mirror of
https://gitea.com/Lydanne/buildx.git
synced 2025-07-10 13:37:08 +08:00
vendor: update buildkit to v0.19.0-rc1
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This commit is contained in:
18
vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go
generated
vendored
Normal file
18
vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go
generated
vendored
Normal file
@ -0,0 +1,18 @@
|
||||
package aws
|
||||
|
||||
// AccountIDEndpointMode controls how a resolved AWS account ID is handled for endpoint routing.
|
||||
type AccountIDEndpointMode string
|
||||
|
||||
const (
|
||||
// AccountIDEndpointModeUnset indicates the AWS account ID will not be used for endpoint routing
|
||||
AccountIDEndpointModeUnset AccountIDEndpointMode = ""
|
||||
|
||||
// AccountIDEndpointModePreferred indicates the AWS account ID will be used for endpoint routing if present
|
||||
AccountIDEndpointModePreferred = "preferred"
|
||||
|
||||
// AccountIDEndpointModeRequired indicates an error will be returned if the AWS account ID is not resolved from identity
|
||||
AccountIDEndpointModeRequired = "required"
|
||||
|
||||
// AccountIDEndpointModeDisabled indicates the AWS account ID will be ignored during endpoint routing
|
||||
AccountIDEndpointModeDisabled = "disabled"
|
||||
)
|
3
vendor/github.com/aws/aws-sdk-go-v2/aws/config.go
generated
vendored
3
vendor/github.com/aws/aws-sdk-go-v2/aws/config.go
generated
vendored
@ -162,6 +162,9 @@ type Config struct {
|
||||
// This variable is sourced from environment variable AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES or
|
||||
// the shared config profile attribute request_min_compression_size_bytes
|
||||
RequestMinCompressSizeBytes int64
|
||||
|
||||
// Controls how a resolved AWS account ID is handled for endpoint routing.
|
||||
AccountIDEndpointMode AccountIDEndpointMode
|
||||
}
|
||||
|
||||
// NewConfig returns a new Config pointer that can be chained with builder
|
||||
|
3
vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go
generated
vendored
3
vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go
generated
vendored
@ -90,6 +90,9 @@ type Credentials struct {
|
||||
// The time the credentials will expire at. Should be ignored if CanExpire
|
||||
// is false.
|
||||
Expires time.Time
|
||||
|
||||
// The ID of the account for the credentials.
|
||||
AccountID string
|
||||
}
|
||||
|
||||
// Expired returns if the credentials have expired.
|
||||
|
26
vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go
generated
vendored
26
vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go
generated
vendored
@ -70,6 +70,10 @@ func GetUseFIPSEndpoint(options ...interface{}) (value FIPSEndpointState, found
|
||||
// The SDK will automatically resolve these endpoints per API client using an
|
||||
// internal endpoint resolvers. If you'd like to provide custom endpoint
|
||||
// resolving behavior you can implement the EndpointResolver interface.
|
||||
//
|
||||
// Deprecated: This structure was used with the global [EndpointResolver]
|
||||
// interface, which has been deprecated in favor of service-specific endpoint
|
||||
// resolution. See the deprecation docs on that interface for more information.
|
||||
type Endpoint struct {
|
||||
// The base URL endpoint the SDK API clients will use to make API calls to.
|
||||
// The SDK will suffix URI path and query elements to this endpoint.
|
||||
@ -124,6 +128,8 @@ type Endpoint struct {
|
||||
}
|
||||
|
||||
// EndpointSource is the endpoint source type.
|
||||
//
|
||||
// Deprecated: The global [Endpoint] structure is deprecated.
|
||||
type EndpointSource int
|
||||
|
||||
const (
|
||||
@ -161,19 +167,25 @@ func (e *EndpointNotFoundError) Unwrap() error {
|
||||
// API clients will fallback to attempting to resolve the endpoint using its
|
||||
// internal default endpoint resolver.
|
||||
//
|
||||
// Deprecated: See EndpointResolverWithOptions
|
||||
// Deprecated: The global endpoint resolution interface is deprecated. The API
|
||||
// for endpoint resolution is now unique to each service and is set via the
|
||||
// EndpointResolverV2 field on service client options. Setting a value for
|
||||
// EndpointResolver on aws.Config or service client options will prevent you
|
||||
// from using any endpoint-related service features released after the
|
||||
// introduction of EndpointResolverV2. You may also encounter broken or
|
||||
// unexpected behavior when using the old global interface with services that
|
||||
// use many endpoint-related customizations such as S3.
|
||||
type EndpointResolver interface {
|
||||
ResolveEndpoint(service, region string) (Endpoint, error)
|
||||
}
|
||||
|
||||
// EndpointResolverFunc wraps a function to satisfy the EndpointResolver interface.
|
||||
//
|
||||
// Deprecated: See EndpointResolverWithOptionsFunc
|
||||
// Deprecated: The global endpoint resolution interface is deprecated. See
|
||||
// deprecation docs on [EndpointResolver].
|
||||
type EndpointResolverFunc func(service, region string) (Endpoint, error)
|
||||
|
||||
// ResolveEndpoint calls the wrapped function and returns the results.
|
||||
//
|
||||
// Deprecated: See EndpointResolverWithOptions.ResolveEndpoint
|
||||
func (e EndpointResolverFunc) ResolveEndpoint(service, region string) (Endpoint, error) {
|
||||
return e(service, region)
|
||||
}
|
||||
@ -184,11 +196,17 @@ func (e EndpointResolverFunc) ResolveEndpoint(service, region string) (Endpoint,
|
||||
// available. If the EndpointResolverWithOptions returns an EndpointNotFoundError error,
|
||||
// API clients will fallback to attempting to resolve the endpoint using its
|
||||
// internal default endpoint resolver.
|
||||
//
|
||||
// Deprecated: The global endpoint resolution interface is deprecated. See
|
||||
// deprecation docs on [EndpointResolver].
|
||||
type EndpointResolverWithOptions interface {
|
||||
ResolveEndpoint(service, region string, options ...interface{}) (Endpoint, error)
|
||||
}
|
||||
|
||||
// EndpointResolverWithOptionsFunc wraps a function to satisfy the EndpointResolverWithOptions interface.
|
||||
//
|
||||
// Deprecated: The global endpoint resolution interface is deprecated. See
|
||||
// deprecation docs on [EndpointResolver].
|
||||
type EndpointResolverWithOptionsFunc func(service, region string, options ...interface{}) (Endpoint, error)
|
||||
|
||||
// ResolveEndpoint calls the wrapped function and returns the results.
|
||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
||||
package aws
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "1.24.1"
|
||||
const goModuleVersion = "1.30.3"
|
||||
|
10
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/middleware.go
generated
vendored
10
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/middleware.go
generated
vendored
@ -139,16 +139,16 @@ func AddRecordResponseTiming(stack *middleware.Stack) error {
|
||||
// raw response within the response metadata.
|
||||
type rawResponseKey struct{}
|
||||
|
||||
// addRawResponse middleware adds raw response on to the metadata
|
||||
type addRawResponse struct{}
|
||||
// AddRawResponse middleware adds raw response on to the metadata
|
||||
type AddRawResponse struct{}
|
||||
|
||||
// ID the identifier for the ClientRequestID
|
||||
func (m *addRawResponse) ID() string {
|
||||
func (m *AddRawResponse) ID() string {
|
||||
return "AddRawResponseToMetadata"
|
||||
}
|
||||
|
||||
// HandleDeserialize adds raw response on the middleware metadata
|
||||
func (m addRawResponse) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
|
||||
func (m AddRawResponse) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
|
||||
out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
|
||||
) {
|
||||
out, metadata, err = next.HandleDeserialize(ctx, in)
|
||||
@ -159,7 +159,7 @@ func (m addRawResponse) HandleDeserialize(ctx context.Context, in middleware.Des
|
||||
// AddRawResponseToMetadata adds middleware to the middleware stack that
|
||||
// store raw response on to the metadata.
|
||||
func AddRawResponseToMetadata(stack *middleware.Stack) error {
|
||||
return stack.Deserialize.Add(&addRawResponse{}, middleware.Before)
|
||||
return stack.Deserialize.Add(&AddRawResponse{}, middleware.Before)
|
||||
}
|
||||
|
||||
// GetRawResponse returns raw response set on metadata
|
||||
|
5
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics/metrics.go
generated
vendored
5
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics/metrics.go
generated
vendored
@ -112,6 +112,8 @@ type MetricData struct {
|
||||
ResolveEndpointStartTime time.Time
|
||||
ResolveEndpointEndTime time.Time
|
||||
EndpointResolutionDuration time.Duration
|
||||
GetIdentityStartTime time.Time
|
||||
GetIdentityEndTime time.Time
|
||||
InThroughput float64
|
||||
OutThroughput float64
|
||||
RetryCount int
|
||||
@ -122,6 +124,7 @@ type MetricData struct {
|
||||
OperationName string
|
||||
PartitionID string
|
||||
Region string
|
||||
UserAgent string
|
||||
RequestContentLength int64
|
||||
Stream StreamMetrics
|
||||
Attempts []AttemptMetrics
|
||||
@ -144,8 +147,6 @@ type AttemptMetrics struct {
|
||||
ConnRequestedTime time.Time
|
||||
ConnObtainedTime time.Time
|
||||
ConcurrencyAcquireDuration time.Duration
|
||||
CredentialFetchStartTime time.Time
|
||||
CredentialFetchEndTime time.Time
|
||||
SignStartTime time.Time
|
||||
SignEndTime time.Time
|
||||
SigningDuration time.Duration
|
||||
|
12
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/request_id_retriever.go
generated
vendored
12
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/request_id_retriever.go
generated
vendored
@ -11,18 +11,22 @@ import (
|
||||
func AddRequestIDRetrieverMiddleware(stack *middleware.Stack) error {
|
||||
// add error wrapper middleware before operation deserializers so that it can wrap the error response
|
||||
// returned by operation deserializers
|
||||
return stack.Deserialize.Insert(&requestIDRetriever{}, "OperationDeserializer", middleware.Before)
|
||||
return stack.Deserialize.Insert(&RequestIDRetriever{}, "OperationDeserializer", middleware.Before)
|
||||
}
|
||||
|
||||
type requestIDRetriever struct {
|
||||
// RequestIDRetriever middleware captures the AWS service request ID from the
|
||||
// raw response.
|
||||
type RequestIDRetriever struct {
|
||||
}
|
||||
|
||||
// ID returns the middleware identifier
|
||||
func (m *requestIDRetriever) ID() string {
|
||||
func (m *RequestIDRetriever) ID() string {
|
||||
return "RequestIDRetriever"
|
||||
}
|
||||
|
||||
func (m *requestIDRetriever) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
|
||||
// HandleDeserialize pulls the AWS request ID from the response, storing it in
|
||||
// operation metadata.
|
||||
func (m *RequestIDRetriever) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
|
||||
out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
|
||||
) {
|
||||
out, metadata, err = next.HandleDeserialize(ctx, in)
|
||||
|
84
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go
generated
vendored
84
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go
generated
vendored
@ -5,6 +5,7 @@ import (
|
||||
"fmt"
|
||||
"os"
|
||||
"runtime"
|
||||
"sort"
|
||||
"strings"
|
||||
|
||||
"github.com/aws/aws-sdk-go-v2/aws"
|
||||
@ -30,6 +31,7 @@ const (
|
||||
FrameworkMetadata
|
||||
AdditionalMetadata
|
||||
ApplicationIdentifier
|
||||
FeatureMetadata2
|
||||
)
|
||||
|
||||
func (k SDKAgentKeyType) string() string {
|
||||
@ -50,6 +52,8 @@ func (k SDKAgentKeyType) string() string {
|
||||
return "lib"
|
||||
case ApplicationIdentifier:
|
||||
return "app"
|
||||
case FeatureMetadata2:
|
||||
return "m"
|
||||
case AdditionalMetadata:
|
||||
fallthrough
|
||||
default:
|
||||
@ -64,12 +68,32 @@ var validChars = map[rune]bool{
|
||||
'-': true, '.': true, '^': true, '_': true, '`': true, '|': true, '~': true,
|
||||
}
|
||||
|
||||
// requestUserAgent is a build middleware that set the User-Agent for the request.
|
||||
type requestUserAgent struct {
|
||||
// UserAgentFeature enumerates tracked SDK features.
|
||||
type UserAgentFeature string
|
||||
|
||||
// Enumerates UserAgentFeature.
|
||||
const (
|
||||
UserAgentFeatureResourceModel UserAgentFeature = "A" // n/a (we don't generate separate resource types)
|
||||
UserAgentFeatureWaiter = "B"
|
||||
UserAgentFeaturePaginator = "C"
|
||||
UserAgentFeatureRetryModeLegacy = "D" // n/a (equivalent to standard)
|
||||
UserAgentFeatureRetryModeStandard = "E"
|
||||
UserAgentFeatureRetryModeAdaptive = "F"
|
||||
UserAgentFeatureS3Transfer = "G"
|
||||
UserAgentFeatureS3CryptoV1N = "H" // n/a (crypto client is external)
|
||||
UserAgentFeatureS3CryptoV2 = "I" // n/a
|
||||
UserAgentFeatureS3ExpressBucket = "J"
|
||||
UserAgentFeatureS3AccessGrants = "K" // not yet implemented
|
||||
UserAgentFeatureGZIPRequestCompression = "L"
|
||||
)
|
||||
|
||||
// RequestUserAgent is a build middleware that set the User-Agent for the request.
|
||||
type RequestUserAgent struct {
|
||||
sdkAgent, userAgent *smithyhttp.UserAgentBuilder
|
||||
features map[UserAgentFeature]struct{}
|
||||
}
|
||||
|
||||
// newRequestUserAgent returns a new requestUserAgent which will set the User-Agent and X-Amz-User-Agent for the
|
||||
// NewRequestUserAgent returns a new requestUserAgent which will set the User-Agent and X-Amz-User-Agent for the
|
||||
// request.
|
||||
//
|
||||
// User-Agent example:
|
||||
@ -79,14 +103,15 @@ type requestUserAgent struct {
|
||||
// X-Amz-User-Agent example:
|
||||
//
|
||||
// aws-sdk-go-v2/1.2.3 md/GOOS/linux md/GOARCH/amd64 lang/go/1.15
|
||||
func newRequestUserAgent() *requestUserAgent {
|
||||
func NewRequestUserAgent() *RequestUserAgent {
|
||||
userAgent, sdkAgent := smithyhttp.NewUserAgentBuilder(), smithyhttp.NewUserAgentBuilder()
|
||||
addProductName(userAgent)
|
||||
addProductName(sdkAgent)
|
||||
|
||||
r := &requestUserAgent{
|
||||
r := &RequestUserAgent{
|
||||
sdkAgent: sdkAgent,
|
||||
userAgent: userAgent,
|
||||
features: map[UserAgentFeature]struct{}{},
|
||||
}
|
||||
|
||||
addSDKMetadata(r)
|
||||
@ -94,7 +119,7 @@ func newRequestUserAgent() *requestUserAgent {
|
||||
return r
|
||||
}
|
||||
|
||||
func addSDKMetadata(r *requestUserAgent) {
|
||||
func addSDKMetadata(r *RequestUserAgent) {
|
||||
r.AddSDKAgentKey(OperatingSystemMetadata, getNormalizedOSName())
|
||||
r.AddSDKAgentKeyValue(LanguageMetadata, "go", languageVersion)
|
||||
r.AddSDKAgentKeyValue(AdditionalMetadata, "GOOS", runtime.GOOS)
|
||||
@ -162,18 +187,18 @@ func AddRequestUserAgentMiddleware(stack *middleware.Stack) error {
|
||||
return err
|
||||
}
|
||||
|
||||
func getOrAddRequestUserAgent(stack *middleware.Stack) (*requestUserAgent, error) {
|
||||
id := (*requestUserAgent)(nil).ID()
|
||||
func getOrAddRequestUserAgent(stack *middleware.Stack) (*RequestUserAgent, error) {
|
||||
id := (*RequestUserAgent)(nil).ID()
|
||||
bm, ok := stack.Build.Get(id)
|
||||
if !ok {
|
||||
bm = newRequestUserAgent()
|
||||
bm = NewRequestUserAgent()
|
||||
err := stack.Build.Add(bm, middleware.After)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
requestUserAgent, ok := bm.(*requestUserAgent)
|
||||
requestUserAgent, ok := bm.(*RequestUserAgent)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("%T for %s middleware did not match expected type", bm, id)
|
||||
}
|
||||
@ -182,34 +207,40 @@ func getOrAddRequestUserAgent(stack *middleware.Stack) (*requestUserAgent, error
|
||||
}
|
||||
|
||||
// AddUserAgentKey adds the component identified by name to the User-Agent string.
|
||||
func (u *requestUserAgent) AddUserAgentKey(key string) {
|
||||
func (u *RequestUserAgent) AddUserAgentKey(key string) {
|
||||
u.userAgent.AddKey(strings.Map(rules, key))
|
||||
}
|
||||
|
||||
// AddUserAgentKeyValue adds the key identified by the given name and value to the User-Agent string.
|
||||
func (u *requestUserAgent) AddUserAgentKeyValue(key, value string) {
|
||||
func (u *RequestUserAgent) AddUserAgentKeyValue(key, value string) {
|
||||
u.userAgent.AddKeyValue(strings.Map(rules, key), strings.Map(rules, value))
|
||||
}
|
||||
|
||||
// AddUserAgentKey adds the component identified by name to the User-Agent string.
|
||||
func (u *requestUserAgent) AddSDKAgentKey(keyType SDKAgentKeyType, key string) {
|
||||
// AddUserAgentFeature adds the feature ID to the tracking list to be emitted
|
||||
// in the final User-Agent string.
|
||||
func (u *RequestUserAgent) AddUserAgentFeature(feature UserAgentFeature) {
|
||||
u.features[feature] = struct{}{}
|
||||
}
|
||||
|
||||
// AddSDKAgentKey adds the component identified by name to the User-Agent string.
|
||||
func (u *RequestUserAgent) AddSDKAgentKey(keyType SDKAgentKeyType, key string) {
|
||||
// TODO: should target sdkAgent
|
||||
u.userAgent.AddKey(keyType.string() + "/" + strings.Map(rules, key))
|
||||
}
|
||||
|
||||
// AddUserAgentKeyValue adds the key identified by the given name and value to the User-Agent string.
|
||||
func (u *requestUserAgent) AddSDKAgentKeyValue(keyType SDKAgentKeyType, key, value string) {
|
||||
// AddSDKAgentKeyValue adds the key identified by the given name and value to the User-Agent string.
|
||||
func (u *RequestUserAgent) AddSDKAgentKeyValue(keyType SDKAgentKeyType, key, value string) {
|
||||
// TODO: should target sdkAgent
|
||||
u.userAgent.AddKeyValue(keyType.string(), strings.Map(rules, key)+"#"+strings.Map(rules, value))
|
||||
}
|
||||
|
||||
// ID the name of the middleware.
|
||||
func (u *requestUserAgent) ID() string {
|
||||
func (u *RequestUserAgent) ID() string {
|
||||
return "UserAgent"
|
||||
}
|
||||
|
||||
// HandleBuild adds or appends the constructed user agent to the request.
|
||||
func (u *requestUserAgent) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
|
||||
func (u *RequestUserAgent) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
|
||||
out middleware.BuildOutput, metadata middleware.Metadata, err error,
|
||||
) {
|
||||
switch req := in.Request.(type) {
|
||||
@ -224,12 +255,15 @@ func (u *requestUserAgent) HandleBuild(ctx context.Context, in middleware.BuildI
|
||||
return next.HandleBuild(ctx, in)
|
||||
}
|
||||
|
||||
func (u *requestUserAgent) addHTTPUserAgent(request *smithyhttp.Request) {
|
||||
func (u *RequestUserAgent) addHTTPUserAgent(request *smithyhttp.Request) {
|
||||
const userAgent = "User-Agent"
|
||||
updateHTTPHeader(request, userAgent, u.userAgent.Build())
|
||||
if len(u.features) > 0 {
|
||||
updateHTTPHeader(request, userAgent, buildFeatureMetrics(u.features))
|
||||
}
|
||||
}
|
||||
|
||||
func (u *requestUserAgent) addHTTPSDKAgent(request *smithyhttp.Request) {
|
||||
func (u *RequestUserAgent) addHTTPSDKAgent(request *smithyhttp.Request) {
|
||||
const sdkAgent = "X-Amz-User-Agent"
|
||||
updateHTTPHeader(request, sdkAgent, u.sdkAgent.Build())
|
||||
}
|
||||
@ -259,3 +293,13 @@ func rules(r rune) rune {
|
||||
return '-'
|
||||
}
|
||||
}
|
||||
|
||||
func buildFeatureMetrics(features map[UserAgentFeature]struct{}) string {
|
||||
fs := make([]string, 0, len(features))
|
||||
for f := range features {
|
||||
fs = append(fs, string(f))
|
||||
}
|
||||
|
||||
sort.Strings(fs)
|
||||
return fmt.Sprintf("%s/%s", FeatureMetadata2.string(), strings.Join(fs, ","))
|
||||
}
|
||||
|
20
vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/none.go
generated
vendored
Normal file
20
vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/none.go
generated
vendored
Normal file
@ -0,0 +1,20 @@
|
||||
package ratelimit
|
||||
|
||||
import "context"
|
||||
|
||||
// None implements a no-op rate limiter which effectively disables client-side
|
||||
// rate limiting (also known as "retry quotas").
|
||||
//
|
||||
// GetToken does nothing and always returns a nil error. The returned
|
||||
// token-release function does nothing, and always returns a nil error.
|
||||
//
|
||||
// AddTokens does nothing and always returns a nil error.
|
||||
var None = &none{}
|
||||
|
||||
type none struct{}
|
||||
|
||||
func (*none) GetToken(ctx context.Context, cost uint) (func() error, error) {
|
||||
return func() error { return nil }, nil
|
||||
}
|
||||
|
||||
func (*none) AddTokens(v uint) error { return nil }
|
45
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go
generated
vendored
45
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go
generated
vendored
@ -2,12 +2,15 @@ package retry
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics"
|
||||
internalcontext "github.com/aws/aws-sdk-go-v2/internal/context"
|
||||
|
||||
"github.com/aws/aws-sdk-go-v2/aws"
|
||||
awsmiddle "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
||||
"github.com/aws/aws-sdk-go-v2/internal/sdk"
|
||||
@ -39,6 +42,10 @@ type Attempt struct {
|
||||
requestCloner RequestCloner
|
||||
}
|
||||
|
||||
// define the threshold at which we will consider certain kind of errors to be probably
|
||||
// caused by clock skew
|
||||
const skewThreshold = 4 * time.Minute
|
||||
|
||||
// NewAttemptMiddleware returns a new Attempt retry middleware.
|
||||
func NewAttemptMiddleware(retryer aws.Retryer, requestCloner RequestCloner, optFns ...func(*Attempt)) *Attempt {
|
||||
m := &Attempt{
|
||||
@ -86,6 +93,9 @@ func (r *Attempt) HandleFinalize(ctx context.Context, in smithymiddle.FinalizeIn
|
||||
AttemptClockSkew: attemptClockSkew,
|
||||
})
|
||||
|
||||
// Setting clock skew to be used on other context (like signing)
|
||||
ctx = internalcontext.SetAttemptSkewContext(ctx, attemptClockSkew)
|
||||
|
||||
var attemptResult AttemptResult
|
||||
out, attemptResult, releaseRetryToken, err = r.handleAttempt(attemptCtx, attemptInput, releaseRetryToken, next)
|
||||
attemptClockSkew, _ = awsmiddle.GetAttemptSkew(attemptResult.ResponseMetadata)
|
||||
@ -185,6 +195,8 @@ func (r *Attempt) handleAttempt(
|
||||
return out, attemptResult, nopRelease, err
|
||||
}
|
||||
|
||||
err = wrapAsClockSkew(ctx, err)
|
||||
|
||||
//------------------------------
|
||||
// Is Retryable and Should Retry
|
||||
//------------------------------
|
||||
@ -247,6 +259,37 @@ func (r *Attempt) handleAttempt(
|
||||
return out, attemptResult, releaseRetryToken, err
|
||||
}
|
||||
|
||||
// errors that, if detected when we know there's a clock skew,
|
||||
// can be retried and have a high chance of success
|
||||
var possibleSkewCodes = map[string]struct{}{
|
||||
"InvalidSignatureException": {},
|
||||
"SignatureDoesNotMatch": {},
|
||||
"AuthFailure": {},
|
||||
}
|
||||
|
||||
var definiteSkewCodes = map[string]struct{}{
|
||||
"RequestExpired": {},
|
||||
"RequestInTheFuture": {},
|
||||
"RequestTimeTooSkewed": {},
|
||||
}
|
||||
|
||||
// wrapAsClockSkew checks if this error could be related to a clock skew
|
||||
// error and if so, wrap the error.
|
||||
func wrapAsClockSkew(ctx context.Context, err error) error {
|
||||
var v interface{ ErrorCode() string }
|
||||
if !errors.As(err, &v) {
|
||||
return err
|
||||
}
|
||||
if _, ok := definiteSkewCodes[v.ErrorCode()]; ok {
|
||||
return &retryableClockSkewError{Err: err}
|
||||
}
|
||||
_, isPossibleSkewCode := possibleSkewCodes[v.ErrorCode()]
|
||||
if skew := internalcontext.GetAttemptSkewContext(ctx); skew > skewThreshold && isPossibleSkewCode {
|
||||
return &retryableClockSkewError{Err: err}
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
// MetricsHeader attaches SDK request metric header for retries to the transport
|
||||
type MetricsHeader struct{}
|
||||
|
||||
|
21
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
generated
vendored
21
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
generated
vendored
@ -2,6 +2,7 @@ package retry
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/url"
|
||||
"strings"
|
||||
@ -199,3 +200,23 @@ func (r RetryableErrorCode) IsErrorRetryable(err error) aws.Ternary {
|
||||
|
||||
return aws.TrueTernary
|
||||
}
|
||||
|
||||
// retryableClockSkewError marks errors that can be caused by clock skew
|
||||
// (difference between server time and client time).
|
||||
// This is returned when there's certain confidence that adjusting the client time
|
||||
// could allow a retry to succeed
|
||||
type retryableClockSkewError struct{ Err error }
|
||||
|
||||
func (e *retryableClockSkewError) Error() string {
|
||||
return fmt.Sprintf("Probable clock skew error: %v", e.Err)
|
||||
}
|
||||
|
||||
// Unwrap returns the wrapped error.
|
||||
func (e *retryableClockSkewError) Unwrap() error {
|
||||
return e.Err
|
||||
}
|
||||
|
||||
// RetryableError allows the retryer to retry this request
|
||||
func (e *retryableClockSkewError) RetryableError() bool {
|
||||
return true
|
||||
}
|
||||
|
11
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/standard.go
generated
vendored
11
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/standard.go
generated
vendored
@ -123,6 +123,17 @@ type StandardOptions struct {
|
||||
|
||||
// Provides the rate limiting strategy for rate limiting attempt retries
|
||||
// across all attempts the retryer is being used with.
|
||||
//
|
||||
// A RateLimiter operates as a token bucket with a set capacity, where
|
||||
// attempt failures events consume tokens. A retry attempt that attempts to
|
||||
// consume more tokens than what's available results in operation failure.
|
||||
// The default implementation is parameterized as follows:
|
||||
// - a capacity of 500 (DefaultRetryRateTokens)
|
||||
// - a retry caused by a timeout costs 10 tokens (DefaultRetryCost)
|
||||
// - a retry caused by other errors costs 5 tokens (DefaultRetryTimeoutCost)
|
||||
// - an operation that succeeds on the 1st attempt adds 1 token (DefaultNoRetryIncrement)
|
||||
//
|
||||
// You can disable rate limiting by setting this field to ratelimit.None.
|
||||
RateLimiter RateLimiter
|
||||
|
||||
// The cost to deduct from the RateLimiter's token bucket per retry.
|
||||
|
1
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go
generated
vendored
@ -38,7 +38,6 @@ var RequiredSignedHeaders = Rules{
|
||||
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
|
||||
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{},
|
||||
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{},
|
||||
"X-Amz-Expected-Bucket-Owner": struct{}{},
|
||||
"X-Amz-Grant-Full-control": struct{}{},
|
||||
"X-Amz-Grant-Read": struct{}{},
|
||||
"X-Amz-Grant-Read-Acp": struct{}{},
|
||||
|
78
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go
generated
vendored
78
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go
generated
vendored
@ -11,7 +11,6 @@ import (
|
||||
|
||||
"github.com/aws/aws-sdk-go-v2/aws"
|
||||
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
||||
"github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics"
|
||||
v4Internal "github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4"
|
||||
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
|
||||
"github.com/aws/aws-sdk-go-v2/internal/sdk"
|
||||
@ -85,12 +84,12 @@ func (m *dynamicPayloadSigningMiddleware) HandleFinalize(
|
||||
}
|
||||
|
||||
if req.IsHTTPS() {
|
||||
return (&unsignedPayload{}).HandleFinalize(ctx, in, next)
|
||||
return (&UnsignedPayload{}).HandleFinalize(ctx, in, next)
|
||||
}
|
||||
return (&computePayloadSHA256{}).HandleFinalize(ctx, in, next)
|
||||
return (&ComputePayloadSHA256{}).HandleFinalize(ctx, in, next)
|
||||
}
|
||||
|
||||
// unsignedPayload sets the SigV4 request payload hash to unsigned.
|
||||
// UnsignedPayload sets the SigV4 request payload hash to unsigned.
|
||||
//
|
||||
// Will not set the Unsigned Payload magic SHA value, if a SHA has already been
|
||||
// stored in the context. (e.g. application pre-computed SHA256 before making
|
||||
@ -98,21 +97,21 @@ func (m *dynamicPayloadSigningMiddleware) HandleFinalize(
|
||||
//
|
||||
// This middleware does not check the X-Amz-Content-Sha256 header, if that
|
||||
// header is serialized a middleware must translate it into the context.
|
||||
type unsignedPayload struct{}
|
||||
type UnsignedPayload struct{}
|
||||
|
||||
// AddUnsignedPayloadMiddleware adds unsignedPayload to the operation
|
||||
// middleware stack
|
||||
func AddUnsignedPayloadMiddleware(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Insert(&unsignedPayload{}, "ResolveEndpointV2", middleware.After)
|
||||
return stack.Finalize.Insert(&UnsignedPayload{}, "ResolveEndpointV2", middleware.After)
|
||||
}
|
||||
|
||||
// ID returns the unsignedPayload identifier
|
||||
func (m *unsignedPayload) ID() string {
|
||||
func (m *UnsignedPayload) ID() string {
|
||||
return computePayloadHashMiddlewareID
|
||||
}
|
||||
|
||||
// HandleFinalize sets the payload hash magic value to the unsigned sentinel.
|
||||
func (m *unsignedPayload) HandleFinalize(
|
||||
func (m *UnsignedPayload) HandleFinalize(
|
||||
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
|
||||
) (
|
||||
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
|
||||
@ -123,7 +122,7 @@ func (m *unsignedPayload) HandleFinalize(
|
||||
return next.HandleFinalize(ctx, in)
|
||||
}
|
||||
|
||||
// computePayloadSHA256 computes SHA256 payload hash to sign.
|
||||
// ComputePayloadSHA256 computes SHA256 payload hash to sign.
|
||||
//
|
||||
// Will not set the Unsigned Payload magic SHA value, if a SHA has already been
|
||||
// stored in the context. (e.g. application pre-computed SHA256 before making
|
||||
@ -131,12 +130,12 @@ func (m *unsignedPayload) HandleFinalize(
|
||||
//
|
||||
// This middleware does not check the X-Amz-Content-Sha256 header, if that
|
||||
// header is serialized a middleware must translate it into the context.
|
||||
type computePayloadSHA256 struct{}
|
||||
type ComputePayloadSHA256 struct{}
|
||||
|
||||
// AddComputePayloadSHA256Middleware adds computePayloadSHA256 to the
|
||||
// operation middleware stack
|
||||
func AddComputePayloadSHA256Middleware(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Insert(&computePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
|
||||
return stack.Finalize.Insert(&ComputePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
|
||||
}
|
||||
|
||||
// RemoveComputePayloadSHA256Middleware removes computePayloadSHA256 from the
|
||||
@ -147,13 +146,13 @@ func RemoveComputePayloadSHA256Middleware(stack *middleware.Stack) error {
|
||||
}
|
||||
|
||||
// ID is the middleware name
|
||||
func (m *computePayloadSHA256) ID() string {
|
||||
func (m *ComputePayloadSHA256) ID() string {
|
||||
return computePayloadHashMiddlewareID
|
||||
}
|
||||
|
||||
// HandleFinalize computes the payload hash for the request, storing it to the
|
||||
// context. This is a no-op if a caller has previously set that value.
|
||||
func (m *computePayloadSHA256) HandleFinalize(
|
||||
func (m *ComputePayloadSHA256) HandleFinalize(
|
||||
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
|
||||
) (
|
||||
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
|
||||
@ -196,35 +195,35 @@ func (m *computePayloadSHA256) HandleFinalize(
|
||||
// Use this to disable computing the Payload SHA256 checksum and instead use
|
||||
// UNSIGNED-PAYLOAD for the SHA256 value.
|
||||
func SwapComputePayloadSHA256ForUnsignedPayloadMiddleware(stack *middleware.Stack) error {
|
||||
_, err := stack.Finalize.Swap(computePayloadHashMiddlewareID, &unsignedPayload{})
|
||||
_, err := stack.Finalize.Swap(computePayloadHashMiddlewareID, &UnsignedPayload{})
|
||||
return err
|
||||
}
|
||||
|
||||
// contentSHA256Header sets the X-Amz-Content-Sha256 header value to
|
||||
// ContentSHA256Header sets the X-Amz-Content-Sha256 header value to
|
||||
// the Payload hash stored in the context.
|
||||
type contentSHA256Header struct{}
|
||||
type ContentSHA256Header struct{}
|
||||
|
||||
// AddContentSHA256HeaderMiddleware adds ContentSHA256Header to the
|
||||
// operation middleware stack
|
||||
func AddContentSHA256HeaderMiddleware(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Insert(&contentSHA256Header{}, computePayloadHashMiddlewareID, middleware.After)
|
||||
return stack.Finalize.Insert(&ContentSHA256Header{}, computePayloadHashMiddlewareID, middleware.After)
|
||||
}
|
||||
|
||||
// RemoveContentSHA256HeaderMiddleware removes contentSHA256Header middleware
|
||||
// from the operation middleware stack
|
||||
func RemoveContentSHA256HeaderMiddleware(stack *middleware.Stack) error {
|
||||
_, err := stack.Finalize.Remove((*contentSHA256Header)(nil).ID())
|
||||
_, err := stack.Finalize.Remove((*ContentSHA256Header)(nil).ID())
|
||||
return err
|
||||
}
|
||||
|
||||
// ID returns the ContentSHA256HeaderMiddleware identifier
|
||||
func (m *contentSHA256Header) ID() string {
|
||||
func (m *ContentSHA256Header) ID() string {
|
||||
return "SigV4ContentSHA256Header"
|
||||
}
|
||||
|
||||
// HandleFinalize sets the X-Amz-Content-Sha256 header value to the Payload hash
|
||||
// stored in the context.
|
||||
func (m *contentSHA256Header) HandleFinalize(
|
||||
func (m *ContentSHA256Header) HandleFinalize(
|
||||
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
|
||||
) (
|
||||
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
|
||||
@ -301,22 +300,7 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl
|
||||
return out, metadata, &SigningError{Err: fmt.Errorf("computed payload hash missing from context")}
|
||||
}
|
||||
|
||||
mctx := metrics.Context(ctx)
|
||||
|
||||
if mctx != nil {
|
||||
if attempt, err := mctx.Data().LatestAttempt(); err == nil {
|
||||
attempt.CredentialFetchStartTime = sdk.NowTime()
|
||||
}
|
||||
}
|
||||
|
||||
credentials, err := s.credentialsProvider.Retrieve(ctx)
|
||||
|
||||
if mctx != nil {
|
||||
if attempt, err := mctx.Data().LatestAttempt(); err == nil {
|
||||
attempt.CredentialFetchEndTime = sdk.NowTime()
|
||||
}
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
return out, metadata, &SigningError{Err: fmt.Errorf("failed to retrieve credentials: %w", err)}
|
||||
}
|
||||
@ -337,20 +321,7 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl
|
||||
})
|
||||
}
|
||||
|
||||
if mctx != nil {
|
||||
if attempt, err := mctx.Data().LatestAttempt(); err == nil {
|
||||
attempt.SignStartTime = sdk.NowTime()
|
||||
}
|
||||
}
|
||||
|
||||
err = s.signer.SignHTTP(ctx, credentials, req.Request, payloadHash, signingName, signingRegion, sdk.NowTime(), signerOptions...)
|
||||
|
||||
if mctx != nil {
|
||||
if attempt, err := mctx.Data().LatestAttempt(); err == nil {
|
||||
attempt.SignEndTime = sdk.NowTime()
|
||||
}
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
return out, metadata, &SigningError{Err: fmt.Errorf("failed to sign http request, %w", err)}
|
||||
}
|
||||
@ -360,18 +331,21 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl
|
||||
return next.HandleFinalize(ctx, in)
|
||||
}
|
||||
|
||||
type streamingEventsPayload struct{}
|
||||
// StreamingEventsPayload signs input event stream messages.
|
||||
type StreamingEventsPayload struct{}
|
||||
|
||||
// AddStreamingEventsPayload adds the streamingEventsPayload middleware to the stack.
|
||||
func AddStreamingEventsPayload(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Add(&streamingEventsPayload{}, middleware.Before)
|
||||
return stack.Finalize.Add(&StreamingEventsPayload{}, middleware.Before)
|
||||
}
|
||||
|
||||
func (s *streamingEventsPayload) ID() string {
|
||||
// ID identifies the middleware.
|
||||
func (s *StreamingEventsPayload) ID() string {
|
||||
return computePayloadHashMiddlewareID
|
||||
}
|
||||
|
||||
func (s *streamingEventsPayload) HandleFinalize(
|
||||
// HandleFinalize marks the input stream to be signed with SigV4.
|
||||
func (s *StreamingEventsPayload) HandleFinalize(
|
||||
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
|
||||
) (
|
||||
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
|
||||
|
61
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go
generated
vendored
61
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go
generated
vendored
@ -1,48 +1,41 @@
|
||||
// Package v4 implements signing for AWS V4 signer
|
||||
// Package v4 implements the AWS signature version 4 algorithm (commonly known
|
||||
// as SigV4).
