rebase: bump the github-dependencies group with 2 updates

Bumps the github-dependencies group with 2 updates: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) and [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go` from 1.47.10 to 1.48.0
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.47.10...v1.48.0)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.25.1 to 1.25.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.25.1...config/v1.25.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2023-11-20 20:28:57 +00:00 committed by mergify[bot]
parent afe3873947
commit b3ce6eff97
59 changed files with 3346 additions and 1574 deletions

19
go.mod
View File

@ -4,8 +4,8 @@ go 1.20
require (
github.com/IBM/keyprotect-go-client v0.12.2
github.com/aws/aws-sdk-go v1.47.10
github.com/aws/aws-sdk-go-v2/service/sts v1.25.1
github.com/aws/aws-sdk-go v1.48.0
github.com/aws/aws-sdk-go-v2/service/sts v1.25.3
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
github.com/ceph/go-ceph v0.24.0
github.com/container-storage-interface/spec v1.9.0
@ -15,7 +15,7 @@ require (
github.com/google/fscrypt v0.3.4
github.com/google/uuid v1.4.0
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
github.com/hashicorp/vault/api v1.10.0
github.com/kubernetes-csi/csi-lib-utils v0.14.0
github.com/kubernetes-csi/external-snapshotter/client/v6 v6.3.0
@ -38,7 +38,7 @@ require (
k8s.io/client-go v12.0.0+incompatible
k8s.io/cloud-provider v0.28.3
k8s.io/klog/v2 v2.110.1
k8s.io/kubernetes v1.28.3
k8s.io/kubernetes v1.28.4
k8s.io/mount-utils v0.28.3
k8s.io/pod-security-admission v0.0.0
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
@ -51,11 +51,12 @@ require (
github.com/ansel1/merry/v2 v2.0.1 // indirect
github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
github.com/aws/aws-sdk-go-v2 v1.22.2 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.2 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.2 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.2 // indirect
github.com/aws/smithy-go v1.16.0 // indirect
github.com/aws/aws-sdk-go-v2 v1.23.0 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3 // indirect
github.com/aws/smithy-go v1.17.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver/v4 v4.0.0 // indirect
github.com/cenkalti/backoff/v3 v3.2.2 // indirect

34
go.sum
View File

@ -660,20 +660,22 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
github.com/aws/aws-sdk-go v1.47.10 h1:cvufN7WkD1nlOgpRopsmxKQlFp5X1MfyAw4r7BBORQc=
github.com/aws/aws-sdk-go v1.47.10/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
github.com/aws/aws-sdk-go-v2 v1.22.2 h1:lV0U8fnhAnPz8YcdmZVV60+tr6CakHzqA6P8T46ExJI=
github.com/aws/aws-sdk-go-v2 v1.22.2/go.mod h1:Kd0OJtkW3Q0M0lUWGszapWjEvrXDzRW+D21JNsroB+c=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.2 h1:AaQsr5vvGR7rmeSWBtTCcw16tT9r51mWijuCQhzLnq8=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.2/go.mod h1:o1IiRn7CWocIFTXJjGKJDOwxv1ibL53NpcvcqGWyRBA=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.2 h1:UZx8SXZ0YtzRiALzYAWcjb9Y9hZUR7MBKaBQ5ouOjPs=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.2/go.mod h1:ipuRpcSaklmxR6C39G187TpBAO132gUfleTGccUPs8c=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.2 h1:h7j73yuAVVjic8pqswh+L/7r2IHP43QwRyOu6zcCDDE=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.2/go.mod h1:H07AHdK5LSy8F7EJUQhoxyiCNkePoHj2D8P2yGTWafo=
github.com/aws/aws-sdk-go-v2/service/sts v1.25.1 h1:txgVXIXWPXyqdiVn92BV6a/rgtpX31HYdsOYj0sVQQQ=
github.com/aws/aws-sdk-go-v2/service/sts v1.25.1/go.mod h1:VAiJiNaoP1L89STFlEMgmHX1bKixY+FaP+TpRFrmyZ4=
github.com/aws/smithy-go v1.16.0 h1:gJZEH/Fqh+RsvlJ1Zt4tVAtV6bKkp3cC+R6FCZMNzik=
github.com/aws/smithy-go v1.16.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
github.com/aws/aws-sdk-go v1.48.0 h1:1SeJ8agckRDQvnSCt1dGZYAwUaoD2Ixj6IaXB4LCv8Q=
github.com/aws/aws-sdk-go v1.48.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
github.com/aws/aws-sdk-go-v2 v1.23.0 h1:PiHAzmiQQr6JULBUdvR8fKlA+UPKLT/8KbiqpFBWiAo=
github.com/aws/aws-sdk-go-v2 v1.23.0/go.mod h1:i1XDttT4rnf6vxc9AuskLc6s7XBee8rlLilKlc03uAA=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3 h1:DUwbD79T8gyQ23qVXFUthjzVMTviSHi3y4z58KvghhM=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3/go.mod h1:7sGSz1JCKHWWBHq98m6sMtWQikmYPpxjqOydDemiVoM=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3 h1:AplLJCtIaUZDCbr6+gLYdsYNxne4iuaboJhVt9d+WXI=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3/go.mod h1:ify42Rb7nKeDDPkFjKn7q1bPscVPu/+gmHH8d2c+anU=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1 h1:rpkF4n0CyFcrJUG/rNNohoTmhtWlFTRI4BsZOh9PvLs=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1/go.mod h1:l9ymW25HOqymeU2m1gbUQ3rUIsTwKs8gYHXkqDQUhiI=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3 h1:kJOolE8xBAD13xTCgOakByZkyP4D/owNmvEiioeUNAg=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3/go.mod h1:Owv1I59vaghv1Ax8zz8ELY8DN7/Y0rGS+WWAmjgi950=
github.com/aws/aws-sdk-go-v2/service/sts v1.25.3 h1:M2w4kiMGJCCM6Ljmmx/l6mmpfa3gPJVpBencfnsgvqs=
github.com/aws/aws-sdk-go-v2/service/sts v1.25.3/go.mod h1:4EqRHDCKP78hq3zOnmFXu5k0j4bXbRFfCh/zQ6KnEfQ=
github.com/aws/smithy-go v1.17.0 h1:wWJD7LX6PBV6etBUwO0zElG0nWN9rUhp0WdYeHSHAaI=
github.com/aws/smithy-go v1.17.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@ -2324,8 +2326,8 @@ k8s.io/kubectl v0.28.3 h1:H1Peu1O3EbN9zHkJCcvhiJ4NUj6lb88sGPO5wrWIM6k=
k8s.io/kubectl v0.28.3/go.mod h1:RDAudrth/2wQ3Sg46fbKKl4/g+XImzvbsSRZdP2RiyE=
k8s.io/kubelet v0.28.3 h1:bp/uIf1R5F61BlFvFtzc4PDEiK7TtFcw3wFJlc0V0LM=
k8s.io/kubelet v0.28.3/go.mod h1:E3NHYbp/v45Ao6AD0EOZnqO3L0R6Haks6Nm0+bnFwtU=
k8s.io/kubernetes v1.28.3 h1:XTci6gzk+JR51UZuZQCFJ4CsyUkfivSjLI4O1P9z6LY=
k8s.io/kubernetes v1.28.3/go.mod h1:NhAysZWvHtNcJFFHic87ofxQN7loylCQwg3ZvXVDbag=
k8s.io/kubernetes v1.28.4 h1:aRNxs5jb8FVTtlnxeA4FSDBVKuFwA8Gw40/U2zReBYA=
k8s.io/kubernetes v1.28.4/go.mod h1:BTzDCKYAlu6LL9ITbfjwgwIrJ30hlTgbv0eXDoA/WoA=
k8s.io/mount-utils v0.28.3 h1:1p6Dk2QhoK0IYOee2MOec/90a7fC0yUqlWPfQy/4JFE=
k8s.io/mount-utils v0.28.3/go.mod h1:ceMAZ+Nzlk8zOwN205YXXGJRGmf1o0/XIwsKnG44p0I=
k8s.io/pod-security-admission v0.28.3 h1:CtVVG36YwniCH4d18wAoFW6n0Qm5Z1uUVfDIiO4kY0I=

View File

@ -3,4 +3,4 @@
package aws
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.22.2"
const goModuleVersion = "1.23.0"

View File

@ -65,6 +65,9 @@ func GetServiceID(ctx context.Context) (v string) {
//
// Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
// to clear all stack values.
//
// Deprecated: This value is unstable. The resolved signing name is available
// in the signer properties object passed to the signer.
func GetSigningName(ctx context.Context) (v string) {
v, _ = middleware.GetStackValue(ctx, signingNameKey{}).(string)
return v
@ -74,6 +77,9 @@ func GetSigningName(ctx context.Context) (v string) {
//
// Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
// to clear all stack values.
//
// Deprecated: This value is unstable. The resolved signing region is available
// in the signer properties object passed to the signer.
func GetSigningRegion(ctx context.Context) (v string) {
v, _ = middleware.GetStackValue(ctx, signingRegionKey{}).(string)
return v
@ -125,10 +131,13 @@ func SetRequiresLegacyEndpoints(ctx context.Context, value bool) context.Context
return middleware.WithStackValue(ctx, requiresLegacyEndpointsKey{}, value)
}
// SetSigningName set or modifies the signing name on the context.
// SetSigningName set or modifies the sigv4 or sigv4a signing name on the context.
//
// Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
// to clear all stack values.
//
// Deprecated: This value is unstable. Use WithSigV4SigningName client option
// funcs instead.
func SetSigningName(ctx context.Context, value string) context.Context {
return middleware.WithStackValue(ctx, signingNameKey{}, value)
}
@ -137,6 +146,9 @@ func SetSigningName(ctx context.Context, value string) context.Context {
//
// Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
// to clear all stack values.
//
// Deprecated: This value is unstable. Use WithSigV4SigningRegion client option
// funcs instead.
func SetSigningRegion(ctx context.Context, value string) context.Context {
return middleware.WithStackValue(ctx, signingRegionKey{}, value)
}

View File

@ -58,7 +58,7 @@ func (e *SigningError) Unwrap() error {
// S3 PutObject API allows unsigned payload signing auth usage when TLS is enabled, and uses this middleware to
// dynamically switch between unsigned and signed payload based on TLS state for request.
func UseDynamicPayloadSigningMiddleware(stack *middleware.Stack) error {
_, err := stack.Build.Swap(computePayloadHashMiddlewareID, &dynamicPayloadSigningMiddleware{})
_, err := stack.Finalize.Swap(computePayloadHashMiddlewareID, &dynamicPayloadSigningMiddleware{})
return err
}
@ -71,24 +71,22 @@ func (m *dynamicPayloadSigningMiddleware) ID() string {
return computePayloadHashMiddlewareID
}
// HandleBuild sets a resolver that directs to the payload sha256 compute handler.
func (m *dynamicPayloadSigningMiddleware) HandleBuild(
ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
// HandleFinalize delegates SHA256 computation according to whether the request
// is TLS-enabled.
func (m *dynamicPayloadSigningMiddleware) HandleFinalize(
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
out middleware.BuildOutput, metadata middleware.Metadata, err error,
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
}
// if TLS is enabled, use unsigned payload when supported
if req.IsHTTPS() {
return (&unsignedPayload{}).HandleBuild(ctx, in, next)
return (&unsignedPayload{}).HandleFinalize(ctx, in, next)
}
// else fall back to signed payload
return (&computePayloadSHA256{}).HandleBuild(ctx, in, next)
return (&computePayloadSHA256{}).HandleFinalize(ctx, in, next)
}
// unsignedPayload sets the SigV4 request payload hash to unsigned.
@ -104,7 +102,7 @@ type unsignedPayload struct{}
// AddUnsignedPayloadMiddleware adds unsignedPayload to the operation
// middleware stack
func AddUnsignedPayloadMiddleware(stack *middleware.Stack) error {
return stack.Build.Add(&unsignedPayload{}, middleware.After)
return stack.Finalize.Insert(&unsignedPayload{}, "ResolveEndpointV2", middleware.After)
}
// ID returns the unsignedPayload identifier
@ -112,23 +110,16 @@ func (m *unsignedPayload) ID() string {
return computePayloadHashMiddlewareID
}
// HandleBuild sets the payload hash to be an unsigned payload
func (m *unsignedPayload) HandleBuild(
ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
// HandleFinalize sets the payload hash magic value to the unsigned sentinel.
func (m *unsignedPayload) HandleFinalize(
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
out middleware.BuildOutput, metadata middleware.Metadata, err error,
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
// This should not compute the content SHA256 if the value is already
// known. (e.g. application pre-computed SHA256 before making API call).
// Does not have any tight coupling to the X-Amz-Content-Sha256 header, if
// that header is provided a middleware must translate it into the context.
contentSHA := GetPayloadHash(ctx)
if len(contentSHA) == 0 {
contentSHA = v4Internal.UnsignedPayload
if GetPayloadHash(ctx) == "" {
ctx = SetPayloadHash(ctx, v4Internal.UnsignedPayload)
}
ctx = SetPayloadHash(ctx, contentSHA)
return next.HandleBuild(ctx, in)
return next.HandleFinalize(ctx, in)
}
// computePayloadSHA256 computes SHA256 payload hash to sign.
@ -144,13 +135,13 @@ type computePayloadSHA256 struct{}
// AddComputePayloadSHA256Middleware adds computePayloadSHA256 to the
// operation middleware stack
func AddComputePayloadSHA256Middleware(stack *middleware.Stack) error {
return stack.Build.Add(&computePayloadSHA256{}, middleware.After)
return stack.Finalize.Insert(&computePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
}
// RemoveComputePayloadSHA256Middleware removes computePayloadSHA256 from the
// operation middleware stack
func RemoveComputePayloadSHA256Middleware(stack *middleware.Stack) error {
_, err := stack.Build.Remove(computePayloadHashMiddlewareID)
_, err := stack.Finalize.Remove(computePayloadHashMiddlewareID)
return err
}
@ -159,12 +150,17 @@ func (m *computePayloadSHA256) ID() string {
return computePayloadHashMiddlewareID
}
// HandleBuild compute the payload hash for the request payload
func (m *computePayloadSHA256) HandleBuild(
ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
// HandleFinalize computes the payload hash for the request, storing it to the
// context. This is a no-op if a caller has previously set that value.
func (m *computePayloadSHA256) HandleFinalize(
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
out middleware.BuildOutput, metadata middleware.Metadata, err error,
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
if GetPayloadHash(ctx) != "" {
return next.HandleFinalize(ctx, in)
}
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, &HashComputationError{
@ -172,14 +168,6 @@ func (m *computePayloadSHA256) HandleBuild(
}
}
// This should not compute the content SHA256 if the value is already
// known. (e.g. application pre-computed SHA256 before making API call)
// Does not have any tight coupling to the X-Amz-Content-Sha256 header, if
// that header is provided a middleware must translate it into the context.
if contentSHA := GetPayloadHash(ctx); len(contentSHA) != 0 {
return next.HandleBuild(ctx, in)
}
hash := sha256.New()
if stream := req.GetStream(); stream != nil {
_, err = io.Copy(hash, stream)
@ -198,7 +186,7 @@ func (m *computePayloadSHA256) HandleBuild(
ctx = SetPayloadHash(ctx, hex.EncodeToString(hash.Sum(nil)))
return next.HandleBuild(ctx, in)
return next.HandleFinalize(ctx, in)
}
// SwapComputePayloadSHA256ForUnsignedPayloadMiddleware replaces the
@ -207,7 +195,7 @@ func (m *computePayloadSHA256) HandleBuild(
// Use this to disable computing the Payload SHA256 checksum and instead use
// UNSIGNED-PAYLOAD for the SHA256 value.
func SwapComputePayloadSHA256ForUnsignedPayloadMiddleware(stack *middleware.Stack) error {
_, err := stack.Build.Swap(computePayloadHashMiddlewareID, &unsignedPayload{})
_, err := stack.Finalize.Swap(computePayloadHashMiddlewareID, &unsignedPayload{})
return err
}
@ -218,13 +206,13 @@ type contentSHA256Header struct{}
// AddContentSHA256HeaderMiddleware adds ContentSHA256Header to the
// operation middleware stack
func AddContentSHA256HeaderMiddleware(stack *middleware.Stack) error {
return stack.Build.Insert(&contentSHA256Header{}, computePayloadHashMiddlewareID, middleware.After)
return stack.Finalize.Insert(&contentSHA256Header{}, computePayloadHashMiddlewareID, middleware.After)
}
// RemoveContentSHA256HeaderMiddleware removes contentSHA256Header middleware
// from the operation middleware stack
func RemoveContentSHA256HeaderMiddleware(stack *middleware.Stack) error {
_, err := stack.Build.Remove((*contentSHA256Header)(nil).ID())
_, err := stack.Finalize.Remove((*contentSHA256Header)(nil).ID())
return err
}
@ -233,12 +221,12 @@ func (m *contentSHA256Header) ID() string {
return "SigV4ContentSHA256Header"
}
// HandleBuild sets the X-Amz-Content-Sha256 header value to the Payload hash
// HandleFinalize sets the X-Amz-Content-Sha256 header value to the Payload hash
// stored in the context.
func (m *contentSHA256Header) HandleBuild(
ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
func (m *contentSHA256Header) HandleFinalize(
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
out middleware.BuildOutput, metadata middleware.Metadata, err error,
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
@ -246,8 +234,7 @@ func (m *contentSHA256Header) HandleBuild(
}
req.Header.Set(v4Internal.ContentSHAKey, GetPayloadHash(ctx))
return next.HandleBuild(ctx, in)
return next.HandleFinalize(ctx, in)
}
// SignHTTPRequestMiddlewareOptions is the configuration options for the SignHTTPRequestMiddleware middleware.
@ -332,17 +319,17 @@ type streamingEventsPayload struct{}
// AddStreamingEventsPayload adds the streamingEventsPayload middleware to the stack.
func AddStreamingEventsPayload(stack *middleware.Stack) error {
return stack.Build.Add(&streamingEventsPayload{}, middleware.After)
return stack.Finalize.Add(&streamingEventsPayload{}, middleware.Before)
}
func (s *streamingEventsPayload) ID() string {
return computePayloadHashMiddlewareID
}
func (s *streamingEventsPayload) HandleBuild(
ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
func (s *streamingEventsPayload) HandleFinalize(
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
out middleware.BuildOutput, metadata middleware.Metadata, err error,
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
contentSHA := GetPayloadHash(ctx)
if len(contentSHA) == 0 {
@ -351,7 +338,7 @@ func (s *streamingEventsPayload) HandleBuild(
ctx = SetPayloadHash(ctx, contentSHA)
return next.HandleBuild(ctx, in)
return next.HandleFinalize(ctx, in)
}
// GetSignedRequestSignature attempts to extract the signature of the request.

