From 9d3086e211821698618f7fbdb579dfcf07b021a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 May 2022 05:37:10 +0000 Subject: [PATCH] rebase: bump github.com/aws/aws-sdk-go from 1.44.10 to 1.44.16 Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.10 to 1.44.16. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.10...v1.44.16) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../github.com/aws/aws-sdk-go/aws/version.go | 2 +- .../aws/aws-sdk-go/service/ec2/api.go | 556 +++++++++++++++++- .../aws/aws-sdk-go/service/kms/api.go | 211 +++++-- .../aws/aws-sdk-go/service/kms/doc.go | 10 +- .../aws/aws-sdk-go/service/sts/api.go | 6 + vendor/modules.txt | 2 +- 8 files changed, 719 insertions(+), 74 deletions(-) diff --git a/go.mod b/go.mod index 0b5763fbe..e63d55bec 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.17 require ( github.com/IBM/keyprotect-go-client v0.7.0 - github.com/aws/aws-sdk-go v1.44.10 + github.com/aws/aws-sdk-go v1.44.16 github.com/aws/aws-sdk-go-v2/service/sts v1.16.5 github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000 // TODO: API for managing NFS-exports requires `ceph_ci_untested` build-tag diff --git a/go.sum b/go.sum index acc7f7f24..3811be1d5 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= -github.com/aws/aws-sdk-go v1.44.10 h1:ohCdgQpJ9ojzm0fOk7ykrMTgTpHJBk5nnA7X+HzmnOA= -github.com/aws/aws-sdk-go v1.44.10/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= +github.com/aws/aws-sdk-go v1.44.16 h1:6voHuNZZNWo71MdNlym4eRlcogTeTSk9Ipo6qDJWzoU= +github.com/aws/aws-sdk-go v1.44.16/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go-v2 v1.16.3 h1:0W1TSJ7O6OzwuEvIXAtJGvOeQ0SGAhcpxPN2/NK5EhM= github.com/aws/aws-sdk-go-v2 v1.16.3/go.mod h1:ytwTPBG6fXTZLxxeeCCWj2/EMYp/xDUgX+OET6TLNNU= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.10 h1:uFWgo6mGJI1n17nbcvSc6fxVuR3xLNqvXt12JCnEcT8= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 8156b4f5e..3da0a0194 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.44.10" +const SDKVersion = "1.44.16" diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index d0abc7258..9e37d6598 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -8216,7 +8216,8 @@ func (c *EC2) CreateTrafficMirrorTargetRequest(input *CreateTrafficMirrorTargetI // in the same VPC, or in different VPCs connected via VPC peering or a transit // gateway. // -// A Traffic Mirror target can be a network interface, or a Network Load Balancer. +// A Traffic Mirror target can be a network interface, a Network Load Balancer, +// or a Gateway Load Balancer endpoint. // // To use the target in a Traffic Mirror session, use CreateTrafficMirrorSession // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorSession.htm). @@ -35562,6 +35563,93 @@ func (c *EC2) GetInstanceTypesFromInstanceRequirementsPagesWithContext(ctx aws.C return p.Err() } +const opGetInstanceUefiData = "GetInstanceUefiData" + +// GetInstanceUefiDataRequest generates a "aws/request.Request" representing the +// client's request for the GetInstanceUefiData operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetInstanceUefiData for more information on using the GetInstanceUefiData +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetInstanceUefiDataRequest method. +// req, resp := client.GetInstanceUefiDataRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetInstanceUefiData +func (c *EC2) GetInstanceUefiDataRequest(input *GetInstanceUefiDataInput) (req *request.Request, output *GetInstanceUefiDataOutput) { + op := &request.Operation{ + Name: opGetInstanceUefiData, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetInstanceUefiDataInput{} + } + + output = &GetInstanceUefiDataOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetInstanceUefiData API operation for Amazon Elastic Compute Cloud. +// +// A binary representation of the UEFI variable store. Only non-volatile variables +// are stored. This is a base64 encoded and zlib compressed binary value that +// must be properly encoded. +// +// When you use register-image (https://docs.aws.amazon.com/cli/latest/reference/ec2/register-image.html) +// to create an AMI, you can create an exact copy of your variable store by +// passing the UEFI data in the UefiData parameter. You can modify the UEFI +// data by using the python-uefivars tool (https://github.com/awslabs/python-uefivars) +// on GitHub. You can use the tool to convert the UEFI data into a human-readable +// format (JSON), which you can inspect and modify, and then convert back into +// the binary format to use with register-image. +// +// For more information, see UEFI Secure Boot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/uefi-secure-boot.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetInstanceUefiData for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetInstanceUefiData +func (c *EC2) GetInstanceUefiData(input *GetInstanceUefiDataInput) (*GetInstanceUefiDataOutput, error) { + req, out := c.GetInstanceUefiDataRequest(input) + return out, req.Send() +} + +// GetInstanceUefiDataWithContext is the same as GetInstanceUefiData with the addition of +// the ability to pass a context and additional request options. +// +// See GetInstanceUefiData for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetInstanceUefiDataWithContext(ctx aws.Context, input *GetInstanceUefiDataInput, opts ...request.Option) (*GetInstanceUefiDataOutput, error) { + req, out := c.GetInstanceUefiDataRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetIpamAddressHistory = "GetIpamAddressHistory" // GetIpamAddressHistoryRequest generates a "aws/request.Request" representing the @@ -67710,6 +67798,9 @@ type CreateTrafficMirrorTargetInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // The ID of the Gateway Load Balancer endpoint. + GatewayLoadBalancerEndpointId *string `type:"string"` + // The network interface ID that is associated with the target. NetworkInterfaceId *string `type:"string"` @@ -67757,6 +67848,12 @@ func (s *CreateTrafficMirrorTargetInput) SetDryRun(v bool) *CreateTrafficMirrorT return s } +// SetGatewayLoadBalancerEndpointId sets the GatewayLoadBalancerEndpointId field's value. +func (s *CreateTrafficMirrorTargetInput) SetGatewayLoadBalancerEndpointId(v string) *CreateTrafficMirrorTargetInput { + s.GatewayLoadBalancerEndpointId = &v + return s +} + // SetNetworkInterfaceId sets the NetworkInterfaceId field's value. func (s *CreateTrafficMirrorTargetInput) SetNetworkInterfaceId(v string) *CreateTrafficMirrorTargetInput { s.NetworkInterfaceId = &v @@ -69527,12 +69624,18 @@ type CreateVpcEndpointInput struct { // of the request. For more information, see How to ensure idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string"` + // The DNS options for the endpoint. + DnsOptions *DnsOptionsSpecification `type:"structure"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // The IP address type for the endpoint. + IpAddressType *string `type:"string" enum:"IpAddressType"` + // (Interface and gateway endpoints) A policy to attach to the endpoint that // controls access to the service. The policy must be in valid JSON format. // If this parameter is not specified, we attach a default policy that allows @@ -69626,12 +69729,24 @@ func (s *CreateVpcEndpointInput) SetClientToken(v string) *CreateVpcEndpointInpu return s } +// SetDnsOptions sets the DnsOptions field's value. +func (s *CreateVpcEndpointInput) SetDnsOptions(v *DnsOptionsSpecification) *CreateVpcEndpointInput { + s.DnsOptions = v + return s +} + // SetDryRun sets the DryRun field's value. func (s *CreateVpcEndpointInput) SetDryRun(v bool) *CreateVpcEndpointInput { s.DryRun = &v return s } +// SetIpAddressType sets the IpAddressType field's value. +func (s *CreateVpcEndpointInput) SetIpAddressType(v string) *CreateVpcEndpointInput { + s.IpAddressType = &v + return s +} + // SetPolicyDocument sets the PolicyDocument field's value. func (s *CreateVpcEndpointInput) SetPolicyDocument(v string) *CreateVpcEndpointInput { s.PolicyDocument = &v @@ -69756,6 +69871,9 @@ type CreateVpcEndpointServiceConfigurationInput struct { // VPC endpoint service. PrivateDnsName *string `type:"string"` + // The supported IP address types. The possible values are ipv4 and ipv6. + SupportedIpAddressTypes []*string `locationName:"SupportedIpAddressType" locationNameList:"item" type:"list"` + // The tags to associate with the service. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` } @@ -69814,6 +69932,12 @@ func (s *CreateVpcEndpointServiceConfigurationInput) SetPrivateDnsName(v string) return s } +// SetSupportedIpAddressTypes sets the SupportedIpAddressTypes field's value. +func (s *CreateVpcEndpointServiceConfigurationInput) SetSupportedIpAddressTypes(v []*string) *CreateVpcEndpointServiceConfigurationInput { + s.SupportedIpAddressTypes = v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateVpcEndpointServiceConfigurationInput) SetTagSpecifications(v []*TagSpecification) *CreateVpcEndpointServiceConfigurationInput { s.TagSpecifications = v @@ -82502,6 +82626,17 @@ type DescribeImageAttributeOutput struct { // Indicates whether enhanced networking with the Intel 82599 Virtual Function // interface is enabled. SriovNetSupport *AttributeValue `locationName:"sriovNetSupport" type:"structure"` + + // If the image is configured for NitroTPM support, the value is v2.0. + TpmSupport *AttributeValue `locationName:"tpmSupport" type:"structure"` + + // Base64 representation of the non-volatile UEFI variable store. To retrieve + // the UEFI data, use the GetInstanceUefiData (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetInstanceUefiData) + // command. You can inspect and modify the UEFI data by using the python-uefivars + // tool (https://github.com/awslabs/python-uefivars) on GitHub. For more information, + // see UEFI Secure Boot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/uefi-secure-boot.html) + // in the Amazon Elastic Compute Cloud User Guide. + UefiData *AttributeValue `locationName:"uefiData" type:"structure"` } // String returns the string representation. @@ -82582,6 +82717,18 @@ func (s *DescribeImageAttributeOutput) SetSriovNetSupport(v *AttributeValue) *De return s } +// SetTpmSupport sets the TpmSupport field's value. +func (s *DescribeImageAttributeOutput) SetTpmSupport(v *AttributeValue) *DescribeImageAttributeOutput { + s.TpmSupport = v + return s +} + +// SetUefiData sets the UefiData field's value. +func (s *DescribeImageAttributeOutput) SetUefiData(v *AttributeValue) *DescribeImageAttributeOutput { + s.UefiData = v + return s +} + type DescribeImagesInput struct { _ struct{} `type:"structure"` @@ -95059,6 +95206,8 @@ type DescribeVpcEndpointConnectionsInput struct { // One or more filters. // + // * ip-address-type - The IP address type (ipv4 | ipv6). + // // * service-id - The ID of the service. // // * vpc-endpoint-owner - The ID of the Amazon Web Services account ID that @@ -95182,6 +95331,8 @@ type DescribeVpcEndpointServiceConfigurationsInput struct { // * service-state - The state of the service (Pending | Available | Deleting // | Deleted | Failed). // + // * supported-ip-address-types - The IP address type (ipv4 | ipv6). + // // * tag: - The key/value combination of a tag assigned to the resource. // Use the tag key in the filter name and the tag value as the filter value. // For example, to find all resources that have a tag with the key Owner @@ -95447,6 +95598,8 @@ type DescribeVpcEndpointServicesInput struct { // // * service-type - The type of service (Interface | Gateway). // + // * supported-ip-address-types - The IP address type (ipv4 | ipv6). + // // * tag: - The key/value combination of a tag assigned to the resource. // Use the tag key in the filter name and the tag value as the filter value. // For example, to find all resources that have a tag with the key Owner @@ -95584,6 +95737,8 @@ type DescribeVpcEndpointsInput struct { // One or more filters. // + // * ip-address-type - The IP address type (ipv4 | ipv6). + // // * service-name - The name of the service. // // * vpc-id - The ID of the VPC in which the endpoint resides. @@ -99629,6 +99784,70 @@ func (s *DnsEntry) SetHostedZoneId(v string) *DnsEntry { return s } +// Describes the DNS options for an endpoint. +type DnsOptions struct { + _ struct{} `type:"structure"` + + // The DNS records created for the endpoint. + DnsRecordIpType *string `locationName:"dnsRecordIpType" type:"string" enum:"DnsRecordIpType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DnsOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DnsOptions) GoString() string { + return s.String() +} + +// SetDnsRecordIpType sets the DnsRecordIpType field's value. +func (s *DnsOptions) SetDnsRecordIpType(v string) *DnsOptions { + s.DnsRecordIpType = &v + return s +} + +// Describes the DNS options for an endpoint. +type DnsOptionsSpecification struct { + _ struct{} `type:"structure"` + + // The DNS records created for the endpoint. + DnsRecordIpType *string `type:"string" enum:"DnsRecordIpType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DnsOptionsSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DnsOptionsSpecification) GoString() string { + return s.String() +} + +// SetDnsRecordIpType sets the DnsRecordIpType field's value. +func (s *DnsOptionsSpecification) SetDnsRecordIpType(v string) *DnsOptionsSpecification { + s.DnsRecordIpType = &v + return s +} + // Information about the DNS server to be used. type DnsServersOptionsModifyStructure struct { _ struct{} `type:"structure"` @@ -107106,6 +107325,104 @@ func (s *GetInstanceTypesFromInstanceRequirementsOutput) SetNextToken(v string) return s } +type GetInstanceUefiDataInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the instance from which to retrieve the UEFI data. + // + // InstanceId is a required field + InstanceId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetInstanceUefiDataInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetInstanceUefiDataInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetInstanceUefiDataInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetInstanceUefiDataInput"} + if s.InstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetInstanceUefiDataInput) SetDryRun(v bool) *GetInstanceUefiDataInput { + s.DryRun = &v + return s +} + +// SetInstanceId sets the InstanceId field's value. +func (s *GetInstanceUefiDataInput) SetInstanceId(v string) *GetInstanceUefiDataInput { + s.InstanceId = &v + return s +} + +type GetInstanceUefiDataOutput struct { + _ struct{} `type:"structure"` + + // The ID of the instance from which to retrieve the UEFI data. + InstanceId *string `locationName:"instanceId" type:"string"` + + // Base64 representation of the non-volatile UEFI variable store. + UefiData *string `locationName:"uefiData" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetInstanceUefiDataOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetInstanceUefiDataOutput) GoString() string { + return s.String() +} + +// SetInstanceId sets the InstanceId field's value. +func (s *GetInstanceUefiDataOutput) SetInstanceId(v string) *GetInstanceUefiDataOutput { + s.InstanceId = &v + return s +} + +// SetUefiData sets the UefiData field's value. +func (s *GetInstanceUefiDataOutput) SetUefiData(v string) *GetInstanceUefiDataOutput { + s.UefiData = &v + return s +} + type GetIpamAddressHistoryInput struct { _ struct{} `type:"structure"` @@ -111241,6 +111558,11 @@ type Image struct { // Any tags assigned to the image. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + // If the image is configured for NitroTPM support, the value is v2.0. For more + // information, see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) + // in the Amazon Elastic Compute Cloud User Guide. + TpmSupport *string `locationName:"tpmSupport" type:"string" enum:"TpmSupportValues"` + // The operation of the Amazon EC2 instance and the billing code that is associated // with the AMI. usageOperation corresponds to the lineitem/Operation (https://docs.aws.amazon.com/cur/latest/userguide/Lineitem-columns.html#Lineitem-details-O-Operation) // column on your Amazon Web Services Cost and Usage Report and in the Amazon @@ -111429,6 +111751,12 @@ func (s *Image) SetTags(v []*Tag) *Image { return s } +// SetTpmSupport sets the TpmSupport field's value. +func (s *Image) SetTpmSupport(v string) *Image { + s.TpmSupport = &v + return s +} + // SetUsageOperation sets the UsageOperation field's value. func (s *Image) SetUsageOperation(v string) *Image { s.UsageOperation = &v @@ -113594,6 +113922,11 @@ type Instance struct { // Any tags assigned to the instance. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + // If the instance is configured for NitroTPM support, the value is v2.0. For + // more information, see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) + // in the Amazon EC2 User Guide. + TpmSupport *string `locationName:"tpmSupport" type:"string"` + // The usage operation value for the instance. For more information, see AMI // billing information fields (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/billing-info-fields.html) // in the Amazon EC2 User Guide. @@ -113933,6 +114266,12 @@ func (s *Instance) SetTags(v []*Tag) *Instance { return s } +// SetTpmSupport sets the TpmSupport field's value. +func (s *Instance) SetTpmSupport(v string) *Instance { + s.TpmSupport = &v + return s +} + // SetUsageOperation sets the UsageOperation field's value. func (s *Instance) SetUsageOperation(v string) *Instance { s.UsageOperation = &v @@ -130153,12 +130492,18 @@ type ModifyVpcEndpointInput struct { // specify only one subnet. AddSubnetIds []*string `locationName:"AddSubnetId" locationNameList:"item" type:"list"` + // The DNS options for the endpoint. + DnsOptions *DnsOptionsSpecification `type:"structure"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // The IP address type for the endpoint. + IpAddressType *string `type:"string" enum:"IpAddressType"` + // (Interface and gateway endpoints) A policy to attach to the endpoint that // controls access to the service. The policy must be in valid JSON format. PolicyDocument *string `type:"string"` @@ -130236,12 +130581,24 @@ func (s *ModifyVpcEndpointInput) SetAddSubnetIds(v []*string) *ModifyVpcEndpoint return s } +// SetDnsOptions sets the DnsOptions field's value. +func (s *ModifyVpcEndpointInput) SetDnsOptions(v *DnsOptionsSpecification) *ModifyVpcEndpointInput { + s.DnsOptions = v + return s +} + // SetDryRun sets the DryRun field's value. func (s *ModifyVpcEndpointInput) SetDryRun(v bool) *ModifyVpcEndpointInput { s.DryRun = &v return s } +// SetIpAddressType sets the IpAddressType field's value. +func (s *ModifyVpcEndpointInput) SetIpAddressType(v string) *ModifyVpcEndpointInput { + s.IpAddressType = &v + return s +} + // SetPolicyDocument sets the PolicyDocument field's value. func (s *ModifyVpcEndpointInput) SetPolicyDocument(v string) *ModifyVpcEndpointInput { s.PolicyDocument = &v @@ -130330,6 +130687,9 @@ type ModifyVpcEndpointServiceConfigurationInput struct { // service configuration. AddNetworkLoadBalancerArns []*string `locationName:"AddNetworkLoadBalancerArn" locationNameList:"item" type:"list"` + // The IP address types to add to your service configuration. + AddSupportedIpAddressTypes []*string `locationName:"AddSupportedIpAddressType" locationNameList:"item" type:"list"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, @@ -130352,6 +130712,9 @@ type ModifyVpcEndpointServiceConfigurationInput struct { // service. RemovePrivateDnsName *bool `type:"boolean"` + // The IP address types to remove from your service configuration. + RemoveSupportedIpAddressTypes []*string `locationName:"RemoveSupportedIpAddressType" locationNameList:"item" type:"list"` + // The ID of the service. // // ServiceId is a required field @@ -130407,6 +130770,12 @@ func (s *ModifyVpcEndpointServiceConfigurationInput) SetAddNetworkLoadBalancerAr return s } +// SetAddSupportedIpAddressTypes sets the AddSupportedIpAddressTypes field's value. +func (s *ModifyVpcEndpointServiceConfigurationInput) SetAddSupportedIpAddressTypes(v []*string) *ModifyVpcEndpointServiceConfigurationInput { + s.AddSupportedIpAddressTypes = v + return s +} + // SetDryRun sets the DryRun field's value. func (s *ModifyVpcEndpointServiceConfigurationInput) SetDryRun(v bool) *ModifyVpcEndpointServiceConfigurationInput { s.DryRun = &v @@ -130437,6 +130806,12 @@ func (s *ModifyVpcEndpointServiceConfigurationInput) SetRemovePrivateDnsName(v b return s } +// SetRemoveSupportedIpAddressTypes sets the RemoveSupportedIpAddressTypes field's value. +func (s *ModifyVpcEndpointServiceConfigurationInput) SetRemoveSupportedIpAddressTypes(v []*string) *ModifyVpcEndpointServiceConfigurationInput { + s.RemoveSupportedIpAddressTypes = v + return s +} + // SetServiceId