|
||||
//
|
||||
// Provides request signing for request that need to be signed with
|
||||
// AWS V4 Signatures.
|
||||
// For more information about SigV4, see [Signing AWS API requests] in the IAM
|
||||
// user guide.
|
||||
//
|
||||
// # Standalone Signer
|
||||
// While this implementation CAN work in an external context, it is developed
|
||||
// primarily for SDK use and you may encounter fringe behaviors around header
|
||||
// canonicalization.
|
||||
//
|
||||
// Generally using the signer outside of the SDK should not require any additional
|
||||
// # Pre-escaping a request URI
|
||||
//
|
||||
// The signer does this by taking advantage of the URL.EscapedPath method. If your request URI requires
|
||||
// AWS v4 signature validation requires that the canonical string's URI path
|
||||
// component must be the escaped form of the HTTP request's path.
|
||||
//
|
||||
// additional escaping you many need to use the URL.Opaque to define what the raw URI should be sent
|
||||
// to the service as.
|
||||
// The Go HTTP client will perform escaping automatically on the HTTP request.
|
||||
// This may cause signature validation errors because the request differs from
|
||||
// the URI path or query from which the signature was generated.
|
||||
//
|
||||
// The signer will first check the URL.Opaque field, and use its value if set.
|
||||
// The signer does require the URL.Opaque field to be set in the form of:
|
||||
// Because of this, we recommend that you explicitly escape the request when
|
||||
// using this signer outside of the SDK to prevent possible signature mismatch.
|
||||
// This can be done by setting URL.Opaque on the request. The signer will
|
||||
// prefer that value, falling back to the return of URL.EscapedPath if unset.
|
||||
//
|
||||
// When setting URL.Opaque you must do so in the form of:
|
||||
//
|
||||
// "//<hostname>/<path>"
|
||||
//
|
||||
// // e.g.
|
||||
// "//example.com/some/path"
|
||||
//
|
||||
// The leading "//" and hostname are required or the URL.Opaque escaping will
|
||||
// not work correctly.
|
||||
// The leading "//" and hostname are required or the escaping will not work
|
||||
// correctly.
|
||||
//
|
||||
// If URL.Opaque is not set the signer will fallback to the URL.EscapedPath()
|
||||
// method and using the returned value.
|
||||
// The TestStandaloneSign unit test provides a complete example of using the
|
||||
// signer outside of the SDK and pre-escaping the URI path.
|
||||
//
|
||||
// AWS v4 signature validation requires that the canonical string's URI path
|
||||
// element must be the URI escaped form of the HTTP request's path.
|
||||
// http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
|
||||
//
|
||||
// The Go HTTP client will perform escaping automatically on the request. Some
|
||||
// of these escaping may cause signature validation errors because the HTTP
|
||||
// request differs from the URI path or query that the signature was generated.
|
||||
// https://golang.org/pkg/net/url/#URL.EscapedPath
|
||||
//
|
||||
// Because of this, it is recommended that when using the signer outside of the
|
||||
// SDK that explicitly escaping the request prior to being signed is preferable,
|
||||
// and will help prevent signature validation errors. This can be done by setting
|
||||
// the URL.Opaque or URL.RawPath. The SDK will use URL.Opaque first and then
|
||||
// call URL.EscapedPath() if Opaque is not set.
|
||||
//
|
||||
// Test `TestStandaloneSign` provides a complete example of using the signer
|
||||
// outside of the SDK and pre-escaping the URI path.
|
||||
// [Signing AWS API requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
|
||||
package v4
|
||||
|
||||
import (
|
||||
@ -402,6 +395,12 @@ func buildQuery(r v4Internal.Rule, header http.Header) (url.Values, http.Header)
|
||||
query := url.Values{}
|
||||
unsignedHeaders := http.Header{}
|
||||
for k, h := range header {
|
||||
// literally just this header has this constraint for some stupid reason,
|
||||
// see #2508
|
||||
if k == "X-Amz-Expected-Bucket-Owner" {
|
||||
k = "x-amz-expected-bucket-owner"
|
||||
}
|
||||
|
||||
if r.IsValid(k) {
|
||||
query[k] = h
|
||||
} else {
|
||||
|
10
vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/response_error_middleware.go
generated
vendored
10
vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/response_error_middleware.go
generated
vendored
@ -12,18 +12,20 @@ import (
|
||||
func AddResponseErrorMiddleware(stack *middleware.Stack) error {
|
||||
// add error wrapper middleware before request id retriever middleware so that it can wrap the error response
|
||||
// returned by operation deserializers
|
||||
return stack.Deserialize.Insert(&responseErrorWrapper{}, "RequestIDRetriever", middleware.Before)
|
||||
return stack.Deserialize.Insert(&ResponseErrorWrapper{}, "RequestIDRetriever", middleware.Before)
|
||||
}
|
||||
|
||||
type responseErrorWrapper struct {
|
||||
// ResponseErrorWrapper wraps operation errors with ResponseError.
|
||||
type ResponseErrorWrapper struct {
|
||||
}
|
||||
|
||||
// ID returns the middleware identifier
|
||||
func (m *responseErrorWrapper) ID() string {
|
||||
func (m *ResponseErrorWrapper) ID() string {
|
||||
return "ResponseErrorWrapper"
|
||||
}
|
||||
|
||||
func (m *responseErrorWrapper) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
|
||||
// HandleDeserialize wraps the stack error with smithyhttp.ResponseError.
|
||||
func (m *ResponseErrorWrapper) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
|
||||
out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
|
||||
) {
|
||||
out, metadata, err = next.HandleDeserialize(ctx, in)
|
||||
|
115
vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
generated
vendored
115
vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
generated
vendored
@ -1,3 +1,118 @@
|
||||
# v1.27.27 (2024-07-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.26 (2024-07-10.2)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.25 (2024-07-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.24 (2024-07-03)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.23 (2024-06-28)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.22 (2024-06-26)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.21 (2024-06-19)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.20 (2024-06-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.19 (2024-06-17)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.18 (2024-06-07)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.17 (2024-06-03)
|
||||
|
||||
* **Documentation**: Add deprecation docs to global endpoint resolution interfaces. These APIs were previously deprecated with the introduction of service-specific endpoint resolution (EndpointResolverV2 and BaseEndpoint on service client options).
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.16 (2024-05-23)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.15 (2024-05-16)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.14 (2024-05-15)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.13 (2024-05-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.12 (2024-05-08)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.11 (2024-04-05)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.10 (2024-03-29)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.9 (2024-03-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.8 (2024-03-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.7 (2024-03-07)
|
||||
|
||||
* **Bug Fix**: Remove dependency on go-cmp.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.6 (2024-03-05)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.5 (2024-03-04)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.4 (2024-02-23)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.3 (2024-02-22)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.2 (2024-02-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.1 (2024-02-20)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.0 (2024-02-13)
|
||||
|
||||
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.26.6 (2024-01-22)
|
||||
|
||||
* **Bug Fix**: Remove invalid escaping of shared config values. All values in the shared config file will now be interpreted literally, save for fully-quoted strings which are unwrapped for legacy reasons.
|
||||
|
3
vendor/github.com/aws/aws-sdk-go-v2/config/config.go
generated
vendored
3
vendor/github.com/aws/aws-sdk-go-v2/config/config.go
generated
vendored
@ -80,6 +80,9 @@ var defaultAWSConfigResolvers = []awsConfigResolver{
|
||||
|
||||
// Sets the RequestMinCompressSizeBytes if present in env var or shared config profile
|
||||
resolveRequestMinCompressSizeBytes,
|
||||
|
||||
// Sets the AccountIDEndpointMode if present in env var or shared config profile
|
||||
resolveAccountIDEndpointMode,
|
||||
}
|
||||
|
||||
// A Config represents a generic configuration value or set of values. This type
|
||||
|
37
vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go
generated
vendored
37
vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go
generated
vendored
@ -80,6 +80,9 @@ const (
|
||||
awsRequestMinCompressionSizeBytes = "AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES"
|
||||
|
||||
awsS3DisableExpressSessionAuthEnv = "AWS_S3_DISABLE_EXPRESS_SESSION_AUTH"
|
||||
|
||||
awsAccountIDEnv = "AWS_ACCOUNT_ID"
|
||||
awsAccountIDEndpointModeEnv = "AWS_ACCOUNT_ID_ENDPOINT_MODE"
|
||||
)
|
||||
|
||||
var (
|
||||
@ -290,6 +293,9 @@ type EnvConfig struct {
|
||||
// will only bypass the modified endpoint routing and signing behaviors
|
||||
// associated with the feature.
|
||||
S3DisableExpressAuth *bool
|
||||
|
||||
// Indicates whether account ID will be required/ignored in endpoint2.0 routing
|
||||
AccountIDEndpointMode aws.AccountIDEndpointMode
|
||||
}
|
||||
|
||||
// loadEnvConfig reads configuration values from the OS's environment variables.
|
||||
@ -309,6 +315,7 @@ func NewEnvConfig() (EnvConfig, error) {
|
||||
setStringFromEnvVal(&creds.AccessKeyID, credAccessEnvKeys)
|
||||
setStringFromEnvVal(&creds.SecretAccessKey, credSecretEnvKeys)
|
||||
if creds.HasKeys() {
|
||||
creds.AccountID = os.Getenv(awsAccountIDEnv)
|
||||
creds.SessionToken = os.Getenv(awsSessionTokenEnvVar)
|
||||
cfg.Credentials = creds
|
||||
}
|
||||
@ -389,6 +396,10 @@ func NewEnvConfig() (EnvConfig, error) {
|
||||
return cfg, err
|
||||
}
|
||||
|
||||
if err := setAIDEndPointModeFromEnvVal(&cfg.AccountIDEndpointMode, []string{awsAccountIDEndpointModeEnv}); err != nil {
|
||||
return cfg, err
|
||||
}
|
||||
|
||||
return cfg, nil
|
||||
}
|
||||
|
||||
@ -417,6 +428,10 @@ func (c EnvConfig) getRequestMinCompressSizeBytes(context.Context) (int64, bool,
|
||||
return *c.RequestMinCompressSizeBytes, true, nil
|
||||
}
|
||||
|
||||
func (c EnvConfig) getAccountIDEndpointMode(context.Context) (aws.AccountIDEndpointMode, bool, error) {
|
||||
return c.AccountIDEndpointMode, len(c.AccountIDEndpointMode) > 0, nil
|
||||
}
|
||||
|
||||
// GetRetryMaxAttempts returns the value of AWS_MAX_ATTEMPTS if was specified,
|
||||
// and not 0.
|
||||
func (c EnvConfig) GetRetryMaxAttempts(ctx context.Context) (int, bool, error) {
|
||||
@ -491,6 +506,28 @@ func setEC2IMDSEndpointMode(mode *imds.EndpointModeState, keys []string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func setAIDEndPointModeFromEnvVal(m *aws.AccountIDEndpointMode, keys []string) error {
|
||||
for _, k := range keys {
|
||||
value := os.Getenv(k)
|
||||
if len(value) == 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
switch value {
|
||||
case "preferred":
|
||||
*m = aws.AccountIDEndpointModePreferred
|
||||
case "required":
|
||||
*m = aws.AccountIDEndpointModeRequired
|
||||
case "disabled":
|
||||
*m = aws.AccountIDEndpointModeDisabled
|
||||
default:
|
||||
return fmt.Errorf("invalid value for environment variable, %s=%s, must be preferred/required/disabled", k, value)
|
||||
}
|
||||
break
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetRegion returns the AWS Region if set in the environment. Returns an empty
|
||||
// string if not set.
|
||||
func (c EnvConfig) getRegion(ctx context.Context) (string, bool, error) {
|
||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
||||
package config
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "1.26.6"
|
||||
const goModuleVersion = "1.27.27"
|
||||
|
29
vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go
generated
vendored
29
vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go
generated
vendored
@ -215,6 +215,8 @@ type LoadOptions struct {
|
||||
|
||||
// Whether S3 Express auth is disabled.
|
||||
S3DisableExpressAuth *bool
|
||||
|
||||
AccountIDEndpointMode aws.AccountIDEndpointMode
|
||||
}
|
||||
|
||||
func (o LoadOptions) getDefaultsMode(ctx context.Context) (aws.DefaultsMode, bool, error) {
|
||||
@ -278,6 +280,10 @@ func (o LoadOptions) getRequestMinCompressSizeBytes(ctx context.Context) (int64,
|
||||
return *o.RequestMinCompressSizeBytes, true, nil
|
||||
}
|
||||
|
||||
func (o LoadOptions) getAccountIDEndpointMode(ctx context.Context) (aws.AccountIDEndpointMode, bool, error) {
|
||||
return o.AccountIDEndpointMode, len(o.AccountIDEndpointMode) > 0, nil
|
||||
}
|
||||
|
||||
// WithRegion is a helper function to construct functional options
|
||||
// that sets Region on config's LoadOptions. Setting the region to
|
||||
// an empty string, will result in the region value being ignored.
|
||||
@ -323,6 +329,17 @@ func WithRequestMinCompressSizeBytes(RequestMinCompressSizeBytes *int64) LoadOpt
|
||||
}
|
||||
}
|
||||
|
||||
// WithAccountIDEndpointMode is a helper function to construct functional options
|
||||
// that sets AccountIDEndpointMode on config's LoadOptions
|
||||
func WithAccountIDEndpointMode(m aws.AccountIDEndpointMode) LoadOptionsFunc {
|
||||
return func(o *LoadOptions) error {
|
||||
if m != "" {
|
||||
o.AccountIDEndpointMode = m
|
||||
}
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
// getDefaultRegion returns DefaultRegion from config's LoadOptions
|
||||
func (o LoadOptions) getDefaultRegion(ctx context.Context) (string, bool, error) {
|
||||
if len(o.DefaultRegion) == 0 {
|
||||
@ -824,7 +841,14 @@ func (o LoadOptions) getEndpointResolver(ctx context.Context) (aws.EndpointResol
|
||||
// the EndpointResolver value is ignored. If multiple WithEndpointResolver calls
|
||||
// are made, the last call overrides the previous call values.
|
||||
//
|
||||
// Deprecated: See WithEndpointResolverWithOptions
|
||||
// Deprecated: The global endpoint resolution interface is deprecated. The API
|
||||
// for endpoint resolution is now unique to each service and is set via the
|
||||
// EndpointResolverV2 field on service client options. Use of
|
||||
// WithEndpointResolver or WithEndpointResolverWithOptions will prevent you
|
||||
// from using any endpoint-related service features released after the
|
||||
// introduction of EndpointResolverV2. You may also encounter broken or
|
||||
// unexpected behavior when using the old global interface with services that
|
||||
// use many endpoint-related customizations such as S3.
|
||||
func WithEndpointResolver(v aws.EndpointResolver) LoadOptionsFunc {
|
||||
return func(o *LoadOptions) error {
|
||||
o.EndpointResolver = v
|
||||
@ -844,6 +868,9 @@ func (o LoadOptions) getEndpointResolverWithOptions(ctx context.Context) (aws.En
|
||||
// that sets the EndpointResolverWithOptions on LoadOptions. If the EndpointResolverWithOptions is set to nil,
|
||||
// the EndpointResolver value is ignored. If multiple WithEndpointResolver calls
|
||||
// are made, the last call overrides the previous call values.
|
||||
//
|
||||
// Deprecated: The global endpoint resolution interface is deprecated. See
|
||||
// deprecation docs on [WithEndpointResolver].
|
||||
func WithEndpointResolverWithOptions(v aws.EndpointResolverWithOptions) LoadOptionsFunc {
|
||||
return func(o *LoadOptions) error {
|
||||
o.EndpointResolverWithOptions = v
|
||||
|
17
vendor/github.com/aws/aws-sdk-go-v2/config/provider.go
generated
vendored
17
vendor/github.com/aws/aws-sdk-go-v2/config/provider.go
generated
vendored
@ -225,6 +225,23 @@ func getRequestMinCompressSizeBytes(ctx context.Context, configs configs) (value
|
||||
return
|
||||
}
|
||||
|
||||
// accountIDEndpointModeProvider provides access to the AccountIDEndpointMode
|
||||
type accountIDEndpointModeProvider interface {
|
||||
getAccountIDEndpointMode(context.Context) (aws.AccountIDEndpointMode, bool, error)
|
||||
}
|
||||
|
||||
func getAccountIDEndpointMode(ctx context.Context, configs configs) (value aws.AccountIDEndpointMode, found bool, err error) {
|
||||
for _, cfg := range configs {
|
||||
if p, ok := cfg.(accountIDEndpointModeProvider); ok {
|
||||
value, found, err = p.getAccountIDEndpointMode(ctx)
|
||||
if err != nil || found {
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// ec2IMDSRegionProvider provides access to the ec2 imds region
|
||||
// configuration value
|
||||
type ec2IMDSRegionProvider interface {
|
||||
|
16
vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go
generated
vendored
16
vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go
generated
vendored
@ -166,6 +166,22 @@ func resolveRequestMinCompressSizeBytes(ctx context.Context, cfg *aws.Config, co
|
||||
return nil
|
||||
}
|
||||
|
||||
// resolveAccountIDEndpointMode extracts the AccountIDEndpointMode from the configs slice's
|
||||
// SharedConfig or EnvConfig
|
||||
func resolveAccountIDEndpointMode(ctx context.Context, cfg *aws.Config, configs configs) error {
|
||||
m, found, err := getAccountIDEndpointMode(ctx, configs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if !found {
|
||||
m = aws.AccountIDEndpointModePreferred
|
||||
}
|
||||
|
||||
cfg.AccountIDEndpointMode = m
|
||||
return nil
|
||||
}
|
||||
|
||||
// resolveDefaultRegion extracts the first instance of a default region and sets `aws.Config.Region` to the default
|
||||
// region if region had not been resolved from other sources.
|
||||
func resolveDefaultRegion(ctx context.Context, cfg *aws.Config, configs configs) error {
|
||||
|
34
vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go
generated
vendored
34
vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go
generated
vendored
@ -115,6 +115,9 @@ const (
|
||||
requestMinCompressionSizeBytes = "request_min_compression_size_bytes"
|
||||
|
||||
s3DisableExpressSessionAuthKey = "s3_disable_express_session_auth"
|
||||
|
||||
accountIDKey = "aws_account_id"
|
||||
accountIDEndpointMode = "account_id_endpoint_mode"
|
||||
)
|
||||
|
||||
// defaultSharedConfigProfile allows for swapping the default profile for testing
|
||||
@ -341,6 +344,8 @@ type SharedConfig struct {
|
||||
// will only bypass the modified endpoint routing and signing behaviors
|
||||
// associated with the feature.
|
||||
S3DisableExpressAuth *bool
|
||||
|
||||
AccountIDEndpointMode aws.AccountIDEndpointMode
|
||||
}
|
||||
|
||||
func (c SharedConfig) getDefaultsMode(ctx context.Context) (value aws.DefaultsMode, ok bool, err error) {
|
||||
@ -1124,12 +1129,17 @@ func (c *SharedConfig) setFromIniSection(profile string, section ini.Section) er
|
||||
return fmt.Errorf("failed to load %s from shared config, %w", requestMinCompressionSizeBytes, err)
|
||||
}
|
||||
|
||||
if err := updateAIDEndpointMode(&c.AccountIDEndpointMode, section, accountIDEndpointMode); err != nil {
|
||||
return fmt.Errorf("failed to load %s from shared config, %w", accountIDEndpointMode, err)
|
||||
}
|
||||
|
||||
// Shared Credentials
|
||||
creds := aws.Credentials{
|
||||
AccessKeyID: section.String(accessKeyIDKey),
|
||||
SecretAccessKey: section.String(secretAccessKey),
|
||||
SessionToken: section.String(sessionTokenKey),
|
||||
Source: fmt.Sprintf("SharedConfigCredentials: %s", section.SourceFile[accessKeyIDKey]),
|
||||
AccountID: section.String(accountIDKey),
|
||||
}
|
||||
|
||||
if creds.HasKeys() {
|
||||
@ -1177,6 +1187,26 @@ func updateDisableRequestCompression(disable **bool, sec ini.Section, key string
|
||||
return nil
|
||||
}
|
||||
|
||||
func updateAIDEndpointMode(m *aws.AccountIDEndpointMode, sec ini.Section, key string) error {
|
||||
if !sec.Has(key) {
|
||||
return nil
|
||||
}
|
||||
|
||||
v := sec.String(key)
|
||||
switch v {
|
||||
case "preferred":
|
||||
*m = aws.AccountIDEndpointModePreferred
|
||||
case "required":
|
||||
*m = aws.AccountIDEndpointModeRequired
|
||||
case "disabled":
|
||||
*m = aws.AccountIDEndpointModeDisabled
|
||||
default:
|
||||
return fmt.Errorf("invalid value for shared config profile field, %s=%s, must be preferred/required/disabled", key, v)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c SharedConfig) getRequestMinCompressSizeBytes(ctx context.Context) (int64, bool, error) {
|
||||
if c.RequestMinCompressSizeBytes == nil {
|
||||
return 0, false, nil
|
||||
@ -1191,6 +1221,10 @@ func (c SharedConfig) getDisableRequestCompression(ctx context.Context) (bool, b
|
||||
return *c.DisableRequestCompression, true, nil
|
||||
}
|
||||
|
||||
func (c SharedConfig) getAccountIDEndpointMode(ctx context.Context) (aws.AccountIDEndpointMode, bool, error) {
|
||||
return c.AccountIDEndpointMode, len(c.AccountIDEndpointMode) > 0, nil
|
||||
}
|
||||
|
||||
func updateDefaultsMode(mode *aws.DefaultsMode, section ini.Section, key string) error {
|
||||
if !section.Has(key) {
|
||||
return nil
|
||||
|
114
vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
generated
vendored
114
vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
generated
vendored
@ -1,3 +1,117 @@
|
||||
# v1.17.27 (2024-07-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.26 (2024-07-10.2)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.25 (2024-07-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.24 (2024-07-03)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.23 (2024-06-28)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.22 (2024-06-26)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.21 (2024-06-19)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.20 (2024-06-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.19 (2024-06-17)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.18 (2024-06-07)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.17 (2024-06-03)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.16 (2024-05-23)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.15 (2024-05-16)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.14 (2024-05-15)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.13 (2024-05-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.12 (2024-05-08)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.11 (2024-04-05)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.10 (2024-03-29)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.9 (2024-03-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.8 (2024-03-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.7 (2024-03-07)
|
||||
|
||||
* **Bug Fix**: Remove dependency on go-cmp.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.6 (2024-03-05)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.5 (2024-03-04)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.4 (2024-02-23)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.3 (2024-02-22)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.2 (2024-02-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.1 (2024-02-20)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.17.0 (2024-02-13)
|
||||
|
||||
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.16.16 (2024-01-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
@ -128,6 +128,7 @@ type GetCredentialsOutput struct {
|
||||
AccessKeyID string
|
||||
SecretAccessKey string
|
||||
Token string
|
||||
AccountID string
|
||||
}
|
||||
|
||||
// EndpointError is an error returned from the endpoint service
|
||||
|
1
vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/provider.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/provider.go
generated
vendored
@ -152,6 +152,7 @@ func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) {
|
||||
SecretAccessKey: resp.SecretAccessKey,
|
||||
SessionToken: resp.Token,
|
||||
Source: ProviderName,
|
||||
AccountID: resp.AccountID,
|
||||
}
|
||||
|
||||
if resp.Expiration != nil {
|
||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
||||
package credentials
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "1.16.16"
|
||||
const goModuleVersion = "1.17.27"
|
||||
|
4
vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go
generated
vendored
4
vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go
generated
vendored
@ -167,6 +167,9 @@ type CredentialProcessResponse struct {
|
||||
|
||||
// The date on which the current credentials expire.
|
||||
Expiration *time.Time
|
||||
|
||||
// The ID of the account for credentials
|
||||
AccountID string `json:"AccountId"`
|
||||
}
|
||||
|
||||
// Retrieve executes the credential process command and returns the
|
||||
@ -208,6 +211,7 @@ func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) {
|
||||
AccessKeyID: resp.AccessKeyID,
|
||||
SecretAccessKey: resp.SecretAccessKey,
|
||||
SessionToken: resp.SessionToken,
|
||||
AccountID: resp.AccountID,
|
||||
}
|
||||
|
||||
// Handle expiration
|
||||
|
1
vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_credentials_provider.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_credentials_provider.go
generated
vendored
@ -129,6 +129,7 @@ func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) {
|
||||
CanExpire: true,
|
||||
Expires: time.Unix(0, output.RoleCredentials.Expiration*int64(time.Millisecond)).UTC(),
|
||||
Source: ProviderName,
|
||||
AccountID: p.options.AccountID,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
6
vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/assume_role_provider.go
generated
vendored
6
vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/assume_role_provider.go
generated
vendored
@ -308,6 +308,11 @@ func (p *AssumeRoleProvider) Retrieve(ctx context.Context) (aws.Credentials, err
|
||||
return aws.Credentials{Source: ProviderName}, err
|
||||
}
|
||||
|
||||
var accountID string
|
||||
if resp.AssumedRoleUser != nil {
|
||||
accountID = getAccountID(resp.AssumedRoleUser)
|
||||
}
|
||||
|
||||
return aws.Credentials{
|
||||
AccessKeyID: *resp.Credentials.AccessKeyId,
|
||||
SecretAccessKey: *resp.Credentials.SecretAccessKey,
|
||||
@ -316,5 +321,6 @@ func (p *AssumeRoleProvider) Retrieve(ctx context.Context) (aws.Credentials, err
|
||||
|
||||
CanExpire: true,
|
||||
Expires: *resp.Credentials.Expiration,
|
||||
AccountID: accountID,
|
||||
}, nil
|
||||
}
|
||||
|
19
vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go
generated
vendored
19
vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go
generated
vendored
@ -5,6 +5,7 @@ import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go-v2/aws"
|
||||
@ -135,6 +136,11 @@ func (p *WebIdentityRoleProvider) Retrieve(ctx context.Context) (aws.Credentials
|
||||
return aws.Credentials{}, fmt.Errorf("failed to retrieve credentials, %w", err)
|
||||
}
|
||||
|
||||
var accountID string
|
||||
if resp.AssumedRoleUser != nil {
|
||||
accountID = getAccountID(resp.AssumedRoleUser)
|
||||
}
|
||||
|
||||
// InvalidIdentityToken error is a temporary error that can occur
|
||||
// when assuming an Role with a JWT web identity token.
|
||||
|
||||
@ -145,6 +151,19 @@ func (p *WebIdentityRoleProvider) Retrieve(ctx context.Context) (aws.Credentials
|
||||
Source: WebIdentityProviderName,
|
||||
CanExpire: true,
|
||||
Expires: *resp.Credentials.Expiration,
|
||||
AccountID: accountID,
|
||||
}
|
||||
return value, nil
|
||||
}
|
||||
|
||||
// extract accountID from arn with format "arn:partition:service:region:account-id:[resource-section]"
|
||||
func getAccountID(u *types.AssumedRoleUser) string {
|
||||
if u.Arn == nil {
|
||||
return ""
|
||||
}
|
||||
parts := strings.Split(*u.Arn, ":")
|
||||
if len(parts) < 5 {
|
||||
return ""
|
||||
}
|
||||
return parts[4]
|
||||
}
|
||||
|
70
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
generated
vendored
70
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
generated
vendored
@ -1,3 +1,73 @@
|
||||
# v1.16.11 (2024-07-10.2)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.16.10 (2024-07-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.16.9 (2024-06-28)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.16.8 (2024-06-19)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.16.7 (2024-06-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.16.6 (2024-06-17)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.16.5 (2024-06-07)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.16.4 (2024-06-03)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.16.3 (2024-05-16)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.16.2 (2024-05-15)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.16.1 (2024-03-29)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.16.0 (2024-03-21)
|
||||
|
||||
* **Feature**: Add config switch `DisableDefaultTimeout` that allows you to disable the default operation timeout (5 seconds) for IMDS calls.
|
||||
|
||||
# v1.15.4 (2024-03-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.15.3 (2024-03-07)
|
||||
|
||||
* **Bug Fix**: Remove dependency on go-cmp.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.15.2 (2024-02-23)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.15.1 (2024-02-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.15.0 (2024-02-13)
|
||||
|
||||
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.14.11 (2024-01-04)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
4
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go
generated
vendored
4
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go
generated
vendored
@ -185,6 +185,10 @@ type Options struct {
|
||||
// [configuring IMDS]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
|
||||
EnableFallback aws.Ternary
|
||||
|
||||
// By default, all IMDS client operations enforce a 5-second timeout. You
|
||||
// can disable that behavior with this setting.
|
||||
DisableDefaultTimeout bool
|
||||
|
||||
// provides the caching of API tokens used for operation calls. If unset,
|
||||
// the API token will not be retrieved for the operation.
|
||||
tokenProvider *tokenProvider
|
||||
|
5
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/doc.go
generated
vendored
5
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/doc.go
generated
vendored
@ -3,8 +3,9 @@
|
||||
//
|
||||
// All Client operation calls have a default timeout. If the operation is not
|
||||
// completed before this timeout expires, the operation will be canceled. This
|
||||
// timeout can be overridden by providing Context with a timeout or deadline
|
||||
// with calling the client's operations.
|
||||
// timeout can be overridden through the following:
|
||||
// - Set the options flag DisableDefaultTimeout
|
||||
// - Provide a Context with a timeout or deadline with calling the client's operations.
|
||||
//
|
||||
// See the EC2 IMDS user guide for more information on using the API.
|
||||
// https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
|
||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
||||
package imds
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "1.14.11"
|
||||
const goModuleVersion = "1.16.11"
|
||||
|
6
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go
generated
vendored
6
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go
generated
vendored
@ -56,6 +56,7 @@ func addRequestMiddleware(stack *middleware.Stack,
|
||||
|
||||
// Operation timeout
|
||||
err = stack.Initialize.Add(&operationTimeout{
|
||||
Disabled: options.DisableDefaultTimeout,
|
||||
DefaultTimeout: defaultOperationTimeout,
|
||||
}, middleware.Before)
|
||||
if err != nil {
|
||||
@ -260,6 +261,7 @@ const (
|
||||
// Otherwise the timeout cleanup will race the resource being consumed
|
||||
// upstream.
|
||||
type operationTimeout struct {
|
||||
Disabled bool
|
||||
DefaultTimeout time.Duration
|
||||
}
|
||||
|
||||
@ -270,6 +272,10 @@ func (m *operationTimeout) HandleInitialize(
|
||||
) (
|
||||
output middleware.InitializeOutput, metadata middleware.Metadata, err error,
|
||||
) {
|
||||
if m.Disabled {
|
||||
return next.HandleInitialize(ctx, input)
|
||||
}
|
||||
|
||||
if _, ok := ctx.Deadline(); !ok && m.DefaultTimeout != 0 {
|
||||
var cancelFn func()
|
||||
ctx, cancelFn = context.WithTimeout(ctx, m.DefaultTimeout)
|
||||
|
6
vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter.go
generated
vendored
6
vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter.go
generated
vendored
@ -5,6 +5,7 @@ import (
|
||||
"fmt"
|
||||
|
||||
v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
|
||||
internalcontext "github.com/aws/aws-sdk-go-v2/internal/context"
|
||||
"github.com/aws/aws-sdk-go-v2/internal/sdk"
|
||||
"github.com/aws/smithy-go"
|
||||
"github.com/aws/smithy-go/auth"
|
||||
@ -39,7 +40,10 @@ func (v *V4SignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request
|
||||
}
|
||||
|
||||
hash := v4.GetPayloadHash(ctx)
|
||||
err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, region, sdk.NowTime(), func(o *v4.SignerOptions) {
|
||||
signingTime := sdk.NowTime()
|
||||
skew := internalcontext.GetAttemptSkewContext(ctx)
|
||||
signingTime = signingTime.Add(skew)
|
||||
err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, region, signingTime, func(o *v4.SignerOptions) {
|
||||
o.DisableURIPathEscaping, _ = smithyhttp.GetDisableDoubleEncoding(&props)
|
||||
|
||||
o.Logger = v.Logger
|
||||
|
65
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
generated
vendored
65
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
generated
vendored
@ -1,3 +1,68 @@
|
||||
# v1.3.15 (2024-07-10.2)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.14 (2024-07-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.13 (2024-06-28)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.12 (2024-06-19)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.11 (2024-06-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.10 (2024-06-17)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.9 (2024-06-07)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.8 (2024-06-03)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.7 (2024-05-16)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.6 (2024-05-15)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.5 (2024-03-29)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.4 (2024-03-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.3 (2024-03-07)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.2 (2024-02-23)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.1 (2024-02-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.3.0 (2024-02-13)
|
||||
|
||||
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.2.10 (2024-01-04)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
||||
package configsources
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "1.2.10"
|
||||
const goModuleVersion = "1.3.15"
|
||||
|
52
vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go
generated
vendored
Normal file
52
vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go
generated
vendored
Normal file
@ -0,0 +1,52 @@
|
||||
package context
|
||||
|
||||
import (
|
||||
"context"
|
||||
"time"
|
||||
|
||||
"github.com/aws/smithy-go/middleware"
|
||||
)
|
||||
|
||||
type s3BackendKey struct{}
|
||||
type checksumInputAlgorithmKey struct{}
|
||||
type clockSkew struct{}
|
||||
|
||||
const (
|
||||
// S3BackendS3Express identifies the S3Express backend
|
||||
S3BackendS3Express = "S3Express"
|
||||
)
|
||||
|
||||
// SetS3Backend stores the resolved endpoint backend within the request
|
||||
// context, which is required for a variety of custom S3 behaviors.
|
||||
func SetS3Backend(ctx context.Context, typ string) context.Context {
|
||||
return middleware.WithStackValue(ctx, s3BackendKey{}, typ)
|
||||
}
|
||||
|
||||
// GetS3Backend retrieves the stored endpoint backend within the context.
|
||||
func GetS3Backend(ctx context.Context) string {
|
||||
v, _ := middleware.GetStackValue(ctx, s3BackendKey{}).(string)
|
||||
return v
|
||||
}
|
||||
|
||||
// SetChecksumInputAlgorithm sets the request checksum algorithm on the
|
||||
// context.
|
||||
func SetChecksumInputAlgorithm(ctx context.Context, value string) context.Context {
|
||||
return middleware.WithStackValue(ctx, checksumInputAlgorithmKey{}, value)
|
||||
}
|
||||
|
||||
// GetChecksumInputAlgorithm returns the checksum algorithm from the context.
|
||||
func GetChecksumInputAlgorithm(ctx context.Context) string {
|
||||
v, _ := middleware.GetStackValue(ctx, checksumInputAlgorithmKey{}).(string)
|
||||
return v
|
||||
}
|
||||
|
||||
// SetAttemptSkewContext sets the clock skew value on the context
|
||||
func SetAttemptSkewContext(ctx context.Context, v time.Duration) context.Context {
|
||||
return middleware.WithStackValue(ctx, clockSkew{}, v)
|
||||
}
|
||||
|
||||
// GetAttemptSkewContext gets the clock skew value from the context
|
||||
func GetAttemptSkewContext(ctx context.Context) time.Duration {
|
||||
x, _ := middleware.GetStackValue(ctx, clockSkew{}).(time.Duration)
|
||||
return x
|
||||
}
|
11
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partition.go
generated
vendored
11
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partition.go
generated
vendored
@ -12,11 +12,12 @@ type Partition struct {
|
||||
|
||||
// PartitionConfig provides the endpoint metadata for an AWS region or partition.