View File

@ -0,0 +1,45 @@
package auth
import (
"github.com/aws/smithy-go/auth"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
// HTTPAuthScheme is the SDK's internal implementation of smithyhttp.AuthScheme
// for pre-existing implementations where the signer was added to client
// config. SDK clients will key off of this type and ensure per-operation
// updates to those signers persist on the scheme itself.
type HTTPAuthScheme struct {
schemeID string
signer smithyhttp.Signer
}
var _ smithyhttp.AuthScheme = (*HTTPAuthScheme)(nil)
// NewHTTPAuthScheme returns an auth scheme instance with the given config.
func NewHTTPAuthScheme(schemeID string, signer smithyhttp.Signer) *HTTPAuthScheme {
return &HTTPAuthScheme{
schemeID: schemeID,
signer: signer,
}
}
// SchemeID identifies the auth scheme.
func (s *HTTPAuthScheme) SchemeID() string {
return s.schemeID
}
// IdentityResolver gets the identity resolver for the auth scheme.
func (s *HTTPAuthScheme) IdentityResolver(o auth.IdentityResolverOptions) auth.IdentityResolver {
return o.GetIdentityResolver(s.schemeID)
}
// Signer gets the signer for the auth scheme.
func (s *HTTPAuthScheme) Signer() smithyhttp.Signer {
return s.signer
}
// WithSigner returns a new instance of the auth scheme with the updated signer.
func (s *HTTPAuthScheme) WithSigner(signer smithyhttp.Signer) *HTTPAuthScheme {
return NewHTTPAuthScheme(s.schemeID, signer)
}

View File

@ -0,0 +1,43 @@
package smithy
import (
"context"
"fmt"
"time"
"github.com/aws/smithy-go"
"github.com/aws/smithy-go/auth"
"github.com/aws/smithy-go/auth/bearer"
)
// BearerTokenAdapter adapts smithy bearer.Token to smithy auth.Identity.
type BearerTokenAdapter struct {
Token bearer.Token
}
var _ auth.Identity = (*BearerTokenAdapter)(nil)
// Expiration returns the time of expiration for the token.
func (v *BearerTokenAdapter) Expiration() time.Time {
return v.Token.Expires
}
// BearerTokenProviderAdapter adapts smithy bearer.TokenProvider to smithy
// auth.IdentityResolver.
type BearerTokenProviderAdapter struct {
Provider bearer.TokenProvider
}
var _ (auth.IdentityResolver) = (*BearerTokenProviderAdapter)(nil)
// GetIdentity retrieves a bearer token using the underlying provider.
func (v *BearerTokenProviderAdapter) GetIdentity(ctx context.Context, _ smithy.Properties) (
auth.Identity, error,
) {
token, err := v.Provider.RetrieveBearerToken(ctx)
if err != nil {
return nil, fmt.Errorf("get token: %v", err)
}
return &BearerTokenAdapter{Token: token}, nil
}

View File

@ -0,0 +1,35 @@
package smithy
import (
"context"
"fmt"
"github.com/aws/smithy-go"
"github.com/aws/smithy-go/auth"
"github.com/aws/smithy-go/auth/bearer"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
// BearerTokenSignerAdapter adapts smithy bearer.Signer to smithy http
// auth.Signer.
type BearerTokenSignerAdapter struct {
Signer bearer.Signer
}
var _ (smithyhttp.Signer) = (*BearerTokenSignerAdapter)(nil)
// SignRequest signs the request with the provided bearer token.
func (v *BearerTokenSignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request, identity auth.Identity, _ smithy.Properties) error {
ca, ok := identity.(*BearerTokenAdapter)
if !ok {
return fmt.Errorf("unexpected identity type: %T", identity)
}
signed, err := v.Signer.SignWithBearerToken(ctx, ca.Token, r)
if err != nil {
return fmt.Errorf("sign request: %v", err)
}
*r = *signed.(*smithyhttp.Request)
return nil
}

View File

@ -0,0 +1,46 @@
package smithy
import (
"context"
"fmt"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/smithy-go"
"github.com/aws/smithy-go/auth"
)
// CredentialsAdapter adapts aws.Credentials to auth.Identity.
type CredentialsAdapter struct {
Credentials aws.Credentials
}
var _ auth.Identity = (*CredentialsAdapter)(nil)
// Expiration returns the time of expiration for the credentials.
func (v *CredentialsAdapter) Expiration() time.Time {
return v.Credentials.Expires
}
// CredentialsProviderAdapter adapts aws.CredentialsProvider to auth.IdentityResolver.
type CredentialsProviderAdapter struct {
Provider aws.CredentialsProvider
}
var _ (auth.IdentityResolver) = (*CredentialsProviderAdapter)(nil)
// GetIdentity retrieves AWS credentials using the underlying provider.
func (v *CredentialsProviderAdapter) GetIdentity(ctx context.Context, _ smithy.Properties) (
auth.Identity, error,
) {
if v.Provider == nil {
return &CredentialsAdapter{Credentials: aws.Credentials{}}, nil
}
creds, err := v.Provider.Retrieve(ctx)
if err != nil {
return nil, fmt.Errorf("get credentials: %v", err)
}
return &CredentialsAdapter{Credentials: creds}, nil
}

View File

@ -0,0 +1,2 @@
// Package smithy adapts concrete AWS auth and signing types to the generic smithy versions.
package smithy

View File

@ -0,0 +1,53 @@
package smithy
import (
"context"
"fmt"
v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
"github.com/aws/aws-sdk-go-v2/internal/sdk"
"github.com/aws/smithy-go"
"github.com/aws/smithy-go/auth"
"github.com/aws/smithy-go/logging"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
// V4SignerAdapter adapts v4.HTTPSigner to smithy http.Signer.
type V4SignerAdapter struct {
Signer v4.HTTPSigner
Logger logging.Logger
LogSigning bool
}
var _ (smithyhttp.Signer) = (*V4SignerAdapter)(nil)
// SignRequest signs the request with the provided identity.
func (v *V4SignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request, identity auth.Identity, props smithy.Properties) error {
ca, ok := identity.(*CredentialsAdapter)
if !ok {
return fmt.Errorf("unexpected identity type: %T", identity)
}
name, ok := smithyhttp.GetSigV4SigningName(&props)
if !ok {
return fmt.Errorf("sigv4 signing name is required")
}
region, ok := smithyhttp.GetSigV4SigningRegion(&props)
if !ok {
return fmt.Errorf("sigv4 signing region is required")
}
hash := v4.GetPayloadHash(ctx)
err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, region, sdk.NowTime(), func(o *v4.SignerOptions) {
o.DisableURIPathEscaping, _ = smithyhttp.GetDisableDoubleEncoding(&props)
o.Logger = v.Logger
o.LogSigning = v.LogSigning
})
if err != nil {
return fmt.Errorf("sign http: %v", err)
}
return nil
}

View File

@ -1,3 +1,7 @@
# v1.2.3 (2023-11-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.2.2 (2023-11-09)
* **Dependency Update**: Updated to the latest SDK module versions

View File

@ -3,4 +3,4 @@
package configsources
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.2.2"
const goModuleVersion = "1.2.3"

View File

@ -0,0 +1,201 @@
package endpoints
import (
"fmt"
"regexp"
"strings"
"github.com/aws/aws-sdk-go-v2/aws"
)
const (
defaultProtocol = "https"
defaultSigner = "v4"
)
var (
protocolPriority = []string{"https", "http"}
signerPriority = []string{"v4"}
)
// Options provide configuration needed to direct how endpoints are resolved.
type Options struct {
// Disable usage of HTTPS (TLS / SSL)
DisableHTTPS bool
}
// Partitions is a slice of partition
type Partitions []Partition
// ResolveEndpoint resolves a service endpoint for the given region and options.
func (ps Partitions) ResolveEndpoint(region string, opts Options) (aws.Endpoint, error) {
if len(ps) == 0 {
return aws.Endpoint{}, fmt.Errorf("no partitions found")
}
for i := 0; i < len(ps); i++ {
if !ps[i].canResolveEndpoint(region) {
continue
}
return ps[i].ResolveEndpoint(region, opts)
}
// fallback to first partition format to use when resolving the endpoint.
return ps[0].ResolveEndpoint(region, opts)
}
// Partition is an AWS partition description for a service and its' region endpoints.
type Partition struct {
ID string
RegionRegex *regexp.Regexp
PartitionEndpoint string
IsRegionalized bool
Defaults Endpoint
Endpoints Endpoints
}
func (p Partition) canResolveEndpoint(region string) bool {
_, ok := p.Endpoints[region]
return ok || p.RegionRegex.MatchString(region)
}
// ResolveEndpoint resolves and service endpoint for the given region and options.
func (p Partition) ResolveEndpoint(region string, options Options) (resolved aws.Endpoint, err error) {
if len(region) == 0 && len(p.PartitionEndpoint) != 0 {
region = p.PartitionEndpoint
}
e, _ := p.endpointForRegion(region)
return e.resolve(p.ID, region, p.Defaults, options), nil
}
func (p Partition) endpointForRegion(region string) (Endpoint, bool) {
if e, ok := p.Endpoints[region]; ok {
return e, true
}
if !p.IsRegionalized {
return p.Endpoints[p.PartitionEndpoint], region == p.PartitionEndpoint
}
// Unable to find any matching endpoint, return
// blank that will be used for generic endpoint creation.
return Endpoint{}, false
}
// Endpoints is a map of service config regions to endpoints
type Endpoints map[string]Endpoint
// CredentialScope is the credential scope of a region and service
type CredentialScope struct {
Region string
Service string
}
// Endpoint is a service endpoint description
type Endpoint struct {
// True if the endpoint cannot be resolved for this partition/region/service
Unresolveable aws.Ternary
Hostname string
Protocols []string
CredentialScope CredentialScope
SignatureVersions []string `json:"signatureVersions"`
}
func (e Endpoint) resolve(partition, region string, def Endpoint, options Options) aws.Endpoint {
var merged Endpoint
merged.mergeIn(def)
merged.mergeIn(e)
e = merged
var u string
if e.Unresolveable != aws.TrueTernary {
// Only attempt to resolve the endpoint if it can be resolved.
hostname := strings.Replace(e.Hostname, "{region}", region, 1)
scheme := getEndpointScheme(e.Protocols, options.DisableHTTPS)
u = scheme + "://" + hostname
}
signingRegion := e.CredentialScope.Region
if len(signingRegion) == 0 {
signingRegion = region
}
signingName := e.CredentialScope.Service
return aws.Endpoint{
URL: u,
PartitionID: partition,
SigningRegion: signingRegion,
SigningName: signingName,
SigningMethod: getByPriority(e.SignatureVersions, signerPriority, defaultSigner),
}
}
func (e *Endpoint) mergeIn(other Endpoint) {
if other.Unresolveable != aws.UnknownTernary {
e.Unresolveable = other.Unresolveable
}
if len(other.Hostname) > 0 {
e.Hostname = other.Hostname
}
if len(other.Protocols) > 0 {
e.Protocols = other.Protocols
}
if len(other.CredentialScope.Region) > 0 {
e.CredentialScope.Region = other.CredentialScope.Region
}
if len(other.CredentialScope.Service) > 0 {
e.CredentialScope.Service = other.CredentialScope.Service
}
if len(other.SignatureVersions) > 0 {
e.SignatureVersions = other.SignatureVersions
}
}
func getEndpointScheme(protocols []string, disableHTTPS bool) string {
if disableHTTPS {
return "http"
}
return getByPriority(protocols, protocolPriority, defaultProtocol)
}
func getByPriority(s []string, p []string, def string) string {
if len(s) == 0 {
return def
}
for i := 0; i < len(p); i++ {
for j := 0; j < len(s); j++ {
if s[j] == p[i] {
return s[j]
}
}
}
return s[0]
}
// MapFIPSRegion extracts the intrinsic AWS region from one that may have an
// embedded FIPS microformat.
func MapFIPSRegion(region string) string {
const fipsInfix = "-fips-"
const fipsPrefix = "fips-"
const fipsSuffix = "-fips"
if strings.Contains(region, fipsInfix) ||
strings.Contains(region, fipsPrefix) ||
strings.Contains(region, fipsSuffix) {
region = strings.ReplaceAll(region, fipsInfix, "-")
region = strings.ReplaceAll(region, fipsPrefix, "")
region = strings.ReplaceAll(region, fipsSuffix, "")
}
return region
}

View File

@ -1,3 +1,7 @@
# v2.5.3 (2023-11-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.5.2 (2023-11-09)
* **Dependency Update**: Updated to the latest SDK module versions

View File

@ -3,4 +3,4 @@
package endpoints
// goModuleVersion is the tagged release for this module
const goModuleVersion = "2.5.2"
const goModuleVersion = "2.5.3"

View File

@ -0,0 +1,112 @@
# v1.10.1 (2023-11-15)
* No change notes available for this release.
# v1.10.0 (2023-10-31)
* **Feature**: **BREAKING CHANGE**: Bump minimum go version to 1.19 per the revised [go version support policy](https://aws.amazon.com/blogs/developer/aws-sdk-for-go-aligns-with-go-release-policy-on-supported-runtimes/).
# v1.9.15 (2023-10-06)
* No change notes available for this release.
# v1.9.14 (2023-08-18)
* No change notes available for this release.
# v1.9.13 (2023-08-07)
* No change notes available for this release.
# v1.9.12 (2023-07-31)
* No change notes available for this release.
# v1.9.11 (2022-12-02)
* No change notes available for this release.
# v1.9.10 (2022-10-24)
* No change notes available for this release.
# v1.9.9 (2022-09-14)
* No change notes available for this release.
# v1.9.8 (2022-09-02)
* No change notes available for this release.
# v1.9.7 (2022-08-31)
* No change notes available for this release.
# v1.9.6 (2022-08-29)
* No change notes available for this release.
# v1.9.5 (2022-08-11)
* No change notes available for this release.
# v1.9.4 (2022-08-09)
* No change notes available for this release.
# v1.9.3 (2022-06-29)
* No change notes available for this release.
# v1.9.2 (2022-06-07)
* No change notes available for this release.
# v1.9.1 (2022-03-24)
* No change notes available for this release.
# v1.9.0 (2022-03-08)
* **Feature**: Updated `github.com/aws/smithy-go` to latest version
# v1.8.0 (2022-02-24)
* **Feature**: Updated `github.com/aws/smithy-go` to latest version
# v1.7.0 (2022-01-14)
* **Feature**: Updated `github.com/aws/smithy-go` to latest version
# v1.6.0 (2022-01-07)
* **Feature**: Updated `github.com/aws/smithy-go` to latest version
# v1.5.0 (2021-11-06)
* **Feature**: Updated `github.com/aws/smithy-go` to latest version
# v1.4.0 (2021-10-21)
* **Feature**: Updated to latest version
# v1.3.0 (2021-08-27)
* **Feature**: Updated `github.com/aws/smithy-go` to latest version
# v1.2.2 (2021-08-04)
* **Dependency Update**: Updated `github.com/aws/smithy-go` to latest version.
# v1.2.1 (2021-07-15)
* **Dependency Update**: Updated `github.com/aws/smithy-go` to latest version
# v1.2.0 (2021-06-25)
* **Feature**: Updated `github.com/aws/smithy-go` to latest version
# v1.1.0 (2021-05-14)
* **Feature**: Constant has been added to modules to enable runtime version inspection for reporting.

View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View File

@ -0,0 +1,176 @@
package acceptencoding
import (
"compress/gzip"
"context"
"fmt"
"io"
"github.com/aws/smithy-go"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
const acceptEncodingHeaderKey = "Accept-Encoding"
const contentEncodingHeaderKey = "Content-Encoding"
// AddAcceptEncodingGzipOptions provides the options for the
// AddAcceptEncodingGzip middleware setup.
type AddAcceptEncodingGzipOptions struct {
Enable bool
}
// AddAcceptEncodingGzip explicitly adds handling for accept-encoding GZIP
// middleware to the operation stack. This allows checksums to be correctly
// computed without disabling GZIP support.
func AddAcceptEncodingGzip(stack *middleware.Stack, options AddAcceptEncodingGzipOptions) error {
if options.Enable {
if err := stack.Finalize.Add(&EnableGzip{}, middleware.Before); err != nil {
return err
}
if err := stack.Deserialize.Insert(&DecompressGzip{}, "OperationDeserializer", middleware.After); err != nil {
return err
}
return nil
}
return stack.Finalize.Add(&DisableGzip{}, middleware.Before)
}
// DisableGzip provides the middleware that will
// disable the underlying http client automatically enabling for gzip
// decompress content-encoding support.
type DisableGzip struct{}
// ID returns the id for the middleware.
func (*DisableGzip) ID() string {
return "DisableAcceptEncodingGzip"
}
// HandleFinalize implements the FinalizeMiddleware interface.
func (*DisableGzip) HandleFinalize(
ctx context.Context, input middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
output middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
req, ok := input.Request.(*smithyhttp.Request)
if !ok {
return output, metadata, &smithy.SerializationError{
Err: fmt.Errorf("unknown request type %T", input.Request),
}
}
// Explicitly enable gzip support, this will prevent the http client from
// auto extracting the zipped content.
req.Header.Set(acceptEncodingHeaderKey, "identity")
return next.HandleFinalize(ctx, input)
}
// EnableGzip provides a middleware to enable support for
// gzip responses, with manual decompression. This prevents the underlying HTTP
// client from performing the gzip decompression automatically.
type EnableGzip struct{}
// ID returns the id for the middleware.
func (*EnableGzip) ID() string {
return "AcceptEncodingGzip"
}
// HandleFinalize implements the FinalizeMiddleware interface.
func (*EnableGzip) HandleFinalize(
ctx context.Context, input middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
output middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
req, ok := input.Request.(*smithyhttp.Request)
if !ok {
return output, metadata, &smithy.SerializationError{
Err: fmt.Errorf("unknown request type %T", input.Request),
}
}
// Explicitly enable gzip support, this will prevent the http client from
// auto extracting the zipped content.
req.Header.Set(acceptEncodingHeaderKey, "gzip")
return next.HandleFinalize(ctx, input)
}
// DecompressGzip provides the middleware for decompressing a gzip
// response from the service.
type DecompressGzip struct{}
// ID returns the id for the middleware.
func (*DecompressGzip) ID() string {
return "DecompressGzip"
}
// HandleDeserialize implements the DeserializeMiddlware interface.
func (*DecompressGzip) HandleDeserialize(
ctx context.Context, input middleware.DeserializeInput, next middleware.DeserializeHandler,
) (
output middleware.DeserializeOutput, metadata middleware.Metadata, err error,
) {
output, metadata, err = next.HandleDeserialize(ctx, input)
if err != nil {
return output, metadata, err
}
resp, ok := output.RawResponse.(*smithyhttp.Response)
if !ok {
return output, metadata, &smithy.DeserializationError{
Err: fmt.Errorf("unknown response type %T", output.RawResponse),
}
}
if v := resp.Header.Get(contentEncodingHeaderKey); v != "gzip" {
return output, metadata, err
}
// Clear content length since it will no longer be valid once the response
// body is decompressed.
resp.Header.Del("Content-Length")
resp.ContentLength = -1
resp.Body = wrapGzipReader(resp.Body)
return output, metadata, err
}
type gzipReader struct {
reader io.ReadCloser
gzip *gzip.Reader
}
func wrapGzipReader(reader io.ReadCloser) *gzipReader {
return &gzipReader{
reader: reader,
}
}
// Read wraps the gzip reader around the underlying io.Reader to extract the
// response bytes on the fly.
func (g *gzipReader) Read(b []byte) (n int, err error) {
if g.gzip == nil {
g.gzip, err = gzip.NewReader(g.reader)
if err != nil {
g.gzip = nil // ensure uninitialized gzip value isn't used in close.
return 0, fmt.Errorf("failed to decompress gzip response, %w", err)
}
}
return g.gzip.Read(b)
}
func (g *gzipReader) Close() error {
if g.gzip == nil {
return nil
}
if err := g.gzip.Close(); err != nil {
g.reader.Close()
return fmt.Errorf("failed to decompress gzip response, %w", err)
}
return g.reader.Close()
}

View File

@ -0,0 +1,22 @@
/*
Package acceptencoding provides customizations associated with Accept Encoding Header.
# Accept encoding gzip
The Go HTTP client automatically supports accept-encoding and content-encoding
gzip by default. This default behavior is not desired by the SDK, and prevents
validating the response body's checksum. To prevent this the SDK must manually
control usage of content-encoding gzip.
To control content-encoding, the SDK must always set the `Accept-Encoding`
header to a value. This prevents the HTTP client from using gzip automatically.
When gzip is enabled on the API client, the SDK's customization will control
decompressing the gzip data in order to not break the checksum validation. When
gzip is disabled, the API client will disable gzip, preventing the HTTP
client's default behavior.
An `EnableAcceptEncodingGzip` option may or may not be present depending on the client using
the below middleware. The option if present can be used to enable auto decompressing
gzip by the SDK.
*/
package acceptencoding

