mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-10-19 13:49:53 +00:00
f9310c84f4
Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.20.0 to 1.21.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.20.0...service/s3/v1.21.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
286 lines
10 KiB
Go
286 lines
10 KiB
Go
// Code generated by smithy-go-codegen DO NOT EDIT.
|
|
|
|
package sts
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"github.com/aws/aws-sdk-go-v2/aws"
|
|
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
|
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
|
|
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
|
|
smithyendpoints "github.com/aws/smithy-go/endpoints"
|
|
"github.com/aws/smithy-go/middleware"
|
|
smithyhttp "github.com/aws/smithy-go/transport/http"
|
|
)
|
|
|
|
// Decodes additional information about the authorization status of a request from
|
|
// an encoded message returned in response to an Amazon Web Services request. For
|
|
// example, if a user is not authorized to perform an operation that he or she has
|
|
// requested, the request returns a Client.UnauthorizedOperation response (an HTTP
|
|
// 403 response). Some Amazon Web Services operations additionally return an
|
|
// encoded message that can provide details about this authorization failure. Only
|
|
// certain Amazon Web Services operations return an encoded authorization message.
|
|
// The documentation for an individual operation indicates whether that operation
|
|
// returns an encoded message in addition to returning an HTTP code. The message is
|
|
// encoded because the details of the authorization status can contain privileged
|
|
// information that the user who requested the operation should not see. To decode
|
|
// an authorization status message, a user must be granted permissions through an
|
|
// IAM policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
|
|
// to request the DecodeAuthorizationMessage ( sts:DecodeAuthorizationMessage )
|
|
// action. The decoded message includes the following type of information:
|
|
// - Whether the request was denied due to an explicit deny or due to the
|
|
// absence of an explicit allow. For more information, see Determining Whether a
|
|
// Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
|
|
// in the IAM User Guide.
|
|
// - The principal who made the request.
|
|
// - The requested action.
|
|
// - The requested resource.
|
|
// - The values of condition keys in the context of the user's request.
|
|
func (c *Client) DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error) {
|
|
if params == nil {
|
|
params = &DecodeAuthorizationMessageInput{}
|
|
}
|
|
|
|
result, metadata, err := c.invokeOperation(ctx, "DecodeAuthorizationMessage", params, optFns, c.addOperationDecodeAuthorizationMessageMiddlewares)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
out := result.(*DecodeAuthorizationMessageOutput)
|
|
out.ResultMetadata = metadata
|
|
return out, nil
|
|
}
|
|
|
|
type DecodeAuthorizationMessageInput struct {
|
|
|
|
// The encoded message that was returned with the response.
|
|
//
|
|
// This member is required.
|
|
EncodedMessage *string
|
|
|
|
noSmithyDocumentSerde
|
|
}
|
|
|
|
// A document that contains additional information about the authorization status
|
|
// of a request from an encoded message that is returned in response to an Amazon
|
|
// Web Services request.
|
|
type DecodeAuthorizationMessageOutput struct {
|
|
|
|
// The API returns a response with the decoded message.
|
|
DecodedMessage *string
|
|
|
|
// Metadata pertaining to the operation's result.