|
||||
type PartitionConfig struct {
|
||||
Name string `json:"name"`
|
||||
DnsSuffix string `json:"dnsSuffix"`
|
||||
DualStackDnsSuffix string `json:"dualStackDnsSuffix"`
|
||||
SupportsFIPS bool `json:"supportsFIPS"`
|
||||
SupportsDualStack bool `json:"supportsDualStack"`
|
||||
Name string `json:"name"`
|
||||
DnsSuffix string `json:"dnsSuffix"`
|
||||
DualStackDnsSuffix string `json:"dualStackDnsSuffix"`
|
||||
SupportsFIPS bool `json:"supportsFIPS"`
|
||||
SupportsDualStack bool `json:"supportsDualStack"`
|
||||
ImplicitGlobalRegion string `json:"implicitGlobalRegion"`
|
||||
}
|
||||
|
||||
type RegionOverrides struct {
|
||||
|
94
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go
generated
vendored
94
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go
generated
vendored
@ -13,11 +13,12 @@ var partitions = []Partition{
|
||||
ID: "aws",
|
||||
RegionRegex: "^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$",
|
||||
DefaultConfig: PartitionConfig{
|
||||
Name: "aws",
|
||||
DnsSuffix: "amazonaws.com",
|
||||
DualStackDnsSuffix: "api.aws",
|
||||
SupportsFIPS: true,
|
||||
SupportsDualStack: true,
|
||||
Name: "aws",
|
||||
DnsSuffix: "amazonaws.com",
|
||||
DualStackDnsSuffix: "api.aws",
|
||||
SupportsFIPS: true,
|
||||
SupportsDualStack: true,
|
||||
ImplicitGlobalRegion: "us-east-1",
|
||||
},
|
||||
Regions: map[string]RegionOverrides{
|
||||
"af-south-1": {
|
||||
@ -111,6 +112,13 @@ var partitions = []Partition{
|
||||
SupportsFIPS: nil,
|
||||
SupportsDualStack: nil,
|
||||
},
|
||||
"ca-west-1": {
|
||||
Name: nil,
|
||||
DnsSuffix: nil,
|
||||
DualStackDnsSuffix: nil,
|
||||
SupportsFIPS: nil,
|
||||
SupportsDualStack: nil,
|
||||
},
|
||||
"eu-central-1": {
|
||||
Name: nil,
|
||||
DnsSuffix: nil,
|
||||
@ -229,11 +237,12 @@ var partitions = []Partition{
|
||||
ID: "aws-cn",
|
||||
RegionRegex: "^cn\\-\\w+\\-\\d+$",
|
||||
DefaultConfig: PartitionConfig{
|
||||
Name: "aws-cn",
|
||||
DnsSuffix: "amazonaws.com.cn",
|
||||
DualStackDnsSuffix: "api.amazonwebservices.com.cn",
|
||||
SupportsFIPS: true,
|
||||
SupportsDualStack: true,
|
||||
Name: "aws-cn",
|
||||
DnsSuffix: "amazonaws.com.cn",
|
||||
DualStackDnsSuffix: "api.amazonwebservices.com.cn",
|
||||
SupportsFIPS: true,
|
||||
SupportsDualStack: true,
|
||||
ImplicitGlobalRegion: "cn-northwest-1",
|
||||
},
|
||||
Regions: map[string]RegionOverrides{
|
||||
"aws-cn-global": {
|
||||
@ -263,11 +272,12 @@ var partitions = []Partition{
|
||||
ID: "aws-us-gov",
|
||||
RegionRegex: "^us\\-gov\\-\\w+\\-\\d+$",
|
||||
DefaultConfig: PartitionConfig{
|
||||
Name: "aws-us-gov",
|
||||
DnsSuffix: "amazonaws.com",
|
||||
DualStackDnsSuffix: "api.aws",
|
||||
SupportsFIPS: true,
|
||||
SupportsDualStack: true,
|
||||
Name: "aws-us-gov",
|
||||
DnsSuffix: "amazonaws.com",
|
||||
DualStackDnsSuffix: "api.aws",
|
||||
SupportsFIPS: true,
|
||||
SupportsDualStack: true,
|
||||
ImplicitGlobalRegion: "us-gov-west-1",
|
||||
},
|
||||
Regions: map[string]RegionOverrides{
|
||||
"aws-us-gov-global": {
|
||||
@ -297,11 +307,12 @@ var partitions = []Partition{
|
||||
ID: "aws-iso",
|
||||
RegionRegex: "^us\\-iso\\-\\w+\\-\\d+$",
|
||||
DefaultConfig: PartitionConfig{
|
||||
Name: "aws-iso",
|
||||
DnsSuffix: "c2s.ic.gov",
|
||||
DualStackDnsSuffix: "c2s.ic.gov",
|
||||
SupportsFIPS: true,
|
||||
SupportsDualStack: false,
|
||||
Name: "aws-iso",
|
||||
DnsSuffix: "c2s.ic.gov",
|
||||
DualStackDnsSuffix: "c2s.ic.gov",
|
||||
SupportsFIPS: true,
|
||||
SupportsDualStack: false,
|
||||
ImplicitGlobalRegion: "us-iso-east-1",
|
||||
},
|
||||
Regions: map[string]RegionOverrides{
|
||||
"aws-iso-global": {
|
||||
@ -331,11 +342,12 @@ var partitions = []Partition{
|
||||
ID: "aws-iso-b",
|
||||
RegionRegex: "^us\\-isob\\-\\w+\\-\\d+$",
|
||||
DefaultConfig: PartitionConfig{
|
||||
Name: "aws-iso-b",
|
||||
DnsSuffix: "sc2s.sgov.gov",
|
||||
DualStackDnsSuffix: "sc2s.sgov.gov",
|
||||
SupportsFIPS: true,
|
||||
SupportsDualStack: false,
|
||||
Name: "aws-iso-b",
|
||||
DnsSuffix: "sc2s.sgov.gov",
|
||||
DualStackDnsSuffix: "sc2s.sgov.gov",
|
||||
SupportsFIPS: true,
|
||||
SupportsDualStack: false,
|
||||
ImplicitGlobalRegion: "us-isob-east-1",
|
||||
},
|
||||
Regions: map[string]RegionOverrides{
|
||||
"aws-iso-b-global": {
|
||||
@ -358,23 +370,33 @@ var partitions = []Partition{
|
||||
ID: "aws-iso-e",
|
||||
RegionRegex: "^eu\\-isoe\\-\\w+\\-\\d+$",
|
||||
DefaultConfig: PartitionConfig{
|
||||
Name: "aws-iso-e",
|
||||
DnsSuffix: "cloud.adc-e.uk",
|
||||
DualStackDnsSuffix: "cloud.adc-e.uk",
|
||||
SupportsFIPS: true,
|
||||
SupportsDualStack: false,
|
||||
Name: "aws-iso-e",
|
||||
DnsSuffix: "cloud.adc-e.uk",
|
||||
DualStackDnsSuffix: "cloud.adc-e.uk",
|
||||
SupportsFIPS: true,
|
||||
SupportsDualStack: false,
|
||||
ImplicitGlobalRegion: "eu-isoe-west-1",
|
||||
},
|
||||
Regions: map[string]RegionOverrides{
|
||||
"eu-isoe-west-1": {
|
||||
Name: nil,
|
||||
DnsSuffix: nil,
|
||||
DualStackDnsSuffix: nil,
|
||||
SupportsFIPS: nil,
|
||||
SupportsDualStack: nil,
|
||||
},
|
||||
},
|
||||
Regions: map[string]RegionOverrides{},
|
||||
},
|
||||
{
|
||||
ID: "aws-iso-f",
|
||||
RegionRegex: "^us\\-isof\\-\\w+\\-\\d+$",
|
||||
DefaultConfig: PartitionConfig{
|
||||
Name: "aws-iso-f",
|
||||
DnsSuffix: "csp.hci.ic.gov",
|
||||
DualStackDnsSuffix: "csp.hci.ic.gov",
|
||||
SupportsFIPS: true,
|
||||
SupportsDualStack: false,
|
||||
Name: "aws-iso-f",
|
||||
DnsSuffix: "csp.hci.ic.gov",
|
||||
DualStackDnsSuffix: "csp.hci.ic.gov",
|
||||
SupportsFIPS: true,
|
||||
SupportsDualStack: false,
|
||||
ImplicitGlobalRegion: "us-isof-south-1",
|
||||
},
|
||||
Regions: map[string]RegionOverrides{},
|
||||
},
|
||||
|
6
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json
generated
vendored
6
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json
generated
vendored
@ -198,7 +198,11 @@
|
||||
"supportsFIPS" : true
|
||||
},
|
||||
"regionRegex" : "^eu\\-isoe\\-\\w+\\-\\d+$",
|
||||
"regions" : { }
|
||||
"regions" : {
|
||||
"eu-isoe-west-1" : {
|
||||
"description" : "EU ISOE West"
|
||||
}
|
||||
}
|
||||
}, {
|
||||
"id" : "aws-iso-f",
|
||||
"outputs" : {
|
||||
|
66
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
generated
vendored
66
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
generated
vendored
@ -1,3 +1,69 @@
|
||||
# v2.6.15 (2024-07-10.2)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.14 (2024-07-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.13 (2024-06-28)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.12 (2024-06-19)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.11 (2024-06-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.10 (2024-06-17)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.9 (2024-06-07)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.8 (2024-06-03)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.7 (2024-05-16)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.6 (2024-05-15)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.5 (2024-03-29)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.4 (2024-03-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.3 (2024-03-07)
|
||||
|
||||
* **Bug Fix**: Remove dependency on go-cmp.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.2 (2024-02-23)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.1 (2024-02-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.6.0 (2024-02-13)
|
||||
|
||||
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.5.10 (2024-01-04)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
||||
package endpoints
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "2.5.10"
|
||||
const goModuleVersion = "2.6.15"
|
||||
|
4
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md
generated
vendored
4
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md
generated
vendored
@ -1,3 +1,7 @@
|
||||
# v1.8.0 (2024-02-13)
|
||||
|
||||
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
|
||||
|
||||
# v1.7.3 (2024-01-22)
|
||||
|
||||
* **Bug Fix**: Remove invalid escaping of shared config values. All values in the shared config file will now be interpreted literally, save for fully-quoted strings which are unwrapped for legacy reasons.
|
||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
||||
package ini
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "1.7.3"
|
||||
const goModuleVersion = "1.8.0"
|
||||
|
42
vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go
generated
vendored
Normal file
42
vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go
generated
vendored
Normal file
@ -0,0 +1,42 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"context"
|
||||
"sync/atomic"
|
||||
"time"
|
||||
|
||||
internalcontext "github.com/aws/aws-sdk-go-v2/internal/context"
|
||||
"github.com/aws/smithy-go/middleware"
|
||||
)
|
||||
|
||||
// AddTimeOffsetMiddleware sets a value representing clock skew on the request context.
|
||||
// This can be read by other operations (such as signing) to correct the date value they send
|
||||
// on the request
|
||||
type AddTimeOffsetMiddleware struct {
|
||||
Offset *atomic.Int64
|
||||
}
|
||||
|
||||
// ID the identifier for AddTimeOffsetMiddleware
|
||||
func (m *AddTimeOffsetMiddleware) ID() string { return "AddTimeOffsetMiddleware" }
|
||||
|
||||
// HandleBuild sets a value for attemptSkew on the request context if one is set on the client.
|
||||
func (m AddTimeOffsetMiddleware) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
|
||||
out middleware.BuildOutput, metadata middleware.Metadata, err error,
|
||||
) {
|
||||
if m.Offset != nil {
|
||||
offset := time.Duration(m.Offset.Load())
|
||||
ctx = internalcontext.SetAttemptSkewContext(ctx, offset)
|
||||
}
|
||||
return next.HandleBuild(ctx, in)
|
||||
}
|
||||
|
||||
// HandleDeserialize gets the clock skew context from the context, and if set, sets it on the pointer
|
||||
// held by AddTimeOffsetMiddleware
|
||||
func (m *AddTimeOffsetMiddleware) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
|
||||
out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
|
||||
) {
|
||||
if v := internalcontext.GetAttemptSkewContext(ctx); v != 0 {
|
||||
m.Offset.Store(v.Nanoseconds())
|
||||
}
|
||||
return next.HandleDeserialize(ctx, in)
|
||||
}
|
16
vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md
generated
vendored
16
vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md
generated
vendored
@ -1,3 +1,19 @@
|
||||
# v1.11.3 (2024-06-28)
|
||||
|
||||
* No change notes available for this release.
|
||||
|
||||
# v1.11.2 (2024-03-29)
|
||||
|
||||
* No change notes available for this release.
|
||||
|
||||
# v1.11.1 (2024-02-21)
|
||||
|
||||
* No change notes available for this release.
|
||||
|
||||
# v1.11.0 (2024-02-13)
|
||||
|
||||
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
|
||||
|
||||
# v1.10.4 (2023-12-07)
|
||||
|
||||
* No change notes available for this release.
|
||||
|
@ -3,4 +3,4 @@
|
||||
package acceptencoding
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "1.10.4"
|
||||
const goModuleVersion = "1.11.3"
|
||||
|
74
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
generated
vendored
74
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
generated
vendored
@ -1,3 +1,77 @@
|
||||
# v1.11.17 (2024-07-10.2)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.16 (2024-07-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.15 (2024-06-28)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.14 (2024-06-19)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.13 (2024-06-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.12 (2024-06-17)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.11 (2024-06-07)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.10 (2024-06-03)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.9 (2024-05-16)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.8 (2024-05-15)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.7 (2024-03-29)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.6 (2024-03-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.5 (2024-03-07)
|
||||
|
||||
* **Bug Fix**: Remove dependency on go-cmp.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.4 (2024-03-05)
|
||||
|
||||
* **Bug Fix**: Restore typo'd API `AddAsIsInternalPresigingMiddleware` as an alias for backwards compatibility.
|
||||
|
||||
# v1.11.3 (2024-03-04)
|
||||
|
||||
* **Bug Fix**: Correct a typo in internal AddAsIsPresigningMiddleware API.
|
||||
|
||||
# v1.11.2 (2024-02-23)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.1 (2024-02-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.11.0 (2024-02-13)
|
||||
|
||||
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.10.10 (2024-01-04)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
12
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/context.go
generated
vendored
12
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/context.go
generated
vendored
@ -27,13 +27,21 @@ func GetIsPresigning(ctx context.Context) bool {
|
||||
|
||||
type isPresigningKey struct{}
|
||||
|
||||
// AddAsIsPresigingMiddleware adds a middleware to the head of the stack that
|
||||
// AddAsIsPresigningMiddleware adds a middleware to the head of the stack that
|
||||
// will update the stack's context to be flagged as being invoked for the
|
||||
// purpose of presigning.
|
||||
func AddAsIsPresigingMiddleware(stack *middleware.Stack) error {
|
||||
func AddAsIsPresigningMiddleware(stack *middleware.Stack) error {
|
||||
return stack.Initialize.Add(asIsPresigningMiddleware{}, middleware.Before)
|
||||
}
|
||||
|
||||
// AddAsIsPresigingMiddleware is an alias for backwards compatibility.
|
||||
//
|
||||
// Deprecated: This API was released with a typo. Use
|
||||
// [AddAsIsPresigningMiddleware] instead.
|
||||
func AddAsIsPresigingMiddleware(stack *middleware.Stack) error {
|
||||
return AddAsIsPresigningMiddleware(stack)
|
||||
}
|
||||
|
||||
type asIsPresigningMiddleware struct{}
|
||||
|
||||
func (asIsPresigningMiddleware) ID() string { return "AsIsPresigningMiddleware" }
|
||||
|
@ -3,4 +3,4 @@
|
||||
package presignedurl
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "1.10.10"
|
||||
const goModuleVersion = "1.11.17"
|
||||
|
97
vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
generated
vendored
97
vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
generated
vendored
@ -1,3 +1,100 @@
|
||||
# v1.22.4 (2024-07-18)
|
||||
|
||||
* No change notes available for this release.
|
||||
|
||||
# v1.22.3 (2024-07-10.2)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.22.2 (2024-07-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.22.1 (2024-06-28)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.22.0 (2024-06-26)
|
||||
|
||||
* **Feature**: Support list-of-string endpoint parameter.
|
||||
|
||||
# v1.21.1 (2024-06-19)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.21.0 (2024-06-18)
|
||||
|
||||
* **Feature**: Track usage of various AWS SDK features in user-agent string.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.20.12 (2024-06-17)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.20.11 (2024-06-07)
|
||||
|
||||
* **Bug Fix**: Add clock skew correction on all service clients
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.20.10 (2024-06-03)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.20.9 (2024-05-23)
|
||||
|
||||
* No change notes available for this release.
|
||||
|
||||
# v1.20.8 (2024-05-16)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.20.7 (2024-05-15)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.20.6 (2024-05-08)
|
||||
|
||||
* **Bug Fix**: GoDoc improvement
|
||||
|
||||
# v1.20.5 (2024-04-05)
|
||||
|
||||
* No change notes available for this release.
|
||||
|
||||
# v1.20.4 (2024-03-29)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.20.3 (2024-03-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.20.2 (2024-03-07)
|
||||
|
||||
* **Bug Fix**: Remove dependency on go-cmp.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.20.1 (2024-02-23)
|
||||
|
||||
* **Bug Fix**: Move all common, SDK-side middleware stack ops into the service client module to prevent cross-module compatibility issues in the future.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.20.0 (2024-02-22)
|
||||
|
||||
* **Feature**: Add middleware stack snapshot tests.
|
||||
|
||||
# v1.19.2 (2024-02-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.19.1 (2024-02-20)
|
||||
|
||||
* **Bug Fix**: When sourcing values for a service's `EndpointParameters`, the lack of a configured region (i.e. `options.Region == ""`) will now translate to a `nil` value for `EndpointParameters.Region` instead of a pointer to the empty string `""`. This will result in a much more explicit error when calling an operation instead of an obscure hostname lookup failure.
|
||||
|
||||
# v1.19.0 (2024-02-13)
|
||||
|
||||
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.18.7 (2024-01-18)
|
||||
|
||||
* No change notes available for this release.
|
||||
|
188
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go
generated
vendored
188
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go
generated
vendored
@ -14,13 +14,16 @@ import (
|
||||
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
|
||||
internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
|
||||
internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources"
|
||||
internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware"
|
||||
smithy "github.com/aws/smithy-go"
|
||||
smithyauth "github.com/aws/smithy-go/auth"
|
||||
smithydocument "github.com/aws/smithy-go/document"
|
||||
"github.com/aws/smithy-go/logging"
|
||||
"github.com/aws/smithy-go/middleware"
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
"net"
|
||||
"net/http"
|
||||
"sync/atomic"
|
||||
"time"
|
||||
)
|
||||
|
||||
@ -30,6 +33,9 @@ const ServiceAPIVersion = "2019-06-10"
|
||||
// Client provides the API client to make operations call for AWS Single Sign-On.
|
||||
type Client struct {
|
||||
options Options
|
||||
|
||||
// Difference between the time reported by the server and the client
|
||||
timeOffset *atomic.Int64
|
||||
}
|
||||
|
||||
// New returns an initialized Client based on the functional options. Provide
|
||||
@ -68,6 +74,8 @@ func New(options Options, optFns ...func(*Options)) *Client {
|
||||
options: options,
|
||||
}
|
||||
|
||||
initializeTimeOffsetResolver(client)
|
||||
|
||||
return client
|
||||
}
|
||||
|
||||
@ -229,15 +237,16 @@ func setResolvedDefaultsMode(o *Options) {
|
||||
// NewFromConfig returns a new client from the provided config.
|
||||
func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
|
||||
opts := Options{
|
||||
Region: cfg.Region,
|
||||
DefaultsMode: cfg.DefaultsMode,
|
||||
RuntimeEnvironment: cfg.RuntimeEnvironment,
|
||||
HTTPClient: cfg.HTTPClient,
|
||||
Credentials: cfg.Credentials,
|
||||
APIOptions: cfg.APIOptions,
|
||||
Logger: cfg.Logger,
|
||||
ClientLogMode: cfg.ClientLogMode,
|
||||
AppID: cfg.AppID,
|
||||
Region: cfg.Region,
|
||||
DefaultsMode: cfg.DefaultsMode,
|
||||
RuntimeEnvironment: cfg.RuntimeEnvironment,
|
||||
HTTPClient: cfg.HTTPClient,
|
||||
Credentials: cfg.Credentials,
|
||||
APIOptions: cfg.APIOptions,
|
||||
Logger: cfg.Logger,
|
||||
ClientLogMode: cfg.ClientLogMode,
|
||||
AppID: cfg.AppID,
|
||||
AccountIDEndpointMode: cfg.AccountIDEndpointMode,
|
||||
}
|
||||
resolveAWSRetryerProvider(cfg, &opts)
|
||||
resolveAWSRetryMaxAttempts(cfg, &opts)
|
||||
@ -361,17 +370,37 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
|
||||
}
|
||||
|
||||
func addClientUserAgent(stack *middleware.Stack, options Options) error {
|
||||
if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "sso", goModuleVersion)(stack); err != nil {
|
||||
ua, err := getOrAddRequestUserAgent(stack)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ua.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "sso", goModuleVersion)
|
||||
if len(options.AppID) > 0 {
|
||||
return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
|
||||
ua.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func getOrAddRequestUserAgent(stack *middleware.Stack) (*awsmiddleware.RequestUserAgent, error) {
|
||||
id := (*awsmiddleware.RequestUserAgent)(nil).ID()
|
||||
mw, ok := stack.Build.Get(id)
|
||||
if !ok {
|
||||
mw = awsmiddleware.NewRequestUserAgent()
|
||||
if err := stack.Build.Add(mw, middleware.After); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
ua, ok := mw.(*awsmiddleware.RequestUserAgent)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("%T for %s middleware did not match expected type", mw, id)
|
||||
}
|
||||
|
||||
return ua, nil
|
||||
}
|
||||
|
||||
type HTTPSignerV4 interface {
|
||||
SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
|
||||
}
|
||||
@ -390,12 +419,72 @@ func newDefaultV4Signer(o Options) *v4.Signer {
|
||||
})
|
||||
}
|
||||
|
||||
func addRetryMiddlewares(stack *middleware.Stack, o Options) error {
|
||||
mo := retry.AddRetryMiddlewaresOptions{
|
||||
Retryer: o.Retryer,
|
||||
LogRetryAttempts: o.ClientLogMode.IsRetries(),
|
||||
func addClientRequestID(stack *middleware.Stack) error {
|
||||
return stack.Build.Add(&awsmiddleware.ClientRequestID{}, middleware.After)
|
||||
}
|
||||
|
||||
func addComputeContentLength(stack *middleware.Stack) error {
|
||||
return stack.Build.Add(&smithyhttp.ComputeContentLength{}, middleware.After)
|
||||
}
|
||||
|
||||
func addRawResponseToMetadata(stack *middleware.Stack) error {
|
||||
return stack.Deserialize.Add(&awsmiddleware.AddRawResponse{}, middleware.Before)
|
||||
}
|
||||
|
||||
func addRecordResponseTiming(stack *middleware.Stack) error {
|
||||
return stack.Deserialize.Add(&awsmiddleware.RecordResponseTiming{}, middleware.After)
|
||||
}
|
||||
func addStreamingEventsPayload(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Add(&v4.StreamingEventsPayload{}, middleware.Before)
|
||||
}
|
||||
|
||||
func addUnsignedPayload(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Insert(&v4.UnsignedPayload{}, "ResolveEndpointV2", middleware.After)
|
||||
}
|
||||
|
||||
func addComputePayloadSHA256(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Insert(&v4.ComputePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
|
||||
}
|
||||
|
||||
func addContentSHA256Header(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Insert(&v4.ContentSHA256Header{}, (*v4.ComputePayloadSHA256)(nil).ID(), middleware.After)
|
||||
}
|
||||
|
||||
func addIsWaiterUserAgent(o *Options) {
|
||||
o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
|
||||
ua, err := getOrAddRequestUserAgent(stack)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureWaiter)
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
func addIsPaginatorUserAgent(o *Options) {
|
||||
o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
|
||||
ua, err := getOrAddRequestUserAgent(stack)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeaturePaginator)
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
func addRetry(stack *middleware.Stack, o Options) error {
|
||||
attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) {
|
||||
m.LogAttempts = o.ClientLogMode.IsRetries()
|
||||
})
|
||||
if err := stack.Finalize.Insert(attempt, "Signing", middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
return retry.AddRetryMiddlewares(stack, mo)
|
||||
if err := stack.Finalize.Insert(&retry.MetricsHeader{}, attempt.ID(), middleware.After); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// resolves dual-stack endpoint configuration
|
||||
@ -428,12 +517,75 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string {
|
||||
if mode == aws.AccountIDEndpointModeDisabled {
|
||||
return nil
|
||||
}
|
||||
|
||||
if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" {
|
||||
return aws.String(ca.Credentials.AccountID)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error {
|
||||
mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset}
|
||||
if err := stack.Build.Add(&mw, middleware.After); err != nil {
|
||||
return err
|
||||
}
|
||||
return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before)
|
||||
}
|
||||
func initializeTimeOffsetResolver(c *Client) {
|
||||
c.timeOffset = new(atomic.Int64)
|
||||
}
|
||||
|
||||
func checkAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) error {
|
||||
switch mode {
|
||||
case aws.AccountIDEndpointModeUnset:
|
||||
case aws.AccountIDEndpointModePreferred:
|
||||
case aws.AccountIDEndpointModeDisabled:
|
||||
case aws.AccountIDEndpointModeRequired:
|
||||
if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); !ok {
|
||||
return fmt.Errorf("accountID is required but not set")
|
||||
} else if ca.Credentials.AccountID == "" {
|
||||
return fmt.Errorf("accountID is required but not set")
|
||||
}
|
||||
// default check in case invalid mode is configured through request config
|
||||
default:
|
||||
return fmt.Errorf("invalid accountID endpoint mode %s, must be preferred/required/disabled", mode)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func addUserAgentRetryMode(stack *middleware.Stack, options Options) error {
|
||||
ua, err := getOrAddRequestUserAgent(stack)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
switch options.Retryer.(type) {
|
||||
case *retry.Standard:
|
||||
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeStandard)
|
||||
case *retry.AdaptiveMode:
|
||||
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeAdaptive)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func addRecursionDetection(stack *middleware.Stack) error {
|
||||
return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After)
|
||||
}
|
||||
|
||||
func addRequestIDRetrieverMiddleware(stack *middleware.Stack) error {
|
||||
return awsmiddleware.AddRequestIDRetrieverMiddleware(stack)
|
||||
return stack.Deserialize.Insert(&awsmiddleware.RequestIDRetriever{}, "OperationDeserializer", middleware.Before)
|
||||
|
||||
}
|
||||
|
||||
func addResponseErrorMiddleware(stack *middleware.Stack) error {
|
||||
return awshttp.AddResponseErrorMiddleware(stack)
|
||||
return stack.Deserialize.Insert(&awshttp.ResponseErrorWrapper{}, "RequestIDRetriever", middleware.Before)
|
||||
|
||||
}
|
||||
|
||||
func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
|
||||
|
25
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go
generated
vendored
25
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go
generated
vendored
@ -30,9 +30,10 @@ func (c *Client) GetRoleCredentials(ctx context.Context, params *GetRoleCredenti
|
||||
|
||||
type GetRoleCredentialsInput struct {
|
||||
|
||||
// The token issued by the CreateToken API call. For more information, see
|
||||
// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
|
||||
// in the IAM Identity Center OIDC API Reference Guide.
|
||||
// The token issued by the CreateToken API call. For more information, see [CreateToken] in the
|
||||
// IAM Identity Center OIDC API Reference Guide.
|
||||
//
|
||||
// [CreateToken]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
|
||||
//
|
||||
// This member is required.
|
||||
AccessToken *string
|
||||
@ -83,22 +84,22 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -113,13 +114,19 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addOpGetRoleCredentialsValidationMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetRoleCredentials(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
|
44
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go
generated
vendored
44
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go
generated
vendored
@ -29,9 +29,10 @@ func (c *Client) ListAccountRoles(ctx context.Context, params *ListAccountRolesI
|
||||
|
||||
type ListAccountRolesInput struct {
|
||||
|
||||
// The token issued by the CreateToken API call. For more information, see
|
||||
// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
|
||||
// in the IAM Identity Center OIDC API Reference Guide.
|
||||
// The token issued by the CreateToken API call. For more information, see [CreateToken] in the
|
||||
// IAM Identity Center OIDC API Reference Guide.
|
||||
//
|
||||
// [CreateToken]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
|
||||
//
|
||||
// This member is required.
|
||||
AccessToken *string
|
||||
@ -88,22 +89,22 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -118,13 +119,19 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addOpListAccountRolesValidationMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListAccountRoles(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
@ -142,14 +149,6 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack
|
||||
return nil
|
||||
}
|
||||
|
||||
// ListAccountRolesAPIClient is a client that implements the ListAccountRoles
|
||||
// operation.
|
||||
type ListAccountRolesAPIClient interface {
|
||||
ListAccountRoles(context.Context, *ListAccountRolesInput, ...func(*Options)) (*ListAccountRolesOutput, error)
|
||||
}
|
||||
|
||||
var _ ListAccountRolesAPIClient = (*Client)(nil)
|
||||
|
||||
// ListAccountRolesPaginatorOptions is the paginator options for ListAccountRoles
|
||||
type ListAccountRolesPaginatorOptions struct {
|
||||
// The number of items that clients can request per page.
|
||||
@ -213,6 +212,9 @@ func (p *ListAccountRolesPaginator) NextPage(ctx context.Context, optFns ...func
|
||||
}
|
||||
params.MaxResults = limit
|
||||
|
||||
optFns = append([]func(*Options){
|
||||
addIsPaginatorUserAgent,
|
||||
}, optFns...)
|
||||
result, err := p.client.ListAccountRoles(ctx, ¶ms, optFns...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -232,6 +234,14 @@ func (p *ListAccountRolesPaginator) NextPage(ctx context.Context, optFns ...func
|
||||
return result, nil
|
||||
}
|
||||
|
||||
// ListAccountRolesAPIClient is a client that implements the ListAccountRoles
|
||||
// operation.
|
||||
type ListAccountRolesAPIClient interface {
|
||||
ListAccountRoles(context.Context, *ListAccountRolesInput, ...func(*Options)) (*ListAccountRolesOutput, error)
|
||||
}
|
||||
|
||||
var _ ListAccountRolesAPIClient = (*Client)(nil)
|
||||
|
||||
func newServiceMetadataMiddleware_opListAccountRoles(region string) *awsmiddleware.RegisterServiceMetadata {
|
||||
return &awsmiddleware.RegisterServiceMetadata{
|
||||
Region: region,
|
||||
|
49
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go
generated
vendored
49
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go
generated
vendored
@ -12,9 +12,10 @@ import (
|
||||
)
|
||||
|
||||
// Lists all AWS accounts assigned to the user. These AWS accounts are assigned by
|
||||
// the administrator of the account. For more information, see Assign User Access (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers)
|
||||
// in the IAM Identity Center User Guide. This operation returns a paginated
|
||||
// response.
|
||||
// the administrator of the account. For more information, see [Assign User Access]in the IAM Identity
|
||||
// Center User Guide. This operation returns a paginated response.
|
||||
//
|
||||
// [Assign User Access]: https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers
|
||||
func (c *Client) ListAccounts(ctx context.Context, params *ListAccountsInput, optFns ...func(*Options)) (*ListAccountsOutput, error) {
|
||||
if params == nil {
|
||||
params = &ListAccountsInput{}
|
||||
@ -32,9 +33,10 @@ func (c *Client) ListAccounts(ctx context.Context, params *ListAccountsInput, op
|
||||
|
||||
type ListAccountsInput struct {
|
||||
|
||||
// The token issued by the CreateToken API call. For more information, see
|
||||
// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
|
||||
// in the IAM Identity Center OIDC API Reference Guide.
|
||||
// The token issued by the CreateToken API call. For more information, see [CreateToken] in the
|
||||
// IAM Identity Center OIDC API Reference Guide.
|
||||
//
|
||||
// [CreateToken]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
|
||||
//
|
||||
// This member is required.
|
||||
AccessToken *string
|
||||
@ -86,22 +88,22 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -116,13 +118,19 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addOpListAccountsValidationMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListAccounts(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
@ -140,13 +148,6 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op
|
||||
return nil
|
||||
}
|
||||
|
||||
// ListAccountsAPIClient is a client that implements the ListAccounts operation.
|
||||
type ListAccountsAPIClient interface {
|
||||
ListAccounts(context.Context, *ListAccountsInput, ...func(*Options)) (*ListAccountsOutput, error)
|
||||
}
|
||||
|
||||
var _ ListAccountsAPIClient = (*Client)(nil)
|
||||
|
||||
// ListAccountsPaginatorOptions is the paginator options for ListAccounts
|
||||
type ListAccountsPaginatorOptions struct {
|
||||
// This is the number of items clients can request per page.
|
||||
@ -210,6 +211,9 @@ func (p *ListAccountsPaginator) NextPage(ctx context.Context, optFns ...func(*Op
|
||||
}
|
||||
params.MaxResults = limit
|
||||
|
||||
optFns = append([]func(*Options){
|
||||
addIsPaginatorUserAgent,
|
||||
}, optFns...)
|
||||
result, err := p.client.ListAccounts(ctx, ¶ms, optFns...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -229,6 +233,13 @@ func (p *ListAccountsPaginator) NextPage(ctx context.Context, optFns ...func(*Op
|
||||
return result, nil
|
||||
}
|
||||
|
||||
// ListAccountsAPIClient is a client that implements the ListAccounts operation.
|
||||
type ListAccountsAPIClient interface {
|
||||
ListAccounts(context.Context, *ListAccountsInput, ...func(*Options)) (*ListAccountsOutput, error)
|
||||
}
|
||||
|
||||
var _ ListAccountsAPIClient = (*Client)(nil)
|
||||
|
||||
func newServiceMetadataMiddleware_opListAccounts(region string) *awsmiddleware.RegisterServiceMetadata {
|
||||
return &awsmiddleware.RegisterServiceMetadata{
|
||||
Region: region,
|
||||
|
49
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go
generated
vendored
49
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go
generated
vendored
@ -12,16 +12,20 @@ import (
|
||||
|
||||
// Removes the locally stored SSO tokens from the client-side cache and sends an
|
||||
// API call to the IAM Identity Center service to invalidate the corresponding
|
||||
// server-side IAM Identity Center sign in session. If a user uses IAM Identity
|
||||
// Center to access the AWS CLI, the user’s IAM Identity Center sign in session is
|
||||
// used to obtain an IAM session, as specified in the corresponding IAM Identity
|
||||
// Center permission set. More specifically, IAM Identity Center assumes an IAM
|
||||
// role in the target account on behalf of the user, and the corresponding
|
||||
// temporary AWS credentials are returned to the client. After user logout, any
|
||||
// existing IAM role sessions that were created by using IAM Identity Center
|
||||
// permission sets continue based on the duration configured in the permission set.
|
||||
// For more information, see User authentications (https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html)
|
||||
// in the IAM Identity Center User Guide.
|
||||
// server-side IAM Identity Center sign in session.
|
||||
//
|
||||
// If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM
|
||||
// Identity Center sign in session is used to obtain an IAM session, as specified
|
||||
// in the corresponding IAM Identity Center permission set. More specifically, IAM
|
||||
// Identity Center assumes an IAM role in the target account on behalf of the user,
|
||||
// and the corresponding temporary AWS credentials are returned to the client.
|
||||
//
|
||||
// After user logout, any existing IAM role sessions that were created by using
|
||||
// IAM Identity Center permission sets continue based on the duration configured in
|
||||
// the permission set. For more information, see [User authentications]in the IAM Identity Center User
|
||||
// Guide.
|
||||
//
|
||||
// [User authentications]: https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html
|
||||
func (c *Client) Logout(ctx context.Context, params *LogoutInput, optFns ...func(*Options)) (*LogoutOutput, error) {
|
||||
if params == nil {
|
||||
params = &LogoutInput{}
|
||||
@ -39,9 +43,10 @@ func (c *Client) Logout(ctx context.Context, params *LogoutInput, optFns ...func
|
||||
|
||||
type LogoutInput struct {
|
||||
|
||||
// The token issued by the CreateToken API call. For more information, see
|
||||
// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
|
||||
// in the IAM Identity Center OIDC API Reference Guide.
|
||||
// The token issued by the CreateToken API call. For more information, see [CreateToken] in the
|
||||
// IAM Identity Center OIDC API Reference Guide.
|
||||
//
|
||||
// [CreateToken]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
|
||||
//
|
||||
// This member is required.
|
||||
AccessToken *string
|
||||
@ -78,22 +83,22 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -108,13 +113,19 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addOpLogoutValidationMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opLogout(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
|
8
vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go
generated
vendored
8
vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go
generated
vendored
@ -12,7 +12,7 @@ import (
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
)
|
||||
|
||||
func bindAuthParamsRegion(params *AuthResolverParameters, _ interface{}, options Options) {
|
||||
func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) {
|
||||
params.Region = options.Region
|
||||
}
|
||||
|
||||
@ -90,12 +90,12 @@ type AuthResolverParameters struct {
|
||||
Region string
|
||||
}
|
||||
|
||||
func bindAuthResolverParams(operation string, input interface{}, options Options) *AuthResolverParameters {
|
||||
func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) *AuthResolverParameters {
|
||||
params := &AuthResolverParameters{
|
||||
Operation: operation,
|
||||
}
|
||||
|
||||
bindAuthParamsRegion(params, input, options)
|
||||
bindAuthParamsRegion(ctx, params, input, options)
|
||||
|
||||
return params
|
||||
}
|
||||
@ -169,7 +169,7 @@ func (*resolveAuthSchemeMiddleware) ID() string {
|
||||
func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
|
||||
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
|
||||
) {
|
||||
params := bindAuthResolverParams(m.operation, getOperationInput(ctx), m.options)
|
||||
params := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options)
|
||||
options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params)
|
||||
if err != nil {
|
||||
return out, metadata, fmt.Errorf("resolve auth scheme: %w", err)
|
||||
|
10
vendor/github.com/aws/aws-sdk-go-v2/service/sso/deserializers.go
generated
vendored
10
vendor/github.com/aws/aws-sdk-go-v2/service/sso/deserializers.go
generated
vendored
@ -13,12 +13,22 @@ import (
|
||||
smithyio "github.com/aws/smithy-go/io"
|
||||
"github.com/aws/smithy-go/middleware"
|
||||
"github.com/aws/smithy-go/ptr"
|
||||
smithytime "github.com/aws/smithy-go/time"
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
func deserializeS3Expires(v string) (*time.Time, error) {
|
||||
t, err := smithytime.ParseHTTPDate(v)
|
||||
if err != nil {
|
||||
return nil, nil
|
||||
}
|
||||
return &t, nil
|
||||
}
|
||||
|
||||
type awsRestjson1_deserializeOpGetRoleCredentials struct {
|
||||
}
|
||||
|
||||
|
22
vendor/github.com/aws/aws-sdk-go-v2/service/sso/doc.go
generated
vendored
22
vendor/github.com/aws/aws-sdk-go-v2/service/sso/doc.go
generated
vendored
@ -6,16 +6,22 @@
|
||||
// AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a web
|
||||
// service that makes it easy for you to assign user access to IAM Identity Center
|
||||
// resources such as the AWS access portal. Users can get AWS account applications
|
||||
// and roles assigned to them and get federated into the application. Although AWS
|
||||
// Single Sign-On was renamed, the sso and identitystore API namespaces will
|
||||
// continue to retain their original name for backward compatibility purposes. For
|
||||
// more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed)
|
||||
// . This reference guide describes the IAM Identity Center Portal operations that
|
||||
// and roles assigned to them and get federated into the application.
|
||||
//
|
||||
// Although AWS Single Sign-On was renamed, the sso and identitystore API
|
||||
// namespaces will continue to retain their original name for backward
|
||||
// compatibility purposes. For more information, see [IAM Identity Center rename].
|
||||
//
|
||||
// This reference guide describes the IAM Identity Center Portal operations that
|
||||
// you can call programatically and includes detailed information on data types and
|
||||
// errors. AWS provides SDKs that consist of libraries and sample code for various
|
||||
// errors.
|
||||
//
|
||||
// AWS provides SDKs that consist of libraries and sample code for various
|
||||
// programming languages and platforms, such as Java, Ruby, .Net, iOS, or Android.
|
||||
// The SDKs provide a convenient way to create programmatic access to IAM Identity
|
||||
// Center and other AWS services. For more information about the AWS SDKs,
|
||||
// including how to download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/)
|
||||
// .
|
||||
// including how to download and install them, see [Tools for Amazon Web Services].
|
||||
//
|
||||
// [Tools for Amazon Web Services]: http://aws.amazon.com/tools/
|
||||
// [IAM Identity Center rename]: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed
|
||||
package sso
|
||||
|
28
vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go
generated
vendored
28
vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go
generated
vendored
@ -216,6 +216,13 @@ func resolveBaseEndpoint(cfg aws.Config, o *Options) {
|
||||
}
|
||||
}
|
||||
|
||||
func bindRegion(region string) *string {
|
||||
if region == "" {
|
||||
return nil
|
||||
}
|
||||
return aws.String(endpoints.MapFIPSRegion(region))
|
||||
}
|
||||
|
||||
// EndpointParameters provides the parameters that influence how endpoints are
|
||||
// resolved.
|
||||
type EndpointParameters struct {
|
||||
@ -281,6 +288,17 @@ func (p EndpointParameters) WithDefaults() EndpointParameters {
|
||||
return p
|
||||
}
|
||||
|
||||
type stringSlice []string
|
||||
|
||||
func (s stringSlice) Get(i int) *string {
|
||||
if i < 0 || i >= len(s) {
|
||||
return nil
|
||||
}
|
||||
|
||||
v := s[i]
|
||||
return &v
|
||||
}
|
||||
|
||||
// EndpointResolverV2 provides the interface for resolving service endpoints.