View File

@ -0,0 +1,6 @@
// Code generated by internal/repotools/cmd/updatemodulemeta DO NOT EDIT.
package acceptencoding
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.10.1"

View File

@ -1,3 +1,7 @@
# v1.10.3 (2023-11-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.10.2 (2023-11-09)
* **Dependency Update**: Updated to the latest SDK module versions

View File

@ -3,4 +3,4 @@
package presignedurl
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.10.2"
const goModuleVersion = "1.10.3"

View File

@ -1,3 +1,11 @@
# v1.25.3 (2023-11-17)
* **Documentation**: API updates for the AWS Security Token Service
# v1.25.2 (2023-11-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.25.1 (2023-11-09)
* **Dependency Update**: Updated to the latest SDK module versions

View File

@ -12,7 +12,10 @@ import (
"github.com/aws/aws-sdk-go-v2/aws/retry"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http"
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources"
acceptencodingcust "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding"
presignedurlcust "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url"
smithy "github.com/aws/smithy-go"
smithydocument "github.com/aws/smithy-go/document"
@ -49,10 +52,18 @@ func New(options Options, optFns ...func(*Options)) *Client {
resolveHTTPSignerV4(&options)
resolveEndpointResolverV2(&options)
resolveAuthSchemeResolver(&options)
for _, fn := range optFns {
fn(&options)
}
ignoreAnonymousAuth(&options)
resolveAuthSchemes(&options)
client := &Client{
options: options,
}
@ -60,140 +71,10 @@ func New(options Options, optFns ...func(*Options)) *Client {
return client
}
type Options struct {
// Set of options to modify how an operation is invoked. These apply to all
// operations invoked for this client. Use functional options on operation call to
// modify this list for per operation behavior.
APIOptions []func(*middleware.Stack) error
// The optional application specific identifier appended to the User-Agent header.
AppID string
// This endpoint will be given as input to an EndpointResolverV2. It is used for
// providing a custom base endpoint that is subject to modifications by the
// processing EndpointResolverV2.
BaseEndpoint *string
// Configures the events that will be sent to the configured logger.
ClientLogMode aws.ClientLogMode
// The credentials object to use when signing requests.
Credentials aws.CredentialsProvider
// The configuration DefaultsMode that the SDK should use when constructing the
// clients initial default settings.
DefaultsMode aws.DefaultsMode
// The endpoint options to be used when attempting to resolve an endpoint.
EndpointOptions EndpointResolverOptions
// The service endpoint resolver.
//
// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
// value for this field will likely prevent you from using any endpoint-related
// service features released after the introduction of EndpointResolverV2 and
// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
// endpoint, set the client option BaseEndpoint instead.
EndpointResolver EndpointResolver
// Resolves the endpoint used for a particular service. This should be used over
// the deprecated EndpointResolver
EndpointResolverV2 EndpointResolverV2
// Signature Version 4 (SigV4) Signer
HTTPSignerV4 HTTPSignerV4
// The logger writer interface to write logging messages to.
Logger logging.Logger
// The region to send requests to. (Required)
Region string
// RetryMaxAttempts specifies the maximum number attempts an API client will call
// an operation that fails with a retryable error. A value of 0 is ignored, and
// will not be used to configure the API client created default retryer, or modify
// per operation call's retry max attempts. When creating a new API Clients this
// member will only be used if the Retryer Options member is nil. This value will
// be ignored if Retryer is not nil. If specified in an operation call's functional
// options with a value that is different than the constructed client's Options,
// the Client's Retryer will be wrapped to use the operation's specific
// RetryMaxAttempts value.
RetryMaxAttempts int
// RetryMode specifies the retry mode the API client will be created with, if
// Retryer option is not also specified. When creating a new API Clients this
// member will only be used if the Retryer Options member is nil. This value will
// be ignored if Retryer is not nil. Currently does not support per operation call
// overrides, may in the future.
RetryMode aws.RetryMode
// Retryer guides how HTTP requests should be retried in case of recoverable
// failures. When nil the API client will use a default retryer. The kind of
// default retry created by the API client can be changed with the RetryMode
// option.
Retryer aws.Retryer
// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
// should not populate this structure programmatically, or rely on the values here
// within your applications.
RuntimeEnvironment aws.RuntimeEnvironment
// The initial DefaultsMode used when the client options were constructed. If the
// DefaultsMode was set to aws.DefaultsModeAuto this will store what the resolved
// value was at that point in time. Currently does not support per operation call
// overrides, may in the future.
resolvedDefaultsMode aws.DefaultsMode
// The HTTP client to invoke API calls with. Defaults to client's default HTTP
// implementation if nil.
HTTPClient HTTPClient
}
// WithAPIOptions returns a functional option for setting the Client's APIOptions
// option.
func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
return func(o *Options) {
o.APIOptions = append(o.APIOptions, optFns...)
}
}
// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
// this field will likely prevent you from using any endpoint-related service
// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
// To migrate an EndpointResolver implementation that uses a custom endpoint, set
// the client option BaseEndpoint instead.
func WithEndpointResolver(v EndpointResolver) func(*Options) {
return func(o *Options) {
o.EndpointResolver = v
}
}
// WithEndpointResolverV2 returns a functional option for setting the Client's
// EndpointResolverV2 option.
func WithEndpointResolverV2(v EndpointResolverV2) func(*Options) {
return func(o *Options) {
o.EndpointResolverV2 = v
}
}
type HTTPClient interface {
Do(*http.Request) (*http.Response, error)
}
// Copy creates a clone where the APIOptions list is deep copied.
func (o Options) Copy() Options {
to := o
to.APIOptions = make([]func(*middleware.Stack) error, len(o.APIOptions))
copy(to.APIOptions, o.APIOptions)
return to
}
func (c *Client) invokeOperation(ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error) (result interface{}, metadata middleware.Metadata, err error) {
ctx = middleware.ClearStackValues(ctx)
stack := middleware.NewStack(opID, smithyhttp.NewStackRequest)
options := c.options.Copy()
resolveEndpointResolverV2(&options)
for _, fn := range optFns {
fn(&options)
@ -227,6 +108,63 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
return result, metadata, err
}
type operationInputKey struct{}
func setOperationInput(ctx context.Context, input interface{}) context.Context {
return middleware.WithStackValue(ctx, operationInputKey{}, input)
}
func getOperationInput(ctx context.Context) interface{} {
return middleware.GetStackValue(ctx, operationInputKey{})
}
type setOperationInputMiddleware struct {
}
func (*setOperationInputMiddleware) ID() string {
return "setOperationInput"
}
func (m *setOperationInputMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
ctx = setOperationInput(ctx, in.Parameters)
return next.HandleSerialize(ctx, in)
}
func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, operation string) error {
if err := stack.Finalize.Add(&resolveAuthSchemeMiddleware{operation: operation, options: options}, middleware.Before); err != nil {
return fmt.Errorf("add ResolveAuthScheme: %v", err)
}
if err := stack.Finalize.Insert(&getIdentityMiddleware{options: options}, "ResolveAuthScheme", middleware.After); err != nil {
return fmt.Errorf("add GetIdentity: %v", err)
}
if err := stack.Finalize.Insert(&resolveEndpointV2Middleware{options: options}, "GetIdentity", middleware.After); err != nil {
return fmt.Errorf("add ResolveEndpointV2: %v", err)
}
if err := stack.Finalize.Insert(&signRequestMiddleware{}, "ResolveEndpointV2", middleware.After); err != nil {
return fmt.Errorf("add Signing: %v", err)
}
return nil
}
func resolveAuthSchemeResolver(options *Options) {
if options.AuthSchemeResolver == nil {
options.AuthSchemeResolver = &defaultAuthSchemeResolver{}
}
}
func resolveAuthSchemes(options *Options) {
if options.AuthSchemes == nil {
options.AuthSchemes = []smithyhttp.AuthScheme{
internalauth.NewHTTPAuthScheme("aws.auth#sigv4", &internalauthsmithy.V4SignerAdapter{
Signer: options.HTTPSignerV4,
Logger: options.Logger,
LogSigning: options.ClientLogMode.IsSigning(),
}),
}
}
}
type noSmithyDocumentSerde = smithydocument.NoSerde
type legacyEndpointContextSetter struct {
@ -417,15 +355,6 @@ func addClientUserAgent(stack *middleware.Stack, options Options) error {
return nil
}
func addHTTPSignerV4Middleware(stack *middleware.Stack, o Options) error {
mw := v4.NewSignHTTPRequestMiddleware(v4.SignHTTPRequestMiddlewareOptions{
CredentialsProvider: o.Credentials,
Signer: o.HTTPSignerV4,
LogSigning: o.ClientLogMode.IsSigning(),
})
return stack.Finalize.Add(mw, middleware.After)
}
type HTTPSignerV4 interface {
SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
}
@ -560,20 +489,61 @@ func withNopHTTPClientAPIOption(o *Options) {
o.HTTPClient = smithyhttp.NopClient{}
}
type presignContextPolyfillMiddleware struct {
}
func (*presignContextPolyfillMiddleware) ID() string {
return "presignContextPolyfill"
}
func (m *presignContextPolyfillMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
rscheme := getResolvedAuthScheme(ctx)
if rscheme == nil {
return out, metadata, fmt.Errorf("no resolved auth scheme")
}
schemeID := rscheme.Scheme.SchemeID()
if schemeID == "aws.auth#sigv4" {
if sn, ok := smithyhttp.GetSigV4SigningName(&rscheme.SignerProperties); ok {
ctx = awsmiddleware.SetSigningName(ctx, sn)
}
if sr, ok := smithyhttp.GetSigV4SigningRegion(&rscheme.SignerProperties); ok {
ctx = awsmiddleware.SetSigningRegion(ctx, sr)
}
} else if schemeID == "aws.auth#sigv4a" {
if sn, ok := smithyhttp.GetSigV4ASigningName(&rscheme.SignerProperties); ok {
ctx = awsmiddleware.SetSigningName(ctx, sn)
}
if sr, ok := smithyhttp.GetSigV4ASigningRegions(&rscheme.SignerProperties); ok {
ctx = awsmiddleware.SetSigningRegion(ctx, sr[0])
}
}
return next.HandleFinalize(ctx, in)
}
type presignConverter PresignOptions
func (c presignConverter) convertToPresignMiddleware(stack *middleware.Stack, options Options) (err error) {
stack.Finalize.Clear()
if _, ok := stack.Finalize.Get((*acceptencodingcust.DisableGzip)(nil).ID()); ok {
stack.Finalize.Remove((*acceptencodingcust.DisableGzip)(nil).ID())
}
stack.Deserialize.Clear()
stack.Build.Remove((*awsmiddleware.ClientRequestID)(nil).ID())
stack.Build.Remove("UserAgent")
if err := stack.Finalize.Insert(&presignContextPolyfillMiddleware{}, "Signing", middleware.Before); err != nil {
return err
}
pmw := v4.NewPresignHTTPRequestMiddleware(v4.PresignHTTPRequestMiddlewareOptions{
CredentialsProvider: options.Credentials,
Presigner: c.Presigner,
LogSigning: options.ClientLogMode.IsSigning(),
})
err = stack.Finalize.Add(pmw, middleware.After)
if err != nil {
if _, err := stack.Finalize.Swap("Signing", pmw); err != nil {
return err
}
if err = smithyhttp.AddNoPayloadDefaultContentTypeRemover(stack); err != nil {
@ -600,31 +570,31 @@ func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
}, middleware.After)
}
type endpointDisableHTTPSMiddleware struct {
EndpointDisableHTTPS bool
type disableHTTPSMiddleware struct {
DisableHTTPS bool
}
func (*endpointDisableHTTPSMiddleware) ID() string {
return "endpointDisableHTTPSMiddleware"
func (*disableHTTPSMiddleware) ID() string {
return "disableHTTPS"
}
func (m *endpointDisableHTTPSMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
func (m *disableHTTPSMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
}
if m.EndpointDisableHTTPS && !smithyhttp.GetHostnameImmutable(ctx) {
if m.DisableHTTPS && !smithyhttp.GetHostnameImmutable(ctx) {
req.URL.Scheme = "http"
}
return next.HandleSerialize(ctx, in)
return next.HandleFinalize(ctx, in)
}
}
func addendpointDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
return stack.Serialize.Insert(&endpointDisableHTTPSMiddleware{
EndpointDisableHTTPS: o.EndpointOptions.DisableHTTPS,
}, "OperationSerializer", middleware.Before)
func addDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
return stack.Finalize.Insert(&disableHTTPSMiddleware{
DisableHTTPS: o.EndpointOptions.DisableHTTPS,
}, "ResolveEndpointV2", middleware.After)
}

View File

@ -4,14 +4,10 @@ package sts
import (
"context"
"errors"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
"github.com/aws/aws-sdk-go-v2/service/sts/types"
smithyendpoints "github.com/aws/smithy-go/endpoints"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
@ -204,7 +200,12 @@ type AssumeRoleInput struct {
// in the IAM User Guide.
PolicyArns []types.PolicyDescriptorType
// Reserved for future use.
// A list of previously acquired trusted context assertions in the format of a
// JSON array. The trusted context assertion is signed and encrypted by Amazon Web
// Services STS. The following is an example of a ProvidedContext value that
// includes a single trusted context assertion and the ARN of the context provider
// from which the trusted context assertion was generated.
// [{"ProviderArn":"arn:aws:iam::aws:contextProvider/identitycenter","ContextAssertion":"trusted-context-assertion"}]
ProvidedContexts []types.ProvidedContext
// The identification number of the MFA device that is associated with the user
@ -327,6 +328,9 @@ type AssumeRoleOutput struct {
}
func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsAwsquery_serializeOpAssumeRole{}, middleware.After)
if err != nil {
return err
@ -335,6 +339,10 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "AssumeRole"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
@ -356,9 +364,6 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
if err = addRetryMiddlewares(stack, options); err != nil {
return err
}
if err = addHTTPSignerV4Middleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
return err
}
@ -374,7 +379,7 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addAssumeRoleResolveEndpointMiddleware(stack, options); err != nil {
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addOpAssumeRoleValidationMiddleware(stack); err != nil {
@ -395,7 +400,7 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
return nil
@ -405,7 +410,6 @@ func newServiceMetadataMiddleware_opAssumeRole(region string) *awsmiddleware.Reg
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
SigningName: "sts",
OperationName: "AssumeRole",
}
}
@ -433,126 +437,3 @@ func (c *PresignClient) PresignAssumeRole(ctx context.Context, params *AssumeRol
out := result.(*v4.PresignedHTTPRequest)
return out, nil
}
type opAssumeRoleResolveEndpointMiddleware struct {
EndpointResolver EndpointResolverV2
BuiltInResolver builtInParameterResolver
}
func (*opAssumeRoleResolveEndpointMiddleware) ID() string {
return "ResolveEndpointV2"
}
func (m *opAssumeRoleResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
return next.HandleSerialize(ctx, in)
}
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
}
if m.EndpointResolver == nil {
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
}
params := EndpointParameters{}
m.BuiltInResolver.ResolveBuiltIns(&params)
var resolvedEndpoint smithyendpoints.Endpoint
resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
if err != nil {
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
}
req.URL = &resolvedEndpoint.URI
for k := range resolvedEndpoint.Headers {
req.Header.Set(
k,
resolvedEndpoint.Headers.Get(k),
)
}
authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
if err != nil {
var nfe *internalauth.NoAuthenticationSchemesFoundError
if errors.As(err, &nfe) {
// if no auth scheme is found, default to sigv4
signingName := "sts"
signingRegion := m.BuiltInResolver.(*builtInResolver).Region
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
}
var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
if errors.As(err, &ue) {
return out, metadata, fmt.Errorf(
"This operation requests signer version(s) %v but the client only supports %v",
ue.UnsupportedSchemes,
internalauth.SupportedSchemes,
)
}
}
for _, authScheme := range authSchemes {
switch authScheme.(type) {
case *internalauth.AuthenticationSchemeV4:
v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
var signingName, signingRegion string
if v4Scheme.SigningName == nil {
signingName = "sts"
} else {
signingName = *v4Scheme.SigningName
}
if v4Scheme.SigningRegion == nil {
signingRegion = m.BuiltInResolver.(*builtInResolver).Region
} else {
signingRegion = *v4Scheme.SigningRegion
}
if v4Scheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
break
case *internalauth.AuthenticationSchemeV4A:
v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
if v4aScheme.SigningName == nil {
v4aScheme.SigningName = aws.String("sts")
}
if v4aScheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
break
case *internalauth.AuthenticationSchemeNone:
break
}
}
return next.HandleSerialize(ctx, in)
}
func addAssumeRoleResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
return stack.Serialize.Insert(&opAssumeRoleResolveEndpointMiddleware{
EndpointResolver: options.EndpointResolverV2,
BuiltInResolver: &builtInResolver{
Region: options.Region,
UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
UseFIPS: options.EndpointOptions.UseFIPSEndpoint,
Endpoint: options.BaseEndpoint,
},
}, "ResolveEndpoint", middleware.After)
}

View File

@ -4,13 +4,9 @@ package sts
import (
"context"
"errors"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
"github.com/aws/aws-sdk-go-v2/service/sts/types"
smithyendpoints "github.com/aws/smithy-go/endpoints"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
@ -281,6 +277,9 @@ type AssumeRoleWithSAMLOutput struct {
}
func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsAwsquery_serializeOpAssumeRoleWithSAML{}, middleware.After)
if err != nil {
return err
@ -289,6 +288,10 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "AssumeRoleWithSAML"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
@ -322,7 +325,7 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addAssumeRoleWithSAMLResolveEndpointMiddleware(stack, options); err != nil {
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addOpAssumeRoleWithSAMLValidationMiddleware(stack); err != nil {
@ -343,7 +346,7 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
return nil
@ -353,130 +356,6 @@ func newServiceMetadataMiddleware_opAssumeRoleWithSAML(region string) *awsmiddle
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
SigningName: "sts",
OperationName: "AssumeRoleWithSAML",
}
}
type opAssumeRoleWithSAMLResolveEndpointMiddleware struct {
EndpointResolver EndpointResolverV2
BuiltInResolver builtInParameterResolver
}
func (*opAssumeRoleWithSAMLResolveEndpointMiddleware) ID() string {
return "ResolveEndpointV2"
}
func (m *opAssumeRoleWithSAMLResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
return next.HandleSerialize(ctx, in)
}
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
}
if m.EndpointResolver == nil {
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
}
params := EndpointParameters{}
m.BuiltInResolver.ResolveBuiltIns(&params)
var resolvedEndpoint smithyendpoints.Endpoint
resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
if err != nil {
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
}
req.URL = &resolvedEndpoint.URI
for k := range resolvedEndpoint.Headers {
req.Header.Set(
k,
resolvedEndpoint.Headers.Get(k),
)
}
authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
if err != nil {
var nfe *internalauth.NoAuthenticationSchemesFoundError
if errors.As(err, &nfe) {
// if no auth scheme is found, default to sigv4
signingName := "sts"
signingRegion := m.BuiltInResolver.(*builtInResolver).Region
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
}
var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
if errors.As(err, &ue) {
return out, metadata, fmt.Errorf(
"This operation requests signer version(s) %v but the client only supports %v",
ue.UnsupportedSchemes,
internalauth.SupportedSchemes,
)
}
}
for _, authScheme := range authSchemes {
switch authScheme.(type) {
case *internalauth.AuthenticationSchemeV4:
v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
var signingName, signingRegion string
if v4Scheme.SigningName == nil {
signingName = "sts"
} else {
signingName = *v4Scheme.SigningName
}
if v4Scheme.SigningRegion == nil {
signingRegion = m.BuiltInResolver.(*builtInResolver).Region
} else {
signingRegion = *v4Scheme.SigningRegion
}
if v4Scheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
break
case *internalauth.AuthenticationSchemeV4A:
v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
if v4aScheme.SigningName == nil {
v4aScheme.SigningName = aws.String("sts")
}
if v4aScheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
break
case *internalauth.AuthenticationSchemeNone:
break
}
}
return next.HandleSerialize(ctx, in)
}
func addAssumeRoleWithSAMLResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
return stack.Serialize.Insert(&opAssumeRoleWithSAMLResolveEndpointMiddleware{
EndpointResolver: options.EndpointResolverV2,
BuiltInResolver: &builtInResolver{
Region: options.Region,
UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
UseFIPS: options.EndpointOptions.UseFIPSEndpoint,
Endpoint: options.BaseEndpoint,
},
}, "ResolveEndpoint", middleware.After)
}

