1": endpoint{ "fips-us-east-1": endpoint{
Hostname: "session.qldb-fips.us-east-1.amazonaws.com", Hostname: "session.qldb-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{ CredentialScope: credentialScope{
@ -6738,6 +7013,7 @@ var awsPartition = partition{
"ap-east-1": endpoint{}, "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-northeast-3": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
@ -6851,15 +7127,9 @@ var awsPartition = partition{
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{}, "eu-west-2": endpoint{},
"eu-west-3": endpoint{}, "eu-west-3": endpoint{},
"in-amazon-1": endpoint{ "me-south-1": endpoint{},
Hostname: "sts.ap-south-1.amazonaws.com", "sa-east-1": endpoint{},
CredentialScope: credentialScope{ "us-east-1": endpoint{},
Region: "ap-south-1",
},
},
"me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-1-fips": endpoint{ "us-east-1-fips": endpoint{
Hostname: "sts-fips.us-east-1.amazonaws.com", Hostname: "sts-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{ CredentialScope: credentialScope{
@ -7751,9 +8021,17 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{}, "cn-northwest-1": endpoint{},
}, },
}, },
"data.jobs.iot": service{
Endpoints: endpoints{
"cn-north-1": endpoint{},
"cn-northwest-1": endpoint{},
},
},
"dax": service{ "dax": service{
Endpoints: endpoints{ Endpoints: endpoints{
"cn-north-1": endpoint{},
"cn-northwest-1": endpoint{}, "cn-northwest-1": endpoint{},
}, },
}, },
@ -7814,17 +8092,6 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{}, "cn-northwest-1": endpoint{},
}, },
}, },
"ec2metadata": service{
PartitionEndpoint: "aws-global",
IsRegionalized: boxedFalse,
Endpoints: endpoints{
"aws-global": endpoint{
Hostname: "169.254.169.254/latest",
Protocols: []string{"http"},
},
},
},
"ecs": service{ "ecs": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -7892,6 +8159,13 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{}, "cn-northwest-1": endpoint{},
}, },
}, },
"emr-containers": service{
Endpoints: endpoints{
"cn-north-1": endpoint{},
"cn-northwest-1": endpoint{},
},
},
"es": service{ "es": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -7913,6 +8187,15 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{}, "cn-northwest-1": endpoint{},
}, },
}, },
"fms": service{
Defaults: endpoint{
Protocols: []string{"https"},
},
Endpoints: endpoints{
"cn-north-1": endpoint{},
"cn-northwest-1": endpoint{},
},
},
"fsx": service{ "fsx": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -7923,7 +8206,8 @@ var awscnPartition = partition{
"gamelift": service{ "gamelift": service{
Endpoints: endpoints{ Endpoints: endpoints{
"cn-north-1": endpoint{}, "cn-north-1": endpoint{},
"cn-northwest-1": endpoint{},
}, },
}, },
"glacier": service{ "glacier": service{
@ -8108,6 +8392,12 @@ var awscnPartition = partition{
"neptune": service{ "neptune": service{
Endpoints: endpoints{ Endpoints: endpoints{
"cn-north-1": endpoint{
Hostname: "rds.cn-north-1.amazonaws.com.cn",
CredentialScope: credentialScope{
Region: "cn-north-1",
},
},
"cn-northwest-1": endpoint{ "cn-northwest-1": endpoint{
Hostname: "rds.cn-northwest-1.amazonaws.com.cn", Hostname: "rds.cn-northwest-1.amazonaws.com.cn",
CredentialScope: credentialScope{ CredentialScope: credentialScope{
@ -8415,6 +8705,13 @@ var awscnPartition = partition{
}, },
}, },
}, },
"transcribestreaming": service{
Endpoints: endpoints{
"cn-north-1": endpoint{},
"cn-northwest-1": endpoint{},
},
},
"transfer": service{ "transfer": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -8936,6 +9233,25 @@ var awsusgovPartition = partition{
"us-gov-west-1": endpoint{}, "us-gov-west-1": endpoint{},
}, },
}, },
"data.jobs.iot": service{
Endpoints: endpoints{
"fips-us-gov-east-1": endpoint{
Hostname: "data.jobs.iot-fips.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-east-1",
},
},
"fips-us-gov-west-1": endpoint{
Hostname: "data.jobs.iot-fips.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-west-1",
},
},
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
},
"datasync": service{ "datasync": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -9058,17 +9374,6 @@ var awsusgovPartition = partition{
}, },
}, },
}, },
"ec2metadata": service{
PartitionEndpoint: "aws-global",
IsRegionalized: boxedFalse,
Endpoints: endpoints{
"aws-global": endpoint{
Hostname: "169.254.169.254/latest",
Protocols: []string{"http"},
},
},
},
"ecs": service{ "ecs": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -9454,6 +9759,18 @@ var awsusgovPartition = partition{
}, },
}, },
Endpoints: endpoints{ Endpoints: endpoints{
"fips-us-gov-east-1": endpoint{
Hostname: "iot-fips.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Service: "execute-api",
},
},
"fips-us-gov-west-1": endpoint{
Hostname: "iot-fips.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Service: "execute-api",
},
},
"us-gov-east-1": endpoint{}, "us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{}, "us-gov-west-1": endpoint{},
}, },
@ -9461,6 +9778,18 @@ var awsusgovPartition = partition{
"iotsecuredtunneling": service{ "iotsecuredtunneling": service{
Endpoints: endpoints{ Endpoints: endpoints{
"fips-us-gov-east-1": endpoint{
Hostname: "api.tunneling.iot-fips.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-east-1",
},
},
"fips-us-gov-west-1": endpoint{
Hostname: "api.tunneling.iot-fips.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-west-1",
},
},
"us-gov-east-1": endpoint{}, "us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{}, "us-gov-west-1": endpoint{},
}, },
@ -9633,6 +9962,25 @@ var awsusgovPartition = partition{
"us-gov-west-1": endpoint{}, "us-gov-west-1": endpoint{},
}, },
}, },
"mq": service{
Endpoints: endpoints{
"fips-us-gov-east-1": endpoint{
Hostname: "mq-fips.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-east-1",
},
},
"fips-us-gov-west-1": endpoint{
Hostname: "mq-fips.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-west-1",
},
},
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
},
"neptune": service{ "neptune": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -10522,17 +10870,6 @@ var awsisoPartition = partition{
"us-iso-east-1": endpoint{}, "us-iso-east-1": endpoint{},
}, },
}, },
"ec2metadata": service{
PartitionEndpoint: "aws-global",
IsRegionalized: boxedFalse,
Endpoints: endpoints{
"aws-global": endpoint{
Hostname: "169.254.169.254/latest",
Protocols: []string{"http"},
},
},
},
"ecs": service{ "ecs": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -10642,6 +10979,12 @@ var awsisoPartition = partition{
"us-iso-east-1": endpoint{}, "us-iso-east-1": endpoint{},
}, },
}, },
"license-manager": service{
Endpoints: endpoints{
"us-iso-east-1": endpoint{},
},
},
"logs": service{ "logs": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -10703,6 +11046,12 @@ var awsisoPartition = partition{
}, },
}, },
}, },
"route53resolver": service{
Endpoints: endpoints{
"us-iso-east-1": endpoint{},
},
},
"runtime.sagemaker": service{ "runtime.sagemaker": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -10923,6 +11272,12 @@ var awsisobPartition = partition{
"us-isob-east-1": endpoint{}, "us-isob-east-1": endpoint{},
}, },
}, },
"ds": service{
Endpoints: endpoints{
"us-isob-east-1": endpoint{},
},
},
"dynamodb": service{ "dynamodb": service{
Defaults: endpoint{ Defaults: endpoint{
Protocols: []string{"http", "https"}, Protocols: []string{"http", "https"},
@ -10939,17 +11294,6 @@ var awsisobPartition = partition{
"us-isob-east-1": endpoint{}, "us-isob-east-1": endpoint{},
}, },
}, },
"ec2metadata": service{
PartitionEndpoint: "aws-global",
IsRegionalized: boxedFalse,
Endpoints: endpoints{
"aws-global": endpoint{
Hostname: "169.254.169.254/latest",
Protocols: []string{"http"},
},
},
},
"ecs": service{ "ecs": service{
Endpoints: endpoints{ Endpoints: endpoints{
@ -11155,6 +11499,12 @@ var awsisobPartition = partition{
}, },
"swf": service{ "swf": service{
Endpoints: endpoints{
"us-isob-east-1": endpoint{},
},
},
"tagging": service{
Endpoints: endpoints{ Endpoints: endpoints{
"us-isob-east-1": endpoint{}, "us-isob-east-1": endpoint{},
}, },