|
||||
type EndpointResolverV2 interface {
|
||||
// ResolveEndpoint attempts to resolve the endpoint with the provided options,
|
||||
@ -458,10 +476,10 @@ type endpointParamsBinder interface {
|
||||
bindEndpointParams(*EndpointParameters)
|
||||
}
|
||||
|
||||
func bindEndpointParams(input interface{}, options Options) *EndpointParameters {
|
||||
func bindEndpointParams(ctx context.Context, input interface{}, options Options) *EndpointParameters {
|
||||
params := &EndpointParameters{}
|
||||
|
||||
params.Region = aws.String(endpoints.MapFIPSRegion(options.Region))
|
||||
params.Region = bindRegion(options.Region)
|
||||
params.UseDualStack = aws.Bool(options.EndpointOptions.UseDualStackEndpoint == aws.DualStackEndpointStateEnabled)
|
||||
params.UseFIPS = aws.Bool(options.EndpointOptions.UseFIPSEndpoint == aws.FIPSEndpointStateEnabled)
|
||||
params.Endpoint = options.BaseEndpoint
|
||||
@ -488,6 +506,10 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
|
||||
return next.HandleFinalize(ctx, in)
|
||||
}
|
||||
|
||||
if err := checkAccountID(getIdentity(ctx), m.options.AccountIDEndpointMode); err != nil {
|
||||
return out, metadata, fmt.Errorf("invalid accountID set: %w", err)
|
||||
}
|
||||
|
||||
req, ok := in.Request.(*smithyhttp.Request)
|
||||
if !ok {
|
||||
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
|
||||
@ -497,7 +519,7 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
|
||||
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
|
||||
}
|
||||
|
||||
params := bindEndpointParams(getOperationInput(ctx), m.options)
|
||||
params := bindEndpointParams(ctx, getOperationInput(ctx), m.options)
|
||||
endpt, err := m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
|
||||
if err != nil {
|
||||
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
|
||||
|
4
vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json
generated
vendored
4
vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json
generated
vendored
@ -3,8 +3,7 @@
|
||||
"github.com/aws/aws-sdk-go-v2": "v1.4.0",
|
||||
"github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000",
|
||||
"github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
|
||||
"github.com/aws/smithy-go": "v1.4.0",
|
||||
"github.com/google/go-cmp": "v0.5.4"
|
||||
"github.com/aws/smithy-go": "v1.4.0"
|
||||
},
|
||||
"files": [
|
||||
"api_client.go",
|
||||
@ -25,6 +24,7 @@
|
||||
"options.go",
|
||||
"protocol_test.go",
|
||||
"serializers.go",
|
||||
"snapshot_test.go",
|
||||
"types/errors.go",
|
||||
"types/types.go",
|
||||
"validators.go"
|
||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
||||
package sso
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "1.18.7"
|
||||
const goModuleVersion = "1.22.4"
|
||||
|
32
vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go
generated
vendored
32
vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go
generated
vendored
@ -187,6 +187,14 @@ var defaultPartitions = endpoints.Partitions{
|
||||
Region: "ap-south-1",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "ap-south-2",
|
||||
}: endpoints.Endpoint{
|
||||
Hostname: "portal.sso.ap-south-2.amazonaws.com",
|
||||
CredentialScope: endpoints.CredentialScope{
|
||||
Region: "ap-south-2",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "ap-southeast-1",
|
||||
}: endpoints.Endpoint{
|
||||
@ -211,6 +219,14 @@ var defaultPartitions = endpoints.Partitions{
|
||||
Region: "ap-southeast-3",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "ap-southeast-4",
|
||||
}: endpoints.Endpoint{
|
||||
Hostname: "portal.sso.ap-southeast-4.amazonaws.com",
|
||||
CredentialScope: endpoints.CredentialScope{
|
||||
Region: "ap-southeast-4",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "ca-central-1",
|
||||
}: endpoints.Endpoint{
|
||||
@ -219,6 +235,14 @@ var defaultPartitions = endpoints.Partitions{
|
||||
Region: "ca-central-1",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "ca-west-1",
|
||||
}: endpoints.Endpoint{
|
||||
Hostname: "portal.sso.ca-west-1.amazonaws.com",
|
||||
CredentialScope: endpoints.CredentialScope{
|
||||
Region: "ca-west-1",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "eu-central-1",
|
||||
}: endpoints.Endpoint{
|
||||
@ -251,6 +275,14 @@ var defaultPartitions = endpoints.Partitions{
|
||||
Region: "eu-south-1",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "eu-south-2",
|
||||
}: endpoints.Endpoint{
|
||||
Hostname: "portal.sso.eu-south-2.amazonaws.com",
|
||||
CredentialScope: endpoints.CredentialScope{
|
||||
Region: "eu-south-2",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "eu-west-1",
|
||||
}: endpoints.Endpoint{
|
||||
|
34
vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go
generated
vendored
34
vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go
generated
vendored
@ -24,6 +24,9 @@ type Options struct {
|
||||
// modify this list for per operation behavior.
|
||||
APIOptions []func(*middleware.Stack) error
|
||||
|
||||
// Indicates how aws account ID is applied in endpoint2.0 routing
|
||||
AccountIDEndpointMode aws.AccountIDEndpointMode
|
||||
|
||||
// The optional application specific identifier appended to the User-Agent header.
|
||||
AppID string
|
||||
|
||||
@ -50,8 +53,10 @@ type Options struct {
|
||||
// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
|
||||
// value for this field will likely prevent you from using any endpoint-related
|
||||
// service features released after the introduction of EndpointResolverV2 and
|
||||
// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
|
||||
// endpoint, set the client option BaseEndpoint instead.
|
||||
// BaseEndpoint.
|
||||
//
|
||||
// To migrate an EndpointResolver implementation that uses a custom endpoint, set
|
||||
// the client option BaseEndpoint instead.
|
||||
EndpointResolver EndpointResolver
|
||||
|
||||
// Resolves the endpoint used for a particular service operation. This should be
|
||||
@ -70,17 +75,20 @@ type Options struct {
|
||||
// RetryMaxAttempts specifies the maximum number attempts an API client will call
|
||||
// an operation that fails with a retryable error. A value of 0 is ignored, and
|
||||
// will not be used to configure the API client created default retryer, or modify
|
||||
// per operation call's retry max attempts. If specified in an operation call's
|
||||
// functional options with a value that is different than the constructed client's
|
||||
// Options, the Client's Retryer will be wrapped to use the operation's specific
|
||||
// RetryMaxAttempts value.
|
||||
// per operation call's retry max attempts.
|
||||
//
|
||||
// If specified in an operation call's functional options with a value that is
|
||||
// different than the constructed client's Options, the Client's Retryer will be
|
||||
// wrapped to use the operation's specific RetryMaxAttempts value.
|
||||
RetryMaxAttempts int
|
||||
|
||||
// RetryMode specifies the retry mode the API client will be created with, if
|
||||
// Retryer option is not also specified. When creating a new API Clients this
|
||||
// member will only be used if the Retryer Options member is nil. This value will
|
||||
// be ignored if Retryer is not nil. Currently does not support per operation call
|
||||
// overrides, may in the future.
|
||||
// Retryer option is not also specified.
|
||||
//
|
||||
// When creating a new API Clients this member will only be used if the Retryer
|
||||
// Options member is nil. This value will be ignored if Retryer is not nil.
|
||||
//
|
||||
// Currently does not support per operation call overrides, may in the future.
|
||||
RetryMode aws.RetryMode
|
||||
|
||||
// Retryer guides how HTTP requests should be retried in case of recoverable
|
||||
@ -97,8 +105,9 @@ type Options struct {
|
||||
|
||||
// The initial DefaultsMode used when the client options were constructed. If the
|
||||
// DefaultsMode was set to aws.DefaultsModeAuto this will store what the resolved
|
||||
// value was at that point in time. Currently does not support per operation call
|
||||
// overrides, may in the future.
|
||||
// value was at that point in time.
|
||||
//
|
||||
// Currently does not support per operation call overrides, may in the future.
|
||||
resolvedDefaultsMode aws.DefaultsMode
|
||||
|
||||
// The HTTP client to invoke API calls with. Defaults to client's default HTTP
|
||||
@ -143,6 +152,7 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
|
||||
// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
|
||||
// this field will likely prevent you from using any endpoint-related service
|
||||
// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
|
||||
//
|
||||
// To migrate an EndpointResolver implementation that uses a custom endpoint, set
|
||||
// the client option BaseEndpoint instead.
|
||||
func WithEndpointResolver(v EndpointResolver) func(*Options) {
|
||||
|
20
vendor/github.com/aws/aws-sdk-go-v2/service/sso/types/types.go
generated
vendored
20
vendor/github.com/aws/aws-sdk-go-v2/service/sso/types/types.go
generated
vendored
@ -25,22 +25,24 @@ type AccountInfo struct {
|
||||
type RoleCredentials struct {
|
||||
|
||||
// The identifier used for the temporary security credentials. For more
|
||||
// information, see Using Temporary Security Credentials to Request Access to AWS
|
||||
// Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
|
||||
// in the AWS IAM User Guide.
|
||||
// information, see [Using Temporary Security Credentials to Request Access to AWS Resources]in the AWS IAM User Guide.
|
||||
//
|
||||
// [Using Temporary Security Credentials to Request Access to AWS Resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
|
||||
AccessKeyId *string
|
||||
|
||||
// The date on which temporary security credentials expire.
|
||||
Expiration int64
|
||||
|
||||
// The key that is used to sign the request. For more information, see Using
|
||||
// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
|
||||
// in the AWS IAM User Guide.
|
||||
// The key that is used to sign the request. For more information, see [Using Temporary Security Credentials to Request Access to AWS Resources] in the AWS
|
||||
// IAM User Guide.
|
||||
//
|
||||
// [Using Temporary Security Credentials to Request Access to AWS Resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
|
||||
SecretAccessKey *string
|
||||
|
||||
// The token used for temporary credentials. For more information, see Using
|
||||
// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
|
||||
// in the AWS IAM User Guide.
|
||||
// The token used for temporary credentials. For more information, see [Using Temporary Security Credentials to Request Access to AWS Resources] in the AWS
|
||||
// IAM User Guide.
|
||||
//
|
||||
// [Using Temporary Security Credentials to Request Access to AWS Resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
|
||||
SessionToken *string
|
||||
|
||||
noSmithyDocumentSerde
|
||||
|
97
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
generated
vendored
97
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
generated
vendored
@ -1,3 +1,100 @@
|
||||
# v1.26.4 (2024-07-10.2)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.26.3 (2024-07-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.26.2 (2024-07-03)
|
||||
|
||||
* No change notes available for this release.
|
||||
|
||||
# v1.26.1 (2024-06-28)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.26.0 (2024-06-26)
|
||||
|
||||
* **Feature**: Support list-of-string endpoint parameter.
|
||||
|
||||
# v1.25.1 (2024-06-19)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.25.0 (2024-06-18)
|
||||
|
||||
* **Feature**: Track usage of various AWS SDK features in user-agent string.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.24.6 (2024-06-17)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.24.5 (2024-06-07)
|
||||
|
||||
* **Bug Fix**: Add clock skew correction on all service clients
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.24.4 (2024-06-03)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.24.3 (2024-05-23)
|
||||
|
||||
* No change notes available for this release.
|
||||
|
||||
# v1.24.2 (2024-05-16)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.24.1 (2024-05-15)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.24.0 (2024-05-10)
|
||||
|
||||
* **Feature**: Updated request parameters for PKCE support.
|
||||
|
||||
# v1.23.5 (2024-05-08)
|
||||
|
||||
* **Bug Fix**: GoDoc improvement
|
||||
|
||||
# v1.23.4 (2024-03-29)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.23.3 (2024-03-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.23.2 (2024-03-07)
|
||||
|
||||
* **Bug Fix**: Remove dependency on go-cmp.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.23.1 (2024-02-23)
|
||||
|
||||
* **Bug Fix**: Move all common, SDK-side middleware stack ops into the service client module to prevent cross-module compatibility issues in the future.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.23.0 (2024-02-22)
|
||||
|
||||
* **Feature**: Add middleware stack snapshot tests.
|
||||
|
||||
# v1.22.2 (2024-02-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.22.1 (2024-02-20)
|
||||
|
||||
* **Bug Fix**: When sourcing values for a service's `EndpointParameters`, the lack of a configured region (i.e. `options.Region == ""`) will now translate to a `nil` value for `EndpointParameters.Region` instead of a pointer to the empty string `""`. This will result in a much more explicit error when calling an operation instead of an obscure hostname lookup failure.
|
||||
|
||||
# v1.22.0 (2024-02-13)
|
||||
|
||||
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.21.7 (2024-01-16)
|
||||
|
||||
* No change notes available for this release.
|
||||
|
188
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go
generated
vendored
188
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go
generated
vendored
@ -14,13 +14,16 @@ import (
|
||||
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
|
||||
internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
|
||||
internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources"
|
||||
internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware"
|
||||
smithy "github.com/aws/smithy-go"
|
||||
smithyauth "github.com/aws/smithy-go/auth"
|
||||
smithydocument "github.com/aws/smithy-go/document"
|
||||
"github.com/aws/smithy-go/logging"
|
||||
"github.com/aws/smithy-go/middleware"
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
"net"
|
||||
"net/http"
|
||||
"sync/atomic"
|
||||
"time"
|
||||
)
|
||||
|
||||
@ -30,6 +33,9 @@ const ServiceAPIVersion = "2019-06-10"
|
||||
// Client provides the API client to make operations call for AWS SSO OIDC.
|
||||
type Client struct {
|
||||
options Options
|
||||
|
||||
// Difference between the time reported by the server and the client
|
||||
timeOffset *atomic.Int64
|
||||
}
|
||||
|
||||
// New returns an initialized Client based on the functional options. Provide
|
||||
@ -68,6 +74,8 @@ func New(options Options, optFns ...func(*Options)) *Client {
|
||||
options: options,
|
||||
}
|
||||
|
||||
initializeTimeOffsetResolver(client)
|
||||
|
||||
return client
|
||||
}
|
||||
|
||||
@ -229,15 +237,16 @@ func setResolvedDefaultsMode(o *Options) {
|
||||
// NewFromConfig returns a new client from the provided config.
|
||||
func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
|
||||
opts := Options{
|
||||
Region: cfg.Region,
|
||||
DefaultsMode: cfg.DefaultsMode,
|
||||
RuntimeEnvironment: cfg.RuntimeEnvironment,
|
||||
HTTPClient: cfg.HTTPClient,
|
||||
Credentials: cfg.Credentials,
|
||||
APIOptions: cfg.APIOptions,
|
||||
Logger: cfg.Logger,
|
||||
ClientLogMode: cfg.ClientLogMode,
|
||||
AppID: cfg.AppID,
|
||||
Region: cfg.Region,
|
||||
DefaultsMode: cfg.DefaultsMode,
|
||||
RuntimeEnvironment: cfg.RuntimeEnvironment,
|
||||
HTTPClient: cfg.HTTPClient,
|
||||
Credentials: cfg.Credentials,
|
||||
APIOptions: cfg.APIOptions,
|
||||
Logger: cfg.Logger,
|
||||
ClientLogMode: cfg.ClientLogMode,
|
||||
AppID: cfg.AppID,
|
||||
AccountIDEndpointMode: cfg.AccountIDEndpointMode,
|
||||
}
|
||||
resolveAWSRetryerProvider(cfg, &opts)
|
||||
resolveAWSRetryMaxAttempts(cfg, &opts)
|
||||
@ -361,17 +370,37 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
|
||||
}
|
||||
|
||||
func addClientUserAgent(stack *middleware.Stack, options Options) error {
|
||||
if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ssooidc", goModuleVersion)(stack); err != nil {
|
||||
ua, err := getOrAddRequestUserAgent(stack)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ua.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ssooidc", goModuleVersion)
|
||||
if len(options.AppID) > 0 {
|
||||
return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
|
||||
ua.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func getOrAddRequestUserAgent(stack *middleware.Stack) (*awsmiddleware.RequestUserAgent, error) {
|
||||
id := (*awsmiddleware.RequestUserAgent)(nil).ID()
|
||||
mw, ok := stack.Build.Get(id)
|
||||
if !ok {
|
||||
mw = awsmiddleware.NewRequestUserAgent()
|
||||
if err := stack.Build.Add(mw, middleware.After); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
ua, ok := mw.(*awsmiddleware.RequestUserAgent)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("%T for %s middleware did not match expected type", mw, id)
|
||||
}
|
||||
|
||||
return ua, nil
|
||||
}
|
||||
|
||||
type HTTPSignerV4 interface {
|
||||
SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
|
||||
}
|
||||
@ -390,12 +419,72 @@ func newDefaultV4Signer(o Options) *v4.Signer {
|
||||
})
|
||||
}
|
||||
|
||||
func addRetryMiddlewares(stack *middleware.Stack, o Options) error {
|
||||
mo := retry.AddRetryMiddlewaresOptions{
|
||||
Retryer: o.Retryer,
|
||||
LogRetryAttempts: o.ClientLogMode.IsRetries(),
|
||||
func addClientRequestID(stack *middleware.Stack) error {
|
||||
return stack.Build.Add(&awsmiddleware.ClientRequestID{}, middleware.After)
|
||||
}
|
||||
|
||||
func addComputeContentLength(stack *middleware.Stack) error {
|
||||
return stack.Build.Add(&smithyhttp.ComputeContentLength{}, middleware.After)
|
||||
}
|
||||
|
||||
func addRawResponseToMetadata(stack *middleware.Stack) error {
|
||||
return stack.Deserialize.Add(&awsmiddleware.AddRawResponse{}, middleware.Before)
|
||||
}
|
||||
|
||||
func addRecordResponseTiming(stack *middleware.Stack) error {
|
||||
return stack.Deserialize.Add(&awsmiddleware.RecordResponseTiming{}, middleware.After)
|
||||
}
|
||||
func addStreamingEventsPayload(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Add(&v4.StreamingEventsPayload{}, middleware.Before)
|
||||
}
|
||||
|
||||
func addUnsignedPayload(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Insert(&v4.UnsignedPayload{}, "ResolveEndpointV2", middleware.After)
|
||||
}
|
||||
|
||||
func addComputePayloadSHA256(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Insert(&v4.ComputePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
|
||||
}
|
||||
|
||||
func addContentSHA256Header(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Insert(&v4.ContentSHA256Header{}, (*v4.ComputePayloadSHA256)(nil).ID(), middleware.After)
|
||||
}
|
||||
|
||||
func addIsWaiterUserAgent(o *Options) {
|
||||
o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
|
||||
ua, err := getOrAddRequestUserAgent(stack)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureWaiter)
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
func addIsPaginatorUserAgent(o *Options) {
|
||||
o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
|
||||
ua, err := getOrAddRequestUserAgent(stack)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeaturePaginator)
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
func addRetry(stack *middleware.Stack, o Options) error {
|
||||
attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) {
|
||||
m.LogAttempts = o.ClientLogMode.IsRetries()
|
||||
})
|
||||
if err := stack.Finalize.Insert(attempt, "Signing", middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
return retry.AddRetryMiddlewares(stack, mo)
|
||||
if err := stack.Finalize.Insert(&retry.MetricsHeader{}, attempt.ID(), middleware.After); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// resolves dual-stack endpoint configuration
|
||||
@ -428,12 +517,75 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string {
|
||||
if mode == aws.AccountIDEndpointModeDisabled {
|
||||
return nil
|
||||
}
|
||||
|
||||
if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" {
|
||||
return aws.String(ca.Credentials.AccountID)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error {
|
||||
mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset}
|
||||
if err := stack.Build.Add(&mw, middleware.After); err != nil {
|
||||
return err
|
||||
}
|
||||
return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before)
|
||||
}
|
||||
func initializeTimeOffsetResolver(c *Client) {
|
||||
c.timeOffset = new(atomic.Int64)
|
||||
}
|
||||
|
||||
func checkAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) error {
|
||||
switch mode {
|
||||
case aws.AccountIDEndpointModeUnset:
|
||||
case aws.AccountIDEndpointModePreferred:
|
||||
case aws.AccountIDEndpointModeDisabled:
|
||||
case aws.AccountIDEndpointModeRequired:
|
||||
if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); !ok {
|
||||
return fmt.Errorf("accountID is required but not set")
|
||||
} else if ca.Credentials.AccountID == "" {
|
||||
return fmt.Errorf("accountID is required but not set")
|
||||
}
|
||||
// default check in case invalid mode is configured through request config
|
||||
default:
|
||||
return fmt.Errorf("invalid accountID endpoint mode %s, must be preferred/required/disabled", mode)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func addUserAgentRetryMode(stack *middleware.Stack, options Options) error {
|
||||
ua, err := getOrAddRequestUserAgent(stack)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
switch options.Retryer.(type) {
|
||||
case *retry.Standard:
|
||||
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeStandard)
|
||||
case *retry.AdaptiveMode:
|
||||
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeAdaptive)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func addRecursionDetection(stack *middleware.Stack) error {
|
||||
return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After)
|
||||
}
|
||||
|
||||
func addRequestIDRetrieverMiddleware(stack *middleware.Stack) error {
|
||||
return awsmiddleware.AddRequestIDRetrieverMiddleware(stack)
|
||||
return stack.Deserialize.Insert(&awsmiddleware.RequestIDRetriever{}, "OperationDeserializer", middleware.Before)
|
||||
|
||||
}
|
||||
|
||||
func addResponseErrorMiddleware(stack *middleware.Stack) error {
|
||||
return awshttp.AddResponseErrorMiddleware(stack)
|
||||
return stack.Deserialize.Insert(&awshttp.ResponseErrorWrapper{}, "RequestIDRetriever", middleware.Before)
|
||||
|
||||
}
|
||||
|
||||
func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
|
||||
|
74
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go
generated
vendored
74
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go
generated
vendored
@ -32,34 +32,43 @@ func (c *Client) CreateToken(ctx context.Context, params *CreateTokenInput, optF
|
||||
type CreateTokenInput struct {
|
||||
|
||||
// The unique identifier string for the client or application. This value comes
|
||||
// from the result of the RegisterClient API.
|
||||
// from the result of the RegisterClientAPI.
|
||||
//
|
||||
// This member is required.
|
||||
ClientId *string
|
||||
|
||||
// A secret string generated for the client. This value should come from the
|
||||
// persisted result of the RegisterClient API.
|
||||
// persisted result of the RegisterClientAPI.
|
||||
//
|
||||
// This member is required.
|
||||
ClientSecret *string
|
||||
|
||||
// Supports the following OAuth grant types: Device Code and Refresh Token.
|
||||
// Specify either of the following values, depending on the grant type that you
|
||||
// want: * Device Code - urn:ietf:params:oauth:grant-type:device_code * Refresh
|
||||
// Token - refresh_token For information about how to obtain the device code, see
|
||||
// the StartDeviceAuthorization topic.
|
||||
// want:
|
||||
//
|
||||
// * Device Code - urn:ietf:params:oauth:grant-type:device_code
|
||||
//
|
||||
// * Refresh Token - refresh_token
|
||||
//
|
||||
// For information about how to obtain the device code, see the StartDeviceAuthorization topic.
|
||||
//
|
||||
// This member is required.
|
||||
GrantType *string
|
||||
|
||||
// Used only when calling this API for the Authorization Code grant type. The
|
||||
// short-term code is used to identify this authorization request. This grant type
|
||||
// is currently unsupported for the CreateToken API.
|
||||
// is currently unsupported for the CreateTokenAPI.
|
||||
Code *string
|
||||
|
||||
// Used only when calling this API for the Authorization Code grant type. This
|
||||
// value is generated by the client and presented to validate the original code
|
||||
// challenge value the client passed at authorization time.
|
||||
CodeVerifier *string
|
||||
|
||||
// Used only when calling this API for the Device Code grant type. This short-term
|
||||
// code is used to identify this authorization request. This comes from the result
|
||||
// of the StartDeviceAuthorization API.
|
||||
// of the StartDeviceAuthorizationAPI.
|
||||
DeviceCode *string
|
||||
|
||||
// Used only when calling this API for the Authorization Code grant type. This
|
||||
@ -69,16 +78,18 @@ type CreateTokenInput struct {
|
||||
|
||||
// Used only when calling this API for the Refresh Token grant type. This token is
|
||||
// used to refresh short-term tokens, such as the access token, that might expire.
|
||||
//
|
||||
// For more information about the features and limitations of the current IAM
|
||||
// Identity Center OIDC implementation, see Considerations for Using this Guide in
|
||||
// the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
|
||||
// .
|
||||
// the [IAM Identity Center OIDC API Reference].
|
||||
//
|
||||
// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
|
||||
RefreshToken *string
|
||||
|
||||
// The list of scopes for which authorization is requested. The access token that
|
||||
// is issued is limited to the scopes that are granted. If this value is not
|
||||
// specified, IAM Identity Center authorizes all scopes that are configured for the
|
||||
// client during the call to RegisterClient .
|
||||
// client during the call to RegisterClient.
|
||||
Scope []string
|
||||
|
||||
noSmithyDocumentSerde
|
||||
@ -86,7 +97,8 @@ type CreateTokenInput struct {
|
||||
|
||||
type CreateTokenOutput struct {
|
||||
|
||||
// A bearer token to access AWS accounts and applications assigned to a user.
|
||||
// A bearer token to access Amazon Web Services accounts and applications assigned
|
||||
// to a user.
|
||||
AccessToken *string
|
||||
|
||||
// Indicates the time in seconds when an access token will expire.
|
||||
@ -94,18 +106,22 @@ type CreateTokenOutput struct {
|
||||
|
||||
// The idToken is not implemented or supported. For more information about the
|
||||
// features and limitations of the current IAM Identity Center OIDC implementation,
|
||||
// see Considerations for Using this Guide in the IAM Identity Center OIDC API
|
||||
// Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
|
||||
// . A JSON Web Token (JWT) that identifies who is associated with the issued
|
||||
// access token.
|
||||
// see Considerations for Using this Guide in the [IAM Identity Center OIDC API Reference].
|
||||
//
|
||||
// A JSON Web Token (JWT) that identifies who is associated with the issued access
|
||||
// token.
|
||||
//
|
||||
// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
|
||||
IdToken *string
|
||||
|
||||
// A token that, if present, can be used to refresh a previously issued access
|
||||
// token that might have expired. For more information about the features and
|
||||
// limitations of the current IAM Identity Center OIDC implementation, see
|
||||
// Considerations for Using this Guide in the IAM Identity Center OIDC API
|
||||
// Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
|
||||
// .
|
||||
// token that might have expired.
|
||||
//
|
||||
// For more information about the features and limitations of the current IAM
|
||||
// Identity Center OIDC implementation, see Considerations for Using this Guide in
|
||||
// the [IAM Identity Center OIDC API Reference].
|
||||
//
|
||||
// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
|
||||
RefreshToken *string
|
||||
|
||||
// Used to notify the client that the returned token is an access token. The
|
||||
@ -140,22 +156,22 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -170,13 +186,19 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addOpCreateTokenValidationMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateToken(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
|
84
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go
generated
vendored
84
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go
generated
vendored
@ -6,15 +6,14 @@ import (
|
||||
"context"
|
||||
"fmt"
|
||||
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
||||
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
|
||||
"github.com/aws/smithy-go/middleware"
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
)
|
||||
|
||||
// Creates and returns access and refresh tokens for clients and applications that
|
||||
// are authenticated using IAM entities. The access token can be used to fetch
|
||||
// short-term credentials for the assigned AWS accounts or to access application
|
||||
// APIs using bearer authentication.
|
||||
// short-term credentials for the assigned Amazon Web Services accounts or to
|
||||
// access application APIs using bearer authentication.
|
||||
func (c *Client) CreateTokenWithIAM(ctx context.Context, params *CreateTokenWithIAMInput, optFns ...func(*Options)) (*CreateTokenWithIAMOutput, error) {
|
||||
if params == nil {
|
||||
params = &CreateTokenWithIAMInput{}
|
||||
@ -40,10 +39,15 @@ type CreateTokenWithIAMInput struct {
|
||||
|
||||
// Supports the following OAuth grant types: Authorization Code, Refresh Token,
|
||||
// JWT Bearer, and Token Exchange. Specify one of the following values, depending
|
||||
// on the grant type that you want: * Authorization Code - authorization_code *
|
||||
// Refresh Token - refresh_token * JWT Bearer -
|
||||
// urn:ietf:params:oauth:grant-type:jwt-bearer * Token Exchange -
|
||||
// urn:ietf:params:oauth:grant-type:token-exchange
|
||||
// on the grant type that you want:
|
||||
//
|
||||
// * Authorization Code - authorization_code
|
||||
//
|
||||
// * Refresh Token - refresh_token
|
||||
//
|
||||
// * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer
|
||||
//
|
||||
// * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange
|
||||
//
|
||||
// This member is required.
|
||||
GrantType *string
|
||||
@ -60,6 +64,11 @@ type CreateTokenWithIAMInput struct {
|
||||
// in the Authorization Code GrantOptions for the application.
|
||||
Code *string
|
||||
|
||||
// Used only when calling this API for the Authorization Code grant type. This
|
||||
// value is generated by the client and presented to validate the original code
|
||||
// challenge value the client passed at authorization time.
|
||||
CodeVerifier *string
|
||||
|
||||
// Used only when calling this API for the Authorization Code grant type. This
|
||||
// value specifies the location of the client or application that has registered to
|
||||
// receive the authorization code.
|
||||
@ -67,16 +76,21 @@ type CreateTokenWithIAMInput struct {
|
||||
|
||||
// Used only when calling this API for the Refresh Token grant type. This token is
|
||||
// used to refresh short-term tokens, such as the access token, that might expire.
|
||||
//
|
||||
// For more information about the features and limitations of the current IAM
|
||||
// Identity Center OIDC implementation, see Considerations for Using this Guide in
|
||||
// the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
|
||||
// .
|
||||
// the [IAM Identity Center OIDC API Reference].
|
||||
//
|
||||
// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
|
||||
RefreshToken *string
|
||||
|
||||
// Used only when calling this API for the Token Exchange grant type. This value
|
||||
// specifies the type of token that the requester can receive. The following values
|
||||
// are supported: * Access Token - urn:ietf:params:oauth:token-type:access_token *
|
||||
// Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
|
||||
// are supported:
|
||||
//
|
||||
// * Access Token - urn:ietf:params:oauth:token-type:access_token
|
||||
//
|
||||
// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
|
||||
RequestedTokenType *string
|
||||
|
||||
// The list of scopes for which authorization is requested. The access token that
|
||||
@ -95,8 +109,9 @@ type CreateTokenWithIAMInput struct {
|
||||
|
||||
// Used only when calling this API for the Token Exchange grant type. This value
|
||||
// specifies the type of token that is passed as the subject of the exchange. The
|
||||
// following value is supported: * Access Token -
|
||||
// urn:ietf:params:oauth:token-type:access_token
|
||||
// following value is supported:
|
||||
//
|
||||
// * Access Token - urn:ietf:params:oauth:token-type:access_token
|
||||
SubjectTokenType *string
|
||||
|
||||
noSmithyDocumentSerde
|
||||
@ -104,7 +119,8 @@ type CreateTokenWithIAMInput struct {
|
||||
|
||||
type CreateTokenWithIAMOutput struct {
|
||||
|
||||
// A bearer token to access AWS accounts and applications assigned to a user.
|
||||
// A bearer token to access Amazon Web Services accounts and applications assigned
|
||||
// to a user.
|
||||
AccessToken *string
|
||||
|
||||
// Indicates the time in seconds when an access token will expire.
|
||||
@ -115,17 +131,21 @@ type CreateTokenWithIAMOutput struct {
|
||||
IdToken *string
|
||||
|
||||
// Indicates the type of tokens that are issued by IAM Identity Center. The
|
||||
// following values are supported: * Access Token -
|
||||
// urn:ietf:params:oauth:token-type:access_token * Refresh Token -
|
||||
// urn:ietf:params:oauth:token-type:refresh_token
|
||||
// following values are supported:
|
||||
//
|
||||
// * Access Token - urn:ietf:params:oauth:token-type:access_token
|
||||
//
|
||||
// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
|
||||
IssuedTokenType *string
|
||||
|
||||
// A token that, if present, can be used to refresh a previously issued access
|
||||
// token that might have expired. For more information about the features and
|
||||
// limitations of the current IAM Identity Center OIDC implementation, see
|
||||
// Considerations for Using this Guide in the IAM Identity Center OIDC API
|
||||
// Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
|
||||
// .
|
||||
// token that might have expired.
|
||||
//
|
||||
// For more information about the features and limitations of the current IAM
|
||||
// Identity Center OIDC implementation, see Considerations for Using this Guide in
|
||||
// the [IAM Identity Center OIDC API Reference].
|
||||
//
|
||||
// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
|
||||
RefreshToken *string
|
||||
|
||||
// The list of scopes for which authorization is granted. The access token that is
|
||||
@ -164,25 +184,25 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
|
||||
if err = addComputePayloadSHA256(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -197,13 +217,19 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addOpCreateTokenWithIAMValidationMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateTokenWithIAM(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
|
37
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go
generated
vendored
37
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go
generated
vendored
@ -41,6 +41,25 @@ type RegisterClientInput struct {
|
||||
// This member is required.
|
||||
ClientType *string
|
||||
|
||||
// This IAM Identity Center application ARN is used to define
|
||||
// administrator-managed configuration for public client access to resources. At
|
||||
// authorization, the scopes, grants, and redirect URI available to this client
|
||||
// will be restricted by this application resource.
|
||||
EntitledApplicationArn *string
|
||||
|
||||
// The list of OAuth 2.0 grant types that are defined by the client. This list is
|
||||
// used to restrict the token granting flows available to the client.
|
||||
GrantTypes []string
|
||||
|
||||
// The IAM Identity Center Issuer URL associated with an instance of IAM Identity
|
||||
// Center. This value is needed for user access to resources through the client.
|
||||
IssuerUrl *string
|
||||
|
||||
// The list of redirect URI that are defined by the client. At completion of
|
||||
// authorization, this list is used to restrict what locations the user agent can
|
||||
// be redirected back to.
|
||||
RedirectUris []string
|
||||
|
||||
// The list of scopes that are defined by the client. Upon authorization, this
|
||||
// list is used to restrict permissions when granting an access token.
|
||||
Scopes []string
|
||||
@ -98,22 +117,22 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack,
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -128,13 +147,19 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack,
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addOpRegisterClientValidationMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opRegisterClient(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
|
29
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go
generated
vendored
29
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go
generated
vendored
@ -30,22 +30,23 @@ func (c *Client) StartDeviceAuthorization(ctx context.Context, params *StartDevi
|
||||
type StartDeviceAuthorizationInput struct {
|
||||
|
||||
// The unique identifier string for the client that is registered with IAM
|
||||
// Identity Center. This value should come from the persisted result of the
|
||||
// RegisterClient API operation.
|
||||
// Identity Center. This value should come from the persisted result of the RegisterClientAPI
|
||||
// operation.
|
||||
//
|
||||
// This member is required.
|
||||
ClientId *string
|
||||
|
||||
// A secret string that is generated for the client. This value should come from
|
||||
// the persisted result of the RegisterClient API operation.
|
||||
// the persisted result of the RegisterClientAPI operation.
|
||||
//
|
||||
// This member is required.
|
||||
ClientSecret *string
|
||||
|
||||
// The URL for the Amazon Web Services access portal. For more information, see
|
||||
// Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
|
||||
// The URL for the Amazon Web Services access portal. For more information, see [Using the Amazon Web Services access portal]
|
||||
// in the IAM Identity Center User Guide.
|
||||
//
|
||||
// [Using the Amazon Web Services access portal]: https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html
|
||||
//
|
||||
// This member is required.
