mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-17 20:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

rebase: bump github.com/aws/aws-sdk-go from 1.44.10 to 1.44.16

Browse Source 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.10 to 1.44.16.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.10...v1.44.16)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2022-05-18 05:37:10 +00:00 committed by mergify[bot]
parent 952105e551
commit 9d3086e211
8 changed files with 719 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -4,7 +4,7 @@ go 1.17
require (
github.com/IBM/keyprotect-go-client v0.7.0
github.com/aws/aws-sdk-go v1.44.10
github.com/aws/aws-sdk-go v1.44.16
github.com/aws/aws-sdk-go-v2/service/sts v1.16.5
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
// TODO: API for managing NFS-exports requires `ceph_ci_untested` build-tag

4
go.sum
View File

@ -141,8 +141,8 @@ github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k=
github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
github.com/aws/aws-sdk-go v1.44.10 h1:ohCdgQpJ9ojzm0fOk7ykrMTgTpHJBk5nnA7X+HzmnOA=
github.com/aws/aws-sdk-go v1.44.10/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
github.com/aws/aws-sdk-go v1.44.16 h1:6voHuNZZNWo71MdNlym4eRlcogTeTSk9Ipo6qDJWzoU=
github.com/aws/aws-sdk-go v1.44.16/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
github.com/aws/aws-sdk-go-v2 v1.16.3 h1:0W1TSJ7O6OzwuEvIXAtJGvOeQ0SGAhcpxPN2/NK5EhM=
github.com/aws/aws-sdk-go-v2 v1.16.3/go.mod h1:ytwTPBG6fXTZLxxeeCCWj2/EMYp/xDUgX+OET6TLNNU=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.10 h1:uFWgo6mGJI1n17nbcvSc6fxVuR3xLNqvXt12JCnEcT8=

2
vendor/github.com/aws/aws-sdk-go/aws/version.go generated vendored
View File

@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
const SDKVersion = "1.44.10"
const SDKVersion = "1.44.16"

556
vendor/github.com/aws/aws-sdk-go/service/ec2/api.go generated vendored
View File

