mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-24 15:20:19 +00:00
171ba6a65d
Bumps the github-dependencies group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/IBM/keyprotect-go-client](https://github.com/IBM/keyprotect-go-client) | `0.12.2` | `0.14.1` | | [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.53.14` | `1.54.6` | | [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) | `1.28.1` | `1.29.1` | | [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) | `1.12.0` | `1.14.0` | | [github.com/kubernetes-csi/csi-lib-utils](https://github.com/kubernetes-csi/csi-lib-utils) | `0.17.0` | `0.18.1` | | [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.17.1` | `2.19.0` | | [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.18.0` | `1.19.1` | | [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.6.0` | `1.7.0` | Updates `github.com/IBM/keyprotect-go-client` from 0.12.2 to 0.14.1 - [Release notes](https://github.com/IBM/keyprotect-go-client/releases) - [Changelog](https://github.com/IBM/keyprotect-go-client/blob/master/CHANGELOG.md) - [Commits](https://github.com/IBM/keyprotect-go-client/compare/v0.12.2...v0.14.1) Updates `github.com/aws/aws-sdk-go` from 1.53.14 to 1.54.6 - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.53.14...v1.54.6) Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.28.1 to 1.29.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecr/v1.28.1...service/s3/v1.29.1) Updates `github.com/hashicorp/vault/api` from 1.12.0 to 1.14.0 - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/vault/compare/v1.12.0...v1.14.0) Updates `github.com/kubernetes-csi/csi-lib-utils` from 0.17.0 to 0.18.1 - [Release notes](https://github.com/kubernetes-csi/csi-lib-utils/releases) - [Commits](https://github.com/kubernetes-csi/csi-lib-utils/compare/v0.17.0...v0.18.1) Updates `github.com/onsi/ginkgo/v2` from 2.17.1 to 2.19.0 - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.17.1...v2.19.0) Updates `github.com/onsi/gomega` from 1.32.0 to 1.33.1 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.32.0...v1.33.1) Updates `github.com/prometheus/client_golang` from 1.18.0 to 1.19.1 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.18.0...v1.19.1) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.6.0 to 1.7.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.6.0...sdk/azcore/v1.7.0) --- updated-dependencies: - dependency-name: github.com/IBM/keyprotect-go-client dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/hashicorp/vault/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/kubernetes-csi/csi-lib-utils dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
297 lines
8.5 KiB
Go
297 lines
8.5 KiB
Go
// Code generated by smithy-go-codegen DO NOT EDIT.
|
|
|
|
package sts
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
|
smithy "github.com/aws/smithy-go"
|
|
smithyauth "github.com/aws/smithy-go/auth"
|
|
"github.com/aws/smithy-go/middleware"
|
|
smithyhttp "github.com/aws/smithy-go/transport/http"
|
|
)
|
|
|
|
func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) {
|
|
params.Region = options.Region
|
|
}
|
|
|
|
type setLegacyContextSigningOptionsMiddleware struct {
|
|
}
|
|
|
|
func (*setLegacyContextSigningOptionsMiddleware) ID() string {
|
|
return "setLegacyContextSigningOptions"
|
|
}
|
|
|
|
func (m *setLegacyContextSigningOptionsMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
|
|
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
|
|
) {
|
|
rscheme := getResolvedAuthScheme(ctx)
|
|
schemeID := rscheme.Scheme.SchemeID()
|
|
|
|
if sn := awsmiddleware.GetSigningName(ctx); sn != "" {
|
|
if schemeID == "aws.auth#sigv4" {
|
|
smithyhttp.SetSigV4SigningName(&rscheme.SignerProperties, sn)
|
|
} else if schemeID == "aws.auth#sigv4a" {
|
|
smithyhttp.SetSigV4ASigningName(&rscheme.SignerProperties, sn)
|
|
}
|
|
}
|
|
|
|
if sr := awsmiddleware.GetSigningRegion(ctx); sr != "" {
|
|
if schemeID == "aws.auth#sigv4" {
|
|
smithyhttp.SetSigV4SigningRegion(&rscheme.SignerProperties, sr)
|
|
} else if schemeID == "aws.auth#sigv4a" {
|
|
smithyhttp.SetSigV4ASigningRegions(&rscheme.SignerProperties, []string{sr})
|
|
}
|
|
}
|
|
|
|
return next.HandleFinalize(ctx, in)
|
|
}
|
|
|
|
func addSetLegacyContextSigningOptionsMiddleware(stack *middleware.Stack) error {
|
|
return stack.Finalize.Insert(&setLegacyContextSigningOptionsMiddleware{}, "Signing", middleware.Before)
|
|
}
|
|
|
|
type withAnonymous struct {
|
|
resolver AuthSchemeResolver
|
|
}
|
|
|
|
var _ AuthSchemeResolver = (*withAnonymous)(nil)
|
|
|
|
func (v *withAnonymous) ResolveAuthSchemes(ctx context.Context, params *AuthResolverParameters) ([]*smithyauth.Option, error) {
|
|
opts, err := v.resolver.ResolveAuthSchemes(ctx, params)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
opts = append(opts, &smithyauth.Option{
|
|
SchemeID: smithyauth.SchemeIDAnonymous,
|
|
})
|
|
return opts, nil
|
|
}
|
|
|
|
func wrapWithAnonymousAuth(options *Options) {
|
|
if _, ok := options.AuthSchemeResolver.(*defaultAuthSchemeResolver); !ok {
|
|
return
|
|
}
|
|
|
|
options.AuthSchemeResolver = &withAnonymous{
|
|
resolver: options.AuthSchemeResolver,
|
|
}
|
|
}
|
|
|
|
// AuthResolverParameters contains the set of inputs necessary for auth scheme
|
|
// resolution.