|
|
ResultMetadata middleware.Metadata
|
|
|
|
noSmithyDocumentSerde
|
|
}
|
|
|
|
func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middleware.Stack, options Options) (err error) {
|
|
err = stack.Serialize.Add(&awsAwsquery_serializeOpDecodeAuthorizationMessage{}, middleware.After)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = stack.Deserialize.Add(&awsAwsquery_deserializeOpDecodeAuthorizationMessage{}, middleware.After)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addRetryMiddlewares(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = addHTTPSignerV4Middleware(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addClientUserAgent(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addDecodeAuthorizationMessageResolveEndpointMiddleware(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = addOpDecodeAuthorizationMessageValidationMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDecodeAuthorizationMessage(options.Region), middleware.Before); err != nil {
|
|
return err
|
|
}
|
|
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addResponseErrorMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addRequestResponseLogging(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func newServiceMetadataMiddleware_opDecodeAuthorizationMessage(region string) *awsmiddleware.RegisterServiceMetadata {
|
|
return &awsmiddleware.RegisterServiceMetadata{
|
|
Region: region,
|
|
ServiceID: ServiceID,
|
|
SigningName: "sts",
|
|
OperationName: "DecodeAuthorizationMessage",
|
|
}
|
|
}
|
|
|
|
type opDecodeAuthorizationMessageResolveEndpointMiddleware struct {
|
|
EndpointResolver EndpointResolverV2
|
|
BuiltInResolver builtInParameterResolver
|
|
}
|
|
|
|
func (*opDecodeAuthorizationMessageResolveEndpointMiddleware) ID() string {
|
|
return "ResolveEndpointV2"
|
|
}
|
|
|
|
func (m *opDecodeAuthorizationMessageResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
|
|
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
|
|
) {
|
|
if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
|
|
return next.HandleSerialize(ctx, in)
|
|
}
|
|
|
|
req, ok := in.Request.(*smithyhttp.Request)
|
|
if !ok {
|
|
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
|
|
}
|
|
|
|
if m.EndpointResolver == nil {
|
|
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
|
|
}
|
|
|
|
params := EndpointParameters{}
|
|
|
|
m.BuiltInResolver.ResolveBuiltIns(¶ms)
|
|
|
|
var resolvedEndpoint smithyendpoints.Endpoint
|
|
resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
|
|
if err != nil {
|
|
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
|
|
}
|
|
|
|
req.URL = &resolvedEndpoint.URI
|
|
|
|
for k := range resolvedEndpoint.Headers {
|
|
req.Header.Set(
|
|
k,
|
|
resolvedEndpoint.Headers.Get(k),
|
|
)
|
|
}
|
|
|
|
authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
|
|
if err != nil {
|
|
var nfe *internalauth.NoAuthenticationSchemesFoundError
|
|
if errors.As(err, &nfe) {
|
|
// if no auth scheme is found, default to sigv4
|
|
signingName := "sts"
|
|
signingRegion := m.BuiltInResolver.(*builtInResolver).Region
|
|
ctx = awsmiddleware.SetSigningName(ctx, signingName)
|
|
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
|
|
|
|
}
|
|
var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
|
|
if errors.As(err, &ue) {
|
|
return out, metadata, fmt.Errorf(
|
|
"This operation requests signer version(s) %v but the client only supports %v",
|
|
ue.UnsupportedSchemes,
|
|
internalauth.SupportedSchemes,
|
|
)
|
|
}
|
|
}
|
|
|
|
for _, authScheme := range authSchemes {
|
|
switch authScheme.(type) {
|
|
case *internalauth.AuthenticationSchemeV4:
|
|
v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
|
|
var signingName, signingRegion string
|
|
if v4Scheme.SigningName == nil {
|
|
signingName = "sts"
|
|
} else {
|
|
signingName = *v4Scheme.SigningName
|
|
}
|
|
if v4Scheme.SigningRegion == nil {
|
|
signingRegion = m.BuiltInResolver.(*builtInResolver).Region
|
|
} else {
|
|
signingRegion = *v4Scheme.SigningRegion
|
|
}
|
|
if v4Scheme.DisableDoubleEncoding != nil {
|
|
// The signer sets an equivalent value at client initialization time.
|
|
// Setting this context value will cause the signer to extract it
|
|
// and override the value set at client initialization time.
|
|
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
|
|
}
|
|
ctx = awsmiddleware.SetSigningName(ctx, signingName)
|
|
ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
|
|
break
|
|
case *internalauth.AuthenticationSchemeV4A:
|
|
v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
|
|
if v4aScheme.SigningName == nil {
|
|
v4aScheme.SigningName = aws.String("sts")
|
|
}
|
|
if v4aScheme.DisableDoubleEncoding != nil {
|
|
// The signer sets an equivalent value at client initialization time.
|
|
// Setting this context value will cause the signer to extract it
|
|
// and override the value set at client initialization time.
|
|
ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
|
|
}
|
|
ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
|
|
ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
|
|
break
|
|
case *internalauth.AuthenticationSchemeNone:
|
|
break
|
|
}
|
|
}
|
|
|
|
return next.HandleSerialize(ctx, in)
|
|
}
|
|
|
|
func addDecodeAuthorizationMessageResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
|
|
return stack.Serialize.Insert(&opDecodeAuthorizationMessageResolveEndpointMiddleware{
|
|
EndpointResolver: options.EndpointResolverV2,
|
|
BuiltInResolver: &builtInResolver{
|
|
Region: options.Region,
|
|
UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
|
|
UseFIPS: options.EndpointOptions.UseFIPSEndpoint,
|
|
Endpoint: options.BaseEndpoint,
|
|
},
|
|
}, "ResolveEndpoint", middleware.After)
|
|
}
|