View File

@ -4,13 +4,9 @@ package sts
import (
"context"
"errors"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
"github.com/aws/aws-sdk-go-v2/service/sts/types"
smithyendpoints "github.com/aws/smithy-go/endpoints"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
@ -300,6 +296,9 @@ type AssumeRoleWithWebIdentityOutput struct {
}
func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsAwsquery_serializeOpAssumeRoleWithWebIdentity{}, middleware.After)
if err != nil {
return err
@ -308,6 +307,10 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "AssumeRoleWithWebIdentity"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
@ -341,7 +344,7 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addAssumeRoleWithWebIdentityResolveEndpointMiddleware(stack, options); err != nil {
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addOpAssumeRoleWithWebIdentityValidationMiddleware(stack); err != nil {
@ -362,7 +365,7 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
return nil
@ -372,130 +375,6 @@ func newServiceMetadataMiddleware_opAssumeRoleWithWebIdentity(region string) *aw
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
SigningName: "sts",
OperationName: "AssumeRoleWithWebIdentity",
}
}
type opAssumeRoleWithWebIdentityResolveEndpointMiddleware struct {
EndpointResolver EndpointResolverV2
BuiltInResolver builtInParameterResolver
}
func (*opAssumeRoleWithWebIdentityResolveEndpointMiddleware) ID() string {
return "ResolveEndpointV2"
}
func (m *opAssumeRoleWithWebIdentityResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
return next.HandleSerialize(ctx, in)
}
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
}
if m.EndpointResolver == nil {
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
}
params := EndpointParameters{}
m.BuiltInResolver.ResolveBuiltIns(&params)
var resolvedEndpoint smithyendpoints.Endpoint
resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
if err != nil {
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
}
req.URL = &resolvedEndpoint.URI
for k := range resolvedEndpoint.Headers {
req.Header.Set(
k,
resolvedEndpoint.Headers.Get(k),
)
}
authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
if err != nil {
var nfe *internalauth.NoAuthenticationSchemesFoundError
if errors.As(err, &nfe) {
// if no auth scheme is found, default to sigv4
signingName := "sts"
signingRegion := m.BuiltInResolver.(*builtInResolver).Region
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
}
var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
if errors.As(err, &ue) {
return out, metadata, fmt.Errorf(
"This operation requests signer version(s) %v but the client only supports %v",
ue.UnsupportedSchemes,
internalauth.SupportedSchemes,
)
}
}
for _, authScheme := range authSchemes {
switch authScheme.(type) {
case *internalauth.AuthenticationSchemeV4:
v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
var signingName, signingRegion string
if v4Scheme.SigningName == nil {
signingName = "sts"
} else {
signingName = *v4Scheme.SigningName
}
if v4Scheme.SigningRegion == nil {
signingRegion = m.BuiltInResolver.(*builtInResolver).Region
} else {
signingRegion = *v4Scheme.SigningRegion
}
if v4Scheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
break
case *internalauth.AuthenticationSchemeV4A:
v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
if v4aScheme.SigningName == nil {
v4aScheme.SigningName = aws.String("sts")
}
if v4aScheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
break
case *internalauth.AuthenticationSchemeNone:
break
}
}
return next.HandleSerialize(ctx, in)
}
func addAssumeRoleWithWebIdentityResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
return stack.Serialize.Insert(&opAssumeRoleWithWebIdentityResolveEndpointMiddleware{
EndpointResolver: options.EndpointResolverV2,
BuiltInResolver: &builtInResolver{
Region: options.Region,
UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
UseFIPS: options.EndpointOptions.UseFIPSEndpoint,
Endpoint: options.BaseEndpoint,
},
}, "ResolveEndpoint", middleware.After)
}

View File

@ -4,13 +4,9 @@ package sts
import (
"context"
"errors"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
smithyendpoints "github.com/aws/smithy-go/endpoints"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
@ -78,6 +74,9 @@ type DecodeAuthorizationMessageOutput struct {
}
func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsAwsquery_serializeOpDecodeAuthorizationMessage{}, middleware.After)
if err != nil {
return err
@ -86,6 +85,10 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "DecodeAuthorizationMessage"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
@ -107,9 +110,6 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle
if err = addRetryMiddlewares(stack, options); err != nil {
return err
}
if err = addHTTPSignerV4Middleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
return err
}
@ -125,7 +125,7 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addDecodeAuthorizationMessageResolveEndpointMiddleware(stack, options); err != nil {
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addOpDecodeAuthorizationMessageValidationMiddleware(stack); err != nil {
@ -146,7 +146,7 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
return nil
@ -156,130 +156,6 @@ func newServiceMetadataMiddleware_opDecodeAuthorizationMessage(region string) *a
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
SigningName: "sts",
OperationName: "DecodeAuthorizationMessage",
}
}
type opDecodeAuthorizationMessageResolveEndpointMiddleware struct {
EndpointResolver EndpointResolverV2
BuiltInResolver builtInParameterResolver
}
func (*opDecodeAuthorizationMessageResolveEndpointMiddleware) ID() string {
return "ResolveEndpointV2"
}
func (m *opDecodeAuthorizationMessageResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
return next.HandleSerialize(ctx, in)
}
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
}
if m.EndpointResolver == nil {
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
}
params := EndpointParameters{}
m.BuiltInResolver.ResolveBuiltIns(&params)
var resolvedEndpoint smithyendpoints.Endpoint
resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
if err != nil {
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
}
req.URL = &resolvedEndpoint.URI
for k := range resolvedEndpoint.Headers {
req.Header.Set(
k,
resolvedEndpoint.Headers.Get(k),
)
}
authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
if err != nil {
var nfe *internalauth.NoAuthenticationSchemesFoundError
if errors.As(err, &nfe) {
// if no auth scheme is found, default to sigv4
signingName := "sts"
signingRegion := m.BuiltInResolver.(*builtInResolver).Region
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
}
var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
if errors.As(err, &ue) {
return out, metadata, fmt.Errorf(
"This operation requests signer version(s) %v but the client only supports %v",
ue.UnsupportedSchemes,
internalauth.SupportedSchemes,
)
}
}
for _, authScheme := range authSchemes {
switch authScheme.(type) {
case *internalauth.AuthenticationSchemeV4:
v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
var signingName, signingRegion string
if v4Scheme.SigningName == nil {
signingName = "sts"
} else {
signingName = *v4Scheme.SigningName
}
if v4Scheme.SigningRegion == nil {
signingRegion = m.BuiltInResolver.(*builtInResolver).Region
} else {
signingRegion = *v4Scheme.SigningRegion
}
if v4Scheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
break
case *internalauth.AuthenticationSchemeV4A:
v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
if v4aScheme.SigningName == nil {
v4aScheme.SigningName = aws.String("sts")
}
if v4aScheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
break
case *internalauth.AuthenticationSchemeNone:
break
}
}
return next.HandleSerialize(ctx, in)
}
func addDecodeAuthorizationMessageResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
return stack.Serialize.Insert(&opDecodeAuthorizationMessageResolveEndpointMiddleware{
EndpointResolver: options.EndpointResolverV2,
BuiltInResolver: &builtInResolver{
Region: options.Region,
UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
UseFIPS: options.EndpointOptions.UseFIPSEndpoint,
Endpoint: options.BaseEndpoint,
},
}, "ResolveEndpoint", middleware.After)
}

View File

@ -4,13 +4,9 @@ package sts
import (
"context"
"errors"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
smithyendpoints "github.com/aws/smithy-go/endpoints"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
@ -71,6 +67,9 @@ type GetAccessKeyInfoOutput struct {
}
func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsAwsquery_serializeOpGetAccessKeyInfo{}, middleware.After)
if err != nil {
return err
@ -79,6 +78,10 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "GetAccessKeyInfo"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
@ -100,9 +103,6 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack
if err = addRetryMiddlewares(stack, options); err != nil {
return err
}
if err = addHTTPSignerV4Middleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
return err
}
@ -118,7 +118,7 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addGetAccessKeyInfoResolveEndpointMiddleware(stack, options); err != nil {
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addOpGetAccessKeyInfoValidationMiddleware(stack); err != nil {
@ -139,7 +139,7 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
return nil
@ -149,130 +149,6 @@ func newServiceMetadataMiddleware_opGetAccessKeyInfo(region string) *awsmiddlewa
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
SigningName: "sts",
OperationName: "GetAccessKeyInfo",
}
}
type opGetAccessKeyInfoResolveEndpointMiddleware struct {
EndpointResolver EndpointResolverV2
BuiltInResolver builtInParameterResolver
}
func (*opGetAccessKeyInfoResolveEndpointMiddleware) ID() string {
return "ResolveEndpointV2"
}
func (m *opGetAccessKeyInfoResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
return next.HandleSerialize(ctx, in)
}
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
}
if m.EndpointResolver == nil {
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
}
params := EndpointParameters{}
m.BuiltInResolver.ResolveBuiltIns(&params)
var resolvedEndpoint smithyendpoints.Endpoint
resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
if err != nil {
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
}
req.URL = &resolvedEndpoint.URI
for k := range resolvedEndpoint.Headers {
req.Header.Set(
k,
resolvedEndpoint.Headers.Get(k),
)
}
authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
if err != nil {
var nfe *internalauth.NoAuthenticationSchemesFoundError
if errors.As(err, &nfe) {
// if no auth scheme is found, default to sigv4
signingName := "sts"
signingRegion := m.BuiltInResolver.(*builtInResolver).Region
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
}
var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
if errors.As(err, &ue) {
return out, metadata, fmt.Errorf(
"This operation requests signer version(s) %v but the client only supports %v",
ue.UnsupportedSchemes,
internalauth.SupportedSchemes,
)
}
}
for _, authScheme := range authSchemes {
switch authScheme.(type) {
case *internalauth.AuthenticationSchemeV4:
v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
var signingName, signingRegion string
if v4Scheme.SigningName == nil {
signingName = "sts"
} else {
signingName = *v4Scheme.SigningName
}
if v4Scheme.SigningRegion == nil {
signingRegion = m.BuiltInResolver.(*builtInResolver).Region
} else {
signingRegion = *v4Scheme.SigningRegion
}
if v4Scheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
break
case *internalauth.AuthenticationSchemeV4A:
v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
if v4aScheme.SigningName == nil {
v4aScheme.SigningName = aws.String("sts")
}
if v4aScheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
break
case *internalauth.AuthenticationSchemeNone:
break
}
}
return next.HandleSerialize(ctx, in)
}
func addGetAccessKeyInfoResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
return stack.Serialize.Insert(&opGetAccessKeyInfoResolveEndpointMiddleware{
EndpointResolver: options.EndpointResolverV2,
BuiltInResolver: &builtInResolver{
Region: options.Region,
UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
UseFIPS: options.EndpointOptions.UseFIPSEndpoint,
Endpoint: options.BaseEndpoint,
},
}, "ResolveEndpoint", middleware.After)
}

View File

@ -4,13 +4,9 @@ package sts
import (
"context"
"errors"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
smithyendpoints "github.com/aws/smithy-go/endpoints"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
@ -66,6 +62,9 @@ type GetCallerIdentityOutput struct {
}
func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsAwsquery_serializeOpGetCallerIdentity{}, middleware.After)
if err != nil {
return err
@ -74,6 +73,10 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "GetCallerIdentity"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
@ -95,9 +98,6 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac
if err = addRetryMiddlewares(stack, options); err != nil {
return err
}
if err = addHTTPSignerV4Middleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
return err
}
@ -113,7 +113,7 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addGetCallerIdentityResolveEndpointMiddleware(stack, options); err != nil {
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetCallerIdentity(options.Region), middleware.Before); err != nil {
@ -131,7 +131,7 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
return nil
@ -141,7 +141,6 @@ func newServiceMetadataMiddleware_opGetCallerIdentity(region string) *awsmiddlew
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
SigningName: "sts",
OperationName: "GetCallerIdentity",
}
}
@ -169,126 +168,3 @@ func (c *PresignClient) PresignGetCallerIdentity(ctx context.Context, params *Ge
out := result.(*v4.PresignedHTTPRequest)
return out, nil
}
type opGetCallerIdentityResolveEndpointMiddleware struct {
EndpointResolver EndpointResolverV2
BuiltInResolver builtInParameterResolver
}
func (*opGetCallerIdentityResolveEndpointMiddleware) ID() string {
return "ResolveEndpointV2"
}
func (m *opGetCallerIdentityResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
return next.HandleSerialize(ctx, in)
}
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
}
if m.EndpointResolver == nil {
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
}
params := EndpointParameters{}
m.BuiltInResolver.ResolveBuiltIns(&params)
var resolvedEndpoint smithyendpoints.Endpoint
resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
if err != nil {
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
}
req.URL = &resolvedEndpoint.URI
for k := range resolvedEndpoint.Headers {
req.Header.Set(
k,
resolvedEndpoint.Headers.Get(k),
)
}
authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
if err != nil {
var nfe *internalauth.NoAuthenticationSchemesFoundError
if errors.As(err, &nfe) {
// if no auth scheme is found, default to sigv4
signingName := "sts"
signingRegion := m.BuiltInResolver.(*builtInResolver).Region
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
}
var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
if errors.As(err, &ue) {
return out, metadata, fmt.Errorf(
"This operation requests signer version(s) %v but the client only supports %v",
ue.UnsupportedSchemes,
internalauth.SupportedSchemes,
)
}
}
for _, authScheme := range authSchemes {
switch authScheme.(type) {
case *internalauth.AuthenticationSchemeV4:
v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
var signingName, signingRegion string
if v4Scheme.SigningName == nil {
signingName = "sts"
} else {
signingName = *v4Scheme.SigningName
}
if v4Scheme.SigningRegion == nil {
signingRegion = m.BuiltInResolver.(*builtInResolver).Region
} else {
signingRegion = *v4Scheme.SigningRegion
}
if v4Scheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
break
case *internalauth.AuthenticationSchemeV4A:
v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
if v4aScheme.SigningName == nil {
v4aScheme.SigningName = aws.String("sts")
}
if v4aScheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
break
case *internalauth.AuthenticationSchemeNone:
break
}
}
return next.HandleSerialize(ctx, in)
}
func addGetCallerIdentityResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
return stack.Serialize.Insert(&opGetCallerIdentityResolveEndpointMiddleware{
EndpointResolver: options.EndpointResolverV2,
BuiltInResolver: &builtInResolver{
Region: options.Region,
UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
UseFIPS: options.EndpointOptions.UseFIPSEndpoint,
Endpoint: options.BaseEndpoint,
},
}, "ResolveEndpoint", middleware.After)
}

View File

@ -4,14 +4,10 @@ package sts
import (
"context"
"errors"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
"github.com/aws/aws-sdk-go-v2/service/sts/types"
smithyendpoints "github.com/aws/smithy-go/endpoints"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
@ -238,6 +234,9 @@ type GetFederationTokenOutput struct {
}
func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsAwsquery_serializeOpGetFederationToken{}, middleware.After)
if err != nil {
return err
@ -246,6 +245,10 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "GetFederationToken"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
@ -267,9 +270,6 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta
if err = addRetryMiddlewares(stack, options); err != nil {
return err
}
if err = addHTTPSignerV4Middleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
return err
}
@ -285,7 +285,7 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addGetFederationTokenResolveEndpointMiddleware(stack, options); err != nil {
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addOpGetFederationTokenValidationMiddleware(stack); err != nil {
@ -306,7 +306,7 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
return nil
@ -316,130 +316,6 @@ func newServiceMetadataMiddleware_opGetFederationToken(region string) *awsmiddle
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
SigningName: "sts",
OperationName: "GetFederationToken",
}
}
type opGetFederationTokenResolveEndpointMiddleware struct {
EndpointResolver EndpointResolverV2
BuiltInResolver builtInParameterResolver
}
func (*opGetFederationTokenResolveEndpointMiddleware) ID() string {
return "ResolveEndpointV2"
}
func (m *opGetFederationTokenResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
return next.HandleSerialize(ctx, in)
}
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
}
if m.EndpointResolver == nil {
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
}
params := EndpointParameters{}
m.BuiltInResolver.ResolveBuiltIns(&params)
var resolvedEndpoint smithyendpoints.Endpoint
resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
if err != nil {
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
}
req.URL = &resolvedEndpoint.URI
for k := range resolvedEndpoint.Headers {
req.Header.Set(
k,
resolvedEndpoint.Headers.Get(k),
)
}
authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
if err != nil {
var nfe *internalauth.NoAuthenticationSchemesFoundError
if errors.As(err, &nfe) {
// if no auth scheme is found, default to sigv4
signingName := "sts"
signingRegion := m.BuiltInResolver.(*builtInResolver).Region
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
}
var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
if errors.As(err, &ue) {
return out, metadata, fmt.Errorf(
"This operation requests signer version(s) %v but the client only supports %v",
ue.UnsupportedSchemes,
internalauth.SupportedSchemes,
)
}
}
for _, authScheme := range authSchemes {
switch authScheme.(type) {
case *internalauth.AuthenticationSchemeV4:
v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
var signingName, signingRegion string
if v4Scheme.SigningName == nil {
signingName = "sts"
} else {
signingName = *v4Scheme.SigningName
}
if v4Scheme.SigningRegion == nil {
signingRegion = m.BuiltInResolver.(*builtInResolver).Region
} else {
signingRegion = *v4Scheme.SigningRegion
}
if v4Scheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
break
case *internalauth.AuthenticationSchemeV4A:
v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
if v4aScheme.SigningName == nil {
v4aScheme.SigningName = aws.String("sts")
}
if v4aScheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
break
case *internalauth.AuthenticationSchemeNone:
break
}
}
return next.HandleSerialize(ctx, in)
}
func addGetFederationTokenResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
return stack.Serialize.Insert(&opGetFederationTokenResolveEndpointMiddleware{
EndpointResolver: options.EndpointResolverV2,
BuiltInResolver: &builtInResolver{
Region: options.Region,
UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
UseFIPS: options.EndpointOptions.UseFIPSEndpoint,
Endpoint: options.BaseEndpoint,
},
}, "ResolveEndpoint", middleware.After)
}