@ -8216,7 +8216,8 @@ func (c *EC2) CreateTrafficMirrorTargetRequest(input *CreateTrafficMirrorTargetI
// in the same VPC, or in different VPCs connected via VPC peering or a transit
// gateway.
//
// A Traffic Mirror target can be a network interface, or a Network Load Balancer.
// A Traffic Mirror target can be a network interface, a Network Load Balancer,
// or a Gateway Load Balancer endpoint.
//
// To use the target in a Traffic Mirror session, use CreateTrafficMirrorSession
// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorSession.htm).
@ -35562,6 +35563,93 @@ func (c *EC2) GetInstanceTypesFromInstanceRequirementsPagesWithContext(ctx aws.C
return p.Err()
}
const opGetInstanceUefiData = "GetInstanceUefiData"
// GetInstanceUefiDataRequest generates a "aws/request.Request" representing the
// client's request for the GetInstanceUefiData operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetInstanceUefiData for more information on using the GetInstanceUefiData
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the GetInstanceUefiDataRequest method.
// req, resp := client.GetInstanceUefiDataRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetInstanceUefiData
func (c *EC2) GetInstanceUefiDataRequest(input *GetInstanceUefiDataInput) (req *request.Request, output *GetInstanceUefiDataOutput) {
op := &request.Operation{
Name: opGetInstanceUefiData,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &GetInstanceUefiDataInput{}
}
output = &GetInstanceUefiDataOutput{}
req = c.newRequest(op, input, output)
return
}
// GetInstanceUefiData API operation for Amazon Elastic Compute Cloud.
//
// A binary representation of the UEFI variable store. Only non-volatile variables
// are stored. This is a base64 encoded and zlib compressed binary value that
// must be properly encoded.
//
// When you use register-image (https://docs.aws.amazon.com/cli/latest/reference/ec2/register-image.html)
// to create an AMI, you can create an exact copy of your variable store by
// passing the UEFI data in the UefiData parameter. You can modify the UEFI
// data by using the python-uefivars tool (https://github.com/awslabs/python-uefivars)
// on GitHub. You can use the tool to convert the UEFI data into a human-readable
// format (JSON), which you can inspect and modify, and then convert back into
// the binary format to use with register-image.
//
// For more information, see UEFI Secure Boot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/uefi-secure-boot.html)
// in the Amazon EC2 User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Elastic Compute Cloud's
// API operation GetInstanceUefiData for usage and error information.
// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetInstanceUefiData
func (c *EC2) GetInstanceUefiData(input *GetInstanceUefiDataInput) (*GetInstanceUefiDataOutput, error) {
req, out := c.GetInstanceUefiDataRequest(input)
return out, req.Send()
}
// GetInstanceUefiDataWithContext is the same as GetInstanceUefiData with the addition of
// the ability to pass a context and additional request options.
//
// See GetInstanceUefiData for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *EC2) GetInstanceUefiDataWithContext(ctx aws.Context, input *GetInstanceUefiDataInput, opts ...request.Option) (*GetInstanceUefiDataOutput, error) {
req, out := c.GetInstanceUefiDataRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opGetIpamAddressHistory = "GetIpamAddressHistory"
// GetIpamAddressHistoryRequest generates a "aws/request.Request" representing the
@ -67710,6 +67798,9 @@ type CreateTrafficMirrorTargetInput struct {
// it is UnauthorizedOperation.
DryRun *bool `type:"boolean"`
// The ID of the Gateway Load Balancer endpoint.
GatewayLoadBalancerEndpointId *string `type:"string"`
// The network interface ID that is associated with the target.
NetworkInterfaceId *string `type:"string"`
@ -67757,6 +67848,12 @@ func (s *CreateTrafficMirrorTargetInput) SetDryRun(v bool) *CreateTrafficMirrorT
return s
}
// SetGatewayLoadBalancerEndpointId sets the GatewayLoadBalancerEndpointId field's value.
func (s *CreateTrafficMirrorTargetInput) SetGatewayLoadBalancerEndpointId(v string) *CreateTrafficMirrorTargetInput {
s.GatewayLoadBalancerEndpointId = &v
return s
}
// SetNetworkInterfaceId sets the NetworkInterfaceId field's value.
func (s *CreateTrafficMirrorTargetInput) SetNetworkInterfaceId(v string) *CreateTrafficMirrorTargetInput {
s.NetworkInterfaceId = &v
@ -69527,12 +69624,18 @@ type CreateVpcEndpointInput struct {
// of the request. For more information, see How to ensure idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html).
ClientToken *string `type:"string"`
// The DNS options for the endpoint.
DnsOptions *DnsOptionsSpecification `type:"structure"`
// Checks whether you have the required permissions for the action, without
// actually making the request, and provides an error response. If you have
// the required permissions, the error response is DryRunOperation. Otherwise,
// it is UnauthorizedOperation.
DryRun *bool `type:"boolean"`
// The IP address type for the endpoint.
IpAddressType *string `type:"string" enum:"IpAddressType"`
// (Interface and gateway endpoints) A policy to attach to the endpoint that
// controls access to the service. The policy must be in valid JSON format.
// If this parameter is not specified, we attach a default policy that allows
@ -69626,12 +69729,24 @@ func (s *CreateVpcEndpointInput) SetClientToken(v string) *CreateVpcEndpointInpu
return s
}
// SetDnsOptions sets the DnsOptions field's value.
func (s *CreateVpcEndpointInput) SetDnsOptions(v *DnsOptionsSpecification) *CreateVpcEndpointInput {
s.DnsOptions = v
return s
}
// SetDryRun sets the DryRun field's value.
func (s *CreateVpcEndpointInput) SetDryRun(v bool) *CreateVpcEndpointInput {
s.DryRun = &v
return s
}
// SetIpAddressType sets the IpAddressType field's value.
func (s *CreateVpcEndpointInput) SetIpAddressType(v string) *CreateVpcEndpointInput {
s.IpAddressType = &v
return s
}
// SetPolicyDocument sets the PolicyDocument field's value.
func (s *CreateVpcEndpointInput) SetPolicyDocument(v string) *CreateVpcEndpointInput {
s.PolicyDocument = &v
@ -69756,6 +69871,9 @@ type CreateVpcEndpointServiceConfigurationInput struct {
// VPC endpoint service.
PrivateDnsName *string `type:"string"`
// The supported IP address types. The possible values are ipv4 and ipv6.
SupportedIpAddressTypes []*string `locationName:"SupportedIpAddressType" locationNameList:"item" type:"list"`
// The tags to associate with the service.
TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"`
}
@ -69814,6 +69932,12 @@ func (s *CreateVpcEndpointServiceConfigurationInput) SetPrivateDnsName(v string)
return s
}
// SetSupportedIpAddressTypes sets the SupportedIpAddressTypes field's value.
func (s *CreateVpcEndpointServiceConfigurationInput) SetSupportedIpAddressTypes(v []*string) *CreateVpcEndpointServiceConfigurationInput {
s.SupportedIpAddressTypes = v
return s
}
// SetTagSpecifications sets the TagSpecifications field's value.
func (s *CreateVpcEndpointServiceConfigurationInput) SetTagSpecifications(v []*TagSpecification) *CreateVpcEndpointServiceConfigurationInput {
s.TagSpecifications = v
@ -82502,6 +82626,17 @@ type DescribeImageAttributeOutput struct {
// Indicates whether enhanced networking with the Intel 82599 Virtual Function
// interface is enabled.
SriovNetSupport *AttributeValue `locationName:"sriovNetSupport" type:"structure"`
// If the image is configured for NitroTPM support, the value is v2.0.
TpmSupport *AttributeValue `locationName:"tpmSupport" type:"structure"`
// Base64 representation of the non-volatile UEFI variable store. To retrieve
// the UEFI data, use the GetInstanceUefiData (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetInstanceUefiData)
// command. You can inspect and modify the UEFI data by using the python-uefivars
// tool (https://github.com/awslabs/python-uefivars) on GitHub. For more information,
// see UEFI Secure Boot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/uefi-secure-boot.html)
// in the Amazon Elastic Compute Cloud User Guide.
UefiData *AttributeValue `locationName:"uefiData" type:"structure"`
}
// String returns the string representation.
@ -82582,6 +82717,18 @@ func (s *DescribeImageAttributeOutput) SetSriovNetSupport(v *AttributeValue) *De
return s
}
// SetTpmSupport sets the TpmSupport field's value.
func (s *DescribeImageAttributeOutput) SetTpmSupport(v *AttributeValue) *DescribeImageAttributeOutput {
s.TpmSupport = v
return s
}
// SetUefiData sets the UefiData field's value.
func (s *DescribeImageAttributeOutput) SetUefiData(v *AttributeValue) *DescribeImageAttributeOutput {
s.UefiData = v
return s
}
type DescribeImagesInput struct {
_ struct{} `type:"structure"`
@ -95059,6 +95206,8 @@ type DescribeVpcEndpointConnectionsInput struct {
// One or more filters.
//
// * ip-address-type - The IP address type (ipv4 | ipv6).
//
// * service-id - The ID of the service.
//
// * vpc-endpoint-owner - The ID of the Amazon Web Services account ID that
@ -95182,6 +95331,8 @@ type DescribeVpcEndpointServiceConfigurationsInput struct {
// * service-state - The state of the service (Pending | Available | Deleting
// | Deleted | Failed).
//
// * supported-ip-address-types - The IP address type (ipv4 | ipv6).
//
// * tag:<key> - The key/value combination of a tag assigned to the resource.
// Use the tag key in the filter name and the tag value as the filter value.
// For example, to find all resources that have a tag with the key Owner
@ -95447,6 +95598,8 @@ type DescribeVpcEndpointServicesInput struct {
//
// * service-type - The type of service (Interface | Gateway).
//
// * supported-ip-address-types - The IP address type (ipv4 | ipv6).
//
// * tag:<key> - The key/value combination of a tag assigned to the resource.
// Use the tag key in the filter name and the tag value as the filter value.
// For example, to find all resources that have a tag with the key Owner
@ -95584,6 +95737,8 @@ type DescribeVpcEndpointsInput struct {
// One or more filters.
//
// * ip-address-type - The IP address type (ipv4 | ipv6).
//
// * service-name - The name of the service.
//
// * vpc-id - The ID of the VPC in which the endpoint resides.
@ -99629,6 +99784,70 @@ func (s *DnsEntry) SetHostedZoneId(v string) *DnsEntry {
return s
}
// Describes the DNS options for an endpoint.
type DnsOptions struct {
_ struct{} `type:"structure"`
// The DNS records created for the endpoint.
DnsRecordIpType *string `locationName:"dnsRecordIpType" type:"string" enum:"DnsRecordIpType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DnsOptions) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DnsOptions) GoString() string {
return s.String()
}
// SetDnsRecordIpType sets the DnsRecordIpType field's value.
func (s *DnsOptions) SetDnsRecordIpType(v string) *DnsOptions {
s.DnsRecordIpType = &v
return s
}
// Describes the DNS options for an endpoint.
type DnsOptionsSpecification struct {
_ struct{} `type:"structure"`
// The DNS records created for the endpoint.
DnsRecordIpType *string `type:"string" enum:"DnsRecordIpType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DnsOptionsSpecification) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DnsOptionsSpecification) GoString() string {
return s.String()
}
// SetDnsRecordIpType sets the DnsRecordIpType field's value.
func (s *DnsOptionsSpecification) SetDnsRecordIpType(v string) *DnsOptionsSpecification {
s.DnsRecordIpType = &v
return s
}
// Information about the DNS server to be used.
type DnsServersOptionsModifyStructure struct {
_ struct{} `type:"structure"`
@ -107106,6 +107325,104 @@ func (s *GetInstanceTypesFromInstanceRequirementsOutput) SetNextToken(v string)
return s
}
type GetInstanceUefiDataInput struct {
_ struct{} `type:"structure"`
// Checks whether you have the required permissions for the action, without
// actually making the request, and provides an error response. If you have
// the required permissions, the error response is DryRunOperation. Otherwise,
// it is UnauthorizedOperation.
DryRun *bool `type:"boolean"`
// The ID of the instance from which to retrieve the UEFI data.
//
// InstanceId is a required field
InstanceId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetInstanceUefiDataInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetInstanceUefiDataInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *GetInstanceUefiDataInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "GetInstanceUefiDataInput"}
if s.InstanceId == nil {
invalidParams.Add(request.NewErrParamRequired("InstanceId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetDryRun sets the DryRun field's value.
func (s *GetInstanceUefiDataInput) SetDryRun(v bool) *GetInstanceUefiDataInput {
s.DryRun = &v
return s
}
// SetInstanceId sets the InstanceId field's value.
func (s *GetInstanceUefiDataInput) SetInstanceId(v string) *GetInstanceUefiDataInput {
s.InstanceId = &v
return s
}
type GetInstanceUefiDataOutput struct {
_ struct{} `type:"structure"`