|
||||
StartUrl *string
|
||||
|
||||
@ -106,22 +107,22 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -136,13 +137,19 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addOpStartDeviceAuthorizationValidationMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opStartDeviceAuthorization(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
|
8
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go
generated
vendored
8
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go
generated
vendored
@ -12,7 +12,7 @@ import (
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
)
|
||||
|
||||
func bindAuthParamsRegion(params *AuthResolverParameters, _ interface{}, options Options) {
|
||||
func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) {
|
||||
params.Region = options.Region
|
||||
}
|
||||
|
||||
@ -90,12 +90,12 @@ type AuthResolverParameters struct {
|
||||
Region string
|
||||
}
|
||||
|
||||
func bindAuthResolverParams(operation string, input interface{}, options Options) *AuthResolverParameters {
|
||||
func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) *AuthResolverParameters {
|
||||
params := &AuthResolverParameters{
|
||||
Operation: operation,
|
||||
}
|
||||
|
||||
bindAuthParamsRegion(params, input, options)
|
||||
bindAuthParamsRegion(ctx, params, input, options)
|
||||
|
||||
return params
|
||||
}
|
||||
@ -163,7 +163,7 @@ func (*resolveAuthSchemeMiddleware) ID() string {
|
||||
func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
|
||||
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
|
||||
) {
|
||||
params := bindAuthResolverParams(m.operation, getOperationInput(ctx), m.options)
|
||||
params := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options)
|
||||
options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params)
|
||||
if err != nil {
|
||||
return out, metadata, fmt.Errorf("resolve auth scheme: %w", err)
|
||||
|
101
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/deserializers.go
generated
vendored
101
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/deserializers.go
generated
vendored
@ -13,11 +13,21 @@ import (
|
||||
smithyio "github.com/aws/smithy-go/io"
|
||||
"github.com/aws/smithy-go/middleware"
|
||||
"github.com/aws/smithy-go/ptr"
|
||||
smithytime "github.com/aws/smithy-go/time"
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
"io"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
func deserializeS3Expires(v string) (*time.Time, error) {
|
||||
t, err := smithytime.ParseHTTPDate(v)
|
||||
if err != nil {
|
||||
return nil, nil
|
||||
}
|
||||
return &t, nil
|
||||
}
|
||||
|
||||
type awsRestjson1_deserializeOpCreateToken struct {
|
||||
}
|
||||
|
||||
@ -581,12 +591,18 @@ func awsRestjson1_deserializeOpErrorRegisterClient(response *smithyhttp.Response
|
||||
case strings.EqualFold("InvalidClientMetadataException", errorCode):
|
||||
return awsRestjson1_deserializeErrorInvalidClientMetadataException(response, errorBody)
|
||||
|
||||
case strings.EqualFold("InvalidRedirectUriException", errorCode):
|
||||
return awsRestjson1_deserializeErrorInvalidRedirectUriException(response, errorBody)
|
||||
|
||||
case strings.EqualFold("InvalidRequestException", errorCode):
|
||||
return awsRestjson1_deserializeErrorInvalidRequestException(response, errorBody)
|
||||
|
||||
case strings.EqualFold("InvalidScopeException", errorCode):
|
||||
return awsRestjson1_deserializeErrorInvalidScopeException(response, errorBody)
|
||||
|
||||
case strings.EqualFold("UnsupportedGrantTypeException", errorCode):
|
||||
return awsRestjson1_deserializeErrorUnsupportedGrantTypeException(response, errorBody)
|
||||
|
||||
default:
|
||||
genericError := &smithy.GenericAPIError{
|
||||
Code: errorCode,
|
||||
@ -1158,6 +1174,42 @@ func awsRestjson1_deserializeErrorInvalidGrantException(response *smithyhttp.Res
|
||||
return output
|
||||
}
|
||||
|
||||
func awsRestjson1_deserializeErrorInvalidRedirectUriException(response *smithyhttp.Response, errorBody *bytes.Reader) error {
|
||||
output := &types.InvalidRedirectUriException{}
|
||||
var buff [1024]byte
|
||||
ringBuffer := smithyio.NewRingBuffer(buff[:])
|
||||
|
||||
body := io.TeeReader(errorBody, ringBuffer)
|
||||
decoder := json.NewDecoder(body)
|
||||
decoder.UseNumber()
|
||||
var shape interface{}
|
||||
if err := decoder.Decode(&shape); err != nil && err != io.EOF {
|
||||
var snapshot bytes.Buffer
|
||||
io.Copy(&snapshot, ringBuffer)
|
||||
err = &smithy.DeserializationError{
|
||||
Err: fmt.Errorf("failed to decode response body, %w", err),
|
||||
Snapshot: snapshot.Bytes(),
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
err := awsRestjson1_deserializeDocumentInvalidRedirectUriException(&output, shape)
|
||||
|
||||
if err != nil {
|
||||
var snapshot bytes.Buffer
|
||||
io.Copy(&snapshot, ringBuffer)
|
||||
err = &smithy.DeserializationError{
|
||||
Err: fmt.Errorf("failed to decode response body, %w", err),
|
||||
Snapshot: snapshot.Bytes(),
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
errorBody.Seek(0, io.SeekStart)
|
||||
|
||||
return output
|
||||
}
|
||||
|
||||
func awsRestjson1_deserializeErrorInvalidRequestException(response *smithyhttp.Response, errorBody *bytes.Reader) error {
|
||||
output := &types.InvalidRequestException{}
|
||||
var buff [1024]byte
|
||||
@ -1717,6 +1769,55 @@ func awsRestjson1_deserializeDocumentInvalidGrantException(v **types.InvalidGran
|
||||
return nil
|
||||
}
|
||||
|
||||
func awsRestjson1_deserializeDocumentInvalidRedirectUriException(v **types.InvalidRedirectUriException, value interface{}) error {
|
||||
if v == nil {
|
||||
return fmt.Errorf("unexpected nil of type %T", v)
|
||||
}
|
||||
if value == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
shape, ok := value.(map[string]interface{})
|
||||
if !ok {
|
||||
return fmt.Errorf("unexpected JSON type %v", value)
|
||||
}
|
||||
|
||||
var sv *types.InvalidRedirectUriException
|
||||
if *v == nil {
|
||||
sv = &types.InvalidRedirectUriException{}
|
||||
} else {
|
||||
sv = *v
|
||||
}
|
||||
|
||||
for key, value := range shape {
|
||||
switch key {
|
||||
case "error":
|
||||
if value != nil {
|
||||
jtv, ok := value.(string)
|
||||
if !ok {
|
||||
return fmt.Errorf("expected Error to be of type string, got %T instead", value)
|
||||
}
|
||||
sv.Error_ = ptr.String(jtv)
|
||||
}
|
||||
|
||||
case "error_description":
|
||||
if value != nil {
|
||||
jtv, ok := value.(string)
|
||||
if !ok {
|
||||
return fmt.Errorf("expected ErrorDescription to be of type string, got %T instead", value)
|
||||
}
|
||||
sv.Error_description = ptr.String(jtv)
|
||||
}
|
||||
|
||||
default:
|
||||
_, _ = key, value
|
||||
|
||||
}
|
||||
}
|
||||
*v = sv
|
||||
return nil
|
||||
}
|
||||
|
||||
func awsRestjson1_deserializeDocumentInvalidRequestException(v **types.InvalidRequestException, value interface{}) error {
|
||||
if v == nil {
|
||||
return fmt.Errorf("unexpected nil of type %T", v)
|
||||
|
40
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go
generated
vendored
40
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go
generated
vendored
@ -6,33 +6,41 @@
|
||||
// IAM Identity Center OpenID Connect (OIDC) is a web service that enables a
|
||||
// client (such as CLI or a native application) to register with IAM Identity
|
||||
// Center. The service also enables the client to fetch the user’s access token
|
||||
// upon successful authentication and authorization with IAM Identity Center. IAM
|
||||
// Identity Center uses the sso and identitystore API namespaces. Considerations
|
||||
// for Using This Guide Before you begin using this guide, we recommend that you
|
||||
// first review the following important information about how the IAM Identity
|
||||
// Center OIDC service works.
|
||||
// upon successful authentication and authorization with IAM Identity Center.
|
||||
//
|
||||
// IAM Identity Center uses the sso and identitystore API namespaces.
|
||||
//
|
||||
// # Considerations for Using This Guide
|
||||
//
|
||||
// Before you begin using this guide, we recommend that you first review the
|
||||
// following important information about how the IAM Identity Center OIDC service
|
||||
// works.
|
||||
//
|
||||
// - The IAM Identity Center OIDC service currently implements only the portions
|
||||
// of the OAuth 2.0 Device Authorization Grant standard (
|
||||
// https://tools.ietf.org/html/rfc8628 (https://tools.ietf.org/html/rfc8628) )
|
||||
// that are necessary to enable single sign-on authentication with the CLI.
|
||||
// of the OAuth 2.0 Device Authorization Grant standard ([https://tools.ietf.org/html/rfc8628] ) that are necessary to
|
||||
// enable single sign-on authentication with the CLI.
|
||||
//
|
||||
// - With older versions of the CLI, the service only emits OIDC access tokens,
|
||||
// so to obtain a new token, users must explicitly re-authenticate. To access the
|
||||
// OIDC flow that supports token refresh and doesn’t require re-authentication,
|
||||
// update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI V2) with
|
||||
// support for OIDC token refresh and configurable IAM Identity Center session
|
||||
// durations. For more information, see Configure Amazon Web Services access
|
||||
// portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html)
|
||||
// .
|
||||
// durations. For more information, see [Configure Amazon Web Services access portal session duration].
|
||||
//
|
||||
// - The access tokens provided by this service grant access to all Amazon Web
|
||||
// Services account entitlements assigned to an IAM Identity Center user, not just
|
||||
// a particular application.
|
||||
//
|
||||
// - The documentation in this guide does not describe the mechanism to convert
|
||||
// the access token into Amazon Web Services Auth (“sigv4”) credentials for use
|
||||
// with IAM-protected Amazon Web Services service endpoints. For more information,
|
||||
// see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
|
||||
// in the IAM Identity Center Portal API Reference Guide.
|
||||
// see [GetRoleCredentials]in the IAM Identity Center Portal API Reference Guide.
|
||||
//
|
||||
// For general information about IAM Identity Center, see What is IAM Identity
|
||||
// Center? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html)
|
||||
// in the IAM Identity Center User Guide.
|
||||
// For general information about IAM Identity Center, see [What is IAM Identity Center?] in the IAM Identity
|
||||
// Center User Guide.
|
||||
//
|
||||
// [Configure Amazon Web Services access portal session duration]: https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html
|
||||
// [GetRoleCredentials]: https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html
|
||||
// [https://tools.ietf.org/html/rfc8628]: https://tools.ietf.org/html/rfc8628
|
||||
// [What is IAM Identity Center?]: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
|
||||
package ssooidc
|
||||
|
28
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go
generated
vendored
28
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go
generated
vendored
@ -216,6 +216,13 @@ func resolveBaseEndpoint(cfg aws.Config, o *Options) {
|
||||
}
|
||||
}
|
||||
|
||||
func bindRegion(region string) *string {
|
||||
if region == "" {
|
||||
return nil
|
||||
}
|
||||
return aws.String(endpoints.MapFIPSRegion(region))
|
||||
}
|
||||
|
||||
// EndpointParameters provides the parameters that influence how endpoints are
|
||||
// resolved.
|
||||
type EndpointParameters struct {
|
||||
@ -281,6 +288,17 @@ func (p EndpointParameters) WithDefaults() EndpointParameters {
|
||||
return p
|
||||
}
|
||||
|
||||
type stringSlice []string
|
||||
|
||||
func (s stringSlice) Get(i int) *string {
|
||||
if i < 0 || i >= len(s) {
|
||||
return nil
|
||||
}
|
||||
|
||||
v := s[i]
|
||||
return &v
|
||||
}
|
||||
|
||||
// EndpointResolverV2 provides the interface for resolving service endpoints.
|
||||
type EndpointResolverV2 interface {
|
||||
// ResolveEndpoint attempts to resolve the endpoint with the provided options,
|
||||
@ -458,10 +476,10 @@ type endpointParamsBinder interface {
|
||||
bindEndpointParams(*EndpointParameters)
|
||||
}
|
||||
|
||||
func bindEndpointParams(input interface{}, options Options) *EndpointParameters {
|
||||
func bindEndpointParams(ctx context.Context, input interface{}, options Options) *EndpointParameters {
|
||||
params := &EndpointParameters{}
|
||||
|
||||
params.Region = aws.String(endpoints.MapFIPSRegion(options.Region))
|
||||
params.Region = bindRegion(options.Region)
|
||||
params.UseDualStack = aws.Bool(options.EndpointOptions.UseDualStackEndpoint == aws.DualStackEndpointStateEnabled)
|
||||
params.UseFIPS = aws.Bool(options.EndpointOptions.UseFIPSEndpoint == aws.FIPSEndpointStateEnabled)
|
||||
params.Endpoint = options.BaseEndpoint
|
||||
@ -488,6 +506,10 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
|
||||
return next.HandleFinalize(ctx, in)
|
||||
}
|
||||
|
||||
if err := checkAccountID(getIdentity(ctx), m.options.AccountIDEndpointMode); err != nil {
|
||||
return out, metadata, fmt.Errorf("invalid accountID set: %w", err)
|
||||
}
|
||||
|
||||
req, ok := in.Request.(*smithyhttp.Request)
|
||||
if !ok {
|
||||
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
|
||||
@ -497,7 +519,7 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
|
||||
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
|
||||
}
|
||||
|
||||
params := bindEndpointParams(getOperationInput(ctx), m.options)
|
||||
params := bindEndpointParams(ctx, getOperationInput(ctx), m.options)
|
||||
endpt, err := m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
|
||||
if err != nil {
|
||||
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
|
||||
|
4
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json
generated
vendored
4
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json
generated
vendored
@ -3,8 +3,7 @@
|
||||
"github.com/aws/aws-sdk-go-v2": "v1.4.0",
|
||||
"github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000",
|
||||
"github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
|
||||
"github.com/aws/smithy-go": "v1.4.0",
|
||||
"github.com/google/go-cmp": "v0.5.4"
|
||||
"github.com/aws/smithy-go": "v1.4.0"
|
||||
},
|
||||
"files": [
|
||||
"api_client.go",
|
||||
@ -25,6 +24,7 @@
|
||||
"options.go",
|
||||
"protocol_test.go",
|
||||
"serializers.go",
|
||||
"snapshot_test.go",
|
||||
"types/errors.go",
|
||||
"types/types.go",
|
||||
"validators.go"
|
||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
||||
package ssooidc
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "1.21.7"
|
||||
const goModuleVersion = "1.26.4"
|
||||
|
32
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
generated
vendored
32
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
generated
vendored
@ -187,6 +187,14 @@ var defaultPartitions = endpoints.Partitions{
|
||||
Region: "ap-south-1",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "ap-south-2",
|
||||
}: endpoints.Endpoint{
|
||||
Hostname: "oidc.ap-south-2.amazonaws.com",
|
||||
CredentialScope: endpoints.CredentialScope{
|
||||
Region: "ap-south-2",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "ap-southeast-1",
|
||||
}: endpoints.Endpoint{
|
||||
@ -211,6 +219,14 @@ var defaultPartitions = endpoints.Partitions{
|
||||
Region: "ap-southeast-3",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "ap-southeast-4",
|
||||
}: endpoints.Endpoint{
|
||||
Hostname: "oidc.ap-southeast-4.amazonaws.com",
|
||||
CredentialScope: endpoints.CredentialScope{
|
||||
Region: "ap-southeast-4",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "ca-central-1",
|
||||
}: endpoints.Endpoint{
|
||||
@ -219,6 +235,14 @@ var defaultPartitions = endpoints.Partitions{
|
||||
Region: "ca-central-1",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "ca-west-1",
|
||||
}: endpoints.Endpoint{
|
||||
Hostname: "oidc.ca-west-1.amazonaws.com",
|
||||
CredentialScope: endpoints.CredentialScope{
|
||||
Region: "ca-west-1",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "eu-central-1",
|
||||
}: endpoints.Endpoint{
|
||||
@ -251,6 +275,14 @@ var defaultPartitions = endpoints.Partitions{
|
||||
Region: "eu-south-1",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "eu-south-2",
|
||||
}: endpoints.Endpoint{
|
||||
Hostname: "oidc.eu-south-2.amazonaws.com",
|
||||
CredentialScope: endpoints.CredentialScope{
|
||||
Region: "eu-south-2",
|
||||
},
|
||||
},
|
||||
endpoints.EndpointKey{
|
||||
Region: "eu-west-1",
|
||||
}: endpoints.Endpoint{
|
||||
|
34
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go
generated
vendored
34
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go
generated
vendored
@ -24,6 +24,9 @@ type Options struct {
|
||||
// modify this list for per operation behavior.
|
||||
APIOptions []func(*middleware.Stack) error
|
||||
|
||||
// Indicates how aws account ID is applied in endpoint2.0 routing
|
||||
AccountIDEndpointMode aws.AccountIDEndpointMode
|
||||
|
||||
// The optional application specific identifier appended to the User-Agent header.
|
||||
AppID string
|
||||
|
||||
@ -50,8 +53,10 @@ type Options struct {
|
||||
// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
|
||||
// value for this field will likely prevent you from using any endpoint-related
|
||||
// service features released after the introduction of EndpointResolverV2 and
|
||||
// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
|
||||
// endpoint, set the client option BaseEndpoint instead.
|
||||
// BaseEndpoint.
|
||||
//
|
||||
// To migrate an EndpointResolver implementation that uses a custom endpoint, set
|
||||
// the client option BaseEndpoint instead.
|
||||
EndpointResolver EndpointResolver
|
||||
|
||||
// Resolves the endpoint used for a particular service operation. This should be
|
||||
@ -70,17 +75,20 @@ type Options struct {
|
||||
// RetryMaxAttempts specifies the maximum number attempts an API client will call
|
||||
// an operation that fails with a retryable error. A value of 0 is ignored, and
|
||||
// will not be used to configure the API client created default retryer, or modify
|
||||
// per operation call's retry max attempts. If specified in an operation call's
|
||||
// functional options with a value that is different than the constructed client's
|
||||
// Options, the Client's Retryer will be wrapped to use the operation's specific
|
||||
// RetryMaxAttempts value.
|
||||
// per operation call's retry max attempts.
|
||||
//
|
||||
// If specified in an operation call's functional options with a value that is
|
||||
// different than the constructed client's Options, the Client's Retryer will be
|
||||
// wrapped to use the operation's specific RetryMaxAttempts value.
|
||||
RetryMaxAttempts int
|
||||
|
||||
// RetryMode specifies the retry mode the API client will be created with, if
|
||||
// Retryer option is not also specified. When creating a new API Clients this
|
||||
// member will only be used if the Retryer Options member is nil. This value will
|
||||
// be ignored if Retryer is not nil. Currently does not support per operation call
|
||||
// overrides, may in the future.
|
||||
// Retryer option is not also specified.
|
||||
//
|
||||
// When creating a new API Clients this member will only be used if the Retryer
|
||||
// Options member is nil. This value will be ignored if Retryer is not nil.
|
||||
//
|
||||
// Currently does not support per operation call overrides, may in the future.
|
||||
RetryMode aws.RetryMode
|
||||
|
||||
// Retryer guides how HTTP requests should be retried in case of recoverable
|
||||
@ -97,8 +105,9 @@ type Options struct {
|
||||
|
||||
// The initial DefaultsMode used when the client options were constructed. If the
|
||||
// DefaultsMode was set to aws.DefaultsModeAuto this will store what the resolved
|
||||
// value was at that point in time. Currently does not support per operation call
|
||||
// overrides, may in the future.
|
||||
// value was at that point in time.
|
||||
//
|
||||
// Currently does not support per operation call overrides, may in the future.
|
||||
resolvedDefaultsMode aws.DefaultsMode
|
||||
|
||||
// The HTTP client to invoke API calls with. Defaults to client's default HTTP
|
||||
@ -143,6 +152,7 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
|
||||
// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
|
||||
// this field will likely prevent you from using any endpoint-related service
|
||||
// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
|
||||
//
|
||||
// To migrate an EndpointResolver implementation that uses a custom endpoint, set
|
||||
// the client option BaseEndpoint instead.
|
||||
func WithEndpointResolver(v EndpointResolver) func(*Options) {
|
||||
|
56
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/serializers.go
generated
vendored
56
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/serializers.go
generated
vendored
@ -95,6 +95,11 @@ func awsRestjson1_serializeOpDocumentCreateTokenInput(v *CreateTokenInput, value
|
||||
ok.String(*v.Code)
|
||||
}
|
||||
|
||||
if v.CodeVerifier != nil {
|
||||
ok := object.Key("codeVerifier")
|
||||
ok.String(*v.CodeVerifier)
|
||||
}
|
||||
|
||||
if v.DeviceCode != nil {
|
||||
ok := object.Key("deviceCode")
|
||||
ok.String(*v.DeviceCode)
|
||||
@ -207,6 +212,11 @@ func awsRestjson1_serializeOpDocumentCreateTokenWithIAMInput(v *CreateTokenWithI
|
||||
ok.String(*v.Code)
|
||||
}
|
||||
|
||||
if v.CodeVerifier != nil {
|
||||
ok := object.Key("codeVerifier")
|
||||
ok.String(*v.CodeVerifier)
|
||||
}
|
||||
|
||||
if v.GrantType != nil {
|
||||
ok := object.Key("grantType")
|
||||
ok.String(*v.GrantType)
|
||||
@ -324,6 +334,30 @@ func awsRestjson1_serializeOpDocumentRegisterClientInput(v *RegisterClientInput,
|
||||
ok.String(*v.ClientType)
|
||||
}
|
||||
|
||||
if v.EntitledApplicationArn != nil {
|
||||
ok := object.Key("entitledApplicationArn")
|
||||
ok.String(*v.EntitledApplicationArn)
|
||||
}
|
||||
|
||||
if v.GrantTypes != nil {
|
||||
ok := object.Key("grantTypes")
|
||||
if err := awsRestjson1_serializeDocumentGrantTypes(v.GrantTypes, ok); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if v.IssuerUrl != nil {
|
||||
ok := object.Key("issuerUrl")
|
||||
ok.String(*v.IssuerUrl)
|
||||
}
|
||||
|
||||
if v.RedirectUris != nil {
|
||||
ok := object.Key("redirectUris")
|
||||
if err := awsRestjson1_serializeDocumentRedirectUris(v.RedirectUris, ok); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if v.Scopes != nil {
|
||||
ok := object.Key("scopes")
|
||||
if err := awsRestjson1_serializeDocumentScopes(v.Scopes, ok); err != nil {
|
||||
@ -419,6 +453,28 @@ func awsRestjson1_serializeOpDocumentStartDeviceAuthorizationInput(v *StartDevic
|
||||
return nil
|
||||
}
|
||||
|
||||
func awsRestjson1_serializeDocumentGrantTypes(v []string, value smithyjson.Value) error {
|
||||
array := value.Array()
|
||||
defer array.Close()
|
||||
|
||||
for i := range v {
|
||||
av := array.Value()
|
||||
av.String(v[i])
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func awsRestjson1_serializeDocumentRedirectUris(v []string, value smithyjson.Value) error {
|
||||
array := value.Array()
|
||||
defer array.Close()
|
||||
|
||||
for i := range v {
|
||||
av := array.Value()
|
||||
av.String(v[i])
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func awsRestjson1_serializeDocumentScopes(v []string, value smithyjson.Value) error {
|
||||
array := value.Array()
|
||||
defer array.Close()
|
||||
|
32
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go
generated
vendored
32
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go
generated
vendored
@ -188,7 +188,7 @@ func (e *InvalidClientMetadataException) ErrorCode() string {
|
||||
func (e *InvalidClientMetadataException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
|
||||
|
||||
// Indicates that a request contains an invalid grant. This can occur if a client
|
||||
// makes a CreateToken request with an invalid grant type.
|
||||
// makes a CreateTokenrequest with an invalid grant type.
|
||||
type InvalidGrantException struct {
|
||||
Message *string
|
||||
|
||||
@ -217,6 +217,36 @@ func (e *InvalidGrantException) ErrorCode() string {
|
||||
}
|
||||
func (e *InvalidGrantException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
|
||||
|
||||
// Indicates that one or more redirect URI in the request is not supported for
|
||||
// this operation.
|
||||
type InvalidRedirectUriException struct {
|
||||
Message *string
|
||||
|
||||
ErrorCodeOverride *string
|
||||
|
||||
Error_ *string
|
||||
Error_description *string
|
||||
|
||||
noSmithyDocumentSerde
|
||||
}
|
||||
|
||||
func (e *InvalidRedirectUriException) Error() string {
|
||||
return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage())
|
||||
}
|
||||
func (e *InvalidRedirectUriException) ErrorMessage() string {
|
||||
if e.Message == nil {
|
||||
return ""
|
||||
}
|
||||
return *e.Message
|
||||
}
|
||||
func (e *InvalidRedirectUriException) ErrorCode() string {
|
||||
if e == nil || e.ErrorCodeOverride == nil {
|
||||
return "InvalidRedirectUriException"
|
||||
}
|
||||
return *e.ErrorCodeOverride
|
||||
}
|
||||
func (e *InvalidRedirectUriException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
|
||||
|
||||
// Indicates that something is wrong with the input to the request. For example, a
|
||||
// required parameter might be missing or out of range.
|
||||
type InvalidRequestException struct {
|
||||
|
98
vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
generated
vendored
98
vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
generated
vendored
@ -1,3 +1,101 @@
|
||||
# v1.30.3 (2024-07-10.2)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.30.2 (2024-07-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.30.1 (2024-06-28)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.30.0 (2024-06-26)
|
||||
|
||||
* **Feature**: Support list-of-string endpoint parameter.
|
||||
|
||||
# v1.29.1 (2024-06-19)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.29.0 (2024-06-18)
|
||||
|
||||
* **Feature**: Track usage of various AWS SDK features in user-agent string.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.28.13 (2024-06-17)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.28.12 (2024-06-07)
|
||||
|
||||
* **Bug Fix**: Add clock skew correction on all service clients
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.28.11 (2024-06-03)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.28.10 (2024-05-23)
|
||||
|
||||
* No change notes available for this release.
|
||||
|
||||
# v1.28.9 (2024-05-16)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.28.8 (2024-05-15)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.28.7 (2024-05-08)
|
||||
|
||||
* **Bug Fix**: GoDoc improvement
|
||||
|
||||
# v1.28.6 (2024-03-29)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.28.5 (2024-03-18)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.28.4 (2024-03-07)
|
||||
|
||||
* **Bug Fix**: Remove dependency on go-cmp.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.28.3 (2024-03-05)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.28.2 (2024-03-04)
|
||||
|
||||
* **Bug Fix**: Update internal/presigned-url dependency for corrected API name.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.28.1 (2024-02-23)
|
||||
|
||||
* **Bug Fix**: Move all common, SDK-side middleware stack ops into the service client module to prevent cross-module compatibility issues in the future.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.28.0 (2024-02-22)
|
||||
|
||||
* **Feature**: Add middleware stack snapshot tests.
|
||||
|
||||
# v1.27.2 (2024-02-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.27.1 (2024-02-20)
|
||||
|
||||
* **Bug Fix**: When sourcing values for a service's `EndpointParameters`, the lack of a configured region (i.e. `options.Region == ""`) will now translate to a `nil` value for `EndpointParameters.Region` instead of a pointer to the empty string `""`. This will result in a much more explicit error when calling an operation instead of an obscure hostname lookup failure.
|
||||
|
||||
# v1.27.0 (2024-02-13)
|
||||
|
||||
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.26.7 (2024-01-04)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
190
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
generated
vendored
190
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
generated
vendored
@ -15,15 +15,18 @@ import (
|
||||
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
|
||||
internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
|
||||
internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources"
|
||||
internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware"
|
||||
acceptencodingcust "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding"
|
||||
presignedurlcust "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url"
|
||||
smithy "github.com/aws/smithy-go"
|
||||
smithyauth "github.com/aws/smithy-go/auth"
|
||||
smithydocument "github.com/aws/smithy-go/document"
|
||||
"github.com/aws/smithy-go/logging"
|
||||
"github.com/aws/smithy-go/middleware"
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
"net"
|
||||
"net/http"
|
||||
"sync/atomic"
|
||||
"time"
|
||||
)
|
||||
|
||||
@ -34,6 +37,9 @@ const ServiceAPIVersion = "2011-06-15"
|
||||
// Service.
|
||||
type Client struct {
|
||||
options Options
|
||||
|
||||
// Difference between the time reported by the server and the client
|
||||
timeOffset *atomic.Int64
|
||||
}
|
||||
|
||||
// New returns an initialized Client based on the functional options. Provide
|
||||
@ -72,6 +78,8 @@ func New(options Options, optFns ...func(*Options)) *Client {
|
||||
options: options,
|
||||
}
|
||||
|
||||
initializeTimeOffsetResolver(client)
|
||||
|
||||
return client
|
||||
}
|
||||
|
||||
@ -233,15 +241,16 @@ func setResolvedDefaultsMode(o *Options) {
|
||||
// NewFromConfig returns a new client from the provided config.
|
||||
func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
|
||||
opts := Options{
|
||||
Region: cfg.Region,
|
||||
DefaultsMode: cfg.DefaultsMode,
|
||||
RuntimeEnvironment: cfg.RuntimeEnvironment,
|
||||
HTTPClient: cfg.HTTPClient,
|
||||
Credentials: cfg.Credentials,
|
||||
APIOptions: cfg.APIOptions,
|
||||
Logger: cfg.Logger,
|
||||
ClientLogMode: cfg.ClientLogMode,
|
||||
AppID: cfg.AppID,
|
||||
Region: cfg.Region,
|
||||
DefaultsMode: cfg.DefaultsMode,
|
||||
RuntimeEnvironment: cfg.RuntimeEnvironment,
|
||||
HTTPClient: cfg.HTTPClient,
|
||||
Credentials: cfg.Credentials,
|
||||
APIOptions: cfg.APIOptions,
|
||||
Logger: cfg.Logger,
|
||||
ClientLogMode: cfg.ClientLogMode,
|
||||
AppID: cfg.AppID,
|
||||
AccountIDEndpointMode: cfg.AccountIDEndpointMode,
|
||||
}
|
||||
resolveAWSRetryerProvider(cfg, &opts)
|
||||
resolveAWSRetryMaxAttempts(cfg, &opts)
|
||||
@ -365,17 +374,37 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
|
||||
}
|
||||
|
||||
func addClientUserAgent(stack *middleware.Stack, options Options) error {
|
||||
if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "sts", goModuleVersion)(stack); err != nil {
|
||||
ua, err := getOrAddRequestUserAgent(stack)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ua.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "sts", goModuleVersion)
|
||||
if len(options.AppID) > 0 {
|
||||
return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
|
||||
ua.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func getOrAddRequestUserAgent(stack *middleware.Stack) (*awsmiddleware.RequestUserAgent, error) {
|
||||
id := (*awsmiddleware.RequestUserAgent)(nil).ID()
|
||||
mw, ok := stack.Build.Get(id)
|
||||
if !ok {
|
||||
mw = awsmiddleware.NewRequestUserAgent()
|
||||
if err := stack.Build.Add(mw, middleware.After); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
ua, ok := mw.(*awsmiddleware.RequestUserAgent)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("%T for %s middleware did not match expected type", mw, id)
|
||||
}
|
||||
|
||||
return ua, nil
|
||||
}
|
||||
|
||||
type HTTPSignerV4 interface {
|
||||
SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
|
||||
}
|
||||
@ -394,12 +423,72 @@ func newDefaultV4Signer(o Options) *v4.Signer {
|
||||
})
|
||||
}
|
||||
|
||||
func addRetryMiddlewares(stack *middleware.Stack, o Options) error {
|
||||
mo := retry.AddRetryMiddlewaresOptions{
|
||||
Retryer: o.Retryer,
|
||||
LogRetryAttempts: o.ClientLogMode.IsRetries(),
|
||||
func addClientRequestID(stack *middleware.Stack) error {
|
||||
return stack.Build.Add(&awsmiddleware.ClientRequestID{}, middleware.After)
|
||||
}
|
||||
|
||||
func addComputeContentLength(stack *middleware.Stack) error {
|
||||
return stack.Build.Add(&smithyhttp.ComputeContentLength{}, middleware.After)
|
||||
}
|
||||
|
||||
func addRawResponseToMetadata(stack *middleware.Stack) error {
|
||||
return stack.Deserialize.Add(&awsmiddleware.AddRawResponse{}, middleware.Before)
|
||||
}
|
||||
|
||||
func addRecordResponseTiming(stack *middleware.Stack) error {
|
||||
return stack.Deserialize.Add(&awsmiddleware.RecordResponseTiming{}, middleware.After)
|
||||
}
|
||||
func addStreamingEventsPayload(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Add(&v4.StreamingEventsPayload{}, middleware.Before)
|
||||
}
|
||||
|
||||
func addUnsignedPayload(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Insert(&v4.UnsignedPayload{}, "ResolveEndpointV2", middleware.After)
|
||||
}
|
||||
|
||||
func addComputePayloadSHA256(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Insert(&v4.ComputePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
|
||||
}
|
||||
|
||||
func addContentSHA256Header(stack *middleware.Stack) error {
|
||||
return stack.Finalize.Insert(&v4.ContentSHA256Header{}, (*v4.ComputePayloadSHA256)(nil).ID(), middleware.After)
|
||||
}
|
||||
|
||||
func addIsWaiterUserAgent(o *Options) {
|
||||
o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
|
||||
ua, err := getOrAddRequestUserAgent(stack)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureWaiter)
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
func addIsPaginatorUserAgent(o *Options) {
|
||||
o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
|
||||
ua, err := getOrAddRequestUserAgent(stack)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeaturePaginator)
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
func addRetry(stack *middleware.Stack, o Options) error {
|
||||
attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) {
|
||||
m.LogAttempts = o.ClientLogMode.IsRetries()
|
||||
})
|
||||
if err := stack.Finalize.Insert(attempt, "Signing", middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
return retry.AddRetryMiddlewares(stack, mo)
|
||||
if err := stack.Finalize.Insert(&retry.MetricsHeader{}, attempt.ID(), middleware.After); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// resolves dual-stack endpoint configuration
|
||||
@ -432,12 +521,75 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string {
|
||||
if mode == aws.AccountIDEndpointModeDisabled {
|
||||
return nil
|
||||
}
|
||||
|
||||
if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" {
|
||||
return aws.String(ca.Credentials.AccountID)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error {
|
||||
mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset}
|
||||
if err := stack.Build.Add(&mw, middleware.After); err != nil {
|
||||
return err
|
||||
}
|
||||
return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before)
|
||||
}
|
||||
func initializeTimeOffsetResolver(c *Client) {
|
||||
c.timeOffset = new(atomic.Int64)
|
||||
}
|
||||
|
||||
func checkAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) error {
|
||||
switch mode {
|
||||
case aws.AccountIDEndpointModeUnset:
|
||||
case aws.AccountIDEndpointModePreferred:
|
||||
case aws.AccountIDEndpointModeDisabled:
|
||||
case aws.AccountIDEndpointModeRequired:
|
||||
if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); !ok {
|
||||
return fmt.Errorf("accountID is required but not set")
|
||||
} else if ca.Credentials.AccountID == "" {
|
||||
return fmt.Errorf("accountID is required but not set")
|
||||
}
|
||||
// default check in case invalid mode is configured through request config
|
||||
default:
|
||||
return fmt.Errorf("invalid accountID endpoint mode %s, must be preferred/required/disabled", mode)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func addUserAgentRetryMode(stack *middleware.Stack, options Options) error {
|
||||
ua, err := getOrAddRequestUserAgent(stack)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
switch options.Retryer.(type) {
|
||||
case *retry.Standard:
|
||||
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeStandard)
|
||||
case *retry.AdaptiveMode:
|
||||
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeAdaptive)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func addRecursionDetection(stack *middleware.Stack) error {
|
||||
return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After)
|
||||
}
|
||||
|
||||
func addRequestIDRetrieverMiddleware(stack *middleware.Stack) error {
|
||||
return awsmiddleware.AddRequestIDRetrieverMiddleware(stack)
|
||||
return stack.Deserialize.Insert(&awsmiddleware.RequestIDRetriever{}, "OperationDeserializer", middleware.Before)
|
||||
|
||||
}
|
||||
|
||||
func addResponseErrorMiddleware(stack *middleware.Stack) error {
|
||||
return awshttp.AddResponseErrorMiddleware(stack)
|
||||
return stack.Deserialize.Insert(&awshttp.ResponseErrorWrapper{}, "RequestIDRetriever", middleware.Before)
|
||||
|
||||
}
|
||||
|
||||
// HTTPPresignerV4 represents presigner interface used by presign url client
|
||||
@ -581,7 +733,7 @@ func (c presignConverter) convertToPresignMiddleware(stack *middleware.Stack, op
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = presignedurlcust.AddAsIsPresigingMiddleware(stack)
|
||||
err = presignedurlcust.AddAsIsPresigningMiddleware(stack)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
471
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go
generated
vendored
471
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go
generated
vendored
@ -16,69 +16,99 @@ import (
|
||||
// Amazon Web Services resources. These temporary credentials consist of an access
|
||||
// key ID, a secret access key, and a security token. Typically, you use AssumeRole
|
||||
// within your account or for cross-account access. For a comparison of AssumeRole
|
||||
// with other API operations that produce temporary credentials, see Requesting
|
||||
// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// in the IAM User Guide. Permissions The temporary security credentials created by
|
||||
// AssumeRole can be used to make API calls to any Amazon Web Services service
|
||||
// with the following exception: You cannot call the Amazon Web Services STS
|
||||
// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
|
||||
// inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// to this operation. You can pass a single JSON policy document to use as an
|
||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
||||
// use for both inline and managed session policies can't exceed 2,048 characters.
|
||||
// Passing policies to this operation returns new temporary credentials. The
|
||||
// resulting session's permissions are the intersection of the role's
|
||||
// identity-based policy and the session policies. You can use the role's temporary
|
||||
// credentials in subsequent Amazon Web Services API calls to access resources in
|
||||
// the account that owns the role. You cannot use session policies to grant more
|
||||
// permissions than those allowed by the identity-based policy of the role that is
|
||||
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. When you create a role, you create two policies: a role
|
||||
// trust policy that specifies who can assume the role, and a permissions policy
|
||||
// that specifies what can be done with the role. You specify the trusted principal
|
||||
// that is allowed to assume the role in the role trust policy. To assume a role
|
||||
// from a different account, your Amazon Web Services account must be trusted by
|
||||
// the role. The trust relationship is defined in the role's trust policy when the
|
||||
// role is created. That trust policy states which accounts are allowed to delegate
|
||||
// that access to users in the account. A user who wants to access a role in a
|
||||
// different account must also have permissions that are delegated from the account
|
||||
// administrator. The administrator must attach a policy that allows the user to
|
||||
// call AssumeRole for the ARN of the role in the other account. To allow a user
|
||||
// to assume a role in the same account, you can do either of the following:
|
||||
// with other API operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the
|
||||
// IAM User Guide.
|
||||
//
|
||||
// # Permissions
|
||||
//
|
||||
// The temporary security credentials created by AssumeRole can be used to make
|
||||
// API calls to any Amazon Web Services service with the following exception: You
|
||||
// cannot call the Amazon Web Services STS GetFederationToken or GetSessionToken
|
||||
// API operations.
|
||||
//
|
||||
// (Optional) You can pass inline or managed [session policies] to this operation. You can pass a
|
||||
// single JSON policy document to use as an inline session policy. You can also
|
||||
// specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
|
||||
// session policies. The plaintext that you use for both inline and managed session
|
||||
// policies can't exceed 2,048 characters. Passing policies to this operation
|
||||
// returns new temporary credentials. The resulting session's permissions are the
|
||||
// intersection of the role's identity-based policy and the session policies. You
|
||||
// can use the role's temporary credentials in subsequent Amazon Web Services API
|
||||
// calls to access resources in the account that owns the role. You cannot use
|
||||
// session policies to grant more permissions than those allowed by the
|
||||
// identity-based policy of the role that is being assumed. For more information,
|
||||
// see [Session Policies]in the IAM User Guide.
|
||||
//
|
||||
// When you create a role, you create two policies: a role trust policy that
|
||||
// specifies who can assume the role, and a permissions policy that specifies what
|
||||
// can be done with the role. You specify the trusted principal that is allowed to
|
||||
// assume the role in the role trust policy.
|
||||
//
|
||||
// To assume a role from a different account, your Amazon Web Services account
|
||||
// must be trusted by the role. The trust relationship is defined in the role's
|
||||
// trust policy when the role is created. That trust policy states which accounts
|
||||
// are allowed to delegate that access to users in the account.
|
||||
//
|
||||
// A user who wants to access a role in a different account must also have
|
||||
// permissions that are delegated from the account administrator. The administrator
|
||||
// must attach a policy that allows the user to call AssumeRole for the ARN of the
|
||||
// role in the other account.
|
||||
//
|
||||
// To allow a user to assume a role in the same account, you can do either of the
|
||||
// following:
|
||||
//
|
||||
// - Attach a policy to the user that allows the user to call AssumeRole (as long
|
||||
// as the role's trust policy trusts the account).