View File

@ -4,14 +4,10 @@ package sts
import (
"context"
"errors"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
"github.com/aws/aws-sdk-go-v2/service/sts/types"
smithyendpoints "github.com/aws/smithy-go/endpoints"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
@ -124,6 +120,9 @@ type GetSessionTokenOutput struct {
}
func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsAwsquery_serializeOpGetSessionToken{}, middleware.After)
if err != nil {
return err
@ -132,6 +131,10 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack,
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "GetSessionToken"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
@ -153,9 +156,6 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack,
if err = addRetryMiddlewares(stack, options); err != nil {
return err
}
if err = addHTTPSignerV4Middleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
return err
}
@ -171,7 +171,7 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack,
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addGetSessionTokenResolveEndpointMiddleware(stack, options); err != nil {
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetSessionToken(options.Region), middleware.Before); err != nil {
@ -189,7 +189,7 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack,
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
return nil
@ -199,130 +199,6 @@ func newServiceMetadataMiddleware_opGetSessionToken(region string) *awsmiddlewar
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
SigningName: "sts",
OperationName: "GetSessionToken",
}
}
type opGetSessionTokenResolveEndpointMiddleware struct {
EndpointResolver EndpointResolverV2
BuiltInResolver builtInParameterResolver
}
func (*opGetSessionTokenResolveEndpointMiddleware) ID() string {
return "ResolveEndpointV2"
}
func (m *opGetSessionTokenResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
return next.HandleSerialize(ctx, in)
}
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
}
if m.EndpointResolver == nil {
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
}
params := EndpointParameters{}
m.BuiltInResolver.ResolveBuiltIns(&params)
var resolvedEndpoint smithyendpoints.Endpoint
resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
if err != nil {
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
}
req.URL = &resolvedEndpoint.URI
for k := range resolvedEndpoint.Headers {
req.Header.Set(
k,
resolvedEndpoint.Headers.Get(k),
)
}
authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
if err != nil {
var nfe *internalauth.NoAuthenticationSchemesFoundError
if errors.As(err, &nfe) {
// if no auth scheme is found, default to sigv4
signingName := "sts"
signingRegion := m.BuiltInResolver.(*builtInResolver).Region
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
}
var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
if errors.As(err, &ue) {
return out, metadata, fmt.Errorf(
"This operation requests signer version(s) %v but the client only supports %v",
ue.UnsupportedSchemes,
internalauth.SupportedSchemes,
)
}
}
for _, authScheme := range authSchemes {
switch authScheme.(type) {
case *internalauth.AuthenticationSchemeV4:
v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
var signingName, signingRegion string
if v4Scheme.SigningName == nil {
signingName = "sts"
} else {
signingName = *v4Scheme.SigningName
}
if v4Scheme.SigningRegion == nil {
signingRegion = m.BuiltInResolver.(*builtInResolver).Region
} else {
signingRegion = *v4Scheme.SigningRegion
}
if v4Scheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, signingName)
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
break
case *internalauth.AuthenticationSchemeV4A:
v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
if v4aScheme.SigningName == nil {
v4aScheme.SigningName = aws.String("sts")
}
if v4aScheme.DisableDoubleEncoding != nil {
// The signer sets an equivalent value at client initialization time.
// Setting this context value will cause the signer to extract it
// and override the value set at client initialization time.
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
}
ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
break
case *internalauth.AuthenticationSchemeNone:
break
}
}
return next.HandleSerialize(ctx, in)
}
func addGetSessionTokenResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
return stack.Serialize.Insert(&opGetSessionTokenResolveEndpointMiddleware{
EndpointResolver: options.EndpointResolverV2,
BuiltInResolver: &builtInResolver{
Region: options.Region,
UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
UseFIPS: options.EndpointOptions.UseFIPSEndpoint,
Endpoint: options.BaseEndpoint,
},
}, "ResolveEndpoint", middleware.After)
}

290
vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go generated vendored Normal file
View File

@ -0,0 +1,290 @@
// Code generated by smithy-go-codegen DO NOT EDIT.
package sts
import (
"context"
"fmt"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
smithy "github.com/aws/smithy-go"
smithyauth "github.com/aws/smithy-go/auth"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
func bindAuthParamsRegion(params *AuthResolverParameters, _ interface{}, options Options) {
params.Region = options.Region
}
type setLegacyContextSigningOptionsMiddleware struct {
}
func (*setLegacyContextSigningOptionsMiddleware) ID() string {
return "setLegacyContextSigningOptions"
}
func (m *setLegacyContextSigningOptionsMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
rscheme := getResolvedAuthScheme(ctx)
schemeID := rscheme.Scheme.SchemeID()
if sn := awsmiddleware.GetSigningName(ctx); sn != "" {
if schemeID == "aws.auth#sigv4" {
smithyhttp.SetSigV4SigningName(&rscheme.SignerProperties, sn)
} else if schemeID == "aws.auth#sigv4a" {
smithyhttp.SetSigV4ASigningName(&rscheme.SignerProperties, sn)
}
}
if sr := awsmiddleware.GetSigningRegion(ctx); sr != "" {
if schemeID == "aws.auth#sigv4" {
smithyhttp.SetSigV4SigningRegion(&rscheme.SignerProperties, sr)
} else if schemeID == "aws.auth#sigv4a" {
smithyhttp.SetSigV4ASigningRegions(&rscheme.SignerProperties, []string{sr})
}
}
return next.HandleFinalize(ctx, in)
}
func addSetLegacyContextSigningOptionsMiddleware(stack *middleware.Stack) error {
return stack.Finalize.Insert(&setLegacyContextSigningOptionsMiddleware{}, "Signing", middleware.Before)
}
// AuthResolverParameters contains the set of inputs necessary for auth scheme
// resolution.
type AuthResolverParameters struct {
// The name of the operation being invoked.
Operation string
// The region in which the operation is being invoked.
Region string
}
func bindAuthResolverParams(operation string, input interface{}, options Options) *AuthResolverParameters {
params := &AuthResolverParameters{
Operation: operation,
}
bindAuthParamsRegion(params, input, options)
return params
}
// AuthSchemeResolver returns a set of possible authentication options for an
// operation.
type AuthSchemeResolver interface {
ResolveAuthSchemes(context.Context, *AuthResolverParameters) ([]*smithyauth.Option, error)
}
type defaultAuthSchemeResolver struct{}
var _ AuthSchemeResolver = (*defaultAuthSchemeResolver)(nil)
func (*defaultAuthSchemeResolver) ResolveAuthSchemes(ctx context.Context, params *AuthResolverParameters) ([]*smithyauth.Option, error) {
if overrides, ok := operationAuthOptions[params.Operation]; ok {
return overrides(params), nil
}
return serviceAuthOptions(params), nil
}
var operationAuthOptions = map[string]func(*AuthResolverParameters) []*smithyauth.Option{
"AssumeRoleWithSAML": func(params *AuthResolverParameters) []*smithyauth.Option {
return []*smithyauth.Option{
{
SchemeID: smithyauth.SchemeIDSigV4,
SignerProperties: func() smithy.Properties {
var props smithy.Properties
smithyhttp.SetSigV4SigningName(&props, "sts")
smithyhttp.SetSigV4SigningRegion(&props, params.Region)
return props
}(),
},
{SchemeID: smithyauth.SchemeIDAnonymous},
}
},
"AssumeRoleWithWebIdentity": func(params *AuthResolverParameters) []*smithyauth.Option {
return []*smithyauth.Option{
{
SchemeID: smithyauth.SchemeIDSigV4,
SignerProperties: func() smithy.Properties {
var props smithy.Properties
smithyhttp.SetSigV4SigningName(&props, "sts")
smithyhttp.SetSigV4SigningRegion(&props, params.Region)
return props
}(),
},
{SchemeID: smithyauth.SchemeIDAnonymous},
}
},
}
func serviceAuthOptions(params *AuthResolverParameters) []*smithyauth.Option {
return []*smithyauth.Option{
{
SchemeID: smithyauth.SchemeIDSigV4,
SignerProperties: func() smithy.Properties {
var props smithy.Properties
smithyhttp.SetSigV4SigningName(&props, "sts")
smithyhttp.SetSigV4SigningRegion(&props, params.Region)
return props
}(),
},
}
}
type resolveAuthSchemeMiddleware struct {
operation string
options Options
}
func (*resolveAuthSchemeMiddleware) ID() string {
return "ResolveAuthScheme"
}
func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
params := bindAuthResolverParams(m.operation, getOperationInput(ctx), m.options)
options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params)
if err != nil {
return out, metadata, fmt.Errorf("resolve auth scheme: %v", err)
}
scheme, ok := m.selectScheme(options)
if !ok {
return out, metadata, fmt.Errorf("could not select an auth scheme")
}
ctx = setResolvedAuthScheme(ctx, scheme)
return next.HandleFinalize(ctx, in)
}
func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) (*resolvedAuthScheme, bool) {
for _, option := range options {
if option.SchemeID == smithyauth.SchemeIDAnonymous {
return newResolvedAuthScheme(smithyhttp.NewAnonymousScheme(), option), true
}
for _, scheme := range m.options.AuthSchemes {
if scheme.SchemeID() != option.SchemeID {
continue
}
if scheme.IdentityResolver(m.options) != nil {
return newResolvedAuthScheme(scheme, option), true
}
}
}
return nil, false
}
type resolvedAuthSchemeKey struct{}
type resolvedAuthScheme struct {
Scheme smithyhttp.AuthScheme
IdentityProperties smithy.Properties
SignerProperties smithy.Properties
}
func newResolvedAuthScheme(scheme smithyhttp.AuthScheme, option *smithyauth.Option) *resolvedAuthScheme {
return &resolvedAuthScheme{
Scheme: scheme,
IdentityProperties: option.IdentityProperties,
SignerProperties: option.SignerProperties,
}
}
func setResolvedAuthScheme(ctx context.Context, scheme *resolvedAuthScheme) context.Context {
return middleware.WithStackValue(ctx, resolvedAuthSchemeKey{}, scheme)
}
func getResolvedAuthScheme(ctx context.Context) *resolvedAuthScheme {
v, _ := middleware.GetStackValue(ctx, resolvedAuthSchemeKey{}).(*resolvedAuthScheme)
return v
}
type getIdentityMiddleware struct {
options Options
}
func (*getIdentityMiddleware) ID() string {
return "GetIdentity"
}
func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
rscheme := getResolvedAuthScheme(ctx)
if rscheme == nil {
return out, metadata, fmt.Errorf("no resolved auth scheme")
}
resolver := rscheme.Scheme.IdentityResolver(m.options)
if resolver == nil {
return out, metadata, fmt.Errorf("no identity resolver")
}
identity, err := resolver.GetIdentity(ctx, rscheme.IdentityProperties)
if err != nil {
return out, metadata, fmt.Errorf("get identity: %v", err)
}
ctx = setIdentity(ctx, identity)
return next.HandleFinalize(ctx, in)
}
type identityKey struct{}
func setIdentity(ctx context.Context, identity smithyauth.Identity) context.Context {
return middleware.WithStackValue(ctx, identityKey{}, identity)
}
func getIdentity(ctx context.Context) smithyauth.Identity {
v, _ := middleware.GetStackValue(ctx, identityKey{}).(smithyauth.Identity)
return v
}
type signRequestMiddleware struct {
}
func (*signRequestMiddleware) ID() string {
return "Signing"
}
func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unexpected transport type %T", in.Request)
}
rscheme := getResolvedAuthScheme(ctx)
if rscheme == nil {
return out, metadata, fmt.Errorf("no resolved auth scheme")
}
identity := getIdentity(ctx)
if identity == nil {
return out, metadata, fmt.Errorf("no identity")
}
signer := rscheme.Scheme.Signer()
if signer == nil {
return out, metadata, fmt.Errorf("no signer")
}
if err := signer.SignRequest(ctx, req, identity, rscheme.SignerProperties); err != nil {
return out, metadata, fmt.Errorf("sign request: %v", err)
}
return next.HandleFinalize(ctx, in)
}

View File

@ -9,9 +9,11 @@ import (
"github.com/aws/aws-sdk-go-v2/aws"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources"
"github.com/aws/aws-sdk-go-v2/internal/endpoints"
"github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn"
internalendpoints "github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints"
smithy "github.com/aws/smithy-go"
smithyauth "github.com/aws/smithy-go/auth"
smithyendpoints "github.com/aws/smithy-go/endpoints"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/ptr"
@ -215,77 +217,6 @@ func resolveBaseEndpoint(cfg aws.Config, o *Options) {
}
}
// Utility function to aid with translating pseudo-regions to classical regions
// with the appropriate setting indicated by the pseudo-region
func mapPseudoRegion(pr string) (region string, fips aws.FIPSEndpointState) {
const fipsInfix = "-fips-"
const fipsPrefix = "fips-"
const fipsSuffix = "-fips"
if strings.Contains(pr, fipsInfix) ||
strings.Contains(pr, fipsPrefix) ||
strings.Contains(pr, fipsSuffix) {
region = strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(
pr, fipsInfix, "-"), fipsPrefix, ""), fipsSuffix, "")
fips = aws.FIPSEndpointStateEnabled
} else {
region = pr
}
return region, fips
}
// builtInParameterResolver is the interface responsible for resolving BuiltIn
// values during the sourcing of EndpointParameters
type builtInParameterResolver interface {
ResolveBuiltIns(*EndpointParameters) error
}
// builtInResolver resolves modeled BuiltIn values using only the members defined
// below.
type builtInResolver struct {
// The AWS region used to dispatch the request.
Region string
// Sourced BuiltIn value in a historical enabled or disabled state.
UseDualStack aws.DualStackEndpointState
// Sourced BuiltIn value in a historical enabled or disabled state.
UseFIPS aws.FIPSEndpointState
// Base endpoint that can potentially be modified during Endpoint resolution.
Endpoint *string
// Whether the global endpoint should be used, rather then the regional endpoint
// for us-east-1.
UseGlobalEndpoint bool
}
// Invoked at runtime to resolve BuiltIn Values. Only resolution code specific to
// each BuiltIn value is generated.
func (b *builtInResolver) ResolveBuiltIns(params *EndpointParameters) error {
region, _ := mapPseudoRegion(b.Region)
if len(region) == 0 {
return fmt.Errorf("Could not resolve AWS::Region")
} else {
params.Region = aws.String(region)
}
if b.UseDualStack == aws.DualStackEndpointStateEnabled {
params.UseDualStack = aws.Bool(true)
} else {
params.UseDualStack = aws.Bool(false)
}
if b.UseFIPS == aws.FIPSEndpointStateEnabled {
params.UseFIPS = aws.Bool(true)
} else {
params.UseFIPS = aws.Bool(false)
}
params.Endpoint = b.Endpoint
params.UseGlobalEndpoint = aws.Bool(b.UseGlobalEndpoint)
return nil
}
// EndpointParameters provides the parameters that influence how endpoints are
// resolved.
type EndpointParameters struct {
@ -422,11 +353,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -446,11 +383,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -470,11 +413,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -494,11 +443,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -518,11 +473,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -542,11 +503,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -566,11 +533,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -590,11 +563,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -614,11 +593,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -638,11 +623,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -662,11 +653,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -686,11 +683,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -710,11 +713,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -734,11 +743,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -758,11 +773,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -782,11 +803,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -812,11 +839,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": _Region,
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, _Region)
return sp
}(),
},
})
return out
@ -883,8 +916,8 @@ func (r *resolver) ResolveEndpoint(
}
}
if _UseFIPS == true {
if true == _PartitionResult.SupportsFIPS {
if "aws-us-gov" == _PartitionResult.Name {
if _PartitionResult.SupportsFIPS == true {
if _PartitionResult.Name == "aws-us-gov" {
uriString := func() string {
var out strings.Builder
out.WriteString("https://sts.")
@ -960,11 +993,17 @@ func (r *resolver) ResolveEndpoint(
Headers: http.Header{},
Properties: func() smithy.Properties {
var out smithy.Properties
out.Set("authSchemes", []interface{}{
map[string]interface{}{
"name": "sigv4",
"signingName": "sts",
"signingRegion": "us-east-1",
smithyauth.SetAuthOptions(&out, []*smithyauth.Option{
{
SchemeID: "aws.auth#sigv4",
SignerProperties: func() smithy.Properties {
var sp smithy.Properties
smithyhttp.SetSigV4SigningName(&sp, "sts")
smithyhttp.SetSigV4ASigningName(&sp, "sts")
smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1")
return sp
}(),
},
})
return out
@ -994,3 +1033,76 @@ func (r *resolver) ResolveEndpoint(
}
return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region")
}
type endpointParamsBinder interface {
bindEndpointParams(*EndpointParameters)
}
func bindEndpointParams(input interface{}, options Options) *EndpointParameters {
params := &EndpointParameters{}
params.Region = aws.String(endpoints.MapFIPSRegion(options.Region))
params.UseDualStack = aws.Bool(options.EndpointOptions.UseDualStackEndpoint == aws.DualStackEndpointStateEnabled)
params.UseFIPS = aws.Bool(options.EndpointOptions.UseFIPSEndpoint == aws.FIPSEndpointStateEnabled)
params.Endpoint = options.BaseEndpoint
if b, ok := input.(endpointParamsBinder); ok {
b.bindEndpointParams(params)
}
return params
}
type resolveEndpointV2Middleware struct {
options Options
}
func (*resolveEndpointV2Middleware) ID() string {
return "ResolveEndpointV2"
}
func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
return next.HandleFinalize(ctx, in)
}
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
}
if m.options.EndpointResolverV2 == nil {
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
}
params := bindEndpointParams(getOperationInput(ctx), m.options)
endpt, err := m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
if err != nil {
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
}
if endpt.URI.RawPath == "" && req.URL.RawPath != "" {
endpt.URI.RawPath = endpt.URI.Path
}
req.URL.Scheme = endpt.URI.Scheme
req.URL.Host = endpt.URI.Host
req.URL.Path = smithyhttp.JoinPath(endpt.URI.Path, req.URL.Path)
req.URL.RawPath = smithyhttp.JoinPath(endpt.URI.RawPath, req.URL.RawPath)
for k := range endpt.Headers {
req.Header.Set(k, endpt.Headers.Get(k))
}
rscheme := getResolvedAuthScheme(ctx)
if rscheme == nil {
return out, metadata, fmt.Errorf("no resolved auth scheme")
}
opts, _ := smithyauth.GetAuthOptions(&endpt.Properties)
for _, o := range opts {
rscheme.SignerProperties.SetAll(&o.SignerProperties)
}
return next.HandleFinalize(ctx, in)
}

View File

@ -3,6 +3,7 @@
"github.com/aws/aws-sdk-go-v2": "v1.4.0",
"github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000",
"github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
"github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding": "v1.0.5",
"github.com/aws/aws-sdk-go-v2/service/internal/presigned-url": "v1.0.7",
"github.com/aws/smithy-go": "v1.4.0",
"github.com/google/go-cmp": "v0.5.4"
@ -18,6 +19,7 @@
"api_op_GetCallerIdentity.go",
"api_op_GetFederationToken.go",
"api_op_GetSessionToken.go",
"auth.go",
"deserializers.go",
"doc.go",
"endpoints.go",
@ -26,6 +28,7 @@
"generated.json",
"internal/endpoints/endpoints.go",
"internal/endpoints/endpoints_test.go",
"options.go",
"protocol_test.go",
"serializers.go",
"types/errors.go",

View File

@ -3,4 +3,4 @@
package sts
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.25.1"
const goModuleVersion = "1.25.3"

