mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 02:33:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

rebase: update packages in go.mod to latest releases

Browse Source 
updated few packages in go.mod to latest
available release.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
Madhu Rajanna
2021-06-04 14:29:18 +05:30
committed by mergify[bot]
parent 0f44c6acb7
commit fb7dc13dfe
590 changed files with 28243 additions and 6376 deletions
Download Patch File Download Diff File Expand all files Collapse all files

404
vendor/github.com/aws/aws-sdk-go/service/sts/api.go generated vendored
View File

@ -65,34 +65,6 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide.
//
// You cannot use AWS account root user credentials to call AssumeRole. You
// must use credentials for an IAM user or an IAM role to call AssumeRole.
//
// For cross-account access, imagine that you own multiple accounts and need
// to access resources in each account. You could create long-term credentials
// in each account to access those resources. However, managing all those credentials
// and remembering which one can access which account can be time consuming.
// Instead, you can create one set of long-term credentials in one account.
// Then use temporary security credentials to access all the other accounts
// by assuming roles in those accounts. For more information about roles, see
// IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html)
// in the IAM User Guide.
//
// Session Duration
//
// By default, the temporary security credentials created by AssumeRole last
// for one hour. However, you can use the optional DurationSeconds parameter
// to specify the duration of your session. You can provide a value from 900
// seconds (15 minutes) up to the maximum session duration setting for the role.
// This setting can have a value from 1 hour to 12 hours. To learn how to view
// the maximum value for your role, see View the Maximum Session Duration Setting
// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide. The maximum session duration limit applies when you
// use the AssumeRole* API operations or the assume-role* CLI commands. However
// the limit does not apply when you use those operations to create a console
// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
// in the IAM User Guide.
//
// Permissions
//
// The temporary security credentials created by AssumeRole can be used to make
@ -102,7 +74,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
// use as managed session policies. The plaintext that you use for both inline
// and managed session policies can't exceed 2,048 characters. Passing policies
// to this operation returns new temporary credentials. The resulting session's
// permissions are the intersection of the role's identity-based policy and
@ -308,6 +280,15 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
// in the IAM User Guide.
//
// Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
// limits your AWS CLI or AWS API role session to a maximum of one hour. When
// you use the AssumeRole API operation to assume a role, you can specify the
// duration of your role session with the DurationSeconds parameter. You can
// specify a parameter value of up to 43200 seconds (12 hours), depending on
// the maximum session duration setting for your role. However, if you assume
// a role using role chaining and provide a DurationSeconds parameter value
// greater than one hour, the operation fails.
//
// Permissions
//
// The temporary security credentials created by AssumeRoleWithSAML can be used
@ -317,7 +298,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
// use as managed session policies. The plaintext that you use for both inline
// and managed session policies can't exceed 2,048 characters. Passing policies
// to this operation returns new temporary credentials. The resulting session's
// permissions are the intersection of the role's identity-based policy and
@ -346,16 +327,16 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide.
//
// You can pass up to 50 session tags. The plain text session tag keys cant
// You can pass up to 50 session tags. The plaintext session tag keys cant
// exceed 128 characters and the values cant exceed 256 characters. For these
// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide.
//
// An AWS conversion compresses the passed session policies and session tags
// into a packed binary format that has a separate limit. Your request can fail
// for this limit even if your plain text meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit.
// for this limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags
// for your request are to the upper size limit.
//
// You can pass a session tag with the same key as a tag that is attached to
// the role. When you do, session tags override the role's tags with the same
@ -564,7 +545,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
// use as managed session policies. The plaintext that you use for both inline
// and managed session policies can't exceed 2,048 characters. Passing policies
// to this operation returns new temporary credentials. The resulting session's
// permissions are the intersection of the role's identity-based policy and
@ -583,16 +564,16 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide.
//
// You can pass up to 50 session tags. The plain text session tag keys cant
// You can pass up to 50 session tags. The plaintext session tag keys cant
// exceed 128 characters and the values cant exceed 256 characters. For these
// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide.
