rebase: bump the github-dependencies group with 2 updates

Bumps the github-dependencies group with 2 updates: [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) and [github.com/kubernetes-csi/csi-lib-utils](https://github.com/kubernetes-csi/csi-lib-utils). Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.33.15 to 1.33.16 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/sns/v1.33.15...service/sns/v1.33.16) Updates `github.com/kubernetes-csi/csi-lib-utils` from 0.20.0 to 0.21.0 - [Release notes](https://github.com/kubernetes-csi/csi-lib-utils/releases) - [Commits](https://github.com/kubernetes-csi/csi-lib-utils/compare/v0.20.0...v0.21.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-dependencies - dependency-name: github.com/kubernetes-csi/csi-lib-utils dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
2025-06-14 18:53:35 +00:00 · 2025-03-03 10:36:56 +00:00
parent 106e32228f
commit a80295bf8f
27 changed files with 252 additions and 36 deletions
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go
@ -172,6 +172,17 @@ func (p *CredentialsCache) getCreds() (Credentials, bool) {
 	return *c, true
 }

+// ProviderSources returns a list of where the underlying credential provider
+// has been sourced, if available. Returns empty if the provider doesn't implement
+// the interface
+func (p *CredentialsCache) ProviderSources() []CredentialSource {
+	asSource, ok := p.provider.(CredentialProviderSource)
+	if !ok {
+		return []CredentialSource{}
+	}
+	return asSource.ProviderSources()
+}
+
 // Invalidate will invalidate the cached credentials. The next call to Retrieve
 // will cause the provider's Retrieve method to be called.
 func (p *CredentialsCache) Invalidate() {
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go
@ -70,6 +70,56 @@ func (AnonymousCredentials) Retrieve(context.Context) (Credentials, error) {
 		fmt.Errorf("the AnonymousCredentials is not a valid credential provider, and cannot be used to sign AWS requests with")
 }

+// CredentialSource is the source of the credential provider.
+// A provider can have multiple credential sources: For example, a provider that reads a profile, calls ECS to
+// get credentials and then assumes a role using STS will have all these as part of its provider chain.
+type CredentialSource int
+
+const (
+	// CredentialSourceUndefined is the sentinel zero value
+	CredentialSourceUndefined CredentialSource = iota
+	// CredentialSourceCode credentials resolved from code, cli parameters, session object, or client instance
+	CredentialSourceCode
+	// CredentialSourceEnvVars credentials resolved from environment variables
+	CredentialSourceEnvVars
+	// CredentialSourceEnvVarsSTSWebIDToken credentials resolved from environment variables for assuming a role with STS using a web identity token
+	CredentialSourceEnvVarsSTSWebIDToken
+	// CredentialSourceSTSAssumeRole credentials resolved from STS using AssumeRole
+	CredentialSourceSTSAssumeRole
+	// CredentialSourceSTSAssumeRoleSaml credentials resolved from STS using assume role with SAML
+	CredentialSourceSTSAssumeRoleSaml
+	// CredentialSourceSTSAssumeRoleWebID credentials resolved from STS using assume role with web identity
+	CredentialSourceSTSAssumeRoleWebID
+	// CredentialSourceSTSFederationToken credentials resolved from STS using a federation token
+	CredentialSourceSTSFederationToken
+	// CredentialSourceSTSSessionToken credentials resolved from STS using a session token 	S
+	CredentialSourceSTSSessionToken
+	// CredentialSourceProfile  credentials resolved from a config file(s) profile with static credentials
+	CredentialSourceProfile
+	// CredentialSourceProfileSourceProfile credentials resolved from a source profile in a config file(s) profile
+	CredentialSourceProfileSourceProfile
+	// CredentialSourceProfileNamedProvider credentials resolved from a named provider in a config file(s) profile (like EcsContainer)
+	CredentialSourceProfileNamedProvider
+	// CredentialSourceProfileSTSWebIDToken  credentials resolved from configuration for assuming a role with STS using web identity token in a config file(s) profile
+	CredentialSourceProfileSTSWebIDToken
+	// CredentialSourceProfileSSO credentials resolved from an SSO session in a config file(s) profile
+	CredentialSourceProfileSSO
+	// CredentialSourceSSO credentials resolved from an SSO session
+	CredentialSourceSSO
+	// CredentialSourceProfileSSOLegacy credentials resolved from an SSO session in a config file(s) profile using legacy format
+	CredentialSourceProfileSSOLegacy
+	// CredentialSourceSSOLegacy credentials resolved from an SSO session using legacy format
+	CredentialSourceSSOLegacy
+	// CredentialSourceProfileProcess credentials resolved from a process in a config file(s) profile
+	CredentialSourceProfileProcess
+	// CredentialSourceProcess credentials resolved from a process
+	CredentialSourceProcess
+	// CredentialSourceHTTP credentials resolved from an HTTP endpoint
+	CredentialSourceHTTP
+	// CredentialSourceIMDS credentials resolved from the instance metadata service (IMDS)
+	CredentialSourceIMDS
+)
+
 // A Credentials is the AWS credentials value for individual credential fields.
 type Credentials struct {
 	// AWS Access key ID
@ -125,6 +175,13 @@ type CredentialsProvider interface {
 	Retrieve(ctx context.Context) (Credentials, error)
 }

+// CredentialProviderSource allows any credential provider to track
+// all providers where a credential provider were sourced. For example, if the credentials came from a
+// call to a role specified in the profile, this method will give the whole breadcrumb trail
+type CredentialProviderSource interface {
+	ProviderSources() []CredentialSource
+}
+
 // CredentialsProviderFunc provides a helper wrapping a function value to
 // satisfy the CredentialsProvider interface.
 type CredentialsProviderFunc func(context.Context) (Credentials, error)
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
@ -3,4 +3,4 @@
 package aws