View File

@ -0,0 +1,219 @@
// Code generated by smithy-go-codegen DO NOT EDIT.
package sts
import (
"context"
"github.com/aws/aws-sdk-go-v2/aws"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
smithyauth "github.com/aws/smithy-go/auth"
"github.com/aws/smithy-go/logging"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
"net/http"
)
type HTTPClient interface {
Do(*http.Request) (*http.Response, error)
}
type Options struct {
// Set of options to modify how an operation is invoked. These apply to all
// operations invoked for this client. Use functional options on operation call to
// modify this list for per operation behavior.
APIOptions []func(*middleware.Stack) error
// The optional application specific identifier appended to the User-Agent header.
AppID string
// This endpoint will be given as input to an EndpointResolverV2. It is used for
// providing a custom base endpoint that is subject to modifications by the
// processing EndpointResolverV2.
BaseEndpoint *string
// Configures the events that will be sent to the configured logger.
ClientLogMode aws.ClientLogMode
// The credentials object to use when signing requests.
Credentials aws.CredentialsProvider
// The configuration DefaultsMode that the SDK should use when constructing the
// clients initial default settings.
DefaultsMode aws.DefaultsMode
// The endpoint options to be used when attempting to resolve an endpoint.
EndpointOptions EndpointResolverOptions
// The service endpoint resolver.
//
// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
// value for this field will likely prevent you from using any endpoint-related
// service features released after the introduction of EndpointResolverV2 and
// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
// endpoint, set the client option BaseEndpoint instead.
EndpointResolver EndpointResolver
// Resolves the endpoint used for a particular service operation. This should be
// used over the deprecated EndpointResolver.
EndpointResolverV2 EndpointResolverV2
// Signature Version 4 (SigV4) Signer
HTTPSignerV4 HTTPSignerV4
// The logger writer interface to write logging messages to.
Logger logging.Logger
// The region to send requests to. (Required)
Region string
// RetryMaxAttempts specifies the maximum number attempts an API client will call
// an operation that fails with a retryable error. A value of 0 is ignored, and
// will not be used to configure the API client created default retryer, or modify
// per operation call's retry max attempts. When creating a new API Clients this
// member will only be used if the Retryer Options member is nil. This value will
// be ignored if Retryer is not nil. If specified in an operation call's functional
// options with a value that is different than the constructed client's Options,
// the Client's Retryer will be wrapped to use the operation's specific
// RetryMaxAttempts value.
RetryMaxAttempts int
// RetryMode specifies the retry mode the API client will be created with, if
// Retryer option is not also specified. When creating a new API Clients this
// member will only be used if the Retryer Options member is nil. This value will
// be ignored if Retryer is not nil. Currently does not support per operation call
// overrides, may in the future.
RetryMode aws.RetryMode
// Retryer guides how HTTP requests should be retried in case of recoverable
// failures. When nil the API client will use a default retryer. The kind of
// default retry created by the API client can be changed with the RetryMode
// option.
Retryer aws.Retryer
// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
// should not populate this structure programmatically, or rely on the values here
// within your applications.
RuntimeEnvironment aws.RuntimeEnvironment
// The initial DefaultsMode used when the client options were constructed. If the
// DefaultsMode was set to aws.DefaultsModeAuto this will store what the resolved
// value was at that point in time. Currently does not support per operation call
// overrides, may in the future.
resolvedDefaultsMode aws.DefaultsMode
// The HTTP client to invoke API calls with. Defaults to client's default HTTP
// implementation if nil.
HTTPClient HTTPClient
// The auth scheme resolver which determines how to authenticate for each
// operation.
AuthSchemeResolver AuthSchemeResolver
// The list of auth schemes supported by the client.
AuthSchemes []smithyhttp.AuthScheme
}
// Copy creates a clone where the APIOptions list is deep copied.
func (o Options) Copy() Options {
to := o
to.APIOptions = make([]func(*middleware.Stack) error, len(o.APIOptions))
copy(to.APIOptions, o.APIOptions)
return to
}
func (o Options) GetIdentityResolver(schemeID string) smithyauth.IdentityResolver {
if schemeID == "aws.auth#sigv4" {
return getSigV4IdentityResolver(o)
}
if schemeID == "smithy.api#noAuth" {
return &smithyauth.AnonymousIdentityResolver{}
}
return nil
}
// WithAPIOptions returns a functional option for setting the Client's APIOptions
// option.
func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
return func(o *Options) {
o.APIOptions = append(o.APIOptions, optFns...)
}
}
// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
// this field will likely prevent you from using any endpoint-related service
// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
// To migrate an EndpointResolver implementation that uses a custom endpoint, set
// the client option BaseEndpoint instead.
func WithEndpointResolver(v EndpointResolver) func(*Options) {
return func(o *Options) {
o.EndpointResolver = v
}
}
// WithEndpointResolverV2 returns a functional option for setting the Client's
// EndpointResolverV2 option.
func WithEndpointResolverV2(v EndpointResolverV2) func(*Options) {
return func(o *Options) {
o.EndpointResolverV2 = v
}
}
func getSigV4IdentityResolver(o Options) smithyauth.IdentityResolver {
if o.Credentials != nil {
return &internalauthsmithy.CredentialsProviderAdapter{Provider: o.Credentials}
}
return nil
}
// WithSigV4SigningName applies an override to the authentication workflow to
// use the given signing name for SigV4-authenticated operations.
//
// This is an advanced setting. The value here is FINAL, taking precedence over
// the resolved signing name from both auth scheme resolution and endpoint
// resolution.
func WithSigV4SigningName(name string) func(*Options) {
fn := func(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) (
out middleware.InitializeOutput, metadata middleware.Metadata, err error,
) {
return next.HandleInitialize(awsmiddleware.SetSigningName(ctx, name), in)
}
return func(o *Options) {
o.APIOptions = append(o.APIOptions, func(s *middleware.Stack) error {
return s.Initialize.Add(
middleware.InitializeMiddlewareFunc("withSigV4SigningName", fn),
middleware.Before,
)
})
}
}
// WithSigV4SigningRegion applies an override to the authentication workflow to
// use the given signing region for SigV4-authenticated operations.
//
// This is an advanced setting. The value here is FINAL, taking precedence over
// the resolved signing region from both auth scheme resolution and endpoint
// resolution.
func WithSigV4SigningRegion(region string) func(*Options) {
fn := func(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) (
out middleware.InitializeOutput, metadata middleware.Metadata, err error,
) {
return next.HandleInitialize(awsmiddleware.SetSigningRegion(ctx, region), in)
}
return func(o *Options) {
o.APIOptions = append(o.APIOptions, func(s *middleware.Stack) error {
return s.Initialize.Add(
middleware.InitializeMiddlewareFunc("withSigV4SigningRegion", fn),
middleware.Before,
)
})
}
}
func ignoreAnonymousAuth(options *Options) {
if _, ok := options.Credentials.(aws.AnonymousCredentials); ok {
options.Credentials = nil
}
}

View File

@ -89,13 +89,17 @@ type PolicyDescriptorType struct {
noSmithyDocumentSerde
}
// Reserved for future use.
// Contains information about the provided context. This includes the signed and
// encrypted trusted context assertion and the context provider ARN from which the
// trusted context assertion was generated.
type ProvidedContext struct {
// Reserved for future use.
// The signed and encrypted trusted context assertion generated by the context
// provider. The trusted context assertion is signed and encrypted by Amazon Web
// Services STS.
ContextAssertion *string
// Reserved for future use.
// The context provider ARN from which the trusted context assertion was generated.
ProviderArn *string
noSmithyDocumentSerde

View File

@ -31,6 +31,8 @@ package endpointcreds
import (
"encoding/json"
"fmt"
"strings"
"time"
"github.com/aws/aws-sdk-go/aws"
@ -69,7 +71,37 @@ type Provider struct {
// Optional authorization token value if set will be used as the value of
// the Authorization header of the endpoint credential request.
//
// When constructed from environment, the provider will use the value of
// AWS_CONTAINER_AUTHORIZATION_TOKEN environment variable as the token
//
// Will be overridden if AuthorizationTokenProvider is configured
AuthorizationToken string
// Optional auth provider func to dynamically load the auth token from a file
// everytime a credential is retrieved
//
// When constructed from environment, the provider will read and use the content
// of the file pointed to by AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variable
// as the auth token everytime credentials are retrieved
//
// Will override AuthorizationToken if configured
AuthorizationTokenProvider AuthTokenProvider
}
// AuthTokenProvider defines an interface to dynamically load a value to be passed
// for the Authorization header of a credentials request.
type AuthTokenProvider interface {
GetToken() (string, error)
}
// TokenProviderFunc is a func type implementing AuthTokenProvider interface
// and enables customizing token provider behavior
type TokenProviderFunc func() (string, error)
// GetToken func retrieves auth token according to TokenProviderFunc implementation
func (p TokenProviderFunc) GetToken() (string, error) {
return p()
}
// NewProviderClient returns a credentials Provider for retrieving AWS credentials
@ -164,7 +196,20 @@ func (p *Provider) getCredentials(ctx aws.Context) (*getCredentialsOutput, error
req := p.Client.NewRequest(op, nil, out)
req.SetContext(ctx)
req.HTTPRequest.Header.Set("Accept", "application/json")
if authToken := p.AuthorizationToken; len(authToken) != 0 {
authToken := p.AuthorizationToken
var err error
if p.AuthorizationTokenProvider != nil {
authToken, err = p.AuthorizationTokenProvider.GetToken()
if err != nil {
return nil, fmt.Errorf("get authorization token: %v", err)
}
}
if strings.ContainsAny(authToken, "\r\n") {
return nil, fmt.Errorf("authorization token contains invalid newline sequence")
}
if len(authToken) != 0 {
req.HTTPRequest.Header.Set("Authorization", authToken)
}

View File

@ -9,6 +9,7 @@ package defaults
import (
"fmt"
"io/ioutil"
"net"
"net/http"
"net/url"
@ -115,9 +116,31 @@ func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Pro
const (
httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
httpProviderAuthFileEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE"
httpProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
)
// direct representation of the IPv4 address for the ECS container
// "169.254.170.2"
var ecsContainerIPv4 net.IP = []byte{
169, 254, 170, 2,
}
// direct representation of the IPv4 address for the EKS container
// "169.254.170.23"
var eksContainerIPv4 net.IP = []byte{
169, 254, 170, 23,
}
// direct representation of the IPv6 address for the EKS container
// "fd00:ec2::23"
var eksContainerIPv6 net.IP = []byte{
0xFD, 0, 0xE, 0xC2,
0, 0, 0, 0,
0, 0, 0, 0,
0, 0, 0, 0x23,
}
// RemoteCredProvider returns a credentials provider for the default remote
// endpoints such as EC2 or ECS Roles.
func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider {
@ -135,19 +158,22 @@ func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.P
var lookupHostFn = net.LookupHost
func isLoopbackHost(host string) (bool, error) {
ip := net.ParseIP(host)
if ip != nil {
return ip.IsLoopback(), nil
// isAllowedHost allows host to be loopback or known ECS/EKS container IPs
//
// host can either be an IP address OR an unresolved hostname - resolution will
// be automatically performed in the latter case
func isAllowedHost(host string) (bool, error) {
if ip := net.ParseIP(host); ip != nil {
return isIPAllowed(ip), nil
}
// Host is not an ip, perform lookup
addrs, err := lookupHostFn(host)
if err != nil {
return false, err
}
for _, addr := range addrs {
if !net.ParseIP(addr).IsLoopback() {
if ip := net.ParseIP(addr); ip == nil || !isIPAllowed(ip) {
return false, nil
}
}
@ -155,6 +181,13 @@ func isLoopbackHost(host string) (bool, error) {
return true, nil
}
func isIPAllowed(ip net.IP) bool {
return ip.IsLoopback() ||
ip.Equal(ecsContainerIPv4) ||
ip.Equal(eksContainerIPv4) ||
ip.Equal(eksContainerIPv6)
}
func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider {
var errMsg string
@ -165,10 +198,12 @@ func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string)
host := aws.URLHostname(parsed)
if len(host) == 0 {
errMsg = "unable to parse host from local HTTP cred provider URL"
} else if isLoopback, loopbackErr := isLoopbackHost(host); loopbackErr != nil {
errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, loopbackErr)
} else if !isLoopback {
errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback hosts are allowed.", host)
} else if parsed.Scheme == "http" {
if isAllowedHost, allowHostErr := isAllowedHost(host); allowHostErr != nil {
errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, allowHostErr)
} else if !isAllowedHost {
errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback/ecs/eks hosts are allowed.", host)
}
}
}
@ -190,6 +225,15 @@ func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) crede
func(p *endpointcreds.Provider) {
p.ExpiryWindow = 5 * time.Minute
p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar)
if authFilePath := os.Getenv(httpProviderAuthFileEnvVar); authFilePath != "" {
p.AuthorizationTokenProvider = endpointcreds.TokenProviderFunc(func() (string, error) {
if contents, err := ioutil.ReadFile(authFilePath); err != nil {
return "", fmt.Errorf("failed to read authorization token from %v: %v", authFilePath, err)
} else {
return string(contents), nil
}
})
}
},
)
}

View File

@ -3977,6 +3977,12 @@ var awsPartition = partition{
endpointKey{
Region: "ca-central-1",
}: endpoint{},
endpointKey{
Region: "ca-central-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "autoscaling-fips.ca-central-1.amazonaws.com",
},
endpointKey{
Region: "eu-central-1",
}: endpoint{},
@ -4001,6 +4007,51 @@ var awsPartition = partition{
endpointKey{
Region: "eu-west-3",
}: endpoint{},
endpointKey{
Region: "fips-ca-central-1",
}: endpoint{
Hostname: "autoscaling-fips.ca-central-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "ca-central-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-east-1",
}: endpoint{
Hostname: "autoscaling-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-east-2",
}: endpoint{
Hostname: "autoscaling-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-2",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-west-1",
}: endpoint{
Hostname: "autoscaling-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-west-2",
}: endpoint{
Hostname: "autoscaling-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "il-central-1",
}: endpoint{},
@ -4016,15 +4067,39 @@ var awsPartition = partition{
endpointKey{
Region: "us-east-1",
}: endpoint{},
endpointKey{
Region: "us-east-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "autoscaling-fips.us-east-1.amazonaws.com",
},
endpointKey{
Region: "us-east-2",
}: endpoint{},
endpointKey{
Region: "us-east-2",
Variant: fipsVariant,
}: endpoint{
Hostname: "autoscaling-fips.us-east-2.amazonaws.com",
},
endpointKey{
Region: "us-west-1",
}: endpoint{},
endpointKey{
Region: "us-west-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "autoscaling-fips.us-west-1.amazonaws.com",
},
endpointKey{
Region: "us-west-2",
}: endpoint{},
endpointKey{
Region: "us-west-2",
Variant: fipsVariant,
}: endpoint{
Hostname: "autoscaling-fips.us-west-2.amazonaws.com",
},
},
},
"autoscaling-plans": service{
@ -6229,6 +6304,12 @@ var awsPartition = partition{
endpointKey{
Region: "ap-southeast-2",
}: endpoint{},
endpointKey{
Region: "ap-southeast-3",
}: endpoint{},
endpointKey{
Region: "ap-southeast-4",
}: endpoint{},
endpointKey{
Region: "ca-central-1",
}: endpoint{},
@ -6250,6 +6331,9 @@ var awsPartition = partition{
endpointKey{
Region: "eu-south-1",
}: endpoint{},
endpointKey{
Region: "eu-south-2",
}: endpoint{},
endpointKey{
Region: "eu-west-1",
}: endpoint{},
@ -6304,6 +6388,9 @@ var awsPartition = partition{
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "il-central-1",
}: endpoint{},
endpointKey{
Region: "me-central-1",
}: endpoint{},
@ -7002,6 +7089,14 @@ var awsPartition = partition{
Region: "ap-south-1",
},
},
endpointKey{
Region: "ap-south-2",
}: endpoint{
Hostname: "compute-optimizer.ap-south-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "ap-south-2",
},
},
endpointKey{
Region: "ap-southeast-1",
}: endpoint{
@ -7018,6 +7113,22 @@ var awsPartition = partition{
Region: "ap-southeast-2",
},
},
endpointKey{
Region: "ap-southeast-3",
}: endpoint{
Hostname: "compute-optimizer.ap-southeast-3.amazonaws.com",
CredentialScope: credentialScope{
Region: "ap-southeast-3",
},
},
endpointKey{
Region: "ap-southeast-4",
}: endpoint{
Hostname: "compute-optimizer.ap-southeast-4.amazonaws.com",
CredentialScope: credentialScope{
Region: "ap-southeast-4",
},
},
endpointKey{
Region: "ca-central-1",
}: endpoint{
@ -7034,6 +7145,14 @@ var awsPartition = partition{
Region: "eu-central-1",
},
},
endpointKey{
Region: "eu-central-2",
}: endpoint{
Hostname: "compute-optimizer.eu-central-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "eu-central-2",
},
},
endpointKey{
Region: "eu-north-1",
}: endpoint{
@ -7050,6 +7169,14 @@ var awsPartition = partition{
Region: "eu-south-1",
},
},
endpointKey{
Region: "eu-south-2",
}: endpoint{
Hostname: "compute-optimizer.eu-south-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "eu-south-2",
},
},
endpointKey{
Region: "eu-west-1",
}: endpoint{
@ -7074,6 +7201,22 @@ var awsPartition = partition{
Region: "eu-west-3",
},
},
endpointKey{
Region: "il-central-1",
}: endpoint{
Hostname: "compute-optimizer.il-central-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "il-central-1",
},
},
endpointKey{
Region: "me-central-1",
}: endpoint{
Hostname: "compute-optimizer.me-central-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "me-central-1",
},
},
endpointKey{
Region: "me-south-1",
}: endpoint{
@ -11722,6 +11865,9 @@ var awsPartition = partition{
},
"emr-serverless": service{
Endpoints: serviceEndpoints{
endpointKey{
Region: "af-south-1",
}: endpoint{},
endpointKey{
Region: "ap-east-1",
}: endpoint{},
@ -11731,6 +11877,9 @@ var awsPartition = partition{
endpointKey{
Region: "ap-northeast-2",
}: endpoint{},
endpointKey{
Region: "ap-northeast-3",
}: endpoint{},
endpointKey{
Region: "ap-south-1",
}: endpoint{},
@ -11740,6 +11889,9 @@ var awsPartition = partition{
endpointKey{
Region: "ap-southeast-2",
}: endpoint{},
endpointKey{
Region: "ap-southeast-3",
}: endpoint{},
endpointKey{
Region: "ca-central-1",
}: endpoint{},
@ -11755,6 +11907,9 @@ var awsPartition = partition{
endpointKey{
Region: "eu-north-1",
}: endpoint{},
endpointKey{
Region: "eu-south-1",
}: endpoint{},
endpointKey{
Region: "eu-west-1",
}: endpoint{},
@ -26583,6 +26738,9 @@ var awsPartition = partition{
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "il-central-1",
}: endpoint{},
endpointKey{
Region: "me-central-1",
}: endpoint{},
@ -35266,12 +35424,42 @@ var awsusgovPartition = partition{
},
"appconfigdata": service{
Endpoints: serviceEndpoints{
endpointKey{
Region: "fips-us-gov-east-1",
}: endpoint{
Hostname: "appconfigdata.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-east-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-gov-west-1",
}: endpoint{
Hostname: "appconfigdata.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-west-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "us-gov-east-1",
}: endpoint{},
endpointKey{
Region: "us-gov-east-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "appconfigdata.us-gov-east-1.amazonaws.com",
},
endpointKey{
Region: "us-gov-west-1",
}: endpoint{},
endpointKey{
Region: "us-gov-west-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "appconfigdata.us-gov-west-1.amazonaws.com",
},
},
},
"application-autoscaling": service{
@ -40134,20 +40322,40 @@ var awsusgovPartition = partition{
"simspaceweaver": service{
Endpoints: serviceEndpoints{
endpointKey{
Region: "us-gov-east-1",
Region: "fips-us-gov-east-1",
}: endpoint{
Hostname: "simspaceweaver.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-east-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "us-gov-west-1",
Region: "fips-us-gov-west-1",
}: endpoint{
Hostname: "simspaceweaver.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-west-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "us-gov-east-1",
}: endpoint{},
endpointKey{
Region: "us-gov-east-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "simspaceweaver.us-gov-east-1.amazonaws.com",
},
endpointKey{
Region: "us-gov-west-1",
}: endpoint{},
endpointKey{
Region: "us-gov-west-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "simspaceweaver.us-gov-west-1.amazonaws.com",
},
},
},
@ -40366,6 +40574,24 @@ var awsusgovPartition = partition{
Region: "us-gov-east-1",
},
},
endpointKey{
Region: "us-gov-east-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "sso.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-east-1",
},
},
endpointKey{
Region: "us-gov-east-1-fips",
}: endpoint{
Hostname: "sso.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-east-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "us-gov-west-1",
}: endpoint{
@ -40374,6 +40600,24 @@ var awsusgovPartition = partition{
Region: "us-gov-west-1",
},
},
endpointKey{
Region: "us-gov-west-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "sso.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-west-1",
},
},
endpointKey{
Region: "us-gov-west-1-fips",
}: endpoint{
Hostname: "sso.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-west-1",
},
Deprecated: boxedTrue,
},
},
},
"states": service{
@ -41405,6 +41649,9 @@ var awsisoPartition = partition{
endpointKey{
Region: "us-iso-east-1",
}: endpoint{},
endpointKey{
Region: "us-iso-west-1",
}: endpoint{},
},
},
"ec2": service{