// The ID of the instance from which to retrieve the UEFI data.
InstanceId *string `locationName:"instanceId" type:"string"`
// Base64 representation of the non-volatile UEFI variable store.
UefiData *string `locationName:"uefiData" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetInstanceUefiDataOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetInstanceUefiDataOutput) GoString() string {
return s.String()
}
// SetInstanceId sets the InstanceId field's value.
func (s *GetInstanceUefiDataOutput) SetInstanceId(v string) *GetInstanceUefiDataOutput {
s.InstanceId = &v
return s
}
// SetUefiData sets the UefiData field's value.
func (s *GetInstanceUefiDataOutput) SetUefiData(v string) *GetInstanceUefiDataOutput {
s.UefiData = &v
return s
}
type GetIpamAddressHistoryInput struct {
_ struct{} `type:"structure"`
@ -111241,6 +111558,11 @@ type Image struct {
// Any tags assigned to the image.
Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"`
// If the image is configured for NitroTPM support, the value is v2.0. For more
// information, see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html)
// in the Amazon Elastic Compute Cloud User Guide.
TpmSupport *string `locationName:"tpmSupport" type:"string" enum:"TpmSupportValues"`
// The operation of the Amazon EC2 instance and the billing code that is associated
// with the AMI. usageOperation corresponds to the lineitem/Operation (https://docs.aws.amazon.com/cur/latest/userguide/Lineitem-columns.html#Lineitem-details-O-Operation)
// column on your Amazon Web Services Cost and Usage Report and in the Amazon
@ -111429,6 +111751,12 @@ func (s *Image) SetTags(v []*Tag) *Image {
return s
}
// SetTpmSupport sets the TpmSupport field's value.
func (s *Image) SetTpmSupport(v string) *Image {
s.TpmSupport = &v
return s
}
// SetUsageOperation sets the UsageOperation field's value.
func (s *Image) SetUsageOperation(v string) *Image {
s.UsageOperation = &v
@ -113594,6 +113922,11 @@ type Instance struct {
// Any tags assigned to the instance.
Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"`
// If the instance is configured for NitroTPM support, the value is v2.0. For
// more information, see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html)
// in the Amazon EC2 User Guide.
TpmSupport *string `locationName:"tpmSupport" type:"string"`
// The usage operation value for the instance. For more information, see AMI
// billing information fields (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/billing-info-fields.html)
// in the Amazon EC2 User Guide.
@ -113933,6 +114266,12 @@ func (s *Instance) SetTags(v []*Tag) *Instance {
return s
}
// SetTpmSupport sets the TpmSupport field's value.
func (s *Instance) SetTpmSupport(v string) *Instance {
s.TpmSupport = &v
return s
}
// SetUsageOperation sets the UsageOperation field's value.
func (s *Instance) SetUsageOperation(v string) *Instance {
s.UsageOperation = &v
@ -130153,12 +130492,18 @@ type ModifyVpcEndpointInput struct {
// specify only one subnet.
AddSubnetIds []*string `locationName:"AddSubnetId" locationNameList:"item" type:"list"`
// The DNS options for the endpoint.
DnsOptions *DnsOptionsSpecification `type:"structure"`
// Checks whether you have the required permissions for the action, without
// actually making the request, and provides an error response. If you have
// the required permissions, the error response is DryRunOperation. Otherwise,
// it is UnauthorizedOperation.
DryRun *bool `type:"boolean"`
// The IP address type for the endpoint.
IpAddressType *string `type:"string" enum:"IpAddressType"`
// (Interface and gateway endpoints) A policy to attach to the endpoint that
// controls access to the service. The policy must be in valid JSON format.
PolicyDocument *string `type:"string"`
@ -130236,12 +130581,24 @@ func (s *ModifyVpcEndpointInput) SetAddSubnetIds(v []*string) *ModifyVpcEndpoint
return s
}
// SetDnsOptions sets the DnsOptions field's value.
func (s *ModifyVpcEndpointInput) SetDnsOptions(v *DnsOptionsSpecification) *ModifyVpcEndpointInput {
s.DnsOptions = v
return s
}
// SetDryRun sets the DryRun field's value.
func (s *ModifyVpcEndpointInput) SetDryRun(v bool) *ModifyVpcEndpointInput {
s.DryRun = &v
return s
}
// SetIpAddressType sets the IpAddressType field's value.
func (s *ModifyVpcEndpointInput) SetIpAddressType(v string) *ModifyVpcEndpointInput {
s.IpAddressType = &v
return s
}
// SetPolicyDocument sets the PolicyDocument field's value.
func (s *ModifyVpcEndpointInput) SetPolicyDocument(v string) *ModifyVpcEndpointInput {
s.PolicyDocument = &v
@ -130330,6 +130687,9 @@ type ModifyVpcEndpointServiceConfigurationInput struct {
// service configuration.
AddNetworkLoadBalancerArns []*string `locationName:"AddNetworkLoadBalancerArn" locationNameList:"item" type:"list"`
// The IP address types to add to your service configuration.
AddSupportedIpAddressTypes []*string `locationName:"AddSupportedIpAddressType" locationNameList:"item" type:"list"`
// Checks whether you have the required permissions for the action, without
// actually making the request, and provides an error response. If you have
// the required permissions, the error response is DryRunOperation. Otherwise,
@ -130352,6 +130712,9 @@ type ModifyVpcEndpointServiceConfigurationInput struct {
// service.
RemovePrivateDnsName *bool `type:"boolean"`
// The IP address types to remove from your service configuration.
RemoveSupportedIpAddressTypes []*string `locationName:"RemoveSupportedIpAddressType" locationNameList:"item" type:"list"`
// The ID of the service.
//
// ServiceId is a required field
@ -130407,6 +130770,12 @@ func (s *ModifyVpcEndpointServiceConfigurationInput) SetAddNetworkLoadBalancerAr
return s
}
// SetAddSupportedIpAddressTypes sets the AddSupportedIpAddressTypes field's value.
func (s *ModifyVpcEndpointServiceConfigurationInput) SetAddSupportedIpAddressTypes(v []*string) *ModifyVpcEndpointServiceConfigurationInput {
s.AddSupportedIpAddressTypes = v
return s
}
// SetDryRun sets the DryRun field's value.
func (s *ModifyVpcEndpointServiceConfigurationInput) SetDryRun(v bool) *ModifyVpcEndpointServiceConfigurationInput {
s.DryRun = &v
@ -130437,6 +130806,12 @@ func (s *ModifyVpcEndpointServiceConfigurationInput) SetRemovePrivateDnsName(v b
return s
}
// SetRemoveSupportedIpAddressTypes sets the RemoveSupportedIpAddressTypes field's value.
func (s *ModifyVpcEndpointServiceConfigurationInput) SetRemoveSupportedIpAddressTypes(v []*string) *ModifyVpcEndpointServiceConfigurationInput {
s.RemoveSupportedIpAddressTypes = v
return s
}