View File

@ -48,6 +48,9 @@ type Options struct {
// This option is ignored if StrictMatching is enabled. // This option is ignored if StrictMatching is enabled.
ResolveUnknownService bool ResolveUnknownService bool
// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
EC2MetadataEndpointMode EC2IMDSEndpointModeState
// STS Regional Endpoint flag helps with resolving the STS endpoint // STS Regional Endpoint flag helps with resolving the STS endpoint
STSRegionalEndpoint STSRegionalEndpoint STSRegionalEndpoint STSRegionalEndpoint
@ -55,6 +58,33 @@ type Options struct {
S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint
} }
// EC2IMDSEndpointModeState is an enum configuration variable describing the client endpoint mode.
type EC2IMDSEndpointModeState uint
// Enumeration values for EC2IMDSEndpointModeState
const (
EC2IMDSEndpointModeStateUnset EC2IMDSEndpointModeState = iota
EC2IMDSEndpointModeStateIPv4
EC2IMDSEndpointModeStateIPv6
)
// SetFromString sets the EC2IMDSEndpointModeState based on the provided string value. Unknown values will default to EC2IMDSEndpointModeStateUnset
func (e *EC2IMDSEndpointModeState) SetFromString(v string) error {
v = strings.TrimSpace(v)
switch {
case len(v) == 0:
*e = EC2IMDSEndpointModeStateUnset
case strings.EqualFold(v, "IPv6"):
*e = EC2IMDSEndpointModeStateIPv6
case strings.EqualFold(v, "IPv4"):
*e = EC2IMDSEndpointModeStateIPv4
default:
return fmt.Errorf("unknown EC2 IMDS endpoint mode, must be either IPv6 or IPv4")
}
return nil
}
// STSRegionalEndpoint is an enum for the states of the STS Regional Endpoint // STSRegionalEndpoint is an enum for the states of the STS Regional Endpoint
// options. // options.
type STSRegionalEndpoint int type STSRegionalEndpoint int
@ -247,7 +277,7 @@ func RegionsForService(ps []Partition, partitionID, serviceID string) (map[strin
if p.ID() != partitionID { if p.ID() != partitionID {
continue continue
} }
if _, ok := p.p.Services[serviceID]; !ok { if _, ok := p.p.Services[serviceID]; !(ok || serviceID == Ec2metadataServiceID) {
break break
} }
@ -333,6 +363,7 @@ func (p Partition) Regions() map[string]Region {
// enumerating over the services in a partition. // enumerating over the services in a partition.
func (p Partition) Services() map[string]Service { func (p Partition) Services() map[string]Service {
ss := make(map[string]Service, len(p.p.Services)) ss := make(map[string]Service, len(p.p.Services))
for id := range p.p.Services { for id := range p.p.Services {
ss[id] = Service{ ss[id] = Service{
id: id, id: id,
@ -340,6 +371,15 @@ func (p Partition) Services() map[string]Service {
} }
} }
// Since we have removed the customization that injected this into the model
// we still need to pretend that this is a modeled service.
if _, ok := ss[Ec2metadataServiceID]; !ok {
ss[Ec2metadataServiceID] = Service{
id: Ec2metadataServiceID,
p: p.p,
}
}
return ss return ss
} }
@ -400,7 +440,18 @@ func (s Service) ResolveEndpoint(region string, opts ...func(*Options)) (Resolve
// an URL that can be resolved to a instance of a service. // an URL that can be resolved to a instance of a service.
func (s Service) Regions() map[string]Region { func (s Service) Regions() map[string]Region {
rs := map[string]Region{} rs := map[string]Region{}
for id := range s.p.Services[s.id].Endpoints {
service, ok := s.p.Services[s.id]
// Since ec2metadata customization has been removed we need to check
// if it was defined in non-standard endpoints.json file. If it's not
// then we can return the empty map as there is no regional-endpoints for IMDS.
// Otherwise, we iterate need to iterate the non-standard model.
if s.id == Ec2metadataServiceID && !ok {
return rs
}
for id := range service.Endpoints {
if r, ok := s.p.Regions[id]; ok { if r, ok := s.p.Regions[id]; ok {
rs[id] = Region{ rs[id] = Region{
id: id, id: id,

View File

@ -7,6 +7,11 @@ import (
"strings" "strings"
) )
const (
ec2MetadataEndpointIPv6 = "http://[fd00:ec2::254]/latest"
ec2MetadataEndpointIPv4 = "http://169.254.169.254/latest"
)
var regionValidationRegex = regexp.MustCompile(`^[[:alnum:]]([[:alnum:]\-]*[[:alnum:]])?$`) var regionValidationRegex = regexp.MustCompile(`^[[:alnum:]]([[:alnum:]\-]*[[:alnum:]])?$`)
type partitions []partition type partitions []partition
@ -102,6 +107,12 @@ func (p partition) EndpointFor(service, region string, opts ...func(*Options)) (
opt.Set(opts...) opt.Set(opts...)
s, hasService := p.Services[service] s, hasService := p.Services[service]
if service == Ec2metadataServiceID && !hasService {
endpoint := getEC2MetadataEndpoint(p.ID, service, opt.EC2MetadataEndpointMode)
return endpoint, nil
}
if len(service) == 0 || !(hasService || opt.ResolveUnknownService) { if len(service) == 0 || !(hasService || opt.ResolveUnknownService) {
// Only return error if the resolver will not fallback to creating // Only return error if the resolver will not fallback to creating
// endpoint based on service endpoint ID passed in. // endpoint based on service endpoint ID passed in.
@ -129,6 +140,31 @@ func (p partition) EndpointFor(service, region string, opts ...func(*Options)) (
return e.resolve(service, p.ID, region, p.DNSSuffix, defs, opt) return e.resolve(service, p.ID, region, p.DNSSuffix, defs, opt)
} }
func getEC2MetadataEndpoint(partitionID, service string, mode EC2IMDSEndpointModeState) ResolvedEndpoint {
switch mode {
case EC2IMDSEndpointModeStateIPv6:
return ResolvedEndpoint{
URL: ec2MetadataEndpointIPv6,
PartitionID: partitionID,
SigningRegion: "aws-global",
SigningName: service,
SigningNameDerived: true,
SigningMethod: "v4",
}
case EC2IMDSEndpointModeStateIPv4:
fallthrough
default:
return ResolvedEndpoint{
URL: ec2MetadataEndpointIPv4,
PartitionID: partitionID,
SigningRegion: "aws-global",
SigningName: service,
SigningNameDerived: true,
SigningMethod: "v4",
}
}
}
func serviceList(ss services) []string { func serviceList(ss services) []string {
list := make([]string, 0, len(ss)) list := make([]string, 0, len(ss))
for k := range ss { for k := range ss {

View File

@ -1,3 +1,4 @@
//go:build codegen
// +build codegen // +build codegen
package endpoints package endpoints

View File

@ -1,3 +1,4 @@
//go:build !go1.8
// +build !go1.8 // +build !go1.8
package request package request

View File

@ -1,3 +1,4 @@
//go:build go1.8
// +build go1.8 // +build go1.8
package request package request

View File

@ -1,3 +1,4 @@
//go:build go1.7
// +build go1.7 // +build go1.7
package request package request

View File

@ -1,3 +1,4 @@
//go:build !go1.7
// +build !go1.7 // +build !go1.7
package request package request

View File

@ -1,3 +1,4 @@
//go:build go1.13
// +build go1.13 // +build go1.13
package session package session

View File

@ -1,3 +1,4 @@
//go:build !go1.13 && go1.7
// +build !go1.13,go1.7 // +build !go1.13,go1.7
package session package session

View File

@ -1,3 +1,4 @@
//go:build !go1.6 && go1.5
// +build !go1.6,go1.5 // +build !go1.6,go1.5
package session package session

View File

@ -1,3 +1,4 @@
//go:build !go1.7 && go1.6
// +build !go1.7,go1.6 // +build !go1.7,go1.6
package session package session

View File

@ -283,7 +283,7 @@ component must be enclosed in square brackets.
The custom EC2 IMDS endpoint can also be specified via the Session options. The custom EC2 IMDS endpoint can also be specified via the Session options.
sess, err := session.NewSessionWithOptions(session.Options{ sess, err := session.NewSessionWithOptions(session.Options{
EC2IMDSEndpoint: "http://[::1]", EC2MetadataEndpoint: "http://[::1]",
}) })
*/ */
package session package session

View File

@ -161,10 +161,15 @@ type envConfig struct {
// AWS_S3_USE_ARN_REGION=true // AWS_S3_USE_ARN_REGION=true
S3UseARNRegion bool S3UseARNRegion bool
// Specifies the alternative endpoint to use for EC2 IMDS. // Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode.
// //
// AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1] // AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1]
EC2IMDSEndpoint string EC2IMDSEndpoint string
// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
//
// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
} }
var ( var (
@ -231,6 +236,9 @@ var (
ec2IMDSEndpointEnvKey = []string{ ec2IMDSEndpointEnvKey = []string{
"AWS_EC2_METADATA_SERVICE_ENDPOINT", "AWS_EC2_METADATA_SERVICE_ENDPOINT",
} }
ec2IMDSEndpointModeEnvKey = []string{
"AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE",
}
useCABundleKey = []string{ useCABundleKey = []string{
"AWS_CA_BUNDLE", "AWS_CA_BUNDLE",
} }
@ -364,6 +372,9 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) {
} }
setFromEnvVal(&cfg.EC2IMDSEndpoint, ec2IMDSEndpointEnvKey) setFromEnvVal(&cfg.EC2IMDSEndpoint, ec2IMDSEndpointEnvKey)
if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil {
return envConfig{}, err
}
return cfg, nil return cfg, nil
} }
@ -376,3 +387,17 @@ func setFromEnvVal(dst *string, keys []string) {
} }
} }
} }
func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error {
for _, k := range keys {
value := os.Getenv(k)
if len(value) == 0 {
continue
}
if err := mode.SetFromString(value); err != nil {
return fmt.Errorf("invalid value for environment variable, %s=%s, %v", k, value, err)
}
return nil
}
return nil
}