|
||||
//
|
||||
// - Add the user as a principal directly in the role's trust policy.
|
||||
//
|
||||
// You can do either because the role’s trust policy acts as an IAM resource-based
|
||||
// policy. When a resource-based policy grants access to a principal in the same
|
||||
// account, no additional identity-based policy is required. For more information
|
||||
// about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
|
||||
// in the IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your
|
||||
// session. These tags are called session tags. For more information about session
|
||||
// tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
||||
// in the IAM User Guide. An administrator must grant you the permissions necessary
|
||||
// to pass session tags. The administrator can also create granular permissions to
|
||||
// allow you to pass only specific session tags. For more information, see
|
||||
// Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
||||
// in the IAM User Guide. You can set the session tags as transitive. Transitive
|
||||
// tags persist during role chaining. For more information, see Chaining Roles
|
||||
// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
||||
// in the IAM User Guide. Using MFA with AssumeRole (Optional) You can include
|
||||
// multi-factor authentication (MFA) information when you call AssumeRole . This is
|
||||
// useful for cross-account scenarios to ensure that the user that assumes the role
|
||||
// has been authenticated with an Amazon Web Services MFA device. In that scenario,
|
||||
// the trust policy of the role being assumed includes a condition that tests for
|
||||
// MFA authentication. If the caller does not include valid MFA information, the
|
||||
// request to assume the role is denied. The condition in a trust policy that tests
|
||||
// for MFA authentication might look like the following example. "Condition":
|
||||
// {"Bool": {"aws:MultiFactorAuthPresent": true}} For more information, see
|
||||
// Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html)
|
||||
// in the IAM User Guide guide. To use MFA with AssumeRole , you pass values for
|
||||
// the SerialNumber and TokenCode parameters. The SerialNumber value identifies
|
||||
// the user's hardware or virtual MFA device. The TokenCode is the time-based
|
||||
// one-time password (TOTP) that the MFA device produces.
|
||||
// about trust policies and resource-based policies, see [IAM Policies]in the IAM User Guide.
|
||||
//
|
||||
// # Tags
|
||||
//
|
||||
// (Optional) You can pass tag key-value pairs to your session. These tags are
|
||||
// called session tags. For more information about session tags, see [Passing Session Tags in STS]in the IAM
|
||||
// User Guide.
|
||||
//
|
||||
// An administrator must grant you the permissions necessary to pass session tags.
|
||||
// The administrator can also create granular permissions to allow you to pass only
|
||||
// specific session tags. For more information, see [Tutorial: Using Tags for Attribute-Based Access Control]in the IAM User Guide.
|
||||
//
|
||||
// You can set the session tags as transitive. Transitive tags persist during role
|
||||
// chaining. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide.
|
||||
//
|
||||
// # Using MFA with AssumeRole
|
||||
//
|
||||
// (Optional) You can include multi-factor authentication (MFA) information when
|
||||
// you call AssumeRole . This is useful for cross-account scenarios to ensure that
|
||||
// the user that assumes the role has been authenticated with an Amazon Web
|
||||
// Services MFA device. In that scenario, the trust policy of the role being
|
||||
// assumed includes a condition that tests for MFA authentication. If the caller
|
||||
// does not include valid MFA information, the request to assume the role is
|
||||
// denied. The condition in a trust policy that tests for MFA authentication might
|
||||
// look like the following example.
|
||||
//
|
||||
// "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}}
|
||||
//
|
||||
// For more information, see [Configuring MFA-Protected API Access] in the IAM User Guide guide.
|
||||
//
|
||||
// To use MFA with AssumeRole , you pass values for the SerialNumber and TokenCode
|
||||
// parameters. The SerialNumber value identifies the user's hardware or virtual
|
||||
// MFA device. The TokenCode is the time-based one-time password (TOTP) that the
|
||||
// MFA device produces.
|
||||
//
|
||||
// [Configuring MFA-Protected API Access]: https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html
|
||||
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
||||
// [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
|
||||
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
||||
// [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
// [IAM Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
|
||||
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
||||
// [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
|
||||
func (c *Client) AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error) {
|
||||
if params == nil {
|
||||
params = &AssumeRoleInput{}
|
||||
@ -101,17 +131,19 @@ type AssumeRoleInput struct {
|
||||
// This member is required.
|
||||
RoleArn *string
|
||||
|
||||
// An identifier for the assumed role session. Use the role session name to
|
||||
// uniquely identify a session when the same role is assumed by different
|
||||
// principals or for different reasons. In cross-account scenarios, the role
|
||||
// session name is visible to, and can be logged by the account that owns the role.
|
||||
// The role session name is also used in the ARN of the assumed role principal.
|
||||
// This means that subsequent cross-account API requests that use the temporary
|
||||
// security credentials will expose the role session name to the external account
|
||||
// in their CloudTrail logs. The regex used to validate this parameter is a string
|
||||
// of characters consisting of upper- and lower-case alphanumeric characters with
|
||||
// no spaces. You can also include underscores or any of the following characters:
|
||||
// =,.@-
|
||||
// An identifier for the assumed role session.
|
||||
//
|
||||
// Use the role session name to uniquely identify a session when the same role is
|
||||
// assumed by different principals or for different reasons. In cross-account
|
||||
// scenarios, the role session name is visible to, and can be logged by the account
|
||||
// that owns the role. The role session name is also used in the ARN of the assumed
|
||||
// role principal. This means that subsequent cross-account API requests that use
|
||||
// the temporary security credentials will expose the role session name to the
|
||||
// external account in their CloudTrail logs.
|
||||
//
|
||||
// The regex used to validate this parameter is a string of characters consisting
|
||||
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||
// include underscores or any of the following characters: =,.@-
|
||||
//
|
||||
// This member is required.
|
||||
RoleSessionName *string
|
||||
@ -122,23 +154,27 @@ type AssumeRoleInput struct {
|
||||
// hours. If you specify a value higher than this setting or the administrator
|
||||
// setting (whichever is lower), the operation fails. For example, if you specify a
|
||||
// session duration of 12 hours, but your administrator set the maximum session
|
||||
// duration to 6 hours, your operation fails. Role chaining limits your Amazon Web
|
||||
// Services CLI or Amazon Web Services API role session to a maximum of one hour.
|
||||
// When you use the AssumeRole API operation to assume a role, you can specify the
|
||||
// duration of your role session with the DurationSeconds parameter. You can
|
||||
// specify a parameter value of up to 43200 seconds (12 hours), depending on the
|
||||
// maximum session duration setting for your role. However, if you assume a role
|
||||
// using role chaining and provide a DurationSeconds parameter value greater than
|
||||
// one hour, the operation fails. To learn how to view the maximum value for your
|
||||
// role, see View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// in the IAM User Guide. By default, the value is set to 3600 seconds. The
|
||||
// DurationSeconds parameter is separate from the duration of a console session
|
||||
// that you might request using the returned credentials. The request to the
|
||||
// federation endpoint for a console sign-in token takes a SessionDuration
|
||||
// duration to 6 hours, your operation fails.
|
||||
//
|
||||
// Role chaining limits your Amazon Web Services CLI or Amazon Web Services API
|
||||
// role session to a maximum of one hour. When you use the AssumeRole API
|
||||
// operation to assume a role, you can specify the duration of your role session
|
||||
// with the DurationSeconds parameter. You can specify a parameter value of up to
|
||||
// 43200 seconds (12 hours), depending on the maximum session duration setting for
|
||||
// your role. However, if you assume a role using role chaining and provide a
|
||||
// DurationSeconds parameter value greater than one hour, the operation fails. To
|
||||
// learn how to view the maximum value for your role, see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide.
|
||||
//
|
||||
// By default, the value is set to 3600 seconds.
|
||||
//
|
||||
// The DurationSeconds parameter is separate from the duration of a console
|
||||
// session that you might request using the returned credentials. The request to
|
||||
// the federation endpoint for a console sign-in token takes a SessionDuration
|
||||
// parameter that specifies the maximum length of the console session. For more
|
||||
// information, see Creating a URL that Enables Federated Users to Access the
|
||||
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
|
||||
// in the IAM User Guide.
|
||||
// information, see [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]in the IAM User Guide.
|
||||
//
|
||||
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
||||
// [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
|
||||
DurationSeconds *int32
|
||||
|
||||
// A unique identifier that might be required when you assume a role in another
|
||||
@ -149,63 +185,79 @@ type AssumeRoleInput struct {
|
||||
// the administrator of the trusting account might send an external ID to the
|
||||
// administrator of the trusted account. That way, only someone with the ID can
|
||||
// assume the role, rather than everyone in the account. For more information about
|
||||
// the external ID, see How to Use an External ID When Granting Access to Your
|
||||
// Amazon Web Services Resources to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
|
||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
||||
// spaces. You can also include underscores or any of the following characters:
|
||||
// =,.@:/-
|
||||
// the external ID, see [How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party]in the IAM User Guide.
|
||||
//
|
||||
// The regex used to validate this parameter is a string of characters consisting
|
||||
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||
// include underscores or any of the following characters: =,.@:/-
|
||||
//
|
||||
// [How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
|
||||
ExternalId *string
|
||||
|
||||
// An IAM policy in JSON format that you want to use as an inline session policy.
|
||||
//
|
||||
// This parameter is optional. Passing policies to this operation returns new
|
||||
// temporary credentials. The resulting session's permissions are the intersection
|
||||
// of the role's identity-based policy and the session policies. You can use the
|
||||
// role's temporary credentials in subsequent Amazon Web Services API calls to
|
||||
// access resources in the account that owns the role. You cannot use session
|
||||
// policies to grant more permissions than those allowed by the identity-based
|
||||
// policy of the role that is being assumed. For more information, see Session
|
||||
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. The plaintext that you use for both inline and managed
|
||||
// session policies can't exceed 2,048 characters. The JSON policy characters can
|
||||
// be any ASCII character from the space character to the end of the valid
|
||||
// character list (\u0020 through \u00FF). It can also include the tab (\u0009),
|
||||
// linefeed (\u000A), and carriage return (\u000D) characters. An Amazon Web
|
||||
// Services conversion compresses the passed inline session policy, managed policy
|
||||
// ARNs, and session tags into a packed binary format that has a separate limit.
|
||||
// Your request can fail for this limit even if your plaintext meets the other
|
||||
// requirements. The PackedPolicySize response element indicates by percentage how
|
||||
// close the policies and tags for your request are to the upper size limit.
|
||||
// policy of the role that is being assumed. For more information, see [Session Policies]in the IAM
|
||||
// User Guide.
|
||||
//
|
||||
// The plaintext that you use for both inline and managed session policies can't
|
||||
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
|
||||
// from the space character to the end of the valid character list (\u0020 through
|
||||
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
|
||||
// return (\u000D) characters.
|
||||
//
|
||||
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||
// separate limit. Your request can fail for this limit even if your plaintext
|
||||
// meets the other requirements. The PackedPolicySize response element indicates
|
||||
// by percentage how close the policies and tags for your request are to the upper
|
||||
// size limit.
|
||||
//
|
||||
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
Policy *string
|
||||
|
||||
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
|
||||
// use as managed session policies. The policies must exist in the same account as
|
||||
// the role. This parameter is optional. You can provide up to 10 managed policy
|
||||
// ARNs. However, the plaintext that you use for both inline and managed session
|
||||
// policies can't exceed 2,048 characters. For more information about ARNs, see
|
||||
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
||||
// in the Amazon Web Services General Reference. An Amazon Web Services conversion
|
||||
// compresses the passed inline session policy, managed policy ARNs, and session
|
||||
// tags into a packed binary format that has a separate limit. Your request can
|
||||
// fail for this limit even if your plaintext meets the other requirements. The
|
||||
// PackedPolicySize response element indicates by percentage how close the policies
|
||||
// and tags for your request are to the upper size limit. Passing policies to this
|
||||
// operation returns new temporary credentials. The resulting session's permissions
|
||||
// are the intersection of the role's identity-based policy and the session
|
||||
// policies. You can use the role's temporary credentials in subsequent Amazon Web
|
||||
// Services API calls to access resources in the account that owns the role. You
|
||||
// cannot use session policies to grant more permissions than those allowed by the
|
||||
// identity-based policy of the role that is being assumed. For more information,
|
||||
// see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide.
|
||||
// the role.
|
||||
//
|
||||
// This parameter is optional. You can provide up to 10 managed policy ARNs.
|
||||
// However, the plaintext that you use for both inline and managed session policies
|
||||
// can't exceed 2,048 characters. For more information about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]in the
|
||||
// Amazon Web Services General Reference.
|
||||
//
|
||||
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||
// separate limit. Your request can fail for this limit even if your plaintext
|
||||
// meets the other requirements. The PackedPolicySize response element indicates
|
||||
// by percentage how close the policies and tags for your request are to the upper
|
||||
// size limit.
|
||||
//
|
||||
// Passing policies to this operation returns new temporary credentials. The
|
||||
// resulting session's permissions are the intersection of the role's
|
||||
// identity-based policy and the session policies. You can use the role's temporary
|
||||
// credentials in subsequent Amazon Web Services API calls to access resources in
|
||||
// the account that owns the role. You cannot use session policies to grant more
|
||||
// permissions than those allowed by the identity-based policy of the role that is
|
||||
// being assumed. For more information, see [Session Policies]in the IAM User Guide.
|
||||
//
|
||||
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
// [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
||||
PolicyArns []types.PolicyDescriptorType
|
||||
|
||||
// A list of previously acquired trusted context assertions in the format of a
|
||||
// JSON array. The trusted context assertion is signed and encrypted by Amazon Web
|
||||
// Services STS. The following is an example of a ProvidedContext value that
|
||||
// includes a single trusted context assertion and the ARN of the context provider
|
||||
// from which the trusted context assertion was generated.
|
||||
// [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
|
||||
// Services STS.
|
||||
//
|
||||
// The following is an example of a ProvidedContext value that includes a single
|
||||
// trusted context assertion and the ARN of the context provider from which the
|
||||
// trusted context assertion was generated.
|
||||
//
|
||||
// [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
|
||||
ProvidedContexts []types.ProvidedContext
|
||||
|
||||
// The identification number of the MFA device that is associated with the user
|
||||
@ -213,79 +265,97 @@ type AssumeRoleInput struct {
|
||||
// the role being assumed includes a condition that requires MFA authentication.
|
||||
// The value is either the serial number for a hardware device (such as
|
||||
// GAHT12345678 ) or an Amazon Resource Name (ARN) for a virtual device (such as
|
||||
// arn:aws:iam::123456789012:mfa/user ). The regex used to validate this parameter
|
||||
// is a string of characters consisting of upper- and lower-case alphanumeric
|
||||
// characters with no spaces. You can also include underscores or any of the
|
||||
// following characters: =,.@-
|
||||
// arn:aws:iam::123456789012:mfa/user ).
|
||||
//
|
||||
// The regex used to validate this parameter is a string of characters consisting
|
||||
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||
// include underscores or any of the following characters: =,.@-
|
||||
SerialNumber *string
|
||||
|
||||
// The source identity specified by the principal that is calling the AssumeRole
|
||||
// operation. You can require users to specify a source identity when they assume a
|
||||
// role. You do this by using the sts:SourceIdentity condition key in a role trust
|
||||
// policy. You can use source identity information in CloudTrail logs to determine
|
||||
// who took actions with a role. You can use the aws:SourceIdentity condition key
|
||||
// to further control access to Amazon Web Services resources based on the value of
|
||||
// source identity. For more information about using source identity, see Monitor
|
||||
// and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
||||
// spaces. You can also include underscores or any of the following characters:
|
||||
// =,.@-. You cannot use a value that begins with the text aws: . This prefix is
|
||||
// reserved for Amazon Web Services internal use.
|
||||
// operation.
|
||||
//
|
||||
// You can require users to specify a source identity when they assume a role. You
|
||||
// do this by using the sts:SourceIdentity condition key in a role trust policy.
|
||||
// You can use source identity information in CloudTrail logs to determine who took
|
||||
// actions with a role. You can use the aws:SourceIdentity condition key to
|
||||
// further control access to Amazon Web Services resources based on the value of
|
||||
// source identity. For more information about using source identity, see [Monitor and control actions taken with assumed roles]in the
|
||||
// IAM User Guide.
|
||||
//
|
||||
// The regex used to validate this parameter is a string of characters consisting
|
||||
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||
// include underscores or any of the following characters: =,.@-. You cannot use a
|
||||
// value that begins with the text aws: . This prefix is reserved for Amazon Web
|
||||
// Services internal use.
|
||||
//
|
||||
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
|
||||
SourceIdentity *string
|
||||
|
||||
// A list of session tags that you want to pass. Each session tag consists of a
|
||||
// key name and an associated value. For more information about session tags, see
|
||||
// Tagging Amazon Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
||||
// in the IAM User Guide. This parameter is optional. You can pass up to 50 session
|
||||
// tags. The plaintext session tag keys can’t exceed 128 characters, and the values
|
||||
// can’t exceed 256 characters. For these and additional limits, see IAM and STS
|
||||
// Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
|
||||
// inline session policy, managed policy ARNs, and session tags into a packed
|
||||
// binary format that has a separate limit. Your request can fail for this limit
|
||||
// even if your plaintext meets the other requirements. The PackedPolicySize
|
||||
// response element indicates by percentage how close the policies and tags for
|
||||
// your request are to the upper size limit. You can pass a session tag with the
|
||||
// same key as a tag that is already attached to the role. When you do, session
|
||||
// tags override a role tag with the same key. Tag key–value pairs are not case
|
||||
// sensitive, but case is preserved. This means that you cannot have separate
|
||||
// Department and department tag keys. Assume that the role has the Department =
|
||||
// Marketing tag and you pass the department = engineering session tag. Department
|
||||
// and department are not saved as separate tags, and the session tag passed in
|
||||
// the request takes precedence over the role tag. Additionally, if you used
|
||||
// temporary credentials to perform this operation, the new session inherits any
|
||||
// transitive session tags from the calling session. If you pass a session tag with
|
||||
// the same key as an inherited tag, the operation fails. To view the inherited
|
||||
// tags for a session, see the CloudTrail logs. For more information, see Viewing
|
||||
// Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs)
|
||||
// key name and an associated value. For more information about session tags, see [Tagging Amazon Web Services STS Sessions]
|
||||
// in the IAM User Guide.
|
||||
//
|
||||
// This parameter is optional. You can pass up to 50 session tags. The plaintext
|
||||
// session tag keys can’t exceed 128 characters, and the values can’t exceed 256
|
||||
// characters. For these and additional limits, see [IAM and STS Character Limits]in the IAM User Guide.
|
||||
//
|
||||
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||
// separate limit. Your request can fail for this limit even if your plaintext
|
||||
// meets the other requirements. The PackedPolicySize response element indicates
|
||||
// by percentage how close the policies and tags for your request are to the upper
|
||||
// size limit.
|
||||
//
|
||||
// You can pass a session tag with the same key as a tag that is already attached
|
||||
// to the role. When you do, session tags override a role tag with the same key.
|
||||
//
|
||||
// Tag key–value pairs are not case sensitive, but case is preserved. This means
|
||||
// that you cannot have separate Department and department tag keys. Assume that
|
||||
// the role has the Department = Marketing tag and you pass the department =
|
||||
// engineering session tag. Department and department are not saved as separate
|
||||
// tags, and the session tag passed in the request takes precedence over the role
|
||||
// tag.
|
||||
//
|
||||
// Additionally, if you used temporary credentials to perform this operation, the
|
||||
// new session inherits any transitive session tags from the calling session. If
|
||||
// you pass a session tag with the same key as an inherited tag, the operation
|
||||
// fails. To view the inherited tags for a session, see the CloudTrail logs. For
|
||||
// more information, see [Viewing Session Tags in CloudTrail]in the IAM User Guide.
|
||||
//
|
||||
// [Tagging Amazon Web Services STS Sessions]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
||||
// [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
||||
// [Viewing Session Tags in CloudTrail]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs
|
||||
Tags []types.Tag
|
||||
|
||||
// The value provided by the MFA device, if the trust policy of the role being
|
||||
// assumed requires MFA. (In other words, if the policy includes a condition that
|
||||
// tests for MFA). If the role being assumed requires MFA and if the TokenCode
|
||||
// value is missing or expired, the AssumeRole call returns an "access denied"
|
||||
// error. The format for this parameter, as described by its regex pattern, is a
|
||||
// sequence of six numeric digits.
|
||||
// error.
|
||||
//
|
||||
// The format for this parameter, as described by its regex pattern, is a sequence
|
||||
// of six numeric digits.
|
||||
TokenCode *string
|
||||
|
||||
// A list of keys for session tags that you want to set as transitive. If you set
|
||||
// a tag key as transitive, the corresponding key and value passes to subsequent
|
||||
// sessions in a role chain. For more information, see Chaining Roles with Session
|
||||
// Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
||||
// in the IAM User Guide. This parameter is optional. When you set session tags as
|
||||
// transitive, the session policy and session tags packed binary limit is not
|
||||
// affected. If you choose not to specify a transitive tag key, then no tags are
|
||||
// passed from this session to any subsequent sessions.
|
||||
// sessions in a role chain. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide.
|
||||
//
|
||||
// This parameter is optional. When you set session tags as transitive, the
|
||||
// session policy and session tags packed binary limit is not affected.
|
||||
//
|
||||
// If you choose not to specify a transitive tag key, then no tags are passed from
|
||||
// this session to any subsequent sessions.
|
||||
//
|
||||
// [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
|
||||
TransitiveTagKeys []string
|
||||
|
||||
noSmithyDocumentSerde
|
||||
}
|
||||
|
||||
// Contains the response to a successful AssumeRole request, including temporary
|
||||
// Amazon Web Services credentials that can be used to make Amazon Web Services
|
||||
// requests.
|
||||
// Contains the response to a successful AssumeRole request, including temporary Amazon Web
|
||||
// Services credentials that can be used to make Amazon Web Services requests.
|
||||
type AssumeRoleOutput struct {
|
||||
|
||||
// The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers
|
||||
@ -296,9 +366,10 @@ type AssumeRoleOutput struct {
|
||||
AssumedRoleUser *types.AssumedRoleUser
|
||||
|
||||
// The temporary security credentials, which include an access key ID, a secret
|
||||
// access key, and a security (or session) token. The size of the security token
|
||||
// that STS API operations return is not fixed. We strongly recommend that you make
|
||||
// no assumptions about the maximum size.
|
||||
// access key, and a security (or session) token.
|
||||
//
|
||||
// The size of the security token that STS API operations return is not fixed. We
|
||||
// strongly recommend that you make no assumptions about the maximum size.
|
||||
Credentials *types.Credentials
|
||||
|
||||
// A percentage value that indicates the packed size of the session policies and
|
||||
@ -308,17 +379,21 @@ type AssumeRoleOutput struct {
|
||||
PackedPolicySize *int32
|
||||
|
||||
// The source identity specified by the principal that is calling the AssumeRole
|
||||
// operation. You can require users to specify a source identity when they assume a
|
||||
// role. You do this by using the sts:SourceIdentity condition key in a role trust
|
||||
// policy. You can use source identity information in CloudTrail logs to determine
|
||||
// who took actions with a role. You can use the aws:SourceIdentity condition key
|
||||
// to further control access to Amazon Web Services resources based on the value of
|
||||
// source identity. For more information about using source identity, see Monitor
|
||||
// and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
||||
// spaces. You can also include underscores or any of the following characters:
|
||||
// =,.@-
|
||||
// operation.
|
||||
//
|
||||
// You can require users to specify a source identity when they assume a role. You
|
||||
// do this by using the sts:SourceIdentity condition key in a role trust policy.
|
||||
// You can use source identity information in CloudTrail logs to determine who took
|
||||
// actions with a role. You can use the aws:SourceIdentity condition key to
|
||||
// further control access to Amazon Web Services resources based on the value of
|
||||
// source identity. For more information about using source identity, see [Monitor and control actions taken with assumed roles]in the
|
||||
// IAM User Guide.
|
||||
//
|
||||
// The regex used to validate this parameter is a string of characters consisting
|
||||
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||
// include underscores or any of the following characters: =,.@-
|
||||
//
|
||||
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
|
||||
SourceIdentity *string
|
||||
|
||||
// Metadata pertaining to the operation's result.
|
||||
@ -349,25 +424,25 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
|
||||
if err = addComputePayloadSHA256(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -382,13 +457,19 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addOpAssumeRoleValidationMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRole(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
|
385
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go
generated
vendored
385
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go
generated
vendored
@ -16,92 +16,132 @@ import (
|
||||
// mechanism for tying an enterprise identity store or directory to role-based
|
||||
// Amazon Web Services access without user-specific credentials or configuration.
|
||||
// For a comparison of AssumeRoleWithSAML with the other API operations that
|
||||
// produce temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// in the IAM User Guide. The temporary security credentials returned by this
|
||||
// operation consist of an access key ID, a secret access key, and a security
|
||||
// token. Applications can use these temporary security credentials to sign calls
|
||||
// to Amazon Web Services services. Session Duration By default, the temporary
|
||||
// security credentials created by AssumeRoleWithSAML last for one hour. However,
|
||||
// you can use the optional DurationSeconds parameter to specify the duration of
|
||||
// your session. Your role session lasts for the duration that you specify, or
|
||||
// until the time specified in the SAML authentication response's
|
||||
// SessionNotOnOrAfter value, whichever is shorter. You can provide a
|
||||
// DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
|
||||
// duration setting for the role. This setting can have a value from 1 hour to 12
|
||||
// hours. To learn how to view the maximum value for your role, see View the
|
||||
// Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// in the IAM User Guide. The maximum session duration limit applies when you use
|
||||
// the AssumeRole* API operations or the assume-role* CLI commands. However the
|
||||
// limit does not apply when you use those operations to create a console URL. For
|
||||
// more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
|
||||
// in the IAM User Guide. Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
|
||||
// limits your CLI or Amazon Web Services API role session to a maximum of one
|
||||
// produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide.
|
||||
//
|
||||
// The temporary security credentials returned by this operation consist of an
|
||||
// access key ID, a secret access key, and a security token. Applications can use
|
||||
// these temporary security credentials to sign calls to Amazon Web Services
|
||||
// services.
|
||||
//
|
||||
// # Session Duration
|
||||
//
|
||||
// By default, the temporary security credentials created by AssumeRoleWithSAML
|
||||
// last for one hour. However, you can use the optional DurationSeconds parameter
|
||||
// to specify the duration of your session. Your role session lasts for the
|
||||
// duration that you specify, or until the time specified in the SAML
|
||||
// authentication response's SessionNotOnOrAfter value, whichever is shorter. You
|
||||
// can provide a DurationSeconds value from 900 seconds (15 minutes) up to the
|
||||
// maximum session duration setting for the role. This setting can have a value
|
||||
// from 1 hour to 12 hours. To learn how to view the maximum value for your role,
|
||||
// see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide. The maximum session duration limit applies when you
|
||||
// use the AssumeRole* API operations or the assume-role* CLI commands. However
|
||||
// the limit does not apply when you use those operations to create a console URL.
|
||||
// For more information, see [Using IAM Roles]in the IAM User Guide.
|
||||
//
|
||||
// [Role chaining]limits your CLI or Amazon Web Services API role session to a maximum of one
|
||||
// hour. When you use the AssumeRole API operation to assume a role, you can
|
||||
// specify the duration of your role session with the DurationSeconds parameter.
|
||||
// You can specify a parameter value of up to 43200 seconds (12 hours), depending
|
||||
// on the maximum session duration setting for your role. However, if you assume a
|
||||
// role using role chaining and provide a DurationSeconds parameter value greater
|
||||
// than one hour, the operation fails. Permissions The temporary security
|
||||
// credentials created by AssumeRoleWithSAML can be used to make API calls to any
|
||||
// Amazon Web Services service with the following exception: you cannot call the
|
||||
// STS GetFederationToken or GetSessionToken API operations. (Optional) You can
|
||||
// pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// to this operation. You can pass a single JSON policy document to use as an
|
||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
||||
// use for both inline and managed session policies can't exceed 2,048 characters.
|
||||
// Passing policies to this operation returns new temporary credentials. The
|
||||
// resulting session's permissions are the intersection of the role's
|
||||
// identity-based policy and the session policies. You can use the role's temporary
|
||||
// credentials in subsequent Amazon Web Services API calls to access resources in
|
||||
// the account that owns the role. You cannot use session policies to grant more
|
||||
// permissions than those allowed by the identity-based policy of the role that is
|
||||
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. Calling AssumeRoleWithSAML does not require the use of
|
||||
// Amazon Web Services security credentials. The identity of the caller is
|
||||
// validated by using keys in the metadata document that is uploaded for the SAML
|
||||
// provider entity for your identity provider. Calling AssumeRoleWithSAML can
|
||||
// result in an entry in your CloudTrail logs. The entry includes the value in the
|
||||
// NameID element of the SAML assertion. We recommend that you use a NameIDType
|
||||
// that is not associated with any personally identifiable information (PII). For
|
||||
// example, you could instead use the persistent identifier (
|
||||
// urn:oasis:names:tc:SAML:2.0:nameid-format:persistent ). Tags (Optional) You can
|
||||
// configure your IdP to pass attributes into your SAML assertion as session tags.
|
||||
// Each session tag consists of a key name and an associated value. For more
|
||||
// information about session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
||||
// in the IAM User Guide. You can pass up to 50 session tags. The plaintext session
|
||||
// tag keys can’t exceed 128 characters and the values can’t exceed 256 characters.
|
||||
// For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
|
||||
// inline session policy, managed policy ARNs, and session tags into a packed
|
||||
// binary format that has a separate limit. Your request can fail for this limit
|
||||
// even if your plaintext meets the other requirements. The PackedPolicySize
|
||||
// response element indicates by percentage how close the policies and tags for
|
||||
// your request are to the upper size limit. You can pass a session tag with the
|
||||
// same key as a tag that is attached to the role. When you do, session tags
|
||||
// override the role's tags with the same key. An administrator must grant you the
|
||||
// permissions necessary to pass session tags. The administrator can also create
|
||||
// granular permissions to allow you to pass only specific session tags. For more
|
||||
// information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
||||
// in the IAM User Guide. You can set the session tags as transitive. Transitive
|
||||
// tags persist during role chaining. For more information, see Chaining Roles
|
||||
// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
||||
// in the IAM User Guide. SAML Configuration Before your application can call
|
||||
// AssumeRoleWithSAML , you must configure your SAML identity provider (IdP) to
|
||||
// issue the claims required by Amazon Web Services. Additionally, you must use
|
||||
// Identity and Access Management (IAM) to create a SAML provider entity in your
|
||||
// Amazon Web Services account that represents your identity provider. You must
|
||||
// also create an IAM role that specifies this SAML provider in its trust policy.
|
||||
// than one hour, the operation fails.
|
||||
//
|
||||
// # Permissions
|
||||
//
|
||||
// The temporary security credentials created by AssumeRoleWithSAML can be used to
|
||||
// make API calls to any Amazon Web Services service with the following exception:
|
||||
// you cannot call the STS GetFederationToken or GetSessionToken API operations.
|
||||
//
|
||||
// (Optional) You can pass inline or managed [session policies] to this operation. You can pass a
|
||||
// single JSON policy document to use as an inline session policy. You can also
|
||||
// specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
|
||||
// session policies. The plaintext that you use for both inline and managed session
|
||||
// policies can't exceed 2,048 characters. Passing policies to this operation
|
||||
// returns new temporary credentials. The resulting session's permissions are the
|
||||
// intersection of the role's identity-based policy and the session policies. You
|
||||
// can use the role's temporary credentials in subsequent Amazon Web Services API
|
||||
// calls to access resources in the account that owns the role. You cannot use
|
||||
// session policies to grant more permissions than those allowed by the
|
||||
// identity-based policy of the role that is being assumed. For more information,
|
||||
// see [Session Policies]in the IAM User Guide.
|
||||
//
|
||||
// Calling AssumeRoleWithSAML does not require the use of Amazon Web Services
|
||||
// security credentials. The identity of the caller is validated by using keys in
|
||||
// the metadata document that is uploaded for the SAML provider entity for your
|
||||
// identity provider.
|
||||
//
|
||||
// Calling AssumeRoleWithSAML can result in an entry in your CloudTrail logs. The
|
||||
// entry includes the value in the NameID element of the SAML assertion. We
|
||||
// recommend that you use a NameIDType that is not associated with any personally
|
||||
// identifiable information (PII). For example, you could instead use the
|
||||
// persistent identifier ( urn:oasis:names:tc:SAML:2.0:nameid-format:persistent ).
|
||||
//
|
||||
// # Tags
|
||||
//
|
||||
// (Optional) You can configure your IdP to pass attributes into your SAML
|
||||
// assertion as session tags. Each session tag consists of a key name and an
|
||||
// associated value. For more information about session tags, see [Passing Session Tags in STS]in the IAM User
|
||||
// Guide.
|
||||
//
|
||||
// You can pass up to 50 session tags. The plaintext session tag keys can’t exceed
|
||||
// 128 characters and the values can’t exceed 256 characters. For these and
|
||||
// additional limits, see [IAM and STS Character Limits]in the IAM User Guide.
|
||||
//
|
||||
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||
// separate limit. Your request can fail for this limit even if your plaintext
|
||||
// meets the other requirements. The PackedPolicySize response element indicates
|
||||
// by percentage how close the policies and tags for your request are to the upper
|
||||
// size limit.
|
||||
//
|
||||
// You can pass a session tag with the same key as a tag that is attached to the
|
||||
// role. When you do, session tags override the role's tags with the same key.
|
||||
//
|
||||
// An administrator must grant you the permissions necessary to pass session tags.
|
||||
// The administrator can also create granular permissions to allow you to pass only
|
||||
// specific session tags. For more information, see [Tutorial: Using Tags for Attribute-Based Access Control]in the IAM User Guide.
|
||||
//
|
||||
// You can set the session tags as transitive. Transitive tags persist during role
|
||||
// chaining. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide.
|
||||
//
|
||||
// # SAML Configuration
|
||||
//
|
||||
// Before your application can call AssumeRoleWithSAML , you must configure your
|
||||
// SAML identity provider (IdP) to issue the claims required by Amazon Web
|
||||
// Services. Additionally, you must use Identity and Access Management (IAM) to
|
||||
// create a SAML provider entity in your Amazon Web Services account that
|
||||
// represents your identity provider. You must also create an IAM role that
|
||||
// specifies this SAML provider in its trust policy.
|
||||
//
|
||||
// For more information, see the following resources:
|
||||
// - About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
|
||||
// in the IAM User Guide.
|
||||
// - Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
|
||||
// in the IAM User Guide.
|
||||
// - Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
|
||||
// in the IAM User Guide.
|
||||
// - Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
|
||||
// in the IAM User Guide.
|
||||
//
|
||||
// [About SAML 2.0-based Federation]
|
||||
// - in the IAM User Guide.
|
||||
//
|
||||
// [Creating SAML Identity Providers]
|
||||
// - in the IAM User Guide.
|
||||
//
|
||||
// [Configuring a Relying Party and Claims]
|
||||
// - in the IAM User Guide.
|
||||
//
|
||||
// [Creating a Role for SAML 2.0 Federation]
|
||||
// - in the IAM User Guide.
|
||||
//
|
||||
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
||||
// [Creating a Role for SAML 2.0 Federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html
|
||||
// [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
||||
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
||||
// [Creating SAML Identity Providers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html
|
||||
// [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
||||
// [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
|
||||
// [Configuring a Relying Party and Claims]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html
|
||||
// [Role chaining]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining
|
||||
// [Using IAM Roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
|
||||
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
||||
// [About SAML 2.0-based Federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
|
||||
// [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
|
||||
func (c *Client) AssumeRoleWithSAML(ctx context.Context, params *AssumeRoleWithSAMLInput, optFns ...func(*Options)) (*AssumeRoleWithSAMLOutput, error) {
|
||||
if params == nil {
|
||||
params = &AssumeRoleWithSAMLInput{}
|
||||
@ -130,9 +170,11 @@ type AssumeRoleWithSAMLInput struct {
|
||||
// This member is required.
|
||||
RoleArn *string
|
||||
|
||||
// The base64 encoded SAML authentication response provided by the IdP. For more
|
||||
// information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
|
||||
// in the IAM User Guide.
|
||||
// The base64 encoded SAML authentication response provided by the IdP.
|
||||
//
|
||||
// For more information, see [Configuring a Relying Party and Adding Claims] in the IAM User Guide.
|
||||
//
|
||||
// [Configuring a Relying Party and Adding Claims]: https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html
|
||||
//
|
||||
// This member is required.
|
||||
SAMLAssertion *string
|
||||
@ -146,92 +188,114 @@ type AssumeRoleWithSAMLInput struct {
|
||||
// than this setting, the operation fails. For example, if you specify a session
|
||||
// duration of 12 hours, but your administrator set the maximum session duration to
|
||||
// 6 hours, your operation fails. To learn how to view the maximum value for your
|
||||
// role, see View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// in the IAM User Guide. By default, the value is set to 3600 seconds. The
|
||||
// DurationSeconds parameter is separate from the duration of a console session
|
||||
// that you might request using the returned credentials. The request to the
|
||||
// federation endpoint for a console sign-in token takes a SessionDuration
|
||||
// role, see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide.
|
||||
//
|
||||
// By default, the value is set to 3600 seconds.
|
||||
//
|
||||
// The DurationSeconds parameter is separate from the duration of a console
|
||||
// session that you might request using the returned credentials. The request to
|
||||
// the federation endpoint for a console sign-in token takes a SessionDuration
|
||||
// parameter that specifies the maximum length of the console session. For more
|
||||
// information, see Creating a URL that Enables Federated Users to Access the
|
||||
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
|
||||
// in the IAM User Guide.
|
||||
// information, see [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]in the IAM User Guide.
|
||||
//
|
||||
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
||||
// [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
|
||||
DurationSeconds *int32
|
||||
|
||||
// An IAM policy in JSON format that you want to use as an inline session policy.
|
||||
//
|
||||
// This parameter is optional. Passing policies to this operation returns new
|
||||
// temporary credentials. The resulting session's permissions are the intersection
|
||||
// of the role's identity-based policy and the session policies. You can use the
|
||||
// role's temporary credentials in subsequent Amazon Web Services API calls to
|
||||
// access resources in the account that owns the role. You cannot use session
|
||||
// policies to grant more permissions than those allowed by the identity-based
|
||||
// policy of the role that is being assumed. For more information, see Session
|
||||
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. The plaintext that you use for both inline and managed
|
||||
// session policies can't exceed 2,048 characters. The JSON policy characters can
|
||||
// be any ASCII character from the space character to the end of the valid
|
||||
// character list (\u0020 through \u00FF). It can also include the tab (\u0009),
|
||||
// linefeed (\u000A), and carriage return (\u000D) characters. An Amazon Web
|
||||
// Services conversion compresses the passed inline session policy, managed policy
|
||||
// ARNs, and session tags into a packed binary format that has a separate limit.