// SetServiceId sets the ServiceId field's value.
func (s *ModifyVpcEndpointServiceConfigurationInput) SetServiceId(v string) *ModifyVpcEndpointServiceConfigurationInput {
s.ServiceId = &v
@ -137967,6 +138342,19 @@ type RegisterImageInput struct {
// PV AMI can make instances launched from the AMI unreachable.
SriovNetSupport *string `locationName:"sriovNetSupport" type:"string"`
// Set to v2.0 to enable Trusted Platform Module (TPM) support. For more information,
// see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html)
// in the Amazon Elastic Compute Cloud User Guide.
TpmSupport *string `type:"string" enum:"TpmSupportValues"`
// Base64 representation of the non-volatile UEFI variable store. To retrieve
// the UEFI data, use the GetInstanceUefiData (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetInstanceUefiData)
// command. You can inspect and modify the UEFI data by using the python-uefivars
// tool (https://github.com/awslabs/python-uefivars) on GitHub. For more information,
// see UEFI Secure Boot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/uefi-secure-boot.html)
// in the Amazon Elastic Compute Cloud User Guide.
UefiData *string `type:"string"`
// The type of virtualization (hvm | paravirtual).
//
// Default: paravirtual
@ -138082,6 +138470,18 @@ func (s *RegisterImageInput) SetSriovNetSupport(v string) *RegisterImageInput {
return s
}
// SetTpmSupport sets the TpmSupport field's value.
func (s *RegisterImageInput) SetTpmSupport(v string) *RegisterImageInput {
s.TpmSupport = &v
return s
}
// SetUefiData sets the UefiData field's value.
func (s *RegisterImageInput) SetUefiData(v string) *RegisterImageInput {
s.UefiData = &v
return s
}
// SetVirtualizationType sets the VirtualizationType field's value.
func (s *RegisterImageInput) SetVirtualizationType(v string) *RegisterImageInput {
s.VirtualizationType = &v
@ -147998,6 +148398,9 @@ type ServiceConfiguration struct {
// The type of service.
ServiceType []*ServiceTypeDetail `locationName:"serviceType" locationNameList:"item" type:"list"`
// The supported IP address types.
SupportedIpAddressTypes []*string `locationName:"supportedIpAddressTypeSet" locationNameList:"item" type:"list" enum:"ServiceConnectivityType"`
// Any tags assigned to the service.
Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"`
}
@ -148098,6 +148501,12 @@ func (s *ServiceConfiguration) SetServiceType(v []*ServiceTypeDetail) *ServiceCo
return s
}
// SetSupportedIpAddressTypes sets the SupportedIpAddressTypes field's value.
func (s *ServiceConfiguration) SetSupportedIpAddressTypes(v []*string) *ServiceConfiguration {
s.SupportedIpAddressTypes = v
return s
}
// SetTags sets the Tags field's value.
func (s *ServiceConfiguration) SetTags(v []*Tag) *ServiceConfiguration {
s.Tags = v
@ -148149,6 +148558,9 @@ type ServiceDetail struct {
// The type of service.
ServiceType []*ServiceTypeDetail `locationName:"serviceType" locationNameList:"item" type:"list"`
// The supported IP address types.
SupportedIpAddressTypes []*string `locationName:"supportedIpAddressTypeSet" locationNameList:"item" type:"list" enum:"ServiceConnectivityType"`
// Any tags assigned to the service.
Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"`
@ -148246,6 +148658,12 @@ func (s *ServiceDetail) SetServiceType(v []*ServiceTypeDetail) *ServiceDetail {
return s
}
// SetSupportedIpAddressTypes sets the SupportedIpAddressTypes field's value.
func (s *ServiceDetail) SetSupportedIpAddressTypes(v []*string) *ServiceDetail {
s.SupportedIpAddressTypes = v
return s
}
// SetTags sets the Tags field's value.
func (s *ServiceDetail) SetTags(v []*Tag) *ServiceDetail {
s.Tags = v
@ -153913,6 +154331,9 @@ type TrafficMirrorTarget struct {
// Information about the Traffic Mirror target.
Description *string `locationName:"description" type:"string"`
// The ID of the Gateway Load Balancer endpoint.
GatewayLoadBalancerEndpointId *string `locationName:"gatewayLoadBalancerEndpointId" type:"string"`
// The network interface ID that is attached to the target.
NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"`
@ -153956,6 +154377,12 @@ func (s *TrafficMirrorTarget) SetDescription(v string) *TrafficMirrorTarget {
return s
}
// SetGatewayLoadBalancerEndpointId sets the GatewayLoadBalancerEndpointId field's value.
func (s *TrafficMirrorTarget) SetGatewayLoadBalancerEndpointId(v string) *TrafficMirrorTarget {
s.GatewayLoadBalancerEndpointId = &v
return s
}
// SetNetworkInterfaceId sets the NetworkInterfaceId field's value.
func (s *TrafficMirrorTarget) SetNetworkInterfaceId(v string) *TrafficMirrorTarget {
s.NetworkInterfaceId = &v
@ -159016,23 +159443,29 @@ func (s *VpcClassicLink) SetVpcId(v string) *VpcClassicLink {
type VpcEndpoint struct {
_ struct{} `type:"structure"`
// The date and time that the VPC endpoint was created.
// The date and time that the endpoint was created.
CreationTimestamp *time.Time `locationName:"creationTimestamp" type:"timestamp"`
// (Interface endpoint) The DNS entries for the endpoint.
DnsEntries []*DnsEntry `locationName:"dnsEntrySet" locationNameList:"item" type:"list"`
// The DNS options for the endpoint.
DnsOptions *DnsOptions `locationName:"dnsOptions" type:"structure"`
// (Interface endpoint) Information about the security groups that are associated
// with the network interface.
Groups []*SecurityGroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"`
// The last error that occurred for VPC endpoint.
// The IP address type for the endpoint.
IpAddressType *string `locationName:"ipAddressType" type:"string" enum:"IpAddressType"`
// The last error that occurred for endpoint.
LastError *LastError `locationName:"lastError" type:"structure"`
// (Interface endpoint) One or more network interfaces for the endpoint.
NetworkInterfaceIds []*string `locationName:"networkInterfaceIdSet" locationNameList:"item" type:"list"`
// The ID of the Amazon Web Services account that owns the VPC endpoint.
// The ID of the Amazon Web Services account that owns the endpoint.
OwnerId *string `locationName:"ownerId" type:"string"`
// The policy document associated with the endpoint, if applicable.
@ -159042,7 +159475,7 @@ type VpcEndpoint struct {
// hosted zone.
PrivateDnsEnabled *bool `locationName:"privateDnsEnabled" type:"boolean"`
// Indicates whether the VPC endpoint is being managed by its service.
// Indicates whether the endpoint is being managed by its service.
RequesterManaged *bool `locationName:"requesterManaged" type:"boolean"`
// (Gateway endpoint) One or more route tables associated with the endpoint.