View File

@ -283,8 +283,8 @@ type Options struct {
Handlers request.Handlers Handlers request.Handlers
// Allows specifying a custom endpoint to be used by the EC2 IMDS client // Allows specifying a custom endpoint to be used by the EC2 IMDS client
// when making requests to the EC2 IMDS API. The must endpoint value must // when making requests to the EC2 IMDS API. The endpoint value should
// include protocol prefix. // include the URI scheme. If the scheme is not present it will be defaulted to http.
// //
// If unset, will the EC2 IMDS client will use its default endpoint. // If unset, will the EC2 IMDS client will use its default endpoint.
// //
@ -298,6 +298,11 @@ type Options struct {
// //
// AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1] // AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1]
EC2IMDSEndpoint string EC2IMDSEndpoint string
// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
//
// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
} }
// NewSessionWithOptions returns a new Session created from SDK defaults, config files, // NewSessionWithOptions returns a new Session created from SDK defaults, config files,
@ -375,19 +380,23 @@ func Must(sess *Session, err error) *Session {
// Wraps the endpoint resolver with a resolver that will return a custom // Wraps the endpoint resolver with a resolver that will return a custom
// endpoint for EC2 IMDS. // endpoint for EC2 IMDS.
func wrapEC2IMDSEndpoint(resolver endpoints.Resolver, endpoint string) endpoints.Resolver { func wrapEC2IMDSEndpoint(resolver endpoints.Resolver, endpoint string, mode endpoints.EC2IMDSEndpointModeState) endpoints.Resolver {
return endpoints.ResolverFunc( return endpoints.ResolverFunc(
func(service, region string, opts ...func(*endpoints.Options)) ( func(service, region string, opts ...func(*endpoints.Options)) (
endpoints.ResolvedEndpoint, error, endpoints.ResolvedEndpoint, error,
) { ) {
if service == ec2MetadataServiceID { if service == ec2MetadataServiceID && len(endpoint) > 0 {
return endpoints.ResolvedEndpoint{ return endpoints.ResolvedEndpoint{
URL: endpoint, URL: endpoint,
SigningName: ec2MetadataServiceID, SigningName: ec2MetadataServiceID,
SigningRegion: region, SigningRegion: region,
}, nil }, nil
} else if service == ec2MetadataServiceID {
opts = append(opts, func(o *endpoints.Options) {
o.EC2MetadataEndpointMode = mode
})
} }
return resolver.EndpointFor(service, region) return resolver.EndpointFor(service, region, opts...)
}) })
} }
@ -404,8 +413,8 @@ func deprecatedNewSession(envCfg envConfig, cfgs ...*aws.Config) *Session {
cfg.EndpointResolver = endpoints.DefaultResolver() cfg.EndpointResolver = endpoints.DefaultResolver()
} }
if len(envCfg.EC2IMDSEndpoint) != 0 { if !(len(envCfg.EC2IMDSEndpoint) == 0 && envCfg.EC2IMDSEndpointMode == endpoints.EC2IMDSEndpointModeStateUnset) {
cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, envCfg.EC2IMDSEndpoint) cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, envCfg.EC2IMDSEndpoint, envCfg.EC2IMDSEndpointMode)
} }
cfg.Credentials = defaults.CredChain(cfg, handlers) cfg.Credentials = defaults.CredChain(cfg, handlers)
@ -737,12 +746,32 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config,
endpoints.LegacyS3UsEast1Endpoint, endpoints.LegacyS3UsEast1Endpoint,
}) })
ec2IMDSEndpoint := sessOpts.EC2IMDSEndpoint var ec2IMDSEndpoint string
if len(ec2IMDSEndpoint) == 0 { for _, v := range []string{
ec2IMDSEndpoint = envCfg.EC2IMDSEndpoint sessOpts.EC2IMDSEndpoint,
envCfg.EC2IMDSEndpoint,
sharedCfg.EC2IMDSEndpoint,
} {
if len(v) != 0 {
ec2IMDSEndpoint = v
break
}
} }
if len(ec2IMDSEndpoint) != 0 {
cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint) var endpointMode endpoints.EC2IMDSEndpointModeState
for _, v := range []endpoints.EC2IMDSEndpointModeState{
sessOpts.EC2IMDSEndpointMode,
envCfg.EC2IMDSEndpointMode,
sharedCfg.EC2IMDSEndpointMode,
} {
if v != endpoints.EC2IMDSEndpointModeStateUnset {
endpointMode = v
break
}
}
if len(ec2IMDSEndpoint) != 0 || endpointMode != endpoints.EC2IMDSEndpointModeStateUnset {
cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode)
} }
// Configure credentials if not already set by the user when creating the // Configure credentials if not already set by the user when creating the

View File

@ -66,6 +66,12 @@ const (
// S3 ARN Region Usage // S3 ARN Region Usage
s3UseARNRegionKey = "s3_use_arn_region" s3UseARNRegionKey = "s3_use_arn_region"
// EC2 IMDS Endpoint Mode
ec2MetadataServiceEndpointModeKey = "ec2_metadata_service_endpoint_mode"
// EC2 IMDS Endpoint
ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint"
) )
// sharedConfig represents the configuration fields of the SDK config files. // sharedConfig represents the configuration fields of the SDK config files.
@ -145,6 +151,16 @@ type sharedConfig struct {
// //
// s3_use_arn_region=true // s3_use_arn_region=true
S3UseARNRegion bool S3UseARNRegion bool
// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
//
// ec2_metadata_service_endpoint_mode=IPv6
EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
// Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode.
//
// ec2_metadata_service_endpoint=http://fd00:ec2::254
EC2IMDSEndpoint string
} }
type sharedConfigFile struct { type sharedConfigFile struct {
@ -334,6 +350,12 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
updateString(&cfg.SSORegion, section, ssoRegionKey) updateString(&cfg.SSORegion, section, ssoRegionKey)
updateString(&cfg.SSORoleName, section, ssoRoleNameKey) updateString(&cfg.SSORoleName, section, ssoRoleNameKey)
updateString(&cfg.SSOStartURL, section, ssoStartURL) updateString(&cfg.SSOStartURL, section, ssoStartURL)
if err := updateEC2MetadataServiceEndpointMode(&cfg.EC2IMDSEndpointMode, section, ec2MetadataServiceEndpointModeKey); err != nil {
return fmt.Errorf("failed to load %s from shared config, %s, %v",
ec2MetadataServiceEndpointModeKey, file.Filename, err)
}
updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey)
} }
updateString(&cfg.CredentialProcess, section, credentialProcessKey) updateString(&cfg.CredentialProcess, section, credentialProcessKey)
@ -364,6 +386,14 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
return nil return nil
} }
func updateEC2MetadataServiceEndpointMode(endpointMode *endpoints.EC2IMDSEndpointModeState, section ini.Section, key string) error {
if !section.Has(key) {
return nil
}
value := section.String(key)
return endpointMode.SetFromString(value)
}
func (cfg *sharedConfig) validateCredentialsConfig(profile string) error { func (cfg *sharedConfig) validateCredentialsConfig(profile string) error {
if err := cfg.validateCredentialsRequireARN(profile); err != nil { if err := cfg.validateCredentialsRequireARN(profile); err != nil {
return err return err

View File

@ -34,23 +34,23 @@ func (m mapRule) IsValid(value string) bool {
return ok return ok
} }
// whitelist is a generic rule for whitelisting // allowList is a generic rule for allow listing
type whitelist struct { type allowList struct {
rule rule
} }
// IsValid for whitelist checks if the value is within the whitelist // IsValid for allow list checks if the value is within the allow list
func (w whitelist) IsValid(value string) bool { func (w allowList) IsValid(value string) bool {
return w.rule.IsValid(value) return w.rule.IsValid(value)
} }
// blacklist is a generic rule for blacklisting // excludeList is a generic rule for exclude listing
type blacklist struct { type excludeList struct {
rule rule
} }
// IsValid for whitelist checks if the value is within the whitelist // IsValid for exclude list checks if the value is within the exclude list
func (b blacklist) IsValid(value string) bool { func (b excludeList) IsValid(value string) bool {
return !b.rule.IsValid(value) return !b.rule.IsValid(value)
} }

View File

@ -1,3 +1,4 @@
//go:build !go1.7
// +build !go1.7 // +build !go1.7
package v4 package v4

View File

@ -1,3 +1,4 @@
//go:build go1.7
// +build go1.7 // +build go1.7
package v4 package v4

View File

@ -1,3 +1,4 @@
//go:build go1.5
// +build go1.5 // +build go1.5
package v4 package v4