|
||||
// Your request can fail for this limit even if your plaintext meets the other
|
||||
// requirements. The PackedPolicySize response element indicates by percentage how
|
||||
// close the policies and tags for your request are to the upper size limit.
|
||||
// policy of the role that is being assumed. For more information, see [Session Policies]in the IAM
|
||||
// User Guide.
|
||||
//
|
||||
// The plaintext that you use for both inline and managed session policies can't
|
||||
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
|
||||
// from the space character to the end of the valid character list (\u0020 through
|
||||
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
|
||||
// return (\u000D) characters.
|
||||
//
|
||||
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||
// separate limit. Your request can fail for this limit even if your plaintext
|
||||
// meets the other requirements. The PackedPolicySize response element indicates
|
||||
// by percentage how close the policies and tags for your request are to the upper
|
||||
// size limit.
|
||||
//
|
||||
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
Policy *string
|
||||
|
||||
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
|
||||
// use as managed session policies. The policies must exist in the same account as
|
||||
// the role. This parameter is optional. You can provide up to 10 managed policy
|
||||
// ARNs. However, the plaintext that you use for both inline and managed session
|
||||
// policies can't exceed 2,048 characters. For more information about ARNs, see
|
||||
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
||||
// in the Amazon Web Services General Reference. An Amazon Web Services conversion
|
||||
// compresses the passed inline session policy, managed policy ARNs, and session
|
||||
// tags into a packed binary format that has a separate limit. Your request can
|
||||
// fail for this limit even if your plaintext meets the other requirements. The
|
||||
// PackedPolicySize response element indicates by percentage how close the policies
|
||||
// and tags for your request are to the upper size limit. Passing policies to this
|
||||
// operation returns new temporary credentials. The resulting session's permissions
|
||||
// are the intersection of the role's identity-based policy and the session
|
||||
// policies. You can use the role's temporary credentials in subsequent Amazon Web
|
||||
// Services API calls to access resources in the account that owns the role. You
|
||||
// cannot use session policies to grant more permissions than those allowed by the
|
||||
// identity-based policy of the role that is being assumed. For more information,
|
||||
// see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide.
|
||||
// the role.
|
||||
//
|
||||
// This parameter is optional. You can provide up to 10 managed policy ARNs.
|
||||
// However, the plaintext that you use for both inline and managed session policies
|
||||
// can't exceed 2,048 characters. For more information about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]in the
|
||||
// Amazon Web Services General Reference.
|
||||
//
|
||||
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||
// separate limit. Your request can fail for this limit even if your plaintext
|
||||
// meets the other requirements. The PackedPolicySize response element indicates
|
||||
// by percentage how close the policies and tags for your request are to the upper
|
||||
// size limit.
|
||||
//
|
||||
// Passing policies to this operation returns new temporary credentials. The
|
||||
// resulting session's permissions are the intersection of the role's
|
||||
// identity-based policy and the session policies. You can use the role's temporary
|
||||
// credentials in subsequent Amazon Web Services API calls to access resources in
|
||||
// the account that owns the role. You cannot use session policies to grant more
|
||||
// permissions than those allowed by the identity-based policy of the role that is
|
||||
// being assumed. For more information, see [Session Policies]in the IAM User Guide.
|
||||
//
|
||||
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
// [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
||||
PolicyArns []types.PolicyDescriptorType
|
||||
|
||||
noSmithyDocumentSerde
|
||||
}
|
||||
|
||||
// Contains the response to a successful AssumeRoleWithSAML request, including
|
||||
// temporary Amazon Web Services credentials that can be used to make Amazon Web
|
||||
// Services requests.
|
||||
// Contains the response to a successful AssumeRoleWithSAML request, including temporary Amazon Web
|
||||
// Services credentials that can be used to make Amazon Web Services requests.
|
||||
type AssumeRoleWithSAMLOutput struct {
|
||||
|
||||
// The identifiers for the temporary security credentials that the operation
|
||||
// returns.
|
||||
AssumedRoleUser *types.AssumedRoleUser
|
||||
|
||||
// The value of the Recipient attribute of the SubjectConfirmationData element of
|
||||
// The value of the Recipient attribute of the SubjectConfirmationData element of
|
||||
// the SAML assertion.
|
||||
Audience *string
|
||||
|
||||
// The temporary security credentials, which include an access key ID, a secret
|
||||
// access key, and a security (or session) token. The size of the security token
|
||||
// that STS API operations return is not fixed. We strongly recommend that you make
|
||||
// no assumptions about the maximum size.
|
||||
// access key, and a security (or session) token.
|
||||
//
|
||||
// The size of the security token that STS API operations return is not fixed. We
|
||||
// strongly recommend that you make no assumptions about the maximum size.
|
||||
Credentials *types.Credentials
|
||||
|
||||
// The value of the Issuer element of the SAML assertion.
|
||||
Issuer *string
|
||||
|
||||
// A hash value based on the concatenation of the following:
|
||||
//
|
||||
// - The Issuer response value.
|
||||
//
|
||||
// - The Amazon Web Services account ID.
|
||||
//
|
||||
// - The friendly name (the last part of the ARN) of the SAML provider in IAM.
|
||||
//
|
||||
// The combination of NameQualifier and Subject can be used to uniquely identify a
|
||||
// user. The following pseudocode shows how the hash value is calculated: BASE64 (
|
||||
// SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP" ) )
|
||||
// user.
|
||||
//
|
||||
// The following pseudocode shows how the hash value is calculated:
|
||||
//
|
||||
// BASE64 ( SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP" ) )
|
||||
NameQualifier *string
|
||||
|
||||
// A percentage value that indicates the packed size of the session policies and
|
||||
@ -240,31 +304,36 @@ type AssumeRoleWithSAMLOutput struct {
|
||||
// allowed space.
|
||||
PackedPolicySize *int32
|
||||
|
||||
// The value in the SourceIdentity attribute in the SAML assertion. You can
|
||||
// require users to set a source identity value when they assume a role. You do
|
||||
// this by using the sts:SourceIdentity condition key in a role trust policy. That
|
||||
// way, actions that are taken with the role are associated with that user. After
|
||||
// the source identity is set, the value cannot be changed. It is present in the
|
||||
// request for all actions that are taken by the role and persists across chained
|
||||
// role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
|
||||
// sessions. You can configure your SAML identity provider to use an attribute
|
||||
// associated with your users, like user name or email, as the source identity when
|
||||
// calling AssumeRoleWithSAML . You do this by adding an attribute to the SAML
|
||||
// assertion. For more information about using source identity, see Monitor and
|
||||
// control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
||||
// spaces. You can also include underscores or any of the following characters:
|
||||
// =,.@-
|
||||
// The value in the SourceIdentity attribute in the SAML assertion.
|
||||
//
|
||||
// You can require users to set a source identity value when they assume a role.
|
||||
// You do this by using the sts:SourceIdentity condition key in a role trust
|
||||
// policy. That way, actions that are taken with the role are associated with that
|
||||
// user. After the source identity is set, the value cannot be changed. It is
|
||||
// present in the request for all actions that are taken by the role and persists
|
||||
// across [chained role]sessions. You can configure your SAML identity provider to use an
|
||||
// attribute associated with your users, like user name or email, as the source
|
||||
// identity when calling AssumeRoleWithSAML . You do this by adding an attribute to
|
||||
// the SAML assertion. For more information about using source identity, see [Monitor and control actions taken with assumed roles]in
|
||||
// the IAM User Guide.
|
||||
//
|
||||
// The regex used to validate this parameter is a string of characters consisting
|
||||
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||
// include underscores or any of the following characters: =,.@-
|
||||
//
|
||||
// [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining
|
||||
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
|
||||
SourceIdentity *string
|
||||
|
||||
// The value of the NameID element in the Subject element of the SAML assertion.
|
||||
Subject *string
|
||||
|
||||
// The format of the name ID, as defined by the Format attribute in the NameID
|
||||
// The format of the name ID, as defined by the Format attribute in the NameID
|
||||
// element of the SAML assertion. Typical examples of the format are transient or
|
||||
// persistent . If the format includes the prefix
|
||||
// urn:oasis:names:tc:SAML:2.0:nameid-format , that prefix is removed. For example,
|
||||
// persistent .
|
||||
//
|
||||
// If the format includes the prefix urn:oasis:names:tc:SAML:2.0:nameid-format ,
|
||||
// that prefix is removed. For example,
|
||||
// urn:oasis:names:tc:SAML:2.0:nameid-format:transient is returned as transient .
|
||||
// If the format includes any other prefix, the format is returned with no
|
||||
// modifications.
|
||||
@ -298,22 +367,22 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -328,13 +397,19 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addOpAssumeRoleWithSAMLValidationMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRoleWithSAML(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
|
399
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go
generated
vendored
399
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go
generated
vendored
@ -14,105 +14,143 @@ import (
|
||||
// Returns a set of temporary security credentials for users who have been
|
||||
// authenticated in a mobile or web application with a web identity provider.
|
||||
// Example providers include the OAuth 2.0 providers Login with Amazon and
|
||||
// Facebook, or any OpenID Connect-compatible identity provider such as Google or
|
||||
// Amazon Cognito federated identities (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
|
||||
// . For mobile applications, we recommend that you use Amazon Cognito. You can use
|
||||
// Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
|
||||
// and the Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
|
||||
// to uniquely identify a user. You can also supply the user with a consistent
|
||||
// identity throughout the lifetime of an application. To learn more about Amazon
|
||||
// Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
|
||||
// in Amazon Cognito Developer Guide. Calling AssumeRoleWithWebIdentity does not
|
||||
// require the use of Amazon Web Services security credentials. Therefore, you can
|
||||
// distribute an application (for example, on mobile devices) that requests
|
||||
// temporary security credentials without including long-term Amazon Web Services
|
||||
// credentials in the application. You also don't need to deploy server-based proxy
|
||||
// services that use long-term Amazon Web Services credentials. Instead, the
|
||||
// identity of the caller is validated by using a token from the web identity
|
||||
// provider. For a comparison of AssumeRoleWithWebIdentity with the other API
|
||||
// operations that produce temporary credentials, see Requesting Temporary
|
||||
// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// in the IAM User Guide. The temporary security credentials returned by this API
|
||||
// consist of an access key ID, a secret access key, and a security token.
|
||||
// Applications can use these temporary security credentials to sign calls to
|
||||
// Amazon Web Services service API operations. Session Duration By default, the
|
||||
// temporary security credentials created by AssumeRoleWithWebIdentity last for
|
||||
// one hour. However, you can use the optional DurationSeconds parameter to
|
||||
// specify the duration of your session. You can provide a value from 900 seconds
|
||||
// (15 minutes) up to the maximum session duration setting for the role. This
|
||||
// setting can have a value from 1 hour to 12 hours. To learn how to view the
|
||||
// maximum value for your role, see View the Maximum Session Duration Setting for
|
||||
// a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// in the IAM User Guide. The maximum session duration limit applies when you use
|
||||
// the AssumeRole* API operations or the assume-role* CLI commands. However the
|
||||
// limit does not apply when you use those operations to create a console URL. For
|
||||
// more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
|
||||
// in the IAM User Guide. Permissions The temporary security credentials created by
|
||||
// AssumeRoleWithWebIdentity can be used to make API calls to any Amazon Web
|
||||
// Services service with the following exception: you cannot call the STS
|
||||
// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
|
||||
// inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// to this operation. You can pass a single JSON policy document to use as an
|
||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
||||
// use for both inline and managed session policies can't exceed 2,048 characters.
|
||||
// Passing policies to this operation returns new temporary credentials. The
|
||||
// resulting session's permissions are the intersection of the role's
|
||||
// identity-based policy and the session policies. You can use the role's temporary
|
||||
// credentials in subsequent Amazon Web Services API calls to access resources in
|
||||
// the account that owns the role. You cannot use session policies to grant more
|
||||
// permissions than those allowed by the identity-based policy of the role that is
|
||||
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. Tags (Optional) You can configure your IdP to pass
|
||||
// attributes into your web identity token as session tags. Each session tag
|
||||
// consists of a key name and an associated value. For more information about
|
||||
// session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
||||
// in the IAM User Guide. You can pass up to 50 session tags. The plaintext session
|
||||
// tag keys can’t exceed 128 characters and the values can’t exceed 256 characters.
|
||||
// For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
|
||||
// inline session policy, managed policy ARNs, and session tags into a packed
|
||||
// binary format that has a separate limit. Your request can fail for this limit
|
||||
// even if your plaintext meets the other requirements. The PackedPolicySize
|
||||
// response element indicates by percentage how close the policies and tags for
|
||||
// your request are to the upper size limit. You can pass a session tag with the
|
||||
// same key as a tag that is attached to the role. When you do, the session tag
|
||||
// overrides the role tag with the same key. An administrator must grant you the
|
||||
// permissions necessary to pass session tags. The administrator can also create
|
||||
// granular permissions to allow you to pass only specific session tags. For more
|
||||
// information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
||||
// in the IAM User Guide. You can set the session tags as transitive. Transitive
|
||||
// tags persist during role chaining. For more information, see Chaining Roles
|
||||
// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
||||
// in the IAM User Guide. Identities Before your application can call
|
||||
// AssumeRoleWithWebIdentity , you must have an identity token from a supported
|
||||
// identity provider and create a role that the application can assume. The role
|
||||
// that your application assumes must trust the identity provider that is
|
||||
// associated with the identity token. In other words, the identity provider must
|
||||
// be specified in the role's trust policy. Calling AssumeRoleWithWebIdentity can
|
||||
// result in an entry in your CloudTrail logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims)
|
||||
// of the provided web identity token. We recommend that you avoid using any
|
||||
// personally identifiable information (PII) in this field. For example, you could
|
||||
// instead use a GUID or a pairwise identifier, as suggested in the OIDC
|
||||
// specification (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes)
|
||||
// . For more information about how to use web identity federation and the
|
||||
// Facebook, or any OpenID Connect-compatible identity provider such as Google or [Amazon Cognito federated identities].
|
||||
//
|
||||
// For mobile applications, we recommend that you use Amazon Cognito. You can use
|
||||
// Amazon Cognito with the [Amazon Web Services SDK for iOS Developer Guide]and the [Amazon Web Services SDK for Android Developer Guide] to uniquely identify a user. You can also
|
||||
// supply the user with a consistent identity throughout the lifetime of an
|
||||
// application.
|
||||
//
|
||||
// To learn more about Amazon Cognito, see [Amazon Cognito identity pools] in Amazon Cognito Developer Guide.
|
||||
//
|
||||
// Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web
|
||||
// Services security credentials. Therefore, you can distribute an application (for
|
||||
// example, on mobile devices) that requests temporary security credentials without
|
||||
// including long-term Amazon Web Services credentials in the application. You also
|
||||
// don't need to deploy server-based proxy services that use long-term Amazon Web
|
||||
// Services credentials. Instead, the identity of the caller is validated by using
|
||||
// a token from the web identity provider. For a comparison of
|
||||
// AssumeRoleWithWebIdentity with the other API operations that produce temporary
|
||||
// credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide.
|
||||
//
|
||||
// The temporary security credentials returned by this API consist of an access
|
||||
// key ID, a secret access key, and a security token. Applications can use these
|
||||
// temporary security credentials to sign calls to Amazon Web Services service API
|
||||
// operations.
|
||||
//
|
||||
// # Session Duration
|
||||
//
|
||||
// By default, the temporary security credentials created by
|
||||
// AssumeRoleWithWebIdentity last for one hour. However, you can use the optional
|
||||
// DurationSeconds parameter to specify the duration of your session. You can
|
||||
// provide a value from 900 seconds (15 minutes) up to the maximum session duration
|
||||
// setting for the role. This setting can have a value from 1 hour to 12 hours. To
|
||||
// learn how to view the maximum value for your role, see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide.
|
||||
// The maximum session duration limit applies when you use the AssumeRole* API
|
||||
// operations or the assume-role* CLI commands. However the limit does not apply
|
||||
// when you use those operations to create a console URL. For more information, see
|
||||
// [Using IAM Roles]in the IAM User Guide.
|
||||
//
|
||||
// # Permissions
|
||||
//
|
||||
// The temporary security credentials created by AssumeRoleWithWebIdentity can be
|
||||
// used to make API calls to any Amazon Web Services service with the following
|
||||
// exception: you cannot call the STS GetFederationToken or GetSessionToken API
|
||||
// operations.
|
||||
//
|
||||
// (Optional) You can pass inline or managed [session policies] to this operation. You can pass a
|
||||
// single JSON policy document to use as an inline session policy. You can also
|
||||
// specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
|
||||
// session policies. The plaintext that you use for both inline and managed session
|
||||
// policies can't exceed 2,048 characters. Passing policies to this operation
|
||||
// returns new temporary credentials. The resulting session's permissions are the
|
||||
// intersection of the role's identity-based policy and the session policies. You
|
||||
// can use the role's temporary credentials in subsequent Amazon Web Services API
|
||||
// calls to access resources in the account that owns the role. You cannot use
|
||||
// session policies to grant more permissions than those allowed by the
|
||||
// identity-based policy of the role that is being assumed. For more information,
|
||||
// see [Session Policies]in the IAM User Guide.
|
||||
//
|
||||
// # Tags
|
||||
//
|
||||
// (Optional) You can configure your IdP to pass attributes into your web identity
|
||||
// token as session tags. Each session tag consists of a key name and an associated
|
||||
// value. For more information about session tags, see [Passing Session Tags in STS]in the IAM User Guide.
|
||||
//
|
||||
// You can pass up to 50 session tags. The plaintext session tag keys can’t exceed
|
||||
// 128 characters and the values can’t exceed 256 characters. For these and
|
||||
// additional limits, see [IAM and STS Character Limits]in the IAM User Guide.
|
||||
//
|
||||
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||
// separate limit. Your request can fail for this limit even if your plaintext
|
||||
// meets the other requirements. The PackedPolicySize response element indicates
|
||||
// by percentage how close the policies and tags for your request are to the upper
|
||||
// size limit.
|
||||
//
|
||||
// You can pass a session tag with the same key as a tag that is attached to the
|
||||
// role. When you do, the session tag overrides the role tag with the same key.
|
||||
//
|
||||
// An administrator must grant you the permissions necessary to pass session tags.
|
||||
// The administrator can also create granular permissions to allow you to pass only
|
||||
// specific session tags. For more information, see [Tutorial: Using Tags for Attribute-Based Access Control]in the IAM User Guide.
|
||||
//
|
||||
// You can set the session tags as transitive. Transitive tags persist during role
|
||||
// chaining. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide.
|
||||
//
|
||||
// # Identities
|
||||
//
|
||||
// Before your application can call AssumeRoleWithWebIdentity , you must have an
|
||||
// identity token from a supported identity provider and create a role that the
|
||||
// application can assume. The role that your application assumes must trust the
|
||||
// identity provider that is associated with the identity token. In other words,
|
||||
// the identity provider must be specified in the role's trust policy.
|
||||
//
|
||||
// Calling AssumeRoleWithWebIdentity can result in an entry in your CloudTrail
|
||||
// logs. The entry includes the [Subject]of the provided web identity token. We recommend
|
||||
// that you avoid using any personally identifiable information (PII) in this
|
||||
// field. For example, you could instead use a GUID or a pairwise identifier, as [suggested in the OIDC specification].
|
||||
//
|
||||
// For more information about how to use web identity federation and the
|
||||
// AssumeRoleWithWebIdentity API, see the following resources:
|
||||
// - Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
|
||||
// and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
|
||||
// .
|
||||
// - Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/)
|
||||
// . Walk through the process of authenticating through Login with Amazon,
|
||||
//
|
||||
// [Using Web Identity Federation API Operations for Mobile Apps]
|
||||
// - and [Federation Through a Web-based Identity Provider].
|
||||
//
|
||||
// [Web Identity Federation Playground]
|
||||
// - . Walk through the process of authenticating through Login with Amazon,
|
||||
// Facebook, or Google, getting temporary security credentials, and then using
|
||||
// those credentials to make a request to Amazon Web Services.
|
||||
// - Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
|
||||
// and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
|
||||
// . These toolkits contain sample apps that show how to invoke the identity
|
||||
// providers. The toolkits then show how to use the information from these
|
||||
//
|
||||
// [Amazon Web Services SDK for iOS Developer Guide]
|
||||
// - and [Amazon Web Services SDK for Android Developer Guide]. These toolkits contain sample apps that show how to invoke the
|
||||
// identity providers. The toolkits then show how to use the information from these
|
||||
// providers to get and use temporary security credentials.
|
||||
// - Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications)
|
||||
// . This article discusses web identity federation and shows an example of how to
|
||||
// use web identity federation to get access to content in Amazon S3.
|
||||
//
|
||||
// [Web Identity Federation with Mobile Applications]
|
||||
// - . This article discusses web identity federation and shows an example of
|
||||
// how to use web identity federation to get access to content in Amazon S3.
|
||||
//
|
||||
// [Amazon Web Services SDK for iOS Developer Guide]: http://aws.amazon.com/sdkforios/
|
||||
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
||||
// [Web Identity Federation Playground]: https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/
|
||||
// [Amazon Web Services SDK for Android Developer Guide]: http://aws.amazon.com/sdkforandroid/
|
||||
// [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
||||
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
||||
// [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
||||
// [Subject]: http://openid.net/specs/openid-connect-core-1_0.html#Claims
|
||||
// [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
|
||||
// [Amazon Cognito identity pools]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html
|
||||
// [Federation Through a Web-based Identity Provider]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
|
||||
// [Using IAM Roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
|
||||
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
// [Amazon Cognito federated identities]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html
|
||||
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
||||
// [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
|
||||
// [Web Identity Federation with Mobile Applications]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications
|
||||
// [Using Web Identity Federation API Operations for Mobile Apps]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html
|
||||
// [suggested in the OIDC specification]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
|
||||
func (c *Client) AssumeRoleWithWebIdentity(ctx context.Context, params *AssumeRoleWithWebIdentityInput, optFns ...func(*Options)) (*AssumeRoleWithWebIdentityOutput, error) {
|
||||
if params == nil {
|
||||
params = &AssumeRoleWithWebIdentityInput{}
|
||||
@ -139,10 +177,11 @@ type AssumeRoleWithWebIdentityInput struct {
|
||||
// identifier that is associated with the user who is using your application. That
|
||||
// way, the temporary security credentials that your application will use are
|
||||
// associated with that user. This session name is included as part of the ARN and
|
||||
// assumed role ID in the AssumedRoleUser response element. The regex used to
|
||||
// validate this parameter is a string of characters consisting of upper- and
|
||||
// lower-case alphanumeric characters with no spaces. You can also include
|
||||
// underscores or any of the following characters: =,.@-
|
||||
// assumed role ID in the AssumedRoleUser response element.
|
||||
//
|
||||
// The regex used to validate this parameter is a string of characters consisting
|
||||
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||
// include underscores or any of the following characters: =,.@-
|
||||
//
|
||||
// This member is required.
|
||||
RoleSessionName *string
|
||||
@ -162,73 +201,90 @@ type AssumeRoleWithWebIdentityInput struct {
|
||||
// higher than this setting, the operation fails. For example, if you specify a
|
||||
// session duration of 12 hours, but your administrator set the maximum session
|
||||
// duration to 6 hours, your operation fails. To learn how to view the maximum
|
||||
// value for your role, see View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// in the IAM User Guide. By default, the value is set to 3600 seconds. The
|
||||
// DurationSeconds parameter is separate from the duration of a console session
|
||||
// that you might request using the returned credentials. The request to the
|
||||
// federation endpoint for a console sign-in token takes a SessionDuration
|
||||
// value for your role, see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide.
|
||||
//
|
||||
// By default, the value is set to 3600 seconds.
|
||||
//
|
||||
// The DurationSeconds parameter is separate from the duration of a console
|
||||
// session that you might request using the returned credentials. The request to
|
||||
// the federation endpoint for a console sign-in token takes a SessionDuration
|
||||
// parameter that specifies the maximum length of the console session. For more
|
||||
// information, see Creating a URL that Enables Federated Users to Access the
|
||||
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
|
||||
// in the IAM User Guide.
|
||||
// information, see [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]in the IAM User Guide.
|
||||
//
|
||||
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
||||
// [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
|
||||
DurationSeconds *int32
|
||||
|
||||
// An IAM policy in JSON format that you want to use as an inline session policy.
|
||||
//
|
||||
// This parameter is optional. Passing policies to this operation returns new
|
||||
// temporary credentials. The resulting session's permissions are the intersection
|
||||
// of the role's identity-based policy and the session policies. You can use the
|
||||
// role's temporary credentials in subsequent Amazon Web Services API calls to
|
||||
// access resources in the account that owns the role. You cannot use session
|
||||
// policies to grant more permissions than those allowed by the identity-based
|
||||
// policy of the role that is being assumed. For more information, see Session
|
||||
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. The plaintext that you use for both inline and managed
|
||||
// session policies can't exceed 2,048 characters. The JSON policy characters can
|
||||
// be any ASCII character from the space character to the end of the valid
|
||||
// character list (\u0020 through \u00FF). It can also include the tab (\u0009),
|
||||
// linefeed (\u000A), and carriage return (\u000D) characters. An Amazon Web
|
||||
// Services conversion compresses the passed inline session policy, managed policy
|
||||
// ARNs, and session tags into a packed binary format that has a separate limit.
|
||||
// Your request can fail for this limit even if your plaintext meets the other
|
||||
// requirements. The PackedPolicySize response element indicates by percentage how
|
||||
// close the policies and tags for your request are to the upper size limit.
|
||||
// policy of the role that is being assumed. For more information, see [Session Policies]in the IAM
|
||||
// User Guide.
|
||||
//
|
||||
// The plaintext that you use for both inline and managed session policies can't
|
||||
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
|
||||
// from the space character to the end of the valid character list (\u0020 through
|
||||
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
|
||||
// return (\u000D) characters.
|
||||
//
|
||||
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||
// separate limit. Your request can fail for this limit even if your plaintext
|
||||
// meets the other requirements. The PackedPolicySize response element indicates
|
||||
// by percentage how close the policies and tags for your request are to the upper
|
||||
// size limit.
|
||||
//
|
||||
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
Policy *string
|
||||
|
||||
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
|
||||
// use as managed session policies. The policies must exist in the same account as
|
||||
// the role. This parameter is optional. You can provide up to 10 managed policy
|
||||
// ARNs. However, the plaintext that you use for both inline and managed session
|
||||
// policies can't exceed 2,048 characters. For more information about ARNs, see
|
||||
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
||||
// in the Amazon Web Services General Reference. An Amazon Web Services conversion
|
||||
// compresses the passed inline session policy, managed policy ARNs, and session
|
||||
// tags into a packed binary format that has a separate limit. Your request can
|
||||
// fail for this limit even if your plaintext meets the other requirements. The
|
||||
// PackedPolicySize response element indicates by percentage how close the policies
|
||||
// and tags for your request are to the upper size limit. Passing policies to this
|
||||
// operation returns new temporary credentials. The resulting session's permissions
|
||||
// are the intersection of the role's identity-based policy and the session
|
||||
// policies. You can use the role's temporary credentials in subsequent Amazon Web
|
||||
// Services API calls to access resources in the account that owns the role. You
|
||||
// cannot use session policies to grant more permissions than those allowed by the
|
||||
// identity-based policy of the role that is being assumed. For more information,
|
||||
// see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide.
|
||||
// the role.
|
||||
//
|
||||
// This parameter is optional. You can provide up to 10 managed policy ARNs.
|
||||
// However, the plaintext that you use for both inline and managed session policies
|
||||
// can't exceed 2,048 characters. For more information about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]in the
|
||||
// Amazon Web Services General Reference.
|
||||
//
|
||||
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||
// separate limit. Your request can fail for this limit even if your plaintext
|
||||
// meets the other requirements. The PackedPolicySize response element indicates
|
||||
// by percentage how close the policies and tags for your request are to the upper
|
||||
// size limit.
|
||||
//
|
||||
// Passing policies to this operation returns new temporary credentials. The
|
||||
// resulting session's permissions are the intersection of the role's
|
||||
// identity-based policy and the session policies. You can use the role's temporary
|
||||
// credentials in subsequent Amazon Web Services API calls to access resources in
|
||||
// the account that owns the role. You cannot use session policies to grant more
|
||||
// permissions than those allowed by the identity-based policy of the role that is
|
||||
// being assumed. For more information, see [Session Policies]in the IAM User Guide.
|
||||
//
|
||||
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
// [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
||||
PolicyArns []types.PolicyDescriptorType
|
||||
|
||||
// The fully qualified host component of the domain name of the OAuth 2.0 identity
|
||||
// provider. Do not specify this value for an OpenID Connect identity provider.
|
||||
//
|
||||
// Currently www.amazon.com and graph.facebook.com are the only supported identity
|
||||
// providers for OAuth 2.0 access tokens. Do not include URL schemes and port
|
||||
// numbers. Do not specify this value for OpenID Connect ID tokens.
|
||||
// numbers.
|
||||
//
|
||||
// Do not specify this value for OpenID Connect ID tokens.
|
||||
ProviderId *string
|
||||
|
||||
noSmithyDocumentSerde
|
||||
}
|
||||
|
||||
// Contains the response to a successful AssumeRoleWithWebIdentity request,
|
||||
// including temporary Amazon Web Services credentials that can be used to make
|
||||
// Amazon Web Services requests.
|
||||
// Contains the response to a successful AssumeRoleWithWebIdentity request, including temporary Amazon Web
|
||||
// Services credentials that can be used to make Amazon Web Services requests.
|
||||
type AssumeRoleWithWebIdentityOutput struct {
|
||||
|
||||
// The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers
|
||||
@ -244,9 +300,10 @@ type AssumeRoleWithWebIdentityOutput struct {
|
||||
Audience *string
|
||||
|
||||
// The temporary security credentials, which include an access key ID, a secret
|
||||
// access key, and a security token. The size of the security token that STS API
|
||||
// operations return is not fixed. We strongly recommend that you make no
|
||||
// assumptions about the maximum size.
|
||||
// access key, and a security token.
|
||||
//
|
||||
// The size of the security token that STS API operations return is not fixed. We
|
||||
// strongly recommend that you make no assumptions about the maximum size.
|
||||
Credentials *types.Credentials
|
||||
|
||||
// A percentage value that indicates the packed size of the session policies and
|
||||
@ -255,30 +312,34 @@ type AssumeRoleWithWebIdentityOutput struct {
|
||||
// allowed space.
|
||||
PackedPolicySize *int32
|
||||
|
||||
// The issuing authority of the web identity token presented. For OpenID Connect
|
||||
// The issuing authority of the web identity token presented. For OpenID Connect
|
||||
// ID tokens, this contains the value of the iss field. For OAuth 2.0 access
|
||||
// tokens, this contains the value of the ProviderId parameter that was passed in
|
||||
// the AssumeRoleWithWebIdentity request.
|
||||
Provider *string
|
||||
|
||||
// The value of the source identity that is returned in the JSON web token (JWT)
|
||||
// from the identity provider. You can require users to set a source identity value
|
||||
// when they assume a role. You do this by using the sts:SourceIdentity condition
|
||||
// key in a role trust policy. That way, actions that are taken with the role are
|
||||
// associated with that user. After the source identity is set, the value cannot be
|
||||
// changed. It is present in the request for all actions that are taken by the role
|
||||
// and persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
|
||||
// sessions. You can configure your identity provider to use an attribute
|
||||
// from the identity provider.
|
||||
//
|
||||
// You can require users to set a source identity value when they assume a role.
|
||||
// You do this by using the sts:SourceIdentity condition key in a role trust
|
||||
// policy. That way, actions that are taken with the role are associated with that
|
||||
// user. After the source identity is set, the value cannot be changed. It is
|
||||
// present in the request for all actions that are taken by the role and persists
|
||||
// across [chained role]sessions. You can configure your identity provider to use an attribute
|
||||
// associated with your users, like user name or email, as the source identity when
|
||||
// calling AssumeRoleWithWebIdentity . You do this by adding a claim to the JSON
|
||||
// web token. To learn more about OIDC tokens and claims, see Using Tokens with
|
||||
// User Pools (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html)
|
||||
// in the Amazon Cognito Developer Guide. For more information about using source
|
||||
// identity, see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
||||
// spaces. You can also include underscores or any of the following characters:
|
||||
// =,.@-
|
||||
// web token. To learn more about OIDC tokens and claims, see [Using Tokens with User Pools]in the Amazon
|
||||
// Cognito Developer Guide. For more information about using source identity, see [Monitor and control actions taken with assumed roles]
|
||||
// in the IAM User Guide.
|
||||
//
|
||||
// The regex used to validate this parameter is a string of characters consisting
|
||||
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||
// include underscores or any of the following characters: =,.@-
|
||||
//
|
||||
// [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining
|
||||
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
|
||||
// [Using Tokens with User Pools]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html
|
||||
SourceIdentity *string
|
||||
|
||||
// The unique user identifier that is returned by the identity provider. This
|
||||
@ -317,22 +378,22 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -347,13 +408,19 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addOpAssumeRoleWithWebIdentityValidationMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRoleWithWebIdentity(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
|
66
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go
generated
vendored
66
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go
generated
vendored
@ -6,34 +6,44 @@ import (
|
||||
"context"
|
||||
"fmt"
|
||||
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
||||
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
|
||||
"github.com/aws/smithy-go/middleware"
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
)
|
||||
|
||||
// Decodes additional information about the authorization status of a request from
|
||||
// an encoded message returned in response to an Amazon Web Services request. For
|
||||
// example, if a user is not authorized to perform an operation that he or she has
|
||||
// requested, the request returns a Client.UnauthorizedOperation response (an HTTP
|
||||
// 403 response). Some Amazon Web Services operations additionally return an
|
||||
// encoded message that can provide details about this authorization failure. Only
|
||||
// certain Amazon Web Services operations return an encoded authorization message.
|
||||
// The documentation for an individual operation indicates whether that operation
|
||||
// returns an encoded message in addition to returning an HTTP code. The message is
|
||||
// encoded because the details of the authorization status can contain privileged
|
||||
// information that the user who requested the operation should not see. To decode
|
||||
// an authorization status message, a user must be granted permissions through an
|
||||
// IAM policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
|
||||
// to request the DecodeAuthorizationMessage ( sts:DecodeAuthorizationMessage )
|
||||
// action. The decoded message includes the following type of information:
|
||||
// an encoded message returned in response to an Amazon Web Services request.
|
||||
//
|
||||
// For example, if a user is not authorized to perform an operation that he or she
|
||||
// has requested, the request returns a Client.UnauthorizedOperation response (an
|
||||
// HTTP 403 response). Some Amazon Web Services operations additionally return an
|
||||
// encoded message that can provide details about this authorization failure.
|
||||
//
|
||||
// Only certain Amazon Web Services operations return an encoded authorization
|
||||
// message. The documentation for an individual operation indicates whether that
|
||||
// operation returns an encoded message in addition to returning an HTTP code.
|
||||
//
|
||||
// The message is encoded because the details of the authorization status can
|
||||
// contain privileged information that the user who requested the operation should
|
||||
// not see. To decode an authorization status message, a user must be granted
|
||||
// permissions through an IAM [policy]to request the DecodeAuthorizationMessage (
|
||||
// sts:DecodeAuthorizationMessage ) action.
|
||||
//
|
||||
// The decoded message includes the following type of information:
|
||||
//
|
||||
// - Whether the request was denied due to an explicit deny or due to the
|
||||
// absence of an explicit allow. For more information, see Determining Whether a
|
||||
// Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
|
||||
// in the IAM User Guide.
|
||||
// absence of an explicit allow. For more information, see [Determining Whether a Request is Allowed or Denied]in the IAM User
|
||||
// Guide.
|
||||
//
|
||||
// - The principal who made the request.
|
||||
//
|
||||
// - The requested action.
|
||||
//
|
||||
// - The requested resource.
|
||||
//
|
||||
// - The values of condition keys in the context of the user's request.
|
||||
//
|
||||
// [Determining Whether a Request is Allowed or Denied]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow
|
||||
// [policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
|
||||
func (c *Client) DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error) {
|
||||
if params == nil {
|
||||
params = &DecodeAuthorizationMessageInput{}
|
||||
@ -95,25 +105,25 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
|
||||
if err = addComputePayloadSHA256(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -128,13 +138,19 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addOpDecodeAuthorizationMessageValidationMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDecodeAuthorizationMessage(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
|
70
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go
generated
vendored
70
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go
generated
vendored
@ -6,28 +6,35 @@ import (
|
||||
"context"
|
||||
"fmt"
|
||||
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
||||
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
|
||||
"github.com/aws/smithy-go/middleware"
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
)
|
||||
|
||||
// Returns the account identifier for the specified access key ID. Access keys
|
||||
// consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE ) and
|
||||
// a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY ).
|
||||
// For more information about access keys, see Managing Access Keys for IAM Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
|
||||
// in the IAM User Guide. When you pass an access key ID to this operation, it
|
||||
// returns the ID of the Amazon Web Services account to which the keys belong.
|
||||
// Access key IDs beginning with AKIA are long-term credentials for an IAM user or
|
||||
// the Amazon Web Services account root user. Access key IDs beginning with ASIA
|
||||
// are temporary credentials that are created using STS operations. If the account
|
||||
// in the response belongs to you, you can sign in as the root user and review your
|
||||
// root user access keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
|
||||
// to learn which IAM user owns the keys. To learn who requested the temporary
|
||||
// credentials for an ASIA access key, view the STS events in your CloudTrail logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
|
||||
// in the IAM User Guide. This operation does not indicate the state of the access
|
||||
// key. The key might be active, inactive, or deleted. Active keys might not have
|
||||
// permissions to perform an operation. Providing a deleted access key might return
|
||||
// an error that the key doesn't exist.
|
||||
// Returns the account identifier for the specified access key ID.
|
||||
//
|
||||
// Access keys consist of two parts: an access key ID (for example,
|
||||
// AKIAIOSFODNN7EXAMPLE ) and a secret access key (for example,
|
||||
// wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY ). For more information about access
|
||||
// keys, see [Managing Access Keys for IAM Users]in the IAM User Guide.