//
// An AWS conversion compresses the passed session policies and session tags
// into a packed binary format that has a separate limit. Your request can fail
// for this limit even if your plain text meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit.
// for this limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags
// for your request are to the upper size limit.
//
// You can pass a session tag with the same key as a tag that is attached to
// the role. When you do, the session tag overrides the role tag with the same
@ -619,7 +600,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
//
// Calling AssumeRoleWithWebIdentity can result in an entry in your AWS CloudTrail
// logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims)
// of the provided Web Identity Token. We recommend that you avoid using any
// of the provided web identity token. We recommend that you avoid using any
// personally identifiable information (PII) in this field. For example, you
// could instead use a GUID or a pairwise identifier, as suggested in the OIDC
// specification (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes).
@ -1108,6 +1089,70 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plaintext that you use for both inline
// and managed session policies can't exceed 2,048 characters.
//
// Though the session policy parameters are optional, if you do not pass a policy,
// then the resulting federated user session has no permissions. When you pass
// session policies, the session permissions are the intersection of the IAM
// user policies and the session policies that you pass. This gives you a way
// to further restrict the permissions for a federated user. You cannot use
// session policies to grant more permissions than those that are defined in
// the permissions policy of the IAM user. For more information, see Session
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. For information about using GetFederationToken to
// create temporary security credentials, see GetFederationToken—Federation
// Through a Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
//
// You can use the credentials to access a resource that has a resource-based
// policy. If that policy specifically references the federated user session
// in the Principal element of the policy, the session has the permissions allowed
// by the policy. These permissions are granted in addition to the permissions
// granted by the session policies.
//
// Tags
//
// (Optional) You can pass tag key-value pairs to your session. These are called
// session tags. For more information about session tags, see Passing Session
// Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide.
//
// You can create a mobile-based or browser-based app that can authenticate
// users using a web identity provider like Login with Amazon, Facebook, Google,
// or an OpenID Connect-compatible identity provider. In this case, we recommend
// that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity.
// For more information, see Federation Through a Web-based Identity Provider
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
// in the IAM User Guide.
//
// You can also call GetFederationToken using the security credentials of an
// AWS account root user, but we do not recommend it. Instead, we recommend
// that you create an IAM user for the purpose of the proxy application. Then
// attach a policy to the IAM user that limits federated users to only the actions
// and resources that they need to access. For more information, see IAM Best
// Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
// in the IAM User Guide.
//
// Session duration
//
// The temporary credentials are valid for the specified duration, from 900
// seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
// session duration is 43,200 seconds (12 hours). Temporary credentials that
// are obtained by using AWS account root user credentials have a maximum duration
// of 3,600 seconds (1 hour).
//
// Permissions
//
// You can use the temporary credentials created by GetFederationToken in any
// AWS service except the following:
//
// * You cannot call any IAM operations using the AWS CLI or the AWS API.
//
// * You cannot call any STS operations except GetCallerIdentity.
//
// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
// and managed session policies can't exceed 2,048 characters.
//
@ -1338,14 +1383,15 @@ func (c *STS) GetSessionTokenWithContext(ctx aws.Context, input *GetSessionToken
type AssumeRoleInput struct {
_ struct{} `type:"structure"`
// The duration, in seconds, of the role session. The value can range from 900
// seconds (15 minutes) up to the maximum session duration setting for the role.
// This setting can have a value from 1 hour to 12 hours. If you specify a value
// higher than this setting, the operation fails. For example, if you specify
// a session duration of 12 hours, but your administrator set the maximum session
// duration to 6 hours, your operation fails. To learn how to view the maximum
// value for your role, see View the Maximum Session Duration Setting for a
// Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// The duration, in seconds, of the role session. The value specified can can
// range from 900 seconds (15 minutes) up to the maximum session duration that
// is set for the role. The maximum session duration setting can have a value
// from 1 hour to 12 hours. If you specify a value higher than this setting
// or the administrator setting (whichever is lower), the operation fails. For
// example, if you specify a session duration of 12 hours, but your administrator
// set the maximum session duration to 6 hours, your operation fails. To learn
// how to view the maximum value for your role, see View the Maximum Session
// Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide.