@ -159051,16 +159484,16 @@ type VpcEndpoint struct {
// The name of the service to which the endpoint is associated.
ServiceName *string `locationName:"serviceName" type:"string"`
// The state of the VPC endpoint.
// The state of the endpoint.
State *string `locationName:"state" type:"string" enum:"State"`
// (Interface endpoint) One or more subnets in which the endpoint is located.
// (Interface endpoint) The subnets for the endpoint.
SubnetIds []*string `locationName:"subnetIdSet" locationNameList:"item" type:"list"`
// Any tags assigned to the VPC endpoint.
// Any tags assigned to the endpoint.
Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"`
// The ID of the VPC endpoint.
// The ID of the endpoint.
VpcEndpointId *string `locationName:"vpcEndpointId" type:"string"`
// The type of endpoint.
@ -159100,12 +159533,24 @@ func (s *VpcEndpoint) SetDnsEntries(v []*DnsEntry) *VpcEndpoint {
return s
}
// SetDnsOptions sets the DnsOptions field's value.
func (s *VpcEndpoint) SetDnsOptions(v *DnsOptions) *VpcEndpoint {
s.DnsOptions = v
return s
}
// SetGroups sets the Groups field's value.
func (s *VpcEndpoint) SetGroups(v []*SecurityGroupIdentifier) *VpcEndpoint {
s.Groups = v
return s
}
// SetIpAddressType sets the IpAddressType field's value.
func (s *VpcEndpoint) SetIpAddressType(v string) *VpcEndpoint {
s.IpAddressType = &v
return s
}
// SetLastError sets the LastError field's value.
func (s *VpcEndpoint) SetLastError(v *LastError) *VpcEndpoint {
s.LastError = v
@ -159203,6 +159648,9 @@ type VpcEndpointConnection struct {
// The Amazon Resource Names (ARNs) of the Gateway Load Balancers for the service.
GatewayLoadBalancerArns []*string `locationName:"gatewayLoadBalancerArnSet" locationNameList:"item" type:"list"`
// The IP address type for the endpoint.
IpAddressType *string `locationName:"ipAddressType" type:"string" enum:"IpAddressType"`
// The Amazon Resource Names (ARNs) of the network load balancers for the service.
NetworkLoadBalancerArns []*string `locationName:"networkLoadBalancerArnSet" locationNameList:"item" type:"list"`
@ -159255,6 +159703,12 @@ func (s *VpcEndpointConnection) SetGatewayLoadBalancerArns(v []*string) *VpcEndp
return s
}
// SetIpAddressType sets the IpAddressType field's value.
func (s *VpcEndpointConnection) SetIpAddressType(v string) *VpcEndpointConnection {
s.IpAddressType = &v
return s
}
// SetNetworkLoadBalancerArns sets the NetworkLoadBalancerArns field's value.
func (s *VpcEndpointConnection) SetNetworkLoadBalancerArns(v []*string) *VpcEndpointConnection {
s.NetworkLoadBalancerArns = v
@ -161947,6 +162401,30 @@ func DnsNameState_Values() []string {
}
}
const (
// DnsRecordIpTypeIpv4 is a DnsRecordIpType enum value
DnsRecordIpTypeIpv4 = "ipv4"
// DnsRecordIpTypeDualstack is a DnsRecordIpType enum value
DnsRecordIpTypeDualstack = "dualstack"
// DnsRecordIpTypeIpv6 is a DnsRecordIpType enum value
DnsRecordIpTypeIpv6 = "ipv6"
// DnsRecordIpTypeServiceDefined is a DnsRecordIpType enum value
DnsRecordIpTypeServiceDefined = "service-defined"
)
// DnsRecordIpType_Values returns all elements of the DnsRecordIpType enum
func DnsRecordIpType_Values() []string {
return []string{
DnsRecordIpTypeIpv4,
DnsRecordIpTypeDualstack,
DnsRecordIpTypeIpv6,
DnsRecordIpTypeServiceDefined,
}
}
const (
// DnsSupportValueEnable is a DnsSupportValue enum value
DnsSupportValueEnable = "enable"
@ -162756,6 +163234,12 @@ const (
// ImageAttributeNameBootMode is a ImageAttributeName enum value
ImageAttributeNameBootMode = "bootMode"
// ImageAttributeNameTpmSupport is a ImageAttributeName enum value
ImageAttributeNameTpmSupport = "tpmSupport"
// ImageAttributeNameUefiData is a ImageAttributeName enum value
ImageAttributeNameUefiData = "uefiData"
// ImageAttributeNameLastLaunchedTime is a ImageAttributeName enum value
ImageAttributeNameLastLaunchedTime = "lastLaunchedTime"
)
@ -162771,6 +163255,8 @@ func ImageAttributeName_Values() []string {
ImageAttributeNameBlockDeviceMapping,
ImageAttributeNameSriovNetSupport,
ImageAttributeNameBootMode,
ImageAttributeNameTpmSupport,
ImageAttributeNameUefiData,
ImageAttributeNameLastLaunchedTime,
}
}
@ -165263,6 +165749,26 @@ func InterfaceProtocolType_Values() []string {
}
}
const (
// IpAddressTypeIpv4 is a IpAddressType enum value
IpAddressTypeIpv4 = "ipv4"
// IpAddressTypeDualstack is a IpAddressType enum value
IpAddressTypeDualstack = "dualstack"
// IpAddressTypeIpv6 is a IpAddressType enum value
IpAddressTypeIpv6 = "ipv6"
)
// IpAddressType_Values returns all elements of the IpAddressType enum
func IpAddressType_Values() []string {
return []string{
IpAddressTypeIpv4,
IpAddressTypeDualstack,
IpAddressTypeIpv6,
}
}
const (
// IpamAddressHistoryResourceTypeEip is a IpamAddressHistoryResourceType enum value
IpamAddressHistoryResourceTypeEip = "eip"
@ -167283,6 +167789,22 @@ func SelfServicePortal_Values() []string {
}
}
const (
// ServiceConnectivityTypeIpv4 is a ServiceConnectivityType enum value
ServiceConnectivityTypeIpv4 = "ipv4"
// ServiceConnectivityTypeIpv6 is a ServiceConnectivityType enum value
ServiceConnectivityTypeIpv6 = "ipv6"
)
// ServiceConnectivityType_Values returns all elements of the ServiceConnectivityType enum
func ServiceConnectivityType_Values() []string {
return []string{
ServiceConnectivityTypeIpv4,
ServiceConnectivityTypeIpv6,
}
}
const (
// ServiceStatePending is a ServiceState enum value
ServiceStatePending = "Pending"
@ -167811,6 +168333,18 @@ func TieringOperationStatus_Values() []string {
}
}
const (
// TpmSupportValuesV20 is a TpmSupportValues enum value
TpmSupportValuesV20 = "v2.0"
)
// TpmSupportValues_Values returns all elements of the TpmSupportValues enum
func TpmSupportValues_Values() []string {
return []string{
TpmSupportValuesV20,
}
}
const (
// TrafficDirectionIngress is a TrafficDirection enum value
TrafficDirectionIngress = "ingress"
@ -167905,6 +168439,9 @@ const (
// TrafficMirrorTargetTypeNetworkLoadBalancer is a TrafficMirrorTargetType enum value
TrafficMirrorTargetTypeNetworkLoadBalancer = "network-load-balancer"
// TrafficMirrorTargetTypeGatewayLoadBalancerEndpoint is a TrafficMirrorTargetType enum value
TrafficMirrorTargetTypeGatewayLoadBalancerEndpoint = "gateway-load-balancer-endpoint"
)
// TrafficMirrorTargetType_Values returns all elements of the TrafficMirrorTargetType enum
@ -167912,6 +168449,7 @@ func TrafficMirrorTargetType_Values() []string {
return []string{
TrafficMirrorTargetTypeNetworkInterface,
TrafficMirrorTargetTypeNetworkLoadBalancer,
TrafficMirrorTargetTypeGatewayLoadBalancerEndpoint,
}
}