sets the ServiceId field's value. func (s *ModifyVpcEndpointServiceConfigurationInput) SetServiceId(v string) *ModifyVpcEndpointServiceConfigurationInput { s.ServiceId = &v @@ -137967,6 +138342,19 @@ type RegisterImageInput struct { // PV AMI can make instances launched from the AMI unreachable. SriovNetSupport *string `locationName:"sriovNetSupport" type:"string"` + // Set to v2.0 to enable Trusted Platform Module (TPM) support. For more information, + // see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) + // in the Amazon Elastic Compute Cloud User Guide. + TpmSupport *string `type:"string" enum:"TpmSupportValues"` + + // Base64 representation of the non-volatile UEFI variable store. To retrieve + // the UEFI data, use the GetInstanceUefiData (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetInstanceUefiData) + // command. You can inspect and modify the UEFI data by using the python-uefivars + // tool (https://github.com/awslabs/python-uefivars) on GitHub. For more information, + // see UEFI Secure Boot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/uefi-secure-boot.html) + // in the Amazon Elastic Compute Cloud User Guide. + UefiData *string `type:"string"` + // The type of virtualization (hvm | paravirtual). // // Default: paravirtual @@ -138082,6 +138470,18 @@ func (s *RegisterImageInput) SetSriovNetSupport(v string) *RegisterImageInput { return s } +// SetTpmSupport sets the TpmSupport field's value. +func (s *RegisterImageInput) SetTpmSupport(v string) *RegisterImageInput { + s.TpmSupport = &v + return s +} + +// SetUefiData sets the UefiData field's value. +func (s *RegisterImageInput) SetUefiData(v string) *RegisterImageInput { + s.UefiData = &v + return s +} + // SetVirtualizationType sets the VirtualizationType field's value. func (s *RegisterImageInput) SetVirtualizationType(v string) *RegisterImageInput { s.VirtualizationType = &v @@ -147998,6 +148398,9 @@ type ServiceConfiguration struct { // The type of service. ServiceType []*ServiceTypeDetail `locationName:"serviceType" locationNameList:"item" type:"list"` + // The supported IP address types. + SupportedIpAddressTypes []*string `locationName:"supportedIpAddressTypeSet" locationNameList:"item" type:"list" enum:"ServiceConnectivityType"` + // Any tags assigned to the service. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` } @@ -148098,6 +148501,12 @@ func (s *ServiceConfiguration) SetServiceType(v []*ServiceTypeDetail) *ServiceCo return s } +// SetSupportedIpAddressTypes sets the SupportedIpAddressTypes field's value. +func (s *ServiceConfiguration) SetSupportedIpAddressTypes(v []*string) *ServiceConfiguration { + s.SupportedIpAddressTypes = v + return s +} + // SetTags sets the Tags field's value. func (s *ServiceConfiguration) SetTags(v []*Tag) *ServiceConfiguration { s.Tags = v @@ -148149,6 +148558,9 @@ type ServiceDetail struct { // The type of service. ServiceType []*ServiceTypeDetail `locationName:"serviceType" locationNameList:"item" type:"list"` + // The supported IP address types. + SupportedIpAddressTypes []*string `locationName:"supportedIpAddressTypeSet" locationNameList:"item" type:"list" enum:"ServiceConnectivityType"` + // Any tags assigned to the service. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` @@ -148246,6 +148658,12 @@ func (s *ServiceDetail) SetServiceType(v []*ServiceTypeDetail) *ServiceDetail { return s } +// SetSupportedIpAddressTypes sets the SupportedIpAddressTypes field's value. +func (s *ServiceDetail) SetSupportedIpAddressTypes(v []*string) *ServiceDetail { + s.SupportedIpAddressTypes = v + return s +} + // SetTags sets the Tags field's value. func (s *ServiceDetail) SetTags(v []*Tag) *ServiceDetail { s.Tags = v @@ -153913,6 +154331,9 @@ type TrafficMirrorTarget struct { // Information about the Traffic Mirror target. Description *string `locationName:"description" type:"string"` + // The ID of the Gateway Load Balancer endpoint. + GatewayLoadBalancerEndpointId *string `locationName:"gatewayLoadBalancerEndpointId" type:"string"` + // The network interface ID that is attached to the target. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` @@ -153956,6 +154377,12 @@ func (s *TrafficMirrorTarget) SetDescription(v string) *TrafficMirrorTarget { return s } +// SetGatewayLoadBalancerEndpointId sets the GatewayLoadBalancerEndpointId field's value. +func (s *TrafficMirrorTarget) SetGatewayLoadBalancerEndpointId(v string) *TrafficMirrorTarget { + s.GatewayLoadBalancerEndpointId = &v + return s +} + // SetNetworkInterfaceId sets the NetworkInterfaceId field's value. func (s *TrafficMirrorTarget) SetNetworkInterfaceId(v string) *TrafficMirrorTarget { s.NetworkInterfaceId = &v @@ -159016,23 +159443,29 @@ func (s *VpcClassicLink) SetVpcId(v string) *VpcClassicLink { type VpcEndpoint struct { _ struct{} `type:"structure"` - // The date and time that the VPC endpoint was created. + // The date and time that the endpoint was created. CreationTimestamp *time.Time `locationName:"creationTimestamp" type:"timestamp"` // (Interface endpoint) The DNS entries for the endpoint. DnsEntries []*DnsEntry `locationName:"dnsEntrySet" locationNameList:"item" type:"list"` + // The DNS options for the endpoint. + DnsOptions *DnsOptions `locationName:"dnsOptions" type:"structure"` + // (Interface endpoint) Information about the security groups that are associated // with the network interface. Groups []*SecurityGroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` - // The last error that occurred for VPC endpoint. + // The IP address type for the endpoint. + IpAddressType *string `locationName:"ipAddressType" type:"string" enum:"IpAddressType"` + + // The last error that occurred for endpoint. LastError *LastError `locationName:"lastError" type:"structure"` // (Interface endpoint) One or more network interfaces for the endpoint. NetworkInterfaceIds []*string `locationName:"networkInterfaceIdSet" locationNameList:"item" type:"list"` - // The ID of the Amazon Web Services account that owns the VPC endpoint. + // The ID of the Amazon Web Services account that owns the endpoint. OwnerId *string `locationName:"ownerId" type:"string"` // The policy document associated with the endpoint, if applicable. @@ -159042,7 +159475,7 @@ type VpcEndpoint struct { // hosted zone. PrivateDnsEnabled *bool `locationName:"privateDnsEnabled" type:"boolean"` - // Indicates whether the VPC endpoint is being managed by its service. + // Indicates whether the endpoint is being managed by its service. RequesterManaged *bool `locationName:"requesterManaged" type:"boolean"` // (Gateway endpoint) One or more route tables associated with the endpoint. @@ -159051,16 +159484,16 @@ type VpcEndpoint struct { // The name of the service to which the endpoint is associated. ServiceName *string `locationName:"serviceName" type:"string"` - // The state of the VPC endpoint. + // The state of the endpoint. State *string `locationName:"state" type:"string" enum:"State"` - // (Interface endpoint) One or more subnets in which the endpoint is located. + // (Interface endpoint) The subnets for the endpoint. SubnetIds []*string `locationName:"subnetIdSet" locationNameList:"item" type:"list"` - // Any tags assigned to the VPC endpoint. + // Any tags assigned to the endpoint. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` - // The ID of the VPC endpoint. + // The ID of the endpoint. VpcEndpointId *string `locationName:"vpcEndpointId" type:"string"` // The type of endpoint. @@ -159100,12 +159533,24 @@ func (s *VpcEndpoint) SetDnsEntries(v []*DnsEntry) *VpcEndpoint { return s } +// SetDnsOptions sets the DnsOptions field's value. +func (s *VpcEndpoint) SetDnsOptions(v *DnsOptions) *VpcEndpoint { + s.DnsOptions = v + return s +} + // SetGroups sets the Groups field's value. func (s *VpcEndpoint) SetGroups(v []*SecurityGroupIdentifier) *VpcEndpoint { s.Groups = v return s } +// SetIpAddressType sets the IpAddressType field's value. +func (s *VpcEndpoint) SetIpAddressType(v string) *VpcEndpoint { + s.IpAddressType = &v + return s +} + // SetLastError sets the LastError field's value. func (s *VpcEndpoint) SetLastError(v *LastError) *VpcEndpoint { s.LastError = v @@ -159203,6 +159648,9 @@ type VpcEndpointConnection struct { // The Amazon Resource Names (ARNs) of the Gateway Load Balancers for the service. GatewayLoadBalancerArns []*string `locationName:"gatewayLoadBalancerArnSet" locationNameList:"item" type:"list"` + // The IP address type for the endpoint. + IpAddressType *string `locationName:"ipAddressType" type:"string" enum:"IpAddressType"` + // The Amazon Resource Names (ARNs) of the network load balancers for the service. NetworkLoadBalancerArns []*string `locationName:"networkLoadBalancerArnSet" locationNameList:"item" type:"list"` @@ -159255,6 +159703,12 @@ func (s *VpcEndpointConnection) SetGatewayLoadBalancerArns(v []*string) *VpcEndp return s } +// SetIpAddressType sets the IpAddressType field's value. +func (s *VpcEndpointConnection) SetIpAddressType(v string) *VpcEndpointConnection { + s.IpAddressType = &v + return s +} + // SetNetworkLoadBalancerArns sets the NetworkLoadBalancerArns field's value. func (s *VpcEndpointConnection) SetNetworkLoadBalancerArns(v []*string) *VpcEndpointConnection { s.NetworkLoadBalancerArns = v @@ -161947,6 +162401,30 @@ func DnsNameState_Values() []string { } } +const ( + // DnsRecordIpTypeIpv4 is a DnsRecordIpType enum value + DnsRecordIpTypeIpv4 = "ipv4" + + // DnsRecordIpTypeDualstack is a DnsRecordIpType enum value + DnsRecordIpTypeDualstack = "dualstack" + + // DnsRecordIpTypeIpv6 is a DnsRecordIpType enum value + DnsRecordIpTypeIpv6 = "ipv6" + + // DnsRecordIpTypeServiceDefined is a DnsRecordIpType enum value + DnsRecordIpTypeServiceDefined = "service-defined" +) + +// DnsRecordIpType_Values returns all elements of the DnsRecordIpType enum +func DnsRecordIpType_Values() []string { + return []string{ + DnsRecordIpTypeIpv4, + DnsRecordIpTypeDualstack, + DnsRecordIpTypeIpv6, + DnsRecordIpTypeServiceDefined, + } +} + const ( // DnsSupportValueEnable is a DnsSupportValue enum value DnsSupportValueEnable = "enable" @@ -162756,6 +163234,12 @@ const ( // ImageAttributeNameBootMode is a ImageAttributeName enum value ImageAttributeNameBootMode = "bootMode" + // ImageAttributeNameTpmSupport is a ImageAttributeName enum value + ImageAttributeNameTpmSupport = "tpmSupport" + + // ImageAttributeNameUefiData is a ImageAttributeName enum value + ImageAttributeNameUefiData = "uefiData" + // ImageAttributeNameLastLaunchedTime is a ImageAttributeName enum value ImageAttributeNameLastLaunchedTime = "lastLaunchedTime" ) @@ -162771,6 +163255,8 @@ func ImageAttributeName_Values() []string { ImageAttributeNameBlockDeviceMapping, ImageAttributeNameSriovNetSupport, ImageAttributeNameBootMode, + ImageAttributeNameTpmSupport, + ImageAttributeNameUefiData, ImageAttributeNameLastLaunchedTime, } } @@ -165263,6 +165749,26 @@ func InterfaceProtocolType_Values() []string { } } +const ( + // IpAddressTypeIpv4 is a IpAddressType enum value + IpAddressTypeIpv4 = "ipv4" + + // IpAddressTypeDualstack is a IpAddressType enum value + IpAddressTypeDualstack = "dualstack" + + // IpAddressTypeIpv6 is a IpAddressType enum value + IpAddressTypeIpv6 = "ipv6" +) + +// IpAddressType_Values returns all elements of the IpAddressType enum +func IpAddressType_Values() []string { + return []string{ + IpAddressTypeIpv4, + IpAddressTypeDualstack, + IpAddressTypeIpv6, + } +} + const ( // IpamAddressHistoryResourceTypeEip is a IpamAddressHistoryResourceType enum value IpamAddressHistoryResourceTypeEip = "eip" @@ -167283,6 +167789,22 @@ func SelfServicePortal_Values() []string { } } +const ( + // ServiceConnectivityTypeIpv4 is a ServiceConnectivityType enum value + ServiceConnectivityTypeIpv4 = "ipv4" + + // ServiceConnectivityTypeIpv6 is a ServiceConnectivityType enum value + ServiceConnectivityTypeIpv6 = "ipv6" +) + +// ServiceConnectivityType_Values returns all elements of the ServiceConnectivityType enum +func ServiceConnectivityType_Values() []string { + return []string{ + ServiceConnectivityTypeIpv4, + ServiceConnectivityTypeIpv6, + } +} + const ( // ServiceStatePending is a ServiceState enum value ServiceStatePending = "Pending" @@ -167811,6 +168333,18 @@ func TieringOperationStatus_Values() []string { } } +const ( + // TpmSupportValuesV20 is a TpmSupportValues enum value + TpmSupportValuesV20 = "v2.0" +) + +// TpmSupportValues_Values returns all elements of the TpmSupportValues enum +func TpmSupportValues_Values() []string { + return []string{ + TpmSupportValuesV20, + } +} + const ( // TrafficDirectionIngress is a TrafficDirection enum value TrafficDirectionIngress = "ingress" @@ -167905,6 +168439,9 @@ const ( // TrafficMirrorTargetTypeNetworkLoadBalancer is a TrafficMirrorTargetType enum value TrafficMirrorTargetTypeNetworkLoadBalancer = "network-load-balancer" + + // TrafficMirrorTargetTypeGatewayLoadBalancerEndpoint is a TrafficMirrorTargetType enum value + TrafficMirrorTargetTypeGatewayLoadBalancerEndpoint = "gateway-load-balancer-endpoint" ) // TrafficMirrorTargetType_Values returns all elements of the TrafficMirrorTargetType enum @@ -167912,6 +168449,7 @@ func TrafficMirrorTargetType_Values() []string { return []string{ TrafficMirrorTargetTypeNetworkInterface, TrafficMirrorTargetTypeNetworkLoadBalancer, + TrafficMirrorTargetTypeGatewayLoadBalancerEndpoint, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go index 62ca2705c..079f14714 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go @@ -912,12 +912,12 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // and verify. You can't change these properties after the KMS key is created. // // Asymmetric KMS keys contain an RSA key pair or an Elliptic Curve (ECC) key -// pair. The private key in an asymmetric KMS key never leaves AWS KMS unencrypted. +// pair. The private key in an