//
// By default, the value is set to 3600 seconds.
@ -1387,17 +1433,17 @@ type AssumeRoleInput struct {
// that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
//
// The plain text that you use for both inline and managed session policies
// can't exceed 2,048 characters. The JSON policy characters can be any ASCII
// character from the space character to the end of the valid character list
// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
// and carriage return (\u000D) characters.
// The plaintext that you use for both inline and managed session policies can't
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
// from the space character to the end of the valid character list (\u0020 through
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
// return (\u000D) characters.
//
// An AWS conversion compresses the passed session policies and session tags
// into a packed binary format that has a separate limit. Your request can fail
// for this limit even if your plain text meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit.
// for this limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags
// for your request are to the upper size limit.
Policy *string `min:"1" type:"string"`
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
@ -1405,16 +1451,16 @@ type AssumeRoleInput struct {
// as the role.
//
// This parameter is optional. You can provide up to 10 managed policy ARNs.
// However, the plain text that you use for both inline and managed session
// policies can't exceed 2,048 characters. For more information about ARNs,
// see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// However, the plaintext that you use for both inline and managed session policies
// can't exceed 2,048 characters. For more information about ARNs, see Amazon
// Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// in the AWS General Reference.
//
// An AWS conversion compresses the passed session policies and session tags
// into a packed binary format that has a separate limit. Your request can fail
// for this limit even if your plain text meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit.
// for this limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags
// for your request are to the upper size limit.
//
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's identity-based
@ -1459,22 +1505,41 @@ type AssumeRoleInput struct {
// also include underscores or any of the following characters: =,.@-
SerialNumber *string `min:"9" type:"string"`
// The source identity specified by the principal that is calling the AssumeRole
// operation.
//
// You can require users to specify a source identity when they assume a role.
// You do this by using the sts:SourceIdentity condition key in a role trust
// policy. You can use source identity information in AWS CloudTrail logs to
// determine who took actions with a role. You can use the aws:SourceIdentity
// condition key to further control access to AWS resources based on the value
// of source identity. For more information about using source identity, see
// Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
// in the IAM User Guide.
//
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can
// also include underscores or any of the following characters: =,.@-. You cannot
// use a value that begins with the text aws:. This prefix is reserved for AWS
// internal use.
SourceIdentity *string `min:"2" type:"string"`
// A list of session tags that you want to pass. Each session tag consists of
// a key name and an associated value. For more information about session tags,
// see Tagging AWS STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide.
//
// This parameter is optional. You can pass up to 50 session tags. The plain
// text session tag keys cant exceed 128 characters, and the values cant
// exceed 256 characters. For these and additional limits, see IAM and STS Character
// This parameter is optional. You can pass up to 50 session tags. The plaintext
// session tag keys cant exceed 128 characters, and the values cant exceed
// 256 characters. For these and additional limits, see IAM and STS Character
// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide.
//
// An AWS conversion compresses the passed session policies and session tags
// into a packed binary format that has a separate limit. Your request can fail
// for this limit even if your plain text meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit.
// for this limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags
// for your request are to the upper size limit.
//
// You can pass a session tag with the same key as a tag that is already attached
// to the role. When you do, session tags override a role tag with the same
@ -1495,9 +1560,10 @@ type AssumeRoleInput struct {
Tags []*Tag `type:"list"`
// The value provided by the MFA device, if the trust policy of the role being
// assumed requires MFA (that is, if the policy includes a condition that tests
// for MFA). If the role being assumed requires MFA and if the TokenCode value
// is missing or expired, the AssumeRole call returns an "access denied" error.
// assumed requires MFA. (In other words, if the policy includes a condition
// that tests for MFA). If the role being assumed requires MFA and if the TokenCode
// value is missing or expired, the AssumeRole call returns an "access denied"
// error.
//
// The format for this parameter, as described by its regex pattern, is a sequence
// of six numeric digits.