211
vendor/github.com/aws/aws-sdk-go/service/kms/api.go generated vendored
View File

@ -912,12 +912,12 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out
// and verify. You can't change these properties after the KMS key is created.
//
// Asymmetric KMS keys contain an RSA key pair or an Elliptic Curve (ECC) key
// pair. The private key in an asymmetric KMS key never leaves AWS KMS unencrypted.
// pair. The private key in an asymmetric KMS key never leaves KMS unencrypted.
// However, you can use the GetPublicKey operation to download the public key
// so it can be used outside of AWS KMS. KMS keys with RSA key pairs can be
// used to encrypt or decrypt data or sign and verify messages (but not both).
// KMS keys with ECC key pairs can be used only to sign and verify messages.
// For information about asymmetric KMS keys, see Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
// so it can be used outside of KMS. KMS keys with RSA key pairs can be used
// to encrypt or decrypt data or sign and verify messages (but not both). KMS
// keys with ECC key pairs can be used only to sign and verify messages. For
// information about asymmetric KMS keys, see Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
// in the Key Management Service Developer Guide.
//
// HMAC KMS key
@ -1191,8 +1191,8 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output
//
// The Decrypt operation also decrypts ciphertext that was encrypted outside
// of KMS by the public key in an KMS asymmetric KMS key. However, it cannot
// decrypt symmetric ciphertext produced by other libraries, such as the Amazon
// Web Services Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/)
// decrypt ciphertext produced by other libraries, such as the Amazon Web Services
// Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/)
// or Amazon S3 client-side encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html).
// These libraries return a ciphertext format that is incompatible with KMS.
//
@ -2195,16 +2195,27 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re
// DisableKeyRotation API operation for AWS Key Management Service.
//
// Disables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
// for the specified symmetric encryption KMS key.
// of the specified symmetric encryption KMS key.
//
// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
// Automatic key rotation is supported only on symmetric encryption KMS keys.
// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
// HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html),
// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
// To enable or disable automatic rotation of a set of related multi-Region
// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
// The key rotation status of these KMS keys is always false. To enable or disable
// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
// set the property on the primary key.
//
// You can enable (EnableKeyRotation) and disable automatic rotation of the
// key material in customer managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk).
// Key material rotation of Amazon Web Services managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk)
// is not configurable. KMS always rotates the key material for every year.
// Rotation of Amazon Web Services owned KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk)
// varies.
//
// In May 2022, KMS changed the rotation schedule for Amazon Web Services managed
// keys from every three years to every year. For details, see EnableKeyRotation.
//
// The KMS key that you use for this operation must be in a compatible key state.
// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide.
@ -2589,16 +2600,41 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ
// EnableKeyRotation API operation for AWS Key Management Service.
//
// Enables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
// for the specified symmetric encryption KMS key.
// of the specified symmetric encryption KMS key.
//
// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
// When you enable automatic rotation of acustomer managed KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk),
// KMS rotates the key material of the KMS key one year (approximately 365 days)
// from the enable date and every year thereafter. You can monitor rotation
// of the key material for your KMS keys in CloudTrail and Amazon CloudWatch.
// To disable rotation of the key material in a customer managed KMS key, use
// the DisableKeyRotation operation.
//
// Automatic key rotation is supported only on symmetric encryption KMS keys
// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks).
// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
// HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html),
// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
// To enable or disable automatic rotation of a set of related multi-Region
// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
// The key rotation status of these KMS keys is always false. To enable or disable
// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
// set the property on the primary key.
//
// You cannot enable or disable automatic rotation Amazon Web Services managed
// KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).
// KMS always rotates the key material of Amazon Web Services managed keys every
// year. Rotation of Amazon Web Services owned KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk)
// varies.
//
// In May 2022, KMS changed the rotation schedule for Amazon Web Services managed
// keys from every three years (approximately 1,095 days) to every year (approximately
// 365 days).
//
// New Amazon Web Services managed keys are automatically rotated one year after
// they are created, and approximately every year thereafter.
//
// Existing Amazon Web Services managed keys are automatically rotated one year
// after their most recent rotation, and every year thereafter.
//
// The KMS key that you use for this operation must be in a compatible key state.
// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide.
@ -3490,14 +3526,16 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho
//
// This operation is useful for systems that need to encrypt data at some point,
// but not immediately. When you need to encrypt the data, you call the Decrypt
// operation on the encrypted copy of the key. It's also useful in distributed
// systems with different levels of trust. For example, you might store encrypted
// data in containers. One component of your system creates new containers and
// stores an encrypted data key with each container. Then, a different component
// puts the data into the containers. That component first decrypts the data
// key, uses the plaintext data key to encrypt data, puts the encrypted data
// into the container, and then destroys the plaintext data key. In this system,
// the component that creates the containers never sees the plaintext data key.
// operation on the encrypted copy of the key.
//
// It's also useful in distributed systems with different levels of trust. For
// example, you might store encrypted data in containers. One component of your
// system creates new containers and stores an encrypted data key with each
// container. Then, a different component puts the data into the containers.
// That component first decrypts the data key, uses the plaintext data key to
// encrypt data, puts the encrypted data into the container, and then destroys
// the plaintext data key. In this system, the component that creates the containers
// never sees the plaintext data key.
//
// To request an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext
// operations.
@ -3672,6 +3710,13 @@ func (c *KMS) GenerateMacRequest(input *GenerateMacInput) (req *request.Request,
// KMS support for HMAC KMS keys. For details, see HMAC keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html)
// in the Key Management Service Developer Guide .
//
// Best practices recommend that you limit the time during which any signing
// mechanism, including an HMAC, is effective. This deters an attack where the
// actor uses a signed message to establish validity repeatedly or long after
// the message is superseded. HMAC tags do not include a timestamp, but you
// can include a timestamp in the token or message to help you detect when its
// time to refresh the HMAC.
//
// The KMS key that you use for this operation must be in a compatible key state.
// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide.
@ -4038,14 +4083,30 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req
// material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
// is enabled for the specified KMS key.
//
// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
// When you enable automatic rotation for customer managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk),
// KMS rotates the key material of the KMS key one year (approximately 365 days)
// from the enable date and every year thereafter. You can monitor rotation
// of the key material for your KMS keys in CloudTrail and Amazon CloudWatch.
//
// Automatic key rotation is supported only on symmetric encryption KMS keys
// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks).
// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
// HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html),
// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
// To enable or disable automatic rotation of a set of related multi-Region
// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
// set the property on the primary key. The key rotation status for these KMS
// keys is always false.
// The key rotation status of these KMS keys is always false. To enable or disable
// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
// set the property on the primary key..
//
// You can enable (EnableKeyRotation) and disable automatic rotation (DisableKeyRotation)
// of the key material in customer managed KMS keys. Key material rotation of
// Amazon Web Services managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk)
// is not configurable. KMS always rotates the key material in Amazon Web Services
// managed KMS keys every year. The key rotation status for Amazon Web Services
// managed KMS keys is always true.
//
// In May 2022, KMS changed the rotation schedule for Amazon Web Services managed
// keys from every three years to every year. For details, see EnableKeyRotation.
//
// The KMS key that you use for this operation must be in a compatible key state.
// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
@ -4053,11 +4114,15 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req
//
// * Disabled: The key rotation status does not change when you disable a
// KMS key. However, while the KMS key is disabled, KMS does not rotate the
// key material.
// key material. When you re-enable the KMS key, rotation resumes. If the
// key material in the re-enabled KMS key hasn't been rotated in one year,
// KMS rotates it immediately, and every year thereafter. If it's been less
// than a year since the key material in the re-enabled KMS key was rotated,
// the KMS key resumes its prior rotation schedule.
//
// * Pending deletion: While a KMS key is pending deletion, its key rotation
// status is false and KMS does not rotate the key material. If you cancel
// the deletion, the original key rotation status is restored.
// the deletion, the original key rotation status returns to true.
//
// Cross-account use: Yes. To perform this operation on a KMS key in a different
// Amazon Web Services account, specify the key ARN in the value of the KeyId
@ -6644,6 +6709,12 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO
// When signing a message, be sure to record the KMS key and the signing algorithm.
// This information is required to verify the signature.
//
// Best practices recommend that you limit the time during which any signature
// is effective. This deters an attack where the actor uses a signed message
// to establish validity repeatedly or long after the message is superseded.
// Signatures do not include a timestamp, but you can include a timestamp in
// the signed message to help you detect when its time to refresh the signature.
//
// To verify the signature that this operation generates, use the Verify operation.
// Or use the GetPublicKey operation to download the public key and then use
// the public key to verify the signature outside of KMS.
@ -9242,11 +9313,11 @@ type CreateKeyInput struct {
// in the Key Management Service Developer Guide .
//
// The KeySpec determines whether the KMS key contains a symmetric key or an
// asymmetric key pair. It also determines the algorithms that the KMS key supports.
// You can't change the KeySpec after the KMS key is created. To further restrict
// the algorithms that can be used with the KMS key, use a condition key in
// its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm
// (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm),
// asymmetric key pair. It also determines the cryptographic algorithms that
// the KMS key supports. You can't change the KeySpec after the KMS key is created.
// To further restrict the algorithms that can be used with the KMS key, use
// a condition key in its key policy or IAM policy. For more information, see
// kms:EncryptionAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm),
// kms:MacAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-mac-algorithm)
// or kms:Signing Algorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm)
// in the Key Management Service Developer Guide .
@ -9307,9 +9378,9 @@ type CreateKeyInput struct {
// This value creates a primary key, not a replica. To create a replica key,
// use the ReplicateKey operation.
//
// You can create a symmetric or asymmetric multi-Region key, and you can create
// a multi-Region key with imported key material. However, you cannot create
// a multi-Region key in a custom key store.
// You can create a multi-Region version of a symmetric encryption KMS key,
// an HMAC KMS key, an asymmetric KMS key, or a KMS key with imported key material.
// However, you cannot create a multi-Region key in a custom key store.
MultiRegion *bool `type:"boolean"`
// The source of the key material for the KMS key. You cannot change the origin
@ -9329,11 +9400,14 @@ type CreateKeyInput struct {
// KMS keys.
Origin *string `type:"string" enum:"OriginType"`
// The key policy to attach to the KMS key.
// The key policy to attach to the KMS key. If you do not specify a key policy,
// KMS attaches a default key policy to the KMS key. For more information, see
// Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default)
// in the Key Management Service Developer Guide.
//
// If you provide a key policy, it must meet the following criteria:
//
// * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy
// * If you don't set BypassPolicyLockoutSafetyCheck to True, the key policy
// must allow the principal that is making the CreateKey request to make
// a subsequent PutKeyPolicy request on the KMS key. This reduces the risk
// that the KMS key becomes unmanageable. For more information, refer to
@ -9349,11 +9423,18 @@ type CreateKeyInput struct {
// visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
// in the Amazon Web Services Identity and Access Management User Guide.
//
// If you do not provide a key policy, KMS attaches a default key policy to
// the KMS key. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default)
// in the Key Management Service Developer Guide.
// A key policy document must conform to the following rules.
//
// The key policy size quota is 32 kilobytes (32768 bytes).
// * Up to 32 kilobytes (32768 bytes)
//
// * Must be UTF-8 encoded
//
// * The only Unicode characters that are permitted in a key policy document
// are the horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D),
// and characters in the range U+0020 to U+00FF.
//
// * The Sid element in a key policy statement can include spaces. (Spaces
// are prohibited in the Sid element of an IAM policy document.)
//
// For help writing and formatting a JSON policy document, see the IAM JSON
// Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html)
@ -11098,13 +11179,13 @@ func (s EnableKeyOutput) GoString() string {
type EnableKeyRotationInput struct {
_ struct{} `type:"structure"`
// Identifies a symmetric encryption KMS key. You cannot enable automatic rotation
// of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
// Identifies a symmetric encryption KMS key. You cannot enable or disable automatic
// rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html),
// HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html),
// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
// To enable or disable automatic rotation of a set of related multi-Region
// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
// The key rotation status of these KMS keys is always false. To enable or disable
// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate),
// set the property on the primary key.
//
// Specify the key ID or key ARN of the KMS key.
@ -15929,9 +16010,18 @@ type PutKeyPolicyInput struct {
// visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
// in the Amazon Web Services Identity and Access Management User Guide.
//
// The key policy cannot exceed 32 kilobytes (32768 bytes). For more information,
// see Resource Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html)
// in the Key Management Service Developer Guide.
// A key policy document must conform to the following rules.
//
// * Up to 32 kilobytes (32768 bytes)
//
// * Must be UTF-8 encoded
//
// * The only Unicode characters that are permitted in a key policy document
// are the horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D),
// and characters in the range U+0020 to U+00FF.
//
// * The Sid element in a key policy statement can include spaces. (Spaces
// are prohibited in the Sid element of an IAM policy document.)
//
// Policy is a required field
Policy *string `min:"1" type:"string" required:"true"`
@ -16391,7 +16481,18 @@ type ReplicateKeyInput struct {
// visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
// in the Identity and Access Management User Guide .
//
// * The key policy size quota is 32 kilobytes (32768 bytes).
// A key policy document must conform to the following rules.
//
// * Up to 32 kilobytes (32768 bytes)
//
// * Must be UTF-8 encoded
//
// * The only Unicode characters that are permitted in a key policy document
// are the horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D),
// and characters in the range U+0020 to U+00FF.
//
// * The Sid element in a key policy statement can include spaces. (Spaces
// are prohibited in the Sid element of an IAM policy document.)
Policy *string `min:"1" type:"string"`
// The Region ID of the Amazon Web Services Region for this replica key.
@ -16818,9 +16919,9 @@ type ScheduleKeyDeletionInput struct {
// The waiting period, specified in number of days. After the waiting period
// ends, KMS deletes the KMS key.
//
// If the KMS key is a multi-Region primary key with replicas, the waiting period
// begins when the last of its replica keys is deleted. Otherwise, the waiting
// period begins immediately.
// If the KMS key is a multi-Region primary key with replica keys, the waiting
// period begins when the last of its replica keys is deleted. Otherwise, the
// waiting period begins immediately.
//
// This value is optional. If you include a value, it must be between 7 and
// 30, inclusive. If you do not include a value, it defaults to 30.