View File

@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
const SDKVersion = "1.47.10"
const SDKVersion = "1.48.0"

View File

@ -56,9 +56,10 @@ func (c *SSOOIDC) CreateTokenRequest(input *CreateTokenInput) (req *request.Requ
// CreateToken API operation for AWS SSO OIDC.
//
// Creates and returns an access token for the authorized client. The access
// token issued will be used to fetch short-term credentials for the assigned
// roles in the AWS account.
// Creates and returns access and refresh tokens for clients that are authenticated
// using client secrets. The access token can be used to fetch short-term credentials
// for the assigned AWS accounts or to access application APIs using bearer
// authentication.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@ -133,6 +134,131 @@ func (c *SSOOIDC) CreateTokenWithContext(ctx aws.Context, input *CreateTokenInpu
return out, req.Send()
}
const opCreateTokenWithIAM = "CreateTokenWithIAM"
// CreateTokenWithIAMRequest generates a "aws/request.Request" representing the
// client's request for the CreateTokenWithIAM operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateTokenWithIAM for more information on using the CreateTokenWithIAM
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the CreateTokenWithIAMRequest method.
// req, resp := client.CreateTokenWithIAMRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM
func (c *SSOOIDC) CreateTokenWithIAMRequest(input *CreateTokenWithIAMInput) (req *request.Request, output *CreateTokenWithIAMOutput) {
op := &request.Operation{
Name: opCreateTokenWithIAM,
HTTPMethod: "POST",
HTTPPath: "/token?aws_iam=t",
}
if input == nil {
input = &CreateTokenWithIAMInput{}
}
output = &CreateTokenWithIAMOutput{}
req = c.newRequest(op, input, output)
return
}
// CreateTokenWithIAM API operation for AWS SSO OIDC.
//
// Creates and returns access and refresh tokens for clients and applications
// that are authenticated using IAM entities. The access token can be used to
// fetch short-term credentials for the assigned AWS accounts or to access application
// APIs using bearer authentication.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS SSO OIDC's
// API operation CreateTokenWithIAM for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// Indicates that something is wrong with the input to the request. For example,
// a required parameter might be missing or out of range.
//
// - InvalidClientException
// Indicates that the clientId or clientSecret in the request is invalid. For
// example, this can occur when a client sends an incorrect clientId or an expired
// clientSecret.
//
// - InvalidGrantException
// Indicates that a request contains an invalid grant. This can occur if a client
// makes a CreateToken request with an invalid grant type.
//
// - UnauthorizedClientException
// Indicates that the client is not currently authorized to make the request.
// This can happen when a clientId is not issued for a public client.
//
// - UnsupportedGrantTypeException
// Indicates that the grant type in the request is not supported by the service.
//
// - InvalidScopeException
// Indicates that the scope provided in the request is invalid.
//
// - AuthorizationPendingException
// Indicates that a request to authorize a client with an access user session
// token is pending.
//
// - SlowDownException
// Indicates that the client is making the request too frequently and is more
// than the service can handle.
//
// - AccessDeniedException
// You do not have sufficient access to perform this action.
//
// - ExpiredTokenException
// Indicates that the token issued by the service is expired and is no longer
// valid.
//
// - InternalServerException
// Indicates that an error from the service occurred while trying to process
// a request.
//
// - InvalidRequestRegionException
// Indicates that a token provided as input to the request was issued by and
// is only usable by calling IAM Identity Center endpoints in another region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM
func (c *SSOOIDC) CreateTokenWithIAM(input *CreateTokenWithIAMInput) (*CreateTokenWithIAMOutput, error) {
req, out := c.CreateTokenWithIAMRequest(input)
return out, req.Send()
}
// CreateTokenWithIAMWithContext is the same as CreateTokenWithIAM with the addition of
// the ability to pass a context and additional request options.
//
// See CreateTokenWithIAM for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *SSOOIDC) CreateTokenWithIAMWithContext(ctx aws.Context, input *CreateTokenWithIAMInput, opts ...request.Option) (*CreateTokenWithIAMOutput, error) {
req, out := c.CreateTokenWithIAMRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opRegisterClient = "RegisterClient"
// RegisterClientRequest generates a "aws/request.Request" representing the
@ -331,8 +457,11 @@ type AccessDeniedException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be access_denied.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -400,8 +529,11 @@ type AuthorizationPendingException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be authorization_pending.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -466,8 +598,8 @@ func (s *AuthorizationPendingException) RequestID() string {
type CreateTokenInput struct {
_ struct{} `type:"structure"`
// The unique identifier string for each client. This value should come from
// the persisted result of the RegisterClient API.
// The unique identifier string for the client or application. This value comes
// from the result of the RegisterClient API.
//
// ClientId is a required field
ClientId *string `locationName:"clientId" type:"string" required:"true"`
@ -475,23 +607,30 @@ type CreateTokenInput struct {
// A secret string generated for the client. This value should come from the
// persisted result of the RegisterClient API.
//
// ClientSecret is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenInput's
// String and GoString methods.
//
// ClientSecret is a required field
ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"`
ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"`
// The authorization code received from the authorization service. This parameter
// is required to perform an authorization grant request to get access to a
// token.
// Used only when calling this API for the Authorization Code grant type. The
// short-term code is used to identify this authorization request. This grant
// type is currently unsupported for the CreateToken API.
Code *string `locationName:"code" type:"string"`
// Used only when calling this API for the device code grant type. This short-term
// code is used to identify this authentication attempt. This should come from
// an in-memory reference to the result of the StartDeviceAuthorization API.
// Used only when calling this API for the Device Code grant type. This short-term
// code is used to identify this authorization request. This comes from the
// result of the StartDeviceAuthorization API.
DeviceCode *string `locationName:"deviceCode" type:"string"`
// Supports grant types for the authorization code, refresh token, and device
// code request. For device code requests, specify the following value:
// Supports the following OAuth grant types: Device Code and Refresh Token.
// Specify either of the following values, depending on the grant type that
// you want:
//
// urn:ietf:params:oauth:grant-type:device_code
// * Device Code - urn:ietf:params:oauth:grant-type:device_code
//
// * Refresh Token - refresh_token
//
// For information about how to obtain the device code, see the StartDeviceAuthorization
// topic.
@ -499,21 +638,28 @@ type CreateTokenInput struct {
// GrantType is a required field
GrantType *string `locationName:"grantType" type:"string" required:"true"`
// The location of the application that will receive the authorization code.
// Users authorize the service to send the request to this location.
// Used only when calling this API for the Authorization Code grant type. This
// value specifies the location of the client or application that has registered
// to receive the authorization code.
RedirectUri *string `locationName:"redirectUri" type:"string"`
// Currently, refreshToken is not yet implemented and is not supported. For
// more information about the features and limitations of the current IAM Identity
// Center OIDC implementation, see Considerations for Using this Guide in the
// IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
// Used only when calling this API for the Refresh Token grant type. This token
// is used to refresh short-term tokens, such as the access token, that might
// expire.
//
// The token used to obtain an access token in the event that the access token
// is invalid or expired.
RefreshToken *string `locationName:"refreshToken" type:"string"`
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide
// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// RefreshToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenInput's
// String and GoString methods.
RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
// The list of scopes that is defined by the client. Upon authorization, this
// list is used to restrict permissions when granting an access token.
// The list of scopes for which authorization is requested. The access token
// that is issued is limited to the scopes that are granted. If this value is
// not specified, IAM Identity Center authorizes all scopes that are configured
// for the client during the call to RegisterClient.
Scope []*string `locationName:"scope" type:"list"`
}
@ -605,31 +751,43 @@ func (s *CreateTokenInput) SetScope(v []*string) *CreateTokenInput {
type CreateTokenOutput struct {
_ struct{} `type:"structure"`
// An opaque token to access IAM Identity Center resources assigned to a user.
AccessToken *string `locationName:"accessToken" type:"string"`
// A bearer token to access AWS accounts and applications assigned to a user.
//
// AccessToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenOutput's
// String and GoString methods.
AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"`
// Indicates the time in seconds when an access token will expire.
ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`
// Currently, idToken is not yet implemented and is not supported. For more
// information about the features and limitations of the current IAM Identity
// Center OIDC implementation, see Considerations for Using this Guide in the
// IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
// The idToken is not implemented or supported. For more information about the
// features and limitations of the current IAM Identity Center OIDC implementation,
// see Considerations for Using this Guide in the IAM Identity Center OIDC API
// Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// The identifier of the user that associated with the access token, if present.
IdToken *string `locationName:"idToken" type:"string"`
// A JSON Web Token (JWT) that identifies who is associated with the issued
// access token.
//
// IdToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenOutput's
// String and GoString methods.
IdToken *string `locationName:"idToken" type:"string" sensitive:"true"`
// Currently, refreshToken is not yet implemented and is not supported. For
// more information about the features and limitations of the current IAM Identity
// Center OIDC implementation, see Considerations for Using this Guide in the
// IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// A token that, if present, can be used to refresh a previously issued access
// token that might have expired.
RefreshToken *string `locationName:"refreshToken" type:"string"`
//
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide
// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// RefreshToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenOutput's
// String and GoString methods.
RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
// Used to notify the client that the returned token is an access token. The
// supported type is BearerToken.
// supported token type is Bearer.
TokenType *string `locationName:"tokenType" type:"string"`
}
@ -681,14 +839,312 @@ func (s *CreateTokenOutput) SetTokenType(v string) *CreateTokenOutput {
return s
}
type CreateTokenWithIAMInput struct {
_ struct{} `type:"structure"`
// Used only when calling this API for the JWT Bearer grant type. This value
// specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize
// a trusted token issuer, configure the JWT Bearer GrantOptions for the application.
//
// Assertion is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
// String and GoString methods.
Assertion *string `locationName:"assertion" type:"string" sensitive:"true"`
// The unique identifier string for the client or application. This value is
// an application ARN that has OAuth grants configured.
//
// ClientId is a required field
ClientId *string `locationName:"clientId" type:"string" required:"true"`
// Used only when calling this API for the Authorization Code grant type. This
// short-term code is used to identify this authorization request. The code
// is obtained through a redirect from IAM Identity Center to a redirect URI
// persisted in the Authorization Code GrantOptions for the application.
Code *string `locationName:"code" type:"string"`
// Supports the following OAuth grant types: Authorization Code, Refresh Token,
// JWT Bearer, and Token Exchange. Specify one of the following values, depending
// on the grant type that you want:
//
// * Authorization Code - authorization_code
//
// * Refresh Token - refresh_token
//
// * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer
//
// * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange
//
// GrantType is a required field
GrantType *string `locationName:"grantType" type:"string" required:"true"`
// Used only when calling this API for the Authorization Code grant type. This
// value specifies the location of the client or application that has registered
// to receive the authorization code.
RedirectUri *string `locationName:"redirectUri" type:"string"`
// Used only when calling this API for the Refresh Token grant type. This token
// is used to refresh short-term tokens, such as the access token, that might
// expire.
//
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide
// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// RefreshToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
// String and GoString methods.
RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
// Used only when calling this API for the Token Exchange grant type. This value
// specifies the type of token that the requester can receive. The following
// values are supported:
//
// * Access Token - urn:ietf:params:oauth:token-type:access_token
//
// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
RequestedTokenType *string `locationName:"requestedTokenType" type:"string"`
// The list of scopes for which authorization is requested. The access token
// that is issued is limited to the scopes that are granted. If the value is
// not specified, IAM Identity Center authorizes all scopes configured for the
// application, including the following default scopes: openid, aws, sts:identity_context.
Scope []*string `locationName:"scope" type:"list"`
// Used only when calling this API for the Token Exchange grant type. This value
// specifies the subject of the exchange. The value of the subject token must
// be an access token issued by IAM Identity Center to a different client or
// application. The access token must have authorized scopes that indicate the
// requested application as a target audience.
//
// SubjectToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
// String and GoString methods.
SubjectToken *string `locationName:"subjectToken" type:"string" sensitive:"true"`
// Used only when calling this API for the Token Exchange grant type. This value
// specifies the type of token that is passed as the subject of the exchange.
// The following value is supported:
//
// * Access Token - urn:ietf:params:oauth:token-type:access_token
SubjectTokenType *string `locationName:"subjectTokenType" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTokenWithIAMInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTokenWithIAMInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateTokenWithIAMInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "CreateTokenWithIAMInput"}
if s.ClientId == nil {
invalidParams.Add(request.NewErrParamRequired("ClientId"))
}
if s.GrantType == nil {
invalidParams.Add(request.NewErrParamRequired("GrantType"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAssertion sets the Assertion field's value.
func (s *CreateTokenWithIAMInput) SetAssertion(v string) *CreateTokenWithIAMInput {
s.Assertion = &v
return s
}
// SetClientId sets the ClientId field's value.
func (s *CreateTokenWithIAMInput) SetClientId(v string) *CreateTokenWithIAMInput {
s.ClientId = &v
return s
}
// SetCode sets the Code field's value.
func (s *CreateTokenWithIAMInput) SetCode(v string) *CreateTokenWithIAMInput {
s.Code = &v
return s
}
// SetGrantType sets the GrantType field's value.
func (s *CreateTokenWithIAMInput) SetGrantType(v string) *CreateTokenWithIAMInput {
s.GrantType = &v
return s
}
// SetRedirectUri sets the RedirectUri field's value.
func (s *CreateTokenWithIAMInput) SetRedirectUri(v string) *CreateTokenWithIAMInput {
s.RedirectUri = &v
return s
}
// SetRefreshToken sets the RefreshToken field's value.
func (s *CreateTokenWithIAMInput) SetRefreshToken(v string) *CreateTokenWithIAMInput {
s.RefreshToken = &v
return s
}
// SetRequestedTokenType sets the RequestedTokenType field's value.
func (s *CreateTokenWithIAMInput) SetRequestedTokenType(v string) *CreateTokenWithIAMInput {
s.RequestedTokenType = &v
return s
}
// SetScope sets the Scope field's value.
func (s *CreateTokenWithIAMInput) SetScope(v []*string) *CreateTokenWithIAMInput {
s.Scope = v
return s
}
// SetSubjectToken sets the SubjectToken field's value.
func (s *CreateTokenWithIAMInput) SetSubjectToken(v string) *CreateTokenWithIAMInput {
s.SubjectToken = &v
return s
}
// SetSubjectTokenType sets the SubjectTokenType field's value.
func (s *CreateTokenWithIAMInput) SetSubjectTokenType(v string) *CreateTokenWithIAMInput {
s.SubjectTokenType = &v
return s
}
type CreateTokenWithIAMOutput struct {
_ struct{} `type:"structure"`
// A bearer token to access AWS accounts and applications assigned to a user.
//
// AccessToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
// String and GoString methods.
AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"`
// Indicates the time in seconds when an access token will expire.
ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`
// A JSON Web Token (JWT) that identifies the user associated with the issued
// access token.
//
// IdToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
// String and GoString methods.
IdToken *string `locationName:"idToken" type:"string" sensitive:"true"`
// Indicates the type of tokens that are issued by IAM Identity Center. The
// following values are supported:
//
// * Access Token - urn:ietf:params:oauth:token-type:access_token
//
// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
IssuedTokenType *string `locationName:"issuedTokenType" type:"string"`
// A token that, if present, can be used to refresh a previously issued access
// token that might have expired.
//
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide
// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// RefreshToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
// String and GoString methods.
RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
// The list of scopes for which authorization is granted. The access token that
// is issued is limited to the scopes that are granted.
Scope []*string `locationName:"scope" type:"list"`
// Used to notify the requester that the returned token is an access token.
// The supported token type is Bearer.
TokenType *string `locationName:"tokenType" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTokenWithIAMOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTokenWithIAMOutput) GoString() string {
return s.String()
}
// SetAccessToken sets the AccessToken field's value.
func (s *CreateTokenWithIAMOutput) SetAccessToken(v string) *CreateTokenWithIAMOutput {
s.AccessToken = &v
return s
}
// SetExpiresIn sets the ExpiresIn field's value.
func (s *CreateTokenWithIAMOutput) SetExpiresIn(v int64) *CreateTokenWithIAMOutput {
s.ExpiresIn = &v
return s
}
// SetIdToken sets the IdToken field's value.
func (s *CreateTokenWithIAMOutput) SetIdToken(v string) *CreateTokenWithIAMOutput {
s.IdToken = &v
return s
}
// SetIssuedTokenType sets the IssuedTokenType field's value.
func (s *CreateTokenWithIAMOutput) SetIssuedTokenType(v string) *CreateTokenWithIAMOutput {
s.IssuedTokenType = &v
return s
}
// SetRefreshToken sets the RefreshToken field's value.
func (s *CreateTokenWithIAMOutput) SetRefreshToken(v string) *CreateTokenWithIAMOutput {
s.RefreshToken = &v
return s
}
// SetScope sets the Scope field's value.
func (s *CreateTokenWithIAMOutput) SetScope(v []*string) *CreateTokenWithIAMOutput {
s.Scope = v
return s
}
// SetTokenType sets the TokenType field's value.
func (s *CreateTokenWithIAMOutput) SetTokenType(v string) *CreateTokenWithIAMOutput {
s.TokenType = &v
return s
}
// Indicates that the token issued by the service is expired and is no longer
// valid.
type ExpiredTokenException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be expired_token.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -756,8 +1212,11 @@ type InternalServerException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be server_error.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -826,8 +1285,11 @@ type InvalidClientException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_client.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -895,8 +1357,11 @@ type InvalidClientMetadataException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_client_metadata.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -964,8 +1429,11 @@ type InvalidGrantException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_grant.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -1033,8 +1501,11 @@ type InvalidRequestException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_request.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -1096,13 +1567,95 @@ func (s *InvalidRequestException) RequestID() string {
return s.RespMetadata.RequestID
}
// Indicates that a token provided as input to the request was issued by and
// is only usable by calling IAM Identity Center endpoints in another region.
type InvalidRequestRegionException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Indicates the IAM Identity Center endpoint which the requester may call with
// this token.
Endpoint *string `locationName:"endpoint" type:"string"`
// Single error code. For this exception the value will be invalid_request.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
// Indicates the region which the requester may call with this token.
Region *string `locationName:"region" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidRequestRegionException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidRequestRegionException) GoString() string {
return s.String()
}
func newErrorInvalidRequestRegionException(v protocol.ResponseMetadata) error {
return &InvalidRequestRegionException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *InvalidRequestRegionException) Code() string {
return "InvalidRequestRegionException"
}
// Message returns the exception's message.
func (s *InvalidRequestRegionException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InvalidRequestRegionException) OrigErr() error {
return nil
}
func (s *InvalidRequestRegionException) Error() string {
return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}
// Status code returns the HTTP status code for the request's response error.
func (s *InvalidRequestRegionException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *InvalidRequestRegionException) RequestID() string {
return s.RespMetadata.RequestID
}
// Indicates that the scope provided in the request is invalid.
type InvalidScopeException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_scope.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -1238,7 +1791,7 @@ func (s *RegisterClientInput) SetScopes(v []*string) *RegisterClientInput {
type RegisterClientOutput struct {
_ struct{} `type:"structure"`
// The endpoint where the client can request authorization.
// An endpoint that the client can use to request authorization.
AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"`
// The unique identifier string for each client. This client uses this identifier
@ -1250,12 +1803,16 @@ type RegisterClientOutput struct {
// A secret string generated for the client. The client will use this string
// to get authenticated by the service in subsequent calls.
ClientSecret *string `locationName:"clientSecret" type:"string"`
//
// ClientSecret is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by RegisterClientOutput's
// String and GoString methods.
ClientSecret *string `locationName:"clientSecret" type:"string" sensitive:"true"`
// Indicates the time at which the clientId and clientSecret will become invalid.
ClientSecretExpiresAt *int64 `locationName:"clientSecretExpiresAt" type:"long"`
// The endpoint where the client can get an access token.
// An endpoint that the client can use to create tokens.
TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"`
}
@ -1319,8 +1876,11 @@ type SlowDownException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be slow_down.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -1395,11 +1955,15 @@ type StartDeviceAuthorizationInput struct {
// A secret string that is generated for the client. This value should come
// from the persisted result of the RegisterClient API operation.
//
// ClientSecret is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by StartDeviceAuthorizationInput's
// String and GoString methods.
//
// ClientSecret is a required field
ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"`
ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"`
// The URL for the AWS access portal. For more information, see Using the AWS
// access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
// The URL for the Amazon Web Services access portal. For more information,
// see Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
// in the IAM Identity Center User Guide.
//
// StartUrl is a required field
@ -1550,8 +2114,11 @@ type UnauthorizedClientException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be unauthorized_client.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -1618,8 +2185,11 @@ type UnsupportedGrantTypeException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be unsupported_grant_type.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`