 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.36.2"
+const goModuleVersion = "1.36.3"
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go
@ -109,8 +109,57 @@ const (
 	UserAgentFeatureRequestChecksumWhenRequired   = "a"
 	UserAgentFeatureResponseChecksumWhenSupported = "b"
 	UserAgentFeatureResponseChecksumWhenRequired  = "c"
+
+	UserAgentFeatureDynamoDBUserAgent = "d" // not yet implemented
+
+	UserAgentFeatureCredentialsCode                 = "e"
+	UserAgentFeatureCredentialsJvmSystemProperties  = "f" // n/a (this is not a JVM sdk)
+	UserAgentFeatureCredentialsEnvVars              = "g"
+	UserAgentFeatureCredentialsEnvVarsStsWebIDToken = "h"
+	UserAgentFeatureCredentialsStsAssumeRole        = "i"
+	UserAgentFeatureCredentialsStsAssumeRoleSaml    = "j" // not yet implemented
+	UserAgentFeatureCredentialsStsAssumeRoleWebID   = "k"
+	UserAgentFeatureCredentialsStsFederationToken   = "l" // not yet implemented
+	UserAgentFeatureCredentialsStsSessionToken      = "m" // not yet implemented
+	UserAgentFeatureCredentialsProfile              = "n"
+	UserAgentFeatureCredentialsProfileSourceProfile = "o"
+	UserAgentFeatureCredentialsProfileNamedProvider = "p"
+	UserAgentFeatureCredentialsProfileStsWebIDToken = "q"
+	UserAgentFeatureCredentialsProfileSso           = "r"
+	UserAgentFeatureCredentialsSso                  = "s"
+	UserAgentFeatureCredentialsProfileSsoLegacy     = "t"
+	UserAgentFeatureCredentialsSsoLegacy            = "u"
+	UserAgentFeatureCredentialsProfileProcess       = "v"
+	UserAgentFeatureCredentialsProcess              = "w"
+	UserAgentFeatureCredentialsBoto2ConfigFile      = "x" // n/a (this is not boto/Python)
+	UserAgentFeatureCredentialsAwsSdkStore          = "y" // n/a (this is used by .NET based sdk)
+	UserAgentFeatureCredentialsHTTP                 = "z"
+	UserAgentFeatureCredentialsIMDS                 = "0"
 )

+var credentialSourceToFeature = map[aws.CredentialSource]UserAgentFeature{
+	aws.CredentialSourceCode:                 UserAgentFeatureCredentialsCode,
+	aws.CredentialSourceEnvVars:              UserAgentFeatureCredentialsEnvVars,
+	aws.CredentialSourceEnvVarsSTSWebIDToken: UserAgentFeatureCredentialsEnvVarsStsWebIDToken,
+	aws.CredentialSourceSTSAssumeRole:        UserAgentFeatureCredentialsStsAssumeRole,
+	aws.CredentialSourceSTSAssumeRoleSaml:    UserAgentFeatureCredentialsStsAssumeRoleSaml,
+	aws.CredentialSourceSTSAssumeRoleWebID:   UserAgentFeatureCredentialsStsAssumeRoleWebID,
+	aws.CredentialSourceSTSFederationToken:   UserAgentFeatureCredentialsStsFederationToken,
+	aws.CredentialSourceSTSSessionToken:      UserAgentFeatureCredentialsStsSessionToken,
+	aws.CredentialSourceProfile:              UserAgentFeatureCredentialsProfile,
+	aws.CredentialSourceProfileSourceProfile: UserAgentFeatureCredentialsProfileSourceProfile,
+	aws.CredentialSourceProfileNamedProvider: UserAgentFeatureCredentialsProfileNamedProvider,
+	aws.CredentialSourceProfileSTSWebIDToken: UserAgentFeatureCredentialsProfileStsWebIDToken,
+	aws.CredentialSourceProfileSSO:           UserAgentFeatureCredentialsProfileSso,
+	aws.CredentialSourceSSO:                  UserAgentFeatureCredentialsSso,
+	aws.CredentialSourceProfileSSOLegacy:     UserAgentFeatureCredentialsProfileSsoLegacy,
+	aws.CredentialSourceSSOLegacy:            UserAgentFeatureCredentialsSsoLegacy,
+	aws.CredentialSourceProfileProcess:       UserAgentFeatureCredentialsProfileProcess,
+	aws.CredentialSourceProcess:              UserAgentFeatureCredentialsProcess,
+	aws.CredentialSourceHTTP:                 UserAgentFeatureCredentialsHTTP,
+	aws.CredentialSourceIMDS:                 UserAgentFeatureCredentialsIMDS,
+}
+
 // RequestUserAgent is a build middleware that set the User-Agent for the request.
 type RequestUserAgent struct {
 	sdkAgent, userAgent *smithyhttp.UserAgentBuilder
@ -263,6 +312,14 @@ func (u *RequestUserAgent) AddSDKAgentKeyValue(keyType SDKAgentKeyType, key, val
 	u.userAgent.AddKeyValue(keyType.string(), strings.Map(rules, key)+"#"+strings.Map(rules, value))
 }

+// AddCredentialsSource adds the credential source as a feature on the User-Agent string
+func (u *RequestUserAgent) AddCredentialsSource(source aws.CredentialSource) {
+	x, ok := credentialSourceToFeature[source]
+	if ok {
+		u.AddUserAgentFeature(x)
+	}
+}
+
 // ID the name of the middleware.
 func (u *RequestUserAgent) ID() string {
 	return "UserAgent"