10
vendor/github.com/aws/aws-sdk-go/service/kms/doc.go generated vendored
View File

@ -30,11 +30,11 @@
// see Service endpoints (https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region)
// in the Key Management Service topic of the Amazon Web Services General Reference.
//
// Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS
// 1.2. Clients must also support cipher suites with Perfect Forward Secrecy
// (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral
// Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support
// these modes.
// All KMS API calls must be signed and be transmitted using Transport Layer
// Security (TLS). KMS recommends you always use the latest supported TLS version.
// Clients must also support cipher suites with Perfect Forward Secrecy (PFS)
// such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman
// (ECDHE). Most modern systems such as Java 7 and later support these modes.
//
// Signing Requests
//

6
vendor/github.com/aws/aws-sdk-go/service/sts/api.go generated vendored
View File

@ -1279,6 +1279,12 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide.
//
// No permissions are required for users to perform this operation. The purpose
// of the sts:GetSessionToken operation is to authenticate the user using MFA.
// You cannot use policies to control authentication operations. For more information,
// see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
// in the IAM User Guide.
//
// Session Duration
//
// The GetSessionToken operation must be called by using the long-term Amazon

2
vendor/modules.txt vendored
View File

@ -14,7 +14,7 @@ github.com/armon/go-metrics
# github.com/armon/go-radix v1.0.0
## explicit
github.com/armon/go-radix
# github.com/aws/aws-sdk-go v1.44.10
# github.com/aws/aws-sdk-go v1.44.16
## explicit; go 1.11
github.com/aws/aws-sdk-go/aws
github.com/aws/aws-sdk-go/aws/awserr