|
|
type AuthResolverParameters struct {
|
|
// The name of the operation being invoked.
|
|
Operation string
|
|
|
|
// The region in which the operation is being invoked.
|
|
Region string
|
|
}
|
|
|
|
func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) *AuthResolverParameters {
|
|
params := &AuthResolverParameters{
|
|
Operation: operation,
|
|
}
|
|
|
|
bindAuthParamsRegion(ctx, params, input, options)
|
|
|
|
return params
|
|
}
|
|
|
|
// AuthSchemeResolver returns a set of possible authentication options for an
|
|
// operation.
|
|
type AuthSchemeResolver interface {
|
|
ResolveAuthSchemes(context.Context, *AuthResolverParameters) ([]*smithyauth.Option, error)
|
|
}
|
|
|
|
type defaultAuthSchemeResolver struct{}
|
|
|
|
var _ AuthSchemeResolver = (*defaultAuthSchemeResolver)(nil)
|
|
|
|
func (*defaultAuthSchemeResolver) ResolveAuthSchemes(ctx context.Context, params *AuthResolverParameters) ([]*smithyauth.Option, error) {
|
|
if overrides, ok := operationAuthOptions[params.Operation]; ok {
|
|
return overrides(params), nil
|
|
}
|
|
return serviceAuthOptions(params), nil
|
|
}
|
|
|
|
var operationAuthOptions = map[string]func(*AuthResolverParameters) []*smithyauth.Option{
|
|
"AssumeRoleWithSAML": func(params *AuthResolverParameters) []*smithyauth.Option {
|
|
return []*smithyauth.Option{
|
|
{SchemeID: smithyauth.SchemeIDAnonymous},
|
|
}
|
|
},
|
|
|
|
"AssumeRoleWithWebIdentity": func(params *AuthResolverParameters) []*smithyauth.Option {
|
|
return []*smithyauth.Option{
|
|
{SchemeID: smithyauth.SchemeIDAnonymous},
|
|
}
|
|
},
|
|
}
|
|
|
|
func serviceAuthOptions(params *AuthResolverParameters) []*smithyauth.Option {
|
|
return []*smithyauth.Option{
|
|
{
|
|
SchemeID: smithyauth.SchemeIDSigV4,
|
|
SignerProperties: func() smithy.Properties {
|
|
var props smithy.Properties
|
|
smithyhttp.SetSigV4SigningName(&props, "sts")
|
|
smithyhttp.SetSigV4SigningRegion(&props, params.Region)
|
|
return props
|
|
}(),
|
|
},
|
|
}
|
|
}
|
|
|
|
type resolveAuthSchemeMiddleware struct {
|
|
operation string
|
|
options Options
|
|
}
|
|
|
|
func (*resolveAuthSchemeMiddleware) ID() string {
|
|
return "ResolveAuthScheme"
|
|
}
|
|
|
|
func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
|
|
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
|
|
) {
|
|
params := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options)
|
|
options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params)
|
|
if err != nil {
|
|
return out, metadata, fmt.Errorf("resolve auth scheme: %w", err)
|
|
}
|
|
|
|
scheme, ok := m.selectScheme(options)
|
|
if !ok {
|
|
return out, metadata, fmt.Errorf("could not select an auth scheme")
|
|
}
|
|
|
|
ctx = setResolvedAuthScheme(ctx, scheme)
|
|
return next.HandleFinalize(ctx, in)
|
|
}
|
|
|
|
func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) (*resolvedAuthScheme, bool) {
|
|
for _, option := range options {
|
|
if option.SchemeID == smithyauth.SchemeIDAnonymous {
|
|
return newResolvedAuthScheme(smithyhttp.NewAnonymousScheme(), option), true
|
|
}
|
|
|
|
for _, scheme := range m.options.AuthSchemes {
|
|
if scheme.SchemeID() != option.SchemeID {
|
|
continue
|
|
}
|
|
|
|