@ -1554,6 +1620,9 @@ func (s *AssumeRoleInput) Validate() error {
if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
}
if s.SourceIdentity != nil && len(*s.SourceIdentity) < 2 {
invalidParams.Add(request.NewErrParamMinLen("SourceIdentity", 2))
}
if s.TokenCode != nil && len(*s.TokenCode) < 6 {
invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6))
}
@ -1626,6 +1695,12 @@ func (s *AssumeRoleInput) SetSerialNumber(v string) *AssumeRoleInput {
return s
}
// SetSourceIdentity sets the SourceIdentity field's value.
func (s *AssumeRoleInput) SetSourceIdentity(v string) *AssumeRoleInput {
s.SourceIdentity = &v
return s
}
// SetTags sets the Tags field's value.
func (s *AssumeRoleInput) SetTags(v []*Tag) *AssumeRoleInput {
s.Tags = v
@ -1668,6 +1743,23 @@ type AssumeRoleOutput struct {
// packed size is greater than 100 percent, which means the policies and tags
// exceeded the allowed space.
PackedPolicySize *int64 `type:"integer"`
// The source identity specified by the principal that is calling the AssumeRole
// operation.
//
// You can require users to specify a source identity when they assume a role.
// You do this by using the sts:SourceIdentity condition key in a role trust
// policy. You can use source identity information in AWS CloudTrail logs to
// determine who took actions with a role. You can use the aws:SourceIdentity
// condition key to further control access to AWS resources based on the value
// of source identity. For more information about using source identity, see
// Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
// in the IAM User Guide.
//
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can
// also include underscores or any of the following characters: =,.@-
SourceIdentity *string `min:"2" type:"string"`
}
// String returns the string representation
@ -1698,6 +1790,12 @@ func (s *AssumeRoleOutput) SetPackedPolicySize(v int64) *AssumeRoleOutput {
return s
}
// SetSourceIdentity sets the SourceIdentity field's value.
func (s *AssumeRoleOutput) SetSourceIdentity(v string) *AssumeRoleOutput {
s.SourceIdentity = &v
return s
}
type AssumeRoleWithSAMLInput struct {
_ struct{} `type:"structure"`
@ -1736,17 +1834,17 @@ type AssumeRoleWithSAMLInput struct {
// that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
//
// The plain text that you use for both inline and managed session policies
// can't exceed 2,048 characters. The JSON policy characters can be any ASCII
// character from the space character to the end of the valid character list
// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
// and carriage return (\u000D) characters.
// The plaintext that you use for both inline and managed session policies can't
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
// from the space character to the end of the valid character list (\u0020 through
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
// return (\u000D) characters.
//
// An AWS conversion compresses the passed session policies and session tags
// into a packed binary format that has a separate limit. Your request can fail
// for this limit even if your plain text meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit.
// for this limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags
// for your request are to the upper size limit.
Policy *string `min:"1" type:"string"`
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
@ -1754,16 +1852,16 @@ type AssumeRoleWithSAMLInput struct {
// as the role.
//
// This parameter is optional. You can provide up to 10 managed policy ARNs.
// However, the plain text that you use for both inline and managed session
// policies can't exceed 2,048 characters. For more information about ARNs,
// see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// However, the plaintext that you use for both inline and managed session policies
// can't exceed 2,048 characters. For more information about ARNs, see Amazon
// Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// in the AWS General Reference.
//
// An AWS conversion compresses the passed session policies and session tags
// into a packed binary format that has a separate limit. Your request can fail
// for this limit even if your plain text meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit.
// for this limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags
// for your request are to the upper size limit.
//
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's identity-based
@ -1786,7 +1884,7 @@ type AssumeRoleWithSAMLInput struct {
// RoleArn is a required field
RoleArn *string `min:"20" type:"string" required:"true"`
// The base-64 encoded SAML authentication response provided by the IdP.
// The base64 encoded SAML authentication response provided by the IdP.
//
// For more information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
// in the IAM User Guide.
@ -1908,10 +2006,17 @@ type AssumeRoleWithSAMLOutput struct {
// The value of the Issuer element of the SAML assertion.