View File

@ -90,7 +90,7 @@ const (
) )
var ignoredHeaders = rules{ var ignoredHeaders = rules{
blacklist{ excludeList{
mapRule{ mapRule{
authorizationHeader: struct{}{}, authorizationHeader: struct{}{},
"User-Agent": struct{}{}, "User-Agent": struct{}{},
@ -99,9 +99,9 @@ var ignoredHeaders = rules{
}, },
} }
// requiredSignedHeaders is a whitelist for build canonical headers. // requiredSignedHeaders is a allow list for build canonical headers.
var requiredSignedHeaders = rules{ var requiredSignedHeaders = rules{
whitelist{ allowList{
mapRule{ mapRule{
"Cache-Control": struct{}{}, "Cache-Control": struct{}{},
"Content-Disposition": struct{}{}, "Content-Disposition": struct{}{},
@ -145,12 +145,13 @@ var requiredSignedHeaders = rules{
}, },
}, },
patterns{"X-Amz-Meta-"}, patterns{"X-Amz-Meta-"},
patterns{"X-Amz-Object-Lock-"},
} }
// allowedHoisting is a whitelist for build query headers. The boolean value // allowedHoisting is a allow list for build query headers. The boolean value
// represents whether or not it is a pattern. // represents whether or not it is a pattern.
var allowedQueryHoisting = inclusiveRules{ var allowedQueryHoisting = inclusiveRules{
blacklist{requiredSignedHeaders}, excludeList{requiredSignedHeaders},
patterns{"X-Amz-"}, patterns{"X-Amz-"},
} }
@ -417,7 +418,7 @@ var SignRequestHandler = request.NamedHandler{
// request handler should only be used with the SDK's built in service client's // request handler should only be used with the SDK's built in service client's
// API operation requests. // API operation requests.
// //
// This function should not be used on its on its own, but in conjunction with // This function should not be used on its own, but in conjunction with
// an AWS service client's API operation call. To sign a standalone request // an AWS service client's API operation call. To sign a standalone request
// not created by a service client's API operation method use the "Sign" or // not created by a service client's API operation method use the "Sign" or
// "Presign" functions of the "Signer" type. // "Presign" functions of the "Signer" type.

View File

@ -1,3 +1,4 @@
//go:build go1.8
// +build go1.8 // +build go1.8
package aws package aws

View File

@ -1,3 +1,4 @@
//go:build !go1.8
// +build !go1.8 // +build !go1.8
package aws package aws

View File

@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go" const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK // SDKVersion is the version of this SDK
const SDKVersion = "1.38.63" const SDKVersion = "1.40.34"

View File

@ -1,3 +1,4 @@
//go:build !go1.7
// +build !go1.7 // +build !go1.7
package context package context

View File

@ -13,17 +13,30 @@
// } // }
// //
// Below is the BNF that describes this parser // Below is the BNF that describes this parser
// Grammar: // Grammar:
// stmt -> value stmt' // stmt -> section | stmt'
// stmt' -> epsilon | op stmt // stmt' -> epsilon | expr
// value -> number | string | boolean | quoted_string // expr -> value (stmt)* | equal_expr (stmt)*
// equal_expr -> value ( ':' | '=' ) equal_expr'
// equal_expr' -> number | string | quoted_string
// quoted_string -> " quoted_string'
// quoted_string' -> string quoted_string_end
// quoted_string_end -> "
// //
// section -> [ section' // section -> [ section'
// section' -> value section_close // section' -> section_value section_close
// section_close -> ] // section_value -> number | string_subset | boolean | quoted_string_subset
// quoted_string_subset -> " quoted_string_subset'
// quoted_string_subset' -> string_subset quoted_string_end
// quoted_string_subset -> "
// section_close -> ]
// //
// SkipState will skip (NL WS)+ // value -> number | string_subset | boolean
// string -> ? UTF-8 Code-Points except '\n' (U+000A) and '\r\n' (U+000D U+000A) ?
// string_subset -> ? Code-points excepted by <string> grammar except ':' (U+003A), '=' (U+003D), '[' (U+005B), and ']' (U+005D) ?
// //
// comment -> # comment' | ; comment' // SkipState will skip (NL WS)+
// comment' -> epsilon | value //
// comment -> # comment' | ; comment'
// comment' -> epsilon | value
package ini package ini

View File

@ -1,3 +1,4 @@
//go:build gofuzz
// +build gofuzz // +build gofuzz
package ini package ini

View File

@ -5,9 +5,12 @@ import (
"io" "io"
) )
// ParseState represents the current state of the parser.
type ParseState uint
// State enums for the parse table // State enums for the parse table
const ( const (
InvalidState = iota InvalidState ParseState = iota
// stmt -> value stmt' // stmt -> value stmt'
StatementState StatementState
// stmt' -> MarkComplete | op stmt // stmt' -> MarkComplete | op stmt
@ -36,8 +39,8 @@ const (
) )
// parseTable is a state machine to dictate the grammar above. // parseTable is a state machine to dictate the grammar above.
var parseTable = map[ASTKind]map[TokenType]int{ var parseTable = map[ASTKind]map[TokenType]ParseState{
ASTKindStart: map[TokenType]int{ ASTKindStart: {
TokenLit: StatementState, TokenLit: StatementState,
TokenSep: OpenScopeState, TokenSep: OpenScopeState,
TokenWS: SkipTokenState, TokenWS: SkipTokenState,
@ -45,7 +48,7 @@ var parseTable = map[ASTKind]map[TokenType]int{
TokenComment: CommentState, TokenComment: CommentState,
TokenNone: TerminalState, TokenNone: TerminalState,
}, },
ASTKindCommentStatement: map[TokenType]int{ ASTKindCommentStatement: {
TokenLit: StatementState, TokenLit: StatementState,
TokenSep: OpenScopeState, TokenSep: OpenScopeState,
TokenWS: SkipTokenState, TokenWS: SkipTokenState,
@ -53,7 +56,7 @@ var parseTable = map[ASTKind]map[TokenType]int{
TokenComment: CommentState, TokenComment: CommentState,
TokenNone: MarkCompleteState, TokenNone: MarkCompleteState,
}, },
ASTKindExpr: map[TokenType]int{ ASTKindExpr: {
TokenOp: StatementPrimeState, TokenOp: StatementPrimeState,
TokenLit: ValueState, TokenLit: ValueState,
TokenSep: OpenScopeState, TokenSep: OpenScopeState,
@ -62,13 +65,15 @@ var parseTable = map[ASTKind]map[TokenType]int{
TokenComment: CommentState, TokenComment: CommentState,
TokenNone: MarkCompleteState, TokenNone: MarkCompleteState,
}, },
ASTKindEqualExpr: map[TokenType]int{ ASTKindEqualExpr: {
TokenLit: ValueState, TokenLit: ValueState,
TokenWS: SkipTokenState, TokenSep: ValueState,
TokenNL: SkipState, TokenOp: ValueState,
TokenNone: SkipState, TokenWS: SkipTokenState,
TokenNL: SkipState,
TokenNone: SkipState,
}, },
ASTKindStatement: map[TokenType]int{ ASTKindStatement: {
TokenLit: SectionState, TokenLit: SectionState,
TokenSep: CloseScopeState, TokenSep: CloseScopeState,
TokenWS: SkipTokenState, TokenWS: SkipTokenState,
@ -76,9 +81,9 @@ var parseTable = map[ASTKind]map[TokenType]int{
TokenComment: CommentState, TokenComment: CommentState,
TokenNone: MarkCompleteState, TokenNone: MarkCompleteState,
}, },
ASTKindExprStatement: map[TokenType]int{ ASTKindExprStatement: {
TokenLit: ValueState, TokenLit: ValueState,
TokenSep: OpenScopeState, TokenSep: ValueState,
TokenOp: ValueState, TokenOp: ValueState,
TokenWS: ValueState, TokenWS: ValueState,
TokenNL: MarkCompleteState, TokenNL: MarkCompleteState,
@ -86,14 +91,14 @@ var parseTable = map[ASTKind]map[TokenType]int{
TokenNone: TerminalState, TokenNone: TerminalState,
TokenComma: SkipState, TokenComma: SkipState,
}, },
ASTKindSectionStatement: map[TokenType]int{ ASTKindSectionStatement: {
TokenLit: SectionState, TokenLit: SectionState,
TokenOp: SectionState, TokenOp: SectionState,
TokenSep: CloseScopeState, TokenSep: CloseScopeState,
TokenWS: SectionState, TokenWS: SectionState,
TokenNL: SkipTokenState, TokenNL: SkipTokenState,
}, },
ASTKindCompletedSectionStatement: map[TokenType]int{ ASTKindCompletedSectionStatement: {
TokenWS: SkipTokenState, TokenWS: SkipTokenState,
TokenNL: SkipTokenState, TokenNL: SkipTokenState,
TokenLit: StatementState, TokenLit: StatementState,
@ -101,7 +106,7 @@ var parseTable = map[ASTKind]map[TokenType]int{
TokenComment: CommentState, TokenComment: CommentState,
TokenNone: MarkCompleteState, TokenNone: MarkCompleteState,
}, },
ASTKindSkipStatement: map[TokenType]int{ ASTKindSkipStatement: {
TokenLit: StatementState, TokenLit: StatementState,
TokenSep: OpenScopeState, TokenSep: OpenScopeState,
TokenWS: SkipTokenState, TokenWS: SkipTokenState,
@ -205,18 +210,6 @@ loop:
case ValueState: case ValueState:
// ValueState requires the previous state to either be an equal expression // ValueState requires the previous state to either be an equal expression
// or an expression statement. // or an expression statement.
//
// This grammar occurs when the RHS is a number, word, or quoted string.
// equal_expr -> lit op equal_expr'
// equal_expr' -> number | string | quoted_string
// quoted_string -> " quoted_string'
// quoted_string' -> string quoted_string_end
// quoted_string_end -> "
//
// otherwise
// expr_stmt -> equal_expr (expr_stmt')*
// expr_stmt' -> ws S | op S | MarkComplete
// S -> equal_expr' expr_stmt'
switch k.Kind { switch k.Kind {
case ASTKindEqualExpr: case ASTKindEqualExpr:
// assigning a value to some key // assigning a value to some key
@ -243,7 +236,7 @@ loop:
} }
children[len(children)-1] = rhs children[len(children)-1] = rhs
k.SetChildren(children) root.SetChildren(children)
stack.Push(k) stack.Push(k)
} }