|
||||
//
|
||||
// When you pass an access key ID to this operation, it returns the ID of the
|
||||
// Amazon Web Services account to which the keys belong. Access key IDs beginning
|
||||
// with AKIA are long-term credentials for an IAM user or the Amazon Web Services
|
||||
// account root user. Access key IDs beginning with ASIA are temporary credentials
|
||||
// that are created using STS operations. If the account in the response belongs to
|
||||
// you, you can sign in as the root user and review your root user access keys.
|
||||
// Then, you can pull a [credentials report]to learn which IAM user owns the keys. To learn who
|
||||
// requested the temporary credentials for an ASIA access key, view the STS events
|
||||
// in your [CloudTrail logs]in the IAM User Guide.
|
||||
//
|
||||
// This operation does not indicate the state of the access key. The key might be
|
||||
// active, inactive, or deleted. Active keys might not have permissions to perform
|
||||
// an operation. Providing a deleted access key might return an error that the key
|
||||
// doesn't exist.
|
||||
//
|
||||
// [credentials report]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html
|
||||
// [CloudTrail logs]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
|
||||
// [Managing Access Keys for IAM Users]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html
|
||||
func (c *Client) GetAccessKeyInfo(ctx context.Context, params *GetAccessKeyInfoInput, optFns ...func(*Options)) (*GetAccessKeyInfoOutput, error) {
|
||||
if params == nil {
|
||||
params = &GetAccessKeyInfoInput{}
|
||||
@ -45,9 +52,10 @@ func (c *Client) GetAccessKeyInfo(ctx context.Context, params *GetAccessKeyInfoI
|
||||
|
||||
type GetAccessKeyInfoInput struct {
|
||||
|
||||
// The identifier of an access key. This parameter allows (through its regex
|
||||
// pattern) a string of characters that can consist of any upper- or lowercase
|
||||
// letter or digit.
|
||||
// The identifier of an access key.
|
||||
//
|
||||
// This parameter allows (through its regex pattern) a string of characters that
|
||||
// can consist of any upper- or lowercase letter or digit.
|
||||
//
|
||||
// This member is required.
|
||||
AccessKeyId *string
|
||||
@ -88,25 +96,25 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
|
||||
if err = addComputePayloadSHA256(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -121,13 +129,19 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addOpGetAccessKeyInfoValidationMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetAccessKeyInfo(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
|
46
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go
generated
vendored
46
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go
generated
vendored
@ -12,13 +12,15 @@ import (
|
||||
)
|
||||
|
||||
// Returns details about the IAM user or role whose credentials are used to call
|
||||
// the operation. No permissions are required to perform this operation. If an
|
||||
// administrator attaches a policy to your identity that explicitly denies access
|
||||
// to the sts:GetCallerIdentity action, you can still perform this operation.
|
||||
// Permissions are not required because the same information is returned when
|
||||
// access is denied. To view an example response, see I Am Not Authorized to
|
||||
// Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
|
||||
// in the IAM User Guide.
|
||||
// the operation.
|
||||
//
|
||||
// No permissions are required to perform this operation. If an administrator
|
||||
// attaches a policy to your identity that explicitly denies access to the
|
||||
// sts:GetCallerIdentity action, you can still perform this operation. Permissions
|
||||
// are not required because the same information is returned when access is denied.
|
||||
// To view an example response, see [I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice]in the IAM User Guide.
|
||||
//
|
||||
// [I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice]: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa
|
||||
func (c *Client) GetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*Options)) (*GetCallerIdentityOutput, error) {
|
||||
if params == nil {
|
||||
params = &GetCallerIdentityInput{}
|
||||
@ -38,8 +40,8 @@ type GetCallerIdentityInput struct {
|
||||
noSmithyDocumentSerde
|
||||
}
|
||||
|
||||
// Contains the response to a successful GetCallerIdentity request, including
|
||||
// information about the entity making the request.
|
||||
// Contains the response to a successful GetCallerIdentity request, including information about the
|
||||
// entity making the request.
|
||||
type GetCallerIdentityOutput struct {
|
||||
|
||||
// The Amazon Web Services account ID number of the account that owns or contains
|
||||
@ -51,8 +53,10 @@ type GetCallerIdentityOutput struct {
|
||||
|
||||
// The unique identifier of the calling entity. The exact value depends on the
|
||||
// type of entity that is making the call. The values returned are those listed in
|
||||
// the aws:userid column in the Principal table (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable)
|
||||
// found on the Policy Variables reference page in the IAM User Guide.
|
||||
// the aws:userid column in the [Principal table]found on the Policy Variables reference page in
|
||||
// the IAM User Guide.
|
||||
//
|
||||
// [Principal table]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable
|
||||
UserId *string
|
||||
|
||||
// Metadata pertaining to the operation's result.
|
||||
@ -83,25 +87,25 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
|
||||
if err = addComputePayloadSHA256(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -116,10 +120,16 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetCallerIdentity(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
|
338
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go
generated
vendored
338
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go
generated
vendored
@ -6,7 +6,6 @@ import (
|
||||
"context"
|
||||
"fmt"
|
||||
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
||||
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
|
||||
"github.com/aws/aws-sdk-go-v2/service/sts/types"
|
||||
"github.com/aws/smithy-go/middleware"
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
@ -15,74 +14,100 @@ import (
|
||||
// Returns a set of temporary security credentials (consisting of an access key
|
||||
// ID, a secret access key, and a security token) for a user. A typical use is in a
|
||||
// proxy application that gets temporary security credentials on behalf of
|
||||
// distributed applications inside a corporate network. You must call the
|
||||
// GetFederationToken operation using the long-term security credentials of an IAM
|
||||
// user. As a result, this call is appropriate in contexts where those credentials
|
||||
// can be safeguarded, usually in a server-based application. For a comparison of
|
||||
// GetFederationToken with the other API operations that produce temporary
|
||||
// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// in the IAM User Guide. Although it is possible to call GetFederationToken using
|
||||
// the security credentials of an Amazon Web Services account root user rather than
|
||||
// an IAM user that you create for the purpose of a proxy application, we do not
|
||||
// recommend it. For more information, see Safeguard your root user credentials
|
||||
// and don't use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
|
||||
// in the IAM User Guide. You can create a mobile-based or browser-based app that
|
||||
// can authenticate users using a web identity provider like Login with Amazon,
|
||||
// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
|
||||
// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
|
||||
// or AssumeRoleWithWebIdentity . For more information, see Federation Through a
|
||||
// Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
|
||||
// in the IAM User Guide. Session duration The temporary credentials are valid for
|
||||
// the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600
|
||||
// seconds (36 hours). The default session duration is 43,200 seconds (12 hours).
|
||||
// Temporary credentials obtained by using the root user credentials have a maximum
|
||||
// duration of 3,600 seconds (1 hour). Permissions You can use the temporary
|
||||
// credentials created by GetFederationToken in any Amazon Web Services service
|
||||
// with the following exceptions:
|
||||
// distributed applications inside a corporate network.
|
||||
//
|
||||
// You must call the GetFederationToken operation using the long-term security
|
||||
// credentials of an IAM user. As a result, this call is appropriate in contexts
|
||||
// where those credentials can be safeguarded, usually in a server-based
|
||||
// application. For a comparison of GetFederationToken with the other API
|
||||
// operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide.
|
||||
//
|
||||
// Although it is possible to call GetFederationToken using the security
|
||||
// credentials of an Amazon Web Services account root user rather than an IAM user
|
||||
// that you create for the purpose of a proxy application, we do not recommend it.
|
||||
// For more information, see [Safeguard your root user credentials and don't use them for everyday tasks]in the IAM User Guide.
|
||||
//
|
||||
// You can create a mobile-based or browser-based app that can authenticate users
|
||||
// using a web identity provider like Login with Amazon, Facebook, Google, or an
|
||||
// OpenID Connect-compatible identity provider. In this case, we recommend that you
|
||||
// use [Amazon Cognito]or AssumeRoleWithWebIdentity . For more information, see [Federation Through a Web-based Identity Provider] in the IAM User
|
||||
// Guide.
|
||||
//
|
||||
// # Session duration
|
||||
//
|
||||
// The temporary credentials are valid for the specified duration, from 900
|
||||
// seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
|
||||
// session duration is 43,200 seconds (12 hours). Temporary credentials obtained by
|
||||
// using the root user credentials have a maximum duration of 3,600 seconds (1
|
||||
// hour).
|
||||
//
|
||||
// # Permissions
|
||||
//
|
||||
// You can use the temporary credentials created by GetFederationToken in any
|
||||
// Amazon Web Services service with the following exceptions:
|
||||
//
|
||||
// - You cannot call any IAM operations using the CLI or the Amazon Web Services
|
||||
// API. This limitation does not apply to console sessions.
|
||||
//
|
||||
// - You cannot call any STS operations except GetCallerIdentity .
|
||||
//
|
||||
// You can use temporary credentials for single sign-on (SSO) to the console. You
|
||||
// must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// to this operation. You can pass a single JSON policy document to use as an
|
||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
||||
// use for both inline and managed session policies can't exceed 2,048 characters.
|
||||
// You can use temporary credentials for single sign-on (SSO) to the console.
|
||||
//
|
||||
// You must pass an inline or managed [session policy] to this operation. You can pass a single
|
||||
// JSON policy document to use as an inline session policy. You can also specify up
|
||||
// to 10 managed policy Amazon Resource Names (ARNs) to use as managed session
|
||||
// policies. The plaintext that you use for both inline and managed session
|
||||
// policies can't exceed 2,048 characters.
|
||||
//
|
||||
// Though the session policy parameters are optional, if you do not pass a policy,
|
||||
// then the resulting federated user session has no permissions. When you pass
|
||||
// session policies, the session permissions are the intersection of the IAM user
|
||||
// policies and the session policies that you pass. This gives you a way to further
|
||||
// restrict the permissions for a federated user. You cannot use session policies
|
||||
// to grant more permissions than those that are defined in the permissions policy
|
||||
// of the IAM user. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. For information about using GetFederationToken to create
|
||||
// temporary security credentials, see GetFederationToken—Federation Through a
|
||||
// Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken)
|
||||
// . You can use the credentials to access a resource that has a resource-based
|
||||
// of the IAM user. For more information, see [Session Policies]in the IAM User Guide. For
|
||||
// information about using GetFederationToken to create temporary security
|
||||
// credentials, see [GetFederationToken—Federation Through a Custom Identity Broker].
|
||||
//
|
||||
// You can use the credentials to access a resource that has a resource-based
|
||||
// policy. If that policy specifically references the federated user session in the
|
||||
// Principal element of the policy, the session has the permissions allowed by the
|
||||
// policy. These permissions are granted in addition to the permissions granted by
|
||||
// the session policies. Tags (Optional) You can pass tag key-value pairs to your
|
||||
// session. These are called session tags. For more information about session tags,
|
||||
// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
||||
// in the IAM User Guide. You can create a mobile-based or browser-based app that
|
||||
// can authenticate users using a web identity provider like Login with Amazon,
|
||||
// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
|
||||
// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
|
||||
// or AssumeRoleWithWebIdentity . For more information, see Federation Through a
|
||||
// Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
|
||||
// in the IAM User Guide. An administrator must grant you the permissions necessary
|
||||
// to pass session tags. The administrator can also create granular permissions to
|
||||
// allow you to pass only specific session tags. For more information, see
|
||||
// Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
||||
// in the IAM User Guide. Tag key–value pairs are not case sensitive, but case is
|
||||
// preserved. This means that you cannot have separate Department and department
|
||||
// tag keys. Assume that the user that you are federating has the Department =
|
||||
// Marketing tag and you pass the department = engineering session tag. Department
|
||||
// and department are not saved as separate tags, and the session tag passed in
|
||||
// the request takes precedence over the user tag.
|
||||
// the session policies.
|
||||
//
|
||||
// # Tags
|
||||
//
|
||||
// (Optional) You can pass tag key-value pairs to your session. These are called
|
||||
// session tags. For more information about session tags, see [Passing Session Tags in STS]in the IAM User
|
||||
// Guide.
|
||||
//
|
||||
// You can create a mobile-based or browser-based app that can authenticate users
|
||||
// using a web identity provider like Login with Amazon, Facebook, Google, or an
|
||||
// OpenID Connect-compatible identity provider. In this case, we recommend that you
|
||||
// use [Amazon Cognito]or AssumeRoleWithWebIdentity . For more information, see [Federation Through a Web-based Identity Provider] in the IAM User
|
||||
// Guide.
|
||||
//
|
||||
// An administrator must grant you the permissions necessary to pass session tags.
|
||||
// The administrator can also create granular permissions to allow you to pass only
|
||||
// specific session tags. For more information, see [Tutorial: Using Tags for Attribute-Based Access Control]in the IAM User Guide.
|
||||
//
|
||||
// Tag key–value pairs are not case sensitive, but case is preserved. This means
|
||||
// that you cannot have separate Department and department tag keys. Assume that
|
||||
// the user that you are federating has the Department = Marketing tag and you
|
||||
// pass the department = engineering session tag. Department and department are
|
||||
// not saved as separate tags, and the session tag passed in the request takes
|
||||
// precedence over the user tag.
|
||||
//
|
||||
// [Federation Through a Web-based Identity Provider]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
|
||||
// [session policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
// [Amazon Cognito]: http://aws.amazon.com/cognito/
|
||||
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
||||
// [GetFederationToken—Federation Through a Custom Identity Broker]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken
|
||||
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
||||
// [Safeguard your root user credentials and don't use them for everyday tasks]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials
|
||||
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
||||
// [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
|
||||
func (c *Client) GetFederationToken(ctx context.Context, params *GetFederationTokenInput, optFns ...func(*Options)) (*GetFederationTokenOutput, error) {
|
||||
if params == nil {
|
||||
params = &GetFederationTokenInput{}
|
||||
@ -103,10 +128,11 @@ type GetFederationTokenInput struct {
|
||||
// The name of the federated user. The name is used as an identifier for the
|
||||
// temporary security credentials (such as Bob ). For example, you can reference
|
||||
// the federated user name in a resource-based policy, such as in an Amazon S3
|
||||
// bucket policy. The regex used to validate this parameter is a string of
|
||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
||||
// spaces. You can also include underscores or any of the following characters:
|
||||
// =,.@-
|
||||
// bucket policy.
|
||||
//
|
||||
// The regex used to validate this parameter is a string of characters consisting
|
||||
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||
// include underscores or any of the following characters: =,.@-
|
||||
//
|
||||
// This member is required.
|
||||
Name *string
|
||||
@ -120,99 +146,127 @@ type GetFederationTokenInput struct {
|
||||
DurationSeconds *int32
|
||||
|
||||
// An IAM policy in JSON format that you want to use as an inline session policy.
|
||||
// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// to this operation. You can pass a single JSON policy document to use as an
|
||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
||||
// Resource Names (ARNs) to use as managed session policies. This parameter is
|
||||
// optional. However, if you do not pass any session policies, then the resulting
|
||||
// federated user session has no permissions. When you pass session policies, the
|
||||
// session permissions are the intersection of the IAM user policies and the
|
||||
// session policies that you pass. This gives you a way to further restrict the
|
||||
// permissions for a federated user. You cannot use session policies to grant more
|
||||
// permissions than those that are defined in the permissions policy of the IAM
|
||||
// user. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. The resulting credentials can be used to access a
|
||||
// resource that has a resource-based policy. If that policy specifically
|
||||
// references the federated user session in the Principal element of the policy,
|
||||
// the session has the permissions allowed by the policy. These permissions are
|
||||
// granted in addition to the permissions that are granted by the session policies.
|
||||
//
|
||||
// You must pass an inline or managed [session policy] to this operation. You can pass a single
|
||||
// JSON policy document to use as an inline session policy. You can also specify up
|
||||
// to 10 managed policy Amazon Resource Names (ARNs) to use as managed session
|
||||
// policies.
|
||||
//
|
||||
// This parameter is optional. However, if you do not pass any session policies,
|
||||
// then the resulting federated user session has no permissions.
|
||||
//
|
||||
// When you pass session policies, the session permissions are the intersection of
|
||||
// the IAM user policies and the session policies that you pass. This gives you a
|
||||
// way to further restrict the permissions for a federated user. You cannot use
|
||||
// session policies to grant more permissions than those that are defined in the
|
||||
// permissions policy of the IAM user. For more information, see [Session Policies]in the IAM User
|
||||
// Guide.
|
||||
//
|
||||
// The resulting credentials can be used to access a resource that has a
|
||||
// resource-based policy. If that policy specifically references the federated user
|
||||
// session in the Principal element of the policy, the session has the permissions
|
||||
// allowed by the policy. These permissions are granted in addition to the
|
||||
// permissions that are granted by the session policies.
|
||||
//
|
||||
// The plaintext that you use for both inline and managed session policies can't
|
||||
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
|
||||
// from the space character to the end of the valid character list (\u0020 through
|
||||
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
|
||||
// return (\u000D) characters. An Amazon Web Services conversion compresses the
|
||||
// passed inline session policy, managed policy ARNs, and session tags into a
|
||||
// packed binary format that has a separate limit. Your request can fail for this
|
||||
// limit even if your plaintext meets the other requirements. The PackedPolicySize
|
||||
// response element indicates by percentage how close the policies and tags for
|
||||
// your request are to the upper size limit.
|
||||
Policy *string
|
||||
|
||||
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
|
||||
// use as a managed session policy. The policies must exist in the same account as
|
||||
// the IAM user that is requesting federated access. You must pass an inline or
|
||||
// managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// to this operation. You can pass a single JSON policy document to use as an
|
||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
||||
// use for both inline and managed session policies can't exceed 2,048 characters.
|
||||
// You can provide up to 10 managed policy ARNs. For more information about ARNs,
|
||||
// see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
||||
// in the Amazon Web Services General Reference. This parameter is optional.
|
||||
// However, if you do not pass any session policies, then the resulting federated
|
||||
// user session has no permissions. When you pass session policies, the session
|
||||
// permissions are the intersection of the IAM user policies and the session
|
||||
// policies that you pass. This gives you a way to further restrict the permissions
|
||||
// for a federated user. You cannot use session policies to grant more permissions
|
||||
// than those that are defined in the permissions policy of the IAM user. For more
|
||||
// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. The resulting credentials can be used to access a
|
||||
// resource that has a resource-based policy. If that policy specifically
|
||||
// references the federated user session in the Principal element of the policy,
|
||||
// the session has the permissions allowed by the policy. These permissions are
|
||||
// granted in addition to the permissions that are granted by the session policies.
|
||||
// return (\u000D) characters.
|
||||
//
|
||||
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||
// separate limit. Your request can fail for this limit even if your plaintext
|
||||
// meets the other requirements. The PackedPolicySize response element indicates
|
||||
// by percentage how close the policies and tags for your request are to the upper
|
||||
// size limit.
|
||||
//
|
||||
// [session policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
Policy *string
|
||||
|
||||
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
|
||||
// use as a managed session policy. The policies must exist in the same account as
|
||||
// the IAM user that is requesting federated access.
|
||||
//
|
||||
// You must pass an inline or managed [session policy] to this operation. You can pass a single
|
||||
// JSON policy document to use as an inline session policy. You can also specify up
|
||||
// to 10 managed policy Amazon Resource Names (ARNs) to use as managed session
|
||||
// policies. The plaintext that you use for both inline and managed session
|
||||
// policies can't exceed 2,048 characters. You can provide up to 10 managed policy
|
||||
// ARNs. For more information about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]in the Amazon Web Services General
|
||||
// Reference.
|
||||
//
|
||||
// This parameter is optional. However, if you do not pass any session policies,
|
||||
// then the resulting federated user session has no permissions.
|
||||
//
|
||||
// When you pass session policies, the session permissions are the intersection of
|
||||
// the IAM user policies and the session policies that you pass. This gives you a
|
||||
// way to further restrict the permissions for a federated user. You cannot use
|
||||
// session policies to grant more permissions than those that are defined in the
|
||||
// permissions policy of the IAM user. For more information, see [Session Policies]in the IAM User
|
||||
// Guide.
|
||||
//
|
||||
// The resulting credentials can be used to access a resource that has a
|
||||
// resource-based policy. If that policy specifically references the federated user
|
||||
// session in the Principal element of the policy, the session has the permissions
|
||||
// allowed by the policy. These permissions are granted in addition to the
|
||||
// permissions that are granted by the session policies.
|
||||
//
|
||||
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||
// separate limit. Your request can fail for this limit even if your plaintext
|
||||
// meets the other requirements. The PackedPolicySize response element indicates
|
||||
// by percentage how close the policies and tags for your request are to the upper
|
||||
// size limit.
|
||||
//
|
||||
// [session policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
||||
// [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
||||
PolicyArns []types.PolicyDescriptorType
|
||||
|
||||
// A list of session tags. Each session tag consists of a key name and an
|
||||
// associated value. For more information about session tags, see Passing Session
|
||||
// Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
||||
// in the IAM User Guide. This parameter is optional. You can pass up to 50 session
|
||||
// tags. The plaintext session tag keys can’t exceed 128 characters and the values
|
||||
// can’t exceed 256 characters. For these and additional limits, see IAM and STS
|
||||
// Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
|
||||
// inline session policy, managed policy ARNs, and session tags into a packed
|
||||
// binary format that has a separate limit. Your request can fail for this limit
|
||||
// even if your plaintext meets the other requirements. The PackedPolicySize
|
||||
// response element indicates by percentage how close the policies and tags for
|
||||
// your request are to the upper size limit. You can pass a session tag with the
|
||||
// same key as a tag that is already attached to the user you are federating. When
|
||||
// you do, session tags override a user tag with the same key. Tag key–value pairs
|
||||
// are not case sensitive, but case is preserved. This means that you cannot have
|
||||
// separate Department and department tag keys. Assume that the role has the
|
||||
// Department = Marketing tag and you pass the department = engineering session
|
||||
// tag. Department and department are not saved as separate tags, and the session
|
||||
// tag passed in the request takes precedence over the role tag.
|
||||
// associated value. For more information about session tags, see [Passing Session Tags in STS]in the IAM User
|
||||
// Guide.
|
||||
//
|
||||
// This parameter is optional. You can pass up to 50 session tags. The plaintext
|
||||
// session tag keys can’t exceed 128 characters and the values can’t exceed 256
|
||||
// characters. For these and additional limits, see [IAM and STS Character Limits]in the IAM User Guide.
|
||||
//
|
||||
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||
// separate limit. Your request can fail for this limit even if your plaintext
|
||||
// meets the other requirements. The PackedPolicySize response element indicates
|
||||
// by percentage how close the policies and tags for your request are to the upper
|
||||
// size limit.
|
||||
//
|
||||
// You can pass a session tag with the same key as a tag that is already attached
|
||||
// to the user you are federating. When you do, session tags override a user tag
|
||||
// with the same key.
|
||||
//
|
||||
// Tag key–value pairs are not case sensitive, but case is preserved. This means
|
||||
// that you cannot have separate Department and department tag keys. Assume that
|
||||
// the role has the Department = Marketing tag and you pass the department =
|
||||
// engineering session tag. Department and department are not saved as separate
|
||||
// tags, and the session tag passed in the request takes precedence over the role
|
||||
// tag.
|
||||
//
|
||||
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
||||
// [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
||||
Tags []types.Tag
|
||||
|
||||
noSmithyDocumentSerde
|
||||
}
|
||||
|
||||
// Contains the response to a successful GetFederationToken request, including
|
||||
// temporary Amazon Web Services credentials that can be used to make Amazon Web
|
||||
// Services requests.
|
||||
// Contains the response to a successful GetFederationToken request, including temporary Amazon Web
|
||||
// Services credentials that can be used to make Amazon Web Services requests.
|
||||
type GetFederationTokenOutput struct {
|
||||
|
||||
// The temporary security credentials, which include an access key ID, a secret
|
||||
// access key, and a security (or session) token. The size of the security token
|
||||
// that STS API operations return is not fixed. We strongly recommend that you make
|
||||
// no assumptions about the maximum size.
|
||||
// access key, and a security (or session) token.
|
||||
//
|
||||
// The size of the security token that STS API operations return is not fixed. We
|
||||
// strongly recommend that you make no assumptions about the maximum size.
|
||||
Credentials *types.Credentials
|
||||
|
||||
// Identifiers for the federated user associated with the credentials (such as
|
||||
@ -255,25 +309,25 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
|
||||
if err = addComputePayloadSHA256(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -288,13 +342,19 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addOpGetFederationTokenValidationMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetFederationToken(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
|
125
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go
generated
vendored
125
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go
generated
vendored
@ -6,7 +6,6 @@ import (
|
||||
"context"
|
||||
"fmt"
|
||||
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
||||
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
|
||||
"github.com/aws/aws-sdk-go-v2/service/sts/types"
|
||||
"github.com/aws/smithy-go/middleware"
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
@ -16,43 +15,58 @@ import (
|
||||
// IAM user. The credentials consist of an access key ID, a secret access key, and
|
||||
// a security token. Typically, you use GetSessionToken if you want to use MFA to
|
||||
// protect programmatic calls to specific Amazon Web Services API operations like
|
||||
// Amazon EC2 StopInstances . MFA-enabled IAM users must call GetSessionToken and
|
||||
// submit an MFA code that is associated with their MFA device. Using the temporary
|
||||
// security credentials that the call returns, IAM users can then make programmatic
|
||||
// calls to API operations that require MFA authentication. An incorrect MFA code
|
||||
// causes the API to return an access denied error. For a comparison of
|
||||
// GetSessionToken with the other API operations that produce temporary
|
||||
// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// in the IAM User Guide. No permissions are required for users to perform this
|
||||
// operation. The purpose of the sts:GetSessionToken operation is to authenticate
|
||||
// the user using MFA. You cannot use policies to control authentication
|
||||
// operations. For more information, see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
|
||||
// in the IAM User Guide. Session Duration The GetSessionToken operation must be
|
||||
// called by using the long-term Amazon Web Services security credentials of an IAM
|
||||
// user. Credentials that are created by IAM users are valid for the duration that
|
||||
// you specify. This duration can range from 900 seconds (15 minutes) up to a
|
||||
// maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12
|
||||
// hours). Credentials based on account credentials can range from 900 seconds (15
|
||||
// minutes) up to 3,600 seconds (1 hour), with a default of 1 hour. Permissions The
|
||||
// temporary security credentials created by GetSessionToken can be used to make
|
||||
// API calls to any Amazon Web Services service with the following exceptions:
|
||||
// Amazon EC2 StopInstances .
|
||||
//
|
||||
// MFA-enabled IAM users must call GetSessionToken and submit an MFA code that is
|
||||
// associated with their MFA device. Using the temporary security credentials that
|
||||
// the call returns, IAM users can then make programmatic calls to API operations
|
||||
// that require MFA authentication. An incorrect MFA code causes the API to return
|
||||
// an access denied error. For a comparison of GetSessionToken with the other API
|
||||
// operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide.
|
||||
//
|
||||
// No permissions are required for users to perform this operation. The purpose of
|
||||
// the sts:GetSessionToken operation is to authenticate the user using MFA. You
|
||||
// cannot use policies to control authentication operations. For more information,
|
||||
// see [Permissions for GetSessionToken]in the IAM User Guide.
|
||||
//
|
||||
// # Session Duration
|
||||
//
|
||||
// The GetSessionToken operation must be called by using the long-term Amazon Web
|
||||
// Services security credentials of an IAM user. Credentials that are created by
|
||||
// IAM users are valid for the duration that you specify. This duration can range
|
||||
// from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours),
|
||||
// with a default of 43,200 seconds (12 hours). Credentials based on account
|
||||
// credentials can range from 900 seconds (15 minutes) up to 3,600 seconds (1
|
||||
// hour), with a default of 1 hour.
|
||||
//
|
||||
// # Permissions
|
||||
//
|
||||
// The temporary security credentials created by GetSessionToken can be used to
|
||||
// make API calls to any Amazon Web Services service with the following exceptions:
|
||||
//
|
||||
// - You cannot call any IAM API operations unless MFA authentication
|
||||
// information is included in the request.
|
||||
//
|
||||
// - You cannot call any STS API except AssumeRole or GetCallerIdentity .
|
||||
//
|
||||
// The credentials that GetSessionToken returns are based on permissions
|
||||
// associated with the IAM user whose credentials were used to call the operation.
|
||||
// The temporary credentials have the same permissions as the IAM user. Although it
|
||||
// is possible to call GetSessionToken using the security credentials of an Amazon
|
||||
// Web Services account root user rather than an IAM user, we do not recommend it.
|
||||
// If GetSessionToken is called using root user credentials, the temporary
|
||||
// credentials have root user permissions. For more information, see Safeguard
|
||||
// your root user credentials and don't use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
|
||||
// in the IAM User Guide For more information about using GetSessionToken to
|
||||
// create temporary credentials, see Temporary Credentials for Users in Untrusted
|
||||
// Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
|
||||
// in the IAM User Guide.
|
||||
// The temporary credentials have the same permissions as the IAM user.
|
||||
//
|
||||
// Although it is possible to call GetSessionToken using the security credentials
|
||||
// of an Amazon Web Services account root user rather than an IAM user, we do not
|
||||
// recommend it. If GetSessionToken is called using root user credentials, the
|
||||
// temporary credentials have root user permissions. For more information, see [Safeguard your root user credentials and don't use them for everyday tasks]in
|
||||
// the IAM User Guide
|
||||
//
|
||||
// For more information about using GetSessionToken to create temporary
|
||||
// credentials, see [Temporary Credentials for Users in Untrusted Environments]in the IAM User Guide.
|
||||
//
|
||||
// [Permissions for GetSessionToken]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html
|
||||
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
||||
// [Temporary Credentials for Users in Untrusted Environments]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken
|
||||
// [Safeguard your root user credentials and don't use them for everyday tasks]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials
|
||||
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
||||
func (c *Client) GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error) {
|
||||
if params == nil {
|
||||
params = &GetSessionTokenInput{}
|
||||
@ -84,10 +98,11 @@ type GetSessionTokenInput struct {
|
||||
// number for a hardware device (such as GAHT12345678 ) or an Amazon Resource Name
|
||||
// (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user ). You
|
||||
// can find the device for an IAM user by going to the Amazon Web Services
|
||||
// Management Console and viewing the user's security credentials. The regex used
|
||||
// to validate this parameter is a string of characters consisting of upper- and
|
||||
// lower-case alphanumeric characters with no spaces. You can also include
|
||||
// underscores or any of the following characters: =,.@:/-
|
||||
// Management Console and viewing the user's security credentials.
|
||||
//
|
||||
// The regex used to validate this parameter is a string of characters consisting
|
||||
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
||||
// include underscores or any of the following characters: =,.@:/-
|
||||
SerialNumber *string
|
||||
|
||||
// The value provided by the MFA device, if MFA is required. If any policy
|
||||
@ -95,22 +110,24 @@ type GetSessionTokenInput struct {
|
||||
// authentication is required, the user must provide a code when requesting a set
|
||||
// of temporary security credentials. A user who fails to provide the code receives
|
||||
// an "access denied" response when requesting resources that require MFA
|
||||
// authentication. The format for this parameter, as described by its regex
|
||||
// pattern, is a sequence of six numeric digits.
|
||||
// authentication.
|
||||
//
|
||||
// The format for this parameter, as described by its regex pattern, is a sequence
|
||||
// of six numeric digits.
|
||||
TokenCode *string
|
||||
|
||||
noSmithyDocumentSerde
|
||||
}
|
||||
|
||||
// Contains the response to a successful GetSessionToken request, including
|
||||
// temporary Amazon Web Services credentials that can be used to make Amazon Web
|
||||
// Services requests.
|
||||
// Contains the response to a successful GetSessionToken request, including temporary Amazon Web
|
||||
// Services credentials that can be used to make Amazon Web Services requests.
|
||||
type GetSessionTokenOutput struct {
|
||||
|
||||
// The temporary security credentials, which include an access key ID, a secret
|
||||
// access key, and a security (or session) token. The size of the security token
|
||||
// that STS API operations return is not fixed. We strongly recommend that you make
|
||||
// no assumptions about the maximum size.
|
||||
// access key, and a security (or session) token.
|
||||
//
|
||||
// The size of the security token that STS API operations return is not fixed. We
|
||||
// strongly recommend that you make no assumptions about the maximum size.
|
||||
Credentials *types.Credentials
|
||||
|
||||
// Metadata pertaining to the operation's result.
|
||||
@ -141,25 +158,25 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack,
|
||||
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
||||
if err = addClientRequestID(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
||||
if err = addComputeContentLength(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
|
||||
if err = addComputePayloadSHA256(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRetryMiddlewares(stack, options); err != nil {
|
||||
if err = addRetry(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
||||
if err = addRawResponseToMetadata(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
||||
if err = addRecordResponseTiming(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addClientUserAgent(stack, options); err != nil {
|
||||
@ -174,10 +191,16 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack,
|
||||
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addTimeOffsetBuild(stack, c); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addUserAgentRetryMode(stack, options); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetSessionToken(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
if err = addRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
|
8
vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go
generated
vendored
8
vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go
generated
vendored
@ -12,7 +12,7 @@ import (
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
)
|
||||
|
||||
func bindAuthParamsRegion(params *AuthResolverParameters, _ interface{}, options Options) {
|
||||
func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) {
|
||||
params.Region = options.Region
|
||||
}
|
||||
|
||||
@ -90,12 +90,12 @@ type AuthResolverParameters struct {
|
||||
Region string
|
||||
}
|
||||
|
||||
func bindAuthResolverParams(operation string, input interface{}, options Options) *AuthResolverParameters {
|
||||
func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) *AuthResolverParameters {
|
||||
params := &AuthResolverParameters{
|
||||
Operation: operation,
|
||||
}
|
||||
|
||||
bindAuthParamsRegion(params, input, options)
|
||||
bindAuthParamsRegion(ctx, params, input, options)
|
||||
|
||||
return params
|
||||
}
|
||||
@ -157,7 +157,7 @@ func (*resolveAuthSchemeMiddleware) ID() string {
|
||||
func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
|
||||
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
|
||||
) {
|
||||
params := bindAuthResolverParams(m.operation, getOperationInput(ctx), m.options)
|
||||
params := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options)
|
||||
options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params)
|
||||
if err != nil {
|
||||
return out, metadata, fmt.Errorf("resolve auth scheme: %w", err)
|
||||
|
9
vendor/github.com/aws/aws-sdk-go-v2/service/sts/deserializers.go
generated
vendored
9
vendor/github.com/aws/aws-sdk-go-v2/service/sts/deserializers.go
generated
vendored
@ -20,8 +20,17 @@ import (
|
||||
"io"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
func deserializeS3Expires(v string) (*time.Time, error) {
|
||||
t, err := smithytime.ParseHTTPDate(v)
|
||||
if err != nil {
|
||||
return nil, nil
|
||||
}
|
||||
return &t, nil
|
||||
}
|
||||
|
||||
type awsAwsquery_deserializeOpAssumeRole struct {
|
||||
}
|
||||
|
||||
|
12
vendor/github.com/aws/aws-sdk-go-v2/service/sts/doc.go
generated
vendored
12
vendor/github.com/aws/aws-sdk-go-v2/service/sts/doc.go
generated
vendored
@ -3,9 +3,11 @@
|
||||
// Package sts provides the API client, operations, and parameter types for AWS
|
||||
// Security Token Service.
|
||||
//
|
||||
// Security Token Service Security Token Service (STS) enables you to request
|
||||
// temporary, limited-privilege credentials for users. This guide provides
|
||||
// descriptions of the STS API. For more information about using this service, see
|
||||
// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
|
||||
// .
|
||||
// # Security Token Service
|
||||
//
|
||||
// Security Token Service (STS) enables you to request temporary,
|
||||
// limited-privilege credentials for users. This guide provides descriptions of the
|
||||
// STS API. For more information about using this service, see [Temporary Security Credentials].
|
||||
//
|
||||
// [Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html
|
||||
package sts
|
||||
|
28
vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go
generated
vendored
28
vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go
generated
vendored
@ -217,6 +217,13 @@ func resolveBaseEndpoint(cfg aws.Config, o *Options) {
|
||||
}
|
||||
}
|
||||
|
||||
func bindRegion(region string) *string {
|
||||
if region == "" {
|
||||
return nil
|
||||
}
|
||||
return aws.String(endpoints.MapFIPSRegion(region))
|
||||
}
|
||||
|
||||
// EndpointParameters provides the parameters that influence how endpoints are
|
||||
// resolved.
|
||||
type EndpointParameters struct {
|
||||
@ -299,6 +306,17 @@ func (p EndpointParameters) WithDefaults() EndpointParameters {
|
||||
return p
|
||||
}
|
||||
|
||||
type stringSlice []string
|
||||
|
||||
func (s stringSlice) Get(i int) *string {
|
||||
if i < 0 || i >= len(s) {
|
||||
return nil
|
||||
}
|
||||
|
||||
v := s[i]
|
||||
return &v
|
||||
}
|
||||
|
||||
// EndpointResolverV2 provides the interface for resolving service endpoints.
|
||||
type EndpointResolverV2 interface {
|
||||
// ResolveEndpoint attempts to resolve the endpoint with the provided options,
|
||||
@ -1038,10 +1056,10 @@ type endpointParamsBinder interface {
|
||||
bindEndpointParams(*EndpointParameters)
|
||||
}
|
||||
|
||||
func bindEndpointParams(input interface{}, options Options) *EndpointParameters {
|
||||
func bindEndpointParams(ctx context.Context, input interface{}, options Options) *EndpointParameters {
|
||||
params := &EndpointParameters{}
|
||||
|
||||
params.Region = aws.String(endpoints.MapFIPSRegion(options.Region))
|
||||
params.Region = bindRegion(options.Region)
|
||||
params.UseDualStack = aws.Bool(options.EndpointOptions.UseDualStackEndpoint == aws.DualStackEndpointStateEnabled)
|
||||
params.UseFIPS = aws.Bool(options.EndpointOptions.UseFIPSEndpoint == aws.FIPSEndpointStateEnabled)
|
||||
params.Endpoint = options.BaseEndpoint
|
||||
@ -1068,6 +1086,10 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
|
||||
return next.HandleFinalize(ctx, in)
|
||||
}
|
||||
|
||||
if err := checkAccountID(getIdentity(ctx), m.options.AccountIDEndpointMode); err != nil {
|
||||
return out, metadata, fmt.Errorf("invalid accountID set: %w", err)
|
||||
}
|
||||
|
||||
req, ok := in.Request.(*smithyhttp.Request)
|
||||
if !ok {
|
||||
return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
|
||||
@ -1077,7 +1099,7 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
|
||||
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
|
||||
}
|
||||
|
||||
params := bindEndpointParams(getOperationInput(ctx), m.options)
|
||||
params := bindEndpointParams(ctx, getOperationInput(ctx), m.options)
|
||||
endpt, err := m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
|
||||
if err != nil {
|
||||
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user