View File

@ -3,15 +3,13 @@
// Package ssooidc provides the client and types for making API
// requests to AWS SSO OIDC.
//
// AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect
// (OIDC) is a web service that enables a client (such as AWS CLI or a native
// application) to register with IAM Identity Center. The service also enables
// the client to fetch the users access token upon successful authentication
// and authorization with IAM Identity Center.
// IAM Identity Center OpenID Connect (OIDC) is a web service that enables a
// client (such as CLI or a native application) to register with IAM Identity
// Center. The service also enables the client to fetch the users access
// token upon successful authentication and authorization with IAM Identity
// Center.
//
// Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces
// will continue to retain their original name for backward compatibility purposes.
// For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).
// IAM Identity Center uses the sso and identitystore API namespaces.
//
// # Considerations for Using This Guide
//
@ -22,21 +20,24 @@
// - The IAM Identity Center OIDC service currently implements only the portions
// of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628
// (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single
// sign-on authentication with the AWS CLI. Support for other OIDC flows
// frequently needed for native applications, such as Authorization Code
// Flow (+ PKCE), will be addressed in future releases.
// sign-on authentication with the CLI.
//
// - The service emits only OIDC access tokens, such that obtaining a new
// token (For example, token refresh) requires explicit user re-authentication.
// - With older versions of the CLI, the service only emits OIDC access tokens,
// so to obtain a new token, users must explicitly re-authenticate. To access
// the OIDC flow that supports token refresh and doesnt require re-authentication,
// update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI
// V2) with support for OIDC token refresh and configurable IAM Identity
// Center session durations. For more information, see Configure Amazon Web
// Services access portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html).
//
// - The access tokens provided by this service grant access to all AWS account
// entitlements assigned to an IAM Identity Center user, not just a particular
// application.
// - The access tokens provided by this service grant access to all Amazon
// Web Services account entitlements assigned to an IAM Identity Center user,
// not just a particular application.
//
// - The documentation in this guide does not describe the mechanism to convert
// the access token into AWS Auth (“sigv4”) credentials for use with
// IAM-protected AWS service endpoints. For more information, see GetRoleCredentials
// (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
// the access token into Amazon Web Services Auth (“sigv4”) credentials
// for use with IAM-protected Amazon Web Services service endpoints. For
// more information, see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
// in the IAM Identity Center Portal API Reference Guide.
//
// For general information about IAM Identity Center, see What is IAM Identity

View File

@ -64,6 +64,13 @@ const (
// a required parameter might be missing or out of range.
ErrCodeInvalidRequestException = "InvalidRequestException"
// ErrCodeInvalidRequestRegionException for service response error code
// "InvalidRequestRegionException".
//
// Indicates that a token provided as input to the request was issued by and
// is only usable by calling IAM Identity Center endpoints in another region.
ErrCodeInvalidRequestRegionException = "InvalidRequestRegionException"
// ErrCodeInvalidScopeException for service response error code
// "InvalidScopeException".
//
@ -100,6 +107,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
"InvalidClientMetadataException": newErrorInvalidClientMetadataException,
"InvalidGrantException": newErrorInvalidGrantException,
"InvalidRequestException": newErrorInvalidRequestException,
"InvalidRequestRegionException": newErrorInvalidRequestRegionException,
"InvalidScopeException": newErrorInvalidScopeException,
"SlowDownException": newErrorSlowDownException,
"UnauthorizedClientException": newErrorUnauthorizedClientException,

View File

@ -51,7 +51,7 @@ const (
func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC {
c := p.ClientConfig(EndpointsID, cfgs...)
if c.SigningNameDerived || len(c.SigningName) == 0 {
c.SigningName = "awsssooidc"
c.SigningName = "sso-oauth"
}
return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
}

View File

@ -1460,7 +1460,15 @@ type AssumeRoleInput struct {
// in the IAM User Guide.
PolicyArns []*PolicyDescriptorType `type:"list"`
// Reserved for future use.
// A list of previously acquired trusted context assertions in the format of
// a JSON array. The trusted context assertion is signed and encrypted by Amazon
// Web Services STS.
//
// The following is an example of a ProvidedContext value that includes a single
// trusted context assertion and the ARN of the context provider from which
// the trusted context assertion was generated.
//
// [{"ProviderArn":"arn:aws:iam::aws:contextProvider/identitycenter","ContextAssertion":"trusted-context-assertion"}]
ProvidedContexts []*ProvidedContext `type:"list"`
// The Amazon Resource Name (ARN) of the role to assume.
@ -3405,14 +3413,18 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType {
return s
}
// Reserved for future use.
// Contains information about the provided context. This includes the signed
// and encrypted trusted context assertion and the context provider ARN from
// which the trusted context assertion was generated.
type ProvidedContext struct {
_ struct{} `type:"structure"`
// Reserved for future use.
// The signed and encrypted trusted context assertion generated by the context
// provider. The trusted context assertion is signed and encrypted by Amazon
// Web Services STS.
ContextAssertion *string `min:"4" type:"string"`
// Reserved for future use.
// The context provider ARN from which the trusted context assertion was generated.
ProviderArn *string `min:"20" type:"string"`
}

View File

@ -1,3 +1,9 @@
# Release (2023-11-15)
## Module Highlights
* `github.com/aws/smithy-go`: v1.17.0
* **Feature**: Support identity/auth components of client reference architecture.
# Release (2023-10-31)
## Module Highlights

3
vendor/github.com/aws/smithy-go/auth/auth.go generated vendored Normal file
View File

@ -0,0 +1,3 @@
// Package auth defines protocol-agnostic authentication types for smithy
// clients.
package auth

47
vendor/github.com/aws/smithy-go/auth/identity.go generated vendored Normal file
View File

@ -0,0 +1,47 @@
package auth
import (
"context"
"time"
"github.com/aws/smithy-go"
)
// Identity contains information that identifies who the user making the
// request is.
type Identity interface {
Expiration() time.Time
}
// IdentityResolver defines the interface through which an Identity is
// retrieved.
type IdentityResolver interface {
GetIdentity(context.Context, smithy.Properties) (Identity, error)
}
// IdentityResolverOptions defines the interface through which an entity can be
// queried to retrieve an IdentityResolver for a given auth scheme.
type IdentityResolverOptions interface {
GetIdentityResolver(schemeID string) IdentityResolver
}
// AnonymousIdentity is a sentinel to indicate no identity.
type AnonymousIdentity struct{}
var _ Identity = (*AnonymousIdentity)(nil)
// Expiration returns the zero value for time, as anonymous identity never
// expires.
func (*AnonymousIdentity) Expiration() time.Time {
return time.Time{}
}
// AnonymousIdentityResolver returns AnonymousIdentity.
type AnonymousIdentityResolver struct{}
var _ IdentityResolver = (*AnonymousIdentityResolver)(nil)
// GetIdentity returns AnonymousIdentity.
func (*AnonymousIdentityResolver) GetIdentity(_ context.Context, _ smithy.Properties) (Identity, error) {
return &AnonymousIdentity{}, nil
}

25
vendor/github.com/aws/smithy-go/auth/option.go generated vendored Normal file
View File

@ -0,0 +1,25 @@
package auth
import "github.com/aws/smithy-go"
type (
authOptionsKey struct{}
)
// Option represents a possible authentication method for an operation.
type Option struct {
SchemeID string
IdentityProperties smithy.Properties
SignerProperties smithy.Properties
}
// GetAuthOptions gets auth Options from Properties.
func GetAuthOptions(p *smithy.Properties) ([]*Option, bool) {
v, ok := p.Get(authOptionsKey{}).([]*Option)
return v, ok
}
// SetAuthOptions sets auth Options on Properties.
func SetAuthOptions(p *smithy.Properties, options []*Option) {
p.Set(authOptionsKey{}, options)
}

20
vendor/github.com/aws/smithy-go/auth/scheme_id.go generated vendored Normal file
View File

@ -0,0 +1,20 @@
package auth
// Anonymous
const (
SchemeIDAnonymous = "smithy.api#noAuth"
)
// HTTP auth schemes
const (
SchemeIDHTTPBasic = "smithy.api#httpBasicAuth"
SchemeIDHTTPDigest = "smithy.api#httpDigestAuth"
SchemeIDHTTPBearer = "smithy.api#httpBearerAuth"
SchemeIDHTTPAPIKey = "smithy.api#httpApiKeyAuth"
)
// AWS auth schemes
const (
SchemeIDSigV4 = "aws.auth#sigv4"
SchemeIDSigV4A = "aws.auth#sigv4a"
)

View File

@ -3,4 +3,4 @@
package smithy
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.16.0"
const goModuleVersion = "1.17.0"

View File

@ -7,12 +7,10 @@ type PropertiesReader interface {
}
// Properties provides storing and reading metadata values. Keys may be any
// comparable value type. Get and set will panic if key is not a comparable
// value type.
// comparable value type. Get and Set will panic if a key is not comparable.
//
// Properties uses lazy initialization, and Set method must be called as an
// addressable value, or pointer. Not doing so may cause key/value pair to not
// be set.
// The zero value for a Properties instance is ready for reads/writes without
// any additional initialization.
type Properties struct {
values map[interface{}]interface{}
}
@ -22,21 +20,16 @@ type Properties struct {
//
// Panics if key type is not comparable.
func (m *Properties) Get(key interface{}) interface{} {
m.lazyInit()
return m.values[key]
}
// Set stores the value pointed to by the key. If a value already exists at
// that key it will be replaced with the new value.
//
// Set method must be called as an addressable value, or pointer. If Set is not
// called as an addressable value or pointer, the key value pair being set may
// be lost.
//
// Panics if the key type is not comparable.
func (m *Properties) Set(key, value interface{}) {
if m.values == nil {
m.values = map[interface{}]interface{}{}
}
m.lazyInit()
m.values[key] = value
}
@ -44,9 +37,26 @@ func (m *Properties) Set(key, value interface{}) {
//
// Panics if the key type is not comparable.
func (m *Properties) Has(key interface{}) bool {
if m.values == nil {
return false
}
m.lazyInit()
_, ok := m.values[key]
return ok
}
// SetAll accepts all of the given Properties into the receiver, overwriting
// any existing keys in the case of conflicts.
func (m *Properties) SetAll(other *Properties) {
if other.values == nil {
return
}
m.lazyInit()
for k, v := range other.values {
m.values[k] = v
}
}
func (m *Properties) lazyInit() {
if m.values == nil {
m.values = map[interface{}]interface{}{}
}
}

21
vendor/github.com/aws/smithy-go/transport/http/auth.go generated vendored Normal file
View File

@ -0,0 +1,21 @@
package http
import (
"context"
smithy "github.com/aws/smithy-go"
"github.com/aws/smithy-go/auth"
)
// AuthScheme defines an HTTP authentication scheme.
type AuthScheme interface {
SchemeID() string
IdentityResolver(auth.IdentityResolverOptions) auth.IdentityResolver
Signer() Signer
}
// Signer defines the interface through which HTTP requests are supplemented
// with an Identity.
type Signer interface {
SignRequest(context.Context, *Request, auth.Identity, smithy.Properties) error
}

View File

@ -0,0 +1,45 @@
package http
import (
"context"
smithy "github.com/aws/smithy-go"
"github.com/aws/smithy-go/auth"
)
// NewAnonymousScheme returns the anonymous HTTP auth scheme.
func NewAnonymousScheme() AuthScheme {
return &authScheme{
schemeID: auth.SchemeIDAnonymous,
signer: &nopSigner{},
}
}
// authScheme is parameterized to generically implement the exported AuthScheme
// interface
type authScheme struct {
schemeID string
signer Signer
}
var _ AuthScheme = (*authScheme)(nil)
func (s *authScheme) SchemeID() string {
return s.schemeID
}
func (s *authScheme) IdentityResolver(o auth.IdentityResolverOptions) auth.IdentityResolver {
return o.GetIdentityResolver(s.schemeID)
}
func (s *authScheme) Signer() Signer {
return s.signer
}
type nopSigner struct{}
var _ Signer = (*nopSigner)(nil)
func (*nopSigner) SignRequest(context.Context, *Request, auth.Identity, smithy.Properties) error {
return nil
}

View File

@ -0,0 +1,80 @@
package http
import smithy "github.com/aws/smithy-go"
type (
sigV4SigningNameKey struct{}
sigV4SigningRegionKey struct{}
sigV4ASigningNameKey struct{}
sigV4ASigningRegionsKey struct{}
isUnsignedPayloadKey struct{}
disableDoubleEncodingKey struct{}
)
// GetSigV4SigningName gets the signing name from Properties.
func GetSigV4SigningName(p *smithy.Properties) (string, bool) {
v, ok := p.Get(sigV4SigningNameKey{}).(string)
return v, ok
}
// SetSigV4SigningName sets the signing name on Properties.
func SetSigV4SigningName(p *smithy.Properties, name string) {
p.Set(sigV4SigningNameKey{}, name)
}
// GetSigV4SigningRegion gets the signing region from Properties.
func GetSigV4SigningRegion(p *smithy.Properties) (string, bool) {
v, ok := p.Get(sigV4SigningRegionKey{}).(string)
return v, ok
}
// SetSigV4SigningRegion sets the signing region on Properties.
func SetSigV4SigningRegion(p *smithy.Properties, region string) {
p.Set(sigV4SigningRegionKey{}, region)
}
// GetSigV4ASigningName gets the v4a signing name from Properties.
func GetSigV4ASigningName(p *smithy.Properties) (string, bool) {
v, ok := p.Get(sigV4ASigningNameKey{}).(string)
return v, ok
}
// SetSigV4ASigningName sets the signing name on Properties.
func SetSigV4ASigningName(p *smithy.Properties, name string) {
p.Set(sigV4ASigningNameKey{}, name)
}
// GetSigV4ASigningRegion gets the v4a signing region set from Properties.
func GetSigV4ASigningRegions(p *smithy.Properties) ([]string, bool) {
v, ok := p.Get(sigV4ASigningRegionsKey{}).([]string)
return v, ok
}
// SetSigV4ASigningRegions sets the v4a signing region set on Properties.
func SetSigV4ASigningRegions(p *smithy.Properties, regions []string) {
p.Set(sigV4ASigningRegionsKey{}, regions)
}
// GetIsUnsignedPayload gets whether the payload is unsigned from Properties.
func GetIsUnsignedPayload(p *smithy.Properties) (bool, bool) {
v, ok := p.Get(isUnsignedPayloadKey{}).(bool)
return v, ok
}
// SetIsUnsignedPayload sets whether the payload is unsigned on Properties.
func SetIsUnsignedPayload(p *smithy.Properties, isUnsignedPayload bool) {
p.Set(isUnsignedPayloadKey{}, isUnsignedPayload)
}
// GetDisableDoubleEncoding gets whether the payload is unsigned from Properties.
func GetDisableDoubleEncoding(p *smithy.Properties) (bool, bool) {
v, ok := p.Get(disableDoubleEncodingKey{}).(bool)
return v, ok
}
// SetDisableDoubleEncoding sets whether the payload is unsigned on Properties.
func SetDisableDoubleEncoding(p *smithy.Properties, disableDoubleEncoding bool) {
p.Set(disableDoubleEncodingKey{}, disableDoubleEncoding)
}

22
vendor/modules.txt vendored
View File

@ -17,7 +17,7 @@ github.com/antlr/antlr4/runtime/Go/antlr/v4
# github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
## explicit
github.com/asaskevich/govalidator
# github.com/aws/aws-sdk-go v1.47.10
# github.com/aws/aws-sdk-go v1.48.0
## explicit; go 1.19
github.com/aws/aws-sdk-go/aws
github.com/aws/aws-sdk-go/aws/auth/bearer
@ -62,7 +62,7 @@ github.com/aws/aws-sdk-go/service/sso/ssoiface
github.com/aws/aws-sdk-go/service/ssooidc
github.com/aws/aws-sdk-go/service/sts
github.com/aws/aws-sdk-go/service/sts/stsiface
# github.com/aws/aws-sdk-go-v2 v1.22.2
# github.com/aws/aws-sdk-go-v2 v1.23.0
## explicit; go 1.19
github.com/aws/aws-sdk-go-v2/aws
github.com/aws/aws-sdk-go-v2/aws/defaults
@ -75,29 +75,35 @@ github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4
github.com/aws/aws-sdk-go-v2/aws/signer/v4
github.com/aws/aws-sdk-go-v2/aws/transport/http
github.com/aws/aws-sdk-go-v2/internal/auth
github.com/aws/aws-sdk-go-v2/internal/auth/smithy
github.com/aws/aws-sdk-go-v2/internal/endpoints
github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn
github.com/aws/aws-sdk-go-v2/internal/rand
github.com/aws/aws-sdk-go-v2/internal/sdk
github.com/aws/aws-sdk-go-v2/internal/strings
github.com/aws/aws-sdk-go-v2/internal/sync/singleflight
github.com/aws/aws-sdk-go-v2/internal/timeconv
# github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.2
# github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3
## explicit; go 1.19
github.com/aws/aws-sdk-go-v2/internal/configsources
# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.2
# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3
## explicit; go 1.19
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.2
# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1
## explicit; go 1.19
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding
# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3
## explicit; go 1.19
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
# github.com/aws/aws-sdk-go-v2/service/sts v1.25.1
# github.com/aws/aws-sdk-go-v2/service/sts v1.25.3
## explicit; go 1.19
github.com/aws/aws-sdk-go-v2/service/sts
github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints
github.com/aws/aws-sdk-go-v2/service/sts/types
# github.com/aws/smithy-go v1.16.0
# github.com/aws/smithy-go v1.17.0
## explicit; go 1.19
github.com/aws/smithy-go
github.com/aws/smithy-go/auth
github.com/aws/smithy-go/auth/bearer
github.com/aws/smithy-go/context
github.com/aws/smithy-go/document
@ -1485,7 +1491,7 @@ k8s.io/kubectl/pkg/util/podutils
## explicit; go 1.20
k8s.io/kubelet/pkg/apis
k8s.io/kubelet/pkg/apis/stats/v1alpha1
# k8s.io/kubernetes v1.28.3
# k8s.io/kubernetes v1.28.4
## explicit; go 1.20
k8s.io/kubernetes/pkg/api/legacyscheme
k8s.io/kubernetes/pkg/api/service