asymmetric KMS key never leaves KMS unencrypted. // However, you can use the GetPublicKey operation to download the public key -// so it can be used outside of AWS KMS. KMS keys with RSA key pairs can be -// used to encrypt or decrypt data or sign and verify messages (but not both). -// KMS keys with ECC key pairs can be used only to sign and verify messages. -// For information about asymmetric KMS keys, see Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// so it can be used outside of KMS. KMS keys with RSA key pairs can be used +// to encrypt or decrypt data or sign and verify messages (but not both). KMS +// keys with ECC key pairs can be used only to sign and verify messages. For +// information about asymmetric KMS keys, see Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // in the Key Management Service Developer Guide. // // HMAC KMS key @@ -1191,8 +1191,8 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // // The Decrypt operation also decrypts ciphertext that was encrypted outside // of KMS by the public key in an KMS asymmetric KMS key. However, it cannot -// decrypt symmetric ciphertext produced by other libraries, such as the Amazon -// Web Services Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) +// decrypt ciphertext produced by other libraries, such as the Amazon Web Services +// Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) // or Amazon S3 client-side encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html). // These libraries return a ciphertext format that is incompatible with KMS. // @@ -2195,16 +2195,27 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // DisableKeyRotation API operation for AWS Key Management Service. // // Disables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) -// for the specified symmetric encryption KMS key. +// of the specified symmetric encryption KMS key. // -// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), +// Automatic key rotation is supported only on symmetric encryption KMS keys. +// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// To enable or disable automatic rotation of a set of related multi-Region -// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), +// The key rotation status of these KMS keys is always false. To enable or disable +// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), // set the property on the primary key. // +// You can enable (EnableKeyRotation) and disable automatic rotation of the +// key material in customer managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). +// Key material rotation of Amazon Web Services managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) +// is not configurable. KMS always rotates the key material for every year. +// Rotation of Amazon Web Services owned KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk) +// varies. +// +// In May 2022, KMS changed the rotation schedule for Amazon Web Services managed +// keys from every three years to every year. For details, see EnableKeyRotation. +// // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide. @@ -2589,16 +2600,41 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // EnableKeyRotation API operation for AWS Key Management Service. // // Enables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) -// for the specified symmetric encryption KMS key. +// of the specified symmetric encryption KMS key. // -// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), +// When you enable automatic rotation of acustomer managed KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk), +// KMS rotates the key material of the KMS key one year (approximately 365 days) +// from the enable date and every year thereafter. You can monitor rotation +// of the key material for your KMS keys in CloudTrail and Amazon CloudWatch. +// To disable rotation of the key material in a customer managed KMS key, use +// the DisableKeyRotation operation. +// +// Automatic key rotation is supported only on symmetric encryption KMS keys +// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks). +// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// To enable or disable automatic rotation of a set of related multi-Region -// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), +// The key rotation status of these KMS keys is always false. To enable or disable +// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), // set the property on the primary key. // +// You cannot enable or disable automatic rotation Amazon Web Services managed +// KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). +// KMS always rotates the key material of Amazon Web Services managed keys every +// year. Rotation of Amazon Web Services owned KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk) +// varies. +// +// In May 2022, KMS changed the rotation schedule for Amazon Web Services managed +// keys from every three years (approximately 1,095 days) to every year (approximately +// 365 days). +// +// New Amazon Web Services managed keys are automatically rotated one year after +// they are created, and approximately every year thereafter. +// +// Existing Amazon Web Services managed keys are automatically rotated one year +// after their most recent rotation, and every year thereafter. +// // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide. @@ -3490,14 +3526,16 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // // This operation is useful for systems that need to encrypt data at some point, // but not immediately. When you need to encrypt the data, you call the Decrypt -// operation on the encrypted copy of the key. It's also useful in distributed -// systems with different levels of trust. For example, you might store encrypted -// data in containers. One component of your system creates new containers and -// stores an encrypted data key with each container. Then, a different component -// puts the data into the containers. That component first decrypts the data -// key, uses the plaintext data key to encrypt data, puts the encrypted data -// into the container, and then destroys the plaintext data key. In this system, -// the component that creates the containers never sees the plaintext data key. +// operation on the encrypted copy of the key. +// +// It's also useful in distributed systems with different levels of trust. For +// example, you might store encrypted data in containers. One component of your +// system creates new containers and stores an encrypted data key with each +// container. Then, a different component puts the data into the containers. +// That component first decrypts the data key, uses the plaintext data key to +// encrypt data, puts the encrypted data into the container, and then destroys +// the plaintext data key. In this system, the component that creates the containers +// never sees the plaintext data key. // // To request an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext // operations. @@ -3672,6 +3710,13 @@ func (c *KMS) GenerateMacRequest(input *GenerateMacInput) (req *request.Request, // KMS support for HMAC KMS keys. For details, see HMAC keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) // in the Key Management Service Developer Guide . // +// Best practices recommend that you limit the time during which any signing +// mechanism, including an HMAC, is effective. This deters an attack where the +// actor uses a signed message to establish validity repeatedly or long after +// the message is superseded. HMAC tags do not include a timestamp, but you +// can include a timestamp in the token or message to help you detect when its +// time to refresh the HMAC. +// // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide. @@ -4038,14 +4083,30 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) // is enabled for the specified KMS key. // -// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), +// When you enable automatic rotation for customer managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk), +// KMS rotates the key material of the KMS key one year (approximately 365 days) +// from the enable date and every year thereafter. You can monitor rotation +// of the key material for your KMS keys in CloudTrail and Amazon CloudWatch. +// +// Automatic key rotation is supported only on symmetric encryption KMS keys +// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks). +// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// To enable or disable automatic rotation of a set of related multi-Region -// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), -// set the property on the primary key. The key rotation status for these KMS -// keys is always false. +// The key rotation status of these KMS keys is always false. To enable or disable +// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), +// set the property on the primary key.. +// +// You can enable (EnableKeyRotation) and disable automatic rotation (DisableKeyRotation) +// of the key material in customer managed KMS keys. Key material rotation of +// Amazon Web Services managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) +// is not configurable. KMS always rotates the key material in Amazon Web Services +// managed KMS keys every year. The key rotation status for Amazon Web Services +// managed KMS keys is always true. +// +// In May 2022, KMS changed the rotation schedule for Amazon Web Services managed +// keys from every three years to every year. For details, see EnableKeyRotation. // // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) @@ -4053,11 +4114,15 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // // * Disabled: The key rotation status does not change when you disable a // KMS key. However, while the KMS key is disabled, KMS does not rotate the -// key material. +// key material. When you re-enable the KMS key, rotation resumes. If the +// key material in the re-enabled KMS key hasn't been rotated in one year, +// KMS rotates it immediately, and every year thereafter. If it's been less +// than a year since the key material in the re-enabled KMS key was rotated, +// the KMS key resumes its prior rotation schedule. // // * Pending deletion: While a KMS key is pending deletion, its key rotation // status is false and KMS does not rotate the key material. If you cancel -// the deletion, the original key rotation status is restored. +// the deletion, the original key rotation status returns to true. // // Cross-account use: Yes. To perform this operation on a KMS key in a different // Amazon Web Services account, specify the key ARN in the value of the KeyId @@ -6644,6 +6709,12 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // When signing a message, be sure to record the KMS key and the signing algorithm. // This information is required to verify the signature. // +// Best practices recommend that you limit the time during which any signature +// is effective. This deters an attack where the actor uses a signed message +// to establish validity repeatedly or long after the message is superseded. +// Signatures do not include a timestamp, but you can include a timestamp in +// the signed message to help you detect when its time to refresh the signature. +// // To verify the signature that this operation generates, use the Verify operation. // Or use the GetPublicKey operation to download the public key and then use // the public key to verify the signature outside of KMS. @@ -9242,11 +9313,11 @@ type CreateKeyInput struct { // in the Key Management Service Developer Guide . // // The KeySpec determines whether the KMS key contains a symmetric key or an - // asymmetric key pair. It also determines the algorithms that the KMS key supports. - // You can't change the KeySpec after the KMS key is created. To further restrict - // the algorithms that can be used with the KMS key, use a condition key in - // its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm - // (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm), + // asymmetric key pair. It also determines the cryptographic algorithms that + // the KMS key supports. You can't change the KeySpec after the KMS key is created. + // To further restrict the algorithms that can be used with the KMS key, use + // a condition key in its key policy or IAM policy. For more information, see + // kms:EncryptionAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm), // kms:MacAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-mac-algorithm) // or kms:Signing Algorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm) // in the Key Management Service Developer Guide . @@ -9307,9 +9378,9 @@ type CreateKeyInput struct { // This value creates a primary key, not a replica. To create a replica key, // use the ReplicateKey operation. // - // You can create a symmetric or asymmetric multi-Region key, and you can create - // a multi-Region key with imported key material. However, you cannot create - // a multi-Region key in a custom key store. + // You can create a multi-Region version of a symmetric encryption KMS key, + // an HMAC KMS key, an asymmetric KMS key, or a KMS key with imported key material. + // However, you cannot create a multi-Region key in a custom key store. MultiRegion *bool `type:"boolean"` // The source of the key material for the KMS key. You cannot change the origin @@ -9329,11 +9400,14 @@ type CreateKeyInput struct { // KMS keys. Origin *string `type:"string" enum:"OriginType"` - // The key policy to attach to the KMS key. + // The key policy to attach to the KMS key. If you do not specify a key policy, + // KMS attaches a default key policy to the KMS key. For more information, see + // Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) + // in the Key Management Service Developer Guide. // // If you provide a key policy, it must meet the following criteria: // - // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy + // * If you don't set BypassPolicyLockoutSafetyCheck to True, the key policy // must allow the principal that is making the CreateKey request to make // a subsequent PutKeyPolicy request on the KMS key. This reduces the risk // that the KMS key becomes unmanageable. For more information, refer to @@ -9349,11 +9423,18 @@ type CreateKeyInput struct { // visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) // in the Amazon Web Services Identity and Access Management User Guide. // - // If you do not provide a key policy, KMS attaches a default key policy to - // the KMS key. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) - // in the Key Management Service Developer Guide. + // A key policy document must conform to the following rules. // - // The key policy size quota is 32 kilobytes (32768 bytes). + // * Up to 32 kilobytes (32768 bytes) + // + // * Must be UTF-8 encoded + // + // * The only Unicode characters that are permitted in a key policy document + // are the horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D), + // and characters in the range U+0020 to U+00FF. + // + // * The Sid element in a key policy statement can include spaces. (Spaces + // are prohibited in the Sid element of an IAM policy document.) // // For help writing and formatting a JSON policy document, see the IAM JSON // Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) @@ -11098,13 +11179,13 @@ func (s EnableKeyOutput) GoString() string { type EnableKeyRotationInput struct { _ struct{} `type:"structure"` - // Identifies a symmetric encryption KMS key. You cannot enable automatic rotation - // of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), + // Identifies a symmetric encryption KMS key. You cannot enable or disable automatic + // rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). - // To enable or disable automatic rotation of a set of related multi-Region - // keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), + // The key rotation status of these KMS keys is always false. To enable or disable + // automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), // set the property on the primary key. // // Specify the key ID or key ARN of the KMS key. @@ -15929,9 +16010,18 @@ type PutKeyPolicyInput struct { // visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) // in the Amazon Web Services Identity and Access Management User Guide. // - // The key policy cannot exceed 32 kilobytes (32768 bytes). For more information, - // see Resource Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html) - // in the Key Management Service Developer Guide. + // A key policy document must conform to the following rules. + // + // * Up to 32 kilobytes (32768 bytes) + // + // * Must be UTF-8 encoded + // + // * The only Unicode characters that are permitted in a key policy document + // are the horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D), + // and characters in the range U+0020 to U+00FF. + // + // * The Sid element in a key policy statement can include spaces. (Spaces + // are prohibited in the Sid element of an IAM policy document.) // // Policy is a required field Policy *string `min:"1" type:"string" required:"true"` @@ -16391,7 +16481,18 @@ type ReplicateKeyInput struct { // visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) // in the Identity and Access Management User Guide . // - // * The key policy size quota is 32 kilobytes (32768 bytes). + // A key policy document must conform to the following rules. + // + // * Up to 32 kilobytes (32768 bytes) + // + // * Must be UTF-8 encoded + // + // * The only Unicode characters that are permitted in a key policy document + // are the horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D), + // and characters in the range U+0020 to U+00FF. + // + // * The Sid element in a key policy statement can include spaces. (Spaces + // are prohibited in the Sid element of an IAM policy document.) Policy *string `min:"1" type:"string"` // The Region ID of the Amazon Web Services Region for this replica key. @@ -16818,9 +16919,9 @@ type ScheduleKeyDeletionInput struct { // The waiting period, specified in number of days. After the waiting period // ends, KMS deletes the KMS key. // - // If the KMS key is a multi-Region primary key with replicas, the waiting period - // begins when the last of its replica keys is deleted. Otherwise, the waiting - // period begins immediately. + // If the KMS key is a multi-Region primary key with replica keys, the waiting + // period begins when the last of its replica keys is deleted. Otherwise, the + // waiting period begins immediately. // // This value is optional. If you include a value, it must be between 7 and // 30, inclusive. If you do not include a value, it defaults to 30. diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go index 45cecea7f..17008d752 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go @@ -30,11 +30,11 @@ // see Service endpoints (https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region) // in the Key Management Service topic of the Amazon Web Services General Reference. // -// Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS -// 1.2. Clients must also support cipher suites with Perfect Forward Secrecy -// (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral -// Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support -// these modes. +// All KMS API calls must be signed and be transmitted using Transport Layer +// Security (TLS). KMS recommends you always use the latest supported TLS version. +// Clients must also support cipher suites with Perfect Forward Secrecy (PFS) +// such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman +// (ECDHE). Most modern systems such as Java 7 and later support these modes. // // Signing Requests // diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index 718409b54..f1a7bfdd4 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go @@ -1279,6 +1279,12 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // +// No permissions are required for users to perform this operation. The purpose +// of the sts:GetSessionToken operation is to authenticate the user using MFA. +// You cannot use policies to control authentication operations. For more information, +// see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html) +// in the IAM User Guide. +// // Session Duration // // The GetSessionToken operation must be called by using the long-term Amazon diff --git a/vendor/modules.txt b/vendor/modules.txt index c66681b20..76a5ec67b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -14,7 +14,7 @@ github.com/armon/go-metrics # github.com/armon/go-radix v1.0.0 ## explicit github.com/armon/go-radix -# github.com/aws/aws-sdk-go v1.44.10 +# github.com/aws/aws-sdk-go v1.44.16 ## explicit; go 1.11 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/awserr