View File

@ -50,7 +50,10 @@ func (v *DefaultVisitor) VisitExpr(expr AST) error {
rhs := children[1] rhs := children[1]
if rhs.Root.Type() != TokenLit { // The right-hand value side the equality expression is allowed to contain '[', ']', ':', '=' in the values.
// If the token is not either a literal or one of the token types that identifies those four additional
// tokens then error.
if !(rhs.Root.Type() == TokenLit || rhs.Root.Type() == TokenOp || rhs.Root.Type() == TokenSep) {
return NewParseError("unexpected token type") return NewParseError("unexpected token type")
} }

View File

@ -1,3 +1,4 @@
//go:build !go1.7
// +build !go1.7 // +build !go1.7
package sdkio package sdkio

View File

@ -1,3 +1,4 @@
//go:build go1.7
// +build go1.7 // +build go1.7
package sdkio package sdkio

View File

@ -1,3 +1,4 @@
//go:build go1.10
// +build go1.10 // +build go1.10
package sdkmath package sdkmath

View File

@ -1,3 +1,4 @@
//go:build !go1.10
// +build !go1.10 // +build !go1.10
package sdkmath package sdkmath

View File

@ -1,3 +1,4 @@
//go:build go1.6
// +build go1.6 // +build go1.6
package sdkrand package sdkrand

View File

@ -1,3 +1,4 @@
//go:build !go1.6
// +build !go1.6 // +build !go1.6
package sdkrand package sdkrand

View File

@ -98,7 +98,7 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo
// Support the ability to customize values to be marshaled as a // Support the ability to customize values to be marshaled as a
// blob even though they were modeled as a string. Required for S3 // blob even though they were modeled as a string. Required for S3
// API operations like SSECustomerKey is modeled as stirng but // API operations like SSECustomerKey is modeled as string but
// required to be base64 encoded in request. // required to be base64 encoded in request.
if field.Tag.Get("marshal-as") == "blob" { if field.Tag.Get("marshal-as") == "blob" {
m = m.Convert(byteSliceType) m = m.Convert(byteSliceType)

View File

@ -1,6 +1,8 @@
package protocol package protocol
import ( import (
"bytes"
"fmt"
"math" "math"
"strconv" "strconv"
"time" "time"
@ -19,13 +21,16 @@ const (
// Output time is intended to not contain decimals // Output time is intended to not contain decimals
const ( const (
// RFC 7231#section-7.1.1.1 timetamp format. e.g Tue, 29 Apr 2014 18:30:38 GMT // RFC 7231#section-7.1.1.1 timetamp format. e.g Tue, 29 Apr 2014 18:30:38 GMT
RFC822TimeFormat = "Mon, 2 Jan 2006 15:04:05 GMT" RFC822TimeFormat = "Mon, 2 Jan 2006 15:04:05 GMT"
rfc822TimeFormatSingleDigitDay = "Mon, _2 Jan 2006 15:04:05 GMT"
rfc822TimeFormatSingleDigitDayTwoDigitYear = "Mon, _2 Jan 06 15:04:05 GMT"
// This format is used for output time without seconds precision // This format is used for output time without seconds precision
RFC822OutputTimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT" RFC822OutputTimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT"
// RFC3339 a subset of the ISO8601 timestamp format. e.g 2014-04-29T18:30:38Z // RFC3339 a subset of the ISO8601 timestamp format. e.g 2014-04-29T18:30:38Z
ISO8601TimeFormat = "2006-01-02T15:04:05.999999999Z" ISO8601TimeFormat = "2006-01-02T15:04:05.999999999Z"
iso8601TimeFormatNoZ = "2006-01-02T15:04:05.999999999"
// This format is used for output time with fractional second precision up to milliseconds // This format is used for output time with fractional second precision up to milliseconds
ISO8601OutputTimeFormat = "2006-01-02T15:04:05.999999999Z" ISO8601OutputTimeFormat = "2006-01-02T15:04:05.999999999Z"
@ -67,10 +72,21 @@ func FormatTime(name string, t time.Time) string {
// the time if it was able to be parsed, and fails otherwise. // the time if it was able to be parsed, and fails otherwise.
func ParseTime(formatName, value string) (time.Time, error) { func ParseTime(formatName, value string) (time.Time, error) {
switch formatName { switch formatName {
case RFC822TimeFormatName: case RFC822TimeFormatName: // Smithy HTTPDate format
return time.Parse(RFC822TimeFormat, value) return tryParse(value,
case ISO8601TimeFormatName: RFC822TimeFormat,
return time.Parse(ISO8601TimeFormat, value) rfc822TimeFormatSingleDigitDay,
rfc822TimeFormatSingleDigitDayTwoDigitYear,
time.RFC850,
time.ANSIC,
)
case ISO8601TimeFormatName: // Smithy DateTime format
return tryParse(value,
ISO8601TimeFormat,
iso8601TimeFormatNoZ,
time.RFC3339Nano,
time.RFC3339,
)
case UnixTimeFormatName: case UnixTimeFormatName:
v, err := strconv.ParseFloat(value, 64) v, err := strconv.ParseFloat(value, 64)
_, dec := math.Modf(v) _, dec := math.Modf(v)
@ -83,3 +99,36 @@ func ParseTime(formatName, value string) (time.Time, error) {
panic("unknown timestamp format name, " + formatName) panic("unknown timestamp format name, " + formatName)
} }
} }
func tryParse(v string, formats ...string) (time.Time, error) {
var errs parseErrors
for _, f := range formats {
t, err := time.Parse(f, v)
if err != nil {
errs = append(errs, parseError{
Format: f,
Err: err,
})
continue
}
return t, nil
}
return time.Time{}, fmt.Errorf("unable to parse time string, %v", errs)
}
type parseErrors []parseError
func (es parseErrors) Error() string {
var s bytes.Buffer
for _, e := range es {
fmt.Fprintf(&s, "\n * %q: %v", e.Format, e.Err)
}
return "parse errors:" + s.String()
}
type parseError struct {
Format string
Err error
}