Issuer *string `type:"string"`
// A hash value based on the concatenation of the Issuer response value, the
// AWS account ID, and the friendly name (the last part of the ARN) of the SAML
// provider in IAM. The combination of NameQualifier and Subject can be used
// to uniquely identify a federated user.
// A hash value based on the concatenation of the following:
//
// * The Issuer response value.
//
// * The AWS account ID.
//
// * The friendly name (the last part of the ARN) of the SAML provider in
// IAM.
//
// The combination of NameQualifier and Subject can be used to uniquely identify
// a federated user.
//
// The following pseudocode shows how the hash value is calculated:
//
@ -1925,6 +2030,26 @@ type AssumeRoleWithSAMLOutput struct {
// exceeded the allowed space.
PackedPolicySize *int64 `type:"integer"`
// The value in the SourceIdentity attribute in the SAML assertion.
//
// You can require users to set a source identity value when they assume a role.
// You do this by using the sts:SourceIdentity condition key in a role trust
// policy. That way, actions that are taken with the role are associated with
// that user. After the source identity is set, the value cannot be changed.
// It is present in the request for all actions that are taken by the role and
// persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
// sessions. You can configure your SAML identity provider to use an attribute
// associated with your users, like user name or email, as the source identity
// when calling AssumeRoleWithSAML. You do this by adding an attribute to the
// SAML assertion. For more information about using source identity, see Monitor
// and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
// in the IAM User Guide.
//
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can
// also include underscores or any of the following characters: =,.@-
SourceIdentity *string `min:"2" type:"string"`
// The value of the NameID element in the Subject element of the SAML assertion.
Subject *string `type:"string"`
@ -1985,6 +2110,12 @@ func (s *AssumeRoleWithSAMLOutput) SetPackedPolicySize(v int64) *AssumeRoleWithS
return s
}
// SetSourceIdentity sets the SourceIdentity field's value.
func (s *AssumeRoleWithSAMLOutput) SetSourceIdentity(v string) *AssumeRoleWithSAMLOutput {
s.SourceIdentity = &v
return s
}
// SetSubject sets the Subject field's value.
func (s *AssumeRoleWithSAMLOutput) SetSubject(v string) *AssumeRoleWithSAMLOutput {
s.Subject = &v
@ -2032,17 +2163,17 @@ type AssumeRoleWithWebIdentityInput struct {
// that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
//
// The plain text that you use for both inline and managed session policies
// can't exceed 2,048 characters. The JSON policy characters can be any ASCII
// character from the space character to the end of the valid character list
// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
// and carriage return (\u000D) characters.
// The plaintext that you use for both inline and managed session policies can't
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
// from the space character to the end of the valid character list (\u0020 through
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
// return (\u000D) characters.
//
// An AWS conversion compresses the passed session policies and session tags
// into a packed binary format that has a separate limit. Your request can fail
// for this limit even if your plain text meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit.
// for this limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags
// for your request are to the upper size limit.
Policy *string `min:"1" type:"string"`
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
@ -2050,16 +2181,16 @@ type AssumeRoleWithWebIdentityInput struct {
// as the role.
//
// This parameter is optional. You can provide up to 10 managed policy ARNs.
// However, the plain text that you use for both inline and managed session
// policies can't exceed 2,048 characters. For more information about ARNs,
// see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// However, the plaintext that you use for both inline and managed session policies
// can't exceed 2,048 characters. For more information about ARNs, see Amazon
// Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// in the AWS General Reference.
//
// An AWS conversion compresses the passed session policies and session tags
// into a packed binary format that has a separate limit. Your request can fail
// for this limit even if your plain text meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit.
// for this limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags
// for your request are to the upper size limit.
//
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's identity-based
@ -2242,6 +2373,29 @@ type AssumeRoleWithWebIdentityOutput struct {
// in the AssumeRoleWithWebIdentity request.
Provider *string `type:"string"`
// The value of the source identity that is returned in the JSON web token (JWT)
// from the identity provider.
//
// You can require users to set a source identity value when they assume a role.