if scheme.IdentityResolver(m.options) != nil {
|
|
return newResolvedAuthScheme(scheme, option), true
|
|
}
|
|
}
|
|
}
|
|
|
|
return nil, false
|
|
}
|
|
|
|
type resolvedAuthSchemeKey struct{}
|
|
|
|
type resolvedAuthScheme struct {
|
|
Scheme smithyhttp.AuthScheme
|
|
IdentityProperties smithy.Properties
|
|
SignerProperties smithy.Properties
|
|
}
|
|
|
|
func newResolvedAuthScheme(scheme smithyhttp.AuthScheme, option *smithyauth.Option) *resolvedAuthScheme {
|
|
return &resolvedAuthScheme{
|
|
Scheme: scheme,
|
|
IdentityProperties: option.IdentityProperties,
|
|
SignerProperties: option.SignerProperties,
|
|
}
|
|
}
|
|
|
|
func setResolvedAuthScheme(ctx context.Context, scheme *resolvedAuthScheme) context.Context {
|
|
return middleware.WithStackValue(ctx, resolvedAuthSchemeKey{}, scheme)
|
|
}
|
|
|
|
func getResolvedAuthScheme(ctx context.Context) *resolvedAuthScheme {
|
|
v, _ := middleware.GetStackValue(ctx, resolvedAuthSchemeKey{}).(*resolvedAuthScheme)
|
|
return v
|
|
}
|
|
|
|
type getIdentityMiddleware struct {
|
|
options Options
|
|
}
|
|
|
|
func (*getIdentityMiddleware) ID() string {
|
|
return "GetIdentity"
|
|
}
|
|
|
|
func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
|
|
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
|
|
) {
|
|
rscheme := getResolvedAuthScheme(ctx)
|
|
if rscheme == nil {
|
|
return out, metadata, fmt.Errorf("no resolved auth scheme")
|
|
}
|
|
|
|
resolver := rscheme.Scheme.IdentityResolver(m.options)
|
|
if resolver == nil {
|
|
return out, metadata, fmt.Errorf("no identity resolver")
|
|
}
|
|
|
|
identity, err := resolver.GetIdentity(ctx, rscheme.IdentityProperties)
|
|
if err != nil {
|
|
return out, metadata, fmt.Errorf("get identity: %w", err)
|
|
}
|
|
|
|
ctx = setIdentity(ctx, identity)
|
|
return next.HandleFinalize(ctx, in)
|
|
}
|
|
|
|
type identityKey struct{}
|
|
|
|
func setIdentity(ctx context.Context, identity smithyauth.Identity) context.Context {
|
|
return middleware.WithStackValue(ctx, identityKey{}, identity)
|
|
}
|
|
|
|
func getIdentity(ctx context.Context) smithyauth.Identity {
|
|
v, _ := middleware.GetStackValue(ctx, identityKey{}).(smithyauth.Identity)
|
|
return v
|
|
}
|
|
|
|
type signRequestMiddleware struct {
|
|
}
|
|
|
|
func (*signRequestMiddleware) ID() string {
|
|
return "Signing"
|
|
}
|
|
|
|
func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
|
|
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
|
|
) {
|
|
req, ok := in.Request.(*smithyhttp.Request)
|
|
if !ok {
|
|
return out, metadata, fmt.Errorf("unexpected transport type %T", in.Request)
|
|
}
|
|
|
|
rscheme := getResolvedAuthScheme(ctx)
|
|
if rscheme == nil {
|
|
return out, metadata, fmt.Errorf("no resolved auth scheme")
|
|
}
|
|
|
|
identity := getIdentity(ctx)
|
|
if identity == nil {
|
|
return out, metadata, fmt.Errorf("no identity")
|
|
}
|
|
|
|
signer := rscheme.Scheme.Signer()
|
|
if signer == nil {
|
|
return out, metadata, fmt.Errorf("no signer")
|
|
}
|
|
|
|
if err := signer.SignRequest(ctx, req, identity, rscheme.SignerProperties); err != nil {
|
|
return out, metadata, fmt.Errorf("sign request: %w", err)
|
|
}
|
|
|
|
return next.HandleFinalize(ctx, in)
|
|
}
|