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -3,21 +3,26 @@
// Package kms provides the client and types for making API // Package kms provides the client and types for making API
// requests to AWS Key Management Service. // requests to AWS Key Management Service.
// //
// AWS Key Management Service (AWS KMS) is an encryption and key management // Key Management Service (KMS) is an encryption and key management web service.
// web service. This guide describes the AWS KMS operations that you can call // This guide describes the KMS operations that you can call programmatically.
// programmatically. For general information about AWS KMS, see the AWS Key // For general information about KMS, see the Key Management Service Developer
// Management Service Developer Guide (https://docs.aws.amazon.com/kms/latest/developerguide/). // Guide (https://docs.aws.amazon.com/kms/latest/developerguide/).
// //
// AWS provides SDKs that consist of libraries and sample code for various programming // KMS is replacing the term customer master key (CMK) with KMS key and KMS
// languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs // key. The concept has not changed. To prevent breaking changes, KMS is keeping
// provide a convenient way to create programmatic access to AWS KMS and other // some variations of this term.
// AWS services. For example, the SDKs take care of tasks such as signing requests
// (see below), managing errors, and retrying requests automatically. For more
// information about the AWS SDKs, including how to download and install them,
// see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
// //
// We recommend that you use the AWS SDKs to make programmatic API calls to // Amazon Web Services provides SDKs that consist of libraries and sample code
// AWS KMS. // for various programming languages and platforms (Java, Ruby, .Net, macOS,
// Android, etc.). The SDKs provide a convenient way to create programmatic
// access to KMS and other Amazon Web Services services. For example, the SDKs
// take care of tasks such as signing requests (see below), managing errors,
// and retrying requests automatically. For more information about the Amazon
// Web Services SDKs, including how to download and install them, see Tools
// for Amazon Web Services (http://aws.amazon.com/tools/).
//
// We recommend that you use the Amazon Web Services SDKs to make programmatic
// API calls to KMS.
// //
// Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS // Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS
// 1.2. Clients must also support cipher suites with Perfect Forward Secrecy // 1.2. Clients must also support cipher suites with Perfect Forward Secrecy
@ -28,30 +33,31 @@
// Signing Requests // Signing Requests
// //
// Requests must be signed by using an access key ID and a secret access key. // Requests must be signed by using an access key ID and a secret access key.
// We strongly recommend that you do not use your AWS account (root) access // We strongly recommend that you do not use your Amazon Web Services account
// key ID and secret key for everyday work with AWS KMS. Instead, use the access // (root) access key ID and secret key for everyday work with KMS. Instead,
// key ID and secret access key for an IAM user. You can also use the AWS Security // use the access key ID and secret access key for an IAM user. You can also
// Token Service to generate temporary security credentials that you can use // use the Amazon Web Services Security Token Service to generate temporary
// to sign requests. // security credentials that you can use to sign requests.
// //
// All AWS KMS operations require Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). // All KMS operations require Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
// //
// Logging API Requests // Logging API Requests
// //
// AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related // KMS supports CloudTrail, a service that logs Amazon Web Services API calls
// events for your AWS account and delivers them to an Amazon S3 bucket that // and related events for your Amazon Web Services account and delivers them
// you specify. By using the information collected by CloudTrail, you can determine // to an Amazon S3 bucket that you specify. By using the information collected
// what requests were made to AWS KMS, who made the request, when it was made, // by CloudTrail, you can determine what requests were made to KMS, who made
// and so on. To learn more about CloudTrail, including how to turn it on and // the request, when it was made, and so on. To learn more about CloudTrail,
// find your log files, see the AWS CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). // including how to turn it on and find your log files, see the CloudTrail User
// Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/).
// //
// Additional Resources // Additional Resources
// //
// For more information about credentials and request signing, see the following: // For more information about credentials and request signing, see the following:
// //
// * AWS Security Credentials (https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) // * Amazon Web Services Security Credentials (https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)
// - This topic provides general information about the types of credentials // - This topic provides general information about the types of credentials
// used for accessing AWS. // used to access Amazon Web Services.
// //
// * Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) // * Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
// - This section of the IAM User Guide describes how to create and use temporary // - This section of the IAM User Guide describes how to create and use temporary