// You do this by using the sts:SourceIdentity condition key in a role trust
// policy. That way, actions that are taken with the role are associated with
// that user. After the source identity is set, the value cannot be changed.
// It is present in the request for all actions that are taken by the role and
// persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
// sessions. You can configure your identity provider to use an attribute associated
// with your users, like user name or email, as the source identity when calling
// AssumeRoleWithWebIdentity. You do this by adding a claim to the JSON web
// token. To learn more about OIDC tokens and claims, see Using Tokens with
// User Pools (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html)
// in the Amazon Cognito Developer Guide. For more information about using source
// identity, see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
// in the IAM User Guide.
//
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can
// also include underscores or any of the following characters: =,.@-
SourceIdentity *string `min:"2" type:"string"`
// The unique user identifier that is returned by the identity provider. This
// identifier is associated with the WebIdentityToken that was submitted with
// the AssumeRoleWithWebIdentity call. The identifier is typically unique to
@ -2291,6 +2445,12 @@ func (s *AssumeRoleWithWebIdentityOutput) SetProvider(v string) *AssumeRoleWithW
return s
}
// SetSourceIdentity sets the SourceIdentity field's value.
func (s *AssumeRoleWithWebIdentityOutput) SetSourceIdentity(v string) *AssumeRoleWithWebIdentityOutput {
s.SourceIdentity = &v
return s
}
// SetSubjectFromWebIdentityToken sets the SubjectFromWebIdentityToken field's value.
func (s *AssumeRoleWithWebIdentityOutput) SetSubjectFromWebIdentityToken(v string) *AssumeRoleWithWebIdentityOutput {
s.SubjectFromWebIdentityToken = &v
@ -2682,17 +2842,17 @@ type GetFederationTokenInput struct {
// by the policy. These permissions are granted in addition to the permissions
// that are granted by the session policies.
//
// The plain text that you use for both inline and managed session policies
// can't exceed 2,048 characters. The JSON policy characters can be any ASCII
// character from the space character to the end of the valid character list
// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
// and carriage return (\u000D) characters.
// The plaintext that you use for both inline and managed session policies can't
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
// from the space character to the end of the valid character list (\u0020 through
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
// return (\u000D) characters.
//
// An AWS conversion compresses the passed session policies and session tags
// into a packed binary format that has a separate limit. Your request can fail
// for this limit even if your plain text meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit.
// for this limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags
// for your request are to the upper size limit.
Policy *string `min:"1" type:"string"`
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
@ -2702,7 +2862,7 @@ type GetFederationTokenInput struct {
// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
// use as managed session policies. The plaintext that you use for both inline
// and managed session policies can't exceed 2,048 characters. You can provide
// up to 10 managed policy ARNs. For more information about ARNs, see Amazon
// Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
@ -2727,9 +2887,9 @@ type GetFederationTokenInput struct {
//
// An AWS conversion compresses the passed session policies and session tags
// into a packed binary format that has a separate limit. Your request can fail
// for this limit even if your plain text meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit.
// for this limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags
// for your request are to the upper size limit.
PolicyArns []*PolicyDescriptorType `type:"list"`
// A list of session tags. Each session tag consists of a key name and an associated
@ -2737,17 +2897,17 @@ type GetFederationTokenInput struct {
// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide.
//
// This parameter is optional. You can pass up to 50 session tags. The plain
// text session tag keys cant exceed 128 characters and the values cant
// exceed 256 characters. For these and additional limits, see IAM and STS Character
// This parameter is optional. You can pass up to 50 session tags. The plaintext
// session tag keys cant exceed 128 characters and the values cant exceed
// 256 characters. For these and additional limits, see IAM and STS Character
// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide.
//
// An AWS conversion compresses the passed session policies and session tags
// into a packed binary format that has a separate limit. Your request can fail
// for this limit even if your plain text meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit.
// for this limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags
// for your request are to the upper size limit.
//
// You can pass a session tag with the same key as a tag that is already attached
// to the user you are federating. When you do, session tags override a user