View File

@ -18,10 +18,10 @@ const (
// ErrCodeCloudHsmClusterInUseException for service response error code // ErrCodeCloudHsmClusterInUseException for service response error code
// "CloudHsmClusterInUseException". // "CloudHsmClusterInUseException".
// //
// The request was rejected because the specified AWS CloudHSM cluster is already // The request was rejected because the specified CloudHSM cluster is already
// associated with a custom key store or it shares a backup history with a cluster // associated with a custom key store or it shares a backup history with a cluster
// that is associated with a custom key store. Each custom key store must be // that is associated with a custom key store. Each custom key store must be
// associated with a different AWS CloudHSM cluster. // associated with a different CloudHSM cluster.
// //
// Clusters that share a backup history have the same cluster certificate. To // Clusters that share a backup history have the same cluster certificate. To
// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
@ -31,8 +31,8 @@ const (
// ErrCodeCloudHsmClusterInvalidConfigurationException for service response error code // ErrCodeCloudHsmClusterInvalidConfigurationException for service response error code
// "CloudHsmClusterInvalidConfigurationException". // "CloudHsmClusterInvalidConfigurationException".
// //
// The request was rejected because the associated AWS CloudHSM cluster did // The request was rejected because the associated CloudHSM cluster did not
// not meet the configuration requirements for a custom key store. // meet the configuration requirements for a custom key store.
// //
// * The cluster must be configured with private subnets in at least two // * The cluster must be configured with private subnets in at least two
// different Availability Zones in the Region. // different Availability Zones in the Region.
@ -47,46 +47,44 @@ const (
// operation. // operation.
// //
// * The cluster must contain at least as many HSMs as the operation requires. // * The cluster must contain at least as many HSMs as the operation requires.
// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey
// operations, the AWS CloudHSM cluster must have at least two active HSMs, // operations, the CloudHSM cluster must have at least two active HSMs, each
// each in a different Availability Zone. For the ConnectCustomKeyStore operation, // in a different Availability Zone. For the ConnectCustomKeyStore operation,
// the AWS CloudHSM must contain at least one active HSM. // the CloudHSM must contain at least one active HSM.
// //
// For information about the requirements for an AWS CloudHSM cluster that is // For information about the requirements for an CloudHSM cluster that is associated
// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
// in the AWS Key Management Service Developer Guide. For information about // in the Key Management Service Developer Guide. For information about creating
// creating a private subnet for an AWS CloudHSM cluster, see Create a Private // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the CloudHSM User Guide. For information about cluster security groups,
// in the AWS CloudHSM User Guide. For information about cluster security groups,
// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
// in the AWS CloudHSM User Guide . // in the CloudHSM User Guide .
ErrCodeCloudHsmClusterInvalidConfigurationException = "CloudHsmClusterInvalidConfigurationException" ErrCodeCloudHsmClusterInvalidConfigurationException = "CloudHsmClusterInvalidConfigurationException"
// ErrCodeCloudHsmClusterNotActiveException for service response error code // ErrCodeCloudHsmClusterNotActiveException for service response error code
// "CloudHsmClusterNotActiveException". // "CloudHsmClusterNotActiveException".
// //
// The request was rejected because the AWS CloudHSM cluster that is associated // The request was rejected because the CloudHSM cluster that is associated
// with the custom key store is not active. Initialize and activate the cluster // with the custom key store is not active. Initialize and activate the cluster
// and try the command again. For detailed instructions, see Getting Started // and try the command again. For detailed instructions, see Getting Started
// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
// in the AWS CloudHSM User Guide. // in the CloudHSM User Guide.
ErrCodeCloudHsmClusterNotActiveException = "CloudHsmClusterNotActiveException" ErrCodeCloudHsmClusterNotActiveException = "CloudHsmClusterNotActiveException"
// ErrCodeCloudHsmClusterNotFoundException for service response error code // ErrCodeCloudHsmClusterNotFoundException for service response error code
// "CloudHsmClusterNotFoundException". // "CloudHsmClusterNotFoundException".
// //
// The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster // The request was rejected because KMS cannot find the CloudHSM cluster with
// with the specified cluster ID. Retry the request with a different cluster // the specified cluster ID. Retry the request with a different cluster ID.
// ID.
ErrCodeCloudHsmClusterNotFoundException = "CloudHsmClusterNotFoundException" ErrCodeCloudHsmClusterNotFoundException = "CloudHsmClusterNotFoundException"
// ErrCodeCloudHsmClusterNotRelatedException for service response error code // ErrCodeCloudHsmClusterNotRelatedException for service response error code
// "CloudHsmClusterNotRelatedException". // "CloudHsmClusterNotRelatedException".
// //
// The request was rejected because the specified AWS CloudHSM cluster has a // The request was rejected because the specified CloudHSM cluster has a different
// different cluster certificate than the original cluster. You cannot use the // cluster certificate than the original cluster. You cannot use the operation
// operation to specify an unrelated cluster. // to specify an unrelated cluster.
// //
// Specify a cluster that shares a backup history with the original cluster. // Specify a cluster that shares a backup history with the original cluster.
// This includes clusters that were created from a backup of the current cluster, // This includes clusters that were created from a backup of the current cluster,
@ -101,10 +99,10 @@ const (
// ErrCodeCustomKeyStoreHasCMKsException for service response error code // ErrCodeCustomKeyStoreHasCMKsException for service response error code
// "CustomKeyStoreHasCMKsException". // "CustomKeyStoreHasCMKsException".
// //
// The request was rejected because the custom key store contains AWS KMS customer // The request was rejected because the custom key store contains KMS keys.
// master keys (CMKs). After verifying that you do not need to use the CMKs, // After verifying that you do not need to use the KMS keys, use the ScheduleKeyDeletion
// use the ScheduleKeyDeletion operation to delete the CMKs. After they are // operation to delete the KMS keys. After they are deleted, you can delete
// deleted, you can delete the custom key store. // the custom key store.
ErrCodeCustomKeyStoreHasCMKsException = "CustomKeyStoreHasCMKsException" ErrCodeCustomKeyStoreHasCMKsException = "CustomKeyStoreHasCMKsException"
// ErrCodeCustomKeyStoreInvalidStateException for service response error code // ErrCodeCustomKeyStoreInvalidStateException for service response error code
@ -140,7 +138,7 @@ const (
// ErrCodeCustomKeyStoreNotFoundException for service response error code // ErrCodeCustomKeyStoreNotFoundException for service response error code
// "CustomKeyStoreNotFoundException". // "CustomKeyStoreNotFoundException".
// //
// The request was rejected because AWS KMS cannot find a custom key store with // The request was rejected because KMS cannot find a custom key store with
// the specified key store name or ID. // the specified key store name or ID.
ErrCodeCustomKeyStoreNotFoundException = "CustomKeyStoreNotFoundException" ErrCodeCustomKeyStoreNotFoundException = "CustomKeyStoreNotFoundException"
@ -154,7 +152,7 @@ const (
// ErrCodeDisabledException for service response error code // ErrCodeDisabledException for service response error code
// "DisabledException". // "DisabledException".
// //
// The request was rejected because the specified CMK is not enabled. // The request was rejected because the specified KMS key is not enabled.
ErrCodeDisabledException = "DisabledException" ErrCodeDisabledException = "DisabledException"
// ErrCodeExpiredImportTokenException for service response error code // ErrCodeExpiredImportTokenException for service response error code
@ -168,9 +166,9 @@ const (
// ErrCodeIncorrectKeyException for service response error code // ErrCodeIncorrectKeyException for service response error code
// "IncorrectKeyException". // "IncorrectKeyException".
// //
// The request was rejected because the specified CMK cannot decrypt the data. // The request was rejected because the specified KMS key cannot decrypt the
// The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request // data. The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request
// must identify the same CMK that was used to encrypt the ciphertext. // must identify the same KMS key that was used to encrypt the ciphertext.
ErrCodeIncorrectKeyException = "IncorrectKeyException" ErrCodeIncorrectKeyException = "IncorrectKeyException"
// ErrCodeIncorrectKeyMaterialException for service response error code // ErrCodeIncorrectKeyMaterialException for service response error code
@ -178,14 +176,14 @@ const (
// //
// The request was rejected because the key material in the request is, expired, // The request was rejected because the key material in the request is, expired,
// invalid, or is not the same key material that was previously imported into // invalid, or is not the same key material that was previously imported into
// this customer master key (CMK). // this KMS key.
ErrCodeIncorrectKeyMaterialException = "IncorrectKeyMaterialException" ErrCodeIncorrectKeyMaterialException = "IncorrectKeyMaterialException"
// ErrCodeIncorrectTrustAnchorException for service response error code // ErrCodeIncorrectTrustAnchorException for service response error code
// "IncorrectTrustAnchorException". // "IncorrectTrustAnchorException".
// //
// The request was rejected because the trust anchor certificate in the request // The request was rejected because the trust anchor certificate in the request
// is not the trust anchor certificate for the specified AWS CloudHSM cluster. // is not the trust anchor certificate for the specified CloudHSM cluster.
// //
// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
// you create the trust anchor certificate and save it in the customerCA.crt // you create the trust anchor certificate and save it in the customerCA.crt
@ -220,8 +218,8 @@ const (
// the ciphertext, such as the encryption context, is corrupted, missing, or // the ciphertext, such as the encryption context, is corrupted, missing, or
// otherwise invalid. // otherwise invalid.
// //
// From the ImportKeyMaterial operation, the request was rejected because AWS // From the ImportKeyMaterial operation, the request was rejected because KMS
// KMS could not decrypt the encrypted (wrapped) key material. // could not decrypt the encrypted (wrapped) key material.
ErrCodeInvalidCiphertextException = "InvalidCiphertextException" ErrCodeInvalidCiphertextException = "InvalidCiphertextException"
// ErrCodeInvalidGrantIdException for service response error code // ErrCodeInvalidGrantIdException for service response error code
@ -240,7 +238,7 @@ const (
// "InvalidImportTokenException". // "InvalidImportTokenException".
// //
// The request was rejected because the provided import token is invalid or // The request was rejected because the provided import token is invalid or
// is associated with a different customer master key (CMK). // is associated with a different KMS key.
ErrCodeInvalidImportTokenException = "InvalidImportTokenException" ErrCodeInvalidImportTokenException = "InvalidImportTokenException"
// ErrCodeInvalidKeyUsageException for service response error code // ErrCodeInvalidKeyUsageException for service response error code
@ -248,17 +246,18 @@ const (
// //
// The request was rejected for one of the following reasons: // The request was rejected for one of the following reasons:
// //
// * The KeyUsage value of the CMK is incompatible with the API operation. // * The KeyUsage value of the KMS key is incompatible with the API operation.
// //
// * The encryption algorithm or signing algorithm specified for the operation // * The encryption algorithm or signing algorithm specified for the operation
// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). // is incompatible with the type of key material in the KMS key (KeySpec).
// //
// For encrypting, decrypting, re-encrypting, and generating data keys, the // For encrypting, decrypting, re-encrypting, and generating data keys, the
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage
// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. // must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey
// operation.
// //
// To find the encryption or signing algorithms supported for a particular CMK, // To find the encryption or signing algorithms supported for a particular KMS
// use the DescribeKey operation. // key, use the DescribeKey operation.
ErrCodeInvalidKeyUsageException = "InvalidKeyUsageException" ErrCodeInvalidKeyUsageException = "InvalidKeyUsageException"
// ErrCodeInvalidMarkerException for service response error code // ErrCodeInvalidMarkerException for service response error code
@ -274,9 +273,9 @@ const (
// The request was rejected because the state of the specified resource is not // The request was rejected because the state of the specified resource is not
// valid for this request. // valid for this request.
// //
// For more information about how key state affects the use of a CMK, see How // For more information about how key state affects the use of a KMS key, see
// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide . // in the Key Management Service Developer Guide .
ErrCodeInvalidStateException = "KMSInvalidStateException" ErrCodeInvalidStateException = "KMSInvalidStateException"
// ErrCodeKMSInvalidSignatureException for service response error code // ErrCodeKMSInvalidSignatureException for service response error code
@ -284,14 +283,14 @@ const (
// //
// The request was rejected because the signature verification failed. Signature // The request was rejected because the signature verification failed. Signature
// verification fails when it cannot confirm that signature was produced by // verification fails when it cannot confirm that signature was produced by
// signing the specified message with the specified CMK and signing algorithm. // signing the specified message with the specified KMS key and signing algorithm.
ErrCodeKMSInvalidSignatureException = "KMSInvalidSignatureException" ErrCodeKMSInvalidSignatureException = "KMSInvalidSignatureException"
// ErrCodeKeyUnavailableException for service response error code // ErrCodeKeyUnavailableException for service response error code
// "KeyUnavailableException". // "KeyUnavailableException".
// //
// The request was rejected because the specified CMK was not available. You // The request was rejected because the specified KMS key was not available.
// can retry the request. // You can retry the request.
ErrCodeKeyUnavailableException = "KeyUnavailableException" ErrCodeKeyUnavailableException = "KeyUnavailableException"
// ErrCodeLimitExceededException for service response error code // ErrCodeLimitExceededException for service response error code
@ -299,7 +298,7 @@ const (
// //
// The request was rejected because a quota was exceeded. For more information, // The request was rejected because a quota was exceeded. For more information,
// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
// in the AWS Key Management Service Developer Guide. // in the Key Management Service Developer Guide.
ErrCodeLimitExceededException = "LimitExceededException" ErrCodeLimitExceededException = "LimitExceededException"
// ErrCodeMalformedPolicyDocumentException for service response error code // ErrCodeMalformedPolicyDocumentException for service response error code

File diff suppressed because it is too large Load Diff

View File

@ -3,11 +3,11 @@
// Package sts provides the client and types for making API // Package sts provides the client and types for making API
// requests to AWS Security Token Service. // requests to AWS Security Token Service.
// //
// AWS Security Token Service (STS) enables you to request temporary, limited-privilege // Security Token Service (STS) enables you to request temporary, limited-privilege
// credentials for AWS Identity and Access Management (IAM) users or for users // credentials for Identity and Access Management (IAM) users or for users that
// that you authenticate (federated users). This guide provides descriptions // you authenticate (federated users). This guide provides descriptions of the
// of the STS API. For more information about using this service, see Temporary // STS API. For more information about using this service, see Temporary Security
// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). // Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
// //
// See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service. // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service.
// //

View File

@ -42,8 +42,9 @@ const (
// ErrCodeInvalidIdentityTokenException for service response error code // ErrCodeInvalidIdentityTokenException for service response error code
// "InvalidIdentityToken". // "InvalidIdentityToken".
// //
// The web identity token that was passed could not be validated by AWS. Get // The web identity token that was passed could not be validated by Amazon Web
// a new identity token from the identity provider and then retry the request. // Services. Get a new identity token from the identity provider and then retry
// the request.
ErrCodeInvalidIdentityTokenException = "InvalidIdentityToken" ErrCodeInvalidIdentityTokenException = "InvalidIdentityToken"
// ErrCodeMalformedPolicyDocumentException for service response error code // ErrCodeMalformedPolicyDocumentException for service response error code
@ -57,11 +58,11 @@ const (
// "PackedPolicyTooLarge". // "PackedPolicyTooLarge".
// //
// The request was rejected because the total packed size of the session policies // The request was rejected because the total packed size of the session policies
// and session tags combined was too large. An AWS conversion compresses the // and session tags combined was too large. An Amazon Web Services conversion
// session policy document, session policy ARNs, and session tags into a packed // compresses the session policy document, session policy ARNs, and session
// binary format that has a separate limit. The error message indicates by percentage // tags into a packed binary format that has a separate limit. The error message
// how close the policies and tags are to the upper size limit. For more information, // indicates by percentage how close the policies and tags are to the upper
// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide. // in the IAM User Guide.
// //
// You could receive this error even though you meet other defined session policy // You could receive this error even though you meet other defined session policy
@ -76,7 +77,8 @@ const (
// STS is not activated in the requested region for the account that is being // STS is not activated in the requested region for the account that is being
// asked to generate credentials. The account administrator must use the IAM // asked to generate credentials. The account administrator must use the IAM
// console to activate STS in that region. For more information, see Activating // console to activate STS in that region. For more information, see Activating
// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // and Deactivating Amazon Web Services STS in an Amazon Web Services Region
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// in the IAM User Guide. // in the IAM User Guide.
ErrCodeRegionDisabledException = "RegionDisabledException" ErrCodeRegionDisabledException = "RegionDisabledException"
) )

View File

@ -6,6 +6,10 @@ package http2
import "strings" import "strings"
// The HTTP protocols are defined in terms of ASCII, not Unicode. This file
// contains helper functions which may use Unicode-aware functions which would
// otherwise be unsafe and could introduce vulnerabilities if used improperly.
// asciiEqualFold is strings.EqualFold, ASCII only. It reports whether s and t // asciiEqualFold is strings.EqualFold, ASCII only. It reports whether s and t
// are equal, ASCII-case-insensitively. // are equal, ASCII-case-insensitively.
func asciiEqualFold(s, t string) bool { func asciiEqualFold(s, t string) bool {

View File

@ -259,16 +259,12 @@ func ConfigureServer(s *http.Server, conf *Server) error {
s.TLSConfig.PreferServerCipherSuites = true s.TLSConfig.PreferServerCipherSuites = true
haveNPN := false if !strSliceContains(s.TLSConfig.NextProtos, NextProtoTLS) {
for _, p := range s.TLSConfig.NextProtos {
if p == NextProtoTLS {
haveNPN = true
break
}
}
if !haveNPN {
s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, NextProtoTLS) s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, NextProtoTLS)
} }
if !strSliceContains(s.TLSConfig.NextProtos, "http/1.1") {
s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, "http/1.1")
}
if s.TLSNextProto == nil { if s.TLSNextProto == nil {
s.TLSNextProto = map[string]func(*http.Server, *tls.Conn, http.Handler){} s.TLSNextProto = map[string]func(*http.Server, *tls.Conn, http.Handler){}

View File

@ -264,9 +264,8 @@ type ClientConn struct {
peerMaxHeaderListSize uint64 peerMaxHeaderListSize uint64
initialWindowSize uint32 initialWindowSize uint32
hbuf bytes.Buffer // HPACK encoder writes into this hbuf bytes.Buffer // HPACK encoder writes into this
henc *hpack.Encoder henc *hpack.Encoder
freeBuf [][]byte
wmu sync.Mutex // held while writing; acquire AFTER mu if holding both wmu sync.Mutex // held while writing; acquire AFTER mu if holding both
werr error // first write error that has occurred werr error // first write error that has occurred
@ -913,46 +912,6 @@ func (cc *ClientConn) closeForLostPing() error {
return cc.closeForError(err) return cc.closeForError(err)
} }
const maxAllocFrameSize = 512 << 10
// frameBuffer returns a scratch buffer suitable for writing DATA frames.
// They're capped at the min of the peer's max frame size or 512KB
// (kinda arbitrarily), but definitely capped so we don't allocate 4GB
// bufers.
func (cc *ClientConn) frameScratchBuffer() []byte {
cc.mu.Lock()
size := cc.maxFrameSize
if size > maxAllocFrameSize {
size = maxAllocFrameSize
}
for i, buf := range cc.freeBuf {
if len(buf) >= int(size) {
cc.freeBuf[i] = nil
cc.mu.Unlock()
return buf[:size]
}
}
cc.mu.Unlock()
return make([]byte, size)
}
func (cc *ClientConn) putFrameScratchBuffer(buf []byte) {
cc.mu.Lock()
defer cc.mu.Unlock()
const maxBufs = 4 // arbitrary; 4 concurrent requests per conn? investigate.
if len(cc.freeBuf) < maxBufs {
cc.freeBuf = append(cc.freeBuf, buf)
return
}
for i, old := range cc.freeBuf {
if old == nil {
cc.freeBuf[i] = buf
return
}
}
// forget about it.
}
// errRequestCanceled is a copy of net/http's errRequestCanceled because it's not // errRequestCanceled is a copy of net/http's errRequestCanceled because it's not
// exported. At least they'll be DeepEqual for h1-vs-h2 comparisons tests. // exported. At least they'll be DeepEqual for h1-vs-h2 comparisons tests.
var errRequestCanceled = errors.New("net/http: request canceled") var errRequestCanceled = errors.New("net/http: request canceled")
@ -1295,11 +1254,35 @@ var (
errReqBodyTooLong = errors.New("http2: request body larger than specified content length") errReqBodyTooLong = errors.New("http2: request body larger than specified content length")
) )
// frameScratchBufferLen returns the length of a buffer to use for
// outgoing request bodies to read/write to/from.
//
// It returns max(1, min(peer's advertised max frame size,
// Request.ContentLength+1, 512KB)).
func (cs *clientStream) frameScratchBufferLen(maxFrameSize int) int {
const max = 512 << 10
n := int64(maxFrameSize)
if n > max {
n = max
}
if cl := actualContentLength(cs.req); cl != -1 && cl+1 < n {
// Add an extra byte past the declared content-length to
// give the caller's Request.Body io.Reader a chance to
// give us more bytes than they declared, so we can catch it
// early.
n = cl + 1
}
if n < 1 {
return 1
}
return int(n) // doesn't truncate; max is 512K
}
var bufPool sync.Pool // of *[]byte
func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (err error) { func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (err error) {
cc := cs.cc cc := cs.cc
sentEnd := false // whether we sent the final DATA frame w/ END_STREAM sentEnd := false // whether we sent the final DATA frame w/ END_STREAM
buf := cc.frameScratchBuffer()
defer cc.putFrameScratchBuffer(buf)
defer func() { defer func() {
traceWroteRequest(cs.trace, err) traceWroteRequest(cs.trace, err)
@ -1318,9 +1301,24 @@ func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (
remainLen := actualContentLength(req) remainLen := actualContentLength(req)
hasContentLen := remainLen != -1 hasContentLen := remainLen != -1
cc.mu.Lock()
maxFrameSize := int(cc.maxFrameSize)
cc.mu.Unlock()
// Scratch buffer for reading into & writing from.
scratchLen := cs.frameScratchBufferLen(maxFrameSize)
var buf []byte
if bp, ok := bufPool.Get().(*[]byte); ok && len(*bp) >= scratchLen {
defer bufPool.Put(bp)
buf = *bp
} else {
buf = make([]byte, scratchLen)
defer bufPool.Put(&buf)
}
var sawEOF bool var sawEOF bool
for !sawEOF { for !sawEOF {
n, err := body.Read(buf[:len(buf)-1]) n, err := body.Read(buf[:len(buf)])
if hasContentLen { if hasContentLen {
remainLen -= int64(n) remainLen -= int64(n)
if remainLen == 0 && err == nil { if remainLen == 0 && err == nil {
@ -1331,8 +1329,9 @@ func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (
// to send the END_STREAM bit early, double-check that we're actually // to send the END_STREAM bit early, double-check that we're actually
// at EOF. Subsequent reads should return (0, EOF) at this point. // at EOF. Subsequent reads should return (0, EOF) at this point.
// If either value is different, we return an error in one of two ways below. // If either value is different, we return an error in one of two ways below.
var scratch [1]byte
var n1 int var n1 int
n1, err = body.Read(buf[n:]) n1, err = body.Read(scratch[:])
remainLen -= int64(n1) remainLen -= int64(n1)
} }
if remainLen < 0 { if remainLen < 0 {
@ -1402,10 +1401,6 @@ func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (
} }
} }
cc.mu.Lock()
maxFrameSize := int(cc.maxFrameSize)
cc.mu.Unlock()
cc.wmu.Lock() cc.wmu.Lock()
defer cc.wmu.Unlock() defer cc.wmu.Unlock()

4
vendor/modules.txt vendored
View File

@ -1,4 +1,4 @@
# github.com/aws/aws-sdk-go v1.38.63 # github.com/aws/aws-sdk-go v1.40.34
## explicit ## explicit
github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws
github.com/aws/aws-sdk-go/aws/awserr github.com/aws/aws-sdk-go/aws/awserr
@ -363,7 +363,7 @@ golang.org/x/crypto/poly1305
golang.org/x/crypto/scrypt golang.org/x/crypto/scrypt
golang.org/x/crypto/ssh golang.org/x/crypto/ssh
golang.org/x/crypto/ssh/internal/bcrypt_pbkdf golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
# golang.org/x/net v0.0.0-20210520170846-37e1c6afe023 # golang.org/x/net v0.0.0-20210614182718-04defd469f4e
golang.org/x/net/context golang.org/x/net/context
golang.org/x/net/context/ctxhttp golang.org/x/net/context/ctxhttp
golang.org/x/net/html golang.org/x/net/html